CN110300112B - Block chain key hierarchical management method - Google Patents

Block chain key hierarchical management method Download PDF

Info

Publication number
CN110300112B
CN110300112B CN201910591293.8A CN201910591293A CN110300112B CN 110300112 B CN110300112 B CN 110300112B CN 201910591293 A CN201910591293 A CN 201910591293A CN 110300112 B CN110300112 B CN 110300112B
Authority
CN
China
Prior art keywords
key
file
user
password
ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910591293.8A
Other languages
Chinese (zh)
Other versions
CN110300112A (en
Inventor
郑丽娟
李兆轩
胡畅霞
刘豫晋
张宇
周文峰
毛志俊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fengjie Technology Co.,Ltd.
Original Assignee
Shijiazhuang Tiedao University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shijiazhuang Tiedao University filed Critical Shijiazhuang Tiedao University
Priority to CN201910591293.8A priority Critical patent/CN110300112B/en
Publication of CN110300112A publication Critical patent/CN110300112A/en
Application granted granted Critical
Publication of CN110300112B publication Critical patent/CN110300112B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • H04L63/064Hierarchical key distribution, e.g. by multi-tier trusted parties
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a block chain key hierarchical management method, and relates to the technical field of data encryption management methods. The method comprises the following steps: initializing a user password, a login certificate, a password key, a master key and a master key ciphertext in the block chain system; generating a user private key, a user public key, a key file and a user private key ciphertext; carrying out hierarchical management on the file encryption key, the file ciphertext, the file encryption key ciphertext and the uploaded file; and sharing corresponding files to finish block chain key hierarchical management. The method can improve the efficiency of key management and ensure the safety of all keys. Meanwhile, an attacker cannot tamper the key, and the probability of the key being illegally stolen is low. Even if the key is stolen by an attacker, the attacker cannot acquire valuable information during the transmission and storage processes.

Description

Block chain key hierarchical management method
Technical Field
The invention relates to the technical field of data encryption management methods, in particular to a block chain key hierarchical management method.
Background
The blockchain is originally referenced in bitcoin, which is a supporting technology for bitcoin. Blockchains are essentially distributed databases integrated by many computer technologies, such as point-to-point networks, consensus mechanisms, cryptographic algorithms, smart contracts, digital signatures, and hash chains. It is because these techniques are used in blockchains that they have properties such as decentralization, non-repudiation, traceability, etc. People can make the block chain be applied to various fields such as medical care, financial science and technology, calculation, audit, notarization and the like by designing various intelligent contracts based on the block chain. The use of blockchains not only can greatly improve the efficiency and safety of transaction processing, but also can reduce the cost. As application scenarios increase, blockchains involve the operation of a variety of transactions.
As a development technology, the application structure of the block chain is complex and large in scale, and many problems are faced. Among them, the most important concern to the public is the security of the key. The information on the blockchain is publicly transparent to all participants. Most of this information is private data that has been processed by the participant key. Once the key of the participant is leaked, the corresponding private data is leaked, which causes irreparable loss to the participant. The core of solving the key security problem among blockchains is to establish a feasible key management scheme for blockchains.
Key management of blockchains involves the generation, distribution, storage, use, update, and destruction of keys. But now key management of blockchains has the following disadvantages:
(1) the probability of the key being stolen illegally is high.
(2) The key is stolen by an attacker who can obtain the privacy information of the user.
(3) The key is not efficient and safe in the processes of recovering, generating, distributing, updating and the like.
(4) The key management has more direct human intervention.
Fan, K, etc. propose key hierarchical management methods (key-up encryption middle key, key-in encryption lower key) to protect key security in the big data network cloud. The big data network, the server and the rest of people do not know the key of the user, so that the data owner can realize the sharing of the ciphertext. However, in the method of the present application, the key of the user can be maliciously tampered by an attacker. And cannot recover the key when it is lost; the key cannot be updated when it is leaked. Once the user name and password of the user are forgotten or leaked, irretrievable loss is caused to the user.
Junjun Lou et al propose a named data network key management scheme for blockchains. The NDN key is managed by the NDN key management method through a block chain technology, and the problem of mutual trust among sites is solved. The method shortens the original multi-layer public key verification chain, reduces the number of signature verification and improves the verification efficiency. The method described in this application does not take into account the security of the user's private key and does not show how the user's private key is stored. Once the user's private key is obtained by an attacker, the attacker can impersonate a legitimate user with the stolen private key to sign or decrypt, and the resulting harm can be catastrophic.
Liu jinghao et al propose a distributed public key management scheme for a blockchain. According to the method, a public key distribution system is established on the block chain, and the consistency of the storage records of all nodes in the network in the public key distribution process is ensured by utilizing a consensus establishment system on the block chain. The method of the application describes the processes of key generation, inquiry, update and logout. But neglects to manage the user's private key, the method described in this application is not comprehensive.
Shamir a proposes a (k, n) threshold secret sharing scheme based on Lagrange's interpolation formula. The method described in this application divides the secret D into n parts so that D can be easily reconstructed from any k parts, but the secret D cannot be reconstructed from any k-1 parts at all. And in the method described in the present application, the process of reconstructing the secret D using Lagrange's interpolation formula and k parts of the secret D is explained.
Yevgeniy Dodis et al define the functions Gen and Rep to construct a fuzzy extractor. While their concept of introducing fuzzy extractors describes a process of extracting a random string U from a biometric input B, their approach can tolerate a certain number of errors. That is, if the input B varies slightly to B ', the extracted U is the same as long as distance (B, B') < s is satisfied.
In summary, the relevant algorithms and techniques used in the method of the present application are mature, and can provide safety guarantees for the present solution.
Ao Lei et al propose a block chain-based dynamic key management scheme for a heterogeneous intelligent transportation system, and the method comprises key transfer and dynamic key management between two heterogeneous networks. They introduce blockchains into their schemes to reduce key transmission time and use dynamic transaction collection to optimize performance. In general, introducing a block chain structure into a key management scheme may improve the efficiency and robustness of key management.
Mingxin Ma and the like provide a privacy-oriented block chain-based Internet of things distributed key management scheme to realize hierarchical access control. The network is split into different side block chains on the basis of the deployment domain, so that verification is accelerated, and precious storage space is saved for the Internet of things equipment. And simulation results show that the multi-link structure greatly improves the system performance, and the expandability is excellent along with the development of the network.
Huawei Zhao et al propose an efficient key management scheme for healthy blockchains. They merge the BSN and the healthy blockchain, and use the biosensor nodes in the BSN to backup and restore the keys of the healthy blockchain.
Summer and winter and the like propose an energy block chain private key storage algorithm based on image information hiding. They hide the private key in the energy source block chain in the watermark information. Due to the complexity of the solution, the overall efficiency is relatively low.
In summary, the security research on the blockchain key is still in the early stage. Little work has been done in this area and there is no good key management scheme to manage keys in existing blockchains. With the continuous development of block chains, a safe and efficient key management scheme is very important.
Disclosure of Invention
The technical problem to be solved by the present invention is how to provide a hierarchical management method for a blockchain key, which can effectively protect private information on a blockchain.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows: a block chain key hierarchical management method is characterized by comprising the following steps:
initializing a user password pw, a login credential uid, a password key pwkey, a master key masskey and a master key ciphertext in the block chain system;
generating a user private key, a user public key pubkey, a key file and a user private key ciphertext;
performing hierarchical management on the file encryption key, the file ciphertext fileciper, the file encryption key ciphertext filekeyciper and the uploaded file fileupload;
and sharing corresponding files to finish block chain key hierarchical management.
The further technical scheme is that the initialization method comprises the following steps:
when a user uses the system for the first time, the user needs to input related registration information, hash operation is carried out on a user password pw to generate a login credential uid which is H (pw), and the login credential uid is uploaded to a blockchain node through a blockchain client; when the user logs in the system next time, hash operation uid1 ═ H (pw1) can be performed on the password pw1 input by the user by using the smart contract, and whether the user can log in can be judged according to whether uid and uid1 are consistent;
after the first registration, the user password pw is encrypted by using a PBKDF2 algorithm to generate a password key pwkey which is PBKDF2 (pw);
generating a master key masskey of a user by using a random number generator;
after generating a password key pwkey and a master key masskey, adding corresponding naming records into a local naming table;
the password key pwkey and the master key masskey are both stored in the local client of the user, and the master key pwkey is used for encrypting the master key masskey to generate a ciphertext (Enc) of the master keypwkey(mastkey)。
The further technical solution is that the method for generating the rest keys is as follows:
generating a user private key and a user public key pubkey by using an elliptic curve encryption algorithm, wherein the user private key is stored in a local client, and the user public key pubkey is uploaded to a blockchain node through a blockchain client;
then, the password key pwkey is used for encrypting the private key of the user to obtain a ciphertext priveyciper (Enc) of the private keypwkey(prikey);
The main key masskey and the password key pwkey of the user are the same layer in the encryption level, are spliced together during storage to obtain a key file keyfile | | | | priveyiper, and the key file keyfile is uploaded to a block chain node through a block chain client;
after a local client generates a user private key or a user public key pubkey and a key file keyfile which are stored on a block chain node through an uplink, adding a corresponding naming record into a local naming table record;
otherwise, the user can record the key file keyfile according to the local naming table<Blockhash>And<txhash>downloading the key file keyfile to a local client through the block chain client; splitting keyfile to obtain a main key ciphertext (mackeyipper) and a user private key ciphertext (privkeyipper), and decrypting the main key ciphertext and the user private key ciphertext by using a password key (pwkey) to obtain the main key (mackeyipy ═ Dec)pwkey(masskeyiper) and private user key (Dec)pwkey(prikeyciper)。
The further technical scheme is that the key hierarchical management method comprises the following steps:
when a user uploads a file locally through a blockchain client, the local client randomly generates a file encryption key by using a random number generator;
encrypting the file by using the file encryption key file to generate file ciphertext (Enc)filekey(file), simultaneously generating a file encryption key ciphertext filekeyiper ═ Enc by using the master key mapkey to encrypt the file encryption key filekeymastkey(filekey);
Because the file encryption key filekey and the file are in one-to-one correspondence, before the file ciphertext fileciper and the file encryption key ciphertext fileyciper are uploaded to the block chain node through the block chain client, the file ciphertext fileload and the file encryption key ciphertext need to be spliced together to generate an uploading file fileupload which is filekeyiper and then uploaded;
when a local client generates a file encryption key ciphertext or an uploaded file fileupload is stored on a block chain node through an uplink, adding a corresponding naming record into a local naming list record;
otherwise, the user can upload the file upload according to the local name list record<Blockhash>And<txhash>downloading the uploading file to a local client through a block chain client, and splitting the uploading file upload to obtain a file encryption key ciphertext filekeyiper and a file ciphertext fileciper; then, the master key masskey is used for decrypting the file encryption key ciphertext filekeyiper to obtain the file encryption key filekey which is Decmastkey(filekeyiper), decrypting the file ciphertext fileciper by using the file encryption key to obtain the file (Dec)filekey(fileciper)。
The further technical scheme is that the file sharing method comprises the following steps:
the method comprises the following steps that a user A wants to send a shared file to a user B, wherein the shared file is stored on a node of a block chain, and the user needs to download the file from the block chain to the local area; secondly, the shared file is located at the local client of the user; aiming at the first condition, the operation in the key hierarchical management obtains a file encryption key and a file ciphertext filepointer;
obtaining public key pubkey of user B through block chain clientB(ii) a Using public key pubkey of user BBEncrypting the file encryption key to obtain a file encryption key shared file filekeyhare which is EncpubkeyB(filekey);
Then the file ciphertext fileciper and the file encryption key sharing file filekeyhare are spliced, and the private key of the user A is utilizedpSigning the spliced content by rikey to generate signature digest Sigmessage ═ SigprikeyA(filekeyshare||fileciper);
Finally, adding the signature abstract to the spliced field to form a shared file filesize | | | filekeyhare | | | filepointer, and sending the shared file filesize | | | filepointer to the user B;
for the second case, a file encryption key of the file is randomly generated by using a random number generator, and the file is encrypted to generate a file ciphertext filepointerfilekey(file), and then performing a processing method for the first case;
when the user B receives the shared file fileshare, the shared file fileshare is split to obtain a signature digest, a file encryption key shared file filekeyhare and a file ciphertext fileciper, and a public key pubkey of the user A is collected through the blockchain clientA
Then, the public key pubkey of the user A is utilizedAThe signature digest signmessage is subjected to signature verification VerpubkeyA(sigmessage) verifying whether the document was sent by user a and the authenticity of the contents of the document;
finally, private key of user B is utilizedBDecrypting the file encryption key sharing file filekey to obtain the file encryption key file (Dec)prikeyB(filekeyhare), decrypting the encrypted file ciphertext fileciper by using the file encryption key to obtain the file (Dec)filekey(fileciper)。
The further technical scheme is that the method also comprises password recovery:
when a user registers for the first time, the password is dispersedly encrypted and stored on a trustworthy blockchain node so as to be used when the password is recovered, and the process of the password dispersedly storing is as follows:
1) the user local client splits the user's password into n sub-passwords pw → (pw)1,pw2,...,pwn) Wherein n is more than or equal to 1;
2) since all people can view the information on the blockchain, the sub-password is encrypted to be stored in order to protect the password; the user uses the biological characteristics B to generate a parameter public parameter P and a secret parameter R by using the existing fuzzy extractor, and the formula is as follows: gen (b) → (P, R);
3) private key sk protected by using hash value of secret parameter R as user password1H (r), a user password protection public and private key pair (sk) is generated1,pk1)=(h(R),h(R)·G);
4) Protecting a public key pk using a user password1The sub-passwords split by the user password are encrypted in groups to obtain a ciphertext group C which is recorded as(C1,C2,......,Cn) Wherein
Figure GDA0003582532620000061
When n is 1, the public key pk is protected by the user password1The user password is encrypted integrally, and the encryption is a special form of block encryption;
5) the user local client will disclose the parameters P, CiAnd pk1Grouping and packaging are carried out to generate n secret strings which are marked as (P, Ci, pk)1) Wherein i is 1,2, n (n is more than or equal to 1);
6) a user local client uploads n secret strings packaged by a block chain client to n reliable block chain nodes, and records < Blockhash > and < txhash > of the nodes;
when a user recovers the password, downloading the password backup in the blockchain node to a local client, and then recovering, wherein the password recovery process comprises the following steps:
1) the local client of the user selects at least t nodes from the previous reliable block chain nodes, and the local client selects at least t nodes from the previous reliable block chain nodes according to the previous stored node<Blockhash>And<txhash>secret string (P, C) on a node by a blockchain clienti,pk1) Downloading to a local client;
2) restoring a secret parameter R 'by using the public parameter P and the user biological characteristic B', wherein the formula is Rep (P, B ') → R'; by the concept of the fuzzy extractor, if the distance (B, B ') of the biometric feature B ' and the original biometric feature B is less than s, R ' generated before and after is equal to R, that is, the fuzzy extraction value is the same; wherein distance () is a similarity distance function, and s is an error limit value specified by the fuzzy extractor;
3) calculating the Hash value of the obtained secret parameter R' to obtain a private key sk protected by a user password1'=H(R');
4) Extracting ciphertext set C' from t secret strings, and recording as (C)1,C2,......,Ct) (ii) a Protecting the private key sk with the obtained user password1' grouping and decrypting the ciphertext group to obtain t sub-passwords
Figure GDA0003582532620000071
Wherein i is more than or equal to 1 and less than or equal to t;
5) using the obtained t sub-passwords pwi'recovering user password pw' ← (pw) by Lagrange interpolation method1',pw2',...,pwt') to a host; when B ' and B satisfy distance (B, B ') < s, R ' ═ R, sk1'=sk1And pwi'=pwiThen pw ═ pw.
The further technical scheme is that the method also comprises key and file verification:
the key and file verification is performed using the < KeyHash > tag in the key naming, and the verification process is as follows:
1) after a user receives keys or files sent by other users, if the names of the keys or the files have the < Blockhash > and < txhash > tags, the user can download the corresponding keys or files from the blockchain node to a local client through the blockchain client, compare the corresponding keys or files with the previously received contents, and check whether the contents are tampered; meanwhile, the user can also carry out hash operation on the received or downloaded key or file content, and compare the hash operation with the value < KeyHash > in the naming process, if the hash operation is the same as the value in the naming process, the key or the file is proved to be true, otherwise, the hash operation is false;
2) the authenticity verification of the key and the file can also be verified by a signature method, and the key or the file is signed by using a private key of a sender to generate a signature digest; when the receiver receives the key or the file, the public key of the sender is used for checking and signing, and whether the key or the file is tampered or not is judged.
The further technical scheme is that the method also comprises a secret updating step:
the password key updating process comprises the following steps:
1) change the < Status > tag in the original password key naming to "invalid";
2) the user password is divided again and stored in the block chain link points in an encrypted manner;
3) re-encrypting the master key and the private key of the user to generate a new key file; adding 1 to the original < Version > tag of the new key file, changing the < Status > tag of the original key file into 'invalid', and uploading the new key file and the old key file to a block chain network through a block chain client;
4) modifying corresponding information in the name list in the local client;
the updating flow of the master key is as follows:
1) changing the < Status > tag in the original master key naming to 'invalid', and adding 1 to the original < Version > tag of the new key;
2) the file encryption key encrypted by the original master key is encrypted again, the encrypted file encryption key is spliced with the file ciphertext again to generate an uploading file, the < Status > tag of the original uploading file is changed into 'invalid', the < Version > tag of the new uploading file is added with 1 on the original < Version > tag, and the new uploading file and the old uploading file are uploaded to a block chain network through a block chain client;
3) modifying corresponding information in the name list in the local client;
the updating process of the public and private keys of the user is as follows:
1) generating a new public and private key pair by using an elliptic curve algorithm, changing a < Status > tag in the original public key naming into 'invalid', adding 1 to the original < Version > tag of the new public key, and uploading the new public key and the old public key to a block chain node;
2) encrypting a private key of a user by using a password key, splicing the private key with a ciphertext of a main key to generate a key file, changing a < Status > tag of an original key file into 'invalid', adding 1 to a < Version > tag of a new key file on the original < Version > tag, and uploading the new key file and the old key file to a block chain network through a block chain client;
3) modifying corresponding information in the name list in the local client;
the updating process of the file encryption key is as follows:
1) regenerating a file encryption key, changing a < Status > tag in the name of the original file encryption key into 'invalid', and adding 1 to the original < Version > tag of the new file encryption key;
2) the method comprises the steps of encrypting a file by using a new file encryption key to obtain a new file ciphertext, encrypting the new file encryption key by using a master key to generate a new file encryption key ciphertext, splicing the new file encryption key ciphertext and the master key to generate a new upload file, changing a < Status > tag in the name of the original upload file into 'invalid', adding 1 to the original < Version > tag of the new upload file, and uploading the new upload file and the old upload file to a block chain node.
3) The corresponding information in the naming table is modified in the local client.
The further technical scheme is that the method further comprises the following steps:
when the user quits, the local client clears all plaintext keys, and a cipher text of the keys forms a key set to be stored in the user client; when a user needs, firstly accessing a key set of a local client; and if the key set does not exist, downloading the required key to the local client through the block chain client according to the key in the local naming table or the < Blockhash > and < txhash > of the key file.
Adopt the produced beneficial effect of above-mentioned technical scheme to lie in: the method can improve the efficiency of key management and ensure the safety of all keys. Meanwhile, an attacker cannot tamper the key, and the probability of the key being illegally stolen is low. Even if the key is stolen by an attacker, the attacker cannot acquire valuable information during the transmission and storage processes. The processes of recovering, generating, distributing and updating the key are efficient and random, and are transparent to the user. There is little direct human intervention in the key management scheme.
Drawings
The invention is described in further detail below with reference to the drawings and the detailed description.
FIG. 1 is a key hierarchical management model architecture diagram of a block chain in a method according to an embodiment of the present invention;
FIG. 2 is a diagram of a key hierarchy in the method according to an embodiment of the present invention;
FIG. 3 is a diagram of a key generation model in the method according to an embodiment of the invention;
FIG. 4 is a diagram of a naming mechanism in the method according to an embodiment of the present invention;
FIG. 5 is a diagram of a key management protocol in a method according to an embodiment of the invention;
FIG. 6 is a diagram of the time for generating all the user keys in the method according to the embodiment of the present invention;
FIG. 7 is a time chart of file sharing among users in the method according to the embodiment of the present invention;
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, but the present invention may be practiced in other ways than those specifically described and will be readily apparent to those of ordinary skill in the art without departing from the spirit of the present invention, and therefore the present invention is not limited to the specific embodiments disclosed below.
Fig. 1 shows a hierarchical key management model architecture used in the method, which is divided into three parts, namely, a user, a blockchain client, and a blockchain network. User data is encrypted at a local client, and a ciphertext is uploaded to a block chain network through a block chain client to be stored. Since attackers can only obtain the ciphertext information during transmission and storage, but cannot obtain the corresponding key of the decryption information, they cannot decrypt the ciphertext.
The key management model has at its core the generation and management of keys. The model can not only improve the flexibility of data operation, but also enhance the safety of data. The key management is most important to ensure the security of the key and the clear text of the key is not obtained by an illegal attacker in the transmission and storage processes. As shown in FIG. 2, the method divides the key into three layers, the first layer is a password key, the second layer is a master key and a public-private key pair of a user, and the third layer is a file encryption key. The password key encrypts a master key and a private key of a user, and the master key encrypts a file encryption key. The upper layer key encrypts the lower layer key, so that the security of all keys is ensured. And the password key only needs the user to remember the login password, so the method is very convenient. The login password of the user is stored in n credible blockchain nodes in a distributed encryption mode, and the password can be recovered when the user forgets the password. The master key, the private key of the user and the file encryption key are stored in the blockchain network in a ciphertext mode, so that only the user knows the key of the user in the blockchain network. Therefore, the key hierarchical management of the method can ensure the data privacy of the user in the blockchain network.
Because a large number of key ciphertexts and file ciphertexts are stored in the link points of the block, in order to facilitate the management of the contents, the method designs naming mechanisms of all keys and files and schemes of key storage, recovery and revocation of the block chain and the like.
Description of the symbols:
to illustrate the scheme more clearly, the following notation is given, as shown in table 1.
TABLE 1 legends
Figure GDA0003582532620000101
Figure GDA0003582532620000111
Name (Naming)
Fig. 3 visually reflects the structure of the key hierarchical management model proposed by the method of the present application, and it can be seen from the figure that the encryption process of the key hierarchical management model proposed by the method of the present application is performed layer by layer, and the encryption relationship is that the upper layer encrypts the lower layer. On one hand, for the convenience of storage, the key hierarchical management scheme stores some key ciphertexts of the same layer together in a block chain; on the other hand, in order to manage the key and the file conveniently, quickly locate the position of the key or the file, and authenticate the authenticity of the key and the file content, the method designs a naming mechanism of a key ciphertext and a file ciphertext.
The naming mechanism divides the naming format into two categories according to whether the content is directly stored on the block chain: one type is a naming format of a key indirectly stored on a block chain, the key is generally used in a client, then a key file is formed and stored on the block chain, and the key comprises pwkey, mastkey, privey and filekey; the other is the naming format of the keys and files stored directly on the blockchain, including pubkey, keyfile, fileupload.
As shown in fig. 4, the first type of naming format is: percal/keys/< Type >/< KeyHash >/< Version >/< Status >. Each field is explained as follows:
prefix "/local/keys": the description is of the key used locally.
/< Type >: it represents the corresponding key type,/< Pwkey > illustrates a password key,/< Mastkey > illustrates a master key,/< key > illustrates a user's private key,/< Filekey > illustrates a file encryption key.
/< KeyHash >: it represents a hash value (SHA256) of the corresponding content for verifying authenticity of the corresponding content.
/< Version >: it represents a version number, representing the version of the key.
/< Status >: it represents the state used to determine whether this key is available, this section containing "valid" and "invalid".
The second type of naming format is: /blockchain/Texttype/< Type >/< KeyHash >/< Blockhash >/< txhash >/< Version >/< Status >. Each field is explained as follows:
prefix "/blockchain/Texttype": "/blockchain" indicates that the text is stored separately on the block chain. "/Texttype" indicates the type of text,/< keys > indicates that a key is corresponded, and/< keyfiles > indicates that a file is corresponded.
/< Type >: it represents the corresponding key or file type,/< Pubkey > illustrates the user's public key,/< Keyfile > illustrates the key file, and/< fileload > illustrates the upload file.
/< KeyHash >: it represents a hash value (SHA256) of the corresponding content for verifying authenticity of the corresponding content.
/< Blockhash >/< txhash >: it represents the location stored in the blockchain for quickly finding the corresponding key or file. The block hash <0 … … ba04d14b0a5b97c3d773a1d2ad. > and the transaction hash < 86689f17155681bfb4accd902d6a0. > were generated.
/< Version >: it represents a version number, representing the version of the key.
/< Status >: it represents a state to determine whether this key or file is available, this section containing "valid" and "invalid".
The key management method for the block chain proposed by the present invention is shown in fig. 5. In the daily operation process, the key management process is as follows:
initialization (pw, uid, pwkey, mastkey, mastkeyiper)
(1) When a user uses the system of the scheme for the first time, registration information such as pw needs to be input. Hashing the pw of the user to generate a login credential uid (h), (pw), and uploading uid to the blockchain node through the blockchain client. When the user logs in the system next time, hash operation uid1 ═ H (pw1) can be performed on the password pw1 input by the user using the smart contract, and whether login is possible can be determined based on whether uid and uid1 match.
(2) Meanwhile, after the first registration, pw is encrypted by using a PBKDF2 algorithm to generate a password key pwkey (PBKDF 2 (pw)).
(3) The user's mastkey is generated using a random number generator.
(4) After the pwkey and the mastkey are generated, a corresponding named record, such as a record of pwkey, is added to the local naming table: local/keys/< Pwkey >/<6ef82a1052a 64469f10f.. 86d7426d61fca >/< V1>/< Valid >.
(5) Both the pwkey and the mastkey are stored in the local client of the user, and the pwkey is used for encrypting the mastkey to generate the ciphertext (Enc) of the master keypwkey(mastkey)。
Generating the remaining keys (privkey, pubkey, keyfile, privkeyiper)
(6) And generating a private key and a pubkey of the user by using an elliptic curve encryption algorithm, wherein the private key of the user is stored in a local client, and the pubkey is uploaded to the blockchain node through the blockchain client.
(7) And then encrypting the private key of the user by using the pwkey to obtain a ciphertext privypiper ═ Enc of the private keypwkey(prikey)。
(8) Because the user's mastkey and pwkey are at the same level of encryption. Therefore, the key file keyfile can be obtained by splicing together the key file keyfile and the masterkeyfile in the storage process, and the keyfile is uploaded to the block chain node through the block chain client.
(9) And when the local client generates a private key or pubkey and keyfile of the user are stored on the block chain node through the uplink, adding a corresponding naming record into the local naming table record. For example, the record of the user's pubkey: i.e.. 2dc00e897c >/000.... 646d34d >/0000000000000000005 bcba 5aff.. 1d01b >/V1 >/Valid.
(10) Otherwise, the user can record the keyfile according to the local naming table<Blockhash>And<txhash>and downloading the keyfile to the local client through the blockchain client. And splitting the keyfile to obtain the mastkeyciper and the prikeyiper. And decrypting the two by using the pwkey to obtain a master key (mac) Decpwkey(masskeyiper) and private user key (Dec)pwkey(prikeyciper)。
Key hierarchy management (filekey, file, fileciper, filekeyiper, fileupload)
(11) When a user uploads a file locally through the blockchain client, the local client randomly generates a file key by using the random number generator.
(12) File cipher text filepointer generated by encrypting file with filekeyfilekey(file), and generating a file encryption key ciphertext filekeyiper by using the mastkey and the ciphertext filekeymastkey(filekey)。
(13) Because the filekeys and the files are in one-to-one correspondence, before uploading the filepointer and the filekeyIcphere to the blockchain node through the blockchain client, the fileupload file and the filekeyIcphere are spliced together to generate an upload file, and then the upload file is uploaded.
(14) When the local client generates a filekeyiper or a fileupload, and the filekeyiper or the fileupload is stored on the blockchain node through the uplink, adding a corresponding naming record, such as a fileupload record, to the local naming table record: /blockchain/< keyfiles >/< fileload >/< e38e20e843e456f.. 1aa59ae2b >/<000.. f.1 fc84a >/<00000000000000000061bdC6ac9.. 9ec47>/< V1>/< Valid >.
(15) Otherwise, the user can record the fileupload according to the local naming table<Blockhash>And<txhash>and downloading the uploaded file to a local client through the block chain client, and splitting the fileupload to obtain the filekeyiper and the fileciper. Then, the mastkey is used to decrypt the filekeyiper to obtain the file encryption key, namely Decmastkey(filekeyiper), decrypting the fileciper by using the filekey to obtain the file Decfilekey(fileciper)。
File sharing (pubkey)B,fileshare,prikeyB,sigmessage)
When a user A wants to send a shared file to a user B, the shared file is stored on a node of a block chain, and the user needs to download the file from the block chain to the local area first when the user A wants to obtain the file; the second is that the shared file is at the user local client.
(16) For the first case, the operation in step (15) may be performed to obtain filekey and filepointer.
(17) Obtaining pubkey of user B through block chain clientB. Using pubkey of user BBEncrypting the filekey to obtain a file encryption key sharing file filekey systempubkeyB(filekey)。
(18) Then the fileciper and the filekeyhare are spliced, and the spliced content is signed by using the private key of the user A to generate a signature digest SigprikeyA(filekeyshare||fileciper)。
(19) And finally, adding the signature to the spliced field to form a shared file, and sending the shared file to the user B.
(20) For the second case, randomly generating file key of the file by using a random number generator, and encrypting the file to generate file ciphertext (Enc)filekey(file), and then performing the operations of the steps (17) to (19).
(21) When user B receives filesize, firstly, the filesize is split to obtain the message, filekeyhare and fileciper, and the pubkey of user A is collected through the block chain clientA
(22) Then, the pubkey of the user A is utilizedAAnd (3) verifying the signature VerpubkeyA (signature) of the signature, verifying whether the file is sent by the user A and verifying the authenticity of the file content.
(23) Finally, the private key of the user B is utilizedBDecrypting filekeyhare to obtain file encryption key (Dec)prikeyB(filekey), decrypting filepointer with filekey to get file Decfilekey(fileciper)。
Password recovery: in the key hierarchical management scheme of the block chain proposed by the method of the present application: the password key encrypts a main key and a user private key, and the cipher texts are spliced to generate a key file which is stored on a node of the block chain; the public key of the user is also stored on the node of the blockchain; the file encryption key encrypts the file to obtain a file ciphertext, the master key encrypts the file encryption key to obtain a file encryption key ciphertext, and the two ciphertexts are spliced to generate an upload file to be stored on a node of the block chain. Therefore, the user can generate the password key only by remembering the password of the user, the key and the file in the blockchain node are downloaded to the local through the blockchain client, and the key and the file are decrypted layer by using the password key, so that all the keys can be obtained. When the login password is forgotten, the account cannot be logged in, and all keys cannot be acquired at the same time. In order to solve the problem, the method designs a password recovery module which adopts a (t, n) threshold key sharing method.
When a user registers for the first time, the password is dispersedly encrypted and stored on a trusted blockchain node so as to be used when the password is recovered. The password decentralized storage process is as follows:
(1) the user local client splits the user's password into n sub-passwords pw → (pw)1,pw2,...,pwn) Wherein n is more than or equal to 1.
(2) Since all people can view the information on the blockchain, the sub-password is encrypted for storage in order to protect the password. The user uses his biometric features B (which may include fingerprints, irises, etc.) to generate the public parameters P and the secret parameters R using an existing fuzzy extractor, with the formula: gen (b) → (P, R).
(3) Private key sk protected by using hash value of secret parameter R as user password1H (r), a user password-protected public and private key pair (sk1, pk1) ═ h (r), h (r) · G is generated.
(4) And grouping and encrypting the sub-passwords split by the user password by using the user password protection public key pk1 to obtain a ciphertext group C (C1, C2, namely
Figure GDA0003582532620000151
When n is 1, the public key pk is protected by the user password1The encryption of the user password in its entirety is a special form of block encryption.
(5) The user local client will disclose the parameters P, CiAnd pk1Grouping and packaging are carried out to generate n secret strings which are marked as (P, C)i,pk1) Wherein i is 1,2, n (n is more than or equal to 1).
(6) And the user local client uploads the n secret strings packaged by the block chain client to n reliable block chain nodes, and records the < Blockhash > and < txhash > of the nodes.
When the user recovers the password, the password backup in the blockchain node is downloaded to the local client, and then the recovery is carried out. The password recovery process is as follows:
(1) the local client of the user selects at least t nodes from the chain nodes of the block which is reliable before (t nodes are selected by the following reduction keys), and the local client of the user selects at least t nodes from the chain nodes of the block which is reliable before (t nodes are selected by the following reduction keys) according to the stored nodes<Blockhash>And<txhash>secret string (P, C) on a node by a blockchain clienti,pk1) And downloading to the local client.
(2) The secret parameter R 'is restored using the public parameter P and the user biometric B', with the formula Rep (P, B ') → R'. From the concept of the fuzzy extractor, if distance (B, B ') of the biometric feature B ' and the original biometric feature B is less than s, R ' generated before and after is equal to R, that is, the fuzzy extraction value is the same. Where distance () is a similarity distance function and s is a well-defined error limit for the blur extractor.
(3) Calculating the Hash value of the obtained secret parameter R' to obtain a private key sk protected by a user password1'=H(R')。
(4) Extracting ciphertext set C' from t secret strings, and recording as (C)1,C2,......,Ct). Protecting the private key sk with the obtained user password1' grouping and decrypting the ciphertext group to obtain t sub-passwords
Figure GDA0003582532620000161
Wherein i is more than or equal to 1 and less than or equal to t.
(5) Using the obtained t sub-passwords pwi'Using Lagrange interpolation method to recover user password pw' ← user password pw1',pw2',...,pwt'). When B ' and B satisfy distance (B, B ') < s, R ' ═ R, sk1'=sk1And pwi'=pwiThen pw ═ pw.
Key and file verification:
since the key hierarchical management scheme of the block chain proposed by the method comprises different kinds of keys such as the user password key, the master key, the user private key and the like, whether the ciphertext information can be correctly decrypted depends on the authenticity of the key. To verify the authenticity of the key, the user can check with the < KeyHash > tag in the key name, as follows:
(1) after a user receives keys or files sent by other users, if the names of the keys or the files have the < Blockhash > and < txhash > tags, the user can download the corresponding keys or files from the blockchain node to a local client through the blockchain client, compare the corresponding keys or files with the previously received contents, and check whether the contents are tampered; at the same time, the user can also perform hash operation on the received or downloaded key or file content, and compare the hash operation with the < KeyHash > value in the name. If the two are the same, the key or file is certified as true, otherwise it is false.
(2) The authenticity verification of the key and the file can also be verified by a signature method, and the key or the file is signed by using a private key of a sender to generate a signature digest. When the receiver receives the key or the file, the public key of the sender is used for checking and signing, and whether the key or the file is tampered or not is judged.
Key revocation and renewal:
the key hierarchical management scheme of the block chain proposed by the method of the present application should also consider the following cases: when the password, the private key, the master key and the file encryption key of the user are leaked, an attacker can use the keys to view the encrypted content. The attacker can also perform a signature on the false content using the private key. This will result in more error content propagation, since the corresponding public key can still be verified. Therefore, it is necessary to design a revocation and renewal mechanism for the key in the method described in the present application. And forming the information into blocks by the nodes in the block chain, sending block information to other nodes in the block chain, and adding the blocks to the block chain after the other nodes pass the verification. Since the generated block cannot be changed, the user cannot actually delete the content in the block chain. The user can only rewrite the latest state and information. A user may query for the latest version and state of a key or file using a smart contract in a blockchain.
For the correlation between the updating difficulty of the key and the number of encryption layers where the key is located, the higher the number of layers is, the more difficult the updating is. When the password of the user is updated, the password is the highest layer of the key, so the updating is most troublesome. The password update flow is as follows:
(1) the < Status > tag in the original password key naming is changed to "invalid".
(2) The user password is stored encrypted in the blockchain node by re-partition.
(3) And re-encrypting the master key and the private key of the user to generate a new key file. The < Version > tag of the new key file is added with 1 on the original < Version > tag, and the < Status > tag of the original key file is changed to 'invalid'. And uploading the new key file and the old key file to the blockchain network through the blockchain client.
(4) The corresponding information in the naming table is modified in the local client.
The updating process of the master key is as follows:
(1) the < Status > tag in the original master key naming is changed to 'invalid', and the < Version > tag of the new key is added with 1 on the original < Version > tag.
(2) And re-encrypting the file encryption key encrypted by the original master key, splicing the file encryption key with the file ciphertext again to generate an upload file, changing the < Status > tag of the original upload file into 'invalid', and adding 1 to the < Version > tag of the new upload file. And uploading the new and old uploaded files to a blockchain network through a blockchain client.
(3) The corresponding information in the naming table is modified in the local client.
The updating process of the public and private keys of the user is as follows:
(1) and generating a new public and private key pair by using an elliptic curve algorithm, changing a < Status > tag in the original public key naming into 'invalid', adding 1 to the original < Version > tag of the new public key, and uploading the new public key and the old public key to a block chain node.
(2) The method comprises the steps of encrypting a private key of a user by using a password key, splicing the private key with a ciphertext of a main key to generate a key file, changing a < Status > tag of an original key file into 'invalid', and adding 1 to the original < Version > tag of a new key file. And uploading the new key file and the old key file to the blockchain network through the blockchain client.
(3) The corresponding information in the naming table is modified in the local client.
The updating process of the file encryption key is as follows:
(1) and regenerating the file encryption key, changing the < Status > tag in the name of the original file encryption key into 'invalid', and adding 1 to the < Version > tag of the new file encryption key.
(2) And encrypting the file by using the new file encryption key to obtain a new file ciphertext, and encrypting the new file encryption key by using the master key to generate a new file encryption key ciphertext. Splicing the two files to generate a new uploading file, changing the < Status > tag in the name of the original uploading file into 'invalid', adding 1 to the < Version > tag of the new uploading file on the original < Version > tag, and uploading the new uploading file and the old uploading file to the block chain node.
(3) The corresponding information in the naming table is modified in the local client.
It should be noted that when the key information of the user is leaked, the information of the key encrypted by the key may become unsafe. Therefore, when updating the key, all keys below the layer to which the key belongs need to be updated, and the specific updating process refers to the above.
And (3) supplementing a scheme:
when the user exits the system, the local client can clear all plaintext keys to ensure safety, and the ciphertext of the keys forms a key set to be stored in the user client. When the user needs, the key set of the local client is accessed first. And if the key set does not exist, downloading the required key to the local client through the block chain client according to the key in the local naming table or the < Blockhash > and < txhash > of the key file.
Analysis and evaluation:
safety analysis and evaluation:
the security analysis of the method disclosed by the application is to perform analysis from three aspects of key security, data security and overall security.
And (3) key security analysis:
the method adopts hierarchical management, and the encryption relationship is that the upper layer key encrypts the lower layer key. Since the cryptographic key is the top layer of the key, the security of the user's password determines the security of the system. And the user's password is known only to the user himself. The user directly determines the security of the password and indirectly determines the security of the system. The login credentials used when the user logs in are the result of the sha256 processing. The one-way nature of sha256 may ensure that the user password is not available to the rest of the users in the blockchain. The local client generates a cryptographic key using the PBKDF2 algorithm. The PBKDF2 algorithm repeats almost thousands of hash operations for password and salt. The difficulty of reverse cracking is too large, and the time for cracking one password may take hundreds of years, so that the password key is only known by the user. The public and private keys of the user are generated through an elliptic curve encryption algorithm, so that other users in the block chain cannot crack the private key of the user according to the public key of the user. The master key is a random number of sufficient length that is generated by a secure random number generator. The password key adopts an AESCBC mode to encrypt the private key and the master key, and the ciphertext is stored on the block chain node. Without the password key, the rest of the users in the blockchain cannot crack the user's master key and private key at all. The key file is very secure. The file encryption key is generated by a secure random number generator, which may ensure the randomness of the key. The file encryption key is stored encrypted by the master key at the chunk chain node, so the file encryption key is also secure. Meanwhile, one file corresponds to one file encryption key, so that malicious users can be prevented from knowing multiple groups of file ciphertexts and violently cracking the file encryption key. In addition, the key ciphertext can be prevented from being tampered by a malicious user by using the characteristics of block chain decentralization, tamper resistance, high transparency and the like. In summary, all keys in the method described in the present application are very secure.
And (3) data security analysis:
when a user uploads a file to a blockchain node, the file is encrypted by a file encryption key and then uploaded to the blockchain node. Because only the user possesses the file key, other users on the blockchain cannot decrypt the file ciphertext without the file key at all. Since the ciphertext data is used in the transmission and storage processes, an attacker can only obtain the file ciphertext data and cannot obtain any useful information. Meanwhile, the file ciphertext is stored on the block chain node, so that an attacker can be prevented from tampering, and the file content is very safe. When data is shared among users, the content of the shared data is still in a ciphertext state. In addition, decryption of the file encryption key is done at the local client. The file encryption key is then encrypted using the shared user's public key. And splicing the encrypted ciphertext and the file ciphertext, signing by using a secret key of a sharer to form a shared file, and then sharing the shared file to a sharing user. Therefore, when the receiver receives the sharing file, the public key of the sharer can be used for signature verification, and whether the sharing content is tampered by an attacker or not is judged. Meanwhile, only the receiver has the private to decrypt the file encryption key ciphertext, so an attacker cannot acquire the file encryption key to decrypt the file ciphertext. The file data is very secure. In summary, the method of the application can well protect the safety of the user data.
Overall safety analysis of the protocol:
the method of the application provides key hierarchical management of a blockchain. The keys are divided into three layers, and the encryption relationship is that the upper layer key encrypts the lower layer key. The security of all keys is guaranteed. In the process of data transmission and storage, all data are ciphertexts. And only the user knows the own key, and the rest people do not know the user key. Therefore, even if an attacker acquires information during transmission or on a blockchain, they cannot decrypt the ciphertext to obtain useful information because the information is ciphertext and the attacker does not have the corresponding key of the user. In the method, only the user knows the password, so the user determines the password and the security of the system. Grouping encryption is carried out on the password of the user at a local client by utilizing the biological characteristics B of the user, and the password is dispersedly stored on n reliable block chain nodes; the user's key ciphertext and the file ciphertext are stored on the blockchain node. By using the characteristics of incapability of tampering of the block chain and the like, an attacker can be prevented from tampering the block chain, and the authenticity of the content is well ensured. While the authenticity of its content can also be authenticated by naming the key and the < KeyHash > tag in the file. When the user logs out of the system, the local client will clear all the keys and files in the plain text. The probability of an attacker attacking the user's local client to obtain the plaintext of the key and file can be reduced. When the secret key of the user is leaked, the secret key can be reset by using the method for revoking and updating, which is provided by the method in the application, so that the loss is reduced; when the user forgets the password, the password recovery operation provided by the method can be utilized to recover, so that the condition that the user forgets the password and can not log in can be avoided. In addition, the related algorithms and techniques used in the methods described herein are well established. In summary, the method is convenient, safe and efficient to manage, and can effectively protect the privacy information of the user.
Analyzing and evaluating efficiency:
in conventional blockchain networks, the storage locations of keys and files are queried using smart contracts. According to the method, the time can be obviously reduced by rapidly determining the storage positions of the key and the file by using the tags < Blockhash > and < txhash > in a naming mechanism. In our scheme the file is encrypted by a file encryption key using a symmetric encryption algorithm. Whereas in conventional blockchain networks files are encrypted by the public key of the user using an asymmetric encryption algorithm. As is known to all, the asymmetric encryption algorithm is more efficient and faster in encryption and decryption and occupies less resources than the asymmetric encryption algorithm, so that the scheme is higher in efficiency in the aspect of user file encryption. The password key is generated by encrypting the login password by using the PBKDF2 algorithm. Levent Ertaul et al selected mobile platforms to measure the performance of PBKDF2, Bcrypt and scrrypt algorithms, which concluded that PBKDF2 was the fastest and best of these 3 algorithms. In a traditional block chain network, a private key of a user can only be used for signing a secret key and a file, and the authenticity of the secret key and the file is verified by using a public key signature verification method. The method can also utilize the label < KeyHash > in a naming mechanism to compare and authenticate the key and the file of the user, so that the time can be saved. Meanwhile, the block chain in the method uses a PBFT consistency algorithm, and thousands of transactions can be processed per second. In summary, the method of the present application is relatively efficient in both key management and file sharing.
Description of the symbols:
to describe the system performance more accurately, the following parameter descriptions are made, as shown in table 2.
TABLE 2 description of the parameters
Figure GDA0003582532620000211
Figure GDA0003582532620000221
Performance analysis:
because the method has more key types, the time for generating all keys and naming by one user is as follows:
Tallkeys=Tpwkey+Tmastkey+Tpripubkey+Tfilekey·n+(n+3)·Tnaming (0-1)
in the method of the present application, the time spent when the user a wants to share a file with the user B is:
Tfileshare=S·(Tfileupload+Tfiletrans+Tdcwj+2·Tv)+2·Tfdcmy+Tdcmy (0-2)
in the conventional blockchain scheme, the time for generating all keys by one user is as follows:
Tallkeys=Tpripubkey (0-3)
in the conventional block chain scheme, the time taken for the user a to share one file with the user B is as follows:
Tfileshare=S·(Tfileupload+Tfiletrans+3·Tfdcwj+3·Tv)+Thycx (0-4)
in the document [ Fan, k., et al (2018). "Secure and private key management scheme in big data Networking", "Peer-to-Peer Networking and Applications 11(5): 992-:
Tallkeys=Tpwkey+Trsa+n·Tfilekey+Tmastkey (0-5)
in the scheme proposed in the document [ Fan, k., et al (2018), "Secure and private key management scheme in big data Networking." Peer-to-Peer Networking and Applications 11(5): 992-:
Tfileshare=S·(Tfilecup+Tfiletrans+Tdcwj+3·Tv)+2·Tfdcmy+Tdcmy+Tyfwcx (0-6)
in the Scheme proposed in the document [ j.lou, q.zhang, z.qi and k.lei, "a block chain-based key Management Scheme for Named Data Networking," 20181 st IEEE International Conference on Hot Information-central Networking (HotICN), Shenzhen,2018, pp.141-146 ], the time taken for one user to generate all keys is:
Tallkeys=Tpripubkey+Tnaming (0-7)
in the Scheme proposed by the document [ j.lou, q.zhang, z.qi and k.lei, "a block chain-based key Management Scheme for Named Data Networking," 20181 st IEEE International Conference on Hot Information-central Networking (HotICN), Shenzhen,2018, pp.141-146 ], the time taken for the user a to share a file with the user B is:
Tfileshare=S·(Tfileupload+Tfiletrans+3·Tfdcwj+2·Tv) (0-8)
FIG. 6 shows the original block chain, the documents [ J.Lou, Q.Zhang, Z.Qi and K.Lei, "A Block chain-based key Management Scheme for Named Data network," 20181 st IEEE International Conference on Hot Information-Central network (HotICN), Shenzhen,2018, pp.141-146 ], and the time at which the user generated all keys in the present application. As can be seen from fig. 6, in the method described in the present application, when the number of user files is 90, the time for generating all keys is only 0.2 seconds, and the influence on the system is small. FIG. 7 shows the original block chain, the documents [ J.Lou, Q.Zhang, Z.Qi and K.Lei "," A Block-based key Management Scheme for Named Data Networking "," 20181 st IEEE International Conference on Hot Information-Central Networking (HotICN), Shenzhen,2018, pp.141-146 ], and the time of different file sharing among users in the present application. Fig. 7 shows that the method of the present application can greatly reduce the file sharing time when sharing files, so that the efficiency of the system can be improved. The safety of the method described in the present application is also very high. In summary, the performance of the method described in the present application is relatively high.
Experimental comparison analysis:
compared to the conventional blockchain key management scheme, it only considers the generation of the key and does not consider the rest of the operations of the key. Document 7[ Fan, k., et al. (2018). "Secure and private key management scheme in big data Networking", "Peer-to-Peer Networking and Applications 11(5): 992-. Document 8[ j.lou, q.zhang, z.qi and k.lei, "a block chain-based key Management Scheme for Named Data Networking," 20181 st IEEE International Conference on Hot Information-central Networking (HotICN), Shenzhen,2018, pp.141-146 ], proposes a block chain-based Named Data network key Management Scheme that names keys to improve the efficiency and security of key Management. The scheme provided by the invention not only considers the processes of key generation, recovery, revocation and updating, but also improves the security and efficiency of key management by using a block chain, a key layering technology and a naming mechanism. A hierarchical key management method is introduced, a working key for data encryption can be dynamically generated, and the reliability of a cryptosystem is greatly enhanced by a multi-layer key system. Meanwhile, the most used working keys are often replaced, and the higher-level keys are less used, so that the decoding difficulty is increased. By introducing the blockchain technology, the data can be ensured to be tracked and not easy to be tampered by a distributed data storage and consensus mechanism. The key management scheme function pair proposed by this scheme and other documents is shown in table 3 below.
Table 3 key management scheme functional comparison
Figure GDA0003582532620000241
The application provides a key hierarchical management method of a block chain, which is used for solving the problem of key security in the existing block chain. The advantages are that: (1) the secret keys are divided into three layers, and the encryption relationship is that the upper layer encrypts the lower layer, so that the safety of all the secret keys is ensured. (2) The user is very convenient when using the system, and can log in the system and generate the plaintext of all keys only by remembering the login password. (3) In order to facilitate management, the method further provides a naming mechanism to facilitate management of all keys and files and improve management efficiency. (4) The situation that the user forgets the login password and loses the user is avoided. And (3) carrying out grouping encryption and decentralized storage on the user password by combining a block chain and a user characteristic encryption technology, and achieving the purpose of password recovery by utilizing a (t, n) secret sharing mechanism. (5) Meanwhile, the method also provides a key revocation and updating mechanism to reduce the loss of the user caused by the leakage of the user key. (6) All the cipher text format is used in the process of key and file transmission and storage. Therefore, an attacker cannot obtain the plaintext key of the user and naturally cannot decrypt the corresponding ciphertext. (7) Using blockchain distributed data storage and consensus mechanisms ensures that data can be tracked and not easily tampered with. (8) The method can also utilize a signature mechanism, a naming mechanism and a storage mechanism to authenticate the authenticity of the key and the file received by the user. In summary, the method can ensure the security and privacy of the user data.

Claims (6)

1. A block chain key hierarchical management method is characterized by comprising the following steps:
initializing a user password pw, a login certificate uid, a password key pwkey, a master key masskey and a master key ciphertext masskeyiper in the block chain system;
generating a user private key, a user public key pubkey, a key file and a user private key ciphertext;
performing hierarchical management on the file encryption key, the file ciphertext fileciper, the file encryption key ciphertext filekeyciper and the uploaded file fileupload;
sharing corresponding files to complete block chain key hierarchical management;
the method further comprises password recovery:
when a user registers for the first time, the password is dispersedly encrypted and stored on a trustworthy blockchain node so as to be used when the password is recovered, and the process of the password dispersedly storing is as follows:
1) the user local client splits the user's password into n sub-passwords pw → (pw)1,pw2,...,pwn) Wherein n is more than or equal to 1;
2) since all people can view the information on the blockchain, the sub-password is encrypted to be stored in order to protect the password; the user uses the biological characteristics B to generate a parameter public parameter P and a secret parameter R by using the existing fuzzy extractor, and the formula is as follows: gen (b) → (P, R);
3) private key sk protected by using hash value of secret parameter R as user password1H (r), a user password protection public and private key pair (sk) is generated1,pk1)=(h(R),h(R)·G);
4) Protecting a public key p using a user passwordk1The sub-passwords split by the user password are encrypted in groups to obtain a ciphertext group C which is marked as (C)1,C2,......,Cn) Wherein
Figure FDA0003582532610000011
When n is 1, the public key pk is protected by the user password1The user password is encrypted integrally, and is in a special form of block encryption;
5) the user local client discloses the parameters P, CiAnd pk1Grouping and packaging are carried out to generate n secret strings which are marked as (P, C)i,pk1) Wherein i is 1,2, n (n is more than or equal to 1);
6) a user local client uploads n secret strings packaged by a block chain client to n reliable block chain nodes, and records < Blockhash > and < txhash > of the nodes;
when the user recovers the password, downloading the password backup in the previous blockchain node to the local client, and then recovering, wherein the password recovery process comprises the following steps:
1) the local client of the user selects at least t nodes from the previous reliable block chain nodes, and the local client selects at least t nodes from the previous reliable block chain nodes according to the previous stored node<Blockhash>And<txhash>secret string (P, C) on a node by a blockchain clienti,pk1) Downloading to a local client;
2) restoring a secret parameter R 'by using the public parameter P and the user biological characteristic B', wherein the formula is Rep (P, B ') → R'; by the concept of the fuzzy extractor, if the distance (B, B ') of the biometric feature B ' and the original biometric feature B is less than s, R ' generated before and after is equal to R, that is, the fuzzy extraction value is the same; wherein distance () is a similarity distance function, and s is an error limit value specified by the fuzzy extractor;
3) calculating the Hash value of the obtained secret parameter R' to obtain a private key sk protected by a user password1'=H(R');
4) Extracting ciphertext set C' from t secret strings, and marking as (C)1,C2,......,Ct) (ii) a Protecting the private key sk with the obtained user password1' grouping and decrypting the ciphertext group to obtain t sub-passwords
Figure FDA0003582532610000021
Wherein i is more than or equal to 1 and less than or equal to t;
5) using the obtained t sub-passwords pwi'recovering user password pw' ← (pw) by Lagrange interpolation method1',pw2',...,pwt') to a host; when B ' and B satisfy distance (B, B ') < s, R ' ═ R, sk1'=sk1And pwi'=pwiThen pw ═ pw;
the method further comprises a secret updating step:
the password key updating process comprises the following steps:
1) change < Status > tag in original password key naming to "invalid";
2) the user password is divided again and stored in the block chain link points in an encrypted manner;
3) re-encrypting the master key and the private key of the user to generate a new key file; adding 1 to the original < Version > tag of the new key file, changing the < Status > tag of the original key file into 'invalid', and uploading the new key file and the old key file to a block chain network through a block chain client;
4) modifying corresponding information in the name list in the local client;
the updating process of the master key is as follows:
1) changing the < Status > tag in the original master key naming to 'invalid', and adding 1 to the original < Version > tag of the new key;
2) the file encryption key encrypted by the original master key is encrypted again, the encrypted file encryption key is spliced with the file ciphertext again to generate an uploading file, the < Status > tag of the original uploading file is changed into 'invalid', the < Version > tag of the new uploading file is added with 1 on the original < Version > tag, and the new uploading file and the old uploading file are uploaded to a block chain network through a block chain client;
3) modifying corresponding information in the name list in the local client;
the updating process of the public and private keys of the user is as follows:
1) generating a new public and private key pair by using an elliptic curve algorithm, changing a < Status > tag in the original public key naming into 'invalid', adding 1 to the original < Version > tag of the new public key, and uploading the new public key and the old public key to a block chain node;
2) encrypting a private key of a user by using a password key, splicing the private key with a ciphertext of a main key to generate a key file, changing a < Status > tag of an original key file into 'invalid', adding 1 to a < Version > tag of a new key file on the original < Version > tag, and uploading the new key file and the old key file to a block chain network through a block chain client;
3) modifying corresponding information in the name list in the local client;
the updating process of the file encryption key is as follows:
1) regenerating a file encryption key, changing a < Status > tag in the name of the original file encryption key into 'invalid', and adding 1 to the original < Version > tag of the new file encryption key;
2) encrypting the file by using the new file encryption key to obtain a new file ciphertext, encrypting the new file encryption key by using the master key to generate a new file encryption key ciphertext, splicing the new file encryption key ciphertext and the master key to generate a new upload file, changing a < Status > tag in the name of the original upload file into 'invalid', adding 1 to the original < Version > tag of the new upload file, and uploading the new upload file and the old upload file to a block chain node;
3) modifying corresponding information in the name list in the local client;
the method of generating the remaining keys is as follows:
generating a user private key and a user public key pubkey by using an elliptic curve encryption algorithm, wherein the user private key is stored in a local client, and the user public key pubkey is uploaded to a blockchain node through a blockchain client;
then using password key pwkey to encrypt user private key to obtain private keyCiphertext priveyciper ═ Encpwkey(prikey);
The main key masskey and the password key pwkey of the user are the same layer in the encryption level, are spliced together during storage to obtain a key file keyfile | | | | priveyiper, and the key file keyfile is uploaded to a block chain node through a block chain client;
when a local client generates a user private key, or the user public key pubkey and a key file keyfile are stored on a block chain node through an uplink, adding a corresponding naming record into a local naming table record;
otherwise, the user can record the key file keyfile according to the local naming table<Blockhash>And<txhash>downloading the key file keyfile to a local client through the block chain client; splitting keyfile to obtain a main key ciphertext (mackeyipper) and a user private key ciphertext (privkeyipper), and decrypting the main key ciphertext and the user private key ciphertext by using a password key (pwkey) to obtain the main key (mackeyipy ═ Dec)pwkey(masskeyiper) and private user key (Dec)pwkey(prikeyciper)。
2. The hierarchical management method for blockchain keys according to claim 1, wherein the initialization method is as follows:
when a user uses the system for the first time, the user needs to input related registration information, hash operation is carried out on a user password pw to generate a login credential uid which is H (pw), and the login credential uid is uploaded to a blockchain node through a blockchain client; when the user logs in the system next time, hash operation uid1 ═ H (pw1) can be performed on the password pw1 input by the user by using the smart contract, and whether the user can log in can be judged according to whether uid and uid1 are consistent;
after the first registration, the user password pw is encrypted by using a PBKDF2 algorithm to generate a password key pwkey which is PBKDF2 (pw);
generating a master key masskey of a user by using a random number generator;
after generating a password key pwkey and a master key masskey, adding corresponding naming records into a local naming table;
password key pwkey and master passwordThe key mapkey is stored in the local client of the user, and the master key mapkey is encrypted by using the master key pwkey to generate a ciphertext (Enc) of the master keypwkey(mastkey)。
3. The method for hierarchical management of blockchain keys as claimed in claim 1, wherein the method for hierarchical management of keys is as follows:
when a user uploads a file through a blockchain client locally, the local client randomly generates a file encryption key by using a random number generator;
encrypting the file by using the file encryption key file to generate file ciphertext (Enc)filekey(file), and simultaneously encrypting the file encryption key filekey by using the master key masskey to generate a file encryption key ciphertext (Enc)mastkey(filekey);
Because the file encryption key filekey and the file are in one-to-one correspondence, before the file ciphertext fileciper and the file encryption key ciphertext fileyciper are uploaded to the block chain node through the block chain client, the file ciphertext fileload and the file encryption key ciphertext need to be spliced together to generate an uploading file fileupload which is filekeyiper and then uploaded;
when a local client generates a file encryption key ciphertext or an uploaded file fileupload is stored on a block chain node through an uplink, adding a corresponding naming record into a local naming list record;
otherwise, the user can upload the file upload according to the local name list record<Blockhash>And<txhash>downloading the uploading file to a local client through a block chain client, and splitting the uploading file upload to obtain a file encryption key ciphertext filekeyiper and a file ciphertext fileciper; then, the master key masskey is used for decrypting the file encryption key ciphertext filekeyiper to obtain the file encryption key filekey which is Decmastkey(filekeyiper), decrypting the file ciphertext fileciper by using the file encryption key to obtain the file (Dec)filekey(fileciper)。
4. The method for hierarchical management of blockchain keys as claimed in claim 1, wherein the file sharing method is as follows:
the method comprises the following steps that a user A wants to send a shared file to a user B, wherein the shared file is stored on a node of a block chain, and the user needs to download the file from the block chain to the local area; secondly, the shared file is located at the local client of the user; aiming at the first condition, the operation in the key hierarchical management obtains a file encryption key and a file ciphertext filepointer;
obtaining public key pubkey of user B through block chain clientB(ii) a Using public key pubkey of user BBEncrypting the file encryption key file to obtain a file encryption key shared file filekeyshare ═ EncpubkeyB(filekey);
Then, the file ciphertext fileciper and the file encryption key sharing file filekeyhare are spliced, and the spliced content is signed by using the private key of the user A to generate a signature digest sigmessageprikeyA(filekeyshare||fileciper);
Finally, adding the signature abstract to the spliced field to form a shared file filesize | | | filekeyhare | | | filepointer, and sending the shared file filesize | | | filepointer to the user B;
for the second case, a file encryption key of the file is randomly generated by using a random number generator, and the file is encrypted to generate a file ciphertext filepointerfilekey(file), and then performing a processing method for the first case;
when the user B receives the shared file fileshare, the shared file fileshare is split to obtain a signature digest, a file encryption key shared file filekeyhare and a file ciphertext fileciper, and a public key pubkey of the user A is collected through the blockchain clientA
Then, the public key pubkey of the user A is utilizedAThe signature digest signmessage is subjected to signature verification VerpubkeyA(sigmessage) verifying whether the document was sent by user a and the authenticity of the contents of the document;
finally, private key of user B is utilizedBFor documentDecrypting the encryption key sharing file filekeyshare to obtain the file encryption key file (Dec)prikeyB(filekeyhare), decrypting the encrypted file ciphertext fileciper by using the file encryption key to obtain the file (Dec)filekey(fileciper)。
5. The blockchain key hierarchical management method according to claim 1, wherein the method further comprises key and file verification:
the key and file verification is performed using the < KeyHash > tag in the key naming, and the verification process is as follows:
1) after a user receives keys or files sent by other users, if the names of the keys or the files have the < Blockhash > and < txhash > tags, the user can download the corresponding keys or files from the blockchain node to a local client through the blockchain client, compare the corresponding keys or files with the previously received contents, and check whether the contents are tampered; meanwhile, the user can also carry out hash operation on the received or downloaded key or file content, and compare the hash operation with the value < KeyHash > in the naming process, if the hash operation is the same as the value in the naming process, the key or the file is proved to be true, otherwise, the hash operation is false;
2) the authenticity verification of the key and the file can also be verified by a signature method, and the key or the file is signed by using a private key of a sender to generate a signature digest; when the receiver receives the key or the file, the public key of the sender is used for checking and signing, and whether the key or the file is tampered or not is judged.
6. The method for hierarchical management of blockchain keys as recited in claim 1, wherein the method further comprises:
when the user quits, the local client clears all plaintext keys, and a cipher text of the keys forms a key set to be stored in the user client; when a user needs, firstly accessing a key set of a local client; and if the key set does not exist, downloading the required key to the local client through the block chain client according to the key in the local naming table or the < Blockhash > and < txhash > of the key file.
CN201910591293.8A 2019-07-02 2019-07-02 Block chain key hierarchical management method Active CN110300112B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910591293.8A CN110300112B (en) 2019-07-02 2019-07-02 Block chain key hierarchical management method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910591293.8A CN110300112B (en) 2019-07-02 2019-07-02 Block chain key hierarchical management method

Publications (2)

Publication Number Publication Date
CN110300112A CN110300112A (en) 2019-10-01
CN110300112B true CN110300112B (en) 2022-05-10

Family

ID=68029976

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910591293.8A Active CN110300112B (en) 2019-07-02 2019-07-02 Block chain key hierarchical management method

Country Status (1)

Country Link
CN (1) CN110300112B (en)

Families Citing this family (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110852745B (en) * 2019-10-12 2022-07-19 杭州云象网络技术有限公司 Block chain distributed dynamic network key automatic updating method
CN110798315B (en) * 2019-11-11 2021-04-13 腾讯科技(深圳)有限公司 Data processing method and device based on block chain and terminal
CN111131254B (en) * 2019-12-25 2022-04-15 中国联合网络通信集团有限公司 File processing method, block chain node, block chain and storage medium
CN111369248B (en) * 2020-03-03 2023-07-04 南京大学 Digital product safe transaction method and system based on blockchain technology
CN111314090B (en) * 2020-03-25 2021-03-26 北京航空航天大学 Secure multi-cloud password management method based on bit level threshold
CN111459672B (en) * 2020-03-30 2023-09-29 百度国际科技(深圳)有限公司 Transaction processing method, device, equipment and medium based on block chain network
CN111556498B (en) * 2020-04-27 2022-10-21 中国银行股份有限公司 Block chain-based APP signature verification method and device
CN111464301B (en) * 2020-04-28 2022-02-11 郑州信大捷安信息技术股份有限公司 Key management method and system
CN111600701B (en) * 2020-04-28 2023-06-27 广州华工信元通信技术有限公司 Private key storage method, device and storage medium based on blockchain
CN111639361B (en) * 2020-05-15 2023-06-20 中国科学院信息工程研究所 Block chain key management method, multi-person common signature method and electronic device
CN111917721B (en) * 2020-06-28 2022-04-05 石家庄铁道大学 Attribute encryption method based on block chain
CN111769938B (en) * 2020-06-29 2023-03-24 福建福链科技有限公司 Key management system and data verification system of block chain sensor
US20220069981A1 (en) * 2020-09-03 2022-03-03 Google Llc Distribute Encryption Keys Securely and Efficiently
CN112069263B (en) * 2020-09-09 2023-08-25 上海万向区块链股份公司 Flow data auditing method, system and medium based on block chain
CN112187454B (en) * 2020-09-14 2022-12-02 国网浙江省电力有限公司 Key management method and system based on block chain
CN112187456B (en) * 2020-09-27 2022-09-16 上海万向区块链股份公司 Key hierarchical management and collaborative recovery system and method
CN112231495A (en) * 2020-10-28 2021-01-15 刘娴 Modeling method and device for individuals and families
CN112765627B (en) * 2021-01-22 2022-02-18 重庆允成互联网科技有限公司 Business report data authority control method based on double-layer authority control
US12010226B2 (en) * 2021-03-17 2024-06-11 International Business Machines Corporation Blockchain data segregation
CN113254972A (en) * 2021-06-10 2021-08-13 永旗(北京)科技有限公司 Information security management method based on block chain
CN113626855B (en) * 2021-07-15 2024-08-06 杭州玖欣物联科技有限公司 Data protection method based on block chain
CN113591140B (en) * 2021-07-30 2023-10-03 安徽韬珀信息技术有限公司 Resource data tamper-proof method, system, computer equipment and storage medium
CN115208640B (en) * 2022-06-24 2024-04-12 中通服创发科技有限责任公司 Named data networking public key management method based on blockchain intelligent contract
CN116089984B (en) * 2023-04-06 2023-06-13 河北科技师范学院 Anti-disclosure management method and system for administrative files
CN116401715B (en) * 2023-06-08 2023-08-22 中国移动紫金(江苏)创新研究院有限公司 Medical data circulation privacy calculation method and system based on blockchain
CN116644458B (en) * 2023-07-26 2023-11-21 泸州职业技术学院 Electronic system information security protection system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104917759A (en) * 2015-05-26 2015-09-16 西安电子科技大学 Third-party-based safety file storage and sharing system and method
CN105245328A (en) * 2015-09-09 2016-01-13 西安电子科技大学 User and file key generation and management method based on third party
CN107623569A (en) * 2017-09-30 2018-01-23 矩阵元技术(深圳)有限公司 Block chain key escrow and restoration methods, device based on Secret sharing techniques
CN108229962A (en) * 2018-01-04 2018-06-29 众安信息技术服务有限公司 Right management method and system based on block chain
CN109918942A (en) * 2019-02-21 2019-06-21 领信智链(北京)科技有限公司 A kind of decentralization identification code management system based on ether mill block chain

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180131511A1 (en) * 2016-08-03 2018-05-10 James Taylor Systems and Methods for Dynamic Cypher Key Management
US10833858B2 (en) * 2017-05-11 2020-11-10 Microsoft Technology Licensing, Llc Secure cryptlet tunnel

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104917759A (en) * 2015-05-26 2015-09-16 西安电子科技大学 Third-party-based safety file storage and sharing system and method
CN105245328A (en) * 2015-09-09 2016-01-13 西安电子科技大学 User and file key generation and management method based on third party
CN107623569A (en) * 2017-09-30 2018-01-23 矩阵元技术(深圳)有限公司 Block chain key escrow and restoration methods, device based on Secret sharing techniques
CN108229962A (en) * 2018-01-04 2018-06-29 众安信息技术服务有限公司 Right management method and system based on block chain
CN109918942A (en) * 2019-02-21 2019-06-21 领信智链(北京)科技有限公司 A kind of decentralization identification code management system based on ether mill block chain

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
A Blockchain-based key Management Scheme for Named Data Networking;Junjun Lou;《2018 1st IEEE International Conference on Hot Information-Centric Networking》;20190110;参见正文第6-8栏 *

Also Published As

Publication number Publication date
CN110300112A (en) 2019-10-01

Similar Documents

Publication Publication Date Title
CN110300112B (en) Block chain key hierarchical management method
CN111639361B (en) Block chain key management method, multi-person common signature method and electronic device
Jin et al. Dynamic and public auditing with fair arbitration for cloud data
JP6504013B2 (en) Cryptographic processing method, cryptographic processing device, and cryptographic processing program
JP4463979B2 (en) Apparatus and method for storing, verifying and using cryptographically camouflaged cryptographic keys
JP5451785B2 (en) System and method for providing contactless authentication
US20090097657A1 (en) Constructive Channel Key
Dwivedi et al. A fingerprint based crypto-biometric system for secure communication
Zhang et al. Provable multiple replication data possession with full dynamics for secure cloud storage
US9531540B2 (en) Secure token-based signature schemes using look-up tables
US20100005318A1 (en) Process for securing data in a storage unit
WO2015116288A2 (en) Authenticatable device
KR101078546B1 (en) Apparatus for coding and decoding of security data file based on data storage unit idedtification, system for electronic signature using the same
Stoianov Cryptographically secure biometrics
CN112906056A (en) Cloud storage key security management method based on block chain
CN110519040B (en) Anti-quantum computation digital signature method and system based on identity
US8954728B1 (en) Generation of exfiltration-resilient cryptographic keys
CN107360252B (en) Data security access method authorized by heterogeneous cloud domain
Abo-Alian et al. Auditing-as-a-service for cloud storage
CN116781332A (en) Block chain-based network flow evidence obtaining and tracing method and system
CN114826607B (en) Edge computing node compression method based on block chain and lightweight storage system
Ma et al. Secure and Efficient Cloud Data Deduplication Supporting Dynamic Data Public Auditing.
TWI381696B (en) Authentication based on asymmetric cryptography utilizing rsa with personalized secret
Al-Saidi et al. Password authentication based on fractal coding scheme
CN112631552A (en) Random number generation and regeneration method based on non-uniform random source and electronic device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20230615

Address after: 065000 No. 115, Xinhua Road, Guangyang District, Langfang City, Hebei Province

Patentee after: Fengjie Technology Co.,Ltd.

Address before: 050043 No. 17, North Second Ring Road, Hebei, Shijiazhuang

Patentee before: SHIJIAZHUANG TIEDAO University

TR01 Transfer of patent right