CN110569668B

CN110569668B - Data encryption storage method, device, equipment and medium based on block chain

Info

Publication number: CN110569668B
Application number: CN201910862628.5A
Authority: CN
Inventors: 陈秀波; 徐刚; 陈海林; 高玉龙; 范瑞彬; 张开翔; 李辉忠; 李成博
Original assignee: Beijing University of Posts and Telecommunications; WeBank Co Ltd
Current assignee: Beijing University of Posts and Telecommunications; WeBank Co Ltd
Priority date: 2019-09-11
Filing date: 2019-09-11
Publication date: 2022-04-26
Anticipated expiration: 2039-09-11
Also published as: CN110569668A

Abstract

The invention discloses a data encryption storage method, a device, equipment and a medium based on a block chain, wherein the data encryption storage method based on the block chain comprises the following steps: the preset endorsement node receives a transaction proposal sent by a sender, executes the transaction proposal to obtain transaction process data corresponding to the endorsement node, the preset proxy node receives the transaction process data sent by the preset endorsement node, encrypts the transaction process data to obtain a transaction ciphertext corresponding to the transaction process data, the preset consensus node receives the transaction ciphertext sent by the preset proxy node and signature information in the transaction process data, performs modularization processing on the transaction ciphertext and the signature information to obtain a consensus module corresponding to the transaction ciphertext and the signature information, and the preset storage node receives the consensus module sent by the preset consensus node and stores the consensus module. The technical problem that user transaction privacy cannot be protected when a block chain technology is applied in the prior art is solved.

Description

Data encryption storage method, device, equipment and medium based on block chain

Technical Field

The present invention relates to the field of blockchain technologies, and in particular, to a method, an apparatus, a device, and a medium for encrypted data storage based on a blockchain.

Background

The blockchain has the characteristics of data that the blockchain cannot be tampered with, can be audited, and is safe and reliable, however, the safety guarantee of the existing blockchain is at the cost of losing the transaction privacy protection effect of the user, for example, sensitive data in a bitcoin of one of blockchain applications is stored in a block chain account in a plaintext form, and data is stored in the block chain account in the plaintext form, which directly results in the disclosure and transparency of data, that is, the transaction process data privacy of the user is disclosed, so that when the blockchain technology is applied, how to protect the transaction privacy of the user becomes a problem that needs to be solved urgently at present.

Disclosure of Invention

The invention mainly aims to provide a data encryption storage method, a data encryption storage device, data encryption storage equipment and a data encryption storage medium based on a block chain, and aims to solve the technical problem that the transaction privacy of a user cannot be protected when a block chain technology is applied in the prior art.

In order to achieve the above object, an embodiment of the present invention provides a block chain-based data encryption storage method, where the block chain-based data encryption storage method is applied to a ciphertext chain system, where the ciphertext chain system includes a preset endorsement node, a preset proxy node, a preset consensus node, and a preset storage node, and the block chain-based data encryption method includes:

the preset endorsement node receives a transaction proposal sent by a sender, executes the transaction proposal and obtains transaction process data corresponding to the endorsement node;

the preset proxy node receives the transaction process data sent by the preset endorsement node, and encrypts the transaction process data to obtain a transaction ciphertext corresponding to the transaction process data;

the preset consensus node receives the transaction ciphertext and the signature information in the transaction process data, which are sent by the preset agent node, and performs modular processing on the transaction ciphertext and the signature information to obtain a consensus module corresponding to the transaction ciphertext and the signature information together;

and the preset storage node receives the consensus module sent by the preset consensus node and stores the consensus module.

Optionally, the step of receiving, by the preset endorsement node, the transaction proposal sent by the sender, executing the transaction proposal, and obtaining the transaction process data corresponding to the endorsement node includes:

the preset endorsement node receives a transaction proposal sent by a sender and verifies the validity of the transaction proposal;

when the transaction proposal is effective, acquiring a user contract ciphertext corresponding to the transaction proposal based on a user contract address in the transaction proposal;

decrypting the user contract ciphertext based on a contract key input by a preset transaction participant to obtain a user contract plaintext corresponding to the user contract ciphertext;

and executing the transaction content in the transaction proposal based on the transaction strategy in the user contract plaintext, and signing the transaction corresponding to the transaction proposal to obtain the transaction process data corresponding to the preset endorsement node.

Optionally, the step of receiving, by the preset proxy node, the transaction process data sent by the preset endorsement node, and encrypting the transaction process data to obtain a transaction ciphertext corresponding to the transaction process data includes:

the preset agent node receives the transaction process data sent by the preset endorsement node and verifies the validity of the transaction process data;

when the transaction process data is valid, encrypting a transaction data structure in the transaction process data to obtain a transaction data ciphertext;

encrypting the keyword set in the transaction process data to obtain a keyword set ciphertext;

and combining the transaction data ciphertext and the keyword set ciphertext to obtain a transaction ciphertext corresponding to the transaction data ciphertext and the keyword set ciphertext together.

Optionally, the step of receiving, by the preset consensus node, the transaction ciphertext and the signature information in the transaction process data sent by the preset agent node, performing modular processing on the transaction ciphertext and the signature information, and obtaining a consensus module corresponding to the transaction ciphertext and the signature information together includes:

the preset consensus node receives the transaction ciphertext and the signature information in the transaction process data sent by the preset agent node, and verifies the transaction ciphertext, the signature information and the preset endorsement node;

when the transaction ciphertext, the signature information and the preset endorsement node pass verification, performing modular processing on the transaction ciphertext and the signature information to obtain a common identification module corresponding to the transaction ciphertext and the signature information;

and running a preset consensus algorithm, and broadcasting the consensus module to the whole network for consensus.

Optionally, the endorsement node comprises a local state database, and the consensus node comprises a global state database;

the step of receiving the consensus module by the preset storage node and storing the consensus module comprises the following steps:

determining whether the preset endorsement node and the preset storage node are in the same server or not;

when the preset endorsement node and the preset storage node are in the same server, the preset consensus node sends the consensus module to the preset storage node, and judges whether the preset storage node links the consensus module;

updating the local state database and the global state database when the preset storage node is determined to uplink the common identification module;

when the preset endorsement node and the preset storage node are not in the same server, the preset consensus module is sent to the preset storage node and the preset endorsement node by the preset consensus node, a request for retrieving the consensus module is sent to the preset storage node through the endorsement node, and whether the preset storage node links the consensus module or not is judged;

and updating the local state database and the global state database when the preset storage node is determined to uplink the common identification module.

Optionally, after the step of receiving, by the preset storage node, the consensus module sent by the preset consensus node and storing the consensus module, the preset storage node includes:

the endorsement node receives a private key and a preset keyword index sent by a preset retrieval party and generates a trapdoor corresponding to the private key and the preset keyword index;

based on the key word set ciphertext information corresponding to the transaction ciphertext, the trapdoor and the public key corresponding to the private key, the preset storage node retrieves on the block chain to obtain the transaction data ciphertext;

and based on the private key, decrypting the transaction data ciphertext through the preset searching party.

The invention also provides a data encryption storage device based on the block chain, which is applied to a data encryption storage device based on the block chain, and the data encryption storage device based on the block chain comprises:

the endorsement module is used for receiving a transaction proposal sent by a sender by the preset endorsement node, executing the transaction proposal and obtaining transaction process data corresponding to the endorsement node;

the encryption module is used for the preset proxy node to receive the transaction process data sent by the preset endorsement node, and encrypt the transaction process data to obtain a transaction ciphertext corresponding to the transaction process data;

the consensus module is used for receiving the transaction ciphertext and the signature information in the transaction process data sent by the preset agent node by the preset consensus node, and performing modular processing on the transaction ciphertext and the signature information to obtain a consensus module corresponding to the transaction ciphertext and the signature information together;

and the storage module is used for receiving the consensus module sent by the preset consensus node by the preset storage node and storing the consensus module.

Optionally, the endorsement module comprises:

the first verification unit is used for receiving a transaction proposal sent by a sender by the preset endorsement node and verifying the validity of the transaction proposal;

a first obtaining unit, configured to, when the transaction proposal is valid, obtain a user contract ciphertext corresponding to the transaction proposal based on a user contract address in the transaction proposal;

the decryption unit is used for decrypting the user contract ciphertext based on the contract key input by the preset transaction participant to obtain a user contract plaintext corresponding to the user contract ciphertext;

and the execution unit is used for executing the transaction content in the transaction proposal based on the transaction strategy in the user contract explication text, signing the transaction corresponding to the transaction proposal and obtaining the transaction process data corresponding to the preset endorsement node.

Optionally, the encryption module includes:

the second verification unit is used for receiving the transaction process data sent by the preset endorsement node by the preset agent node and verifying the validity of the transaction process data;

the first encryption unit is used for encrypting a transaction data structure in the transaction process data to obtain a transaction data ciphertext when the transaction process data is valid;

the second encryption unit is used for encrypting the keyword set in the transaction process data to obtain a keyword set ciphertext;

and the second acquisition unit is used for combining the transaction data ciphertext and the keyword set ciphertext to obtain a transaction ciphertext corresponding to the transaction data ciphertext and the keyword set ciphertext together.

Optionally, the consensus module comprises:

the third verification unit is used for receiving the transaction ciphertext and the signature information corresponding to the transaction process data by the preset consensus node and verifying the transaction ciphertext, the signature information and the endorsement node;

the modularization unit is used for modularly processing the transaction ciphertext and the signature information to obtain a consensus module corresponding to the transaction ciphertext and the signature information when the transaction ciphertext, the signature information and the preset endorsement node are verified;

and the consensus unit is used for operating a preset consensus algorithm and carrying out network-wide broadcasting to network-wide consensus on the consensus module.

Optionally, the data encryption storage device based on the blockchain further includes:

the first acquisition module is used for receiving the safety parameters sent by the preset transaction participant by the preset proxy node and acquiring system parameters corresponding to the safety parameters based on a preset system initialization algorithm;

and the second acquisition module is used for acquiring a key corresponding to the preset transaction based on the system parameter and a preset key generation algorithm.

the first judging module is used for sending the consensus module to the preset storage node by the preset consensus node and judging whether the preset storage node links the consensus module or not when the preset endorsement node and the preset storage node are in the same server;

a determining module, configured to determine whether the preset endorsement node and the preset storage node are in the same server;

a first update module, configured to update the local state database and the global state database when it is determined that the preset storage node uplinks the common identity module;

the second judging module is used for sending the consensus module to the preset storage node and the preset endorsement node by the preset consensus node when the preset endorsement node and the preset storage node are not in the same server, sending a request for retrieving the consensus module to the preset storage node through the endorsement node, and judging whether the preset storage node links the consensus module or not;

a second updating module, configured to update the local state database and the global state database when it is determined that the preset storage node uplinks the common identification module.

the third acquisition module is used for receiving a private key and a preset keyword index sent by a preset searcher by the endorsement node and generating a trapdoor corresponding to the private key and the preset keyword index;

the retrieval module is used for retrieving the preset storage node on the block chain based on the key word set ciphertext information corresponding to the transaction ciphertext, the trapdoor and the public key corresponding to the private key to obtain the transaction data ciphertext;

and the decryption module is used for decrypting the transaction data ciphertext through the preset searching party based on the private key.

The invention also provides a data encryption storage device based on the block chain, which comprises: the block chain based data encryption storage method comprises a memory, a processor and a program of the block chain based data encryption storage method stored on the memory and capable of running on the processor, wherein the program of the block chain based data encryption storage method can realize the steps of the block chain based data encryption storage method when being executed by the processor.

The present invention also provides a medium having a program stored thereon for implementing the blockchain-based data encryption storage method, where the program implements the steps of the blockchain-based data encryption storage method as described above when executed by a processor.

The application receives the transaction proposal sent by the sender through the preset endorsement node, executes the transaction proposal to obtain the transaction process data corresponding to the endorsement node, then the transaction process data sent by the preset endorsement node is received by the preset agent node, encrypting the transaction process data to obtain a transaction ciphertext corresponding to the transaction process data, and further, receiving the transaction ciphertext sent by the preset agent node and the signature information in the transaction process data through the preset consensus node, and finally, the preset storage node receives the consensus module sent by the preset consensus node and stores the consensus module. That is, in the present application, the transaction process data may be obtained by executing the transaction proposal through the preset endorsement node, and then the transaction process data is encrypted by the preset proxy node to obtain the transaction ciphertext, and further, the transaction ciphertext and the signature information are synthesized into the consensus module through the preset consensus node and stored through the preset storage node, so that the purpose of encrypting and storing the transaction privacy data is achieved, and the technical problem that the user transaction privacy cannot be protected when the block chaining technology is applied in the prior art is solved.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.

FIG. 1 is a schematic flow chart of a first embodiment of block chain-based data encryption storage according to the present invention;

FIG. 2 is a flowchart illustrating a second embodiment of block chain-based data encryption storage according to the present invention;

FIG. 3 is a flowchart illustrating a fourth embodiment of block chain-based data encryption storage according to the present invention

Fig. 4 is a schematic device structure diagram of a hardware operating environment related to the method according to the embodiment of the present invention.

The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.

Detailed Description

It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.

The invention provides a data encryption storage method based on a block chain, which is applied to a ciphertext chain system, wherein the ciphertext chain system comprises a preset endorsement node, a preset proxy node, a preset consensus node and a preset storage node, and in the first embodiment of the data encryption storage based on the block chain, referring to fig. 1, the data encryption storage method based on the block chain comprises the following steps:

step S10, the preset endorsement node receives a transaction proposal sent by a sender, and executes the transaction proposal to obtain transaction process data corresponding to the endorsement node;

in this embodiment, it should be noted that the preset endorsement node has functions of executing the transaction proposal and signing the transaction of the transaction proposal, and the preset endorsement node is a preset transaction participant of the transaction corresponding to the transaction proposal, where the transaction proposal includes information such as transaction content, a keyword set, a timestamp, an ID and ID signature, a user contract address, and a Nonce value, where the transaction content is specific content to be executed by the transaction proposal, for example, the transaction content may be credit score update, stock right transaction, and the like, the keyword set is a preset number of keywords corresponding to the transaction content, the keywords are filled by a user or randomly generated by a preset computer based on the transaction content included in the transaction proposal, and the preset number may be set by the user or may be a number defaulted by the ciphertext chain system, generally, however, the larger the number of the keywords, the more convenient the retrieval of the transaction, the timestamp is the time when the transaction proposal is generated, the identity ID is the identity information registered by the sender of the transaction proposal at a preset certificate authority, wherein the identity information includes an account number, a password and the like, the ID signature is the signature of the sender on the transaction proposal, in addition, the user contract address refers to the unique identifier of the user contract in the block chain, the specific position of the user contract in the block chain database can be located, specifically, the user contract address contains a code, and when the preset specific condition of the user contract is met, the code is executed, that is, the operation of locating the specific position of the user contract in the block chain database is executed, and the Nonce value is the ID for identifying the transaction, the Nonce value will be incremented by 1 after each transaction is performed.

The transaction process data comprises a transaction data structure and signature information, specifically, the transaction data structure is a result of executing the transaction proposal, wherein the transaction data structure comprises read-write sets of various transaction related data, for example, when the transaction is an equity transaction, the transaction data structure comprises read-write sets of information such as share right transfer proportion, share right transfer price and the like, further, after the preset endorsement node executes the transaction proposal, the transaction is signed, and then the signature information is obtained, wherein, in order to obtain the signature information, a digital signature mode is usually adopted in a block chain for signing, specifically, firstly, the information of the transaction is extracted to form a transaction summary, then the transaction summary is shortened into a character string with a fixed length, and further, the character string is encrypted through an asymmetric encryption mode to form the digital signature, that is, the character string is asymmetrically encrypted to form the signature information, where the asymmetric encryption mode is encryption by a public-private key pair, specifically, a private key of a user is obtained, and a public key corresponding to the private key is obtained according to the private key, where if the file a is encrypted by the private key, the file a can only be decrypted by the public key corresponding to the private key, or if the file a is encrypted by the public key, the file a can only be decrypted by the private key corresponding to the public key.

The preset endorsement node receives a transaction proposal sent by a sender, executes the transaction proposal to obtain transaction process data corresponding to the endorsement node, specifically, the preset endorsement node receives the transaction proposal sent by the sender, obtains the user contract through the user contract address, and further, executing the transaction content in the transaction proposal according to the content of the transaction strategy in the user contract to obtain the transaction data structure, namely, then signing the transaction to obtain transaction process data corresponding to the preset endorsement node, namely, obtaining a read-write set of various transaction related data, and further, after the transaction is executed, and signing the transaction to obtain the signature information, and further obtaining the transaction data structure, the signature information and the keyword set, namely obtaining the transaction process data.

The steps of acquiring a transaction proposal by the preset endorsement node, executing the transaction proposal and obtaining the transaction process data corresponding to the preset endorsement node comprise:

step S11, the preset endorsement node receives a transaction proposal sent by a sender and verifies the validity of the transaction proposal;

in this embodiment, the preset endorsement node receives a transaction proposal sent by a sender, and verifies the validity of the transaction proposal, specifically, after verifying whether a transaction included in the transaction proposal is valid, when the transaction is invalid, returns information that the transaction is invalid to the sender; when the transaction is valid, executing the transaction proposal, wherein the manner of verifying whether the transaction included in the transaction proposal is valid includes verifying validity of the timestamp, verifying validity of the identity of the sender, and the like, specifically, the manner is as follows: verifying whether a timestamp of the transaction proposal is valid, wherein the timestamp is usually a sequence of characters that uniquely identifies the time of a moment, i.e., the timestamp is a complete, verifiable piece of data that indicates that a piece of data existed before a particular time. The second method comprises the following steps: verifying the validity of the identity of the sender, wherein the verifying the validity of the identity of the sender includes verifying the identity ID and the ID signature, and since the identity ID is identity information registered by the sender in a preset certificate authority, the identity ID can be queried in the preset certificate authority, and in addition, the ID signature is usually formed by encrypting in an asymmetric encryption manner, specifically, for example, assuming that a is the sender and B is the preset endorsement node, that is, B is the receiver, so a needs to encrypt the original information in two steps, specifically, the first step: the first layer of encryption is carried out on the original information by using the private key of A, and the second step is as follows: and (3) performing second-layer encryption by using the public key of the B on the basis of the data obtained in the first step, and performing decryption twice in the reverse order after the B receives the encrypted information: the first step is as follows: decrypting the received information by the private key of B to obtain the information encrypted by the private key of A, wherein the layer of encryption proves that the information is encrypted and sent by A, because only the private key of A can complete the encryption, namely, the possibility that the information is forged by others or pretends to be A by others is eliminated, and in the second step, decrypting the information once again by the public key of A on the basis of the data obtained in the first step to obtain the original information, the purpose of encryption is to ensure that only B can decrypt and obtain the original information, because only B has a decryption private key, even if others see the encrypted information, the information cannot be decrypted and cannot be tampered, so the ID signature can be decrypted by the randomly determined private key or the public key sent by the sender, thereby obtaining the ID information decrypted by the ID signature and comparing the ID information with the preset ID information, and further, when the transaction proposal is verified to be valid, the operation of executing the transaction proposal is carried out, and when the transaction proposal is verified to be invalid, the endorsement node returns error information to a preset agent node and the sender.

Step S12, when the transaction proposal is valid, based on the user contract address in the transaction proposal, obtaining the user contract ciphertext corresponding to the transaction proposal;

in this embodiment, when the transaction proposal is valid, a user contract ciphertext corresponding to the transaction proposal is obtained based on a user contract address in the transaction proposal, specifically, the transaction proposal includes the user contract address, the user contract address includes a section of code, and when a preset specific condition of a user contract is satisfied, the section of code is executed, that is, when a preset retrieval condition is satisfied, the user contract ciphertext is retrieved based on the user contract address, so as to obtain the user contract ciphertext.

Step S13, based on the contract key input by the preset transaction participant, the user contract ciphertext is decrypted to obtain the user contract plaintext corresponding to the user contract ciphertext;

in this embodiment, it should be noted that the contract key refers to a private key corresponding to a public key used for encrypting a user contract ciphertext, and the user contract ciphertext is decrypted based on the contract key, that is, based on a preset decryption algorithm, the contract key and the user contract ciphertext are used as input, so that the user contract plaintext is output, and further the user contract plaintext corresponding to the user contract ciphertext is obtained, further, if the user contract ciphertext is not retrieved or the decryption fails, it is indicated that a provided contract address is incorrect, or the preset endorsement node is not a node specified in the user contract and involved in a transaction, at this time, the preset endorsement node returns an error message to a preset proxy node and the sender, and if the user contract plaintext is successfully obtained, because the user contract plaintext includes a transaction policy, a keyword format, and the like, and verifying the keyword set included in the transaction proposal based on the keyword format, if the verification fails, returning error information to a preset agent node and the sender by the preset endorsement node, and if the verification succeeds, executing the transaction proposal based on the transaction strategy.

And step S14, executing the transaction content in the transaction proposal based on the transaction strategy in the user contract plaintext, and signing the transaction corresponding to the transaction proposal to obtain the transaction process data corresponding to the preset endorsement node.

In this embodiment, based on the transaction policy in the clear text of the user contract, executing the transaction content in the transaction proposal, and signing the transaction corresponding to the transaction proposal to obtain transaction process data corresponding to the preset endorsement node, wherein, assuming that the transaction is an equity transfer transaction, and the equity transfer transaction is participated by A, B two users, and a is a sender, and B is a receiver, that is, a sends the transaction proposal to B, and B is a preset endorsement node user, if the transaction policy is that a transfers 20% of equity to B, and the transaction amount is transferred in a set bank, and the transaction content is that an equity transfer transaction is performed between A, B, the transaction proposal is executed to execute the equity transfer between a and B, and an execution result is obtained, wherein the execution result includes an equity transfer success proof, and after executing the transaction proposal, B also needs to sign on the transaction electronic contract respectively, the signature information can comprise the abstract of the transaction content and the name of the company represented by B respectively, and finally, the union of the execution result, the signature information and the keyword set in the transaction proposal is the transaction process data. The signature information includes the transaction digest and other identity information, and is obtained by performing the asymmetric encryption on the transaction digest and the other identity information, specifically, the transaction digest and the other identity information are extracted first, then the transaction digest and the other identity information are substituted into a preset hash function to be shortened into a special character string of fixed characters, and further, the special character string is encrypted by the asymmetric encryption method to obtain the signature information.

Step S20, presetting the preset proxy node to receive the transaction process data sent by the preset endorsement node, and encrypting the transaction process data to obtain a transaction ciphertext corresponding to the transaction process data;

in this embodiment, it should be noted that the preset agent node is one of endorsement nodes specified in the ciphertext chain system, and after all the preset endorsement nodes participating in the transaction execute and complete the transaction proposal, all the preset endorsement nodes participating in the transaction send the transaction process data to the preset agent node, where the transaction process data includes a transaction data structure, signature information, and a keyword set, but since the signature information is encrypted, in this embodiment, only the transaction data structure and the keyword set need to be encrypted.

The preset proxy node receives the transaction process data, encrypts the transaction process data to obtain a transaction ciphertext corresponding to the transaction process data, specifically, the preset proxy node receives the transaction process data sent by all preset endorsement nodes participating in the transaction, and then encrypts the transaction data structure based on an exclusive-or operation to obtain the transaction data ciphertext corresponding to the transaction data structure, specifically, for example, assuming that the binary system of the transaction data structure is 1100 and the binary system of a preset encryption key is 0110, the binary system of the transaction data ciphertext can be obtained as 0101 through the exclusive-or operation, and since the exclusive-or operation is reversible, the process of encrypting the transaction data structure is reversible, and further, a public key is generated through a preset key generation algorithm based on a private key randomly generated by the ciphertext chain system, and encrypting the keyword set based on the private key to obtain a keyword set ciphertext corresponding to the keyword set, and finally merging the transaction data ciphertext and the keyword set ciphertext to obtain the transaction ciphertext.

Step S30, the preset consensus node receives the transaction ciphertext and the signature information in the transaction process data sent by the preset agent node, and performs modular processing on the transaction ciphertext and the signature information to obtain a consensus module corresponding to the transaction ciphertext and the signature information;

in this embodiment, the pre-defined consensus node receives the transaction ciphertext sent by the pre-defined agent node and the signature information in the transaction process data, modularizing the transaction ciphertext and the signature information to obtain a consensus module corresponding to the transaction ciphertext and the signature information, wherein, it should be noted that the preset consensus node is all consensus nodes of the whole network or a subset of all consensus nodes of the whole network, after the preset consensus node receives the transaction ciphertext and the signature information corresponding to the transaction process data, the whole network consensus is carried out on the transaction ciphertext and the signature information, the core of the network consensus is to run a consensus algorithm to ensure the consistency of block chain accounts, so that the transaction can be presented in a ciphertext form.

Specifically, within a preset consensus time period, the preset consensus node receives a transaction ciphertext and signature information of an attached endorsement node sent by each preset proxy node from a block chain network, wherein the preset consensus node verifies the transaction ciphertext, the signature information and the endorsement node, if the verification fails, returns error information to the preset proxy node, the preset endorsement node and the sender and searches for a verification failure reason, if the verification succeeds, modularizes the transaction ciphertext and the signature information to obtain a consensus module corresponding to the transaction ciphertext and the signature information together, and specifically, since the preset consensus node does not participate in verification and execution of transaction contents, the preset consensus node meets the premise that the preset consensus node does not need to establish a trust model, the preset consensus node adopts a modular design, namely, a consensus module can be obtained only by inputting the transaction ciphertext and the signature information into a preset basic module, and the consensus module comprises transaction ciphertexts of a plurality of transactions and corresponding keyword set ciphertexts, wherein the consensus module comprises a plaintext area and a ciphertext area, the plaintext area comprises a block head and an attached text part, the keyword set ciphertexts are hashed into one Mercker tree, the block head comprises a root hash value of the keyword set ciphertexts, the attached text part comprises the signature information, the block body comprises the transaction data ciphertexts, and the ciphertext area comprises the transaction data ciphertexts.

And step S40, the preset storage node receives the consensus module sent by the preset consensus node and stores the consensus module.

In this embodiment, it should be noted that the preset storage node should be a whole-network storage node or a subset of the whole-network storage node, the preset consensus node sends the consensus module to the preset storage node after the consensus time period ends, and the preset storage node loads the consensus module onto a block chain, that is, the preset storage node receives the consensus module sent by the preset consensus node and stores the consensus module.

The steps that the preset endorsement node receives a transaction proposal sent by a sender, executes the transaction proposal and obtains transaction process data corresponding to the endorsement node comprise:

step A10, the preset proxy node receives the security parameters sent by the preset transaction participant, and based on a preset system initialization algorithm, obtains system parameters corresponding to the security parameters;

in this embodiment, the preset proxy node receives a security parameter sent by the preset transaction participant, and obtains a system parameter corresponding to the security parameter based on a preset system initialization algorithm, where the security parameter is set by a user or a system default security parameter is used, specifically, the preset proxy node inputs a security parameter 1k to the ciphertext chain system, where k is a unit related to security strength, the ciphertext chain system outputs a system parameter set, and the system parameter set is (G1, G2, e, H1, H2, G), where H1 and H2 are two collision-resistant hash functions, H1 and H2 are both mapped to a finite field G1, G is a generator of G1, and e is a bilinear mapping function.

And A20, acquiring a key corresponding to the preset transaction based on the system parameters and a preset key generation algorithm.

Acquiring a key corresponding to a preset transaction based on the system parameters and a preset key generation algorithm, specifically, randomly generating respective private keys by a sender of the transaction and a participant of the transaction, inputting the respective private keys and the preset key generation algorithm into the ciphertext chain system, outputting respective public keys corresponding to the respective private keys by the ciphertext chain system, and finally acquiring respective key pairs of the transaction party and the participant, wherein one key pair comprises one private key and one corresponding public key, and the preset key generation algorithm is associated with the system parameter set, for example, assuming that the preset key generation algorithm is t_iGiven gsi, the set of private keys is (s1, s2, s3), and the set of public keys is (t1, t2, t 3).

In this embodiment, the preset endorsement node receives the transaction proposal sent by the sender, executes the transaction proposal to obtain the transaction process data corresponding to the endorsement node, then the transaction process data sent by the preset endorsement node is received by the preset agent node, encrypting the transaction process data to obtain a transaction ciphertext corresponding to the transaction process data, and further, receiving the transaction ciphertext sent by the preset agent node and the signature information in the transaction process data through the preset consensus node, and finally, the preset storage node receives the consensus module sent by the preset consensus node and stores the consensus module. That is, in the present application, the transaction process data may be obtained by executing the transaction proposal through the preset endorsement node, and then the transaction process data is encrypted by the preset proxy node to obtain the transaction ciphertext, and further, the transaction ciphertext and the signature information are synthesized into the consensus module through the preset consensus node and stored through the preset storage node, so that the purpose of encrypting and storing the transaction privacy data is achieved, and the technical problem that the user transaction privacy cannot be protected when the block chaining technology is applied in the prior art is solved.

Further, referring to fig. 2, based on the first embodiment in the present application, in another embodiment of providing a data encryption storage method based on a block chain, the step of receiving, by the preset proxy node, the transaction process data sent by the preset endorsement node, and performing encryption processing on the transaction process data to obtain a transaction ciphertext corresponding to the transaction process data includes:

step S21, the preset agent node receives the transaction process data sent by the preset endorsement node and verifies the validity of the transaction process data;

in this embodiment, it should be noted that, in an ideal situation, the preset agent node receives all the transaction process data from a preset endorsement node, and all the transaction process data should be consistent, but in practice, the preset agent node may not receive a small number of the transaction process data of the preset endorsement node due to a failure or the like, or the received transaction process data is determined to be erroneous after comparison, so that at this time, the validity of the transaction process data needs to be verified, specifically, the number of the preset endorsement nodes that have sent correct transaction process data is counted, and whether the number reaches a preset number threshold is determined, where the preset number threshold is set by a user or a number threshold that is default for the ciphertext chain system is adopted, and when the number reaches the preset number threshold, and carrying out the next data encryption process, and when the quantity does not reach the preset quantity threshold value, the preset agent node resends the execution failure message to the sender and clears the transaction execution site.

Step S22, when the transaction process data is valid, encrypting the transaction data structure in the transaction process data to obtain a transaction data ciphertext;

in this embodiment, it should be noted that the transaction data structure corresponding to the transaction process data is encrypted to obtain the transaction data ciphertext corresponding to the transaction data structure, where the encryption method is to encrypt the transaction data structure through an exclusive-or operation, specifically, first obtain a collision-resistant habb-chi function and two randomly generated random values, where the hash function is a first preset key generation algorithm, then substitute the two random values into the collision-resistant hash function to obtain an encryption key corresponding to the two random values, and then perform an exclusive-or operation on the encryption key and the transaction data structure to obtain the transaction data ciphertext.

Step S23, encrypting the keyword set corresponding to the transaction data structure to obtain a keyword set ciphertext corresponding to the keyword set;

in this embodiment, it should be noted that, the pair of keyword sets is encrypted to obtain a keyword set ciphertext corresponding to the keyword set, specifically, two random numbers that are randomly generated are first obtained, where r1 and r2 are two random numbers in a random domain randomly generated by the preset proxy node, and the two random values are substituted into the following formula to obtain a keyword set ciphertext E_WIs (a, B0, … …, Bj, C1, … … Cn), where G is a generator of the G1 finite field, h and f are two hash functions, the keyword set, y is a public key sent by a preset transaction participant to a preset proxy node, and W ═ { W ═ W₁,…w_lThe public key is obtained by substituting a randomly determined private key into a preset key generation algorithm, wherein the private key is a random value, and the preset key generation algorithm is

Where si is the private key and ti is the public key.

I is more than or equal to 1 and less than or equal to l, wherein h_i＝H₁(w_i),f_i＝H₂(w_i)

And step S24, merging the transaction data ciphertext and the keyword set ciphertext to obtain a transaction ciphertext corresponding to the transaction data ciphertext and the keyword set ciphertext.

And acquiring a transaction data structure and a transaction ciphertext corresponding to the keyword set based on the transaction data ciphertext and the keyword set ciphertext, specifically, performing union processing on the transaction data ciphertext and the keyword set ciphertext based on the transaction data ciphertext and the keyword set ciphertext to obtain a union of the transaction data ciphertext and the keyword set ciphertext, that is, acquiring the transaction ciphertext corresponding to the transaction data ciphertext and the keyword set ciphertext together.

In this embodiment, the transaction process data sent by the preset endorsement node is received by a preset proxy node, validity of the transaction process data is verified, then a transaction data structure corresponding to the transaction process data is encrypted to obtain a transaction data ciphertext corresponding to the transaction data structure, a keyword set corresponding to the transaction process data is encrypted to obtain a keyword set ciphertext corresponding to the keyword set, and finally, the transaction data structure and the transaction ciphertext corresponding to the keyword set are obtained based on the transaction data ciphertext and the keyword set ciphertext. That is, after the validity of the transaction process data is verified, the keyword set and the transaction data structure are respectively encrypted to obtain the transaction data ciphertext and the keyword set ciphertext, and further, the transaction data ciphertext and the keyword set ciphertext are subjected to union processing to obtain the transaction ciphertext, so that the transaction process data is encrypted, and a foundation is laid for achieving the purpose of encrypting and storing the transaction process data.

Further, based on the first embodiment of the present application, in another embodiment of providing a data encryption storage method based on a block chain, the step of receiving, by the preset consensus node, the transaction ciphertext and the signature information in the transaction process data, performing modular processing on the transaction ciphertext and the signature information, and obtaining a consensus module corresponding to the transaction ciphertext and the signature information together includes:

step S31, the preset consensus node receives the transaction ciphertext and the signature information in the transaction process data sent by the preset agent node, and verifies the transaction ciphertext, the signature information and the preset endorsement node;

in this embodiment, the preset consensus node receives the transaction ciphertext and the signature information in the transaction process data sent by the preset agent node, and verifies the transaction ciphertext, the signature information and the preset endorsement node, where the verification process for the transaction ciphertext, the signature information and the endorsement node includes the following four verification processes: the first process is to verify whether the transaction ciphertext is within a preset capacity range, specifically, since the data of the transaction is limited in capacity after being packed, it can be ensured that one preset consensus node having the same upper limit of capacity can accommodate more transaction amounts, and similarly, if the transaction amount included in one preset consensus node is too small, the overall transaction performance of the block chain can be significantly reduced. And a second step of verifying whether the timestamp of the transaction ciphertext is within the consensus time period corresponding to the transaction, wherein the preset proxy node attaches a timestamp to the transaction before sending the transaction to indicate the time of sending the transaction, the timestamp is also in the transaction data structure, but indicates the generation time of the proposal of the sender, the generation time is used as a part of the transaction ciphertext and is not sensed by the preset consensus node, and the preset consensus node detects whether the timestamp attached to the transaction ciphertext by the preset proxy node is within the consensus time period corresponding to the transaction. And thirdly, verifying the identity of the preset endorsement node, and sending signature information and identity information of all preset endorsement nodes participating in the transaction including the preset agent node to the preset consensus node by the preset agent node, wherein the identity information refers to the digital identity of the preset endorsement node in a block chain network, the preset agent node detects whether the digital identity is valid and whether the preset endorsement node has endorsement authority and the like, and in addition, the signature information of all the preset endorsement nodes is decrypted through a preset ID public key, transaction digests corresponding to all the signature information are obtained through decryption, and whether the transaction digests corresponding to all the signature information are consistent is verified. And fourthly, verifying whether repeated transactions exist, wherein the preset consensus node may receive a plurality of repeated transactions from the preset agent node, so that the preset consensus node needs to discriminate the repeated transactions, specifically, a global state database is established at each preset consensus node, state information of all nodes in the block chain network is recorded, valuable information about the transactions and users cannot be leaked by the measure, and after each created transaction participates in the global consensus, the state information stored in the global state database is changed accordingly, so that the repeated transactions can be recognized very simply.

Step S32, when the transaction ciphertext, the signature information and the preset endorsement node pass the verification, performing modular processing on the transaction ciphertext and the signature information to obtain a common identification module corresponding to the transaction ciphertext and the signature information;

in this embodiment, the transaction ciphertext and the signature information are modularly processed to obtain a consensus module corresponding to the transaction ciphertext and the signature information, specifically, the preset consensus node is modularly designed, and the transaction ciphertext and the signature information have corresponding positions on the consensus module, that is, the preset consensus node has already established a preset basic module, and after receiving the transaction ciphertext and the signature information, the consensus module corresponding to the transaction ciphertext and the signature information can be obtained by adding the transaction ciphertext and the signature information to the preset basic module, so that the initial consensus module is pluggable, that is, the user can update the consensus module.

Wherein the consensus module comprises a plaintext region and a ciphertext region, the plaintext region comprises a block head and the additional file, the ciphertext region comprises a transaction data ciphertext, the block head comprises a root hash value of all the keyword set ciphertexts, and all the keyword set ciphertexts in the consensus module are hashed into one Mercker tree, when the consensus module needs to be downloaded, the root hash value can be used for verifying the integrity of the consensus module, specifically, the consensus module is divided into a plurality of blocks to be downloaded when the consensus module is downloaded, after the plurality of blocks are downloaded, the plurality of hash values of the plurality of blocks are calculated, then the calculated root hash value is obtained by the calculation of the plurality of hash values, and the calculated root hash value is compared with the root hash value, if the calculated root hash value is equal to the root hash value, it is indicated that the downloaded consensus module is complete, in addition, the root hash value can also be used for determining the position of the keyword set in the database, so as to facilitate query of the keyword set ciphertext, in addition, the additional file comprises signature information of the preset endorsement node associated with each transaction, the signature information can be used for verifying the validity of the transaction, and the ciphertext area comprises a data structure ciphertext.

And step S33, operating a preset consensus algorithm, and carrying out network-wide broadcasting to network-wide consensus on the consensus module.

In this embodiment, a preset consensus algorithm is run to perform network-wide broadcast consensus on the consensus module, specifically, the network-wide broadcast consensus is to verify and confirm the consensus module, and confirm and prove that a transaction is valid through all nodes in a block chain, where the consensus algorithm needs to be run to implement network-wide broadcast consensus, where the consensus algorithm includes a workload certificate, a rights and interests certificate, a shares authorization certificate, and the like.

The embodiment receives the transaction ciphertext and the signature information in the transaction process data sent by the preset agent node through the preset consensus node, verifies the transaction ciphertext, the signature information and the preset endorsement node, modularizes the transaction ciphertext and the signature information when the transaction ciphertext, the signature information and the preset endorsement node are verified, obtains a consensus module corresponding to the transaction ciphertext and the signature information together, finally runs a preset consensus algorithm, and broadcasts the consensus module to the global network consensus. That is, after the transaction ciphertext, the signature information and the preset endorsement node are verified to be valid, the preset consensus node processes the transaction ciphertext and the signature information into corresponding consensus modules, and performs network-wide broadcasting to network-wide consensus on the consensus modules, so that the transaction is confirmed and proved to be valid through network-wide broadcasting, and a foundation is laid for the purpose of encrypting and storing the transaction process data.

Further, based on the first embodiment of the present application, in another embodiment of the method for providing data encryption storage based on a blockchain, the endorsement node includes a local state database, and the consensus node includes a global state database;

step A10, determining whether the preset endorsement node and the preset storage node are in the same server;

in this embodiment, in practice, the preset endorsement node and the preset storage node are in the same server or different servers, and the updating operations in the two cases are different, so before the updating operation is performed, it is determined whether the preset endorsement node and the preset storage node are in the same server, specifically, the server addresses of the preset endorsement node and the preset storage node are queried on the ciphertext chain system, and it is determined whether the server address of the preset endorsement node and the server address of the preset storage node are consistent, when consistent, the preset endorsement node and the preset storage node are in the same server, and when inconsistent, the preset endorsement node and the preset storage node are not in the same server.

Step A20, when the preset endorsement node and the preset storage node are in the same server, the preset consensus node sends the consensus module to the preset storage node, and judges whether the preset storage node links the consensus module.

In this embodiment, it should be noted that the endorsement node includes a local state database, and the consensus node includes a global state database, where the local state database records state information of the endorsement node, and the global state database records state information of all nodes in the block chain.

Updating the local state database and the global state database, specifically, updating a regional chain ledger stored by the preset storage node before the preset storage node stores the consensus module, that is, before the preset storage node uplinks the consensus module, and further updating state information included in the local state database and the global state database.

Specifically, the preset endorsement node and the preset storage node are logical nodes divided according to a block chain function, and may physically belong to the same server, or may respectively operate on different servers, so that there are some differences in the updating operation, when the preset endorsement node and the preset storage node are in the same server, at this time, the preset consensus node sends a consensus module to all the preset storage nodes, so that each preset storage node can receive a consensus module within a preset consensus time period, for a storage node that does not participate in a transaction, only a block needs to be simply loaded onto a chain, if some storage nodes participate in the generation of the transaction, but within the preset time period after the preset consensus module is sent to the preset storage node, it is checked whether the consensus module exists in the preset storage node or not, if yes, it indicates that the consensus module has completed the uplink operation.

Step a30, when it is determined that the preset storage node links the common identification module, updating the local state database and the global state database;

when the common identification module is determined to have finished the uplink operation, updating of the local state database and the global state database is immediately finished, but if the preset time period is exceeded and no target transaction exists in the common identification module generated by the preset common identification node within the preset time period, the preset endorsement node needs to check the reason of sequencing failure in the common identification stage and take measures, and the state database is not updated temporarily.

Step A40, when the preset endorsement node and the preset storage node are not in the same server, the preset consensus node sends the consensus module to the preset storage node and the preset endorsement node, and sends a request for retrieving the consensus module to the preset storage node through the endorsement node, and judges whether the preset storage node links the consensus module;

when the preset endorsement node and the preset storage node are not in the same server, at the moment, the preset storage node only has the function of storing the consensus module, the preset consensus node sends the consensus module to the preset storage node after each consensus process is finished, the preset storage node loads the consensus module to a block chain, meanwhile, the preset consensus node broadcasts the consensus module to the preset endorsement node participating in the transaction contained in the consensus module, and in addition, the preset endorsement node sends a retrieval command to request the preset storage node to return the recently newly added consensus module, and whether the transaction is uplink is determined in such a way.

Step a50, when it is determined that the pre-configured storage node links the common identification module, updating the local state database and the global state database.

When the common identification module is determined to have finished the uplink operation, the updating of the local state database and the global state database is completed. However, since the result executed by some preset endorsement nodes may be incorrect or the preset endorsement nodes fail to execute the endorsement operation on the transaction for some reasons, at this time, the local state databases of some preset endorsement nodes need to be updated, specifically, it is assumed that the endorsement operation of the transaction has 3 preset endorsement nodes participating, where the 3 preset endorsement nodes are A, B, C, and the preset endorsement node C does not perform the endorsement operation, but the preset endorsement node C also needs to perform state information update, so before the transaction is linked up, the preset proxy node notifies the preset endorsement node C to perform state information update, and since a new hash value is generated after the state database update, the preset endorsement nodes can share the state information through a keep-alive preset mechanism, so when the preset user contract is updated, that is, when a new preset endorsement node joins a transaction, the state database can be rapidly updated to the latest state.

In this implementation, when the preset endorsement node and the preset storage node are in the same server, the preset consensus node sends the consensus module to the preset storage node, judges whether the preset storage node chains the consensus module, and updates the local state database and the global state database when it is determined that the preset storage node chains the consensus module; when the preset endorsement node and the preset storage node are not in the same server, the preset consensus module is sent to the preset storage node and the preset endorsement node by the preset consensus node, a request for retrieving the consensus module is sent to the preset storage node by the endorsement node, whether the preset storage node is to cochain the consensus module is judged, and when the preset storage node is determined to cochain the consensus module, the local state database and the global state database are updated. That is, in this embodiment, a method for updating the state database in two ways is provided by judging whether the preset endorsement node and the preset storage node are in the same server, so that the state database can be accurately and timely updated, the state information of the transaction can be accurately reflected, and a foundation is laid for verifying the validity of the transaction and ensuring the normal execution of the transaction.

Further, referring to fig. 3, in another embodiment of the method for providing encrypted data storage based on a blockchain according to the first embodiment of the present application, the step of updating the local state database and the global state database includes:

step A60, the endorsement node receives a private key and a preset keyword index sent by a preset searcher and generates a trapdoor corresponding to the private key and the preset keyword index;

it should be noted that, according to the difference of the retrieval schemes of the transactions, two modes of ordinary retrieval and trapdoor retrieval can be adopted, the former only needs to search the transactions in the blockchain account book according to the transaction addresses, and the latter needs to generate the trapdoors, specifically, the different retrieval schemes need to be adopted for the retrieval schemes due to the difference in physical implementation between the preset storage nodes and the preset endorsement nodes. In case one, the preset storage node and the preset endorsement node belong to the same server, the endorsement node needs to process a transaction proposal sent by a sender, a user contract ciphertext needs to be found according to a user contract address in the transaction proposal, the contract ciphertext can be obtained by decrypting with the contract private key, if decryption fails, the preset endorsement node returns transaction execution failure information to a user, in addition, the preset endorsement node also needs to process a request of the user for retrieving a certain transaction, and the user can retrieve the required transaction in two ways: the preset endorsement node can check the identity and the authority of the user, verify the success and return the appointed transaction ciphertext. And in the second case, when the preset storage node exists independently, the user needs to adopt the trapdoor retrieval mode.

In this embodiment, the transaction ciphertext is retrieved by using a trapdoor retrieval method, the trapdoor is generated based on the private key and a preset keyword index, specifically, a retrieving party of the transaction obtains a random value r, and then calculates the random value r respectively

Wherein

For the private key, G is a generator of the G1 finite field, h and f are two hash functions, and the trapdoor T can be obtained_j＝(T_j,1,T_j,2,T_j,3,I₁,…,I_m) Wherein, the preset keyword index

And the position of the keyword in the keyword set ciphertext is represented, and further, a preset endorsement node generates the trapdoor and transmits the trapdoor to the preset storage node.

Step A70, based on the keyword set ciphertext information corresponding to the transaction ciphertext, the trapdoor and the public key corresponding to the private key, the preset storage node searches on the block chain to obtain the transaction data ciphertext;

in this embodiment, the preset storage node retrieves the keyword set ciphertext on the blockchain, specifically, the preset storage node inputs the keyword set ciphertext information, the trapdoor and the public key to the blockchain, then traverses the blockchain, matches whether there is a keyword corresponding to the trapdoor, and returns the transaction data ciphertext information to the preset retrieving party when the retrieval is successful,when the retrieval fails, returning a retrieval failure command to a retrieval party, specifically, the preset storage node is based on a formula on the block chain

And searching the keyword set ciphertext, if no keyword set ciphertext on the block chain meets the formula, indicating that ciphertext data corresponding to the keyword set is not on the block chain account book, the searching fails, if the keyword set ciphertext on the block chain meets the formula, the searching succeeds, and the preset storage node returns the searching result to a preset searching party to execute the next decryption operation.

And step A80, decrypting the transaction data ciphertext through the preset searching party based on the private key.

After the retrieval is successful, the transaction data ciphertext needs to be decrypted by the preset retrieving party, that is, the transaction data ciphertext is decrypted by the preset retrieving party based on the private key, wherein the preset encryption key is a key used for encrypting a transaction data structure, that is, the transaction data ciphertext and the preset encryption key are subjected to exclusive or operation to obtain the transaction data structure.

The embodiment receives the private key and the preset keyword index based on the endorsement node, generates the trapdoor corresponding to the private key and the preset keyword index, and based on the key word set ciphertext information corresponding to the transaction ciphertext, the trapdoor and the public key, retrieving on the blockchain through the predetermined storage node, obtaining the transaction data ciphertext and decrypting the transaction data ciphertext based on the predetermined encryption key, that is, searching at the preset storage node by means of trapdoor searching to obtain the transaction data ciphertext, then decrypting the transaction data ciphertext through XOR operation, after the purpose of encrypting and storing the transaction process data is achieved, the embodiment provides an encrypted data retrieval method corresponding to the data encryption storage method based on the blockchain, so that a user can conveniently extract the encrypted and stored data on the blockchain.

Referring to fig. 4, fig. 4 is a schematic device structure diagram of a hardware operating environment according to an embodiment of the present invention.

As shown in fig. 4, the block chain based data storage device may include: a processor 1001, such as a CPU, a memory 1005, and a communication bus 1002. The communication bus 1002 is used for realizing connection communication between the processor 1001 and the memory 1005. The memory 1005 may be a high-speed RAM memory or a non-volatile memory (e.g., a magnetic disk memory). The memory 1005 may alternatively be a memory device separate from the processor 1001 described above.

Optionally, the blockchain-based data storage device may further include a target user interface, a network interface, a camera, RF (Radio Frequency) circuitry, a sensor, audio circuitry, a WiFi module, and so on. The target user interface may comprise a Display screen (Display), an input unit such as a Keyboard (Keyboard), and the optional target user interface may also comprise a standard wired interface, a wireless interface. The network interface may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface).

Those skilled in the art will appreciate that the blockchain based data storage device architecture shown in fig. 3 does not constitute a limitation of blockchain based data storage devices and may include more or fewer components than shown, or some components in combination, or a different arrangement of components.

As shown in fig. 4, a memory 1005, which is a kind of computer storage medium, may include therein an operating system, a network communication module, and a block chain-based data storage program. The operating system is a program that manages and controls the hardware and software resources of the blockchain-based data storage device, supporting the operation of the blockchain-based data storage program, as well as other software and/or programs. The network communication module is used to enable communication between components within the memory 1005, as well as with other hardware and software in the blockchain based data storage device.

In the blockchain-based data storage device shown in fig. 4, the processor 1001 is configured to execute a blockchain-based data storage program stored in the memory 1005, so as to implement any of the steps of the blockchain-based data storage method described above.

The specific implementation of the data storage device based on the block chain in the present invention is basically the same as that of the above data storage method based on the block chain, and is not described herein again.

The invention also provides a data encryption storage device based on the block chain, which comprises:

Optionally, the endorsement module comprises:

Optionally, the encryption module includes:

Optionally, the consensus module comprises:

The specific implementation of the data storage device based on the block chain is basically the same as that of the data storage method based on the block chain, and is not described herein again.

The present invention provides a storage medium storing one or more programs, the one or more programs being further executable by one or more processors for implementing the steps of any of the above block chain based data storage methods.

The specific implementation of the storage medium of the present invention is substantially the same as the embodiments of the data storage method based on the block chain, and is not described herein again.

The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by the contents of the present specification and drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims

1. The data encryption storage method based on the block chain is characterized by being applied to a ciphertext chain system, the ciphertext chain system comprises a preset endorsement node, a preset proxy node, a preset consensus node and a preset storage node, and the data encryption method based on the block chain comprises the following steps:

the preset storage node receives the consensus module sent by the preset consensus node and stores the consensus module;

the step that the preset agent node receives the transaction process data sent by the preset endorsement node, encrypts the transaction process data and obtains a transaction ciphertext corresponding to the transaction process data comprises the following steps:

2. The method for encrypting and storing data based on the block chain according to claim 1, wherein the step of receiving a transaction proposal sent by a sender by the preset endorsement node, executing the transaction proposal, and obtaining the transaction process data corresponding to the endorsement node comprises:

3. The method for data encryption and storage based on the blockchain according to claim 1, wherein the step of receiving the transaction ciphertext and the signature information in the transaction process data by the preset consensus node, performing modular processing on the transaction ciphertext and the signature information to obtain a consensus module corresponding to the transaction ciphertext and the signature information together, includes:

4. The method for encrypting and storing data based on the block chain according to claim 1, wherein the step of receiving a transaction proposal sent by a sender by the preset endorsement node, executing the transaction proposal, and obtaining the transaction process data corresponding to the endorsement node comprises:

the preset proxy node receives a safety parameter sent by a preset transaction participant, and acquires a system parameter corresponding to the safety parameter based on a preset system initialization algorithm;

and acquiring a key corresponding to the preset transaction based on the system parameter and a preset key generation algorithm.

5. The blockchain-based data encryption storage method according to claim 1, wherein the endorsement node comprises a local state database and the consensus node comprises a global state database;

the step that the preset storage node receives the consensus module sent by the preset consensus node and stores the consensus module comprises the following steps:

when the preset endorsement node and the preset storage node are in the same server, the preset consensus node sends the consensus module to the preset storage node, judges whether the preset storage node chains the consensus module, and updates the local state database and the global state database when the preset storage node is determined to chain the consensus module;

when the preset endorsement node and the preset storage node are not in the same server, the preset consensus module is sent to the preset storage node and the preset endorsement node by the preset consensus node, a request for retrieving the consensus module is sent to the preset storage node by the endorsement node, whether the preset storage node is to cochain the consensus module is judged, and when the preset storage node is determined to cochain the consensus module, the local state database and the global state database are updated.

6. The method for encrypted storage of data based on blockchain according to claim 1, wherein the step of receiving the consensus module sent by the pre-set consensus node and storing the consensus module by the pre-set storage node comprises:

7. The blockchain-based data encryption storage device is applied to a blockchain-based data encryption storage apparatus, and the blockchain-based data encryption storage device includes:

the endorsement module is used for presetting an endorsement node to receive a transaction proposal sent by a sender, executing the transaction proposal and obtaining transaction process data corresponding to the endorsement node;

the encryption module is used for receiving the transaction process data sent by the preset endorsement node by a preset agent node, and encrypting the transaction process data to obtain a transaction ciphertext corresponding to the transaction process data;

the consensus module is used for receiving the transaction ciphertext and the signature information in the transaction process data sent by the preset agent node through a preset consensus node, and performing modular processing on the transaction ciphertext and the signature information to obtain a consensus module corresponding to the transaction ciphertext and the signature information together;

the storage module is used for receiving the consensus module sent by the preset consensus node by the preset storage node and storing the consensus module;

the encryption module includes:

8. A blockchain-based data encryption storage device, the blockchain-based data encryption storage device comprising: a memory, a processor, and a program stored on the memory for implementing the blockchain-based data encryption storage method,

the memory is used for storing a program for realizing a data encryption storage method based on a block chain;

the processor is configured to execute a program for implementing the blockchain-based data encryption storage method, so as to implement the steps of the blockchain-based data encryption storage method according to any one of claims 1 to 6.

9. A medium having a program for implementing a blockchain-based data encryption storage method stored thereon, the program being executed by a processor to implement the steps of the blockchain-based data encryption storage method according to any one of claims 1 to 6.