CN111541678A - Block chain-based proxy re-encryption method, system and storage medium - Google Patents

Block chain-based proxy re-encryption method, system and storage medium Download PDF

Info

Publication number
CN111541678A
CN111541678A CN202010307207.9A CN202010307207A CN111541678A CN 111541678 A CN111541678 A CN 111541678A CN 202010307207 A CN202010307207 A CN 202010307207A CN 111541678 A CN111541678 A CN 111541678A
Authority
CN
China
Prior art keywords
encryption
encrypted data
authorized person
key
public
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010307207.9A
Other languages
Chinese (zh)
Inventor
崔锦铭
李汝佳
汪晓明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Zhaoxi Network Technology Co ltd
Original Assignee
Shanghai Zhaoxi Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Zhaoxi Network Technology Co ltd filed Critical Shanghai Zhaoxi Network Technology Co ltd
Priority to CN202010307207.9A priority Critical patent/CN111541678A/en
Publication of CN111541678A publication Critical patent/CN111541678A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a proxy re-encryption method, a proxy re-encryption system and a storage medium based on a block chain. The method comprises the following steps: respectively generating a public and private key pair of an authorizer and a public and private key pair of an authorized person; encrypting the data by using a public key of an authorizer to generate encrypted data and uploading the encrypted data to a cloud storage server; receiving an access request sent by an authorized person, wherein the access request comprises a public key of the authorized person, and generating a re-encryption key by using a private key of the authorized person and the public key of the authorized person; sending the re-encryption key to an intelligent contract of a block chain, calling the intelligent contract to read the encrypted data from the cloud storage server, and re-encrypting the encrypted data by using the re-encryption key to generate re-encrypted data; decrypting the re-encrypted data using a private key of an authorized person. The invention enables the agent to perform distributed, transparent and verifiable agent re-encryption operation based on the blockchain system.

Description

Block chain-based proxy re-encryption method, system and storage medium
Technical Field
The invention belongs to the technical field of applied cryptography, and particularly relates to a block chain-based proxy re-encryption method, a block chain-based proxy re-encryption system and a storage medium.
Background
The proxy re-encryption technology belongs to cryptology primitive (private), and is a key conversion protocol between ciphertexts. Generally, in an agent re-encryption system, after obtaining a conversion key for an authorized person (delegator) generated by an authorizer (delegator), an agent (proxy) can convert a ciphertext originally encrypted to the authorizer into a ciphertext for the authorized person, and the authorized person can decrypt the converted ciphertext only by using its own private key. Proxy re-encryption can further ensure that: although the agent possesses the translation key, the agent still cannot obtain any information about the corresponding plaintext in the ciphertext. In reality, the proxy re-encryption has wide application in many occasions, such as digital copyright protection, distributed file system, encrypted spam filtering, cloud computing, and the like.
In a cloud computing scenario, user data is typically present in encrypted form in a cloud storage server. Since the user does not completely trust the cloud service provider, the private key cannot be transmitted to the cloud service provider for decryption and distribution when the user data is authorized. The proxy re-encryption system can realize authorized sharing of the cloud ciphertext data without leaking the private key of the data owner.
However, the conventional proxy re-encryption technique has problems in that: the agent's behavior is opaque. The prior proxy re-encryption system usually needs honest third-party proxies and has the characteristics of proxy centralization, opaqueness and non-public traceability, so that in the presence of malicious proxies, the situation that the proxy and an authorizer repudiate the authorization fact can occur. In addition, the use of public re-encryption keys in conventional proxy re-encryption techniques may also pose a security risk, for example, under certain algorithms, re-encryption keys and the private key of the authorized person may be combined to derive the authorized person private key.
Disclosure of Invention
In view of at least one of the defects or improvement requirements in the prior art, the present invention provides a block chain-based proxy re-encryption method, system and storage medium, so that an agent can perform distributed, transparent and verifiable proxy re-encryption operations based on a block chain system, and authorization actions are recorded by the block chain system, thereby effectively preventing the authorization actions from being repudiated by an authorizer or an authorizee.
To achieve the above object, according to a first aspect of the present invention, there is provided a block chain-based proxy re-encryption method, including the steps of:
respectively generating a public and private key pair of an authorizer and a public and private key pair of an authorized person;
encrypting the data by using a public key of an authorizer to generate encrypted data and uploading the encrypted data to a cloud storage server;
receiving an access request sent by an authorized person, wherein the access request comprises a public key of the authorized person, and generating a re-encryption key by using a private key of the authorized person and the public key of the authorized person;
sending the re-encryption key to an intelligent contract of a block chain, calling the intelligent contract to read the encrypted data from the cloud storage server, and re-encrypting the encrypted data by using the re-encryption key to generate re-encrypted data;
decrypting the re-encrypted data using a private key of an authorized person.
Preferably, the generating of the public-private key pair of the authorizer and the public-private key pair of the authorized person respectively is specifically:
receiving a system security parameter lambda, and randomly generating two groups with order q according to the system security parameter lambda
Figure BDA0002456198120000021
And according to said group
Figure BDA0002456198120000022
Generating a corresponding bilinear graph e:
Figure BDA0002456198120000023
obtaining system common parameters (g, Z), wherein
Figure BDA0002456198120000024
According to the system common parameters (g, Z), in the group
Figure BDA0002456198120000025
In (c) two randomly selected random numbers which are uniformly distributed are marked as (a)1,a2) Obtaining the private key sk of the authorizerA=(a1,a2) And generating a public key of the corresponding authorizer
Figure BDA0002456198120000026
According to the system common parameter (g, Z) _, in the group
Figure BDA0002456198120000027
In (c) two randomly selected random numbers uniformly distributed are marked as (b)1,b2) Obtaining the private key sk of the authorized personB=(b1,b2) And generating a public key of the corresponding authorized person
Figure BDA0002456198120000028
The encryption of the data is calculated by adopting the following formula:
c1=gk
Figure BDA0002456198120000029
wherein (c)1,c2) For the encrypted data after encryption, m is the data to be encrypted, k is the group
Figure BDA00024561981200000210
Uniformly selecting random numbers;
the generation of the re-encryption key is calculated by adopting the following formula:
Figure BDA0002456198120000031
wherein, rkA→BFor said re-encryption key, skAIs the private key of the authorizer, pkBA public key that is an authorized person;
the generation of the re-encrypted data is calculated by adopting the following formula:
c′1=e(c1,rkA→B);c′2=c2wherein, (c'1,c′2) And encrypting the data for the re-encryption.
Preferably, after the encrypted data is generated and uploaded to the cloud storage server, the uploading information of the encrypted data is recorded on the block chain.
Preferably, the upload information includes a storage location and authorizer information.
Preferably, the encrypted data is read from the cloud storage server according to the upload information.
According to a second aspect of the present invention, there is provided a block chain based proxy re-encryption system, comprising:
the public and private key pair generation module is used for respectively generating a public and private key pair of an authorizer and a public and private key pair of an authorized person;
the encryption module is used for encrypting the data by using a public key of an authorizer to generate encrypted data and uploading the encrypted data to the cloud storage server;
the re-encryption key generation module is used for receiving an access request sent by an authorized person, wherein the access request comprises a public key of the authorized person, and a re-encryption key is generated by using a private key of the authorized person and the public key of the authorized person;
the re-encryption module is used for sending the re-encryption key to an intelligent contract of a block chain, calling the intelligent contract to read the encrypted data from the cloud storage server, and re-encrypting the encrypted data by using the re-encryption key to generate re-encrypted data;
and the decryption module is used for decrypting the re-encrypted data by using the private key of the authorized person.
According to a third aspect of the invention, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs any of the methods described above.
In general, compared with the prior art, the invention has the following beneficial effects:
(1) the intelligent contract of the block chain is used as an agent in the traditional agent re-encryption system, so that the dependence of the system on an honest third party is effectively eliminated, and the authorization process has the characteristics of transparency and non-repudiation;
(2) the proxy re-encryption algorithm can effectively prevent the security risk brought by the public re-encryption key.
Drawings
Fig. 1 is an implementation principle of a block chain-based proxy re-encryption method according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating a block chain-based proxy re-encryption method according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
The implementation principle of the proxy re-encryption method based on the block chain provided by the embodiment of the invention is shown in fig. 1. In the process of proxy re-encryption, the following four roles are included: authorizers, cloud storage servers, blockchain systems, and authorized users. The specific flow is shown in fig. 2.
(1) System initialization phase
Based on given parameters, each party in the system calls an algorithm to generate system public parameters and other parameters needed for generating relevant public and private key pairs.
(2) Off-line phase
And respectively generating a public and private key pair of an authorizer and a public and private key pair of an authorized person. And calling an algorithm according to the public-private key pair parameter generated in the system initialization stage to generate an authorizer and a public-private key pair used as encryption by the authorizer. And the public and private key pairs of the authorizer and the authorized person can be generated asynchronously.
And encrypting the data by using the public key of the authorizer, and uploading the encrypted data to the cloud storage server. After the encrypted data is generated and uploaded to the cloud storage server, the uploading information of the encrypted data, such as the storage location and the authorizer information, may be recorded on the blockchain, and may further include a content profile of the data.
(3) Authorisation phase
And receiving an access request sent by an authorized person, wherein the access request comprises a public key of the authorized person, and generating a re-encryption key by using a private key of the authorized person and the public key of the authorized person. After the authorized person inquires the uploaded information from the cloud storage service area, the authorized person can purchase data to be accessed, sends an access request, and sends the public key of the authorized person to the authorized person through the recorded information. A single, specific re-encryption key is generated using the authorizer's private key and the authorizee's public key to invoke an algorithm.
And sending the re-encryption key to an intelligent contract of the block chain, calling the intelligent contract to read the encrypted data from the cloud storage server, and re-encrypting the encrypted data by using the re-encryption key to generate re-encrypted data. Namely, the authorizer uses the re-encryption key and the encrypted data request to execute the intelligent contract execution algorithm of the block chain agent, and authorization is completed after re-encryption data is generated. Specifically, the encrypted data is read from the cloud storage server according to the uploading information of the blockchain record.
(4) End phase
Decrypting the re-encrypted data using a private key of an authorized person. The authorized person uses the private key to decrypt the encrypted data to a first order, such as content mismatch or decryption failure, to trace the authorized person with the blockchain system data.
The following describes a proxy re-encryption algorithm provided by the embodiment of the present invention.
(1) A system common parameter generation algorithm: (g, Z) ← Parampgen (lambda)
The parameter received by the algorithm module is a system security parameter lambda, and the algorithm module firstly generates two groups with the order of q randomly according to the system security parameter
Figure BDA0002456198120000051
And generating a corresponding bilinear graph e according to the two groups:
Figure BDA0002456198120000052
final algorithm module return
Figure BDA0002456198120000053
(2) The key generation algorithm: (p)k,sk)←KeyGen(g,Z)
The algorithm module accepts the parameters as system common parameters (g, Z). The algorithm first generates a private key and groups the private key according to a generated system public parameter
Figure BDA0002456198120000054
In (c) two randomly selected random numbers which are uniformly distributed are marked as (a)1,a2) And gets the private key sk of the authorizer ═ a1,a2) And generating a public key of the corresponding authorizer
Figure BDA0002456198120000055
According to the system common parameter (g, Z) _, in the group
Figure BDA0002456198120000056
In (c) two randomly selected random numbers uniformly distributed are marked as (b)1,b2) Obtaining the private key sk of the authorized personB=(b1,b2) And generating a public key of the corresponding authorized person
Figure BDA0002456198120000057
(3 Re-encryption Key Generation Algorithm: rk)A→B←ReKeyGen(ska,pkb)
The algorithm module accepts the private key sk with the parameter of authorizeraPublic key pk of authorized personb. Calculating a single item re-encryption key
Figure BDA0002456198120000061
(4) Encryption algorithm
In the embodiment of the invention, a second-order encryption algorithm is adopted for encrypting the data by using the public key of the authorizer. The encrypted information may be re-encrypted using a second order encryption algorithm. And by adopting a first-order encryption algorithm, the encrypted information can be decrypted only by a corresponding private key and cannot be re-encrypted.
Second-order encryption algorithm: (c)1,c2)←Enc2(m,pk)
The algorithm module receives a message m with parameters needing to be encrypted, and encrypts a public key pk. The final encrypted information is c1=gk
Figure BDA0002456198120000062
Wherein k is a group
Figure BDA0002456198120000063
Uniformly selecting random numbers.
First-order encryption algorithm: (c)1,c2)←Enc1(m,pk)
The algorithm module receives a message m with parameters needing to be encrypted, and encrypts a public key pk. The final encrypted information is
Figure BDA0002456198120000064
c2=mZkWherein k is a group
Figure BDA0002456198120000065
Uniformly selecting random numbers.
(5) The re-encryption algorithm: (c'1,c′2)←ReEnc(c1,c2,rkA→B)
The algorithm module accepts the parameter as the pre-encryption ciphertext (c)1,c2) Re-encryption key rkA→BCalculating c'1←e(c1,rk);c′2←c2
(6) And (3) decryption algorithm: m ← Dec (c)1,c2,sk)
The first-order decryption algorithm is used for decrypting the encrypted data by using the private key of the authorized person. The algorithm module accepts the parameter as an encrypted message (c)1,c2) The private key sk. The first-order decryption algorithm is:
Figure BDA0002456198120000066
the second-order decryption algorithm is as follows:
Figure BDA0002456198120000067
the embodiment of the invention provides a proxy re-encryption system based on a block chain, which comprises:
the public and private key pair generation module is used for respectively generating a public and private key pair of an authorizer and a public and private key pair of an authorized person;
the encryption module is used for encrypting the data by using a public key of an authorizer to generate encrypted data and uploading the encrypted data to the cloud storage server;
the re-encryption key generation module is used for receiving an access request sent by an authorized person, wherein the access request comprises a public key of the authorized person, and the re-encryption key is generated by using a private key of the authorized person and the public key of the authorized person;
the re-encryption module is used for sending the re-encryption key to the intelligent contract of the block chain, calling the intelligent contract to read the encrypted data from the cloud storage server, and re-encrypting the encrypted data by using the re-encryption key to generate re-encrypted data;
and the decryption module is used for decrypting the re-encrypted data by using the private key of the authorized person.
The implementation principle and technical effect of the proxy re-encryption system are similar to those of the proxy re-encryption method, and are not described herein again.
The embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the technical solution of any one of the above-mentioned embodiments of the proxy re-encryption method. The implementation principle and technical effect are similar to those of the above method, and are not described herein again.
It must be noted that in any of the above embodiments, the methods are not necessarily executed in order of sequence number, and as long as it cannot be assumed from the execution logic that they are necessarily executed in a certain order, it means that they can be executed in any other possible order.
It will be understood by those skilled in the art that the foregoing is only a preferred embodiment of the present invention, and is not intended to limit the invention, and that any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (10)

1. A proxy re-encryption method based on a block chain is characterized by comprising the following steps:
respectively generating a public and private key pair of an authorizer and a public and private key pair of an authorized person;
encrypting the data by using a public key of an authorizer to generate encrypted data and uploading the encrypted data to a cloud storage server;
receiving an access request sent by an authorized person, wherein the access request comprises a public key of the authorized person, and generating a re-encryption key by using a private key of the authorized person and the public key of the authorized person;
sending the re-encryption key to an intelligent contract of a block chain, calling the intelligent contract to read the encrypted data from the cloud storage server, and re-encrypting the encrypted data by using the re-encryption key to generate re-encrypted data;
decrypting the re-encrypted data using a private key of an authorized person.
2. The block chain-based proxy re-encryption method of claim 1, wherein the generation of the public-private key pair of the authorizer and the public-private key pair of the authorizee, respectively, is specifically:
receiving a system security parameter lambda, and randomly generating two groups with order q according to the system security parameter lambda
Figure FDA0002456198110000011
And according to said group
Figure FDA0002456198110000012
Generating corresponding bilinear maps
Figure FDA0002456198110000013
Obtaining system common parameters (g, Z), wherein
Figure FDA0002456198110000014
According to the system common parameter (g, Z) _, in the group
Figure FDA0002456198110000015
In (c) two randomly selected random numbers which are uniformly distributed are marked as (a)1,a2) Obtaining the private key sk of the authorizerA=(a1,a2) And generating a public key of the corresponding authorizer
Figure FDA0002456198110000016
According to the system common parameter (g, Z) _, in the group
Figure FDA0002456198110000017
In (c) two randomly selected random numbers uniformly distributed are marked as (b)1,b2) Obtaining the private key sk of the authorized personB=(b1,b2) And generating a public key of the corresponding authorized person
Figure FDA0002456198110000018
The encryption of the authorizer data is calculated by adopting the following formula:
c1=gk
Figure FDA0002456198110000019
wherein (c)1,c2) M is the data to be encrypted, k is the encrypted dataGroup of groups
Figure FDA0002456198110000021
Uniformly selecting random numbers;
the generation of the re-encryption key is calculated by adopting the following formula:
Figure FDA0002456198110000022
wherein, rkA→BFor said re-encryption key, skAIs the private key of the authorizer, pkBA public key that is an authorized person;
the generation of the re-encrypted data is calculated by adopting the following formula:
c′1=e(c1,rkA→B);c′2=c2wherein, (c'1,c′2) And the data is the re-encrypted data.
3. The blockchain-based proxy re-encryption method according to claim 1 or 2, wherein after the encrypted data is generated and uploaded to a cloud storage server, uploading information of the encrypted data is recorded on a blockchain.
4. The blockchain-based proxy re-encryption method of claim 3, wherein the upload information includes storage location and authorizer information.
5. The blockchain-based proxy re-encryption method of claim 4, wherein the encrypted data is read from the cloud storage server according to the upload information.
6. A blockchain-based proxy re-encryption system, comprising:
the public and private key pair generation module is used for respectively generating a public and private key pair of an authorizer and a public and private key pair of an authorized person;
the encryption module is used for encrypting the data by using a public key of an authorizer to generate encrypted data and uploading the encrypted data to the cloud storage server;
the re-encryption key generation module is used for receiving an access request sent by an authorized person, wherein the access request comprises a public key of the authorized person, and a re-encryption key is generated by using a private key of the authorized person and the public key of the authorized person;
the re-encryption module is used for sending the re-encryption key to an intelligent contract of a block chain, calling the intelligent contract to read the encrypted data from the cloud storage server, and re-encrypting the encrypted data by using the re-encryption key to generate re-encrypted data;
and the decryption module is used for decrypting the re-encrypted data by using the private key of the authorized person.
7. The blockchain-based proxy re-encryption system of claim 6, wherein the generation of the public-private key pair of the authorizer and the public-private key pair of the authorizee, respectively, is specifically:
receiving a system security parameter lambda, and randomly generating two groups with order q according to the system security parameter lambda
Figure FDA0002456198110000031
And according to said group
Figure FDA0002456198110000032
Generating corresponding bilinear maps
Figure FDA0002456198110000033
Obtaining system common parameters (g, Z), wherein
Figure FDA0002456198110000034
According to the system common parameter (g, Z) _, in the group
Figure FDA0002456198110000035
In a randomly selected uniform distributionTwo random numbers are denoted as (a)1,a2) Obtaining the private key sk of the authorizerA=(a1,a2) And generating a public key of the corresponding authorizer
Figure FDA0002456198110000036
According to the system common parameter (g, Z) _, in the group
Figure FDA0002456198110000037
In (c) two randomly selected random numbers uniformly distributed are marked as (b)1,b2) Obtaining the private key sk of the authorized personB=(b1,b2) And generating a public key of the corresponding authorized person
Figure FDA0002456198110000038
The encryption of the data is calculated by adopting the following formula:
c1=gk
Figure FDA0002456198110000039
wherein (c)1,c2) For the encrypted data after encryption, m is the data to be encrypted, k is the group
Figure FDA00024561981100000310
Uniformly selecting random numbers;
the generation of the re-encryption key is calculated by adopting the following formula:
Figure FDA00024561981100000311
wherein, rkA→BFor said re-encryption key, skAIs the private key of the authorizer, pkBA public key that is an authorized person;
the generation of the re-encrypted data is calculated by adopting the following formula:
c′1=e(c1,rkA→B);c′2=c2wherein, (c'1,c′2) And the data is the re-encrypted data.
8. The system according to claim 6 or 7, wherein after the encrypted data is generated and uploaded to the cloud storage server, the upload information of the encrypted data is recorded on the blockchain.
9. The blockchain-based proxy re-encryption system of claim 8 wherein the upload information includes storage location and authorizer information.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1 to 5.
CN202010307207.9A 2020-04-17 2020-04-17 Block chain-based proxy re-encryption method, system and storage medium Pending CN111541678A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010307207.9A CN111541678A (en) 2020-04-17 2020-04-17 Block chain-based proxy re-encryption method, system and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010307207.9A CN111541678A (en) 2020-04-17 2020-04-17 Block chain-based proxy re-encryption method, system and storage medium

Publications (1)

Publication Number Publication Date
CN111541678A true CN111541678A (en) 2020-08-14

Family

ID=71980079

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010307207.9A Pending CN111541678A (en) 2020-04-17 2020-04-17 Block chain-based proxy re-encryption method, system and storage medium

Country Status (1)

Country Link
CN (1) CN111541678A (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112069542A (en) * 2020-09-09 2020-12-11 北京清数智能科技有限公司 Method and device for tracking close contact person, storage medium and electronic equipment
CN112685763A (en) * 2021-03-18 2021-04-20 上海众旦信息科技有限公司 Data opening method and system based on ciphertext authorized access
CN112822255A (en) * 2020-12-31 2021-05-18 平安科技(深圳)有限公司 Block chain-based mail processing method, mail sending end, receiving end and equipment
CN112836240A (en) * 2021-02-26 2021-05-25 广东工业大学 Block chain-based electronic medical data security sharing method, system and medium
CN113254884A (en) * 2021-06-29 2021-08-13 浩鲸云计算科技股份有限公司 Method for realizing digital copyright authorization based on proxy re-encryption and block chain technology
CN113268764A (en) * 2021-02-24 2021-08-17 西安交通大学 Personal credit data authorization method for mixed chain and threshold proxy re-encryption
CN113449014A (en) * 2021-06-28 2021-09-28 电子科技大学 Selective cloud data query system based on block chain
CN113746829A (en) * 2021-08-31 2021-12-03 平安银行股份有限公司 Multi-source data association method, device, equipment and storage medium
CN114125831A (en) * 2022-01-25 2022-03-01 国网浙江省电力有限公司信息通信分公司 5G smart grid user side data acquisition method and system based on proxy re-encryption
WO2022057545A1 (en) * 2020-09-16 2022-03-24 京东科技信息技术有限公司 File transfer method and apparatus, electronic device and computer-readable medium
CN114500069A (en) * 2022-02-10 2022-05-13 福建福链科技有限公司 Method and system for storing and sharing electronic contract
CN114513327A (en) * 2021-12-30 2022-05-17 电子科技大学 Block chain-based Internet of things privacy data rapid sharing method
WO2022155811A1 (en) * 2021-01-20 2022-07-28 深圳技术大学 Multi-receiver proxy re-encryption method and system, and electronic apparatus and storage medium
CN114866323A (en) * 2022-04-29 2022-08-05 华中科技大学 User-controllable private data authorization sharing system and method
CN114928617A (en) * 2022-06-15 2022-08-19 中国电信股份有限公司 Private network subscription data management method, device, equipment and medium
CN115348054A (en) * 2022-06-30 2022-11-15 海南大学 Block chain data proxy re-encryption model based on IPFS

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104580205A (en) * 2015-01-05 2015-04-29 南京邮电大学 CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing
CN109120639A (en) * 2018-09-26 2019-01-01 众安信息技术服务有限公司 A kind of data cloud storage encryption method and system based on block chain
CN110430186A (en) * 2019-07-31 2019-11-08 国网电子商务有限公司 Block chain data transacting system and method based on proxy re-encryption and intelligent contract

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104580205A (en) * 2015-01-05 2015-04-29 南京邮电大学 CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing
CN109120639A (en) * 2018-09-26 2019-01-01 众安信息技术服务有限公司 A kind of data cloud storage encryption method and system based on block chain
CN110430186A (en) * 2019-07-31 2019-11-08 国网电子商务有限公司 Block chain data transacting system and method based on proxy re-encryption and intelligent contract

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112069542A (en) * 2020-09-09 2020-12-11 北京清数智能科技有限公司 Method and device for tracking close contact person, storage medium and electronic equipment
WO2022057545A1 (en) * 2020-09-16 2022-03-24 京东科技信息技术有限公司 File transfer method and apparatus, electronic device and computer-readable medium
CN112822255B (en) * 2020-12-31 2023-02-28 平安科技(深圳)有限公司 Block chain-based mail processing method, mail sending end, receiving end and equipment
CN112822255A (en) * 2020-12-31 2021-05-18 平安科技(深圳)有限公司 Block chain-based mail processing method, mail sending end, receiving end and equipment
WO2022155811A1 (en) * 2021-01-20 2022-07-28 深圳技术大学 Multi-receiver proxy re-encryption method and system, and electronic apparatus and storage medium
CN113268764A (en) * 2021-02-24 2021-08-17 西安交通大学 Personal credit data authorization method for mixed chain and threshold proxy re-encryption
CN112836240A (en) * 2021-02-26 2021-05-25 广东工业大学 Block chain-based electronic medical data security sharing method, system and medium
CN112685763A (en) * 2021-03-18 2021-04-20 上海众旦信息科技有限公司 Data opening method and system based on ciphertext authorized access
CN113449014A (en) * 2021-06-28 2021-09-28 电子科技大学 Selective cloud data query system based on block chain
CN113449014B (en) * 2021-06-28 2022-10-14 电子科技大学 Selective cloud data query system based on block chain
CN113254884B (en) * 2021-06-29 2021-11-05 浩鲸云计算科技股份有限公司 Method for realizing digital copyright authorization based on proxy re-encryption and block chain technology
CN113254884A (en) * 2021-06-29 2021-08-13 浩鲸云计算科技股份有限公司 Method for realizing digital copyright authorization based on proxy re-encryption and block chain technology
CN113746829A (en) * 2021-08-31 2021-12-03 平安银行股份有限公司 Multi-source data association method, device, equipment and storage medium
CN114513327B (en) * 2021-12-30 2022-11-08 电子科技大学 Block chain-based Internet of things private data rapid sharing method
CN114513327A (en) * 2021-12-30 2022-05-17 电子科技大学 Block chain-based Internet of things privacy data rapid sharing method
CN114125831A (en) * 2022-01-25 2022-03-01 国网浙江省电力有限公司信息通信分公司 5G smart grid user side data acquisition method and system based on proxy re-encryption
CN114500069A (en) * 2022-02-10 2022-05-13 福建福链科技有限公司 Method and system for storing and sharing electronic contract
CN114866323A (en) * 2022-04-29 2022-08-05 华中科技大学 User-controllable private data authorization sharing system and method
CN114866323B (en) * 2022-04-29 2023-09-29 华中科技大学 User-controllable privacy data authorization sharing system and method
CN114928617A (en) * 2022-06-15 2022-08-19 中国电信股份有限公司 Private network subscription data management method, device, equipment and medium
CN114928617B (en) * 2022-06-15 2023-07-21 中国电信股份有限公司 Private network subscription data management method, device, equipment and medium
CN115348054A (en) * 2022-06-30 2022-11-15 海南大学 Block chain data proxy re-encryption model based on IPFS

Similar Documents

Publication Publication Date Title
CN111541678A (en) Block chain-based proxy re-encryption method, system and storage medium
CN103957109B (en) A kind of cloud data-privacy protects safe re-encryption method
Kumar et al. Secure storage and access of data in cloud computing
CN102655508B (en) Method for protecting privacy data of users in cloud environment
CN109246098B (en) Method for supporting comparison of synchronous ciphertext of backup server
Belguith et al. Analysis of attribute‐based cryptographic techniques and their application to protect cloud services
JP2019533384A (en) Data transmission method, apparatus and system
CN107959566A (en) Quantal data key agreement system and quantal data cryptographic key negotiation method
CN108600217A (en) A kind of data grant certainty update method of the high in the clouds based on proxy re-encryption
CN113162752B (en) Data processing method and device based on hybrid homomorphic encryption
CN114513327B (en) Block chain-based Internet of things private data rapid sharing method
CN104994068A (en) Multimedia content protection and safe distribution method in cloud environment
WO2014114080A1 (en) Method and system for data encryption protection
JP2020532177A (en) Computer-implemented systems and methods for advanced data security, high-speed encryption, and transmission
Almuzaini et al. Key Aggregation Cryptosystem and Double Encryption Method for Cloud‐Based Intelligent Machine Learning Techniques‐Based Health Monitoring Systems
CN114697042A (en) Block chain-based Internet of things security data sharing proxy re-encryption method
CN116318696B (en) Proxy re-encryption digital asset authorization method under condition of no initial trust of two parties
CN117240433A (en) Information sharing method and device based on proxy re-encryption
CN116961893A (en) End-to-end secure encryption communication management method, system and storable medium
KR101812311B1 (en) User terminal and data sharing method of user terminal based on attributed re-encryption
CN112906032B (en) File secure transmission method, system and medium based on CP-ABE and block chain
Fugkeaw et al. Achieving scalable and optimized attribute revocation in cloud computing
Kim et al. Certificateless Group to Many Broadcast Proxy Reencryptions for Data Sharing towards Multiple Parties in IoTs
Kumar et al. Role of Cryptography & its Related Techniques in Cloud Computing Security
CN115865531B (en) Proxy re-encryption digital asset authorization method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200814