CN112560070B - Data sharing method with auditing function - Google Patents
Data sharing method with auditing function Download PDFInfo
- Publication number
- CN112560070B CN112560070B CN202011578070.7A CN202011578070A CN112560070B CN 112560070 B CN112560070 B CN 112560070B CN 202011578070 A CN202011578070 A CN 202011578070A CN 112560070 B CN112560070 B CN 112560070B
- Authority
- CN
- China
- Prior art keywords
- data
- auditor
- digital signature
- owner
- sig
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 10
- 238000012550 audit Methods 0.000 claims abstract description 10
- 238000012795 verification Methods 0.000 claims abstract description 10
- 238000004364 calculation method Methods 0.000 claims description 11
- 125000004122 cyclic group Chemical group 0.000 claims description 3
- 238000006467 substitution reaction Methods 0.000 claims description 3
- 238000013475 authorization Methods 0.000 abstract description 5
- 230000009286 beneficial effect Effects 0.000 description 1
- 239000008358 core component Substances 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/17—Details of further file system functions
- G06F16/176—Support for shared access to files; File sharing support
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The invention discloses a data sharing method with an auditing function. There are three types of participants in the present invention, including data owners, data auditors, and data users. The data owner shares own data to the data user. The data auditor will audit the shared data and modify it as specified. In order to ensure the authenticity of the data, the data owner needs to digitally sign the data before sending the data. According to the invention, when the data needs to be modified, the data auditor does not need to interact with the data owner, and the data auditor directly modifies and generates a corresponding new digital signature. The data auditor can modify the data and the corresponding signature only under the authorization of the data owner, and the modified data and signature pair can still pass the digital signature verification. The invention only needs to carry out simple operation operations such as modular exponentiation, hash function and the like.
Description
Technical Field
The invention belongs to the technical field of information security, and relates to a data sharing method with an auditing function.
Background
At present, the security problem of mass data storage of a computer and the problems of theft prevention and tamper resistance of sensitive data are getting more and more attention. The database system is used as a core component of the computer information system, the database file is used as an aggregate of information, and the security of the database system is important in the information industry. In order to secure the database, it is necessary to encrypt important data stored in the database for some important departments or applications in sensitive fields.
After encryption of the database, the database system often needs to grant different usage rights to different users. The traditional key distribution and management mechanism is difficult to distinguish users with different use authorities, and cannot prevent legal users from unauthorized use of the database or verify illegal use of the database by the users. By adopting the digital signature technology in the modern cryptography, the encryption key and the authorization certificate of the database can be safely protected, and after a legal user provides a correct authorization certificate, the party can access the database according to the authorization legitimacy.
In data sharing systems using conventional digital signatures, when data needs to be modified, the data auditor must interact with the data owner, modify the data, and re-sign the data.
In a data sharing system using modifiable digital signatures, a data auditor does not have to interact with the data owner even when the data needs modification, but it suffers from one or more of the following disadvantages:
1. using high power consumption cryptographic algorithms, such as the cryptographic Accumulator (Accumulator) algorithm;
2. mathematical calculations using high power consumption, such as Bilinear Pairing (Bilinear Pairing) calculations;
3. anyone can modify the data.
Disclosure of Invention
The invention provides a data sharing method with an auditing function aiming at the defects of the prior art.
The technical scheme of the invention is as follows:
the invention comprises the following steps:
step 1, system parameter generation
The system parameters include: data classification, a finite cyclic group with a large prime number q Is provided, and a hash function>
Step 2, data owner slave module q non-negative remainder systemN+1 random numbers x are randomly selected i I=0, …, n, and calculating +.>Wherein->Is an integer in the range of 1 to (q-1).
The data owner discloses its signature verification public keyKeep own signature private key->Furthermore, the data ownerWill also->Some x of (2) i And sending the data to a data auditor.
And step 3, when data are to be shared, the data owner carries out digital signature on the data to be shared.
Assuming that the data to be shared is m, it is expressed asI.e. < ->Indicating that the partial data belongs to j i Class data, i=1, …, l.
The data owner does the following:
a) From theI+1 random numbers r randomly selected in the sequence i ,i=0,…,l;
b) Calculation of
c) Calculation of
d) Will beDigital signature set to data m, noted +.>
e) And sending the data m and the digital signature sig thereof to a data auditor.
And 4, when the data auditor receives the data m and the digital signature sig, performing relevant audit on the data m.
If the verification passes, the data m and the digital signature sig thereof are forwarded to the data user.
If the audit is not passed, the following operations are performed:
suppose that the data to be modified isThe modified data is +.>And the data auditor also has corresponding +.>
f) Calculation of
g) Will r' k Substitution ofR in (2) k ;
h) Will ({ r) 1 ,…,r k-1 ,r′ k ,r k+1 ,…,r l Setting of } R, sigma) as data Is noted as sig' = ({ r) 1 ,…,r k-1 ,r′ k ,r k+1 ,…,r l },R,σ);
i) Transmitting the data m 'and the digital signature sig' thereof to a data user;
and 5, after receiving the data m ' and the digital signature sig ', the data user performs validity verification on the data m '. Verifying whether the following equation holds:
the invention has the beneficial effects that:
1. when the data needs to be modified, the data auditor does not need to interact with the data owner, directly modifies and generates a corresponding new digital signature.
2. The data auditor can modify the data and the corresponding signature only under the authorization of the data owner, and the modified data and signature pair can still pass the digital signature verification.
3. Only simple operation operations such as modular exponentiation, hash function and the like are needed.
Drawings
FIG. 1 is a flow chart of the method of the present invention.
Detailed Description
In the present invention, there are three types of participants, data owners, data auditors, and data users, respectively. The data owner shares own data to the data user. The data auditor will audit the shared data and modify it as specified. In order to ensure the authenticity of the data, the data owner needs to digitally sign the data before sending the data. Of course, multiple data owners, multiple data auditors, and multiple data users may also be present in the present invention.
The following describes the specific steps of the present invention in detail with reference to fig. 1:
step 1, system parameter generation (this step may be performed by an authority).
The system parameters include: data classification (without loss of generality, data is divided into n classes, with name, age, etc. classes), a finite cyclic group of order large prime number q Is provided, and a hash function>All in the system know these system parameters. Note that: multiple data types may be included in a shared piece of data. For example, a piece of data contains both a name and an age.
Step 2, data owner slaveN+1 random numbers x are randomly selected i (i=0, …, n), and calculateThe data owner discloses his signature verification public key +.>But keep its own signature private key +.>Furthermore, the data owner will also be +>Some x of (2) i And sending the data to a data auditor. When the data auditor owns x i When he can modify the data of class i.
And step 3, when the data is to be shared, the data owner carries out digital signature on the data. Assuming that the data to be shared is m, it can be expressed as I.e. < ->Indicating that the partial data belongs to j i Class data. The data owner does the following:
a) From the slaveI+1 random numbers r randomly selected in the sequence i (i=0,…,l)。
b) Calculation of
c) Calculation of
d) Will beDigital signature set to data m, noted +.>
e) The data m and its digital signature sig are sent to a data auditor.
And 4, when the data auditor receives the data m and the digital signature sig, performing relevant audit on the data m. If the verification passes, the data m and the digital signature sig thereof are forwarded to the data user. If the audit is not passed, the following operations are performed:
suppose that the data to be modified isThe modified data is +.>And the data auditor also has corresponding +.>If the data auditor does not have a corresponding +.>The operation fails
f) Calculation of
g) Will r' k Substitution ofR in (2) k 。
h) Will ({ r) 1 ,…,r k-1 ,r′ k ,r k+1 ,…,r l Setting of } R, sigma) as dataIs noted as sig' = ({ r) 1 ,…,r k-1 ,r′ k ,r k+1 ,…,r l },R,σ)。
i) The data m 'and the digital signature sig' are transmitted to the data consumer.
And 5, after the data user receives the data and the digital signature thereof, verifying the validity of the data. From the above step, it can be known that the data received by the data user and the digital signature may be m and sig, or m 'and sig'. However, in mathematical form, both sets of data are essentially equivalent and can be expressed asAndthus, if the following holds, the signature is valid; whether or notThen it is invalid.
Claims (4)
1. The data sharing method with the auditing function is characterized by comprising the following steps:
step 1, generating system parameters, wherein the system parameters comprise: data classification, a finite cyclic group with a large prime number q A generator g, and a hash function H: />
Step 2, data owner slave module q non-negative remainder systemN+1 random numbers x are randomly selected i And calculate +.>Wherein i=0, …, n, < >>Is an integer in the range of 1 to (q-1);
the data owner discloses its signature verification public keyKeep own signature private key->Furthermore, the data owner will also be +>Some x of (2) i Transmitting to a data auditor;
step 3, when data are to be shared, the data owner digitally signs the data to be shared;
assuming that the data to be shared is m, it is expressed asI.e. < ->Indicating that the partial data belongs to j i Class data->
The data owner performs the following operations:
a) From theIs selected randomly->Random number r i ,/>
b) Calculation of
c) Calculation of
d) Will beDigital signature set to data m, noted +.>
e) Transmitting the data m and the digital signature sig thereof to a data auditor;
step 4, when the data auditor receives the data m and the digital signature sig thereof, relevant auditing is carried out on the data m;
if the verification is passed, forwarding the data m and the digital signature sig thereof to a data user;
if the audit is not passed, the following operations are performed:
suppose that the data to be modified isThe modified data is +.>And the data auditor also has corresponding +.>
f) Calculation of
g) Will r' k Substitution ofR in (2) k ;
h) Will ({ r) 1 ,…,r k-1 ,r′ k ,r k+1 ,…,r l Setting of } R, sigma) as data Is noted as sig' = ({ r) 1 ,…,r k-1 ,r′ k ,r k+1 ,…,r l },R,σ);
i) Transmitting the data m 'and the digital signature sig' thereof to a data user;
step 5, after receiving the data m ' and the digital signature sig ', the data user performs validity verification on the data m ', and verifies whether the following equation is established:
2. the method for data sharing with audit function according to claim 1 wherein the data category in step 1 includes name and age.
3. The data sharing method with audit function according to claim 1 wherein the data auditor in step 2 has x i When the data auditor can modify the data of the ith class.
4. The method for sharing data with audit function according to claim 1 wherein in step 4 if the data auditor does not have a corresponding data auditorThe operation fails.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011578070.7A CN112560070B (en) | 2020-12-28 | 2020-12-28 | Data sharing method with auditing function |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011578070.7A CN112560070B (en) | 2020-12-28 | 2020-12-28 | Data sharing method with auditing function |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112560070A CN112560070A (en) | 2021-03-26 |
CN112560070B true CN112560070B (en) | 2024-03-22 |
Family
ID=75033843
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011578070.7A Active CN112560070B (en) | 2020-12-28 | 2020-12-28 | Data sharing method with auditing function |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112560070B (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR19990039365A (en) * | 1997-11-12 | 1999-06-05 | 정명식 | Public key encryption method using precomputation in safety module |
CN107147720A (en) * | 2017-05-16 | 2017-09-08 | 安徽大学 | Traceable effective public audit method and system in a kind of cloud storage data sharing |
CN108494561A (en) * | 2018-03-20 | 2018-09-04 | 西安电子科技大学 | The Polymeric electron endorsement method of fixed signature length |
CN109326337A (en) * | 2018-09-06 | 2019-02-12 | 西安电子科技大学 | Electronic medical record storage and shared model and method based on block chain |
CN109670828A (en) * | 2018-12-06 | 2019-04-23 | 福建联迪商用设备有限公司 | A kind of application on-line signature method and system |
WO2020143131A1 (en) * | 2019-01-07 | 2020-07-16 | 南京航空航天大学 | Revocable cloud data security sharing method |
-
2020
- 2020-12-28 CN CN202011578070.7A patent/CN112560070B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR19990039365A (en) * | 1997-11-12 | 1999-06-05 | 정명식 | Public key encryption method using precomputation in safety module |
CN107147720A (en) * | 2017-05-16 | 2017-09-08 | 安徽大学 | Traceable effective public audit method and system in a kind of cloud storage data sharing |
CN108494561A (en) * | 2018-03-20 | 2018-09-04 | 西安电子科技大学 | The Polymeric electron endorsement method of fixed signature length |
CN109326337A (en) * | 2018-09-06 | 2019-02-12 | 西安电子科技大学 | Electronic medical record storage and shared model and method based on block chain |
CN109670828A (en) * | 2018-12-06 | 2019-04-23 | 福建联迪商用设备有限公司 | A kind of application on-line signature method and system |
WO2020143131A1 (en) * | 2019-01-07 | 2020-07-16 | 南京航空航天大学 | Revocable cloud data security sharing method |
Non-Patent Citations (1)
Title |
---|
可信数据库环境下无证书认证的可信密钥共享;程芳权;彭智勇;宋伟;任毅;;计算机科学与探索;20100915(第09期);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN112560070A (en) | 2021-03-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5001299B2 (en) | Authentication and distributed system and method for replacing cryptographic keys | |
US7571324B2 (en) | Method and device for anonymous signature with a shared private key | |
JP2019506103A (en) | How to manage trusted identities | |
CN113129518B (en) | Electric vehicle charging system and resource management method thereof | |
WO2005062919A2 (en) | Public key encryption for groups | |
CN102129532A (en) | Method and system for digital copyright protection | |
WO2002017539A2 (en) | Distributed information system and protocol for affixing electronic signatures and authenticating documents | |
JPH09507729A (en) | Cryptographic system and method with key escrow function | |
KR100635280B1 (en) | Security method using electronic signature | |
CN108551435B (en) | Verifiable encryption group signature method with anonymity | |
Wei et al. | Blockchain-based electronic voting protocol | |
US20100161992A1 (en) | Device and method for protecting data, computer program, computer program product | |
CN108712259A (en) | Identity-based acts on behalf of the efficient auditing method of cloud storage for uploading data | |
CN112804050A (en) | Multi-source data query system and method | |
CN111416705A (en) | Quantum computing resistance alliance chain voting system and method based on identity cryptography | |
CN113079177B (en) | Remote sensing data sharing method based on time and decryption frequency limitation | |
CN117176361A (en) | Block chain digital identity authentication control system and method | |
CN112560070B (en) | Data sharing method with auditing function | |
CN116453644A (en) | Medicine traceability supervision method and system based on blockchain | |
CN112422294B (en) | Anonymous voting method and device based on ring signature, electronic equipment and storage medium | |
CN112650813B (en) | Data sharing method for distributed auditing | |
CN112559456B (en) | Data sharing method with privacy protection auditing and deleting functions | |
Chen et al. | VILS: A verifiable image licensing system | |
Feng et al. | A DRM system protecting consumer privacy | |
CN114117392A (en) | Security verification code obtaining method based on paillier encryption |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |