CN112994879B - Data off-disk encryption method for alliance chain - Google Patents

Data off-disk encryption method for alliance chain Download PDF

Info

Publication number
CN112994879B
CN112994879B CN202110244878.XA CN202110244878A CN112994879B CN 112994879 B CN112994879 B CN 112994879B CN 202110244878 A CN202110244878 A CN 202110244878A CN 112994879 B CN112994879 B CN 112994879B
Authority
CN
China
Prior art keywords
data
node
alliance
chain
federation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110244878.XA
Other languages
Chinese (zh)
Other versions
CN112994879A (en
Inventor
张金琳
袁超
俞学劢
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Shuqin Technology Co Ltd
Original Assignee
Zhejiang Shuqin Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Shuqin Technology Co Ltd filed Critical Zhejiang Shuqin Technology Co Ltd
Priority to CN202110244878.XA priority Critical patent/CN112994879B/en
Publication of CN112994879A publication Critical patent/CN112994879A/en
Application granted granted Critical
Publication of CN112994879B publication Critical patent/CN112994879B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of block chains, in particular to a data falling encryption method for a alliance chain, which comprises the following steps: the alliance chain nodes submit data on the chain to an intelligent contract; the following steps are carried out: A) cutting off data into data segments, and transmitting the data segments along the link points of the alliances in sequence; B) in-transmission alliance link nodes randomly determine to add interference data segments into the data segments and record position marks; C) splicing all the data segments into data D'kCompletion data DkEncrypting; D) data D'kDuring decryption, the intelligent contract constructs safe multiparty calculation to obtain whether the data segment is an interference data segment or not, and data D'kRestore to data Dk. The substantial effects of the invention are as follows: each alliance link node stores data required by decrypting the data, so that once the alliance link node is separated from an alliance link intranet environment, the data cannot be recovered, and the safety of the alliance link data is ensured.

Description

Data off-disk encryption method for alliance chain
Technical Field
The invention relates to the technical field of block chains, in particular to a data drop encryption method for a alliance chain.
Background
The public chain is a block chain which can be used by all people to read data, send transactions and compete for accounting. The public chain has the characteristics of non-editable and non-falsifiable, but the public chain is not suitable for enterprises. Therefore, a federation chain is born, wherein the federation chain is a cluster formed by a plurality of private chains, a block chain is managed by a plurality of organizations, each organization or organization manages one or more nodes, and data of the nodes only allows different organizations in the system to read, write and send. The alliance chain has the characteristics of extremely high transaction speed, lower transaction cost, better privacy protection, difficulty in being attacked maliciously and the like. The data of the alliance chain is only limited to the enterprises in the alliance and users of the enterprises with authority to access. The current technology for ensuring that alliance-link data is not leaked out mainly comprises two aspects: access control of data communicated over the chain and access control of data stored by the node. The access control of the communication data on the chain is completed through the node certificate and the SSL. And the current access control of the node stored data uses a disk-dropping encryption mode. The data on the hard disk of the node in the alliance chain are encrypted, and when the data need to be accessed, the data are managed through a Key Manager service. Key Manager service is deployed in an intra-organization network, node hard disk data access Key service is managed specially, and an external network cannot access the Key service. However, this solution has a problem that, when the hard disk and the key are leaked at the same time, the leakage of the federation chain data is caused, and thus the security is not high enough. For example, chinese patent CN111541547A, published 2020, 8/14/provides a federation chain architecture with multi-level data privacy, the federation chain architecture including: one or more channels deployed by a plurality of organizations on a plurality of nodes on a federation chain for data transfer between the nodes; at least one node in the same channel is provided with a centralized system for data interaction with the node; the nodes are provided with private data used for storing the sensitive data, the sensitive data are data with access limits among the nodes in the same channel, the private data are data with access limits set in the nodes, the limits of the private data can be flexibly configured, the requirement of privacy of data on links of different organizations can be met, and the privacy and the safety of data in the alliance link are improved. However, the technical scheme cannot avoid the problem that data leakage is caused when the storage device of the alliance link node is started outside the alliance link.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: at present, the privacy and the security of the alliance-link data still need to be improved. The method can effectively prevent the data of the alliance chain from being leaked and ensure the safety of the private data of the alliance chain.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows: a data drop encryption method for a federation chain, comprising: node N of union chaini,i∈[1,n]The order is established, and external distributed contracts are issued on the alliance chain, when the alliance chain node NiData on the memory chain DkTime, alliance link node NiNumber on chainAccording to DkSubmitted to an external distributed contract, k being data DkThe identity of (2); the external distributed contract performs the following steps: A) external distributed contractual data DkCutting the data into a plurality of data segments, and sequentially cutting the data segments into a plurality of data segments along the node N of the alliance chaini,i∈[1,n]Orchestrated sequential delivery to federation chain nodes Ni-1(ii) a B) Federation chain node N during transfer of data segmentsi+1To federation link node Ni-2Randomly determining to add an interference data segment in the data segment, and locally recording the position identifier of the added interference data segment; C) federation link node Ni-1After all the data segments are received, all the received data segments are spliced into data D'kNode N of the federation chainiDeleting data DkNode N of the federation chaini-1Data D'kSending to an external distributed contract, the external distributed contract being data D'kEncrypted and stored in random N-divisioniOn other alliance-link nodes, alliance-link node Ni-1Data D'kDelete from local, complete data DkEncrypting; D) when data D 'is required'kWhen decrypting, the alliance link node NiSending acquisition data to external distributed contractskRequesting, the external distributed contract constructs a secure multi-party computation, the input of which is data D'kWhether the data segment containing the sequence number of the data segment and the output of the safe multi-party calculation as the corresponding sequence number is an interference data segment or not is judged, the interference data segment is removed by the external distributed contract according to the sequence number of the interference data segment, and then decryption is carried out, namely the data D 'can be obtained'kRestore to data DkExternal distributed contractual data DkSent to a federation link node Ni. Data DkAfter interruption, other alliance chain nodes on the alliance chain randomly decide whether to add interference data segments or not, so that each alliance chain node keeps decrypted data D'kThe needed data further realizes that the data cannot be recovered once the alliance link point is separated from the alliance link intranet environment. After decrypting data D'kThen, the federation chain node decrypts data D'kIn time, the data required by restoration does not need to be sent to other nodes, thereby ensuring thatSecurity of federation chain data.
Preferably, in step D), when the program requests to read data DkIf necessary, data D'kThe decryption time further comprises the following steps: E) federation link node NiObtaining restored data DkThen, all alliance chain nodes are informed to delete the position identification of the added interference data segment recorded locally, and when the program releases the data DkIf so, restoring the data D according to the steps A) to D)k. For data with higher privacy requirements, the preferred scheme can further improve the security of the data and ensure that the private data is not leaked.
Preferably, in step A), the external distributed contract data DkTruncate into m data segments, denoted as { dj,j∈[1,m]In which d isjIs a constant value, data segment dmThe length reaches a fixed value by bit filling, and the node N of the alliance chainiBoth are provided with a buffer area and a switching area, the lengths of the buffer area and the switching area are equal to djSaid switching area has random interference data section, alliance chain node NiSegment d of datajSent to a federation link node Ni+1The buffer area of (2); in step B), if the node N of the alliance chaini+1Determining to add an interference data segment in the data segment, exchanging the data in the buffer area and the exchange area, sending the data in the buffer area to the next alliance link node, and after determining to add the interference data segment for the first time, sending the data in the buffer area to the next alliance link node Ni+1Each time receiving the last alliance chain node NiAfter the data is sent, the data in the buffer area and the data in the switching area are exchanged.
Preferably, in step B), the method for locally recording the location identifier of the added interference data segment includes: federation link node Ni,i∈[1,n]Are all provided with a flag bit
Figure BDA0002963734950000031
Where l is the data D being transferredkTime, alliance link node NiReceiving the last alliance chain node Ni-1Transmitted data segment djIf the data segment d is received for the first timejTime, alliance link node NiThe data in the buffer area and the switching area are exchanged, then
Figure BDA0002963734950000032
Put 1, otherwise, then
Figure BDA0002963734950000033
Set 0, flag bit
Figure BDA0002963734950000034
I.e. a location identity. Passing through the flag bit
Figure BDA0002963734950000035
Can complete position identification and realize data DkAnd (4) recovering.
Preferably, federation chain node NiIs marked with
Figure BDA0002963734950000036
Initial value of middle l is 0, and node N of alliance chainiThe buffer of (2) receives its last federation chain node N at a timei-1Transmitted data segment djWhen l is added by 1, the node N of the last alliance chain is not received when the preset communication timeout time is exceededi-1Transmitted data segment djAnd when the flag bit sequence number is marked with 0, and an external distributed contract is provided with a supervision mechanism to ensure that only one piece of data in the alliance chain is being stored at the same time.
Preferably, the external distributed contract is provided with a supervision mechanism, and the method for ensuring that only one data in the same time alliance chain is being stored comprises the following steps: federation link node NiAre all provided with task flag bits
Figure BDA0002963734950000037
Task flag bit
Figure BDA0002963734950000038
Initial value of 0, alliance link node NiData D to be storedkFirst, to the alliance-link node Ni+1Query task flag bit
Figure BDA0002963734950000039
If the task flag bit
Figure BDA00029637349500000310
Is 0, then to node Ni+2Query task flag bit
Figure BDA00029637349500000311
If the task flag bit
Figure BDA00029637349500000312
Figure BDA00029637349500000312
1, after waiting for a preset time, inquiring the task flag bit again
Figure BDA00029637349500000313
Federation link node NiQueried task flag bit
Figure BDA00029637349500000314
Then, within a preset time length, the device will
Figure BDA00029637349500000315
Set to 1 if the alliance chain node NiQuery to node Ni-1Task flag bit of
Figure BDA00029637349500000316
Is still 0, the data D iskSubmission to an external distributed contract begins storage. Can avoid data storage cross and influence data DkIs correctly recovered.
Preferably, in step D), data D 'is obtained'kThe decryption method comprises the following steps: D1) externally distributed contract receipt federation chain node NiDecrypted data D'kRequest of D'k={d′j,j∈[1,m+n-2]An external distributed contract construction variable z ═ 1 and p ═ 2; D2) external distributed contract query federation chain node Ni-pIs marked with
Figure BDA00029637349500000317
If i-p is not larger than zero, the value of n-i + p is regarded as the value of i-p, and if the flag bit is not larger than zero, the flag bit is set
Figure BDA00029637349500000318
If the value of (3) is 1, the step D3) is entered, if the flag bit is set
Figure BDA00029637349500000319
If 0, go to step D4); D3) external distributed contract discard data segment d'zNode N of the federation chaini-pAll the zone bits are marked
Figure BDA0002963734950000041
Setting the values to be 0, adding z to be 1, recovering the initial value to be 2 by p, and returning to the step D2) to continue executing; D4) p is added by 1, if p is equal to n-1, the step D5) is entered, if p is less than n-1, the step D2) is returned to and executed continuously; D5) external distributed contract reserved data segment d'zZ is added to 1, p recovers the initial value of 2, and returns to the step D2) to continue execution until z is equal to m + n-2, at which time the reserved data segment D'zData D is formed after splicingkCompletion data DkAnd (4) recovering. Recovery of data D from flag bitskEach alliance link point only needs to calculate the stored flag bit, and the flag bit data does not need to be shared with other nodes, so that the security of the alliance link private data is improved.
The substantial effects of the invention are as follows: each alliance chain node is kept with decrypted data D'kThe needed data can not be recovered once the alliance link point is separated from the alliance link intranet environment; after decrypting data D'kThen, the federation chain node decrypts data D'kIn time, the data required by restoration does not need to be sent to other nodes, and the safety of the alliance chain data is guaranteed.
Drawings
Fig. 1 is a block diagram illustrating a flow of a data-dropping encryption method according to an embodiment.
Fig. 2 is a schematic diagram illustrating participation of a federation chain node in data encryption according to an embodiment.
FIG. 3 is a diagram illustrating data encryption according to an embodiment.
FIG. 4 is a diagram illustrating data decryption according to an embodiment.
Detailed Description
The following provides a more detailed description of the present invention, with reference to the accompanying drawings.
The first embodiment is as follows:
a data drop encryption method for a federation chain, comprising: node N of union chaini,i∈[1,n]The order is established, and external distributed contracts are issued on the alliance chain, when the alliance chain node NiData on the memory chain DkTime, alliance link node NiData D on the chainkSubmitted to an external distributed contract, k being data DkIs detected.
The external distributed contract performs the following steps, as shown in FIG. 1: A) external distributed contractual data DkCutting the data into a plurality of data segments, and sequentially cutting the data segments into a plurality of data segments along the node N of the alliance chaini,i∈[1,n]Orchestrated sequential delivery to federation chain nodes Ni-1. External distributed contractual data DkTruncate into m data segments, denoted as { dj,j∈[1,m]In which d isjIs a constant value, data segment dmThe length reaches a fixed value by bit filling, and the node N of the alliance chainiBoth are provided with a buffer area and a switching area, the lengths of the buffer area and the switching area are equal to djLength matching of switching area with random interference data segment, alliance link node NiSegment d of datajSent to a federation link node Ni+1The buffer area of (2).
B) Federation chain node N during transfer of data segmentsi+1To federation link node Ni-2And randomly determining to add the interference data segment in the data segment, and locally recording the position identification of the added interference data segment. As shown in FIG. 2, if a federation chain node Ni+1Determining to add an interference data segment in the data segment, exchanging the data in the buffer area and the exchange area, sending the data in the buffer area to the next alliance link node, and after determining to add the interference data segment for the first time, sending the data in the buffer area to the next alliance link node Ni+1Each time receiving the last alliance chain node NiAfter the data has been transmitted, the data is transmitted,the data of the buffer area and the switching area are exchanged.
The method for adding the position identification of the interference data segment in the local record comprises the following steps: federation link node Ni,i∈[1,n]Are all provided with a flag bit
Figure BDA0002963734950000051
Where l is the data D being transferredkTime, alliance link node NiReceiving the last alliance link node Ni-1Transmitted data segment djIf the data segment d is received for the first timejTime, alliance link node NiThe data in the buffer area and the switching area are exchanged, then
Figure BDA0002963734950000052
Put 1, otherwise, then
Figure BDA0002963734950000053
Set 0, flag bit
Figure BDA0002963734950000054
I.e. a location identity. Passing through the flag bit
Figure BDA0002963734950000055
Can complete position identification and realize data DkAnd (4) recovering.
Federation link node NiIs marked with
Figure BDA0002963734950000056
Initial value of middle l is 0, and node N of alliance chainiThe buffer of (2) receives its last federation chain node N at a timei-1Transmitted data segment djWhen l is added by 1, the node N of the last alliance chain is not received when the preset communication timeout time is exceededi-1Transmitted data segment djAnd when the flag bit sequence number is marked with 0, and an external distributed contract is provided with a supervision mechanism to ensure that only one piece of data in the alliance chain is being stored at the same time.
C) Federation link node Ni-1After all the data segments are received, all the received data segments are spliced into data D'kNode N of the federation chainiDeleting data DkNode N of the federation chaini-1Data D'kSending to an external distributed contract, the external distributed contract being data D'kEncrypted and stored in random N-divisioniOn other alliance-link nodes, alliance-link node Ni-1Data D'kDelete from local, complete data DkEncryption of (2). As shown in FIG. 3, the encrypted data D 'of the present embodiment is'kSchematic representation. In the embodiment, 3 alliance-link nodes are shared in the data DkEncryption of (1), data Dk={d1,d2,d3,d4,d5And after the encryption is finished, the data is encrypted,
data D'k={d1random,d2random,d1,d2,d3random,d3,d4,d5}, node N1To N3Respectively storing flag bits related to encryption.
D) When data D 'is required'kWhen decrypting, the alliance link node NiSending acquisition data to external distributed contractskRequesting, the external distributed contract constructs a secure multi-party computation, the input of which is data D'kWhether the data segment containing the sequence number of the data segment and the output of the safe multi-party calculation as the corresponding sequence number is an interference data segment or not is judged, the interference data segment is removed by the external distributed contract according to the sequence number of the interference data segment, and then decryption is carried out, namely the data D 'can be obtained'kRestore to data DkExternal distributed contractual data DkSent to a federation link node Ni
As shown in FIG. 4, data D'kThe decryption method comprises the following steps: D1) externally distributed contract receipt federation chain node NiDecrypted data D'kRequest of D'k={d′j,j∈[1,m+n-2]An external distributed contract construction variable z ═ 1 and p ═ 2; D2) external distributed contract query federation chain node Ni-pIs marked with
Figure BDA0002963734950000061
If i-p is not larger than zero, the value of n-i + p is regarded as the value of i-p, and if the flag bit is not larger than zero, the flag bit is set
Figure BDA0002963734950000062
If the value of (3) is 1, the step D3) is entered, if the flag bit is set
Figure BDA0002963734950000063
If 0, go to step D4); D3) external distributed contract discard data segment d'zNode N of the federation chaini-pAll the zone bits are marked
Figure BDA0002963734950000064
Setting the values to be 0, adding z to be 1, recovering the initial value to be 2 by p, and returning to the step D2) to continue executing; D4) p is added by 1, if p is equal to n-1, the step D5) is entered, if p is less than n-1, the step D2) is returned to and executed continuously; D5) external distributed contract reserved data segment d'zZ is added to 1, p recovers the initial value of 2, and returns to the step D2) to continue execution until z is equal to m + n-2, at which time the reserved data segment D'zData D is formed after splicingkCompletion data DkAnd (4) recovering. Recovery of data D from flag bitskEach alliance link point only needs to calculate the stored flag bit, and the flag bit data does not need to be shared with other nodes, so that the security of the alliance link private data is improved.
E) Federation link node NiObtaining restored data DkThen, all alliance chain nodes are informed to delete the position identification of the added interference data segment recorded locally, and when the program releases the data DkIf so, restoring the data D according to the steps A) to D)k. For data with higher privacy requirements, the preferred scheme can further improve the security of the data and ensure that the private data is not leaked.
The beneficial technical effects of this embodiment are: each alliance chain node is kept with decrypted data D'kThe needed data can not be recovered once the alliance link point is separated from the alliance link intranet environment; after decrypting data D'kThen, the federation chain node decrypts data D'kIn time, the data required by restoration does not need to be sent to other nodes, and the safety of the alliance chain data is guaranteed.
Example two:
in this embodiment, the external distributed contract is provided with a supervision mechanism, and the method for ensuring that only one piece of data in the federation chain is being stored at the same time includes: federation link node NiAre all provided with task flag bits
Figure BDA0002963734950000065
Task flag bit
Figure BDA0002963734950000066
Initial value of 0, alliance link node NiData D to be storedkFirst, to the alliance-link node Ni+1Query task flag bit
Figure BDA0002963734950000067
If the task flag bit
Figure BDA0002963734950000068
Is 0, then to node Ni+2Query task flag bit
Figure BDA0002963734950000069
If the task flag bit
Figure BDA00029637349500000610
Figure BDA00029637349500000610
1, after waiting for a preset time, inquiring the task flag bit again
Figure BDA00029637349500000611
Federation link node NiQueried task flag bit
Figure BDA00029637349500000612
Then, within a preset time length, the device will
Figure BDA00029637349500000613
Set to 1 if the alliance chain node NiQuery to node Ni-1Task flag bit of
Figure BDA0002963734950000071
Is still 0, the data D iskSubmission to an external distributed contract begins storage. Can avoid data storage cross and influence data DkIs correctly recovered.
The above embodiment is only a preferred embodiment of the present invention, and is not intended to limit the present invention in any way, and other variations and modifications may be made without departing from the technical scope of the claims.

Claims (7)

1. A data off-disk encryption method for a federation chain,
the method comprises the following steps:
node N of union chaini,i∈[1,n]The order is established, and external distributed contracts are issued on the alliance chain, when the alliance chain node NiData on the memory chain DkTime, alliance link node NiData D on the chainkAfter encryption, submitting the encrypted data to an external distributed contract, wherein k is data DkThe identity of (2);
the external distributed contract performs the following steps:
A) external distributed contractual data DkCutting the data into a plurality of data segments, and sequentially cutting the data segments into a plurality of data segments along the node N of the alliance chaini,i∈[1,n]Orchestrated sequential delivery to federation chain nodes Ni-1
B) Federation chain node N during transfer of data segmentsi+1To federation link node Ni-2Randomly determining to add an interference data segment in the data segment, and locally recording the position identifier of the added interference data segment;
C) federation link node Ni-1After all the data segments are received, all the received data segments are spliced into data D'kNode N of the federation chainiDeleting data DkNode N of the federation chaini-1Data D'kSending to an external distributed contract, the external distributed contract being data D'kEncrypted and stored in random N-divisioniOn other federation link nodes, federation link node Ni-1Data D'kDelete from local, complete data DkEncrypting;
D) when data D 'is required'kWhen decrypting, the alliance link node NiSending acquisition data to external distributed contractskRequesting, the external distributed contract constructs a secure multi-party computation, the input of which is data D'kWhether the data segment containing the sequence number of the data segment and the output of the safe multi-party calculation as the corresponding sequence number is an interference data segment or not is judged, the interference data segment is removed by the external distributed contract according to the sequence number of the interference data segment, and then decryption is carried out, namely the data D 'can be obtained'kRestore to data DkExternal distributed contractual data DkSent to a federation link node Ni
2. A data crash encryption method for alliance chain as claimed in claim 1 wherein, in step D), when the program requests to read data DkIf necessary, data D'kThe moment of the decryption is carried out,
further comprising the steps of:
E) federation link node NiObtaining restored data DkThen, all alliance chain nodes are informed to delete the position identification of the added interference data segment recorded locally, and when the program releases the data DkIf so, restoring the data D according to the steps A) to D)k
3. A data-drop encryption method for federation chains according to claim 1 or 2,
in step A), the external distributed contract transmits data DkTruncate into m data segments, denoted as { dj,j∈[1,m]In which d isjIs a constant value, data segment dmThe length reaches a fixed value by bit filling, and the node N of the alliance chainiBoth are provided with a buffer area and a switching area, the lengths of the buffer area and the switching area are equal to djSaid switching area has random interference data section, alliance chain node NiSegment d of datajSent to a federation link node Ni+1The buffer area of (2);
in step B), if the node N of the alliance chaini+1Determining to add an interference data segment in the data segment, exchanging the data in the buffer area and the exchange area, sending the data in the buffer area to the next alliance link node, and after determining to add the interference data segment for the first time, sending the data in the buffer area to the next alliance link node Ni+1Each time receiving the last alliance chain node NiAfter the data is sent, the data in the buffer area and the data in the switching area are exchanged.
4. The data landing encryption method for alliance chain according to claim 3, wherein in step B), the method of locally recording the location identifier of the added interference data segment is:
federation link node Ni,i∈[1,n]Are all provided with a flag bit
Figure FDA0002963734940000021
Where l is the data D being transferredkTime, alliance link node NiReceiving the last alliance link node Ni-1Transmitted data segment djIf the data segment d is received for the first timejTime, alliance link node NiThe data in the buffer area and the switching area are exchanged, then
Figure FDA0002963734940000022
Put 1, otherwise, then
Figure FDA0002963734940000023
Set 0, flag bit
Figure FDA0002963734940000024
I.e. a location identity.
5. A data off-disk encryption method for federation chain as recited in claim 4, wherein a federation chain node NiIs marked with
Figure FDA0002963734940000025
Initial value of middle l is 0, and node N of alliance chainiThe buffer of (2) receives its last federation chain node N at a timei-1Transmitted data segment djWhen l is added by 1, the node N of the last alliance chain is not received when the preset communication timeout time is exceededi-1Transmitted data segment djAnd when the flag bit sequence number is marked with 0, and an external distributed contract is provided with a supervision mechanism to ensure that only one piece of data in the alliance chain is being stored at the same time.
6. A data-drop encryption method for federation chains according to claim 5, wherein the external distributed contract is provided with a supervision mechanism, and the method of ensuring that only one data in a federation chain at a time is being stored comprises:
federation link node NiAre all provided with task flag bits
Figure FDA0002963734940000026
Task flag bit
Figure FDA0002963734940000027
Initial value of 0, alliance link node NiData D to be storedkFirst, to the alliance-link node Ni+1Query task flag bit
Figure FDA0002963734940000028
If task flag bit
Figure FDA0002963734940000029
Is 0, then to node Ni+2Query task flag bit
Figure FDA00029637349400000210
If the task flag bit
Figure FDA00029637349400000211
1, wait forAfter setting time, inquiring task flag bit again
Figure FDA00029637349400000212
Federation link node NiQueried task flag bit
Figure FDA00029637349400000213
Then, within a preset time length, the device will
Figure FDA00029637349400000214
Set to 1 if the alliance chain node NiQuery to node Ni-1Task flag bit of
Figure FDA00029637349400000215
Is still 0, the data D iskSubmission to an external distributed contract begins storage.
7. The data offline encryption method for federation chain of claim 5, wherein in step D), the data D 'is sent'kThe decryption method comprises the following steps:
D1) externally distributed contract receipt federation chain node NiDecrypted data D'kRequest of D'k={d′j,j∈[1,m+n-2]An external distributed contract construction variable z ═ 1 and p ═ 2;
D2) external distributed contract query federation chain node Ni-pIs marked with
Figure FDA0002963734940000031
If i-p is not larger than zero, the value of n-i + p is regarded as the value of i-p, and if the flag bit is not larger than zero, the flag bit is set
Figure FDA0002963734940000032
If the value of (3) is 1, the step D3) is entered, if the flag bit is set
Figure FDA0002963734940000033
If 0, go to step D4);
D3) external distributed contract discard data segment d'zNode N of the federation chaini-pAll the zone bits are marked
Figure FDA0002963734940000034
Setting the values to be 0, adding z to be 1, recovering the initial value to be 2 by p, and returning to the step D2) to continue executing;
D4) p is added by 1, if p is equal to n-1, the step D5) is entered, if p is less than n-1, the step D2) is returned to and executed continuously;
D5) external distributed contract reserved data segment d'zZ is added to 1, p recovers the initial value of 2, and returns to the step D2) to continue execution until z is equal to m + n-2, at which time the reserved data segment D'zData D is formed after splicingkCompletion data DkAnd (4) recovering.
CN202110244878.XA 2021-03-05 2021-03-05 Data off-disk encryption method for alliance chain Active CN112994879B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110244878.XA CN112994879B (en) 2021-03-05 2021-03-05 Data off-disk encryption method for alliance chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110244878.XA CN112994879B (en) 2021-03-05 2021-03-05 Data off-disk encryption method for alliance chain

Publications (2)

Publication Number Publication Date
CN112994879A CN112994879A (en) 2021-06-18
CN112994879B true CN112994879B (en) 2022-05-24

Family

ID=76353018

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110244878.XA Active CN112994879B (en) 2021-03-05 2021-03-05 Data off-disk encryption method for alliance chain

Country Status (1)

Country Link
CN (1) CN112994879B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106919476A (en) * 2017-02-24 2017-07-04 中国科学院软件研究所 Data safety backup method, client and cloud server terminal based on alliance's chain
CN109658074A (en) * 2018-08-09 2019-04-19 杭州复杂美科技有限公司 A kind of storage of data and read system and method, equipment and storage medium
CN110032891A (en) * 2019-04-16 2019-07-19 中国电力科学研究院有限公司 A kind of smart grid distributed cryptograph search method and system model based on alliance's block chain

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106919476A (en) * 2017-02-24 2017-07-04 中国科学院软件研究所 Data safety backup method, client and cloud server terminal based on alliance's chain
CN109658074A (en) * 2018-08-09 2019-04-19 杭州复杂美科技有限公司 A kind of storage of data and read system and method, equipment and storage medium
CN110032891A (en) * 2019-04-16 2019-07-19 中国电力科学研究院有限公司 A kind of smart grid distributed cryptograph search method and system model based on alliance's block chain

Also Published As

Publication number Publication date
CN112994879A (en) 2021-06-18

Similar Documents

Publication Publication Date Title
CN104205123B (en) Systems and methods for secure third-party data storage
CN108768633B (en) Method and device for realizing information sharing in block chain
CN111523133B (en) Block chain and cloud data collaborative sharing method
US20070160197A1 (en) Secret information management scheme based on secret sharing scheme
US11005663B2 (en) Secure audit scheme in a distributed data storage system
US8156168B2 (en) Method and system for data security
CN104255011B (en) Cloud computing secure data stores
CN101647006A (en) Be used for method of data backup and system
CN100593306C (en) System and method for message-based scalable data transport
CN111245837A (en) Block chain-based vehicle networking data sharing fine-grained access control method
US11569989B2 (en) Blockchain system for hardening quantum computing security
US8341417B1 (en) Data storage using encoded hash message authentication code
Asfia et al. Energy trading of electric vehicles using blockchain and smart contracts
JP2022531497A (en) Transfer of digital asset ownership over a one-way connection
US11924178B2 (en) Method and system for secure information distribution based on group shared key
CN110543526B (en) Optimized storage method and system based on block chain
US7975137B2 (en) Method and system for securely extending a path of a mobile agent within a network system
KR102665997B1 (en) Device for coding packet and routing method in memory network including the same
CN112597527B (en) Data access method for preventing alliance chain data leakage
CN112994879B (en) Data off-disk encryption method for alliance chain
CN110620776B (en) Data transfer information transmission method and device
CN111786987A (en) Task issuing method, device, system and equipment
KR102406388B1 (en) A method and an apparatus for master key management based on sharing algorithms for block chain transactions
CN115865461A (en) Method and system for distributing data in high-performance computing cluster
CN113079026A (en) Block chain system and block chain network resource management method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant