CN113360937B - Cloud platform key distribution method and system based on intelligent contracts - Google Patents

Cloud platform key distribution method and system based on intelligent contracts Download PDF

Info

Publication number
CN113360937B
CN113360937B CN202110910805.XA CN202110910805A CN113360937B CN 113360937 B CN113360937 B CN 113360937B CN 202110910805 A CN202110910805 A CN 202110910805A CN 113360937 B CN113360937 B CN 113360937B
Authority
CN
China
Prior art keywords
key
management module
decrypted
signature
key management
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110910805.XA
Other languages
Chinese (zh)
Other versions
CN113360937A (en
Inventor
罗远哲
刘瑞景
李冠蕊
罗晓萌
王玲洁
罗晓婷
李雪茹
薛瑞亭
郑玉洁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing China Super Industry Information Security Technology Ltd By Share Ltd
Original Assignee
Beijing China Super Industry Information Security Technology Ltd By Share Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing China Super Industry Information Security Technology Ltd By Share Ltd filed Critical Beijing China Super Industry Information Security Technology Ltd By Share Ltd
Priority to CN202110910805.XA priority Critical patent/CN113360937B/en
Publication of CN113360937A publication Critical patent/CN113360937A/en
Application granted granted Critical
Publication of CN113360937B publication Critical patent/CN113360937B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a cloud platform key distribution method and a system based on an intelligent contract, comprising the following steps: sending a key application to a block chain system through a user terminal; receiving a key application through a blockchain node in a blockchain system; randomly selecting a key management module from a cloud computing system through an intelligent contract bound with the block chain nodes to obtain the selected key management module; generating a key and a signature based on the selected key management module, encrypting the generated key and the signature and then sending the encrypted key and signature to the intelligent contract; and receiving and decrypting the encrypted key and the encrypted signature through the intelligent contract, and encrypting the decrypted data and then sending the encrypted data to the user terminal. The invention improves the security of key distribution.

Description

Cloud platform key distribution method and system based on intelligent contracts
Technical Field
The invention relates to the field of key management, in particular to a cloud platform key distribution method and system based on an intelligent contract.
Background
In a cloud computing environment, a user no longer has hardware resources of an infrastructure, software mainly runs in the cloud, and business data is also stored in the cloud. The cloud computing security requirements guarantee confidentiality, integrity and availability of data, and ensure that a service provider provides reliable and efficient cloud computing services. At present, aiming at the security problem of cloud computing, new technologies and new ideas based on cryptography are proposed successively. Almost every aspect of cloud computing security is related to cryptography, requiring passwords to encrypt data of different users, requiring passwords to ensure communication security, and requiring password algorithms to verify the identity of the user. Thus, encryption technology is the basis for cloud computing security. Meanwhile, people pay more attention to the problems of how to protect data security from being stolen, tampered or damaged and the like. The key to solving these problems is data encryption technology. The key management technology in the cloud computing platform is the basis for realizing the secure encryption of data. The safe key management technology can effectively reduce the operation, maintenance and research expenses on the basic implementation of the password and data encryption and decryption products. However, once the key is leaked or the key management system is collapsed, data access in the cloud and the security of the data itself cannot be guaranteed.
In the cloud computing system, one key management module is adopted to provide key management services for a plurality of users. However, with the large increase in the number of users and the strong demand for more keys from users, the traditional single key management module architecture is not suitable for most of the current practical environments.
Disclosure of Invention
The invention aims to provide a cloud platform key distribution method and system based on an intelligent contract, and the security of key distribution is improved.
In order to achieve the purpose, the invention provides the following scheme:
a cloud platform key distribution method based on intelligent contracts comprises the following steps:
sending a key application to a block chain system through a user terminal;
receiving the key application by a blockchain node in the blockchain system;
randomly selecting a key management module from a cloud computing system through an intelligent contract bound with the block chain nodes to obtain the selected key management module;
generating a key and a signature based on the selected key management module, encrypting the generated key and the signature and then sending the encrypted key and signature to the intelligent contract;
and receiving and decrypting the encrypted key and the encrypted signature through the intelligent contract, and encrypting and sending decrypted data to the user terminal.
Optionally, the generating a key and a signature based on the selected key management module, encrypting the generated key and signature, and sending the encrypted key and signature to the smart contract specifically includes:
according to a recurrence formulac i=Hash(sk,r i-1*g+c i-1*Pi-1) Computing hash valuesc iWhereinc i+1=Hash(sk,r i*g+c i*Pi)=Hash(sk,k*g),c 1=Hash(sk,r n*g+c n*Pn) Sk denotes a key generated by the selected key management module, k denotes a random number, g denotes a generator of an elliptic curve,r ipublic key representing ith key management moduleP iCorresponding random numbers, n representing the number of key management modules,P i=x i*g,x ia private key representing an ith key management module, the ith key management module being the selected key management module;
according to the hash valuec iCalculating a random numberr i
According to the public key set, the random number set R and the hash valuec 1Determining signature information; the public key set PK = { P = { [ P ]1,P2,...,Pi-1,Pi,Pi+1,...Pn},R=R’∪r i,R’={r1,r2,...,ri-1,ri+1,...rn};
And encrypting the key sk and the signature information and then sending the encrypted key sk and signature information to the intelligent contract.
Optionally, the receiving and decrypting the encrypted key and the encrypted signature through the smart contract, and encrypting and sending decrypted data to the user terminal specifically include:
receiving and decrypting the encrypted key and the encrypted signature through the intelligent contract to obtain decrypted data, wherein the decrypted data comprises a decrypted key sk, a decrypted public key set, a decrypted R and a decrypted hash valuec 1
Based on the decrypted secret key sk, the decrypted public key set and the decrypted R, according to a recurrence formulac i=Hash(sk,r i-1*g+c i-1*Pi-1) Calculating a hash valuec 1’;
Determining hash valuesc 1' and decrypted hash valuec 1Whether they are equal;
if yes, judging that the decrypted data is legal, encrypting the decrypted data and then sending the encrypted data to the user terminal;
and if not, judging that the decrypted data is illegal, and stopping program operation.
Optionally, the randomly selecting one key management module from the cloud computing system through the smart contract bound to the block link point to obtain the selected key management module specifically includes:
calling a true random number generator through an intelligent contract bound with the block link point to generate a random number, and recording the random number as a selected random number; the random number is selected to correspond to the key management modules one by one;
and obtaining the selected key management module according to the selected random number.
The invention also discloses a cloud platform key distribution system based on the intelligent contract, which comprises the following steps:
the user terminal is used for sending a key application to the block chain system;
a blockchain system for receiving the key application through a blockchain link point;
the intelligent contract is used for randomly selecting a key management module from the cloud computing system to obtain the selected key management module, receiving and decrypting the encrypted key and the encrypted signature, and sending the decrypted data to the user terminal after encrypting; the intelligent contract is bound with the block link point;
and the key management module is used for generating a key and a signature, encrypting the generated key and the signature and then sending the encrypted key and the signature to the intelligent contract.
Optionally, the key management module specifically includes:
hash valuec iA calculation unit for calculating a formula based on recursionc i=Hash(sk,r i-1*g+c i-1*Pi-1) Computing hash valuesc iWhereinc i+1=Hash(sk,r i*g+c i*Pi)=Hash(sk,k*g),c 1=Hash(sk,r n*g+c n*Pn) Sk denotes a key generated by the selected key management module, k denotes a random number, g denotes a generator of an elliptic curve,r ipublic key representing ith key management moduleP iCorresponding random numbers, n representing the number of key management modules,P i=x i*g,x ia private key representing an ith key management module, the ith key management module being the selected key management module;
random numberr iA calculation unit for calculating a hash value based on the hash valuec iCalculating a random numberr i
A signature information determination unit for determining a signature based on the public key set, the random number set R and the hash valuec 1Determining signature information; the public key set PK = { P = { [ P ]1,P2,...,Pi-1,Pi,Pi+1,...Pn},R=R’∪r i,R’={r1,r2,...,ri-1,ri+1,...rn};
And the first encryption information sending unit is used for encrypting the key sk and the signature information and then sending the encrypted key sk and the signature information to the intelligent contract.
Optionally, the intelligent contract specifically includes:
a decryption unit, configured to receive and decrypt the encrypted key and signature to obtain decrypted data, where the decrypted data includes the decrypted key sk, the decrypted public key set, the decrypted R, and the decrypted hash valuec 1
Hash valuec 1' a calculation unit for calculating a recursive formula based on the decrypted secret key sk, the decrypted public key set and the decrypted Rc i=Hash(sk,r i-1*g+c i-1*Pi-1) Calculating a hash valuec 1’;
A judging unit for judging the hash valuec 1' and decrypted hash valuec 1Whether they are equal;
the second encrypted information sending unit is used for judging that the decrypted data is legal if the decrypted data is equal to the first encrypted information sending unit, encrypting the decrypted data and sending the encrypted data to the user terminal;
and if the data are not equal, the stopping unit is used for judging that the decrypted data are illegal and stopping program operation.
Optionally, the intelligent contract specifically includes:
the selection random number generation unit is used for calling the true random number generator to generate a random number which is recorded as a selection random number; the random number is selected to correspond to the key management modules one by one;
and the key management module selection unit is used for obtaining the selected key management module according to the selected random number.
According to the specific embodiment provided by the invention, the invention discloses the following technical effects:
the invention randomly selects one key management module from a plurality of key management modules to generate the key by using the intelligent contract by using the centralized and distributed calculation of the block chain, so that the user terminal using the key management system is not aware and cannot determine the physical position and the logical position of the key server, thereby improving the security of key distribution.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without inventive exercise.
Fig. 1 is a schematic flow chart of a cloud platform key distribution method based on an intelligent contract according to the present invention;
fig. 2 is a schematic structural diagram of a cloud platform key distribution system based on an intelligent contract according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention aims to provide a cloud platform key distribution method and system based on an intelligent contract, and the security of key distribution is improved.
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
Fig. 1 is a schematic flow chart of a cloud platform key distribution method based on an intelligent contract, and as shown in fig. 1, a cloud platform key distribution method based on an intelligent contract includes:
step 101: and sending a key application to the block chain system through the user terminal.
As shown in fig. 2, the blockchain system includes a plurality of blockchain nodes, and each blockchain node is bound with an intelligent contract.
Step 102: a key request is received by a blockchain node in a blockchain system.
Step 103: and randomly selecting one key management module from the cloud computing system through the intelligent contract bound with the block chain nodes to obtain the selected key management module.
The cloud computing system comprises a plurality of key management modules and a cloud storage module. The cloud storage module is used for storing the data encrypted by the user terminal.
Wherein, step 103 specifically comprises:
calling a true random number generator through an intelligent contract bound with the block link points to generate a random number, and recording the random number as a selected random number; and selecting random numbers to correspond to the key management modules one by one.
And obtaining the selected key management module according to the selected random number.
Step 104: and generating a key and a signature based on the selected key management module, and encrypting the generated key and the generated signature and then sending the encrypted key and signature to the smart contract.
Wherein, step 104 specifically includes:
according to a recurrence formulac i=Hash(sk,r i-1*g+c i-1*Pi-1) Computing hash valuesc iWhereinc i+1=Hash(sk,r i*g+c i*Pi)=Hash(sk,k*g),c 1=Hash(sk,r n*g+c n*Pn) Sk denotes a key generated by the selected key management module, k denotes a random number, g denotes a generator of an elliptic curve,r ipublic key representing ith key management moduleP iCorresponding random numbers, n representing the number of key management modules,P i=x i*g,x ithe key management module is a selected key management module.
According to the hash valuec iCalculating a random numberr i
According to the public key set, the random number set R and the hash valuec 1Determining signature information; public key set PK = { P1,P2,...,Pi-1,Pi,Pi+1,...Pn},R=R’∪r i,R’={r1,r2,...,ri-1,ri+1,...rn}。
And encrypting the key sk and the signature information and then sending the encrypted key sk and signature information to the intelligent contract.
Step 105: and receiving and decrypting the encrypted key and the encrypted signature through the intelligent contract, and encrypting the decrypted data and then sending the encrypted data to the user terminal.
Wherein, step 105 specifically comprises:
receiving and decrypting the encrypted key and the encrypted signature through the intelligent contract to obtain decrypted data, wherein the decrypted data comprises a decrypted key sk, a decrypted public key set, a decrypted R and a decrypted hash valuec 1
Based on the decrypted secret key sk, the decrypted public key set and the decrypted R, according to a recursion formulac i=Hash(sk,r i-1*g+c i-1*Pi-1) Calculating a hash valuec 1’。
Determining hash valuesc 1' and decrypted hash valuec 1Whether or not equal.
If the data are equal, the decrypted data are judged to be legal, and the decrypted data are encrypted and then sent to the user terminal.
And if not, judging that the decrypted data is illegal, and stopping program operation.
The following describes the cloud platform key distribution method based on the intelligent contract in detail.
A user (user terminal) sends a key application operation to a blockchain system, and a blockchain node in the blockchain system receives a key application request sent by the user. Then, a key application contract is called according to the request content, and the validity of the user request is judged by the key application contract at first. The intelligent contract then invokes the true random number generator to generate a random number. The smart contract decides which key management module to schedule to generate the key value based on the random number. One kind of key management module isnAnd (4) respectively. This time byiKey generation by a key management moduleFunction of (1)iThe key management module is the selected key management module.
First, theiThe method for generating the key for the user terminal by the key management module specifically comprises the following steps:
1. first, it is firstiThe public and private key pair of the key management module is (A)x iP i) WhereinP i=x iG, i ∈ (1, 2.. multidot., n). g is a generator of the elliptic curve.
2. First, theiGenerating a key by a key management modulesk
3、nThe public key set of each key management module is PK = { P = { (P)1,P2,...,Pi-1,Pi,Pi+1,...Pn}, usingnA public key is signed, wherein PiIs the signer (the firstiIndividual key management module).
4. The signer generates n-1 random numbers, the set of random numbers R' = { R =1,r2,...,ri-1,ri+1,...rnR, where the random number corresponds to the public key one-to-one, riThe corresponding random number of the signer does not need to be generated at this time, and is obtained by subsequent calculation, wherein R = R' Ur i
5. Generating a random numberk,,k*g=r i*g+c i*P i
6. Calculating according to a recurrence formula to obtainc i
c i+1=Hash(sk,r i*g+c i*Pi)=Hash(sk,k*g)
c i+2=Hash(sk,r i+1*g+c i+1*Pi+1)
c n=Hash(sk,r n-1*g+c n-1*Pn-1)
c 1=Hash(sk,r n*g+c n*Pn)
...
...
c i=Hash(sk,r i-1*g+c i-1*Pi-1)
7. At this time, calculatec iThen the formula k × g =r i*g+c i*P iTherein is onlyr iIs an unknown number. According to the formula k × g =r i*g+c i*P i=r i*g+c i*x iG can yield k =r i+c i*x i. Can calculate outr i
8. The signature information is σ = (PK, R,c 1)。
9. secret keyskAnd the signature information sigma is sent to the intelligent contract in an encrypted way.
10. Intelligent contract receiving methodiAnd the encrypted data sent by the individual key management module is decrypted, and the validity of the key sent by the key management module is verified.
11. According to a recurrence formulac i=Hash(sk,r i-1*g+c i-1*Pi-1) Sequentially find { c }2,...,ci,...,cn,c1' } then verify c1' and c obtained by decryption1And if so, the key sent by the intelligent contract is legal data.
If the user applies for the symmetric key, the key is directly usedskAs a symmetric key.
If the user applies for an asymmetric key, the user generates a new asymmetric key. The user has a private-public key pair (on two elliptic curves)a,A) And (a)b,B). Wherein,H 1(ID) Are points on the elliptical curve and are,H 1in order to be a function of the Hash function,IDis the user identity.A=aH 1(ID),B=bH 1(ID). The public and private keys used by the user for data encryption arePK=H 2(sk·A)H 1(ID)+BThe private key isSK=H 2(sk·aH 1(ID))+b
The user encrypts the data to be stored by adopting a secret key, and if a symmetric encryption algorithm is adopted, the symmetric secret key is directly adoptedskAnd (4) directly encrypting. If an asymmetric algorithm is used, the public key PK of the asymmetric key is used for encryption.
A user sends an encryption data storage application operation to a blockchain system, and a blockchain node in a blockchain network receives an encryption data storage application request sent by the user. And then calling a data storage contract according to the encrypted data storage content, wherein the data storage contract firstly judges the legality of the user request. The intelligent contract then invokes the true random number generator to generate a random number. And the intelligent contract decides to schedule the cloud storage module to execute encrypted data storage according to the random number.
The intelligent contract transmits the encrypted data to the corresponding cloud storage module, and the cloud storage module stores the encrypted data.
The invention has the technical effects that:
in the cloud computing system with the plurality of key management modules, a user randomly applies for a key from any key management module, so that an adversary or the user is prevented from deducing relevant parameter information of the key management module from the relevance of the plurality of keys, the safety of the cloud computing key management module is ensured, and the risk of exposing private data of the key management system and the user is avoided.
When the plurality of key management modules send the keys to the user, the ring signature technology is adopted, so that the user can not guess which specific key management module generates the key, and the safety of the key management system in the cloud computing is ensured.
The user applies the key and receives the key through the intelligent contract of the block chain to schedule, and the user can select any one key management module from the plurality of key management modules to apply the key randomly.
The intelligent contract technology of the block chain can ensure that a user is not aware of the key management system and cannot determine the physical position and the logical position of the key server.
The user key is generated publicly by the key management system and the user, and the key management system cannot guess the true key of the user.
Fig. 2 is a schematic structural diagram of a cloud platform key distribution system based on a smart contract, and as shown in fig. 2, a cloud platform key distribution system based on a smart contract includes:
the user terminal 201 is configured to send a key application to the blockchain system.
A blockchain system 202 for receiving a key request through a blockchain node 2022.
The smart contract 2021 is configured to randomly select one key management module 2031 from the cloud computing system 203, obtain the selected key management module 2031, receive and decrypt the encrypted key and signature, encrypt the decrypted data, and send the encrypted data to the user terminal; the smart contracts 2021 are tied to the block link points 2022.
The smart contract 2021 transmits the encrypted data to the corresponding cloud storage module 2032, and the cloud storage module 2032 stores the encrypted data.
And the key management module 2031 is configured to generate a key and a signature, encrypt the generated key and signature, and send the encrypted key and signature to the smart contract 2021.
The key management module 2031 specifically includes:
hash valuec iA calculation unit for calculating a formula based on recursionc i=Hash(sk,r i-1*g+c i-1*Pi-1) Computing hash valuesc iWhereinc i+1=Hash(sk,r i*g+c i*Pi)=Hash(sk,k*g),c 1=Hash(sk,r n*g+c n*Pn) Sk denotes a key generated by the selected key management module 2031, k denotes a random number, g denotes one generator of an elliptic curve,r irepresents the ithPublic key of key management module 2031P iCorresponding random numbers, n represents the number of key management modules 2031,P i=x i*g,x idenotes a private key of the ith key management module 2031, and the ith key management module 2031 is the selected key management module 2031.
Random numberr iA calculation unit for calculating a hash value based on the hash valuec iCalculating a random numberr i
A signature information determination unit for determining a signature based on the public key set, the random number set R and the hash valuec 1Determining signature information; public key set PK = { P1,P2,...,Pi-1,Pi,Pi+1,...Pn},R=R’∪r i,R’={r1,r2,...,ri-1,ri+1,...rn}。
And a first encryption information sending unit, configured to send the key sk and the signature information to the smart contract 2021 after encryption.
The intelligent contract 2021 specifically includes:
the selection random number generation unit is used for calling the true random number generator to generate a random number which is recorded as a selection random number; the random numbers are selected to correspond one-to-one to the key management modules 2031.
A key management module selection unit for obtaining the selected key management module 2031 based on the selected random number.
A decryption unit for receiving and decrypting the encrypted key and signature to obtain decrypted data, wherein the decrypted data includes the decrypted key sk, the decrypted public key set, the decrypted R and the decrypted hash valuec 1
Hash valuec 1' a calculation unit for calculating a recursive formula based on the decrypted secret key sk, the decrypted public key set and the decrypted Rc i=Hash(sk,r i-1*g+c i-1*Pi-1) Calculating a hash valuec 1’;
A judging unit for judgingHash valuec 1' and decrypted hash valuec 1Whether or not equal.
And the second encrypted information sending unit is used for judging that the decrypted data is legal if the decrypted data is equal to the first encrypted information sending unit, encrypting the decrypted data and sending the encrypted data to the user terminal.
And if the data are not equal, the stopping unit is used for judging that the decrypted data are illegal and stopping the program operation.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. For the system disclosed by the embodiment, the description is relatively simple because the system corresponds to the method disclosed by the embodiment, and the relevant points can be referred to the method part for description.
The principles and embodiments of the present invention have been described herein using specific examples, which are provided only to help understand the method and the core concept of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, the specific embodiments and the application range may be changed. In view of the above, the present disclosure should not be construed as limiting the invention.

Claims (6)

1. A cloud platform key distribution method based on intelligent contracts is characterized by comprising the following steps:
sending a key application to a block chain system through a user terminal;
receiving the key application by a blockchain node in the blockchain system;
randomly selecting a key management module from a cloud computing system through an intelligent contract bound with the block chain nodes to obtain the selected key management module;
generating a key and a signature based on the selected key management module, encrypting the generated key and the signature and then sending the encrypted key and signature to the intelligent contract;
receiving and decrypting the encrypted key and the encrypted signature through the intelligent contract, encrypting the decrypted data and sending the encrypted data to the user terminal;
the generating a key and a signature based on the selected key management module, encrypting the generated key and signature, and sending the encrypted key and signature to the smart contract specifically includes:
according to a recurrence formulac i=Hash(sk,r i-1*g+c i-1*Pi-1) Computing hash valuesc iWhereinc i+1=Hash(sk,r i*g+c i*Pi)=Hash(sk,k*g),c 1=Hash(sk,r n*g+c n*Pn) Sk denotes a key generated by the selected key management module, k denotes a random number, g denotes a generator of an elliptic curve,r ipublic key representing ith key management moduleP iCorresponding random numbers, n representing the number of key management modules,P i=x i*g,x ia private key representing an ith key management module, the ith key management module being the selected key management module;
according to the hash valuec iCalculating a random numberr i
According to the public key set, the random number set R and the hash valuec 1Determining signature information; the public key set PK = { P = { [ P ]1,P2,...,Pi-1,Pi,Pi+1,...Pn},R=R’∪r i,R’={r1,r2,...,ri-1,ri+1,...rn};
And encrypting the key sk and the signature information and then sending the encrypted key sk and signature information to the intelligent contract.
2. The cloud platform key distribution method based on the smart contract according to claim 1, wherein the receiving and decrypting the encrypted key and the signature by the smart contract, and sending the decrypted data to the user terminal after encrypting the decrypted data specifically include:
through the intelligenceThe contract can receive and decrypt the encrypted key and the signature to obtain decrypted data, wherein the decrypted data comprises a decrypted key sk, a decrypted public key set, a decrypted R and a decrypted hash valuec 1
Based on the decrypted secret key sk, the decrypted public key set and the decrypted R, according to a recurrence formulac i=Hash(sk,r i-1*g+c i-1*Pi-1) Calculating a hash valuec 1’;
Determining hash valuesc 1' and decrypted hash valuec 1Whether they are equal;
if yes, judging that the decrypted data is legal, encrypting the decrypted data and then sending the encrypted data to the user terminal;
and if not, judging that the decrypted data is illegal, and stopping program operation.
3. The method for distributing keys to a cloud platform based on smart contracts according to claim 1, wherein the randomly selecting one key management module from a cloud computing system through the smart contracts bound to the block nodes to obtain the selected key management module specifically comprises:
calling a true random number generator through an intelligent contract bound with the block link point to generate a random number, and recording the random number as a selected random number; the random number is selected to correspond to the key management modules one by one;
and obtaining the selected key management module according to the selected random number.
4. A cloud platform key distribution system based on smart contracts, comprising:
the user terminal is used for sending a key application to the block chain system;
a blockchain system for receiving the key application through a blockchain link point;
the intelligent contract is used for randomly selecting a key management module from the cloud computing system to obtain the selected key management module, receiving and decrypting the encrypted key and the encrypted signature, and sending the decrypted data to the user terminal after encrypting; the intelligent contract is bound with the block link point;
the key management module is used for generating a key and a signature, encrypting the generated key and the signature and then sending the encrypted key and the signature to the intelligent contract;
the key management module specifically includes:
hash valuec iA calculation unit for calculating a formula based on recursionc i=Hash(sk,r i-1*g+c i-1*Pi-1) Computing hash valuesc iWhereinc i+1=Hash(sk,r i*g+c i*Pi)=Hash(sk,k*g),c 1=Hash(sk,r n*g+c n*Pn) Sk denotes a key generated by the selected key management module, k denotes a random number, g denotes a generator of an elliptic curve,r ipublic key representing ith key management moduleP iCorresponding random numbers, n representing the number of key management modules,P i=x i*g,x ia private key representing an ith key management module, the ith key management module being the selected key management module;
random numberr iA calculation unit for calculating a hash value based on the hash valuec iCalculating a random numberr i
A signature information determination unit for determining a signature based on the public key set, the random number set R and the hash valuec 1Determining signature information; the public key set PK = { P = { [ P ]1,P2,...,Pi-1,Pi,Pi+1,...Pn},R=R’∪r i,R’={r1,r2,...,ri-1,ri+1,...rn};
And the first encryption information sending unit is used for encrypting the key sk and the signature information and then sending the encrypted key sk and the signature information to the intelligent contract.
5. The cloud platform key distribution system based on smart contracts according to claim 4, wherein the smart contracts specifically include:
a decryption unit, configured to receive and decrypt the encrypted key and signature to obtain decrypted data, where the decrypted data includes the decrypted key sk, the decrypted public key set, the decrypted R, and the decrypted hash valuec 1
Hash valuec 1' a calculation unit for calculating a recursive formula based on the decrypted secret key sk, the decrypted public key set and the decrypted Rc i=Hash(sk,r i-1*g+c i-1*Pi-1) Calculating a hash valuec 1’;
A judging unit for judging the hash valuec 1' and decrypted hash valuec 1Whether they are equal;
the second encrypted information sending unit is used for judging that the decrypted data is legal if the decrypted data is equal to the first encrypted information sending unit, encrypting the decrypted data and sending the encrypted data to the user terminal;
and if the data are not equal, the stopping unit is used for judging that the decrypted data are illegal and stopping program operation.
6. The cloud platform key distribution system based on smart contracts according to claim 4, wherein the smart contracts specifically include:
the selection random number generation unit is used for calling the true random number generator to generate a random number which is recorded as a selection random number; the random number is selected to correspond to the key management modules one by one;
and the key management module selection unit is used for obtaining the selected key management module according to the selected random number.
CN202110910805.XA 2021-08-10 2021-08-10 Cloud platform key distribution method and system based on intelligent contracts Active CN113360937B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110910805.XA CN113360937B (en) 2021-08-10 2021-08-10 Cloud platform key distribution method and system based on intelligent contracts

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110910805.XA CN113360937B (en) 2021-08-10 2021-08-10 Cloud platform key distribution method and system based on intelligent contracts

Publications (2)

Publication Number Publication Date
CN113360937A CN113360937A (en) 2021-09-07
CN113360937B true CN113360937B (en) 2021-11-05

Family

ID=77540821

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110910805.XA Active CN113360937B (en) 2021-08-10 2021-08-10 Cloud platform key distribution method and system based on intelligent contracts

Country Status (1)

Country Link
CN (1) CN113360937B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109040133A (en) * 2018-09-27 2018-12-18 上海点融信息科技有限责任公司 The method, apparatus and storage medium of intelligent contract are installed in block chain network

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10735193B1 (en) * 2017-06-01 2020-08-04 Massachusetts Mutual Life Insurance Company Decentralized encryption and decryption of blockchain data
CN111767557B (en) * 2020-06-22 2021-07-30 王仁义 Data encryption working method based on block chain

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109040133A (en) * 2018-09-27 2018-12-18 上海点融信息科技有限责任公司 The method, apparatus and storage medium of intelligent contract are installed in block chain network

Also Published As

Publication number Publication date
CN113360937A (en) 2021-09-07

Similar Documents

Publication Publication Date Title
CN111371730B (en) Lightweight authentication method supporting anonymous access of heterogeneous terminal in edge computing scene
CN109040045B (en) Cloud storage access control method based on ciphertext policy attribute-based encryption
CN111797427B (en) Blockchain user identity supervision method and system giving consideration to privacy protection
CN111342976B (en) Verifiable ideal on-grid threshold proxy re-encryption method and system
CN105959111A (en) Information security big-data resource access control system based on cloud computing and credible computing
JP2023500570A (en) Digital signature generation using cold wallet
CN113824570B (en) Block chain-based security terminal authentication method and system
CN114036539A (en) Safety auditable Internet of things data sharing system and method based on block chain
CN115883102B (en) Cross-domain identity authentication method and system based on identity credibility and electronic equipment
CN113360944A (en) Dynamic access control system and method for power internet of things
CN111490874B (en) Distribution network safety protection method, system, device and storage medium
CN106850584B (en) Anonymous authentication method facing client/server network
EP2847923A1 (en) Byzantine fault tolerance and threshold coin tossing
CN118555133A (en) Quantum-resistant security enhancement method of transport layer security protocol
CN108809996B (en) Integrity auditing method for duplicate deletion stored data with different popularity
CN111614462A (en) Key calculation method and system based on block chain
Hena et al. A three-tier authentication scheme for kerberized hadoop environment
CN113360937B (en) Cloud platform key distribution method and system based on intelligent contracts
CN114584975B (en) SDN-based anti-quantum satellite network access authentication method
Li et al. Robust and scalable data access control in D2D communications
Saxena et al. Modified identify and broadcast-based encryption scheme to secure cloud
CN114765533A (en) Remote certification method, device and system based on quantum key communication
CN117155692B (en) Smart grid data aggregation method and system based on security mask
Neela et al. A Hybrid Cryptography Technique with Blockchain for Data Integrity and Confidentiality in Cloud Computing
Benrebbouh et al. Enhancing Security and Authentication in IoT-based Energy Internet using Post-Quantum Blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant