CN113364576B - Data encryption evidence storing and sharing method based on block chain - Google Patents

Data encryption evidence storing and sharing method based on block chain Download PDF

Info

Publication number
CN113364576B
CN113364576B CN202110593211.0A CN202110593211A CN113364576B CN 113364576 B CN113364576 B CN 113364576B CN 202110593211 A CN202110593211 A CN 202110593211A CN 113364576 B CN113364576 B CN 113364576B
Authority
CN
China
Prior art keywords
data
algorithm
block chain
encrypted
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110593211.0A
Other languages
Chinese (zh)
Other versions
CN113364576A (en
Inventor
欧阳建权
胡长林
唐欢容
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xiangtan University
Original Assignee
Xiangtan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xiangtan University filed Critical Xiangtan University
Priority to CN202110593211.0A priority Critical patent/CN113364576B/en
Publication of CN113364576A publication Critical patent/CN113364576A/en
Application granted granted Critical
Publication of CN113364576B publication Critical patent/CN113364576B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The invention discloses a data encryption evidence storing and sharing method based on a block chain, belonging to the field of block chain technology application and comprising the following steps: distributing a public and private key pair for a user; the system generates random numbers and stores the random numbers in a segmentation way, and the user encrypted data is uploaded to the storage system; when sharing data, the data requesting party agrees and verifies the creation transaction through the owning party; the data request party downloads the encrypted data to the local, acquires the secret share of the data owner party, and then shares the secret share with the nodes on the chain to form a consensus synthetic random number which is processed as a secret key; the data requestor decrypts the data using the key. The invention encrypts and stores data and simultaneously segments and stores the encryption key, thereby ensuring the data storage safety, recording data and information during data sharing by utilizing the characteristic that a block chain can not be tampered, and keeping trace and evidence to strengthen the safety and controllability of data sharing.

Description

Data encryption evidence storing and sharing method based on block chain
Technical Field
The invention relates to data encryption, storage and sharing, in particular to a block chain-based data encryption, storage and sharing method.
Background
With the rapid development of network applications, the digital era comes and data sharing is in the trend, but traditional data sharing participants are reluctant to share data. The reason is mainly as follows:
data is difficult to authenticate. Data is easily copied during sharing and circulation. If the data cannot be authenticated, the electronic evidence of the producer, the user and the manager who have definite data cannot well realize the accurate authorization of the data, and the sharing and circulation of the data are hindered.
And data safety is difficult to guarantee. Traditional electronic data and data evidence are stored in a self-owned server or a cloud server, and the data evidence is easily damaged in the processes of backup, transmission and the like, so that the evidence is incomplete or damaged. Data and evidence are at risk of being attacked and tampered in the process of being transmitted to the cloud server, and the credibility of electronic evidence is reduced. Most of electronic data are stored in a plaintext mode on cloud storage, even if some data storage parties provide data encryption services, keys for encrypting data are kept by the data storage parties in a centralized mode, once the storage parties use the keys to check user data or reveal the keys, the user privacy data can be easily acquired by the storage parties, and the privacy and the safety of the data cannot be effectively guaranteed.
The blockchain technology has the characteristics of ' unforgeability ', whole-course trace retention ' and the like, and the inventor is inspired by the inventor, utilizes the blockchain technology to prove electronic evidence of data ownership, simultaneously combines a symmetric encryption technology to encrypt user stored data, and utilizes a secret sharing technology to divide and store keys in different nodes, so that the problems that the user encrypts and stores the data, but a storage party keeps a complete data encryption and decryption key, so that a large amount of keys can be leaked or the user data can be viewed privately and the like can be prevented. Therefore, the security problem of the traditional data storage certificate and sharing is perfectly solved.
Disclosure of Invention
The technical problems to be solved by the invention are that data are stored in plain text by the existing cloud storage technology or the privacy of a data user who keeps a complete data encryption and decryption key by a storage party although the data are encrypted and stored can be obtained by the storage party, the owner information of the data can not be recorded in a verification mode, the key can be leaked during data sharing, and the data and the evidence are attacked and tampered in the process of being transmitted to a cloud server.
In order to solve the above problems, the present invention provides a data encryption certificate and sharing method based on block chains, which comprises the following steps:
1) receiving identity information input by people and registering the identity information as users in a block chain system, and generating a public and private key pair for each user by using an SM2 algorithm;
2) the encrypted data time zone block chain system generates a random number to be processed as an encryption key; a user encrypts data to be shared by using an encryption key at a local client by using an AES algorithm or an SM4 algorithm, the formed encrypted data is uploaded to a data storage system, and the data storage system feeds back a storage address and a hash value corresponding to the encrypted data to the user;
3) the random number is partitioned to different nodes for storage by using an Asmuth-Bloom threshold scheme, and the random number is used for restoring after a block chain system triggers a decryption contract and generating an encrypted key after processing;
4) encrypting user identity information by using a user public key by using an SM2 algorithm to obtain encrypted identity information, calculating a hash value of the encrypted identity information by using an SM3 algorithm, and writing a character string consisting of the hash value, the name, the storage address fed back by a data storage system, the general description and the address input when the user uploads data, the encrypted identity information and the hash value of the encrypted identity information into a block chain certificate by using a certificate-storing intelligent contract signature;
5) the data requester sends a signature request to a user with encrypted data to request shared data, if the data owner agrees, transaction shared data is created, a secret share encrypted by a public key of the data requester is recorded through a data sharing intelligent contract and stored in transaction information together with an initial vector, otherwise, a transaction cannot be created;
6) uploading the block chain after the data owner signs the transaction, verifying the transaction correctness by the consensus node by adopting an SM2 signature verification algorithm, and then completing the transaction by the consensus chain, otherwise, invalidating the transaction;
7) the method comprises the steps that a data request party downloads encrypted data from a data storage system to the local, a secret share which is kept by a data owner and generated through an Asmuth-Bloom threshold scheme and all needed initial vectors of an AES algorithm or an SM4 algorithm are obtained, then a self private key of the data request party is used for decryption through an SM2 algorithm, then a decryption contract is used for synthesizing random numbers through t secret shares which are kept by the data owner and t-1 secret shares which are kept by other arbitrary nodes, when a block chain system executes a decryption contract protocol to achieve decryption common identification, the system triggers the decryption contract to recover the random numbers which generate symmetric keys, the random numbers are processed into decryption keys at a local client side, and then the encrypted data are decrypted through the decryption keys and the initial vectors.
Further, the generation modes of all the required initial vectors by using the AES algorithm or the SM4 algorithm are as follows: the sender generates a random number, the SM3 algorithm is used for calculating the hash value of the random number, 128 bits of the first 64 bits and the last 64 bits of the hash value are taken as initial vectors, and a user can store the initial vectors in the local.
Further, the data encrypted in step 2) may be one or more of text, document, PDF, picture.
Further, the user identity information comprises an identification card number and a name.
Further, the step 5) of "agreement of data owner" further comprises the step of authenticating the user with the data owner: collecting the identity card number and the name input by the user of the data owner, encrypting the identity information by using the self public key of the user by adopting an SM2 algorithm, calculating a hash value of the identity information, comparing whether the hash value is consistent with the hash value of the encrypted identity information in the certificate storage information, if so, creating transaction shared data, and inputting a secret share and an initial vector encrypted by using the public key of the data requesting party through a data sharing intelligent contract, otherwise, the transaction is invalid.
Further, the Asmuth-Bloom threshold scheme in the step 3) is specifically as follows:
set P ═ P provided with n users and nodes in the blockchain1,P2,...PnThe threshold value is t, the random number generated by the block chain system is S, a large prime number p (p is more than S) is selected, and n positive integer sequences m are equal to (m is greater than S)1,m2,...mn) The following conditions are satisfied:
(1)m1,m2,m3...mnstrictly increasing the number;
(2)(mi,mj)=1(i≠j)
(3)(mi,p)=1(i=1,2,3,...,n)
(4)
Figure GDA0003684663930000031
wherein (m)i,mj) 1 represents miAnd mjHas a maximum common factor of 1, (m)iWhere p) is 1 denotes miThe greatest common factor with p is 1, and an integer R is selected to satisfy
Figure GDA0003684663930000032
When distributing secret shares, calculate x ═ S + Rp, xi=x(mod mi) (i-1, 2, …, n) and (x)i,mi) Sending to blockchain nodes P as secret sharesi(i ═ 1, 2, … n), where (x)1,m1) The cryptographic data owner has the ability to distribute n-1 secret shares to different nodes in the block chain via a secret-sharing intelligence contract, such that at least t secret shares are known to recover the random number S.
Further, the "system triggers the decryption contract to recover the random number for generating the symmetric key" in step 7), and the algorithm step for recovering the random number S in the decryption contract is performed as follows:
as long as any t secret shares in the Pi nodes are known, the chinese remainder theorem can be applied to solve for x:
y≡x(mod D)
is a simultaneous congruent formula:
y≡x1(mod m1)
y≡x2(mod m2)
...
y≡xt(mod mt)
among them are:
D=m1m2...mt
since D > -N, the above x is uniquely determined;
to apply the Chinese remainder theorem, first:
y1=inv(D/m1,m1)
y2=inv(D/m2,m2)
yt=inv(D/mt,mt)
wherein inv (a, b) ═ c denotes a · c ≡ 1(mod b), thus:
Figure GDA0003684663930000041
finally, the following are calculated: and S-Rp.
Further, the "processing as a decryption key" in step 7) is performed as follows:
(1) calculating a hash value of the random number by using an SM3 algorithm, wherein the hash value is 256 bits, and the output form of the hash value is a 16-system string;
(2) and splicing the 16-system characters of the even-numbered subscripts of the hash value into a 128-bit 16-system string to serve as an encryption key.
Compared with the prior art, the invention has the following beneficial effects: firstly, the data of the uploading storage system is encrypted, the safety of the data can be ensured, and the encrypted data cannot be checked without a corresponding secret key. And secondly, on a plurality of nodes existing after the random number for generating the encrypted data key is segmented, the random number can be obtained only by cooperation of a plurality of nodes, so that the key leakage is prevented from influencing data security. And thirdly, recording the related information of the encrypted data and the identity information of the user by utilizing the characteristic that the block chain can not be tampered, ensuring that the ownership of the user data is clearly marked, and being capable of leaving a trace and storing a certificate and facilitating the right confirmation. Meanwhile, each data sharing is ensured to be operated by the owner of the data sharing, and non-owners cannot share the data sharing, so that the safety and controllability of the data sharing are enhanced. And fourthly, enabling the block chain technology to meet domestic standards and supervision requirements and selecting an algorithm with higher encryption and decryption efficiency and signature verification efficiency.
Drawings
FIG. 1 is an illustration of a flowchart of a method practiced by the present invention.
Fig. 2 is a graphical illustration of the generation of a symmetric encryption key and an initial vector.
FIG. 3 is an illustration of information contained in a deposit certificate.
FIG. 4 is an illustration of information contained in a transaction.
Detailed Description
In order to further disclose the technical scheme of the invention, the following describes exemplary embodiments of the invention in further detail with reference to the attached drawings, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and are not exhaustive of all embodiments. And the embodiments and features of the embodiments in the present description may be combined with each other without conflict.
It is specifically stated that the present invention assumes that a user population has established a cloud storage, blockchain system through existing techniques.
In the cloud computing era, a large amount of user data is stored in the cloud, but data stored in plaintext or data privacy of data with a complete data encryption and decryption key kept by a storage party although encrypted storage exists may be obtained by the storage party, owner information of the data cannot be recorded in a verification mode, so that data owners are difficult to determine the data, the key may be leaked during data sharing, the data and evidence are all subjected to risks of attack and tampering in the process of being transmitted to a cloud server, and the like, and meanwhile, the user data cannot be effectively shared. With the maturity of the block chain technology, the block chain technology has the characteristic of being not falsifiable, so that the block chain technology, the encryption technology and the secret sharing technology are fully utilized, and a data encryption evidence storing and sharing method based on the block chain is provided, and comprises the following steps:
1) receiving identity information input by people and registering the identity information as users in a block chain system, and generating a public and private key pair for each user by using an SM2 algorithm;
2) the encrypted data time zone block chain system generates a random number to be processed as an encryption key; a user encrypts data to be shared by using an encryption key at a local client by using an AES algorithm or an SM4 algorithm, the formed encrypted data is uploaded to a data storage system, and the data storage system feeds back a storage address and a hash value corresponding to the encrypted data to the user;
3) the random number is divided into different nodes for storage by using an Asmuth-Bloom threshold scheme, and the random number is restored after a block chain system triggers a decryption contract and is processed to generate an encrypted key;
4) encrypting user identity information by using a user self public key by adopting an SM2 algorithm to obtain encrypted identity information, calculating a hash value of the encrypted identity information by adopting an SM3 algorithm, and writing a character string consisting of the hash value, a name, a storage address fed back by a data storage system, a general description and an address input when a user uploads data, the encrypted identity information and the hash value of the encrypted identity information into a block chain certificate by using a certificate-storing intelligent contract signature;
5) the data requester sends a signature request to a user with encrypted data to request shared data, if the data owner agrees, transaction shared data is created, otherwise, transaction cannot be created;
6) uploading the block chain after the data owner signs the transaction, verifying the transaction correctness by the consensus node by adopting an SM2 signature verification algorithm, and then completing the transaction by the consensus chain, otherwise, invalidating the transaction;
7) the data request party downloads the encrypted data from the data storage system to the local, the secret share and the initial vector which are kept by the data owner party are obtained and then decrypted by using a self private key, the encrypted data are decrypted by adopting an SM2 algorithm, then the random numbers are synthesized by using 1 secret share which is kept by the data owner party and t-1 secret shares which are kept by any other node to obtain t secret shares through a decryption contract, when the block chain system executes a decryption contract protocol to achieve decryption contract, the system triggers the decryption contract to recover the random numbers which generate the symmetric keys, the random numbers are processed into decryption keys at a local client, and then the encrypted data are decrypted by using the decryption keys and the initial vector.
The generation mode of all required initial vectors by selecting the AES algorithm or the SM4 algorithm is as follows: the sender generates a random number, the SM3 algorithm is used for calculating the hash value of the random number, 128 bits of the first 64 bits and the last 64 bits of the hash value are taken as initial vectors, and a user can store the initial vectors in the local.
The data encrypted in step 2) may be one or more of text, documents, PDF, pictures, etc.
The user identity information comprises an identity card number and a name.
The step 5) of 'agreeing by the data owner' further comprises the step of authenticating the user by the data owner: collecting the identity card number and name input by the user of the data owner, encrypting the identity information by using the self public key of the user by adopting an SM2 algorithm, calculating a hash value, comparing whether the hash value is consistent with the hash value of the encrypted identity information in the certificate storage information, if so, creating transaction shared data, and inputting a secret share and an initial vector encrypted by using the public key of the data requesting party through a data sharing intelligent contract, otherwise, invalidating the transaction.
The specific mode of the Asmuth-Bloom threshold scheme in the step 3) is as follows:
set P ═ P where n users and nodes in the block chain are located1,P2,...PnThe threshold value is t, the random number generated by the block chain system is S, a large prime number p (p is more than S) is selected, and n positive integer sequences m are equal to (m)1,m2,...mn) The following conditions are satisfied:
(1)m1,m2,m3...mnstrictly increasing the number of the steps;
(2)(mi,mj)=1(i≠j)
(3)(mi,p)=1(i=1,2,3,...,n)
(4)
Figure GDA0003684663930000061
wherein (m)i,mj) 1 represents miAnd mjHas a maximum common factor of 1, (m)iWhere p) is 1 denotes miThe greatest common factor with p is 1, and an integer R is selected to satisfy
Figure GDA0003684663930000062
When distributing secret shares, calculate x ═ S + Rp, xi=x(mod mi) (i is 1, 2, …, n) and (x)i,mi) Sending to blockchain nodes P as secret sharesi(i-1, 2, … n) wherein (x)1,m1) The owner of the encrypted data keeps that n-1 secret shares are shared by the secret sharing intelligenceTo different other nodes in the block chain so that at least t secret shares are known to restore the random number S.
Step 7), the system triggers the decryption contract to recover the random number for generating the symmetric key, and the algorithm step for recovering the random number S in the decryption contract is carried out in the following way:
as long as any t secret shares in the Pi nodes are known, the chinese remainder theorem can be applied to solve x:
y≡x(mod D)
is a simultaneous and complementary formula:
y≡x1(mod m1)
y≡x2(mod m2)
y≡xt(mod mt)
among them are:
D=m1m2...mt
since D > -N, x above is uniquely determined;
to apply the Chinese remainder theorem, first:
y1=inv(D/m1,m1)
y2=inv(D/m2,m2)
yt=inv(D/mt,mt)
wherein inv (a, b) ═ c denotes a · c ≡ 1(mod b), thus:
Figure GDA0003684663930000071
finally, the following are calculated: and S-Rp.
The step 7) of processing the decryption key is carried out in the following way:
(1) calculating a hash value of the random number by using an SM3 algorithm, wherein the hash value is 256 bits, and the output form of the hash value is a 16-system string;
(2) and splicing the 16-system characters of the even-numbered subscripts of the hash value into a 128-bit 16-system string to serve as an encrypted key.
The specific embodiment is as follows:
according to an embodiment of the present invention, a method for encrypting, storing and sharing data based on a block chain is provided, the method comprising the following steps:
step 1: assuming that the user group has n users, the block chain system distributes public and private key pairs for the n users.
A public key is a key that an entity can disclose in an asymmetric cryptosystem. The public key in the blockchain can be derived from the private key.
Private key in an asymmetric cryptosystem, the entity itself holds a key that is known only to the entity itself. The private key is the basis for the user to use the account.
The steps of generating the public-private key pair using the SM2 algorithm are as follows:
inputting: one effective Fq, is the set of elliptic curve system parameters over a prime field containing q elements (q ═ p and p is a prime number greater than 3, or q ^ 2 m).
And (3) outputting: a key pair (d, P) associated with elliptic curve system parameters.
a) Generating an integer d ∈ [1, n-2] with a random number generator;
b) g is a base point, and a calculation point P is (xP, yP) is [ d ] G;
the key pair is (d, P), where d is the private key and P is the public key.
The private key is 32 bytes and the public key is 64 bytes.
The system generates a public-private key pair according to the SM2 public key algorithm, then assigns a public-private key pair (P, d) to each user, and for a node using a pair of public and private keys, only the public key can be unlocked by data signed by the private key, and only the private key can be unlocked by data encrypted by the public key.
And 2, step: the user data encryption time zone block chain system generates a random number which is used as an encryption key after being processed, and each user can encrypt data and upload the data to the data storage system and obtain a storage address and a hash value corresponding to the encrypted data. The user encrypts the data by using AES or SM4 algorithm, as shown in fig. 2: the AES and SM4 algorithms both adopt CBC mode, a random number is generated and processed as an initial vector, and the key length used by the algorithms is 128 bits. The block chain system randomly generates a number, then calculates the HASH value of the number by using an SM3 algorithm, takes a 16-system string with the value of 256 bits, namely the length of the string is 64, takes even-numbered characters of the HASH value to splice the 16-system string with the length of 128 bits as a symmetric encryption key, and specifically generates an initial vector by generating a random number, calculating the HASH value of the random number by using the SM3 algorithm, and taking 128 bits of the first 64 bits and the last 64 bits of the HASH value as an initial vector.
Example (a):
and (3) testing environment:
a processor: intel (R) core (TM) i7-4710MQ CPU @2.50Hz memory: 8.00GB operating System: windows 10 software environment: visual Studio Code version 1.48.2
An example of the SM3 cryptographic hash algorithm employed in the hash calculation in the present method is as follows:
input data (summary characters):
“123789”
as a result of the digest, the hash value is 32 bytes in length:
cf8d06642e07db57bbdd883aa554e292bcf36c257edda2ffee244debf68e8dd8
the efficiency of computing a string hash one million times using the SM3 versus SHA256 algorithm is as follows:
TABLE 1
Figure GDA0003684663930000091
Table 1 can see that the SM3 algorithm is equivalent to SHA256 in efficiency, but the SM3 cryptographic hash algorithm has a similar overall structure to SHA-256, but adds a plurality of new design techniques, including 16-step exclusive or operation, message doubleword intervention, P permutation for increasing fast avalanche effect, and the like. The method can effectively avoid high-probability local collision, effectively resist differential analysis of strong collision, linear analysis of weak collision, bit tracking method and other cryptanalysis, has higher safety than SHA-256 algorithm, and can effectively replace the SHA256 algorithm commonly used in the block chain without losing the efficiency of hash calculation of the block chain as much as possible.
Example of specific generation of symmetric key: converting the random number '123456' into a character string, and calculating a 16-system hash string by using an SM3 algorithm: 207cf410532f92a47dee245ce9b11ff71f578ebd763eb3bbea44ebd043d018fb
Taking the key of even-numbered character concatenation of the HASH value:
27f1529a7e25eb1f158b73ba4b0308b
initial vector specific production example: converting the random number '123789' into a character string and processing the character string into an initial vector, and calculating a 16-system hash string by using an SM3 algorithm:
cf8d06642e07db57bbdd883aa554e292bcf36c257edda2ffee244debf68e8dd8
taking 128 bits of the first 64 bits and the last 64 bits of the HASH as initial variables:
cf8d06642e07db57ee244debf68e8dd8
encrypt data instance using symmetric key: data to be encrypted: hello world
The method uses AES or SM4 algorithm to encrypt and decrypt information as follows, and the encryption key, the initial vector and the encrypted data are all 16-system character strings:
key (encryption Key): ca36418f3679ed75bcb212c7495cb46e
IV (initial vector): c8a92010ac950e6e42c0a0bd554fabbc
The SM4 algorithm encrypts data: 7abd42e24a5d272017942bf5af85fae1
The AES algorithm encrypts data: b61a2af2ad9a20e20685f797bddb20f0
The SM3 algorithm was used to calculate the hash value of the SM4 algorithm encrypted data:
76acf94d1e850df6232eae803040add5f0d83cd40d5b3a766a89493eadd7606e
calculating the hash value of the AES algorithm encrypted data by using the SM3 algorithm:
7bf52a33213a0aacaf73ff08f967d469b1fbda98d42e698587fd223a901d0b90
the efficiency pairs for encrypting and decrypting the same string one million times using a common symmetric encryption algorithm are as follows:
Figure GDA0003684663930000101
TABLE 2
Compared with the AES algorithm, the encryption and decryption speed of the RC4 is very fast, the encryption and decryption speed of the 3DES algorithm is medium, and the encryption and decryption efficiency of the SM4 algorithm is the lowest. However, the security performance of RC4 and 3DES is weak, and the RC4 and 3DES are not suitable for encryption of data on a block chain, so that AES or SM4 algorithm can be selected for symmetric encryption. The AES algorithm can be used for the company if the company wants to encrypt and decrypt more efficiently, the SM4 algorithm is adopted for meeting the national standard and the supervision requirement, and improving the safety controllable capability of an industrial information system.
And 3, step 3: the random number is stored in different nodes after being divided, and can be restored only when the random number meets the requirements. The key for encrypting the data is not directly stored in the system after encrypting the data, but random numbers for generating the symmetric key are divided into different nodes for storage by using an Asmuth-Bloom threshold scheme, and n nodes are used as a set P ═ P for storing secret share nodes in a blockchain1,P2,P3,...,PnThe threshold value is t, and the specific mode of using the Asmuth-Bloom threshold scheme is as follows:
the random number generated by the block chain system is S, a large prime number p (p is more than S) is selected, and n positive integer sequences m ═ m1,m2,...mn) The following conditions are satisfied:
(1)m1,m2,m3...mnstrictly increasing the number;
(2)(mi,mj)=1(i≠j)
(3)(mi,p)=1(i=1,2,3,...,n)
(4)
Figure GDA0003684663930000111
wherein (a, b) ═ 1 indicates that the greatest common factor of a and b is 1, and the integer R is selected to satisfy
Figure GDA0003684663930000112
When distributing secret shares, calculate x ═ S + Rp, xi=x(mod mi) (i-1, 2, …, n) and (x)i,mi) Sending to blockchain nodes P as secret sharesi(i-1, 2, … n) wherein (x)1,m1) And the encryption data is sent to the encryption data owner, and the n-1 keys are distributed to the rest nodes. Invoking the decryption contract to recover the random number S requires the cryptographic data owner to provide t secret shares of its own secret shares with other nodes storing secret shares to recover.
The method for reducing the random number S in the decryption contract comprises the following steps:
as long as any t secret shares in the Pi nodes are known, x can be solved by applying the chinese remainder theorem.
y≡x(mod D)
Is a simultaneous and complementary formula:
y≡x1(mod m1)
y≡x2(mod m2)
y≡xt(mod mt)
among them are:
D=mi1mi2...mit
since D > -N, the above x is uniquely determined.
To apply the Chinese remainder theorem, first:
y1=inv(D/m1,m1)
y2=inv(D/m2,m2)
yt=inv(D/mt,mt)
wherein inv (a, b) ═ c denotes a · c ≡ 1(mod b), thus:
Figure GDA0003684663930000121
finally, the following are calculated: and S-Rp.
And 4, step 4: the user encrypts the entered identity information by using the own public key by adopting the SM2 algorithm, wherein the identity information entered by the user comprises the identity card number and the name of the user, and then the SM3 algorithm is used for calculating the hash value of the encrypted identity information. As shown in fig. 3, a character string composed of the hash, the name, the general description, the address of the encrypted data, the address of the user, the encrypted identity information, and the hash of the encrypted identity information is called a certificate-saving intelligent contract, and the certificate is signed and written into the blockchain certificate in a transaction form.
Specifically, the method adopts the SM2 algorithm for encryption and comprises the following specific steps:
let the message to be encrypted be a bit string M, and klen be the bit length of M.
In order to encrypt the plaintext M, the user a as the encryptor should implement the following operation steps:
a1: generating a random number k e [1, n-1] by using a random number generator;
a2: calculating ellipse curve point C1 ═ k ] G ═ x1, y1)
A3: calculating an elliptic curve point S ═ h ] PB, if S is an infinite point, reporting an error and exiting;
a4: calculating the elliptic curve point [ k ] PB ═ (x2, y2),
a5: calculating t ═ KDF (x2| | y2, klen), and if t is an all-0 bit string, returning to a 1;
a6: calculating C2 ═ M ≦ t;
a7: calculate C3 ═ SM3(x2| | M | | | y 2);
a8: output ciphertext C ═ C1| | C2| | | C3
The specific steps of decryption with the SM2 algorithm are as follows:
let klen be the bit length of C2 in the ciphertext.
To decrypt the ciphertext C ═ C1| | C2| | | C3, the user B as the decryptor should implement the following operation steps:
b1: taking out a bit string C1 from C, converting the data type of C1 into a point on an elliptic curve, verifying whether C1 meets an elliptic curve equation, and if not, reporting an error and exiting;
b2: calculating an elliptic curve point S ═ h ] C1, and if S is an infinite point, reporting an error and exiting;
b3: calculating [ dB ] C1 (x2, y2), and converting the data type of coordinates x2 and y2 into a bit string;
b4: calculating t as KDF (x2| | | y2, klen), if t is all 0 bit strings, reporting an error and exiting;
b5: taking out a bit string C2 from C, and calculating M' ═ C2 ^ t;
b6: calculating u ═ SM3(x2| | | M' | | y2), taking out the bit string C3 from C, and if u ≠ C3, then reporting an error and exiting;
b7: the plaintext M' is output.
The method uses SM2 algorithm to encrypt and decrypt information example:
private key:
13406a843e091820fb1d28230f2f4cc322fc916b125866566fe7a240a6b855fb
public key:
04993ab7ab879a676e1a3e84b9cabdd8cddae09a429521b8ca37b18a5c1e6db72d5d983e97c7fb85393e5393b6c9cc6c207d116578b02e67e9bc24d271de933caf
encrypted essential message:
"hello world"
and (3) encrypting the ciphertext:
29a460ae455bf14025f3029fc84e3ee0c6560639e17e5cb4563b8cf7a87e23d844c181c223a27249074998f8540d1a38ce4dec6bf1d7aae47fb40562c221aef19d5e75bb1ca0432c83f04691aeb9895dcc21b8a3fdd7c52cdd02266f1b90cc59026210f85ae148e36835e6
the decrypted information:
"hello world"
and 5: the data requesting party sends a signature request to a user with encrypted data, the data owning party agrees to share the data and needs to verify the identity when establishing the transaction, the transaction can be established only after the verification is successful, and the secret share and the initial vector which are kept are recorded. When creating transaction shared data, the identity card number and name of a processing person need to be verified, the SM2 algorithm is adopted to encrypt identity information by using the own public key of a user and calculate the hash value of the identity information, whether the identity information is consistent with the hash value of the encrypted identity information in the certificate storage information is judged, the transaction shared data can be created if the identity information is consistent with the hash value, a secret share encrypted by using the public key of a data requesting party and an initial vector are recorded through a data sharing intelligent contract and stored in the transaction information, and the data sharing intelligent contract is shown in figure 4.
Step 6: uploading the block chain after the data owner signs the transaction, and identifying the chain after the common identification node verifies the transaction is correct;
digital signatures are data appended to a data unit or the result of a cryptographic transformation performed on a data unit that, when applied normally, provides a service for validating the source of the data, verifying the integrity of the data, and ensuring that the signer cannot repudiate it.
The signature uses the SM2 algorithm when the user creates the transaction. Each transaction is provided with a signature which has an encrypted data party and adopts a private key of the party to use an SM2 algorithm to sign transaction information, when a receiving transaction node receives the transaction information, the public key of a sending party is adopted to verify, the transaction information is used only when the verification is correct, and various kinds of information contained in the transaction information are shown in figure 4.
Compared with the ECDSA commonly used in the SM2 signature and block chain technology, both digital signature algorithms are based on the same elliptic curve (such as prime number domain and binary domain), and their security is based on the difficulty of solving the elliptic curve discrete logarithm problem. The difference is the preprocessing of the signature information. In ECDSA, no processing is performed on the message M to be signed, but in SM2 signature, the preprocessing of the signature information is M ═ ZA | | M, ZA ═ H256(ENTLA | | | IDA | | a | | | b | | | xG | | yG | | xA | | | | yA). H256() is a hash function, here using the SM3 algorithm. It can be seen that the preprocessing of the signature information of the SM2 algorithm must be connected with some user's own information, curve parameters, base point and user's public key information. The extra-computed ZA value is 256 bits in length and is a hash value computed according to the information such as the self ID, the elliptic curve parameters and the self public key pA of the signer, so that the signature has more comprehensive user information, the signature value has stronger effectiveness, and finally the credibility of the signature is improved. In general, the security of SM2 signature and ECDSA is the same level, but slightly higher.
The specific steps of signature using the SM2 algorithm are as follows:
assuming that a message to be signed is M, in order to obtain a digital signature (r, s) of the message M, a user a as a signer should implement the following operation steps:
a1: record ZA ═ H256(ENTLA | | | IDA | | a | | b | | | XG | | | yG | | | xA | | | | yA)
A2: setting M to ZA M;
a3: calculate e ═ SM3(M),
a4: generating a random number k e [1, n-1] by using a random number generator;
a5: calculating the elliptic curve point (x1, y1) ═ k ] G
A6: calculating r ═ (e + x1) modn, and if r ═ 0 or r + k ═ n, returning to A3;
a7: calculating s ═ ((1+ dA) ^ (-1) · (k-r · dA)) mod n, and returning to a3 if s ═ 0;
a8: the data type of r, s is converted into byte string, and the signature of the message M is (r, s).
The specific steps for verifying the signature using the SM2 algorithm are as follows:
in order to verify the received message M ' and its digital signature (r ', s '), the user B as verifier should implement the following operational steps:
b1: checking whether r 'belongs to [1, n-1] or not, and if not, verifying that the r' does not pass;
b2: checking whether s' belongs to [1, n-1] or not, and if not, verifying not to pass;
b3: setting M ═ ZA | | | | M';
b4: calculation of e '═ SM3 (M')
B5: calculating t ═ (r '+ s') mod n, and if t ═ 0, then the verification fails;
b6: calculating an elliptic curve point (x ' 1, y ' 1) ═ s ' ] G + [ t ] PA; calculating R ═ R ═ (e ' + x ' 1) mod n, checking whether R ═ R ' is true, and if true, passing the verification; otherwise, the verification is not passed.
The method uses an example of the SM2 digital signature algorithm:
and (3) generating a public and private key pair:
private key:
13406a843e091820fb1d28230f2f4cc322fc916b125866566fe7a240a6b855fb
public key:
04993ab7ab879a676e1a3e84b9cabdd8cddae09a429521b8ca37b18a5c1e6db72d5d983e97c7fb85393e5393b6c9cc6c207d116578b02e67e9bc24d271de933caf
signature string aaaccc
And (3) signature output:
a796bffc98409fe1afc0758a308cebf76dca9a7022f35122a1888b828fd8c86e337bf325c6b20570687481d3d686313b1dd41d6a21e0e73c0e9e93577773433e
compared with the commonly used ECDSA algorithm, the SM2+ SM3 realizes signature verification and performance comparison as follows:
selecting 256-bit character strings, completing signature verification operation on ECC-256 and SM2+ SM3 algorithms respectively for 10000 times, calculating the time overhead of signature verification, and testing results are as shown in the following table 3:
Figure GDA0003684663930000151
table 3 shows that the SM2 signature verification algorithm has faster execution speed, much less time saving compared with ECDSA, and higher signature verification efficiency.
And 7: the data requesting party downloads the encrypted data from the data storage system to the local, obtains the secret share and the initial vector held by the data owning party, decrypts by using the private key of the data requesting party, adopts an SM2 algorithm for decryption, synthesizes random numbers through a decryption contract, and after the block chain system executes the decryption contract protocol to achieve decryption contract, the system triggers the decryption contract to recover the random numbers for generating the symmetric keys and processes the random numbers into decryption keys. And the data requester decrypts the encrypted data by the decryption key and the initial vector.

Claims (8)

1. A data encryption evidence storing and sharing method based on a block chain is characterized in that: the method comprises the following steps:
1) receiving identity information input by people, registering the identity information as a user in a block chain system, and generating a public and private key pair for each user by using an SM2 algorithm;
2) the encrypted data time zone block chain system generates a random number to be processed as an encryption key; a user encrypts data to be shared by using an encryption key at a local client by adopting an AES (advanced encryption standard) algorithm or an SM4 algorithm, the formed encrypted data is uploaded to a data storage system, and the data storage system feeds back a storage address and a hash value corresponding to the encrypted data to the user;
3) the random number is partitioned to different nodes for storage by using an Asmuth-Bloom threshold scheme, and the random number is used for restoring after a block chain system triggers a decryption contract and generating an encrypted key after processing;
4) encrypting user identity information by using a user public key by using an SM2 algorithm to obtain encrypted identity information, calculating a hash value of the encrypted identity information by using an SM3 algorithm, and writing a character string consisting of the hash value, the name, the storage address fed back by a data storage system, the general description and the address input when the user uploads data, the encrypted identity information and the hash value of the encrypted identity information into a block chain certificate by using a certificate-storing intelligent contract signature;
5) the data requester sends a signature request to a user with encrypted data to request shared data, if the data owner agrees, transaction shared data is created, a secret share encrypted by using a public key of the data requester is input through a data sharing intelligent contract and stored in transaction information together with an initial vector, otherwise, a transaction cannot be created;
6) uploading the block chain after the data owner signs the transaction, verifying that the transaction is correct by the consensus node by adopting an SM2 signature verification algorithm, and then completing the transaction by the consensus chain, otherwise, the transaction is invalid;
7) the data request party downloads encrypted data to the local from the data storage system, after obtaining all required initial vectors of a secret share generated by an Asmuth-Bloom threshold scheme and an AES algorithm or an SM4 algorithm, the secret share is decrypted by using a self private key of the data request party, the random number is decrypted by adopting an SM2 algorithm, then the random number is synthesized by a decryption contract by using 1 secret share kept by the data owner and t-1 secret shares kept by other arbitrary nodes to share t secret shares, after the block chain system executes a decryption consensus protocol to achieve decryption consensus, the system triggers the decryption contract to recover the random number for generating the symmetric key, the random number is processed as a decryption key at a local client, and then the encrypted data is decrypted by using the decryption key and the initial vectors.
2. The method for encrypted data storage and sharing based on block chain as claimed in claim 1, wherein: the generation mode of all required initial vectors by selecting the AES algorithm or the SM4 algorithm is as follows: the sender generates a random number, the SM3 algorithm is used for calculating the hash value of the random number, 128 bits of the first 64 bits and the last 64 bits of the hash value are taken as initial vectors, and a user can store the initial vectors in the local.
3. The method according to claim 1, wherein the method for encrypting, storing and sharing data based on block chain comprises: the data encrypted in step 2) may be one or more of a document, PDF, picture.
4. The method for encrypted data storage and sharing based on block chain as claimed in claim 1, wherein: the user identity information comprises an identity card number and a name.
5. The method according to claim 1, wherein the method for encrypting, storing and sharing data based on block chain comprises: the step 5) of 'agreement of data owner' further comprises the step of authenticating the user with the data owner: collecting the identity card number and name input by the user of the data owner, encrypting the identity information by using the self public key of the user by adopting an SM2 algorithm, calculating a hash value, comparing whether the hash value is consistent with the hash value of the encrypted identity information in the certificate storage information, if so, creating transaction shared data, and inputting a secret share and an initial vector encrypted by using the public key of the data requesting party through a data sharing intelligent contract, otherwise, invalidating the transaction.
6. The method according to claim 1, wherein the method for encrypting, storing and sharing data based on block chain comprises: the Asmuth-Bloom threshold scheme in the step 3) has the specific mode as follows:
set P ═ P provided with n users and nodes in the blockchain1,P2,...PnThe threshold value is t, the random number generated by the block chain system is S, a large prime number p (p is more than S) is selected, and n positive integer sequences m are equal to (m is greater than S)1,m2,...mn) The following conditions are satisfied:
(1)m1,m2,m3...mnstrictly increasing the number;
(2)(mi,mj)=1(i≠j,i=1,2,3,...,n,j=1,2,3,...,n)
(3)(mi,p)=1(i=1,2,3,...,n)
(4)
Figure FDA0003684663920000021
wherein the maximum common factor of the expression AND is 1, (m)iWherein p) 1 represents miThe greatest common factor with p is 1, and an integer R is selected to satisfy
Figure FDA0003684663920000022
When distributing secret shares, calculate x ═ S + Rp, xi=x(mod mi) (i-1, 2, …, n) and (x)i,mi) Sending to blockchain node P as secret sharesi(i ═ 1, 2, … n), where (x)1,m1) The cryptographic data owner has the ability to distribute n-1 secret shares to different nodes in the block chain via a secret-sharing intelligence contract, such that at least t secret shares are known to recover the random number S.
7. The method according to claim 6, wherein the method for encrypted storage and sharing of data based on blockchain comprises: step 7), the system triggers the decryption contract to recover the random number for generating the symmetric key, and the algorithm step for recovering the random number S in the decryption contract is carried out in the following way:
as long as any t secret shares in the Pi nodes are known, the chinese remainder theorem can be applied to solve x:
y≡x(mod D)
is a simultaneous congruent formula:
y≡x1(mod m1)
y≡x2(mod m2)
...
y≡xt(mod mt)
among them are:
D=m1m2...mt
since D > -N, the above x is uniquely determined;
to apply the Chinese remainder theorem, first:
y1=inv(D/m1,m1)
y2=inv(D/m2,m2)
...
yt=inv(D/mt,mt)
wherein inv (a, b) ═ c denotes a · c ≡ 1(modb), thus:
Figure FDA0003684663920000031
finally, the following are calculated: S-Rp.
8. The method according to claim 7, wherein the method for encrypted data storage and sharing based on block chain comprises: the step 7) of processing the decryption key is performed in the following way:
(1) calculating a hash value of the random number by using an SM3 algorithm, wherein the hash value is 256 bits, and the output form of the hash value is a 16-system string;
(2) and splicing the 16-system characters of the even-numbered subscripts of the hash value into a 128-bit 16-system string to serve as an encryption key.
CN202110593211.0A 2021-05-28 2021-05-28 Data encryption evidence storing and sharing method based on block chain Active CN113364576B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110593211.0A CN113364576B (en) 2021-05-28 2021-05-28 Data encryption evidence storing and sharing method based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110593211.0A CN113364576B (en) 2021-05-28 2021-05-28 Data encryption evidence storing and sharing method based on block chain

Publications (2)

Publication Number Publication Date
CN113364576A CN113364576A (en) 2021-09-07
CN113364576B true CN113364576B (en) 2022-07-22

Family

ID=77528086

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110593211.0A Active CN113364576B (en) 2021-05-28 2021-05-28 Data encryption evidence storing and sharing method based on block chain

Country Status (1)

Country Link
CN (1) CN113364576B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114205809A (en) * 2021-11-12 2022-03-18 天津大学 Unmanned ship ad hoc network method based on block chain
CN114143055B (en) * 2021-11-24 2023-12-01 国网江苏省电力有限公司营销服务中心 Block chain-based data distribution method and trusted traceability method
CN114553582A (en) * 2022-03-02 2022-05-27 安徽师范大学 Electronic medical record sharing method based on national cryptographic algorithm and IPFS
CN114338047A (en) * 2022-03-08 2022-04-12 科大天工智能装备技术(天津)有限公司 Block chain industrial data encryption method and device based on state cipher and storage medium
CN114614991B (en) * 2022-03-11 2023-12-26 国网浙江省电力有限公司电力科学研究院 Block chain automatic settlement method and system suitable for small micro-load aggregate response
CN115037540A (en) * 2022-06-07 2022-09-09 中移(杭州)信息技术有限公司 Intelligent household data secrecy method, system, device and medium based on block chain
CN115277716A (en) * 2022-06-21 2022-11-01 芯安微众(上海)微电子技术有限公司 Vehicle networking terminal supporting block chain
CN115208656B (en) * 2022-07-12 2023-07-25 浪潮工创(山东)供应链科技有限公司 Supply chain data sharing method and system based on blockchain and authority management
CN115767515B (en) * 2022-10-28 2023-07-14 广州声博士声学技术有限公司 Encryption sharing method and system for base station-free real-time noise big data
CN117097476B (en) * 2023-10-19 2024-01-26 浪潮云洲工业互联网有限公司 Data processing method, equipment and medium based on industrial Internet
CN117314430B (en) * 2023-11-22 2024-03-01 山东同其万疆科技创新有限公司 Payment data monitoring method

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108809652A (en) * 2018-05-21 2018-11-13 安徽航天信息有限公司 A kind of block chain encryption account book based on privacy sharing
CN111277412A (en) * 2020-02-18 2020-06-12 暨南大学 Data security sharing system and method based on block chain key distribution

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB201705621D0 (en) * 2017-04-07 2017-05-24 Nchain Holdings Ltd Computer-implemented system and method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108809652A (en) * 2018-05-21 2018-11-13 安徽航天信息有限公司 A kind of block chain encryption account book based on privacy sharing
CN111277412A (en) * 2020-02-18 2020-06-12 暨南大学 Data security sharing system and method based on block chain key distribution

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
可验证的Asmuth-Bloom秘密共享方案;于洋等;《哈尔滨师范大学自然科学学报》;20120630;全文 *
基于SM2与RSA签密的秘密共享方案;韩宝杰等;《通信技术》;20200831;全文 *

Also Published As

Publication number Publication date
CN113364576A (en) 2021-09-07

Similar Documents

Publication Publication Date Title
CN113364576B (en) Data encryption evidence storing and sharing method based on block chain
US11936774B2 (en) Determining a common secret for the secure exchange of information and hierarchical, deterministic cryptographic keys
WO2021042685A1 (en) Transaction method, device, and system employing blockchain
EP4007983A1 (en) Systems and methods for generating signatures
CN111130757A (en) Multi-cloud CP-ABE access control method based on block chain
US20230224147A1 (en) Generating shared private keys
CN113711564A (en) Computer-implemented method and system for encrypting data
CN116830523A (en) threshold key exchange
CN110740034B (en) Method and system for generating QKD network authentication key based on alliance chain
CN110519040B (en) Anti-quantum computation digital signature method and system based on identity
WO2023072502A1 (en) Generating shared keys
WO2023016729A1 (en) Generating digital signature shares
TW202318833A (en) Threshold signature scheme
CN117240479B (en) Multiparty quantum signature method, multiparty quantum signature device, computer equipment and storage medium
CN114760072B (en) Signature and signature verification method, device and storage medium
CN113141249B (en) Threshold decryption method, system and readable storage medium
JP4000899B2 (en) Cryptographic method with authentication, decryption method and device with authentication, program, and computer-readable recording medium
WO2023143880A1 (en) Generating shared private keys
CN113362065A (en) Online signature transaction implementation method based on distributed private key
WO2023036534A1 (en) Generating shared cryptographic keys
Lou et al. Quantum Circuit-Based Proxy Blind Signatures: A Novel Approach and Experimental Evaluation on the IBM Quantum Cloud Platform
CN117837127A (en) Generating digital signatures
Zou et al. CertOracle: Enabling Long-term Self-Sovereign Certificates with Blockchain Oracles
CN116886290A (en) Identity-based matching encryption method for post quantum security
KR20240045231A (en) Creation of digitally signed shares

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant