CN114024776A - Encryption transmission method and system supporting timing decryption - Google Patents

Encryption transmission method and system supporting timing decryption Download PDF

Info

Publication number
CN114024776A
CN114024776A CN202210002824.7A CN202210002824A CN114024776A CN 114024776 A CN114024776 A CN 114024776A CN 202210002824 A CN202210002824 A CN 202210002824A CN 114024776 A CN114024776 A CN 114024776A
Authority
CN
China
Prior art keywords
terminal device
time
verification
decryption
related part
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210002824.7A
Other languages
Chinese (zh)
Inventor
蒋芃
仇保琪
祝烈煌
徐蕾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Institute of Technology BIT
Original Assignee
Beijing Institute of Technology BIT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Institute of Technology BIT filed Critical Beijing Institute of Technology BIT
Priority to CN202210002824.7A priority Critical patent/CN114024776A/en
Publication of CN114024776A publication Critical patent/CN114024776A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/062Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys

Abstract

The present disclosure provides an encryption transmission method and system supporting timing decryption, including: the first terminal device obtains the decryption time, the plaintext and the public key of the second terminal device, constructs a ciphertext comprising a verification related part, a time related part and a plaintext related part according to the data, and respectively sends the verification related part, the time related part and the plaintext related part to the block chain network, the data storage server and the second terminal device; the block chain network verifies the relevant part of the verification and sends the verification passing result to the data storage server in the decryption time; the data storage server responds to the received verification passing result and sends the time-related part to the second terminal equipment; and the second terminal equipment obtains the decryption time according to the time-related part and obtains the plaintext through decryption. The method and the device can reduce the possibility that the transmitted encrypted data is decrypted in advance, and meanwhile, the privacy of decryption time is protected.

Description

Encryption transmission method and system supporting timing decryption
Technical Field
The present disclosure relates to the field of data encryption transmission technologies, and in particular, to an encryption transmission method and system supporting timing decryption.
Background
This section is intended to provide a background or context to the embodiments of the disclosure recited in the claims. The description herein is not admitted to be prior art by inclusion in this section.
In the internet, in order to protect the privacy of data, some data is usually encrypted and then uploaded, so that the data is transmitted in the internet in a ciphertext form and is decrypted and used by an authorized user.
However, in some pre-sale or trusted application events, the data often needs to be decrypted at some future point in time, i.e. the encrypted data is transmitted and then decrypted only after reaching some future point in time. The encrypted data transmitted in the existing encrypted transmission scheme has a high possibility of being decrypted in advance.
Disclosure of Invention
In view of the above, the present disclosure provides an encryption transmission method and system supporting timing decryption.
In view of the above, the present disclosure provides an encryption transmission method supporting timing decryption, which is implemented by an encryption transmission system supporting timing decryption, wherein the encryption transmission system supporting timing decryption includes a first terminal device, a second terminal device, a data storage server, and a block chain network;
the method comprises the following steps:
the first terminal device obtains decryption time, a plaintext and an identity of the second terminal device, obtains a public key of the second terminal device according to the identity of the second terminal device, constructs a ciphertext including a verification related part, a time related part and a plaintext related part according to the decryption time, the plaintext and the public key of the second terminal device, sends the verification related part to the block chain network, sends the time related part to the data storage server, and sends the plaintext related part to the second terminal device;
the block chain network verifies the relevant part of the verification and sends a verification passing result to the data storage server in the decryption time;
the data storage server sends the time-dependent portion to the second terminal device in response to receiving the verification pass result;
and the second terminal equipment obtains the decryption time according to the time-related part and decrypts the plaintext-related part by using the decryption time and a private key of the second terminal equipment to obtain the plaintext.
In some exemplary embodiments, the first terminal device is any terminal device that transmits data, and the second terminal device is any terminal device that receives data.
In some exemplary embodiments, the obtaining, by the first terminal device, the public key of the second terminal device according to the identity of the second terminal device specifically includes:
and the first terminal device takes the identity of the second terminal device as a public key of the second terminal device.
In some exemplary embodiments, the constructing, by the first terminal device, a ciphertext according to the decryption time, the plaintext, and the public key of the second terminal device specifically includes:
the first terminal device constructs the verification related part according to the decryption time;
the first terminal device constructs the time-related part according to the public key of the second terminal device and the decryption time;
and the first terminal equipment constructs the plaintext related part according to the public key of the second terminal equipment, the decryption time and the plaintext.
In some exemplary embodiments, the verifying the verification-related part by the blockchain network, and sending a verification passing result to the data storage server at the decryption time specifically includes:
the block chain network selects a node in the block chain network to verify the verification related part to obtain a verification result;
the blockchain network sends a verification pass result to the data storage server at the decryption time in response to determining that the verification result is the verification pass result.
Based on the same inventive concept, the present disclosure also provides an encryption transmission system supporting timing decryption, comprising:
the system comprises a first terminal device, a second terminal device, a data storage server and a blockchain network;
the first terminal device configured to: acquiring decryption time, plaintext and an identity of the second terminal device, acquiring a public key of the second terminal device according to the identity of the second terminal device, constructing a ciphertext including a verification related part, a time related part and a plaintext related part according to the decryption time, the plaintext and the public key of the second terminal device, transmitting the verification related part to the block chain network, transmitting the time related part to the data storage server, and transmitting the plaintext related part to the second terminal device;
the blockchain network configured to: verifying the relevant verification part, and sending a verification passing result to the data storage server in the decryption time;
the data storage server configured to: in response to receiving the verification pass result, sending the time-dependent portion to the second terminal device;
the second terminal device configured to: and obtaining the decryption time according to the time-related part, and decrypting the plaintext-related part by using the decryption time and a private key of the second terminal device to obtain the plaintext.
In some exemplary embodiments, the first terminal device is any terminal device that transmits data, and the second terminal device is any terminal device that receives data.
In some exemplary embodiments, the first terminal device is specifically configured to:
and taking the identity of the second terminal device as a public key of the second terminal device.
In some exemplary embodiments, the first terminal device is specifically configured to:
constructing the verification-related part according to the decryption time;
constructing the time-dependent part according to the public key of the second terminal device and the decryption time;
and constructing the plaintext related part according to the public key of the second terminal device, the decryption time and the plaintext.
In some exemplary embodiments, the blockchain network is specifically configured to:
selecting a node in the block chain network to verify the verification related part to obtain a verification result;
and in response to determining that the verification result is the verification pass result, sending the verification pass result to the data storage server at the decryption time.
As can be seen from the foregoing, the encryption transmission method and system supporting timed decryption provided by the present disclosure include: the method comprises the steps that a first terminal device obtains decryption time, a plaintext and an identity of a second terminal device, a public key of the second terminal device is obtained according to the identity of the second terminal device, a ciphertext comprising a verification related part, a time related part and a plaintext related part is constructed according to the decryption time, the plaintext and the public key of the second terminal device, the verification related part is sent to a block chain network, the time related part is sent to a data storage server, and the plaintext related part is sent to the second terminal device; the block chain network verifies the relevant part of the verification and sends the verification passing result to the data storage server in the decryption time; the data storage server responds to the received verification passing result and sends the time-related part to the second terminal equipment; and the second terminal equipment obtains decryption time according to the time-related part and decrypts the plaintext-related part by using the decryption time and a private key of the second terminal equipment to obtain the plaintext. The method and the device can reduce the possibility that the transmitted encrypted data is decrypted in advance, and meanwhile, the privacy of decryption time is protected.
Drawings
In order to more clearly illustrate the technical solutions in the present disclosure or related technologies, the drawings needed to be used in the description of the embodiments or related technologies are briefly introduced below, and it is obvious that the drawings in the following description are only embodiments of the present disclosure, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a schematic diagram of an application scenario provided in accordance with an embodiment of the present disclosure;
fig. 2 is a schematic flowchart of an encryption transmission method supporting timed decryption according to an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of a blockchain network provided in accordance with an embodiment of the present disclosure;
FIG. 4 is a schematic illustration of time costs provided according to an embodiment of the present disclosure;
FIG. 5 is a schematic diagram of gas cost on a private chain provided in accordance with an embodiment of the present disclosure;
FIG. 6 is a schematic illustration of the gas cost of a test chain Rinkeby provided in accordance with an embodiment of the present disclosure;
fig. 7 is a schematic structural diagram of an encryption transmission system supporting timed decryption according to an embodiment of the present disclosure.
Detailed Description
For the purpose of promoting a better understanding of the objects, aspects and advantages of the present disclosure, reference is made to the following detailed description taken in conjunction with the accompanying drawings.
It is to be noted that technical terms or scientific terms used in the embodiments of the present disclosure should have a general meaning as understood by those having ordinary skill in the art to which the present disclosure belongs, unless otherwise defined. The use of "first," "second," and similar terms in the embodiments of the disclosure is not intended to indicate any order, quantity, or importance, but rather to distinguish one element from another. The word "comprising" or "comprises", and the like, means that the element or item listed before the word covers the element or item listed after the word and its equivalents, but does not exclude other elements or items. The terms "connected" or "coupled" and the like are not restricted to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", and the like are used merely to indicate relative positional relationships, and when the absolute position of the object being described is changed, the relative positional relationships may also be changed accordingly.
Summary of The Invention
As described in the background section, in the encrypted transmission scheme in the related art, the possibility that the transmitted encrypted data is decrypted in advance is high.
The inventor of the present disclosure finds that there are two schemes for implementing timing decryption in the related art, one of which relies on time-dependent computational problems; the other is relying on a trusted third party. In the former scheme, the user needs to spend a certain amount of computing time to solve a computing problem, and data that can be decrypted can be acquired when the problem is solved. However, this method is strongly dependent on the computing power of the user, and if the computing power of the user's machine is strong, this problem is solved before the appointed time, resulting in ciphertext leakage. The latter method is based on the assumption that the third party is strongly reliable and credible, and the decryption private key is sent by the third party on time. This approach is unreliable, a fully honest and reliable third party does not exist, and once a trusted third party crashes, the entire system crashes. Both of the above mentioned approaches are limited by their unreliability and do not guarantee that the transmitted encrypted data will not be decrypted in advance.
In addition, the scheme for realizing the timing decryption in the related art cannot ensure that the decryption time is not leaked, and in many cases, the decryption time is public, so that all users in the system or in the network can know the time agreed by both parties. This also limits its application in some cases where time privacy is a concern, such as some time data privacy subscription applications. In some subscription applications for a specific object, a publisher may wish to provide some special subscription content to the specific object, only allowing the specific object subscriber time to obtain a pre-sale. In this case, other non-object-specific applications may also acquire/purchase special subscriptions once the pre-sale time is compromised, which obviously compromises the interest of the specific object.
In order to solve the above problem, the present disclosure provides an encryption transmission scheme supporting timing decryption, which specifically includes: the first terminal equipment acquires the decryption time, the plaintext and the identity of the second terminal equipment, acquires the public key of the second terminal equipment according to the identity of the second terminal equipment, constructs a ciphertext comprising a verification related part, a time related part and a plaintext related part according to the decryption time, the plaintext and the public key of the second terminal equipment, sends the verification related part to the block chain network, sends the time related part to the data storage server and sends the plaintext related part to the second terminal equipment; the block chain network verifies the relevant part of the verification and sends the verification passing result to the data storage server in the decryption time; the data storage server responds to the received verification passing result and sends the time-related part to the second terminal equipment; and the second terminal equipment obtains decryption time according to the time-related part and decrypts the plaintext-related part by using the decryption time and a private key of the second terminal equipment to obtain the plaintext.
Having described the general principles of the present disclosure, various non-limiting embodiments of the present disclosure are described in detail below.
Application scene overview
Fig. 1 is a schematic view of an application scenario of an encryption transmission method supporting timing decryption according to an embodiment of the present disclosure. The application scenario includes terminal device 1011, terminal device 1012, data storage server 102, and blockchain network 103. The terminal equipment 1011, the terminal equipment 1012, the data storage server 102 and the block chain network 103 may be connected through a wired or wireless communication network. The terminal devices 1011 and 1012 include, but are not limited to, desktop computers, mobile phones, mobile computers, tablet computers, media players, smart wearable devices, Personal Digital Assistants (PDAs), or other electronic devices capable of implementing the above-described functions. The data storage server 102 and the blockchain network 103 may be independent physical servers, may also be a server cluster or a distributed system formed by a plurality of physical servers, and may also be cloud servers providing basic cloud computing services such as cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDNs, and big data and artificial intelligence platforms.
The first terminal device 1011 is configured to obtain the decryption time, the plaintext, and the identifier of the second terminal device 1012, obtain the public key of the second terminal device 1012 according to the identifier of the second terminal device 1012, and construct a ciphertext according to the decryption time, the plaintext, and the public key of the second terminal device 1012, where the ciphertext includes a verification related part, a time related part, and a plaintext related part; the first terminal device 1011 is further arranged to send the authentication related part to the blockchain network 103, the time related part to the data storage server 102 and the clear text related part to the second terminal device 1012. The blockchain network 103 verifies the verification-related part and transmits the verification-passed result to the data storage server 102 at the decryption time. The data storage server 102 transmits the time-dependent portion to the second terminal device 1012 in response to receiving the verification pass result. The second terminal device 1012 obtains the decryption time from the time-dependent portion, and decrypts the plaintext-dependent portion using the decryption time and the private key of the second terminal device to obtain the plaintext.
An encrypted transmission scheme supporting timed decryption according to an exemplary embodiment of the present disclosure is described below in conjunction with the application scenario of fig. 1. It should be noted that the above application scenarios are merely illustrated for the convenience of understanding the spirit and principles of the present disclosure, and the embodiments of the present disclosure are not limited in this respect. Rather, embodiments of the present disclosure may be applied to any scenario where applicable.
Exemplary method
Referring to fig. 2, it is a schematic flowchart of an encryption transmission method supporting timed decryption according to an embodiment of the present disclosure.
The encryption transmission method supporting the timing decryption is realized through an encryption transmission system supporting the timing decryption, and the encryption transmission system supporting the timing decryption comprises a first terminal device, a second terminal device, a data storage server and a block chain network.
In some exemplary embodiments, the first terminal device is any terminal device that transmits data, and the second terminal device is any terminal device that receives data.
In specific implementation, there are a plurality of terminal devices, where any terminal device may be regarded as a first terminal device when sending data, and may be regarded as a second terminal device when receiving data, that is, for any terminal device, it may be both a first terminal device and a second terminal device.
The encryption transmission method supporting the timing decryption comprises the following steps:
step S210, the first terminal device obtains the decryption time, the plaintext, and the identifier of the second terminal device, obtains the public key of the second terminal device according to the identifier of the second terminal device, constructs a ciphertext including the verification related portion, the time related portion, and the plaintext related portion according to the decryption time, the plaintext, and the public key of the second terminal device, and sends the verification related portion to the block chain network, the time related portion to the data storage server, and the plaintext related portion to the second terminal device.
The second terminal device is designated by the first terminal device, and the first terminal device may designate any one or more terminal devices as the second terminal device.
The decryption time is the time for the second terminal device, which is set by the first terminal device, to decrypt the ciphertext to obtain the plaintext.
In some exemplary embodiments, when implementing the encryption transmission method supporting timing decryption for the first time, it is necessary to initialize the encryption transmission system supporting timing decryption first to generate system parameters for encryption, which specifically includes:
generating system parametersG,GTG, p, e: wherein G and GTIs a group of order p, p being the large prime number, G being the generator of group G, e being the bilinear pair (e: GXG → G)T)。
Three hash functions are simultaneously selected: h1:{0,1}*→G,H2:GT→{0,1}n,H3:{0,1}*→Zp
Generating a master public key and a master private key: randomly selecting a number alpha epsilon ZpAs the master private key, the master private key is a random number in a finite field. Master public key g1=gα
The parameters are automatically generated by the system and are related to the different selected libraries.
In some exemplary embodiments, the selected library includes: elliptic curve y2=x3The + x points form a group G, the bilinear pairings are Type a pairings in the Pbc library, and the security parameter θ =1024 bits.
In some exemplary embodiments, obtaining the public key of the second terminal device according to the identity of the second terminal device includes:
and taking the identity of the second terminal equipment as the public key of the second terminal equipment.
As an example, for any terminal device, its public key is the Identity (ID) of the terminal device; its private key dID=H1(ID)α. Wherein ID ∈ {0,1 }.
In some exemplary embodiments, any terminal device discloses its public key to other terminal devices. Any terminal device keeps its private key locally unpublished.
In some exemplary embodiments, constructing the ciphertext according to the decryption time, the plaintext and the public key of the second terminal device includes:
according to the decryption time, constructing a verification related part:
calculating C0= g t
Wherein, C0Indicating the authentication-related part and t the decryption time.
And constructing a time correlation part according to the public key and the decryption time of the second terminal device:
selecting a random number r*∈ZpCalculating C1=g r*
Calculating C2=H2(e(H1(ID),g1) r*)⊕t。
Wherein, C1、C2Representing the time dependent portion and t representing the decryption time.
And constructing a plaintext relevant part according to the public key, the decryption time and the plaintext of the second terminal device:
selecting a random number r epsilon ZpCalculating C3=g r
Computing
Figure 79571DEST_PATH_IMAGE001
Wherein, C3、C4Representing the relevant part of the plaintext and m representing the plaintext.
And constructing a ciphertext according to the verification relevant part, the time relevant part and the plaintext relevant part:
CT=( C0, C1, C2, C3, C4)。
where CT denotes ciphertext.
According to the method and the device, the encrypted decryption time is associated with the encrypted data content, and when the decryption time is verified, the verification can be performed only through the encrypted decryption time, so that the privacy of the decryption time is protected to a greater extent, and a more flexible time strategy can be provided.
In some exemplary embodiments, the first terminal device will C0Sending to block chain network, and sending C1And C2Sending to a data storage server, and sending C3And C4Is sent to the second terminal device and,
step S220, the blockchain network verifies the verification-related part, and sends the verification-passed result to the data storage server at the decryption time.
In some exemplary embodiments, the verifying the verification-related part by the blockchain network, and sending the verification-passed result to the data storage server at the decryption time specifically includes:
selecting a node in the block chain network to verify the verification related part by the block chain network to obtain a verification result;
and the block chain network responds to the verification result which is determined to be a verification passing result, and sends the verification passing result to the data storage server at the decryption time.
The block chain technology has the characteristics of transparency, non-tamper property, openness and the like, compared with a timing decryption scheme depending on a trusted third party, the problems of single-point failure, non-trust of the trusted third party and the like can be avoided, meanwhile, the instability of the timing decryption scheme depending on a calculation problem can be avoided, and the timing decryption of the method is more reliable and reliable.
Step S230, the data storage server sends the time-dependent portion to the second terminal device in response to receiving the verification pass result.
When the appointed decryption time is up, the block chain network returns a verification passing result, and the data storage server stores the result C1And C2And sending the data to the second terminal equipment.
The terminal equipment does not directly interact with the blockchain network, so that the nodes in the blockchain network cannot acquire information related to the user, and identity privacy of the user is better protected.
And step S240, the second terminal device obtains decryption time according to the time-related part, and decrypts the plaintext-related part by using the decryption time and a private key of the second terminal device to obtain the plaintext.
In some exemplary embodiments, the method specifically includes:
calculation of t = H2(e(C1, dID) r*)⊕C2
Computing
Figure 652504DEST_PATH_IMAGE002
Where m represents the plaintext.
As can be seen from the above description, the present disclosure provides an encrypted transmission method supporting timed decryption, including: the method comprises the steps that a first terminal device obtains decryption time, a plaintext and an identity of a second terminal device, a public key of the second terminal device is obtained according to the identity of the second terminal device, a ciphertext comprising a verification related part, a time related part and a plaintext related part is constructed according to the decryption time, the plaintext and the public key of the second terminal device, the verification related part is sent to a block chain network, the time related part is sent to a data storage server, and the plaintext related part is sent to the second terminal device; the block chain network verifies the relevant part of the verification and sends the verification passing result to the data storage server in the decryption time; the data storage server responds to the received verification passing result and sends the time-related part to the second terminal equipment; and the second terminal equipment obtains decryption time according to the time-related part and decrypts the plaintext-related part by using the decryption time and a private key of the second terminal equipment to obtain the plaintext. The method and the device can reduce the possibility that the transmitted encrypted data is decrypted in advance, and meanwhile, the privacy of decryption time is protected.
According to the method and the device, the encrypted decryption time is associated with the encrypted data content, and when the decryption time is verified, the verification can be performed only through the encrypted decryption time, so that the privacy of the decryption time is protected to a greater extent, and a more flexible time strategy can be provided.
According to the method, whether the current time reaches the decryption time is verified through the block chain network, the block chain technology has the characteristics of transparency, tamper resistance, openness and the like, compared with a timing decryption scheme depending on a trusted third party, the method has the advantages that the problems of single-point failure, the non-credibility of the trusted third party and the like do not occur, meanwhile, the instability of the timing decryption scheme depending on the calculation problem is avoided, and the timing decryption is more reliable and reliable.
The terminal equipment does not directly interact with the blockchain network, so that the nodes in the blockchain network cannot acquire information related to the user, and identity privacy of the user is better protected.
Reference is made to fig. 3, which is a schematic structural diagram of a block chain network provided according to an embodiment of the present disclosure.
The present disclosure verifies whether the current time reaches the decryption time through a blockchain network, which will be described below in the exemplary embodiments of the present disclosure. In an exemplary embodiment of the present disclosure, the intelligent contract mechanism of the blockchain network is as follows:
in the first stage, nodes in the block chain network call a registration interface of the intelligent contract and register as a service providing node by offsetting the redemption in the intelligent contract.
Each node in the block chain participates in an intelligent contract, provides time verification service, earns certain cost from the time verification service, and mainly comprises the following processes: node PiIf it is desired to earn a reward by providing a timed release service, a guarantee amount dp must be securediSimultaneously transmit its working time TwpiWhere a deposit is used to penalize misbehaviour of a node, i.e. if the node provides a wrong answer, its deposit will be lost. Mortgage dpiAnd TwpiRecorded in the smart contract SC, where the SC is a trusted intermediary because it is the protocol that each entity in the blockchain must follow. A node sends its collateral, address identification and its working time to join the intelligent contract SC.
In order to manage the registration information, a registration record table exists in the SC. Register record form by mortgage dpiWorking time TwpiNode AddpiAddress identification, honesty flag HfpiAnd (4) forming. Hf (hafnium)piInitially set to "1", once node P is establishediIf the Hf is reported as a dishonest nodepiSet to "0" and each time a node successfully completes service, Hfpi+1. In addition, the collateral dpiIs dynamic in the contract SC so that the mortgage varies with the compensation rv. In particular, at service set-up, the mortgages of all nodes are not frozen. The higher the reward, the more frozen mortgages. That is, the collateral is divided into two parts. One being frozen, i.e. dpiAnd go to contract SC, and the other is not frozen and the node is available. It ensures that dishonest nodes are exposedMore penalties and honest nodes get more remuneration by offering higher mortgages.
And in the second stage, the nodes appointed by the cryptographic algorithm mechanism call a request service interface of the intelligent contract, and select proper service providing nodes for time verification.
At this stage, it is shown how a given node C establishes the time distribution service, where C can be considered a trusted node in the blockchain controlled by the cryptographic mechanism. If C sets the time release time, it must submit a service request to the contract SC, which is determined by the verification-related part C in the partial cryptogram0Reward rv, work time requirement tdAnd mortgage demand dsAnd (4) forming. The SC then selects an appropriate node to provide the service. The requirements for selecting the nodes are as follows:
collateral dp provided by nodeiGreater than collateral demand dsI.e. dpi>ds
The working time includes a working time requirement, i.e. td⊆Twpi
To select a more reliable node, the method selects Hf if the operating time of two nodes is the samepiOne higher because of HfpiA higher value indicates a more successful service provided by the node and a more reliable node. To achieve the goal of minimizing operating time and selecting more reliable nodes, the present disclosure designs a greedy algorithm for both goals. If a suitable node cannot be selected in the registry, the request is aborted.
And in the third stage, the selected nodes for providing the service call a verification contract in the intelligent contract to verify time and judge whether the current time is after the decryption time.
At this stage, the node selected in the previous stage, such as PiA result is returned to determine whether the current time is after the decryption time. The contract SC is responsible for maintaining information of the service record table, which is represented by the result Res, the working time requirement tdComposition, selection of nodes AddpiAnd the current time tc. The process is as follows:
the purpose of the service execution is by comparing gtcAnd C0To verify whether the decryption time is reached, where tcIs the current time. To achieve this, the present disclosure contemplates that the node needs to be at tdComparisons are made every 1 minute, and nodes are allowed to make comparisons every second. Note that the time interval for comparison is determined by the node, but is a minimum of one minute. Once g istc≥C0The node returns a "1", t to the contract SCdIf after gtc<C0Then "0" is output to the contract SC. In addition, the deposit of the node is frozen in the SC, i.e. the node will dsTransfer to contract SC to make it still have unfrozen deposit dpi-dsThe support node participates in other services.
And in the fourth stage, other nodes in the block chain call a reporting interface in the contract to report the service node with malicious behaviors in the whole process.
In this section, all nodes in the blockchain network are motivated to report tdThe misbehavior of the internal service record. The reporting mechanism is to handle two possible misbehaviours, namely erroneous results and no service provisioning. The two ways of reporting these inappropriate behaviors are as follows:
to handle the first error behavior, the present disclosure contemplates that nodes of the blockchain network may compare the current time t in the service recordcAnd C0To obtain a new result ResrIf Resr= Res, the result is correct, otherwise the node may react to such misbehaviour and its collateral drTo the smart contract SC. Please note that this disclosure defines dr>dsThus, the node is required to bear a greater risk of providing an erroneous report. The SC then checks the result, if there are multiple nodes, e.g., n nodes, at tdAnd ResrAfter = Res, misbehaviour of the selected node is reported, the SC aborts the service and deducts the selected node PiDeposit d ofsTo the reporting node as a reward. On the other hand, a node of the blockchain network may detect the service record and check whether the selected node is at tdWithout Res returned therein, i.e. withoutThere is an act of providing a service. Reporting dishonest node Add to SC upon node detection of no service being providedpiProviding a deposit drWherein d isr>dsThe SC checks the service record, and if so, the node gets the reported reward ds, otherwise its collateral d cannot be redeemedr
To further illustrate the performance of the encrypted transmission scheme provided by the present disclosure that supports timed decryption, the following exemplary simulation experiment is provided.
The test environment was as follows:
the embodiment is deployed on a machine device which is provided with an Intel (R) Celeron (R)3205@1.50GHz8G internal memory and is provided with Linux versions 4.15.0-99-genetic ic, Ubuntu5.4.0-6 and 2 GBRAM. The encryption transmission scheme supporting the timing decryption provided by the disclosure is written by using C language, and the Pbc library is combined with the curve y2=x3TypeA pairings on + x are combined and the security parameter θ =1024bits is configured.
The present embodiment uses RemixIDE to write intelligent contracts for blockchain networks in the identity language, where the intelligent contracts are designed with four main functions, i.e., Register (), Request (), Result (), Report (). The embodiment deploys intelligent contracts and tests gas cost on the private chain and the official test network rinkeyy respectively.
The test contents and results are as follows:
in order to verify the time overhead of the encryption transmission scheme supporting the timing decryption provided by the present disclosure, the present embodiment respectively tests the time overhead of Setup, KeyGen, Encrypt, and Decrypt.
Setup: initializing a system;
KeyGen: generating a public key and a private key of the terminal equipment;
encrypt: constructing a ciphertext;
decrypt: and analyzing the ciphertext.
The decryption time is set to "20210324", i.e. decryption is possible after 3 months and 24 days 2021. The time overhead is shown in FIG. 4, which indicates that it takes approximately 0.01 seconds to run KeyGen for system initialization, approximately 0.005 seconds to run Setup to generate keys for clients, 0.02 seconds for encryption, and approximately 0.01 seconds for decryptionIt took 0.009 seconds. In addition, the present embodiment also tested generation C2And C4Time cost of (2), the results show that C is formed2And C4The time required was approximately the same, one took 0.009 seconds and the other 0.0084 seconds, since C was generated2And C4The exponential operation of (a) is almost the same.
The embodiment first constructs a private chain, creates a foundational block, and then creates an account to deploy the contracts of the embodiment. The account address and contract address are as follows. The embodiment deploys a scheme onto this private chain using Geth to test the maximum cost of the intelligent contract. In the private chain of this embodiment, the four functions are divided into four interfaces of a smart contract to test the maximum gas cost for each function.
The maximum possible gas cost of a smart contract in the private chain of this embodiment is shown in FIG. 5. This example evaluates the gas cost in gas units, 1gas =1 × 10-9ETH. As shown in FIG. 5, the Request () overhead is the largest of the four functions, i.e., 694885gas ≈ 0.0007 ETH. In addition, Report () also requires 639179gas ≈ 0.0006ETH, which is similar to the gas cost of Request (), while the cost of the other two functions is lower (Register () cost about 0.0002ETH, Result () cost about 0.0003 ETH). These experimental results show that this embodiment has reasonable gas cost and strong privacy.
The embodiment also deploys the official Ether workshop test network Rinkeby, and the network simulates a real production network so as to embody the practicability of the embodiment. In this embodiment, 10 ether house accounts are generated, and the gas cost of calling each function in the intelligent contract under the condition of 1 node, 5 nodes and 10 nodes is respectively tested. Each node has its own operating time, i.e. once a day. It can check whether the publication time is up by running Result () and Report the error behavior by calling Report () once a day.
As shown in fig. 6, the experimental results show that the gas cost of calling Register and Result, respectively, remains moderate as the number of registered nodes increases. Specifically, it costs the same gas, 0.0007ETH in three cases of 1 node (node: Peer) and 5 nodes and 10 nodes. This means that the cost of the registration interface in the smart contract is low. Also, it is easy for one node to call Result, which is about 0.00011ETH in case of 1 node and 5 nodes and 10 nodes. Fig. 6 shows that the gas cost increases linearly with the number of nodes (about 0.00027ETH under 1 node, about 0.00053ETH under 5 nodes, 0.00083ETH under 10 nodes). These gas values in this embodiment exceed the maximum gas cost required for the private chain. The cost of gas increases with the complexity of the code, i.e. if a function has a loop, the more loops, the more complex the code. The request has a cycle that grows as the number of registered nodes increases. Therefore, it is reasonable that the gas cost increases as the number of nodes increases. Since there are not many dishonest nodes in rinkeyy, the gas cost is the minimum to invoke Report and does not grow as the number of nodes increases (about 0.00002ETH in three cases).
It should be noted that the method of the embodiments of the present disclosure may be executed by a single device, such as a computer or a server. The method of the embodiment can also be applied to a distributed scene and completed by the mutual cooperation of a plurality of devices. In such a distributed scenario, one of the devices may only perform one or more steps of the method of the embodiments of the present disclosure, and the devices may interact with each other to complete the method.
It should be noted that the above describes some embodiments of the disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments described above and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Exemplary device
Based on the same inventive concept, corresponding to the method of any embodiment, the disclosure also provides an encryption transmission system supporting timing decryption.
Referring to fig. 7, the encrypted transmission system supporting the timed decryption includes:
a first terminal device 710, a second terminal device 720, a data storage server 730, and a blockchain network 740;
a first terminal device 710 configured to: acquiring decryption time, a plaintext and an identity of a second terminal device, acquiring a public key of the second terminal device according to the identity of the second terminal device, constructing a ciphertext comprising a verification related part, a time related part and a plaintext related part according to the decryption time, the plaintext and the public key of the second terminal device, transmitting the verification related part to a block chain network, transmitting the time related part to a data storage server, and transmitting the plaintext related part to the second terminal device;
a blockchain network 740 configured to: verifying the verification related part, and sending the verification passing result to the data storage server in the decryption time;
a data storage server 730 configured to: in response to receiving the verification pass result, sending the time-dependent portion to the second terminal device;
a second terminal device 720 configured to: and obtaining decryption time according to the time-related part, and decrypting the plaintext-related part by using the decryption time and a private key of the second terminal device to obtain the plaintext.
In some exemplary embodiments, the first terminal device 710 is any terminal device that transmits data and the second terminal device 720 is any terminal device that receives data.
In some exemplary embodiments, the first terminal device 710 is specifically configured to:
and taking the identity of the second terminal equipment as the public key of the second terminal equipment.
In some exemplary embodiments, the first terminal device 710 is specifically configured to:
constructing a verification related part according to the decryption time;
constructing a time-related part according to the public key and the decryption time of the second terminal device;
and constructing a plaintext relevant part according to the public key, the decryption time and the plaintext of the second terminal device.
In some exemplary embodiments, the blockchain network 740 is specifically configured to:
selecting a node in the block chain network to verify the verification related part to obtain a verification result;
and in response to determining that the verification result is a verification pass result, sending the verification pass result to the data storage server at the decryption time.
For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, the functionality of the various modules may be implemented in the same one or more software and/or hardware implementations of the present disclosure.
The apparatus in the foregoing embodiment is used to implement the corresponding encryption transmission method supporting timing decryption in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.
Based on the same inventive concept, corresponding to the method of any embodiment described above, the present disclosure further provides an electronic device, which includes a memory, a processor, and a computer program stored on the memory and running on the processor, and when the processor executes the program, the encryption transmission method supporting the timing decryption described in any embodiment above is implemented.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to these examples; within the idea of the present disclosure, also technical features in the above embodiments or in different embodiments may be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the embodiments of the present disclosure as described above, which are not provided in detail for the sake of brevity.
In addition, well-known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown in the provided figures for simplicity of illustration and discussion, and so as not to obscure the embodiments of the disclosure. Furthermore, devices may be shown in block diagram form in order to avoid obscuring embodiments of the present disclosure, and this also takes into account the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform within which the embodiments of the present disclosure are to be implemented (i.e., specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the disclosure, it should be apparent to one skilled in the art that the embodiments of the disclosure can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative instead of restrictive.
While the present disclosure has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of these embodiments will be apparent to those of ordinary skill in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic ram (dram)) may use the discussed embodiments.
The disclosed embodiments are intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the appended claims. Therefore, any omissions, modifications, equivalents, improvements, and the like that may be made within the spirit and principles of the embodiments of the disclosure are intended to be included within the scope of the disclosure.

Claims (10)

1. An encryption transmission method supporting timing decryption is realized by an encryption transmission system supporting timing decryption, wherein the encryption transmission system supporting timing decryption comprises a first terminal device, a second terminal device, a data storage server and a block chain network;
the method comprises the following steps:
the first terminal device obtains decryption time, a plaintext and an identity of the second terminal device, obtains a public key of the second terminal device according to the identity of the second terminal device, constructs a ciphertext including a verification related part, a time related part and a plaintext related part according to the decryption time, the plaintext and the public key of the second terminal device, sends the verification related part to the block chain network, sends the time related part to the data storage server, and sends the plaintext related part to the second terminal device;
the block chain network verifies the relevant part of the verification and sends a verification passing result to the data storage server in the decryption time;
the data storage server sends the time-dependent portion to the second terminal device in response to receiving the verification pass result;
and the second terminal equipment obtains the decryption time according to the time-related part and decrypts the plaintext-related part by using the decryption time and a private key of the second terminal equipment to obtain the plaintext.
2. The method of claim 1, wherein the first terminal device is any terminal device that transmits data, and the second terminal device is any terminal device that receives data.
3. The method according to claim 1, wherein the obtaining, by the first terminal device, the public key of the second terminal device according to the identity of the second terminal device specifically includes:
and the first terminal device takes the identity of the second terminal device as a public key of the second terminal device.
4. The method according to claim 1, wherein the first terminal device constructs a ciphertext according to the decryption time, the plaintext, and a public key of the second terminal device, and specifically includes:
the first terminal device constructs the verification related part according to the decryption time;
the first terminal device constructs the time-related part according to the public key of the second terminal device and the decryption time;
and the first terminal equipment constructs the plaintext related part according to the public key of the second terminal equipment, the decryption time and the plaintext.
5. The method according to claim 1, wherein the verifying the verification-related part by the blockchain network and sending a verification passing result to the data storage server at the decryption time includes:
the block chain network selects a node in the block chain network to verify the verification related part to obtain a verification result;
the blockchain network sends a verification pass result to the data storage server at the decryption time in response to determining that the verification result is the verification pass result.
6. An encrypted transmission system supporting timed decryption, comprising:
the system comprises a first terminal device, a second terminal device, a data storage server and a blockchain network;
the first terminal device configured to: acquiring decryption time, plaintext and an identity of the second terminal device, acquiring a public key of the second terminal device according to the identity of the second terminal device, constructing a ciphertext including a verification related part, a time related part and a plaintext related part according to the decryption time, the plaintext and the public key of the second terminal device, transmitting the verification related part to the block chain network, transmitting the time related part to the data storage server, and transmitting the plaintext related part to the second terminal device;
the blockchain network configured to: verifying the relevant verification part, and sending a verification passing result to the data storage server in the decryption time;
the data storage server configured to: in response to receiving the verification pass result, sending the time-dependent portion to the second terminal device;
the second terminal device configured to: and obtaining the decryption time according to the time-related part, and decrypting the plaintext-related part by using the decryption time and a private key of the second terminal device to obtain the plaintext.
7. The system of claim 6, wherein the first terminal device is any terminal device that transmits data, and the second terminal device is any terminal device that receives data.
8. The system of claim 6, wherein the first terminal device is specifically configured to:
and taking the identity of the second terminal device as a public key of the second terminal device.
9. The system of claim 6, wherein the first terminal device is specifically configured to:
constructing the verification-related part according to the decryption time;
constructing the time-dependent part according to the public key of the second terminal device and the decryption time;
and constructing the plaintext related part according to the public key of the second terminal device, the decryption time and the plaintext.
10. The system of claim 6, wherein the blockchain network is specifically configured to:
selecting a node in the block chain network to verify the verification related part to obtain a verification result;
and in response to determining that the verification result is the verification pass result, sending the verification pass result to the data storage server at the decryption time.
CN202210002824.7A 2022-01-05 2022-01-05 Encryption transmission method and system supporting timing decryption Pending CN114024776A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210002824.7A CN114024776A (en) 2022-01-05 2022-01-05 Encryption transmission method and system supporting timing decryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210002824.7A CN114024776A (en) 2022-01-05 2022-01-05 Encryption transmission method and system supporting timing decryption

Publications (1)

Publication Number Publication Date
CN114024776A true CN114024776A (en) 2022-02-08

Family

ID=80069304

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210002824.7A Pending CN114024776A (en) 2022-01-05 2022-01-05 Encryption transmission method and system supporting timing decryption

Country Status (1)

Country Link
CN (1) CN114024776A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108111587A (en) * 2017-12-15 2018-06-01 中山大学 A kind of cloud storage searching method based on time release
CN108881433A (en) * 2018-06-15 2018-11-23 孙念 Information time controlled released or sending method and device based on block chain
CN109981690A (en) * 2019-04-29 2019-07-05 河南大学 A kind of anti-tamper timing data security transmission method based on block chain intelligence contract
US20190349190A1 (en) * 2016-12-30 2019-11-14 Intel Corporation BLOCKCHAINS FOR SECURING IoT DEVICES
CN111211897A (en) * 2019-12-20 2020-05-29 河南大学 Time control encryption security enhancement method based on random prediction model
CN111723387A (en) * 2020-06-22 2020-09-29 深圳前海微众银行股份有限公司 Block chain-based data decryption method and device
KR20210110110A (en) * 2020-02-28 2021-09-07 한양대학교 산학협력단 Apparatus and method for generating block chain

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190349190A1 (en) * 2016-12-30 2019-11-14 Intel Corporation BLOCKCHAINS FOR SECURING IoT DEVICES
CN108111587A (en) * 2017-12-15 2018-06-01 中山大学 A kind of cloud storage searching method based on time release
CN108881433A (en) * 2018-06-15 2018-11-23 孙念 Information time controlled released or sending method and device based on block chain
CN109981690A (en) * 2019-04-29 2019-07-05 河南大学 A kind of anti-tamper timing data security transmission method based on block chain intelligence contract
CN111211897A (en) * 2019-12-20 2020-05-29 河南大学 Time control encryption security enhancement method based on random prediction model
KR20210110110A (en) * 2020-02-28 2021-09-07 한양대학교 산학협력단 Apparatus and method for generating block chain
CN111723387A (en) * 2020-06-22 2020-09-29 深圳前海微众银行股份有限公司 Block chain-based data decryption method and device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
PENG JIANG ET AL: "Towards Reliable and Confidential Release for Smart Contract via ID-based TRE", 《IEEE INTERNET OF THINGS JOURNAL》 *

Similar Documents

Publication Publication Date Title
Abbasinezhad-Mood et al. Efficient anonymous password-authenticated key exchange protocol to read isolated smart meters by utilization of extended Chebyshev chaotic maps
Odelu et al. Provably secure authenticated key agreement scheme for distributed mobile cloud computing services
CN109309569B (en) SM2 algorithm-based collaborative signature method and device and storage medium
CN109740384A (en) Data based on block chain deposit card method and apparatus
JP4782343B2 (en) How to authenticate anonymous users while reducing the possibility of “middleman” fraud
CN109981641A (en) A kind of safe distribution subscription system and distribution subscription method based on block chain technology
KR101985179B1 (en) Blockchain based id as a service
Wang et al. LAMANCO: A lightweight anonymous mutual authentication scheme for $ N $-times computing offloading in IoT
CN113691502B (en) Communication method, device, gateway server, client and storage medium
KR20140009105A (en) One-time password authentication with infinite nested hash chains
CN115333857B (en) Detection method for preventing data from being tampered based on smart city system cloud platform
CN111630810A (en) Key exchange device, key exchange system, key exchange method, and key exchange program
Chang et al. A practical secure and efficient enterprise digital rights management mechanism suitable for mobile environment
CN114553590A (en) Data transmission method and related equipment
US20150023498A1 (en) Byzantine fault tolerance and threshold coin tossing
Yu et al. Veridedup: A verifiable cloud data deduplication scheme with integrity and duplication proof
CN113329004B (en) Authentication method, system and device
CN116170144B (en) Smart power grid anonymous authentication method, electronic equipment and storage medium
Lin et al. Secured map reduce computing based on virtual machine using threshold secret sharing and group signature mechanisms in cloud computing environments
Zhong et al. Authentication and key agreement based on anonymous identity for peer-to-peer cloud
Huang et al. Mutual authentications to parties with QR-code applications in mobile systems
CN111245594A (en) Homomorphic operation-based collaborative signature method and system
JP5651611B2 (en) Key exchange device, key exchange system, key exchange method, program
CN114124440B (en) Secure transmission method, apparatus, computer device and storage medium
CN114024776A (en) Encryption transmission method and system supporting timing decryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20220208

RJ01 Rejection of invention patent application after publication