CN114036539A

CN114036539A - Safety auditable Internet of things data sharing system and method based on block chain

Info

Publication number: CN114036539A
Application number: CN202111310002.7A
Authority: CN
Inventors: 李宏发; 李霄铭; 熊军; 李洋; 余翔; 杨启帆
Original assignee: Big Data Center Of State Grid Corp Of China; State Grid Corp of China SGCC; State Grid Fujian Electric Power Co Ltd; Information and Telecommunication Branch of State Grid Fujian Electric Power Co Ltd
Current assignee: Big Data Center Of State Grid Corp Of China; State Grid Corp of China SGCC; State Grid Fujian Electric Power Co Ltd; Information and Telecommunication Branch of State Grid Fujian Electric Power Co Ltd
Priority date: 2021-10-14
Filing date: 2021-11-05
Publication date: 2022-02-11

Abstract

The invention provides a block chain-based security auditable Internet of things data sharing system and method, which improve the security of security data sharing of the Internet of things by using a block chain technology. And fine-grained control over the data access authority of the Internet of things is realized by using an attribute-based encryption mode, and the computing overhead of a user side is reduced by using an outsourcing decryption technology. The core function of the system is to realize the control of the access times of the user, and to manage each access of the user by using the algorithms of synchronous aggregation signature, verifiable random function and the like. In the pay use model, the system allocates limited times of data access rights of the internet of things according to the pay condition of the user on the data. Meanwhile, the intelligent contract function of the block chain provides user management, signature verification and access audit functions for the system.

Description

Safety auditable Internet of things data sharing system and method based on block chain

Technical Field

The invention belongs to the technical field of information security, Internet of things and information sharing, and particularly relates to a block chain-based security auditable Internet of things data sharing system and method.

Background

1. Block chain and intelligent contract

The block chain is a chain data structure formed by combining data blocks in a sequential connection mode according to a time sequence, and is a distributed account book which is guaranteed in a cryptographic mode and cannot be tampered and forged. Broadly speaking, the blockchain technique is a completely new distributed infrastructure and computing paradigm that utilizes blockchain data structures to verify and store data, utilizes distributed node consensus algorithms to generate and update data, cryptographically secures data transmission and access security, and utilizes intelligent contracts composed of automated script code to program and manipulate data.

The intelligent contract is a special protocol, which is used when making contracts in a block chain, and contains code functions, and can also interact with other contracts, make decisions, store data, send Ethernet coins and other functions. The intelligent contract principal provides verification and runs the conditions established within the contract. Smart contracts allow trusted transactions to be conducted without third parties. These transactions are traceable and irreversible.

2. Ciphertext policy attribute based encryption

Ciphertext policy attribute based encryption (CP-ABE) can provide privacy-protecting fine-grained access control for data sharing. The method specifically comprises four algorithms:

(1)Setup(1^λ) → (PP, MSK) input security parameter lambda, output system public parameter PP and master key MSK. The security parameter λ is used to define the security level of the system, the public parameter PP is the default input for other algorithms, and the master key MSK may generate an attribute key for the user.

(2)

Inputting PP, MSK and user attribute set

The user attribute key SK is output. User's attribute key SK and attribute set

Association, usable for decrypting access policies with

And matching the ciphertext.

(3)

Input PP, message m and access policy

And outputting the message ciphertext CT. Due to CT and access policy

Correlation, if attribute set corresponding to user attribute key SK

Satisfying access policies

The user can decrypt the CT.

(4) Dec (SK, CT) → m/. DELTA.: input SK, CT if the set of attributes in SK

With access in CT

Matching

Outputting the message m, otherwise outputting ≠ represents decryption error. User's attribute key SK and attribute set

Association, CT and access policy

And when the two are matched, the user can recover the plaintext m from the CT by using the SK.

3. Synchronized aggregated signatures

Synchronous Aggregated Signature (SAS) comprises six algorithms:

(1)Setup(1^λ) Input security parameter λ → PP, output system disclosure parameter PP. The safety parameter lambda being used to determineDefining the security level of the system, the public parameter PP is the default input for other algorithms.

(2) KeyGen (PP) → (pk, sk), which inputs the PP and outputs the public and private keys pk/sk. The algorithm generates a key pair for the user.

(3) Sign (PP, sk, m, ω) → σ input PP, sk, message m, and validity period ω, output signature σ. The signature value is bound to the message and the validity period for verification of the validity period of the message.

(4) Verify (PP, pk, m, σ) → 1/0: input PP, pk, m, σ, output 1 indicates that the signature is valid, otherwise output 0.

(5)Agg(PP,PK,Msg,Sig)→σ_∑Input PP, a set of public keys PK ═ PK (PK)₁,…,pk_l) A set of messages Msg ═ m₁,…,m_l) A set of signatures Sig ═ (σ)₁,…,σ_l) Output aggregate signature σ_∑。

(6)AggVerify(PP,PK,Msg,σ_∑) → 1/0 input PP, PK, Msg, σ_∑Output 1 indicates that the aggregated signature is valid, otherwise output 0.

4. Verifiable random function

A Verifiable Random Function (VRF) is a pseudo random function that can provide a verification function, and comprises four algorithms:

(1)Setup(1^λ) Input security parameter λ → PP, output system disclosure parameter PP.

(2) KeyGen (PP) → (pk, sk), which inputs the PP and outputs the public and private keys pk/sk.

(3) Save (PP, sk, x) → (y, pi), input PP, sk and message x, output VRF evaluation value y and proof value pi.

(4) Verify (PP, pk, x, y, pi) → 1/0: import PP, pk, x, y, pi, export 1 indicates (y, pi) is a valid evaluation and proof value for x, otherwise 0 is exported.

5. Attribute set access policy definition

Attribute set definition: the system represents a single attribute by the symbol A, let { A₁,A₂,…,A_nDenotes the set of all attributes. Order symbol

Represents a set of attributes of a user and satisfies

Representing sets of attributes using n-bit strings

Wherein a is_iE {0,1} represents the bit value corresponding to the ith attribute: if it is

Then a_i1 is ═ 1; if it is

Then a_i0. For example, assuming n is 6, then

Representing a collection of attributes

Containing an attribute A₁,A₃,A₅,A₆}。

The access policy defines: the system uses a system based on an AND gate (AND gate) AND a set of attributes A₁,A₂,…,A_nAccess structure of { right before } defines access policy

Representing access policies using n-bit strings

Wherein b is_iE {0,1} represents the bit value corresponding to the ith attribute: if it is

Then b is_i1 is ═ 1; if it is

Then b is_i0. For example, assuming n is 6, then

Indicating satisfaction of an access policy

Needs to contain the attribute A₃,A₅}。

The attribute is defined by matching with the access policy: for attribute collection

And access policy

If a is satisfied for all i e {1, …, n }, then_i≥b_iThen called attribute set

And access policy

Match, expressed as

6. The technical proposal closest to the proposal of the application

(1) Block chain-based data controlled circulation method CN202110564714.5

The following steps are described: the invention discloses a block chain-based data controlled circulation method, belonging to the field of network security; firstly, establishing a data transfer alliance chain in an untrusted network environment, and establishing a trusted third party, a data uploading area and a downloading area; secondly, executing an intelligent contract for data encryption uploading, encrypting the revolution data and uploading the revolution data to a data transfer central station by setting an access control structure tree among different users; then executing intelligent contract of data abstract uplink, extracting abstract information of the circulated data and uplink memory evidence; then executing an intelligent contract generated by the key, and dynamically generating a resource access key by a trusted third party according to the identity attribute of the data receiver; and finally, executing the intelligent contract obtained by data decryption, decrypting by a data receiver by using the resource access key to obtain the clear text of the data to be transferred, and verifying the authenticity of the data to be transferred by comparing the data digests on the chain and the data digests on the chain. The invention ensures the credible data source and controls the flowing range of the data.

The disadvantages are as follows: the invention controls the data flow by using the access control strategy, but the use times of the data resources by the user can not be limited, and the data resources can be used for unlimited times once authorized.

(2) Multi-authority attribute based encryption method CN202110411887.3 based on block chain

The following steps are described: the invention provides a multi-authority attribute-based encryption method based on a block chain, which comprises the steps of carrying out global initialization on a system, generating a system public parameter GP and recording the GP into a created block; initializing attribute authorities, wherein all the attribute authorities generate a group of attribute public and private keys by utilizing GP; encrypting data, wherein an encryptor generates a data ciphertext and a key ciphertext by using a symmetric encryption algorithm and an attribute encryption algorithm; generating a user private key, wherein the attribute authority generates a group of attribute private keys for the user; decrypting the data, and decrypting the ciphertext by using the attribute private key by the user to obtain shared data; and attribute revocation, wherein due to the fact that the user attribute is revoked, the attribute set of the user attribute does not meet the access strategy, and the updated ciphertext address cannot be obtained. The invention records the time sequence attribute state of the user by using the block chain, realizes the distributed distribution, storage and cancellation of the attribute private key, improves the key management efficiency of a distributed attribute-based encryption mechanism, and enhances the security of data sharing in a distributed environment.

The disadvantages are as follows: the invention utilizes an attribute-based encryption method to carry out fine-grained control on data use, but cannot realize the outsourcing decryption function, and a user can recover a ciphertext by carrying out a large amount of operations. Moreover, the server needs to respond to all data requests, and cannot resist distributed denial of service attacks.

(3) Block chain-based security authentication method for power distribution Internet of things CN202110718633.6

The following steps are described: the invention discloses a safety certification method of a power distribution internet of things based on a block chain, which comprises the following steps: the method comprises the steps that each edge gateway is used as a block chain node to construct a block chain, each power terminal device sends corresponding device information and a preset password to the edge gateway, the edge gateway processes the device information and the preset password to complete registration, the edge gateway generates a first encrypted ciphertext and a second encrypted ciphertext, the edge gateway generates a target ciphertext combination based on the first encrypted ciphertext and the second encrypted ciphertext, the target ciphertext combination is linked on the block chain, the power terminal device sends authentication information to the edge gateway, the edge gateway obtains authentication data from the authentication information, the edge gateway obtains a first authentication data abstract based on the authentication data and extracts a second digital abstract from the block chain, and the edge gateway realizes the safety authentication of the edge gateway on the power terminal device based on the first authentication data abstract and the second digital abstract. Therefore, the identity authentication of the power terminal equipment can be completed more efficiently.

The disadvantages are as follows: according to the method, identity authentication among the Internet of things devices is realized by combining a block chain technology, but the safe sharing of the Internet of things data cannot be realized, and fine-grained safety control on the data is not considered.

(4) Method CN202010409745.9 for safely sharing data based on private chain

The following steps are described: the invention relates to a data security sharing method based on a private chain, and belongs to the field of block chains and the Internet. The invention discloses a method for safely sharing data based on a private chain, which connects data blocks into a data network to form a complete database with data storage and sharing functions. By utilizing the safety characteristic of the block chain and the distributed management of the root zone data, the method can be applied to the management of a large amount of private data and ensure the authenticity of the data. The method can timely and effectively process huge and fragmented data, and better guarantee privacy of the authority and communication management of the Internet of things equipment. In addition, the block chain technology is combined with an off-chain database, data and data storage permission is separated, so that a central mechanism cannot lose or leak data due to management loss or equipment failure, a decentralized management system is realized, DDoS attack can be resisted, and self-protection is realized.

The disadvantages are as follows: the invention utilizes the private chain to carry out data security sharing, has no public chain or alliance chain in application scene, and is not suitable for the use of the Internet of things system facing public service. In addition, data is not encrypted, and fine-grained access control is not performed, which easily causes a problem of data leakage. The scheme also cannot audit the use condition of the data.

(5) Internet of things security agent data sharing module design method CN201910543004.7 adopting block chain technology

The following steps are described: the invention discloses a method for designing a data sharing module of an Internet of things security agent by adopting a block chain technology. The method integrates a blockchain network, a processing node of the blockchain network serves as a proxy server, when a user is a registered member of the network, the user can access data through verification of the blockchain network, the proxy also re-encrypts the data through conversion of a policy set in the process of sharing the data, and the blockchain network and the cloud server work cooperatively to ensure an anti-collusion scheme.

The disadvantages are as follows: according to the method, the security protection is performed on the data of the Internet of things by using the attribute basis and the proxy re-encryption function, but the encryption process and the decryption process of the scheme both involve a large number of bilinear pairwise operations and power exponent operations, and are not suitable for the use of resource-limited Internet of things equipment, because a large amount of operation can quickly exhaust the computing resources and electric quantity of the sensor node, and a large amount of communication bandwidth can be occupied. Compared with the prior art, the method has the advantages that the computing overhead is low, a large amount of computing requirements are outsourced to the cloud platform and the block chain intelligent contract to be executed, and the computing amount of the Internet of things equipment and the user side can be reduced. In addition, the invention can also manage and control and audit the use times of the data resources of the user.

The prior technical scheme and the system have the following problems to prevent the deployment of the prior technical scheme and the prior technical system in practical application. (1) The efficiency of the Attribute Based Encryption (ABE) algorithm. The ABE scheme can provide a flexible access control mode, but the existing scheme has the problems of high communication and calculation cost and complex decryption process. Cipher text length, bilinear pairwise operand and power exponent operand in most existing schemes are linearly increased along with complexity of an access strategy, and use of ABE in the scene of the Internet of things is seriously hindered. Therefore, an important challenge is how to optimize communication and computational efficiency in a pay-for-use model. (2) A distributed denial of service attack (DDoS attack) problem on ABE ciphertext. In the existing ABE scheme architecture, the cloud server cannot determine whether the user has the decryption authority for the ciphertext, so all download requests need to be responded. And a malicious attacker or an unauthorized user can frequently initiate a data downloading request to the cloud platform by utilizing the vulnerability. In order to achieve the purpose of large-scale attack, an attacker can control a plurality of hosts to simultaneously send requests to the cloud platform in a short time to obtain responses by injecting viruses into a large number of computers, so that the resource of the cloud platform is exhausted. This type of attack is known as a denial of service attack. Thus, a second challenge is how to prevent denial of service attacks against the ABE scheme. (3) Resource usage auditing problems. In order to achieve transparency of cloud service charging, data owners need to audit cloud storage and cloud computing resources that are actually consumed. The traditional signature-based auditing mode requires a data owner to download a signature generated by each interaction between a user and a cloud platform, and then verify the signature values one by one, so that larger communication and calculation expenses are generated. Therefore, the third major challenge is how to achieve efficient cloud resource auditing.

Disclosure of Invention

Aiming at the defects in the prior art, the invention aims to provide a safety auditable Internet of things data sharing system and method based on a block chain. In order to realize privacy protection of data, the safety of safe data sharing of the Internet of things is improved by using a block chain technology. The block chain is used for generating/encrypting the data of the Internet of things, the key nodes in the extraction/decryption process provide the storage verification, the reliability of information transmission is greatly improved, and the calculation overhead of a user side is reduced through the outsourcing decryption technology.

Furthermore, the invention also realizes fine-grained control on the data access authority of the Internet of things by using an attribute-based encryption mode. And the control on the access times of the user is realized, and each access of the user is managed by using algorithms such as a synchronous aggregation signature and a verifiable random function. In the pay use model, the system allocates limited times of data access rights of the internet of things according to the pay condition of the user on the data. Meanwhile, the intelligent contract function of the block chain can also provide user management, signature verification and access audit functions for the system.

Aiming at the problems of privacy disclosure, easiness in denial of service attack and hacker invasion and the like existing in the traditional data sharing method, the invention designs a safety auditable Internet of things data sharing system based on a block chain in a payment business model. Firstly, the Internet of things equipment encrypts data by using a ciphertext attribute strategy-based encryption scheme, so that the attributes of data users are limited, fine-grained data sharing access control is realized, and the access times of the users can be defined; secondly, introducing a payment business model into the data sharing system, enabling the cloud server to charge for the provided service, and generating a corresponding resource use certificate through a verifiable random function and a synchronous aggregation signature; then, the Internet of things equipment management party can automatically verify the certificate generated by the cloud server by using the block chain intelligent contract; and finally, outsourcing a large amount of operations to the cloud server for computing by an outsourcing computing method, so that the decryption overhead of the user side is reduced. The distributed denial of service attack for the cloud storage ciphertext is resisted, the decryption overhead of users in fine-grained security data sharing is reduced, and the service provided by the cloud platform is audited by using the block chain intelligent contract. Multiple service proofs can be aggregated through the synchronous aggregation signature, so that the auditing efficiency is improved.

The invention specifically adopts the following technical scheme:

a block chain-based secure auditable Internet of things data sharing system comprises the following elements: the key generation center KGC, the cloud server, the block chain platform and the Internet of things equipment;

the key generation center is used for providing a public and private key pair for a data user and Internet of things equipment of the Internet of things, wherein the public key is used for submitting block chain platform deposit certificates; providing a public key and a ciphertext conversion key of a data user to a cloud server;

the Internet of things equipment encrypts data to generate a ciphertext, generates a signature key pair according to the data access times, uploads the ciphertext and the signature key pair to a cloud server to be stored, and sends the ciphertext to a block chain platform to be stored;

the cloud server is used for providing data storage service for the Internet of things and outsourcing decryption service for data users;

the block chain platform provides evidence storage service for the data storage, sharing, access and charging processes of the Internet of things;

when a data user applies for accessing the encrypted data of the Internet of things, the cloud server completes ciphertext conversion operation and sends the converted ciphertext to the block chain platform for evidence storage; and the received conversion ciphertext can be decrypted to obtain a plaintext after the correctness of the conversion ciphertext is verified by a block chain intelligent contract.

The data user according to the present invention may be understood as an entry device for a user to perform data access, and may be an intelligent device such as a PC or a mobile terminal, which is burdened with functions of arithmetic processing such as decryption operation.

Further, the key generation center generates a public parameter PP and distributes keys for entities in the system, including: distributing public and private key Pairs (PKs) for Internet of things equipment in the Internet of things_O,SK_O) Public and private key Pairs (PKs) are distributed to data consumers_U,SK_U) Generating cryptogram transformation key TK for data user_UAnd extracting the secret key RK_U(ii) a Key generation center will (PK)_U,SK_U,RK_U) Send to the data user and send (PK)_U,TK_U) Sending the data to a cloud server; the key generation center sends the public parameter PP to a block chain platform for storing the certificate; the Internet of things equipment is used for providing public keyPK_OThe data user uses the public key PK_USending the verification to a block chain platform for evidence storage;

the Internet of things equipment is used for encrypting the generated data m and using an access control strategy

For allowing user attribute of data access

Limiting to generate a ciphertext CT; the method comprises the steps that the internet of things equipment authorizes a data user to access data with the number of times of kappa, the internet of things equipment generates a kappa pair signature key pair, and a signature private key is encrypted to generate CK; the Internet of things equipment uploads the ciphertext CT and the signature key pair CK to a cloud server for storage, and the cloud server sends the CT to a block chain platform for storage;

when a data user applies for accessing the encrypted data of the Internet of things, an access request req is submitted to a cloud server, and the cloud server completes ciphertext conversion operation and sends a converted ciphertext to a block chain platform for evidence storage; the converted ciphertext TCT is submitted to a block chain intelligent contract for correctness verification, if the verification is passed, the converted ciphertext TCT is decrypted to recover a plaintext m, and a data user generates a data resource use proof;

the cloud server provides service for authorized data users according to the access control strategy; after receiving the proof of access proof of the data user, the cloud server submits the proof to the blockchain intelligent contract for verification.

Further, for the cloud server, if proof passes verification, aggregation is performed to generate an aggregation proof_∑Submitting to the Internet of things equipment for charging for the provided service; service proof of cloud server by calling intelligent contract through equipment of Internet of things_∑Carrying out verification and then carrying out payment receiving operation;

the blockchain platform utilizes intelligent contracts to perform data use and payment behaviors on data users and aggregate proof generated by a cloud server_∑And (6) carrying out verification.

And, a block chain-based secure auditable internet of things data sharing method, characterized in that:

the key generation center provides a public and private key pair for a data user and the Internet of things equipment of the Internet of things; wherein the public key is used for submitting the block chain platform deposit certificate; providing a public key and a ciphertext conversion key of a data user to a cloud server;

Further, the method comprises the following steps:

step S1: the key generation center carries out system initialization;

step S2: the key generation center generates a key; which generates a public parameter PP and distributes keys for entities in the system, comprising: distributing public and private key Pairs (PKs) for Internet of things equipment in the Internet of things_O,SK_O) Public and private key Pairs (PKs) are distributed to data consumers_U,SK_U) Generating cryptogram transformation key TK for data user_UAnd extracting the secret key RK_U(ii) a Key generation center will (PK)_U,SK_U,RK_U) Send to the data user and send (PK)_U,TK_U) Sending the data to a cloud server; the key generation center sends the public parameter PP to a block chain platform for storing the certificate; the Internet of things equipment sends a public key PK_OThe data user uses the public key PK_USending the verification to a block chain platform for evidence storage;

step S3: the Internet of things equipment performs data encryption and sharing: it encrypts the generated data m and uses an access control policy

For allowing user attribute of data access

step S4: the data user makes the data request of the internet of things: when a data user applies for accessing the encrypted data of the Internet of things, an access request req is submitted to a cloud server, and the cloud server completes ciphertext conversion operation and sends a converted ciphertext to a block chain platform for evidence storage;

step S5: the data user decrypts and proves the data of the Internet of things after the received conversion ciphertext is subjected to correctness verification by the intelligent contract of the block chain;

step S6: after receiving a proof of access of a data user, submitting the proof to a block chain intelligent contract by the cloud server for verification; if proof passes, then polymerization is performed to generate proof of polymerization proof_∑Submitting to the Internet of things equipment for charging for the provided service;

step S7: service proof of cloud server by calling intelligent contract through equipment of Internet of things_∑Authentication is performed and then a charge and receipt operation is performed.

Further, step S1 specifically includes the following processes:

setup (1) for initial loading of KGC by the key generation center^λ) → (PP, MSK): the key generation center generates an elliptic curve group G ═ p, E according to the safety parameter lambda_p(a, b), Q), wherein Q is the generator of an elliptic curve G, the order of the group G being a prime number p; generating bilinear pairs (p, G)_TE) wherein groups G and G_TIs a prime number p, and the bilinear pairings map e: GXG → G_T(ii) a Let the global property set of the system be

The key generation center selects a random number

Wherein

Calculating U-k₁Q，V＝k₂Q，Q_i＝αⁱQ，U_i＝αⁱU，V_i＝αⁱV; generating public parameter PP of CP-ABE algorithm_ABE＝(Q_i,U_i,V_i) Master key MSK_ABE＝(α,k₁,k₂) Where i ∈ [1, n ]]；

The key generation center randomly selects h e_RG, generating public parameter PP of VRF algorithm_VRF＝Q_VRF＝hQ；

The key generation center randomly selects w epsilon_RG, generating the public parameter PP of the SAS algorithm_SAS＝Q_SAS＝wQ；

The key generation center selects a key generation function KDF, and requires the length of a key output by the KDF to be the key length of the SM1 cryptographic algorithm;

the key generation center selects a collision-resistant hash function H₀:{0,1}^*→G，

The key generation center outputs a system public parameter PP ═ PP (PP)_ABE,PP_VRF,PP_SAS,KDF,H₀,H₁,H₂) And the master key MSK ═ MSK_ABE＝(α,k₁,k₂) (ii) a The key generation center sends the public parameter PP to a block chain platform for storing the certificate;

step S2 specifically includes the following processes:

KGC.KeyGen(PP,MSK,S)→(PK_O,SK_O,PK_U,SK_U,TK_U,RK_U): the key generation center generates keys for the Internet of things equipment and the data users;

the key generation center randomly selects

Generating public and private key Pair (PK) of Internet of things equipment_O,SK_O) Public and private key Pair (PK) for data users_U,SK_U)＝(ηQ,η)。

The key generation center inputs a set of attributes of a user

Calculating polynomial ring Z_p[α]Function of

Selecting random number by key generation center

Calculating s ∈ Z_pSo that the equation

If true; key generation center selecting reversible random numbers

Calculating gamma₁＝(r+k₁t)ζ^- ¹modp，γ₂＝(s-k₂t)ζ^-1modp; cipher text of data user is converted into cipher key

Ciphertext extracting secret key as RK_U＝ζ；

The key generation center assigns public and private key Pairs (PKs)_O,SK_O) Sending to the Internet of things equipment (PK)_U,SK_U,RK_U) Send to the data user (PK)_U,TK_U) And sending the data to the cloud server.

Further, the internet of things equipment encrypts a plaintext by adopting a key encapsulation mechanism, namely encrypting a plaintext message m by using a symmetric encryption algorithm and an encapsulation key EK, then encrypting the encapsulation key EK by using a key-based encryption technology, and embedding an access control strategy into the plaintext;

the encryption process in step S3 includes:

private key SK for Internet of things equipment_OAnd access control policy

Encrypting a plaintext m; encrypting a plaintext by adopting a key encapsulation mechanism, namely encrypting a plaintext message m by using a symmetric encryption algorithm and an encapsulation key EK, then encrypting the encapsulation key EK by using a key-based encryption technology, and embedding an access control strategy into the plaintext;

input data m and access control policy

Random number is selected to thing networking device

Computing

k_m＝KDF(r_mQ)，

Let f_iExpression polynomial

Middle alphaⁱThe coefficients of the terms; computing

Outputting the ciphertext

And an encapsulation key EK ═ μ_mWhere i ∈ [1, n ]]；

Internet of things equipment computing

Message m and VRF certification value P of encapsulation key EK by SM1 cryptographic symmetric encryption algorithm₂Encrypting and outputting ciphertext C_m＝SM₁.Enc(KDF(EK),(m||P₂))；

Setting that an authorized data user accesses the Internet of things data file for at most k times, and randomly selecting the Internet of things equipment

Computing kappa pair signature key pairs

Wherein i ∈ [1, κ ]](ii) a Adopts SM1 national secret symmetric encryption algorithm and packaging key EK pair sk_iEncrypting to calculate access key cipher text CSK_i＝SM₁.Enc(KDF(EK),sk_i)；

Internet of things equipment output ciphertext

The encapsulation key EK and the set CK ═ pk_i,CSK_i}_i∈[1,κ]Where CK represents a set of k pairs of signing key pairs.

Further, step S4 specifically includes the following processes:

U.Req(PP,PK_U,SK_Uinfo): the data user sends out the Internet of things data access request information Info and calculates Y ═ Ye(Q_VRF,(H₁(Info)+SK_U)^-1Q_VRF)，π＝(H₁(Info)+SK_U)^-1Q_VRFOutput req ═ of (Info, PK)_U,Y,π)；

The cloud server performs the following verification and ciphertext conversion operations:

first, it is verified whether the following conditions are all satisfied:

(1) verification equation

Whether the result is true or not;

(2) verification of TK_UProperty set in (1)

And in CT

Whether the access policy of (2) is satisfied

(3) Verifying whether the number of times of requests of a data user for CT does not exceed k times;

if the verification conditions are met, the cloud server performs ciphertext conversion calculation for the data user;

inputting cipher text

And ciphertext conversion key

If it is not

The user's attribute set and access control policy

If not, outputting T to represent the data user is an unauthorized user; if it is

Cloud platform performing ciphertext transformation computations

According to a function

If in the access policy

Then

Forming a polynomial; otherwise, the method is not established; order to

η_iRepresents alpha in the polynomial Λ (alpha)ⁱThe coefficients of the terms; obviously, the zero-order coefficient η of the polynomial Λ (α)₀Not equal to 0; cloud platform computing:

generating a transformed ciphertext

And the cloud server updates the CT request times ctr of the data user to ctr +1, and stores (TCT, ctr) in the block chain.

Further, step S5 specifically includes the following processes:

U.DecVerify(PP,PK_O,RK_U,TCT,CSK_ctr)→(m,sk_i) /T: the data consumer recovers the access key sk from the converted ciphertext_iAnd a plaintext message m;

the data user extracts the key RK with the ciphertext_URecovering the original message m from Zeta; firstly, calculating:

then calculate k_m＝KDF(r_mQ)，

Thereby recovering the EK (encapsulation key) as mu_m；

Computing m | P using SM1 cryptographic symmetric decryption algorithm and encapsulation key EK₂＝SM₁.Dec(KDF(EK),C_m)；

Verify whether the following equation holds

Computing sk_ctr＝SM₁.Dec(KDF(EK),CSK_ctr) Output (m, sk)_i)；

Let ω be the current time period, the data user uses sk_i＝z_iCalculating d ═ H₁(req,ω)，Φ₁＝H₂(0,ω)，Φ₂＝H₀(1,ω)，σ＝z_ctrΦ₁+z_ctrdΦ₂Proof of output Proof_ctr(req, σ, ω) and Proof of_ctrThe evidence is stored on the blockchain.

Further, step S6 specifically includes the following processes:

Blockchain.AggProof(PP,PK,Proof)→Proof_Σ/T: the cloud server invokes a Proof of Proof (Proof) of aggregating data consumers on a blockchain from an intelligent contract₁,…,Proof_l) The corresponding public key is PK ═ PK (PK)₁,…,PK_l) (ii) a For i e [1, l ∈ ]]The cloud server calls the intelligent contract to calculate d_i＝H₁(req_i,ω)，Φ₁＝H₀(0,ω)，Φ₂＝H₀(1, ω); authentication

Whether the result is true or not; if not, outputting T; otherwise, performing proving polymerization operation; inputting PK ═ PK₁,…,PK_l)，Req＝(Req₁,…,Req_l)，Sig＝(σ₁,…,σ_l) The cloud server calls the intelligent contract to calculate

Proof of output polymerization Proof_Σ＝(Req,σ_Σ,ω)。

Further, step S7 specifically includes the following processes:

Blockchain.Verify(PP,PK,Proof_Σ) → 1/0: the Internet of things equipment calls an intelligent contract to verify the aggregation certificate; if ω is not the current time period, or PK ═ PK (PK)₁,…,PK_l) If the public key in the set appears at least twice, the aggregation is proved to be false, and 0 is output; for i e [1, l ∈ ]]And d, the Internet of things equipment calls the intelligent contract to calculate_i＝H₁(req_i,ω)，Φ₁＝H₀(0,ω)，Φ₂＝H₀(1, ω), verification

Whether the result is true or not; if yes, outputting 1; otherwise, 0 is output.

Compared with the prior art, the invention and the preferred scheme thereof have the beneficial effects that:

(1) aiming at the problem of how to improve the efficiency of an attribute-based encryption (ABE) algorithm, a large amount of operations are outsourced to a cloud server for calculation by using an outsourced decryption-based ciphertext strategy attribute-based encryption scheme, so that the decryption calculation amount of a user is reduced to a constant order of magnitude. Thereby reducing the decryption overhead at the user end (i.e., reducing the computational overhead for the data user).

(2) Aiming at the problem of how to prevent denial of service attack (aiming at the problem of how to resist distributed denial of service supply aiming at cloud storage ciphertext) aiming at the ABE scheme, the Internet of things equipment encrypts data by using a ciphertext attribute strategy-based encryption scheme, so that the attribute of a data user is limited, fine-grained data sharing access control is realized, and the access times of the user can be defined. And the cloud platform verifies the downloading and decryption authority of the user through the ciphertext conversion key TK of the user. If the associated attribute set in TK and the request ciphertext CT

If the encryption algorithm is matched with the encryption algorithm, the cloud platform executes an outsourcing decryption algorithm; otherwise, the cloud platform refuses the data access request of the user. In the system of the invention, a data user needs to use a secret key to generate a downloading request before downloading encryption, and a verifiable random function can verify the downloading request, so as to prevent impersonation attack, namely a malicious attacker impersonates the identity of a legal user to send the downloading request.

(3) Aiming at the problem of how to realize efficient cloud resource auditing, the invention uses the synchronous aggregation signature to realize the auditing operation of the data so as to realize the control of the data access times. First, the SAS aggregates signatures of the same time period into a short aggregated signature, thereby avoiding sending a large number of signatures and their corresponding credentials to the user. The user only needs to verify the single aggregation signature, and the auditing operation of the data resources is realized. Second, in the encryption phase, the data owner prepares k signature keys for the outsourced document, where k represents an upper limit on the number of downloads defined within a time period. Each signing key can only be used to generate one signature and its proof within one time period. The number of data uses for all authorized users can thus be limited. Multiple service proofs can be aggregated through the synchronous aggregation signature, so that the auditing efficiency is improved.

The design points comprise:

1. the control of the access times of the user is realized, and each access of the user is managed by using algorithms such as synchronous aggregation signatures, verifiable random functions and the like.

2. In the pay use model, the system allocates limited times of data access rights of the internet of things according to the pay condition of the user on the data.

3. And auditing the service provided by the cloud platform by using the intelligent contract of the block chain, and performing resource use certification verification and access auditing functions.

4. And aggregating the plurality of service proofs through the synchronous aggregation signature, thereby improving the auditing efficiency.

5. And the decryption overhead of the user side is reduced. The system has the advantages that the distributed denial of service attack aiming at the cloud storage ciphertext can be resisted, and the calculation overhead of the user in fine-grained safety data sharing is reduced.

Drawings

The invention is described in further detail below with reference to the following figures and detailed description:

fig. 1 is a schematic diagram of a system architecture and a work flow according to an embodiment of the present invention.

Detailed Description

In order to make the features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in detail as follows:

the technical solution of the present invention is further described below with reference to the accompanying drawings and examples.

The system architecture of the present embodiment is shown in fig. 1, and each role includes a Key Generation Center (KGC), a cloud server, a block chain, an internet of things, and a data user. The functions of the entities in the system and the operations performed are summarized as follows. The symbol definition in the system of the present embodiment is shown in table 1.

The key generation center: responsible for establishing the system and generating the public parameter PP, and distributing the key for the entity in the system (step (r)): distributing public and private key Pairs (PK) for Internet of things equipment_O,SK_O) Public and private key Pairs (PKs) are distributed to data consumers_U,SK_U) Generating a cryptogram transformation key TK for a user_UAnd extracting the secret key RK_UWill (PK)_U,SK_U,RK_U) Is sent to the data user, andwill (PK)_U,TK_U) And sending the data to the cloud platform. And the key generation center sends the public parameter PP to the blockchain platform for evidence storage. Internet of things equipment public key PK_OThe user will use the public key PK_UAnd sending the data to a block chain platform for evidence storage.

The Internet of things: is a network of physical objects that embed sensors, software and other technologies to establish connections and exchange data with other devices and systems over the internet. In order to protect data privacy, the internet of things equipment needs to encrypt generated data m and use an access control strategy

To the attributes of the user who is allowed to access the data

And limiting to generate the ciphertext CT. Assuming that the access frequency of the user authorized by the internet of things device to the data is kappa, the internet of things device generates a kappa pair signature key pair, and encrypts a signature private key to generate CK. And finally, the Internet of things equipment uploads the ciphertext CT and the signature key pair CK to a cloud platform for storage, and the cloud platform sends the CT to a block chain platform for storage (step II). The management side of the Internet of things needs to call a service proof of the intelligent contract to the cloud platform_∑Verification is performed and then a payment receiving operation is performed (step (c)).

The data user: and applying for accessing the encrypted data of the Internet of things, submitting an access request req to a cloud server (step (c)), and completing ciphertext conversion operation by the cloud server (step (c)). And the data user submits the received conversion ciphertext TCT to the block chain intelligent contract for correctness verification, and if the conversion ciphertext TCT is correct, the block chain intelligent contract is decrypted to recover a plaintext m. Then, the data user needs to generate the proof of use of data resource proof (step (v)).

Cloud server: the method provides data storage service for the Internet of things and outsources decryption service for data users so as to reduce the calculated amount of the data users. The security requires that the cloud server cannot acquire sensitive data in the files of the Internet of things in the outsourcing decryption processAnd (4) information. The cloud server needs to reject the access request of the unauthorized data user and provides service to the authorized data user according to the access control policy (step (r)). After receiving the proof of access proof of the data user, the cloud platform submits the proof to the blockchain intelligent contract for verification. If passing the verification, performing polymerization to generate a proof of polymerization proof_∑To charge for the provided service (step (c)).

Block chains: the method provides evidence storage service for the data storage, sharing, access and charging processes of the Internet of things, and meanwhile verifies the data use and payment behaviors of data users and the aggregated signature generated by the cloud server by using an intelligent contract (step (phi), (phi)).

TABLE 1 legends

The operation process comprises the following steps:

1. system initialization phase

·KGC.Setup(1^λ) → (PP, MSK): the key generation center generates an elliptic curve group G ═ p, E according to the safety parameter lambda_p(a, b), Q), wherein Q is the generator of the elliptic curve G, the order of the group G being the prime number p. Generating bilinear pairs (p, G)_TE) wherein groups G and G_TIs a prime number p, and the bilinear pairings map e: GXG → G_T. Let the global property set of the system be

-KGC selecting random numbers

Wherein

Calculating U-k₁Q，V＝k₂Q，Q_i＝αⁱQ，U_i＝αⁱU，V_i＝αⁱAnd V. Generating public parameter PP of CP-ABE algorithm_ABE＝(Q_i,U_i,V_i) Master key MSK_ABE＝(α,k₁,k₂) Where i ∈ [1, n ]]。

-KGC randomly choosing h e_RG, generating public parameter PP of VRF algorithm_VRF＝Q_VRF＝hQ。

-KGC randomly choosing w e_RG, generating the public parameter PP of the SAS algorithm_SAS＝Q_SAS＝wQ。

The KGC selects a key generation function KDF (key derivation function), and requires that the length of a KDF output key is the key length of the cryptographic algorithm SM1 (symmetric encryption scheme).

-KGC chooses a collision-resistant hash function H₀:{0,1}^*→G，

-KGC output system public parameter PP ═ (PP)_ABE,PP_VRF,PP_SAS,KDF,H₀,H₁,H₂) And the master key MSK ═ MSK_ABE＝(α,k₁,k₂). And the KGC sends the public parameter PP to the block chain platform for evidence storage.

2. Key generation phase

·KGC.KeyGen(PP,MSK,S)→(PK_O,SK_O,PK_U,SK_U,TK_U,RK_U): and the key generation center generates keys for the Internet of things equipment and the user.

-KGC random picking

Generating public and private key Pair (PK) of Internet of things equipment_O,SK_O) (β Q, β) and a user's public and private key Pair (PK)_U,SK_U)＝(ηQ,η)。

-KGC input user's set of attributesCombination of Chinese herbs

Calculating polynomial ring Z_p[α]Function of

KGC selects random numbers

Calculating s ∈ Z_pSo that the equation

This is true. KGC selects reversible random numbers

Calculating gamma₁＝(r+k₁t)ζ^-1modp，γ₂＝(s-k₂t)ζ^-1modp. User's ciphertext to transform into a key

Ciphertext extracting secret key as RK_U＝ζ。

KGC will public and private key Pair (PK)_O,SK_O) Sending to the Internet of things equipment (PK)_U,SK_U,RK_U) Send to the user (PK)_U,TK_U) And sending the data to the cloud platform.

3. Internet of things data encryption and sharing stage

·

Private key SK for Internet of things equipment_OAnd access control policy

The plaintext m is encrypted. The system adopts a key encapsulation mechanism (key encapsulation mechanism) to encrypt the plaintext, namely, a symmetric encryption algorithm and an encapsulation key EK are used to encrypt a plaintext message m, then a key-based encryption technology is used to encrypt an encapsulation key EK, and access control is performedThe policy is embedded in ciphertext. The key encapsulation mechanism has the advantage that the encryption algorithm has no limitation on the type of data collected by the internet of things, so that the data of the internet of things can be sourced from different sensing devices.

-input data m and access control policy

Random number selection for Internet of things equipment

Computing

k_m＝KDF(r_mQ)，

Let f_iExpression polynomial

Middle alphaⁱThe coefficient of the term. Computing

Outputting the ciphertext

And an encapsulation key EK ═ μ_mWhere i ∈ [1, n ]]。

-internet of things device computing

-certifying the value P of the message m and VRF for the encapsulation key EK using SM1 cryptographic symmetric encryption algorithm₂Encrypting and outputting ciphertext C_m＝SM₁.Enc(KDF(EK),(m||P₂))。

-assuming that the data user is authorized to access the internet of things data file k times at most. Random selection of Internet of things equipment

Computing kappa pair signature key pairs

Wherein i ∈ [1, κ ]]. Using SM1 cryptographic symmetric encryption algorithm to use packaging key EK to sk_iEncrypting to calculate access key cipher text CSK_i＝SM₁.Enc(KDF(EK),sk_i)。

-the internet of things device outputs the ciphertext

4. Internet of things data request phase

·U.Req(PP,PK_U,SK_UInfo): the data user sends out the Internet data access request information Info and calculates Y ═ e (Q)_VRF,(H₁(Info)+SK_U)^-1Q_VRF)，π＝(H₁(Info)+SK_U)^-1Q_VRFOutput req ═ of (Info, PK)_U,Y,π)。

The cloud server performs the following authentication and ciphertext conversion operations. First, it is verified whether the following conditions are all satisfied:

(1) verification equation

Whether or not this is true.

(2) Verification of TK_UProperty set in (1)

And in CT

Whether the access policy of (2) is satisfied

(3) Verifying whether the number of CT requests of the data user does not exceed k.

And if the verification conditions are met, the cloud server performs ciphertext conversion calculation for the data user.

-input ciphertext

And ciphertext conversion key

If it is not

The user's attribute set and access control policy

If not, then output T represents the data user is an unauthorized user. If it is

Cloud platform performing ciphertext transformation computations

According to a function

If in the access policy

Then

Forming a polynomial; otherwise, this is not true. Order to

η_iRepresents alpha in the polynomial Λ (alpha)ⁱThe coefficient of the term. Obviously, the zero-order coefficient η of the polynomial Λ (α)₀Not equal to 0. Cloud platform computing

Generating a transformed ciphertext

The cloud server updates the CT request times ctr +1 of the data users, and stores (TCT, ctr) in the blockchain.

5. Data decryption and certification stage of Internet of things

·U.DecVerify(PP,PK_O,RK_U,TCT,CSK_ctr)→(m,sk_i) /T: the data user recovers the access key sk from the converted ciphertext_iAnd a plaintext message m.

-extracting the key RK from the cipher text by the data consumer_Uζ recovers the original message m. First of all, calculate

Then calculate k_m＝KDF(r_mQ)，

Thereby recovering the EK (encapsulation key) as mu_m。

-computing m | P using SM1 cryptographic symmetric decryption algorithm and the encapsulation key EK₂＝SM₁.Dec(KDF(EK),C_m)。

-verifying whether the following equation holds

-calculating sk_ctr＝SM₁.Dec(KDF(EK),CSK_ctr) Output (m, sk)_i)。

Let ω be the current time period, the data user use sk_i＝z_iCalculating d ═ H₁(req,ω)，Φ₁＝H₂(0,ω)，Φ₂＝H₀(1,ω)，σ＝z_ctrΦ₁+z_ctrdΦ₂Proof of output Proof_ctr(req, σ, ω) and Proof of_ctrThe evidence is stored on the blockchain.

6. Proof stage of block chain aggregation

·Blockchain.AggProof(PP,PK,Proof)→Proof_Σ/T: the cloud server calls the intelligent contract to aggregate the Proof of data users from the block chain (Proof)₁,…,Proof_l) The corresponding public key is PK ═ PK (PK)₁,…,PK_l). For i e [1, l ∈ ]]The cloud server calls the intelligent contract to calculate d_i＝H₁(req_i,ω)，Φ₁＝H₀(0,ω)，Φ₂＝H₀(1, ω). Authentication

Whether or not this is true. If not, outputting T. Otherwise, a proof polymerization operation is performed. Inputting PK ═ PK₁,…,PK_l)，Req＝(Req₁,…,Req_l)，Sig＝(σ₁,…,σ_l) The cloud server calls the intelligent contract to calculate

Proof of output polymerization Proof_Σ＝(Req,σ_Σ,ω)。

7. Block chain aggregation verification phase

·Blockchain.Verify(PP,PK,Proof_Σ) → 1/0: and the Internet of things equipment calls an intelligent contract to verify the aggregation certificate. If ω is not the current time period, or PK ═ PK (PK)₁,…,PK_l) If the public key in (1) appears at least twice in the set, the aggregation is proved to be false, and 0 is output. For i e [1, l ∈ ]]And d, the Internet of things equipment calls the intelligent contract to calculate_i＝H₁(req_i,ω)，Φ₁＝H₀(0,ω)，Φ₂＝H₀(1, ω), verification

Whether or not this is true. If true, 1 is output. Otherwise, 0 is output.

It should be understood that the above-described embodiments of the present invention are merely examples for clearly illustrating the present invention, and are not intended to limit the embodiments of the present invention. Other variations and modifications will be apparent to persons skilled in the art in light of the above description. And are neither required nor exhaustive of all embodiments. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the claims of the present invention.

Claims

1. A safety auditable Internet of things data sharing system based on a block chain is characterized by comprising the following elements: the key generation center KGC, the cloud server, the block chain platform and the Internet of things equipment;

2. The blockchain-based secure auditable internet of things data sharing system of claim 1, wherein:

the key generation center is used for generating the public parameter PP and distributing the key for the entity in the system, and comprises the following steps: distributing public and private key Pairs (PKs) for Internet of things equipment in the Internet of things_O,SK_O) Public and private key Pairs (PKs) are distributed to data consumers_U,SK_U) Generating cryptogram transformation key TK for data user_UAnd extracting the secret key RK_U(ii) a The key generation center is used for generating (PK)_U,SK_U,RK_U) Send to the data user and send (PK)_U,TK_U) Sending the data to a cloud server; the key generation center is also used for sending the public parameter PP to the block chain platform for storing the certificate; the Internet of things equipment sends a public key PK_OThe data user uses the public key PK_USending the verification to a block chain platform for evidence storage;

For allowing user attribute of data access

Limiting to generate a ciphertext CT; the method comprises the steps that the internet of things equipment authorizes a data user to access data with the number of times of kappa, the internet of things equipment generates a kappa pair signature key pair, and a signature private key is encrypted to generate CK; internet of things equipmentUploading the CK of the ciphertext CT and the signature key pair to a cloud server for storage, and sending the CT to a block chain platform by the cloud server for certificate storage;

the cloud server provides service for authorized data users according to the access control strategy; after receiving a proof of access of a data user, submitting the proof to a block chain intelligent contract by the cloud server for verification;

for the cloud server, if proof passes verification, aggregation is carried out to generate an aggregation proof_∑Submitting to the Internet of things equipment for charging for the provided service; service proof of cloud server by calling intelligent contract through equipment of Internet of things_∑Carrying out verification and then carrying out payment receiving operation;

3. A block chain-based security auditable Internet of things data sharing method is characterized in that:

4. The block chain based secure auditable internet of things data sharing method of claim 3, comprising the steps of:

step S1: the key generation center carries out system initialization;

For allowing user attribute of data access

Limiting to generate a ciphertext CT; the method comprises the steps that the internet of things equipment authorizes a data user to access data with the number of times of kappa, the internet of things equipment generates a kappa pair signature key pair, and a signature private key is encrypted to generate CK; the Internet of things equipment uploads the ciphertext CT and the signature key pair CK to the cloud server for storage,the cloud server sends the CT to a block chain platform for storing the certificate;

5. The block chain-based secure auditable internet of things data sharing method of claim 4, wherein:

step S1 specifically includes the following processes:

The key generation center selects a random number

Wherein

step S2 specifically includes the following processes:

the key generation center randomly selects

Generating public and private key Pair (PK) of Internet of things equipment_O,SK_O) Public and private key Pair (PK) for data users_U,SK_U)＝(ηQ,η)；

The key generation center inputs a set of attributes of a user

Calculating polynomial ring Z_p[α]Function of

Selecting random number by key generation center

Calculating s ∈ Z_pSo that the equation

If true; key generation center selecting reversible random numbers

Ciphertext extracting secret key as RK_U＝ζ；

6. The block chain-based secure auditable internet of things data sharing method of claim 5, wherein:

the Internet of things equipment encrypts a plaintext by adopting a key encapsulation mechanism, namely encrypting a plaintext message m by using a symmetric encryption algorithm and an encapsulation key EK, then encrypting the encapsulation key EK by using a key-based encryption technology, and embedding an access control strategy into the plaintext;

the encryption process in step S3 includes:

private key SK for Internet of things equipment_OAnd access control policy

input data m and access control policy

Random number is selected to thing networking device

Computing

k_m＝KDF(r_mQ)，

Let f_iExpression polynomial

Middle alphaⁱThe coefficients of the terms; computing

Outputting the ciphertext

And an encapsulation key EK ═ μ_mWhere i ∈ [1, n ]]；

Internet of things equipment computing

Computing kappa pair signature key pairs

Internet of things equipment output ciphertext

7. The block chain-based secure auditable internet of things data sharing method of claim 6, wherein:

step S4 specifically includes the following processes:

U.Req(PP,PK_U,SK_Uinfo): the data user sends out a thing networking data access request information Info and calculates Y ═ e (Q)_VRF,(H₁(Info)+SK_U)^-1Q_VRF)，π＝(H₁(Info)+SK_U)^-1Q_VRFOutput req ═ of (Info, PK)_U,Y,π)；

first, it is verified whether the following conditions are all satisfied:

(1) verification equation

Whether the result is true or not;

(2) verification of TK_UProperty set in (1)

And in CT

Whether the access policy of (2) is satisfied

inputting cipher text

And ciphertext conversion key

If it is not

The user's attribute set and access control policy

Cloud platform performing ciphertext transformation computations

According to a function

If in the access policy

Then

Forming a polynomial; otherwise, the method is not established; order to

generating a transformed ciphertext

8. The block chain-based secure auditable internet of things data sharing method of claim 7, wherein:

step S5 specifically includes the following processes:

then calculate k_m＝KDF(r_mQ)，

Thereby recovering the EK (encapsulation key) as mu_m；

Verify whether the following equation holds

Computing sk_ctr＝SM₁.Dec(KDF(EK),CSK_ctr) Output (m, sk)_i)；

Let omega be whenPrevious time period, said data user using sk_i＝z_iCalculating d ═ H₁(req,ω)，Φ₁＝H₂(0,ω)，Φ₂＝H₀(1,ω)，σ＝z_ctrΦ₁+z_ctrdΦ₂Proof of output Proof_ctr(req, σ, ω) and Proof of_ctrThe evidence is stored on the blockchain.

9. The block chain-based secure auditable internet of things data sharing method of claim 8, wherein:

step S6 specifically includes the following processes:

Proof of output polymerization Proof_Σ＝(Req,σ_Σ,ω)。

10. The block chain-based secure auditable internet of things data sharing method of claim 9, wherein:

step S7 specifically includes the following processes: