CN114398331A - Trusted data sharing method based on block chain - Google Patents

Trusted data sharing method based on block chain Download PDF

Info

Publication number
CN114398331A
CN114398331A CN202111591133.7A CN202111591133A CN114398331A CN 114398331 A CN114398331 A CN 114398331A CN 202111591133 A CN202111591133 A CN 202111591133A CN 114398331 A CN114398331 A CN 114398331A
Authority
CN
China
Prior art keywords
data
key
user
requester
block chain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111591133.7A
Other languages
Chinese (zh)
Inventor
杨吉云
李海峰
唐波
邓佳敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing University
Original Assignee
Chongqing University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing University filed Critical Chongqing University
Priority to CN202111591133.7A priority Critical patent/CN114398331A/en
Publication of CN114398331A publication Critical patent/CN114398331A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/176Support for shared access to files; File sharing support
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a trusted data sharing method based on a block chain, which belongs to the field of block chains and comprises the following steps: s1: generating cryptographic system parameters; s2: the user registers to become a legal user, and the system returns the security parameters to the user; s3: the user shares the existing data, and encrypts the data by using the group key for the data with low confidentiality and sensitivity; for data with high confidentiality and sensitivity, generating a new key encryption by the system each time, and returning the key to the user for storage; s4: for the data encrypted by the group key, the data requester inputs own security parameters, and the system recovers the key decryption data and returns the key decryption data to the data requester; for data encrypted by a single key, a data requester sends a request to a data owner to acquire a decryption key, and the data owner sends the key for requesting the data to the data requester after the request.

Description

Trusted data sharing method based on block chain
Technical Field
The invention belongs to the field of block chains, and relates to a trusted data sharing method based on a block chain.
Background
With the advent of the big data age, data has become an important resource. Large-scale enterprises, scientific research institutions, government agencies and other institutions need to produce and research mutual data, and data sharing is urgently needed. The centralized data sharing mode is difficult to ensure the reliability of data, a credible data exchange mechanism is lacked, and the problem of difficult data right confirmation exists. The distributed data sharing mode also has the problem of low data sharing efficiency, and the data sharing is seriously hindered.
A typical way of sharing data storage is to collect and store the data centrally through a unified database or a large data platform, and the data is stored in a clear text form, so that the data is not protected by privacy. Once the database is granted rights by an attacker, all the data is directly exposed. In order to solve the data security problem, some methods encrypt data before storing, but these methods either use the same key to encrypt all data or use different keys to encrypt all data each time, the former method has the problem of one-time key exposure and all data are not secure, and the latter method has the problem of huge key storage overhead.
In response to the above problems, effective solutions may be provided using federation blockchains, distributed storage techniques, and cryptography techniques. A federation chain is a type of blockchain that is a licensed blockchain that a user must authenticate before joining a network. These nodes do not trust each other completely, but they both respect the constraints of the smart contract and work in concert. The reliability and authenticity of data on the chain are guaranteed by utilizing the characteristic that the block chain cannot be tampered. Before data is encrypted, the data is encrypted in the form of a 'one-time pad' and a 'group key' according to the sensitivity of the data, so that the flexibility and the efficiency of data processing are improved, the 'group key' is distributed and recovered by using the Chinese remainder theorem, the plaintext of the key is prevented from being exposed, and the cost for storing the key is reduced. The file data is encrypted and then stored in the cloud distributed file system, so that the confidentiality and the completeness of the data can be guaranteed.
Disclosure of Invention
In view of the above, the present invention provides a trusted data sharing method based on a block chain.
In order to achieve the purpose, the invention provides the following technical scheme:
a trusted data sharing method based on a block chain comprises the following steps:
s1: initializing a system, wherein an encryption module generates a cryptosystem parameter;
s2: user authorization, wherein a user registers through a block chain data sharing platform, becomes a legal user through system qualification audit and authorization, and the system returns a security parameter for the user;
s3: uploading and storing data, wherein a user shares the existing data, and if the data is structured text data, the data and the attribute information of the data are directly stored in a block chain; if the file is unstructured file data, the file is encrypted and stored to the cloud, and meanwhile index information and attribute information of the file are stored to the block chain; for unstructured file data, the data are divided into two types according to the confidentiality degree or the sensitivity degree of the data; for data with low confidentiality and sensitivity, the group key is adopted to encrypt the data, the user does not directly store the group key, and the group key is recovered through the security parameters stored by the user; for data with high confidentiality and sensitivity, generating a new key encryption by the system each time, and returning the key to the user for storage;
s4: data query is obtained, and other users check shared data through a block chain data sharing platform; for the data encrypted by the group key, the data requester inputs own security parameters, and the system recovers the key decryption data and returns the key decryption data to the data requester; for data encrypted by a single key, a data requester sends a request to a data owner to acquire a decryption key, the data owner sends the key requesting the data to the data requester after passing the request, the data requester inputs the key after acquiring the key, and the system downloads a file and decrypts the file to the data requester.
Further, in step S4, before the data requester sends the request to the data owner, the system first uses the RSA key generation algorithm to generate a public-private key pair, the private key is retained by the data requester itself, the data requester encrypts the public key, the name of the requested data, and the hash value with the group key and then sends the encrypted public key, the name of the requested data, and the hash value to the data owner, the data owner decrypts the request message with the group key, and returns the requested data to the data requester with the public key of the data requester after the request, and the data requester decrypts the requested data with its private key to obtain the key for decrypting the data.
Further, the user invokes an add data contract when initiating the data sharing request, the add data contract being:
a user writes in data attribute information to be shared through a client, and the client transmits the attribute information to an intelligent contract; the intelligent contract analyzes the received attribute information, and encapsulates the attribute information into data sharing Record information by using a Record structure; the intelligent contract calls an account book data writing interface function, the bound structure data is used as a parameter to be transmitted, and the interface function executes subsequent operation; the interface function returns the execution state and result, and the intelligent contract returns the addition result to the client.
Further, the user invokes a query data contract when viewing or downloading the shared data, the query data contract being:
a user inputs a request data keyword through a client, and the client transmits query information to an intelligent contract; the intelligent contract analyzes the received query information and matches the query information with fields in a structure body of a Record (including a TextRecord and a FileRecord) to obtain a standard field of the structure body; the intelligent contract calls an account book query interface function, the standard field of the structural body is used as a parameter to be transmitted in, and the interface function executes subsequent query operation; the interface function returns the execution state and result, and the intelligent contract returns the query result to the client.
Further, the user invokes a delete data contract when deleting data, the delete data contract being:
a user inputs a keyword of data to be deleted through a client, and the client transmits deletion information to an intelligent contract; the intelligent contract analyzes the received deleting information and matches the deleting information with the field in the Record structure body to obtain a standard field of the structure body; the intelligent contract calls an account book deleting interface function, the standard field of the structural body is used as a parameter to be transmitted, and the interface function executes subsequent deleting operation; the interface function returns the execution state and result, and the intelligent contract returns the deletion result to the client.
Further, the data with low confidentiality and sensitivity is completely shared data, group keys are adopted for encryption and decryption, and the Chinese remainder theorem is used for key management, and the specific process is as follows:
the system selects two random numbers x and kg, wherein kg is used as a group key for encrypting the uploaded file, and x is used as a parameter for recovering the group key;
the system randomly generates k large prime numbers m1,m2,…mkAnd k numbers are mutually prime every two, after the user passes the registration authentication, the system sends miDistributing the security parameters to users;
calculating M and M according to Chinese remainder theorem theoryi
M=m1m2…mk (1)
Figure BDA0003429937860000031
Then the same residue group
X≡b1(mod m1),X≡b2(mod m2),…,X≡bk(mod mk) (3)
Unique positive integer solution with modulo M
X≡b1 M1y1+b2 M2y2+…+bk Mkyk(mod M) (4)
Wherein y isiIs a homological formula Miyi≡1(mod mi) Positive integer solution of (i.e. y)iIs MiMold miThe inverse of (i ═ 1,2, …, k);
the group key kg is processed according to the parameters in the summation equation (4).
λi=Mi·yi (5)
Figure BDA0003429937860000032
γ=ψ·kg (7)
Figure BDA0003429937860000033
λiIs MiAnd inverse element yiIs the product of, phi is each lambdaiγ is the product of the group key kg and ψ, δ is a parameter to restore the group key; the system returns δ to the user, who then gets a set of parameters (δ, m) to recover the keyi);
Reducing gamma by delta, and then utilizing gamma and miReduction kg:
Figure BDA0003429937860000034
kg=γmod mi (10)
in the formula (10), in the summation of γ, m is dividediCan except all except MiIn the summation formula of X, all terms except the i-th term are paired with miModulo congruence 0, i.e. only M remains in the summation equationi·yiAnd due to yiIs MiMold miSo as to obtain the group key kg;
by using the formula, the data encryption storage and decryption acquisition process is as follows:
a1: when a data owner shares data, a group key encryption file is selected, the system encrypts the file and uploads the file to a distributed file system, and meanwhile, relevant TextRecord information is written into a block chain;
a2: when the data requester retrieves the data and the decryption key is the group key, two parameters δ and m are inputi
A3: the system firstly obtains gamma through delta; then through gamma and miCalculating a group key kg;
a4: and if the group key is successfully recovered, the system decrypts the ciphertext data to obtain the data file before encryption and returns the data file to the user.
Further, the data with high confidentiality and sensitivity is the data which is not completely shared, a one-time pad is used during encryption, different keys are generated for the data each time and are stored, and the specific process is as follows:
b1: when a user uploads non-completely shared data, the system generates a random key through a key generation algorithm, the random key is used for encrypting the data, and the random key needs to be stored. The system uploads the encrypted data to the cloud, and meanwhile, the FileRecord information is written into the block chain.
B2: when a data requester wants to obtain the data, the data requester requests a decryption key separately from a data owner, and the data requester requests a public-private key pair from the system;
b3: the system generates a pair of public and private keys by using an RSA key generation algorithm and returns the public and private key pair to the data requester;
b4: the data requester sends the obtained public key and the corresponding data request to the data owner;
b5: the data owner receives the request of the data requester, verifies the rationality of the request, and encrypts and returns the key for encrypting the request data to the data requester by using a public key sent by the data requester if the request is verified;
b6: after receiving the information of the data owner, the data requester decrypts the information by using the private key of the data requester to obtain the key required by data decryption.
The invention has the beneficial effects that:
1) the block chain of the alliance is used, the characteristic that the block chain cannot be tampered is utilized, and the identity management mechanism and the intelligent contract are combined, so that the legality of a user participating in data sharing and the authenticity and reliability of data are guaranteed, the problem in the existing data sharing is well solved, and an effective trusted data exchange mechanism is provided.
2) The shared data are classified and classified, the structured text data directly exist in a block chain, the file data with low sensitivity are stored in the cloud end in an encrypted mode through the group key, and the file data with high sensitivity are stored in the cloud end in an encrypted mode through the new key each time. The method improves the flexibility and efficiency of data processing, and ensures the safety of cloud data.
3) The distribution and recovery of the group key are realized by utilizing the Chinese remainder theorem, the plaintext of the key is prevented from being directly exposed, the storage overhead of the key is reduced, and the security of the key is improved.
Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention. The objectives and other advantages of the invention may be realized and attained by the means of the instrumentalities and combinations particularly pointed out hereinafter.
Drawings
For the purposes of promoting a better understanding of the objects, aspects and advantages of the invention, reference will now be made to the following detailed description taken in conjunction with the accompanying drawings in which:
FIG. 1 is a system architecture diagram for implementing the block chain-based trusted data sharing method according to the present invention;
FIG. 2 is an add data contract execution flow diagram;
FIG. 3 is a query data contract execution flow diagram;
FIG. 4 is a delete data contract execution flow diagram;
FIG. 5 is a diagram of a data encryption storage and request process;
FIG. 6 is a diagram of a data encryption storage and request process.
Detailed Description
The embodiments of the present invention are described below with reference to specific embodiments, and other advantages and effects of the present invention will be easily understood by those skilled in the art from the disclosure of the present specification. The invention is capable of other and different embodiments and of being practiced or of being carried out in various ways, and its several details are capable of modification in various respects, all without departing from the spirit and scope of the present invention. It should be noted that the drawings provided in the following embodiments are only for illustrating the basic idea of the present invention in a schematic way, and the features in the following embodiments and examples may be combined with each other without conflict.
Wherein the showings are for the purpose of illustrating the invention only and not for the purpose of limiting the same, and in which there is shown by way of illustration only and not in the drawings in which there is no intention to limit the invention thereto; to better illustrate the embodiments of the present invention, some parts of the drawings may be omitted, enlarged or reduced, and do not represent the size of an actual product; it will be understood by those skilled in the art that certain well-known structures in the drawings and descriptions thereof may be omitted.
The same or similar reference numerals in the drawings of the embodiments of the present invention correspond to the same or similar components; in the description of the present invention, it should be understood that if there is an orientation or positional relationship indicated by terms such as "upper", "lower", "left", "right", "front", "rear", etc., based on the orientation or positional relationship shown in the drawings, it is only for convenience of description and simplification of description, but it is not an indication or suggestion that the referred device or element must have a specific orientation, be constructed in a specific orientation, and be operated, and therefore, the terms describing the positional relationship in the drawings are only used for illustrative purposes, and are not to be construed as limiting the present invention, and the specific meaning of the terms may be understood by those skilled in the art according to specific situations.
Referring to fig. 1, the present invention is based on a data sharing system, which is composed of a data layer, an application layer and a user layer. The data layer is composed of a block chain network and a cloud storage system, the block chain is used for storing data recording information, and the cloud storage system stores large-structure data and is the basis of data storage and recording. The data layer is responsible for receiving the user layer request and returning the data layer response, and is composed of a data processing module and an encryption and decryption module, wherein the data processing module processes the user data sharing and inquiring request and file uploading and downloading, and the encryption and decryption module processes the key and encrypts and decrypts the file data. The user of the user layer initiates a request of data sharing and data query through the client, and the client returns a request processing result to the user.
The invention discloses a block chain-based trusted data sharing method, which comprises the following overall processes:
1) and (5) initializing the system. The encryption module generates cryptographic system parameters.
2) And (4) user authorization. The user is registered through the block chain data sharing platform, the user becomes a legal user through system qualification verification and authorization, and the system returns safety parameters for the user.
3) And uploading and storing the data. The user shares the existing data, and if the data is structured text data, the data and the attribute information of the data are directly stored in a block chain; and if the file is unstructured file data, encrypting and storing the file to the cloud, and storing the index information and the attribute information of the file to the block chain.
Particularly, for two types of data, namely structured text type data and unstructured file type data, the following two data structures are respectively designed as transaction structures of block chain uplink according to the attributes of the data.
Figure BDA0003429937860000061
In particular, for unstructured document data, two categories are distinguished according to the degree of confidentiality or sensitivity of the data. For data with low confidentiality and sensitivity (hereinafter referred to as fully shared data), the data is encrypted by using the group key, the user does not directly store the group key, and the group key is recovered through the security parameters stored by the user. Secondly, for data with high confidentiality and sensitivity (hereinafter referred to as non-fully shared data), the system generates a new key encryption every time and returns the key to the user for storage.
4) And (6) data query acquisition. Other users may view the shared data through the blockchain data sharing platform. For the data encrypted by the group key, the data requester inputs own security parameters, and the system recovers the key decryption data and returns the key decryption data to the data requester. For data encrypted by a single key, a data requester needs to send a request to a data owner to acquire a decryption key, the data owner sends the key requesting the data to the data requester after passing the request, the data requester inputs the key after acquiring the key, and the system downloads a file and decrypts the file to the data requester.
Particularly, before a data requester sends a request to a data owner, a system needs to generate a pair of public and private keys by using an RSA key generation algorithm, the private key is reserved by the data requester, the data requester sends the public key, the name of requested data and a hash value to the data owner after being encrypted by a group key, the data owner decrypts a request message by using the group key, the requested data is returned to the data requester by using the public key of the data requester after the request, and the data requester decrypts by using the private key of the data requester to obtain a key for decrypting the data.
The invention also designs an intelligent contract, which comprises the following steps:
1) adding data contracts
As shown in fig. 2, the add data contract is invoked by a user when initiating a data sharing request. The user writes data information to be shared through the client, then the client transfers the data related information to the block chain network to be packaged into a transaction, and the block chain network writes the block after processing the transaction.
2) Query data contract
As shown in fig. 3, a query data contract is invoked when a user views or downloads shared data. The user submits key field information (such as ID, name, owner and the like) at the client, the client transmits the key information to the block chain network, a query data contract searches corresponding data information in the book according to the key words, and the block chain network returns shared data or index information of the shared data to the client when the data is successfully queried.
3) Deleting data contracts
As shown in fig. 4, a delete data contract is invoked when a user needs to delete data. For shared data, if the owner of the data finds that the data is useless or is no longer suitable for sharing, or the administrator considers that the data is not in accordance with the specification, the data record can be found through keywords, and then a request for deleting the data is sent to the blockchain network to be executed through an intelligent contract.
As shown in fig. 5, for the completely shared data, since the requirements on confidentiality and sensitivity are not high, and the completely shared data can be opened to all legitimate users, the group key is used for encryption and decryption, and the chinese remainder theorem is used for key management, which includes the following specific processes:
an encryption module:
1) and selecting group key parameters. The system selects two random numbers x and kg. kg is used as a group key for encrypting the uploaded file, and x is used as a parameter for recovering the group key.
2) And selecting and distributing user parameters. The system randomly generates k large prime numbers m1,m2,…mkAnd k numbers are mutually prime every two, after the user passes the registration authentication, the system sends miDistributed to users as security parameters.
3) And calculating group key parameters. Calculating M and M according to Chinese remainder theorem theoryi
M=m1m2…mk (1.1)
Figure BDA0003429937860000081
Then the same residue group
X≡b1(mod m1),X≡b2(mod m2),…,X≡bk(mod mk) (1.3)
Unique positive integer solution with modulo M
X≡b1 M1y1+b2 M2y2+…+bk Mkyk(mod M) (1.4)
Wherein y isiIs a homological formula Miyi≡1(mod mi) Positive integer solution of (i.e. y)iIs MiMold miIs equal to 1,2, …, k.
Property 1 when i ≠ j, there is (m)i,mj) 1 is ═ 1; binding of Mj=M/mjThen, m is knowni|MjSo at m1,m2,…mkMiddle removing miExcept that all M can be dividediFurther, it can be found that in the summation equation 1.4 of the positive integer solution X, all the terms except the i-th term are paired with miModulus congruence 0 is taken.
The group key kg is processed according to the parameters in the summation equation 1.4.
λi=Mi·yi (1.5)
Figure BDA0003429937860000082
γ=ψ·kg (1.7)
Figure BDA0003429937860000083
λiIs MiAnd inverse element yiIs the product of, phi is each lambdaiγ is the product of the group key kg and ψ, and δ is a parameter for recovering the group key. The system returns δ to the user, who then gets a set of parameters (δ, m) to recover the keyi)。
4) And recovering the group key. Reducing gamma by delta, and then utilizing gamma and miReducing kg.
Figure BDA0003429937860000084
kg=γmod mi (1.10)
Where formula 1.10 utilizes property 1, in the summation of γ, divide miExcept that all M can be dividediIn the summation formula of X, all terms except the i-th term are paired with miModulo congruence 0, i.e. only M remains in the summation equationi·yiAnd due to yiIs MiMold miSo a group key kg is obtained.
The data encryption storage and decryption acquisition process comprises the following steps:
1) and when the data owner shares the data, selecting a group key encryption file, uploading the encrypted file to a distributed file system, and simultaneously writing the TextRecord related information into the block chain.
2) When the data requester retrieves the data and the decryption key is the group key, two parameters δ and m are inputi
3) The system firstly obtains gamma through delta, see formula 1.9; then through gamma and miCalculate the group key kg, see equation 1.10.
4) And if the group key is successfully recovered, the system decrypts the ciphertext data to obtain the data file before encryption and returns the data file to the user.
As shown in fig. 6, for the incompletely shared data, a "one-time pad" is used in encryption, and a different key is generated for such data and stored. Users cannot decrypt using the group key when requesting access to such data, requiring separate requests from the data owner for the decryption key. The specific process is as follows:
1) when a user uploads non-completely shared data, the system generates a random key through a key generation algorithm, the random key is used for encrypting the data, and the random key needs to be stored. The system uploads the encrypted data to the cloud, and meanwhile, the FileRecord information is written into the block chain.
2) When a data requester wants to obtain the data, it needs to request the decryption key separately from the owner of the data, and the data requester requests a pair of public and private keys from the system.
3) The system uses RSA key generation algorithm to generate a pair of public and private keys, and returns the public and private key pair to the user.
4) The data requestor sends the obtained public key and the corresponding data request to the data owner.
5) The data owner receives the request of the data requester, verifies the reasonability of the request, and if the verification is passed, the public key sent by the data requester is used for encrypting the key for encrypting the request data and returning the encrypted key to the data requester.
6) After receiving the information of the data owner, the data requester decrypts the information by using the private key of the data requester to obtain the key required by data decryption.
Finally, the above embodiments are only intended to illustrate the technical solutions of the present invention and not to limit the present invention, and although the present invention has been described in detail with reference to the preferred embodiments, it will be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions, and all of them should be covered by the claims of the present invention.

Claims (7)

1. A trusted data sharing method based on a block chain is characterized in that: the method comprises the following steps:
s1: initializing a system, wherein an encryption module generates a cryptosystem parameter;
s2: user authorization, wherein a user registers through a block chain data sharing platform, becomes a legal user through system qualification audit and authorization, and the system returns a security parameter for the user;
s3: uploading and storing data, wherein a user shares the existing data, and if the data is structured text data, the data and the attribute information of the data are directly stored in a block chain; if the file is unstructured file data, the file is encrypted and stored to the cloud, and meanwhile index information and attribute information of the file are stored to the block chain; for unstructured file data, the data are divided into two types according to the confidentiality degree or the sensitivity degree of the data; for data with low confidentiality and sensitivity, the group key is adopted to encrypt the data, the user does not directly store the group key, and the group key is recovered through the security parameters stored by the user; for data with high confidentiality and sensitivity, generating a new key encryption by the system each time, and returning the key to the user for storage;
s4: data query is obtained, and other users check shared data through a block chain data sharing platform; for the data encrypted by the group key, the data requester inputs own security parameters, and the system recovers the key decryption data and returns the key decryption data to the data requester; for data encrypted by a single key, a data requester sends a request to a data owner to acquire a decryption key, the data owner sends the key requesting the data to the data requester after passing the request, the data requester inputs the key after acquiring the key, and the system downloads a file and decrypts the file to the data requester.
2. The block chain based trusted data sharing method according to claim 1, wherein: in step S4, before the data requester sends a request to the data owner, the system first uses the RSA key generation algorithm to generate a public-private key pair, the private key is reserved by the data requester itself, the data requester encrypts the public key, the name of the requested data, and the hash value with the group key and then sends the encrypted public key, the name of the requested data, and the hash value to the data owner, the data owner decrypts the request message with the group key, and returns the encrypted request message to the data requester with the public key of the data requester after the request, and the data requester decrypts the encrypted request message with the private key to obtain the key for decrypting the data.
3. The block chain based trusted data sharing method according to claim 1, wherein: a user invokes an add data contract when initiating a data sharing request, the add data contract being:
a user writes in data attribute information to be shared through a client, and the client transmits the attribute information to an intelligent contract; the intelligent contract analyzes the received attribute information, and encapsulates the attribute information into data sharing Record information by using a Record structure; the intelligent contract calls an account book data writing interface function, the bound structure data is used as a parameter to be transmitted, and the interface function executes subsequent operation; the interface function returns the execution state and result, and the intelligent contract returns the addition result to the client.
4. The block chain based trusted data sharing method according to claim 1, wherein: the user calls a query data contract when viewing or downloading the shared data, the query data contract being:
a user inputs a request data keyword through a client, and the client transmits query information to an intelligent contract; the intelligent contract analyzes the received query information and matches the query information with the fields in the Record structure body to obtain a standard field of the structure body; the intelligent contract calls an account book query interface function, the standard field of the structural body is used as a parameter to be transmitted in, and the interface function executes subsequent query operation; the interface function returns the execution state and result, and the intelligent contract returns the query result to the client.
5. The block chain based trusted data sharing method according to claim 1, wherein: when deleting data, the user calls a delete data contract, and the delete data contract is as follows:
a user inputs a keyword of data to be deleted through a client, and the client transmits deletion information to an intelligent contract; the intelligent contract analyzes the received deleting information and matches the deleting information with the field in the Record structure body to obtain a standard field of the structure body; the intelligent contract calls an account book deleting interface function, the standard field of the structural body is used as a parameter to be transmitted, and the interface function executes subsequent deleting operation; the interface function returns the execution state and result, and the intelligent contract returns the deletion result to the client.
6. The block chain based trusted data sharing method according to claim 1, wherein: the data with low confidentiality and sensitivity is completely shared data, group keys are adopted for encryption and decryption, and the Chinese remainder theorem is used for key management, and the specific process is as follows:
the system selects two random numbers x and kg, wherein kg is used as a group key for encrypting the uploaded file, and x is used as a parameter for recovering the group key;
the system randomly generates k large prime numbers m1,m2,…mkAnd k numbers are mutually prime every two, after the user passes the registration authentication, the system sends miDistributing the security parameters to users;
calculating M and M according to Chinese remainder theorem theoryi
M=m1m2…mk (1)
Figure FDA0003429937850000021
Then the same residue group
X≡b1(mod m1),X≡b2(mod m2),…,X≡bk(mod mk) (3)
Unique positive integer solution with modulo M
X≡b1M1y1+b2M2y2+…+bkMkyk(mod M) (4)
Wherein y isiIs a homological formula Miyi≡1(mod mi) Positive integer solution of (i.e. y)iIs MiMold miThe inverse of (i ═ 1,2, …, k);
the group key kg is processed according to the parameters in the summation equation (4).
λi=Mi·yi (5)
Figure FDA0003429937850000022
γ=ψ·kg (7)
Figure FDA0003429937850000023
λiIs MiAnd inverse element yiIs the product of, phi is each lambdaiγ is the product of the group key kg and ψ, δ is a parameter to restore the group key; the system returns δ to the user, who then gets a set of parameters (δ, m) to recover the keyi);
Reducing gamma by delta, and then utilizing gamma and miReduction kg:
Figure FDA0003429937850000031
kg=γmod mi (10)
in the formula (10), the sum at γIn the formula, except miCan except all except MiIn the summation formula of X, all terms except the i-th term are paired with miModulo congruence 0, i.e. only M remains in the summation equationi·yiAnd due to yiIs MiMold miSo as to obtain the group key kg;
by using the formula, the data encryption storage and decryption acquisition process is as follows:
a1: when a data owner shares data, a group key encryption file is selected, the system encrypts the file and uploads the file to a distributed file system, and meanwhile, relevant TextRecord information is written into a block chain;
a2: when the data requester retrieves the data and the decryption key is the group key, two parameters δ and m are inputi
A3: the system first obtains γ by δ according to equation (9); then according to formula (10) by gamma and miCalculating a group key kg;
a4: and if the group key is successfully recovered, the system decrypts the ciphertext data to obtain the data file before encryption and returns the data file to the user.
7. The block chain based trusted data sharing method according to claim 1, wherein: the data with high confidentiality and sensitivity is incompletely shared data, a one-time pad is used during encryption, different keys are generated for the data each time and are stored, and the specific process is as follows:
b1: when a user uploads non-completely shared data, the system generates a random key through a key generation algorithm, the random key is used for encrypting the data, and the random key needs to be stored. The system uploads the encrypted data to the cloud, and meanwhile, the FileRecord information is written into the block chain.
B2: when a data requester wants to obtain the data, the data requester requests a decryption key separately from a data owner, and the data requester requests a public-private key pair from the system;
b3: the system generates a pair of public and private keys by using an RSA key generation algorithm and returns the public and private key pair to the data requester;
b4: the data requester sends the obtained public key and the corresponding data request to the data owner;
b5: the data owner receives the request of the data requester, verifies the rationality of the request, and encrypts and returns the key for encrypting the request data to the data requester by using a public key sent by the data requester if the request is verified;
b6: after receiving the information of the data owner, the data requester decrypts the information by using the private key of the data requester to obtain the key required by data decryption.
CN202111591133.7A 2021-12-23 2021-12-23 Trusted data sharing method based on block chain Pending CN114398331A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111591133.7A CN114398331A (en) 2021-12-23 2021-12-23 Trusted data sharing method based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111591133.7A CN114398331A (en) 2021-12-23 2021-12-23 Trusted data sharing method based on block chain

Publications (1)

Publication Number Publication Date
CN114398331A true CN114398331A (en) 2022-04-26

Family

ID=81226805

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111591133.7A Pending CN114398331A (en) 2021-12-23 2021-12-23 Trusted data sharing method based on block chain

Country Status (1)

Country Link
CN (1) CN114398331A (en)

Similar Documents

Publication Publication Date Title
CN112989415B (en) Private data storage and access control method and system based on block chain
WO2022007889A1 (en) Searchable encrypted data sharing method and system based on blockchain and homomorphic encryption
CN109144961B (en) Authorization file sharing method and device
WO2019090988A1 (en) Cryptography attribute-based access control method and system based on dynamic rule
CN108418681B (en) Attribute-based ciphertext retrieval system and method supporting proxy re-encryption
Li et al. A hybrid cloud approach for secure authorized deduplication
US20150067330A1 (en) Method and system for network data access
US20040010699A1 (en) Secure data management techniques
Zhang et al. DOPIV: Post-quantum secure identity-based data outsourcing with public integrity verification in cloud storage
CN113407627A (en) Intelligent medical network system based on block chain and medical data sharing method
WO2014114080A1 (en) Method and system for data encryption protection
CN108632385B (en) Time sequence-based cloud storage privacy protection method for multi-branch tree data index structure
CN110572258A (en) Cloud password computing platform and computing service method
Khashan Secure outsourcing and sharing of cloud data using a user-side encrypted file system
CN115021903A (en) Electronic medical record sharing method and system based on block chain
CN113645039A (en) Communication information transmission system and method based on different authorities
Guo et al. Using blockchain to control access to cloud data
Pareek et al. Proxy re-encryption for fine-grained access control: Its applicability, security under stronger notions and performance
Tian et al. An efficient scheme of cloud data assured deletion
Gajmal et al. Blockchain-based access control and data sharing mechanism in cloud decentralized storage system
CN107919966B (en) Computer network safety controller
Yan et al. Secure and efficient big data deduplication in fog computing
CN113868450B (en) Remote sensing image safety retrieval method based on block chain
CN116248289A (en) Industrial Internet identification analysis access control method based on ciphertext attribute encryption
Bharat et al. A Secured and Authorized Data Deduplication in Hybrid Cloud with Public Auditing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination