CN115174277A - Data communication and file exchange method based on block chain - Google Patents

Data communication and file exchange method based on block chain Download PDF

Info

Publication number
CN115174277A
CN115174277A CN202211091949.8A CN202211091949A CN115174277A CN 115174277 A CN115174277 A CN 115174277A CN 202211091949 A CN202211091949 A CN 202211091949A CN 115174277 A CN115174277 A CN 115174277A
Authority
CN
China
Prior art keywords
file
receiving
text
sending
service unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211091949.8A
Other languages
Chinese (zh)
Other versions
CN115174277B (en
Inventor
丁春风
陈伟
张小林
樊昌良
王旭伟
刘昀
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Post & Telecommunication Engineering Construction Co ltd
Original Assignee
Zhejiang Post & Telecommunication Engineering Construction Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Post & Telecommunication Engineering Construction Co ltd filed Critical Zhejiang Post & Telecommunication Engineering Construction Co ltd
Priority to CN202211091949.8A priority Critical patent/CN115174277B/en
Publication of CN115174277A publication Critical patent/CN115174277A/en
Application granted granted Critical
Publication of CN115174277B publication Critical patent/CN115174277B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A block chain based data communication and file exchange method belongs to the technical field of data communication, all electronic file exchange information is disclosed on a block chain, any third party can be verified, and an intelligent contract executes text receiving and sending operations in a conditional execution mode, so that participation of the third party is reduced automatically, a legal receiver is limited in a text receiving stage to obtain file data in private transaction, and information integrity, confidentiality and non-repudiation are maintained.

Description

Data communication and file exchange method based on block chain
Technical Field
The invention belongs to the technical field of data communication, and particularly relates to a data communication and file exchange method based on a block chain.
Background
The network is used for transmitting data information or archive files, the traditional mailing or manual transmission mode is replaced, the transmission time of the files is greatly shortened, and the working efficiency is improved.
The traditional transmission mode of electronic files is a point-to-point exchange mode adopting P2P, which is easy to generate single-point failure problem, and may be invaded by hackers and falsified or stolen with data. In addition, in the architecture of the centralized authentication center, since the authentication center may be invaded by a hacker, man-in-the-middle attack is generated, and the centralized authentication center fails, which may result in that the authentication cannot be performed.
The blockchain has the characteristics of high safety, decentralization and non-falsification, and can ensure that the electronic file can be transferred under high-level protection.
The invention discloses a key distribution method for data communication based on a block chain, which is disclosed in Chinese patent publication No. CN110620660A, and considers that the key distribution problem is the first problem of the problem of trusted shared communication access of data. It has the following disadvantages:
1, which describes only the key distribution step, the transferred file is not linked and stored, and it is not possible to trace the access records of the file and to verify whether the file has been tampered with.
2, because the identity authentication of the scheme is not participated in by an authentication center, most existing electronic file transmission methods all adopt a centralized authentication center architecture, and the scheme is difficult to be compatible with the existing architecture.
Disclosure of Invention
In view of the above-mentioned deficiencies of the prior art, it is an object of the present invention to provide a method for block chain based data communication and archive exchange.
In order to achieve the above object, the present invention adopts the following technical solutions.
The data communication and file exchange method based on block chain, it is established with sender, receiver, authentication center, service unit for sending and receiving text and intelligent contract; the intelligent contracts comprise exchange management contracts, file exchange contracts and file management contracts; the method comprises the following steps:
step S1, a deployment phase: the text receiving and sending service unit deploys the intelligent contract on the block chain network, sets the position, the public key and the certificate information of the authentication center and then provides the position, the public key and the certificate information for the participants to perform text receiving and sending operation;
step S2, a registration stage: each participant registers in the authentication center, and after being calculated by the authentication center, the participant gives a verification key and a certificate for self-calculating a public key and a private key;
step S3, a text sending stage: the intelligent contract and the participants respectively carry out identity authentication, and send a text after a safety channel is established; in the process of file exchange, the text receiving and sending service unit uses an exchange management contract to inquire the identity information of a text receiver; before uploading the file, the sender encrypts the file by an elliptic curve encryption method, and generates a list of receivers so that the legal receivers have the right to download the file, and transmits the file and the list of receivers to a file receiving and sending service unit; the message sending information is written in by the message sending and receiving service unit and the contract deployment of the file exchange contract is completed, the contract deployment is performed on the chain through private transaction, only the receiver in the receiver list can receive the contract content, and the ciphertext abstract and the file exchange address are stored in the file management contract after the contract deployment is completed so as to complete the message sending operation;
step S4, a text receiving stage: the recipient carries out the receiving operation through the receiving and dispatching service unit; the receiving and sending text service unit retrieves the relevant file exchange address through the monitoring exchange network, acquires the ciphertext abstract and the file downloading address through the inquiry of the file exchange address, and transmits the signature and the ciphertext abstract to the sender for requesting file downloading; the sender verifies the signature to confirm the identity of the receiver, verifies whether the receiver is a legal receiver list member, obtains the exchange file from the file management contract after the verification is passed, then signs the file hash value and the exchange file back to the receiver, and decrypts the file by the key generated by both parties after the receiver confirms that the identity of the sender is correct.
Step S1, comprising:
step S101, participants including a sender, a receiver and an intelligent contract store the identity information of the participants in a message receiving and sending service unit;
step S102, a message receiving and sending service unit deploys an intelligent contract on a block chain network;
step S103, the text receiving and sending service unit sets identity information, a public key and certificate information of the authentication center;
step S104, the intelligent contract stores the identity information, the public key and the certificate information of the authentication center in the block chain network.
Step S2, comprising:
step S201, the authentication center selects a safe elliptic curve E (Fq) in a finite field Fq, wherein q is a large prime number with more than 256 bits; selecting a base point G with the order n on an elliptic curve E (Fq) so that n.G = O, wherein O is the infinite point of the elliptic curve, and selecting a one-way hash function h () and an authentication center private key sk CA Computing a certificate authority public key Pk CA And an elliptic curve E (Fq), an order n, a base point G, a one-way hash function h (), and a public key Pk of the authentication center CA Disclose to participants Pt, wherein Pk CA =sk CA ·G;
Step S202, the participants including the sender, the receiver and the intelligent contract submit the ID of the participant identity information to the authentication center respectively Pt And participant random parameter d Pt ∈[2,n—2]A random parameter d Pt With participant identity information ID Pt After the hash operation, the signature file V of the participant is obtained Pt (ii) a Wherein: v Pt =h(d Pt ∥ID Pt )·G;
Step S203, the authentication center selects a random parameter k of the authentication center Pt ∈[2,n—2]Computing participant public keys Pk Pt And participant signature w Pt Then, transmitting the data to the participants; wherein:
Pk Pt =V Pt +(k Pt —h(ID Pt ))·G=(q ptx ,q pty );q ptx is a first factor of the participant's public key; q. q.s pty Is the second factor of the participant public key;
w Pt =k Pt +sk CA (q ptx +h(ID Pt ));
step S204, the participator returns back through the authentication centerParameter (w) Pt ,Pk Pt ) Computing the participant private key sk Pt Wherein, sk Pt =[w Pt +h(d Pt ∥ID Pt )]。
And step S3, comprising:
step S301, the sender requests the message receiving and sending service unit to inquire the message receiving data;
step S302, the text receiving and sending service unit inquires the data of the recipient from the exchange management contract;
step S303, the text receiving and sending service unit and the text sender obtain the data of the text receiver;
step S304, after the sender obtains the correct recipient data, a recipient list is generated according to the self-sending requirement;
step S305, the sender encrypts the file by an elliptic curve encryption method;
step S306, the sender transmits the encrypted file and the recipient list to the receiving and sending service unit;
step S307, the text receiving and sending service unit temporarily stores the ciphertext abstract h (C) and the encrypted file in a file management contract;
step S308, the message receiving and sending service unit calls the intelligent contract and establishes a shared Key Key (SC、SAgent)
Step S309, the message sending and receiving service unit writes the message sending information into the contract program code of the file exchange contract and compiles the contract program code into byte codes; the text information comprises a recipient list, a file downloading API position and a ciphertext abstract;
step S310, the text receiving and sending service unit obtains the file exchange address;
step S311, the text receiving and sending service unit writes the file exchange address and the ciphertext abstract into the file management contract.
Step S305, including: the public parameter of the authentication center is an elliptic curve E (Fq) and an order n, and the sender S selects an integer as a sender private key sk S And 0 is<sk S <n, selecting a point G epsilon E, wherein E is a long integer, and calculating a recipient public key Pk R =sk S G, the first public key is { G, pk S The first private key is sk R
Making filesPlaintext M = (M) 1 ,m 2 ) Wherein m is 1 Is the first plaintext letter, m 2 Is a second plaintext letter, optionally a number te Z q Wherein Z is q Is an integer, calculate ciphertext C = { C 1 ,C 2 In which C is 1 Is the first ciphertext letter, C 2 Is the second ciphertext letter, the calculation method is as follows:
C 1 =(c 11 ,c 12 ) = t · G; wherein, c 11 Is the first factor of the first ciphertext letter, c 12 A second factor that is a first ciphertext letter;
Y=(y 1 ,y 2 )=t·Pk R (ii) a Where Y is an encryption key, Y 1 Being a first factor of the encryption key, y 2 A second factor of the encryption key;
C 2 =(c 21 ,c 22 )=(y 1 ×m 1 ,y 2 ×m 2 ) (ii) a Wherein, c 21 Is the first factor of the second ciphertext letter, c 22 Is the second factor of the second ciphertext letter.
And S4, comprising the following steps:
step S401, the text receiving and sending service unit monitors the exchange network to obtain the file exchange address;
step S402, the text receiving and sending service unit obtains the cipher text abstract and the file downloading address through the inquiry of the file exchange address, and transmits the signature and the cipher text abstract to the sender for requesting the file downloading;
step S403, the sender verifies the signature to confirm the identity of the receiver, and verifies whether the receiver is a legal member in the receiver list;
step S404, the text receiving and sending service unit obtains the ciphertext abstract h (C) and the encrypted file from the file management contract and returns the ciphertext abstract and the encrypted file to the recipient;
step S405, the recipient uses the recipient' S private key sk R Decrypting the received encrypted file to calculate Z = (Z) 1 ,z 2 )=sk R ·C 1 =sk R ·t·G=t·Pk R (ii) a Wherein Z is an anti-element point, Z 1 First factor of anti-element point, z 2 Second cause of dot inversionA seed;
then, the recipient uses the anti-element point Z and the second ciphertext letter C 2 Calculating and solving to obtain a plaintext initial value M',
finally, checking whether the obtained ciphertext abstract initial value C ' is equal to the ciphertext abstract h (C) or not, and if the obtained ciphertext abstract initial value C ' is equal to the ciphertext abstract h (C), solving to obtain a plaintext M = M '; wherein, M' = (c) 21 ,z 1 -1 ,c 22 ,z 2 -1 )=(m 1 ′,m 2 ′)。
The block chain based data communication and file exchange method is characterized by that according to the characteristics of block chain decentralized, verifiable and intelligent contract condition execution all electronic file exchange information can be disclosed on the block chain, and any third party can verify it, and in addition, the intelligent contract can execute the receiving and transmitting operation in the condition execution mode, so that it can automatically reduce participation of third party, and in the receiving stage, it can limit legal receiver to obtain file data in the private transaction, and can maintain information integrity, confidentiality and non-repudiation.
In the scheme, the public key and the private key are generated through a self-authentication mechanism, and identity verification can be performed in an off-line state of the authentication center, so that the file exchange operation is more flexible.
The scheme can solve the transaction conflict and reduce the minimum participation degree of a third party by automatically executing the intelligent contract condition.
According to the scheme, file exchange operation is dispersedly stored in each node of the block chain for recording, and the record can be publicly and verified, so that disputes can be avoided, and more reliable service can be provided.
Drawings
FIG. 1 is a flow chart of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings.
The block chain can be divided into a public chain, a private chain and a alliance chain, is compatible with the structure of the existing centralized authentication center, adopts the alliance chain as a prototype, sets nodes, commonly maintains data on the block, and can improve the credibility of electronic file exchange due to the characteristic that the block chain can not alter records.
The authentication center is responsible for organizing identity authentication and providing signature, encryption and verification functions for users of the registered nodes.
The intelligent contract area is divided into two parts of deployment and execution, and the intelligent contract program is firstly deployed into the block chain network by the text receiving and sending service unit for storage, and then the function of file exchange management in the block chain network is realized through the calling of the intelligent contract.
The message receiving and sending service unit is responsible for communicating with the block link points and receiving and sending messages, and is also responsible for storing the exchanged files into the file management area.
Sender S, recipient R, authentication center CA, text-receiving service unit SAgent, intelligent contract SC, exchange management contract XM, file exchange contract DC, file management contract FM and blockchain network BC. The description is as follows:
sender S: the user who wants to send the file completes the text sending operation through the text sending and receiving service.
Recipient R: the file receiver completes the receiving through the receiving and sending service.
The authentication center CA: the system is a ring of an identity authentication mechanism and is responsible for generating a public key and a private key, so that a participant is encrypted by the public key and decrypted by the private key.
Message service unit SAgent: the system is a service provider for file exchange, and is mainly responsible for communicating with block link points and transmitting and receiving documents, managing file files uniformly, and storing and taking out the exchange files into and from a file management contract.
An intelligent contract SC: the registered text-receiving service unit SAgent deploys the intelligent contracts to the blockchain network, calls and executes the contracts through node participants to change the event state, and broadcasts the contracts to the blockchain network for storage, wherein the contracts are composed of three intelligent contracts which are divided into an exchange management contract XM, a file exchange contract DC and a file management contract FM, and the detailed description is as follows:
(1) Exchange management contract XM: the identity of the sender S and the recipient R is confirmed through the contract, and the nodes to which the sender S and the recipient R belong are inquired.
(2) The file exchange contract DC: the content responsible for handling identity authority control of file exchange includes the hash value of the file, the encryption key, the file download API location and the recipient list.
(3) Archive management contract FM: the system is responsible for storing the corresponding relationship between the exchange contract and the file, and enabling the SAgent to query the file and the corresponding exchange contract address.
Block chain network BC: the method has the characteristics of decentralization, common maintenance of all participating nodes, data transparency, no falsification and the like. After the intelligent contract program is deployed, the information stored in the blockchain network is inquired by calling the intelligent contract, so that a public, transparent and trustable file exchange mechanism can be established.
The data communication and archive exchange method based on the block chain comprises the following steps: deployment phase, registration phase, receipt phase and text sending phase.
The intelligent contract is deployed on the block chain network by the text-receiving service unit, the function of the intelligent contract is called by the text-receiving service unit, the record is broadcasted to the block chain through the deployment of the intelligent contract, so as to automatically execute the actions of identity registration, text receiving and text sending, during the period, the state implementation of the intelligent contract can be realized without the exchange operation of a third party, and the record is stored in the block chain, thereby strengthening the safety and data integrity of file exchange.
Step S1, a deployment phase: the text receiving and sending service unit deploys the intelligent contract on the block chain network, and after the position, the public key and the certificate information of the authentication center are set, the intelligent contract is provided for the participants to perform text receiving and sending operation.
Step S101, the participator Pt, including the sender S, the receiver R and the intelligent contract SC, stores the identity information of the participator Pt in the receiving and sending service unit.
Step S102, the message sending and receiving service unit deploys an intelligent contract on the block chain network.
Step S103, the text receiving and sending service unit sets identity information, a public key and certificate information of the authentication center.
Step S104, the intelligent contract stores the identity information, the public key and the certificate information of the authentication center in the block chain network.
Step S2, a registration stage: each participant registers in the authentication center, and after being calculated by the authentication center, the participant gives a verification key and a certificate for self-calculation of public and private keys.
Step S201, the authentication center selects a safe elliptic curve E (Fq) in a finite field Fq, wherein q is a large prime number with more than 256 bits; selecting a base point G with the order n on an elliptic curve E (Fq) so that n.G = O, wherein O is the infinite point of the elliptic curve, and selecting a one-way hash function h () and an authentication center private key sk CA Computing a certificate authority public key Pk CA And an elliptic curve E (Fq), an order n, a base point G, a one-way hash function h (), and a public key Pk of the authentication center CA Disclose to participants Pt, wherein Pk CA =sk CA ·G。
Step S202, participant Pt including sender S, receiver R and intelligent contract SC submits participant ID information to authentication center Pt And participant random parameter d Pt ∈[2,n—2]A random parameter d Pt With participant identity information ID Pt After the hash operation, the signature file V of the participant is obtained Pt (ii) a Wherein:
V Pt =h(d Pt ∥ID Pt )·G;
step S203, the authentication center selects a random parameter k of the authentication center Pt ∈[2,n—2]Computing participant public keys Pk Pt And participant signature w Pt Then, transmitting the data to the participants; wherein:
Pk Pt =V Pt +(k Pt —h(ID Pt ))·G=(q ptx ,q pty );q ptx is a first factor of the participant's public key; q. q.s pty Is the second factor of the participant public key;
w Pt =k Pt +sk CA (q ptx +h(ID Pt ))。
step S204, participant, parameter (w) returned by authentication center Pt ,Pk Pt ) Computing the participant private key sk Pt Wherein sk is Pt =[w Pt +h(d Pt ∥ID Pt )]。
Participant identity authorized by a certification authorityInformation ID Pt And the public key Pk of the participant obtained by completing registration with the authentication center Pt And participant signature w Pt Verification of the self-generated public participant public key Pk without further authentication by the authentication center Pt The correctness and mutual authentication of the two. The following was demonstrated:
∵Pk Pt =sk Pt ·G;
w Pt =k Pt +sk CA (q ptx +h(ID Pt ));
∴Pk Pt =[w Pt +h(d Pt ∥ID Pt )]·G;
Pk Pt =[k Pt +sk CA (q ptx +h(ID Pt ))+h(d Pt ∥ID Pt )]·G
=[k Pt +sk CA (q ptx +h(ID Pt ))]·G+[h(d Pt ∥ID Pt )]·G;
∵Pk CA =sk CA ·G;
∴Pk Pt =[k Pt +h(d Pt ∥ID Pt )]·G+[(q ptx +h(ID Pt ))]Pk CA
∵V Pt =h(d Pt ∥ID Pt )·G;
Pk Pt =V Pt +(k Pt —h(ID Pt ))·G;
∴V Pt =Pk Pt -(k Pt —h(ID Pt ))·G;
Pk Pt =k Pt ·G+V Pt +[(q ptx +h(ID Pt ))]Pk CA
=Pk Pt +h(ID Pt )·G+[(q ptx +h(ID Pt ))]Pk CA
=Pk Pt —h(ID Pt )·G-[(q ptx +h(ID Pt ))]Pk CA
step S3, a text sending stage: respectively carrying out identity authentication on the intelligent contract and the participants, and carrying out text sending operation after a safety channel is established; in the process of file exchange, the text receiving and sending service unit uses an exchange management contract to inquire the identity information of a text receiver; before uploading the file, the sender encrypts the file by an elliptic curve encryption method, and generates a list of receivers so that the legal receivers have the right to download the file, and transmits the file and the list of receivers to a file receiving and sending service unit; the message sending information is written in by the message sending and receiving service unit and the contract deployment of the file exchange contract is completed, the contract deployment is performed on the chain through private transaction, only the receiver in the receiver list can receive the contract content, and the ciphertext abstract and the file exchange address are stored in the file management contract after the contract deployment is completed so as to complete the message sending operation.
Step S301, the sender requests the message receiving and sending service unit to query the recipient' S data.
Step S302, the text receiving and sending service unit inquires the text receiver data from the exchange management contract.
Step S303, the text receiving/sending service unit and the text sender obtain the recipient data.
Step S304, after the sender obtains the correct recipient data, the recipient list is generated according to the self-sending requirement.
In step S305, the sender encrypts the file by elliptic curve encryption.
The public parameters of the authentication center are an elliptic curve E (Fq) and an order n, and the sender S selects an integer as a sender private key sk S And 0 is<sk S <n, selecting a point G epsilon E, wherein E is a long integer, and calculating a recipient public key Pk R =sk S G, the first public key is { G, pk S The first private key is sk R
Let plaintext M = (M) of file 1 ,m 2 ) Wherein m is 1 Is the first plaintext letter, m 2 Is a second plaintext letter, optionally a number te Z q Wherein, Z q Is an integer, calculate ciphertext C = { C 1 ,C 2 In which C is 1 Is the first ciphertext letter, C 2 Is the second ciphertext letter, the calculation method is as follows:
C 1 =(c 11 ,c 12 ) = t · G; wherein, c 11 Is the first factor of the first ciphertext letter, c 12 Is the first ciphertext wordA second factor of the mother;
Y=(y 1 ,y 2 )=t·Pk R (ii) a Where Y is an encryption key, Y 1 Is the first factor, y, of the encryption key 2 A second factor of the encryption key;
C 2 =(c 21 ,c 22 )=(y 1 ×m 1 ,y 2 ×m 2 ) (ii) a Wherein, c 21 Is the first factor of the second ciphertext letter, c 22 Is the second factor of the second ciphertext letter.
In step S306, the sender transmits the encrypted file and the recipient list to the receiving and sending service unit.
Step S307, the text receiving and sending service unit temporarily stores the ciphertext abstract h (C) and the encrypted file in the file management contract.
Step S308, the message receiving and sending service unit calls the intelligent contract and establishes a shared Key Key (SC、SAgent)
Step S309, the message sending and receiving service unit writes the message sending information into the contract program code of the file exchange contract and compiles the contract program code into byte codes; the message sending information includes the recipient list, the file download API location and the ciphertext abstract.
Step S310, the text-receiving service unit obtains the file exchange address.
Step S311, the text receiving and sending service unit writes the file exchange address and the ciphertext abstract into the file management contract.
Step S4, a text receiving stage: the recipient carries out the receiving operation through the receiving and dispatching service unit; the receiving and sending text service unit retrieves the relevant file exchange address through the monitoring exchange network, acquires the ciphertext abstract and the file downloading address through the inquiry of the file exchange address, and transmits the signature and the ciphertext abstract to the sender for requesting file downloading; the sender verifies the signature to confirm the identity of the receiver and verifies whether the receiver is a member of the list of legal receivers, this step can avoid the problem of identity forgery, after the verification is passed, the receiving and sending service unit obtains the exchange file from the file management contract, and then the signature file hash value and the exchange file are transmitted back to the receiver, after the receiver confirms the identity of the sender, the file is decrypted by the key generated by both parties.
Step S401, the text receiving and sending service unit monitors the switching network to obtain the file switching address.
Step S402, the text receiving and sending service unit obtains the ciphertext abstract and the file downloading address through the inquiry of the file exchange address, and transmits the signature and the ciphertext abstract to the sender for requesting the file downloading.
In step S403, the sender verifies the signature to confirm the identity of the recipient, and verifies whether the recipient is a legal member in the recipient list.
In step S404, the text-to-send service unit obtains the ciphertext abstract h (C) and the encrypted file from the file management contract, and returns the ciphertext abstract and the encrypted file to the recipient.
Step S405, the recipient uses the recipient' S private key sk R Decrypting the received encrypted file to calculate Z = (Z) 1 ,z 2 )=sk R ·C 1 =sk R ·t·G=t·Pk R (ii) a Wherein Z is an anti-element point, Z 1 First factor of anti-element point, z 2 Is the second factor of the anti-element point.
Then, the recipient uses the anti-element point Z and the second ciphertext letter C 2 Calculating and solving to obtain a plaintext initial value M',
finally, checking whether the obtained ciphertext abstract initial value C ' is equal to the ciphertext abstract h (C) or not, and if the obtained ciphertext abstract initial value C ' is equal to the ciphertext abstract h (C), solving to obtain a plaintext M = M ';
wherein, M' = (c) 21 ,z 1 -1 ,c 22 ,z 2 -1 )=(m 1 ′,m 2 ′)。
In the scheme, the minimum third party participation degree is achieved by the block chain and the intelligent contract, and self-verification is introduced, so that the identities of all participants can be mutually verified without passing through the authentication center one by one.
The performance of the present solution was evaluated as follows.
(1) Confidentiality:
confidentiality refers to the protection of data and resources from being exposed to unauthorized persons or processes under appropriate security mechanisms, and thus jeopardizes the information security objectives, and also protects the data from being accessed and used by unauthorized persons during transmission, storage and processing.
Application scenarios: the hacker intends to intercept the file between the sender and recipient.
The solution is as follows: the sender and receiver will mutually verify in the process of receiving and sending text, and generate the shared Key Key = sk R ·Pk s The file is encrypted and then transmitted. Due to the sender's private key sk S With the recipient's private key sk R Hold identity Information (ID) for an individual S ,Pk S ,P S ) And (ID) R ,Pk R ,P R ) In order to disclose information, only the sender and the receiver can generate a shared key and decrypt the information with the shared key, so that even if a hacker intercepts the information, the decryption cannot be performed.
(2) Integrity:
integrity is to ensure that the file is not altered by any changes during the transfer process, the contents of the file are consistent, and the file can be confirmed as being sent by the sender.
Application scenarios: a hacker intends to tamper with the electronic file content.
The solution is as follows: the sender establishes the message sending information and stores the ciphertext abstract on the block chain network through the intelligent contract, and the receiver verifies the ciphertext abstract and completes the message sending and receiving after the ciphertext abstract is matched.
(3) Identification:
authentication means the ability to identify the identity of a network user or data sender. In the public key system, the function of authenticating identity is achieved through a public key.
Application scenarios: the hacker intercepts the electronic file exchange information transmitted from the sender to the receiver.
The solution is as follows: the participants need to pass the certification center to register, the certification center sets the participants to the block chain network, and the sender and receiver carry out mutual verification in the process of receiving and sending the text, and check whether the identity verification information of the two parties is consistent, then a shared secret key is generated, and the electronic file is encrypted. Therefore, the hacker cannot disguise the identity and decrypt the intercepted information.
(4) Non-repudiation:
non-repudiation refers to the proof that an event or action has occurred such that the event or action cannot be repudiated at a later date. The signature has non-repudiation, and only the issuing end knows the private key of the issuing end, so that the issuing end cannot repudiate the generation of the signature and the file transfer.
Application scenarios: the receiver claims that the sender electronic file information is not received, and requests to resend the file.
The solution is as follows: in the process of sending the text, the text information is stored in the block chain network in a public way. When the document-sending data is generated, the list of the recipient and the cipher text summary are temporarily stored in the intelligent contract address, and subsequently, after the recipient verifies the identity of the recipient and confirms the integrity of the information, the intelligent contract exchanges electronic files, and the document-receiving and sending records are stored in the block chain network. The process is non-repudiatable.
It should be understood that equivalents and modifications of the technical solution and inventive concept thereof may occur to those skilled in the art, and all such modifications and alterations should fall within the scope of the appended claims.

Claims (6)

1. The data communication and file exchange method based on block chain is characterized in that a sender, a receiver, an authentication center, a message sending and receiving service unit and an intelligent contract are established; the intelligent contract comprises an exchange management contract, a file exchange contract and a file management contract; the method comprises the following steps:
step S1, a deployment phase: the text receiving and sending service unit deploys the intelligent contract on the block chain network, sets the position, the public key and the certificate information of the authentication center and then provides the position, the public key and the certificate information for the participants to perform text receiving and sending operation;
step S2, a registration stage: each participant registers in the authentication center, and after being calculated by the authentication center, the participant gives a verification key and a certificate for self-calculating public and private keys;
step S3, a text sending stage: respectively carrying out identity authentication on the intelligent contract and the participants, and carrying out text sending operation after a safety channel is established; in the process of file exchange, the text receiving and sending service unit utilizes an exchange management contract to inquire identity information of a recipient; before uploading the file, the sender encrypts the file by an elliptic curve encryption method, and generates a list of receivers so that the legal receivers have the right to download the file, and transmits the file and the list of receivers to a file receiving and sending service unit; the message sending information is written in by the message sending and receiving service unit and the contract deployment of the file exchange contract is completed, the contract deployment is performed on the chain through private transaction, only the receiver in the receiver list can receive the contract content, and the ciphertext abstract and the file exchange address are stored in the file management contract after the contract deployment is completed so as to complete the message sending operation;
step S4, a text receiving stage: the recipient carries out the receiving operation through the receiving and dispatching service unit; the receiving and sending text service unit retrieves the relevant file exchange address through the monitoring exchange network, acquires the ciphertext abstract and the file downloading address through the inquiry of the file exchange address, and transmits the signature and the ciphertext abstract to the sender for requesting file downloading; the sender verifies the signature to confirm the identity of the receiver, verifies whether the receiver is a legal receiver list member, obtains the exchange file from the file management contract after the verification is passed, then signs the file hash value and the exchange file back to the receiver, and decrypts the file by the key generated by both parties after the receiver confirms that the identity of the sender is correct.
2. The blockchain-based data communication and archive exchange method according to claim 1, wherein the step S1 includes:
step S101, participants including a sender, a receiver and an intelligent contract store the identity information of the participants in a message receiving and sending service unit;
step S102, a message receiving and sending service unit deploys an intelligent contract on a block chain network;
step S103, the text receiving and sending service unit sets identity information, a public key and certificate information of the authentication center;
step S104, the intelligent contract stores the identity information, the public key and the certificate information of the authentication center in the block chain network.
3. The blockchain-based data communication and archive exchange method according to claim 2, wherein the step S2 includes:
step S201, the authentication center selects a safe elliptic curve E (Fq) in a finite field Fq, wherein q is a large prime number with more than 256 bits; selecting a base point G with the order n on an elliptic curve E (Fq) so that n.G = O, wherein O is the infinite point of the elliptic curve, and selecting a one-way hash function h () and an authentication center private key sk CA Computing a certificate authority public key Pk CA And an elliptic curve E (Fq), an order n, a base point G, a one-way hash function h (), and a public key Pk of the authentication center CA Disclose to participant Pt, wherein Pk CA =sk CA ·G;
Step S202, the participants including the sender, the receiver and the intelligent contract submit the ID of the participant identity information to the authentication center respectively Pt And participant random parameter d Pt ∈[2,n—2]A random parameter d Pt With participant identity information ID Pt After the hash operation, the signature file V of the participant is obtained Pt (ii) a Wherein: v Pt =h(d Pt ∥ID Pt )·G;
Step S203, the authentication center selects a random parameter k of the authentication center Pt ∈[2,n—2]Computing participant public keys Pk Pt And participant signature w Pt Then, transmitting the data to the participants; wherein:
Pk Pt =V Pt +(k Pt —h(ID Pt ))·G=(q ptx ,q pty );q ptx is a first factor of the participant's public key; q. q.s pty Is the second factor of the participant public key;
w Pt =k Pt +sk CA (q ptx +h(ID Pt ));
step S204, the participator, the parameter (w) returned by the authentication center Pt ,Pk Pt ) Computing the participant private key sk Pt Wherein, sk Pt =[w Pt +h(d Pt ∥ID Pt )]。
4. The blockchain-based data communication and archive exchange method according to claim 3, wherein the step S3 includes:
step S301, the sender requests the message receiving and sending service unit to inquire the message receiving data;
step S302, the text receiving and sending service unit inquires the data of the recipient from the exchange management contract;
step S303, the text receiving and sending service unit and the text sender obtain the data of the text receiver;
step S304, after the sender obtains the correct recipient data, the recipient list is generated according to the self-sending requirement;
step S305, the sender encrypts the file by an elliptic curve encryption method;
step S306, the sender transmits the encrypted file and the recipient list to the receiving and sending text service unit;
step S307, the text receiving and sending service unit temporarily stores the ciphertext abstract h (C) and the encrypted file in a file management contract;
step S308, the message receiving and sending service unit calls the intelligent contract and establishes a shared Key Key (SC、SAgent)
Step S309, the text sending and receiving service unit writes the text sending information into the contract program code of the file exchange contract and compiles the information into byte codes; the text sending information comprises a recipient list, a file downloading API position and a ciphertext abstract;
step S310, the text receiving and sending service unit obtains the file exchange address;
step S311, the text receiving and sending service unit writes the file exchange address and the ciphertext abstract into the file management contract.
5. The blockchain-based data communication and archive exchange method according to claim 4, wherein the step S305 includes: the public parameters of the authentication center are an elliptic curve E (Fq) and an order n, and the sender S selects an integer as a sender private key sk S And 0 is<sk S <n, selecting a point G epsilon E, wherein E is a long integer, and calculating a recipient public key Pk R =sk S G, the first public key is { G, pk S The first private key is sk R
Let plaintext M = (M) of file 1 ,m 2 ) Wherein m is 1 Is the first plaintext letter, m 2 Is a second plaintext letter, optionally a number t e Z q Wherein Z is q Is an integer, calculate ciphertext C = { C 1 ,C 2 In which C is 1 Is the first ciphertext letter, C 2 Is the second ciphertext letter, the calculation method is as follows:
C 1 =(c 11 ,c 12 ) = t · G; wherein, c 11 Is the first factor of the first ciphertext letter, c 12 A second factor that is a first ciphertext letter;
Y=(y 1 ,y 2 )=t·Pk R (ii) a Where Y is an encryption key, Y 1 Being a first factor of the encryption key, y 2 A second factor of the encryption key;
C 2 =(c 21 ,c 22 )=(y 1 ×m 1 ,y 2 ×m 2 ) (ii) a Wherein, c 21 Is the first factor of the second ciphertext letter, c 22 Is the second factor of the second ciphertext letter.
6. The blockchain-based data communication and archive exchange method according to claim 5, wherein the step S4 includes:
step S401, the text receiving and sending service unit monitors the exchange network to obtain the file exchange address;
step S402, the text receiving and sending service unit obtains the cipher text abstract and the file downloading address through the inquiry of the file exchange address, and transmits the signature and the cipher text abstract to the sender for requesting the file downloading;
step S403, the sender verifies the signature to confirm the identity of the receiver, and verifies whether the receiver is a legal member in the receiver list;
step S404, the text receiving and sending service unit obtains the ciphertext abstract h (C) and the encrypted file from the file management contract and returns the ciphertext abstract and the encrypted file to the recipient;
step (ii) ofS405, the recipient uses the recipient' S private key sk R Decrypting the received encrypted file to calculate Z = (Z) 1 ,z 2 )=sk R ·C 1 =sk R ·t·G=t·Pk R (ii) a Wherein Z is an anti-element point, Z 1 First factor of anti-element point, z 2 A second factor that is an anti-element point;
then, the recipient uses the anti-element point Z and the second ciphertext letter C 2 Calculating and solving to obtain a plaintext initial value M',
finally, checking whether the obtained ciphertext abstract initial value C ' is equal to the ciphertext abstract h (C) or not, and if the obtained ciphertext abstract initial value C ' is equal to the ciphertext abstract h (C), solving to obtain a plaintext M = M '; wherein, M' = (c) 21 ,z 1 -1 ,c 22 ,z 2 -1 )=(m 1 ′,m 2 ′)。
CN202211091949.8A 2022-09-07 2022-09-07 Data communication and file exchange method based on block chain Active CN115174277B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211091949.8A CN115174277B (en) 2022-09-07 2022-09-07 Data communication and file exchange method based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211091949.8A CN115174277B (en) 2022-09-07 2022-09-07 Data communication and file exchange method based on block chain

Publications (2)

Publication Number Publication Date
CN115174277A true CN115174277A (en) 2022-10-11
CN115174277B CN115174277B (en) 2022-12-06

Family

ID=83481759

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211091949.8A Active CN115174277B (en) 2022-09-07 2022-09-07 Data communication and file exchange method based on block chain

Country Status (1)

Country Link
CN (1) CN115174277B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117478302A (en) * 2023-12-28 2024-01-30 湖南天河国云科技有限公司 Block chain-based privacy node identity verification method and device

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108667618A (en) * 2018-05-10 2018-10-16 阿里巴巴集团控股有限公司 Data processing method, device, server and the system of block chain member management
CN108881160A (en) * 2018-05-07 2018-11-23 北京信任度科技有限公司 Medical treatment & health data managing method and system based on block chain intelligence contract
CN110443047A (en) * 2018-05-03 2019-11-12 华东科技股份有限公司 Data exchange group system and method
CN111680311A (en) * 2020-05-28 2020-09-18 北京理工大学 Data exchange system and method based on block chain
CN112540957A (en) * 2020-12-03 2021-03-23 齐鲁工业大学 File secure storage and sharing system based on mixed block chain and implementation method
WO2022007889A1 (en) * 2020-07-08 2022-01-13 浙江工商大学 Searchable encrypted data sharing method and system based on blockchain and homomorphic encryption
CN114329528A (en) * 2021-12-20 2022-04-12 中元众诚(北京)科技有限公司 File data management method and system based on block chain
CN114826766A (en) * 2022-05-18 2022-07-29 北京交通大学 Block chain cross-chain based security verifiable service providing method and system
CN115001658A (en) * 2022-04-06 2022-09-02 八维通科技有限公司 Credible subway identity authentication and access control method under unstable network environment

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110443047A (en) * 2018-05-03 2019-11-12 华东科技股份有限公司 Data exchange group system and method
CN108881160A (en) * 2018-05-07 2018-11-23 北京信任度科技有限公司 Medical treatment & health data managing method and system based on block chain intelligence contract
CN108667618A (en) * 2018-05-10 2018-10-16 阿里巴巴集团控股有限公司 Data processing method, device, server and the system of block chain member management
CN111680311A (en) * 2020-05-28 2020-09-18 北京理工大学 Data exchange system and method based on block chain
WO2022007889A1 (en) * 2020-07-08 2022-01-13 浙江工商大学 Searchable encrypted data sharing method and system based on blockchain and homomorphic encryption
CN112540957A (en) * 2020-12-03 2021-03-23 齐鲁工业大学 File secure storage and sharing system based on mixed block chain and implementation method
CN114329528A (en) * 2021-12-20 2022-04-12 中元众诚(北京)科技有限公司 File data management method and system based on block chain
CN115001658A (en) * 2022-04-06 2022-09-02 八维通科技有限公司 Credible subway identity authentication and access control method under unstable network environment
CN114826766A (en) * 2022-05-18 2022-07-29 北京交通大学 Block chain cross-chain based security verifiable service providing method and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张培培等: "基于区块链的电子健康档案管理系统设计", 《电脑编程技巧与维护》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117478302A (en) * 2023-12-28 2024-01-30 湖南天河国云科技有限公司 Block chain-based privacy node identity verification method and device
CN117478302B (en) * 2023-12-28 2024-03-01 湖南天河国云科技有限公司 Block chain-based privacy node identity verification method and device

Also Published As

Publication number Publication date
CN115174277B (en) 2022-12-06

Similar Documents

Publication Publication Date Title
CN107196966B (en) Identity authentication method and system based on block chain multi-party trust
US7366905B2 (en) Method and system for user generated keys and certificates
US7620824B2 (en) Data communicating apparatus, data communicating method, and program
JP5432999B2 (en) Encryption key distribution system
CN109743171B (en) Key series method for solving multi-party digital signature, timestamp and encryption
WO2019080933A1 (en) Block chain transaction privacy protection method and system
CN116566660B (en) Identity authentication method based on medical block chain
CN109450843B (en) SSL certificate management method and system based on block chain
US20060129847A1 (en) Methods and systems for providing a secure data distribution via public networks
US10742426B2 (en) Public key infrastructure and method of distribution
US20060041752A1 (en) Methods and apparatus managing secure collaborative transactions
CN103905384B (en) The implementation method of session handshake between built-in terminal based on secure digital certificate
KR20060049245A (en) Method and system for electronic voting over a high-security network
CN110852745A (en) Block chain distributed dynamic network key automatic updating method
CN102447705A (en) Digital certificate revocation method and equipment
CN115396096A (en) Encryption and decryption method and protection system for secret file based on national cryptographic algorithm
CN115174277B (en) Data communication and file exchange method based on block chain
CN113536347A (en) Bidding method and system based on digital signature
Prabhu et al. Security in computer networks and distributed systems
CN112019553B (en) Data sharing method based on IBE/IBBE
CN114301612A (en) Information processing method, communication apparatus, and encryption apparatus
JP3796528B2 (en) Communication system for performing content certification and content certification site device
CN115134111B (en) Encryption algorithm method for mass data distributed storage
CN113918971B (en) Block chain-based message transmission method, device, equipment and readable storage medium
CN113572615B (en) Method, system, equipment and storage medium for identity authentication of distributed network users

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant