CN115174277B - Data communication and file exchange method based on block chain - Google Patents

Data communication and file exchange method based on block chain Download PDF

Info

Publication number
CN115174277B
CN115174277B CN202211091949.8A CN202211091949A CN115174277B CN 115174277 B CN115174277 B CN 115174277B CN 202211091949 A CN202211091949 A CN 202211091949A CN 115174277 B CN115174277 B CN 115174277B
Authority
CN
China
Prior art keywords
file
text
service unit
receiving
sending
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211091949.8A
Other languages
Chinese (zh)
Other versions
CN115174277A (en
Inventor
丁春风
陈伟
张小林
樊昌良
王旭伟
刘昀
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Post & Telecommunication Engineering Construction Co ltd
Original Assignee
Zhejiang Post & Telecommunication Engineering Construction Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Post & Telecommunication Engineering Construction Co ltd filed Critical Zhejiang Post & Telecommunication Engineering Construction Co ltd
Priority to CN202211091949.8A priority Critical patent/CN115174277B/en
Publication of CN115174277A publication Critical patent/CN115174277A/en
Application granted granted Critical
Publication of CN115174277B publication Critical patent/CN115174277B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves

Abstract

A block chain based data communication and file exchange method belongs to the technical field of data communication, all electronic file exchange information is disclosed on a block chain, any third party can verify the electronic file exchange information, and an intelligent contract executes text receiving and sending operations in a conditional execution mode, so that participation of the third party is reduced automatically, a legal receiver is limited in a text receiving stage to obtain file data in private transactions, and information integrity, confidentiality and non-repudiation are maintained.

Description

Data communication and file exchange method based on block chain
Technical Field
The invention belongs to the technical field of data communication, and particularly relates to a data communication and file exchange method based on a block chain.
Background
The network is used for transmitting data information or archive files, the traditional mailing or manual transmission mode is replaced, the transmission time of the files is greatly shortened, and the working efficiency is improved.
The traditional transmission mode of electronic documents is a point-to-point exchange mode using P2P, which is easy to cause single point failure problem, and may be invaded by hackers and falsified or steal data. In addition, in the architecture of the centralized authentication center, since the authentication center may be invaded by a hacker, man-in-the-middle attack is generated, and the centralized authentication center fails, which may result in that the authentication cannot be performed.
The blockchain has the characteristics of high safety, decentralization and non-falsification, and can ensure that the electronic file can be transferred under high-level protection.
The chinese patent publication No. CN110620660A discloses a key allocation method for data communication based on a block chain, which considers that the key allocation problem is the primary problem of the trusted shared communication access problem of data. It has the following disadvantages:
1, which describes only the key distribution procedure, the transferred files are not linked and stored, and it is not possible to trace the access records of the files and to verify whether the files have been tampered with.
2, because the identity authentication of the scheme is not participated in by an authentication center, most existing electronic file transmission methods all adopt a centralized authentication center architecture, and the scheme is difficult to be compatible with the existing architecture.
Disclosure of Invention
In view of the above-mentioned deficiencies of the prior art, it is an object of the present invention to provide a block chain based data communication and archive exchange method.
In order to achieve the above object, the present invention adopts the following technical solutions.
The data communication and file exchange method based on block chain is established with a sender, a receiver, an authentication center, a message sending and receiving service unit and an intelligent contract; the intelligent contract comprises an exchange management contract, a file exchange contract and a file management contract; the method comprises the following steps:
step S1, a deployment phase: the text receiving and sending service unit deploys the intelligent contract on the block chain network, sets the position, the public key and the certificate information of the authentication center and then provides the position, the public key and the certificate information for the participants to perform text receiving and sending operation;
step S2, a registration stage: each participant registers in the authentication center, and after being calculated by the authentication center, the participant gives a verification key and a certificate for self-calculating public and private keys;
step S3, a text sending stage: respectively carrying out identity authentication on the intelligent contract and the participants, and carrying out text sending operation after a safety channel is established; in the process of file exchange, the text receiving and sending service unit utilizes an exchange management contract to inquire identity information of a recipient; before uploading the file, the sender encrypts the file by an elliptic curve encryption method, and generates a list of receivers so that the legal receivers have the right to download the file, and transmits the file and the list of receivers to a file receiving and sending service unit; the sending and receiving text service unit writes in sending information and completes contract deployment of a file exchange contract, the contract deployment is deployed on a chain through private transaction, only a receiver in a receiver list can receive contract contents, and after the contract deployment is completed, a ciphertext abstract and a file exchange address are stored in a file management contract to complete a sending operation;
step S4, a text receiving stage: the recipient carries out the receiving operation through the receiving and dispatching service unit; the receiving and sending text service unit retrieves the relevant file exchange address through the monitoring exchange network, acquires the ciphertext abstract and the file downloading address through the inquiry of the file exchange address, and transmits the signature and the ciphertext abstract to the sender for requesting file downloading; the sender verifies the signature to confirm the identity of the receiver, verifies whether the receiver is a legal receiver list member, obtains the exchange file from the file management contract after the verification is passed, then signs the file hash value and the exchange file back to the receiver, and decrypts the file by the key generated by both parties after the receiver confirms that the identity of the sender is correct.
Step S1, comprising:
step S101, participants including a sender, a receiver and an intelligent contract store the identity information of the participants in a message receiving and sending service unit;
step S102, a message receiving and sending service unit deploys an intelligent contract on a block chain network;
step S103, the text receiving and sending service unit sets identity information, a public key and certificate information of the authentication center;
step S104, the intelligent contract stores the identity information, the public key and the certificate information of the authentication center in the block chain network.
And step S2, comprising:
step S201, the authentication center selects a safe elliptic curve E (Fq) in a finite field Fq, wherein q is a large prime number with more than 256 bits; selecting a base point G with the order n on an elliptic curve E (Fq) so that n.G = O, wherein O is the infinite point of the elliptic curve, and selecting a one-way hash function h () and an authentication center private key sk CA Computing a certificate authority public key Pk CA And an elliptic curve E (Fq), an order n, a base point G, a one-way hash function h (), and a public key Pk of the authentication center CA Disclose to participants Pt, wherein Pk CA =sk CA ·G;
Step S202, the participants including the sender, the receiver and the intelligent contract submit the ID of the participant to the authentication center respectively Pt And participant random parameter d Pt ∈[2,n—2]A random parameter d Pt With participant identity information ID Pt After the hash operation, the signature file V of the participant is obtained Pt (ii) a Wherein: v Pt =h(d Pt ∥ID Pt )·G;
Step S203, the authentication center selects a random parameter k of the authentication center Pt ∈[2,n—2]Computing participant public keys Pk Pt And participant signature w Pt Then, transmitting the data to the participants; wherein:
Pk Pt =V Pt +(k Pt —h(ID Pt ))·G=(q ptx ,q pty );q ptx is a first factor of the participant public key; q. q.s pty Is the second factor of the participant public key;
w Pt =k Pt +sk CA (q ptx +h(ID Pt ));
step S204, participant, parameter (w) returned by authentication center Pt ,Pk Pt ) Computing the participant private key sk Pt Wherein sk is Pt =[w Pt +h(d Pt ∥ID Pt )]。
And step S3, comprising:
step S301, the sender requests the message receiving and sending service unit to inquire the message receiving data;
step S302, the text receiving and sending service unit inquires the data of the recipient from the exchange management contract;
step S303, the text receiving and sending service unit and the text sender obtain the data of the text receiver;
step S304, after the sender obtains the correct recipient data, the recipient list is generated according to the self-sending requirement;
step S305, the sender encrypts the file by an elliptic curve encryption method;
step S306, the sender transmits the encrypted file and the recipient list to the receiving and sending text service unit;
step S307, the text receiving and sending service unit temporarily stores the ciphertext abstract h (C) and the encrypted file in a file management contract;
step S308, the message receiving and sending service unit calls the intelligent contract and establishes a shared Key Key (SC、SAgent)
Step S309, the text sending and receiving service unit writes the text sending information into the contract program code of the file exchange contract and compiles the information into byte codes; the text information comprises a recipient list, a file downloading API position and a ciphertext abstract;
step S310, the text receiving and sending service unit obtains the file exchange address;
step S311, the text receiving and sending service unit writes the file exchange address and the ciphertext abstract into the file management contract.
Step S305, including: the public parameters of the authentication center are an elliptic curve E (Fq) and an order n, and the sender S selects an integer as a sender private key sk S And 0 is<sk S <n, selecting a point G epsilon E, wherein E is a long integer, and calculating a recipient public key Pk R =sk S G, the first public key is { G, pk S The first private key is sk R
Let plaintext M = (M) of file 1 ,m 2 ) Wherein m is 1 Is the first plaintext letter, m 2 Is a second plaintext letter, optionally a number te Z q Wherein Z is q As an integer, compute ciphertext C = { C = 1 ,C 2 In which C is 1 Is the first ciphertext letter, C 2 Is the second ciphertext letter, the calculation method is as follows:
C 1 =(c 11 ,c 12 ) = t · G; wherein, c 11 Is the first factor of the first ciphertext letter, c 12 A second factor that is a first ciphertext letter;
Y=(y 1 ,y 2 )=t·Pk R (ii) a Where Y is an encryption key, Y 1 Being a first factor of the encryption key, y 2 A second factor of the encryption key;
C 2 =(c 21 ,c 22 )=(y 1 ×m 1 ,y 2 ×m 2 ) (ii) a Wherein, c 21 Is the second passwordFirst factor of alphabets, c 22 Is the second factor of the second ciphertext letter.
And S4, comprising the following steps:
step S401, the text receiving and sending service unit monitors the exchange network to obtain the file exchange address;
step S402, the text receiving and transmitting service unit obtains the ciphertext abstract and the file downloading address through the inquiry of the file exchange address, and transmits the signature and the ciphertext abstract to the sender for requesting the file downloading;
step S403, the sender verifies the signature to confirm the identity of the receiver, and verifies whether the receiver is a legal member in the receiver list;
step S404, the text receiving and sending service unit obtains the ciphertext abstract h (C) and the encrypted file from the file management contract and returns the ciphertext abstract and the encrypted file to the recipient;
step S405, the receiver uses the private key sk of the receiver R Decrypting the received encrypted file to calculate Z = (Z) 1 ,z 2 )=sk R ·C 1 =sk R ·t·G=t·Pk R (ii) a Wherein Z is an anti-element point, Z 1 First factor of anti-element point, z 2 A second factor that is an anti-element point;
then, the recipient uses the anti-element point Z and the second ciphertext letter C 2 Calculating and solving to obtain a plaintext initial value M',
finally, checking whether the obtained ciphertext abstract initial value C ' is equal to the ciphertext abstract h (C) or not, and if the obtained ciphertext abstract initial value C ' is equal to the ciphertext abstract h (C), solving to obtain a plaintext M = M '; wherein, M' = (c) 21 ,z 1 -1 ,c 22 ,z 2 -1 )=(m 1 ′,m 2 ′)。
The block chain based data communication and file exchange method is characterized by that according to the characteristics of block chain decentralized, verifiable and intelligent contract condition execution all electronic file exchange information can be disclosed on the block chain, and any third party can verify it, and in addition, the intelligent contract can execute the receiving and transmitting operation in the condition execution mode, so that it can automatically reduce participation of third party, and in the receiving stage, it can limit legal receiver to obtain file data in the private transaction, and can maintain information integrity, confidentiality and non-repudiation.
In the scheme, the public key and the private key are generated through a self-authentication mechanism, and the identity can be verified in an off-line state of the authentication center, so that the file exchange operation is more flexible.
The scheme can solve the transaction conflict and reduce the minimum participation degree of a third party by automatically executing the intelligent contract condition.
According to the scheme, file exchange operation is dispersedly stored in each node of the block chain for recording, and the record can be publicly and verified, so that disputes can be avoided, and more reliable service can be provided.
Drawings
FIG. 1 is a flow chart of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings.
The block chain can be divided into a public chain, a private chain and a alliance chain, is compatible with the structure of the existing centralized authentication center, adopts the alliance chain as a prototype, sets nodes, commonly maintains data on the block, and can improve the credibility of electronic file exchange due to the characteristic that the block chain can not alter records.
And the authentication center is responsible for organizing identity authentication and providing signature, encryption and verification functions for users of the registered nodes.
The intelligent contract area is divided into two parts of deployment and execution, and the intelligent contract program is firstly deployed into the block chain network by the text receiving and sending service unit for storage, and then the function of file exchange management in the block chain network is realized through the calling of the intelligent contract.
The message receiving and sending service unit is responsible for communicating with the block link points and receiving and sending messages, and is also responsible for storing the exchanged files into the file management area.
Sender S, recipient R, authentication center CA, text-receiving service unit SAgent, intelligent contract SC, exchange management contract XM, file exchange contract DC, file management contract FM and blockchain network BC. The description is as follows:
the person who sends the text S: the user who wants to send the file completes the text sending operation through the text sending and receiving service.
The recipient R: the file receiver completes the receiving through the receiving and sending service.
The certification center CA: the authentication mechanism is a ring of the authentication mechanism and is responsible for generating a public key and a private key, so that the participants can be encrypted by the public key and decrypted by the private key.
Message service unit SAgent: the system is a service provider for file exchange, and is mainly responsible for communicating with block link points and transmitting and receiving documents, managing file files uniformly, and storing and taking out the exchange files into and from a file management contract.
An intelligent contract SC: the registered text receiving and sending service unit SAgent deploys the intelligent contracts to the block chain network, calls and executes the contracts through the node participants to change the event state, and broadcasts the contracts to the block chain network for storage, and the intelligent contracts consist of three intelligent contracts which are divided into an exchange management contract XM, a file exchange contract DC and a file management contract FM, and the detailed description is as follows:
(1) Exchange management contract XM: the identity of the sender S and the recipient R is confirmed through the contract, and the nodes to which the sender S and the recipient R belong are inquired.
(2) The file exchange contract DC: the identity authority control content responsible for processing file exchange includes the hash value of the file, the encryption key, the file download API location and the recipient list.
(3) Archive management contract FM: the system is responsible for storing the corresponding relationship between the exchange contract and the file, and the message sending and receiving service unit SAgent queries the file and the corresponding exchange contract address.
Block chain network BC: the method has the characteristics of decentralization, common maintenance of all participating nodes, data transparency, non-falsification and the like. After the intelligent contract program is deployed, the information stored in the block chain network is inquired by calling the intelligent contract, so that a public, transparent and credible file exchange mechanism is established.
The data communication and archive exchange method based on the block chain comprises the following steps: deployment phase, registration phase, receipt phase and text sending phase.
The intelligent contract is deployed on the block chain network by the text-receiving service unit, the function of the intelligent contract is called by the text-receiving service unit, the record is broadcasted to the block chain through the deployment of the intelligent contract, so as to automatically execute the actions of identity registration, text receiving and text sending, during the period, the state implementation of the intelligent contract can be realized without the exchange operation of a third party, and the record is stored in the block chain, thereby strengthening the safety and data integrity of file exchange.
Step S1, a deployment phase: the text receiving and sending service unit deploys the intelligent contract on the block chain network, and after the position, the public key and the certificate information of the authentication center are set, the intelligent contract is provided for the participants to perform text receiving and sending operation.
Step S101, the participator Pt, including the sender S, the receiver R and the intelligent contract SC, stores the identity information of the participator Pt in the receiving and sending service unit.
Step S102, the message sending and receiving service unit deploys an intelligent contract on the block chain network.
Step S103, the text receiving and sending service unit sets the identity information, the public key and the certificate information of the authentication center.
Step S104, the intelligent contract stores the identity information, the public key and the certificate information of the authentication center in the block chain network.
Step S2, a registration stage: each participant registers in the certification center, and after being calculated by the certification center, the participant gives a verification key and a certificate for self-calculation of the public key and the private key.
Step S201, the authentication center selects a safe elliptic curve E (Fq) in a finite field Fq, wherein q is a large prime number with more than 256 bits; selecting a base point G with the order n on an elliptic curve E (Fq) so that n.G = O, wherein O is the infinite point of the elliptic curve, and selecting a one-way hash function h () and an authentication center private key sk CA Computing a certificate authority public key Pk CA And an elliptic curve E (Fq), an order n, a base point G, a one-way hash function h (), and a public key Pk of the authentication center CA Disclose to participant Pt, wherein Pk CA =sk CA ·G。
Step S202, the participator Pt, including the sender S, the receiver R and the intelligent contract SC, respectively submits the participator ID information to the authentication center Pt And participant random parameter d Pt ∈[2,n—2]Random parameter d Pt With participant identity information ID Pt After the hash operation, the signature file V of the participant is obtained Pt (ii) a Wherein:
V Pt =h(d Pt ∥ID Pt )·G;
step S203, the authentication center selects a random parameter k of the authentication center Pt ∈[2,n—2]Computing participant public keys Pk Pt And participant signature w Pt Then, transmitting the data to the participants; wherein:
Pk Pt =V Pt +(k Pt —h(ID Pt ))·G=(q ptx ,q pty );q ptx is a first factor of the participant's public key; q. q.s pty Is the second factor of the participant public key;
w Pt =k Pt +sk CA (q ptx +h(ID Pt ))。
step S204, the participator, the parameter (w) returned by the authentication center Pt ,Pk Pt ) Computing the participant private key sk Pt Wherein, sk Pt =[w Pt +h(d Pt ∥ID Pt )]。
Participant identity information ID that a participant can authorize through a certification authority Pt And the public key Pk of the participant obtained by completing registration with the authentication center Pt And participant signature w Pt Verification of the self-generated public participant public key Pk without further authentication by the authentication center Pt The correctness and mutual authentication of the two. The following was demonstrated:
∵Pk Pt =sk Pt ·G;
w Pt =k Pt +sk CA (q ptx +h(ID Pt ));
∴Pk Pt =[w Pt +h(d Pt ∥ID Pt )]·G;
Pk Pt =[k Pt +sk CA (q ptx +h(ID Pt ))+h(d Pt ∥ID Pt )]·G
=[k Pt +sk CA (q ptx +h(ID Pt ))]·G+[h(d Pt ∥ID Pt )]·G;
∵Pk CA =sk CA ·G;
∴Pk Pt =[k Pt +h(d Pt ∥ID Pt )]·G+[(q ptx +h(ID Pt ))]Pk CA
∵V Pt =h(d Pt ∥ID Pt )·G;
Pk Pt =V Pt +(k Pt —h(ID Pt ))·G;
∴V Pt =Pk Pt -(k Pt —h(ID Pt ))·G;
Pk Pt =k Pt ·G+V Pt +[(q ptx +h(ID Pt ))]Pk CA
=Pk Pt +h(ID Pt )·G+[(q ptx +h(ID Pt ))]Pk CA
=Pk Pt —h(ID Pt )·G-[(q ptx +h(ID Pt ))]Pk CA
step S3, a text sending stage: the intelligent contract and the participants respectively carry out identity authentication, and send a text after a safety channel is established; in the process of file exchange, the text receiving and sending service unit utilizes an exchange management contract to inquire identity information of a recipient; before uploading the file, the sender encrypts the file by an elliptic curve encryption method, and generates a list of receivers so that the legal receivers have the right to download the file, and transmits the file and the list of receivers to a file receiving and sending service unit; the message sending information is written in by the message sending and receiving service unit and the contract deployment of the file exchange contract is completed, the contract deployment is performed on the chain through private transaction, only the receiver in the receiver list can receive the contract content, and the ciphertext abstract and the file exchange address are stored in the file management contract after the contract deployment is completed so as to complete the message sending operation.
Step S301, the sender requests the message receiving and sending service unit to query the recipient' S data.
Step S302, the text-receiving and sending service unit inquires the data of the recipient from the exchange management contract.
Step S303, the text receiving/sending service unit and the text sender obtain the recipient data.
Step S304, after the sender obtains the correct recipient data, the recipient list is generated according to the self-sending requirement.
In step S305, the sender encrypts the file by elliptic curve encryption.
The public parameter of the authentication center is an elliptic curve E (Fq) and an order n, and the sender S selects an integer as a sender private key sk S And 0 is<sk S <n, selecting a point G epsilon E, wherein E is a long integer, and calculating a recipient public key Pk R =sk S G, the first public key is { G, pk S The first private key is sk R
Let plaintext M = (M) of file 1 ,m 2 ) Wherein m is 1 Is the first plaintext letter, m 2 Is a second plaintext letter, optionally a number te Z q Wherein, Z q As an integer, compute ciphertext C = { C = 1 ,C 2 In which C is 1 Is the first ciphertext letter, C 2 Is the second cipher text letter, the calculation mode is as follows:
C 1 =(c 11 ,c 12 ) = t · G; wherein, c 11 Is the first factor of the first ciphertext letter, c 12 A second factor that is a first ciphertext letter;
Y=(y 1 ,y 2 )=t·Pk R (ii) a Where Y is an encryption key, Y 1 Is the first factor, y, of the encryption key 2 A second factor of the encryption key;
C 2 =(c 21 ,c 22 )=(y 1 ×m 1 ,y 2 ×m 2 ) (ii) a Wherein, c 21 Is the first factor of the second ciphertext letter, c 22 Is the second factor of the second ciphertext letter.
In step S306, the sender transmits the encrypted file and the recipient list to the receiving and sending service unit.
Step S307, the text receiving and sending service unit temporarily stores the ciphertext abstract h (C) and the encrypted file in the file management contract.
Step S308, receiving and dispatching the text service listCalling intelligent contract and establishing shared Key (SC、SAgent)
Step S309, the message sending and receiving service unit writes the message sending information into the contract program code of the file exchange contract and compiles the contract program code into byte codes; the message sending information includes the recipient list, the file download API location and the ciphertext abstract.
Step S310, the text receiving and sending service unit obtains the file exchange address.
Step S311, the text receiving and sending service unit writes the file exchange address and the ciphertext abstract into the file management contract.
Step S4, a text receiving stage: the recipient carries out the receiving operation through the receiving and dispatching service unit; the receiving and sending text service unit retrieves the relevant file exchange address through the monitoring exchange network, acquires the ciphertext abstract and the file downloading address through the inquiry of the file exchange address, and transmits the signature and the ciphertext abstract to the sender for requesting file downloading; the sender verifies the signature to confirm the identity of the receiver and verifies whether the receiver is a member of the list of legal receivers, this step can avoid the problem of false identity, the receiving and sending service unit obtains the exchange file from the file management contract after the verification is passed, then the signature file hash value and the exchange file are transmitted back to the receiver, and the receiver decrypts the file by the key generated by both parties after confirming the identity of the sender.
Step S401, the text receiving and sending service unit monitors the switching network to obtain the file switching address.
Step S402, the text receiving/transmitting service unit obtains the ciphertext abstract and the file downloading address through the inquiry of the file exchange address, and transmits the signature and the ciphertext abstract to the sender for requesting the file downloading.
In step S403, the sender verifies the signature to confirm the identity of the recipient, and verifies whether the recipient is a legal member in the recipient list.
In step S404, the text-to-send service unit obtains the ciphertext abstract h (C) and the encrypted file from the file management contract, and returns the ciphertext abstract and the encrypted file to the recipient.
Step S405, the recipient uses the recipient' S private key sk R Decrypting received encrypted filesSecret, calculate Z = (Z) 1 ,z 2 )=sk R ·C 1 =sk R ·t·G=t·Pk R (ii) a Wherein Z is an anti-element point, Z 1 First factor of anti-element point, z 2 The second factor of the anti-element point.
Then, the recipient uses the anti-element point Z and the second ciphertext letter C 2 Calculating and solving to obtain a plaintext initial value M',
finally, checking whether the obtained ciphertext abstract initial value C ' is equal to the ciphertext abstract h (C) or not, and if the obtained ciphertext abstract initial value C ' is equal to the ciphertext abstract h (C), solving to obtain a plaintext M = M ';
wherein, M' = (c) 21 ,z 1 -1 ,c 22 ,z 2 -1 )=(m 1 ′,m 2 ′)。
In the scheme, the minimum third party participation degree is achieved by the block chain and the intelligent contract, and self-verification is introduced, so that the identities of all participants can be mutually verified without passing through the authentication center one by one.
The performance of the present solution was evaluated as follows.
(1) Confidentiality:
confidentiality refers to the protection of data and resources from being exposed to unauthorized persons or processes under appropriate security mechanisms, and also to protect the data from being accessed and used by unauthorized persons during transmission, storage and processing.
Application scenarios: the hacker intends to intercept the files between the sender and recipient.
The solution is as follows: the sender and receiver will mutually verify in the process of receiving and sending text, and generate the shared Key Key = sk R ·Pk s The file is encrypted and then transmitted. Due to the private key sk of the sender S With the private key sk of the receiver R Hold identity Information (ID) for an individual S ,Pk S ,P S ) And (ID) R ,Pk R ,P R ) In order to disclose information, only the sender and the receiver can generate a shared key and decrypt the information with the shared key by the receiver, so that even if a hacker intercepts the information, the decryption cannot be performed.
(2) Integrity:
integrity is to ensure that the file is not altered by any changes during the transfer process, the contents of the file are consistent, and the file can be confirmed as being sent by the sender.
Application scenarios: a hacker intends to tamper with the electronic file content.
The solution is as follows: the sender establishes the message sending information and stores the ciphertext abstract on the block chain network through the intelligent contract, and the receiver verifies the ciphertext abstract and completes message sending and receiving after the ciphertext abstract is confirmed to be matched.
(3) Identification:
authentication refers to the ability to identify the identity of a network user or data sender. In the public key system, the function of authenticating identity is achieved through a public key.
Application scenarios: the hacker intercepts the electronic file exchange information transmitted from the sender to the receiver.
The solution is as follows: the participants need to pass the certification center to register, the certification center sets the participants to the block chain network, and the sender and receiver verify each other in the process of receiving and sending text, and check whether the identification information of both parties is consistent, then generate the shared secret key, encrypt the electronic file. Therefore, the hacker cannot disguise the identity and decrypt the intercepted information.
(4) Non-repudiation:
non-repudiation refers to the proof that an event or action has occurred such that the event or action cannot be repudiated at a later date. The signature has non-repudiation, and only the issuing end knows the private key of the issuing end, so that the issuing end cannot repudiate the generation of the signature and the file transfer.
Application scenarios: the receiver claims that the sender electronic file information is not received, and requests to resend the file.
The solution is as follows: in the process of sending the text, the text information is stored in the block chain network in a public way. When the document-sending data is generated, the list of the recipient and the cipher text summary are temporarily stored in the intelligent contract address, and subsequently, after the recipient verifies the identity of the recipient and confirms the integrity of the information, the intelligent contract exchanges electronic files, and the document-receiving and sending records are stored in the block chain network. This process is non-repudiatable.
It should be understood that equivalents and modifications to the invention as described herein may occur to those skilled in the art, and all such modifications and alterations are intended to fall within the scope of the appended claims.

Claims (6)

1. The block chain based data communication and file exchange method is characterized in that a sender, a receiver, an authentication center, a message receiving and sending service unit and an intelligent contract are established; the intelligent contracts comprise exchange management contracts, file exchange contracts and file management contracts; the method comprises the following steps:
step S1, a deployment phase: the text receiving and sending service unit deploys the intelligent contract on the block chain network, sets the position, the public key and the certificate information of the authentication center and then provides the position, the public key and the certificate information for the participants to perform text receiving and sending operation;
step S2, a registration stage: each participant registers in the authentication center, and after being calculated by the authentication center, the participant gives a verification key and a certificate for self-calculating public and private keys;
step S3, a text sending stage: respectively carrying out identity authentication on the intelligent contract and the participants, and carrying out text sending operation after a safety channel is established; in the process of file exchange, the text receiving and sending service unit utilizes an exchange management contract to inquire identity information of a recipient; before uploading the file, the sender encrypts the file by an elliptic curve encryption method, and generates a list of receivers so that the legal receivers have the right to download the file, and transmits the file and the list of receivers to a file receiving and sending service unit; the message sending information is written in by the message sending and receiving service unit and the contract deployment of the file exchange contract is completed, the contract deployment is performed on the chain through private transaction, only the receiver in the receiver list can receive the contract content, and the ciphertext abstract and the file exchange address are stored in the file management contract after the contract deployment is completed so as to complete the message sending operation;
step S4, a text receiving stage: the receiver receives the text through the text receiving and sending service unit; the receiving and sending text service unit retrieves the relevant file exchange address through monitoring the exchange network, acquires the ciphertext abstract and the file downloading address through the inquiry of the file exchange address, and transmits the signature and the ciphertext abstract to the sender for requesting file downloading; the sender verifies the signature to confirm the identity of the receiver, verifies whether the receiver is a legal receiver list member, after the verification is passed, the receiving and transmitting service unit obtains the cipher text abstract and the encrypted file from the file management contract and transmits the cipher text abstract and the encrypted file back to the receiver, and after the receiver confirms that the identity of the sender is correct, the file is decrypted by the key generated by the two parties.
2. The method for block chain based data communication and archive exchange according to claim 1, wherein step S1 comprises:
step S101, participants including a sender, a receiver and an intelligent contract store own identity information into a message receiving and sending service unit;
step S102, a message receiving and sending service unit deploys an intelligent contract on a block chain network;
step S103, the text receiving and sending service unit sets identity information, a public key and certificate information of the authentication center;
step S104, the intelligent contract stores the identity information, the public key and the certificate information of the authentication center in the block chain network.
3. The blockchain-based data communication and archive exchange method according to claim 2, wherein the step S2 includes:
step S201, the authentication center selects a safe elliptic curve E (Fq) in a finite field Fq, wherein q is a large prime number with more than 256 bits; selecting a base point G with the order n on an elliptic curve E (Fq) so that n.G = O, wherein O is an infinite point of the elliptic curve, and selecting a one-way hash function h () and a certification center private key sk CA Computing the public key Pk of the certificate authority CA And an elliptic curve E (Fq), an order n, a base point G, a one-way hash function h (), and a public key Pk of the authentication center CA Disclose to participants Pt, wherein Pk CA =sk CA ·G;
Step S202, the participants including the sender, the receiver and the intelligent contract submit the ID of the participant to the authentication center respectively Pt And participant random parameter d Pt ∈[2,n—2]Random parameter d Pt With participant identity information ID Pt After the hash operation, the signature file V of the participant is obtained Pt (ii) a Wherein: v Pt =h(d Pt ∥ID Pt )·G;
Step S203, the authentication center selects a random parameter k of the authentication center Pt ∈[2,n—2]Computing participant public keys Pk Pt And participant signature w Pt Then, transmitting the data to the participants; wherein:
Pk Pt =V Pt +(k Pt —h(ID Pt ))·G=(q ptx ,q pty );q ptx is a first factor of the participant public key; q. q of pty Is the second factor of the participant public key;
w Pt =k Pt +sk CA (q ptx +h(ID Pt ));
step S204, participant, parameter (w) returned by authentication center Pt ,Pk Pt ) Computing the participant private key sk Pt Wherein, sk Pt =[w Pt +h(d Pt ∥ID Pt )]。
4. The blockchain-based data communication and archive exchange method according to claim 3, wherein the step S3 includes:
step S301, the sender requests the receiving and sending text service unit to inquire the recipient' S data;
step S302, the text receiving and sending service unit inquires the data of the recipient from the exchange management contract;
step S303, the text receiving/transmitting service unit and the text sender obtain the data of the text receiver;
step S304, after the sender obtains the correct recipient data, a recipient list is generated according to the self-sending requirement;
step S305, the sender encrypts the file by an elliptic curve encryption method;
step S306, the sender transmits the encrypted file and the recipient list to the receiving and sending text service unit;
step S307, the text receiving and sending service unit temporarily stores the ciphertext abstract h (C) and the encrypted file in a file management contract;
step S308, the message receiving and sending service unit calls the intelligent contract and establishes a shared Key Key (SC、SAgent)
Step S309, the text sending and receiving service unit writes the text sending information into the contract program code of the file exchange contract and compiles the information into byte codes; the text information comprises a recipient list, a file downloading API position and a ciphertext abstract;
step S310, the text receiving and sending service unit obtains the file exchange address;
step S311, the text receiving and sending service unit writes the file exchange address and the ciphertext abstract into the file management contract.
5. The blockchain-based data communication and archive exchange method according to claim 4, wherein the step S305 includes: the public parameter of the authentication center is an elliptic curve E (Fq) and an order n, and the sender S selects an integer as a sender private key sk S And 0 is<sk S <n, selecting a point G E as long integer, and calculating public key Pk of receiver R =sk S G, the first public key is { G, pk S The first private key is sk R
Let plaintext M = (M) of file 1 ,m 2 ) Wherein m is 1 Is the first plaintext letter, m 2 Is a second plaintext letter, optionally a number t e Z q Wherein, Z q Is an integer, calculate ciphertext C = { C 1 ,C 2 In which C is 1 Is the first ciphertext letter, C 2 Is the second cipher text letter, the calculation mode is as follows:
C 1 =(c 11 ,c 12 ) = t · G; wherein, c 11 Is the first factor of the first ciphertext letter, c 12 A second factor that is a first ciphertext letter;
Y=(y 1 ,y 2 )=t·Pk R (ii) a Wherein Y is an encryption keyKey, y 1 Is the first factor, y, of the encryption key 2 A second factor of the encryption key;
C 2 =(c 21 ,c 22 )=(y 1 ×m 1 ,y 2 ×m 2 ) (ii) a Wherein, c 21 Is the first factor of the second ciphertext letter, c 22 Is the second factor of the second ciphertext letter.
6. The blockchain-based data communication and archive exchange method according to claim 5, wherein the step S4 includes:
step S401, the text receiving and sending service unit monitors the exchange network to obtain the file exchange address;
step S402, the text receiving and sending service unit obtains the cipher text abstract and the file downloading address through the inquiry of the file exchange address, and transmits the signature and the cipher text abstract to the sender for requesting the file downloading;
step S403, the sender verifies the signature to confirm the identity of the receiver, and verifies whether the receiver is a legal member in the receiver list;
step S404, the text receiving and sending service unit obtains the ciphertext abstract h (C) and the encrypted file from the file management contract and returns the ciphertext abstract and the encrypted file to the recipient;
step S405, the receiver uses the private key sk of the receiver R Decrypting the received encrypted file to calculate Z = (Z) 1 ,z 2 )=sk R ·C 1 =sk R ·t·G=t·Pk R (ii) a Wherein Z is an anti-element point, Z 1 First factor of anti-element point, z 2 A second factor that is an anti-element point;
then, the recipient uses the anti-element point Z and the second ciphertext letter C 2 Calculating and solving to obtain a plaintext initial value M',
finally, checking whether the obtained ciphertext abstract initial value C 'is equal to the ciphertext abstract h (C) or not, and if the check result is equal, solving to obtain a plaintext M = M'; wherein, M' = (c) 21 ,z 1 -1 ,c 22 ,z 2 -1 )=(m 1 ′,m 2 ′)。
CN202211091949.8A 2022-09-07 2022-09-07 Data communication and file exchange method based on block chain Active CN115174277B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211091949.8A CN115174277B (en) 2022-09-07 2022-09-07 Data communication and file exchange method based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211091949.8A CN115174277B (en) 2022-09-07 2022-09-07 Data communication and file exchange method based on block chain

Publications (2)

Publication Number Publication Date
CN115174277A CN115174277A (en) 2022-10-11
CN115174277B true CN115174277B (en) 2022-12-06

Family

ID=83481759

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211091949.8A Active CN115174277B (en) 2022-09-07 2022-09-07 Data communication and file exchange method based on block chain

Country Status (1)

Country Link
CN (1) CN115174277B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117478302B (en) * 2023-12-28 2024-03-01 湖南天河国云科技有限公司 Block chain-based privacy node identity verification method and device

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111680311A (en) * 2020-05-28 2020-09-18 北京理工大学 Data exchange system and method based on block chain

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201947406A (en) * 2018-05-03 2019-12-16 華東科技股份有限公司 Data exchange group system and a method thereof
CN108881160A (en) * 2018-05-07 2018-11-23 北京信任度科技有限公司 Medical treatment & health data managing method and system based on block chain intelligence contract
CN108667618B (en) * 2018-05-10 2020-07-03 阿里巴巴集团控股有限公司 Data processing method, device, server and system for member management of block chain
CN111835500B (en) * 2020-07-08 2022-07-26 浙江工商大学 Searchable encryption data secure sharing method based on homomorphic encryption and block chain
CN112540957B (en) * 2020-12-03 2022-06-24 齐鲁工业大学 File secure storage and sharing system based on mixed block chain and implementation method
CN114329528A (en) * 2021-12-20 2022-04-12 中元众诚(北京)科技有限公司 File data management method and system based on block chain
CN115001658A (en) * 2022-04-06 2022-09-02 八维通科技有限公司 Credible subway identity authentication and access control method under unstable network environment
CN114826766B (en) * 2022-05-18 2022-11-18 北京交通大学 Block chain cross-chain based security verifiable service providing method and system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111680311A (en) * 2020-05-28 2020-09-18 北京理工大学 Data exchange system and method based on block chain

Also Published As

Publication number Publication date
CN115174277A (en) 2022-10-11

Similar Documents

Publication Publication Date Title
Merkle Protocols for public key cryptosystems
CN112003889B (en) Distributed cross-link system and cross-link information interaction and system access control method
JP5432999B2 (en) Encryption key distribution system
US10742426B2 (en) Public key infrastructure and method of distribution
CN103905384B (en) The implementation method of session handshake between built-in terminal based on secure digital certificate
EP1163589A1 (en) Authentication enforcement using decryption and authentication in a single transaction in a secure microprocessor
CN102404347A (en) Mobile internet access authentication method based on public key infrastructure
CN110852745A (en) Block chain distributed dynamic network key automatic updating method
CN111934884B (en) Certificate management method and device
CN112291059B (en) Key generation method and device, storage medium and electronic equipment
CN115174277B (en) Data communication and file exchange method based on block chain
CN113676330B (en) Digital certificate application system and method based on secondary secret key
CN112019553B (en) Data sharing method based on IBE/IBBE
Prabhu et al. Security in computer networks and distributed systems
CN113918971A (en) Block chain based message transmission method, device, equipment and readable storage medium
CN114301612A (en) Information processing method, communication apparatus, and encryption apparatus
WO2008004174A2 (en) Establishing a secure authenticated channel
JP3796528B2 (en) Communication system for performing content certification and content certification site device
CN113572615B (en) Method, system, equipment and storage medium for identity authentication of distributed network users
JPH11191761A (en) Mutual authentication method and device therefor
Merkle 4. Protocols for
CN115134111A (en) Encryption algorithm method for mass data distributed storage
CN117040905A (en) Data encryption transmission method, device, equipment and storage medium
CN115982776A (en) Data encryption protection method and system for block chain
CN117834151A (en) Block chain-based data privacy protection method and device and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant