CN115567326B - Data transaction method and device based on block chain - Google Patents

Data transaction method and device based on block chain Download PDF

Info

Publication number
CN115567326B
CN115567326B CN202211544709.9A CN202211544709A CN115567326B CN 115567326 B CN115567326 B CN 115567326B CN 202211544709 A CN202211544709 A CN 202211544709A CN 115567326 B CN115567326 B CN 115567326B
Authority
CN
China
Prior art keywords
data
key
ciphertext
private
blockchain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211544709.9A
Other languages
Chinese (zh)
Other versions
CN115567326A (en
Inventor
马兆丰
王晶宇
段鹏飞
胡绍洲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Original Assignee
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications filed Critical Beijing University of Posts and Telecommunications
Priority to CN202211544709.9A priority Critical patent/CN115567326B/en
Publication of CN115567326A publication Critical patent/CN115567326A/en
Application granted granted Critical
Publication of CN115567326B publication Critical patent/CN115567326B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a data transaction method and a device based on a block chain. The method fully utilizes symmetric encryption and asymmetric encryption to finish the transmission of the initial key and the private data mentioned in the principal identity authentication, thereby improving the safety performance. Meanwhile, by introducing verification for limiting decryption time, time-limited sharing of specified data can be realized. According to the data transaction method based on the block chain, a transmission encryption mechanism is constructed, and the method can be suitable for various block chain platforms on the basis of meeting the privacy requirements of special subjects so as to enhance the service expansion capability.

Description

Data transaction method and device based on block chain
Technical Field
The invention relates to the technical field of data communication, in particular to a data transaction method and device based on a block chain.
Background
The blockchain is essentially a distributed book technology, stores and verifies transactions in a decentralized mode, and maintains consistency of the transactions by a large number of peer nodes together, so that transaction data on the chain is public and transparent. The transaction data in the block chain is packaged and stored in a block form, and the blocks are connected through the hash value, so that the non-tamper property and the traceability of the data on the chain are ensured. The block chain eliminates the dependency on the participation of a third party in verification and record transaction, so that the block chain can be used as a trust foundation of the existing application system and can be used in the fields of finance, education, medical treatment and the like.
Cryptography serves as the core of the block chain to ensure integrity, non-repudiation and non-tampering of the transaction information. The cryptographic algorithm at the bottom of the block chain technology mainly comprises a hash algorithm and an asymmetric encryption algorithm. And performing hash calculation on the previous block by using a hash algorithm, and storing the obtained fixed-length abstract in the current block, thereby realizing the integrity and the non-tamper property of the block chain. In the asymmetric encryption algorithm, a transaction initiator can digitally sign a transaction by using a private key of the transaction initiator to ensure the integrity of transaction transmission and the non-repudiation of a transaction sender.
The existing public blockchain platform lacks an encryption algorithm for supporting enterprise-level application, cannot meet the privacy requirements of a specific subject, and cannot meet the requirements of the specific subject on privacy data security and time-limited sharing.
Disclosure of Invention
In view of the above, embodiments of the present invention provide a method and an apparatus for data transaction based on a block chain, so as to obviate or mitigate one or more drawbacks in the prior art, and provide an encryption transmission method based on a block chain, so as to meet the requirement of private transmission of a specific subject.
One aspect of the present invention provides a data transaction method based on a blockchain, including the steps of:
generating an initial key based on symmetric encryption by a data provider, and generating a round key according to the initial key by adopting a preset key expansion algorithm;
encrypting, by the data provider, private data using the round key to obtain a first ciphertext;
the data provider encodes and modulates the initial key according to a preset hidden transmission rule to obtain hidden information;
obtaining a first public key and a corresponding first private key by a verification node in a block chain network according to system parameters, disclosing the first public key, and locally storing the first private key;
generating, by the data provider, a limited decryption time of the private data, encrypting the hidden information and the limited decryption time with the first public key to obtain a second ciphertext, and encrypting the first ciphertext with the first public key to obtain a third ciphertext;
applying for registration and obtaining, by the data provider, a first digital certificate and a first signing private key to a set certificate authority, and applying for registration and obtaining, by the data receiver, a second digital certificate and a second signing private key to the set certificate authority;
uploading, by the data provider, the second ciphertext and the third ciphertext to the blockchain network in combination with the first digital certificate and the first signature private key, authenticating, by an accounting node of the blockchain network, the first digital certificate and the first signature private key, and performing uplink storage on the second ciphertext and the third ciphertext after the authentication is passed;
sending, by the data receiver, a data request to a verification node of the blockchain network in conjunction with the second digital certificate and the second private signature key;
the verification node of the block chain network authenticates the second digital certificate and the second signature private key, after the authentication is passed, the second ciphertext and the third ciphertext stored in the chain are inquired, the second ciphertext and the third ciphertext are decrypted by the first private key, and the hidden information, the limited decryption time and the first ciphertext are recovered;
checking whether the current time is overtime or not by a verification node of the block chain network according to the limited decryption time, and sending the recovered hidden information and the first ciphertext to the data receiver under the condition that the current time is not overtime;
and the data receiver demodulates and decodes the recovered hidden information according to the preset hidden transmission rule to recover the initial key, the round key is regenerated according to the recovered initial key by adopting the preset key expansion algorithm, and the first ciphertext recovered by utilizing the regenerated round key is decrypted to obtain the private data.
In some embodiments, generating, by the data provider, an initial key based on symmetric encryption, and before generating a round key from the initial key using a pre-key expansion algorithm, further includes:
covert transmission rules are determined and initialized by the data provider and the data receiver in concert, and coding tables and modulation symbol tables for covert transmission are determined.
In some embodiments, in the preset key expansion algorithm, the initial key expression is:
Figure SMS_1
the system parameter expression is:
Figure SMS_2
the fixed parameter expression is:
Figure SMS_3
the round key calculation formula is as follows:
Figure SMS_4
Figure SMS_5
Figure SMS_6
wherein the content of the first and second substances,
Figure SMS_8
a parameter value representing the initial key is determined,
Figure SMS_11
a parameter value representing a parameter of the system,
Figure SMS_13
a parameter value representing the fixed parameter,
Figure SMS_9
an i-th parameter value representing said initial key,
Figure SMS_10
the ith parameter value representing the system parameter, reversible transformation
Figure SMS_12
Wherein
Figure SMS_14
Is a non-linear transformation of the image,
Figure SMS_7
is a linear transformation.
In some embodiments, a verification node in the blockchain network obtains a first public key and a corresponding first private key according to system parameters, where the first public key and the first private key are obtained by using an SM2 elliptic curve public key cryptographic algorithm.
In some embodiments, generating, by the data provider, an initial key based on symmetric encryption, and before generating a round key from the initial key using a pre-key expansion algorithm, further includes: and the data provider distinguishes whether the data to be transmitted is common data or private data, and if the data to be transmitted is the common data, the data to be transmitted is directly sent to the block chain network for uplink storage.
In some embodiments, the decryption limiting time is preset according to a service type of the private data, and the decryption limiting time is directly marked with a timestamp, or is constrained by setting a decryption deadline and combining with a timestamp of the private data uploaded by the data provider.
In some embodiments, authenticating, by an accounting node of the blockchain network, the first digital certificate and the first private signature key, and after the authentication is successful and the second ciphertext and the third ciphertext are stored uplink, further comprising: and calculating a hash value of the second ciphertext and the third ciphertext by adopting an SM3 algorithm, and performing uplink storage.
In some embodiments, the method employs a BCCSP cryptographic module to provide key generation, message signing and verification, hashing algorithms, and encryption and decryption.
In another aspect, the present invention also provides an apparatus for data transaction based on blockchain, which includes a processor and a memory, wherein the memory has stored therein computer instructions, and the processor is configured to execute the computer instructions stored in the memory, and when the computer instructions are executed by the processor, the apparatus implements the steps of the method.
In another aspect, the present invention also provides a computer-readable storage medium, on which a computer program is stored, wherein the program, when executed by a processor, implements the steps of the method as described above.
The invention has the beneficial effects that:
according to the data transaction method and device based on the block chain, round key encryption private data are generated according to an initial key based on a preset key expansion algorithm and are stored in a chain mode, the initial key is encrypted and transmitted between a data provider and a data receiver through a preset hidden transmission rule, and the round key is regenerated and decrypted by the data receiver according to the initial key based on the preset key expansion algorithm to obtain the private data. The method fully utilizes symmetric encryption and asymmetric encryption to finish the transmission of the initial key and the private data mentioned in the principal identity authentication, thereby improving the safety performance. Meanwhile, by introducing verification for limiting decryption time, time-limited sharing of specified data can be realized.
Furthermore, a transmission encryption mechanism is constructed through the data transaction method based on the block chain, so that the method can be suitable for various block chain platforms on the basis of meeting the privacy requirements of special subjects, and the service expansion capability is enhanced.
Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and drawings.
It will be appreciated by those skilled in the art that the objects and advantages that can be achieved with the present invention are not limited to the specific details set forth above, and that these and other objects that can be achieved with the present invention will be more clearly understood from the detailed description that follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the principles of the invention. In the drawings:
fig. 1 is a block chain network architecture diagram of a private block chain based data transaction method according to an embodiment of the present invention.
Fig. 2 is a flowchart of a data transaction method based on a blockchain according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the following embodiments and the accompanying drawings. The exemplary embodiments and descriptions of the present invention are provided to explain the present invention, but not to limit the present invention.
It should be noted that, in order to avoid obscuring the present invention with unnecessary details, only the structures and/or processing steps closely related to the scheme according to the present invention are shown in the drawings, and other details not so relevant to the present invention are omitted.
It should be emphasized that the term "comprises/comprising" when used herein, is taken to specify the presence of stated features, elements, steps or components, but does not preclude the presence or addition of one or more other features, elements, steps or components.
It is also noted herein that the term "coupled," if not specifically stated, may refer herein to not only a direct connection, but also an indirect connection in which an intermediate is present.
Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings. In the drawings, the same reference numerals denote the same or similar parts, or the same or similar steps.
In order to meet special privacy requirements of medical treatment, taxation, governments and bid-inviting and bidding institutions, the method is suitable for different block chain platforms and facilitates business expansion. By constructing a new encryption transmission mechanism, a national encryption algorithm can be introduced to be combined with the existing blockchain platform to carry out service deployment.
For example, hyperLegendr Fabric is an enterprise-level open source licensed blockchain platform hosted by the Linux foundation, and is currently a representative platform of a Federation chain in the field of blockchains. The architecture of the Fabric platform is highly modularized, so that the modules can be independently upgraded, and the expandability is improved. The Fabric platform consists of a Fabric network, a Fabric-CA and a Fabric-SDK, and the whole Fabric platform transaction flow is obtained through interactive connection among the parts.
First, the client of the Fabric-SDK application applies for registration with the certificate authority Fabric-CA to obtain an identity certificate. The client may then submit a proposal for the transaction to an endorsement node in the Fabric blockchain network. When the client collects enough endorsement results, the endorsement results are packaged and a transaction is initiated to the sequencing node. The sort node packages all transactions and generates blocks using the PBFT consensus algorithm (the practical byzantine fault tolerance algorithm). Finally, the sequencing node broadcasts the block to all peer nodes by using a Gossip protocol, and each peer node updates the distributed account book after verifying that the transaction in the block is correct. The Fabric platform provides calling interfaces such as a client SDK and a chain code API, and provides services such as identity management and account management for Fabric application. In each transaction link involved in the Fabric blockchain network transaction flow, digital signature and signature verification operations exist to ensure ownership of the client private key and non-repudiation of the transaction. The signature and verification functions of the transaction are provided by the underlying security and cryptographic services. The service comprises a BCCSP component and provides services such as key generation, signature and verification of messages, a hash algorithm, encryption and decryption and the like for Fabric.
The HyperLegridge Fabric platform lacks of an effective encryption algorithm, cannot meet the requirements of enterprise-level specific main bodies, guarantees the safety and time-limited sharing of private data on a chain, and can be applied at the domestic enterprise level to construct a new encryption algorithm system in order to construct a national confidential block chain safety sharing model.
Specifically, one aspect of the present invention provides a data transaction method based on a block chain, including the following steps S101 to S111:
step S101: and generating an initial key based on symmetric encryption by a data provider, and generating a round key according to the initial key by adopting a preset key expansion algorithm.
Step S102: the private data is encrypted by the data provider using the round key to obtain a first ciphertext.
Step S103: and the data provider encodes and modulates the initial secret key according to a preset hidden transmission rule to obtain hidden information.
Step S104: and obtaining a first public key and a corresponding first private key by a verification node in the block chain network according to the system parameters, disclosing the first public key, and locally storing the first private key.
Step S105: and generating the decryption limiting time of the private data by the data provider, encrypting the hidden information and the decryption limiting time by using the first public key to obtain a second ciphertext, and encrypting the first ciphertext by using the first public key to obtain a third ciphertext.
Step S106: the data provider applies for registration and obtains a first digital certificate and a first private signing key from the set certificate authority, and the data receiver applies for registration and obtains a second digital certificate and a second private signing key from the set certificate authority.
Step S107: and uploading the second ciphertext and the third ciphertext to a blockchain network by the data provider in combination with the first digital certificate and the first signature private key, authenticating the first digital certificate and the first signature private key by an accounting node of the blockchain network, and uploading and storing the second ciphertext and the third ciphertext after the authentication is passed.
Step S108: and sending, by the data receiver, the data request to a verification node of the blockchain network in conjunction with the second digital certificate and the second private signature key.
Step S109: and the verification node of the block chain network authenticates the second digital certificate and the second signature private key, after the authentication is passed, the second ciphertext and the third ciphertext stored in the chain are inquired, the second ciphertext and the third ciphertext are decrypted by the first private key, and the hidden information, the decryption time limit and the first ciphertext are recovered.
Step S110: and checking whether the current time is overtime or not by the verification node of the block chain network according to the limited decryption time, and sending the recovered hidden information and the first ciphertext to a data receiver under the condition of not overtime.
Step S111: and the data receiver demodulates and decodes the recovered hidden information according to a preset hidden transmission rule, recovers an initial key, regenerates a round key according to the recovered initial key by adopting a preset key expansion algorithm, and decrypts the recovered first ciphertext by using the regenerated round key to obtain the private data.
In some embodiments, before step S101, that is, before the data provider generates the initial key based on symmetric encryption and the round key is generated from the initial key by using the preset key expansion algorithm, the method further includes: the covert transmission rules are determined and initialized jointly by the data provider and the data receiver, and the coding tables and modulation symbol tables used for covert transmission are determined. The covert transmission rules are agreed and set by the data provider and the data receiver, and are used exclusively for transmitting the initial key. The encryption transmission of the initial key is realized by encoding and modulating at a data provider end through an agreed rule and decoding and demodulating at a data receiver end through the agreed rule.
In some embodiments, in step S101, in the preset key expansion algorithm, the initial key may be expressed as:
Figure SMS_15
the system parameter expression is:
Figure SMS_16
the fixed parameter expression is:
Figure SMS_17
the round key calculation formula is:
Figure SMS_18
Figure SMS_19
Figure SMS_20
wherein the content of the first and second substances,
Figure SMS_22
a parameter value representing the initial key is determined,
Figure SMS_24
a parameter value representing a parameter of the system,
Figure SMS_26
a parameter value representing the fixed parameter,
Figure SMS_23
an i-th parameter value representing said initial key,
Figure SMS_25
the ith parameter value representing the system parameter, reversible transformation
Figure SMS_27
Wherein
Figure SMS_28
Is a non-linear transformation of the image,
Figure SMS_21
is a linear transformation.
In step S102, the private data is encrypted using the round key to obtain a first ciphertext, the plaintext input being known to be
Figure SMS_29
Round key
Figure SMS_30
(ii) a Reversible transformation
Figure SMS_31
Wherein
Figure SMS_32
Is a non-linear transformation of the image,
Figure SMS_33
is a linear transformation. The operation process of the encryption algorithm is as follows:
Figure SMS_34
ciphertext output
Figure SMS_35
. The operation process of the encryption algorithm is recorded as:
Figure SMS_36
in step S103, the preset hidden transmission rule mainly includes a convention coding table
Figure SMS_37
And modulation symbol table
Figure SMS_38
In some embodiments, in step S104, a verification node in the blockchain network obtains a first public key and a corresponding first private key according to the system parameters, where the first public key and the first private key are obtained by using an SM2 elliptic curve public key cryptographic algorithm.
In some embodiments, generating, by the data provider, an initial key based on symmetric encryption, and before generating, by using a pre-key expansion algorithm, a round key from the initial key, further includes: the data provider distinguishes whether the data to be transmitted is common data or private data, and if the data to be transmitted is the common data, the data to be transmitted is directly sent to the block chain network for uplink storage.
Common data and private data are distinguished, the same processing mode is set for different data, the common data do not need privacy protection and can be directly stored and transmitted through uplink, and the private data are stored in the uplink in the steps S101-S111 and are acquired by a data receiver.
In step S105, the decryption time is limited by the time for which the private data can be read, and for the sensitive data or the data with a specific time efficiency, the decryption time is limited by manual setting for constraint management, so as to implement time-limited sharing.
Specifically, in some embodiments, the decryption limiting time is preset according to the service type of the private data, and the decryption limiting time may be directly marked by a timestamp, or may be constrained by setting a decryption deadline in combination with a timestamp of the private data uploaded by a data provider.
In step S106, the third-party certification authority provides the digital certificate and the signature to the data provider and the data receiver, for example, the Fabric-CA in the superledger Fabric is used to perform application registration to obtain the identity certificate.
In some embodiments, in step S107, authenticating, by an accounting node of the blockchain network, the first digital certificate and the first private signature key, and after the authentication is passed and the second ciphertext and the third ciphertext are stored in the uplink, the method further includes: and calculating the hash value of the second ciphertext and the third ciphertext by adopting an SM3 algorithm, and performing uplink storage.
In steps S108 to S111, a data receiver queries the required private data on the block chain according to actual needs, and gradually decrypts the private data according to the reverse order of the encryption process to obtain the initial private data.
In some embodiments, the method employs a BCCSP cryptographic module to provide key generation, message signing and verification, hashing algorithms, and encryption and decryption.
In another aspect, the present invention also provides an apparatus for data transaction based on blockchain, including a processor and a memory, where the memory stores computer instructions, and the processor is configured to execute the computer instructions stored in the memory, and when the computer instructions are executed by the processor, the apparatus implements the steps of the above method.
In another aspect, the present invention also provides a computer-readable storage medium, on which a computer program is stored, wherein the program, when executed by a processor, implements the steps of the method as described above.
The invention is illustrated below with reference to specific examples:
in order to realize the secure sharing of transaction data under a national secret blockchain platform, as shown in fig. 1, the invention provides a data transaction method based on a blockchain. The system model of the method mainly comprises three types of entities: a data provider, a national cipher blockchain network, and a data receiver. The data provider refers to institutions such as medical treatment, tax, government and bid for providing data to demander; the national secret blockchain network is a Fabric blockchain platform which replaces the bottom layer cryptographic algorithm of the Fabric platform by the national secret algorithm; the data receiver is a party that needs data to implement various business applications, and includes performing medical research using user data, rating credit of a user, acquiring personal information of the user, completing various businesses, bidding for items, and the like.
The embodiment provides a data transaction method based on a blockchain, as shown in fig. 2, including the following steps:
step 1, initializing a hidden transmission rule, and generating a processing rule for a message during hidden transmission. The data supplier and the data receiver initialize the rules for processing the message in advance when generating the concealed transmission, including the coding table
Figure SMS_39
And modulation symbol table
Figure SMS_40
And 2, generating an initial key distributed by SM4 symmetric encryption by the data provider. Data provider generates initial key needed by SM4 symmetric encryption algorithm
Figure SMS_41
And 3, the data provider generates a round key according to the initial key and encrypts the private data. The data provider generates a round key from the initial key generated in step 2
Figure SMS_42
(ii) a Using round keys
Figure SMS_43
Encrypting a user
Figure SMS_44
To obtain a ciphertext
Figure SMS_45
I.e. by
Figure SMS_46
And 4, the data provider encodes and modulates the initial key to generate the hidden information. The data provider pairs the initial key according to the message processing rule agreed with the data receiver
Figure SMS_47
Coding and modulating to obtain hidden information
Figure SMS_48
Namely:
Figure SMS_49
and 5, acquiring a public and private key pair of the SM2 algorithm by a verification node in the block chain network according to the system parameters. A verification node in the block chain network acquires a public and private key pair of the SM2 algorithm according to the system parameters
Figure SMS_50
Are combined with each other
Figure SMS_51
The broadcast publication is carried out such that,
Figure SMS_52
and (4) storing locally.
And 6, the data provider encrypts the hidden information and the data expiration time by using the public key of the verification node. Data provider generation of time-limited decrypted private data
Figure SMS_53
Then using the public key of the verification node
Figure SMS_54
Respectively to data
Figure SMS_55
And
Figure SMS_56
encrypting to obtain ciphertext
Figure SMS_57
And
Figure SMS_58
. Namely:
Figure SMS_59
Figure SMS_60
and 7, the SDK client sides corresponding to the data provider and the data receiver respectively apply for registration to the certificate authority. User registration: SDK clients corresponding to a data provider and a data receiver respectively apply for registration to a certificate authority to acquire a digital certificate
Figure SMS_61
Figure SMS_62
And a private signature key
Figure SMS_63
And 8, initiating transaction and uploading the encrypted data by the data provider. Data provider client initiated transaction
Figure SMS_64
The encrypted ciphertext
Figure SMS_65
And
Figure SMS_66
and uploading to a block chain. Specific transaction formsThe following were used:
Figure SMS_67
prior to uploading the blockchain, each billing node utilizes the public key of the data provider client
Figure SMS_68
For transaction
Figure SMS_69
The signature of the block is verified, if the verification is passed, the transaction is added into the block after being hashed by using SM3, and if the verification is failed, the transaction is refused to be uploaded into the block chain.
And 9, the data receiver initiates a data request to the verification node. Private data uploaded by data provider required by data receiver
Figure SMS_70
And then, the client side initiates a data request to the verification node client side.
And 10, the verification node client side initiates transaction query data. After the verification node client receives the request, the transaction is initiated
Figure SMS_71
Querying data in blockchains
Figure SMS_72
And
Figure SMS_73
namely:
Figure SMS_74
the specific transaction form is as follows:
Figure SMS_75
and 11, the verification node decrypts the related data and verifies whether the time is expired. The verification nodes respectively decrypt by using private keys
Figure SMS_76
And
Figure SMS_77
Figure SMS_78
Figure SMS_79
after decryption, the verification node judges whether the current time is exceeded. If the current time is exceeded, the verification node client side returns to the data demander
Figure SMS_80
. Initiating a transaction
Figure SMS_81
Upload to
Figure SMS_82
And
Figure SMS_83
the specific transaction form is as follows:
Figure SMS_84
and 12, initiating a transaction by the data receiver, and inquiring relevant data. The verification node client initiates data queryable information to the data receiver, and the data receiver initiates a transaction to query the data in the blockchain
Figure SMS_85
And
Figure SMS_86
namely:
Figure SMS_87
the specific transaction form is as follows:
Figure SMS_88
and step 13, the data receiver recovers the digital hidden information by using the processing rule. The data receiver demodulates and decodes the hidden information according to the message processing rule agreed with the data provider to obtain the initial symmetric key
Figure SMS_89
Namely:
Figure SMS_90
and step 14, the data receiver generates a round key according to the recovered initial symmetric key and decrypts the data. According to the initial symmetric key recovered by the receiver
Figure SMS_91
Generating round keys
Figure SMS_92
(ii) a Using round keys
Figure SMS_93
Decrypting user ciphertext privacy data
Figure SMS_94
To obtain a decrypted text
Figure SMS_95
I.e. by
Figure SMS_96
. At this point, the process of private data sharing between the data provider and the data receiver is completed.
In order to more clearly describe the technical solution of the present invention, specific embodiments of the present invention will now be described in detail with reference to the accompanying drawings, wherein fig. 1 is a national secret block chain privacy protection system model, and fig. 2 is a transaction data privacy protection method flow based on a national secret algorithm.
According to the embodiment, a private and secure sharing model of the transaction data under the foreign secret blockchain is firstly established, and then a block chain transaction data privacy protection method supporting a national secret algorithm system is provided. In the embodiment, the data to be linked up is divided into normal data and private data, and the sender of the transaction needs to encrypt the private data. In the embodiment, the privacy data is encrypted by adopting a symmetric encryption algorithm, so that only a transaction receiver can obtain the privacy data. Meanwhile, the symmetric key shared by both parties of the transaction is transmitted through the block chain hidden channel, so that the security of the symmetric key is effectively ensured. In addition, the embodiment uses the SM2 public key encryption algorithm to verify the validity period of the data, and is suitable for bidding, file downloading and other scenes.
The parameters involved in this example are as follows:
table 1 shows the meanings of the parameters mentioned in this example
Figure SMS_97
In this embodiment, a privacy and security sharing model of transaction data under a national block chain is provided, and the model mainly includes three types of entities: data provider, national cipher blockchain network and data receiver:
the data provider refers to institutions such as medical treatment, tax, government and bid for providing data to demanders; and the data provider divides the data into common data and private data, and encrypts the private data before uploading the data to the blockchain network.
The national secret block chain network is a Fabric block chain platform which replaces the underlying cryptographic algorithm of the Fabric platform by using the encryption algorithm in the invention; after registering, the data provider is added to different organizations of the network as a peer node; a verification node exists in the block chain network, and the node has the main functions of verifying the correctness of signature verification transaction and whether ciphertext data uploaded to a block chain by a data provider is in the validity period or not; the peer node can initiate a transaction to call an intelligent contract to realize uploading of related ciphertext data and encryption sharing of the data, and safety, integrity and timeliness of transaction data are guaranteed. The data receiver is a party needing data for realizing various service applications, and comprises the steps of utilizing user data to perform medical research, rating the credit of a user, acquiring personal information of the user to complete various services, bidding for items and the like; the data receiver obtains the ciphertext data by initiating a data request transaction, and the ciphertext data can be decrypted at the client to obtain the data.
In this embodiment, the user data is divided into general data and private data, and the data provider determines the type of the data. Ordinary data can be directly uplink-linked, and the privacy of a user cannot be threatened. The private data is encrypted by a user symmetric encryption algorithm, and the security of the private data on a chain is guaranteed. The block chain hidden channel is used for transmitting the symmetric key adopted by both transaction parties, so that the concealment, the non-tampering property and the anti-interference property of the symmetric key can be ensured. In addition, the SM2 encryption algorithm is utilized herein for validity verification of time privacy data. That is, the data can be decrypted only within the specified time, and the data cannot be decrypted once the time is exceeded, so that the timeliness of the data is ensured.
As shown in fig. 2, the block chain transaction data privacy protection method supporting the cryptographic algorithm system according to this embodiment is implemented as follows:
step a, hidden transmission rule initialization: the data supplier and the data receiver initialize the processing rule of the message in advance when generating the hidden transmission, including the coding table
Figure SMS_98
And modulation symbol table
Figure SMS_99
Step b, key generation: data provider generates initial key needed by SM4 symmetric encryption algorithm
Figure SMS_100
C, encryption: the data provider generates a round key from the initial key
Figure SMS_101
(ii) a Using round keys
Figure SMS_102
Encrypting a user
Figure SMS_103
To obtain a ciphertext
Figure SMS_104
I.e. by
Figure SMS_105
Step d, generating hidden information: the data provider pairs the initial key according to the message processing rule agreed with the data receiver
Figure SMS_106
Coding and modulating to obtain hidden information
Figure SMS_107
Namely:
Figure SMS_108
and e, generating a public and private key pair: a verification node in the block chain network acquires a public and private key pair of the SM2 algorithm according to the system parameters
Figure SMS_109
Are combined with each other
Figure SMS_110
The broadcast publication is carried out such that,
Figure SMS_111
and (4) storing locally.
Step f, encrypting data: data provider generation time limiting decryption of private data
Figure SMS_112
Then using the public key of the verification node
Figure SMS_113
Respectively to data
Figure SMS_114
And
Figure SMS_115
encrypting to obtain ciphertext
Figure SMS_116
And
Figure SMS_117
. Namely:
Figure SMS_118
Figure SMS_119
step g, user registration: SDK clients corresponding to a data provider and a data receiver respectively apply for registration to a certificate authority to acquire a digital certificate
Figure SMS_120
Figure SMS_121
And a private signature key
Figure SMS_122
Step h, data uplink: data provider client initiated transaction
Figure SMS_123
The encrypted ciphertext
Figure SMS_124
And
Figure SMS_125
uploading into a blockchain. The specific transaction form is as follows:
Figure SMS_126
prior to uploading the blockchain, each billing node utilizes a data provider guestPublic key of user terminal
Figure SMS_127
For transaction
Figure SMS_128
The signature of the block is verified, if the verification is passed, the transaction is added into the block after being hashed by using SM3, and if the verification is failed, the transaction is refused to be uploaded into the block chain.
Step i. Data request: private data uploaded by data provider required by data receiver
Figure SMS_129
Then, the client side initiates a data request to the verification node client side;
step j, verifying node data query: after the verification node client receives the request, the transaction is initiated
Figure SMS_130
Querying data in blockchains
Figure SMS_131
And
Figure SMS_132
namely:
Figure SMS_133
the specific transaction form is as follows:
Figure SMS_134
step k, time verification: the verification nodes respectively decrypt by using private keys
Figure SMS_135
And
Figure SMS_136
Figure SMS_137
Figure SMS_138
after decryption, the verification node judges whether the current time is exceeded. If the current time is exceeded, the verification node client returns to the data demander
Figure SMS_139
. Otherwise, initiating the transaction
Figure SMS_140
Upload to
Figure SMS_141
And
Figure SMS_142
the specific transaction form is as follows:
Figure SMS_143
data receiver data query: the verification node client initiates data queryable information to the data receiver, and the data receiver initiates a transaction to query the data in the blockchain
Figure SMS_144
And
Figure SMS_145
namely:
Figure SMS_146
. The specific transaction form is as follows:
Figure SMS_147
and m, key recovery: the data receiver demodulates and decodes the hidden information according to the message processing rule agreed with the data provider to obtain the initial symmetric key
Figure SMS_148
Namely:
Figure SMS_149
step n, decryption: the data receiver is based on the original symmetric key at the recovery site
Figure SMS_150
Generating round keys
Figure SMS_151
(ii) a Using round keys
Figure SMS_152
Decrypting user ciphertext privacy data
Figure SMS_153
To obtain a decrypted text
Figure SMS_154
I.e. by
Figure SMS_155
. At this point, the process of private data sharing between the data provider and the data receiver is completed.
In summary, according to the data transaction method and apparatus based on the blockchain, round key encryption private data is generated according to an initial key based on a preset key expansion algorithm and is uplink stored, the initial key is encrypted and transmitted between a data provider and a data receiver according to a preset hidden transmission rule, and the round key is re-generated according to the initial key based on the preset key expansion algorithm by the data receiver and is decrypted to obtain the private data. The method fully utilizes symmetric encryption and asymmetric encryption to finish the transmission of the initial key and the private data for the identity authentication of the main body, thereby improving the safety performance. Meanwhile, by introducing verification for limiting decryption time, time-limited sharing of specified data can be realized.
Furthermore, a transmission encryption mechanism is constructed by the data transaction method based on the block chain, so that the method can be suitable for various block chain platforms on the basis of meeting the privacy requirements of special subjects to enhance the service expansion capability.
In accordance with the above method, the present invention also provides a data transaction apparatus/system based on blockchain, which includes a computer device including a processor and a memory, wherein the memory stores computer instructions, the processor is used for executing the computer instructions stored in the memory, and the apparatus/system realizes the steps of the method when the computer instructions are executed by the processor.
An embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the steps of the foregoing edge computing server deployment method. The computer readable storage medium may be a tangible storage medium such as Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, floppy disks, hard disks, removable storage disks, CD-ROMs, or any other form of storage medium known in the art.
Those of ordinary skill in the art will appreciate that the various illustrative components, systems, and methods described in connection with the embodiments disclosed herein may be implemented as hardware, software, or combinations of both. Whether this is done in hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention. When implemented in hardware, it may be, for example, an electronic circuit, an Application Specific Integrated Circuit (ASIC), suitable firmware, plug-in, function card, or the like. When implemented in software, the elements of the invention are the programs or code segments used to perform the required tasks. The program or code segments may be stored in a machine-readable medium or transmitted by a data signal carried in a carrier wave over a transmission medium or a communication link.
It is to be understood that the invention is not limited to the specific arrangements and instrumentality described above and shown in the drawings. A detailed description of known methods is omitted herein for the sake of brevity. In the above embodiments, several specific steps are described and shown as examples. However, the method processes of the present invention are not limited to the specific steps described and illustrated, and those skilled in the art can make various changes, modifications and additions or change the order between the steps after comprehending the spirit of the present invention.
Features that are described and/or illustrated with respect to one embodiment may be used in the same way or in a similar way in one or more other embodiments and/or in combination with or instead of the features of the other embodiments in the present invention.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made to the embodiment of the present invention by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. A method for data transaction based on blockchain, the method comprising the steps of:
generating an initial key based on symmetric encryption by a data provider, and generating a round key according to the initial key by adopting a preset key expansion algorithm;
encrypting, by the data provider, private data using the round key to obtain a first ciphertext;
the data provider encodes and modulates the initial key according to a preset hidden transmission rule to obtain hidden information;
obtaining a first public key and a corresponding first private key by a verification node in a block chain network according to system parameters, disclosing the first public key, and locally storing the first private key;
generating, by the data provider, a limited decryption time of the private data, encrypting the hidden information and the limited decryption time with the first public key to obtain a second ciphertext, and encrypting the first ciphertext with the first public key to obtain a third ciphertext;
applying for registration and obtaining a first digital certificate and a first signature private key from the set certificate authority by the data provider, and applying for registration and obtaining a second digital certificate and a second signature private key from the set certificate authority by the data receiver;
uploading, by the data provider, the second ciphertext and the third ciphertext to the blockchain network in combination with the first digital certificate and the first signature private key, authenticating, by an accounting node of the blockchain network, the first digital certificate and the first signature private key, and performing uplink storage on the second ciphertext and the third ciphertext after the authentication is passed;
sending, by the data receiver, a data request to a verification node of the blockchain network in conjunction with the second digital certificate and the second private signature key;
the verification node of the block chain network authenticates the second digital certificate and the second signature private key, after the authentication is passed, the second ciphertext and the third ciphertext stored in the chain are inquired, the second ciphertext and the third ciphertext are decrypted by the first private key, and the hidden information, the limited decryption time and the first ciphertext are recovered;
checking whether the current time is overtime or not by a verification node of the block chain network according to the limited decryption time, and sending the recovered hidden information and the first ciphertext to the data receiver under the condition that the current time is not overtime;
and the data receiver demodulates and decodes the recovered hidden information according to the preset hidden transmission rule to recover the initial key, the round key is regenerated according to the recovered initial key by adopting the preset key expansion algorithm, and the first ciphertext recovered by utilizing the regenerated round key is decrypted to obtain the private data.
2. The blockchain-based data transaction method of claim 1, wherein generating an initial key based on symmetric encryption by a data provider, and before generating a round key from the initial key using a pre-key expansion algorithm, further comprises:
the covert transmission rules are jointly determined and initialized by the data provider and the data receiver, and the coding tables and modulation symbol tables used for covert transmission are determined.
3. The blockchain-based data transaction method according to claim 1, wherein in the pre-key expansion algorithm, the initial key expression is as follows:
Figure QLYQS_1
the system parameter expression is:
Figure QLYQS_2
the fixed parameter expression is:
Figure QLYQS_3
the round key calculation formula is as follows:
Figure QLYQS_4
Figure QLYQS_5
wherein, the first and the second end of the pipe are connected with each other,
Figure QLYQS_7
a parameter value representing the initial key is determined,
Figure QLYQS_10
a parameter value representing a parameter of the system,
Figure QLYQS_12
a parameter value representing the fixed parameter,
Figure QLYQS_8
an i-th parameter value representing the initial key,
Figure QLYQS_9
the ith parameter value representing the system parameter, reversible transformation
Figure QLYQS_11
Wherein
Figure QLYQS_13
Is a non-linear transformation of the image,
Figure QLYQS_6
is a linear transformation.
4. The blockchain-based data transaction method of claim 1, wherein a verification node in the blockchain network obtains a first public key and a corresponding first private key according to system parameters, and the first public key and the first private key are obtained by using an SM2 elliptic curve public key cryptography algorithm.
5. The blockchain-based data transaction method of claim 1, wherein an initial key based on symmetric encryption is generated by a data provider, and before generating a round key from the initial key using a pre-key expansion algorithm, further comprising:
and the data provider distinguishes whether the data to be transmitted is common data or private data, and if the data to be transmitted is the common data, the data to be transmitted is directly sent to the block chain network for uplink storage.
6. The blockchain-based data transaction method according to claim 1, wherein the decryption limiting time is preset according to a service type of the private data, and the decryption limiting time is directly marked by a timestamp or is restricted by setting a decryption deadline in combination with a timestamp of the private data uploaded by the data provider.
7. The blockchain-based data transaction method of claim 1, wherein an accounting node of the blockchain network authenticates the first digital certificate and the first private signature key, and after the authentication is passed and the second ciphertext and the third ciphertext are stored in an uplink, the method further comprises:
and calculating a hash value of the second ciphertext and the third ciphertext by adopting an SM3 algorithm, and performing uplink storage.
8. The blockchain-based data transaction method of claim 1, wherein the method employs a BCCSP cryptographic module to provide key generation, message signing and verification, hashing algorithms and encryption and decryption.
9. An apparatus for blockchain based data transactions, comprising a processor and a memory, wherein the memory has stored therein computer instructions for executing the computer instructions stored in the memory, wherein the apparatus realizes the steps of the method according to any one of claims 1 to 8 when the computer instructions are executed by the processor.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 8.
CN202211544709.9A 2022-11-21 2022-11-21 Data transaction method and device based on block chain Active CN115567326B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211544709.9A CN115567326B (en) 2022-11-21 2022-11-21 Data transaction method and device based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211544709.9A CN115567326B (en) 2022-11-21 2022-11-21 Data transaction method and device based on block chain

Publications (2)

Publication Number Publication Date
CN115567326A CN115567326A (en) 2023-01-03
CN115567326B true CN115567326B (en) 2023-03-14

Family

ID=84770265

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211544709.9A Active CN115567326B (en) 2022-11-21 2022-11-21 Data transaction method and device based on block chain

Country Status (1)

Country Link
CN (1) CN115567326B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116471053B (en) * 2023-03-24 2023-10-20 河北新冀网络传媒有限公司 Data security encryption transmission method and system based on block chain
CN116112293B (en) * 2023-04-12 2023-06-23 中国信息通信研究院 Block chain-based data trusted transaction method and device, equipment and medium
CN116846539B (en) * 2023-09-01 2023-11-10 奇点数联(北京)科技有限公司 Data acquisition method, electronic device and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112989415A (en) * 2021-03-23 2021-06-18 广东工业大学 Private data storage and access control method and system based on block chain
CN114615095A (en) * 2022-05-12 2022-06-10 北京邮电大学 Block chain cross-chain data processing method, relay chain, application chain and cross-chain network
CN115242555A (en) * 2022-09-21 2022-10-25 北京邮电大学 Supervisable cross-chain private data sharing method and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11683189B2 (en) * 2020-03-19 2023-06-20 Jinan University Method and system for maintaining privacy and traceability of blockchain-based system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112989415A (en) * 2021-03-23 2021-06-18 广东工业大学 Private data storage and access control method and system based on block chain
CN114615095A (en) * 2022-05-12 2022-06-10 北京邮电大学 Block chain cross-chain data processing method, relay chain, application chain and cross-chain network
CN115242555A (en) * 2022-09-21 2022-10-25 北京邮电大学 Supervisable cross-chain private data sharing method and device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
区块链应用中AES和RSA混合加密算法分析;彭俊霞 等;《电子技术与软件工程》;20210115;全文 *
基于区块链的隐私信用数据受限共享技术研究;刘嘉微 等;《信息网络安全》;20220510(第5期);全文 *

Also Published As

Publication number Publication date
CN115567326A (en) 2023-01-03

Similar Documents

Publication Publication Date Title
CN108564353B (en) Payment system and method based on block chain
US20200084027A1 (en) Systems and methods for encryption of data on a blockchain
CN115567326B (en) Data transaction method and device based on block chain
CN113014392B (en) Block chain-based digital certificate management method, system, equipment and storage medium
US7937584B2 (en) Method and system for key certification
CN108199835B (en) Multi-party combined private key decryption method
US7366905B2 (en) Method and system for user generated keys and certificates
US7634085B1 (en) Identity-based-encryption system with partial attribute matching
CN111884805A (en) Data hosting method and system based on block chain and distributed identity
JP2005515701A6 (en) Data transmission link
JP2005515701A (en) Data transmission link
Wang et al. Data integrity checking with reliable data transfer for secure cloud storage
CN110932850B (en) Communication encryption method and system
CN112766962A (en) Method for receiving and sending certificate, transaction system, storage medium and electronic device
CN110635912A (en) Data processing method and device
CN103108245A (en) Smart television payment secret key system and payment method based on smart television
WO2016082401A1 (en) Conversation method and apparatus, user terminal and computer storage medium
CN110519040B (en) Anti-quantum computation digital signature method and system based on identity
CN115174277B (en) Data communication and file exchange method based on block chain
CN109088732A (en) A kind of CA certificate implementation method based on mobile terminal
CN113300841B (en) Identity-based collaborative signature method and system
Ullah et al. An investigating study of blind and ID-based signcryption schemes for misuse risk protection and high performance computing
Kalyani et al. STUDY OF CRYPTOLOGY AND ITS FORMS IN TODAY'S SECURE WORLD.
KR20010096036A (en) Method for constructing domain-verifiable signcryption
Zhang et al. Basic Techniques for Data Security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant