CN115865330B - Method and medium for supervising modification of information on chain based on block chain - Google Patents

Method and medium for supervising modification of information on chain based on block chain Download PDF

Info

Publication number
CN115865330B
CN115865330B CN202211482039.2A CN202211482039A CN115865330B CN 115865330 B CN115865330 B CN 115865330B CN 202211482039 A CN202211482039 A CN 202211482039A CN 115865330 B CN115865330 B CN 115865330B
Authority
CN
China
Prior art keywords
uid
delta
ciphertext
information
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211482039.2A
Other languages
Chinese (zh)
Other versions
CN115865330A (en
Inventor
姜朋
许光全
刘健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianjin University
Original Assignee
Tianjin University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianjin University filed Critical Tianjin University
Priority to CN202211482039.2A priority Critical patent/CN115865330B/en
Publication of CN115865330A publication Critical patent/CN115865330A/en
Application granted granted Critical
Publication of CN115865330B publication Critical patent/CN115865330B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention relates to the field of information security and new media supervision, in particular to a supervision method and a supervision medium for on-chain information modification based on a blockchain. The same illegal information is quickly linked and anonymity of an illegal information publisher is revoked through a ring structure of an attribute encryption scheme; in addition, the invention also realizes updating and resetting the access structure, allows the original transaction owner to reset the access structure after the transaction access structure is maliciously modified and can not be normally accessed, makes up the security hole of the current blockchain rewriting scheme, and forms a blockchain information supervision scheme with complete functions.

Description

Method and medium for supervising modification of information on chain based on block chain
Technical Field
The invention relates to the field of information security and new media supervision, in particular to a supervision method and medium for on-chain information modification based on a blockchain.
Background
A big core feature of the conventional blockchain is that it is not tamper-resistant, i.e. the recorded information is hashed into a merck root to be placed in the block header, the later block will record the merck root of the previous block, and once any part of the information is tampered, the verification of the block cannot be passed. However, the method brings great difficulty to the management of the illegal information of the blockchain, and the illegal information is difficult to be directly cleared due to the non-tamperability of the blockchain.
With the proposal of the chameleon hash primitive, the chameleon hash function is used to replace the merck tree bottom hash function, and the information on the chain is rewritten by calling the chameleon hash trapdoor, so that the blockchain rewriting is possible. However, the existing blockchain rewriting scheme has the following problems: most of the method only supports block level rewriting, and is very inflexible; the trapdoor of the chameleon hash cannot be effectively protected so that the trapdoor is easy to abuse; the access structure to the trapdoor cannot be effectively controlled. These problems make the above-mentioned rewriting scheme have a certain potential safety hazard, and are difficult to be put into use directly.
Disclosure of Invention
The invention mainly aims at the problems, and provides a supervision method and a medium for on-chain information modification based on a block chain, which aim to solve the problems that the conventional chameleon hash scheme is easy to misuse, large in rewriting granularity, inflexible in access structure and incapable of resetting the access structure.
To achieve the above object, the present invention provides a method for supervising modification of information on a chain based on a blockchain, comprising the steps of:
step 1: in the system establishment stage, a system security parameter lambda is input, and a public key list L is collected from an authorization center UID Outputting public parameters PP and attribute encryption system public keys params;
step 2: a key generation stage, according to the UID of the user and the submitted user attribute set S, generating a user private key SK associated with the user attribute set for the user, randomly selecting parameters by the user, and generating a conversion private key SK';
step 3: in the encryption stage, common parameters of an encryptor input system are as follows: the attribute encryption system public key params, the message m and an access control structure f' associated with an access strategy output a finally generated ciphertext delta;
step 4: in the calculation stage of the outsourcing server, a user attribute set S and a conversion private key SK ' are input, if the user attribute set S meets a ciphertext strategy, a converted ciphertext delta ' is calculated by utilizing an algorithm, and the converted ciphertext delta ' is sent to a user;
step 5: user decrypting stage, utilizing public key list L uid And the converted ciphertext delta' is subjected to bilinear pairing operation, if the identity is not established, the operation is stopped, and the output is the server miscalculation; if the identity is established, further decrypting;
step 6: in the link phase, an event description is input, two public key lists are inputCorresponding length sigma 1 、σ 2 Two legal ciphertext delta 1 、Δ 2 If the link labels L in two secrets 1 =L 2 The output is linkable, otherwise the output is unlinked;
step 7: in revocation phase, the public key list L is entered uid And the corresponding length sigma, ciphertext delta and revocation authority private key sk rev Obtaining a corresponding set of user attributes S', obtaining a result to the authorization center if the encryptor uid π In the public key list and matching with the user attribute set, if S' =s, then encryptor uid π Then it is the actual encryptor.
Further, the step 1 specifically includes:
step 1-1: inputting a system safety parameter lambda, a maximum layer number l of a circuit and a Boolean input number n;
step 1-2: let k=l+1, select k+1 q-order cyclic multiplications G 1 ,…,G k+1
Step 1-3: by cyclic multiplication of group G 1 ,…,G k+1 G of Zhongshengyuan 1 ,…g k+1
Step 1-4: definition of a Hash function H G k →(0,1) θ Where θ is the length of plaintext m, { h 1 ,…,h l [ is G ] 1 Element above, randomly select coefficient τ, system public key params= (g) k τ ,h 1 ,…,h l ) The main private key isWherein, let theτ is randomly selected over the integer domain of modulo q, Z q Let g=g for the integer domain of modulo q 1 Make G 1 ,…,G k Satisfying the multi-linear mapping; the signer in the ring signature stage collects sigma participant information from the authority center, and the UID list is L UID ={uid 1 ,uid 2 ,…,uid σ Random select of (0, 1) * Mapping to g i Is described, wherein i e (1, σ).
Further, the step 2 specifically includes:
for normal users: inputting a user attribute set S and a self UID;
user algorithm selection t.epsilon.Z q * For the ring structure, a ring signing key pair (uid is generated i ,sk i ) User private key sk= (S, K, D, H), wherein:
S=sk i
D=g t
user selection of X' ∈Z q * Generating a transformed private key SK ' = (D ', H '):
for encryptor: the encryptor inputs the encryption attribute set omega, the monotonic circuit structure f' (n, p, A, B, GT), the key generation center randomly selects pi 1 ,…,π n+p ∈Z q * ,β∈Z q * And (3) calculating:
d'=g β
for activated wires (i.e. f i '(ω i )=1),β i ∈Z q * Order-making
J=depth (i) for non-input wires of depth other than 1:
AND gate wire randomly selects b for two inputs of AND gate respectively i1 ,b i2 ∈Z q * And (3) calculating:
or gate wire: randomly selecting b for two inputs of OR gate respectively i1 ,b i2 ∈Z q * And (3) calculating:
threshold wire (threshold R) for randomly selecting N inputs to threshold elementAnd (3) calculating:
for the ring structure, a ring signing key pair (uid is generated π ,sk π ) The method comprises the steps of carrying out a first treatment on the surface of the I.e. the generated private key is
Further, the step 4 specifically includes:
when the user attribute set S and the conversion private key SK' are input, the server selects the ciphertext Δ that the user needs to verify whether the attributes match, i.e., verifies whether f (S) is equal to 1:
for input wires i.e. [1, …, n]And f i (Input) =1, calculate:
for OR gate wires, i.e. wires i.e. [ n+1, n+p ]]And GT (i) =OR, input satisfies f A (i) When' (Input) =1, calculate:
if Input satisfies f' A(i) (Input)=0,f' B(i) (Input) =1, then calculate:
AND gate wire i.e. [ n+1, n+p ]]AND GT (i) =and, if Input satisfies f A (i) ' (Input) =1, then calculate:
for threshold wires i.e. [ n+1, n+p ]]And GT (i) =threshold: if Input satisfiesThen calculate:
if the user attribute set meets the decryption condition, the algorithm can calculate the final result The final server will calculate the ciphertext
And sending the message to the user.
Further, the step 5 specifically includes:
using public key list L uid And the transformed ciphertext delta' to perform bilinear pairing operation if the identity is the sameIf not, stopping the operation and outputtingCalculating errors for the server; if the identity is established, further decryption is performed.
To achieve the above object, the present invention provides a method for supervising modification of information on a chain based on a blockchain, comprising the steps of:
system establishment: the security parameter lambda is used as input, and a chameleon hash key pair (pchsk, pchpk) = (v, g) is output σ ν ) WhereinGenerating attribute encryption system public key params= (g) k τ ,h 1 ,…,h l ) The private key of the system is->
Key generation phase: the hash chameleon private key pchsk and the user attribute set omega' are input and the private key ssk is output ω =(ν,SK');
A hash stage: transaction owners under access structure f to message m e Z q Performing hash operation, and inputting identity UID π Randomly selecting parametersOutput chameleon hash (ch, h et ) Ciphertext delta, signature information m Σ Key->And digital signature delta Σ
Verification: verifying the chameleon hash (ch, h et ) Whether or not it is legal, ifAnd digital signature delta Σ If the result is legal, outputting 1;
updating: transaction modifier UID 'submits its own private key ssk' ω A new message m 'and a corresponding identity UID', validation chameleon hash (ch, h et ) Whether or not it is legal, ifIf legal, inputting user attribute set omega', converting private key, cipher text delta, public key list, sequentially operating OutCal and Dec algorithm to decrypt cipher text to obtain messageCalculating a collision and calculating p ', under policy (f ') and identity UID ' for message +.>Generating ciphertext delta ', outputting updated new message m ', p ', and chameleon hash (ch, h) et ) Ciphertext delta', signature information m Σ Key->And digital signature delta Σ
A reset phase: according to the updated new message m ', p', chameleon hash (ch, h et ) Ciphertext delta', signature information m Σ Secret keyAnd digital signature delta Σ Confirm if UID is the owner of the transaction and is the application by the owner, if so, input UID list L uid And the corresponding length sigma, ciphertext delta' and revocation authority private key sk rev Parse (delta') resolves ciphertext to obtain C= (C) 1 ,C 2 ) Calculating by the revocation authority to obtain and record UID', and prohibiting the authority of the revocation authority to run the Adapt algorithm; run Dec (L) UID The decrypted message ET is obtained by SK ', S, delta'), the user private key SK 'is obtained again, and a new UID list L' is applied to the UID center UID Obtaining ciphertext delta ", generating a pair of keys according to signature calculation>And regenerates the digital signature delta Σ "wherein the signature information is m Σ "=p", output new transaction ++>
Further, in the resetting phase, a pair of keys is generated according to signature calculationThe method comprises the following steps:
to achieve the above object, the present invention provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the above method.
The technical scheme of the invention has the following advantages: the invention uses the chameleon hash and the attribute encryption technology to encrypt the trapdoor by using the attribute encryption algorithm, and uses the access structure of the attribute encryption algorithm to control the use of the trapdoor, thereby preventing the trapdoor from being abused by malicious modifiers. The same illegal information is quickly linked and anonymity of an illegal information publisher is revoked through a ring structure of an attribute encryption scheme; in addition, the invention also realizes updating and resetting the access structure, allows the original transaction owner to reset the access structure after the transaction access structure is maliciously modified and can not be normally accessed, makes up the security hole of the current blockchain rewriting scheme, and forms a blockchain information supervision scheme with complete functions.
Detailed Description
The present invention will be described in further detail with reference to the following embodiments, in order to make the objects, technical solutions and advantages of the present invention more apparent. The exemplary embodiments of the present invention and the descriptions thereof are used herein to explain the present invention, but are not intended to limit the invention.
It should be emphasized that the term "comprises/comprising" when used herein is taken to specify the presence of stated features, elements, steps or components, but does not preclude the presence or addition of one or more other features, elements, steps or components.
It is also noted herein that the term "coupled" may refer to not only a direct connection, but also an indirect connection in which an intermediate is present, unless otherwise specified.
In one aspect of the present invention, a blockchain rewriting scheme supporting update and reset access structures based on policy chameleon hash is provided, which supports blockchain rewriting at transaction level and supports update and reset access structures to prevent information on a chain from being unable to be normally acquired due to malicious modification of the access structures; through the ABELR encryption scheme of the base layer, anonymity of users abusing illegal information can be cancelled so as to further punishment measures.
At present, a blockchain rewriting supervision scheme specially oriented to resisting malicious modification of an access structure does not exist, but the existing blockchain rewriting scheme based on the policy-based chameleon hash has some unresolved security problems, so that the method cannot be directly applied to a blockchain information management scene. In view of these problems, the present embodiment proposes a blockchain rewriting scheme supporting updating and resetting of an access structure, which implements anonymous release of information and linking, revocation and modification operations of information on a chain, and establishes a perfect blockchain information supervision platform.
1. ABELR is an attribute encryption scheme with linkable and revocable properties, and as one of the basic schemes of a blockchain rewrite architecture scheme supporting access structure update and reset, includes seven algorithms, namely a system setup phase, a key generation phase, an encryption phase, an outsourced server calculation phase, a user decryption phase, a linking phase and a revocation phase, and is described below as an ABELR scheme:
step 1: in the system establishment stage, a system security parameter lambda is input, and a public key list L is collected from an authorization center UID And outputting public parameters PP and attribute encryption system public keys params.
Specifically, a system safety parameter lambda, a maximum layer number l of a circuit and a Boolean input number n are input. Let k=l+1, select k+1 q-order cyclic multiplications G 1 ,…,G k+1 Their generatorG respectively 1 ,…,g k+1 . Definition of a Hash function H G k →(0,1) θ Where θ is the length of plaintext m, { h 1 ,…,h l [ is G ] 1 Element above, randomly select coefficient τ, system public key params= (g) k τ ,h 1 ,…,h l ) The main private key isWherein let tau epsilon Z q * τ is randomly selected over the integer domain of modulo q, Z q Let g=g for the integer domain of modulo q 1 Make G 1 ,…,G k Satisfying the multi-linear mapping; the signer in the ring signature stage collects sigma participant information from the authority center, and the UID list is L UID ={uid 1 ,uid 2 ,…,uid σ Random select of (0, 1) * Mapping to g i Is described, wherein i e (1, σ).
Step 2: and in the key generation stage, a user private key SK associated with the user attribute set is generated for the user according to the UID of the user and the submitted user attribute set S, and the user randomly selects parameters to generate a conversion private key SK'.
In an identity-based encryption system, the identity of a user can only be represented by a unique identifier. In an attribute-based encryption system, the identity of a user is represented by a set of attributes, where the set of attributes is made up of one or more attributes.
Specifically, the present invention relates to a method for manufacturing a semiconductor device. For normal users: inputting an attribute set S and a self UID, and selecting t epsilon Z by an algorithm q * For the ring structure, a ring signing key pair (uid is generated i ,sk i );
S=sk i
D=g t
H:{k i =h i t } i∈S
Thereby generating a user private key sk= (S, K, D, H),
user selection of X' ∈Z q * Generating a transformed private key SK ' = (D ', H '):
for encryptor: the encryptor inputs the encryption attribute set omega, the monotonic circuit structure f' (n, p, A, B, GT) key generation center randomly selects pi 1 ,…,π n+p ∈Z q * ,β∈Z q *
d'=g β
For activated wires (i.e. f i '(ω i )=1),β i ∈Z q * Order-making
J=depth (i) for non-input wires of depth other than 1:
access to and gate wires in tree structure: randomly selecting b for two inputs of AND gate respectively i1 ,b i2 ∈Z q * Calculation of
Access to or gate wires in the tree structure: randomly selecting b for two inputs of OR gate respectively i1 ,b i2 ∈Z q * And (3) calculating:
access to a threshold wire (threshold R) in the tree structure: random selection of N inputs to threshold elementAnd (3) calculating:
for the ring structure, a ring signing key pair (uid is generated π ,sk π ) The method comprises the steps of carrying out a first treatment on the surface of the Namely, the generated private key is:
step 3: in the encryption stage, common parameters of an encryptor input system are as follows: and outputting the finally generated ciphertext delta by the attribute encryption system public key params, the message m and an access control structure f' related to the access strategy.
Specifically, system common parameters are input: attribute encryption system public key params, message m, monotonic circuit structure f', encryptor randomly selects r 1 ,…,r n+p ∈Z q * Randomly select s E Z q * Calculation ofAccording to the kind of input electric wire, the following four cases are classified:
(1) Input wire: i.e. i.epsilon.1, …, n]Randomly selecting t for circuit configuration f i ∈Z q * And (3) calculating:
for circuit configuration, if Input satisfies f i ' (Input) =1, then calculate:
(2) For and gate wires: i epsilon [ n+1, n+p ]]AND GT (i) =and the circuit configuration f' is randomly selectedAnd (3) calculating:
for circuit configuration, if Input satisfies f A (i) ' (Input) =1, then calculate:
(3) For or gate wires: when the electric wire i epsilon [ n+1, n+p ]]And the circuit structure f' is randomly selected when GT (i) =orAnd (3) calculating:
for circuit configuration, if Input satisfies f A (i) ' (Input) =1, then calculate:
if Input satisfies f' A(i) (Input)=0,f′ B(i) (Input) =1, then calculate:
(4) For a threshold R wire: i epsilon [ n+1, n+p ]]And GT (i) =th resh old, circuit configuration f' is randomly selectedAnd (3) calculating:
for circuit configuration, if Input satisfiesThen calculate:
if the encryptor attribute set satisfies the access structure f', the algorithm can calculate the final result
Obtaining a ring signature sigma of the UID list of the participants from the authority query (f, omega) as L uid ={uid 1 ,uid 2 ,…,uid σ The uid of the encryptor is hidden therein, and the event represents a description of this event. h=h (event), l=h skπ ,Is a public-private key pair of revocation authority +.>Obtained by means of plain text embeddingIn addition, the revocation structure of the present application relies on the EIGamal encryption algorithm: for u E Z q Sequentially calculating:
C 1 ←g u
C←{C 1 ,C 2 }
it should be noted that:
encryptor from g π Is selected randomly from gamma, t 1 ∈Z q Let e π Calculation of =γ:
when i is not equal to pi, randomly select s i ∈G i Randomly select r i1 ,r i2 ∈Z q
e i =c i ·F i (s i ,uid i )
Finally, backfilling, and enabling:
s π =I skπ (σ/c π ,uid π )
the iteration sequence is pi+1, pi+2, …, sigma, 1,2, …, pi-1, and the final ciphertext is:
step 4: and in the calculation stage of the outsourcing server, a user attribute set S and a conversion private key SK ' are input, if the user attribute set S meets the ciphertext policy, the converted ciphertext delta ' is calculated by utilizing an algorithm, and the converted ciphertext delta ' is sent to a user.
Specifically, the encryption and decryption processes of the attribute set encryption algorithm are wrapped to the cloud server for execution, so that the consumption of local computing resources of a user can be reduced efficiently, wherein the wrapping server is mainly responsible for whether the attributes requiring a large amount of operation are identical. When the user attribute set S and the conversion private key SK' are input, the server selects the ciphertext Δ that the user needs to verify whether the attributes match, i.e., verifies whether f (S) is equal to 1:
for input wires i.e. [1, …, n]And f i (Input) =1, calculate:
for OR gate wires, i.e. wires i.e. [ n+1, n+p ]]And GT (i) =OR, input satisfies f A (i) When' (Input) =1, calculate:
if Input satisfies f' A(i) (Input)=0,f' B(i) (Input) =1, then calculate:
AND gate wire i.e. [ n+1, n+p ]]AND GT (i) =and, if Input satisfies f A (i) ' (Input) =1, then calculate:
for threshold wires i.e. [ n+1, n+p ]]And GT (i) =threshold: if Input satisfiesThen calculate:
if the user attribute set satisfies the decryption condition, the algorithmCan calculate the final result The final server will calculate the ciphertext:
and sending the message to the user.
Step 5: user decrypting stage, utilizing public key list L uid And the converted ciphertext delta' is subjected to bilinear pairing operation, if the identity is not established, the operation is stopped, and the output is the server miscalculation; if the identity is established, further decryption is performed.
Specifically, the task of the user is mainly to determine whether the server is miscalculating and decrypt the ciphertext. First verify identityIf not, stopping operation, and outputting as a server miscalculation; if true, further decrypt and calculate:
/>
the plaintext may be recovered
Step 6: in the link phase, an event description is input, two public key lists are inputCorresponding length sigma 1 、σ 2 Two legal ciphertext delta 1 、Δ 2 If in two textsLink label L 1 =L 2 The output is linkable, otherwise the output is unlinked.
Specifically, an event description event, two public key lists are enteredCorresponding length sigma 1 ,σ 2 Two legal ciphertext delta 1 ,Δ 2 If the link labels L in two secrets 1 =L 2 The output is linkable, otherwise the output is unlinked.
Step 7: in revocation phase, the public key list L is entered uid And the corresponding length sigma, ciphertext delta and revocation authority private key sk rev Obtaining a corresponding set of user attributes S', obtaining a result to the authorization center if the encryptor uid π In the public key list and matching with the user attribute set, if S' =s, then encryptor uid π Then it is the actual encryptor.
Specifically, the public key list L is input uid And the corresponding length sigma, ciphertext delta and revocation authority private key sk rev . Sequentially calculating:
(1)parse(C)={C 1 ,C 2 }
(2)
and (3) calculating:
parse(W)={y π ,E π }
decode(E π ) Obtain the corresponding attribute set information S 'and send the attribute set information S' to the authorization center query (uid π ,sk rev ) Results (yes/no, S) were obtained. If uid π In the public key list and matching the attribute set S' =s, then uid π Then it is the actual encryptor.
2. Blockchain rewrite description supporting access structure updates and resets
The invention also provides a block chain rewriting scheme supporting the updating and resetting of the access structure based on the policy chameleon hash, which comprises the following eight algorithms:
1. system Setup phase Setup (1 λ ): the authorization center takes the security parameter lambda as input, and the output is based on the policy chameleon Hash private key
pchsk←(msk ABELR ,sk CHET )
And policy-based chameleon hash public key
pchpk←(pk CHET ,mpk ABELR ,pp)
Wherein the method comprises the steps of
(sk CHET ,pk CHET )←Setup(pp CHET )
(msk ABELR ,mpk ABELR )←Setup(1 λ )
pp←Setup Σ (1 λ )
Specifically, the security parameter λ is used as input, and the chameleon hash key pair (pchsk, pchpk) = (v, g) is output σ ν ) WhereinGenerating attribute encryption system public key params= (g) k τ ,h 1 ,…,h l ) The private key of the system is->
2. Key generation stage KeyGen (pchsk, sω) AA takes policy-based chameleon Hash private key pchsk and attribute set ω' as input to output private key ssk ω In SK '≡KeyGen, SK') ABELR (msk ABELR In ω '), SK ' is related to the identity UID ' of the transaction modifier.
Specifically, a hash chameleon private key pchsk, an attribute set omega' and an output private key are input
ssk ω =(v,SK′)')
User private key sk= (S, K, D, H:
S=sk i
D=g t
H:{k i =h i t } i∈S
SK′=(D′,H′):
3. hash phase Hash (pchpk, m, UID, f): transaction owners under access structure f to message m e Z q Performing hash operation, and inputting identity UID π Randomly selecting parametersOutput chameleon hash (ch, h et ) Ciphertext delta, signature information m Σ Key->And digital signature delta Σ
Specifically, for m ε Z under access structure f q Performing hash operation, and inputting identity UID π The transaction owner performs the following operations:
(1) Selecting random numbersAnd calculate +.>And->
(2) Selecting temporary trapdoor ET, calculating Where ET represents a short bit string.
(3) Calculating chameleon hash ch=p·h et m
(4) Generating a pair of keys
(5) By policy f and identity UID π For messagesGenerating ciphertext, wherein the ciphertext is as follows:
(6) Generating EdDSA signature delta Σ Wherein the signed information is m Σ =p'。
(7) Output of
4. Verification stageVerifying the chameleon hash (ch, h et ) Whether or not it is legal, if->And digital signature delta Σ And if the result is legal, outputting 1.
Specifically, 1 is output if the following condition holds, otherwise 0 is output:
5. update phaseTransaction modifier UID 'submits its own private key ssk' ω A new message m 'and a corresponding identity UID', validation chameleon hash (ch, h et ) If the user attribute set omega' is legal, a conversion private key, a ciphertext delta and a public key list are input, and an OutCal algorithm and a Dec algorithm are sequentially operated to decrypt the ciphertext to obtain a message +.>Calculating a collision and calculating p ', under policy (f ') and identity UID ' for message +.>Generating ciphertext delta ', outputting updated new message m ', p ', and chameleon hash (ch, h) et ) Ciphertext delta', signature information m Σ Key->And digital signature delta Σ
Specifically, the transaction modifier uses his private key ssk omega' A new message m' e Z q And corresponding identity UID', performing the following operations:
(1) Inspection of
(2) Inputting a user attribute set, converting a private key, a ciphertext and a public key list, and sequentially operating an OutCal algorithm and a Dec algorithm to decrypt the ciphertext to obtain
(3) Calculating collisionsAnd calculate +.>Where et=h σ (ET);
(4) Message under policy (f') and identity UIDCiphertext delta' is generated.
(5) Output of
6. Revocation phase Revoke (sk) rev UID ', Φ) for a given set of transactions T ' e Φ, and a pointed transaction modifier identity UID ' e O. If a transaction T 'is modified by the modifier UID', the revocation authority passes its own private key sk rev Outputting a transaction-identity pair (T ', UID') therein
(depending on the Revoke stage of ABELR).
7. The Link phase Link (pchsk, O, Φ) is a set T' e Φ for a given series of transactions, and a pointed transaction modifier identity UID e O. If a transaction T' and one of the transaction modifiers can be linked, the authority outputs a transaction setThese transactions are all modified by the transaction modifier UID (without revealing the identity information of the UID) (ABELR-dependent Link phase: input event description event, two public key lists)Corresponding length sigma 12 And two legal ciphertext delta 12 If L 1 =L 2 The output is linkable, otherwise the output is not linkable).
By means of the encryption scheme provided by the embodiment, the authority that the transaction modifier disables the update access structure can be quickly checked through the Link and revocation remike phases.
8. Reset phase
(1) Checking:
confirm whether the transaction is correct.
(2) Inspection of
It is confirmed whether the UID is a transaction owner and is an application made by the principal.
(3) If yes, input UID list L uid And the corresponding length sigma, ciphertext delta' and revocation authority private key sk rev The ciphertext is analyzed by parse (delta') to obtain C= (C) 1 ,C 2 ) By revocation authority Revoke ABELR (L uid ,σ,Δ',sk r ev) to obtain and record UID', and forbid the permission of the user to run the Adapt algorithm.
(4) Run Dec (L) UID SK ', S, delta') obtain the decrypted message ET.
(5) Re-performing a second step of Hash (pk, m, F', UID), wherein the first stepET is unchanged (here, for simplicity of expression, it is assumed that m does not need to be adjusted, so thatRepresented by the original message m, but in practice the message may be updated).
SK″←KeyGen ABELR (f″,msk ABELR )
Apply for new UID list L' to UID center UID
Δ”←Enc(mpk ABELR ,ET,f”,UID,L″ UID ,sk” π ,event)
(6) For Σ signature: further calculation, regenerating a pair of keys
And regenerates the EdDSA signature delta Σ "wherein the signed information is m Σ ”=p”
(7) Outputting new transactions
In this embodiment, the modifier UID' may intend to rewrite the transaction T with malicious content and change the rewrite authority that prevents others from modifying the transaction. If such malicious behaviour occurs, the authority may reset the access policy of transaction T.
In the above step 6-8, according to the updated new message m ', p', the chameleon hash (ch, h) et ) Ciphertext delta', signature information m Σ Secret keyAnd digital signature delta Σ Confirm if UID is the owner of the transaction and is the application by the owner, if so, input UID list L uid And the corresponding length sigma, ciphertext delta' and revocation authority private key sk rev Parse (delta') resolves ciphertext to obtain C= (C) 1 ,C 2 ) Calculating by the revocation authority to obtain and record UID', and prohibiting the authority of the revocation authority to run the Adapt algorithm; run Dec (L) UID The decrypted message ET is obtained by SK ', S, delta'), the user private key SK 'is obtained again, and a new UID list L' is applied to the UID center UID Obtaining ciphertext delta ", generating a pair of keys from signature calculationAnd regenerates the digital signature delta Σ "wherein the signature information is m Σ "=p", output new transaction ++>/>
Preferably, the method further comprises the following steps of performing correctness analysis:
(1) Encryption and decryption correctness
(2) Chameleon hash correctness
The correctness of the Reset stage depends on the correctness of the EdDSA signature and the correctness of the encryption and decryption of the ABELR scheme.
The most critical concept of the invention is as follows: the block chain rewriting scheme supporting the updating and resetting of the access structure provided by the invention breaks the embarrassing situation that the information on the chain is difficult to treat, and has practical value in the scenes of information, storage and the like on the block chain. The trapdoor is protected from being abused through the access structure, the access structure is prevented from being maliciously tampered on the premise that the access structure can be changed through the updating and resetting algorithm, illegal information is better monitored, meanwhile, the flexibility of a blockchain rewriting scheme is improved as much as possible, and the information management and monitoring on a chain are further enhanced.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
It should be noted that:
the algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose devices may also be used with the teachings herein. The required structure for the construction of such devices is apparent from the description above. In addition, the present invention is not directed to any particular programming language. It will be appreciated that the teachings of the present invention described herein may be implemented in a variety of programming languages, and the above description of specific languages is provided for disclosure of enablement and best mode of the present invention.
In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the above description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be construed as reflecting the intention that: i.e., the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the apparatus of the embodiments may be adaptively changed and disposed in one or more apparatuses different from the embodiments. The modules or units or components of the embodiments may be combined into one module or unit or component and, furthermore, they may be divided into a plurality of sub-modules or sub-units or sub-components. Any combination of all features disclosed in this specification (including any accompanying claims, abstract) and all of the processes or units of any method or apparatus so disclosed, except insofar as at least some of such features and/or processes or units are mutually exclusive, may be used in combination. Each feature disclosed in this specification (including any accompanying claims, abstract) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features but not others included in other embodiments, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments can be used in any combination.
Various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. The present invention may also be implemented as part of a method for performing the methods described herein. Such a program embodying the present invention may be stored on a computer readable medium, or may have the form of one or more signals. Such signals may be downloaded from an internet website, provided on a carrier signal, or provided in any other form.
While the invention has been described in detail in the foregoing general description and specific examples, it will be apparent to those skilled in the art that modifications and improvements can be made thereto. Accordingly, such modifications or improvements may be made without departing from the spirit of the invention and are intended to be within the scope of the invention as claimed.

Claims (2)

1. A method of supervising modification of information on a chain based on a blockchain, comprising the steps of:
system establishment: the security parameter lambda is used as input, and a chameleon hash key pair (pchsk, pchpk) = (v, g) is output σ ν ) WhereinGenerating attribute encryption system public key params= (g) k τ ,h 1 ,…,h l ) The private key of the system is->Wherein "pchsk" and "pchpk" represent the private and public keys of the chameleon hash, respectively, "v" is the private key, and "g σ ν "is the corresponding public key, where" G "is the generator of the cyclic group G," params "represents the system public key; "G" is the generator of the cyclic group G, "k" is the maximum layer number of the circuit, "τ" is the randomly selected private key, "h 1 ,…,h l "is a cyclic group G 1 Elements on the surface;
key generation phase: the hash chameleon private key pchsk and the user attribute set omega' are input and the private key ssk is output ω =(ν,SK');
A hash stage: transaction owners under access structure f to message m e Z q Performing hash operation, and inputting identity UID π Randomly selecting parametersOutput chameleon hash (ch, h et ) Ciphertext delta, signature information m Σ Key->And digital signature delta Σ
Verification: verifying the chameleon hash (ch, h et ) Whether or not it is legal, ifAnd digital signature delta Σ If the result is legal, outputting 1;
updating: transaction modifier UID 'submits its own private key ssk' ω A new message m 'and a corresponding identity UID', validation chameleon hash (ch, h et ) If the user attribute set omega 'is legal, the user attribute set omega' is input, the private key, the ciphertext delta and the public key list are converted, and the OutCal algorithm and the Dec algorithm are sequentially operated to decrypt the ciphertext to obtain the messageCalculating a collision and calculating p ', under policy (f ') and identity UID ' for message +.>Generating ciphertext delta ', outputting updated new message m ', p ', and chameleon hash (ch, h) et ) Ciphertext delta', signature information m Σ Key->And digital signature delta Σ Wherein->Is a newly generated random number, and 'ET' represents an original text obtained after decryption;
a reset phase: according to the updated new message m ', p', chameleon hash (ch, h et ) Ciphertext delta', signature information m Σ Secret keyAnd digital signature delta Σ Confirm if UID is the owner of the transaction and is the application by the owner, if so, input UID list L uid And the corresponding length sigma, ciphertext delta' and revocation private key sk rev Parse (delta') resolves ciphertext to obtain C= (C) 1 ,C 2 ) Calculating by the revocator to obtain and record UID', and prohibiting the permission of the revocator to run the Adapt algorithm; run Dec (L) UID The decrypted message ET is obtained by SK ', S, delta'), the user private key SK 'is obtained again, and a new UID list L' is applied to the UID center UID Obtaining ciphertext delta ", generating a pair of keys according to signature calculation>And regenerates the digital signature delta Σ "wherein the signature information is m Σ "=p", output new transaction ++> "run Dec (L) UID SK ', S, delta') "is the execution of the decryption algorithm," L UID "is a user public key list," SK '"is a private key converted by a user," S "is a user attribute set containing various attribute information of the user, and" delta' "is encryption information calculated by an outsourcing server; "export New transaction> Is the output of a new transaction, where "m" is the updated new message, +.>Is the result of the newly calculated chameleon hash, < >>Is a newly generated random number, "delta" is a new ciphertext, ">Is the public key part of a newly generated pair of keys, "m" Σ "is new signature information," delta Σ "is a regenerated digital signature; "C= (C) 1 ,C 2 ) "represents ciphertext, consisting of two parts" C 1 "AND" C 2 "composition," m Σ ": is signature information.
2. The method of supervising modification of information on a chain based on a blockchain of claim 1, wherein in the resetting phase, a pair of keys is generated from signature computation The method comprises the following steps:
CN202211482039.2A 2022-11-24 2022-11-24 Method and medium for supervising modification of information on chain based on block chain Active CN115865330B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211482039.2A CN115865330B (en) 2022-11-24 2022-11-24 Method and medium for supervising modification of information on chain based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211482039.2A CN115865330B (en) 2022-11-24 2022-11-24 Method and medium for supervising modification of information on chain based on block chain

Publications (2)

Publication Number Publication Date
CN115865330A CN115865330A (en) 2023-03-28
CN115865330B true CN115865330B (en) 2024-02-23

Family

ID=85665848

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211482039.2A Active CN115865330B (en) 2022-11-24 2022-11-24 Method and medium for supervising modification of information on chain based on block chain

Country Status (1)

Country Link
CN (1) CN115865330B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117333298A (en) * 2023-10-15 2024-01-02 广东工程职业技术学院 Stock right transaction method and device based on blockchain

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115378613A (en) * 2022-08-25 2022-11-22 天津大学 Anonymous information supervision method and system based on block chain

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115378613A (en) * 2022-08-25 2022-11-22 天津大学 Anonymous information supervision method and system based on block chain

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
可更改区块链技术研究;李佩丽;徐海霞;马添军;穆永恒;;密码学报(05);全文 *

Also Published As

Publication number Publication date
CN115865330A (en) 2023-03-28

Similar Documents

Publication Publication Date Title
CN112019591B (en) Cloud data sharing method based on block chain
CN111130757B (en) Multi-cloud CP-ABE access control method based on block chain
US10880100B2 (en) Apparatus and method for certificate enrollment
CN113536389B (en) Fine-grained controllable decentralized editable block chain construction method and system
CN102571329B (en) Password key management
Yu et al. Comments on “public integrity auditing for dynamic data sharing with multiuser modification”
JP2007511810A (en) Proof of execution using random number functions
CN114036539A (en) Safety auditable Internet of things data sharing system and method based on block chain
CN114039790A (en) Block chain-based fine-grained cloud storage security access control method
CN115296817A (en) Data access control method based on block chain technology and attribute encryption
CN115865330B (en) Method and medium for supervising modification of information on chain based on block chain
CN117176361A (en) Block chain digital identity authentication control system and method
CN111241492A (en) Product multi-tenant secure credit granting method, system and electronic equipment
CN108763944B (en) Multi-center large-attribute domain attribute-based encryption method capable of being safely revoked in fog computing
CN115001730A (en) Role attribute-based access control system and method in distributed scene
CN113079177A (en) Remote sensing data sharing method based on time and decryption frequency limitation
JP2007157161A5 (en)
Kim et al. A reverse hash chain path-based access control scheme for a connected smart home system
CN104935582B (en) Big data storage method
CN115001748A (en) Model processing method and device and computer readable storage medium
Feng et al. Secure and flexible authorized data sharing for smart grid
CN114157424A (en) Attribute-based encryption system and method without key escrow and supporting user revocation
Gambhir et al. Cloud auditing: privacy preserving using fully homomorphic encryption in TPA
CN111339549A (en) Block chain key escrow method and device
George et al. Improved multi‐party verification protocol with reduced computational overhead in cloud storage system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant