CN116668165A - Interaction method of trusted communication based on block chain - Google Patents

Interaction method of trusted communication based on block chain Download PDF

Info

Publication number
CN116668165A
CN116668165A CN202310760236.4A CN202310760236A CN116668165A CN 116668165 A CN116668165 A CN 116668165A CN 202310760236 A CN202310760236 A CN 202310760236A CN 116668165 A CN116668165 A CN 116668165A
Authority
CN
China
Prior art keywords
information
data
blockchain
message
communication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310760236.4A
Other languages
Chinese (zh)
Inventor
余益民
王会源
张玉
杨潜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yunnan Nongyou Technology Co ltd
Yunnan University of Finance and Economics
Original Assignee
Yunnan Nongyou Technology Co ltd
Yunnan University of Finance and Economics
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yunnan Nongyou Technology Co ltd, Yunnan University of Finance and Economics filed Critical Yunnan Nongyou Technology Co ltd
Priority to CN202310760236.4A priority Critical patent/CN116668165A/en
Publication of CN116668165A publication Critical patent/CN116668165A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention establishes necessary intelligent contracts in the data communication model based on the blockchain, establishes the connection between the user and the blockchain, and realizes the whole information transmission process, thereby ensuring the stability and the safety of information transmission in a decentralization mode. In the decentralizing E-mail scheme, encryption exchange of the E-mail is designed by means of a blockchain intelligent contract, and the intelligent contract and communication are combined, so that the method has the advantages of being low in cost, safe and reliable. The intelligent contracts are deployed, the communication process is perfected, an automatic execution mechanism of the corresponding intelligent contracts is triggered to realize reliable interaction of communication data, and stability and safety of message transmission in a decentralised model are guaranteed. In the block chain network constructed by the application, after the information is generated and encrypted, the information is transmitted into an IPFS storage system through an intelligent contract to obtain a data address value, and the intelligent contract is called to initiate a transaction to send the data address to a receiver. The recipient may, after receipt, use the smart contract to retrieve the message from the IPFS and decrypt it.

Description

Interaction method of trusted communication based on block chain
Technical Field
The invention belongs to the technical field of block chain communication, and particularly relates to an interaction method of trusted communication based on a block chain.
Background
The nodes store identity and communication data in a distributed mode, and each node can store all data on the whole link into an account book, so that even if part of nodes are attacked or lose efficacy, the data on the whole link cannot be influenced, and the problem of unsafe data storage in a centralized mode is fundamentally solved. All block data is stored in a distributed mode by alliance members, and a common node can selectively store block head information so as to reduce storage capacity.
FIG. 1 is a block structure of a blockchain, in which the blocks are divided mainly into two parts: block head and block body. The block header includes a timestamp: representing the time of block generation; current block hash value: a hash value representing the entire block data; parent block hash value: representing the hash value of the last chunk. The zone block mainly comprises a Merkel tree composed of metadata hash values, and each piece of metadata (such as metadata 1 to metadata 8 in the figure) can be a piece of private message data, including a sender DID, a receiver DID, a timestamp, a message hash address and the like. The Hash value of each message metadata is calculated to obtain Hash1 to Hash8, hash34, hash56, hash78 and the like in the figure, and finally the root Hash value Hash12345678 of the whole block is obtained. Each piece of metadata can also be DID document information, and comprises a JSON format data item and a hash value thereof, so that the functions of user information data access and quick verification are realized.
Each block is no more than 1MB in size. The data structure of the blockchain enables the blockchain to be tracked by the precursor node and influence the information of the subsequent node, and the blockchain is prevented from being tampered by people through an encryption technology, so that the safety and the integrity of the data are ensured.
Disclosure of Invention
The invention solves the technical problems of the background technology and provides an interaction method of trusted communication based on block chains.
The invention adopts the following technical scheme:
an interaction method of trusted communication based on a blockchain comprises the following steps:
in the communication process, the sender A and the receiver B are simultaneously on line or the sender A and the receiver B are not in friend relation,
the first communication needs to establish a friend relation, and the process of applying friends to B by A is mainly divided into three handshakes:
(1) Application information: a, generating a friend application message M, and performing abstract calculation h on the message M 1 =h (M), then by using private key sk of a A Encryption to obtain C s =Enc(sk A ,h 1 ) And add the identity of A to DID A Obtaining M 1 =M||C s ||DID A Then use the private key sk of A A Encryption, digital signature S as A A =Sig(sk A ,M 1 ) Packaging the content and marking the content as '1' and sending the content to B;
(2) First handshake: b receives the message sent by A through the intelligent contract, and uses the private key of B to decrypt and obtain M 1 =M||C s ||DID A Obtaining DID A Then verifying whether the identity of the opposite party is legal or not through the block chain, and obtaining the public key pk of the opposite party after the identity is legal A And performing a summarization algorithm on M to obtain h 2 Decryption of verification signature information H =h (M) 1 =h 2 If so, selecting whether to agree with the application;
if refused, remark information m of refused application is generated 1 Use sk B After signing by pk A Encryption, send it to a, and identify as "2";
if agreeing, remark information m of the agreeing application is generated 2 And using the public key pk of A A Encryption to obtain M 2 =Enc(pk B ,m 2 ) Using its own private key sk B Encryption m 2 As signature S B =Sig(sk B ,m 2 ) Then (M) 2 ,S B ) The packaging is carried out,the identification is "2", and then sent to A, and meanwhile B can save the public key of A and DID and other information locally or selectively upload the information to the IPFS network personal database.
(3) Second handshake: a receives response information marked as '2' sent by B through the intelligent contract, and the response information is the same as the process, and judges whether the opposite party agrees with the application of the opposite party after confirming that the signature is correct;
stopping the operation if the other party refuses;
if the other party agrees, the Dec (pk) is decrypted B ,S B ) And Dec (sk) B ,M 2 ) Verifying the validity of the signature. Randomly generating a symmetric key k, using the public key pk of B B Encryption to obtain M 3 =Enc(pk B K) is sent to a, identified as "3".
(4) Third handshake: b receives the message with the mark of 3 sent by A through the intelligent contract and uses the private key sk B Decryption acquisition key k=dec (sk) B ,M 3 ) Binding it into buddy a's information.
(5) Both parties have finished the symmetric key negotiation process.
Preferably, after the receiver B completes the last handshake, it invokes the blockchain smart contract to send a confirmation message to tell a that a friendship has been established, and the communication can be started, and a can use the symmetric key k to encrypt the communication after receiving the message.
Further, a is online, B is not online, and the communication process is as follows:
(1) A sends a message (IPFS hash address) to B and waits for B to respond;
(2) B has a response time exceeding a set threshold value, representing that B is not connected with the network;
(3) At the moment, the A packages and uploads the abstract address of the message uploading IPFS and the address of the B to the blockchain, and transaction information is written into the blockchain through network consensus;
(4) The block chain records the messages which are not received by the B;
(5) B, after being online, the method synchronizes the block information with surrounding nodes, actively searches own information, and if the information exists, decrypts the information according to the hash abstract value in the information to an IPFS network to acquire the information.
Preferably, when the node B does not miss the message of a online, the data is saved to the IPFS and uploaded to the blockchain at the same time, and a value network consensus is issued; and after B is online again, calling the intelligent contract to actively synchronize the block information lost during B offline to surrounding nodes, and quickly searching the information belonging to the intelligent contract through the merck tree structure.
Preferably, the data information in the smart contract includes a data sender identity, metadata, a digital signature, a data hash value, and a timestamp; after the information is generated and encrypted, the information is transmitted into an IPFS storage system through an intelligent contract to obtain a data address value, and the intelligent contract is called to initiate transaction to send the data address to a receiver. The recipient may, after receipt, use the smart contract to retrieve the message from the IPFS and decrypt it.
Preferably, the node autonomously generates a public and private key pair and a DID identifier locally, and uploads a DID document to the blockchain network, and the node can become a legal user of the blockchain communication network after consensus.
The beneficial effects of the invention are as follows:
by constructing necessary intelligent contracts in a data communication model based on the blockchain, the connection between the user and the blockchain is established, and the whole information transmission process is realized, so that the stability and the safety of information transmission in a decentralization mode are ensured. In the decentralizing E-mail scheme, encryption exchange of the E-mail is designed by means of a blockchain intelligent contract, and the intelligent contract and communication are combined, so that the method has the advantages of being low in cost, safe and reliable.
The intelligent contracts are deployed, the communication process is perfected, an automatic execution mechanism of the corresponding intelligent contracts is triggered to realize reliable interaction of communication data, and stability and safety of message transmission in a decentralised model are guaranteed. In the block chain network constructed by the application, after the information is generated and encrypted, the information is transmitted into an IPFS storage system through an intelligent contract to obtain a data address value, and the intelligent contract is called to initiate a transaction to send the data address to a receiver. The recipient may, after receipt, use the smart contract to retrieve the message from the IPFS and decrypt it.
Drawings
FIG. 1 is a block diagram illustrating a block architecture according to the present invention;
FIG. 2 is a flow chart of a process of the coherence consensus protocol of the present invention;
FIG. 3 is a diagram of an example of a saveTextBlobOnIpfs function of the present invention for uploading files to an IPFS;
FIG. 4 is a diagram showing an example of the use of the aveTextBlobOnIpfs function of the present invention;
FIG. 5 is a diagram of an example of reading data from an IPFS in accordance with the present invention;
FIG. 6 is a diagram of an example of a public-private key pair generation process provided by the present invention;
FIG. 7 is a cross-border digital identity architecture diagram provided by the present invention;
FIG. 8 is a diagram of an identity chain architecture provided by the present invention;
FIG. 9 is a flow chart of an identity calculation workflow provided by the present invention;
FIG. 10 is a block diagram of a data asset provided by the present invention;
fig. 11 is a diagram of a data link architecture provided by the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Examples
The software and hardware environment configuration and tools for development and test of the embodiment are shown in the table:
introduction to development and testing Environment
Block design
The nodes store identity and communication data in a distributed mode, and each node can store all data on the whole link into an account book, so that even if part of nodes are attacked or lose efficacy, the data on the whole link cannot be influenced, and the problem of unsafe data storage in a centralized mode is fundamentally solved. All block data is stored in a distributed mode by alliance members, and a common node can selectively store block head information so as to reduce storage capacity.
FIG. 1 is a block structure of a blockchain, in which the blocks are divided mainly into two parts: block head and block body. The block header includes a timestamp: representing the time of block generation; current block hash value: a hash value representing the entire block data; parent block hash value: representing the hash value of the last chunk. The zone block mainly comprises a Merkel tree composed of metadata hash values, and each piece of metadata (such as metadata 1 to metadata 8 in the figure) can be a piece of private message data, including a sender DID, a receiver DID, a timestamp, a message hash address and the like.
The Hash value of each message metadata is calculated to obtain Hash1 to Hash8, hash34, hash56, hash78 and the like in the figure, and finally the root Hash value Hash12345678 of the whole block is obtained. Each piece of metadata can also be DID document information, and comprises a JSON format data item and a hash value thereof, so that the functions of user information data access and quick verification are realized.
Each block is no more than 1MB in size. The data structure of the blockchain enables the blockchain to be tracked by the precursor node and influence the information of the subsequent node, and the blockchain is prevented from being tampered by people through an encryption technology, so that the safety and the integrity of the data are ensured.
2. Data format
In order to more clearly express the meaning and function of each communication data item, in the data item model, in addition to the data item number and the data item value, some other data item attributes, such as data item type, timestamp, sender DID, receiver DID, IPFS file address, etc., need to be transmitted, wherein the necessary data attributes are contained in the data packet, and the data format mainly includes the data sender identity DID, metadata m, digital signature S, data hash value H (m), and timestamp t as shown in the table. The data format is shown in table 2.
Table 2 data format
3. Intelligent contract
By constructing necessary intelligent contracts in a data communication model based on the blockchain, the connection between the user and the blockchain is established, and the whole information transmission process is realized, so that the stability and the safety of information transmission in a decentralization mode are ensured. Encryption exchanges of emails are designed by means of blockchain intelligence contracts in a decentralised email scheme. Combining smart contracts with communications proves to have the advantages of low cost, security and trustworthiness. The following smart contracts are mainly involved in this model.
(1) Intelligent contract for data transmission and reception
The intelligent contracts are deployed in the blockchain network constructed by the embodiment, the communication process is perfected, an automatic execution mechanism of the corresponding intelligent contracts is triggered to realize reliable interaction of communication data, and the stability and the safety of message transmission in a decentralised model are ensured. In the blockchain network constructed in this embodiment, after the message is generated and encrypted, the message is transmitted to the IPFS storage system through the intelligent contract, so as to obtain the data address value, and the intelligent contract is invoked to initiate a transaction to send the data address to the receiver. The recipient may, after receipt, use the smart contract to retrieve the message from the IPFS and decrypt it.
In the data sending intelligent contract, the address message_addr_hash is obtained after the Message data is stored in the IPFS, and is used as the Message data to be sent to the receiver, and the data sending intelligent contract can be expressed as the following process.
Since messages are stored distributed in IPFS, receiving a message requires reading an oraclaze smart contract return message using a JSON parser.
(2) Identity trusted verification smart contracts
Architecture for digital identity claims, publications, authentications and authorizations using blockchain programmable smart contracts. Because the intelligent contract has the characteristics of programmability, non-falsification, state synchronization and disclosure transparency, a distributed identity statement and a digital identity system for verification and release on an identity chain can be easily constructed between a user and an identity provider, and because of the non-falsification characteristic of the intelligent contract, the contract address can be conveniently used for providing process assistance of identity verification, thereby being convenient for management of digital identities. An effective way of solving the judgment of identity legitimacy between different users.
The main process of identity trusted verification is as follows: and obtaining a public key PK in the DID document from the DID analyzer by the DID of the opposite party, decrypting the cryptograph after the digital signature in the message by using the PK, and verifying the identity authenticity of the opposite party.
(3) Information notification smart contracts
In a conventional centralized communication system, a communication partner is forwarded by a central server, and in a blockchain-based communication mode, since the central server is not present, notification during messaging should be performed by code automatically executed on the blockchain, and when a sender sends a message to a recipient, an intelligent contract automatically performs a message notification function, and sends a reminder to the recipient to complete the communication process.
4. Alliance chain design
According to the existing open source framework, the realization and access of the alliance chain can be realized based on the Ethernet. In the alliance chain, the joining of the nodes is authenticated by the alliance members, so the nodes do not adopt a competitive mode to obtain the accounting rights. The Bayesian fault-tolerant algorithm has better performance, and in order to enhance the consensus efficiency, the embodiment adopts an improved practical Bayesian fault-tolerant algorithm based on the existing model, and the main ideas are as follows.
Because the main node selection lacks credibility in the PBFT algorithm, in order to avoid malicious nodes, the PBFT algorithm adopted in the embodiment increases the selection process of the main node.
Each node may score according to the performance of other nodes in the network to obtain a score that includes the trust value of each node. Each node initially scores 10, if the result of a certain node in a round of consensus process is inconsistent with most nodes, the score of the node is reduced by 1 and the node is marked as suspicious, and if the score is lower than 6, the node is marked as malicious; and if the consensus result is consistent with most nodes, adding 1 to the score of the consensus result, and marking the consensus result as a trusted node. Thus, the score G of node i i Can be expressed as:
G i =initial i -l w +l c #(4.1)
wherein initial is i For an initial score of node i, l w Representing the number of times that the consensus result of node i is inconsistent with most nodes, l c Representing the number of times that the consensus result of node i is consistent with most nodes, when a node is G to node i i And when the number of the nodes is less than or equal to 6, sending a broadcast message prompt to other nodes, and if the other nodes are identified through the common identification, namely, more than 1/3 nodes judge that the node i is a malicious node, pulling the node i out of the network of the common identification nodes. The consensus algorithm flow at this time is shown in fig. 2.
Considering that most nodes tend to act as light nodes, using the communication system rather than participating in consensus, a multi-organization participating federation chain should be established, and the light nodes may simply synchronize block header data without downloading all the data in the block, relying on the full node to verify whether the data is present in the block through the merck tree path. The committee node is responsible for providing services such as auditing and verification of user identity, DID document analysis and the like.
5. IPFS stores and retrieves data
After the node accesses the IPFS network, the node can combine the intelligent contract to realize the uploading and downloading of the data. The data storage to the IPFS network can be realized by an Add method in the GOIPFS-API, and the return result is the hash value of the file. The function description of the upload file is shown in fig. 3:
the response [0]. The hash returns a hash string returned after the data is uploaded to the IPFS, as shown in fig. 4.
Wherein "ipfsContent" is data, and after the data is uploaded to IPFS by calling the "this.saveTextBlobOnIpfs" method, a character string "hash" is returned, and the hash is stored in a state machine variable strHash.
When the data is downloaded, the hash address of the file is required to be input, the data content is read by calling an 'ipfs.cat' method, and the function description of the read content is shown in figure 5.
6. Autonomous identity generation process
In the block chain based trusted communication model, identity information of a user mainly comprises a pair of public and private keys, DIDs and corresponding DID documents.
(1) Public-private key pair generation
The public and private key pair and the DID are identity information required by interaction between the user and the blockchain, and for the safety of the key, the node in the scheme of the embodiment should locally and autonomously generate the public and private key pair and the DID identifier, upload the DID document to the blockchain network, and become a legal user of the blockchain communication network after consensus.
The generation of the key uses the Openssl procedure, firstly, a 1024-bit (or 2048-bit) private key is generated, then, a unique corresponding public key is generated by the private key, and fig. 6 shows a process of generating a public-private key of the RSA algorithm using Openssl.
(2) Generating DID and DID documents
In order to guarantee the privacy of the identity information, the DID should be generated autonomously by the user. The generation of DID requires the use of a created public-private key pair, the preservation of the private key, and the use of the public key to assemble the < DID Document > content. Then, hash256 operation is carried out on < DIDDocument >, spine 160 operation is carried out on the result, base58 conversion is carried out, and finally, prefix did is added before the result: im: as the final DID, it can be expressed as:
DID=base58(ripemd160(hash(<DID Document>)))#(4.2)
RSA digital signature is carried out on the < DID Document > content by using a private key, and finally the < DID Document > with signature attribute is formed. Finally, the < DID Document > content is assembled,
a < DID Document > case is shown in fig. 7.
The DID creating process is finished offline, identity privacy is guaranteed, and DID identity data needs to be stored in a uplink mode in order to disclose the DID. Through the whole network propagation, all nodes can search and verify the identity information through the blockchain.
The trusted communication model further provides a model of the communication,
the trusted communication model needs to consider identity privacy of both communication parties, verifiable privacy and tamper resistance of communication data. Because the communication network is difficult to avoid the existence of malicious nodes, the communication data must be safe and reliable in the whole network from the sender to the receiver, besides encrypting the data, the correlation analysis of the malicious nodes on the messages in the network needs to be prevented, and especially in the short message scene, the information of the encrypted data needs to be further ensured not to be disclosed. Therefore, adjustments and improvements are needed for the entire communication flow to accomplish trusted blockchain communication according to existing protocols.
1. First communication negotiation key flow
In the communication process, a sender A and a receiver B are not in friend relation, and the friend relation needs to be established for the first communication. The process of applying for friends from A to B is mainly divided into three handshakes:
(1) Application information: a, generating a friend application message M, and performing abstract calculation h on the message M 1 =h (M), then by using private key sk of a A Encryption to obtain C s =Enc(sk A ,h 1 ) And add the identity of A to DID A Obtaining M 1 =M||C s ||DID A Then use the private of AKey sk A Encryption, digital signature S as A A =Sig(sk A ,M 1 ) Packaging the content and marking the content as '1' and sending the content to B;
(2) First handshake: b receives the message sent by A through the intelligent contract, and uses the private key of B to decrypt and obtain M 1 =M||C s ||DID A Obtaining DID A Then verifying whether the identity of the opposite party is legal or not through the block chain, and obtaining the public key pk of the opposite party after the identity is legal A And performing a summarization algorithm on M to obtain h 2 Decryption of verification signature information H =h (M) 1 =h 2 If so, selecting whether to agree with the application;
if refused, remark information m of refused application is generated 1 Use sk B After signing by pk A Encryption, send it to a, and identify as "2";
if agreeing, remark information m of the agreeing application is generated 2 And using the public key pk of A A Encryption to obtain M 2 =Enc(pk B ,m 2 ) Using its own private key sk B Encryption m 2 As signature S B =Sig(sk B ,m 2 ) Then (M) 2 ,S B ) Packaging, marking as '2', and then sending to A, and meanwhile B can save the public key of A, DID and other information to local or selectively upload to the IPFS network personal database.
(3) Second handshake: a receives response information marked as '2' sent by B through the intelligent contract, and the response information is the same as the process, and judges whether the opposite party agrees with the application of the opposite party after confirming that the signature is correct;
stopping the operation if the other party refuses;
if the other party agrees, the Dec (pk) is decrypted B ,S B ) And Dec (sk) B ,M 2 ) Verifying the validity of the signature. Randomly generating a symmetric key k, using the public key pk of B B Encryption to obtain M 3 =Enc(pk B K) is sent to a, identified as "3".
(4) Third handshake: b receives the message identified as "3" sent by a through the smart contract,using a private key sk B Decryption acquisition key k=dec (sk) B ,M 3 ) Binding it into buddy a's information.
So far, both parties have finished the symmetric key negotiation process. In addition, after the receiver B completes the last handshake, it invokes the blockchain intelligence contract to send a confirmation message to a telling a that a friendship has been established, and can start communication. And a can use the symmetric key k to carry out encrypted communication after receiving the message. The specific flow is shown in fig. 8.
2. Non-first communication flow
According to the actual situation, two communication users (A and B) are not on line at the same time under the general condition, different from the communication mode under the traditional C/S architecture, the communication process is divided into two scenes because the communication process needs to be combined with an intelligent contract to send out a prompt because the data is not missed in the communication process under the communication mode without the center based on the blockchain.
Case 1: a and B are online simultaneously, which is consistent with the flow after the key is negotiated for the first communication. The two parties can normally negotiate a symmetric key k through a handshake protocol, and then encrypt data by using the key k to realize the fastest encryption and decryption speed and cost.
Case 2: if A is online and B is not online, communication cannot be performed normally temporarily, but information of A is stored on an IPFS network, an information reminding function is triggered through intelligent contracts in a blockchain, and reminding is sent to B, so that omission of communication content is avoided. In the system, the nodes communicate through a point-to-point (P2P) network, so if the other party drops in the communication process, a connection cannot be established with the other party node, and thus data cannot be received. In this case, the local node may attempt to establish a connection with other nodes to receive data. If other nodes have the same data, data may be received from them. If no other node has the same data, the lost data cannot be received. Thus, in the present embodiment model, when node B is not missing a message online, data is saved to IPFS while uploaded to blockchain and a value network consensus is issued. And after B is online again, calling the intelligent contract to actively synchronize the block information lost during B offline to surrounding nodes, and quickly searching the information belonging to the intelligent contract through the merck tree structure.
The main process can be described as:
(1) A sends a message (IPFS hash address) to B and waits for B's response.
(2) B has a response time exceeding a set threshold, representing B not connected to the network.
(3) At this time, the A packages and uploads the abstract address of the message uploading IPFS and the address of the B to the blockchain, and transaction information is written into the blockchain through network consensus.
(4) The block chain records messages that B did not receive.
(5) B, after being online, the method synchronizes the block information with surrounding nodes, actively searches own information, and if the information exists, decrypts the information according to the hash abstract value in the information to an IPFS network to acquire the information.
The entire process can be described as shown in fig. 9.
System testing and result analysis
1. Functional testing
In communication, identity authentication, data security and functionality are all dependent on the network function of the blockchain, so we have tested blockchain functions first. According to test case, the tests are divided into blockchain function, distributed storage function, distributed digital identity function, communication function and intelligent contract function tests. The test contents and the results are shown in Table 3.
Table 3 test contents on results
/>
All results were expected from the test.
2. Performance testing and analysis
(1) Security analysis
All schemes listed in the research prior art upload communication data or data summaries to the block data of the block chain, and ensure that the data cannot be tampered once uploaded by means of transparency and non-tamperability of the block chain.
The volume of the data uplink is reduced, the DID document generated after the identity registration is uploaded to the blockchain, the user can complete the verification of the identity credibility of both sides through the interaction with the blockchain and the intelligent contract by means of the DID reliable identity verification process, and the user negotiates a safe and credible communication key through the four-way handshake process by the public key bound with the DID, so that the user can normally communicate in the peer-to-peer network according to the network protocol without the forwarding of a third party, and the true credibility of both sides identity and data in the communication process is ensured.
In terms of privacy protection: when a user sends a message, the meaningless DID number is used for communicating with other entities, only public key information corresponding to the identity can be searched in the network, so that identity validity verification is carried out, and real identity information corresponding to the number cannot be searched. The RSA cipher algorithm has strong safety when the key length is 1024 bits and has strong safety when 2048 bits, and the safety and the credibility of the key exchange process and the encryption process can be ensured.
In terms of tamper resistance: the user identity information and the public key are recorded in the Merkle tree structure, the multi-note records generate a root hash value, and the verification of the root hash value can quickly verify the correctness of all records. If any message record is tampered with by a malicious node, the root hash value is changed. Moreover, each block in the blockchain is time stamped, indicating that the data was generated at a certain time, resulting in a non-tamperable, non-counterfeitable record.
In addition, the message may be intercepted and tampered by a malicious node in the transmission process, but due to confidentiality of a private key and an encrypted symmetric key of a sender, the message cannot reveal privacy, and meanwhile, the tampered message cannot pass verification, because the verification result cannot be matched with the result after the local digest algorithm is performed on the message.
In terms of blockchain network security: the consensus mechanism employed by the federation chain is typically a distributed consensus algorithm and the use of a bayer consensus mechanism. Assuming that the number of the consensus nodes in the alliance chain is N, and the success rate of attack of the malicious nodes on the consensus nodes is p (0 < p < 1), the method comprises the following steps:
the larger N is, the safer the network is.
In an IPFS network, when a data block is tampered with, the hash value of the data block is changed, and each file is stored with multiple copies, and for a file divided into multiple fragments, it is difficult to affect the authenticity of the data unless the owners of all the data fragments are attacked.
(2) System performance test
In practical applications, certain performance indexes must be achieved in addition to ensuring that the functions of the system can work properly.
The execution efficiency of data processing is tested, and all encryption and decryption time, processing time and analysis time related to data transmission and reception are mainly tested under the general condition. Since data is uploaded to the IPFS network before being sent, the data processing process mainly includes: the time cost, encryption/decryption time cost and data verification time cost sum of the hash algorithm are considered, data files with the sizes of 1KB to 10KB are prepared respectively in consideration of the fact that single data quantity involved in the processes is small, each file is repeatedly sent for 3 times, and the result is averaged. As a result, as shown in fig. 10, when the data size is 1KB during the data transmission process, the required processing time is about 100ms, except for data uploading/downloading, and the performance of the experimental environment network and the block link network is poor, so that the system will have better performance in the federation link environment of the actual multi-node deployment.
For data communication testing. The system performance test is mainly to simulate the communication flow between two user nodes, count the time consumption and result correctness of each step, firstly establish a block chain by means of HyperLeader Febric, establish a local alliance chain of a plurality of nodes so as to test the communication function, configure a 4GB memory and a 128GB hard disk, and successfully access an IPFS network. According to the average size of data in a real communication scene, the embodiment selects a file with the size of 1K to test for three times to obtain the average value, and the throughput per second of the test can reach about 200, so that the basic requirement of a small system can be met. The specific data are shown in table 4.
Table 4 test rate table
For data storage and retrieval testing. In order to test the storage and acquisition rate of data with different sizes in the communication process, considering that most of communication data in an actual communication scene is below 1K, when format data such as files, pictures and videos are related, the size is generally above 1K, so that the data size is increased in turn from 1K in this section, and time changes required for uploading and receiving data are observed. First, two nodes a and B are created, respectively, for a sender and a receiver, data files with sizes of 1K, 2K, 4K, 8K, 16K, 32K, 64K, 128K, 256K, 512K, 1M, 2M, 4M, 8M, 16M, 32M, and 64M are prepared, each file is repeatedly transmitted 3 times, and the result is averaged. The time for testing the encryption, decryption and transmission of files of different sizes in the network is shown in fig. 11.
Because the number of nodes is limited in the experimental environment, 10 nodes participate in forwarding and consensus, the consensus process of the blockchain is shorter under the condition, and the processing and storage time of data is mainly shortened, according to the figure, when the file size is less than 1M, the time is slowly changed by the data size, because the consensus time is short, the network bandwidth is not fully utilized, the overall time is affected by network transmission, the change is not obvious, and when the data size is increased to more than 4M, the data processing, slicing and uploading are increased to 4 seconds, and especially in the uploading IPFS stage, the data is divided into fragments and the hash operation is performed to cause the time increase. In addition, the number of online nodes in the IPFS network can also affect the data transfer rate. Within 32M, the transmission delay of data reaches 3.5 seconds at most. Thus, communication delays within 1M substantially meet the needs of a small range of users. And the speed of acquiring large files is faster than that of the traditional network.
The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather is intended to cover all modifications, equivalents, alternatives, and improvements that fall within the spirit and scope of the invention.

Claims (6)

1. An interaction method of trusted communication based on a blockchain is characterized by comprising the following steps:
in the communication process, the sender A and the receiver B are simultaneously on line or the sender A and the receiver B are not in friend relation,
the first communication needs to establish a friend relation, and the process of applying friends to B by A is mainly divided into three handshakes:
(1) Application information: a, generating a friend application message M, and performing abstract calculation h on the message M 1 =h (M), then by using private key sk of a A Encryption to obtain C s =Enc(sk A ,h 1 ) And add the identity of A to DID A Obtaining M 1 =M||C s ||DID A Then use the private key sk of A A Encryption, digital signature S as A A =Sig(sk A ,M 1 ) Packaging the content and marking the content as '1' and sending the content to B;
(2) First handshake: b receives the message sent by A through the intelligent contract, and uses the private key of B to decrypt and obtain M 1 =M||C s ||DID A Obtaining DID A Then verifying whether the identity of the opposite party is legal or not through the block chain, and obtaining the public key pk of the opposite party after the identity is legal A And performing a summarization algorithm on M to obtain h 2 Decryption of verification signature information H =h (M) 1 =h 2 If so, selecting whether to agree with the application;
if refused, remark information m of refused application is generated 1 Use sk B After signing by pk A Encryption is toIt is sent to a and is identified as "2";
if agreeing, remark information m of the agreeing application is generated 2 And using the public key pk of A A Encryption to obtain M 2 =Enc(pk B ,m 2 ) Using its own private key sk B Encryption m 2 As signature S B =Sig(sk B ,m 2 ) Then (M) 2 ,S B ) Packaging, marking as '2', and then sending to A, and meanwhile B can save the public key of A, DID and other information to local or selectively upload to the IPFS network personal database.
(3) Second handshake: a receives response information marked as '2' sent by B through the intelligent contract, and the response information is the same as the process, and judges whether the opposite party agrees with the application of the opposite party after confirming that the signature is correct;
stopping the operation if the other party refuses;
if the other party agrees, the Dec (pk) is decrypted B ,S B ) And Dec (sk) B ,M 2 ) Verifying the validity of the signature. Randomly generating a symmetric key k, using the public key pk of B B Encryption to obtain M 3 =Enc(pk B K) is sent to a, identified as "3".
(4) Third handshake: b receives the message with the mark of 3 sent by A through the intelligent contract and uses the private key sk B Decryption acquisition key k=dec (sk) B ,M 3 ) Binding it into buddy a's information.
(5) Both parties have finished the symmetric key negotiation process.
2. The method of interaction for blockchain-based trusted communications of claim 1, wherein: after the receiver B finishes the last handshake, it invokes the blockchain intelligent contract to send a confirmation message to A, telling A that the friend relationship has been established, and can start communication, and A can use the symmetric key k to encrypt communication after receiving the message.
3. The method of interaction for blockchain-based trusted communications of claim 1, wherein: a is online, B is not online, and the communication process is as follows:
(1) A sends a message (IPFS hash address) to B and waits for B to respond;
(2) B has a response time exceeding a set threshold value, representing that B is not connected with the network;
(3) At the moment, the A packages and uploads the abstract address of the message uploading IPFS and the address of the B to the blockchain, and transaction information is written into the blockchain through network consensus;
(4) The block chain records the messages which are not received by the B;
(5) B, after being online, the method synchronizes the block information with surrounding nodes, actively searches own information, and if the information exists, decrypts the information according to the hash abstract value in the information to an IPFS network to acquire the information.
4. A method of interaction for blockchain-based trusted communications as in claim 3, wherein: when the node B does not miss the message of A online, the data is stored in the IPFS and is uploaded to the block chain at the same time, and value network consensus is issued; and after B is online again, calling the intelligent contract to actively synchronize the block information lost during B offline to surrounding nodes, and quickly searching the information belonging to the intelligent contract through the merck tree structure.
5. The method of interaction for blockchain-based trusted communications of claim 1, wherein: the data information in the smart contract includes a data sender identity, metadata, a digital signature, a data hash value, and a timestamp; after the information is generated and encrypted, the information is transmitted into an IPFS storage system through an intelligent contract to obtain a data address value, and the intelligent contract is called to initiate transaction to send the data address to a receiver. The recipient may, after receipt, use the smart contract to retrieve the message from the IPFS and decrypt it.
6. The method of interaction for blockchain-based trusted communications of claim 1, wherein: the node autonomously generates a public and private key pair and a DID identifier locally, uploads a DID document to the blockchain network, and can become a legal user of the blockchain communication network after consensus.
CN202310760236.4A 2023-06-26 2023-06-26 Interaction method of trusted communication based on block chain Pending CN116668165A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310760236.4A CN116668165A (en) 2023-06-26 2023-06-26 Interaction method of trusted communication based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310760236.4A CN116668165A (en) 2023-06-26 2023-06-26 Interaction method of trusted communication based on block chain

Publications (1)

Publication Number Publication Date
CN116668165A true CN116668165A (en) 2023-08-29

Family

ID=87720694

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310760236.4A Pending CN116668165A (en) 2023-06-26 2023-06-26 Interaction method of trusted communication based on block chain

Country Status (1)

Country Link
CN (1) CN116668165A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116896440A (en) * 2023-09-11 2023-10-17 中国信息通信研究院 Block chain-based declaration data verification method and device, equipment and medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116896440A (en) * 2023-09-11 2023-10-17 中国信息通信研究院 Block chain-based declaration data verification method and device, equipment and medium
CN116896440B (en) * 2023-09-11 2023-11-10 中国信息通信研究院 Block chain-based declaration data verification method and device, equipment and medium

Similar Documents

Publication Publication Date Title
US9369424B2 (en) Targeted notification of content availability to a mobile device
Dingledine et al. The free haven project: Distributed anonymous storage service
US20040236953A1 (en) Method and device for transmitting an electronic message
AU2005206907A1 (en) Method and apparatus for trusted branded email
CN111953490B (en) Digital signature method and system based on block chain technology
CN102170419A (en) A secure mail client system and a method thereof
Asokan et al. Towards securing disruption-tolerant networking
US11895210B2 (en) Targeted notification of content availability to a mobile device
CN116668165A (en) Interaction method of trusted communication based on block chain
CN109150861A (en) block chain network communication system
Huguenin-Dumittan et al. A message franking channel
EdalatNejad et al. {DatashareNetwork}: A Decentralized {Privacy-Preserving} Search Engine for Investigative Journalists
US20070266251A1 (en) Circuit Arrangement And Method For Securing Communication Within Communication Networks
Schulz et al. d 2 Deleting Diaspora: Practical attacks for profile discovery and deletion
GB2446171A (en) Anonymous authentication in a distributed or peer-to-peer network
Du et al. The applications of blockchain in the covert communication
Srinivasan et al. XTRA—eXtended bit-Torrent pRotocol for Authenticated covert peer communication: Authenticated covert P2P communication
WO2008065346A2 (en) Secure messaging and data sharing
Mueller Let’s attest! Multi-modal certificate exchange for the web of trust
CN116074115B (en) Method for realizing cross-chain encryption session based on intelligent contract
CN111865972B (en) Anonymous communication method and system
CN114389878B (en) Block chain slicing method and block chain network system
Schliep Secure Group Communication
Song Cryptography in the Wild: Briar
Collins On the Theory and Practice of Modern Secure Messaging

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication