CN116668165A - Interaction method of trusted communication based on block chain - Google Patents
Interaction method of trusted communication based on block chain Download PDFInfo
- Publication number
- CN116668165A CN116668165A CN202310760236.4A CN202310760236A CN116668165A CN 116668165 A CN116668165 A CN 116668165A CN 202310760236 A CN202310760236 A CN 202310760236A CN 116668165 A CN116668165 A CN 116668165A
- Authority
- CN
- China
- Prior art keywords
- information
- data
- blockchain
- message
- communication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000006854 communication Effects 0.000 title claims abstract description 84
- 238000004891 communication Methods 0.000 title claims abstract description 69
- 238000000034 method Methods 0.000 title claims abstract description 49
- 230000003993 interaction Effects 0.000 title claims abstract description 16
- 230000008569 process Effects 0.000 claims description 28
- 238000012795 verification Methods 0.000 claims description 16
- 230000004044 response Effects 0.000 claims description 11
- 238000004806 packaging method and process Methods 0.000 claims description 6
- 238000004364 calculation method Methods 0.000 claims description 4
- 238000012790 confirmation Methods 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 abstract description 16
- 230000007246 mechanism Effects 0.000 abstract description 5
- 230000001960 triggered effect Effects 0.000 abstract description 4
- 238000012360 testing method Methods 0.000 description 19
- 230000006870 function Effects 0.000 description 18
- 238000010586 diagram Methods 0.000 description 9
- 238000012545 processing Methods 0.000 description 6
- 238000004458 analytical method Methods 0.000 description 5
- 238000013500 data storage Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 239000012634 fragment Substances 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000011056 performance test Methods 0.000 description 2
- 239000002243 precursor Substances 0.000 description 2
- YSCNMFDFYJUPEF-OWOJBTEDSA-N 4,4'-diisothiocyano-trans-stilbene-2,2'-disulfonic acid Chemical compound OS(=O)(=O)C1=CC(N=C=S)=CC=C1\C=C\C1=CC=C(N=C=S)C=C1S(O)(=O)=O YSCNMFDFYJUPEF-OWOJBTEDSA-N 0.000 description 1
- 241000282326 Felis catus Species 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000002860 competitive effect Effects 0.000 description 1
- 238000010219 correlation analysis Methods 0.000 description 1
- 238000013524 data verification Methods 0.000 description 1
- 230000001934 delay Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- BQSJTQLCZDPROO-UHFFFAOYSA-N febuxostat Chemical compound C1=C(C#N)C(OCC(C)C)=CC=C1C1=NC(C)=C(C(O)=O)S1 BQSJTQLCZDPROO-UHFFFAOYSA-N 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000004321 preservation Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention establishes necessary intelligent contracts in the data communication model based on the blockchain, establishes the connection between the user and the blockchain, and realizes the whole information transmission process, thereby ensuring the stability and the safety of information transmission in a decentralization mode. In the decentralizing E-mail scheme, encryption exchange of the E-mail is designed by means of a blockchain intelligent contract, and the intelligent contract and communication are combined, so that the method has the advantages of being low in cost, safe and reliable. The intelligent contracts are deployed, the communication process is perfected, an automatic execution mechanism of the corresponding intelligent contracts is triggered to realize reliable interaction of communication data, and stability and safety of message transmission in a decentralised model are guaranteed. In the block chain network constructed by the application, after the information is generated and encrypted, the information is transmitted into an IPFS storage system through an intelligent contract to obtain a data address value, and the intelligent contract is called to initiate a transaction to send the data address to a receiver. The recipient may, after receipt, use the smart contract to retrieve the message from the IPFS and decrypt it.
Description
Technical Field
The invention belongs to the technical field of block chain communication, and particularly relates to an interaction method of trusted communication based on a block chain.
Background
The nodes store identity and communication data in a distributed mode, and each node can store all data on the whole link into an account book, so that even if part of nodes are attacked or lose efficacy, the data on the whole link cannot be influenced, and the problem of unsafe data storage in a centralized mode is fundamentally solved. All block data is stored in a distributed mode by alliance members, and a common node can selectively store block head information so as to reduce storage capacity.
FIG. 1 is a block structure of a blockchain, in which the blocks are divided mainly into two parts: block head and block body. The block header includes a timestamp: representing the time of block generation; current block hash value: a hash value representing the entire block data; parent block hash value: representing the hash value of the last chunk. The zone block mainly comprises a Merkel tree composed of metadata hash values, and each piece of metadata (such as metadata 1 to metadata 8 in the figure) can be a piece of private message data, including a sender DID, a receiver DID, a timestamp, a message hash address and the like. The Hash value of each message metadata is calculated to obtain Hash1 to Hash8, hash34, hash56, hash78 and the like in the figure, and finally the root Hash value Hash12345678 of the whole block is obtained. Each piece of metadata can also be DID document information, and comprises a JSON format data item and a hash value thereof, so that the functions of user information data access and quick verification are realized.
Each block is no more than 1MB in size. The data structure of the blockchain enables the blockchain to be tracked by the precursor node and influence the information of the subsequent node, and the blockchain is prevented from being tampered by people through an encryption technology, so that the safety and the integrity of the data are ensured.
Disclosure of Invention
The invention solves the technical problems of the background technology and provides an interaction method of trusted communication based on block chains.
The invention adopts the following technical scheme:
an interaction method of trusted communication based on a blockchain comprises the following steps:
in the communication process, the sender A and the receiver B are simultaneously on line or the sender A and the receiver B are not in friend relation,
the first communication needs to establish a friend relation, and the process of applying friends to B by A is mainly divided into three handshakes:
(1) Application information: a, generating a friend application message M, and performing abstract calculation h on the message M 1 =h (M), then by using private key sk of a A Encryption to obtain C s =Enc(sk A ,h 1 ) And add the identity of A to DID A Obtaining M 1 =M||C s ||DID A Then use the private key sk of A A Encryption, digital signature S as A A =Sig(sk A ,M 1 ) Packaging the content and marking the content as '1' and sending the content to B;
(2) First handshake: b receives the message sent by A through the intelligent contract, and uses the private key of B to decrypt and obtain M 1 =M||C s ||DID A Obtaining DID A Then verifying whether the identity of the opposite party is legal or not through the block chain, and obtaining the public key pk of the opposite party after the identity is legal A And performing a summarization algorithm on M to obtain h 2 Decryption of verification signature information H =h (M) 1 =h 2 If so, selecting whether to agree with the application;
if refused, remark information m of refused application is generated 1 Use sk B After signing by pk A Encryption, send it to a, and identify as "2";
if agreeing, remark information m of the agreeing application is generated 2 And using the public key pk of A A Encryption to obtain M 2 =Enc(pk B ,m 2 ) Using its own private key sk B Encryption m 2 As signature S B =Sig(sk B ,m 2 ) Then (M) 2 ,S B ) The packaging is carried out,the identification is "2", and then sent to A, and meanwhile B can save the public key of A and DID and other information locally or selectively upload the information to the IPFS network personal database.
(3) Second handshake: a receives response information marked as '2' sent by B through the intelligent contract, and the response information is the same as the process, and judges whether the opposite party agrees with the application of the opposite party after confirming that the signature is correct;
stopping the operation if the other party refuses;
if the other party agrees, the Dec (pk) is decrypted B ,S B ) And Dec (sk) B ,M 2 ) Verifying the validity of the signature. Randomly generating a symmetric key k, using the public key pk of B B Encryption to obtain M 3 =Enc(pk B K) is sent to a, identified as "3".
(4) Third handshake: b receives the message with the mark of 3 sent by A through the intelligent contract and uses the private key sk B Decryption acquisition key k=dec (sk) B ,M 3 ) Binding it into buddy a's information.
(5) Both parties have finished the symmetric key negotiation process.
Preferably, after the receiver B completes the last handshake, it invokes the blockchain smart contract to send a confirmation message to tell a that a friendship has been established, and the communication can be started, and a can use the symmetric key k to encrypt the communication after receiving the message.
Further, a is online, B is not online, and the communication process is as follows:
(1) A sends a message (IPFS hash address) to B and waits for B to respond;
(2) B has a response time exceeding a set threshold value, representing that B is not connected with the network;
(3) At the moment, the A packages and uploads the abstract address of the message uploading IPFS and the address of the B to the blockchain, and transaction information is written into the blockchain through network consensus;
(4) The block chain records the messages which are not received by the B;
(5) B, after being online, the method synchronizes the block information with surrounding nodes, actively searches own information, and if the information exists, decrypts the information according to the hash abstract value in the information to an IPFS network to acquire the information.
Preferably, when the node B does not miss the message of a online, the data is saved to the IPFS and uploaded to the blockchain at the same time, and a value network consensus is issued; and after B is online again, calling the intelligent contract to actively synchronize the block information lost during B offline to surrounding nodes, and quickly searching the information belonging to the intelligent contract through the merck tree structure.
Preferably, the data information in the smart contract includes a data sender identity, metadata, a digital signature, a data hash value, and a timestamp; after the information is generated and encrypted, the information is transmitted into an IPFS storage system through an intelligent contract to obtain a data address value, and the intelligent contract is called to initiate transaction to send the data address to a receiver. The recipient may, after receipt, use the smart contract to retrieve the message from the IPFS and decrypt it.
Preferably, the node autonomously generates a public and private key pair and a DID identifier locally, and uploads a DID document to the blockchain network, and the node can become a legal user of the blockchain communication network after consensus.
The beneficial effects of the invention are as follows:
by constructing necessary intelligent contracts in a data communication model based on the blockchain, the connection between the user and the blockchain is established, and the whole information transmission process is realized, so that the stability and the safety of information transmission in a decentralization mode are ensured. In the decentralizing E-mail scheme, encryption exchange of the E-mail is designed by means of a blockchain intelligent contract, and the intelligent contract and communication are combined, so that the method has the advantages of being low in cost, safe and reliable.
The intelligent contracts are deployed, the communication process is perfected, an automatic execution mechanism of the corresponding intelligent contracts is triggered to realize reliable interaction of communication data, and stability and safety of message transmission in a decentralised model are guaranteed. In the block chain network constructed by the application, after the information is generated and encrypted, the information is transmitted into an IPFS storage system through an intelligent contract to obtain a data address value, and the intelligent contract is called to initiate a transaction to send the data address to a receiver. The recipient may, after receipt, use the smart contract to retrieve the message from the IPFS and decrypt it.
Drawings
FIG. 1 is a block diagram illustrating a block architecture according to the present invention;
FIG. 2 is a flow chart of a process of the coherence consensus protocol of the present invention;
FIG. 3 is a diagram of an example of a saveTextBlobOnIpfs function of the present invention for uploading files to an IPFS;
FIG. 4 is a diagram showing an example of the use of the aveTextBlobOnIpfs function of the present invention;
FIG. 5 is a diagram of an example of reading data from an IPFS in accordance with the present invention;
FIG. 6 is a diagram of an example of a public-private key pair generation process provided by the present invention;
FIG. 7 is a cross-border digital identity architecture diagram provided by the present invention;
FIG. 8 is a diagram of an identity chain architecture provided by the present invention;
FIG. 9 is a flow chart of an identity calculation workflow provided by the present invention;
FIG. 10 is a block diagram of a data asset provided by the present invention;
fig. 11 is a diagram of a data link architecture provided by the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Examples
The software and hardware environment configuration and tools for development and test of the embodiment are shown in the table:
introduction to development and testing Environment
Block design
The nodes store identity and communication data in a distributed mode, and each node can store all data on the whole link into an account book, so that even if part of nodes are attacked or lose efficacy, the data on the whole link cannot be influenced, and the problem of unsafe data storage in a centralized mode is fundamentally solved. All block data is stored in a distributed mode by alliance members, and a common node can selectively store block head information so as to reduce storage capacity.
FIG. 1 is a block structure of a blockchain, in which the blocks are divided mainly into two parts: block head and block body. The block header includes a timestamp: representing the time of block generation; current block hash value: a hash value representing the entire block data; parent block hash value: representing the hash value of the last chunk. The zone block mainly comprises a Merkel tree composed of metadata hash values, and each piece of metadata (such as metadata 1 to metadata 8 in the figure) can be a piece of private message data, including a sender DID, a receiver DID, a timestamp, a message hash address and the like.
The Hash value of each message metadata is calculated to obtain Hash1 to Hash8, hash34, hash56, hash78 and the like in the figure, and finally the root Hash value Hash12345678 of the whole block is obtained. Each piece of metadata can also be DID document information, and comprises a JSON format data item and a hash value thereof, so that the functions of user information data access and quick verification are realized.
Each block is no more than 1MB in size. The data structure of the blockchain enables the blockchain to be tracked by the precursor node and influence the information of the subsequent node, and the blockchain is prevented from being tampered by people through an encryption technology, so that the safety and the integrity of the data are ensured.
2. Data format
In order to more clearly express the meaning and function of each communication data item, in the data item model, in addition to the data item number and the data item value, some other data item attributes, such as data item type, timestamp, sender DID, receiver DID, IPFS file address, etc., need to be transmitted, wherein the necessary data attributes are contained in the data packet, and the data format mainly includes the data sender identity DID, metadata m, digital signature S, data hash value H (m), and timestamp t as shown in the table. The data format is shown in table 2.
Table 2 data format
3. Intelligent contract
By constructing necessary intelligent contracts in a data communication model based on the blockchain, the connection between the user and the blockchain is established, and the whole information transmission process is realized, so that the stability and the safety of information transmission in a decentralization mode are ensured. Encryption exchanges of emails are designed by means of blockchain intelligence contracts in a decentralised email scheme. Combining smart contracts with communications proves to have the advantages of low cost, security and trustworthiness. The following smart contracts are mainly involved in this model.
(1) Intelligent contract for data transmission and reception
The intelligent contracts are deployed in the blockchain network constructed by the embodiment, the communication process is perfected, an automatic execution mechanism of the corresponding intelligent contracts is triggered to realize reliable interaction of communication data, and the stability and the safety of message transmission in a decentralised model are ensured. In the blockchain network constructed in this embodiment, after the message is generated and encrypted, the message is transmitted to the IPFS storage system through the intelligent contract, so as to obtain the data address value, and the intelligent contract is invoked to initiate a transaction to send the data address to the receiver. The recipient may, after receipt, use the smart contract to retrieve the message from the IPFS and decrypt it.
In the data sending intelligent contract, the address message_addr_hash is obtained after the Message data is stored in the IPFS, and is used as the Message data to be sent to the receiver, and the data sending intelligent contract can be expressed as the following process.
Since messages are stored distributed in IPFS, receiving a message requires reading an oraclaze smart contract return message using a JSON parser.
(2) Identity trusted verification smart contracts
Architecture for digital identity claims, publications, authentications and authorizations using blockchain programmable smart contracts. Because the intelligent contract has the characteristics of programmability, non-falsification, state synchronization and disclosure transparency, a distributed identity statement and a digital identity system for verification and release on an identity chain can be easily constructed between a user and an identity provider, and because of the non-falsification characteristic of the intelligent contract, the contract address can be conveniently used for providing process assistance of identity verification, thereby being convenient for management of digital identities. An effective way of solving the judgment of identity legitimacy between different users.
The main process of identity trusted verification is as follows: and obtaining a public key PK in the DID document from the DID analyzer by the DID of the opposite party, decrypting the cryptograph after the digital signature in the message by using the PK, and verifying the identity authenticity of the opposite party.
(3) Information notification smart contracts
In a conventional centralized communication system, a communication partner is forwarded by a central server, and in a blockchain-based communication mode, since the central server is not present, notification during messaging should be performed by code automatically executed on the blockchain, and when a sender sends a message to a recipient, an intelligent contract automatically performs a message notification function, and sends a reminder to the recipient to complete the communication process.
4. Alliance chain design
According to the existing open source framework, the realization and access of the alliance chain can be realized based on the Ethernet. In the alliance chain, the joining of the nodes is authenticated by the alliance members, so the nodes do not adopt a competitive mode to obtain the accounting rights. The Bayesian fault-tolerant algorithm has better performance, and in order to enhance the consensus efficiency, the embodiment adopts an improved practical Bayesian fault-tolerant algorithm based on the existing model, and the main ideas are as follows.
Because the main node selection lacks credibility in the PBFT algorithm, in order to avoid malicious nodes, the PBFT algorithm adopted in the embodiment increases the selection process of the main node.
Each node may score according to the performance of other nodes in the network to obtain a score that includes the trust value of each node. Each node initially scores 10, if the result of a certain node in a round of consensus process is inconsistent with most nodes, the score of the node is reduced by 1 and the node is marked as suspicious, and if the score is lower than 6, the node is marked as malicious; and if the consensus result is consistent with most nodes, adding 1 to the score of the consensus result, and marking the consensus result as a trusted node. Thus, the score G of node i i Can be expressed as:
G i =initial i -l w +l c #(4.1)
wherein initial is i For an initial score of node i, l w Representing the number of times that the consensus result of node i is inconsistent with most nodes, l c Representing the number of times that the consensus result of node i is consistent with most nodes, when a node is G to node i i And when the number of the nodes is less than or equal to 6, sending a broadcast message prompt to other nodes, and if the other nodes are identified through the common identification, namely, more than 1/3 nodes judge that the node i is a malicious node, pulling the node i out of the network of the common identification nodes. The consensus algorithm flow at this time is shown in fig. 2.
Considering that most nodes tend to act as light nodes, using the communication system rather than participating in consensus, a multi-organization participating federation chain should be established, and the light nodes may simply synchronize block header data without downloading all the data in the block, relying on the full node to verify whether the data is present in the block through the merck tree path. The committee node is responsible for providing services such as auditing and verification of user identity, DID document analysis and the like.
5. IPFS stores and retrieves data
After the node accesses the IPFS network, the node can combine the intelligent contract to realize the uploading and downloading of the data. The data storage to the IPFS network can be realized by an Add method in the GOIPFS-API, and the return result is the hash value of the file. The function description of the upload file is shown in fig. 3:
the response [0]. The hash returns a hash string returned after the data is uploaded to the IPFS, as shown in fig. 4.
Wherein "ipfsContent" is data, and after the data is uploaded to IPFS by calling the "this.saveTextBlobOnIpfs" method, a character string "hash" is returned, and the hash is stored in a state machine variable strHash.
When the data is downloaded, the hash address of the file is required to be input, the data content is read by calling an 'ipfs.cat' method, and the function description of the read content is shown in figure 5.
6. Autonomous identity generation process
In the block chain based trusted communication model, identity information of a user mainly comprises a pair of public and private keys, DIDs and corresponding DID documents.
(1) Public-private key pair generation
The public and private key pair and the DID are identity information required by interaction between the user and the blockchain, and for the safety of the key, the node in the scheme of the embodiment should locally and autonomously generate the public and private key pair and the DID identifier, upload the DID document to the blockchain network, and become a legal user of the blockchain communication network after consensus.
The generation of the key uses the Openssl procedure, firstly, a 1024-bit (or 2048-bit) private key is generated, then, a unique corresponding public key is generated by the private key, and fig. 6 shows a process of generating a public-private key of the RSA algorithm using Openssl.
(2) Generating DID and DID documents
In order to guarantee the privacy of the identity information, the DID should be generated autonomously by the user. The generation of DID requires the use of a created public-private key pair, the preservation of the private key, and the use of the public key to assemble the < DID Document > content. Then, hash256 operation is carried out on < DIDDocument >, spine 160 operation is carried out on the result, base58 conversion is carried out, and finally, prefix did is added before the result: im: as the final DID, it can be expressed as:
DID=base58(ripemd160(hash(<DID Document>)))#(4.2)
RSA digital signature is carried out on the < DID Document > content by using a private key, and finally the < DID Document > with signature attribute is formed. Finally, the < DID Document > content is assembled,
a < DID Document > case is shown in fig. 7.
The DID creating process is finished offline, identity privacy is guaranteed, and DID identity data needs to be stored in a uplink mode in order to disclose the DID. Through the whole network propagation, all nodes can search and verify the identity information through the blockchain.
The trusted communication model further provides a model of the communication,
the trusted communication model needs to consider identity privacy of both communication parties, verifiable privacy and tamper resistance of communication data. Because the communication network is difficult to avoid the existence of malicious nodes, the communication data must be safe and reliable in the whole network from the sender to the receiver, besides encrypting the data, the correlation analysis of the malicious nodes on the messages in the network needs to be prevented, and especially in the short message scene, the information of the encrypted data needs to be further ensured not to be disclosed. Therefore, adjustments and improvements are needed for the entire communication flow to accomplish trusted blockchain communication according to existing protocols.
1. First communication negotiation key flow
In the communication process, a sender A and a receiver B are not in friend relation, and the friend relation needs to be established for the first communication. The process of applying for friends from A to B is mainly divided into three handshakes:
(1) Application information: a, generating a friend application message M, and performing abstract calculation h on the message M 1 =h (M), then by using private key sk of a A Encryption to obtain C s =Enc(sk A ,h 1 ) And add the identity of A to DID A Obtaining M 1 =M||C s ||DID A Then use the private of AKey sk A Encryption, digital signature S as A A =Sig(sk A ,M 1 ) Packaging the content and marking the content as '1' and sending the content to B;
(2) First handshake: b receives the message sent by A through the intelligent contract, and uses the private key of B to decrypt and obtain M 1 =M||C s ||DID A Obtaining DID A Then verifying whether the identity of the opposite party is legal or not through the block chain, and obtaining the public key pk of the opposite party after the identity is legal A And performing a summarization algorithm on M to obtain h 2 Decryption of verification signature information H =h (M) 1 =h 2 If so, selecting whether to agree with the application;
if refused, remark information m of refused application is generated 1 Use sk B After signing by pk A Encryption, send it to a, and identify as "2";
if agreeing, remark information m of the agreeing application is generated 2 And using the public key pk of A A Encryption to obtain M 2 =Enc(pk B ,m 2 ) Using its own private key sk B Encryption m 2 As signature S B =Sig(sk B ,m 2 ) Then (M) 2 ,S B ) Packaging, marking as '2', and then sending to A, and meanwhile B can save the public key of A, DID and other information to local or selectively upload to the IPFS network personal database.
(3) Second handshake: a receives response information marked as '2' sent by B through the intelligent contract, and the response information is the same as the process, and judges whether the opposite party agrees with the application of the opposite party after confirming that the signature is correct;
stopping the operation if the other party refuses;
if the other party agrees, the Dec (pk) is decrypted B ,S B ) And Dec (sk) B ,M 2 ) Verifying the validity of the signature. Randomly generating a symmetric key k, using the public key pk of B B Encryption to obtain M 3 =Enc(pk B K) is sent to a, identified as "3".
(4) Third handshake: b receives the message identified as "3" sent by a through the smart contract,using a private key sk B Decryption acquisition key k=dec (sk) B ,M 3 ) Binding it into buddy a's information.
So far, both parties have finished the symmetric key negotiation process. In addition, after the receiver B completes the last handshake, it invokes the blockchain intelligence contract to send a confirmation message to a telling a that a friendship has been established, and can start communication. And a can use the symmetric key k to carry out encrypted communication after receiving the message. The specific flow is shown in fig. 8.
2. Non-first communication flow
According to the actual situation, two communication users (A and B) are not on line at the same time under the general condition, different from the communication mode under the traditional C/S architecture, the communication process is divided into two scenes because the communication process needs to be combined with an intelligent contract to send out a prompt because the data is not missed in the communication process under the communication mode without the center based on the blockchain.
Case 1: a and B are online simultaneously, which is consistent with the flow after the key is negotiated for the first communication. The two parties can normally negotiate a symmetric key k through a handshake protocol, and then encrypt data by using the key k to realize the fastest encryption and decryption speed and cost.
Case 2: if A is online and B is not online, communication cannot be performed normally temporarily, but information of A is stored on an IPFS network, an information reminding function is triggered through intelligent contracts in a blockchain, and reminding is sent to B, so that omission of communication content is avoided. In the system, the nodes communicate through a point-to-point (P2P) network, so if the other party drops in the communication process, a connection cannot be established with the other party node, and thus data cannot be received. In this case, the local node may attempt to establish a connection with other nodes to receive data. If other nodes have the same data, data may be received from them. If no other node has the same data, the lost data cannot be received. Thus, in the present embodiment model, when node B is not missing a message online, data is saved to IPFS while uploaded to blockchain and a value network consensus is issued. And after B is online again, calling the intelligent contract to actively synchronize the block information lost during B offline to surrounding nodes, and quickly searching the information belonging to the intelligent contract through the merck tree structure.
The main process can be described as:
(1) A sends a message (IPFS hash address) to B and waits for B's response.
(2) B has a response time exceeding a set threshold, representing B not connected to the network.
(3) At this time, the A packages and uploads the abstract address of the message uploading IPFS and the address of the B to the blockchain, and transaction information is written into the blockchain through network consensus.
(4) The block chain records messages that B did not receive.
(5) B, after being online, the method synchronizes the block information with surrounding nodes, actively searches own information, and if the information exists, decrypts the information according to the hash abstract value in the information to an IPFS network to acquire the information.
The entire process can be described as shown in fig. 9.
System testing and result analysis
1. Functional testing
In communication, identity authentication, data security and functionality are all dependent on the network function of the blockchain, so we have tested blockchain functions first. According to test case, the tests are divided into blockchain function, distributed storage function, distributed digital identity function, communication function and intelligent contract function tests. The test contents and the results are shown in Table 3.
Table 3 test contents on results
/>
All results were expected from the test.
2. Performance testing and analysis
(1) Security analysis
All schemes listed in the research prior art upload communication data or data summaries to the block data of the block chain, and ensure that the data cannot be tampered once uploaded by means of transparency and non-tamperability of the block chain.
The volume of the data uplink is reduced, the DID document generated after the identity registration is uploaded to the blockchain, the user can complete the verification of the identity credibility of both sides through the interaction with the blockchain and the intelligent contract by means of the DID reliable identity verification process, and the user negotiates a safe and credible communication key through the four-way handshake process by the public key bound with the DID, so that the user can normally communicate in the peer-to-peer network according to the network protocol without the forwarding of a third party, and the true credibility of both sides identity and data in the communication process is ensured.
In terms of privacy protection: when a user sends a message, the meaningless DID number is used for communicating with other entities, only public key information corresponding to the identity can be searched in the network, so that identity validity verification is carried out, and real identity information corresponding to the number cannot be searched. The RSA cipher algorithm has strong safety when the key length is 1024 bits and has strong safety when 2048 bits, and the safety and the credibility of the key exchange process and the encryption process can be ensured.
In terms of tamper resistance: the user identity information and the public key are recorded in the Merkle tree structure, the multi-note records generate a root hash value, and the verification of the root hash value can quickly verify the correctness of all records. If any message record is tampered with by a malicious node, the root hash value is changed. Moreover, each block in the blockchain is time stamped, indicating that the data was generated at a certain time, resulting in a non-tamperable, non-counterfeitable record.
In addition, the message may be intercepted and tampered by a malicious node in the transmission process, but due to confidentiality of a private key and an encrypted symmetric key of a sender, the message cannot reveal privacy, and meanwhile, the tampered message cannot pass verification, because the verification result cannot be matched with the result after the local digest algorithm is performed on the message.
In terms of blockchain network security: the consensus mechanism employed by the federation chain is typically a distributed consensus algorithm and the use of a bayer consensus mechanism. Assuming that the number of the consensus nodes in the alliance chain is N, and the success rate of attack of the malicious nodes on the consensus nodes is p (0 < p < 1), the method comprises the following steps:
the larger N is, the safer the network is.
In an IPFS network, when a data block is tampered with, the hash value of the data block is changed, and each file is stored with multiple copies, and for a file divided into multiple fragments, it is difficult to affect the authenticity of the data unless the owners of all the data fragments are attacked.
(2) System performance test
In practical applications, certain performance indexes must be achieved in addition to ensuring that the functions of the system can work properly.
The execution efficiency of data processing is tested, and all encryption and decryption time, processing time and analysis time related to data transmission and reception are mainly tested under the general condition. Since data is uploaded to the IPFS network before being sent, the data processing process mainly includes: the time cost, encryption/decryption time cost and data verification time cost sum of the hash algorithm are considered, data files with the sizes of 1KB to 10KB are prepared respectively in consideration of the fact that single data quantity involved in the processes is small, each file is repeatedly sent for 3 times, and the result is averaged. As a result, as shown in fig. 10, when the data size is 1KB during the data transmission process, the required processing time is about 100ms, except for data uploading/downloading, and the performance of the experimental environment network and the block link network is poor, so that the system will have better performance in the federation link environment of the actual multi-node deployment.
For data communication testing. The system performance test is mainly to simulate the communication flow between two user nodes, count the time consumption and result correctness of each step, firstly establish a block chain by means of HyperLeader Febric, establish a local alliance chain of a plurality of nodes so as to test the communication function, configure a 4GB memory and a 128GB hard disk, and successfully access an IPFS network. According to the average size of data in a real communication scene, the embodiment selects a file with the size of 1K to test for three times to obtain the average value, and the throughput per second of the test can reach about 200, so that the basic requirement of a small system can be met. The specific data are shown in table 4.
Table 4 test rate table
For data storage and retrieval testing. In order to test the storage and acquisition rate of data with different sizes in the communication process, considering that most of communication data in an actual communication scene is below 1K, when format data such as files, pictures and videos are related, the size is generally above 1K, so that the data size is increased in turn from 1K in this section, and time changes required for uploading and receiving data are observed. First, two nodes a and B are created, respectively, for a sender and a receiver, data files with sizes of 1K, 2K, 4K, 8K, 16K, 32K, 64K, 128K, 256K, 512K, 1M, 2M, 4M, 8M, 16M, 32M, and 64M are prepared, each file is repeatedly transmitted 3 times, and the result is averaged. The time for testing the encryption, decryption and transmission of files of different sizes in the network is shown in fig. 11.
Because the number of nodes is limited in the experimental environment, 10 nodes participate in forwarding and consensus, the consensus process of the blockchain is shorter under the condition, and the processing and storage time of data is mainly shortened, according to the figure, when the file size is less than 1M, the time is slowly changed by the data size, because the consensus time is short, the network bandwidth is not fully utilized, the overall time is affected by network transmission, the change is not obvious, and when the data size is increased to more than 4M, the data processing, slicing and uploading are increased to 4 seconds, and especially in the uploading IPFS stage, the data is divided into fragments and the hash operation is performed to cause the time increase. In addition, the number of online nodes in the IPFS network can also affect the data transfer rate. Within 32M, the transmission delay of data reaches 3.5 seconds at most. Thus, communication delays within 1M substantially meet the needs of a small range of users. And the speed of acquiring large files is faster than that of the traditional network.
The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather is intended to cover all modifications, equivalents, alternatives, and improvements that fall within the spirit and scope of the invention.
Claims (6)
1. An interaction method of trusted communication based on a blockchain is characterized by comprising the following steps:
in the communication process, the sender A and the receiver B are simultaneously on line or the sender A and the receiver B are not in friend relation,
the first communication needs to establish a friend relation, and the process of applying friends to B by A is mainly divided into three handshakes:
(1) Application information: a, generating a friend application message M, and performing abstract calculation h on the message M 1 =h (M), then by using private key sk of a A Encryption to obtain C s =Enc(sk A ,h 1 ) And add the identity of A to DID A Obtaining M 1 =M||C s ||DID A Then use the private key sk of A A Encryption, digital signature S as A A =Sig(sk A ,M 1 ) Packaging the content and marking the content as '1' and sending the content to B;
(2) First handshake: b receives the message sent by A through the intelligent contract, and uses the private key of B to decrypt and obtain M 1 =M||C s ||DID A Obtaining DID A Then verifying whether the identity of the opposite party is legal or not through the block chain, and obtaining the public key pk of the opposite party after the identity is legal A And performing a summarization algorithm on M to obtain h 2 Decryption of verification signature information H =h (M) 1 =h 2 If so, selecting whether to agree with the application;
if refused, remark information m of refused application is generated 1 Use sk B After signing by pk A Encryption is toIt is sent to a and is identified as "2";
if agreeing, remark information m of the agreeing application is generated 2 And using the public key pk of A A Encryption to obtain M 2 =Enc(pk B ,m 2 ) Using its own private key sk B Encryption m 2 As signature S B =Sig(sk B ,m 2 ) Then (M) 2 ,S B ) Packaging, marking as '2', and then sending to A, and meanwhile B can save the public key of A, DID and other information to local or selectively upload to the IPFS network personal database.
(3) Second handshake: a receives response information marked as '2' sent by B through the intelligent contract, and the response information is the same as the process, and judges whether the opposite party agrees with the application of the opposite party after confirming that the signature is correct;
stopping the operation if the other party refuses;
if the other party agrees, the Dec (pk) is decrypted B ,S B ) And Dec (sk) B ,M 2 ) Verifying the validity of the signature. Randomly generating a symmetric key k, using the public key pk of B B Encryption to obtain M 3 =Enc(pk B K) is sent to a, identified as "3".
(4) Third handshake: b receives the message with the mark of 3 sent by A through the intelligent contract and uses the private key sk B Decryption acquisition key k=dec (sk) B ,M 3 ) Binding it into buddy a's information.
(5) Both parties have finished the symmetric key negotiation process.
2. The method of interaction for blockchain-based trusted communications of claim 1, wherein: after the receiver B finishes the last handshake, it invokes the blockchain intelligent contract to send a confirmation message to A, telling A that the friend relationship has been established, and can start communication, and A can use the symmetric key k to encrypt communication after receiving the message.
3. The method of interaction for blockchain-based trusted communications of claim 1, wherein: a is online, B is not online, and the communication process is as follows:
(1) A sends a message (IPFS hash address) to B and waits for B to respond;
(2) B has a response time exceeding a set threshold value, representing that B is not connected with the network;
(3) At the moment, the A packages and uploads the abstract address of the message uploading IPFS and the address of the B to the blockchain, and transaction information is written into the blockchain through network consensus;
(4) The block chain records the messages which are not received by the B;
(5) B, after being online, the method synchronizes the block information with surrounding nodes, actively searches own information, and if the information exists, decrypts the information according to the hash abstract value in the information to an IPFS network to acquire the information.
4. A method of interaction for blockchain-based trusted communications as in claim 3, wherein: when the node B does not miss the message of A online, the data is stored in the IPFS and is uploaded to the block chain at the same time, and value network consensus is issued; and after B is online again, calling the intelligent contract to actively synchronize the block information lost during B offline to surrounding nodes, and quickly searching the information belonging to the intelligent contract through the merck tree structure.
5. The method of interaction for blockchain-based trusted communications of claim 1, wherein: the data information in the smart contract includes a data sender identity, metadata, a digital signature, a data hash value, and a timestamp; after the information is generated and encrypted, the information is transmitted into an IPFS storage system through an intelligent contract to obtain a data address value, and the intelligent contract is called to initiate transaction to send the data address to a receiver. The recipient may, after receipt, use the smart contract to retrieve the message from the IPFS and decrypt it.
6. The method of interaction for blockchain-based trusted communications of claim 1, wherein: the node autonomously generates a public and private key pair and a DID identifier locally, uploads a DID document to the blockchain network, and can become a legal user of the blockchain communication network after consensus.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310760236.4A CN116668165A (en) | 2023-06-26 | 2023-06-26 | Interaction method of trusted communication based on block chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310760236.4A CN116668165A (en) | 2023-06-26 | 2023-06-26 | Interaction method of trusted communication based on block chain |
Publications (1)
Publication Number | Publication Date |
---|---|
CN116668165A true CN116668165A (en) | 2023-08-29 |
Family
ID=87720694
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310760236.4A Pending CN116668165A (en) | 2023-06-26 | 2023-06-26 | Interaction method of trusted communication based on block chain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116668165A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116896440A (en) * | 2023-09-11 | 2023-10-17 | 中国信息通信研究院 | Block chain-based declaration data verification method and device, equipment and medium |
-
2023
- 2023-06-26 CN CN202310760236.4A patent/CN116668165A/en active Pending
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116896440A (en) * | 2023-09-11 | 2023-10-17 | 中国信息通信研究院 | Block chain-based declaration data verification method and device, equipment and medium |
CN116896440B (en) * | 2023-09-11 | 2023-11-10 | 中国信息通信研究院 | Block chain-based declaration data verification method and device, equipment and medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9369424B2 (en) | Targeted notification of content availability to a mobile device | |
Dingledine et al. | The free haven project: Distributed anonymous storage service | |
US20040236953A1 (en) | Method and device for transmitting an electronic message | |
AU2005206907A1 (en) | Method and apparatus for trusted branded email | |
CN111953490B (en) | Digital signature method and system based on block chain technology | |
CN102170419A (en) | A secure mail client system and a method thereof | |
Asokan et al. | Towards securing disruption-tolerant networking | |
US11895210B2 (en) | Targeted notification of content availability to a mobile device | |
CN116668165A (en) | Interaction method of trusted communication based on block chain | |
CN109150861A (en) | block chain network communication system | |
Huguenin-Dumittan et al. | A message franking channel | |
EdalatNejad et al. | {DatashareNetwork}: A Decentralized {Privacy-Preserving} Search Engine for Investigative Journalists | |
US20070266251A1 (en) | Circuit Arrangement And Method For Securing Communication Within Communication Networks | |
Schulz et al. | d 2 Deleting Diaspora: Practical attacks for profile discovery and deletion | |
GB2446171A (en) | Anonymous authentication in a distributed or peer-to-peer network | |
Du et al. | The applications of blockchain in the covert communication | |
Srinivasan et al. | XTRA—eXtended bit-Torrent pRotocol for Authenticated covert peer communication: Authenticated covert P2P communication | |
WO2008065346A2 (en) | Secure messaging and data sharing | |
Mueller | Let’s attest! Multi-modal certificate exchange for the web of trust | |
CN116074115B (en) | Method for realizing cross-chain encryption session based on intelligent contract | |
CN111865972B (en) | Anonymous communication method and system | |
CN114389878B (en) | Block chain slicing method and block chain network system | |
Schliep | Secure Group Communication | |
Song | Cryptography in the Wild: Briar | |
Collins | On the Theory and Practice of Modern Secure Messaging |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication |