CN117499092A - Electronic contract data secure sharing method - Google Patents

Electronic contract data secure sharing method Download PDF

Info

Publication number
CN117499092A
CN117499092A CN202311421538.5A CN202311421538A CN117499092A CN 117499092 A CN117499092 A CN 117499092A CN 202311421538 A CN202311421538 A CN 202311421538A CN 117499092 A CN117499092 A CN 117499092A
Authority
CN
China
Prior art keywords
electronic contract
access
contract data
key
symmetric key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311421538.5A
Other languages
Chinese (zh)
Inventor
陈臻
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Langhui Huike Technology Co ltd
Original Assignee
Shanghai Langhui Huike Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Langhui Huike Technology Co ltd filed Critical Shanghai Langhui Huike Technology Co ltd
Priority to CN202311421538.5A priority Critical patent/CN117499092A/en
Publication of CN117499092A publication Critical patent/CN117499092A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/121Timestamp

Abstract

The invention relates to the technical field of data secure sharing, and discloses an electronic contract data secure sharing method, which comprises the following steps: the electronic contract main body symmetrically encrypts the electronic contract data by using a symmetric key to obtain an electronic contract data ciphertext, formulates an access strategy and hides the mapping in the access strategy by using an attribute bloom filter; the contract access body sends an electronic contract data cross-domain access request to the blockchain network, and the blockchain network performs analysis and verification; verifying that a conversion key is generated through the rear block chain, and converting the electronic contract data ciphertext by using the conversion key to obtain a light ciphertext; and the contract access main body decrypts the encryption result of the symmetric key to obtain the symmetric key, and decrypts the symmetric key to obtain the electronic contract data. The invention adopts a mode of combining symmetric encryption and elliptic curve encryption to encrypt and uplink the electronic contract data, thereby realizing the electronic contract data sharing processing based on block chain verification and multiple rounds of data encryption scenes.

Description

Electronic contract data secure sharing method
Technical Field
The invention relates to the technical field of data secure sharing, in particular to an electronic contract data secure sharing method.
Background
Currently, in the project cooperation process, the company main body contracts a few tens of thousands each year, and the current way of paper express or manual taking cannot meet the development requirements of enterprises. With the development of the Internet, the electronic contract is signed on line with great convenience, and meanwhile, the non-tamper property and non-repudiation of the digital signature of the electronic contract are necessary conditions for effectively popularizing the electronic contract. The electronic contract replaces the traditional paper contract in the form of a data message, and simultaneously realizes integration with an internal system of a company, so that not only can business data sharing and communication be realized, but also a whole set of material main lines of price checking, contract, purchasing, warehousing, payment and the like can be completely subjected to informationized management. While bringing great convenience, electronic co-ordinates also raise a series of problems: firstly, the electronic contract is stored in a third party, the owner cannot master the contract leading right and know which people can access and view the contract, and secondly, if the shared contract is to be verified to be true or false, a large amount of time and labor cost are increased.
In order to solve the problems that data of the electronic contract are tampered or leaked in the storage and sharing processes, the invention provides a safe sharing method of the electronic contract data, and the safety of the electronic contract sharing full life cycle is ensured.
Disclosure of Invention
In view of the above, the present invention provides a method for securely sharing electronic contract data, which aims to: 1) Generating a system public-private key pair by adopting a mode of combining symmetric encryption and elliptic curve encryption, generating a symmetric key of each electronic contract main body in a blockchain network by using an elliptic curve encryption method and taking the system public-private key pair as a basis, further adopting an elliptic encryption mode, combining formulated access strategies to obtain a shared secret value representing the symmetric key and the access strategies, realizing linear secret sharing, verifying the access strategies provided by the same access main body according to the linear reconstruction characteristics of the access strategy mapping result, thereby carrying out fine-grained verification on user attributes of a plurality of dimensions, realizing a secure sharing scheme of electronic contract data fine-grained, effectively relieving data damage caused by malicious nodes in the network by combining a blockchain consensus mechanism, providing a cross-domain access verification method of an attribute bloom filter, realizing protection of access strategy attributes, enabling an attacker to be unable to analyze the access strategies of data acquired by the contract main body, and being unable to infer attributes owned by the visitor, and avoiding the problem that electronic contract data cross-domain sharing is uncontrollable based on the cross-domain access verification method of the attribute bloom filter; 2) The provider of the electronic contract data sets a data access strategy, encrypts the electronic contract data, adds the encrypted electronic contract data into a blockchain, enables a contract access subject needing to access the electronic contract data to form an electronic contract data cross-domain access request by generating the access strategy, enables the blockchain to verify user information and the access strategy of the same access subject, and sends the corresponding electronic contract information to the contract access subject after the verification is passed, and enables the contract access subject to decrypt the electronic contract data according to a shared secret value, own user information and the access strategy to realize electronic contract data sharing processing under the conditions of blockchain verification and multi-round data encryption.
The invention provides a safe sharing method of electronic contract data, which comprises the following steps:
s1: initializing a public and private key pair of a blockchain network and a system to generate a symmetric key of each electronic contract main body;
s2: the electronic contract main body uses the symmetric key to carry out symmetric encryption on the electronic contract data to obtain an electronic contract data ciphertext, establishes an access strategy, uses an encryption algorithm to encrypt the symmetric key, uses an attribute bloom filter to hide the mapping in the access strategy, and uploads the electronic contract information to a blockchain;
s3: the contract access body sends an electronic contract data cross-domain access request to the blockchain network, and the blockchain network analyzes and verifies the electronic contract data cross-domain access request;
s4: if the verification is passed, generating a conversion key by the blockchain, converting the electronic contract data ciphertext by using the conversion key to obtain a light ciphertext, and transmitting encryption results of the conversion key, the light ciphertext and the symmetric key to a contract access subject;
s5: the contract access main body decrypts the encryption result of the symmetric key to obtain the symmetric key, and decrypts the light ciphertext by using the symmetric key to obtain the electronic contract data.
As a further improvement of the present invention:
optionally, initializing a public and private key pair of the blockchain network and the system in the step S1 includes:
initializing a blockchain network, wherein the blockchain network is provided with N blocks corresponding to N electronic contract bodies, each block comprises a block head and a block body, the block head comprises ID information of the electronic contract body corresponding to the block, timestamp information generated by the block and a hash value of the previous block, the block body is used for storing shared records of electronic contract data generated by the corresponding electronic contract body, and the N blocks are linked according to the timestamp information generated by the block in the block head to form the blockchain network;
the electronic contract main body is a provider of electronic contract data, and the corresponding relation between the electronic contract main body and the electronic contract data is as follows:
{(L n ,X n )|n∈[1,N]}
wherein:
L n represents the nth electronic contract body, X n Representing an electronic contract principal L n The electronic contract data provided;
initializing and generating a system public and private key pair, wherein the generation flow of the system public and private key pair is as follows:
s11: generating prime number p, constructing finite field G with length p p Wherein the finite field G p Has a set Z therein p
Z p ={0,1,...,p-1}
S12: based on the generated finite field, an elliptic curve E (G p ):
Wherein:
mod represents modulo notation;
e, g is a parameter of an elliptic curve;
≡denotes congruence symbols;
(x, y ) Represents an elliptic curve E (G p ) In (x, y) ∈ (G) p ) 2 Representing x ε Z p ,y∈Z p
S13: determining prime number q, where parameter q<p, in elliptic curve E (G p ) Selecting Q coordinate points to form a cyclic multiplication group Q, and selecting the cyclic multiplication groups Q and Q 0 Coordinate point Q of the same abelian group 0 As generator of cyclic multiplication group Q;
s14: randomly selecting a epsilon Z p Generating a system public-private key pair:
PK=Q 0 [Q 0 ×Q 0 ] a
SK=(Q 0 ) a
wherein:
PK represents the system public key, SK represents the system private key.
Optionally, generating a symmetric key of each electronic contract body in the step S1 includes:
generating a symmetric key of an electronic contract main body corresponding to each block in the blockchain network according to the generated public and private key pair of the system, wherein the symmetric key generation flow of the n-th electronic contract main body is as follows:
generating two different large primes p n ,q n And calculate t n =(p n -1)(q n -1) traversing to obtain p n -1,q n Least common multiple lambda between-1 n Generating a symmetric key of the nth bit electronic contract body:
pk n =(e n ,SK)
sk n =(d n ,SK)
said e n ,d n Satisfies the following formula:
gcd(e n ,λ n )=1
e n d n mod t n =1
wherein:
(pk n, sk n ) Symmetric key, pk, representing the body of an nth electronic contract n Represents the public key, sk, in the symmetric key n Representing a private key in the symmetric key;
gcd (·) represents calculating the greatest common divisor;
mod represents modulo;
e n ,d n representing a symmetric key (pk) n ,sk n ) Key parameters in the generation process.
Optionally, in the step S2, the electronic contract body uses the symmetric key to perform symmetric encryption on the electronic contract data to obtain an electronic contract data ciphertext, and formulates an access policy, including:
the electronic contract main body uses the symmetric key to carry out symmetric encryption on the electronic contract data to obtain the ciphertext of the electronic contract data, and establishes an access strategy, wherein the formula of the n-th electronic contract main body for carrying out symmetric encryption on the electronic contract data by using the symmetric key is as follows:
wherein:
representing electronic contract data X n Is a symmetric encryption result of (a);
an electronic contract principal formulates an access policy for the generated electronic contract data, wherein the nth electronic contract principal applies a policy to the electronic contract data X n The formulated access policy is in the form of:
W n =(w n (1),w n (2),...,w n (num n ))
wherein:
W n representing n-th electronic contract subject versus electronic contract data X n The formulated access strategy;
w n (num n ) Representing the num of users of the same access subject in the access policy n Access requirements for individual user attributes;
establishing an access policy W based on a cyclic multiplication group Q n Is mapped to:
H n =(H n (1),H n (2),...,H n (num n ))
H n (num n )=h 0 (w n (num n ),R n )
R n =h 1 (r n )
h 0 :{0,1}*×Q→{0,1} q
h 1 :{0,1} * →{0,1} q×q
wherein:
h 0 ,h i Represents a hash function, x Q represents any coordinate point in the cyclic multiplication group Q, {0,1} * Bit string of arbitrary length, representing input hash function, → {0,1} q Representing a bit string mapped to a length q;
r n ∈Z p ,R n as an access policy W n Is a secret value of (a);
H n representing an access policy W n Mapping results of (2);
H n (num n ) Representing w n (num n ) Is provided.
Optionally, in the step S2, the symmetric key is encrypted by using an encryption algorithm, the mapping in the access policy is hidden by using an attribute bloom filter, and the electronic contract information is uploaded to the blockchain, including:
encrypting the symmetric key generated by the electronic contract body by using an encryption algorithm, and hiding the mapping in the access strategy by using an attribute bloom filter, wherein the symmetric key encryption and access strategy mapping hiding flow of the nth electronic contract body is as follows:
s21: generating a shared secret value s for an nth electronic contract body n
s n =h 2 (R n ,pk n ,sk n )
h 2 :{0,1} * →{0,1} q
Wherein:
h 2 representing a hash function;
s22: according to the access policy W n Secret value of (1) and symmetric key (pk) n, sk n ) Generating a ciphertext result corresponding to the shared secret value:
wherein:
representing element-by-element additions;
C n representing a shared secret value s n Corresponding ciphertext result, and C n As a symmetric key encryption result of the nth electronic contract body;
S23: building an attribute bloom filter, utilizing num n Individual hash function pair access policy W n Mapping result H of (2) n Address mapping is carried out to obtain H n Mapping address of access requirement of any user attribute in the database, and carrying out mapping result H according to the mapping address n Wherein H is n (num n ) Is LOC n (num n );
And uploading the electronic contract information to a corresponding block of the blockchain network, wherein the electronic contract information comprises a shared secret value, a ciphertext result corresponding to the shared secret value, a symmetric encryption result of the electronic contract data, a mapping result of the access strategy and a mapping address.
Optionally, in the step S3, the contract access entity sends an electronic contract data cross-domain access request to the blockchain network, and the blockchain network performs parsing verification, including:
the contract access entity sends an electronic contract data cross-domain access request to the blockchain network, wherein the contract access entity is an electronic contract entity corresponding to a block of a non-electronic contract data provider in the blockchain network, the electronic contract data cross-domain access request comprises timestamp information, contract access entity ID information and access strategy information which are required to be constructed, and the electronic contract data cross-domain access request sent by the ith electronic contract entity to the nth electronic contract entity is:
Wherein:
representing an electronic contract data cross-domain access request sent by a jth electronic contract body to an nth electronic contract body;
Time j timestamp information representing a request for constructing cross-domain access to electronic contract data;
ID j representing the j-th electronic contract principal L j ID information of (3);
W j (X n ) Representing the j-th electronic contract principal L j For electronic contract data X n Access policy information of (1) including the j-th electronic contract body L j Num of (2) n Individual user attributes;
block chain network pairThe analysis and verification flow of (1) is as follows:
s31: block verification Time stamp information Time corresponding to nth bit electronic contract body j Whether or not it is legal, if it is Time j If the difference value between the current time stamp and the current time stamp is within a preset range, the current time stamp is legal;
and verifies contract access subject ID information ID j If it is legal, if the contract accesses the subject ID information ID j Legal if the block chain exists in the block chain network;
s32: first, theBlock slave H corresponding to n-bit electronic contract main body n The corresponding mapping address position is extracted to obtain an access strategy W n Mapping result H of (2) n
S33: calculate W j (X n )H n -W n I and if I w j (X n )H n -W n If the I is smaller than the preset access threshold, verifying the cross-domain access request through the electronic contract dataWherein I II representing the L1 norm.
Optionally, if the electronic contract data cross-domain access request passes the verification in the step S4, the blockchain network converts the electronic contract data ciphertext by using the conversion key to obtain a light ciphertext, and sends the encryption results of the conversion key, the light ciphertext and the symmetric key to the contract access subject, including:
If the electronic contract data cross-domain access request passes verification, generating a conversion key by the blockchain network according to the electronic contract data cross-domain access request, and converting the electronic contract data ciphertext by using the conversion key to obtain a light ciphertext, wherein the generation of the conversion key and the light ciphertext conversion flow are as follows:
s41: cross-domain access request based on electronic contract dataGenerating a conversion key:
wherein:
cross-domain access request for electronic contract data generated for blockchain networks>Is converted into (a)A secret key;
s42: the lightweight ciphertext generation formula based on the conversion key is:
wherein:
representation->A corresponding lightweight ciphertext;
representing electronic contract data X n Is a symmetric encryption result of (a);
s43: will transform the keyLight ciphertext->Encryption result C of symmetric key n Sent to contract Access principal L j
Optionally, in the step S5, the contract access body decrypts the encryption result of the symmetric key to obtain the symmetric key, and decrypts the light ciphertext with the symmetric key to obtain the electronic contract data, including:
contract Access principal L j Encryption result C for symmetric key n And performing decryption processing, wherein a decryption formula is as follows:
wherein the decryption result is a symmetric key, and uses ID information and access policy information W j (X n ) Decrypting to obtain the system private key SK and using the conversion keyLight ciphertext->And a system public key PK for electronic contract data X n The symmetric encryption result of (2) is calculated:
decrypting the symmetric encryption result according to the symmetric key and the system private key SK to obtain electronic contract data X n Wherein the decryption formula is:
contract Access principal receives electronic contract data X n Completing the electronic contract data X from the nth electronic contract principal to the contract access principal n And adding the electronic contract data sharing record which completes the sharing process into the block corresponding to the nth electronic contract body.
In the embodiment of the invention, a provider of electronic contract data sets a data access strategy, encrypts the electronic contract data, adds the encrypted electronic contract data into a blockchain, a contract access subject needing to access the electronic contract data forms an electronic contract data cross-domain access request by generating the access strategy, the blockchain verifies user information and the access strategy of the same access subject, and then sends the corresponding electronic contract information to the contract access subject after the verification is passed, and the contract access subject decrypts the electronic contract data according to the user information and the access strategy to realize electronic contract data sharing processing under the conditions of blockchain verification and multi-round data encryption.
In order to solve the above-described problems, the present invention provides an electronic apparatus including:
a memory storing at least one instruction;
the communication interface is used for realizing the communication of the electronic equipment; and
And the processor executes the instructions stored in the memory to realize the electronic contract data secure sharing method.
In order to solve the above-mentioned problems, the present invention also provides a computer-readable storage medium having stored therein at least one instruction that is executed by a processor in an electronic device to implement the above-mentioned electronic contract data secure sharing method.
Compared with the prior art, the invention provides an electronic contract data secure sharing method, which has the following advantages:
firstly, the scheme provides a chain data security protection method combining with a blockchain, which uses an encryption algorithm to encrypt a symmetric key generated by an electronic contract main body and uses an attribute bloom filter to hide a mapping in an access strategy, wherein the symmetric key encryption and access strategy mapping hiding flow of an nth electronic contract main body is as follows: generating a shared secret value s for an nth electronic contract body n
s n =h 2 (R n ,pk n ,sk n )
h 2 :{0,1} * →{0,1} q
Wherein: h is a 2 Representing a hash function; according to the access policy W n Secret value of (1) and symmetric key (pk) n ,sk n ) Generating a ciphertext result corresponding to the shared secret value:
wherein:representing element-by-element additions; c (C) n Representing a shared secret value s n Corresponding ciphertext result, and C n As a symmetric key encryption result of the nth electronic contract body; building an attribute bloom filter, utilizing num n Individual hash function pair access policy W n Mapping result H of (2) n Address mapping is carried out to obtain H n Mapping address of access requirement of any user attribute in the database, and carrying out mapping result H according to the mapping address n Wherein H is n (num n ) Is LOC n (num n ) The method comprises the steps of carrying out a first treatment on the surface of the And uploading the electronic contract information to a corresponding block of the blockchain network, wherein the electronic contract information comprises a shared secret value, a ciphertext result corresponding to the shared secret value, a symmetric encryption result of the electronic contract data, a mapping result of the access strategy and a mapping address. The contract access entity sends an electronic contract data cross-domain access request to the blockchain network, wherein the contract access entity is an electronic contract entity corresponding to a block of a non-electronic contract data provider in the blockchain network, the electronic contract data cross-domain access request comprises timestamp information, contract access entity ID information and access strategy information which are required to be constructed, and the electronic contract data cross-domain access request sent by the j-th electronic contract entity to the n-th electronic contract entity is:
Wherein:representing an electronic contract data cross-domain access request sent by a jth electronic contract body to an nth electronic contract body; time j Timestamp information representing a request for constructing cross-domain access to electronic contract data; ID (identity) j Representing the j-th electronic contract principal L j ID information of (3); w (W) j (X n ) Representing the j-th electronic contract principal L j For electronic contract data X n Access policy information of (1) including the j-th electronic contract body L j Num of (2) n Individual user attributes; block chain network pair-> The analysis and verification flow of (1) is as follows: block verification Time stamp information Time corresponding to nth bit electronic contract body j Whether or not it is legal, if it is Time j If the difference value between the current time stamp and the current time stamp is within a preset range, the current time stamp is legal; and verifies contract access subject ID information ID j If it is legal, if the contract accesses the subject ID information ID j Legal if the block chain exists in the block chain network; block slave H corresponding to nth electronic contract body n The corresponding mapping address position is extracted to obtain an access strategy W n Mapping result H of (2) n The method comprises the steps of carrying out a first treatment on the surface of the Calculate W j (X n )H n -W n I, if I W j (X n )H n -W n If the I is smaller than the preset access threshold, verifying that the cross-domain access request is cross-domain through the electronic contract data>Wherein I II representing the L1 norm. The scheme adopts a mode of combining symmetric encryption and elliptic curve encryption, utilizes an elliptic curve encryption method to generate a system public-private key pair, takes the system public-private key pair as a basis to generate a symmetric key of each electronic contract main body in a blockchain network, further adopts an elliptic encryption mode, combines a formulated access strategy to obtain a shared secret value representing the symmetric key and the access strategy to realize linear secret sharing, verifies the access strategy provided by the same access main body according to the linear reconstruction characteristic of the access strategy mapping result, thereby carrying out fine-granularity verification on user attributes of a plurality of dimensions, realizing a safe sharing scheme of electronic contract data fine granularity, combining a blockchain consensus mechanism to effectively relieve data damage caused by malicious nodes in the network, providing a cross-domain access verification method of an attribute bloom filter, realizing protection of access strategy attributes, and enabling an attacker to be unable to analyze access of data acquired by the contract access main body And the inquiry strategy can not infer the attribute owned by the visitor, and the cross-domain access verification method based on the attribute bloom filter can avoid the problem that the cross-domain sharing of the electronic contract data is uncontrollable.
Meanwhile, the scheme provides an electronic contract data safe sharing mode, a provider of the electronic contract data encrypts the electronic contract data by setting a data access strategy, the encrypted electronic contract data is added into a blockchain, a contract access subject needing to access the electronic contract data forms an electronic contract data cross-domain access request by generating the access strategy, the blockchain verifies user information and the access strategy of the contract access subject, the corresponding electronic contract information is sent to the contract access subject after the verification is passed, and the contract access subject decrypts the electronic contract data according to a shared secret value, own user information and the access strategy to realize electronic contract data sharing processing under the conditions of block chain verification and multi-round data encryption.
Drawings
Fig. 1 is a schematic flow chart of a method for securely sharing electronic contract data according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of an electronic device for implementing a method for securely sharing electronic contract data according to an embodiment of the present invention.
In the figure: 1 an electronic device, 10 a processor, 11 a memory, 12 a program, 13 a communication interface.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The embodiment of the application provides a secure sharing method for electronic contract data. The execution subject of the electronic contract data security sharing method includes, but is not limited to, at least one of a server, a terminal, and the like, which can be configured to execute the method provided by the embodiment of the application. In other words, the electronic contract data security sharing method may be performed by software or hardware installed at a terminal device or a server device, and the software may be a blockchain platform. The service end includes but is not limited to: a single server, a server cluster, a cloud server or a cloud server cluster, and the like.
Example 1:
s1: initializing a public and private key pair of the blockchain network and the system to generate a symmetric key of each electronic contract body.
Initializing a public and private key pair of a blockchain network and a system in the step S1, wherein the method comprises the following steps:
Initializing a blockchain network, wherein the blockchain network is provided with N blocks corresponding to N electronic contract bodies, each block comprises a block head and a block body, the block head comprises ID information of the electronic contract body corresponding to the block, timestamp information generated by the block and a hash value of the previous block, the block body is used for storing shared records of electronic contract data generated by the corresponding electronic contract body, and the N blocks are linked according to the timestamp information generated by the block in the block head to form the blockchain network;
the electronic contract main body is a provider of electronic contract data, and the corresponding relation between the electronic contract main body and the electronic contract data is as follows:
{(L n ,X n )|n∈[1,N]}
wherein:
L n represents the nth electronic contract body, X n Representing an electronic contract principal L n The electronic contract data provided;
initializing and generating a system public and private key pair, wherein the generation flow of the system public and private key pair is as follows:
s11: generating prime number p, constructing finite field G with length p p Wherein the finite field G p Has a set Z therein p
Z p ={0,1,...,p-1}
S12: based on the generated finite field, an elliptic curve E (G p ):
Wherein:
mod represents modulo notation;
e, g is a parameter of an elliptic curve;
≡denotes congruence symbols;
(x, y) represents an elliptic curve E (G) p ) In (x, y) ∈ (G) p ) 2 Representing x ε Z p ,y∈Z p
S13: determining prime number q, where parameter q<p, in elliptic curve E (G p ) Selecting Q coordinate points to form a cyclic multiplication group Q, and selecting the cyclic multiplication groups Q and Q 0 Coordinate point Q of the same abelian group 0 As generator of cyclic multiplication group Q;
s14: randomly selecting a epsilon Z p Generating a system public-private key pair:
PK=Q 0 [Q 0 ×Q 0 ] a
SK=(Q 0 ) a
wherein:
PK represents the system public key, SK represents the system private key.
Optionally, generating a symmetric key of each electronic contract body in the step S1 includes:
generating a symmetric key of an electronic contract main body corresponding to each block in the blockchain network according to the generated public and private key pair of the system, wherein the symmetric key generation flow of the n-th electronic contract main body is as follows:
generating two different large primes p n ,q n And calculate t n =(p n -1)(q n -1) traversing to obtain p n -1,q n Least common multiple lambda between-1 n Generating a symmetric key of the nth bit electronic contract body:
pk n =(e n ,SK)
sk n =(d n ,SK)
said e n ,d n Satisfies the following formula:
gcd(e n ,λ n )=1
e n d n mod t n =1
wherein:
(pk n ,sk n ) Symmetric key, pk, representing the body of an nth electronic contract n Represents the public key, sk, in the symmetric key n Representing a private key in the symmetric key;
gcd (·) represents calculating the greatest common divisor;
mod represents modulo;
e n ,d n representing a symmetric key (pk) n ,sk n ) Key parameters in the generation process.
S2: the electronic contract main body uses the symmetric key to carry out symmetric encryption on the electronic contract data to obtain the electronic contract data ciphertext, establishes an access strategy, uses the encryption algorithm to encrypt the symmetric key, uses the attribute bloom filter to hide the mapping in the access strategy, and uploads the electronic contract information to the blockchain.
In the step S2, the electronic contract main body uses the symmetric key to carry out symmetric encryption on the electronic contract data to obtain the electronic contract data ciphertext, and establishes an access strategy, and the method comprises the following steps:
the electronic contract main body uses the symmetric key to carry out symmetric encryption on the electronic contract data to obtain the ciphertext of the electronic contract data, and establishes an access strategy, wherein the formula of the n-th electronic contract main body for carrying out symmetric encryption on the electronic contract data by using the symmetric key is as follows:
wherein:
representing electronic contract data X n Is a symmetric encryption result of (a);
the electronic contract principal is a generated electronic contract data systemDetermining an access policy in which an nth electronic contract principal pair electronic contract data X n The formulated access policy is in the form of:
W n =(w n (1),w n (2),...,w n (num n ))
wherein:
W n representing n-th electronic contract subject versus electronic contract data X n The formulated access strategy;
w n (num n ) Representing the num of users of the same access subject in the access policy n Access requirements for individual user attributes;
establishing an access policy W based on a cyclic multiplication group Q n Is mapped to:
H n =(H n (1),H n (2),...,H n (num n ))
H n (num n )=h 0 (w n (num n ),R n )
R n =h 1 (r n )
h 0 :{0,1} * ×Q→{0,1} q
h 1 :{0,1} * →{0,1} q×q
wherein:
h 0 ,h 1 represents a hash function, x Q represents any coordinate point in the cyclic multiplication group Q, {0,1} * Bit string of arbitrary length, representing input hash function, → {0,1} q Representing a bit string mapped to a length q;
r n ∈Z p ,R n as an access policy W n Is a secret value of (a);
H n representing an access policy W n Mapping results of (2);
H n (num n ) Representing w n (num n ) Is provided.
In the step S2, the symmetric key is encrypted by using an encryption algorithm, the mapping in the access policy is hidden by using an attribute bloom filter, and the electronic contract information is uploaded to the blockchain, including:
encrypting the symmetric key generated by the electronic contract body by using an encryption algorithm, and hiding the mapping in the access strategy by using an attribute bloom filter, wherein the symmetric key encryption and access strategy mapping hiding flow of the nth electronic contract body is as follows:
s21: generating a shared secret value s for an nth electronic contract body n
s n =h 2 (R n ,pk n ,sk n )
h 2 :{0,1} * →{0,1} q
Wherein:
h 2 representing a hash function;
s22: according to the access policy W n Secret value of (1) and symmetric key (pk) n ,sk n ) Generating a ciphertext result corresponding to the shared secret value:
wherein:
representing element-by-element additions;
C n representing a shared secret value s n Corresponding ciphertext result, and C n As a symmetric key encryption result of the nth electronic contract body;
s23: building an attribute bloom filter, utilizing num n Individual hash function pair access policy W n Mapping result H of (2) n Address mapping is carried out to obtain H n Mapping address of access requirement of any user attribute in the database, and carrying out mapping result H according to the mapping address n Wherein H is n (num n ) Is LOC n (num n );
And uploading the electronic contract information to a corresponding block of the blockchain network, wherein the electronic contract information comprises a shared secret value, a ciphertext result corresponding to the shared secret value, a symmetric encryption result of the electronic contract data, a mapping result of the access strategy and a mapping address.
S3: the contract access body sends an electronic contract data cross-domain access request to the blockchain network, and the blockchain network analyzes and verifies the electronic contract data cross-domain access request.
In the step S3, the contract access main body sends an electronic contract data cross-domain access request to the blockchain network, and the blockchain network performs analysis and verification, including:
the contract access entity sends an electronic contract data cross-domain access request to the blockchain network, wherein the contract access entity is an electronic contract entity corresponding to a block of a non-electronic contract data provider in the blockchain network, the electronic contract data cross-domain access request comprises timestamp information, contract access entity ID information and access strategy information which are required to be constructed, and the electronic contract data cross-domain access request sent by the j-th electronic contract entity to the n-th electronic contract entity is:
Wherein:
representing an electronic contract data cross-domain access request sent by a jth electronic contract body to an nth electronic contract body;
Time j timestamp information representing a request for constructing cross-domain access to electronic contract data;
ID j representing the j-th electronic contract principal L j ID information of (3);
W j (X n ) Representing the j-th electronic contract principal L j For electronic contract data X n Access policy information of (1) including the j-th electronic contract body L j Num of (2) n Individual userAn attribute;
block chain network pairThe analysis and verification flow of (1) is as follows:
s31: block verification Time stamp information Time corresponding to nth bit electronic contract body j Whether or not it is legal, if it is Time j If the difference value between the current time stamp and the current time stamp is within a preset range, the current time stamp is legal;
and verifies contract access subject ID information ID j If it is legal, if the contract accesses the subject ID information ID j Legal if the block chain exists in the block chain network;
s32: block slave H corresponding to nth electronic contract body n The corresponding mapping address position is extracted to obtain an access strategy W n Mapping result H of (2) n
S33: calculate W j (X n )H n -W n I, if I W j (X n )H n -W n If the I is smaller than the preset access threshold, verifying the cross-domain access request through the electronic contract dataWherein I II representing the L1 norm.
S4: if the verification is passed, the blockchain generates a conversion key, the conversion key is used for converting the electronic contract data ciphertext to obtain a light ciphertext, and the encryption results of the conversion key, the light ciphertext and the symmetric key are sent to the contract access subject.
In the step S4, if the verification of the cross-domain access request of the electronic contract data is passed, the blockchain network converts the ciphertext of the electronic contract data by using the conversion key to obtain a light ciphertext, and sends the encryption results of the conversion key, the light ciphertext and the symmetric key to the contract access subject, including:
if the electronic contract data cross-domain access request passes verification, generating a conversion key by the blockchain network according to the electronic contract data cross-domain access request, and converting the electronic contract data ciphertext by using the conversion key to obtain a light ciphertext, wherein the generation of the conversion key and the light ciphertext conversion flow are as follows:
s41: cross-domain access request based on electronic contract dataGenerating a conversion key:
wherein:
cross-domain access request for electronic contract data generated for blockchain networks>Is used for the conversion key of the (a);
s42: the lightweight ciphertext generation formula based on the conversion key is:
wherein:
representation->A corresponding lightweight ciphertext;
representing electronic contract data X n Is a symmetric encryption result of (a);
s43: will transform the keyLight ciphertext->Encryption result C of symmetric key n Sent to contract Access principal L j
S5: the contract access main body decrypts the encryption result of the symmetric key to obtain the symmetric key, and decrypts the light ciphertext by using the symmetric key to obtain the electronic contract data.
In the step S5, the contract access main body decrypts the encryption result of the symmetric key to obtain the symmetric key, and decrypts the light ciphertext by using the symmetric key to obtain the electronic contract data, which comprises the following steps:
contract Access principal L j Encryption result C for symmetric key n And performing decryption processing, wherein a decryption formula is as follows:
wherein the decryption result is a symmetric key, and uses ID information and access policy information W j (X n ) Decrypting to obtain the system private key SK and using the conversion keyLight ciphertext->And a system public key PK for electronic contract data X n The symmetric encryption result of (2) is calculated:
decrypting the symmetric encryption result according to the symmetric key and the system private key SK to obtain electronic contract data X n Wherein the decryption formula is:
contract Access principal receives electronic contract data X n Completing the electronic contract data X from the nth electronic contract principal to the contract access principal n And adding the electronic contract data sharing record which completes the sharing process into the block corresponding to the nth electronic contract body.
Example 2:
fig. 2 is a schematic structural diagram of an electronic device for implementing a method for securely sharing electronic contract data according to an embodiment of the present invention.
The electronic device 1 may comprise a processor 10, a memory 11, a communication interface 13 and a bus, and may further comprise a computer program, such as program 12, stored in the memory 11 and executable on the processor 10.
The memory 11 includes at least one type of readable storage medium, including flash memory, a mobile hard disk, a multimedia card, a card memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, etc. The memory 11 may in some embodiments be an internal storage unit of the electronic device 1, such as a removable hard disk of the electronic device 1. The memory 11 may in other embodiments also be an external storage device of the electronic device 1, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like, which are provided on the electronic device 1. Further, the memory 11 may also include both an internal storage unit and an external storage device of the electronic device 1. The memory 11 may be used not only for storing application software installed in the electronic device 1 and various types of data, such as codes of the program 12, but also for temporarily storing data that has been output or is to be output.
The processor 10 may be comprised of integrated circuits in some embodiments, for example, a single packaged integrated circuit, or may be comprised of multiple integrated circuits packaged with the same or different functions, including one or more central processing units (Central Processing unit, CPU), microprocessors, digital processing chips, graphics processors, combinations of various control chips, and the like. The processor 10 is a Control Unit (Control Unit) of the electronic device, connects respective parts of the entire electronic device using various interfaces and lines, executes or executes programs or modules (a program 12 for realizing secure sharing of electronic contract data, etc.) stored in the memory 11, and invokes data stored in the memory 11 to perform various functions of the electronic device 1 and process data.
The communication interface 13 may comprise a wired interface and/or a wireless interface (e.g. WI-FI interface, bluetooth interface, etc.), typically used to establish a communication connection between the electronic device 1 and other electronic devices and to enable connection communication between internal components of the electronic device.
The bus may be a peripheral component interconnect standard (peripheral component interconnect, PCI) bus or an extended industry standard architecture (extended industry standard architecture, EISA) bus, among others. The bus may be classified as an address bus, a data bus, a control bus, etc. The bus is arranged to enable a connection communication between the memory 11 and at least one processor 10 etc.
Fig. 2 shows only an electronic device with components, it being understood by a person skilled in the art that the structure shown in fig. 2 does not constitute a limitation of the electronic device 1, and may comprise fewer or more components than shown, or may combine certain components, or may be arranged in different components.
For example, although not shown, the electronic device 1 may further include a power source (such as a battery) for supplying power to each component, and preferably, the power source may be logically connected to the at least one processor 10 through a power management device, so that functions of charge management, discharge management, power consumption management, and the like are implemented through the power management device. The power supply may also include one or more of any of a direct current or alternating current power supply, recharging device, power failure detection circuit, power converter or inverter, power status indicator, etc. The electronic device 1 may further include various sensors, bluetooth modules, wi-Fi modules, etc., which will not be described herein.
The electronic device 1 may optionally further comprise a user interface, which may be a Display, an input unit, such as a Keyboard (Keyboard), or a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch, or the like. The display may also be referred to as a display screen or display unit, as appropriate, for displaying information processed in the electronic device 1 and for displaying a visual user interface.
It should be understood that the embodiments described are for illustrative purposes only and are not limited to this configuration in the scope of the patent application.
The program 12 stored in the memory 11 of the electronic device 1 is a combination of instructions that, when executed in the processor 10, may implement:
initializing a public and private key pair of a blockchain network and a system to generate a symmetric key of each electronic contract main body;
the electronic contract main body uses the symmetric key to carry out symmetric encryption on the electronic contract data to obtain an electronic contract data ciphertext, establishes an access strategy, uses an encryption algorithm to encrypt the symmetric key, uses an attribute bloom filter to hide the mapping in the access strategy, and uploads the electronic contract information to a blockchain;
the contract access body sends an electronic contract data cross-domain access request to the blockchain network, and the blockchain network analyzes and verifies the electronic contract data cross-domain access request;
if the verification is passed, generating a conversion key by the blockchain, converting the electronic contract data ciphertext by using the conversion key to obtain a light ciphertext, and transmitting encryption results of the conversion key, the light ciphertext and the symmetric key to a contract access subject;
the contract access main body decrypts the encryption result of the symmetric key to obtain the symmetric key, and decrypts the light ciphertext by using the symmetric key to obtain the electronic contract data.
Specifically, the specific implementation method of the above instruction by the processor 10 may refer to descriptions of related steps in the corresponding embodiments of fig. 1 to 2, which are not repeated herein.
It should be noted that, the foregoing reference numerals of the embodiments of the present invention are merely for describing the embodiments, and do not represent the advantages and disadvantages of the embodiments. And the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, apparatus, article, or method. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, apparatus, article or method that comprises the element.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) as described above, comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method according to the embodiments of the present invention.
The foregoing description is only of the preferred embodiments of the present invention, and is not intended to limit the scope of the invention, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein or in the alternative, which may be employed directly or indirectly in other related arts.

Claims (8)

1. A method for securely sharing electronic contract data, the method comprising:
s1: initializing a public and private key pair of a blockchain network and a system to generate a symmetric key of each electronic contract main body;
s2: the electronic contract main body uses the symmetric key to carry out symmetric encryption on the electronic contract data to obtain an electronic contract data ciphertext, establishes an access strategy, uses an encryption algorithm to encrypt the symmetric key, uses an attribute bloom filter to hide the mapping in the access strategy, and uploads the electronic contract information to a blockchain;
s3: the contract access body sends an electronic contract data cross-domain access request to the blockchain network, and the blockchain network analyzes and verifies the electronic contract data cross-domain access request;
s4: if the verification is passed, generating a conversion key by the blockchain, converting the electronic contract data ciphertext by using the conversion key to obtain a light ciphertext, and transmitting encryption results of the conversion key, the light ciphertext and the symmetric key to a contract access subject;
S5: the contract access main body decrypts the encryption result of the symmetric key to obtain the symmetric key, and decrypts the light ciphertext by using the symmetric key to obtain the electronic contract data.
2. The method for securely sharing electronic contract data according to claim 1, wherein initializing a blockchain network and a system public-private key pair in the step S1 includes:
initializing a blockchain network, wherein the blockchain network is provided with N blocks corresponding to N electronic contract bodies, each block comprises a block head and a block body, the block head comprises ID information of the electronic contract body corresponding to the block, timestamp information generated by the block and a hash value of the previous block, the block body is used for storing shared records of electronic contract data generated by the corresponding electronic contract body, and the N blocks are linked according to the timestamp information generated by the block in the block head to form the blockchain network;
the electronic contract main body is a provider of electronic contract data, and the corresponding relation between the electronic contract main body and the electronic contract data is as follows:
{(L n ,X n )|n∈[1,N]}
wherein:
L n represents the nth electronic contract body, X n Representing an electronic contract principal L n The electronic contract data provided;
initializing and generating a system public and private key pair, wherein the generation flow of the system public and private key pair is as follows:
S11: generating prime number p, constructing finite field G with length p p Wherein the finite field G p Has a set Z therein p
Z p ={0,1,...,p-1}
S12: based on the generated finite field, an elliptic curve E (G p ):
Wherein:
mod represents modulo notation;
e, g is a parameter of an elliptic curve;
≡denotes congruence symbols;
(x, y) represents an elliptic curve E (G) p ) In (x, y) ∈ (G) p ) 2 Representing x ε Z p ,y∈Z p
S13: determining prime number q, where parameter q<p, in elliptic curve E (G p ) Selecting Q coordinate points to form a cyclic multiplication group Q, and selecting the cyclic multiplication groups Q and Q 0 Coordinate point Q of the same abelian group 0 As generator of cyclic multiplication group Q;
s14: randomly selecting a epsilon Z p Generating a system public-private key pair:
PK=Q 0 [Q 0 ×Q 0 ] a
SK=(Q 0 ) a
wherein:
PK represents the system public key, SK represents the system private key.
3. The method for securely sharing electronic contract data according to claim 1, wherein the step of generating a symmetric key for each electronic contract body in the step S1 includes:
generating a symmetric key of an electronic contract main body corresponding to each block in the blockchain network according to the generated public and private key pair of the system, wherein the symmetric key generation flow of the n-th electronic contract main body is as follows:
generating two different large primes p n, q n And calculate t n =(p n -1)(q n -1) traversing to obtain p n -1,q n Least common multiple lambda between-1 n Generating a symmetric key of the nth bit electronic contract body:
pk n =(e n ,SK)
sk n =(d n ,SK)
said e n ,d n Satisfies the following formula:
gcd(e n ,λ n )=1
e n d n mod t n =1
wherein:
(pk n ,sk n ) Symmetric key, pk, representing the body of an nth electronic contract n Represents the public key, sk, in the symmetric key n Representing a private key in the symmetric key;
gcd (·) represents calculating the greatest common divisor;
mod represents modulo;
e n ,d n representing a symmetric key (pk) n ,sk n ) Key parameters in the generation process.
4. The method for securely sharing electronic contract data according to claim 3, wherein in the step S2, the electronic contract body symmetrically encrypts the electronic contract data using the symmetric key to obtain the electronic contract data ciphertext, and the making of the access policy includes:
the electronic contract main body uses the symmetric key to carry out symmetric encryption on the electronic contract data to obtain the ciphertext of the electronic contract data, and establishes an access strategy, wherein the formula of the n-th electronic contract main body for carrying out symmetric encryption on the electronic contract data by using the symmetric key is as follows:
wherein:
representing electronic contract data X n Is a symmetric encryption result of (a);
an electronic contract principal formulates an access policy for the generated electronic contract data, wherein the nth electronic contract principal applies a policy to the electronic contract data X n The formulated access policy is in the form of:
W n =(w n (1),w n (2),...,w n (num n ))
wherein:
W n representing n-th electronic contract subject versus electronic contract data X n The formulated access strategy;
w n (num n ) Representing the num of users of the same access subject in the access policy n Access requirements for individual user attributes;
establishing an access policy W based on a cyclic multiplication group Q n Is mapped to:
H n =(H n (1),H n (2),...,H n (num n ))
H n (num n )=h 0 (w n (num n ),R n )
R n =h 1 (r n )
h 0 :{0,1} * ×Q→{0,1} q
h 1 :{0,1} * →{0,1} q×q
wherein:
h 0 ,h 1 represents a hash function, x Q represents any coordinate point in the cyclic multiplication group Q, {0,1} * Bit string of arbitrary length, representing input hash function, → {0,1} q Representing a bit string mapped to a length q;
r n ∈Z p ,R n as an access policy W n Is a secret value of (a);
H n representing an access policy W n Mapping results of (2);
H n (num n ) Representing w n (num n ) Is provided.
5. The method for securely sharing electronic contract data according to claim 4, wherein said step S2 of encrypting the symmetric key using an encryption algorithm, hiding the mapping in the access policy using an attribute bloom filter, uploading the electronic contract information to the blockchain, includes:
encrypting the symmetric key generated by the electronic contract body by using an encryption algorithm, and hiding the mapping in the access strategy by using an attribute bloom filter, wherein the symmetric key encryption and access strategy mapping hiding flow of the nth electronic contract body is as follows:
S21: generating a shared secret value s for an nth electronic contract body n
s n =h 2 (R n ,pk n ,sk n )
h 2 :{0,1} * →{0,1} q
Wherein:
h 2 representing a hash function;
s22: according to the access policy W n Secret value of (1) and symmetric key (pk) n ,sk n ) Generating a ciphertext result corresponding to the shared secret value:
wherein:
representing element-by-element additions;
C n representing a shared secret value s n Corresponding ciphertext result, and C n As a symmetric key encryption result of the nth electronic contract body;
s23: building an attribute bloom filter, utilizing num n Individual hash function pair access policy W n Mapping result H of (2) n Address mapping is carried out to obtain H n Mapping address of access requirement of any user attribute in the database, and carrying out mapping result H according to the mapping address n Wherein H is n (num n ) Is LOC n (num n );
And uploading the electronic contract information to a corresponding block of the blockchain network, wherein the electronic contract information comprises a shared secret value, a ciphertext result corresponding to the shared secret value, a symmetric encryption result of the electronic contract data, a mapping result of the access strategy and a mapping address.
6. The method for securely sharing electronic contract data according to claim 1, wherein in the step S3, the contract access subject sends an electronic contract data cross-domain access request to the blockchain network, and the blockchain network performs parsing verification, including:
The contract access entity sends an electronic contract data cross-domain access request to the blockchain network, wherein the contract access entity is an electronic contract entity corresponding to a block of a non-electronic contract data provider in the blockchain network, the electronic contract data cross-domain access request comprises timestamp information, contract access entity ID information and access strategy information which are required to be constructed, and the electronic contract data cross-domain access request sent by the j-th electronic contract entity to the n-th electronic contract entity is:
wherein:
requestL j (L n ) Representing an electronic contract data cross-domain access request sent by a jth electronic contract body to an nth electronic contract body;
Time j timestamp information representing a request for constructing cross-domain access to electronic contract data;
ID j representing the j-th electronic contract principal L j ID information of (3);
W j (X n ) Representing the j-th electronic contract principal L j For electronic contract data X n Access policy information of (1) including the j-th electronic contract body L j Num of (2) n Individual user attributes;
blockchain network pair requestL j (L n ) The analysis and verification flow of (1) is as follows:
s31: block verification Time stamp information Time corresponding to nth bit electronic contract body j Whether or not it is legal, if it is Time j If the difference value between the current time stamp and the current time stamp is within a preset range, the current time stamp is legal;
and verifies contract access subject ID information ID j If it is legal, if the contract accesses the subject ID information ID j Legal if the block chain exists in the block chain network;
s32: block slave H corresponding to nth electronic contract body n The corresponding mapping address position is extracted to obtain an access strategy W n Mapping result H of (2) n
S33: calculate W j (X n )H n -W n I, if I W j (X n )H n -W n If the I is smaller than the preset access threshold, verifying the cross-domain access request through the electronic contract dataWhere L represents the L1 norm.
7. The method for securely sharing electronic contract data according to claim 6, wherein if the electronic contract data cross-domain access request passes the verification in the step S4, the blockchain network converts the electronic contract data ciphertext with the conversion key to obtain a light ciphertext, and sends the encryption results of the conversion key, the light ciphertext and the symmetric key to the contract access subject, comprising:
if the electronic contract data cross-domain access request passes verification, generating a conversion key by the blockchain network according to the electronic contract data cross-domain access request, and converting the electronic contract data ciphertext by using the conversion key to obtain a light ciphertext, wherein the generation of the conversion key and the light ciphertext conversion flow are as follows:
s41: cross-domain access request based on electronic contract data Generating a conversion key:
wherein:
cross-domain access request for electronic contract data generated for blockchain networks>Is used for the conversion key of the (a);
s42: the lightweight ciphertext generation formula based on the conversion key is:
wherein:
representation->A corresponding lightweight ciphertext;
representing electronic contract data X n Is a symmetric encryption result of (a);
s43: will transform the keyLight ciphertext->Encryption result C of symmetric key n Sent to contract Access principal L j
8. The method for securely sharing electronic contract data according to claim 7, wherein the step S5 of decrypting the encrypted result of the symmetric key by the contract access subject to obtain the symmetric key and decrypting the lightweight ciphertext using the symmetric key to obtain the electronic contract data includes:
contract Access principal L j Encryption result C for symmetric key n And performing decryption processing, wherein a decryption formula is as follows:
wherein the decryption result is a symmetric key, and uses ID information and access policy information W j (X n ) Decrypting to obtain the system private key SK and using the conversion keyLight ciphertext->And a system public key PK for electronic contract data X n The symmetric encryption result of (2) is calculated:
decrypting the symmetric encryption result according to the symmetric key and the system private key SK to obtain electronic contract data X n Wherein the decryption formula is:
contract Access principal receives electronic contract data X n And adding the electronic contract data sharing record which completes the sharing processing into the block corresponding to the nth electronic contract body.
CN202311421538.5A 2023-10-30 2023-10-30 Electronic contract data secure sharing method Pending CN117499092A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311421538.5A CN117499092A (en) 2023-10-30 2023-10-30 Electronic contract data secure sharing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311421538.5A CN117499092A (en) 2023-10-30 2023-10-30 Electronic contract data secure sharing method

Publications (1)

Publication Number Publication Date
CN117499092A true CN117499092A (en) 2024-02-02

Family

ID=89684030

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311421538.5A Pending CN117499092A (en) 2023-10-30 2023-10-30 Electronic contract data secure sharing method

Country Status (1)

Country Link
CN (1) CN117499092A (en)

Similar Documents

Publication Publication Date Title
Hao et al. A multiple-replica remote data possession checking protocol with public verifiability
Yang et al. Provable data possession of resource-constrained mobile devices in cloud computing
US8185476B2 (en) Digital rights management system protecting consumer privacy
Wang et al. Certificateless public auditing for data integrity in the cloud
CN103490901B (en) Key based on combination key system generates and distribution method
KR101575030B1 (en) Method of multi-signature generation for shared data in the cloud
CN109034796B (en) Alliance chain-based transaction supervision method, electronic device and readable storage medium
US20160127128A1 (en) Management of cryptographic keys
US7000110B1 (en) One-way function generation method, one-way function value generation device, proving device, authentication method, and authentication device
US11979492B2 (en) Computer-implemented system and method for distributing shares of digitally signed data
EP3395031B1 (en) Method for providing a proof of retrievability
CN113420049B (en) Data circulation method, device, electronic equipment and storage medium
CN114760114B (en) Identity authentication method, device, equipment and medium
CN104012036A (en) Combined digital certificate
CN113221184A (en) Internet of things system and device based on block chain network
CN114239078A (en) Power grid data auditing method and device, power grid system and storage medium
US11956370B2 (en) Method and system for digital signatures utilizing multiplicative semigroups
CN110784300A (en) Secret key synthesis method based on multiplication homomorphic encryption
CN114257366A (en) Information homomorphic processing method, device, equipment and computer readable storage medium
CN116866333A (en) Method and device for transmitting encrypted file, electronic equipment and storage medium
CN116318784B (en) Identity authentication method, identity authentication device, computer equipment and storage medium
Kasunde et al. Verification of multi-owner shared data with collusion resistant user revocation in cloud
KR102070061B1 (en) Batch verification method and apparatus thereof
JP2012194489A (en) Shared information management system, shared information management method and shared information management program
CN104486311A (en) Extensibility-supporting remote data integrity check method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination