CN117828673A - Block chain-based data circulation and privacy protection method and device - Google Patents
Block chain-based data circulation and privacy protection method and device Download PDFInfo
- Publication number
- CN117828673A CN117828673A CN202410248828.2A CN202410248828A CN117828673A CN 117828673 A CN117828673 A CN 117828673A CN 202410248828 A CN202410248828 A CN 202410248828A CN 117828673 A CN117828673 A CN 117828673A
- Authority
- CN
- China
- Prior art keywords
- data
- ciphertext
- file
- key
- data user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 58
- 238000004422 calculation algorithm Methods 0.000 claims description 28
- 230000006870 function Effects 0.000 claims description 20
- 238000004590 computer program Methods 0.000 claims description 16
- 239000011159 matrix material Substances 0.000 claims description 11
- 238000003860 storage Methods 0.000 claims description 10
- 238000004364 calculation method Methods 0.000 claims description 8
- 238000013475 authorization Methods 0.000 claims description 7
- 125000004122 cyclic group Chemical group 0.000 claims description 7
- 238000005516 engineering process Methods 0.000 description 18
- 238000012360 testing method Methods 0.000 description 17
- 230000008569 process Effects 0.000 description 8
- 238000000605 extraction Methods 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- 238000007792 addition Methods 0.000 description 3
- 230000003416 augmentation Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012790 confirmation Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000009826 distribution Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 230000009466 transformation Effects 0.000 description 2
- 238000012550 audit Methods 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000005304 joining Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides a data circulation and privacy protection method and device based on a block chain, wherein the method comprises the following steps: determining system public parameters, system master keys and partial keys of data users; calculating an asymmetric key of the data user; acquiring file data and file keywords, calculating file data ciphertext and keyword index ciphertext, and determining access rights and index correspondence between file name ciphertext and keyword index ciphertext; generating a search trapdoor based on the search strategy; determining a keyword index ciphertext matched with the search trapdoor, determining a file data ciphertext corresponding to the search trapdoor based on an index corresponding relation, verifying the access authority of a data user, and transmitting the file data ciphertext corresponding to the search trapdoor to the data user; and carrying out asymmetric encryption on the symmetric key based on the asymmetric public key of the data user to obtain a symmetric key ciphertext, so that the data user decrypts the file data ciphertext based on the symmetric key. The invention can improve the authenticity and the integrity of data circulation.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method and apparatus for protecting data circulation and privacy based on blockchain.
Background
With the advent of the big data age, the dominant and recessive value of the explosively growing data is continuously enhanced. However, the data circulation sharing process may suffer from the problems of data right confirmation, data privacy disclosure, difficulty in data asset formation, unreliable data circulation process and the like. The data is taken as a production element, and the safe and efficient circulation of the data is critical to the development of digital transformation. Under the background, how to realize the efficient circulation and safe sharing of data elements in the multisource heterogeneous big data age, promote the development of digital transformation and maximize the value of mining data, and receive the wide attention of scientific research, enterprises and industries and countries.
In a data flow sharing scenario, the limited computing power and storage space of the local device makes it difficult to efficiently analyze and process data, which is typically uploaded to the cloud storage computing by the data owner. The cloud terminal gathers massive computing storage resources, and a data user with limited resources can flexibly request extensible data computing and hosting services from the cloud terminal. The powerful service capabilities have led to cloud computing being widely studied and applied by academia and industry for the last decade; however, security threats such as tampering, theft, impersonation, etc. existing in the cloud computing-based data flow sharing environment may cause economic loss and privacy disclosure for manufacturing enterprises and individual users. To ensure security of private data distribution, a data owner generally encrypts private data using a cryptographic algorithm and uploads ciphertext data to a cloud server, but the ciphertext form of the data makes retrieval of the data difficult.
The searchable encryption technology can realize data encryption and ciphertext retrieval at the same time, and the security and flexibility of data sharing are obviously improved. According to whether the generated search trapdoor is the same as the key of the key index ciphertext, the ciphertext retrieval scheme is divided into a ciphertext retrieval scheme under a public key cryptosystem and a ciphertext retrieval scheme under a symmetric cryptosystem; the ciphertext retrieval technology based on symmetric cryptography requires a communication party to negotiate a secret key in advance, and the public key ciphertext retrieval technology does not need to negotiate the secret key, so that the method is more suitable for a multi-user and multi-task data circulation sharing scene. For example, boneh et al construct a public key ciphertext retrieval scheme in an email transmission scenario, and an email sender Bob generates an email ciphertext and a keyword index ciphertext using the public key of an email receiver Alice and transmits ciphertext data to an email server; when Alice searches ciphertext containing a certain keyword, alice generates and sends a search trapdoor to a cloud server; the cloud server verifies whether the keyword index ciphertext and the search trapdoor match.
Although the existing searchable encryption technology improves the privacy and the high efficiency in the data circulation process to a certain extent, the problems of the authenticity and the integrity of circulation data, the compliance verification of the data in the right confirmation and circulation process and the like are not solved well, so that the data circulation sharing has a large security risk, and the trust degree of the data circulation is reduced. Therefore, how to improve the authenticity and integrity of data circulation, so as to improve the trust of data circulation is a technical problem to be solved.
Disclosure of Invention
In view of the foregoing, embodiments of the present invention provide a method and apparatus for blocking-chain-based data distribution and privacy protection, which obviate or mitigate one or more disadvantages in the prior art.
One aspect of the present invention provides a blockchain-based data circulation and privacy protection method, comprising the steps of:
determining a system public parameter and a system master key, and determining a partial key of the data user based on the system public parameter and the system master key;
calculating an asymmetric key of the data user through a key generation algorithm based on the partial key of the data user;
acquiring file data and file keywords of a privacy file, wherein a data owner carries out symmetric encryption on the file data based on a symmetric encryption algorithm to obtain file data ciphertext, the file data ciphertext comprises file name ciphertext and file content ciphertext, a keyword index ciphertext of the file keywords is calculated, access rights of the privacy file and index correspondence between the file name ciphertext and the keyword index ciphertext are determined, the file data ciphertext, the keyword index ciphertext and the access rights are transmitted to a cloud server, and the index correspondence between the file name ciphertext and the keyword index ciphertext is stored to a block chain;
Acquiring a search strategy of the data user, and generating a search trapdoor based on the search strategy;
determining a keyword index ciphertext matched with the search trapdoor, determining a file data ciphertext corresponding to the search trapdoor based on an index corresponding relation between the file name ciphertext and the keyword index ciphertext, verifying the access right of the data user, and transmitting the file data ciphertext corresponding to the search trapdoor to the data user when the access right exists;
and the data owner performs asymmetric encryption on the symmetric key based on the asymmetric public key of the data user to obtain a symmetric key ciphertext, so that the data user decrypts the symmetric key ciphertext based on the asymmetric private key to obtain a symmetric key, and decrypts the file data ciphertext based on the symmetric key.
In some embodiments of the present invention, calculating a key index ciphertext of the file key includes:
determining a privacy file added into circulation sharing at the previous time, calculating a first hash value corresponding to the privacy file added into circulation sharing at the previous time through a hash function, and calculating a second hash value corresponding to the privacy file added into circulation sharing at the current time through the hash function based on the first hash value;
And calculating a keyword index ciphertext of the file keyword based on the second hash value.
In some embodiments of the present invention, determining a system public parameter and a system master key, determining a partial key of a data user based on the system public parameter and the system master key, comprises:
determining a cyclic group and a generator of the cyclic group;
determining ID information of a data user;
establishing a collision hash function;
based on S u =g/(s+H 1 (ID u ) Calculating a partial key of the data user; wherein g represents a generator, s represents a system master key, H 1 (ID u ) Representing the hash calculation of the ID of the data user.
In some embodiments of the present invention, the asymmetric key calculation formula of the data user is:
;
;
SK u PK as private key u For public key, g represents generator, H 1 (SK u ) Representing hash computation of a private key of a data user, H 1 (ID u ) Representing hash computation of the ID of the data user, s representing the system master key, a u In the positive integer finite fieldIs selected at random.
In some embodiments of the invention, the search strategy isN represents l o X k matrix, l o Representing the number of keywords searched, k representing the number of columns of the matrix N, pi being a function, the function pi being used to map the rows of the matrix N to generic keyword names, < > >The key value corresponding to the key name.
In some embodiments of the present invention, obtaining a search policy for the data user, generating a search trapdoor based on the search policy, comprises:
acquiring a search strategy of the data user;
generating a first partial search trapdoor based on the search strategy;
a second partial search trapdoor is generated based on the asymmetric private key of the data user.
In some embodiments of the invention, verifying the access rights of the data user comprises:
verifying whether the number of the same elements in the authorization information of the data user and the access authority information of the privacy file is not less than an access threshold, and if not, enabling the data user to have access authority.
Another aspect of the invention provides a blockchain-based data circulation and privacy protection system comprising a processor, a memory and a computer program stored on the memory, the processor being for executing the computer program, the system implementing the steps of the method as described in any of the embodiments above when the computer program is executed.
Another aspect of the invention also provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the method of any of the embodiments described above.
Another aspect of the invention also provides a computer program product comprising a computer program which, when executed by a processor, implements the steps of the method according to any of the embodiments above.
The data circulation and privacy protection method and device based on the blockchain can realize privacy data encryption and ciphertext data retrieval simultaneously based on the searchable encryption technology; the block chain technology is introduced, so that the authenticity and the integrity of the ciphertext retrieval result file are ensured, and the trust degree of data circulation is improved.
In addition, the method constructs the block chain data index structure with the index pointer, and improves the query efficiency of the block chain data. In addition, the key index secret is embedded with a one-way hash chain value, and a data user signs a search trapdoor by using a private key, so that the forward security of ciphertext retrieval is ensured.
Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention. The objectives and other advantages of the invention may be realized and attained by the structure particularly pointed out in the written description and drawings.
It will be appreciated by those skilled in the art that the objects and advantages that can be achieved with the present invention are not limited to the above-described specific ones, and that the above and other objects that can be achieved with the present invention will be more clearly understood from the following detailed description.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate and together with the description serve to explain the invention. In the drawings:
fig. 1 is a flowchart illustrating a blockchain-based data streaming and privacy protection method according to an embodiment of the present invention.
Fig. 2 is a flowchart illustrating a block chain based data streaming and privacy protection method according to another embodiment of the present invention.
FIG. 3 is a block chain data index structure according to one embodiment of the present invention.
FIG. 4 is a timing diagram illustrating a block chain based data streaming and privacy preserving method according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the following embodiments and the accompanying drawings, in order to make the objects, technical solutions and advantages of the present invention more apparent. The exemplary embodiments of the present invention and the descriptions thereof are used herein to explain the present invention, but are not intended to limit the invention.
It should be noted here that, in order to avoid obscuring the present invention due to unnecessary details, only structures and/or processing steps closely related to the solution according to the present invention are shown in the drawings, while other details not greatly related to the present invention are omitted.
It should be emphasized that the term "comprises/comprising" when used herein is taken to specify the presence of stated features, elements, steps or components, but does not preclude the presence or addition of one or more other features, elements, steps or components.
It is also noted herein that the term "coupled" may refer to not only a direct connection, but also an indirect connection in which an intermediate is present, unless otherwise specified.
In the searching encryption technology of the prior art, in the public key ciphertext searching scheme, a semi-trusted cloud server can honest execute a protocol but possibly steal private data and destroy the correct execution of the protocol; in addition, the cloud server may only return a part of the search results to the data user, and verifying the authenticity and integrity of the search results is an important problem to be considered in constructing the public key ciphertext retrieval scheme. Based on a series of problems existing in the searchable encryption technology in the prior art, the application provides a data circulation and privacy protection method and device based on a blockchain, and the blockchain technology and the searchable encryption technology are fused, so that the technical barriers in the traditional data circulation sharing and privacy protection research can be effectively solved, the trust degree of the data circulation is improved, the digitizing process of various industries is promoted, and the data asset is promoted.
The block chain technology integrates the computer technologies such as a cryptographic algorithm, a consensus mechanism, point-to-point transmission, intelligent contracts and the like, and has the advantages of decentralization, high transparency, non-falsification and the like; as a distributed self-organizing trusted computing technology, the blockchain can record data in a full life cycle, and the problem of data attribution right is solved from the source in a supervision and audit mode. In recent years, blockchain technology has been widely used in the fields of digital money, internet of things, smart grids, and the like. However, blockchain networks have insufficient processing power for on-chain data, on-chain computation is easily limited by network consensus performance and on-chain transactions are difficult to achieve real-time and high efficiency; therefore, when using the blockchain to store data, the original data is subjected to sorting optimization, and a link-up and link-down cooperative mechanism is established. In addition, the blockchain can record and confirm the authenticity of the identity of the data provider, prevent the data from being tampered maliciously, and realize the authenticity and integrity verification of the data.
Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings. In the drawings, the same reference numerals represent the same or similar components, or the same or similar steps.
Fig. 1 is a flowchart of a blockchain-based data circulation and privacy protection method according to an embodiment of the invention, as shown in fig. 1, the method at least includes steps S10 to S60.
Step S10: a system public parameter and a system master key are determined, and a partial key of the data user is determined based on the system public parameter and the system master key.
Step S20: and calculating an asymmetric key of the data user through a key generation algorithm based on the partial key of the data user.
Step S30: the method comprises the steps that file data and file keywords of a privacy file are obtained, a data owner carries out symmetric encryption on the file data based on a symmetric encryption algorithm to obtain file data ciphertext, the file data ciphertext comprises file name ciphertext and file content ciphertext, keyword index ciphertext of the file keywords is calculated, access permission of the privacy file and index correspondence between the file name ciphertext and the keyword index ciphertext are determined, the file data ciphertext, the keyword index ciphertext and the access permission are transmitted to a cloud server, and the index correspondence between the file name ciphertext and the keyword index ciphertext is stored to a block chain.
Step S40: and acquiring a search strategy of the data user, and generating a search trapdoor based on the search strategy.
Step S50: and determining a keyword index ciphertext matched with the search trapdoor, determining a file data ciphertext corresponding to the search trapdoor based on an index corresponding relation between the file name ciphertext and the keyword index ciphertext, verifying the access right of the data user, and transmitting the file data ciphertext corresponding to the search trapdoor to the data user when the access right exists.
Step S60: and the data owner performs asymmetric encryption on the symmetric key based on the asymmetric public key of the data user to obtain a symmetric key ciphertext, the data user performs decryption on the symmetric key ciphertext based on the asymmetric private key to obtain a symmetric key, and the data ciphertext of the file is decrypted based on the symmetric key.
Specifically, referring to fig. 2, the roles mainly related to the method and the apparatus in the present application include: data owners, data users, key generation centers, cloud servers, and blockchains, exemplary tasks each role assumes are as follows:
data owner: encrypting the privacy file data and the file keyword index, generating a file data ciphertext and a keyword index ciphertext, and storing the file data ciphertext and the keyword index ciphertext in the cloud server. Defining and uploading access rights of the data user to the ciphertext file to the cloud server, and storing a related index structure (index corresponding relation) of the uploading file name ciphertext and the keyword index ciphertext on the blockchain. In addition, the data owner can dynamically increase the shared privacy file, and in order to ensure the forward security of the increased ciphertext file retrieval, the data owner embeds a new hash chain value in the keyword index key of the increased privacy file. In addition, when the data user with the file access authority requests to acquire the symmetric key, the data owner sends the encrypted symmetric key to the data user.
Data user: after receiving a part of the secret key sent by the secret key generation center, generating an asymmetric secret key of the secret key generation center; the multi-keyword search strategy capable of being extracted and combined in a self-defined mode is used for sending a search trapdoor to the cloud server; after receiving the search result meeting the search strategy sent by the cloud server, the symmetric key ciphertext sent by the data owner and the file name ciphertext sent by the blockchain, the data user can decrypt the search result ciphertext file by using the asymmetric private key of the data user and verify the authenticity and the integrity of the file contained in the search result returned by the cloud server.
Key generation center: running a system initialization algorithm to generate system public parameters and partial keys of data users; after receiving the search strategy sent by the data user, the authorization center calculates part of the search trapdoor and sends part of the search trapdoor to the cloud server.
Cloud server: after receiving the file data ciphertext, the keyword index ciphertext and the search trapdoor, the semi-trusted cloud server can execute a keyword matching test algorithm, verify the ciphertext file access authority of the data user and return a search matching result file to the data user. In addition, the semi-trusted cloud server may return a portion of the search result file or a false search result file to the data user, or may perform keyword matching calculations before receiving a search notch sent by the data user.
Blockchain: after the data owner sends the index correspondence between the file name ciphertext and the keyword index ciphertext to the blockchain network, the accounting node is responsible for collecting and packaging recently uploaded data and constructing a chain pointer structure of the keyword index ciphertext, and the accounting node can be any full node in the network. In addition, the accounting node records the occurrence number of each keyword, if the keywords which appear once appear repeatedly, the counting is increased on the original number, the block corresponding to the maximum occurrence number of each keyword is broadcasted, the block is the latest block containing the corresponding keywords in the block chain, and the position information of the latest block is recorded after the verification of other full nodes is passed. And the intelligent contract inquires all file name ciphertexts corresponding to the key words according to the chain pointer structure of the key word index, and sends the file name ciphertexts to the data user.
The step S10 is implemented based on the key generation center KGC, and in the step S10, the key generation center specifically may execute a system initialization algorithm to generate a system public parameter and a system master key. For example, if the input of the system initialization algorithm is the security parameter λ, the system initialization algorithm may obtain the system public parameters params= { g, u, w, H based on the received security parameter λ 1 ,H 2 ,H 3 ,H 4 ,G 1 ,G 2 ,q,e,PK 1 ,PK 2 ,PK 3 ,PK 4 ,PK 5 ,PK 6 }. In addition, the key generation center KGC may be selected randomlyAs a system master key, the key generation center then calculates a partial key S of the data user based on the selected system master key and g in the system public parameters u Wherein->Is a positive integer finite field.
In one embodiment, the key generation center may determine a system private key and a partial key S of the data owner in addition to the system public parameter, the system master key, and the partial key of the data user O The system initialization algorithm is (params, msk, S o ,S u, ) Set (λ). In this embodiment, the key generation center first defines the parameters { g, u, w, H, H } 1 ,H 2 ,H 3 ,H 4 ,G 1 ,G 2 Q, e, and randomly selected in a positive integer finite fieldAnd calculate,/>,/>,/>,/>,/>And calculates a partial private key S of the data user DU and the data owner DO, respectively u And S is o And respectively S u And S is o To the data user and the data owner. Finally, KGC discloses the system public parameter params= { g, u, w, H 1 ,H 2 ,H 3 ,H 4 ,G 1 ,G 2 ,q,e,PK 1 ,PK 2 ,PK 3 ,PK 4 ,PK 5 ,PK 6 And secret-hold msk= { s, α, β, t 1 , t 2 , t 3 , t 4 As a system private key.
For example, step S10 may include: determining a cyclic group and a generator of the cyclic group; determining ID information of a data user; establishing a collision hash function; based on S u =g/(s+H 1 (ID u ) Calculating a partial key of the data user; wherein g represents a generator, s represents a system master key, H 1 (ID u ) Representing collision hash computation of the ID of the data user.
Specifically, the key generation center first selects two cyclic groups G with the order q 1 、G 2 And bilinear mappingDefine the anti-collision hash function->、/>、/>Andwherein G is group G 1 Q is group G 1 Order of->Is a positive integer finite field. Then the key generation center randomly selects +>And calculate +.>,/>,/>,/>,And->. Further, the key generation center calculates S based on the randomly selected system master key S u And S is o ,S o =g/(s+H 1 (ID O )),S u =g/(s+H 1 (ID u ) Of which ID is equal to or greater than O And ID u Identity information respectively representing the data owner and the data user, and the key generation center will calculate the S u And S is o Respectively to the data user and the data owner. The final key generation center saves the system private key msk and discloses the system public parameter params.
In step S20, the data user calculates an asymmetric key (PK) by a key generation algorithm based on the partial key it received u ,SK u ). Since the partial key of the data user is generated by the key generation center, the asymmetric key of the data user can then be understood in particular as being generated jointly by both the key generation center and the data user. In other embodiments, the data owner may also generate an asymmetric key (PK) of the data owner through a key generation algorithm based on the partial key it receives o ,SK o ) Thus, the key generation algorithm in this embodiment can be defined as: (SK) o ,SK u ,PK o ,PK u )←KeyGen(params,S u ,S o ) The method comprises the steps of carrying out a first treatment on the surface of the That is, the key generation algorithm is the partial key of the data user and the partial key of the data owner, and outputs the partial keys as numbersAn asymmetric public private key of a user and a public private key of a data owner.
Generating asymmetric keys (PK) at data users u ,SK u ) When first in a positive integer finite fieldIs selected randomlyFurther calculate +.>And->The method comprises the steps of carrying out a first treatment on the surface of the After calculation of the asymmetric key (PK u ,SK u ) After that, DU secret stores own private key SK u And discloses its own public key PK u . Similarly, the data owner generates an asymmetric key (PK o ,SK o ) In the case of the first place, in the positive integer finite field +.>Is selected at random->Further calculateAnd->The method comprises the steps of carrying out a first treatment on the surface of the After calculation of the asymmetric key (PK o ,SK o ) After that, DO secrets its own private key SK o And discloses its own public key PK o 。
In the step S30, the data owner executes a symmetric encryption algorithm to encrypt the file data of the private file, and stores the file data ciphertext to the cloud server; and then the data owner also generates a keyword index ciphertext of the privacy file, determines the access right of the data user, and uploads the keyword index ciphertext and the access right of the privacy file to the cloud server. In addition to this, data congestion The owner also uploads the related index structure of the filename ciphertext and the key index ciphertext to the blockchain. Specifically, this step can be expressed as: (CT, C) W ,C id(f) ) The input of the data encryption algorithm is params, F, W, and the output is CT and C W 、C id(f) The method comprises the steps of carrying out a first treatment on the surface of the Wherein F represents file data, W represents file keyword index, CT represents file data ciphertext, C W Representing keyword index ciphertext, C id(f) The file name ciphertext representing the privacy file F.
In some embodiments, calculating the key index ciphertext of the file key may include: determining a privacy file added into circulation sharing at the previous time, calculating a first hash value corresponding to the privacy file added into circulation sharing at the previous time through a hash function, and calculating a second hash value corresponding to the privacy file added into circulation sharing at the current time through the hash function based on the first hash value; and calculating a keyword index ciphertext of the file keyword based on the second hash value.
In the above embodiment, the step S30 may be specifically implemented by the following method:
a: the data owner is in a positive integer finite fieldK is selected randomly as symmetric key, +.>Encryption of a private file data set f= { (F) using a symmetric encryption algorithm 1 ,id(f 1 )), (f 2 ,id(f 2 )),…, (f n ,id(f n ) -obtaining file data ciphertext->Wherein id (f i ) Representation file f i File name of C id(fi) Representation file f i File name ciphertext of C fi Representation file f i N represents the total number of privacy files, and finally, the data owner uploads a file data ciphertext CT to the cloud server, wherein the file data ciphertext CT comprisesFile name ciphertext C id(fi) And file content ciphertext C fi 。
B: keyword set w= { W for inputting privacy file 1 ,W 2 ,…,W l And the common parameter params, l represents the total number of keywords; the data owner DO is in a positive integer finite fieldIs selected at random->Calculate->,/>,/>,/>,/>,,/>,/>And->. Finally, DO uploads keyword index ciphertextTo the cloud server and sends F (X) to KGC.
C: and uploading the corresponding index relation between the keyword index ciphertext and the file name ciphertext to the blockchain by the data owner. In this step, each time a new data transaction is generated, the number of occurrences of each key in the block is recorded, and if there are repeated occurrences of the key that have been once present, the count is incremented on the original number. The block chain records the block position corresponding to the maximum occurrence number of each keyword, and the block is the latest block containing the corresponding keyword in the block chain. For example, fig. 3 is a schematic block chain data structure according to an embodiment of the present invention, in which a file name ciphertext corresponding to a key index ciphertext can be efficiently extracted from a block chain database based on the block chain data structure shown in fig. 3.
D: data owner generates authorization information DU for each legitimate user i * ={a x ,a y ,a z And upload to cloud server, where { a } x ,a y ,a z User attribute, DU, representing legal user i * Indicating authorization information for user i. DO generates access rights information for each ciphertext fileAnd upload to cloud server, wherein +.>Indicating that the file name ciphertext is C id(f) File attributes, X of ciphertext files i Indicating that the file name ciphertext is C id(f) Access threshold for ciphertext files. In addition, only the data owner DO can update the access rights of the data user to the file by adding and deleting the attributes of the user and the ciphertext file, and the cloud server can only read the file access rights information of the data user and cannot write the file access rights information.
In the above step S40, the data user search includes a keyword value ofWhen the data user and the key generation center execute a search trapdoor algorithm to generate a search trapdoor, the steps are expressed as:the input of the trapdoor algorithm is the system public parameterparams and search strategy B, +.>N represents l o X k matrix, l o Representing the number of keywords searched, k representing the number of columns of the matrix N, pi being a function which maps the rows of the matrix N to common keyword names, +. >For the key value corresponding to the key name, in this step, the search strategy includes extraction and conjunctions of the key. For example, in medical data circulation and privacy preserving scenarios, keyword +.>For "age 21 years," the data user maps the rows of matrix N to the generic key name "age" using the function pi.
In one embodiment, KGC is selected randomly in a positive integer finite fieldSum vector->Calculate->,/>,/>,/>,,/>,/>,/>Andwherein N is i Represents the ith row of matrix N and i E [1, l ]]UploadingTo cloud server and send T and T ˊ Giving the data user DU. Data user DU receives T and T ˊ Thereafter, private key SK is used u Calculate->And send +.>And giving the cloud server. In this embodiment, the search trapdoor includes a first partial search trapdoor and a second partial search trapdoor, and the key generation center generates a first partial search trapdoor T N The data user generates a second partial search trapdoor based on his own private key>Final search trapdoor->And uploading the KGC and the data user DU to the cloud server by the key generation center.
The step S50 may be specifically implemented based on a cloud server, that is, the cloud server executes a keyword matching test algorithm to perform a matching test of the keyword index ciphertext and the search trapdoor, and is specifically defined as: . In this step, the input of the keyword matching test algorithm is search trapdoor +.>Keyword index ciphertext C W And outputting a matching test result. In this step, the cloud server verifies the keyword matchWhether the test equation is satisfied; if the matching test equation is satisfied, the keyword index ciphertext satisfies the search strategy in the trapdoor, and the cloud server returns a matching test result +.>To a blockchain; if the matching test equation is not satisfied, the keyword index ciphertext does not satisfy the search strategy in the trapdoor, and the cloud server returns search failure information +.>To the data subscriber DU.
In one embodiment, to complete the matching test of the keyword index ciphertext and the search trapdoor, the cloud server is first in a positive integer finite fieldIn selection constant->The constant t i Satisfy->Then verify the equationWhether or not it is true, C 1 Is a constant; if so, the keyword index in the text satisfies the search strategy in trapdoor, and the cloud server sends a matching test result (ID u ,C W 1) to blockchain. Specifically, when the key index W i Satisfy search strategy in trapdoor->And when the method is used, the following steps are carried out:
。
further, if the above matching test equation is not satisfied, the keyword index in the representative secret does not satisfy the search policy in the search trapdoor, and the cloud server returns the search failure information To the data user DU and the cloud server refuses the request to search for the user.
After the keyword index ciphertext is successfully matched with the search trapdoor, the blockchain intelligent contract returns the file name ciphertext of the privacy file containing the searched keyword to the cloud server and the data user DU based on the blockchain data index structure shown in FIG. 3, and the cloud server verifies whether the data user has the access right of the corresponding privacy file according to the file name ciphertext and the corresponding access right information, and if so, the cloud server returns a search result to the data user DU. Specifically, the access right verification may be defined as:the method comprises the steps of carrying out a first treatment on the surface of the Which is input as identity information ID of the data user u Keyword index ciphertext C w Outputting the file name ciphertext and the file content ciphertext, namely receiving a matching test result uploaded by the cloud server by the block chain +.>Thereafter, the intelligent contract on the blockchain returns the key index ciphertext C based on the blockchain data index structure shown in FIG. 3 w Corresponding file name ciphertext->The cloud server and the identity information are ID u Is a data user of (a). The cloud server further finds the file data ciphertext based on the received file name ciphertext and verifies that the identity information is ID u Whether the data user has the authority to access the ciphertext file; exemplary, the authorization information of the data user is +. >The access right information of the ciphertext file is +.>The cloud server verifies the authorization information of the data user and the access of the ciphertext fileWhether the number of the same elements in the authority information is larger than or equal to an access threshold value in the access authority information of the ciphertext file; and when the access threshold value is not smaller than the access threshold value, the data user is indicated to have the authority to access the privacy file, the cloud server sends the file data ciphertext, and otherwise, the search request of the data user is refused.
In one embodiment, when searching trapdoors and keyword index ciphertext C w When matching, the intelligent contract finds the ciphertext C containing the key index w Further by traversing the key index ciphertext C in the latest block w Can quickly inquire the ciphertext C containing the key index w Is a file name ciphertext; smart contract return including keyword index ciphertext C w Ciphertext to the cloud server and data user DU. The cloud server verifies the file access authority of the data user DU; authorization information for data usersAnd File->Access rights information of (a)The number of elements in the intersection of (2) is greater than or equal to +.>Access threshold X of (2) i When the user has authority to access the file name ciphertext as +. >Ciphertext files of (a); otherwise, the cloud server refuses the data user DU to the ciphertext fileIs a search request for (a) to search for.
In step S60, the data owner and the data user interactively transmit a symmetric encryption key, and the data user decrypts the search result file using the symmetric key; in addition, the data user can also be based on symmetric encryptionThe key decrypts the file name ciphertext sent by the intelligent contract and verifies the authenticity and integrity of the search result returned by the cloud server. The data decryption algorithm specifically employed in this step can be expressed as: (f, id (f))Σdec (C) id(f) ,C f ,PK u Params). The input of the algorithm is a file name ciphertext set C of the search result id(f) File content secret document C f Public key PK of system public parameter params and data user DU u The output is a search result file set f and a file name set id (f).
Specifically, the data owner randomly selects in a positive integer finite fieldAnd calculating +.>,/>,/>DO Transmission->To DUs. DU decrypts θ with its own private key ˊ Get θ, calculate +.>. Then, DU calculates f=dec using symmetric key k k (C f ) And id (f) =dec k (C id(f) ) Obtaining a search result file set f and a file name set id (f) returned by the intelligent contract; in addition, by verifying whether the file name set id (f) returned by the intelligent contract is the same as the file name of the search result file set f returned by the cloud server, the data user can judge the authenticity and the integrity of the search result file.
Additionally, since in some embodiments the data owner enables dynamic augmentation of the private file data by executing a file augmentation algorithm, and key index ciphertext embedding of the late-joining, flow-through shared private fileThe hash chain data corresponding to the later added circulation shared privacy file is calculated based on the hash chain data corresponding to the former added circulation shared privacy file, and the setting ensures the forward security of ciphertext retrieval, namely the cloud server cannot search the newly added ciphertext file by utilizing the former search trapdoor. Referring to fig. 4, in the file adding step, it is specifically expressed as:. Wherein, in the above representation, the input is the I-th inserted file F I 、F I Corresponding keyword index->And system common parameters, output as file +.>File data ciphertext->Cipher text index with key word->。
In the above embodiment, when the ith need to add the cryptogram file of the circulation sharing, the data owner DO generates the ith newly inserted file F I And key index ciphertext, when hash chain data F (X-I) =h 2 (F (X-I-1)) is embedded in a partial key index ciphertextIs a kind of medium. When the I-1 st inserted file has completed keyword matching and the cloud server has known hash value F (X- (I-1))=f (X-i+1) in trapdoor and index key; from the unidirectional property of the hash function, the cloud server knowing the hash value F (X-i+1) can easily calculate the hash value F (X-i+2) =h 4 (F (X-I+1)). Similarly, the cloud server can obtain hash chain values F (X-I+1), F (X-I+2) … and F (X-I+n) of the files inserted before the I time, namely the cloud server can search all the files inserted before the I time of newly inserting the filesA piece; however, when the malicious cloud server matches the I-th newly inserted file using the previously learned search trapdoor, the hash value embedded in the key index ciphertext is F (X-I) =h 2 (F (X-I-1)). The unidirectional property of the hash function can be used for knowing that the cloud server cannot know the hash value F (X-I-1), so that the forward security of ciphertext retrieval is ensured.
Specifically, when the I-th augmentation of the flow-through shared ciphertext file, the data owner DO encrypts F using the symmetric key k I Obtaining file ciphertextAnd upload file ciphertext->To a cloud server; further, the data owner calculates F (X-I) =h 4 (F(X-(I-1))),/>,/>,/>,/>,,/>And->And upload key index ciphertextTo a cloud server.
In the above embodiment, the data owner encrypts the privacy file data, the file name and the keyword index, and the privacy file data ciphertext and the keyword index ciphertext are stored in the cloud server; in order to reduce the communication storage overhead and prevent leakage of file data ciphertext, the index relation structure uploaded to the blockchain only comprises file name ciphertext and key index ciphertext, and does not comprise file content ciphertext. In the application, the constructed corresponding index structure of the keyword index ciphertext and the file name ciphertext can efficiently extract the file name ciphertext corresponding to the keyword index ciphertext from the blockchain database; in addition, the data owner generates user access right information and ciphertext file access right information, and can update the access right of the user to the ciphertext file.
The data user can define a multi-keyword search strategy of extraction and conjunctive, and a private key of the data user is used for generating a search trapdoor according to the search strategy, so that the impersonation of the search trapdoor is guaranteed, the data user and the key generation center jointly generate a user private key of the data user, and the user private key is embedded into the search trapdoor; in addition, the keyword is divided into the keyword value and the keyword name, and the search strategy only comprises the universal keyword name, so that the privacy of the keyword search strategy is protected.
In addition, the cloud server can judge whether the keyword index ciphertext and the search trapdoor in the matching test equation contain the same keyword by verifying whether the keyword matching test equation is satisfied; if the keyword matching test equation is satisfied, the data user can receive the ciphertext of the search result file sent by the cloud server, namely, the data user can realize ciphertext data retrieval. And when the keyword matching test equation is established, the intelligent contract traverses the chain structure of the keyword index ciphertext, can quickly inquire all file name ciphertext containing the corresponding keyword and send the file name ciphertext to the cloud server and the data user, and the cloud server can verify the file access authority of the data user based on the file name ciphertext. Further, the data user can decrypt the file ciphertext data and the file name ciphertext, and judge the authenticity and the integrity of the search result returned by the cloud server according to the file name.
In addition to the above, the data owner can generate a file data ciphertext and a key index ciphertext of the new file, and embed a hash chain value in the key index ciphertext. Based on the unidirectionality of the hash chain value, the forward security of ciphertext retrieval is ensured, namely, the cloud server cannot utilize the search trapdoor generated by the data user before receiving the search trapdoor generated by the data user to search the newly inserted privacy file.
Through the embodiment, the data circulation and privacy protection method and device based on the block chain can be found, meanwhile, the private data encryption and the retrieval of ciphertext private data are realized, and the requirements of efficient circulation and privacy protection of the data are met. The private key of the data user is generated by the key generation center and the data user together based on the certificateless cryptosystem, so that the problems of certificate management and key escrow are solved; by adopting the multi-keyword ciphertext retrieval technology, the data user can define the multi-keyword search strategy of extraction and conjunctive extraction, and the cloud server can return ciphertext files meeting the search strategy to the data user. Because in a real data flow sharing scenario, the cloud server is not fully trusted; the invention returns the real and complete file name ciphertext information to the data user by utilizing the non-counterfeitability of the blockchain technology, and the data user can verify whether the cloud server returns the real and complete search result. In addition, in order to improve the query efficiency of the blockchain data, the method constructs a blockchain data index structure, and by traversing the chain index structure, the intelligent contract can quickly query all file name ciphertext containing key index ciphertext.
The method and the device support dynamic addition of the shared ciphertext file, and the ciphertext retrieval scheme meets forward security. The one-way hash chain value is embedded in the keyword index ciphertext corresponding to the newly added ciphertext file, and the cloud server cannot acquire the one-way hash chain value, so that the keyword index ciphertext corresponding to the newly added file cannot be matched by using the previous search trapdoor, and the forward safety of a ciphertext retrieval scheme can be ensured based on the one-way performance of the hash chain function. In addition, the data owner in the application sets file access authority information, and can update the access authority of the user to the ciphertext file by adding and deleting the attributes of the user and the ciphertext file so as to realize the access authority control of the ciphertext file.
In summary, the ciphertext retrieval scheme is constructed based on the searchable encryption technology and the certificateless cryptosystem, so that the data privacy protection is realized, the ciphertext data retrieval by the data user is supported, and the problem that the ciphertext data in the prior art cannot be retrieved and shared efficiently is solved. The data user in the method can define the search strategy and generate the search trapdoor to realize the Boolean expression search of the ciphertext data, and the problem that the ciphertext retrieval scheme only supports single keyword search is solved.
In addition, the corresponding index structures of the keyword index ciphertext and the file name ciphertext are uploaded to the blockchain, the blockchain returns all the file name ciphertext containing the keywords to the data user, the data user can verify the authenticity and the integrity of the search result returned by the cloud server, and the problem that in the data circulation process in the prior art, a malicious cloud server possibly returns an unreal and incomplete file search result is solved. And the blockchain data are respectively recorded in different blocks according to time sequence, when all corresponding file name ciphertexts are matched according to the keyword index ciphertexts, all the blocks need to be traversed for matching, the invalid inquiry amount is large, and the calculation resource waste is serious. By constructing the blockchain data index structure with pointers, the efficiency of searching for blockchain data can be improved.
By embedding the one-way hash chain value in the keyword index ciphertext corresponding to the newly added ciphertext file, the forward security of the ciphertext retrieval scheme is ensured based on the one-way performance of the hash function, and the problem that the ciphertext retrieval scheme in the prior art does not support dynamic increase of shared ciphertext files and does not meet the forward security is solved. The method and the device are also based on the file access authority information set by the data owner, and can update the access authority of the user to the ciphertext file by adding and deleting the attributes of the user and the ciphertext file, so that the problem that the ciphertext retrieval scheme in the prior art does not support the access authority control of the ciphertext file is solved.
Accordingly, the present invention also provides a blockchain-based data streaming and privacy protection system, comprising a computer device including a processor and a memory, the memory having stored therein computer instructions for executing the computer instructions stored in the memory, the system implementing the steps of the method as described above when the computer instructions are executed by the processor.
The embodiments of the present invention also provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the edge computing server deployment method described above. The computer readable storage medium may be a tangible storage medium such as Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, floppy disks, hard disk, a removable memory disk, a CD-ROM, or any other form of storage medium known in the art.
Embodiments of the present invention also provide a computer program product comprising a computer program which, when executed by a processor, implements the steps of the method as described above.
Those of ordinary skill in the art will appreciate that the various illustrative components, systems, and methods described in connection with the embodiments disclosed herein can be implemented as hardware, software, or a combination of both. The particular implementation is hardware or software dependent on the specific application of the solution and the design constraints. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention. When implemented in hardware, it may be, for example, an electronic circuit, an Application Specific Integrated Circuit (ASIC), suitable firmware, a plug-in, a function card, or the like. When implemented in software, the elements of the invention are the programs or code segments used to perform the required tasks. The program or code segments may be stored in a machine readable medium or transmitted over transmission media or communication links by a data signal carried in a carrier wave.
It should be understood that the invention is not limited to the particular arrangements and instrumentality described above and shown in the drawings. For the sake of brevity, a detailed description of known methods is omitted here. In the above embodiments, several specific steps are described and shown as examples. However, the method processes of the present invention are not limited to the specific steps described and shown, and those skilled in the art can make various changes, modifications and additions, or change the order between steps, after appreciating the spirit of the present invention.
In this disclosure, features that are described and/or illustrated with respect to one embodiment may be used in the same way or in a similar way in one or more other embodiments and/or in combination with or instead of the features of the other embodiments.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, and various modifications and variations can be made to the embodiments of the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A blockchain-based data circulation and privacy protection method, the method comprising the steps of:
determining a system public parameter and a system master key, and determining a partial key of the data user based on the system public parameter and the system master key;
calculating an asymmetric key of the data user through a key generation algorithm based on the partial key of the data user;
acquiring file data and file keywords of a privacy file, wherein a data owner carries out symmetric encryption on the file data based on a symmetric encryption algorithm to obtain file data ciphertext, the file data ciphertext comprises file name ciphertext and file content ciphertext, a keyword index ciphertext of the file keywords is calculated, access rights of the privacy file and index correspondence between the file name ciphertext and the keyword index ciphertext are determined, the file data ciphertext, the keyword index ciphertext and the access rights are transmitted to a cloud server, and the index correspondence between the file name ciphertext and the keyword index ciphertext is stored to a block chain;
Acquiring a search strategy of the data user, and generating a search trapdoor based on the search strategy;
determining a keyword index ciphertext matched with the search trapdoor, determining a file data ciphertext corresponding to the search trapdoor based on an index corresponding relation between the file name ciphertext and the keyword index ciphertext, verifying the access right of the data user, and transmitting the file data ciphertext corresponding to the search trapdoor to the data user when the access right exists;
and the data owner performs asymmetric encryption on the symmetric key based on the asymmetric public key of the data user to obtain a symmetric key ciphertext, so that the data user decrypts the symmetric key ciphertext based on the asymmetric private key to obtain a symmetric key, and decrypts the file data ciphertext based on the symmetric key.
2. The blockchain-based data streaming and privacy protection method of claim 1, wherein calculating a key index ciphertext of the file key comprises:
determining a privacy file added into circulation sharing at the previous time, calculating a first hash value corresponding to the privacy file added into circulation sharing at the previous time through a hash function, and calculating a second hash value corresponding to the privacy file added into circulation sharing at the current time through the hash function based on the first hash value;
And calculating a keyword index ciphertext of the file keyword based on the second hash value.
3. The blockchain-based data streaming and privacy protection method of claim 1, wherein determining the system public parameter and the system master key, and determining the partial key of the data user based on the system public parameter and the system master key, comprises:
determining a cyclic group and a generator of the cyclic group;
determining ID information of a data user;
establishing a collision hash function;
based on S u =g/(s+H 1 (ID u ) Calculating a partial key of the data user; wherein g represents a generator, s represents a system master key, H 1 (ID u ) Representing the hash calculation of the ID of the data user.
4. The blockchain-based data streaming and privacy protection method of claim 3, wherein the asymmetric key calculation formula of the data user is:
;
;
SK u PK as private key u For public key, g represents generator, H 1 (SK u ) Representing hash computation of a private key of a data user, H 1 (ID u ) Representing hash computation of the ID of the data user, s representing the system master key, a u In the positive integer finite fieldIs selected at random.
5. The blockchain-based data streaming and privacy protection method of claim 1, wherein the search strategy is N represents l o X k matrix, l o Representing the number of keywords searched, k representing the number of columns of the matrix N, pi being a function, the function pi being used to map the rows of the matrix N to generic keyword names, < >>The key value corresponding to the key name.
6. The blockchain-based data streaming and privacy protection method of claim 5, wherein obtaining a search policy for the data user, generating a search trapdoor based on the search policy, comprises:
acquiring a search strategy of the data user;
generating a first partial search trapdoor based on the search strategy;
a second partial search trapdoor is generated based on the asymmetric private key of the data user.
7. The blockchain-based data streaming and privacy protection method of claim 1, wherein verifying the access rights of the data user comprises:
verifying whether the number of the same elements in the authorization information of the data user and the access authority information of the privacy file is not less than an access threshold, and if not, enabling the data user to have access authority.
8. A blockchain-based data circulation and privacy protection system comprising a processor, a memory and a computer program stored on the memory, wherein the processor is configured to execute the computer program, which when executed, implements the steps of the method according to any of claims 1 to 7.
9. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method according to any one of claims 1 to 7.
10. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, realizes the steps of the method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410248828.2A CN117828673B (en) | 2024-03-05 | 2024-03-05 | Block chain-based data circulation and privacy protection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410248828.2A CN117828673B (en) | 2024-03-05 | 2024-03-05 | Block chain-based data circulation and privacy protection method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117828673A true CN117828673A (en) | 2024-04-05 |
| CN117828673B CN117828673B (en) | 2024-06-21 |
Family
ID=90511823
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410248828.2A Active CN117828673B (en) | 2024-03-05 | 2024-03-05 | Block chain-based data circulation and privacy protection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117828673B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118041513A (en) * | 2024-04-15 | 2024-05-14 | 北京市农林科学院信息技术研究中心 | Agricultural product supply chain-based data access control method and apparatus |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160344707A1 (en) * | 2015-05-21 | 2016-11-24 | Nili Philipp | Encrypted query-based access to data |
| CN113194078A (en) * | 2021-04-22 | 2021-07-30 | 西安电子科技大学 | Cloud-supported privacy protection sequencing multi-keyword search encryption method |
| CN114884650A (en) * | 2022-03-21 | 2022-08-09 | 江苏大学 | Searchable encryption method based on safe inverted index |
| CN115834200A (en) * | 2022-11-23 | 2023-03-21 | 南京邮电大学 | Attribute-based searchable encryption data sharing method based on block chain |
| CN116633625A (en) * | 2023-05-25 | 2023-08-22 | 杭州电子科技大学 | Symmetric searchable encryption system and method based on alliance chain |
-
2024
- 2024-03-05 CN CN202410248828.2A patent/CN117828673B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160344707A1 (en) * | 2015-05-21 | 2016-11-24 | Nili Philipp | Encrypted query-based access to data |
| CN113194078A (en) * | 2021-04-22 | 2021-07-30 | 西安电子科技大学 | Cloud-supported privacy protection sequencing multi-keyword search encryption method |
| CN114884650A (en) * | 2022-03-21 | 2022-08-09 | 江苏大学 | Searchable encryption method based on safe inverted index |
| CN115834200A (en) * | 2022-11-23 | 2023-03-21 | 南京邮电大学 | Attribute-based searchable encryption data sharing method based on block chain |
| CN116633625A (en) * | 2023-05-25 | 2023-08-22 | 杭州电子科技大学 | Symmetric searchable encryption system and method based on alliance chain |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118041513A (en) * | 2024-04-15 | 2024-05-14 | 北京市农林科学院信息技术研究中心 | Agricultural product supply chain-based data access control method and apparatus |
| CN118041513B (en) * | 2024-04-15 | 2024-07-05 | 北京市农林科学院信息技术研究中心 | Agricultural product supply chain-based data access control method and apparatus |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117828673B (en) | 2024-06-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111639361B (en) | Block chain key management method, multi-person common signature method and electronic device | |
| Li et al. | FADB: A fine-grained access control scheme for VANET data based on blockchain | |
| CN110224986B (en) | Efficient searchable access control method based on hidden policy CP-ABE | |
| CN111523133B (en) | Block chain and cloud data collaborative sharing method | |
| Ren et al. | Integrity verification mechanism of sensor data based on bilinear map accumulator | |
| Liu et al. | Efficient verifiable public key encryption with keyword search based on KP-ABE | |
| Pu et al. | R²PEDS: a recoverable and revocable privacy-preserving edge data sharing scheme | |
| CN111526197B (en) | Cloud data secure sharing method | |
| CN109361644B (en) | Fuzzy attribute based encryption method supporting rapid search and decryption | |
| CN117828673B (en) | Block chain-based data circulation and privacy protection method and device | |
| Sun et al. | Research on logistics information blockchain data query algorithm based on searchable encryption | |
| Ma et al. | CP‐ABE‐Based Secure and Verifiable Data Deletion in Cloud | |
| Li et al. | Secure and temporary access delegation with equality test for cloud-assisted IoV | |
| Deng et al. | Policy-based broadcast access authorization for flexible data sharing in clouds | |
| Zhang et al. | Secdedup: Secure encrypted data deduplication with dynamic ownership updating | |
| Gao et al. | BFR‐SE: A Blockchain‐Based Fair and Reliable Searchable Encryption Scheme for IoT with Fine‐Grained Access Control in Cloud Environment | |
| Vaanchig et al. | Constructing secure‐channel free identity‐based encryption with equality test for vehicle‐data sharing in cloud computing | |
| CN113836571B (en) | Medical data possession terminal position matching method and system based on cloud and blockchain | |
| Mi et al. | Secure data de-duplication based on threshold blind signature and bloom filter in internet of things | |
| Yan et al. | Secure and efficient big data deduplication in fog computing | |
| Yang et al. | Keyword searchable encryption scheme based on blockchain in cloud environment | |
| Shen et al. | Ensuring query completeness in outsourced database using order-preserving encryption | |
| Joseph et al. | Design a hybrid Optimization and Homomorphic Encryption for Securing Data in a Cloud Environment | |
| Tian et al. | Amount-Based Covert Communication Over Blockchain | |
| Hwang et al. | An SKP‐ABE Scheme for Secure and Efficient Data Sharing in Cloud Environments |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |