WO2019214070A1 - Encryption method for user communication on block chain, apparatus, terminal device and storage medium - Google Patents

Encryption method for user communication on block chain, apparatus, terminal device and storage medium Download PDF

Info

Publication number
WO2019214070A1
WO2019214070A1 PCT/CN2018/095907 CN2018095907W WO2019214070A1 WO 2019214070 A1 WO2019214070 A1 WO 2019214070A1 CN 2018095907 W CN2018095907 W CN 2018095907W WO 2019214070 A1 WO2019214070 A1 WO 2019214070A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
key
random number
encrypted information
blockchain
Prior art date
Application number
PCT/CN2018/095907
Other languages
French (fr)
Chinese (zh)
Inventor
贾牧
谢丹力
陆陈一帆
Original Assignee
深圳壹账通智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳壹账通智能科技有限公司 filed Critical 深圳壹账通智能科技有限公司
Publication of WO2019214070A1 publication Critical patent/WO2019214070A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption

Definitions

  • the present application relates to the field of blockchain application, and in particular, to a user communication encryption method, device, terminal device and storage medium on a blockchain.
  • any user on the blockchain system can obtain the communication content of the peer-to-peer communication on the blockchain system, which cannot be guaranteed.
  • the security of peer-to-peer communication on the blockchain system since the data on the blockchain system is shared, any user on the blockchain system can obtain the communication content of the peer-to-peer communication on the blockchain system, which cannot be guaranteed.
  • the embodiment of the present application provides a method, a device, a terminal device, and a storage medium for user communication encryption on a blockchain, so as to solve the problem that the user is insecure for peer-to-peer communication on the current blockchain system.
  • an embodiment of the present application provides a method for encrypting user communications on a blockchain, including:
  • User A sends the first encrypted information to User B;
  • User B receives the first encrypted information, and obtains a first random number after decryption
  • User B sends second encrypted information to user A;
  • User A receives the second encrypted information, and obtains a second random number after decryption
  • User A and user B perform a key generation algorithm based on the first random number and the second random number to obtain a key Key and an initialization variable IV;
  • User A and user B perform encrypted communication using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV.
  • the embodiment of the present application provides a user communication encryption device on a blockchain, including:
  • a first encryption information sending module configured for user A to send first encrypted information to user B;
  • a first random number obtaining module configured to receive, by the user B, the first encrypted information, and obtain a first random number after decryption
  • a second encrypted information sending module configured for user B to send second encrypted information to user A
  • a second random number obtaining module configured to receive the second encrypted information by the user A, and obtain a second random number after decryption
  • a key and initialization variable obtaining module configured for user A and user B to perform a key generation algorithm based on the first random number and the second random number, to obtain a key Key and an initialization variable IV;
  • the encrypted communication module is used for user A and user B to perform encrypted communication using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV.
  • an embodiment of the present application provides a terminal device, including a memory, a processor, and computer readable instructions stored in the memory and executable on the processor, where the processor executes the computer The following steps are implemented when reading the instruction:
  • User A sends the first encrypted information to User B;
  • User B receives the first encrypted information, and obtains a first random number after decryption
  • User B sends second encrypted information to user A;
  • User A receives the second encrypted information, and obtains a second random number after decryption
  • User A and user B perform a key generation algorithm based on the first random number and the second random number to obtain a key Key and an initialization variable IV;
  • User A and user B perform encrypted communication using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV.
  • the embodiment of the present application provides one or more non-volatile readable storage media storing computer readable instructions, when the computer readable instructions are executed by one or more processors, such that the one or Multiple processors perform the following steps:
  • User A sends the first encrypted information to User B;
  • User B receives the first encrypted information, and obtains a first random number after decryption
  • User B sends second encrypted information to user A;
  • User A receives the second encrypted information, and obtains a second random number after decryption
  • User A and user B perform a key generation algorithm based on the first random number and the second random number to obtain a key Key and an initialization variable IV;
  • User A and user B perform encrypted communication using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV.
  • user A first sends the first encrypted information to user B, and user B receives the first encrypted information, and obtains the first after decryption. a random number; user B sends the second encrypted information to user A, user A receives the second encrypted information, and obtains the second random number after decryption, and user A and user B acquire the first random number sent by the other party by using the encryption and decryption random number
  • the number and the second random number provide the basis for subsequent encrypted communication.
  • user A and user B execute a key generation algorithm based on the first random number and the second random number to obtain a key Key and an initialization variable IV, and the generated key Key and initialization variable IV are jointly obtained by user A and user B.
  • the key Key and the initialization variable IV are obtained by a hash algorithm, have the characteristics of irreversible data, and have high security, and provide a necessary basis for realizing communication encryption between the user A and the user B.
  • user A and user B perform encrypted communication using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV, so that the third party (users on the blockchain other than user A and user B) has no key Key and initialization.
  • the variable IV the communication contents of the user A and the user B cannot be acquired, and the communication content is secure when any two users on the blockchain perform point-to-point communication.
  • Embodiment 1 is a flow chart of a method for encrypting user communication on a blockchain in Embodiment 1 of the present application.
  • FIG. 2 is a specific flow chart of step S10 of FIG. 1.
  • FIG. 3 is a specific flow chart of step S20 of FIG. 2.
  • step S30 of FIG. 1 is a specific flow chart of step S30 of FIG. 1.
  • FIG. 5 is a specific flowchart of step S40 in FIG. 1.
  • Figure 6 is a specific flow chart before step S10 of Figure 1.
  • FIG. 7 is a specific flowchart of step S60 in FIG. 1.
  • FIG. 8 is a schematic block diagram of a user communication encryption apparatus on a blockchain in Embodiment 2 of the present application.
  • FIG. 9 is a schematic diagram of a terminal device in Embodiment 4 of the present application.
  • FIG. 1 is a flow chart showing a method of encrypting user communication on a blockchain in this embodiment.
  • the user communication encryption method on the blockchain can be applied to an application system based on a blockchain technology, and is used for encrypting communication content when a user performs peer-to-peer communication on a blockchain system, thereby realizing users on the blockchain system.
  • the user communication encryption method on the blockchain includes the following steps:
  • User A and user B refer to any two users on the blockchain system.
  • the user on the blockchain in this embodiment should be understood as each user node on the blockchain system, that is, each related terminal on the blockchain system.
  • the terminal may be a terminal such as a mobile phone, a tablet, and a computer connected through a blockchain network.
  • the first encrypted information refers to information that the user A sent to the user B after being encrypted.
  • the first encrypted information includes the encrypted first random number generated by the user A.
  • the first random number refers to a random number generated by the user A for performing key negotiation with the user B.
  • Blockchain is a new application model for computer technologies such as distributed data storage, consensus mechanisms, and encryption algorithms.
  • the blockchain system is essentially a decentralized distributed database system.
  • the communication process between the user A and the user B is performed on the blockchain, and the user A sends the first encrypted information to the user B under the blockchain system, so that the subsequent user B can receive the first Encrypting the information and decrypting the first encrypted information to obtain a first random number.
  • S20 User B receives the first encrypted information, and obtains the first random number after decryption.
  • the user B reads the first encrypted information sent by the user A on the blockchain system, and decrypts the first encrypted information to obtain the first random number.
  • the user B obtains the basis of the key key and the initialization variable IV generated by the user A and the user B jointly negotiated based on the first random number by acquiring the first random number sent by the user A.
  • the second encrypted information refers to the information sent by the user B to the user A after the encryption process, and the second encrypted information includes the encrypted second random number generated by the user B.
  • the second random number refers to a random number generated by the user B for performing key negotiation with the user A.
  • the user B sends the second encrypted information to the user A under the blockchain system, so that the subsequent user A receives the second encrypted information, and decrypts the second encrypted information to obtain a second random number.
  • S40 User A receives the second encrypted information, and obtains the second random number after decryption.
  • the user A reads the second encrypted information sent by the user B on the blockchain system, and decrypts the second encrypted information to obtain a second random number.
  • the user A provides a basis for the subsequent generation of the key Key and the initialization variable IV jointly generated by the user A and the user B based on the second random number by acquiring the second random number sent by the user B.
  • user A and user B are based on the first random number and the second random number.
  • the key generation algorithm is executed, and according to the key generation algorithm, the key Key and the initialization variable IV are simultaneously acquired (the key Key and the initialization variable IV are basic conditions required for the subsequent user to encrypt and encrypt the process on the blockchain system).
  • the key Key and the initialization variable IV are basic conditions required for the subsequent user to encrypt and encrypt the process on the blockchain system.
  • the AES algorithm is a symmetric block cipher system, which adopts a replacement/replacement network, and each round consists of a linear mixed layer, a nonlinear layer and a key encryption layer.
  • the linear mixed layer is used to ensure high spread over multiple rounds
  • the nonlinear layer is composed of 16 S boxes and plays a role of confusion
  • the key encryption layer is used to XOR the subkeys to the intermediate state.
  • AES is an iterative block cipher whose packet length and key length are both variable, except that the packet size for processing is limited to 128 bits in order to meet the requirements of AES, and the key length is 128 bits, 192 bits or 256 bits.
  • the corresponding number of iterations N is 10 rounds, 12 rounds and 14 rounds.
  • AES brings together the benefits of security, efficiency, achievability and flexibility. The biggest advantage is that it can give the probability of the best scoring feature of the algorithm, and analyze the ability of the algorithm to resist cryptanalysis and linear cryptanalysis.
  • the CBC mode is a packet encryption mode. For each cipher block to be encrypted, it is XORed with the ciphertext of the previous cipher block before encryption (in particular, the first plaintext block and a data block called the initialization vector IV). XOR), then encrypt it with a cipher.
  • the AES-CBC mode uses the encryption and decryption mode as CBC, and the algorithm uses the AES algorithm to encrypt and decrypt.
  • user A and user B are securely and reliably obtained based on mutual agreement and only the key Key and initialization variable IV owned by user A and user B are used, and the user is on the blockchain by adopting the AES algorithm and adopting the CBC mode. Encrypted communication.
  • layers are layered to improve security, ensuring the security of user communication on the blockchain system.
  • user A sends the first encrypted information to user B, user B receives the first encrypted information, and obtains the first random number after decryption;
  • user B sends the second encrypted information to user A, and user A receives the second encrypted information, and obtains the second encrypted information.
  • the second random number, the user A and the user B acquire the first random number and the second random number sent by the other party by using the encryption and decryption random number, which provides a basis for the subsequent encrypted communication.
  • user A and user B execute a key generation algorithm based on the first random number and the second random number to obtain a key Key and an initialization variable IV, and the generated key Key and initialization variable IV are jointly obtained by user A and user B.
  • the key Key and the initialization variable IV are obtained by a hash algorithm, have the characteristics of irreversible data, and have high security, and provide a necessary basis for realizing communication encryption between the user A and the user B.
  • user A and user B perform encrypted communication using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV, so that the third party (users on the blockchain other than user A and user B) has no key Key and initialization.
  • the variable IV the communication contents of the user A and the user B cannot be acquired, and the communication content is secure when any two users on the blockchain perform point-to-point communication.
  • step S10 the user A sends the first encryption information to the user B, which specifically includes the following steps:
  • the user certificate is a certificate issued by each system for verifying the identity of the user by the system root certificate on the blockchain.
  • Each user on the blockchain has a unique user certificate.
  • the root certificate of the system is customized on the blockchain. Specifically, the system administrator on the blockchain can create a unique key-value pair.
  • the system root certificate includes a pair of corresponding public and private keys (ie, a pair of keys).
  • the public key is used for user authentication, and the private key is used to encrypt the original user certificate (that is, the digital certificate has not been digitally signed by the system root certificate).
  • User certificate ).
  • the system root certificate generates a pair of key pairs for the user certificate when the user certificate is issued to each user on the blockchain, so that any two users on the blockchain can perform peer-to-peer communication based on their corresponding users.
  • the certificate is authenticated. User authentication performed on the blockchain system does not need to be implemented by an external third-party certificate issuing authority, which improves the reliability of authentication between users of the blockchain system.
  • user A communicates with user B through the blockchain system, and both parties need to perform user authentication before continuing communication.
  • user B needs to verify whether user A is a legitimate user on the blockchain system, and user B will The system root certificate on the blockchain system is read, and the user certificate of the user A is decrypted and verified by using the public key of the system root certificate. If the decryption result includes the digital signature of the system root certificate, the user A is considered to be on the blockchain system. Legal user.
  • the user A After verifying the identity of the identity, the user A will obtain the second public key in the user certificate of the user B, so as to subsequently encrypt the first random number generated by the user A by using the second public key.
  • the second public key is a public key stored in the user certificate of the user B.
  • S12 User A generates a first random number, and encrypts the first random number by using a second public key to obtain first encrypted information.
  • the user A generates a first random number on the blockchain, and encrypts the first random number by using the second public key in the user certificate of the user B to obtain the first encrypted information.
  • a prefix of “key negotiation 1” may be added before the first random number to indicate or distinguish the use of the first random number to be encrypted by the prefix. Therefore, after decrypting the first encrypted information, the user B can learn, according to the prefix, that the decrypted first random number is a random number for performing key negotiation between the user A and the user B.
  • the user A on the blockchain can send the first encrypted information to the user B through the blockchain system.
  • the user A on the blockchain can send the first encrypted information to the user B through the blockchain system.
  • it can be implemented in the following two ways:
  • the user's communication address is set on the blockchain to implement user communication on the blockchain based on the communication.
  • the user's communication address can be specifically the user's email address.
  • the email addresses of user A and user B are first set, for example, the email address of user A is represented as MailuserAAA.
  • User A and User B's email addresses are created in a key-value pair, and the email address is the key in the key-value pair.
  • the value corresponding to the email address of user A is Ma
  • the value corresponding to the email address of user B is Mb.
  • user A When sending data, user A reads the email address of user B, obtains the value Mb according to the email address, and adds a key Kab to the value Mb (the value corresponding to the key Kab is Data1), that is, the process of sending the data Data1 is completed.
  • the corresponding value Data1 is obtained according to the key Kab, which is the first encrypted information in this embodiment.
  • the user addresses of user A and user B are set on the blockchain system.
  • the user address of user A can be represented as userAAA, and user A creates a key-value pair on the blockchain, and the key-value pair
  • the key is Kab (the same as the kab name of the first method described above, and the specific content is different), and the value is Data1 (this Data1 is the first encrypted information in this embodiment).
  • the key is created as a kab on the blockchain system, and the corresponding value is the key-value pair of Data1, that is, the process of sending data is completed, so that the subsequent user B passes the query field as "
  • the fuzzy query of the data prefix + user B's user address obtains all the keys starting with the data prefix + user B's user address, thereby obtaining the key Kab, and obtaining the value Data1 by the key Kab.
  • step S20 the user B receives the first encrypted information, and obtains the first random number after decryption, which specifically includes the following steps:
  • the user B receives the first encrypted information sent by the user A according to the nature and characteristics of the blockchain system through the blockchain system. Specifically, if the two types of users listed in step S13 communicate on the blockchain, if the first communication mode is adopted, the user B receives the information sent by the user A by reading the email address of the user. Obtaining the corresponding value Mb according to the email address (the email address is a key), and then obtaining the key Kab added by the user A to the value Mb from the value Mb, and then according to the relationship between the key Kab and the value Data1 being a key value pair, The value Data1 is obtained directly from the key Kab. In the present embodiment, the value Data1 is the first encrypted information that the user A wants to send to the user B.
  • the field "data prefix + user address of user B” obtains all the information of the field "data prefix + user address of user B", wherein the obtained information includes the key Kab, and finally the corresponding value Data1 is obtained according to the key Kab. That is, the first encrypted information sent by the user A is obtained.
  • the user B can receive the first encrypted information sent by the user A through the blockchain system.
  • S22 The user B decrypts the first encrypted information by using a second private key corresponding to the second public key to obtain the first random number.
  • the first encrypted information is obtained by using the public key of the user certificate of the user B (that is, the second public key in this embodiment), so that the first decryption is performed.
  • the encrypted information requires the private key of the user certificate of User B (ie, the second private key in this embodiment).
  • the user B decrypts the first encrypted information by using the second private key corresponding to the second public key, and obtains the first random number generated by the user A after decryption.
  • the system root certificate is used to generate the user certificate of the user on the blockchain, and the key pair (public key and private key) of the user certificate is implemented.
  • the random number exchanged by the user-generated random number on the blockchain is used to encrypt and send the random number exchange process, and the user exchanges the random number on the blockchain system, which provides a basis for generating the key Key and the initialization variable IV according to the random number.
  • step S30 the user B sends the second encryption information to the user A, which specifically includes the following steps:
  • step S11 Similar to step S11, refer to the implementation process of step S11, and details are not described herein again.
  • S32 User B generates a second random number, and encrypts the second random number by using the first public key to obtain second encrypted information.
  • step S12 Similar to step S12, refer to the implementation process of step S11, and details are not described herein again.
  • step S13 Similar to step S13, refer to the implementation process of step S11, and details are not described herein again.
  • step S40 user A receives the second encrypted information, and obtains the second random number after decryption, which specifically includes the following steps:
  • step S21 Similar to step S21, refer to the implementation process of step S21, and details are not described herein again.
  • S42 User A decrypts the second encrypted information by using the first private key corresponding to the first public key to obtain a second random number.
  • step S22 Similar to step S22, refer to the implementation process of step S22, and details are not described herein again.
  • the user communication encryption method on the blockchain further includes the following steps:
  • the blockchain system is essentially a decentralized distributed database system.
  • the respective local databases are queried in advance.
  • the purpose of this step is to query the local database prior to communication to determine if there is an existing, directly available key Key and initialization variable IV.
  • the creation time of the key Key and the initialization variable IV needs to be checked to determine the key Key and the initialization variable IV. Can it be used?
  • the preset effective time refers to a valid time period of the preset key key and the initialization variable IV.
  • the key Key and the initialization variable IV that have been saved in the local database may be used, and the CBC mode of the AES algorithm is used. Encrypted communication ensures the security of communication on the blockchain system.
  • step S50 the key generation algorithm is specifically:
  • random1 represents the first random number
  • random2 represents the second random number
  • n is a positive integer greater than 0
  • Hash represents a hash function
  • the algorithm uses the SHA256 algorithm
  • HMAC refers to the key-related hash operation
  • the algorithm uses SHA256 Algorithm
  • indicates the connection operation.
  • the user A and the user B simultaneously execute the key generation algorithm of generating the key Key and the initialization variable IV, and the first random number and the second random number are known only by the user A and the user B, and the blockchain system is improved.
  • the algorithm combines the characteristics of the first random number and the second random number, and uses a hash algorithm (ie, Hash algorithm) to generate multiple information digests (such as C0, C1, and C2), according to the first random number, the second random number, and the generated.
  • a hash algorithm ie, Hash algorithm
  • the SHA256 algorithm is one of the hash algorithms, and is different from the AES algorithm in this embodiment.
  • the SHA256 algorithm is required to generate the key Key and the initialization variable IV, and the AES algorithm is required for user communication encryption.
  • step S60 user A and user B perform encrypted communication using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV, and specifically include the following steps:
  • steps S61-S64 are processes in which the user A encrypts the communication content using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV.
  • steps S65-S68 are processes in which the user B decrypts the communication content using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV.
  • Any user on the blockchain (such as user A) can write the data to be encrypted and communicated to the blockchain through steps S61-S64, so that only the user who owns the key Key and the initialization variable IV (such as the user)
  • the user B) of the A communication can decrypt the encrypted data on the read blockchain.
  • the communication content that is, the communication data is stored in a key value pair.
  • the CBC mode of the AES algorithm encrypts the data stored in the key value pair mode, and the key Key and the initialization variable IV are well adopted, so that The user communication encryption process on the blockchain is more secure and reliable.
  • user A sends the first encrypted information to user B, and user B receives the first encrypted information, and obtains the first random number after decryption; user B sends the message to user A.
  • the second encrypted information is obtained by the user A, and the second random number is obtained after the decryption is performed.
  • the user A and the user B obtain the first random number and the second random number sent by the other party by using the encryption and decryption random number.
  • the key Key and the initialization variable IV are generated based on the first random number and the second random number, and provide a basis for encrypted communication according to the key Key and the initialization variable IV.
  • user A and user B execute a key generation algorithm based on the first random number and the second random number to obtain a key Key and an initialization variable IV, and the generated key Key and initialization variable IV are user A and user B passing the first random
  • the number and the second random number are jointly negotiated, and the key Key and the initialization variable IV are obtained by a hash algorithm, and have the characteristics of irreversible data, high security, and provide for encrypting communication between user A and user B.
  • user A and user B perform encrypted communication using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV, so that the third party (users on the blockchain other than user A and user B) has no key Key and initialization.
  • the variable IV the communication contents of the user A and the user B cannot be acquired, and the communication content is secure when any two users on the blockchain perform point-to-point communication.
  • the user communication encryption method on the blockchain provided by this embodiment further combines the nature and characteristics of the blockchain, and sets a system root certificate on the blockchain system; implements and performs any two users on the blockchain system.
  • Point-to-point communication that is, by virtualizing a communication channel on the blockchain system, data communication between any two users on the blockchain is realized.
  • Users only need to maintain communication with the blockchain network to realize data sharing storage and data communication between all users, which can effectively simplify the construction of application systems, reduce system complexity, and enhance the security of blockchain systems. Robustness.
  • the communication process of users on the blockchain system is under a unified system, and the blockchain is further ensured without the help of other third-party systems, certification bodies and tools.
  • User communication security is provided by this embodiment.
  • Fig. 8 is a block diagram showing the principle of the user communication encryption device on the block chain corresponding to the user communication encryption method on the blockchain in the first embodiment.
  • the user communication encryption device on the blockchain includes a first encrypted information sending module 10, a first random number obtaining module 20, a second encrypted information sending module 30, a second random number obtaining module 40, and a key. And the initialization variable acquisition module 50 and the encryption communication module 60.
  • the first encryption information sending module 10, the first random number obtaining module 20, the second encrypted information sending module 30, the second random number obtaining module 40, the key and initialization variable obtaining module 50, and the encryption communication module 60 are implemented.
  • the steps corresponding to the user communication encryption method on the blockchain in the first embodiment are in one-to-one correspondence. To avoid redundancy, the present embodiment will not be described in detail.
  • the first encrypted information sending module 10 is configured to send the first encrypted information to the user B by the user A.
  • the first random number obtaining module 20 is configured to receive the first encrypted information by the user B, and obtain the first random number after decryption.
  • the second encrypted information sending module 30 is configured to send the second encrypted information to the user A by the user B.
  • the second random number obtaining module 40 is configured to receive the second encrypted information by the user A, and obtain the second random number after decryption.
  • the key and initialization variable obtaining module 50 is configured to perform a key generation algorithm based on the first random number and the second random number by the user A and the user B, and acquire the key Key and the initialization variable IV.
  • the encrypted communication module 60 is configured for the user A and the user B to perform encrypted communication using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV.
  • the first encrypted information transmitting module 10 includes a second public key obtaining unit 11, a first encrypted information acquiring unit 12, and a first encrypted information transmitting unit 13.
  • the second public key obtaining unit 11 is configured to obtain the second public key from the user certificate of the user B.
  • the first encryption information acquiring unit 12 is configured to generate a first random number by the user A, and encrypt the first random number by using the second public key to obtain the first encrypted information.
  • the first encrypted information transmitting unit 13 is configured to send the first encrypted information to the user B through the blockchain.
  • the first random number obtaining module 20 includes a first encrypted information receiving unit 21 and a first random number obtaining unit 22.
  • the first encryption information receiving unit 21 is configured to receive, by the user B, the first encrypted information sent by the user A through the blockchain system.
  • the first random number obtaining unit 22 is configured to: the user B decrypts the first encrypted information by using a second private key corresponding to the second public key, and acquires the first random number.
  • the second encrypted information transmitting module 30 includes a first public key obtaining unit 31, a second encrypted information acquiring unit 32, and a second encrypted information transmitting unit 33.
  • the first public key obtaining unit 31 is configured to obtain the first public key from the user certificate of the user A.
  • the second encryption information acquiring unit 32 is configured to generate a second random number by the user B, and encrypt the second random number by using the first public key to obtain the second encrypted information.
  • the second encrypted information transmitting unit 33 is configured to send the second encrypted information to the user A through the blockchain.
  • the second random number obtaining module 40 includes a second encrypted information receiving unit 41 and a second random number obtaining unit 42.
  • the second encrypted information receiving unit 41 is configured to receive, by the user A, the second encrypted information sent by the user B through the blockchain system.
  • the second random number obtaining unit 42 is configured to: the user A decrypts the second encrypted information by using the first private key corresponding to the first public key, and acquires the second random number.
  • the user chain encryption device on the blockchain further includes a pre-query module 70, which includes a query unit 71, a creation time viewing unit 72, and a determination employing unit 73.
  • a pre-query module 70 which includes a query unit 71, a creation time viewing unit 72, and a determination employing unit 73.
  • the query unit 71 is configured for the user A and the user B to query the respective local databases in advance.
  • the creation time viewing unit 72 is configured to view the creation time of the key Key and the initialization variable IV if the key Key and the initialization variable IV exist in the local database.
  • the determining unit 73 is configured to perform the encrypted communication by using the CBC mode of the AES algorithm by using the existing key Key and the initialization variable IV if the creation time does not exceed the preset effective time.
  • the key generation algorithm is:
  • random1 represents the first random number
  • random2 represents the second random number
  • n is a positive integer greater than 0
  • Hash represents a hash function
  • the algorithm uses the SHA256 algorithm
  • HMAC refers to the key-related hash operation
  • the algorithm uses SHA256 Algorithm
  • indicates the connection operation.
  • the encrypted communication module 60 includes a data writing unit 61, a key encrypting unit 62, a value encrypting unit 63, an encrypted data writing unit 64, an encrypted data reading unit 65, a key decrypting unit 66, a value decrypting unit 67, and data acquisition.
  • Unit 68 the encrypted communication module 60 includes a data writing unit 61, a key encrypting unit 62, a value encrypting unit 63, an encrypted data writing unit 64, an encrypted data reading unit 65, a key decrypting unit 66, a value decrypting unit 67, and data acquisition.
  • Unit 68 the encrypted communication module 60 includes a data writing unit 61, a key encrypting unit 62, a value encrypting unit 63, an encrypted data writing unit 64, an encrypted data reading unit 65, a key decrypting unit 66, a value decrypting unit 67, and data acquisition.
  • Unit 68 the encrypted communication module 60 includes a data writing unit 61, a key
  • the data writing unit 61 is for the user A to write the data K:V to the blockchain in a key-value pair, where K represents a key and V represents a value.
  • Encrypted data is written to unit 64 for user A to write data ⁇ KC:VC+IV ⁇ onto the blockchain.
  • the encrypted data reading unit 65 is configured for the user B to read the KC on the blockchain, and acquire the VC and the initialization variable IV according to the KC.
  • the data acquisition unit 68 is configured for the user B to acquire the data K:V.
  • the first encrypted information sending module 10 the first random number obtaining module 20, the second encrypted information sending module 30, and the second random number obtaining module 40
  • the user B acquires the first random number and the second random number sent by the other party by using the encryption and decryption random number, and generates a key Key and an initialization variable IV according to the first random number and the second random number, and according to the secret
  • the encrypted communication of the key Key and the initialization variable IV provides the basis.
  • the key and initialization variable obtaining module 50, the generated key Key and the initialization variable IV are obtained by the user A and the user B jointly negotiated by the first random number and the second random number, and the key key and the initialization variable IV are passed through
  • the algorithm is acquired, has the characteristics of irreversible data, and has high security, which provides a necessary basis for realizing communication encryption between user A and user B.
  • the communication module 60 is encrypted so that the third party (users on the block chain other than the user A and the user B) cannot obtain the communication contents of the user A and the user B without the key Key and the initialization variable IV, and the area is secured.
  • the security of the communication content when any two users on the blockchain perform point-to-point communication.
  • the embodiment provides one or more non-volatile readable storage media having computer readable instructions that, when executed by one or more processors, cause the one or more processors to execute The user communication encryption method on the blockchain in Embodiment 1 is implemented. To avoid repetition, details are not described herein again. Alternatively, when the computer readable instructions are executed by one or more processors, causing the one or more processors to perform the functions of the modules/units in the user communication encryption device on the blockchain in Embodiment 2, To avoid repetition, we will not repeat them here.
  • FIG. 9 is a schematic diagram of a terminal device in this embodiment.
  • terminal device 80 includes a processor 81, a memory 82, and computer readable instructions 83 stored in memory 82 and operative on processor 81.
  • the processor 81 implements the various steps of the user communication encryption method on the blockchain in Embodiment 1 when the computer readable instructions 83 are executed, such as steps S10, S20, S30, S40, S50, and S60 shown in FIG.
  • the processor 81 executes the computer readable instructions 83, the functions of the modules/units of the user communication encryption device on the blockchain in Embodiment 2 are implemented.
  • the first encrypted information sending module 10 obtains the first random number.
  • computer readable instructions 83 may be partitioned into one or more modules/units, one or more modules/units being stored in memory 82 and executed by processor 81 to complete the application.
  • the one or more modules/units may be an instruction segment of a series of computer readable instructions 83 capable of performing a particular function for describing the execution of computer readable instructions 83 in the terminal device 80.
  • the computer readable instructions 83 may be divided into the first encrypted information transmitting module 10, the first random number obtaining module 20, the second encrypted information transmitting module 30, the second random number obtaining module 40, and the key in Embodiment 2.
  • the initialization variable acquisition module 50 and the encryption communication module 60, the specific functions of each module are as shown in the embodiment 2, in order to avoid repetition, not repeated here.
  • the terminal device 80 can be a computing device such as a desktop computer, a notebook, a palmtop computer, and a cloud server.
  • the terminal device may include, but is not limited to, a processor 81, a memory 82. It will be understood by those skilled in the art that FIG. 9 is merely an example of the terminal device 80 and does not constitute a limitation of the terminal device 80, and may include more or less components than those illustrated, or may combine certain components or different components.
  • the terminal device may further include an input/output device, a network access device, a bus, and the like.
  • the processor 81 may be a central processing unit (CPU), or may be other general-purpose processors, a digital signal processor (DSP), an application specific integrated circuit (ASIC), Field-Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, etc.
  • the general purpose processor may be a microprocessor or the processor or any conventional processor or the like.
  • the memory 82 may be an internal storage unit of the terminal device 80, such as a hard disk or a memory of the terminal device 80.
  • the memory 82 may also be an external storage device of the terminal device 80, such as a plug-in hard disk provided on the terminal device 80, a smart memory card (SMC), a Secure Digital (SD) card, and a flash memory card (Flash). Card) and so on.
  • the memory 82 may also include both an internal storage unit of the terminal device 80 and an external storage device.
  • the memory 82 is used to store computer readable instructions 83 and other programs and data required by the terminal device.
  • the memory 82 can also be used to temporarily store data that has been output or is about to be output.
  • each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
  • the integrated modules/units if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium.
  • the present application implements all or part of the processes in the above embodiments, and may also be completed by computer readable instructions 83, which may be stored in a computer readable storage.
  • the computer readable instructions 83 when executed by the processor, may implement the steps of the various method embodiments described above.
  • the computer readable instructions 83 comprise code of computer readable instructions, the code of which may be in the form of source code, in the form of an object code, an executable file or some intermediate form or the like.
  • the computer readable medium can include any entity or device capable of carrying the code of the computer readable instructions, a recording medium, a USB flash drive, a removable hard drive, a magnetic disk, an optical disk, a computer memory, a read only memory (ROM, Read- Only Memory), Random Access Memory (RAM), electrical carrier signals, telecommunications signals, and software distribution media.
  • ROM Read Only Memory
  • RAM Random Access Memory

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosed in the present application are an encryption method for user communication on a block chain, an apparatus, a terminal device and a storage medium. The method for user communication on the block chain comprises: a user A sending first encryption information to a user B; the user B receiving and decrypting the first encryption information to acquire a first random number; the user B sending second encryption information to the user A; the user A receiving and decrypting the second encryption information to acquire a second random number; the user A and the user B performing a key generation algorithm on the basis of the first random number and the second random number to acquire a key (Key) and an initialized variable (IV); and the user A and the user B achieving encrypted communication on the basis of the key (Key) and the initialized variable (IV) by adopting a CBC mode of an AES algorithm. According to the encryption method for user communication on the block chain, the security of point-to-point communication of the users on the block chain system can be guaranteed.

Description

区块链上用户通信加密方法、装置、终端设备及存储介质User communication encryption method, device, terminal device and storage medium on blockchain
本申请以2018年5月9日提交的申请号为201810437217.7,名称为“区块链上用户通信加密方法、装置、终端设备及存储介质”的中国发明专利申请为基础,并要求其优先权。This application is based on the Chinese Patent Application No. 201810437217.7 filed on May 9, 2018, entitled "User Communication Encryption Method, Device, Terminal Device and Storage Medium on Blockchain", and requires priority.
技术领域Technical field
本申请涉及区块链应用领域,尤其涉及一种区块链上用户通信加密方法、装置、终端设备及存储介质。The present application relates to the field of blockchain application, and in particular, to a user communication encryption method, device, terminal device and storage medium on a blockchain.
背景技术Background technique
区块链系统上用户在进行点对点通信时,由于区块链系统上的数据都是共享的,区块链系统上任一用户都可以获取区块链系统上用户进行点对点通信的通信内容,无法保证区块链系统上用户进行点对点通信的安全。When the user performs peer-to-peer communication on the blockchain system, since the data on the blockchain system is shared, any user on the blockchain system can obtain the communication content of the peer-to-peer communication on the blockchain system, which cannot be guaranteed. The security of peer-to-peer communication on the blockchain system.
发明内容Summary of the invention
本申请实施例提供一种区块链上用户通信加密方法、装置、终端设备及存储介质,以解决当前区块链系统上用户进行点对点通信不安全的问题。The embodiment of the present application provides a method, a device, a terminal device, and a storage medium for user communication encryption on a blockchain, so as to solve the problem that the user is insecure for peer-to-peer communication on the current blockchain system.
第一方面,本申请实施例提供一种区块链上用户通信加密方法,包括:In a first aspect, an embodiment of the present application provides a method for encrypting user communications on a blockchain, including:
用户A向用户B发送第一加密信息;User A sends the first encrypted information to User B;
用户B接收所述第一加密信息,解密后获取第一随机数;User B receives the first encrypted information, and obtains a first random number after decryption;
用户B向用户A发送第二加密信息;User B sends second encrypted information to user A;
用户A接收所述第二加密信息,解密后获取第二随机数;User A receives the second encrypted information, and obtains a second random number after decryption;
用户A和用户B基于所述第一随机数和所述第二随机数执行密钥生成算法,获取密钥Key和初始化变量IV;User A and user B perform a key generation algorithm based on the first random number and the second random number to obtain a key Key and an initialization variable IV;
用户A和用户B基于所述密钥Key和所述初始化变量IV,采用AES算法的CBC模式进行加密通信。User A and user B perform encrypted communication using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV.
第二方面,本申请实施例提供一种区块链上用户通信加密装置,包括:In a second aspect, the embodiment of the present application provides a user communication encryption device on a blockchain, including:
第一加密信息发送模块,用于用户A向用户B发送第一加密信息;a first encryption information sending module, configured for user A to send first encrypted information to user B;
第一随机数获取模块,用于用户B接收所述第一加密信息,解密后获取第一随机数;a first random number obtaining module, configured to receive, by the user B, the first encrypted information, and obtain a first random number after decryption;
第二加密信息发送模块,用于用户B向用户A发送第二加密信息;a second encrypted information sending module, configured for user B to send second encrypted information to user A;
第二随机数获取模块,用于用户A接收所述第二加密信息,解密后获取第二随机数;a second random number obtaining module, configured to receive the second encrypted information by the user A, and obtain a second random number after decryption;
密钥和初始化变量获取模块,用于用户A和用户B基于所述第一随机数和所述第二随机数执行密钥生成算法,获取密钥Key和初始化变量IV;a key and initialization variable obtaining module, configured for user A and user B to perform a key generation algorithm based on the first random number and the second random number, to obtain a key Key and an initialization variable IV;
加密通信模块,用于用户A和用户B基于所述密钥Key和所述初始化变量IV,采用AES算法的CBC模式进行加密通信。The encrypted communication module is used for user A and user B to perform encrypted communication using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV.
第三方面,本申请实施例提供一种终端设备,包括存储器、处理器以及存储在所述存 储器中并可在所述处理器上运行的计算机可读指令,所述处理器执行所述计算机可读指令时实现如下步骤:In a third aspect, an embodiment of the present application provides a terminal device, including a memory, a processor, and computer readable instructions stored in the memory and executable on the processor, where the processor executes the computer The following steps are implemented when reading the instruction:
用户A向用户B发送第一加密信息;User A sends the first encrypted information to User B;
用户B接收所述第一加密信息,解密后获取第一随机数;User B receives the first encrypted information, and obtains a first random number after decryption;
用户B向用户A发送第二加密信息;User B sends second encrypted information to user A;
用户A接收所述第二加密信息,解密后获取第二随机数;User A receives the second encrypted information, and obtains a second random number after decryption;
用户A和用户B基于所述第一随机数和所述第二随机数执行密钥生成算法,获取密钥Key和初始化变量IV;User A and user B perform a key generation algorithm based on the first random number and the second random number to obtain a key Key and an initialization variable IV;
用户A和用户B基于所述密钥Key和所述初始化变量IV,采用AES算法的CBC模式进行加密通信。User A and user B perform encrypted communication using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV.
第四方面,本申请实施例提供一个或多个存储有计算机可读指令的非易失性可读存储介质,所述计算机可读指令被一个或多个处理器执行时,使得所述一个或多个处理器执行如下步骤:In a fourth aspect, the embodiment of the present application provides one or more non-volatile readable storage media storing computer readable instructions, when the computer readable instructions are executed by one or more processors, such that the one or Multiple processors perform the following steps:
用户A向用户B发送第一加密信息;User A sends the first encrypted information to User B;
用户B接收所述第一加密信息,解密后获取第一随机数;User B receives the first encrypted information, and obtains a first random number after decryption;
用户B向用户A发送第二加密信息;User B sends second encrypted information to user A;
用户A接收所述第二加密信息,解密后获取第二随机数;User A receives the second encrypted information, and obtains a second random number after decryption;
用户A和用户B基于所述第一随机数和所述第二随机数执行密钥生成算法,获取密钥Key和初始化变量IV;User A and user B perform a key generation algorithm based on the first random number and the second random number to obtain a key Key and an initialization variable IV;
用户A和用户B基于所述密钥Key和所述初始化变量IV,采用AES算法的CBC模式进行加密通信。User A and user B perform encrypted communication using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV.
本申请实施例所提供的区块链上用户通信加密方法、装置、终端设备及存储介质中,首先用户A向用户B发送第一加密信息,用户B接收第一加密信息,解密后获取第一随机数;用户B向用户A发送第二加密信息,用户A接收第二加密信息,解密后获取第二随机数,用户A和用户B采用加解密随机数的方式相互获取对方发送的第一随机数和第二随机数,为后续的加密通信提供了基础。然后用户A和用户B基于第一随机数和第二随机数执行密钥生成算法,获取密钥Key和初始化变量IV,生成的密钥Key和初始化变量IV是用户A和用户B共同协商获取的,该密钥Key和初始化变量IV是通过哈希算法获取,具有数据不可逆的特点,安全性高,为实现用户A和用户B之间的通信加密提供了必要的基础。最后用户A和用户B基于密钥Key和初始化变量IV,采用AES算法的CBC模式进行加密通信,使得第三方(除用户A和用户B以外的区块链上用户)在没有密钥Key和初始化变量IV的情况下不能够获取用户A和用户B的通信内容,确保了区块链上任意两个用户进行点对点通信时通信内容的安全。In the method, device, terminal device and storage medium for user communication encryption on the blockchain provided by the embodiment of the present application, user A first sends the first encrypted information to user B, and user B receives the first encrypted information, and obtains the first after decryption. a random number; user B sends the second encrypted information to user A, user A receives the second encrypted information, and obtains the second random number after decryption, and user A and user B acquire the first random number sent by the other party by using the encryption and decryption random number The number and the second random number provide the basis for subsequent encrypted communication. Then, user A and user B execute a key generation algorithm based on the first random number and the second random number to obtain a key Key and an initialization variable IV, and the generated key Key and initialization variable IV are jointly obtained by user A and user B. The key Key and the initialization variable IV are obtained by a hash algorithm, have the characteristics of irreversible data, and have high security, and provide a necessary basis for realizing communication encryption between the user A and the user B. Finally, user A and user B perform encrypted communication using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV, so that the third party (users on the blockchain other than user A and user B) has no key Key and initialization. In the case of the variable IV, the communication contents of the user A and the user B cannot be acquired, and the communication content is secure when any two users on the blockchain perform point-to-point communication.
附图说明DRAWINGS
为了更清楚地说明本申请实施例的技术方案,下面将对本申请实施例的描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获 得其他的附图。In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings used in the description of the embodiments of the present application will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the present application. Other drawings may also be obtained from those of ordinary skill in the art based on these drawings without the inventive labor.
图1是本申请实施例1中区块链上用户通信加密方法的一流程图。1 is a flow chart of a method for encrypting user communication on a blockchain in Embodiment 1 of the present application.
图2是图1中步骤S10的一具体流程图。FIG. 2 is a specific flow chart of step S10 of FIG. 1.
图3是图2中步骤S20的一具体流程图。FIG. 3 is a specific flow chart of step S20 of FIG. 2.
图4是图1中步骤S30的一具体流程图。4 is a specific flow chart of step S30 of FIG. 1.
图5是图1中步骤S40的一具体流程图。FIG. 5 is a specific flowchart of step S40 in FIG. 1.
图6是图1中步骤S10之前的一具体流程图。Figure 6 is a specific flow chart before step S10 of Figure 1.
图7是图1中步骤S60的一具体流程图。FIG. 7 is a specific flowchart of step S60 in FIG. 1.
图8是本申请实施例2中区块链上用户通信加密装置的一原理框图。FIG. 8 is a schematic block diagram of a user communication encryption apparatus on a blockchain in Embodiment 2 of the present application.
图9是本申请实施例4中终端设备的一示意图。FIG. 9 is a schematic diagram of a terminal device in Embodiment 4 of the present application.
具体实施方式detailed description
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The technical solutions in the embodiments of the present application are clearly and completely described in the following with reference to the drawings in the embodiments of the present application. It is obvious that the described embodiments are a part of the embodiments of the present application, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present application without departing from the inventive scope are the scope of the present application.
实施例1Example 1
图1示出本实施例中区块链上用户通信加密方法的一流程图。该区块链上用户通信加密方法可应用在以区块链为技术基础的应用系统上,用于在区块链系统上用户进行点对点通信时对通信内容进行加密,实现区块链系统上用户通信加密的功能。如图1所示,该区块链上用户通信加密方法包括如下步骤:FIG. 1 is a flow chart showing a method of encrypting user communication on a blockchain in this embodiment. The user communication encryption method on the blockchain can be applied to an application system based on a blockchain technology, and is used for encrypting communication content when a user performs peer-to-peer communication on a blockchain system, thereby realizing users on the blockchain system. Communication encryption function. As shown in FIG. 1, the user communication encryption method on the blockchain includes the following steps:
S10:用户A向用户B发送第一加密信息。S10: User A sends the first encrypted information to User B.
其中,用户A和用户B是指区块链系统上任意的两个用户。本实施例中区块链上的用户应理解为在区块链系统上的各个用户节点,即区块链系统上各个相关的终端。该终端可以是通过区块链网络相连的手机、平板和电脑等终端。第一加密信息是指经过加密处理后的用户A发送给用户B的信息。该第一加密信息包括用户A生成的加密后的第一随机数。其中,第一随机数是指用户A生成的,用来与用户B进行密钥协商的随机数。User A and user B refer to any two users on the blockchain system. The user on the blockchain in this embodiment should be understood as each user node on the blockchain system, that is, each related terminal on the blockchain system. The terminal may be a terminal such as a mobile phone, a tablet, and a computer connected through a blockchain network. The first encrypted information refers to information that the user A sent to the user B after being encrypted. The first encrypted information includes the encrypted first random number generated by the user A. The first random number refers to a random number generated by the user A for performing key negotiation with the user B.
区块链是分布式数据存储、共识机制和加密算法等计算机技术的新型应用模式。区块链系统本质是一个去中心化的分布式数据库系统。本实施例中,用户A和用户B的通信过程都是在区块链上进行的,用户A在区块链系统下向用户B发送第一加密信息,以使后续用户B能够接收该第一加密信息,并解密该第一加密信息,获取第一随机数。Blockchain is a new application model for computer technologies such as distributed data storage, consensus mechanisms, and encryption algorithms. The blockchain system is essentially a decentralized distributed database system. In this embodiment, the communication process between the user A and the user B is performed on the blockchain, and the user A sends the first encrypted information to the user B under the blockchain system, so that the subsequent user B can receive the first Encrypting the information and decrypting the first encrypted information to obtain a first random number.
S20:用户B接收第一加密信息,解密后获取第一随机数。S20: User B receives the first encrypted information, and obtains the first random number after decryption.
本实施例中,用户B在区块链系统上读取用户A发送的第一加密信息,并对该第一加密信息进行解密,获取第一随机数。用户B通过获取用户A发送的第一随机数,为后续基于该第一随机数进行用户A和用户B共同协商生成的密钥Key和初始化变量IV提供了基础。In this embodiment, the user B reads the first encrypted information sent by the user A on the blockchain system, and decrypts the first encrypted information to obtain the first random number. The user B obtains the basis of the key key and the initialization variable IV generated by the user A and the user B jointly negotiated based on the first random number by acquiring the first random number sent by the user A.
S30:用户B向用户A发送第二加密信息。S30: User B sends the second encrypted information to User A.
第二加密信息是指经过加密处理后的用户B发送给用户A的信息,该第二加密信息包括用户B生成的加密后的第二随机数。其中,第二随机数是指用户B生成的,用来与用户 A进行密钥协商的随机数。用户B在区块链系统下向用户A发送第二加密信息,以使后续用户A接收该第二加密信息,并解密该第二加密信息,获取第二随机数。The second encrypted information refers to the information sent by the user B to the user A after the encryption process, and the second encrypted information includes the encrypted second random number generated by the user B. The second random number refers to a random number generated by the user B for performing key negotiation with the user A. The user B sends the second encrypted information to the user A under the blockchain system, so that the subsequent user A receives the second encrypted information, and decrypts the second encrypted information to obtain a second random number.
S40:用户A接收第二加密信息,解密后获取第二随机数。S40: User A receives the second encrypted information, and obtains the second random number after decryption.
本实施例中,用户A在区块链系统上读取接收用户B发送的第二加密信息,并对该第二加密信息进行解密,获取第二随机数。用户A通过获取用户B发送的第二随机数,为后续基于该第二随机数进行用户A和用户B共同协商生成的密钥Key和初始化变量IV提供了基础。In this embodiment, the user A reads the second encrypted information sent by the user B on the blockchain system, and decrypts the second encrypted information to obtain a second random number. The user A provides a basis for the subsequent generation of the key Key and the initialization variable IV jointly generated by the user A and the user B based on the second random number by acquiring the second random number sent by the user B.
S50:用户A和用户B基于第一随机数和第二随机数执行密钥生成算法,获取密钥Key和初始化变量IV。S50: User A and User B execute a key generation algorithm based on the first random number and the second random number to obtain a key Key and an initialization variable IV.
本实施例中,在用户B获取用户A生成并发送的第一随机数和用户A获取用户B生成并发送的第二随机数后,用户A和用户B基于第一随机数和第二随机数同时执行密钥生成算法,并根据该密钥生成算法同时获取密钥Key和初始化变量IV(密钥Key和初始化变量IV为后续用户在区块链系统上通信加密过程所需的基础条件)。通过采用在区块链系统上只有用户A和用户B知道的第一随机数和第二随机数,结合密钥生成算法,生成安全可靠并且只有用户A和用户B拥有的密钥Key和初始化变量IV。In this embodiment, after user B acquires the first random number generated and sent by user A and user A obtains the second random number generated and sent by user B, user A and user B are based on the first random number and the second random number. At the same time, the key generation algorithm is executed, and according to the key generation algorithm, the key Key and the initialization variable IV are simultaneously acquired (the key Key and the initialization variable IV are basic conditions required for the subsequent user to encrypt and encrypt the process on the blockchain system). By using the first random number and the second random number known only to the user A and the user B on the blockchain system, combined with the key generation algorithm, a key Key and an initialization variable which are safe and reliable and only owned by the user A and the user B are generated. IV.
S60:用户A和用户B基于密钥Key和初始化变量IV,采用AES算法的CBC模式进行加密通信。S60: User A and User B perform encrypted communication using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV.
其中,AES算法是一种对称分组密码体制,采用代替/置换网络,每轮由线性混合层、非线性层和密钥加密层组成。其中,线性混合层用于确保多轮之上的高度扩散,非线性层由16个S盒组成并起到混淆的作用,密钥加密层用于将子密钥异或到中间状态。AES是一个迭代分组密码,其分组长度和密钥长度都是可变的,只是为了满足AES的要求才限定处理的分组大小为128位,而密钥长度为128位、192位或256位,相应的迭代轮数N,为10轮、12轮和14轮。AES汇聚了安全性能、效率、可实现性和灵活性等优点。最大的优点是可以给出算法的最佳查分特征的概率,并分析算法抵抗查分密码分析及线性密码分析的能力。CBC模式是一种分组加密模式,对于每个待加密的密码块在加密前会先与前一个密码块的密文异或(特别地,第一个明文块与一个叫初始化向量IV的数据块异或),然后再用加密器加密。AES-CBC模式即采用加解密模式为CBC,算法采用AES算法的加解密方式。Among them, the AES algorithm is a symmetric block cipher system, which adopts a replacement/replacement network, and each round consists of a linear mixed layer, a nonlinear layer and a key encryption layer. Among them, the linear mixed layer is used to ensure high spread over multiple rounds, the nonlinear layer is composed of 16 S boxes and plays a role of confusion, and the key encryption layer is used to XOR the subkeys to the intermediate state. AES is an iterative block cipher whose packet length and key length are both variable, except that the packet size for processing is limited to 128 bits in order to meet the requirements of AES, and the key length is 128 bits, 192 bits or 256 bits. The corresponding number of iterations N is 10 rounds, 12 rounds and 14 rounds. AES brings together the benefits of security, efficiency, achievability and flexibility. The biggest advantage is that it can give the probability of the best scoring feature of the algorithm, and analyze the ability of the algorithm to resist cryptanalysis and linear cryptanalysis. The CBC mode is a packet encryption mode. For each cipher block to be encrypted, it is XORed with the ciphertext of the previous cipher block before encryption (in particular, the first plaintext block and a data block called the initialization vector IV). XOR), then encrypt it with a cipher. The AES-CBC mode uses the encryption and decryption mode as CBC, and the algorithm uses the AES algorithm to encrypt and decrypt.
本实施例中,用户A和用户B基于双方共同协商获取的安全可靠并且只有用户A和用户B拥有的密钥Key和初始化变量IV,采用AES算法和采用CBC模式实现用户在区块链上的加密通信。In this embodiment, user A and user B are securely and reliably obtained based on mutual agreement and only the key Key and initialization variable IV owned by user A and user B are used, and the user is on the blockchain by adopting the AES algorithm and adopting the CBC mode. Encrypted communication.
本实施例中,结合区块链系统自身的性质和特点,通过一系列的关联加密操作,层层提高安全性,确保了在区块链系统上用户通信的安全。首先用户A向用户B发送第一加密信息,用户B接收第一加密信息,解密后获取第一随机数;用户B向用户A发送第二加密信息,用户A接收第二加密信息,解密后获取第二随机数,用户A和用户B采用加解密随机数的方式相互获取对方发送的第一随机数和第二随机数,为后续的加密通信提供了基础。然后用户A和用户B基于第一随机数和第二随机数执行密钥生成算法,获取密钥Key和初始化变量IV,生成的密钥Key和初始化变量IV是用户A和用户B共同协商获取的, 该密钥Key和初始化变量IV是通过哈希算法获取,具有数据不可逆的特点,安全性高,为实现用户A和用户B之间的通信加密提供了必要的基础。最后用户A和用户B基于密钥Key和初始化变量IV,采用AES算法的CBC模式进行加密通信,使得第三方(除用户A和用户B以外的区块链上用户)在没有密钥Key和初始化变量IV的情况下不能够获取用户A和用户B的通信内容,确保了区块链上任意两个用户进行点对点通信时通信内容的安全。In this embodiment, combined with the nature and characteristics of the blockchain system itself, through a series of associated encryption operations, layers are layered to improve security, ensuring the security of user communication on the blockchain system. First, user A sends the first encrypted information to user B, user B receives the first encrypted information, and obtains the first random number after decryption; user B sends the second encrypted information to user A, and user A receives the second encrypted information, and obtains the second encrypted information. The second random number, the user A and the user B acquire the first random number and the second random number sent by the other party by using the encryption and decryption random number, which provides a basis for the subsequent encrypted communication. Then, user A and user B execute a key generation algorithm based on the first random number and the second random number to obtain a key Key and an initialization variable IV, and the generated key Key and initialization variable IV are jointly obtained by user A and user B. The key Key and the initialization variable IV are obtained by a hash algorithm, have the characteristics of irreversible data, and have high security, and provide a necessary basis for realizing communication encryption between the user A and the user B. Finally, user A and user B perform encrypted communication using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV, so that the third party (users on the blockchain other than user A and user B) has no key Key and initialization. In the case of the variable IV, the communication contents of the user A and the user B cannot be acquired, and the communication content is secure when any two users on the blockchain perform point-to-point communication.
在一具体实施方式中,如图2所示,步骤S10中,用户A向用户B发送第一加密信息,具体包括如下步骤:In a specific implementation, as shown in FIG. 2, in step S10, the user A sends the first encryption information to the user B, which specifically includes the following steps:
S11:用户A从用户B的用户证书中获取第二公钥。S11: User A obtains the second public key from the user certificate of user B.
其中,用户证书是由区块链上的系统根证书对每一用户发放的用于验证用户身份的证书。区块链上的每一用户均有唯一的用户证书。该系统根证书是在区块链上自定义设置的,具体可以为区块链上系统管理员创建一个独一无二的键值对,该键值对的键为Key=ROOT,值value=cert,cert即系统根证书。系统根证书包括一对相对应的公钥和私钥(即一对密钥),公钥用于用户验证,私钥用于加密原始的用户证书(即还未经过系统根证书进行数字签名的用户证书)。系统根证书在给区块链上的每一用户发放用户证书的时候为用户证书生成一对密钥对,以使区块链上的任意两个用户进行点对点通信时,可基于其对应的用户证书进行身份验证。区块链系统上进行的用户验证无需通过外部的第三方证书签发机构实现,提高了区块链系统用户之间验证的可靠性。The user certificate is a certificate issued by each system for verifying the identity of the user by the system root certificate on the blockchain. Each user on the blockchain has a unique user certificate. The root certificate of the system is customized on the blockchain. Specifically, the system administrator on the blockchain can create a unique key-value pair. The key of the key-value pair is Key=ROOT, value=cert, cert The system root certificate. The system root certificate includes a pair of corresponding public and private keys (ie, a pair of keys). The public key is used for user authentication, and the private key is used to encrypt the original user certificate (that is, the digital certificate has not been digitally signed by the system root certificate). User certificate). The system root certificate generates a pair of key pairs for the user certificate when the user certificate is issued to each user on the blockchain, so that any two users on the blockchain can perform peer-to-peer communication based on their corresponding users. The certificate is authenticated. User authentication performed on the blockchain system does not need to be implemented by an external third-party certificate issuing authority, which improves the reliability of authentication between users of the blockchain system.
本实施例中,用户A通过区块链系统与用户B进行通信,双方需要先进行用户认证后才能继续通信,如用户B要验证用户A是否为区块链系统上的合法用户,用户B会读取区块链系统上的系统根证书,采用系统根证书的公钥对用户A的用户证书进行解密验证,若解密结果包括系统根证书的数字签名,则认为用户A是区块链系统上的合法用户。在验证身份合法后,用户A将获取用户B的用户证书中的第二公钥,以便后续采用该第二公钥对用户A生成的第一随机数进行加密。其中,第二公钥是用户B的用户证书中存储的公钥。In this embodiment, user A communicates with user B through the blockchain system, and both parties need to perform user authentication before continuing communication. For example, user B needs to verify whether user A is a legitimate user on the blockchain system, and user B will The system root certificate on the blockchain system is read, and the user certificate of the user A is decrypted and verified by using the public key of the system root certificate. If the decryption result includes the digital signature of the system root certificate, the user A is considered to be on the blockchain system. Legal user. After verifying the identity of the identity, the user A will obtain the second public key in the user certificate of the user B, so as to subsequently encrypt the first random number generated by the user A by using the second public key. The second public key is a public key stored in the user certificate of the user B.
S12:用户A生成第一随机数,采用第二公钥加密第一随机数,获取第一加密信息。S12: User A generates a first random number, and encrypts the first random number by using a second public key to obtain first encrypted information.
本实施例中,用户A在区块链上生成第一随机数,采用用户B的用户证书中的第二公钥对该第一随机数进行加密,获取第一加密信息。可以理解地,在对第一随机数加密之前,可以在该第一随机数之前加上“密钥协商1”的前缀,以通过该前缀表明或区分该待加密的第一随机数的用途,从而使得用户B在解密第一加密信息后,可以根据该前缀获知该解密后的第一随机数是用户A和用户B之间进行密钥协商的随机数。In this embodiment, the user A generates a first random number on the blockchain, and encrypts the first random number by using the second public key in the user certificate of the user B to obtain the first encrypted information. It can be understood that before the first random number is encrypted, a prefix of “key negotiation 1” may be added before the first random number to indicate or distinguish the use of the first random number to be encrypted by the prefix. Therefore, after decrypting the first encrypted information, the user B can learn, according to the prefix, that the decrypted first random number is a random number for performing key negotiation between the user A and the user B.
S13:用户A通过区块链系统向用户B发送第一加密信息。S13: User A sends the first encrypted information to User B through the blockchain system.
本实施例中,结合区块链自身的性质特点,区块链上用户A能通过区块链系统向用户B发送第一加密信息。具体地,可以通过以下两种方式实现:In this embodiment, in combination with the nature of the blockchain itself, the user A on the blockchain can send the first encrypted information to the user B through the blockchain system. Specifically, it can be implemented in the following two ways:
第一种通信方式,在区块链上设置用户的通信地址,以便基于该通信地上实现区块链上的用户通信。用户的通信地址具体可以为用户的邮箱地址。本实施例中,首先设置用户A和用户B的邮箱地址,如将用户A的邮箱地址表示为MailuserAAA。用户A和用户B的邮箱地址都是以键值对的方式创建,邮箱地址是键值对中的键。用户A的邮箱地址对应的值是Ma,用户B的邮箱地址对应的值是Mb。在发送数据的时候,用户A读取用户B的邮箱地址,根据该邮箱地址获取值Mb,在值Mb中添加键Kab(键Kab对应的值为Data1), 即完成了发送数据Data1的过程,以使后续用户B通过自身的通信地址即可获取对应的值Mb中新添加的键Kab,从而根据键Kab获取对应的值Data1,该值Data1在本实施例中即第一加密信息。In the first communication mode, the user's communication address is set on the blockchain to implement user communication on the blockchain based on the communication. The user's communication address can be specifically the user's email address. In this embodiment, the email addresses of user A and user B are first set, for example, the email address of user A is represented as MailuserAAA. User A and User B's email addresses are created in a key-value pair, and the email address is the key in the key-value pair. The value corresponding to the email address of user A is Ma, and the value corresponding to the email address of user B is Mb. When sending data, user A reads the email address of user B, obtains the value Mb according to the email address, and adds a key Kab to the value Mb (the value corresponding to the key Kab is Data1), that is, the process of sending the data Data1 is completed. In order to enable the subsequent user B to obtain the newly added key Kab in the corresponding value Mb through its own communication address, the corresponding value Data1 is obtained according to the key Kab, which is the first encrypted information in this embodiment.
第二种通信方式,在区块链系统上设置用户A和用户B的用户地址,如用户A的用户地址可以表示为userAAA,用户A在区块链上创建一个键值对,该键值对的键为Kab(与上述第1种方法的kab命名相同,具体内容不同),值为Data1(该Data1在本实施例中即第一加密信息)。把该键Kab设置为特定形式Kab=数据前缀+用户B的用户地址+用户A的用户地址,其中,数据前缀是用来区分数据的标识。通过将键kab设置为这种特定形式,在区块链系统上创建键为kab,对应的值为Data1的键值对,即完成了发送数据的过程,以使后续用户B通过查询字段为“数据前缀+用户B的用户地址”的模糊查询的方式获取所有以数据前缀+用户B的用户地址开头的键,从而获得键Kab,并通过键Kab得到值Data1。In the second communication mode, the user addresses of user A and user B are set on the blockchain system. For example, the user address of user A can be represented as userAAA, and user A creates a key-value pair on the blockchain, and the key-value pair The key is Kab (the same as the kab name of the first method described above, and the specific content is different), and the value is Data1 (this Data1 is the first encrypted information in this embodiment). The key Kab is set to a specific form Kab = data prefix + user address of user B + user address of user A, wherein the data prefix is an identifier used to distinguish data. By setting the key kab to this specific form, the key is created as a kab on the blockchain system, and the corresponding value is the key-value pair of Data1, that is, the process of sending data is completed, so that the subsequent user B passes the query field as " The fuzzy query of the data prefix + user B's user address obtains all the keys starting with the data prefix + user B's user address, thereby obtaining the key Kab, and obtaining the value Data1 by the key Kab.
在一具体实施方式中,如图3所示,步骤S20中,用户B接收第一加密信息,解密后获取第一随机数,具体包括如下步骤:In a specific implementation, as shown in FIG. 3, in step S20, the user B receives the first encrypted information, and obtains the first random number after decryption, which specifically includes the following steps:
S21:用户B通过区块链系统接收用户A发送的第一加密信息。S21: User B receives the first encrypted information sent by user A through the blockchain system.
本实施例中,用户B通过区块链系统,根据区块链系统自身的性质和特点,接收用户A发送的第一加密信息。具体地,如步骤S13列举出的两种用户在区块链上进行通信的方式,如果是采用第一种通信方式,则用户B接收用户A发送的信息具体是通过读取自身的邮箱地址,根据该邮箱地址(邮箱地址是一个键)获取对应的值Mb,然后从值Mb中获取到用户A添加到值Mb中的键Kab,再根据键Kab与值Data1是一个键值对的关系,直接根据键Kab获取值Data1。在本实施例中,值Data1即用户A想要发送给用户B的第一加密信息。如果是采用步骤S13中的第二种通信方式,根据特定形式的键Kab=数据前缀+用户B的用户地址+用户A的用户地址,用户B将在区块链系统上以模糊查询的方式查询字段“数据前缀+用户B的用户地址”,获取所有以字段“数据前缀+用户B的用户地址”的信息,其中,获取到的信息包括键Kab,最后根据键Kab获取对应的值Data1,也即获取用户A发送的第一加密信息。基于区块链系统自身的性质和特点,使得用户B能够通过区块链系统接收获取用户A发送的第一加密信息。In this embodiment, the user B receives the first encrypted information sent by the user A according to the nature and characteristics of the blockchain system through the blockchain system. Specifically, if the two types of users listed in step S13 communicate on the blockchain, if the first communication mode is adopted, the user B receives the information sent by the user A by reading the email address of the user. Obtaining the corresponding value Mb according to the email address (the email address is a key), and then obtaining the key Kab added by the user A to the value Mb from the value Mb, and then according to the relationship between the key Kab and the value Data1 being a key value pair, The value Data1 is obtained directly from the key Kab. In the present embodiment, the value Data1 is the first encrypted information that the user A wants to send to the user B. If the second communication method in step S13 is adopted, according to the specific form of the key Kab=data prefix+user B user address+user A user address, user B will query by fuzzy query on the blockchain system. The field "data prefix + user address of user B" obtains all the information of the field "data prefix + user address of user B", wherein the obtained information includes the key Kab, and finally the corresponding value Data1 is obtained according to the key Kab. That is, the first encrypted information sent by the user A is obtained. Based on the nature and characteristics of the blockchain system, the user B can receive the first encrypted information sent by the user A through the blockchain system.
S22:用户B采用与第二公钥相对应的第二私钥解密第一加密信息,获取第一随机数。S22: The user B decrypts the first encrypted information by using a second private key corresponding to the second public key to obtain the first random number.
用户B在获取用户A发送的第一加密信息之后,由于第一加密信息是采用用户B的用户证书的公钥(即本实施例中的第二公钥)加密获取的,故解密该第一加密信息需要用户B的用户证书的私钥(即本实施例中的第二私钥)。本实施例中,用户B采用与第二公钥对应的第二私钥解密第一加密信息,解密后获取由用户A生成的第一随机数。After the user B obtains the first encrypted information sent by the user A, the first encrypted information is obtained by using the public key of the user certificate of the user B (that is, the second public key in this embodiment), so that the first decryption is performed. The encrypted information requires the private key of the user certificate of User B (ie, the second private key in this embodiment). In this embodiment, the user B decrypts the first encrypted information by using the second private key corresponding to the second public key, and obtains the first random number generated by the user A after decryption.
本实施例中,通过在区块链自定义设置的系统根证书,采用该系统根证书生成区块链上用户的用户证书,并通过该用户证书的密钥对(公钥和私钥)实现区块链上用户生成的随机数进行加密发送、解密获取的随机数交换过程,达到区块链系统上用户交换随机数,为后续根据该随机数生成密钥Key和初始化变量IV提供了基础。In this embodiment, by using the system root certificate customized in the blockchain, the system root certificate is used to generate the user certificate of the user on the blockchain, and the key pair (public key and private key) of the user certificate is implemented. The random number exchanged by the user-generated random number on the blockchain is used to encrypt and send the random number exchange process, and the user exchanges the random number on the blockchain system, which provides a basis for generating the key Key and the initialization variable IV according to the random number.
在一具体实施方式中,如图4所示,步骤S30中,用户B向用户A发送第二加密信息,具体包括如下步骤:In a specific implementation, as shown in FIG. 4, in step S30, the user B sends the second encryption information to the user A, which specifically includes the following steps:
S31:用户B从用户A的用户证书中获取第一公钥。S31: User B obtains the first public key from the user certificate of user A.
与步骤S11相似,参考步骤S11的实现过程,在此不再赘述。Similar to step S11, refer to the implementation process of step S11, and details are not described herein again.
S32:用户B生成第二随机数,采用第一公钥加密第二随机数,获取第二加密信息。S32: User B generates a second random number, and encrypts the second random number by using the first public key to obtain second encrypted information.
与步骤S12相似,参考步骤S11的实现过程,在此不再赘述。Similar to step S12, refer to the implementation process of step S11, and details are not described herein again.
S33:用户B通过区块链系统向用户A发送第二加密信息。S33: User B sends the second encrypted information to user A through the blockchain system.
与步骤S13相似,参考步骤S11的实现过程,在此不再赘述。Similar to step S13, refer to the implementation process of step S11, and details are not described herein again.
在一具体实施方式中,如图5所示,步骤S40中,用户A接收第二加密信息,解密后获取第二随机数,具体包括如下步骤:In a specific implementation, as shown in FIG. 5, in step S40, user A receives the second encrypted information, and obtains the second random number after decryption, which specifically includes the following steps:
S41:用户A通过区块链系统接收用户B发送的第二加密信息。S41: User A receives the second encrypted information sent by user B through the blockchain system.
与步骤S21相似,参考步骤S21的实现过程,在此不再赘述。Similar to step S21, refer to the implementation process of step S21, and details are not described herein again.
S42:用户A采用与第一公钥相对应的第一私钥解密第二加密信息,获取第二随机数。S42: User A decrypts the second encrypted information by using the first private key corresponding to the first public key to obtain a second random number.
与步骤S22相似,参考步骤S22的实现过程,在此不再赘述。Similar to step S22, refer to the implementation process of step S22, and details are not described herein again.
在一具体实施方式中,如图6所示,在步骤S10之前,即用户A向用户B发送第一加密信息的步骤之前,该区块链上用户通信加密方法还包括如下步骤:In a specific embodiment, as shown in FIG. 6, before the step S10, that is, before the user A sends the first encrypted information to the user B, the user communication encryption method on the blockchain further includes the following steps:
S101:用户A和用户B预先查询各自的本地数据库。S101: User A and User B query their respective local databases in advance.
区块链系统本质是一个去中心化的分布式数据库系统。本实施例中,区块链系统上任意的两个用户(即用户A和用户B)进行通信之前,会预先查询各自的本地数据库。可以理解地,该步骤的目的为在通信之前查询本地数据库以确定是否有现成的、直接可用的密钥Key和初始化变量IV。The blockchain system is essentially a decentralized distributed database system. In this embodiment, before any two users (ie, user A and user B) on the blockchain system communicate, the respective local databases are queried in advance. As can be appreciated, the purpose of this step is to query the local database prior to communication to determine if there is an existing, directly available key Key and initialization variable IV.
S102:若本地数据库中存在密钥Key和初始化变量IV,则查看密钥Key和初始化变量IV的创建时间。S102: If the key Key and the initialization variable IV exist in the local database, check the creation time of the key Key and the initialization variable IV.
本实施例中,若在本地数据库中已经存在通信过程所需的密钥Key和初始化变量IV,则需要查看该密钥Key和初始化变量IV的创建时间,以确定该密钥Key和初始化变量IV是否可以使用。In this embodiment, if the key Key and the initialization variable IV required for the communication process already exist in the local database, the creation time of the key Key and the initialization variable IV needs to be checked to determine the key Key and the initialization variable IV. Can it be used?
S103:若创建时间未超过预设有效时间,则采用已存在的密钥Key和初始化变量IV,采用AES算法的CBC模式进行加密通信。S103: If the creation time does not exceed the preset valid time, the existing key Key and the initialization variable IV are used, and the CBC mode of the AES algorithm is used for the encrypted communication.
其中,预设有效时间是指预先设置、约定好的密钥Key和初始化变量IV的有效时间段。本实施例中,若密钥Key和初始化变量IV的创建时间未超过预设有效时间,则可以采用该已保存在本地数据库中的密钥Key和初始化变量IV,并采用AES算法的CBC模式进行加密通信,保证区块链系统上用户进行通信的安全。The preset effective time refers to a valid time period of the preset key key and the initialization variable IV. In this embodiment, if the creation time of the key Key and the initialization variable IV does not exceed the preset effective time, the key Key and the initialization variable IV that have been saved in the local database may be used, and the CBC mode of the AES algorithm is used. Encrypted communication ensures the security of communication on the blockchain system.
在一具体实施方式中,步骤S50中,密钥生成算法具体为:In a specific implementation, in step S50, the key generation algorithm is specifically:
C(0)=Hash(random1)C(0)=Hash(random1)
C(n)=HMAC C(n-1)(Hash(random2)) C(n)=HMAC C(n-1) (Hash(random2))
Key=HMAC Hash(random1||random2)(C0+C1) Key=HMAC Hash(random1||random2) (C0+C1)
IV=HMAC Hash(random1||random2)(C0+C2) IV=HMAC Hash(random1||random2) (C0+C2)
其中,random1表示第一随机数,random2表示第二随机数,n为大于0的正整数,Hash 表示哈希函数,算法采用SHA256算法,HMAC是指与密钥相关的哈希运算,算法采用SHA256算法,||表示连接操作。Where random1 represents the first random number, random2 represents the second random number, n is a positive integer greater than 0, Hash represents a hash function, the algorithm uses the SHA256 algorithm, and HMAC refers to the key-related hash operation, the algorithm uses SHA256 Algorithm, || indicates the connection operation.
本实施例中,用户A和用户B同时执行上述生成密钥Key和初始化变量IV的密钥生成算法,第一随机数和第二随机数只有用户A和用户B知道,提高了区块链系统上通信的安全性。该算法结合第一随机数和第二随机数的特点,采用哈希算法(即Hash算法)生成多个信息摘要(如C0、C1和C2),根据第一随机数、第二随机数和生成的信息摘要(如C0、C1和C2),通过哈希算法(又称为单向散列算法)生成获取密钥Key和初始化变量IV,为后续基于该密钥Key和初始化变量IV进行区块链系统上用户通信加密提供了坚实的基础,提高区块链系统上用户通信的安全性。In this embodiment, the user A and the user B simultaneously execute the key generation algorithm of generating the key Key and the initialization variable IV, and the first random number and the second random number are known only by the user A and the user B, and the blockchain system is improved. The security of communication. The algorithm combines the characteristics of the first random number and the second random number, and uses a hash algorithm (ie, Hash algorithm) to generate multiple information digests (such as C0, C1, and C2), according to the first random number, the second random number, and the generated. Summary of information (such as C0, C1, and C2), through the hash algorithm (also known as one-way hash algorithm) to generate the acquisition key Key and initialization variable IV, for subsequent block based on the key Key and initialization variable IV User communication encryption on the chain system provides a solid foundation for improving the security of user communications on the blockchain system.
需要说明的是,SHA256算法是哈希算法中的一种,与本实施例中AES算法是不同的算法。生成密钥Key和初始化变量IV需要用到SHA256算法,用户通信加密需要用到AES算法。It should be noted that the SHA256 algorithm is one of the hash algorithms, and is different from the AES algorithm in this embodiment. The SHA256 algorithm is required to generate the key Key and the initialization variable IV, and the AES algorithm is required for user communication encryption.
在一具体实施方式中,如图7所示,步骤S60中,用户A和用户B基于密钥Key和初始化变量IV,采用AES算法的CBC模式进行加密通信,具体包括如下步骤:In a specific implementation, as shown in FIG. 7, in step S60, user A and user B perform encrypted communication using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV, and specifically include the following steps:
S61:用户A以键值对的方式将数据K:V写到区块链上,其中K代表键,V代表值。S61: User A writes data K:V to the blockchain in a key-value pair, where K represents a key and V represents a value.
S62:用户A基于密钥Key和初始化变量IV采用AES算法的CBC模式对K进行加密,获取KC,KC=AES_CBC(K)。S62: User A encrypts K based on the key Key and initialization variable IV in the CBC mode of the AES algorithm, and obtains KC, KC=AES_CBC(K).
S63:用户A基于密钥Key和初始化变量IV采用AES算法的CBC模式对V进行加密,获取VC,VC=AES_CBC(V)。S63: User A encrypts V by using CBC mode of AES algorithm based on key Key and initialization variable IV, and obtains VC, VC=AES_CBC(V).
S64:用户A将数据{KC:VC+IV}写到区块链上。S64: User A writes the data {KC:VC+IV} to the blockchain.
S65:用户B在区块链上读取KC,根据KC获取VC和初始化变量IV。S65: User B reads KC on the blockchain, and obtains VC and initialization variable IV according to KC.
S66:用户B基于密钥Key和初始化变量IV采用AES算法的CBC模式对KC进行解密,获取K,K=AES_CBC(KC)。S66: User B decrypts KC by using CBC mode of AES algorithm based on key Key and initialization variable IV, and obtains K, K=AES_CBC(KC).
S67:用户B基于密钥Key和初始化变量IV采用AES算法的CBC模式对VC进行解密,获取V,V=AES_CBC(VC)。S67: User B decrypts the VC by using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV, and obtains V, V=AES_CBC (VC).
S68:用户B获取数据K:V。S68: User B obtains data K:V.
本实施例中,步骤S61-S64是用户A基于密钥Key和初始化变量IV,采用AES算法的CBC模式对通信内容进行加密的过程。相应地,步骤S65-S68是用户B基于密钥Key和初始化变量IV,采用AES算法的CBC模式对通信内容进行解密的过程。区块链上的任一用户(如用户A)均可通过步骤S61-S64在所要进行加密通信的数据写到区块链上,使得只有拥有密钥Key和初始化变量IV的用户(如与用户A通信的用户B)才可解密读取区块链上的这一加密的数据。通信内容即通信的数据是采用键值对的方式存储的,该AES算法的CBC模式对键值对模式存储的数据进行加密,并且很好地采用、结合了密钥Key和初始化变量IV,使得区块链上用户通信加密过程更安全可靠。In this embodiment, steps S61-S64 are processes in which the user A encrypts the communication content using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV. Accordingly, steps S65-S68 are processes in which the user B decrypts the communication content using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV. Any user on the blockchain (such as user A) can write the data to be encrypted and communicated to the blockchain through steps S61-S64, so that only the user who owns the key Key and the initialization variable IV (such as the user) The user B) of the A communication can decrypt the encrypted data on the read blockchain. The communication content, that is, the communication data is stored in a key value pair. The CBC mode of the AES algorithm encrypts the data stored in the key value pair mode, and the key Key and the initialization variable IV are well adopted, so that The user communication encryption process on the blockchain is more secure and reliable.
本实施例所提供的区块链上用户通信加密方法中,首先用户A向用户B发送第一加密信息,用户B接收第一加密信息,解密后获取第一随机数;用户B向用户A发送第二加密信息,用户A接收第二加密信息,解密后获取第二随机数,用户A和用户B采用加解密随机数的方式相互获取对方发送的第一随机数和第二随机数,为后续根据该第一随机数和第 二随机数生成密钥Key和初始化变量IV,并根据密钥Key和初始化变量IV的加密通信提供了基础。然后用户A和用户B基于第一随机数和第二随机数执行密钥生成算法,获取密钥Key和初始化变量IV,生成的密钥Key和初始化变量IV是用户A和用户B通过第一随机数和第二随机数共同协商获取的,该密钥Key和初始化变量IV是通过哈希算法获取,具有数据不可逆的特点,安全性高,为实现用户A和用户B之间的通信加密提供了必要的基础。最后用户A和用户B基于密钥Key和初始化变量IV,采用AES算法的CBC模式进行加密通信,使得第三方(除用户A和用户B以外的区块链上用户)在没有密钥Key和初始化变量IV的情况下不能够获取用户A和用户B的通信内容,确保了区块链上任意两个用户进行点对点通信时通信内容的安全。In the method for encrypting user communication on the blockchain provided in this embodiment, first, user A sends the first encrypted information to user B, and user B receives the first encrypted information, and obtains the first random number after decryption; user B sends the message to user A. The second encrypted information is obtained by the user A, and the second random number is obtained after the decryption is performed. The user A and the user B obtain the first random number and the second random number sent by the other party by using the encryption and decryption random number. The key Key and the initialization variable IV are generated based on the first random number and the second random number, and provide a basis for encrypted communication according to the key Key and the initialization variable IV. Then user A and user B execute a key generation algorithm based on the first random number and the second random number to obtain a key Key and an initialization variable IV, and the generated key Key and initialization variable IV are user A and user B passing the first random The number and the second random number are jointly negotiated, and the key Key and the initialization variable IV are obtained by a hash algorithm, and have the characteristics of irreversible data, high security, and provide for encrypting communication between user A and user B. The necessary foundation. Finally, user A and user B perform encrypted communication using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV, so that the third party (users on the blockchain other than user A and user B) has no key Key and initialization. In the case of the variable IV, the communication contents of the user A and the user B cannot be acquired, and the communication content is secure when any two users on the blockchain perform point-to-point communication.
本实施例所提供的区块链上用户通信加密方法还结合了区块链的性质和特点,在区块链系统上设置系统根证书;在区块链系统上实现并进行任意两个用户的点对点通信,即通过在区块链系统上虚拟出一条通信通道,实现区块链上任意两个用户之间的数据通信。用户只需要维护与区块链网络的通信,即可实现数据共享存储和所有用户间的数据通信,可以有效地简化应用系统的构建难度,降低系统复杂性,增强区块链系统的安全性和健壮性。通过借助于区块链系统本身的性质和特点,使得区块链系统上用户的通信过程都处在一个统一的系统下,不借助其他第三方系统、认证机构和工具,进一步确保区块链上用户通信的安全。The user communication encryption method on the blockchain provided by this embodiment further combines the nature and characteristics of the blockchain, and sets a system root certificate on the blockchain system; implements and performs any two users on the blockchain system. Point-to-point communication, that is, by virtualizing a communication channel on the blockchain system, data communication between any two users on the blockchain is realized. Users only need to maintain communication with the blockchain network to realize data sharing storage and data communication between all users, which can effectively simplify the construction of application systems, reduce system complexity, and enhance the security of blockchain systems. Robustness. By means of the nature and characteristics of the blockchain system itself, the communication process of users on the blockchain system is under a unified system, and the blockchain is further ensured without the help of other third-party systems, certification bodies and tools. User communication security.
应理解,上述实施例中各步骤的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本申请实施例的实施过程构成任何限定。It should be understood that the size of the sequence of the steps in the above embodiments does not mean that the order of execution is performed. The order of execution of each process should be determined by its function and internal logic, and should not be construed as limiting the implementation process of the embodiments of the present application.
实施例2Example 2
图8示出与实施例1中区块链上用户通信加密方法一一对应的区块链上用户通信加密装置的原理框图。如图8所示,该区块链上用户通信加密装置包括第一加密信息发送模块10、第一随机数获取模块20、第二加密信息发送模块30、第二随机数获取模块40、密钥和初始化变量获取模块50和加密通信模块60。其中,第一加密信息发送模块10、第一随机数获取模块20、第二加密信息发送模块30、第二随机数获取模块40、密钥和初始化变量获取模块50和加密通信模块60的实现功能与实施例1中区块链上用户通信加密方法对应的步骤一一对应,为避免赘述,本实施例不一一详述。Fig. 8 is a block diagram showing the principle of the user communication encryption device on the block chain corresponding to the user communication encryption method on the blockchain in the first embodiment. As shown in FIG. 8, the user communication encryption device on the blockchain includes a first encrypted information sending module 10, a first random number obtaining module 20, a second encrypted information sending module 30, a second random number obtaining module 40, and a key. And the initialization variable acquisition module 50 and the encryption communication module 60. The first encryption information sending module 10, the first random number obtaining module 20, the second encrypted information sending module 30, the second random number obtaining module 40, the key and initialization variable obtaining module 50, and the encryption communication module 60 are implemented. The steps corresponding to the user communication encryption method on the blockchain in the first embodiment are in one-to-one correspondence. To avoid redundancy, the present embodiment will not be described in detail.
第一加密信息发送模块10,用于用户A向用户B发送第一加密信息。The first encrypted information sending module 10 is configured to send the first encrypted information to the user B by the user A.
第一随机数获取模块20,用于用户B接收第一加密信息,解密后获取第一随机数。The first random number obtaining module 20 is configured to receive the first encrypted information by the user B, and obtain the first random number after decryption.
第二加密信息发送模块30,用于用户B向用户A发送第二加密信息。The second encrypted information sending module 30 is configured to send the second encrypted information to the user A by the user B.
第二随机数获取模块40,用于用户A接收第二加密信息,解密后获取第二随机数。The second random number obtaining module 40 is configured to receive the second encrypted information by the user A, and obtain the second random number after decryption.
密钥和初始化变量获取模块50,用于用户A和用户B基于第一随机数和第二随机数执行密钥生成算法,获取密钥Key和初始化变量IV。The key and initialization variable obtaining module 50 is configured to perform a key generation algorithm based on the first random number and the second random number by the user A and the user B, and acquire the key Key and the initialization variable IV.
加密通信模块60,用于用户A和用户B基于密钥Key和初始化变量IV,采用AES算法的CBC模式进行加密通信。The encrypted communication module 60 is configured for the user A and the user B to perform encrypted communication using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV.
优选地,第一加密信息发送模块10包括第二公钥获取单元11、第一加密信息获取单元12和第一加密信息发送单元13。Preferably, the first encrypted information transmitting module 10 includes a second public key obtaining unit 11, a first encrypted information acquiring unit 12, and a first encrypted information transmitting unit 13.
第二公钥获取单元11,用于用户A从用户B的用户证书中获取第二公钥。The second public key obtaining unit 11 is configured to obtain the second public key from the user certificate of the user B.
第一加密信息获取单元12,用于用户A生成第一随机数,采用第二公钥加密第一随机数,获取第一加密信息。The first encryption information acquiring unit 12 is configured to generate a first random number by the user A, and encrypt the first random number by using the second public key to obtain the first encrypted information.
第一加密信息发送单元13,用于用户A通过区块链向用户B发送第一加密信息。The first encrypted information transmitting unit 13 is configured to send the first encrypted information to the user B through the blockchain.
优选地,第一随机数获取模块20包括第一加密信息接收单元21和第一随机数获取单元22。Preferably, the first random number obtaining module 20 includes a first encrypted information receiving unit 21 and a first random number obtaining unit 22.
第一加密信息接收单元21,用于用户B通过区块链系统接收用户A发送的第一加密信息。The first encryption information receiving unit 21 is configured to receive, by the user B, the first encrypted information sent by the user A through the blockchain system.
第一随机数获取单元22,用于用户B采用与第二公钥相对应的第二私钥解密第一加密信息,获取第一随机数。The first random number obtaining unit 22 is configured to: the user B decrypts the first encrypted information by using a second private key corresponding to the second public key, and acquires the first random number.
优选地,第二加密信息发送模块30包括第一公钥获取单元31、第二加密信息获取单元32和第二加密信息发送单元33。Preferably, the second encrypted information transmitting module 30 includes a first public key obtaining unit 31, a second encrypted information acquiring unit 32, and a second encrypted information transmitting unit 33.
第一公钥获取单元31,用于用户B从用户A的用户证书中获取第一公钥。The first public key obtaining unit 31 is configured to obtain the first public key from the user certificate of the user A.
第二加密信息获取单元32,用于用户B生成第二随机数,采用第一公钥加密第二随机数,获取第二加密信息。The second encryption information acquiring unit 32 is configured to generate a second random number by the user B, and encrypt the second random number by using the first public key to obtain the second encrypted information.
第二加密信息发送单元33,用于用户B通过区块链向用户A发送第二加密信息。The second encrypted information transmitting unit 33 is configured to send the second encrypted information to the user A through the blockchain.
优选地,第二随机数获取模块40包括第二加密信息接收单元41和第二随机数获取单元42。Preferably, the second random number obtaining module 40 includes a second encrypted information receiving unit 41 and a second random number obtaining unit 42.
第二加密信息接收单元41,用于用户A通过区块链系统接收用户B发送的第二加密信息。The second encrypted information receiving unit 41 is configured to receive, by the user A, the second encrypted information sent by the user B through the blockchain system.
第二随机数获取单元42,用于用户A采用与第一公钥相对应的第一私钥解密第二加密信息,获取第二随机数。The second random number obtaining unit 42 is configured to: the user A decrypts the second encrypted information by using the first private key corresponding to the first public key, and acquires the second random number.
优选地,该区块链上用户通信加密装置还包括预先查询模块70,该预先查询模块70包括查询单元71、创建时间查看单元72和确定采用单元73。Preferably, the user chain encryption device on the blockchain further includes a pre-query module 70, which includes a query unit 71, a creation time viewing unit 72, and a determination employing unit 73.
查询单元71,用于用户A和用户B预先查询各自的本地数据库。The query unit 71 is configured for the user A and the user B to query the respective local databases in advance.
创建时间查看单元72,用于若本地数据库中存在密钥Key和初始化变量IV,则查看密钥Key和初始化变量IV的创建时间。The creation time viewing unit 72 is configured to view the creation time of the key Key and the initialization variable IV if the key Key and the initialization variable IV exist in the local database.
确定采用单元73,用于若创建时间未超过预设有效时间,则采用已存在的密钥Key和初始化变量IV,采用AES算法的CBC模式进行加密通信。The determining unit 73 is configured to perform the encrypted communication by using the CBC mode of the AES algorithm by using the existing key Key and the initialization variable IV if the creation time does not exceed the preset effective time.
优选地,密钥生成算法为:Preferably, the key generation algorithm is:
C(0)=Hash(random1)C(0)=Hash(random1)
C(n)=HMAC C(n-1)(Hash(random2)) C(n)=HMAC C(n-1) (Hash(random2))
Key=HMAC Hash(random1||random2)(C0+C1) Key=HMAC Hash(random1||random2) (C0+C1)
IV=HMAC Hash(random1||random2)(C0+C2) IV=HMAC Hash(random1||random2) (C0+C2)
其中,random1表示第一随机数,random2表示第二随机数,n为大于0的正整数,Hash表示哈希函数,算法采用SHA256算法,HMAC是指与密钥相关的哈希运算,算法采用SHA256 算法,||表示连接操作。Where random1 represents the first random number, random2 represents the second random number, n is a positive integer greater than 0, Hash represents a hash function, the algorithm uses the SHA256 algorithm, and HMAC refers to the key-related hash operation, the algorithm uses SHA256 Algorithm, || indicates the connection operation.
优选地,加密通信模块60包括数据写入单元61、键加密单元62、值加密单元63、加密数据写入单元64、加密数据读取单元65、键解密单元66、值解密单元67和数据获取单元68。Preferably, the encrypted communication module 60 includes a data writing unit 61, a key encrypting unit 62, a value encrypting unit 63, an encrypted data writing unit 64, an encrypted data reading unit 65, a key decrypting unit 66, a value decrypting unit 67, and data acquisition. Unit 68.
数据写入单元61,用于用户A以键值对的方式将数据K:V写到区块链上,其中K代表键,V代表值。The data writing unit 61 is for the user A to write the data K:V to the blockchain in a key-value pair, where K represents a key and V represents a value.
键加密单元62,用于用户A基于密钥Key和初始化变量IV采用AES算法的CBC模式对K进行加密,获取KC,KC=AES_CBC(K)。The key encryption unit 62 is configured to encrypt K by the user A based on the key Key and the initialization variable IV in the CBC mode of the AES algorithm, and acquire KC, KC=AES_CBC(K).
值加密单元63,用于用户A基于密钥Key和初始化变量IV采用AES算法的CBC模式对V进行加密,获取VC,VC=AES_CBC(V)。The value encryption unit 63 is configured to encrypt the V by the user A based on the key Key and the initialization variable IV in the CBC mode of the AES algorithm, and obtain VC, VC=AES_CBC(V).
加密数据写入单元64,用于用户A将数据{KC:VC+IV}写到区块链上。Encrypted data is written to unit 64 for user A to write data {KC:VC+IV} onto the blockchain.
加密数据读取单元65,用于用户B在区块链上读取KC,根据KC获取VC和初始化变量IV。The encrypted data reading unit 65 is configured for the user B to read the KC on the blockchain, and acquire the VC and the initialization variable IV according to the KC.
键解密单元66,用于用户B基于密钥Key和初始化变量IV采用AES算法的CBC模式对KC进行解密,获取K,K=AES_CBC(KC)。The key decryption unit 66 is configured to decrypt the KC by the user B using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV, and obtain K, K=AES_CBC (KC).
值解密单元67,用于用户B基于密钥Key和初始化变量IV采用AES算法的CBC模式对VC进行解密,获取V,V=AES_CBC(VC)。The value decryption unit 67 is configured to decrypt the VC by using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV, and obtain V, V=AES_CBC (VC).
数据获取单元68,用于用户B获取数据K:V。The data acquisition unit 68 is configured for the user B to acquire the data K:V.
本实施例所提供的区块链上用户通信加密装置中,第一加密信息发送模块10、第一随机数获取模块20、第二加密信息发送模块30和第二随机数获取模块40,用户A和用户B采用加解密随机数的方式相互获取对方发送的第一随机数和第二随机数,为后续根据该第一随机数和第二随机数生成密钥Key和初始化变量IV,并根据密钥Key和初始化变量IV的加密通信提供了基础。密钥和初始化变量获取模块50,生成的密钥Key和初始化变量IV是用户A和用户B通过第一随机数和第二随机数共同协商获取的,该密钥Key和初始化变量IV是通过哈希算法获取,具有数据不可逆的特点,安全性高,为实现用户A和用户B之间的通信加密提供了必要的基础。加密通信模块60,使得第三方(除用户A和用户B以外的区块链上用户)在没有密钥Key和初始化变量IV的情况下不能够获取用户A和用户B的通信内容,确保了区块链上任意两个用户进行点对点通信时通信内容的安全。In the user link encryption device on the blockchain provided by this embodiment, the first encrypted information sending module 10, the first random number obtaining module 20, the second encrypted information sending module 30, and the second random number obtaining module 40, the user A And the user B acquires the first random number and the second random number sent by the other party by using the encryption and decryption random number, and generates a key Key and an initialization variable IV according to the first random number and the second random number, and according to the secret The encrypted communication of the key Key and the initialization variable IV provides the basis. The key and initialization variable obtaining module 50, the generated key Key and the initialization variable IV are obtained by the user A and the user B jointly negotiated by the first random number and the second random number, and the key key and the initialization variable IV are passed through The algorithm is acquired, has the characteristics of irreversible data, and has high security, which provides a necessary basis for realizing communication encryption between user A and user B. The communication module 60 is encrypted so that the third party (users on the block chain other than the user A and the user B) cannot obtain the communication contents of the user A and the user B without the key Key and the initialization variable IV, and the area is secured. The security of the communication content when any two users on the blockchain perform point-to-point communication.
实施例3Example 3
本实施例提供一个或多个存储有计算机可读指令的非易失性可读存储介质,所述计算机可读指令被一个或多个处理器执行时,使得所述一个或多个处理器执行时实现实施例1中区块链上用户通信加密方法,为避免重复,这里不再赘述。或者,所述计算机可读指令被一个或多个处理器执行时,使得所述一个或多个处理器执行时实现实施例2中区块链上用户通信加密装置中各模块/单元的功能,为避免重复,这里不再赘述。The embodiment provides one or more non-volatile readable storage media having computer readable instructions that, when executed by one or more processors, cause the one or more processors to execute The user communication encryption method on the blockchain in Embodiment 1 is implemented. To avoid repetition, details are not described herein again. Alternatively, when the computer readable instructions are executed by one or more processors, causing the one or more processors to perform the functions of the modules/units in the user communication encryption device on the blockchain in Embodiment 2, To avoid repetition, we will not repeat them here.
实施例4Example 4
图9是本实施例中终端设备的示意图。如图9所示,终端设备80包括处理器81、存储器82以及存储在存储器82中并可在处理器81上运行的计算机可读指令83。处理器81执行计算机可读指令83时实现实施例1中区块链上用户通信加密方法的各个步骤,例如 图1所示的步骤S10、S20、S30、S40、S50和S60。或者,处理器81执行计算机可读指令83时实现实施例2中区块链上用户通信加密装置各模块/单元的功能,如图8所示第一加密信息发送模块10、第一随机数获取模块20、第二加密信息发送模块30、第二随机数获取模块40、密钥和初始化变量获取模块50和加密通信模块60的功能。Figure 9 is a schematic diagram of a terminal device in this embodiment. As shown in FIG. 9, terminal device 80 includes a processor 81, a memory 82, and computer readable instructions 83 stored in memory 82 and operative on processor 81. The processor 81 implements the various steps of the user communication encryption method on the blockchain in Embodiment 1 when the computer readable instructions 83 are executed, such as steps S10, S20, S30, S40, S50, and S60 shown in FIG. Alternatively, when the processor 81 executes the computer readable instructions 83, the functions of the modules/units of the user communication encryption device on the blockchain in Embodiment 2 are implemented. As shown in FIG. 8, the first encrypted information sending module 10 obtains the first random number. The functions of the module 20, the second encrypted information transmitting module 30, the second random number obtaining module 40, the key and initialization variable obtaining module 50, and the encrypted communication module 60.
示例性的,计算机可读指令83可以被分割成一个或多个模块/单元,一个或者多个模块/单元被存储在存储器82中,并由处理器81执行,以完成本申请。一个或多个模块/单元可以是能够完成特定功能的一系列计算机可读指令83的指令段,该指令段用于描述计算机可读指令83在终端设备80中的执行过程。例如,计算机可读指令83可被分割成实施例2中的第一加密信息发送模块10、第一随机数获取模块20、第二加密信息发送模块30、第二随机数获取模块40、密钥和初始化变量获取模块50和加密通信模块60,各模块的具体功能如实施例2所示,为避免重复,此处不一一赘述。Illustratively, computer readable instructions 83 may be partitioned into one or more modules/units, one or more modules/units being stored in memory 82 and executed by processor 81 to complete the application. The one or more modules/units may be an instruction segment of a series of computer readable instructions 83 capable of performing a particular function for describing the execution of computer readable instructions 83 in the terminal device 80. For example, the computer readable instructions 83 may be divided into the first encrypted information transmitting module 10, the first random number obtaining module 20, the second encrypted information transmitting module 30, the second random number obtaining module 40, and the key in Embodiment 2. And the initialization variable acquisition module 50 and the encryption communication module 60, the specific functions of each module are as shown in the embodiment 2, in order to avoid repetition, not repeated here.
终端设备80可以是桌上型计算机、笔记本、掌上电脑及云端服务器等计算设备。终端设备可包括,但不仅限于,处理器81、存储器82。本领域技术人员可以理解,图9仅仅是终端设备80的示例,并不构成对终端设备80的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件,例如终端设备还可以包括输入输出设备、网络接入设备、总线等。The terminal device 80 can be a computing device such as a desktop computer, a notebook, a palmtop computer, and a cloud server. The terminal device may include, but is not limited to, a processor 81, a memory 82. It will be understood by those skilled in the art that FIG. 9 is merely an example of the terminal device 80 and does not constitute a limitation of the terminal device 80, and may include more or less components than those illustrated, or may combine certain components or different components. For example, the terminal device may further include an input/output device, a network access device, a bus, and the like.
所称处理器81可以是中央处理单元(Central Processing Unit,CPU),还可以是其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现场可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。The processor 81 may be a central processing unit (CPU), or may be other general-purpose processors, a digital signal processor (DSP), an application specific integrated circuit (ASIC), Field-Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, etc. The general purpose processor may be a microprocessor or the processor or any conventional processor or the like.
存储器82可以是终端设备80的内部存储单元,例如终端设备80的硬盘或内存。存储器82也可以是终端设备80的外部存储设备,例如终端设备80上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。进一步地,存储器82还可以既包括终端设备80的内部存储单元也包括外部存储设备。存储器82用于存储计算机可读指令83以及终端设备所需的其他程序和数据。存储器82还可以用于暂时地存储已经输出或者将要输出的数据。The memory 82 may be an internal storage unit of the terminal device 80, such as a hard disk or a memory of the terminal device 80. The memory 82 may also be an external storage device of the terminal device 80, such as a plug-in hard disk provided on the terminal device 80, a smart memory card (SMC), a Secure Digital (SD) card, and a flash memory card (Flash). Card) and so on. Further, the memory 82 may also include both an internal storage unit of the terminal device 80 and an external storage device. The memory 82 is used to store computer readable instructions 83 and other programs and data required by the terminal device. The memory 82 can also be used to temporarily store data that has been output or is about to be output.
所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,仅以上述各功能单元、模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能单元、模块完成,即将所述装置的内部结构划分成不同的功能单元或模块,以完成以上描述的全部或者部分功能。It will be apparent to those skilled in the art that, for convenience and brevity of description, only the division of each functional unit and module described above is exemplified. In practical applications, the above functions may be assigned to different functional units as needed. The module is completed by dividing the internal structure of the device into different functional units or modules to perform all or part of the functions described above.
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit. The above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
所述集成的模块/单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请实现上述实施例方法中的全部或部分流程,也可以通过计算机可读指令83来指令相关的硬件来完成,所 述的计算机可读指令可存储于一计算机可读存储介质中,该计算机可读指令83在被处理器执行时,可实现上述各个方法实施例的步骤。其中,所述计算机可读指令83包括计算机可读指令的代码,所述计算机可读指令的代码可以为源代码形式、对象代码形式、可执行文件或某些中间形式等。所述计算机可读介质可以包括:能够携带所述计算机可读指令的代码的任何实体或装置、记录介质、U盘、移动硬盘、磁碟、光盘、计算机存储器、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、电载波信号、电信信号以及软件分发介质等。需要说明的是,所述计算机可读介质包含的内容可以根据司法管辖区内立法和专利实践的要求进行适当的增减,例如在某些司法管辖区,根据立法和专利实践,计算机可读介质不包括是电载波信号和电信信号。The integrated modules/units, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, the present application implements all or part of the processes in the above embodiments, and may also be completed by computer readable instructions 83, which may be stored in a computer readable storage. In the medium, the computer readable instructions 83, when executed by the processor, may implement the steps of the various method embodiments described above. Wherein, the computer readable instructions 83 comprise code of computer readable instructions, the code of which may be in the form of source code, in the form of an object code, an executable file or some intermediate form or the like. The computer readable medium can include any entity or device capable of carrying the code of the computer readable instructions, a recording medium, a USB flash drive, a removable hard drive, a magnetic disk, an optical disk, a computer memory, a read only memory (ROM, Read- Only Memory), Random Access Memory (RAM), electrical carrier signals, telecommunications signals, and software distribution media. It should be noted that the content contained in the computer readable medium may be appropriately increased or decreased according to the requirements of legislation and patent practice in a jurisdiction, for example, in some jurisdictions, according to legislation and patent practice, computer readable media It does not include electrical carrier signals and telecommunication signals.
以上所述实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的精神和范围,均应包含在本申请的保护范围之内。The above-mentioned embodiments are only used to explain the technical solutions of the present application, and are not limited thereto; although the present application has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that they can still implement the foregoing embodiments. The technical solutions described in the examples are modified or equivalently replaced with some of the technical features; and the modifications or substitutions do not deviate from the spirit and scope of the technical solutions of the embodiments of the present application, and should be included in Within the scope of protection of this application.

Claims (20)

  1. 一种区块链上用户通信加密方法,其特征在于,包括:A method for encrypting user communication on a blockchain, characterized in that it comprises:
    用户A向用户B发送第一加密信息;User A sends the first encrypted information to User B;
    用户B接收所述第一加密信息,解密后获取第一随机数;User B receives the first encrypted information, and obtains a first random number after decryption;
    用户B向用户A发送第二加密信息;User B sends second encrypted information to user A;
    用户A接收所述第二加密信息,解密后获取第二随机数;User A receives the second encrypted information, and obtains a second random number after decryption;
    用户A和用户B基于所述第一随机数和所述第二随机数执行密钥生成算法,获取密钥Key和初始化变量IV;User A and user B perform a key generation algorithm based on the first random number and the second random number to obtain a key Key and an initialization variable IV;
    用户A和用户B基于所述密钥Key和所述初始化变量IV,采用AES算法的CBC模式进行加密通信。User A and user B perform encrypted communication using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV.
  2. 根据权利要求1所述的区块链上用户通信加密方法,其特征在于,所述用户A向用户B发送第一加密信息,包括:The method for encrypting user communication on a blockchain according to claim 1, wherein the user A sends the first encrypted information to the user B, including:
    用户A从用户B的用户证书中获取第二公钥;User A obtains the second public key from the user certificate of user B.
    用户A生成第一随机数,采用所述第二公钥加密所述第一随机数,获取所述第一加密信息;User A generates a first random number, and encrypts the first random number by using the second public key to obtain the first encrypted information.
    用户A通过区块链系统向用户B发送所述第一加密信息;User A sends the first encrypted information to user B through a blockchain system;
    所述用户B向用户A发送第二加密信息,包括:The user B sends the second encrypted information to the user A, including:
    用户B从用户A的用户证书中获取第一公钥;User B obtains the first public key from the user certificate of user A;
    用户B生成第二随机数,采用所述第一公钥加密所述第二随机数,获取所述第二加密信息;The user B generates a second random number, and encrypts the second random number by using the first public key to obtain the second encrypted information.
    用户B通过区块链系统向用户A发送所述第二加密信息。User B sends the second encrypted information to User A through the blockchain system.
  3. 根据权利要求2所述的区块链上用户通信加密方法,其特征在于,所述用户B接收所述第一加密信息,解密后获取第一随机数,包括:The method for encrypting user communication on a blockchain according to claim 2, wherein the user B receives the first encrypted information, and obtains a first random number after decryption, including:
    用户B通过区块链系统接收用户A发送的所述第一加密信息;User B receives the first encrypted information sent by user A through a blockchain system;
    用户B采用与所述第二公钥相对应的第二私钥解密所述第一加密信息,获取所述第一随机数;The user B decrypts the first encrypted information by using a second private key corresponding to the second public key, and acquires the first random number;
    所述用户A接收所述第二加密信息,解密后获取第二随机数,包括:The user A receives the second encrypted information, and obtains a second random number after decryption, including:
    用户A通过区块链系统接收用户B发送的所述第二加密信息;User A receives the second encrypted information sent by user B through a blockchain system;
    用户A采用与所述第一公钥相对应的第一私钥解密所述第二加密信息,获取所述第二随机数。The user A decrypts the second encrypted information by using a first private key corresponding to the first public key, and acquires the second random number.
  4. 根据权利要求1所述的区块链上用户通信加密方法,其特征在于,在所述用户A向用户B发送第一加密信息的步骤之前,所述区块链上用户通信加密方法还包括:The method for encrypting user communication on the blockchain according to claim 1, wherein before the step of the user A transmitting the first encrypted information to the user B, the method for encrypting the user communication on the blockchain further comprises:
    用户A和用户B预先查询各自的本地数据库;User A and User B pre-query their respective local databases;
    若所述本地数据库中存在所述密钥Key和所述初始化变量IV,则查看所述密钥Key和所述初始化变量IV的创建时间;If the key Key and the initialization variable IV are present in the local database, view the creation time of the key Key and the initialization variable IV;
    若所述创建时间未超过预设有效时间,则采用已存在的所述密钥Key和所述初始化变量IV,采用所述AES算法的CBC模式进行加密通信。If the creation time does not exceed the preset valid time, the existing key Key and the initialization variable IV are used, and the CBC mode of the AES algorithm is used for encrypted communication.
  5. 根据权利要求1所述的区块链上用户通信加密方法,其特征在于,所述密钥生成算法为:The method for encrypting user communication on a blockchain according to claim 1, wherein the key generation algorithm is:
    C(0)=Hash(random1)C(0)=Hash(random1)
    C(n)=HMAC C(n-1)(Hash(random2)) C(n)=HMAC C(n-1) (Hash(random2))
    Key=HMAC Hash(random1||random2)(C0+C1) Key=HMAC Hash(random1||random2) (C0+C1)
    IV=HMAC Hash(random1||random2)(C0+C2) IV=HMAC Hash(random1||random2) (C0+C2)
    其中,random1表示第一随机数,random2表示第二随机数,n为大于0的正整数,Hash表示哈希函数,算法采用SHA256算法,HMAC是指与密钥相关的哈希运算,算法采用SHA256算法,||表示连接操作。Where random1 represents the first random number, random2 represents the second random number, n is a positive integer greater than 0, Hash represents a hash function, the algorithm uses the SHA256 algorithm, and HMAC refers to the key-related hash operation, the algorithm uses SHA256 Algorithm, || indicates the connection operation.
  6. 根据权利要求1所述的区块链上用户通信加密方法,其特征在于,所述用户A和用户B基于所述密钥Key和所述初始化变量IV,采用AES算法的CBC模式进行通信加密,包括:The method for encrypting user communication on a blockchain according to claim 1, wherein the user A and the user B perform communication encryption using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV. include:
    用户A以键值对的方式将数据K:V写到区块链上,其中K代表键,V代表值;User A writes the data K:V to the blockchain in a key-value pair, where K represents the key and V represents the value;
    用户A基于所述密钥Key和所述初始化变量IV采用AES算法的CBC模式对K进行加密,获取KC,KC=AES_CBC(K);User A encrypts K based on the key Key and the initialization variable IV using the CBC mode of the AES algorithm to obtain KC, KC=AES_CBC(K);
    用户A基于所述密钥Key和所述初始化变量IV采用AES算法的CBC模式对V进行加密,获取VC,VC=AES_CBC(V);User A encrypts V based on the key Key and the initialization variable IV using the CBC mode of the AES algorithm to obtain VC, VC=AES_CBC(V);
    用户A将数据{KC:VC+IV}写到区块链上;User A writes the data {KC:VC+IV} to the blockchain;
    用户B在区块链上读取KC,根据KC获取VC和所述初始化变量IV;User B reads the KC on the blockchain, and obtains the VC and the initialization variable IV according to the KC;
    用户B基于所述密钥Key和所述初始化变量IV采用AES算法的CBC模式对KC进行解密,获取K,K=AES_CBC(KC);User B decrypts KC based on the key Key and the initialization variable IV using the CBC mode of the AES algorithm to obtain K, K=AES_CBC(KC);
    用户B基于所述密钥Key和所述初始化变量IV采用AES算法的CBC模式对VC进行解密,获取V,V=AES_CBC(VC);User B decrypts the VC based on the key Key and the initialization variable IV using the CBC mode of the AES algorithm to obtain V, V=AES_CBC(VC);
    用户B获取所述数据K:V。User B obtains the data K:V.
  7. 一种区块链上用户通信加密装置,其特征在于,包括:A user chain encryption device on a blockchain, comprising:
    第一加密信息发送模块,用于用户A向用户B发送第一加密信息;a first encryption information sending module, configured for user A to send first encrypted information to user B;
    第一随机数获取模块,用于用户B接收所述第一加密信息,解密后获取第一随机数;a first random number obtaining module, configured to receive, by the user B, the first encrypted information, and obtain a first random number after decryption;
    第二加密信息发送模块,用于用户B向用户A发送第二加密信息;a second encrypted information sending module, configured for user B to send second encrypted information to user A;
    第二随机数获取模块,用于用户A接收所述第二加密信息,解密后获取第二随机数;a second random number obtaining module, configured to receive the second encrypted information by the user A, and obtain a second random number after decryption;
    密钥和初始化变量获取模块,用于用户A和用户B基于所述第一随机数和所述第二随机数执行密钥生成算法,获取密钥Key和初始化变量IV;a key and initialization variable obtaining module, configured for user A and user B to perform a key generation algorithm based on the first random number and the second random number, to obtain a key Key and an initialization variable IV;
    加密通信模块,用于用户A和用户B基于所述密钥Key和所述初始化变量IV,采用AES算法的CBC模式进行加密通信。The encrypted communication module is used for user A and user B to perform encrypted communication using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV.
  8. 根据权利要求7所述的区块链上用户通信加密装置,其特征在于,所述第一加密信息发送模块,包括:The device for encrypting a user link on the blockchain according to claim 7, wherein the first encrypted information transmitting module comprises:
    第二公钥获取单元,用于用户A从用户B的用户证书中获取第二公钥;a second public key obtaining unit, configured for user A to obtain a second public key from the user certificate of user B;
    第一加密信息获取单元,用于用户A生成第一随机数,采用所述第二公钥加密所述第一随机数,获取所述第一加密信息;a first encryption information acquiring unit, configured to generate a first random number by the user A, and encrypt the first random number by using the second public key to obtain the first encrypted information;
    第一加密信息发送单元,用于用户A通过区块链向用户B发送所述第一加密信息;a first encryption information sending unit, configured to send, by the user A, the first encrypted information to the user B through the blockchain;
    所述第二加密信息发送模块,包括:The second encrypted information sending module includes:
    第一公钥获取单元,用于用户B从用户A的用户证书中获取第一公钥;a first public key obtaining unit, configured for user B to obtain a first public key from a user certificate of user A;
    第二加密信息获取单元,用于用户B生成第二随机数,采用所述第一公钥加密所述第二随机数,获取所述第二加密信息;a second encryption information acquiring unit, configured to generate a second random number by the user B, and encrypt the second random number by using the first public key to obtain the second encrypted information;
    第二加密信息发送单元,用于用户B通过区块链向用户A发送所述第二加密信息。The second encrypted information sending unit is configured to send, by the user B, the second encrypted information to the user A through the blockchain.
  9. 一种终端设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机可读指令,其特征在于,所述处理器执行所述计算机可读指令时实现如下步骤:A terminal device comprising a memory, a processor, and computer readable instructions stored in the memory and operable on the processor, wherein the processor executes the computer readable instructions as follows step:
    用户A向用户B发送第一加密信息;User A sends the first encrypted information to User B;
    用户B接收所述第一加密信息,解密后获取第一随机数;User B receives the first encrypted information, and obtains a first random number after decryption;
    用户B向用户A发送第二加密信息;User B sends second encrypted information to user A;
    用户A接收所述第二加密信息,解密后获取第二随机数;User A receives the second encrypted information, and obtains a second random number after decryption;
    用户A和用户B基于所述第一随机数和所述第二随机数执行密钥生成算法,获取密钥Key和初始化变量IV;User A and user B perform a key generation algorithm based on the first random number and the second random number to obtain a key Key and an initialization variable IV;
    用户A和用户B基于所述密钥Key和所述初始化变量IV,采用AES算法的CBC模式进行加密通信。User A and user B perform encrypted communication using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV.
  10. 根据权利要求9所述的终端设备,其特征在于,所述用户A向用户B发送第一加密信息,包括:The terminal device according to claim 9, wherein the user A sends the first encrypted information to the user B, including:
    用户A从用户B的用户证书中获取第二公钥;User A obtains the second public key from the user certificate of user B.
    用户A生成第一随机数,采用所述第二公钥加密所述第一随机数,获取所述第一加密信息;User A generates a first random number, and encrypts the first random number by using the second public key to obtain the first encrypted information.
    用户A通过区块链系统向用户B发送所述第一加密信息;User A sends the first encrypted information to user B through a blockchain system;
    所述用户B向用户A发送第二加密信息,包括:The user B sends the second encrypted information to the user A, including:
    用户B从用户A的用户证书中获取第一公钥;User B obtains the first public key from the user certificate of user A;
    用户B生成第二随机数,采用所述第一公钥加密所述第二随机数,获取所述第二加密信息;The user B generates a second random number, and encrypts the second random number by using the first public key to obtain the second encrypted information.
    用户B通过区块链系统向用户A发送所述第二加密信息。User B sends the second encrypted information to User A through the blockchain system.
  11. 根据权利要求10所述的终端设备,其特征在于,所述用户B接收所述第一加密信息,解密后获取第一随机数,包括:The terminal device according to claim 10, wherein the user B receives the first encrypted information, and obtains the first random number after decryption, including:
    用户B通过区块链系统接收用户A发送的所述第一加密信息;User B receives the first encrypted information sent by user A through a blockchain system;
    用户B采用与所述第二公钥相对应的第二私钥解密所述第一加密信息,获取所述第一随机数;The user B decrypts the first encrypted information by using a second private key corresponding to the second public key, and acquires the first random number;
    所述用户A接收所述第二加密信息,解密后获取第二随机数,包括:The user A receives the second encrypted information, and obtains a second random number after decryption, including:
    用户A通过区块链系统接收用户B发送的所述第二加密信息;User A receives the second encrypted information sent by user B through a blockchain system;
    用户A采用与所述第一公钥相对应的第一私钥解密所述第二加密信息,获取所述第二随机数。The user A decrypts the second encrypted information by using a first private key corresponding to the first public key, and acquires the second random number.
  12. 根据权利要求9所述的终端设备,其特征在于,在所述用户A向用户B发送第一加密信息的步骤之前,所述区块链上用户通信加密方法还包括:The terminal device according to claim 9, wherein before the step of the user A transmitting the first encrypted information to the user B, the method for encrypting the user communication on the blockchain further comprises:
    用户A和用户B预先查询各自的本地数据库;User A and User B pre-query their respective local databases;
    若所述本地数据库中存在所述密钥Key和所述初始化变量IV,则查看所述密钥Key和所述初始化变量IV的创建时间;If the key Key and the initialization variable IV are present in the local database, view the creation time of the key Key and the initialization variable IV;
    若所述创建时间未超过预设有效时间,则采用已存在的所述密钥Key和所述初始化变量IV,采用所述AES算法的CBC模式进行加密通信。If the creation time does not exceed the preset valid time, the existing key Key and the initialization variable IV are used, and the CBC mode of the AES algorithm is used for encrypted communication.
  13. 根据权利要求9所述的终端设备,其特征在于,所述密钥生成算法为:The terminal device according to claim 9, wherein the key generation algorithm is:
    C(0)=Hash(random1)C(0)=Hash(random1)
    C(n)=HMAC C(n-1)(Hash(random2)) C(n)=HMAC C(n-1) (Hash(random2))
    Key=HMAC Hash(random1||random2)(C0+C1) Key=HMAC Hash(random1||random2) (C0+C1)
    IV=HMAC Hash(random1||random2)(C0+C2) IV=HMAC Hash(random1||random2) (C0+C2)
    其中,random1表示第一随机数,random2表示第二随机数,n为大于0的正整数,Hash表示哈希函数,算法采用SHA256算法,HMAC是指与密钥相关的哈希运算,算法采用SHA256算法,||表示连接操作。Where random1 represents the first random number, random2 represents the second random number, n is a positive integer greater than 0, Hash represents a hash function, the algorithm uses the SHA256 algorithm, and HMAC refers to the key-related hash operation, the algorithm uses SHA256 Algorithm, || indicates the connection operation.
  14. 根据权利要求9所述的终端设备,其特征在于,所述用户A和用户B基于所述密钥Key和所述初始化变量IV,采用AES算法的CBC模式进行通信加密,包括:The terminal device according to claim 9, wherein the user A and the user B perform communication encryption using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV, including:
    用户A以键值对的方式将数据K:V写到区块链上,其中K代表键,V代表值;User A writes the data K:V to the blockchain in a key-value pair, where K represents the key and V represents the value;
    用户A基于所述密钥Key和所述初始化变量IV采用AES算法的CBC模式对K进行加密,获取KC,KC=AES_CBC(K);User A encrypts K based on the key Key and the initialization variable IV using the CBC mode of the AES algorithm to obtain KC, KC=AES_CBC(K);
    用户A基于所述密钥Key和所述初始化变量IV采用AES算法的CBC模式对V进行加密,获取VC,VC=AES_CBC(V);User A encrypts V based on the key Key and the initialization variable IV using the CBC mode of the AES algorithm to obtain VC, VC=AES_CBC(V);
    用户A将数据{KC:VC+IV}写到区块链上;User A writes the data {KC:VC+IV} to the blockchain;
    用户B在区块链上读取KC,根据KC获取VC和所述初始化变量IV;User B reads the KC on the blockchain, and obtains the VC and the initialization variable IV according to the KC;
    用户B基于所述密钥Key和所述初始化变量IV采用AES算法的CBC模式对KC进行解密,获取K,K=AES_CBC(KC);User B decrypts KC based on the key Key and the initialization variable IV using the CBC mode of the AES algorithm to obtain K, K=AES_CBC(KC);
    用户B基于所述密钥Key和所述初始化变量IV采用AES算法的CBC模式对VC进行解密,获取V,V=AES_CBC(VC);User B decrypts the VC based on the key Key and the initialization variable IV using the CBC mode of the AES algorithm to obtain V, V=AES_CBC(VC);
    用户B获取所述数据K:V。User B obtains the data K:V.
  15. 一个或多个存储有计算机可读指令的非易失性可读存储介质,其特征在于,所述计算机可读指令被一个或多个处理器执行时,使得所述一个或多个处理器执行如下步骤:One or more non-transitory readable storage mediums storing computer readable instructions, wherein when the computer readable instructions are executed by one or more processors, cause the one or more processors to execute The following steps:
    用户A向用户B发送第一加密信息;User A sends the first encrypted information to User B;
    用户B接收所述第一加密信息,解密后获取第一随机数;User B receives the first encrypted information, and obtains a first random number after decryption;
    用户B向用户A发送第二加密信息;User B sends second encrypted information to user A;
    用户A接收所述第二加密信息,解密后获取第二随机数;User A receives the second encrypted information, and obtains a second random number after decryption;
    用户A和用户B基于所述第一随机数和所述第二随机数执行密钥生成算法,获取密钥Key和初始化变量IV;User A and user B perform a key generation algorithm based on the first random number and the second random number to obtain a key Key and an initialization variable IV;
    用户A和用户B基于所述密钥Key和所述初始化变量IV,采用AES算法的CBC模式进行加密通信。User A and user B perform encrypted communication using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV.
  16. 根据权利要求15所述的非易失性可读存储介质,其特征在于,所述用户A向用户B发送第一加密信息,包括:The non-volatile readable storage medium according to claim 15, wherein the user A sends the first encrypted information to the user B, including:
    用户A从用户B的用户证书中获取第二公钥;User A obtains the second public key from the user certificate of user B.
    用户A生成第一随机数,采用所述第二公钥加密所述第一随机数,获取所述第一加密信息;User A generates a first random number, and encrypts the first random number by using the second public key to obtain the first encrypted information.
    用户A通过区块链系统向用户B发送所述第一加密信息;User A sends the first encrypted information to user B through a blockchain system;
    所述用户B向用户A发送第二加密信息,包括:The user B sends the second encrypted information to the user A, including:
    用户B从用户A的用户证书中获取第一公钥;User B obtains the first public key from the user certificate of user A;
    用户B生成第二随机数,采用所述第一公钥加密所述第二随机数,获取所述第二加密信息;The user B generates a second random number, and encrypts the second random number by using the first public key to obtain the second encrypted information.
    用户B通过区块链系统向用户A发送所述第二加密信息。User B sends the second encrypted information to User A through the blockchain system.
  17. 根据权利要求16所述的非易失性可读存储介质,其特征在于,所述用户B接收所述第一加密信息,解密后获取第一随机数,包括:The non-volatile readable storage medium according to claim 16, wherein the user B receives the first encrypted information, and obtains the first random number after decryption, including:
    用户B通过区块链系统接收用户A发送的所述第一加密信息;User B receives the first encrypted information sent by user A through a blockchain system;
    用户B采用与所述第二公钥相对应的第二私钥解密所述第一加密信息,获取所述第一随机数;The user B decrypts the first encrypted information by using a second private key corresponding to the second public key, and acquires the first random number;
    所述用户A接收所述第二加密信息,解密后获取第二随机数,包括:The user A receives the second encrypted information, and obtains a second random number after decryption, including:
    用户A通过区块链系统接收用户B发送的所述第二加密信息;User A receives the second encrypted information sent by user B through a blockchain system;
    用户A采用与所述第一公钥相对应的第一私钥解密所述第二加密信息,获取所述第二随机数。The user A decrypts the second encrypted information by using a first private key corresponding to the first public key, and acquires the second random number.
  18. 根据权利要求15所述的非易失性可读存储介质,其特征在于,在所述用户A向用户B发送第一加密信息的步骤之前,所述区块链上用户通信加密方法还包括:The non-volatile readable storage medium according to claim 15, wherein before the step of the user A transmitting the first encrypted information to the user B, the method for encrypting the user communication on the blockchain further comprises:
    用户A和用户B预先查询各自的本地数据库;User A and User B pre-query their respective local databases;
    若所述本地数据库中存在所述密钥Key和所述初始化变量IV,则查看所述密钥Key和所述初始化变量IV的创建时间;If the key Key and the initialization variable IV are present in the local database, view the creation time of the key Key and the initialization variable IV;
    若所述创建时间未超过预设有效时间,则采用已存在的所述密钥Key和所述初始化变量IV,采用所述AES算法的CBC模式进行加密通信。If the creation time does not exceed the preset valid time, the existing key Key and the initialization variable IV are used, and the CBC mode of the AES algorithm is used for encrypted communication.
  19. 根据权利要求15所述的非易失性可读存储介质,其特征在于,所述密钥生成算法为:The non-volatile readable storage medium according to claim 15, wherein the key generation algorithm is:
    C(0)=Hash(random1)C(0)=Hash(random1)
    C(n)=HMAC C(n-1)(Hash(random2)) C(n)=HMAC C(n-1) (Hash(random2))
    Key=HMAC Hash(random1||random2)(C0+C1) Key=HMAC Hash(random1||random2) (C0+C1)
    IV=HMAC Hash(random1||random2)(C0+C2) IV=HMAC Hash(random1||random2) (C0+C2)
    其中,random1表示第一随机数,random2表示第二随机数,n为大于0的正整数,Hash表示哈希函数,算法采用SHA256算法,HMAC是指与密钥相关的哈希运算,算法采用SHA256算法,||表示连接操作。Where random1 represents the first random number, random2 represents the second random number, n is a positive integer greater than 0, Hash represents a hash function, the algorithm uses the SHA256 algorithm, and HMAC refers to the key-related hash operation, the algorithm uses SHA256 Algorithm, || indicates the connection operation.
  20. 根据权利要求15所述的非易失性可读存储介质,其特征在于,所述用户A和用户B基于所述密钥Key和所述初始化变量IV,采用AES算法的CBC模式进行通信加密,包括:The non-volatile readable storage medium according to claim 15, wherein the user A and the user B perform communication encryption using the CBC mode of the AES algorithm based on the key Key and the initialization variable IV. include:
    用户A以键值对的方式将数据K:V写到区块链上,其中K代表键,V代表值;User A writes the data K:V to the blockchain in a key-value pair, where K represents the key and V represents the value;
    用户A基于所述密钥Key和所述初始化变量IV采用AES算法的CBC模式对K进行加密,获取KC,KC=AES_CBC(K);User A encrypts K based on the key Key and the initialization variable IV using the CBC mode of the AES algorithm to obtain KC, KC=AES_CBC(K);
    用户A基于所述密钥Key和所述初始化变量IV采用AES算法的CBC模式对V进行加密,获取VC,VC=AES_CBC(V);User A encrypts V based on the key Key and the initialization variable IV using the CBC mode of the AES algorithm to obtain VC, VC=AES_CBC(V);
    用户A将数据{KC:VC+IV}写到区块链上;User A writes the data {KC:VC+IV} to the blockchain;
    用户B在区块链上读取KC,根据KC获取VC和所述初始化变量IV;User B reads the KC on the blockchain, and obtains the VC and the initialization variable IV according to the KC;
    用户B基于所述密钥Key和所述初始化变量IV采用AES算法的CBC模式对KC进行解密,获取K,K=AES_CBC(KC);User B decrypts KC based on the key Key and the initialization variable IV using the CBC mode of the AES algorithm to obtain K, K=AES_CBC(KC);
    用户B基于所述密钥Key和所述初始化变量IV采用AES算法的CBC模式对VC进行解密,获取V,V=AES_CBC(VC);User B decrypts the VC based on the key Key and the initialization variable IV using the CBC mode of the AES algorithm to obtain V, V=AES_CBC(VC);
    用户B获取所述数据K:V。User B obtains the data K:V.
PCT/CN2018/095907 2018-05-09 2018-07-17 Encryption method for user communication on block chain, apparatus, terminal device and storage medium WO2019214070A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810437217.7 2018-05-09
CN201810437217.7A CN108377189B (en) 2018-05-09 2018-05-09 Block chain user communication encryption method and device, terminal equipment and storage medium

Publications (1)

Publication Number Publication Date
WO2019214070A1 true WO2019214070A1 (en) 2019-11-14

Family

ID=63033140

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/095907 WO2019214070A1 (en) 2018-05-09 2018-07-17 Encryption method for user communication on block chain, apparatus, terminal device and storage medium

Country Status (2)

Country Link
CN (1) CN108377189B (en)
WO (1) WO2019214070A1 (en)

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108829725B (en) * 2018-05-09 2021-06-25 深圳壹账通智能科技有限公司 Block chain user communication method, block chain user communication device, terminal equipment and storage medium
CN109241032B (en) * 2018-08-16 2021-02-26 北京京东尚科信息技术有限公司 Account book database component, operation method and storage medium
CN109448826A (en) * 2018-08-24 2019-03-08 湘南学院 A kind of clinical care system and data processing method based on block chain
CN110896387B (en) * 2018-09-12 2021-01-01 宁德时代新能源科技股份有限公司 Data transmission method, battery management system and storage medium
CN109446793B (en) * 2018-09-21 2021-07-20 广州江南科友科技股份有限公司 Account encryption method and device based on Windows agent
CN109543443A (en) * 2018-10-17 2019-03-29 平安科技(深圳)有限公司 User data management, device, equipment and storage medium based on block chain
MX2019004656A (en) * 2018-11-07 2019-08-12 Alibaba Group Holding Ltd Blockchain data protection using homomorphic encryption.
CN111614464B (en) * 2019-01-31 2023-09-29 创新先进技术有限公司 Method for safely updating secret key in blockchain, node and storage medium
CN110008715B (en) * 2019-01-31 2020-05-05 阿里巴巴集团控股有限公司 Method for realizing privacy protection in block chain, node and storage medium
CN110032885B (en) * 2019-02-19 2020-03-06 阿里巴巴集团控股有限公司 Method, node and storage medium for implementing privacy protection in block chain
CN110061840B (en) * 2019-03-12 2022-10-28 平安科技(深圳)有限公司 Data encryption method and device, computer equipment and storage medium
CN109961292B (en) * 2019-03-22 2022-04-01 杭州复杂美科技有限公司 Block chain verification code application method, equipment and storage medium
CN110190954A (en) * 2019-05-27 2019-08-30 广东兰贝斯科技有限公司 A kind of encryption communication method of food block chain
CN110213263B (en) * 2019-05-30 2021-10-22 全链通有限公司 Identity authentication method, equipment and storage medium based on alliance block chain
CN110263547B (en) * 2019-05-31 2021-07-20 创新先进技术有限公司 Method and device for realizing dynamic encryption based on contract state modification sequence
CN110492998B (en) * 2019-08-14 2022-10-25 郑州大学 Method for encrypting and decrypting data
CN110708170B (en) * 2019-12-13 2020-03-27 腾讯科技(深圳)有限公司 Data processing method and device and computer readable storage medium
CN111510282A (en) * 2020-04-28 2020-08-07 刘佳 Information encryption algorithm and device, information decryption algorithm and device and communication method
CN112260823B (en) * 2020-09-16 2022-08-09 浙江大华技术股份有限公司 Data transmission method, intelligent terminal and computer readable storage medium
CN114124499B (en) * 2021-11-15 2023-08-29 中国科学院沈阳计算技术研究所有限公司 Charity system privacy protection method and system based on blockchain

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150149788A1 (en) * 2013-11-27 2015-05-28 Nvidia Corporation System, method, and computer program product for optimizing data encryption and decryption by implementing asymmetric aes-cbc channels
CN106209360A (en) * 2016-07-22 2016-12-07 安徽皖通邮电股份有限公司 A kind of authentication identifying method of wildcard based on the close algorithm of state
CN106779707A (en) * 2016-12-23 2017-05-31 中钞信用卡产业发展有限公司北京智能卡技术研究院 Monitoring and managing method, the apparatus and system of the digital cash Transaction Information based on block chain

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8504836B2 (en) * 2008-12-29 2013-08-06 Motorola Mobility Llc Secure and efficient domain key distribution for device registration
CN102904713A (en) * 2011-07-25 2013-01-30 深圳市金溢科技有限公司 Key exchange method for secret key encryption communication system
CN102938696B (en) * 2011-08-15 2015-08-12 国民技术股份有限公司 A kind of generation method of session key and module
CN103067161B (en) * 2013-01-16 2016-06-01 电子科技大学 A kind of cryptographic key distribution method and system
CN104852911B (en) * 2015-04-27 2019-02-22 北京小米支付技术有限公司 Safe verification method, apparatus and system
CN105871918A (en) * 2016-06-08 2016-08-17 美的集团股份有限公司 Household appliance, communication system and method between household appliance and cloud server as well as cloud server
CN106789057B (en) * 2016-11-28 2020-05-22 航天恒星科技有限公司 Key negotiation method and system under satellite communication protocol

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150149788A1 (en) * 2013-11-27 2015-05-28 Nvidia Corporation System, method, and computer program product for optimizing data encryption and decryption by implementing asymmetric aes-cbc channels
CN106209360A (en) * 2016-07-22 2016-12-07 安徽皖通邮电股份有限公司 A kind of authentication identifying method of wildcard based on the close algorithm of state
CN106779707A (en) * 2016-12-23 2017-05-31 中钞信用卡产业发展有限公司北京智能卡技术研究院 Monitoring and managing method, the apparatus and system of the digital cash Transaction Information based on block chain

Also Published As

Publication number Publication date
CN108377189B (en) 2021-01-26
CN108377189A (en) 2018-08-07

Similar Documents

Publication Publication Date Title
WO2019214070A1 (en) Encryption method for user communication on block chain, apparatus, terminal device and storage medium
WO2020259635A1 (en) Method and apparatus for sharing blockchain data
US11683163B2 (en) ECDHE key exchange for server authentication and a key server
CN108292402B (en) Determination of a common secret and hierarchical deterministic keys for the secure exchange of information
WO2019214066A1 (en) Method and apparatus for re-establishing user database on blockchain, and device and medium
WO2019101134A1 (en) Multi-distributed sm9 decryption method, medium and key generating method
WO2019214069A1 (en) Method and apparatus for encrypted user communication on blockchain, and terminal device and storage medium
US20180013555A1 (en) Data transmission method and apparatus
US10880100B2 (en) Apparatus and method for certificate enrollment
JP2015521001A (en) Key sharing device and system for configuring key sharing device
US11177950B2 (en) Key generation for use in secured communication
US10630466B1 (en) Apparatus and method for exchanging cryptographic information with reduced overhead and latency
US20190044922A1 (en) Symmetric key identity systems and methods
JP2020532177A (en) Computer-implemented systems and methods for advanced data security, high-speed encryption, and transmission
US20230153445A1 (en) Enhanced security systems and methods using a hybrid security solution
Rizvi et al. A trusted third-party (TTP) based encryption scheme for ensuring data confidentiality in cloud environment
WO2021098152A1 (en) Blockchain-based data processing method, device, and computer apparatus
US11496287B2 (en) Privacy preserving fully homomorphic encryption with circuit verification
US20230318814A1 (en) Quantum safe key exchange scheme
Mohammed et al. Secure third party auditor (tpa) for ensuring data integrity in fog computing
US20180287796A1 (en) Security key hopping
CN114866244B (en) Method, system and device for controllable anonymous authentication based on ciphertext block chaining encryption
Yoon et al. Security enhancement scheme for mobile device using H/W cryptographic module
CN108429717B (en) Identity authentication method and device
US20220103355A1 (en) Method and system for key generation

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18917787

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 26/03/2021)

122 Ep: pct application non-entry in european phase

Ref document number: 18917787

Country of ref document: EP

Kind code of ref document: A1