WO2021212611A1 - Encrypted data peer-to-peer relationship parameter inspection method and apparatus, and device and storage medium - Google Patents

Encrypted data peer-to-peer relationship parameter inspection method and apparatus, and device and storage medium Download PDF

Info

Publication number
WO2021212611A1
WO2021212611A1 PCT/CN2020/093525 CN2020093525W WO2021212611A1 WO 2021212611 A1 WO2021212611 A1 WO 2021212611A1 CN 2020093525 W CN2020093525 W CN 2020093525W WO 2021212611 A1 WO2021212611 A1 WO 2021212611A1
Authority
WO
WIPO (PCT)
Prior art keywords
parameter
verification
encrypted data
participant
data
Prior art date
Application number
PCT/CN2020/093525
Other languages
French (fr)
Chinese (zh)
Inventor
陆陈一帆
来学嘉
贾牧
张鹏程
谢丹力
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2021212611A1 publication Critical patent/WO2021212611A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Definitions

  • This application relates to the field of blockchain technology, and in particular to a method, device, electronic equipment, and computer-readable storage medium for verifying encrypted data peer-to-peer relationship parameters.
  • Zero-Knowledge Proof (Zero-Knowledge Proof) was proposed by S. Gold wasser, S. Micali and C. Rackoff in the early 1980s. It refers to the ability of the prover to convince the verifier that a certain assertion is correct without providing any useful information to the verifier.
  • Zero-knowledge proof is essentially an agreement involving two or more parties, that is, a series of steps that two or more parties need to take to complete a task. The prover proves to the verifier and makes it believe that he knows or possesses a certain message, but the certification process cannot disclose any information about the certified message to the verifier.
  • the comparison participant is required to check whether the second encrypted data is equal to the first encrypted data encrypted by the providing comparison participant, it is necessary to provide the comparison participant direction and request the comparison participant to provide Some calibration parameters.
  • the inventor realizes that the current solution cannot guarantee whether these verification parameters are correct. Even if the second encrypted data is equal to the first encrypted data, the comparison participant can still maliciously create some false verification parameters to make the requesting participant believe that the second encrypted data is not equal to the first encrypted data.
  • this application provides a method, device, electronic device, and computer-readable storage medium for verifying encrypted data peer relationship parameters, the main purpose of which is to solve the above technical problems.
  • this application provides a method for verifying encrypted data peer relationship parameters, which includes:
  • the first participant After receiving the encrypted data comparison request initiated by the second participant, the first participant provides verification parameters and certification parameters to the second participant.
  • a key x encrypts the first original data a to obtain the first encrypted data [a]; the second participant is a participant that requires comparison, and the second original data b is encrypted with the second key y to obtain the first encrypted data [a]; Second encrypted data [b]; the verification parameter is generated by the first participant according to the first encrypted data [a], the second encrypted data [b] and the secret data, and is used to make the first encrypted data [b]
  • the two participants compare whether the first original data a and the second original data b are equal; and
  • the second participant checks whether the verification parameter is generated according to the secret data according to the certification parameter.
  • the present application also provides a device for verifying encrypted data peer-to-peer relationship parameters, which includes:
  • the receiving module is used for the first participant to provide verification parameters and certification parameters to the second participant after receiving the encrypted data comparison request initiated by the second participant, wherein the first participant provides the comparison
  • the participant uses the first key x to encrypt the first original data a to obtain the first encrypted data [a];
  • the second participant is the participant who requires the comparison, and uses the second key y to perform b is encrypted to obtain the second encrypted data [b];
  • the verification parameter is generated by the first participant according to the first encrypted data [a], the second encrypted data [b], and the secret data, using To enable the second participant to compare whether the first original data a and the second original data b are equal;
  • the verification module is used for the second participant to verify, according to the certification parameter, whether the verification parameter is generated according to the secret data.
  • the present application also provides an electronic device, which includes a memory and a processor, and an encrypted data peer relationship parameter verification system that can run on the processor is stored in the memory.
  • an encrypted data peer relationship parameter verification system that can run on the processor is stored in the memory.
  • the first participant After receiving the encrypted data comparison request initiated by the second participant, the first participant provides verification parameters and certification parameters to the second participant.
  • a key x encrypts the first original data a to obtain the first encrypted data [a]; the second participant is a participant that requires comparison, and the second original data b is encrypted with the second key y to obtain the first encrypted data [a]; Second encrypted data [b]; the verification parameter is generated by the first participant according to the first encrypted data [a], the second encrypted data [b] and the secret data, and is used to make the first encrypted data [b]
  • the two participants compare whether the first original data a and the second original data b are equal; and
  • the second participant checks whether the verification parameter is generated according to the secret data according to the certification parameter.
  • the present application also provides a computer-readable storage medium that stores an encrypted data peer-to-peer relationship parameter verification system, and the encrypted data peer-to-peer relationship parameter verification system can be At least one processor executes, so that the at least one processor executes the following steps:
  • the first participant After receiving the encrypted data comparison request initiated by the second participant, the first participant provides verification parameters and certification parameters to the second participant.
  • a key x encrypts the first original data a to obtain the first encrypted data [a]; the second participant is a participant that requires comparison, and the second original data b is encrypted with the second key y to obtain the first encrypted data [a]; Second encrypted data [b]; the verification parameter is generated by the first participant according to the first encrypted data [a], the second encrypted data [b] and the secret data, and is used to make the first encrypted data [b]
  • the two participants compare whether the first original data a and the second original data b are equal; and
  • the second participant checks whether the verification parameter is generated according to the secret data according to the certification parameter.
  • the first participant provides verification parameters to encourage the second participant to compare the first original data a with the first participant.
  • another set of proof parameters is also provided to prove the correctness of the verification parameters. If the verification parameter is not generated in accordance with the regulations, the first participant cannot create the certification parameter.
  • This application can prevent the first participant from providing false verification parameters, so as to ensure the smooth comparison of the encrypted data by the second participant, and improve the accuracy of the comparison result.
  • FIG. 1 is a flowchart of a preferred embodiment of a method for verifying peer-to-peer relationship parameters of encrypted data according to this application;
  • Fig. 2 is a detailed flowchart of step S2 in Fig. 1;
  • FIG. 3 is a detailed flowchart of step S22 in FIG. 2;
  • FIG. 4 is a detailed flowchart of step S24 in FIG. 2;
  • FIG. 5 is a schematic diagram of a preferred embodiment of the electronic device of this application.
  • FIG. 6 is a schematic diagram of modules of a preferred embodiment of an apparatus for verifying a peer relationship parameter of encrypted data according to this application;
  • Independent data storage system refers to third-party platforms such as blockchain networks, distributed databases, cloud servers, and distributed systems.
  • Public data storage system it can be cloud storage or blockchain network.
  • the public data storage system is mainly used to store public parameters (basis points), and can also store parameters related to the zero-knowledge proof protocol.
  • one or more trusted third parties must first create base points g, h, and i and upload them to the public data storage system.
  • the base point g is a public parameter
  • the base point h and the base point i are set by a trusted third party or by multiple trusted third parties' own platforms through the network (such as the Internet, blockchain network) collaboratively set and uploaded to the public In the data storage system.
  • G1 and G2 are primitive groups. In the bilinear mapping algorithm, G1 and G2 can be the same group or different groups. This application does not distinguish between the original groups G1 and G2.
  • gt is the base point of the mapping group, which corresponds to the base point g of the original group.
  • Primitive group and mapping group Any point on the original group can be mapped to the point of the corresponding mapping group through bilinear mapping.
  • the three points g, h, and i are the base points of the original group and are generated on the original group.
  • gt is the mapping from the original group base point g to the mapping group
  • ht is the mapping from the original group base point h to the mapping group
  • it is the mapping from the original group base point i to the mapping group.
  • Parameter label definition The traditional label is used in this application, and the parameter created by the base point g and the secret data ⁇ is expressed with the label g ⁇ x.
  • the corresponding elliptic curve label is ⁇ G, where G represents the base point on the elliptic curve.
  • , in the discrete logarithm problem There is h g ⁇ n in the operation of, where g is the basis. Due to the complexity of the discrete logarithm problem, it is difficult to calculate the value of the integer n when h and g are known. Therefore, the calculation environment involved in this application is based on calculations on an elliptic curve. In an elliptic curve, the basis is a point, not a number.
  • the first encrypted data [a] and the second encrypted data [b] can be on a public data storage system, such as a public cloud or a blockchain network, and participants can also transfer the first encrypted data to each other in a peer-to-peer manner [a ] And the second encrypted data [b].
  • a public data storage system such as a public cloud or a blockchain network
  • Secret parameter, randomly generated by the first participant, only the first participant knows.
  • the result of multiplying a number ⁇ by the inverse value ⁇ -1 of the number ⁇ is equal to the result of dividing the number ⁇ by the number ⁇ .
  • ht_sig the second certification parameter, which is the digital signature corresponding to the key x ⁇ corresponding to the public key ht ⁇ x ⁇ at the base point ht of the mapping group.
  • the third certification parameter which is a digital signature corresponding to the key a ⁇ corresponding to the public key gt ⁇ a ⁇ at the base point gt of the mapping group.
  • This application provides a method for checking the peer relationship parameters of encrypted data.
  • FIG. 1 it is a flowchart of a preferred embodiment of a method for verifying peer-to-peer relationship parameters of encrypted data according to this application.
  • the execution order of the steps in the flowchart shown in FIG. 1 can be changed, and some steps can be omitted.
  • the method includes the steps:
  • the first participant provides a comparison participant, and uses the first key x to encrypt the first original data a to obtain the first encrypted data [a]; the second participant requires the comparison participant Side, use the second key y to encrypt the second original data b to obtain the second encrypted data [b].
  • the comparison participant is required to know whether the first original data a corresponding to the first encrypted data [a] of the other party (providing the comparison participant) and the second original data b corresponding to the second encrypted data [b] of the other party are equal, An encrypted data comparison request will be initiated to the participant who provides the comparison.
  • the verification parameter is generated by the participant who provides the comparison based on the first encrypted data [a], the second encrypted data [b], the first key x and the secret parameter ⁇ (randomly generated by the participant who provides the comparison) , Used to enable the required comparison participant to compare whether the first original data a and the second original data b are equal according to the verification parameter.
  • the comparison participants in order to prevent the comparison participants from providing false verification parameters, it is also necessary to provide the first certification parameter p_ ⁇ , the second certification parameter ht_sig, and the third certification parameter gt_sig to the comparison participants.
  • S2 The second participant checks, according to the certification parameter, whether the verification parameter is generated according to the secret data.
  • the verification If the verification is passed, that is, the verification parameter is generated by the same secret data (the first key x, the secret parameter ⁇ ), it means that the comparison participant has not provided a false verification parameter. If the verification fails, it means that the verification parameter provided by the comparison participant is false or incorrect.
  • step S2 specifically includes the following steps:
  • the second participant checks whether the first verification parameter [a'] and the second verification parameter [b'] are changed by the same secret data according to the certification parameter. ] And the second encrypted data [b] are generated.
  • step S22 it is a detailed flowchart of step S22.
  • the comparison participants After the comparison participants are required to receive the verification parameters and the certification parameters, they can verify the first verification parameter [a'] and the second verification parameter [b'] through the following steps:
  • step S23 the second participant checks whether the fourth verification parameter v12 is also generated on the base point ht of the mapping group through the same secret data according to the certification parameter.
  • the comparison participant can verify whether the fourth verification parameter v12 is also generated by the secret parameter ⁇ corresponding to the first certification parameter p_ ⁇ through the bilinear mapping and the first certification parameter p_ ⁇ ( It is the same as generating the secret data of the first verification parameter [a'] and the second verification parameter [b']).
  • the mapping is performed according to the following formula:
  • the verification is passed (that is, the fourth verification parameter v12 is also generated by the secret parameter ⁇ corresponding to the first proof parameter p_ ⁇ ).
  • S24 The second participant checks whether the third verification parameter v11 is also generated on the base point ht of the mapping group through the same secret data according to the certification parameter.
  • step S24 is a detailed flowchart of step S24.
  • the participants in the comparison are required to check whether the third verification parameter v11 is the product of the first key x and the secret parameter ⁇ on the base point ht of the mapping group by the following steps Generated:
  • represents the additional value of tampering with the key x ⁇ .
  • the participant providing the comparison in addition to providing verification parameters to prompt the comparison participants to compare whether the first original data a and the second original data b are equal, they also provide another set of proof parameters. Prove the binding relationship between the verification parameter and the encrypted data and prove the binding relationship between several verification parameters to prove the correctness of the verification parameters. If the verification parameter is not generated in accordance with the regulations, the participant providing the comparison (or any participant providing the verification parameter) cannot create the certification parameter.
  • This embodiment of the application can avoid providing comparison participants (or any participant providing verification parameters) to provide false verification parameters, so as to ensure that the comparison participants are required to perform encrypted data peer-to-peer relationship comparisons and improve the comparison results Accuracy.
  • FIG. 5 is a schematic diagram of a preferred embodiment of the electronic device of this application.
  • the electronic device 1 is applicable to the above-mentioned encryption data peer relationship parameter verification method.
  • the electronic device 1 includes a memory 11, a processor 12, and a network interface 13.
  • the memory 11 includes at least one type of readable storage medium, and the readable storage medium includes flash memory, hard disk, multimedia card, card-type memory (for example, SD or DX memory, etc.), magnetic memory, magnetic disk, optical disk, and the like.
  • the memory 11 may be an internal storage unit of the electronic device 1 in some embodiments, such as a hard disk of the electronic device 1.
  • the memory 11 may also be an external storage device of the electronic device 1, such as a plug-in hard disk, a smart media card (SMC), and a secure digital (Secure Digital) equipped on the electronic device 1. , SD) card, flash card (Flash Card), etc.
  • the memory 11 may also include both an internal storage unit of the electronic device 1 and an external storage device.
  • the memory 11 can not only be used to store application software and various data installed in the electronic device 1, for example, the program code of the encrypted data peer relationship parameter verification system 10 corresponding to the encrypted data peer relationship parameter verification method, etc., It can also be used to temporarily store data that has been output or will be output.
  • the processor 12 may be a central processing unit (CPU), controller, microcontroller, microprocessor, or other data processing chip, for running program codes or processing stored in the memory 11 Data, for example, the program code of the encrypted data peer relationship parameter verification system 10 corresponding to the encrypted data peer relationship parameter verification method.
  • CPU central processing unit
  • controller microcontroller
  • microprocessor or other data processing chip
  • the network interface 13 may optionally include a standard wired interface and a wireless interface (such as a WI-FI interface), and is generally used to establish a communication connection between the electronic device 1 and other electronic devices.
  • the components 11-13 of the electronic device 1 communicate with each other via a communication bus.
  • FIG. 5 only shows the electronic device 1 with components 11-13. Those skilled in the art can understand that the structure shown in FIG. 5 does not constitute a limitation on the electronic device 1, and may include less or more Multiple components, or a combination of certain components, or different component arrangements.
  • the specific implementation of the electronic device of the present application is substantially the same as the specific implementation of the above-mentioned encryption data peer relationship parameter verification method, and will not be repeated here.
  • the embodiment of the present application also proposes a device for verifying the peer relationship parameter of encrypted data.
  • FIG. 6 it is a schematic diagram of modules of a preferred embodiment of an apparatus for verifying a peer relationship parameter of encrypted data according to this application.
  • the device 2 for verifying the encrypted data peer relationship parameter in this embodiment may include: a module 210-module 220 according to the realized function.
  • the module can also be called a unit, which refers to a series of computer program segments that can be executed by the processor of the electronic device and can complete fixed functions, and are stored in the memory of the electronic device.
  • each module/unit is as follows:
  • the receiving module 210 is used for the first participant to provide verification parameters and certification parameters to the second participant after receiving the encrypted data comparison request initiated by the second participant, wherein the first participant provides the comparison For the participant, use the first key x to encrypt the first original data a and obtain the first encrypted data [a]; The data b is encrypted to obtain the second encrypted data [b]; the verification parameter is generated by the first participant according to the first encrypted data [a], the second encrypted data [b] and the secret data, Used to enable the second participant to compare whether the first original data a and the second original data b are equal; and
  • the verification module 220 is used for the second participant to verify, according to the certification parameter, whether the verification parameter is generated according to the secret data.
  • modules 210-220 The functions or operation steps implemented by the modules 210-220 are similar to the above, and will not be described in detail here.
  • the embodiment of the present application also proposes a computer-readable storage medium, and the computer scale storage medium may be non-volatile or volatile.
  • the computer-readable storage medium includes the program code of the encrypted data peer relationship parameter verification system 10 corresponding to the encrypted data peer relationship parameter verification method, and the program code corresponding to the encrypted data peer relationship parameter verification method When the program code of the encrypted data peer relationship parameter verification system 10 is executed by the processor, the steps of the encrypted data peer relationship parameter verification method are implemented.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Computing Systems (AREA)
  • Algebra (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Mathematical Optimization (AREA)
  • Data Mining & Analysis (AREA)
  • Mathematical Analysis (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The present application relates to blockchain technology. Disclosed is an encrypted data peer-to-peer relationship parameter inspection method. The method comprises: after receiving an encrypted data comparison request initiated by a second participant, a first participant providing check parameters and proof parameters for the second participant, wherein the check parameters are generated by the first participant according to first encrypted data [a], second encrypted data [b] and secret data, and are used for enabling the second participant to make a comparison to determine whether first original data a and second original data b are equal; and the second participant inspecting, according to the proof parameters, whether the check parameters are generated according to the secret data. Further disclosed are an encrypted data peer-to-peer relationship parameter inspection apparatus, an electronic device and a computer-readable storage medium. By means of the present application, a first participant can be prevented from providing false check parameters, thereby ensuring that a second participant smoothly carries out encrypted data peer-to-peer relationship comparison.

Description

加密数据对等关系参数检验方法、装置、设备及存储介质Encrypted data peer relationship parameter verification method, device, equipment and storage medium
本申请要求于2020年04月23日提交中国专利局、申请号为202010326385.6、发明名称为“加密数据对等关系参数检验方法、装置及存储介质”的中国专利申请的优先权,其全部内容通过引用结合在申请中。This application claims the priority of a Chinese patent application filed with the Chinese Patent Office on April 23, 2020, the application number is 202010326385.6, and the invention title is "Encrypted Data Peer Relationship Parameter Inspection Method, Device, and Storage Medium". The entire content of the application is approved The reference is incorporated in the application.
技术领域Technical field
本申请涉及区块链技术领域,尤其涉及一种加密数据对等关系参数检验方法、装置、电子设备及计算机可读存储介质。This application relates to the field of blockchain technology, and in particular to a method, device, electronic equipment, and computer-readable storage medium for verifying encrypted data peer-to-peer relationship parameters.
背景技术Background technique
零知识证明(Zero—Knowledge Proof),是由S.Gold wasser、S.Micali及C.Rackoff在20世纪80年代初提出的。它指的是证明者能够在不向验证者提供任何有用的信息的情况下,使验证者相信某个论断是正确的。零知识证明实质上是一种涉及两方或更多方的协议,即两方或更多方完成一项任务所需采取的一系列步骤。证明者向验证者证明并使其相信自己知道或拥有某一消息,但证明过程不能向验证者泄漏任何关于被证明消息的信息。Zero-Knowledge Proof (Zero-Knowledge Proof) was proposed by S. Gold wasser, S. Micali and C. Rackoff in the early 1980s. It refers to the ability of the prover to convince the verifier that a certain assertion is correct without providing any useful information to the verifier. Zero-knowledge proof is essentially an agreement involving two or more parties, that is, a series of steps that two or more parties need to take to complete a task. The prover proves to the verifier and makes it believe that he knows or possesses a certain message, but the certification process cannot disclose any information about the certified message to the verifier.
目前,在零知识证明中,如果要求比对参与方要检测自己加密的第二加密数据是否等于由提供比对参与方加密的第一加密数据,需要提供比对参与方向要求比对参与方提供一些校验参数。但是,发明人意识到目前的方案无法保证这些校验参数是否正确。即使第二加密数据等于第一加密数据,提供比对参与方仍然可以恶意创造一些虚假校验参数来使要求比对参与方相信第二加密数据与第一加密数据不相等。At present, in the zero-knowledge proof, if the comparison participant is required to check whether the second encrypted data is equal to the first encrypted data encrypted by the providing comparison participant, it is necessary to provide the comparison participant direction and request the comparison participant to provide Some calibration parameters. However, the inventor realizes that the current solution cannot guarantee whether these verification parameters are correct. Even if the second encrypted data is equal to the first encrypted data, the comparison participant can still maliciously create some false verification parameters to make the requesting participant believe that the second encrypted data is not equal to the first encrypted data.
因此,如何在比对两个由不同参与方的密钥加密的数据是否相等时,避免提供比对参与方提供虚假校验参数,已经成为一个亟待解决的技术问题。Therefore, how to avoid providing false verification parameters provided by the comparing participants when comparing whether two data encrypted by the keys of different participants are equal has become a technical problem to be solved urgently.
发明内容Summary of the invention
鉴于以上内容,本申请提供一种加密数据对等关系参数检验方法、装置、电子设备及计算机可读存储介质,其主要目的在于解决上述技术问题。In view of the above content, this application provides a method, device, electronic device, and computer-readable storage medium for verifying encrypted data peer relationship parameters, the main purpose of which is to solve the above technical problems.
为实现上述目的,本申请提供一种加密数据对等关系参数检验方法,该方法包括:In order to achieve the above objective, this application provides a method for verifying encrypted data peer relationship parameters, which includes:
第一参与方在收到第二参与方发起的加密数据比对请求后,向第二参与方提供校验参数和证明参数,其中,所述第一参与方为提供比对参与方,利用第一密钥x对第一原始数据a加密后得到第一加密数据[a];所述第二参与方为要求比对参与方,利用第二密钥y对第二原始数据b加密后得到第二加密数据[b];所述校验参数由所述第一参与方根据所述第一加密数据[a]、所述第二加密数据[b]和秘密数据生成,用于使所述第二参与方比对第一原始数据a和第二原始数据b是否相等;及After receiving the encrypted data comparison request initiated by the second participant, the first participant provides verification parameters and certification parameters to the second participant. A key x encrypts the first original data a to obtain the first encrypted data [a]; the second participant is a participant that requires comparison, and the second original data b is encrypted with the second key y to obtain the first encrypted data [a]; Second encrypted data [b]; the verification parameter is generated by the first participant according to the first encrypted data [a], the second encrypted data [b] and the secret data, and is used to make the first encrypted data [b] The two participants compare whether the first original data a and the second original data b are equal; and
所述第二参与方根据所述证明参数检验所述校验参数是否根据所述秘密数据生成。The second participant checks whether the verification parameter is generated according to the secret data according to the certification parameter.
此外,为实现上述目的,本申请还提供一种加密数据对等关系参数检验装置,该装置包括:In addition, in order to achieve the above objective, the present application also provides a device for verifying encrypted data peer-to-peer relationship parameters, which includes:
接收模块,用于第一参与方在收到第二参与方发起的加密数据比对请求后,向第二参与方提供校验参数和证明参数,其中,所述第一参与方为提供比对参与方,利用第一密钥x对第一原始数据a加密后得到第一加密数据[a];所述第二参与方为要求比对参与方,利用第二密钥y对第二原始数据b加密后得到第二加密数据[b];所述校验参数由所述第一参与方根据所述第一加密数据[a]、所述第二加密数据[b]和秘密数据生成,用于使所述第二参与方比对第一原始数据a和第二原始数据b是否相等;及The receiving module is used for the first participant to provide verification parameters and certification parameters to the second participant after receiving the encrypted data comparison request initiated by the second participant, wherein the first participant provides the comparison The participant uses the first key x to encrypt the first original data a to obtain the first encrypted data [a]; the second participant is the participant who requires the comparison, and uses the second key y to perform b is encrypted to obtain the second encrypted data [b]; the verification parameter is generated by the first participant according to the first encrypted data [a], the second encrypted data [b], and the secret data, using To enable the second participant to compare whether the first original data a and the second original data b are equal; and
检验模块,用于所述第二参与方根据所述证明参数检验所述校验参数是否根据所述秘密数据生成。The verification module is used for the second participant to verify, according to the certification parameter, whether the verification parameter is generated according to the secret data.
此外,为实现上述目的,本申请还提供一种电子设备,该设备包括存储器、处理器, 所述存储器上存储有可在所述处理器上运行的加密数据对等关系参数检验系统,所述加密数据对等关系参数检验系统被所述处理器执行时实现如下步骤:In addition, in order to achieve the above object, the present application also provides an electronic device, which includes a memory and a processor, and an encrypted data peer relationship parameter verification system that can run on the processor is stored in the memory. When the encrypted data peer relationship parameter verification system is executed by the processor, the following steps are implemented:
第一参与方在收到第二参与方发起的加密数据比对请求后,向第二参与方提供校验参数和证明参数,其中,所述第一参与方为提供比对参与方,利用第一密钥x对第一原始数据a加密后得到第一加密数据[a];所述第二参与方为要求比对参与方,利用第二密钥y对第二原始数据b加密后得到第二加密数据[b];所述校验参数由所述第一参与方根据所述第一加密数据[a]、所述第二加密数据[b]和秘密数据生成,用于使所述第二参与方比对第一原始数据a和第二原始数据b是否相等;及After receiving the encrypted data comparison request initiated by the second participant, the first participant provides verification parameters and certification parameters to the second participant. A key x encrypts the first original data a to obtain the first encrypted data [a]; the second participant is a participant that requires comparison, and the second original data b is encrypted with the second key y to obtain the first encrypted data [a]; Second encrypted data [b]; the verification parameter is generated by the first participant according to the first encrypted data [a], the second encrypted data [b] and the secret data, and is used to make the first encrypted data [b] The two participants compare whether the first original data a and the second original data b are equal; and
所述第二参与方根据所述证明参数检验所述校验参数是否根据所述秘密数据生成。The second participant checks whether the verification parameter is generated according to the secret data according to the certification parameter.
进一步地,为实现上述目的,本申请还提供一种计算机可读存储介质,所述计算机可读存储介质存储有加密数据对等关系参数检验系统,所述加密数据对等关系参数检验系统可被至少一个处理器执行,以使所述至少一个处理器执行如下步骤:Further, in order to achieve the above object, the present application also provides a computer-readable storage medium that stores an encrypted data peer-to-peer relationship parameter verification system, and the encrypted data peer-to-peer relationship parameter verification system can be At least one processor executes, so that the at least one processor executes the following steps:
第一参与方在收到第二参与方发起的加密数据比对请求后,向第二参与方提供校验参数和证明参数,其中,所述第一参与方为提供比对参与方,利用第一密钥x对第一原始数据a加密后得到第一加密数据[a];所述第二参与方为要求比对参与方,利用第二密钥y对第二原始数据b加密后得到第二加密数据[b];所述校验参数由所述第一参与方根据所述第一加密数据[a]、所述第二加密数据[b]和秘密数据生成,用于使所述第二参与方比对第一原始数据a和第二原始数据b是否相等;及After receiving the encrypted data comparison request initiated by the second participant, the first participant provides verification parameters and certification parameters to the second participant. A key x encrypts the first original data a to obtain the first encrypted data [a]; the second participant is a participant that requires comparison, and the second original data b is encrypted with the second key y to obtain the first encrypted data [a]; Second encrypted data [b]; the verification parameter is generated by the first participant according to the first encrypted data [a], the second encrypted data [b] and the secret data, and is used to make the first encrypted data [b] The two participants compare whether the first original data a and the second original data b are equal; and
所述第二参与方根据所述证明参数检验所述校验参数是否根据所述秘密数据生成。The second participant checks whether the verification parameter is generated according to the secret data according to the certification parameter.
本申请提出的加密数据对等关系参数检验方法、装置、电子设备及计算机可读存储介质中,第一参与方除了提供校验参数来促使第二参与方可以比对第一原始数据a和第二原始数据b是否相等以外,还提供另外一组证明参数,用来证明校验参数的正确性。如果校验参数没有按照规定生成,则第一参与方无法创建出所述证明参数。本申请可以避免第一参与方提供虚假的校验参数,以保障第二参与方顺利进行加密数据对等关系比对,提升比对结果的准确性。In the method, device, electronic equipment, and computer-readable storage medium for verifying the encrypted data peer relationship parameter proposed in this application, the first participant provides verification parameters to encourage the second participant to compare the first original data a with the first participant. In addition to whether the original data b is equal, another set of proof parameters is also provided to prove the correctness of the verification parameters. If the verification parameter is not generated in accordance with the regulations, the first participant cannot create the certification parameter. This application can prevent the first participant from providing false verification parameters, so as to ensure the smooth comparison of the encrypted data by the second participant, and improve the accuracy of the comparison result.
附图说明Description of the drawings
图1为本申请加密数据对等关系参数检验方法较佳实施例的流程图;FIG. 1 is a flowchart of a preferred embodiment of a method for verifying peer-to-peer relationship parameters of encrypted data according to this application;
图2为图1中步骤S2的细化流程图;Fig. 2 is a detailed flowchart of step S2 in Fig. 1;
图3为图2中步骤S22的细化流程图;FIG. 3 is a detailed flowchart of step S22 in FIG. 2;
图4为图2中步骤S24的细化流程图;FIG. 4 is a detailed flowchart of step S24 in FIG. 2;
图5为本申请电子设备较佳实施例的示意图;FIG. 5 is a schematic diagram of a preferred embodiment of the electronic device of this application;
图6为本申请加密数据对等关系参数检验装置较佳实施例的模块示意图;FIG. 6 is a schematic diagram of modules of a preferred embodiment of an apparatus for verifying a peer relationship parameter of encrypted data according to this application;
本申请目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。The realization, functional characteristics, and advantages of the purpose of this application will be further described in conjunction with the embodiments and with reference to the accompanying drawings.
具体实施方式Detailed ways
为了使本申请的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本申请进行进一步详细说明。应当理解,此处所描述的具体实施例仅用以解释本申请,并不用于限定本申请。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to make the purpose, technical solutions, and advantages of this application clearer and clearer, the following further describes the application in detail with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the application, and are not used to limit the application. Based on the embodiments in this application, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of this application.
需要说明的是,在本申请中涉及“第一”、“第二”等的描述仅用于描述目的,而不能理解为指示或暗示其相对重要性或者隐含指明所指示的技术特征的数量。由此,限定有“第一”、“第二”的特征可以明示或者隐含地包括至少一个该特征。另外,各个实施例之间的技术方案可以相互结合,但是必须是以本领域普通技术人员能够实现为基础,当技术方案的结合出现相互矛盾或无法实现时应当认为这种技术方案的结合不存在,也不在本申请要求的保护范围之内。It should be noted that the descriptions related to "first", "second", etc. in this application are only for descriptive purposes, and cannot be understood as indicating or implying their relative importance or implicitly indicating the number of indicated technical features . Therefore, the features defined with "first" and "second" may explicitly or implicitly include at least one of the features. In addition, the technical solutions between the various embodiments can be combined with each other, but it must be based on what can be achieved by a person of ordinary skill in the art. When the combination of technical solutions is contradictory or cannot be achieved, it should be considered that such a combination of technical solutions does not exist. , Is not within the scope of protection required by this application.
在对本申请方案进行说明之前,对用到的名词、数据等进行说明。Before explaining the scheme of this application, the nouns, data, etc. used are explained.
名词定义:Term definition:
独立数据存储系统:指的是区块链网络、分布式数据库、云端服务器、分布式系统等第三方平台。Independent data storage system: Refers to third-party platforms such as blockchain networks, distributed databases, cloud servers, and distributed systems.
公共数据存储系统:可以是云端存储也可以是区块链网络。所述公共数据存储系统主要用于存储公共参数(基点),也可以存储与零知识证明协议有关的参数等。在可以使用零知识证明协议之前,需要先由一个或多个可信第三方创建基点g、h、i并上传至公共数据存储系统。其中,基点g是公共参数,基点h和基点i是由一个可信第三方设置或多个可信第三方自己的平台通过网络(如互联网、区块链网络)协同设置并上传至所述公共数据存储系统中的。Public data storage system: it can be cloud storage or blockchain network. The public data storage system is mainly used to store public parameters (basis points), and can also store parameters related to the zero-knowledge proof protocol. Before the zero-knowledge proof protocol can be used, one or more trusted third parties must first create base points g, h, and i and upload them to the public data storage system. Among them, the base point g is a public parameter, and the base point h and the base point i are set by a trusted third party or by multiple trusted third parties' own platforms through the network (such as the Internet, blockchain network) collaboratively set and uploaded to the public In the data storage system.
双线性映射:对于任意的g1∈G1;g2∈G2;a,b∈Zp,均有e(g1^a,g2^b)=e(g1,g2)^ab成立。其中,e称为双线性映射。G1和G2为原始群,在双线性映射算法中G1和G2可以是同一个群也可以是不同群,本申请不对原始群G1和G2进行区分,G1和G2的基点都用原始群基点g做表述。为方便表述,以下描述都以e(g^a,g^b)=e(g,g)^ab来呈现。在本申请中e(g,g)^ab也可以用gt^ab来代表。gt是映射群基点,与原始群的基点g对应。Bilinear mapping: for any g1 ∈ G1; g2 ∈ G2; a, b ∈ Zp, e(g1^a, g2^b)=e(g1,g2)^ab holds. Among them, e is called bilinear mapping. G1 and G2 are primitive groups. In the bilinear mapping algorithm, G1 and G2 can be the same group or different groups. This application does not distinguish between the original groups G1 and G2. The base points of G1 and G2 are both the original group base point g Make presentations. For ease of presentation, the following descriptions are presented as e(g^a,g^b)=e(g,g)^ab. In this application, e(g,g)^ab can also be represented by gt^ab. gt is the base point of the mapping group, which corresponds to the base point g of the original group.
原始群和映射群:任意原始群上的点都可以通过双线性映射被映射到对应的映射群的点上去。在本申请中,g、h、i三个点均为原始群基点,在原始群上生成。gt为从原始群基点g在映射群的映射,ht为从原始群基点h在映射群的映射,it为从原始群基点i在映射群的映射。Primitive group and mapping group: Any point on the original group can be mapped to the point of the corresponding mapping group through bilinear mapping. In this application, the three points g, h, and i are the base points of the original group and are generated on the original group. gt is the mapping from the original group base point g to the mapping group, ht is the mapping from the original group base point h to the mapping group, and it is the mapping from the original group base point i to the mapping group.
参数标示定义:本申请中采用传统标示,通过基点g和秘密数据δ创建的参数上用标示g^x表述。与其对应如椭圆曲线标示则是δG,其中G代表椭圆曲线上的基点。Parameter label definition: The traditional label is used in this application, and the parameter created by the base point g and the secret data δ is expressed with the label g^x. The corresponding elliptic curve label is δG, where G represents the base point on the elliptic curve.
离散对数:已知有限循环群G=<g>{g^n|k=0,1,2,...},及其生成元g和阶n=|G|,在离散对数问题的运算中存在h=g^n,其中,g是基,由于离散对数问题的复杂性,很难在知道h和g的情况下计算出整数n的值。因此,本申请中涉及的运算环境为基于椭圆曲线上的运算,椭圆曲线中,基是一个点不是数。Discrete logarithm: It is known that the finite cyclic group G=<g>{g^n|k=0,1,2,...}, and its generator g and order n=|G|, in the discrete logarithm problem There is h=g^n in the operation of, where g is the basis. Due to the complexity of the discrete logarithm problem, it is difficult to calculate the value of the integer n when h and g are known. Therefore, the calculation environment involved in this application is based on calculations on an elliptic curve. In an elliptic curve, the basis is a point, not a number.
佩德森承诺(Pedersen Commitment)加密算法:在离散对数问题的运算环境下,a为原文,x为密钥,对a加密后的密文[a]=g^a*h^x,(椭圆曲线表述方式为:aG+xH)其中,g与h各代表一个基,h=g^n(椭圆曲线表述方式为:H=nG)。佩德森承诺算法具有加法同态特性并可以作为双线性映射公式中的参数(输入因子)。Pedersen Commitment encryption algorithm: In the computing environment of the discrete logarithm problem, a is the original text, x is the key, and the encrypted text of a is [a]=g^a*h^x, ( The elliptic curve expression method is: aG+xH) where g and h each represent a base, h=g^n (the elliptic curve expression method is: H=nG). Pedersen's promise algorithm has additive homomorphism and can be used as a parameter (input factor) in the bilinear mapping formula.
数据定义:Data definition:
(1)原始数据和加密数据(1) Original data and encrypted data
a:第一原始数据,仅第一参与方(提供比对参与方)知道。a: The first raw data, only the first participant (participant who provides the comparison) knows.
b:第二原始数据,仅第二参与方(要求比对参与方)知道。b: The second original data, only the second participant (required to compare participants) knows.
[a]:第一加密数据,由第一参与方将第一原始数据a用第一密钥x加密后得到的数据,即[a]=g^a*h^x。[a]: The first encrypted data, the data obtained by the first participant encrypting the first original data a with the first key x, that is, [a]=g^a*h^x.
[b]:第二加密数据,由第二参与方将第二原始数据b用第二密钥y加密后得到的数据,即[b]=g^b*h^y。[b]: The second encrypted data, the data obtained by the second participant encrypting the second original data b with the second key y, that is, [b]=g^b*h^y.
第一加密数据[a]和第二加密数据[b]可以在一个公共数据存储系统上,例如公有云或者区块链网络,参与方之间也可以通过点对点方式互相传递第一加密数据[a]和第二加密数据[b]。The first encrypted data [a] and the second encrypted data [b] can be on a public data storage system, such as a public cloud or a blockchain network, and participants can also transfer the first encrypted data to each other in a peer-to-peer manner [a ] And the second encrypted data [b].
(2)秘密数据(2) Secret data
x:第一密钥,用于加密第一原始数据a,仅第一参与方知道。x: The first key, used to encrypt the first original data a, only the first participant knows.
α:秘密参数,由第一参与方随机生成,仅第一参与方知道。α: Secret parameter, randomly generated by the first participant, only the first participant knows.
(3)校验参数(3) Calibration parameters
由第一参与方根据上述加密数据和秘密数据生成,并提供给第二参与方,以使第二参与方根据所述校验参数检验第一原始数据a和第二原始数据b是否相等。It is generated by the first participant according to the above-mentioned encrypted data and secret data, and provided to the second participant, so that the second participant can check whether the first original data a and the second original data b are equal according to the verification parameter.
[a’]:第一校验参数,通过第一加密数据[a]和秘密参数α生成,[a’]=g^aα*h^xα。[a']: The first verification parameter, which is generated from the first encrypted data [a] and the secret parameter α, [a']=g^aα*h^xα.
[b’]:第二校验参数,通过第二加密数据[b]和秘密参数α生成,[b’]=g^bα*h^yα。[b']: The second verification parameter, which is generated from the second encrypted data [b] and the secret parameter α, [b']=g^bα*h^yα.
v11:第三校验参数,通过第一密钥x和秘密参数α在映射群基点ht上生成,v11=ht^xα。同时也是对应密钥xα的公钥,其中xα为第一密钥x和秘密参数α的乘积。v11: The third verification parameter, which is generated on the base point ht of the mapping group through the first key x and the secret parameter α, v11=ht^xα. It is also the public key corresponding to the key xα, where xα is the product of the first key x and the secret parameter α.
v12:第四校验参数,通过秘密参数α在原始群基点h上生成,v12=h^α。v12: The fourth verification parameter, which is generated on the base point h of the original group by the secret parameter α, v12=h^α.
(4)证明参数(4) Proof parameters
由第一参与方提供给第二参与方,以证明上述校验参数确实是通过上述加密数据和秘密数据生成的。It is provided by the first participant to the second participant to prove that the verification parameter is indeed generated by the encrypted data and the secret data.
p_α:第一证明参数,通过秘密参数α生成,p_α=g^α -1。其中,α^-1是α的逆值,即α*α^-1=1。在算式中一个数μ乘以数α的逆值α^-1的结果等于数μ除以数α的结果。 p_α: the first proof parameter, generated by the secret parameter α, p_α=g^α -1 . Among them, α^-1 is the inverse value of α, that is, α*α^-1=1. In the formula, the result of multiplying a number μ by the inverse value α^-1 of the number α is equal to the result of dividing the number μ by the number α.
ht_sig:第二证明参数,为与公钥ht^xα对应的密钥xα在映射群基点ht对应的数字签名。ht_sig: the second certification parameter, which is the digital signature corresponding to the key xα corresponding to the public key ht^xα at the base point ht of the mapping group.
gt_sig:第三证明参数,为与公钥gt^aα对应的密钥aα在映射群基点gt对应的数字签名。gt_sig: The third certification parameter, which is a digital signature corresponding to the key aα corresponding to the public key gt^aα at the base point gt of the mapping group.
本申请提供一种加密数据对等关系参数检验方法。This application provides a method for checking the peer relationship parameters of encrypted data.
参照图1所示,为本申请加密数据对等关系参数检验方法较佳实施例的流程图。在本实施例中,根据不同的需求,图1所示的流程图中的步骤的执行顺序可以改变,某些步骤可以省略。该方法包括步骤:Referring to FIG. 1, it is a flowchart of a preferred embodiment of a method for verifying peer-to-peer relationship parameters of encrypted data according to this application. In this embodiment, according to different requirements, the execution order of the steps in the flowchart shown in FIG. 1 can be changed, and some steps can be omitted. The method includes the steps:
S1,第一参与方在收到第二参与方发起的加密数据比对请求后,向第二参与方提供校验参数和证明参数。S1: After receiving the encrypted data comparison request initiated by the second participant, the first participant provides the verification parameter and the certification parameter to the second participant.
具体地,所述第一参与方为提供比对参与方,利用第一密钥x对第一原始数据a加密后得到第一加密数据[a];所述第二参与方为要求比对参与方,利用第二密钥y对第二原始数据b加密后得到第二加密数据[b]。要求比对参与方想知道对方(提供比对参与方)的第一加密数据[a]对应的第一原始数据a和己方的第二加密数据[b]对应的第二原始数据b是否相等,会向提供比对参与方发起加密数据比对请求。Specifically, the first participant provides a comparison participant, and uses the first key x to encrypt the first original data a to obtain the first encrypted data [a]; the second participant requires the comparison participant Side, use the second key y to encrypt the second original data b to obtain the second encrypted data [b]. The comparison participant is required to know whether the first original data a corresponding to the first encrypted data [a] of the other party (providing the comparison participant) and the second original data b corresponding to the second encrypted data [b] of the other party are equal, An encrypted data comparison request will be initiated to the participant who provides the comparison.
提供比对参与方收到要求比对参与方发出的加密数据比对请求后,如果同意比对,则会将第一校验参数[a’]、第二校验参数[b’]、第三校验参数v11和第四校验参数v12这四个校验参数发给要求比对参与方。所述校验参数由提供比对参与方根据所述第一加密数据[a]、第二加密数据[b]、第一密钥x和秘密参数α(由提供比对参与方随机生成)生成,用于使要求比对参与方根据所述校验参数比对第一原始数据a和第二原始数据b是否相等。Provide comparison participants receive the encrypted data comparison request sent by the comparison participants, and if they agree to the comparison, the first verification parameter [a'], the second verification parameter [b'], and the The four verification parameters, the third verification parameter v11 and the fourth verification parameter v12, are sent to the participants that require the comparison. The verification parameter is generated by the participant who provides the comparison based on the first encrypted data [a], the second encrypted data [b], the first key x and the secret parameter α (randomly generated by the participant who provides the comparison) , Used to enable the required comparison participant to compare whether the first original data a and the second original data b are equal according to the verification parameter.
同时,在本实施例中,为了杜绝提供比对参与方提供虚假的校验参数,还需要向要求比对参与方提供第一证明参数p_α、第二证明参数ht_sig、第三证明参数gt_sig这三个证明参数,用来证明所述校验参数确实是通过所述加密数据(第一加密数据[a]、第二加密数据[b])和秘密数据(第一密钥x、秘密参数α)生成的。At the same time, in this embodiment, in order to prevent the comparison participants from providing false verification parameters, it is also necessary to provide the first certification parameter p_α, the second certification parameter ht_sig, and the third certification parameter gt_sig to the comparison participants. A proof parameter used to prove that the verification parameter is indeed passed through the encrypted data (first encrypted data [a], second encrypted data [b]) and secret data (first key x, secret parameter α) Generated.
S2,第二参与方根据所述证明参数检验所述校验参数是否根据所述秘密数据生成。S2: The second participant checks, according to the certification parameter, whether the verification parameter is generated according to the secret data.
若检验通过,即所述校验参数是通过同样的所述秘密数据(第一密钥x、秘密参数α)生成的,则表示提供比对参与方未提供虚假的校验参数。若检验不通过,则表示提供比对参与方提供的所述校验参数为虚假的或错误的。If the verification is passed, that is, the verification parameter is generated by the same secret data (the first key x, the secret parameter α), it means that the comparison participant has not provided a false verification parameter. If the verification fails, it means that the verification parameter provided by the comparison participant is false or incorrect.
具体地,参阅图2所示,为步骤S2的细化流程图。在本实施例中,该步骤具体包括以下步骤:Specifically, referring to FIG. 2, it is a detailed flowchart of step S2. In this embodiment, this step specifically includes the following steps:
S22,第二参与方根据所述证明参数检验所述第一校验参数[a’]和所述第二校验参数[b’]是否通过同样的秘密数据更改所述第一加密数据[a]和所述第二加密数据[b]生成。S22. The second participant checks whether the first verification parameter [a'] and the second verification parameter [b'] are changed by the same secret data according to the certification parameter. ] And the second encrypted data [b] are generated.
具体地,参阅图3所示,为步骤S22的细化流程图。要求比对参与方收到所述校验参数和证明参数后,可以通过以下步骤对所述第一校验参数[a’]和所述第二校验参数[b’]进行检验:Specifically, referring to FIG. 3, it is a detailed flowchart of step S22. After the comparison participants are required to receive the verification parameters and the certification parameters, they can verify the first verification parameter [a'] and the second verification parameter [b'] through the following steps:
S221,通过双线性映射和第一证明参数p_α,将所述第一校验参数[a’]转换回第一加密数据[a]在映射群基点gt和ht上的数值(为第一转换结果)。S221: Convert the first verification parameter [a'] back to the value of the first encrypted data [a] at the base points gt and ht of the mapping group through the bilinear mapping and the first proof parameter p_α (the first conversion result).
具体地,根据以下公式进行转换:Specifically, the conversion is performed according to the following formula:
e([a’],p_α)=e(g^aα*h^xα,g^α -1)=gt^a*ht^x e([a'],p_α)=e(g^aα*h^xα,g^α -1 )=gt^a*ht^x
S222,通过双线性映射将第一加密数据[a]转换到映射群基点gt和ht上(为第二转换结果)。S222: Convert the first encrypted data [a] to the base points gt and ht of the mapping group through bilinear mapping (the second conversion result).
具体地,根据以下公式进行转换:Specifically, the conversion is performed according to the following formula:
e([a],g)=e(g^a*h^x,g)=gt^a*ht^xe([a],g)=e(g^a*h^x,g)=gt^a*ht^x
S223,比较上述两个转换结果(第一转换结果和第二转换结果)是否相等。当第一转换结果和第二转换结果相等时,确认所述第一校验参数[a’]是通过所述第一加密数据[a]和第一证明参数p_α对应的秘密参数α生成。S223: Compare whether the two conversion results (the first conversion result and the second conversion result) are equal. When the first conversion result and the second conversion result are equal, it is confirmed that the first verification parameter [a'] is generated by the secret parameter α corresponding to the first encrypted data [a] and the first certification parameter p_α.
S224,通过双线性映射和第一证明参数p_α,将所述第二校验参数[b’]转换回第二加密数据[b]在映射群基点gt和ht上的数值(为第三转换结果)。S224: Convert the second verification parameter [b'] back to the value of the second encrypted data [b] at the base points gt and ht of the mapping group through the bilinear mapping and the first proof parameter p_α (the third conversion result).
具体地,根据以下公式进行转换:Specifically, the conversion is performed according to the following formula:
e([b’],p_α)=e(g^bα*h^yα,g^α -1)=gt^b*ht^y e([b'],p_α)=e(g^bα*h^yα,g^α -1 )=gt^b*ht^y
S225,通过双线性映射将第二加密数据[b]转换到映射群基点gt和ht上(为第四转换结果)。S225: Convert the second encrypted data [b] to the base points gt and ht of the mapping group through bilinear mapping (the fourth conversion result).
具体地,根据以下公式进行转换:Specifically, the conversion is performed according to the following formula:
e([b],g)=e(g^b*h^y,g)=gt^b*ht^ye([b],g)=e(g^b*h^y,g)=gt^b*ht^y
S226,比较上述两个转换结果(第三转换结果和第四转换结果)是否相等。当第三转换结果和第四转换结果相等时,确认所述第二校验参数[b’]是通过所述第二加密数据[b]和所述第一证明参数p_α对应的秘密参数α生成。S226: Compare whether the above two conversion results (the third conversion result and the fourth conversion result) are equal. When the third conversion result and the fourth conversion result are equal, confirm that the second verification parameter [b'] is generated by the second encrypted data [b] and the secret parameter α corresponding to the first proof parameter p_α .
原理:通过同样的证明参数p_α可以证明第一校验参数[a’]和第二校验参数[b’]是通过同样的秘密数据更改所述第一加密数据[a]和所述第二加密数据[b]生成的。Principle: Through the same proof parameter p_α, it can be proved that the first verification parameter [a'] and the second verification parameter [b'] are changed by the same secret data to the first encrypted data [a] and the second Encrypted data [b] generated.
回到图2,步骤S23,第二参与方根据所述证明参数检验所述第四校验参数v12是否也通过同样的秘密数据在映射群基点ht上生成。Returning to FIG. 2, in step S23, the second participant checks whether the fourth verification parameter v12 is also generated on the base point ht of the mapping group through the same secret data according to the certification parameter.
具体地,要求比对参与方可以通过双线性映射和所述第一证明参数p_α检验所述第四校验参数v12是否也是通过和所述第一证明参数p_α对应的秘密参数α生成的(与生成第一校验参数[a’]和第二校验参数[b’]的秘密数据相同)。其中,根据以下公式进行映射:Specifically, it is required that the comparison participant can verify whether the fourth verification parameter v12 is also generated by the secret parameter α corresponding to the first certification parameter p_α through the bilinear mapping and the first certification parameter p_α ( It is the same as generating the secret data of the first verification parameter [a'] and the second verification parameter [b']). Among them, the mapping is performed according to the following formula:
e(v12,p_α)=e(h^α,g^α -1)=ht e(v12,p_α)=e(h^α,g^α -1 )=ht
如果映射得到的结果为映射群基点ht,则检验通过(即所述第四校验参数v12也是通过和所述第一证明参数p_α对应的秘密参数α生成的)。If the result of the mapping is the base point ht of the mapping group, the verification is passed (that is, the fourth verification parameter v12 is also generated by the secret parameter α corresponding to the first proof parameter p_α).
原理:通过同样的证明参数p_α可以证明第四校验参数v12是使用与生成第一校验参数[a’]和第二校验参数[b’]相同的秘密数据生成的。Principle: Through the same proof parameter p_α, it can be proved that the fourth verification parameter v12 is generated using the same secret data as the first verification parameter [a'] and the second verification parameter [b'].
S24,第二参与方根据所述证明参数检验所述第三校验参数v11是否也通过同样的秘密数据在映射群基点ht上生成。S24: The second participant checks whether the third verification parameter v11 is also generated on the base point ht of the mapping group through the same secret data according to the certification parameter.
具体地,参阅图4所示,为步骤S24的细化流程图。要求比对参与方根据第二证明参数ht_sig和第三证明参数gt_sig,可以通过以下步骤检验所述第三校验参数v11是否为第一密钥x和秘密参数α的乘积在映射群基点ht上生成的:Specifically, refer to FIG. 4, which is a detailed flowchart of step S24. According to the second certification parameter ht_sig and the third certification parameter gt_sig, the participants in the comparison are required to check whether the third verification parameter v11 is the product of the first key x and the secret parameter α on the base point ht of the mapping group by the following steps Generated:
S241,根据第一校验参数[a’]和第三校验参数v11找出与第三证明参数gt_sig对应的公钥gt_pk。S241: Find out the public key gt_pk corresponding to the third certification parameter gt_sig according to the first verification parameter [a'] and the third verification parameter v11.
具体公式如下:The specific formula is as follows:
gt_pk=e([a’],g)/v11gt_pk=e([a’],g)/v11
=e(g^aα*h^xα,g)/ht^xα=e(g^aα*h^xα,g)/ht^xα
=gt^aα*ht^xα/ht^xα=gt^aα*ht^xα/ht^xα
=gt^aα=gt^aα
S242,通过数字签名验签方法分别检验第二证明参数ht_sig是否为与第三校验参数v11对应的密钥的数字签名(这里v11作为公钥,xα是对应私钥),及第三证明参数gt_sig是否为与公钥gt_pk对应的密钥的数字签名。S242: Check whether the second certification parameter ht_sig is the digital signature of the key corresponding to the third verification parameter v11 (here v11 is the public key, and xα is the corresponding private key), and the third certification parameter is checked by the digital signature verification method. Whether gt_sig is the digital signature of the key corresponding to the public key gt_pk.
S243,当上述两项检验结果均为是时,对第三校验参数v11检验通过(即所述第三校验参数v11是第一密钥x和秘密参数α的乘积在映射群基点ht上生成的)。S243: When the above two check results are both yes, the third check parameter v11 is checked (that is, the third check parameter v11 is the product of the first key x and the secret parameter α on the base point ht of the mapping group Generated).
原理:如果第三校验参数v11不是通过密钥xα在映射群基点ht上生成的,则根据离散对数复杂问题无法找到满足以下条件的?数值,也就无法提供第三证明参数gt_sig。Principle: If the third verification parameter v11 is not generated at the base point ht of the mapping group by the key xα, then according to the discrete logarithm complex problem, it is impossible to find the one that satisfies the following conditions? Value, the third proof parameter gt_sig cannot be provided.
gt^?*ht^(xα+λ)==gt^aα*ht^xαgt^? *ht^(xα+λ)==gt^aα*ht^xα
其中,λ代表对密钥xα的篡改附加值。Among them, λ represents the additional value of tampering with the key xα.
本申请实施例中,提供比对参与方除了提供校验参数来促使要求比对参与方可以比对第一原始数据a和第二原始数据b是否相等以外,还提供另外一组证明参数,通过证明校验参数和加密数据之间的绑定关系以及证明几个校验参数之间的绑定关系,来证明校验参数的正确性。如果校验参数没有按照规定生成,则提供比对参与方(或任何提供校验参数的参与方)无法创建出所述证明参数。本申请实施例可以避免提供比对参与方(或任何提供校验参数的参与方)提供虚假的校验参数,以保障要求比对参与方顺利进行加密数据对等关系比对,提升比对结果的准确性。In the embodiment of this application, in addition to providing verification parameters to prompt the comparison participants to compare whether the first original data a and the second original data b are equal, they also provide another set of proof parameters. Prove the binding relationship between the verification parameter and the encrypted data and prove the binding relationship between several verification parameters to prove the correctness of the verification parameters. If the verification parameter is not generated in accordance with the regulations, the participant providing the comparison (or any participant providing the verification parameter) cannot create the certification parameter. This embodiment of the application can avoid providing comparison participants (or any participant providing verification parameters) to provide false verification parameters, so as to ensure that the comparison participants are required to perform encrypted data peer-to-peer relationship comparisons and improve the comparison results Accuracy.
本申请还提出一种电子设备。参照图5所示,为本申请电子设备较佳实施例的示意图。This application also proposes an electronic device. Refer to FIG. 5, which is a schematic diagram of a preferred embodiment of the electronic device of this application.
在本实施例中,电子设备1适用于上述加密数据对等关系参数检验方法,该电子设备1包括:存储器11、处理器12及网络接口13。In this embodiment, the electronic device 1 is applicable to the above-mentioned encryption data peer relationship parameter verification method. The electronic device 1 includes a memory 11, a processor 12, and a network interface 13.
其中,存储器11至少包括一种类型的可读存储介质,所述可读存储介质包括闪存、硬盘、多媒体卡、卡型存储器(例如,SD或DX存储器等)、磁性存储器、磁盘、光盘等。存储器11在一些实施例中可以是所述电子设备1的内部存储单元,例如该电子设备1的硬盘。存储器11在另一些实施例中也可以是所述电子设备1的外部存储设备,例如该电子设备1上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。进一步地,存储器11还可以既包括该电子设备1的内部存储单元也包括外部存储设备。The memory 11 includes at least one type of readable storage medium, and the readable storage medium includes flash memory, hard disk, multimedia card, card-type memory (for example, SD or DX memory, etc.), magnetic memory, magnetic disk, optical disk, and the like. The memory 11 may be an internal storage unit of the electronic device 1 in some embodiments, such as a hard disk of the electronic device 1. In other embodiments, the memory 11 may also be an external storage device of the electronic device 1, such as a plug-in hard disk, a smart media card (SMC), and a secure digital (Secure Digital) equipped on the electronic device 1. , SD) card, flash card (Flash Card), etc. Further, the memory 11 may also include both an internal storage unit of the electronic device 1 and an external storage device.
存储器11不仅可以用于存储安装于该电子设备1的应用软件及各类数据,例如,与所述加密数据对等关系参数检验方法对应的加密数据对等关系参数检验系统10的程序代码等,还可以用于暂时地存储已经输出或者将要输出的数据。The memory 11 can not only be used to store application software and various data installed in the electronic device 1, for example, the program code of the encrypted data peer relationship parameter verification system 10 corresponding to the encrypted data peer relationship parameter verification method, etc., It can also be used to temporarily store data that has been output or will be output.
处理器12在一些实施例中可以是一中央处理器(Central Processing Unit,CPU)、控制器、微控制器、微处理器或其他数据处理芯片,用于运行存储器11中存储的程序代码或处理数据,例如,与所述加密数据对等关系参数检验方法对应的加密数据对等关系参数检验系统10的程序代码等。In some embodiments, the processor 12 may be a central processing unit (CPU), controller, microcontroller, microprocessor, or other data processing chip, for running program codes or processing stored in the memory 11 Data, for example, the program code of the encrypted data peer relationship parameter verification system 10 corresponding to the encrypted data peer relationship parameter verification method.
网络接口13可选的可以包括标准的有线接口、无线接口(如WI-FI接口),通常用于在该电子设备1与其他电子设备之间建立通信连接。电子设备1的组件11-13通过通信总线相互通信。The network interface 13 may optionally include a standard wired interface and a wireless interface (such as a WI-FI interface), and is generally used to establish a communication connection between the electronic device 1 and other electronic devices. The components 11-13 of the electronic device 1 communicate with each other via a communication bus.
图5仅示出了具有组件11-13的电子设备1,本领域技术人员可以理解的是,图5示出的结构并不构成对电子设备1的限定,可以包括比图示更少或者更多的部件,或者组合某些部件,或者不同的部件布置。FIG. 5 only shows the electronic device 1 with components 11-13. Those skilled in the art can understand that the structure shown in FIG. 5 does not constitute a limitation on the electronic device 1, and may include less or more Multiple components, or a combination of certain components, or different component arrangements.
本申请之电子设备的具体实施方式与上述加密数据对等关系参数检验方法的具体实施方式大致相同,在此不再赘述。The specific implementation of the electronic device of the present application is substantially the same as the specific implementation of the above-mentioned encryption data peer relationship parameter verification method, and will not be repeated here.
此外,本申请实施例还提出一种加密数据对等关系参数检验装置。In addition, the embodiment of the present application also proposes a device for verifying the peer relationship parameter of encrypted data.
参照图6所示,为本申请加密数据对等关系参数检验装置较佳实施例的模块示意图。Referring to FIG. 6, it is a schematic diagram of modules of a preferred embodiment of an apparatus for verifying a peer relationship parameter of encrypted data according to this application.
本实施例所述加密数据对等关系参数检验装置2根据实现的功能可以包括:模块210-模块220。所述模块也可以称之为单元,是指一种能够被电子设备处理器所执行,并且能够完成固定功能的一系列计算机程序段,其存储在电子设备的存储器中。The device 2 for verifying the encrypted data peer relationship parameter in this embodiment may include: a module 210-module 220 according to the realized function. The module can also be called a unit, which refers to a series of computer program segments that can be executed by the processor of the electronic device and can complete fixed functions, and are stored in the memory of the electronic device.
在本申请加密数据对等关系参数检验装置2的一实施例中,关于各模块/单元的功能如下:In an embodiment of the device 2 for verifying the peer relationship parameter of encrypted data of the present application, the functions of each module/unit are as follows:
接收模块210,用于第一参与方在收到第二参与方发起的加密数据比对请求后,向第二参与方提供校验参数和证明参数,其中,所述第一参与方为提供比对参与方,利用第一密钥x对第一原始数据a加密后得到第一加密数据[a];所述第二参与方为要求比对参与方,利用第二密钥y对第二原始数据b加密后得到第二加密数据[b];所述校验参数由所述第一参与方根据所述第一加密数据[a]、所述第二加密数据[b]和秘密数据生成,用于使所述第二参与方比对第一原始数据a和第二原始数据b是否相等;及The receiving module 210 is used for the first participant to provide verification parameters and certification parameters to the second participant after receiving the encrypted data comparison request initiated by the second participant, wherein the first participant provides the comparison For the participant, use the first key x to encrypt the first original data a and obtain the first encrypted data [a]; The data b is encrypted to obtain the second encrypted data [b]; the verification parameter is generated by the first participant according to the first encrypted data [a], the second encrypted data [b] and the secret data, Used to enable the second participant to compare whether the first original data a and the second original data b are equal; and
检验模块220,用于所述第二参与方根据所述证明参数检验所述校验参数是否根据所述秘密数据生成。The verification module 220 is used for the second participant to verify, according to the certification parameter, whether the verification parameter is generated according to the secret data.
所述模块210-220所实现的功能或操作步骤均与上文类似,此处不再详述。The functions or operation steps implemented by the modules 210-220 are similar to the above, and will not be described in detail here.
此外,本申请实施例还提出一种计算机可读存储介质,所述计算机刻度存储介质可以是非易失性,也可以是易失性。所述计算机可读存储介质中包括与所述加密数据对等关系参数检验方法对应的加密数据对等关系参数检验系统10的程序代码,所述与所述加密数据对等关系参数检验方法对应的加密数据对等关系参数检验系统10的程序代码被处理器执行时实现如所述加密数据对等关系参数检验方法的步骤。In addition, the embodiment of the present application also proposes a computer-readable storage medium, and the computer scale storage medium may be non-volatile or volatile. The computer-readable storage medium includes the program code of the encrypted data peer relationship parameter verification system 10 corresponding to the encrypted data peer relationship parameter verification method, and the program code corresponding to the encrypted data peer relationship parameter verification method When the program code of the encrypted data peer relationship parameter verification system 10 is executed by the processor, the steps of the encrypted data peer relationship parameter verification method are implemented.
本申请之计算机可读存储介质的具体实施方式与上述加密数据对等关系参数检验方法的具体实施方式大致相同,在此不再赘述。The specific implementation of the computer-readable storage medium of the present application is substantially the same as the specific implementation of the above-mentioned encryption data peer relationship parameter verification method, and will not be repeated here.
上述本申请实施例序号仅仅为了描述,不代表实施例的优劣。The serial numbers of the foregoing embodiments of the present application are for description only, and do not represent the superiority or inferiority of the embodiments.
需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、装置、物品或者方法不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、装置、物品或者方法所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、装置、物品或者方法中还存在另外的相同要素。It should be noted that in this article, the terms "include", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, device, article or method including a series of elements not only includes those elements, It also includes other elements not explicitly listed, or elements inherent to the process, device, article, or method. If there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other identical elements in the process, device, article, or method that includes the element.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在如上所述的一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,或者网络设备等)执行本申请各个实施例所述的方法。Through the description of the above implementation manners, those skilled in the art can clearly understand that the above-mentioned embodiment method can be implemented by means of software plus the necessary general hardware platform, of course, it can also be implemented by hardware, but in many cases the former is better.的实施方式。 Based on this understanding, the technical solution of this application essentially or the part that contributes to the existing technology can be embodied in the form of a software product, and the computer software product is stored in a storage medium (such as ROM/RAM) as described above. , Magnetic disk, optical disk), including several instructions to make a terminal device (can be a mobile phone, a computer, a server, or a network device, etc.) execute the method described in each embodiment of the present application.
以上仅为本申请的优选实施例,并非因此限制本申请的专利范围,凡是利用本申请说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其它相关的技术领域,均同理包括在本申请的专利保护范围内。The above are only the preferred embodiments of the application, and do not limit the scope of the patent for this application. Any equivalent structure or equivalent process transformation made using the content of the description and drawings of the application, or directly or indirectly applied to other related technical fields , The same reason is included in the scope of patent protection of this application.

Claims (20)

  1. 一种加密数据对等关系参数检验方法,其中,该方法包括:A method for verifying peer-to-peer relationship parameters of encrypted data, wherein the method includes:
    第一参与方在收到第二参与方发起的加密数据比对请求后,向第二参与方提供校验参数和证明参数,其中,所述第一参与方为提供比对参与方,利用第一密钥x对第一原始数据a加密后得到第一加密数据[a];所述第二参与方为要求比对参与方,利用第二密钥y对第二原始数据b加密后得到第二加密数据[b];所述校验参数由所述第一参与方根据所述第一加密数据[a]、所述第二加密数据[b]和秘密数据生成,用于使所述第二参与方比对第一原始数据a和第二原始数据b是否相等;及After receiving the encrypted data comparison request initiated by the second participant, the first participant provides verification parameters and certification parameters to the second participant. A key x encrypts the first original data a to obtain the first encrypted data [a]; the second participant is a participant that requires comparison, and the second original data b is encrypted with the second key y to obtain the first encrypted data [a]; Second encrypted data [b]; the verification parameter is generated by the first participant according to the first encrypted data [a], the second encrypted data [b] and the secret data, and is used to make the first encrypted data [b] The two participants compare whether the first original data a and the second original data b are equal; and
    所述第二参与方根据所述证明参数检验所述校验参数是否根据所述秘密数据生成。The second participant checks whether the verification parameter is generated according to the secret data according to the certification parameter.
  2. 根据权利要求1所述的加密数据对等关系参数检验方法,其中,所述秘密数据包括所述第一密钥x和秘密参数α,所述秘密参数α由所述第一参与方随机生成。The method for verifying the peer relationship parameter of encrypted data according to claim 1, wherein the secret data includes the first key x and a secret parameter α, and the secret parameter α is randomly generated by the first participant.
  3. 根据权利要求2所述的加密数据对等关系参数检验方法,其中,所述校验参数包括第一校验参数[a’]、第二校验参数[b’]、第三校验参数v11和第四校验参数v12,其中:The method for verifying the peer relationship parameter of encrypted data according to claim 2, wherein the verification parameter includes a first verification parameter [a'], a second verification parameter [b'], and a third verification parameter v11 And the fourth verification parameter v12, where:
    所述第一校验参数[a’]通过所述第一加密数据[a]和所述秘密参数α生成,[a’]=g^aα*h^xα;The first verification parameter [a'] is generated from the first encrypted data [a] and the secret parameter α, [a']=g^aα*h^xα;
    所述第二校验参数[b’]通过所述第二加密数据[b]和所述秘密参数α生成,[b’]=g^bα*h^yα;The second verification parameter [b'] is generated from the second encrypted data [b] and the secret parameter α, [b']=g^bα*h^yα;
    所述第三校验参数v11通过所述第一密钥x和所述秘密参数α在映射群基点ht上生成,同时也是对应密钥xα的公钥,v11=ht^xα;The third verification parameter v11 is generated on the base point ht of the mapping group through the first key x and the secret parameter α, and is also the public key of the corresponding key xα, v11=ht^xα;
    所述第四校验参数v12通过所述秘密参数α在原始群基点h上生成,v12=h^α。The fourth verification parameter v12 is generated on the original group base point h through the secret parameter α, v12=h^α.
  4. 根据权利要求2所述的加密数据对等关系参数检验方法,其中,所述证明参数包括第一证明参数p_α、第二证明参数ht_sig和第三证明参数gt_sig,其中:The method for verifying peer-to-peer relationship parameters of encrypted data according to claim 2, wherein the attestation parameter includes a first attestation parameter p_α, a second attestation parameter ht_sig, and a third attestation parameter gt_sig, wherein:
    所述第一证明参数数p_α通过所述秘密参数α生成,p_α=g^α -1The first proof parameter number p_α is generated by the secret parameter α, p_α=g^α -1 ;
    所述第二证明参数ht_sig为与公钥ht^xα对应的密钥xα在映射群基点ht对应的数字签名;The second proof parameter ht_sig is a digital signature corresponding to the key xα corresponding to the public key ht^xα at the base point ht of the mapping group;
    所述第三证明参数gt_sig为与公钥gt^aα对应的密钥aα在映射群基点gt对应的数字签名。The third certification parameter gt_sig is a digital signature corresponding to the key aα corresponding to the public key gt^aα at the base point gt of the mapping group.
  5. 根据权利要求3或4所述的加密数据对等关系参数检验方法,其中,所述第二参与方根据所述证明参数检验所述校验参数是否根据所述秘密数据生成的步骤包括:The method for verifying the peer relationship parameter of encrypted data according to claim 3 or 4, wherein the step of the second participant verifying whether the verification parameter is generated based on the secret data according to the certification parameter comprises:
    所述第二参与方根据所述证明参数检验所述第一校验参数[a’]和所述第二校验参数[b’]是否通过同样的秘密数据更改所述第一加密数据[a]和所述第二加密数据[b]生成;The second participant checks whether the first verification parameter [a'] and the second verification parameter [b'] are changed by the same secret data according to the certification parameter. ] And the second encrypted data [b] are generated;
    所述第二参与方根据所述证明参数检验所述第四校验参数v12是否也通过同样的所述秘密数据在映射群基点ht上生成;及The second participant checks whether the fourth verification parameter v12 is also generated on the base point ht of the mapping group through the same secret data according to the certification parameter; and
    所述第二参与方根据所述证明参数检验所述第三校验参数v11是否也通过同样的所述秘密数据在映射群基点ht上生成。The second participant checks whether the third verification parameter v11 is also generated on the base point ht of the mapping group through the same secret data according to the certification parameter.
  6. 根据权利要求5所述的加密数据对等关系参数检验方法,其中,所述第二参与方根据所述证明参数检验所述第一校验参数[a’]和所述第二校验参数[b’]是否通过同样的所述秘密数据更改所述第一加密数据[a]和所述第二加密数据[b]生成的步骤包括:The method for verifying the peer relationship parameter of encrypted data according to claim 5, wherein the second participant verifies the first verification parameter [a'] and the second verification parameter [ b'] Whether to modify the first encrypted data [a] and the second encrypted data [b] through the same secret data, the steps for generating include:
    通过双线性映射和所述第一证明参数p_α,将所述第一校验参数[a’]转换回所述第一加密数据[a]在映射群基点gt和ht上的数值,得到第一转换结果;Through bilinear mapping and the first proof parameter p_α, the first verification parameter [a'] is converted back to the value of the first encrypted data [a] at the base points gt and ht of the mapping group to obtain the first verification parameter [a'] A conversion result;
    通过双线性映射将所述第一加密数据[a]转换到映射群基点gt和ht上,得到第二转换结果;Convert the first encrypted data [a] to the base points gt and ht of the mapping group by bilinear mapping to obtain a second conversion result;
    比较所述第一转换结果和所述第二转换结果是否相等;Comparing whether the first conversion result and the second conversion result are equal;
    当所述第一转换结果和所述第二转换结果相等时,确认所述第一校验参数[a’]是通过所述第一加密数据[a]和所述秘密参数α生成;When the first conversion result and the second conversion result are equal, confirm that the first verification parameter [a'] is generated from the first encrypted data [a] and the secret parameter α;
    通过双线性映射和所述第一证明参数p_α,将所述第二校验参数[b’]转换回所述第二加密数据[b]在映射群基点gt和ht上的数值,得到第三转换结果;Through bilinear mapping and the first proof parameter p_α, the second verification parameter [b'] is converted back to the value of the second encrypted data [b] at the base points gt and ht of the mapping group to obtain the first Three conversion results;
    通过双线性映射将所述第二加密数据[b]转换到映射群基点gt和ht上,得到第四转换结果;Convert the second encrypted data [b] to the base points gt and ht of the mapping group through bilinear mapping to obtain a fourth conversion result;
    比较所述第三转换结果和所述第四转换结果是否相等;Comparing whether the third conversion result and the fourth conversion result are equal;
    当所述第三转换结果和所述第四转换结果相等时,确认所述第二校验参数[b’]是通过所述第二加密数据[b]和所述秘密参数α生成。When the third conversion result and the fourth conversion result are equal, it is confirmed that the second verification parameter [b'] is generated from the second encrypted data [b] and the secret parameter α.
  7. 根据权利要求5所述的加密数据对等关系参数检验方法,其中,所述第二参与方根据所述证明参数检验所述第四校验参数v12是否也通过同样的所述秘密数据在映射群基点ht上生成的步骤包括:The method for verifying the peer relationship parameter of encrypted data according to claim 5, wherein the second participant verifies whether the fourth verification parameter v12 also passes the same secret data in the mapping group according to the certification parameter. The steps generated on the base point ht include:
    通过双线性映射和所述第一证明参数p_α检验所述第四校验参数v12是否也是通过所述秘密参数α生成的,其中,如果对所述第四校验参数v12映射得到的结果为映射群基点ht,则检验通过。It is verified by bilinear mapping and the first proof parameter p_α whether the fourth verification parameter v12 is also generated by the secret parameter α, wherein if the result obtained by mapping the fourth verification parameter v12 is Mapping the group base point ht, the test passes.
  8. 根据权利要求5所述的加密数据对等关系参数检验方法,其中,所述第二参与方根据所述证明参数检验所述第三校验参数v11是否也通过同样的所述秘密数据在映射群基点ht上生成的步骤包括:The method for verifying the peer relationship parameter of encrypted data according to claim 5, wherein the second participant verifies whether the third verification parameter v11 also passes the same secret data in the mapping group according to the certification parameter. The steps generated on the base point ht include:
    根据所述第一校验参数[a’]和所述第三校验参数v11找出与所述第三证明参数gt_sig对应的公钥gt_pk;Finding out the public key gt_pk corresponding to the third certification parameter gt_sig according to the first verification parameter [a'] and the third verification parameter v11;
    通过数字签名验签方法分别检验所述第二证明参数ht_sig是否为与所述第三校验参数v11对应的密钥的数字签名,及所述第三证明参数gt_sig是否为与所述公钥gt_pk对应的密钥的数字签名;Check whether the second certification parameter ht_sig is the digital signature of the key corresponding to the third verification parameter v11, and whether the third certification parameter gt_sig is the same as the public key gt_pk through the digital signature verification method. The digital signature of the corresponding key;
    当上述两项检验结果均为是时,对所述第三校验参数v11检验通过。When the results of the above two inspections are both yes, the inspection of the third verification parameter v11 is passed.
  9. 一种电子设备,其中,所述设备包括存储器、处理器,所述存储器上存储有可在所述处理器上运行的加密数据对等关系参数检验系统,所述加密数据对等关系参数检验系统被所述处理器执行时实现如下步骤:An electronic device, wherein the device includes a memory and a processor, and an encrypted data peer relationship parameter verification system that can run on the processor is stored in the memory, and the encrypted data peer relationship parameter verification system When executed by the processor, the following steps are implemented:
    第一参与方在收到第二参与方发起的加密数据比对请求后,向第二参与方提供校验参数和证明参数,其中,所述第一参与方为提供比对参与方,利用第一密钥x对第一原始数据a加密后得到第一加密数据[a];所述第二参与方为要求比对参与方,利用第二密钥y对第二原始数据b加密后得到第二加密数据[b];所述校验参数由所述第一参与方根据所述第一加密数据[a]、所述第二加密数据[b]和秘密数据生成,用于使所述第二参与方比对第一原始数据a和第二原始数据b是否相等;及After receiving the encrypted data comparison request initiated by the second participant, the first participant provides verification parameters and certification parameters to the second participant. A key x encrypts the first original data a to obtain the first encrypted data [a]; the second participant is a participant that requires comparison, and the second original data b is encrypted with the second key y to obtain the first encrypted data [a]; Second encrypted data [b]; the verification parameter is generated by the first participant according to the first encrypted data [a], the second encrypted data [b] and the secret data, and is used to make the first encrypted data [b] The two participants compare whether the first original data a and the second original data b are equal; and
    所述第二参与方根据所述证明参数检验所述校验参数是否根据所述秘密数据生成。The second participant checks whether the verification parameter is generated according to the secret data according to the certification parameter.
  10. 根据权利要求9所述的电子设备,其中,所述秘密数据包括所述第一密钥x和秘密参数α,所述秘密参数α由所述第一参与方随机生成。The electronic device according to claim 9, wherein the secret data includes the first key x and a secret parameter α, and the secret parameter α is randomly generated by the first participant.
  11. 根据权利要求10所述的电子设备,其中,所述校验参数包括第一校验参数[a’]、第二校验参数[b’]、第三校验参数v11和第四校验参数v12,其中:The electronic device according to claim 10, wherein the verification parameter comprises a first verification parameter [a'], a second verification parameter [b'], a third verification parameter v11, and a fourth verification parameter v12, where:
    所述第一校验参数[a’]通过所述第一加密数据[a]和所述秘密参数α生成,[a’]=g^aα*h^xα;The first verification parameter [a'] is generated from the first encrypted data [a] and the secret parameter α, [a']=g^aα*h^xα;
    所述第二校验参数[b’]通过所述第二加密数据[b]和所述秘密参数α生成,[b’]=g^bα*h^yα;The second verification parameter [b'] is generated from the second encrypted data [b] and the secret parameter α, [b']=g^bα*h^yα;
    所述第三校验参数v11通过所述第一密钥x和所述秘密参数α在映射群基点ht上生成,同时也是对应密钥xα的公钥,v11=ht^xα;The third verification parameter v11 is generated on the base point ht of the mapping group through the first key x and the secret parameter α, and is also the public key of the corresponding key xα, v11=ht^xα;
    所述第四校验参数v12通过所述秘密参数α在原始群基点h上生成,v12=h^α。The fourth verification parameter v12 is generated on the original group base point h through the secret parameter α, v12=h^α.
  12. 根据权利要求10所述的电子设备,其中,所述证明参数包括第一证明参数p_α、第二证明参数ht_sig和第三证明参数gt_sig,其中:The electronic device according to claim 10, wherein the certification parameter includes a first certification parameter p_α, a second certification parameter ht_sig, and a third certification parameter gt_sig, wherein:
    所述第一证明参数数p_α通过所述秘密参数α生成,p_α=g^α -1The first proof parameter number p_α is generated by the secret parameter α, p_α=g^α -1 ;
    所述第二证明参数ht_sig为与公钥ht^xα对应的密钥xα在映射群基点ht对应的数字签名;The second proof parameter ht_sig is a digital signature corresponding to the key xα corresponding to the public key ht^xα at the base point ht of the mapping group;
    所述第三证明参数gt_sig为与公钥gt^aα对应的密钥aα在映射群基点gt对应的数字签名。The third certification parameter gt_sig is a digital signature corresponding to the key aα corresponding to the public key gt^aα at the base point gt of the mapping group.
  13. 根据权利要求11或12所述的电子设备,其中,所述第二参与方根据所述证明参数检验所述校验参数是否根据所述秘密数据生成的步骤包括:The electronic device according to claim 11 or 12, wherein the step of the second participant checking whether the verification parameter is generated according to the secret data according to the certification parameter comprises:
    所述第二参与方根据所述证明参数检验所述第一校验参数[a’]和所述第二校验参数[b’]是否通过同样的秘密数据更改所述第一加密数据[a]和所述第二加密数据[b]生成;The second participant checks whether the first verification parameter [a'] and the second verification parameter [b'] are changed by the same secret data according to the certification parameter. ] And the second encrypted data [b] are generated;
    所述第二参与方根据所述证明参数检验所述第四校验参数v12是否也通过同样的所述秘密数据在映射群基点ht上生成;及The second participant checks whether the fourth verification parameter v12 is also generated on the base point ht of the mapping group through the same secret data according to the certification parameter; and
    所述第二参与方根据所述证明参数检验所述第三校验参数v11是否也通过同样的所述秘密数据在映射群基点ht上生成。The second participant checks whether the third verification parameter v11 is also generated on the base point ht of the mapping group through the same secret data according to the certification parameter.
  14. 根据权利要求13所述的电子设备,其中,所述第二参与方根据所述证明参数检验所述第一校验参数[a’]和所述第二校验参数[b’]是否通过同样的所述秘密数据更改所述第一加密数据[a]和所述第二加密数据[b]生成的步骤包括:The electronic device according to claim 13, wherein the second participant checks whether the first verification parameter [a'] and the second verification parameter [b'] pass the same verification according to the certification parameter. The steps of generating the secret data to modify the first encrypted data [a] and the second encrypted data [b] include:
    通过双线性映射和所述第一证明参数p_α,将所述第一校验参数[a’]转换回所述第一加密数据[a]在映射群基点gt和ht上的数值,得到第一转换结果;Through bilinear mapping and the first proof parameter p_α, the first verification parameter [a'] is converted back to the value of the first encrypted data [a] at the base points gt and ht of the mapping group to obtain the first A conversion result;
    通过双线性映射将所述第一加密数据[a]转换到映射群基点gt和ht上,得到第二转换结果;Convert the first encrypted data [a] to the base points gt and ht of the mapping group by bilinear mapping to obtain a second conversion result;
    比较所述第一转换结果和所述第二转换结果是否相等;Comparing whether the first conversion result and the second conversion result are equal;
    当所述第一转换结果和所述第二转换结果相等时,确认所述第一校验参数[a’]是通过所述第一加密数据[a]和所述秘密参数α生成;When the first conversion result and the second conversion result are equal, confirm that the first verification parameter [a'] is generated from the first encrypted data [a] and the secret parameter α;
    通过双线性映射和所述第一证明参数p_α,将所述第二校验参数[b’]转换回所述第二加密数据[b]在映射群基点gt和ht上的数值,得到第三转换结果;Through bilinear mapping and the first proof parameter p_α, the second verification parameter [b'] is converted back to the value of the second encrypted data [b] at the base points gt and ht of the mapping group to obtain the first Three conversion results;
    通过双线性映射将所述第二加密数据[b]转换到映射群基点gt和ht上,得到第四转换结果;Convert the second encrypted data [b] to the base points gt and ht of the mapping group through bilinear mapping to obtain a fourth conversion result;
    比较所述第三转换结果和所述第四转换结果是否相等;Comparing whether the third conversion result and the fourth conversion result are equal;
    当所述第三转换结果和所述第四转换结果相等时,确认所述第二校验参数[b’]是通过所述第二加密数据[b]和所述秘密参数α生成。When the third conversion result and the fourth conversion result are equal, it is confirmed that the second verification parameter [b'] is generated from the second encrypted data [b] and the secret parameter α.
  15. 根据权利要求13所述的电子设备,其中,所述第二参与方根据所述证明参数检验所述第四校验参数v12是否也通过同样的所述秘密数据在映射群基点ht上生成的步骤包括:The electronic device according to claim 13, wherein the second participant checks whether the fourth verification parameter v12 is also generated on the base point ht of the mapping group by the same secret data according to the certification parameter include:
    通过双线性映射和所述第一证明参数p_α检验所述第四校验参数v12是否也是通过所述秘密参数α生成的,其中,如果对所述第四校验参数v12映射得到的结果为映射群基点ht,则检验通过。It is verified by bilinear mapping and the first proof parameter p_α whether the fourth verification parameter v12 is also generated by the secret parameter α, wherein if the result obtained by mapping the fourth verification parameter v12 is Mapping the group base point ht, the test passes.
  16. 根据权利要求13所述的电子设备,其中,所述第二参与方根据所述证明参数检验所述第三校验参数v11是否也通过同样的所述秘密数据在映射群基点ht上生成的步骤包括:The electronic device according to claim 13, wherein the second participant checks whether the third verification parameter v11 is also generated on the base point ht of the mapping group by the same secret data according to the certification parameter include:
    根据所述第一校验参数[a’]和所述第三校验参数v11找出与所述第三证明参数gt_sig对应的公钥gt_pk;Finding out the public key gt_pk corresponding to the third certification parameter gt_sig according to the first verification parameter [a'] and the third verification parameter v11;
    通过数字签名验签方法分别检验所述第二证明参数ht_sig是否为与所述第三校验参数v11对应的密钥的数字签名,及所述第三证明参数gt_sig是否为与所述公钥gt_pk对应的密钥的数字签名;Check whether the second certification parameter ht_sig is the digital signature of the key corresponding to the third verification parameter v11, and whether the third certification parameter gt_sig is the same as the public key gt_pk through the digital signature verification method. The digital signature of the corresponding key;
    当上述两项检验结果均为是时,对所述第三校验参数v11检验通过。When the results of the above two inspections are both yes, the inspection of the third verification parameter v11 is passed.
  17. 一种加密数据对等关系参数检验装置,其中,该装置包括:An encryption data peer-to-peer relationship parameter verification device, wherein the device includes:
    接收模块,用于第一参与方在收到第二参与方发起的加密数据比对请求后,向第二参与方提供校验参数和证明参数,其中,所述第一参与方为提供比对参与方,利用第一密钥x对第一原始数据a加密后得到第一加密数据[a];所述第二参与方为要求比对参与方,利用第二密钥y对第二原始数据b加密后得到第二加密数据[b];所述校验参数由所述第一参与方根据所述第一加密数据[a]、所述第二加密数据[b]和秘密数据生成,用于使所述第二参与方比对第一原始数据a和第二原始数据b是否相等;及The receiving module is used for the first participant to provide verification parameters and certification parameters to the second participant after receiving the encrypted data comparison request initiated by the second participant, wherein the first participant provides the comparison The participant uses the first key x to encrypt the first original data a to obtain the first encrypted data [a]; the second participant is the participant who requires the comparison, and uses the second key y to perform b is encrypted to obtain the second encrypted data [b]; the verification parameter is generated by the first participant according to the first encrypted data [a], the second encrypted data [b], and the secret data, using To enable the second participant to compare whether the first original data a and the second original data b are equal; and
    检验模块,用于所述第二参与方根据所述证明参数检验所述校验参数是否根据所述秘密数据生成。The verification module is used for the second participant to verify, according to the certification parameter, whether the verification parameter is generated according to the secret data.
  18. 一种计算机可读存储介质,其中,所述计算机可读存储介质存储有加密数据对等关系参数检验系统,所述加密数据对等关系参数检验系统可被至少一个处理器执行,以使所述至少一个处理器执行如下步骤:A computer-readable storage medium, wherein the computer-readable storage medium stores an encrypted data peer-to-peer relationship parameter verification system, and the encrypted data peer-to-peer relationship parameter verification system can be executed by at least one processor to enable the At least one processor performs the following steps:
    第一参与方在收到第二参与方发起的加密数据比对请求后,向第二参与方提供校验参数和证明参数,其中,所述第一参与方为提供比对参与方,利用第一密钥x对第一原始数据a加密后得到第一加密数据[a];所述第二参与方为要求比对参与方,利用第二密钥y对第二原始数据b加密后得到第二加密数据[b];所述校验参数由所述第一参与方根据所述第一加密数据[a]、所述第二加密数据[b]和秘密数据生成,用于使所述第二参与方比对第一原始数据a和第二原始数据b是否相等;及After receiving the encrypted data comparison request initiated by the second participant, the first participant provides verification parameters and certification parameters to the second participant. A key x encrypts the first original data a to obtain the first encrypted data [a]; the second participant is a participant that requires comparison, and the second original data b is encrypted with the second key y to obtain the first encrypted data [a]; Second encrypted data [b]; the verification parameter is generated by the first participant according to the first encrypted data [a], the second encrypted data [b] and the secret data, and is used to make the first encrypted data [b] The two participants compare whether the first original data a and the second original data b are equal; and
    所述第二参与方根据所述证明参数检验所述校验参数是否根据所述秘密数据生成。The second participant checks whether the verification parameter is generated according to the secret data according to the certification parameter.
  19. 根据权利要求18所述的计算机可读存储介质,其中,所述秘密数据包括所述第一密钥x和秘密参数α,所述秘密参数α由所述第一参与方随机生成。The computer-readable storage medium according to claim 18, wherein the secret data includes the first key x and a secret parameter α, the secret parameter α being randomly generated by the first participant.
  20. 根据权利要求19所述的计算机可读存储介质,其中,所述校验参数包括第一校验参数[a’]、第二校验参数[b’]、第三校验参数v11和第四校验参数v12,其中:The computer-readable storage medium according to claim 19, wherein the verification parameter includes a first verification parameter [a'], a second verification parameter [b'], a third verification parameter v11, and a fourth verification parameter. Verification parameter v12, where:
    所述第一校验参数[a’]通过所述第一加密数据[a]和所述秘密参数α生成,[a’]=g^aα*h^xα;The first verification parameter [a'] is generated from the first encrypted data [a] and the secret parameter α, [a']=g^aα*h^xα;
    所述第二校验参数[b’]通过所述第二加密数据[b]和所述秘密参数α生成,[b’]=g^bα*h^yα;The second verification parameter [b'] is generated from the second encrypted data [b] and the secret parameter α, [b']=g^bα*h^yα;
    所述第三校验参数v11通过所述第一密钥x和所述秘密参数α在映射群基点ht上生成,同时也是对应密钥xα的公钥,v11=ht^xα;及The third verification parameter v11 is generated on the base point ht of the mapping group through the first key x and the secret parameter α, and is also the public key of the corresponding key xα, v11=ht^xα; and
    所述第四校验参数v12通过所述秘密参数α在原始群基点h上生成,v12=h^α。The fourth verification parameter v12 is generated on the original group base point h through the secret parameter α, v12=h^α.
PCT/CN2020/093525 2020-04-23 2020-05-29 Encrypted data peer-to-peer relationship parameter inspection method and apparatus, and device and storage medium WO2021212611A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010326385.6A CN111628865B (en) 2020-04-23 2020-04-23 Method and device for verifying peer-to-peer relation parameters of encrypted data and storage medium
CN202010326385.6 2020-04-23

Publications (1)

Publication Number Publication Date
WO2021212611A1 true WO2021212611A1 (en) 2021-10-28

Family

ID=72271643

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/093525 WO2021212611A1 (en) 2020-04-23 2020-05-29 Encrypted data peer-to-peer relationship parameter inspection method and apparatus, and device and storage medium

Country Status (2)

Country Link
CN (1) CN111628865B (en)
WO (1) WO2021212611A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110399735A (en) * 2019-06-21 2019-11-01 深圳壹账通智能科技有限公司 Encryption data size relation method of proof, device, equipment and storage medium
CN110912713A (en) * 2019-12-20 2020-03-24 支付宝(杭州)信息技术有限公司 Method and device for processing model data by combining multiple parties

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104967516B (en) * 2015-07-24 2018-04-24 四川理工学院 Multi-user's encryption data may compare encryption method and encryption data comparative approach
WO2018183915A1 (en) * 2017-03-30 2018-10-04 Arizona Board Of Regents On Behalf Of Northern Arizona University Encryption schemes with addressable elements
CN110224985B (en) * 2019-05-07 2022-07-08 平安科技(深圳)有限公司 Data processing method and related device
CN110505046B (en) * 2019-07-29 2020-11-24 深圳壹账通智能科技有限公司 Multi-data provider encrypted data cross-platform zero-knowledge verification method, device and medium

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110399735A (en) * 2019-06-21 2019-11-01 深圳壹账通智能科技有限公司 Encryption data size relation method of proof, device, equipment and storage medium
CN110912713A (en) * 2019-12-20 2020-03-24 支付宝(杭州)信息技术有限公司 Method and device for processing model data by combining multiple parties

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
LIU, WEN ET AL.: "Solution to SMP Based on Sliding Window and Commutation Encryption Function", COMPUTER ENGINEERING, vol. 33, no. 22, 20 November 2007 (2007-11-20), pages 163 - 165,171, XP55860930 *
SAHA TUSHAR KANTI, KOSHIBA TAKESHI: "Outsourcing private equality tests to the cloud", JOURNAL OF INFORMATION SECURITY AND APPLICATIONS, vol. 43, 1 December 2018 (2018-12-01), AMSTERDAM, NL , pages 83 - 98, XP055860935, ISSN: 2214-2126, DOI: 10.1016/j.jisa.2018.09.002 *

Also Published As

Publication number Publication date
CN111628865B (en) 2021-06-29
CN111628865A (en) 2020-09-04

Similar Documents

Publication Publication Date Title
WO2021238527A1 (en) Digital signature generation method and apparatus, computer device, and storage medium
WO2021017338A1 (en) Cross-platform zero knowledge verification method for encrypted data of multiple data providers and related device
US10382965B2 (en) Identity verification using computer-implemented decentralized ledger
CN110517147B (en) Transaction data processing method, device and system and computer readable storage medium
US9973491B2 (en) Determining an identity of a third-party user in an SAML implementation of a web-service
WO2021204273A1 (en) Asset type registration and transaction record verification
CN111835526B (en) Method and system for generating anonymous credential
JP6644195B1 (en) On the authenticated data Pinocchio / Torinokio
EP2608477A1 (en) Trusted certificate authority to create certificates based on capabilities of processes
CN111245626B (en) Zero knowledge proving method, device and storage medium
CN112311779B (en) Data access control method and device applied to block chain system
CN113435121B (en) Model training verification method, device, equipment and medium based on federal learning
CN104012036A (en) Combined digital certificate
WO2023206869A1 (en) Lattice-based proxy signature method, apparatus and device, lattice-based proxy signature verification method, apparatus and device, and storage medium
CN114760071B (en) Zero-knowledge proof based cross-domain digital certificate management method, system and medium
US20170207914A1 (en) Computer-readable recording medium, shared key generation method, and information processing terminal
Martinez Jurado et al. Applying assurance levels when issuing and verifying credentials using Trust Frameworks
CN112600677A (en) License verification method and system
WO2021196478A1 (en) Method for comparing equality relationship of encryption data, device, computer apparatus, and storage medium
WO2021212611A1 (en) Encrypted data peer-to-peer relationship parameter inspection method and apparatus, and device and storage medium
CN115277010A (en) Identity authentication method, system, computer device and storage medium
CN113326527A (en) Credible digital signature system and method based on block chain
CN116488816A (en) Data processing method, device and storage medium based on blockchain network
Yang et al. A minimal disclosure signature authentication scheme based on consortium blockchain
CN112385181B (en) Apparatus, method, and program for proving reliability of public key

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20932694

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 14/12/2022)

122 Ep: pct application non-entry in european phase

Ref document number: 20932694

Country of ref document: EP

Kind code of ref document: A1