WO2022068360A1 - Shared root key-based information processing method and apparatus, and device and medium - Google Patents

Shared root key-based information processing method and apparatus, and device and medium Download PDF

Info

Publication number
WO2022068360A1
WO2022068360A1 PCT/CN2021/109261 CN2021109261W WO2022068360A1 WO 2022068360 A1 WO2022068360 A1 WO 2022068360A1 CN 2021109261 W CN2021109261 W CN 2021109261W WO 2022068360 A1 WO2022068360 A1 WO 2022068360A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
sub
piece
institution
random number
Prior art date
Application number
PCT/CN2021/109261
Other languages
French (fr)
Chinese (zh)
Inventor
贾牧
谢丹力
陆陈一帆
Original Assignee
深圳壹账通智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳壹账通智能科技有限公司 filed Critical 深圳壹账通智能科技有限公司
Publication of WO2022068360A1 publication Critical patent/WO2022068360A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange

Definitions

  • the present application relates to the field of blockchain technology, and in particular, to an information processing method, apparatus, device and medium based on a shared root key.
  • the way of information interaction through the network is favored by a large number of users.
  • the increase in the number of users using the network leads to an increase in the amount of information generated, and a large amount of information needs to be stored.
  • the prescription for patients in hospital management Information such as circulation and patient management needs to be stored to facilitate subsequent traceability.
  • the inventor realized that the traditional information storage method is generally the local storage of the terminal, and this kind of information storage method has great risks.
  • the illegal terminal can easily obtain the locally stored information, resulting in the leakage of information, and the illegal user can store the locally stored information.
  • the information is tampered with, resulting in low information security, and when the local storage fails, the information cannot be retrieved, resulting in losses. Therefore, how to ensure the security of information in the process of information storage and prevent information leakage is an urgent problem to be solved.
  • the embodiments of the present application provide an information processing method, device, device, and medium based on a shared root key, which can encrypt information, improve information security, and prevent information leakage.
  • the embodiments of the present application provide an information processing method based on a shared root key, including:
  • each piece of adjusted sub-information obtain coordinate information corresponding to each of the at least two pieces of sub-information
  • the ciphertext of the coordinate information corresponding to each piece of sub-information is determined as the ciphertext of the target information, and the ciphertext of the target information is stored in the blockchain network.
  • the embodiments of the present application provide an information processing apparatus based on a shared root key, including:
  • the root key generation module is used to obtain the objective function used to describe the information, and the institution information corresponding to the institution to which the target information to be processed belongs, and generate the root key corresponding to the target information according to the institution information, and the institution information includes the At least one of the institution's confidentiality level, the institution's debt information, and the institution's profit information;
  • a sub-key generation module used for generating a key corresponding to each sub-information in the target information according to the root key, and the target information includes at least two sub-information;
  • an information adjustment module configured to obtain a first random number corresponding to each piece of sub-information, adjust each piece of sub-information according to the first random number, and obtain each piece of adjusted sub-information;
  • a coordinate obtaining module configured to obtain coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information according to the objective function and each piece of adjusted sub-information;
  • an information encryption module configured to encrypt the coordinate information of the corresponding sub-information in the at least two pieces of sub-information by using the key corresponding to each sub-information, and obtain the ciphertext of the coordinate information corresponding to each sub-information;
  • the information storage module is configured to determine the ciphertext of the coordinate information corresponding to each piece of sub-information as the ciphertext of the target information, and store the ciphertext of the target information in the blockchain network.
  • One aspect of the present application provides a computer device, including: a processor, a memory, and a network interface;
  • the above-mentioned processor is connected to a memory and a network interface, wherein the network interface is used to provide a data communication function, the above-mentioned memory is used to store a computer program, and the above-mentioned processor is used to call the above-mentioned computer program to execute the embodiment of the present application.
  • method which includes:
  • each piece of adjusted sub-information obtain coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information
  • the ciphertext of the coordinate information corresponding to each piece of sub-information is determined as the ciphertext of the target information, and the ciphertext of the target information is stored in the blockchain network.
  • An aspect of the embodiments of the present application provides a computer-readable storage medium, where the computer-readable storage medium stores a computer program, the computer program includes program instructions, and when executed by a processor, the program instructions cause the processor to execute the above-mentioned first step.
  • An information processing method based on a shared root key the method includes:
  • each piece of adjusted sub-information obtain coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information
  • the ciphertext of the coordinate information corresponding to each piece of sub-information is determined as the ciphertext of the target information, and the ciphertext of the target information is stored in the blockchain network.
  • the embodiment of the present application can improve the security of information; in addition, storing the ciphertext of the target information in the blockchain network can reduce the resource occupation of the local storage space of the terminal.
  • FIG. 1 is a schematic flowchart of an information processing method based on a shared root key provided by an embodiment of the present application
  • FIG. 2 is a schematic flowchart of a method for adjusting each piece of sub-information provided by an embodiment of the present application
  • FIG. 3 is a schematic flowchart of an information processing method based on a shared root key provided by an embodiment of the present application
  • FIG. 4 is a schematic diagram of the composition and structure of an information processing apparatus based on a shared root key provided by an embodiment of the present application;
  • FIG. 5 is a schematic structural diagram of a computer device provided by an embodiment of the present application.
  • the blockchain involved in this application is a new application mode of computer technologies such as distributed data storage, point-to-point transmission (P2P transmission), consensus mechanism, and encryption algorithm.
  • each data block contains a batch of network transaction information, which is used to verify the validity of its information (anti-counterfeiting) and generate the next block.
  • the blockchain can include the underlying platform of the blockchain, the platform product service layer and the application service layer; the blockchain can be composed of multiple serial transaction records (also known as blocks) that are connected and protected by cryptography.
  • the distributed ledger connected by the blockchain allows multiple parties to effectively record the transaction, and the transaction can be permanently checked (it cannot be tampered with).
  • the consensus mechanism refers to the mathematical algorithm that realizes the establishment of trust between different nodes and the acquisition of rights and interests in the blockchain network; that is to say, the consensus mechanism is a mathematical algorithm recognized by all network nodes of the blockchain.
  • the technical solution of the present application is suitable for hospital management, that is, the target information may refer to information such as patient prescription circulation, patient management, etc., and the patient prescription circulation, patient management and other information can be obtained by encrypting the patient's prescription circulation, patient management and other information.
  • the ciphertext corresponding to the information, and the encrypted data is stored in the blockchain network, which is conducive to the management of information such as the circulation of patients' prescriptions and patient management, and improves the security of information managed by the hospital.
  • FIG. 1 is a schematic flowchart of an information processing method based on a shared root key provided by an embodiment of the present application.
  • the method is applied to a node in a blockchain network, and the node may be an independent physical server. , it can also be a server cluster or distributed system composed of multiple physical servers, or it can provide cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communications, middleware services, domain name services, security Services, Content Delivery Network (CDN), and cloud servers for basic cloud computing services such as big data and artificial intelligence platforms.
  • CDN Content Delivery Network
  • the node may refer to computer equipment, including mobile phones, tablet computers, notebook computers, PDAs, smart speakers, mobile internet devices (MID, mobile internet device), POS (Point Of Sales, point of sale) machines, wearable devices (such as smart watches, smart bracelets, etc.)
  • the method includes:
  • S101 Acquire an objective function for describing information and institution information corresponding to an institution to which the target information to be processed belongs, and generate a root key corresponding to the target information according to the institution information.
  • the objective function may refer to a function corresponding to an elliptic curve, and the objective function may also refer to a function corresponding to other curves.
  • the target information may refer to data such as transaction data, business data, and internal information of an institution.
  • the institution information corresponding to the institution to which the target information belongs includes at least one of the institution's confidentiality level, the institution's debt information, and the institution's profit information.
  • the root key corresponding to the target information can be generated according to the organization information, which can be based on the organization's confidentiality level, the organization's debt information and At least one of the profit information of the organization generates the root key corresponding to the target information.
  • the institution information corresponding to the institution to which the target information belongs includes the security level of the institution
  • the method for generating the root key corresponding to the target information according to the institution information may be: generating a second random number according to the security level of the institution to which the target information belongs; Obtain the byte length in the second random number, and perform padding processing on the second random number according to the byte length to obtain the second random number after the padding processing; perform a hash operation on the second random number after the padding processing to obtain the target The root key corresponding to the information.
  • the security level of the institution may be divided according to the nature of the institution, for example, the nature of the institution may include a defense institution, an educational institution, a small retail institution, and the like. Among them, the confidentiality level of national defense institutions is higher than that of educational institutions, and the confidentiality level of educational institutions is higher than that of small retail institutions.
  • the byte length in the second random number refers to the number of bytes corresponding to the second random number. For example, if the second random number is a number between 0 and 255, the corresponding byte length is 1. The random number is a number greater than 255, the byte length is greater than 1, and so on.
  • the value of the second random number after filling is different from the value corresponding to the second random number before filling, the second random number before filling is k, the second random number after filling is p, and p corresponds to k values are different.
  • the filled second random number is obtained, and there are multiple filling methods for a second random number, including filling one or more bits in 8 bits, so the filled second random number is The second random number is not equal to the second random number before filling, even if the illegal terminal obtains the security level of the organization to which the target information belongs, and generates the second random number according to the security level, because the filling method of the second random number has It is difficult for an illegal terminal to obtain a correct random number after filling, so it is impossible to obtain the root key corresponding to the target information, thereby improving the security of the information.
  • the institution information corresponding to the institution to which the target information belongs includes the institution's debt information and the institution's profit information
  • the method for generating the root key corresponding to the target information according to the institution information may be: according to the institution's debt information and the institution's profit information to determine the fund level of the organization; generate a third random number according to the fund level of the organization; perform a hash operation on the third random number to obtain the root key corresponding to the target information.
  • the debt information of an institution may refer to the creditor's rights-debt relationship between the institution's company and a specific person or a specific institution, including company loans, accounts payable, unpaid purchases, and the like.
  • the profit information of the institution may refer to the income obtained by the institution, and so on.
  • determining the capital level of the institution according to the debt information of the institution and the profit information of the institution may refer to determining the capital level of the institution according to the difference between the profit information of the institution and the debt information of the institution. The higher the funding level of the institution, the better the effectiveness of the institution; the lower the funding level of the institution, the worse the effectiveness of the institution.
  • the capital level of the institution is the first capital grade
  • the funding level of the institution is the second funding level
  • the funding level of the institution is the third funding level
  • the third random number is generated according to the fund level of the institution, and the fund level of the institution is determined based on the debt information of the institution and the profit information of the institution, and the debt information of the institution and the profit information of the institution belong to the high confidentiality of the institution. Therefore, it is not easy for illegal terminals to obtain the information, so it is impossible to obtain the financial level of the institution, and thus cannot generate the third random number, so it is impossible to obtain the root key corresponding to the target information, thereby improving the security of the information.
  • the information associated with the institution can also be obtained from the blockchain network, and the number of pieces of information whose privacy level is greater than the level threshold can be obtained from the associated information, and the number of pieces of information can be hashed to obtain the target information. the corresponding root key.
  • the information associated with the organization refers to all the information stored by the organization in the blockchain network.
  • the privacy level of the information is greater than the level threshold, indicating that the information is highly private, such as top secret; the privacy level of the information is less than the level threshold, indicating that the information is less private, such as secret, top secret is more private than secret.
  • top-secret information is information with a high degree of institutional confidentiality, it is difficult for an illegal terminal to obtain the information, and thus cannot obtain the root key corresponding to the target information, which can improve the security of the information.
  • S102 Generate a key corresponding to each piece of sub-information in the target information according to the root key.
  • the target information includes at least two pieces of sub-information.
  • the method for generating a key corresponding to each piece of sub-information in the target information according to the root key includes: obtaining the generation time of each piece of sub-information; determining the first sub-information and the second sub-information according to the generation time of each piece of sub-information, and the second The generation time of the sub-information is later than the generation time of the first sub-information; perform a hash operation on the root key to obtain the key of the first sub-information; perform a hash operation on the key of the first sub-information to obtain the second sub-information information key.
  • the root key corresponding to the target information is n
  • the number of second sub-information is greater than 1, for example, the number of second sub-information is 3, which are respectively sub-information a2, sub-information a3 and sub-information a4, and the generation times of the three second sub-information are t2, t3, and t4 respectively.
  • the key corresponding to each piece of sub-information can be calculated.
  • the difficulty of the key corresponding to the sub-information can be improved, so that when each piece of sub-information is encrypted using the key corresponding to the sub-information subsequently, the encryption efficiency can be improved. Difficulty, reduce the probability of ciphertext being cracked by illegal terminals, and improve the security of information.
  • the method for generating a key corresponding to each piece of sub-information in the target information according to the root key includes: acquiring the information length of each piece of sub-information; determining the first sub-information and the first sub-information according to the information length of each piece of sub-information Two sub-information, the first sub-information is the sub-information with the largest information length in the target information, and the information length of the second sub-information is less than the information length of the first sub-information; Hash operation is performed on the root key to obtain the information of the first sub-information. key; perform a hash operation on the key of the first sub-information to obtain the key of the second sub-information.
  • the root key corresponding to the target information is k
  • the sorted second sub-information includes sub-information b2, b3 , b4, and the length of b2 is greater than that of b3, the length of the information is greater than that of b4, and the key of the first sub-information is k1, then the key of the first sub-information is hashed to obtain the second sub-information b2.
  • the key is k2; perform a hash operation on the key of the second sub-information b2 to obtain the key of the second sub-information b3 as k3; perform a hash operation on the key of the second sub-information b3 to obtain the second sub-information
  • the key of b4 is k4. Therefore, the key corresponding to each sub-information can be calculated according to the information length of each sub-information and the root key. Since the length of each sub-information is not equal, the sub-information calculated according to the length of each sub-information and the root key can be obtained.
  • the corresponding keys are different, which can improve the difficulty of encrypting each piece of sub-information by using the key corresponding to the sub-information subsequently, reduce the probability of the ciphertext being cracked by an illegal terminal, and improve the security of the information.
  • S103 Obtain a first random number corresponding to each piece of sub-information, and adjust each piece of sub-information according to the first random number to obtain each piece of adjusted sub-information.
  • the first random number can be used to adjust each piece of sub-information, so that the value corresponding to each piece of sub-information after adjustment is less than or equal to the first threshold, so that each piece of sub-information is mapped to the curve of the objective function, according to the curve of the objective function Calculate the coordinate point corresponding to each sub-information.
  • the first threshold may be determined according to a curve parameter corresponding to the objective function. If the curve parameter is the curve length c, the first threshold is 2 256 -w, where w is a very small value.
  • random number generation algorithms can be used to generate random numbers, such as the central limit theorem and Box Muller (coordinate transformation method), Monte Carlo algorithm, numerical probability algorithm, Las Vegas algorithm or other algorithms to generate random numbers, and
  • the generated random number is determined as the first random number corresponding to each piece of sub-information.
  • each piece of sub-information is not numeric data
  • each piece of sub-information can be encoded to obtain numeric-type encoded data, and each piece of sub-information corresponds to each piece of information according to the first random number corresponding to each piece of sub-information
  • the encoded data is adjusted to obtain each piece of sub-information after adjustment.
  • each piece of sub-information is numerical data
  • each piece of sub-information is adjusted according to the first random number corresponding to each piece of sub-information to obtain each piece of adjusted sub-information. It can be known that each piece of sub-information after adjustment includes the piece of sub-information and the first random number corresponding to the piece of sub-information.
  • FIG. 2 is a schematic flowchart of a method for adjusting each piece of sub-information provided by an embodiment of the present application, as shown in FIG. 2 . As shown, the method includes the following steps:
  • each piece of sub-information after subtraction is smaller than the information threshold, determine each piece of sub-information after subtraction as each piece of adjusted sub-information.
  • steps S11 to S12 if each piece of sub-information after subtraction is less than the information threshold, it is considered that the piece of sub-information is mapped to the first coordinate of the target point on the curve corresponding to the objective function, which can be based on the first coordinate and the target. function, the second coordinate of the target point on the curve corresponding to the objective function is obtained by calculation, that is, the coordinate information corresponding to each piece of sub-information can be obtained.
  • each piece of sub-information after subtraction is greater than or equal to the information threshold, it is considered that the piece of sub-information is mapped to the first coordinate of the target point on the curve corresponding to the objective function, and the first coordinate and the objective function cannot be calculated to obtain the The second coordinate of the target point on the curve corresponding to the objective function, that is, the coordinate information corresponding to each piece of sub-information cannot be obtained.
  • the first random numbers corresponding to each piece of sub-information may be equal or unequal.
  • the information threshold may be, for example, 2 256 , or may be smaller than 2 256 .
  • each piece of sub-information after the subtraction can be obtained, so that each piece of sub-information after subtraction is determined to be adjusted according to the relationship between each piece of sub-information after subtraction and the information threshold each subsequent sub-message.
  • the subtraction of each piece of sub-information from the first random number may refer to subtracting the first random number from the value corresponding to each piece of sub-information. It can be known that the value corresponding to each piece of sub-information obtained after the subtraction is less than the sub-information before the subtraction. corresponding value.
  • each piece of sub-information after subtraction is greater than or equal to the information threshold, the piece of sub-information is mapped to the first coordinate of the target point on the curve corresponding to the objective function, which cannot be calculated according to the first coordinate and the objective function.
  • the second coordinate of the target point on the curve corresponding to the objective function that is, the coordinate information corresponding to each piece of sub-information cannot be obtained. Therefore, it is necessary to adjust the first random number corresponding to each piece of sub-information, and subtract each adjusted piece of sub-information from the first random number to obtain each candidate sub-information.
  • each piece of candidate sub-information is smaller than the information threshold, determine each piece of candidate sub-information as each adjusted piece of sub-information.
  • each piece of candidate sub-information is less than the information threshold, the piece of sub-information is mapped to the first coordinate of the target point on the curve corresponding to the objective function, and the corresponding value of the objective function can be calculated according to the first coordinate and the objective function.
  • the second coordinate of the target point on the curve that is, the coordinate information corresponding to each piece of sub-information can be obtained. If each candidate sub-information is greater than or equal to the information threshold, it is considered that the sub-information is mapped to the first coordinate of the target point on the curve corresponding to the objective function, and the objective function cannot be calculated based on the first coordinate and the objective function.
  • the second coordinate of the target point on the corresponding curve that is, the coordinate information corresponding to each piece of sub-information cannot be obtained. That is, if each candidate sub-information is greater than or equal to the information threshold, continue to adjust the first random number until each candidate sub-information is subtracted from the adjusted first random number, and each candidate sub-information after the subtraction is subtracted. If the information is less than the information threshold, each piece of sub-information of the candidate after subtraction is determined as each piece of adjusted sub-information. By subtracting each sub-information and the first random number corresponding to each sub-information, and continuously adjusting the first random number corresponding to each sub-information, each adjusted sub-information can be obtained, which improves the success of subsequent encryption of each sub-information Rate.
  • each piece of sub-information of the adjusted non-numeric type can be encoded to obtain coded data corresponding to each piece of sub-information of the adjusted numerical type, and the coded data corresponding to each piece of sub-information of the adjusted numerical type can be mapped to the corresponding coded data of the objective function.
  • the corresponding coordinate point is obtained on the curve, so as to obtain the coordinate information corresponding to each piece of sub-information according to the coordinate point.
  • the curve corresponding to the objective function can be obtained, and each piece of adjusted sub-information is mapped to the first coordinate of the target point on the curve corresponding to the objective function; according to the first coordinate and the objective function , determine the second coordinate of the target point on the curve corresponding to the objective function; determine the first coordinate and the second coordinate as the coordinate information corresponding to each piece of sub-information, thereby obtaining at least two pieces of sub-information corresponding to each sub-information Coordinate information.
  • the second coordinate of the target point on the curve corresponding to the objective function can be determined according to the first coordinate and the objective function, and the first coordinate can be determined.
  • the coordinates and the second coordinates are determined as the coordinate information corresponding to the sub-information c.
  • the curve corresponding to the objective function can be shown in formula (1-1):
  • a and b are known real numbers, and x and y are both parameters.
  • the value of the other parameter can be calculated by formula (1-1), for example , by determining the value of x, the value of y can be calculated according to formula (1-1).
  • a is 1, b is -1, the sub-information c is mapped to the first coordinate of the target point on the curve corresponding to the objective function (for example, the abscissa of the target point) is 1, and a, b and the first coordinate
  • the coordinates are substituted into formula (1-1) as x, and y is obtained as 1, that is, the second coordinate of the target point on the curve corresponding to the objective function is 1, then the coordinate information corresponding to the sub-information c is (1, 1),
  • the coordinate information corresponding to the other sub-information in the at least two pieces of sub-information can be acquired, thereby acquiring the coordinate information corresponding to each sub-information in the at least two pieces of sub-information.
  • the computer device may use the key corresponding to each piece of sub-information to encrypt the coordinate information corresponding to each of the at least two pieces of sub-information to obtain the ciphertext of the coordinate information corresponding to each piece of sub-information.
  • the computer device can obtain the private key of the terminal to which the target information belongs, and encrypt the coordinate information corresponding to each sub-information in the at least two sub-information according to the private key of the terminal and the key corresponding to each sub-information, and obtain each sub-information.
  • the ciphertext of the coordinate information corresponding to the sliver information It can be seen that the ciphertext of the coordinate information corresponding to the sub-information is the ciphertext obtained by encrypting the sub-information.
  • the ciphertext of the corresponding sub-information corresponding to the ciphertext cannot be known even if the ciphertext is obtained. content.
  • S106 Determine the ciphertext of the coordinate information corresponding to each piece of sub-information as the ciphertext of the target information, and store the ciphertext of the target information in the blockchain network.
  • the ciphertext of the coordinate information corresponding to each piece of sub-information is determined as the ciphertext of the target information.
  • the ciphertext of the target information includes the ciphertext of the coordinate information corresponding to each of the at least two sub-information, so far, the ciphertext of the target information can be obtained by encrypting the target information, and the ciphertext of the target information can be obtained.
  • the documents are stored in the blockchain network.
  • the root key corresponding to the target information is generated by the institution information corresponding to the institution to which the target information belongs, and the institution information includes the confidentiality level of the institution, the debt information of the institution, and the profit information of the institution, etc., it is an institution.
  • the institution information includes the confidentiality level of the institution, the debt information of the institution, and the profit information of the institution, etc.
  • For relatively confidential information it is difficult for an illegal terminal to obtain the organization information, that is, it is difficult to obtain the root key corresponding to the target information.
  • the Decrypting the ciphertext can improve the difficulty of cracking the ciphertext and improve the security of information.
  • FIG. 3 is a schematic flowchart of an information processing method based on a shared root key provided by an embodiment of the present application, and the method is applied to a node in a blockchain network. As shown in Figure 3, the method includes:
  • S201 Acquire an objective function for describing information and institution information corresponding to an institution to which the target information to be processed belongs, and generate a root key corresponding to the target information according to the institution information.
  • S202 Generate a key corresponding to each piece of sub-information in the target information according to the root key.
  • S203 Obtain a first random number corresponding to each piece of sub-information, and adjust each piece of sub-information according to the first random number to obtain each piece of adjusted sub-information.
  • steps S201 to S204 reference may be made to the content of steps S101 to S104 in the embodiment corresponding to FIG. 1 , which will not be repeated here.
  • S205 Obtain the private key of the terminal to which the target information belongs, and the key corresponding to each piece of sub-information.
  • the terminal to which the target information belongs is the terminal that uploads the target information to the blockchain network for processing such as encryption and storage
  • the private key of the terminal to which the target information belongs is the private key generated by the terminal.
  • the identifier of the terminal to which the target information belongs can be obtained, a fourth random number can be generated by using the SECP256K1 algorithm, and the fourth random number can be filled to obtain the private key of the terminal. number.
  • the identifier of the terminal may refer to the factory serial number of the terminal, or other identifiers used to uniquely indicate the terminal.
  • the candidate coordinates are obtained according to the base point coordinates of the curve of the objective function and the private key of the terminal. Specifically, the coordinates of the base point of the curve of the objective function can be obtained; the product of the coordinates of the base point and the private key of the terminal can be obtained to obtain the candidate coordinates.
  • the coordinates of the base point of the curve of the objective function can be acquired.
  • the base point is G
  • the corresponding base point coordinates are (x1, y1)
  • the private key of the terminal is h
  • the candidate coordinates can be calculated according to formula (1-2):
  • the candidate coordinate is H
  • the base point is G
  • the private key of the terminal is h.
  • S207 Encrypt the candidate coordinates according to the key corresponding to each piece of sub-information to obtain the ciphertext of the candidate coordinates.
  • the candidate coordinates can be encrypted by formula (1-3) to obtain the ciphertext of the candidate coordinates , and fuse the coordinate information corresponding to the sub-information i with the ciphertext of the candidate coordinates to obtain the ciphertext of the coordinate information corresponding to the sub-information i.
  • Ci Mi+ki*H (1-3)
  • the candidate coordinates are H, Ci is the ciphertext of the coordinate information corresponding to the sub-information i, Mi is the coordinate information corresponding to the sub-information i, and ki is the key corresponding to the sub-information i.
  • ki*H indicates that the candidate coordinates are encrypted according to the key corresponding to the sub-information i, and the ciphertext of the candidate coordinates is obtained. It can be known that, for other sub-information in the n pieces of sub-information, the encryption and fusion can also be performed by formula (1-3) to obtain the ciphertext of the coordinate information corresponding to the other sub-information.
  • the ciphertext of the coordinate information corresponding to the piece of sub-information can be obtained by encrypting and fusing the formula (1-3), that is to say, a piece of sub-information corresponds to the number of ciphertexts of the coordinate information corresponding to a piece of sub-information , that is, for n pieces of sub-information, the number of ciphertexts of the coordinate information corresponding to the finally obtained sub-information is n.
  • an encryption algorithm can be used to encrypt the coordinate information corresponding to each piece of sub-information to obtain the ciphertext of the coordinate information corresponding to each piece of sub-information.
  • the encryption algorithm can include, for example, Elgamal algorithm (an asymmetric encryption algorithm), Rabin algorithm ( An asymmetric encryption algorithm), Diffie-Hellman algorithm (an asymmetric encryption algorithm), ECC algorithm (elliptic curve encryption algorithm).
  • the computer device encrypts the coordinate information corresponding to each piece of sub-information in at least two pieces of sub-information according to the private key of the terminal and the key corresponding to each piece of sub-information, and obtains the ciphertext of the coordinate information corresponding to each piece of sub-information. Encryption is performed to obtain the corresponding ciphertext. After the terminal obtains the ciphertext corresponding to each piece of sub-information, it needs to be decrypted to obtain the sub-information corresponding to each piece of ciphertext.
  • S209 Determine the ciphertext of the coordinate information corresponding to each piece of sub-information as the ciphertext of the target information, and store the ciphertext of the target information in the blockchain network.
  • step S209 for the specific content of step S209, reference may be made to the content of step S106 in the embodiment corresponding to FIG. 1 , which will not be repeated here.
  • the coordinate information corresponding to each sub-information in the at least two sub-information is encrypted, and the ciphertext of the coordinate information corresponding to each sub-information is obtained, which can realize Each piece of sub-information is encrypted to obtain the corresponding ciphertext.
  • the terminal obtains the ciphertext corresponding to each piece of sub-information, it needs to be decrypted to obtain the corresponding sub-information of each piece of ciphertext.
  • FIG. 4 is a schematic diagram of the composition and structure of an information processing apparatus based on a shared root key provided by an embodiment of the present application
  • the above-mentioned information processing apparatus based on a shared root key may be a computer program running in a computer device (including program code), for example, the information processing device based on the shared root key is an application software; the device can be used to execute corresponding steps in the methods provided by the embodiments of the present application.
  • the device 40 includes:
  • the root key generation module 401 is used to obtain the target function used to describe the information, and the organization information corresponding to the organization to which the target information to be processed belongs, and generate the root key corresponding to the target information according to the organization information, and the organization information includes At least one of the institution's confidentiality level, the institution's debt information, and the institution's profit information;
  • a subkey generation module 402 configured to generate a key corresponding to each piece of subinformation in the target information according to the root key, and the target information includes at least two pieces of subinformation;
  • an information adjustment module 403 configured to obtain a first random number corresponding to each piece of sub-information, adjust each piece of sub-information according to the first random number, and obtain each piece of adjusted sub-information;
  • Coordinate acquisition module 404 is used to obtain the coordinate information corresponding to each sub-information in this at least two sub-information according to this objective function and each sub-information after the adjustment;
  • the information encryption module 405 is used for encrypting the coordinate information of the corresponding sub-information in the at least two pieces of sub-information by using the key corresponding to each sub-information to obtain the ciphertext of the coordinate information corresponding to each sub-information;
  • the information storage module 406 is configured to determine the ciphertext of the coordinate information corresponding to each piece of sub-information as the ciphertext of the target information, and store the ciphertext of the target information in the blockchain network.
  • the institution information includes the confidentiality level of the institution, and the root key generation module 401 is specifically used for:
  • a hash operation is performed on the filled second random number to obtain a root key corresponding to the target information.
  • the institution information includes debt information of the institution and profit information of the institution;
  • the root key generation module 401 is specifically used for:
  • Hash operation is performed on the third random number to obtain the root key corresponding to the target information.
  • sub-key generation module 402 is specifically used for:
  • the first sub-information and the second sub-information are determined according to the generation time of each piece of sub-information, the first sub-information is the sub-information with the earliest generation time in the target information, and the second sub-information is generated later than the first sub-information the time when the information was generated;
  • the information adjustment module 403 is specifically used for:
  • each piece of sub-information after the subtraction is smaller than the information threshold, then each piece of sub-information after the subtraction is determined as each piece of adjusted sub-information.
  • the apparatus 40 further includes: a random number adjustment module 407 for:
  • each piece of sub-information of the candidate is smaller than the information threshold, then each piece of sub-information of the candidate is determined as each piece of adjusted sub-information.
  • the information encryption module 405 is specifically used for:
  • the steps involved in the shared root key-based information processing method shown in FIG. 1 can be performed by various modules in the shared root key-based information processing apparatus shown in FIG. 4 .
  • step S101 shown in FIG. 1 may be performed by the root key generation module 401 in FIG. 4
  • step S102 shown in FIG. 1 may be performed by the sub-key generation module 402 in FIG. 4
  • the step S103 shown in FIG. 4 can be executed by the information adjustment module 403 in FIG. 4
  • the step S104 shown in FIG. 1 can be executed by the coordinate obtaining module 404 in FIG. 4
  • the encryption module 405 can perform it; the step S106 shown in FIG.
  • each module in the information processing based on the shared root key shown in FIG. 4 may be respectively or all combined into one or several units to form, or some unit(s) may also be formed. The same operation can be achieved without affecting the realization of the technical effects of the embodiments of the present application by being split into multiple sub-units with smaller functions.
  • the above modules are divided based on logical functions. In practical applications, the function of one module may also be implemented by multiple units, or the functions of multiple modules may be implemented by one unit. In other embodiments of the present application, the information processing apparatus based on the shared root key may also include other units. In practical applications, these functions may also be implemented with the assistance of other units, and may be implemented by cooperation of multiple units.
  • a general-purpose computer device such as a computer including processing elements and storage elements such as a central processing unit (CPU), random access storage medium (RAM), read only storage medium (ROM), etc.
  • CPU central processing unit
  • RAM random access storage medium
  • ROM read only storage medium
  • Running a computer program capable of executing the steps involved in the corresponding methods as shown in FIG. 1 , FIG. 2 and FIG. 3 , to construct a shared root key-based information processing apparatus as shown in FIG. 4 , and to implement the information processing method based on the shared root key of the embodiment of the present application.
  • the above-mentioned computer program can be recorded on, for example, a computer-readable recording medium, loaded in the above-mentioned computing device via the computer-readable recording medium, and executed therein.
  • the root key corresponding to the target information is generated by the institution information corresponding to the institution to which the target information belongs, and the institution information includes the confidentiality level of the institution, the debt information of the institution, and the profit information of the institution, etc., it is an institution.
  • the institution information includes the confidentiality level of the institution, the debt information of the institution, and the profit information of the institution, etc.
  • For relatively confidential information it is difficult for an illegal terminal to obtain the organization information, that is, it is difficult to obtain the root key corresponding to the target information.
  • the Decrypting the ciphertext can improve the difficulty of cracking the ciphertext and improve the security of information.
  • FIG. 5 is a schematic structural diagram of a computer device provided by an embodiment of the present application.
  • the above-mentioned computer device 50 may include: a processor 501 , a network interface 504 and a memory 505 , in addition, the above-mentioned computer device 50 may further include: a user interface 503 , and at least one communication bus 502 .
  • the communication bus 502 is used to realize the connection and communication between these components.
  • the user interface 503 may include a display screen (Display) and a keyboard (Keyboard), and the optional user interface 503 may also include a standard wired interface and a wireless interface.
  • the network interface 504 may include a standard wired interface and a wireless interface (eg, a WI-FI interface).
  • the memory 505 may be a high-speed RAM memory, or a non-volatile memory, such as at least one disk memory.
  • the memory 505 can optionally also be at least one storage device located away from the aforementioned processor 501 .
  • the memory 505 as a computer-readable storage medium may include an operating system, a network communication module, a user interface module, and a device control application program.
  • the network interface 504 can provide a network communication function;
  • the user interface 503 is mainly used to provide an input interface for the user; and
  • the processor 501 can be used to call the device control application stored in the memory 505 program to achieve:
  • each piece of adjusted sub-information obtain coordinate information corresponding to each of the at least two pieces of sub-information
  • the ciphertext of the coordinate information corresponding to each piece of sub-information is determined as the ciphertext of the target information, and the ciphertext of the target information is stored in the blockchain network.
  • the computer device 50 described in this embodiment of the present application can execute the description of the above-mentioned information processing method based on the shared root key in the foregoing embodiments corresponding to FIG. 1 , FIG. 2 and FIG.
  • the description of the above-mentioned information processing apparatus based on the shared root key in the corresponding embodiment will not be repeated here.
  • the description of the beneficial effects of using the same method will not be repeated.
  • the root key corresponding to the target information is generated by the institution information corresponding to the institution to which the target information belongs, and the institution information includes the confidentiality level of the institution, the debt information of the institution, and the profit information of the institution, etc., it is an institution.
  • the institution information includes the confidentiality level of the institution, the debt information of the institution, and the profit information of the institution, etc.
  • For relatively confidential information it is difficult for an illegal terminal to obtain the organization information, that is, it is difficult to obtain the root key corresponding to the target information.
  • the Decrypting the ciphertext can improve the difficulty of cracking the ciphertext and improve the security of information.
  • Embodiments of the present application further provide a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, and the computer program includes program instructions, which, when executed by a computer, cause the computer to execute the above-mentioned embodiments.
  • the method, the computer may be part of the above mentioned computer equipment.
  • it is the above-mentioned processor 501 .
  • program instructions may be deployed for execution on one computer device, or on multiple computer devices located at one site, or alternatively, distributed across multiple sites and interconnected by a communications network Implemented, multiple computer devices distributed in multiple locations and interconnected by a communication network can form a blockchain network.
  • the storage medium involved in this application such as a computer-readable storage medium, may be non-volatile or volatile.
  • the storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM), or a random access memory (Random Access Memory, RAM) or the like.

Abstract

Embodiments of the present application provide a shared root key-based information processing method and apparatus, and a device and a medium, primarily relating to blockchain technologies and hospital management technologies, wherein the method comprises: acquiring a target function for describing information and institution information of an institution which target information to be processed belongs to, and generating a root key corresponding to the target information according to the institution information; generating a key corresponding to each piece of sub-information in the target information according to the root key; acquiring a first random number corresponding to each piece of sub-information, and adjusting each piece of sub-information according to the first random number; acquiring coordinate information corresponding to each piece of sub-information according to the target function and each piece of adjusted sub-information; encrypting the coordinate information of each piece of sub-information using the key corresponding to each piece of sub-information, and obtaining a ciphertext of the coordinate information corresponding to each piece of sub-information; and determining the ciphertext as the target information ciphertext, and storing the target information ciphertext in a blockchain network. Information security can be improved using the embodiments of the present application.

Description

基于共享根密钥的信息处理方法、装置、设备及介质Information processing method, device, device and medium based on shared root key
本申请要求于2020年9月29日提交中国专利局、申请号为202011068461.4,发明名称为“基于共享根密钥的信息处理方法、装置、设备及介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application filed on September 29, 2020 with the application number 202011068461.4 and the title of the invention is "Information Processing Method, Apparatus, Equipment and Medium Based on Shared Root Key", all of which The contents are incorporated herein by reference.
技术领域technical field
本申请涉及区块链技术领域,尤其涉及基于共享根密钥的信息处理方法、装置、设备及介质。The present application relates to the field of blockchain technology, and in particular, to an information processing method, apparatus, device and medium based on a shared root key.
背景技术Background technique
随着网络的发展,通过网络进行信息交互的方式得到大量用户的青睐,用户使用网络的数量增加导致产生的信息数量增加,而大量的信息需要进行存储,例如,医院管理中针对病患的处方流转、病人管理等信息需要进行存储,才便于后续追溯。发明人意识到,传统的信息存储方式一般为终端本地存储,该种信息存储方式存在较大的风险,非法终端容易获取到本地存储的信息,导致信息的泄露,以及,非法用户可以对本地存储的信息进行篡改,导致信息安全性较低,并且,当本地存储出现故障时,导致信息无法找回,从而造成损失。因此,如何确保信息存储过程中信息的安全性,防止信息泄露是亟待解决的问题。With the development of the network, the way of information interaction through the network is favored by a large number of users. The increase in the number of users using the network leads to an increase in the amount of information generated, and a large amount of information needs to be stored. For example, the prescription for patients in hospital management Information such as circulation and patient management needs to be stored to facilitate subsequent traceability. The inventor realized that the traditional information storage method is generally the local storage of the terminal, and this kind of information storage method has great risks. The illegal terminal can easily obtain the locally stored information, resulting in the leakage of information, and the illegal user can store the locally stored information. The information is tampered with, resulting in low information security, and when the local storage fails, the information cannot be retrieved, resulting in losses. Therefore, how to ensure the security of information in the process of information storage and prevent information leakage is an urgent problem to be solved.
发明内容SUMMARY OF THE INVENTION
本申请实施例提供基于共享根密钥的信息处理方法、装置、设备及介质,可以实现对信息进行加密,提高信息的安全性,防止信息泄露。The embodiments of the present application provide an information processing method, device, device, and medium based on a shared root key, which can encrypt information, improve information security, and prevent information leakage.
本申请实施例一方面提供基于共享根密钥的信息处理方法,包括:On the one hand, the embodiments of the present application provide an information processing method based on a shared root key, including:
获取用于描述信息的目标函数,以及待处理的目标信息所属的机构对应的机构信息,根据该机构信息生成该目标信息对应的根密钥,该机构信息包括该机构的保密等级、该机构的债务信息以及该机构的盈利信息中的至少一种;Obtain the objective function used to describe the information, and the institution information corresponding to the institution to which the target information to be processed belongs, and generate the root key corresponding to the target information according to the institution information. at least one of debt information and the institution's earnings information;
根据该根密钥生成该目标信息中每条子信息对应的密钥,该目标信息包括至少两条子信息;Generate a key corresponding to each piece of sub-information in the target information according to the root key, and the target information includes at least two pieces of sub-information;
获取该每条子信息对应的第一随机数,根据该第一随机数对该每条子信息进行调整,得到调整后的每条子信息;Obtain the first random number corresponding to each piece of sub-information, and adjust each piece of sub-information according to the first random number to obtain each piece of adjusted sub-information;
根据该目标函数以及该调整后的每条子信息,获取该至少两条子信息中每条子信息对应的坐标信息;According to the objective function and each piece of adjusted sub-information, obtain coordinate information corresponding to each of the at least two pieces of sub-information;
采用该每条子信息对应的密钥,对该至少两条子信息中的对应子信息的坐标信息进行加密,得到该每条子信息对应的坐标信息的密文;Encrypting the coordinate information of the corresponding sub-information in the at least two pieces of sub-information by using the key corresponding to each sub-information to obtain the ciphertext of the coordinate information corresponding to each sub-information;
将该每条子信息对应的坐标信息的密文确定为该目标信息的密文,将该目标信息的密文存储至区块链网络中。The ciphertext of the coordinate information corresponding to each piece of sub-information is determined as the ciphertext of the target information, and the ciphertext of the target information is stored in the blockchain network.
本申请实施例一方面提供基于共享根密钥的信息处理装置,包括:On the one hand, the embodiments of the present application provide an information processing apparatus based on a shared root key, including:
根密钥生成模块,用于获取用于描述信息的目标函数,以及待处理的目标信息所属的机构对应的机构信息,根据该机构信息生成该目标信息对应的根密钥,该机构信息包括该机构的保密等级、该机构的债务信息以及该机构的盈利信息中的至少一种;The root key generation module is used to obtain the objective function used to describe the information, and the institution information corresponding to the institution to which the target information to be processed belongs, and generate the root key corresponding to the target information according to the institution information, and the institution information includes the At least one of the institution's confidentiality level, the institution's debt information, and the institution's profit information;
子密钥生成模块,用于根据该根密钥生成该目标信息中每条子信息对应的密钥,该目标信息包括至少两条子信息;A sub-key generation module, used for generating a key corresponding to each sub-information in the target information according to the root key, and the target information includes at least two sub-information;
信息调整模块,用于获取该每条子信息对应的第一随机数,根据该第一随机数对该每条子信息进行调整,得到调整后的每条子信息;an information adjustment module, configured to obtain a first random number corresponding to each piece of sub-information, adjust each piece of sub-information according to the first random number, and obtain each piece of adjusted sub-information;
坐标获取模块,用于根据该目标函数以及该调整后的每条子信息,获取该至少两条子信息中每条子信息对应的坐标信息;a coordinate obtaining module, configured to obtain coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information according to the objective function and each piece of adjusted sub-information;
信息加密模块,用于采用该每条子信息对应的密钥,对该至少两条子信息中的对应子信息的坐标信息进行加密,得到该每条子信息对应的坐标信息的密文;an information encryption module, configured to encrypt the coordinate information of the corresponding sub-information in the at least two pieces of sub-information by using the key corresponding to each sub-information, and obtain the ciphertext of the coordinate information corresponding to each sub-information;
信息存储模块,用于将该每条子信息对应的坐标信息的密文确定为该目标信息的密文,将该目标信息的密文存储至区块链网络中。The information storage module is configured to determine the ciphertext of the coordinate information corresponding to each piece of sub-information as the ciphertext of the target information, and store the ciphertext of the target information in the blockchain network.
本申请一方面提供了一种计算机设备,包括:处理器、存储器、网络接口;One aspect of the present application provides a computer device, including: a processor, a memory, and a network interface;
上述处理器与存储器、网络接口相连,其中,网络接口用于提供数据通信功能,上述存储器用于存储计算机程序,上述处理器用于调用上述计算机程序,以执行本申请实施例中上述一方面中的方法,该方法包括:The above-mentioned processor is connected to a memory and a network interface, wherein the network interface is used to provide a data communication function, the above-mentioned memory is used to store a computer program, and the above-mentioned processor is used to call the above-mentioned computer program to execute the embodiment of the present application. method, which includes:
获取用于描述信息的目标函数,以及待处理的目标信息所属的机构对应的机构信息,根据所述机构信息生成所述目标信息对应的根密钥,所述机构信息包括所述机构的保密等级、所述机构的债务信息以及所述机构的盈利信息中的至少一种;Obtain the objective function used to describe the information, and the institution information corresponding to the institution to which the target information to be processed belongs, and generate the root key corresponding to the target information according to the institution information, where the institution information includes the security level of the institution , at least one of the debt information of the institution and the profit information of the institution;
根据所述根密钥生成所述目标信息中每条子信息对应的密钥,所述目标信息包括至少两条子信息;Generate a key corresponding to each piece of sub-information in the target information according to the root key, where the target information includes at least two pieces of sub-information;
获取所述每条子信息对应的第一随机数,根据所述第一随机数对所述每条子信息进行调整,得到调整后的每条子信息;obtaining a first random number corresponding to each piece of sub-information, and adjusting each piece of sub-information according to the first random number to obtain each piece of adjusted sub-information;
根据所述目标函数以及所述调整后的每条子信息,获取所述至少两条子信息中每条子信息对应的坐标信息;According to the objective function and each piece of adjusted sub-information, obtain coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information;
采用所述每条子信息对应的密钥,对所述至少两条子信息中的对应子信息的坐标信息进行加密,得到所述每条子信息对应的坐标信息的密文;Using the key corresponding to each piece of sub-information, encrypt the coordinate information of the corresponding sub-information in the at least two pieces of sub-information, and obtain the ciphertext of the coordinate information corresponding to each of the sub-information;
将所述每条子信息对应的坐标信息的密文确定为所述目标信息的密文,将所述目标信息的密文存储至区块链网络中。The ciphertext of the coordinate information corresponding to each piece of sub-information is determined as the ciphertext of the target information, and the ciphertext of the target information is stored in the blockchain network.
本申请实施例一方面提供了一种计算机可读存储介质,该计算机可读存储介质存储有计算机程序,该计算机程序包括程序指令,该程序指令当被处理器执行时使该处理器执行上述第一方面的基于共享根密钥的信息处理方法,该方法包括:An aspect of the embodiments of the present application provides a computer-readable storage medium, where the computer-readable storage medium stores a computer program, the computer program includes program instructions, and when executed by a processor, the program instructions cause the processor to execute the above-mentioned first step. An information processing method based on a shared root key, the method includes:
获取用于描述信息的目标函数,以及待处理的目标信息所属的机构对应的机构信息,根据所述机构信息生成所述目标信息对应的根密钥,所述机构信息包括所述机构的保密等级、所述机构的债务信息以及所述机构的盈利信息中的至少一种;Obtain the objective function used to describe the information, and the institution information corresponding to the institution to which the target information to be processed belongs, and generate the root key corresponding to the target information according to the institution information, where the institution information includes the security level of the institution , at least one of the debt information of the institution and the profit information of the institution;
根据所述根密钥生成所述目标信息中每条子信息对应的密钥,所述目标信息包括至少两条子信息;Generate a key corresponding to each piece of sub-information in the target information according to the root key, where the target information includes at least two pieces of sub-information;
获取所述每条子信息对应的第一随机数,根据所述第一随机数对所述每条子信息进行调整,得到调整后的每条子信息;obtaining a first random number corresponding to each piece of sub-information, and adjusting each piece of sub-information according to the first random number to obtain each piece of adjusted sub-information;
根据所述目标函数以及所述调整后的每条子信息,获取所述至少两条子信息中每条子信息对应的坐标信息;According to the objective function and each piece of adjusted sub-information, obtain coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information;
采用所述每条子信息对应的密钥,对所述至少两条子信息中的对应子信息的坐标信息进行加密,得到所述每条子信息对应的坐标信息的密文;Using the key corresponding to each piece of sub-information, encrypt the coordinate information of the corresponding sub-information in the at least two pieces of sub-information, and obtain the ciphertext of the coordinate information corresponding to each of the sub-information;
将所述每条子信息对应的坐标信息的密文确定为所述目标信息的密文,将所述目标信息的密文存储至区块链网络中。The ciphertext of the coordinate information corresponding to each piece of sub-information is determined as the ciphertext of the target information, and the ciphertext of the target information is stored in the blockchain network.
本申请实施例可以提高信息的安全性;此外,将目标信息的密文存储至区块链网络中,可以减少终端本地存储空间的资源占用。The embodiment of the present application can improve the security of information; in addition, storing the ciphertext of the target information in the blockchain network can reduce the resource occupation of the local storage space of the terminal.
附图说明Description of drawings
为了更清楚地说明本申请实施例中的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to illustrate the technical solutions in the embodiments of the present application more clearly, the following briefly introduces the drawings required in the embodiments. Obviously, the drawings in the following description are only some embodiments of the present application. For those of ordinary skill in the art, other drawings can also be obtained from these drawings without any creative effort.
图1是本申请实施例提供的一种基于共享根密钥的信息处理方法的流程示意图;1 is a schematic flowchart of an information processing method based on a shared root key provided by an embodiment of the present application;
图2是本申请实施例提供的一种对每条子信息进行调整的方法的流程示意图;2 is a schematic flowchart of a method for adjusting each piece of sub-information provided by an embodiment of the present application;
图3是本申请实施例提供的一种基于共享根密钥的信息处理方法的流程示意图;3 is a schematic flowchart of an information processing method based on a shared root key provided by an embodiment of the present application;
图4是本申请实施例提供的一种基于共享根密钥的信息处理装置的组成结构示意图;4 is a schematic diagram of the composition and structure of an information processing apparatus based on a shared root key provided by an embodiment of the present application;
图5是本申请实施例提供的一种计算机设备的组成结构示意图。FIG. 5 is a schematic structural diagram of a computer device provided by an embodiment of the present application.
具体实施方式Detailed ways
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application. Obviously, the described embodiments are only a part of the embodiments of the present application, but not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present application.
本申请所涉及的区块链是一种分布式数据存储、点对点传输(P2P传输)、共识机制、加密算法等计算机技术的新型应用模式,其本质上是一个去中心化的数据库,是一串使用密码学方法相关联产生的数据块,每一个数据块中包含了一批次网络交易的信息,用于验证其信息的有效性(防伪)和生成下一个区块。区块链可以包括区块链底层平台、平台产品服务层以及应用服务层;区块链可由多个借由密码学串接并保护内容的串连交易记录(又称区块)构成,用区块链所串接的分布式账本能让多方有效纪录交易,且可永久查验此交易(不可篡改)。其中,共识机制是指区块链网络中实现不同节点之间建立信任、获取权益的数学算法;也就是说,共识机制是区块链各网络节点共同认可的一种数学算法。The blockchain involved in this application is a new application mode of computer technologies such as distributed data storage, point-to-point transmission (P2P transmission), consensus mechanism, and encryption algorithm. Using cryptographic methods to associate the generated data blocks, each data block contains a batch of network transaction information, which is used to verify the validity of its information (anti-counterfeiting) and generate the next block. The blockchain can include the underlying platform of the blockchain, the platform product service layer and the application service layer; the blockchain can be composed of multiple serial transaction records (also known as blocks) that are connected and protected by cryptography. The distributed ledger connected by the blockchain allows multiple parties to effectively record the transaction, and the transaction can be permanently checked (it cannot be tampered with). Among them, the consensus mechanism refers to the mathematical algorithm that realizes the establishment of trust between different nodes and the acquisition of rights and interests in the blockchain network; that is to say, the consensus mechanism is a mathematical algorithm recognized by all network nodes of the blockchain.
本申请技术方案适用于医院管理中,即目标信息可以是指病患的处方流转、病人管理等信息,通过对病患的处方流转、病人管理等信息进行加密得到病患的处方流转、病人管理等信息对应的密文,并将加密后的数据存储至区块链网络中,有利于实现对病患的处方流转、病人管理等信息的管理,提高医院管理的信息的安全性。The technical solution of the present application is suitable for hospital management, that is, the target information may refer to information such as patient prescription circulation, patient management, etc., and the patient prescription circulation, patient management and other information can be obtained by encrypting the patient's prescription circulation, patient management and other information. The ciphertext corresponding to the information, and the encrypted data is stored in the blockchain network, which is conducive to the management of information such as the circulation of patients' prescriptions and patient management, and improves the security of information managed by the hospital.
请参见图1,图1是本申请实施例提供的一种基于共享根密钥的信息处理方法的流程示意图,该方法应用于区块链网络中的节点,该节点可以是独立的一个物理服务器,也可以是多个物理服务器构成的服务器集群或者分布式系统,还可以是提供云服务、云数据库、云计算、云函数、云存储、网络服务、云通信、中间件服务、域名服务、安全服务、内容分发网络(Content Delivery Network,CDN)、以及大数据和人工智能平台等基础云计算服务的云服务器。或者,该节点可以是指计算机设备,包括手机、平板电脑、笔记本电脑、掌上电脑、智能音响、移动互联网设备(MID,mobile internet device)、POS(Point Of Sales,销售点)机、可穿戴设备(例如智能手表、智能手环等)等。如图1所示,该方法包括:Please refer to FIG. 1. FIG. 1 is a schematic flowchart of an information processing method based on a shared root key provided by an embodiment of the present application. The method is applied to a node in a blockchain network, and the node may be an independent physical server. , it can also be a server cluster or distributed system composed of multiple physical servers, or it can provide cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communications, middleware services, domain name services, security Services, Content Delivery Network (CDN), and cloud servers for basic cloud computing services such as big data and artificial intelligence platforms. Alternatively, the node may refer to computer equipment, including mobile phones, tablet computers, notebook computers, PDAs, smart speakers, mobile internet devices (MID, mobile internet device), POS (Point Of Sales, point of sale) machines, wearable devices (such as smart watches, smart bracelets, etc.) As shown in Figure 1, the method includes:
S101,获取用于描述信息的目标函数,以及待处理的目标信息所属的机构对应的机构信息,根据机构信息生成目标信息对应的根密钥。S101: Acquire an objective function for describing information and institution information corresponding to an institution to which the target information to be processed belongs, and generate a root key corresponding to the target information according to the institution information.
这里,目标函数可以是指椭圆曲线对应的函数,目标函数也可以是指其他曲线对应的函数。目标信息可以是指某机构的交易数据、营业数据、该机构的内部资料等数据。目标信息所属的机构对应的机构信息包括机构的保密等级、机构的债务信息以及机构的盈利信息中的至少一种。为了增加对目标信息的密文进行解密的难度,避免目标信息的密文被非法用户破解,可根据机构信息生成目标信息对应的根密钥,即可根据机构的保密等级、机构的债务信息以及机构的盈利信息中的至少一种生成目标信息对应的根密钥。Here, the objective function may refer to a function corresponding to an elliptic curve, and the objective function may also refer to a function corresponding to other curves. The target information may refer to data such as transaction data, business data, and internal information of an institution. The institution information corresponding to the institution to which the target information belongs includes at least one of the institution's confidentiality level, the institution's debt information, and the institution's profit information. In order to increase the difficulty of decrypting the ciphertext of the target information and prevent the ciphertext of the target information from being cracked by illegal users, the root key corresponding to the target information can be generated according to the organization information, which can be based on the organization's confidentiality level, the organization's debt information and At least one of the profit information of the organization generates the root key corresponding to the target information.
可选的,目标信息所属的机构对应的机构信息包括机构的保密等级,根据机构信息生成目标信息对应的根密钥的方法可以为:根据目标信息所属的机构的保密等级生成第二随机数;获取第二随机数中的字节长度,根据字节长度对第二随机数进行填充处理,得到填充处理后的第二随机数;对填充处理后的第二随机数进行哈希运算,得到目标信息对应的根密钥。Optionally, the institution information corresponding to the institution to which the target information belongs includes the security level of the institution, and the method for generating the root key corresponding to the target information according to the institution information may be: generating a second random number according to the security level of the institution to which the target information belongs; Obtain the byte length in the second random number, and perform padding processing on the second random number according to the byte length to obtain the second random number after the padding processing; perform a hash operation on the second random number after the padding processing to obtain the target The root key corresponding to the information.
这里,机构的保密等级可以根据机构的性质进行划分,例如,机构的性质可以包括国防机构、教育机构、小型零售机构,等等。其中,国防机构的保密等级大于教育机构的保密等级、教育机构的保密等级大于小型零售机构的保密等级。第二随机数中的字节长度是指第二随机数对应的字节的数量,例如第二随机数为0~255之间的数,则对应的字节长度 为1,或者,若第二随机数为大于255的数,字节长度大于1,等等。Here, the security level of the institution may be divided according to the nature of the institution, for example, the nature of the institution may include a defense institution, an educational institution, a small retail institution, and the like. Among them, the confidentiality level of national defense institutions is higher than that of educational institutions, and the confidentiality level of educational institutions is higher than that of small retail institutions. The byte length in the second random number refers to the number of bytes corresponding to the second random number. For example, if the second random number is a number between 0 and 255, the corresponding byte length is 1. The random number is a number greater than 255, the byte length is greater than 1, and so on.
具体的,例如可以获取目标信息所属的机构的保密等级,调用C语言中的rand函数,根据目标信息所属的机构的保密等级返回一个第二随机数k,然后获取第二随机数k中的字节长度;根据字节长度对第二随机数进行填充处理,得到填充处理后的第二随机数,即对1个字节对应的8bit(即位)进行填充,例如可以将二进制填充为0或者1。也就是说,填充处理后的第二随机数与填充处理前的第二随机数对应的数值不同,填充前的第二随机数为k,填充后的第二随机数为p,p与k对应的数值不同。对填充处理后的第二随机数p进行哈希运算,即hash(p)=p1,将p1作为目标信息对应的根密钥。Specifically, for example, you can obtain the security level of the organization to which the target information belongs, call the rand function in the C language, return a second random number k according to the security level of the organization to which the target information belongs, and then obtain the word in the second random number k. Section length; fill the second random number according to the length of the byte to obtain the second random number after filling, that is, fill the 8 bits (ie bits) corresponding to 1 byte, for example, the binary can be filled with 0 or 1 . That is to say, the value of the second random number after filling is different from the value corresponding to the second random number before filling, the second random number before filling is k, the second random number after filling is p, and p corresponds to k values are different. A hash operation is performed on the filled second random number p, that is, hash(p)=p1, and p1 is used as the root key corresponding to the target information.
由于对第二随机数进行了填充处理,得到填充后的第二随机数,且对于一个第二随机数有多种填充方式,包括对8bit中的一位或者多位进行填充,因此填充后的第二随机数与填充前的第二随机数不相等,即使非法终端获取到目标信息所属的机构的保密等级,并且根据该保密等级生成第二随机数,由于对第二随机数的填充方式有多种,非法终端也难以获得正确的填充后的随机数,因此无法实现获取目标信息对应的根密钥,从而可以提高信息的安全性。Since the second random number is filled, the filled second random number is obtained, and there are multiple filling methods for a second random number, including filling one or more bits in 8 bits, so the filled second random number is The second random number is not equal to the second random number before filling, even if the illegal terminal obtains the security level of the organization to which the target information belongs, and generates the second random number according to the security level, because the filling method of the second random number has It is difficult for an illegal terminal to obtain a correct random number after filling, so it is impossible to obtain the root key corresponding to the target information, thereby improving the security of the information.
可选的,目标信息所属的机构对应的机构信息包括机构的债务信息和该机构的盈利信息,根据机构信息生成目标信息对应的根密钥的方法可以为:根据机构的债务信息和机构的盈利信息,确定机构的资金等级;根据机构的资金等级生成第三随机数;对第三随机数进行哈希运算,得到目标信息对应的根密钥。Optionally, the institution information corresponding to the institution to which the target information belongs includes the institution's debt information and the institution's profit information, and the method for generating the root key corresponding to the target information according to the institution information may be: according to the institution's debt information and the institution's profit information to determine the fund level of the organization; generate a third random number according to the fund level of the organization; perform a hash operation on the third random number to obtain the root key corresponding to the target information.
这里,机构的债务信息可以是指该机构公司与特定人或者特定机构之间的债权债务关系,包括公司贷款、应付账款、未付款的采购件等等。机构的盈利信息可以是指机构获取的收益,等等。其中,根据机构的债务信息和机构的盈利信息,确定机构的资金等级可以是指根据机构的盈利信息与机构的债务信息之差确定机构的资金等级。机构的资金等级越高,表示该机构的效益越好;机构的资金等级越低,表示该机构的效益越差。例如,当机构的盈利信息与机构的债务信息之差大于第一数量阈值时,该机构的资金等级为第一资金等级;当机构的盈利信息与机构的债务信息之差大于第二数量阈值且小于第一数量阈值时,该机构的资金等级为第二资金等级;当机构的盈利信息与机构的债务信息之差小于第二数量阈值时,该机构的资金等级为第三资金等级,其中,第一数量阈值大于第二数量阈值,第一资金等级大于第二资金等级大于第三资金等级。Here, the debt information of an institution may refer to the creditor's rights-debt relationship between the institution's company and a specific person or a specific institution, including company loans, accounts payable, unpaid purchases, and the like. The profit information of the institution may refer to the income obtained by the institution, and so on. Wherein, determining the capital level of the institution according to the debt information of the institution and the profit information of the institution may refer to determining the capital level of the institution according to the difference between the profit information of the institution and the debt information of the institution. The higher the funding level of the institution, the better the effectiveness of the institution; the lower the funding level of the institution, the worse the effectiveness of the institution. For example, when the difference between the profit information of the institution and the debt information of the institution is greater than the first quantity threshold, the capital level of the institution is the first capital grade; when the difference between the profit information of the institution and the debt information of the institution is greater than the second quantity threshold and When it is less than the first quantity threshold, the funding level of the institution is the second funding level; when the difference between the profit information of the institution and the debt information of the institution is less than the second quantity threshold, the funding level of the institution is the third funding level, wherein, The first quantity threshold is greater than the second quantity threshold, and the first funding level is greater than the second funding level and greater than the third funding level.
具体的,可以通过获取机构的债务信息和机构的盈利信息,确定机构的资金等级,例如根据机构的资金等级生成第三随机数m;对第三随机数m进行哈希运算,即hash(m)=m1,将m1作为目标信息对应的根密钥。由于第三随机数是根据机构的资金等级生成的,而机构的资金等级是根据机构的债务信息和机构的盈利信息确定的,而机构的债务信息和机构的盈利信息等属于机构保密性较高的信息,因此非法终端不容易获取到,从而无法获取到机构的资金等级,进而无法生成第三随机数,因此无法实现获取目标信息对应的根密钥,从而可以提高信息的安全性。Specifically, the financial level of the institution can be determined by obtaining the debt information of the institution and the profit information of the institution, for example, generating a third random number m according to the capital level of the institution; performing a hash operation on the third random number m, that is, hash(m )=m1, and m1 is used as the root key corresponding to the target information. Because the third random number is generated according to the fund level of the institution, and the fund level of the institution is determined based on the debt information of the institution and the profit information of the institution, and the debt information of the institution and the profit information of the institution belong to the high confidentiality of the institution. Therefore, it is not easy for illegal terminals to obtain the information, so it is impossible to obtain the financial level of the institution, and thus cannot generate the third random number, so it is impossible to obtain the root key corresponding to the target information, thereby improving the security of the information.
可选的,还可以从区块链网络中获取与该机构关联的信息,从关联信息中获取信息的私密等级大于等级阈值的信息条数,对该信息条数进行哈希运算,得到目标信息对应的根密钥。这里,与该机构关联的信息是指区块链网络中该机构存储的所有信息,信息的私密等级大于等级阈值表示信息的私密程度较高,例如为绝密;信息的私密等级小于等级阈值表示信息的私密程度较低,例如为秘密,绝密的私密程度大于秘密的私密程度。例如,从区块链网络中获取与该机构关联的信息,且该关联信息中信息的私密等级大于等级阈值的信息条数为q,对信息条数q进行哈希运算,即hash(q)=q1,将q1作为目标信息对应的根密钥。由于绝密信息为机构保密程度较高的信息,因此非法终端难以获取到该信息,进而无法获取到目标信息对应的根密钥,可以提高信息的安全性。Optionally, the information associated with the institution can also be obtained from the blockchain network, and the number of pieces of information whose privacy level is greater than the level threshold can be obtained from the associated information, and the number of pieces of information can be hashed to obtain the target information. the corresponding root key. Here, the information associated with the organization refers to all the information stored by the organization in the blockchain network. The privacy level of the information is greater than the level threshold, indicating that the information is highly private, such as top secret; the privacy level of the information is less than the level threshold, indicating that the information is less private, such as secret, top secret is more private than secret. For example, the information associated with the institution is obtained from the blockchain network, and the number of pieces of information whose privacy level is greater than the level threshold is q, and the number of pieces of information q is hashed, that is, hash(q) =q1, take q1 as the root key corresponding to the target information. Since top-secret information is information with a high degree of institutional confidentiality, it is difficult for an illegal terminal to obtain the information, and thus cannot obtain the root key corresponding to the target information, which can improve the security of the information.
S102,根据根密钥生成目标信息中每条子信息对应的密钥。S102: Generate a key corresponding to each piece of sub-information in the target information according to the root key.
这里,目标信息包括至少两条子信息。具体的,根据根密钥生成目标信息中每条子信息对应的密钥的方法包括:获取每条子信息的生成时间;根据每条子信息的生成时间确定第一子信息和第二子信息,第二子信息的生成时间后于第一子信息的生成时间;对根密钥进行哈希运算,得到第一子信息的密钥;对第一子信息的密钥进行哈希运算,得到第二子信息的密钥。Here, the target information includes at least two pieces of sub-information. Specifically, the method for generating a key corresponding to each piece of sub-information in the target information according to the root key includes: obtaining the generation time of each piece of sub-information; determining the first sub-information and the second sub-information according to the generation time of each piece of sub-information, and the second The generation time of the sub-information is later than the generation time of the first sub-information; perform a hash operation on the root key to obtain the key of the first sub-information; perform a hash operation on the key of the first sub-information to obtain the second sub-information information key.
举例来进行说明,例如目标信息对应的根密钥为n,目标信息中包含2条子信息分别为子信息a1和子信息a2,且2条子信息对应的生成时间分别为t1、t2,t1>t2,因此,第一子信息为子信息a1、第二子信息为子信息a2,对目标信息对应的根密钥进行哈希运算,得到第一子信息的密钥,即hash(n)=n1,则n1为第一子信息的密钥;对第一子信息的密钥进行哈希运算,得到第二子信息的密钥,即hash(n1)=n2,则n2为第二子信息的密钥。For example, for example, the root key corresponding to the target information is n, the target information contains 2 pieces of sub-information which are respectively sub-information a1 and sub-information a2, and the corresponding generation times of the 2 pieces of sub-information are t1, t2, t1>t2, Therefore, the first sub-information is sub-information a1 and the second sub-information is sub-information a2, and the root key corresponding to the target information is hashed to obtain the key of the first sub-information, that is, hash(n)=n1, Then n1 is the key of the first sub-information; perform a hash operation on the key of the first sub-information to obtain the key of the second sub-information, that is, hash(n1)=n2, then n2 is the key of the second sub-information. key.
若第二子信息的数量大于1,如第二子信息的数量为3条,分别为子信息a2、子信息a3和子信息a4,3条第二子信息的生成时间分别为t2、t3、t4,且t2>t3>t4,第一子信息的密钥为n1,则对第一子信息的密钥进行哈希运算,得到第二子信息a2的密钥,即hash(n1)=n2,则n2为子信息a2的密钥;对第二子信息a2的密钥进行哈希运算,得到第二子信息a3的密钥,即hash(n2)=n3,则n3为子信息a3的密钥;对第二子信息a3的密钥进行哈希运算,得到第二子信息a4的密钥,即hash(n3)=n4,则n4为子信息a4的密钥。由此,可计算得到每条子信息对应的密钥。通过对根密钥进行哈希运算得到子信息对应的密钥,可以提高子信息对应的密钥的难度,从而在后续使用子信息对应的密钥对每条子信息进行加密时,可以提高加密的难度,降低密文被非法终端破解的概率,提高信息的安全性。If the number of second sub-information is greater than 1, for example, the number of second sub-information is 3, which are respectively sub-information a2, sub-information a3 and sub-information a4, and the generation times of the three second sub-information are t2, t3, and t4 respectively. , and t2>t3>t4, the key of the first sub-information is n1, then the key of the first sub-information is hashed to obtain the key of the second sub-information a2, that is, hash(n1)=n2, Then n2 is the key of the sub-information a2; perform a hash operation on the key of the second sub-information a2 to obtain the key of the second sub-information a3, that is, hash(n2)=n3, then n3 is the key of the sub-information a3. key; perform hash operation on the key of the second sub-information a3 to obtain the key of the second sub-information a4, that is, hash(n3)=n4, then n4 is the key of the sub-information a4. Thus, the key corresponding to each piece of sub-information can be calculated. By hashing the root key to obtain the key corresponding to the sub-information, the difficulty of the key corresponding to the sub-information can be improved, so that when each piece of sub-information is encrypted using the key corresponding to the sub-information subsequently, the encryption efficiency can be improved. Difficulty, reduce the probability of ciphertext being cracked by illegal terminals, and improve the security of information.
在一种可能的实现方式中,根据根密钥生成目标信息中每条子信息对应的密钥的方法包括:获取每条子信息的信息长度;根据每条子信息的信息长度确定第一子信息和第二子信息,第一子信息为目标信息中信息长度最大的子信息,第二子信息的信息长度小于第一子信息的信息长度;对根密钥进行哈希运算,得到第一子信息的密钥;对第一子信息的密钥进行哈希运算,得到第二子信息的密钥。In a possible implementation manner, the method for generating a key corresponding to each piece of sub-information in the target information according to the root key includes: acquiring the information length of each piece of sub-information; determining the first sub-information and the first sub-information according to the information length of each piece of sub-information Two sub-information, the first sub-information is the sub-information with the largest information length in the target information, and the information length of the second sub-information is less than the information length of the first sub-information; Hash operation is performed on the root key to obtain the information of the first sub-information. key; perform a hash operation on the key of the first sub-information to obtain the key of the second sub-information.
举例来进行说明,例如目标信息对应的根密钥为k,目标信息中包含2条子信息分别为子信息b1和子信息b2,且2条子信息对应的生成时间分别为s1、s2,s1>s2,因此,第一子信息为子信息b1、第二子信息为子信息b2,对目标信息对应的根密钥进行哈希运算,得到第一子信息的密钥,即hash(k)=k1,则k1为第一子信息的密钥;对第一子信息的密钥进行哈希运算,得到第二子信息的密钥,即hash(k1)=k2,则k2为第二子信息的密钥。若第二子信息的数量大于1,则根据各个第二子信息的信息长度从大到小进行排序,得到排序后的第二子信息,例如排序后的第二子信息包括子信息b2、b3、b4,且b2的长度大于b3的信息长度大于b4的信息长度,且第一子信息的密钥为k1,则对第一子信息的密钥进行哈希运算,得到第二子信息b2的密钥为k2;对第二子信息b2的密钥进行哈希运算,得到第二子信息b3的密钥为k3;对第二子信息b3的密钥进行哈希运算,得到第二子信息b4的密钥为k4。由此可以根据每条子信息的信息长度和根密钥计算得到每条子信息对应的密钥,由于每条子信息的长度不等,由此根据每条子信息的长度和根密钥计算得到的子信息对应的密钥不同,可以提高后续使用子信息对应的密钥对每条子信息进行加密的难度,降低密文被非法终端破解的概率,提高信息的安全性。For example, for example, the root key corresponding to the target information is k, the target information contains 2 pieces of sub-information which are respectively sub-information b1 and sub-information b2, and the corresponding generation times of the 2 pieces of sub-information are s1, s2, s1>s2, Therefore, the first sub-information is sub-information b1 and the second sub-information is sub-information b2, and the root key corresponding to the target information is hashed to obtain the key of the first sub-information, that is, hash(k)=k1, Then k1 is the key of the first sub-information; perform a hash operation on the key of the first sub-information to obtain the key of the second sub-information, that is, hash(k1)=k2, then k2 is the key of the second sub-information. key. If the number of the second sub-information is greater than 1, sort the second sub-information in descending order according to the information length of each second sub-information to obtain the sorted second sub-information, for example, the sorted second sub-information includes sub-information b2, b3 , b4, and the length of b2 is greater than that of b3, the length of the information is greater than that of b4, and the key of the first sub-information is k1, then the key of the first sub-information is hashed to obtain the second sub-information b2. The key is k2; perform a hash operation on the key of the second sub-information b2 to obtain the key of the second sub-information b3 as k3; perform a hash operation on the key of the second sub-information b3 to obtain the second sub-information The key of b4 is k4. Therefore, the key corresponding to each sub-information can be calculated according to the information length of each sub-information and the root key. Since the length of each sub-information is not equal, the sub-information calculated according to the length of each sub-information and the root key can be obtained. The corresponding keys are different, which can improve the difficulty of encrypting each piece of sub-information by using the key corresponding to the sub-information subsequently, reduce the probability of the ciphertext being cracked by an illegal terminal, and improve the security of the information.
S103,获取每条子信息对应的第一随机数,根据第一随机数对每条子信息进行调整,得到调整后的每条子信息。S103: Obtain a first random number corresponding to each piece of sub-information, and adjust each piece of sub-information according to the first random number to obtain each piece of adjusted sub-information.
这里,由于每条子信息对应的数值大于第一阈值时,不能实现将每条子信息映射到目标函数的曲线上,则无法根据目标函数的曲线计算得到每条子信息对应的坐标点。因此可以使用第一随机数对每条子信息进行调整,使得调整后的每条子信息对应的数值小于或等 于第一阈值,从而实现将每条子信息映射到目标函数的曲线上,根据目标函数的曲线计算得到每条子信息对应的坐标点。通过使用第一随机数对每条子信息进行调整,可以提高获取每条子信息对应的坐标点的概率,从而提高加密成功的概率。第一阈值可以是根据目标函数对应的曲线参数确定的,如该曲线参数为曲线长度c,则第一阈值为2 256-w,其中,w为一个极小的数值。 Here, since when the value corresponding to each piece of sub-information is greater than the first threshold, it is impossible to map each piece of sub-information onto the curve of the objective function, so the coordinate point corresponding to each piece of sub-information cannot be calculated according to the curve of the objective function. Therefore, the first random number can be used to adjust each piece of sub-information, so that the value corresponding to each piece of sub-information after adjustment is less than or equal to the first threshold, so that each piece of sub-information is mapped to the curve of the objective function, according to the curve of the objective function Calculate the coordinate point corresponding to each sub-information. By using the first random number to adjust each piece of sub-information, the probability of obtaining a coordinate point corresponding to each piece of sub-information can be improved, thereby increasing the probability of successful encryption. The first threshold may be determined according to a curve parameter corresponding to the objective function. If the curve parameter is the curve length c, the first threshold is 2 256 -w, where w is a very small value.
具体实现中,可以采用随机数生成算法生成随机数,例如中心极限定理和Box Muller(坐标变换法)、蒙特卡洛算法、数值概率算法、拉斯维加斯算法或者其他算法生成随机数,并将该生成的随机数确定为每条子信息对应的第一随机数。或者,也可以调用C语言中的rand函数生成随机数。In specific implementation, random number generation algorithms can be used to generate random numbers, such as the central limit theorem and Box Muller (coordinate transformation method), Monte Carlo algorithm, numerical probability algorithm, Las Vegas algorithm or other algorithms to generate random numbers, and The generated random number is determined as the first random number corresponding to each piece of sub-information. Alternatively, you can also call the rand function in the C language to generate random numbers.
在一种可能的情况下,若每条子信息不为数值类型的数据,则可以对每条子信息进行编码,得到数值类型的编码数据,根据每条子信息对应的第一随机数对每条子信息对应的编码数据进行调整,得到调整后的每条子信息。In a possible case, if each piece of sub-information is not numeric data, each piece of sub-information can be encoded to obtain numeric-type encoded data, and each piece of sub-information corresponds to each piece of information according to the first random number corresponding to each piece of sub-information The encoded data is adjusted to obtain each piece of sub-information after adjustment.
在另一种可能的情况下,若每条子信息为数值类型的数据,则根据每条子信息对应的第一随机数对每条子信息进行调整,得到调整后的每条子信息。可知,调整后的每条子信息包括该条子信息和该条子信息对应的第一随机数。In another possible situation, if each piece of sub-information is numerical data, each piece of sub-information is adjusted according to the first random number corresponding to each piece of sub-information to obtain each piece of adjusted sub-information. It can be known that each piece of sub-information after adjustment includes the piece of sub-information and the first random number corresponding to the piece of sub-information.
可选的,根据第一随机数对每条子信息进行调整的方法可以如图2所示,图2是本申请实施例提供的一种对每条子信息进行调整的方法的流程示意图,如图2所示,该方法包括如下步骤:Optionally, the method for adjusting each piece of sub-information according to the first random number may be as shown in FIG. 2 . FIG. 2 is a schematic flowchart of a method for adjusting each piece of sub-information provided by an embodiment of the present application, as shown in FIG. 2 . As shown, the method includes the following steps:
S11,将每条子信息与第一随机数相减,得到相减后的每条子信息。S11, subtract each piece of sub-information from the first random number to obtain each piece of sub-information after the subtraction.
S12,若相减后的每条子信息小于信息阈值,则将相减后的每条子信息确定为调整后的每条子信息。S12, if each piece of sub-information after subtraction is smaller than the information threshold, determine each piece of sub-information after subtraction as each piece of adjusted sub-information.
步骤S11~步骤S12中,若相减后的每条子信息小于信息阈值,则认为将该条子信息映射至目标函数对应的曲线上的目标点的第一坐标,可以根据该第一坐标以及该目标函数,计算得到该目标函数对应的曲线上的目标点的第二坐标,即可以得到每条子信息对应的坐标信息。若相减后的每条子信息大于或等于信息阈值,则认为将该条子信息映射至目标函数对应的曲线上的目标点的第一坐标,无法根据该第一坐标以及该目标函数,计算得到该目标函数对应的曲线上的目标点的第二坐标,即无法得到每条子信息对应的坐标信息。其中,每条子信息对应的第一随机数可以相等,也可以不等。其中,信息阈值例如可以为2 256,也可以小于2 256In steps S11 to S12, if each piece of sub-information after subtraction is less than the information threshold, it is considered that the piece of sub-information is mapped to the first coordinate of the target point on the curve corresponding to the objective function, which can be based on the first coordinate and the target. function, the second coordinate of the target point on the curve corresponding to the objective function is obtained by calculation, that is, the coordinate information corresponding to each piece of sub-information can be obtained. If each piece of sub-information after subtraction is greater than or equal to the information threshold, it is considered that the piece of sub-information is mapped to the first coordinate of the target point on the curve corresponding to the objective function, and the first coordinate and the objective function cannot be calculated to obtain the The second coordinate of the target point on the curve corresponding to the objective function, that is, the coordinate information corresponding to each piece of sub-information cannot be obtained. The first random numbers corresponding to each piece of sub-information may be equal or unequal. The information threshold may be, for example, 2 256 , or may be smaller than 2 256 .
通过将每条子信息与第一随机数相减,可以得到相减后的每条子信息,从而根据相减后的每条子信息与信息阈值的大小关系,将相减后的每条子信息确定为调整后的每条子信息。其中,每条子信息与第一随机数相减可以是指将每条子信息对应的数值减去第一随机数,可知,相减后得到的每条子信息对应的数值小于的相减前的子信息对应的数值。By subtracting each piece of sub-information from the first random number, each piece of sub-information after the subtraction can be obtained, so that each piece of sub-information after subtraction is determined to be adjusted according to the relationship between each piece of sub-information after subtraction and the information threshold each subsequent sub-message. The subtraction of each piece of sub-information from the first random number may refer to subtracting the first random number from the value corresponding to each piece of sub-information. It can be known that the value corresponding to each piece of sub-information obtained after the subtraction is less than the sub-information before the subtraction. corresponding value.
S13,若相减后的每条子信息大于或等于信息阈值,则调整第一随机数。S13, if each piece of sub-information after subtraction is greater than or equal to the information threshold, adjust the first random number.
S14,将每条子信息与调整后的第一随机数相减,得到候选的每条子信息。S14: Subtract each piece of sub-information from the adjusted first random number to obtain each piece of candidate sub-information.
这里,由于相减后的每条子信息大于或等于信息阈值时,将该条子信息映射至目标函数对应的曲线上的目标点的第一坐标,无法根据该第一坐标以及该目标函数,计算得到该目标函数对应的曲线上的目标点的第二坐标,即无法得到每条子信息对应的坐标信息。因此,需要对每条子信息对应的第一随机数进行调整,并将调整后的每条子信息与第一随机数相减,得到候选的每条子信息。Here, since each piece of sub-information after subtraction is greater than or equal to the information threshold, the piece of sub-information is mapped to the first coordinate of the target point on the curve corresponding to the objective function, which cannot be calculated according to the first coordinate and the objective function. The second coordinate of the target point on the curve corresponding to the objective function, that is, the coordinate information corresponding to each piece of sub-information cannot be obtained. Therefore, it is necessary to adjust the first random number corresponding to each piece of sub-information, and subtract each adjusted piece of sub-information from the first random number to obtain each candidate sub-information.
S15,若候选的每条子信息小于信息阈值,则将候选的每条子信息确定为调整后的每条子信息。S15, if each piece of candidate sub-information is smaller than the information threshold, determine each piece of candidate sub-information as each adjusted piece of sub-information.
可知,若候选的每条子信息小于信息阈值,将该条子信息映射至目标函数对应的曲线上的目标点的第一坐标,可以根据该第一坐标以及该目标函数,计算得到该目标函数对应 的曲线上的目标点的第二坐标,即可以得到每条子信息对应的坐标信息。若候选的每条子信息大于或等于信息阈值,则认为将该条子信息映射至目标函数对应的曲线上的目标点的第一坐标,无法根据该第一坐标以及该目标函数,计算得到该目标函数对应的曲线上的目标点的第二坐标,即无法得到每条子信息对应的坐标信息。也就是说,若候选的每条子信息大于或等于信息阈值,则继续调整第一随机数,直到对候选的每条子信息与调整后的第一随机数相减,相减后的候选的每条子信息小于信息阈值,则将相减后的候选的每条子信息确定为调整后的每条子信息。通过对每条子信息和每条子信息对应的第一随机数相减,以及不断调整每条子信息对应的第一随机数,可以得到调整后的每条子信息,提高后续对每条子信息进行加密的成功率。It can be seen that if each piece of candidate sub-information is less than the information threshold, the piece of sub-information is mapped to the first coordinate of the target point on the curve corresponding to the objective function, and the corresponding value of the objective function can be calculated according to the first coordinate and the objective function. The second coordinate of the target point on the curve, that is, the coordinate information corresponding to each piece of sub-information can be obtained. If each candidate sub-information is greater than or equal to the information threshold, it is considered that the sub-information is mapped to the first coordinate of the target point on the curve corresponding to the objective function, and the objective function cannot be calculated based on the first coordinate and the objective function. The second coordinate of the target point on the corresponding curve, that is, the coordinate information corresponding to each piece of sub-information cannot be obtained. That is, if each candidate sub-information is greater than or equal to the information threshold, continue to adjust the first random number until each candidate sub-information is subtracted from the adjusted first random number, and each candidate sub-information after the subtraction is subtracted. If the information is less than the information threshold, each piece of sub-information of the candidate after subtraction is determined as each piece of adjusted sub-information. By subtracting each sub-information and the first random number corresponding to each sub-information, and continuously adjusting the first random number corresponding to each sub-information, each adjusted sub-information can be obtained, which improves the success of subsequent encryption of each sub-information Rate.
S104,根据目标函数以及调整后的每条子信息,获取至少两条子信息中每条子信息对应的坐标信息。S104, according to the objective function and each adjusted piece of sub-information, obtain coordinate information corresponding to each of the at least two pieces of sub-information.
这里,例如可以对调整后非数值类型的每条子信息进行编码,得到调整后数值类型的每条子信息对应的编码数据,将调整后数值类型的每条子信息对应的编码数据映射至目标函数对应的曲线上得到对应的坐标点,从而根据该坐标点得到每条子信息对应的坐标信息。Here, for example, each piece of sub-information of the adjusted non-numeric type can be encoded to obtain coded data corresponding to each piece of sub-information of the adjusted numerical type, and the coded data corresponding to each piece of sub-information of the adjusted numerical type can be mapped to the corresponding coded data of the objective function. The corresponding coordinate point is obtained on the curve, so as to obtain the coordinate information corresponding to each piece of sub-information according to the coordinate point.
在一种可能的实现方式中,可以获取目标函数对应的曲线,将调整后的每条子信息映射至该目标函数对应的曲线上的目标点的第一坐标;根据该第一坐标以及该目标函数,确定该目标函数对应的曲线上的目标点的第二坐标;将该第一坐标以及该第二坐标确定为每条子信息对应的坐标信息,从而获取到至少两条子信息中每条子信息对应的坐标信息。In a possible implementation manner, the curve corresponding to the objective function can be obtained, and each piece of adjusted sub-information is mapped to the first coordinate of the target point on the curve corresponding to the objective function; according to the first coordinate and the objective function , determine the second coordinate of the target point on the curve corresponding to the objective function; determine the first coordinate and the second coordinate as the coordinate information corresponding to each piece of sub-information, thereby obtaining at least two pieces of sub-information corresponding to each sub-information Coordinate information.
举例来对获取至少两条子信息中任意一条子信息c对应的坐标信息进行说明,可以根据第一坐标和目标函数,确定该目标函数对应的曲线上的目标点的第二坐标,将该第一坐标以及该第二坐标确定为子信息c对应的坐标信息。例如,目标函数对应的曲线可以如公式(1-1)所示:For example, to illustrate the acquisition of the coordinate information corresponding to any one of the at least two sub-information c, the second coordinate of the target point on the curve corresponding to the objective function can be determined according to the first coordinate and the objective function, and the first coordinate can be determined. The coordinates and the second coordinates are determined as the coordinate information corresponding to the sub-information c. For example, the curve corresponding to the objective function can be shown in formula (1-1):
y 2=x 3+ax+b  (1-1) y 2 =x 3 +ax+b (1-1)
其中,a和b均为已知的实数,x和y均为参数,通过确定x或者y中的任意一个参数的值,则可以通过公式(1-1)计算得到另一个参数的值,例如,通过确定x的值,根据公式(1-1)可计算得到y的值。Among them, a and b are known real numbers, and x and y are both parameters. By determining the value of any one parameter in x or y, the value of the other parameter can be calculated by formula (1-1), for example , by determining the value of x, the value of y can be calculated according to formula (1-1).
例如,a为1,b为-1,子信息c映射至该目标函数对应的曲线上的目标点的第一坐标(例如该目标点的横坐标)为1,将a,b以及该第一坐标作为x代入公式(1-1)中,得到y为1,即该目标函数对应的曲线上的目标点的第二坐标为1,则子信息c对应的坐标信息为(1,1),通过该方法,可以获取到至少两条子信息中其他子信息对应的坐标信息,从而获取到至少两条子信息中每条子信息对应的坐标信息。For example, a is 1, b is -1, the sub-information c is mapped to the first coordinate of the target point on the curve corresponding to the objective function (for example, the abscissa of the target point) is 1, and a, b and the first coordinate The coordinates are substituted into formula (1-1) as x, and y is obtained as 1, that is, the second coordinate of the target point on the curve corresponding to the objective function is 1, then the coordinate information corresponding to the sub-information c is (1, 1), Through this method, the coordinate information corresponding to the other sub-information in the at least two pieces of sub-information can be acquired, thereby acquiring the coordinate information corresponding to each sub-information in the at least two pieces of sub-information.
S105,采用每条子信息对应的密钥,对至少两条子信息中每条子信息对应的坐标信息进行加密,得到每条子信息对应的坐标信息的密文。S105 , encrypting the coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information by using the key corresponding to each piece of sub-information, to obtain a ciphertext of the coordinate information corresponding to each piece of sub-information.
这里,计算机设备可以采用每条子信息对应的密钥,对至少两条子信息中每条子信息对应的坐标信息进行加密,得到每条子信息对应的坐标信息的密文。具体实现中,计算机设备可以获取目标信息所属的终端的私钥,根据该终端的私钥和每条子信息对应的密钥,对至少两条子信息中每条子信息对应的坐标信息进行加密,得到每条子信息对应的坐标信息的密文。可知,子信息对应的坐标信息的密文为对子信息加密后的得到的密文,在未对其进行解密的情况下,即使获取到该密文也无法获知该密文对应的子信息的内容。通过使用目标信息所属的终端的私钥和每条子信息对应的密钥对目标信息对应的每条子信息进行加密,可以提高目标信息的安全性。Here, the computer device may use the key corresponding to each piece of sub-information to encrypt the coordinate information corresponding to each of the at least two pieces of sub-information to obtain the ciphertext of the coordinate information corresponding to each piece of sub-information. In a specific implementation, the computer device can obtain the private key of the terminal to which the target information belongs, and encrypt the coordinate information corresponding to each sub-information in the at least two sub-information according to the private key of the terminal and the key corresponding to each sub-information, and obtain each sub-information. The ciphertext of the coordinate information corresponding to the sliver information. It can be seen that the ciphertext of the coordinate information corresponding to the sub-information is the ciphertext obtained by encrypting the sub-information. If the ciphertext is not decrypted, the ciphertext of the corresponding sub-information corresponding to the ciphertext cannot be known even if the ciphertext is obtained. content. By encrypting each piece of sub-information corresponding to the target information by using the private key of the terminal to which the target information belongs and the key corresponding to each piece of sub-information, the security of the target information can be improved.
S106,将每条子信息对应的坐标信息的密文确定为目标信息的密文,将目标信息的密文存储至区块链网络中。S106: Determine the ciphertext of the coordinate information corresponding to each piece of sub-information as the ciphertext of the target information, and store the ciphertext of the target information in the blockchain network.
这里,上述步骤中,对于至少两条子信息中的每条子信息,都会得到每条子信息对应的坐标信息的密文,因此,将每条子信息对应的坐标信息的密文确定为目标信息的密文,也就是说,目标信息的密文包括至少两条子信息中的每条子信息对应的坐标信息的密文,至此,可以实现对目标信息进行加密得到目标信息的密文,可以将目标信息的密文存储至区块链网络中。通过将目标信息发送至区块链网络中进行加密以及存储,可以减少终端本地存储空间的资源占用,以及,可以避免目标信息存储在终端本地被非法用户篡改,提高目标信息的安全性。Here, in the above steps, for each piece of sub-information in the at least two pieces of sub-information, the ciphertext of the coordinate information corresponding to each piece of sub-information will be obtained. Therefore, the ciphertext of the coordinate information corresponding to each piece of sub-information is determined as the ciphertext of the target information. , that is to say, the ciphertext of the target information includes the ciphertext of the coordinate information corresponding to each of the at least two sub-information, so far, the ciphertext of the target information can be obtained by encrypting the target information, and the ciphertext of the target information can be obtained. The documents are stored in the blockchain network. By sending the target information to the blockchain network for encryption and storage, the resource occupation of the local storage space of the terminal can be reduced, and the target information stored locally in the terminal can be prevented from being tampered with by illegal users, thereby improving the security of the target information.
本申请实施例中,由于目标信息对应的根密钥是通过目标信息所属的机构对应的机构信息生成的,且机构信息包括机构的保密等级、机构的债务信息以及机构的盈利信息等,为机构较为机密的信息,非法终端难以获取到该机构信息,即难以获取到目标信息对应的根密钥。因此,根据该根密钥生成目标信息中每条子信息对应的密钥,并采用每条子信息对应的密钥对每条子信息进行加密后,由于非法终端难以获取到根密钥,因此不能实现对密文进行解密,可以提高密文破解的难度,提高信息的安全性。通过对至少两条子信息中每条子信息进行调整,有利于根据调整后的每条子信息生成调整后的每条子信息对应的坐标信息,提高获取调整后的每条子信息对应的坐标信息的成功率。通过对目标信息中的每条子信息进行加密,避免非法终端对该密文进行破解,从而提高每条子信息的安全性,进而提高目标信息的安全性。通过将目标信息的密文信息存储至区块链网络中,基于区块链不可篡改且不易丢失的特性,可以提高信息的安全性;此外,将目标信息的密文存储至区块链网络中,可以减少终端本地存储空间的资源占用。In the embodiment of the present application, since the root key corresponding to the target information is generated by the institution information corresponding to the institution to which the target information belongs, and the institution information includes the confidentiality level of the institution, the debt information of the institution, and the profit information of the institution, etc., it is an institution. For relatively confidential information, it is difficult for an illegal terminal to obtain the organization information, that is, it is difficult to obtain the root key corresponding to the target information. Therefore, after generating a key corresponding to each piece of sub-information in the target information according to the root key, and encrypting each piece of sub-information by using the key corresponding to each piece of sub-information, since it is difficult for an illegal terminal to obtain the root key, the Decrypting the ciphertext can improve the difficulty of cracking the ciphertext and improve the security of information. By adjusting each piece of sub-information in the at least two pieces of sub-information, it is beneficial to generate coordinate information corresponding to each piece of adjusted sub-information according to each piece of adjusted sub-information, and improve the success rate of obtaining coordinate information corresponding to each piece of adjusted sub-information. By encrypting each piece of sub-information in the target information, illegal terminals are prevented from cracking the ciphertext, thereby improving the security of each piece of sub-information, thereby improving the security of the target information. By storing the ciphertext information of the target information in the blockchain network, the security of the information can be improved based on the characteristics that the blockchain cannot be tampered with and is not easily lost; in addition, the ciphertext of the target information is stored in the blockchain network. , which can reduce the resource occupation of the local storage space of the terminal.
请参见图3,图3是本申请实施例提供的一种基于共享根密钥的信息处理方法的流程示意图,该方法应用于区块链网络中的节点。如图3所示,该方法包括:Please refer to FIG. 3. FIG. 3 is a schematic flowchart of an information processing method based on a shared root key provided by an embodiment of the present application, and the method is applied to a node in a blockchain network. As shown in Figure 3, the method includes:
S201,获取用于描述信息的目标函数,以及待处理的目标信息所属的机构对应的机构信息,根据机构信息生成目标信息对应的根密钥。S201: Acquire an objective function for describing information and institution information corresponding to an institution to which the target information to be processed belongs, and generate a root key corresponding to the target information according to the institution information.
S202,根据根密钥生成目标信息中每条子信息对应的密钥。S202: Generate a key corresponding to each piece of sub-information in the target information according to the root key.
S203,获取每条子信息对应的第一随机数,根据第一随机数对每条子信息进行调整,得到调整后的每条子信息。S203: Obtain a first random number corresponding to each piece of sub-information, and adjust each piece of sub-information according to the first random number to obtain each piece of adjusted sub-information.
S204,根据目标函数以及调整后的每条子信息,获取至少两条子信息中每条子信息对应的坐标信息。S204, according to the objective function and each adjusted piece of sub-information, obtain coordinate information corresponding to each of the at least two pieces of sub-information.
这里,步骤S201~S204的具体内容可以参考图1对应的实施例中步骤S101~S104的内容,此处不再赘述。Here, for the specific content of steps S201 to S204, reference may be made to the content of steps S101 to S104 in the embodiment corresponding to FIG. 1 , which will not be repeated here.
S205,获取目标信息所属的终端的私钥,以及每条子信息对应的密钥。S205: Obtain the private key of the terminal to which the target information belongs, and the key corresponding to each piece of sub-information.
这里,目标信息所属的终端为上传目标信息至区块链网络中进行加密以及存储等处理的终端,目标信息所属的终端的私钥为通过该终端生成的私钥。Here, the terminal to which the target information belongs is the terminal that uploads the target information to the blockchain network for processing such as encryption and storage, and the private key of the terminal to which the target information belongs is the private key generated by the terminal.
具体实现中,例如可以获取该目标信息所属终端的标识,采用SECP256K1算法生成第四随机数,对第四随机数进行填充,得到终端的私钥,该终端的私钥可以是指包括256位的数。这里,终端的标识可以是指终端的出厂编号,或者其他用于唯一指示该终端的标识。In a specific implementation, for example, the identifier of the terminal to which the target information belongs can be obtained, a fourth random number can be generated by using the SECP256K1 algorithm, and the fourth random number can be filled to obtain the private key of the terminal. number. Here, the identifier of the terminal may refer to the factory serial number of the terminal, or other identifiers used to uniquely indicate the terminal.
S206,获取目标信息对应的候选坐标。S206: Obtain candidate coordinates corresponding to the target information.
其中,候选坐标是根据目标函数的曲线的基点坐标与终端的私钥得到的。具体的,可以获取目标函数的曲线的基点坐标;获取基点坐标与终端的私钥的乘积,得到候选坐标。The candidate coordinates are obtained according to the base point coordinates of the curve of the objective function and the private key of the terminal. Specifically, the coordinates of the base point of the curve of the objective function can be obtained; the product of the coordinates of the base point and the private key of the terminal can be obtained to obtain the candidate coordinates.
这里,通过获取目标函数的曲线,以及目标函数的曲线参数,可以获取该目标函数的曲线的基点坐标。例如基点为G,对应的基点坐标为(x1,y1),终端的私钥为h,则可以根据公式(1-2)计算得到候选坐标:Here, by acquiring the curve of the objective function and the curve parameters of the objective function, the coordinates of the base point of the curve of the objective function can be acquired. For example, the base point is G, the corresponding base point coordinates are (x1, y1), and the private key of the terminal is h, then the candidate coordinates can be calculated according to formula (1-2):
H=h*G  (1-2)H=h*G (1-2)
其中,候选坐标为H,基点为G,终端的私钥为h。Among them, the candidate coordinate is H, the base point is G, and the private key of the terminal is h.
S207,根据每条子信息对应的密钥对候选坐标进行加密,得到候选坐标的密文。S207: Encrypt the candidate coordinates according to the key corresponding to each piece of sub-information to obtain the ciphertext of the candidate coordinates.
S208,对每条子信息对应的坐标信息与对应的候选坐标的密文进行融合,得到每条子信息对应的坐标信息的密文。S208 , fuse the coordinate information corresponding to each piece of sub-information with the ciphertext of the corresponding candidate coordinates to obtain the ciphertext of the coordinate information corresponding to each piece of sub-information.
例如,目标信息对应的子信息的数量为n条,子信息i为n条子信息中的任意一条子信息,可以通过公式(1-3)的方式对候选坐标进行加密,得到候选坐标的密文,以及对子信息i对应的坐标信息与候选坐标的密文进行和融合,得到子信息i对应的坐标信息的密文。For example, if the number of sub-information corresponding to the target information is n, and the sub-information i is any sub-information in the n sub-information, the candidate coordinates can be encrypted by formula (1-3) to obtain the ciphertext of the candidate coordinates , and fuse the coordinate information corresponding to the sub-information i with the ciphertext of the candidate coordinates to obtain the ciphertext of the coordinate information corresponding to the sub-information i.
Ci=Mi+ki*H  (1-3)Ci=Mi+ki*H (1-3)
其中,候选坐标为H,Ci为子信息i对应的坐标信息的密文,Mi为子信息i对应的坐标信息,ki为子信息i对应的密钥。ki*H表示根据子信息i对应的密钥对候选坐标进行加密,得到候选坐标的密文。可知,对于n条子信息中的其他子信息,也可以通过公式(1-3)进行加密和融合,得到其他子信息对应的坐标信息的密文。对于每一条子信息,通过公式(1-3)进行加密和融合可以得到该条子信息对应的坐标信息的密文,也就是说,一条子信息对应一条子信息对应的坐标信息的密文的数量,即对于n条子信息,最终得到的子信息对应的坐标信息的密文的数量为n。The candidate coordinates are H, Ci is the ciphertext of the coordinate information corresponding to the sub-information i, Mi is the coordinate information corresponding to the sub-information i, and ki is the key corresponding to the sub-information i. ki*H indicates that the candidate coordinates are encrypted according to the key corresponding to the sub-information i, and the ciphertext of the candidate coordinates is obtained. It can be known that, for other sub-information in the n pieces of sub-information, the encryption and fusion can also be performed by formula (1-3) to obtain the ciphertext of the coordinate information corresponding to the other sub-information. For each piece of sub-information, the ciphertext of the coordinate information corresponding to the piece of sub-information can be obtained by encrypting and fusing the formula (1-3), that is to say, a piece of sub-information corresponds to the number of ciphertexts of the coordinate information corresponding to a piece of sub-information , that is, for n pieces of sub-information, the number of ciphertexts of the coordinate information corresponding to the finally obtained sub-information is n.
具体实现中,可以采用加密算法对每条子信息对应的坐标信息进行加密,得到每条子信息对应的坐标信息的密文,加密算法例如可以包括Elgamal算法(一种非对称加密算法)、Rabin算法(一种非对称加密算法)、Diffie-Hellman算法(一种非对称加密算法)、ECC算法(椭圆曲线加密算法)。计算机设备根据终端的私钥以及每条子信息对应的密钥,对至少两条子信息中每条子信息对应的坐标信息进行加密,得到每条子信息对应的坐标信息的密文,可以实现对每条子信息进行加密,得到对应的密文,终端获取到每条子信息对应的密文后,需要进行解密,才能获知每条密文对应的子信息。In specific implementation, an encryption algorithm can be used to encrypt the coordinate information corresponding to each piece of sub-information to obtain the ciphertext of the coordinate information corresponding to each piece of sub-information. The encryption algorithm can include, for example, Elgamal algorithm (an asymmetric encryption algorithm), Rabin algorithm ( An asymmetric encryption algorithm), Diffie-Hellman algorithm (an asymmetric encryption algorithm), ECC algorithm (elliptic curve encryption algorithm). The computer device encrypts the coordinate information corresponding to each piece of sub-information in at least two pieces of sub-information according to the private key of the terminal and the key corresponding to each piece of sub-information, and obtains the ciphertext of the coordinate information corresponding to each piece of sub-information. Encryption is performed to obtain the corresponding ciphertext. After the terminal obtains the ciphertext corresponding to each piece of sub-information, it needs to be decrypted to obtain the sub-information corresponding to each piece of ciphertext.
S209,将每条子信息对应的坐标信息的密文确定为目标信息的密文,将目标信息的密文存储至区块链网络中。S209: Determine the ciphertext of the coordinate information corresponding to each piece of sub-information as the ciphertext of the target information, and store the ciphertext of the target information in the blockchain network.
这里,步骤S209的具体内容可以参考图1对应的实施例中步骤S106的内容,此处不再赘述。Here, for the specific content of step S209, reference may be made to the content of step S106 in the embodiment corresponding to FIG. 1 , which will not be repeated here.
本申请实施例中,根据终端的私钥以及每条子信息对应的密钥,对至少两条子信息中每条子信息对应的坐标信息进行加密,得到每条子信息对应的坐标信息的密文,可以实现对每条子信息进行加密,得到对应的密文,终端获取到每条子信息对应的密文后,需要进行解密,才能获知每条密文对应的子信息。通过对每条子信息进行加密,即使非法终端获取到子信息对应的密文,由于无法实现解密,也无法获取到子信息的内容,因此可以保证每条子信息的安全性,从而保证目标信息的安全性。In the embodiment of the present application, according to the private key of the terminal and the key corresponding to each sub-information, the coordinate information corresponding to each sub-information in the at least two sub-information is encrypted, and the ciphertext of the coordinate information corresponding to each sub-information is obtained, which can realize Each piece of sub-information is encrypted to obtain the corresponding ciphertext. After the terminal obtains the ciphertext corresponding to each piece of sub-information, it needs to be decrypted to obtain the corresponding sub-information of each piece of ciphertext. By encrypting each piece of sub-information, even if an illegal terminal obtains the ciphertext corresponding to the sub-information, since the decryption cannot be achieved and the content of the sub-information cannot be obtained, the security of each piece of sub-information can be guaranteed, thereby ensuring the security of the target information. sex.
上面介绍了本申请实施例的方法,下面介绍本申请实施例的装置。The methods of the embodiments of the present application are described above, and the devices of the embodiments of the present application are described below.
参见图4,图4是本申请实施例提供的一种基于共享根密钥的信息处理装置的组成结构示意图,上述基于共享根密钥的信息处理装置可以是运行于计算机设备中的一个计算机程序(包括程序代码),例如该基于共享根密钥的信息处理装置为一个应用软件;该装置可以用于执行本申请实施例提供的方法中的相应步骤。该装置40包括:Referring to FIG. 4, FIG. 4 is a schematic diagram of the composition and structure of an information processing apparatus based on a shared root key provided by an embodiment of the present application, and the above-mentioned information processing apparatus based on a shared root key may be a computer program running in a computer device (including program code), for example, the information processing device based on the shared root key is an application software; the device can be used to execute corresponding steps in the methods provided by the embodiments of the present application. The device 40 includes:
根密钥生成模块401,用于获取用于描述信息的目标函数,以及待处理的目标信息所属的机构对应的机构信息,根据该机构信息生成该目标信息对应的根密钥,该机构信息包括该机构的保密等级、该机构的债务信息以及该机构的盈利信息中的至少一种;The root key generation module 401 is used to obtain the target function used to describe the information, and the organization information corresponding to the organization to which the target information to be processed belongs, and generate the root key corresponding to the target information according to the organization information, and the organization information includes At least one of the institution's confidentiality level, the institution's debt information, and the institution's profit information;
子密钥生成模块402,用于根据该根密钥生成该目标信息中每条子信息对应的密钥,该目标信息包括至少两条子信息;A subkey generation module 402, configured to generate a key corresponding to each piece of subinformation in the target information according to the root key, and the target information includes at least two pieces of subinformation;
信息调整模块403,用于获取该每条子信息对应的第一随机数,根据该第一随机数对该每条子信息进行调整,得到调整后的每条子信息;an information adjustment module 403, configured to obtain a first random number corresponding to each piece of sub-information, adjust each piece of sub-information according to the first random number, and obtain each piece of adjusted sub-information;
坐标获取模块404,用于根据该目标函数以及该调整后的每条子信息,获取该至少两 条子信息中每条子信息对应的坐标信息;Coordinate acquisition module 404 is used to obtain the coordinate information corresponding to each sub-information in this at least two sub-information according to this objective function and each sub-information after the adjustment;
信息加密模块405,用于采用该每条子信息对应的密钥,对该至少两条子信息中的对应子信息的坐标信息进行加密,得到该每条子信息对应的坐标信息的密文;The information encryption module 405 is used for encrypting the coordinate information of the corresponding sub-information in the at least two pieces of sub-information by using the key corresponding to each sub-information to obtain the ciphertext of the coordinate information corresponding to each sub-information;
信息存储模块406,用于将该每条子信息对应的坐标信息的密文确定为该目标信息的密文,将该目标信息的密文存储至区块链网络中。The information storage module 406 is configured to determine the ciphertext of the coordinate information corresponding to each piece of sub-information as the ciphertext of the target information, and store the ciphertext of the target information in the blockchain network.
可选的,该机构信息包括该机构的保密等级,该根密钥生成模块401,具体用于:Optionally, the institution information includes the confidentiality level of the institution, and the root key generation module 401 is specifically used for:
根据该机构的保密等级生成第二随机数;generating a second random number according to the security level of the institution;
获取该第二随机数中的字节长度,根据该字节长度对该第二随机数进行填充处理,得到填充处理后的第二随机数;Obtain the byte length in the second random number, and perform padding processing on the second random number according to the byte length to obtain the second random number after the padding processing;
对该填充处理后的第二随机数进行哈希运算,得到该目标信息对应的根密钥。A hash operation is performed on the filled second random number to obtain a root key corresponding to the target information.
可选的,该机构信息包括该机构的债务信息和该机构的盈利信息;该根密钥生成模块401,具体用于:Optionally, the institution information includes debt information of the institution and profit information of the institution; the root key generation module 401 is specifically used for:
根据该机构的债务信息和该机构的盈利信息,确定该机构的资金等级;Determine the funding level of the institution based on the institution's debt information and the institution's profitability information;
根据该机构的资金等级生成第三随机数;generate a third random number according to the funding level of the institution;
对该第三随机数进行哈希运算,得到该目标信息对应的根密钥。Hash operation is performed on the third random number to obtain the root key corresponding to the target information.
可选的,该子密钥生成模块402,具体用于:Optionally, the sub-key generation module 402 is specifically used for:
获取该每条子信息的生成时间;Obtain the generation time of each sub-information;
根据该每条子信息的生成时间确定第一子信息和第二子信息,该第一子信息为该目标信息中生成时间最早的子信息,该第二子信息的生成时间后于该第一子信息的生成时间;The first sub-information and the second sub-information are determined according to the generation time of each piece of sub-information, the first sub-information is the sub-information with the earliest generation time in the target information, and the second sub-information is generated later than the first sub-information the time when the information was generated;
对该根密钥进行哈希运算,得到该第一子信息的密钥;Perform a hash operation on the root key to obtain the key of the first sub-information;
对该第一子信息的密钥进行哈希运算,得到该第二子信息的密钥。Perform a hash operation on the key of the first sub-information to obtain the key of the second sub-information.
可选的,该信息调整模块403,具体用于:Optionally, the information adjustment module 403 is specifically used for:
将该每条子信息与该第一随机数相减,得到相减后的每条子信息;Subtract each piece of sub-information from the first random number to obtain each piece of sub-information after the subtraction;
若该相减后的每条子信息小于信息阈值,则将该相减后的每条子信息确定为调整后的每条子信息。If each piece of sub-information after the subtraction is smaller than the information threshold, then each piece of sub-information after the subtraction is determined as each piece of adjusted sub-information.
可选的,该装置40还包括:随机数调整模块407,用于:Optionally, the apparatus 40 further includes: a random number adjustment module 407 for:
若该相减后的每条子信息大于或等于该信息阈值,则调整该第一随机数;If each piece of sub-information after the subtraction is greater than or equal to the information threshold, adjust the first random number;
将该每条子信息与调整后的第一随机数相减,得到候选的每条子信息;Subtract each piece of sub-information with the adjusted first random number to obtain each piece of candidate sub-information;
若该候选的每条子信息小于该信息阈值,则将该候选的每条子信息确定为调整后的每条子信息。If each piece of sub-information of the candidate is smaller than the information threshold, then each piece of sub-information of the candidate is determined as each piece of adjusted sub-information.
可选的,该信息加密模块405,具体用于:Optionally, the information encryption module 405 is specifically used for:
获取该目标信息所属的终端的私钥,以及该每条子信息对应的密钥;Obtain the private key of the terminal to which the target information belongs, and the key corresponding to each piece of sub-information;
获取该目标信息对应的候选坐标,该候选坐标是根据该目标函数的曲线的基点坐标与该私钥得到的;Obtain the candidate coordinates corresponding to the target information, and the candidate coordinates are obtained according to the base point coordinates of the curve of the target function and the private key;
根据该每条子信息对应的密钥对该候选坐标进行加密,得到该候选坐标的密文;对该每条子信息对应的坐标信息与对应的候选坐标的密文进行融合,得到该每条子信息对应的坐标信息的密文。Encrypt the candidate coordinates according to the key corresponding to each piece of sub-information to obtain the ciphertext of the candidate coordinates; fuse the coordinate information corresponding to each piece of sub-information with the ciphertext of the corresponding candidate coordinates to obtain the corresponding ciphertext of each piece of sub-information The ciphertext of the coordinate information.
需要说明的是,图4对应的实施例中未提及的内容可参见方法实施例的描述,这里不再赘述。It should be noted that, for the content not mentioned in the embodiment corresponding to FIG. 4 , reference may be made to the description of the method embodiment, which will not be repeated here.
根据本申请的一个实施例,图1所示的基于共享根密钥的信息处理方法所涉及的步骤可由图4所示的基于共享根密钥的信息处理装置中的各个模块来执行。例如,图1中所示的步骤S101可由图4中的根密钥生成模块401来执行,图1中所示的步骤S102可由图4中的子密钥生成模块402来执行;图1中所示的步骤S103可由图4中的信息调整模块403来执行;图1中所示的步骤S104可由图4中的坐标获取模块404来执行;图1中所示的步 骤S105可由图4中的信息加密模块405来执行;图1中所示的步骤S106可由图4中的信息存储模块406来执行。根据本申请的一个实施例,图4所示的基于共享根密钥的信息处理中的各个模块可以分别或全部合并为一个或若干个单元来构成,或者其中的某个(些)单元还可以再拆分为功能上更小的多个子单元,可以实现同样的操作,而不影响本申请的实施例的技术效果的实现。上述模块是基于逻辑功能划分的,在实际应用中,一个模块的功能也可以由多个单元来实现,或者多个模块的功能由一个单元实现。在本申请的其它实施例中,基于共享根密钥的信息处理装置也可以包括其它单元,在实际应用中,这些功能也可以由其它单元协助实现,并且可以由多个单元协作实现。According to an embodiment of the present application, the steps involved in the shared root key-based information processing method shown in FIG. 1 can be performed by various modules in the shared root key-based information processing apparatus shown in FIG. 4 . For example, step S101 shown in FIG. 1 may be performed by the root key generation module 401 in FIG. 4 , and step S102 shown in FIG. 1 may be performed by the sub-key generation module 402 in FIG. 4 ; The step S103 shown in FIG. 4 can be executed by the information adjustment module 403 in FIG. 4; the step S104 shown in FIG. 1 can be executed by the coordinate obtaining module 404 in FIG. 4; the step S105 shown in FIG. The encryption module 405 can perform it; the step S106 shown in FIG. 1 can be performed by the information storage module 406 in FIG. 4 . According to an embodiment of the present application, each module in the information processing based on the shared root key shown in FIG. 4 may be respectively or all combined into one or several units to form, or some unit(s) may also be formed. The same operation can be achieved without affecting the realization of the technical effects of the embodiments of the present application by being split into multiple sub-units with smaller functions. The above modules are divided based on logical functions. In practical applications, the function of one module may also be implemented by multiple units, or the functions of multiple modules may be implemented by one unit. In other embodiments of the present application, the information processing apparatus based on the shared root key may also include other units. In practical applications, these functions may also be implemented with the assistance of other units, and may be implemented by cooperation of multiple units.
根据本申请的另一个实施例,可以通过在包括中央处理单元(CPU)、随机存取存储介质(RAM)、只读存储介质(ROM)等处理元件和存储元件的例如计算机的通用计算机设备上运行能够执行如图1、图2和图3中所示的相应方法所涉及的各步骤的计算机程序(包括程序代码),来构造如图4中所示的基于共享根密钥的信息处理装置,以及来实现本申请实施例的基于共享根密钥的信息处理方法。上述计算机程序可以记载于例如计算机可读记录介质上,并通过计算机可读记录介质装载于上述计算设备中,并在其中运行。According to another embodiment of the present application, it can be implemented on a general-purpose computer device such as a computer including processing elements and storage elements such as a central processing unit (CPU), random access storage medium (RAM), read only storage medium (ROM), etc. Running a computer program (including program code) capable of executing the steps involved in the corresponding methods as shown in FIG. 1 , FIG. 2 and FIG. 3 , to construct a shared root key-based information processing apparatus as shown in FIG. 4 , and to implement the information processing method based on the shared root key of the embodiment of the present application. The above-mentioned computer program can be recorded on, for example, a computer-readable recording medium, loaded in the above-mentioned computing device via the computer-readable recording medium, and executed therein.
本申请实施例中,由于目标信息对应的根密钥是通过目标信息所属的机构对应的机构信息生成的,且机构信息包括机构的保密等级、机构的债务信息以及机构的盈利信息等,为机构较为机密的信息,非法终端难以获取到该机构信息,即难以获取到目标信息对应的根密钥。因此,根据该根密钥生成目标信息中每条子信息对应的密钥,并采用每条子信息对应的密钥对每条子信息进行加密后,由于非法终端难以获取到根密钥,因此不能实现对密文进行解密,可以提高密文破解的难度,提高信息的安全性。通过对至少两条子信息中每条子信息进行调整,有利于根据调整后的每条子信息生成调整后的每条子信息对应的坐标信息,提高获取调整后的每条子信息对应的坐标信息的成功率。通过对目标信息中的每条子信息进行加密,避免非法终端对该密文进行破解,从而提高每条子信息的安全性,进而提高目标信息的安全性。通过将目标信息的密文信息存储至区块链网络中,基于区块链不可篡改且不易丢失的特性,可以提高信息的安全性;此外,将目标信息的密文存储至区块链网络中,可以减少终端本地存储空间的资源占用。In the embodiment of the present application, since the root key corresponding to the target information is generated by the institution information corresponding to the institution to which the target information belongs, and the institution information includes the confidentiality level of the institution, the debt information of the institution, and the profit information of the institution, etc., it is an institution. For relatively confidential information, it is difficult for an illegal terminal to obtain the organization information, that is, it is difficult to obtain the root key corresponding to the target information. Therefore, after generating a key corresponding to each piece of sub-information in the target information according to the root key, and encrypting each piece of sub-information by using the key corresponding to each piece of sub-information, since it is difficult for an illegal terminal to obtain the root key, the Decrypting the ciphertext can improve the difficulty of cracking the ciphertext and improve the security of information. By adjusting each piece of sub-information in the at least two pieces of sub-information, it is beneficial to generate coordinate information corresponding to each piece of adjusted sub-information according to each piece of adjusted sub-information, and improve the success rate of obtaining coordinate information corresponding to each piece of adjusted sub-information. By encrypting each piece of sub-information in the target information, illegal terminals are prevented from cracking the ciphertext, thereby improving the security of each piece of sub-information, thereby improving the security of the target information. By storing the ciphertext information of the target information in the blockchain network, the security of the information can be improved based on the characteristics of the blockchain that cannot be tampered with and is not easily lost; in addition, the ciphertext of the target information is stored in the blockchain network. , which can reduce the resource occupation of the local storage space of the terminal.
参见图5,图5是本申请实施例提供的一种计算机设备的组成结构示意图。如图5所示,上述计算机设备50可以包括:处理器501,网络接口504和存储器505,此外,上述计算机设备50还可以包括:用户接口503,和至少一个通信总线502。其中,通信总线502用于实现这些组件之间的连接通信。其中,用户接口503可以包括显示屏(Display)、键盘(Keyboard),可选用户接口503还可以包括标准的有线接口、无线接口。网络接口504可选的可以包括标准的有线接口、无线接口(如WI-FI接口)。存储器505可以是高速RAM存储器,也可以是非易失性的存储器(non-volatile memory),例如至少一个磁盘存储器。存储器505可选的还可以是至少一个位于远离前述处理器501的存储装置。如图5所示,作为一种计算机可读存储介质的存储器505中可以包括操作系统、网络通信模块、用户接口模块以及设备控制应用程序。Referring to FIG. 5 , FIG. 5 is a schematic structural diagram of a computer device provided by an embodiment of the present application. As shown in FIG. 5 , the above-mentioned computer device 50 may include: a processor 501 , a network interface 504 and a memory 505 , in addition, the above-mentioned computer device 50 may further include: a user interface 503 , and at least one communication bus 502 . Among them, the communication bus 502 is used to realize the connection and communication between these components. The user interface 503 may include a display screen (Display) and a keyboard (Keyboard), and the optional user interface 503 may also include a standard wired interface and a wireless interface. Optionally, the network interface 504 may include a standard wired interface and a wireless interface (eg, a WI-FI interface). The memory 505 may be a high-speed RAM memory, or a non-volatile memory, such as at least one disk memory. The memory 505 can optionally also be at least one storage device located away from the aforementioned processor 501 . As shown in FIG. 5 , the memory 505 as a computer-readable storage medium may include an operating system, a network communication module, a user interface module, and a device control application program.
在图5所示的计算机设备50中,网络接口504可提供网络通讯功能;而用户接口503主要用于为用户提供输入的接口;而处理器501可以用于调用存储器505中存储的设备控制应用程序,以实现:In the computer device 50 shown in FIG. 5 , the network interface 504 can provide a network communication function; the user interface 503 is mainly used to provide an input interface for the user; and the processor 501 can be used to call the device control application stored in the memory 505 program to achieve:
获取用于描述信息的目标函数,以及待处理的目标信息所属的机构对应的机构信息,根据该机构信息生成该目标信息对应的根密钥,该机构信息包括该机构的保密等级、该机构的债务信息以及该机构的盈利信息中的至少一种;Obtain the objective function used to describe the information, and the institution information corresponding to the institution to which the target information to be processed belongs, and generate the root key corresponding to the target information according to the institution information. at least one of debt information and the institution's earnings information;
根据该根密钥生成该目标信息中每条子信息对应的密钥,该目标信息包括至少两条子信息;Generate a key corresponding to each piece of sub-information in the target information according to the root key, and the target information includes at least two pieces of sub-information;
获取该每条子信息对应的第一随机数,根据该第一随机数对该每条子信息进行调整,得到调整后的每条子信息;Obtain the first random number corresponding to each piece of sub-information, and adjust each piece of sub-information according to the first random number to obtain each piece of adjusted sub-information;
根据该目标函数以及该调整后的每条子信息,获取该至少两条子信息中每条子信息对应的坐标信息;According to the objective function and each piece of adjusted sub-information, obtain coordinate information corresponding to each of the at least two pieces of sub-information;
采用该每条子信息对应的密钥,对该至少两条子信息中的对应子信息的坐标信息进行加密,得到该每条子信息对应的坐标信息的密文;Encrypting the coordinate information of the corresponding sub-information in the at least two pieces of sub-information by using the key corresponding to each sub-information to obtain the ciphertext of the coordinate information corresponding to each sub-information;
将该每条子信息对应的坐标信息的密文确定为该目标信息的密文,将该目标信息的密文存储至区块链网络中。The ciphertext of the coordinate information corresponding to each piece of sub-information is determined as the ciphertext of the target information, and the ciphertext of the target information is stored in the blockchain network.
应当理解,本申请实施例中所描述的计算机设备50可执行前文图1图2以及图3所对应实施例中对上述基于共享根密钥的信息处理方法的描述,也可执行前文图4所对应实施例中对上述基于共享根密钥的信息处理装置的描述,在此不再赘述。另外,对采用相同方法的有益效果描述,也不再进行赘述。It should be understood that the computer device 50 described in this embodiment of the present application can execute the description of the above-mentioned information processing method based on the shared root key in the foregoing embodiments corresponding to FIG. 1 , FIG. 2 and FIG. The description of the above-mentioned information processing apparatus based on the shared root key in the corresponding embodiment will not be repeated here. In addition, the description of the beneficial effects of using the same method will not be repeated.
本申请实施例中,由于目标信息对应的根密钥是通过目标信息所属的机构对应的机构信息生成的,且机构信息包括机构的保密等级、机构的债务信息以及机构的盈利信息等,为机构较为机密的信息,非法终端难以获取到该机构信息,即难以获取到目标信息对应的根密钥。因此,根据该根密钥生成目标信息中每条子信息对应的密钥,并采用每条子信息对应的密钥对每条子信息进行加密后,由于非法终端难以获取到根密钥,因此不能实现对密文进行解密,可以提高密文破解的难度,提高信息的安全性。通过对至少两条子信息中每条子信息进行调整,有利于根据调整后的每条子信息生成调整后的每条子信息对应的坐标信息,提高获取调整后的每条子信息对应的坐标信息的成功率。通过对目标信息中的每条子信息进行加密,避免非法终端对该密文进行破解,从而提高每条子信息的安全性,进而提高目标信息的安全性。通过将目标信息的密文信息存储至区块链网络中,基于区块链不可篡改且不易丢失的特性,可以提高信息的安全性;此外,将目标信息的密文存储至区块链网络中,可以减少终端本地存储空间的资源占用。In the embodiment of the present application, since the root key corresponding to the target information is generated by the institution information corresponding to the institution to which the target information belongs, and the institution information includes the confidentiality level of the institution, the debt information of the institution, and the profit information of the institution, etc., it is an institution. For relatively confidential information, it is difficult for an illegal terminal to obtain the organization information, that is, it is difficult to obtain the root key corresponding to the target information. Therefore, after generating a key corresponding to each piece of sub-information in the target information according to the root key, and encrypting each piece of sub-information by using the key corresponding to each piece of sub-information, since it is difficult for an illegal terminal to obtain the root key, the Decrypting the ciphertext can improve the difficulty of cracking the ciphertext and improve the security of information. By adjusting each piece of sub-information in the at least two pieces of sub-information, it is beneficial to generate coordinate information corresponding to each piece of adjusted sub-information according to each piece of adjusted sub-information, and improve the success rate of obtaining coordinate information corresponding to each piece of adjusted sub-information. By encrypting each piece of sub-information in the target information, illegal terminals are prevented from cracking the ciphertext, thereby improving the security of each piece of sub-information, thereby improving the security of the target information. By storing the ciphertext information of the target information in the blockchain network, the security of the information can be improved based on the characteristics of the blockchain that cannot be tampered with and is not easily lost; in addition, the ciphertext of the target information is stored in the blockchain network. , which can reduce the resource occupation of the local storage space of the terminal.
本申请实施例还提供一种计算机可读存储介质,该计算机可读存储介质存储有计算机程序,该计算机程序包括程序指令,该程序指令当被计算机执行时使该计算机执行如前述实施例该的方法,该计算机可以为上述提到的计算机设备的一部分。例如为上述的处理器501。作为示例,程序指令可被部署在一个计算机设备上执行,或者被部署位于一个地点的多个计算机设备上执行,又或者,在分布在多个地点且通过通信网络互连的多个计算机设备上执行,分布在多个地点且通过通信网络互连的多个计算机设备可以组成区块链网络。Embodiments of the present application further provide a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, and the computer program includes program instructions, which, when executed by a computer, cause the computer to execute the above-mentioned embodiments. The method, the computer may be part of the above mentioned computer equipment. For example, it is the above-mentioned processor 501 . By way of example, program instructions may be deployed for execution on one computer device, or on multiple computer devices located at one site, or alternatively, distributed across multiple sites and interconnected by a communications network Implemented, multiple computer devices distributed in multiple locations and interconnected by a communication network can form a blockchain network.
可选的,本申请涉及的存储介质如计算机可读存储介质可以是非易失性的,也可以是易失性的。Optionally, the storage medium involved in this application, such as a computer-readable storage medium, may be non-volatile or volatile.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,该的程序可存储于计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,该的存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)或随机存储记忆体(Random Access Memory,RAM)等。Those of ordinary skill in the art can understand that all or part of the processes in the methods of the above embodiments can be implemented by instructing the relevant hardware through a computer program, and the program can be stored in a computer-readable storage medium, and the program can be executed , may include the flow of the above-mentioned method embodiments. The storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM), or a random access memory (Random Access Memory, RAM) or the like.
以上所揭露的仅为本申请较佳实施例而已,当然不能以此来限定本申请之权利范围,因此依本申请权利要求所作的等同变化,仍属本申请所涵盖的范围。The above disclosures are only the preferred embodiments of the present application, and of course, the scope of the rights of the present application cannot be limited by this. Therefore, equivalent changes made according to the claims of the present application are still within the scope of the present application.

Claims (20)

  1. 一种基于共享根密钥的信息处理方法,包括:An information processing method based on a shared root key, comprising:
    获取用于描述信息的目标函数,以及待处理的目标信息所属的机构对应的机构信息,根据所述机构信息生成所述目标信息对应的根密钥,所述机构信息包括所述机构的保密等级、所述机构的债务信息以及所述机构的盈利信息中的至少一种;Obtain the objective function used to describe the information, and the institution information corresponding to the institution to which the target information to be processed belongs, and generate the root key corresponding to the target information according to the institution information, where the institution information includes the security level of the institution , at least one of the debt information of the institution and the profit information of the institution;
    根据所述根密钥生成所述目标信息中每条子信息对应的密钥,所述目标信息包括至少两条子信息;Generate a key corresponding to each piece of sub-information in the target information according to the root key, where the target information includes at least two pieces of sub-information;
    获取所述每条子信息对应的第一随机数,根据所述第一随机数对所述每条子信息进行调整,得到调整后的每条子信息;obtaining a first random number corresponding to each piece of sub-information, and adjusting each piece of sub-information according to the first random number to obtain each piece of adjusted sub-information;
    根据所述目标函数以及所述调整后的每条子信息,获取所述至少两条子信息中每条子信息对应的坐标信息;According to the objective function and each piece of adjusted sub-information, obtain coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information;
    采用所述每条子信息对应的密钥,对所述至少两条子信息中的对应子信息的坐标信息进行加密,得到所述每条子信息对应的坐标信息的密文;Using the key corresponding to each piece of sub-information, encrypt the coordinate information of the corresponding sub-information in the at least two pieces of sub-information, and obtain the ciphertext of the coordinate information corresponding to each of the sub-information;
    将所述每条子信息对应的坐标信息的密文确定为所述目标信息的密文,将所述目标信息的密文存储至区块链网络中。The ciphertext of the coordinate information corresponding to each piece of sub-information is determined as the ciphertext of the target information, and the ciphertext of the target information is stored in the blockchain network.
  2. 根据权利要求1所述的方法,其中,所述机构信息包括所述机构的保密等级,所述根据所述机构信息生成所述目标信息对应的根密钥,包括:The method according to claim 1, wherein the organization information includes a confidentiality level of the organization, and the generating a root key corresponding to the target information according to the organization information includes:
    根据所述机构的保密等级生成第二随机数;generating a second random number according to the security level of the institution;
    获取所述第二随机数中的字节长度,根据所述字节长度对所述第二随机数进行填充处理,得到填充处理后的第二随机数;Obtaining the byte length in the second random number, and performing padding processing on the second random number according to the byte length to obtain a second random number after padding;
    对所述填充处理后的第二随机数进行哈希运算,得到所述目标信息对应的根密钥。Hash operation is performed on the filled second random number to obtain the root key corresponding to the target information.
  3. 根据权利要求1所述的方法,其中,所述机构信息包括所述机构的债务信息和所述机构的盈利信息;所述根据所述机构信息生成所述目标信息对应的根密钥,包括:The method according to claim 1, wherein the institution information includes debt information of the institution and profit information of the institution; and generating a root key corresponding to the target information according to the institution information comprises:
    根据所述机构的债务信息和所述机构的盈利信息,确定所述机构的资金等级;Determine the funding level of the institution according to the debt information of the institution and the profit information of the institution;
    根据所述机构的资金等级生成第三随机数;generating a third random number based on the funding level of the institution;
    对所述第三随机数进行哈希运算,得到所述目标信息对应的根密钥。Hash operation is performed on the third random number to obtain the root key corresponding to the target information.
  4. 根据权利要求2或3所述的方法,其中,所述根据所述根密钥生成所述目标信息中每条子信息对应的密钥,包括:The method according to claim 2 or 3, wherein the generating a key corresponding to each piece of sub-information in the target information according to the root key comprises:
    获取所述每条子信息的生成时间;Obtain the generation time of each piece of sub-information;
    根据所述每条子信息的生成时间确定第一子信息和第二子信息,所述第二子信息的生成时间后于所述第一子信息的生成时间;Determine the first sub-information and the second sub-information according to the generation time of each piece of sub-information, and the generation time of the second sub-information is later than the generation time of the first sub-information;
    对所述根密钥进行哈希运算,得到所述第一子信息的密钥;Hash operation is performed on the root key to obtain the key of the first sub-information;
    对所述第一子信息的密钥进行哈希运算,得到所述第二子信息的密钥。Perform a hash operation on the key of the first sub-information to obtain the key of the second sub-information.
  5. 根据权利要求1所述的方法,其中,所述根据所述第一随机数对所述每条子信息进行调整,得到调整后的每条子信息,包括:The method according to claim 1, wherein the adjusting each piece of sub-information according to the first random number to obtain each piece of sub-information after adjustment comprises:
    将所述每条子信息与所述第一随机数相减,得到相减后的每条子信息;Subtracting each piece of sub-information from the first random number to obtain each piece of sub-information after the subtraction;
    若所述相减后的每条子信息小于信息阈值,则将所述相减后的每条子信息确定为调整后的每条子信息。If each piece of sub-information after the subtraction is smaller than the information threshold, then each piece of sub-information after the subtraction is determined as each piece of adjusted sub-information.
  6. 根据权利要求5所述的方法,其中,所述方法还包括:The method of claim 5, wherein the method further comprises:
    若所述相减后的每条子信息大于或等于所述信息阈值,则调整所述第一随机数;If each piece of sub-information after the subtraction is greater than or equal to the information threshold, adjusting the first random number;
    将所述每条子信息与调整后的第一随机数相减,得到候选的每条子信息;Subtracting each piece of sub-information with the adjusted first random number to obtain each piece of candidate sub-information;
    若所述候选的每条子信息小于所述信息阈值,则将所述候选的每条子信息确定为调整后的每条子信息。If each piece of sub-information of the candidate is smaller than the information threshold, each piece of sub-information of the candidate is determined as each piece of sub-information after adjustment.
  7. 根据权利要求1所述的方法,其中,所述对所述至少两条子信息中的对应子信息的 坐标信息进行加密,得到所述每条子信息对应的坐标信息的密文,包括:The method according to claim 1, wherein, the coordinate information of the corresponding sub-information in the at least two pieces of sub-information is encrypted, and the ciphertext of the coordinate information corresponding to each sub-information is obtained, comprising:
    获取所述目标信息所属的终端的私钥,以及所述每条子信息对应的密钥;Obtain the private key of the terminal to which the target information belongs, and the key corresponding to each piece of sub-information;
    获取所述目标信息对应的候选坐标,所述候选坐标是根据所述目标函数的曲线的基点坐标与所述私钥得到的;Obtain the candidate coordinates corresponding to the target information, the candidate coordinates are obtained according to the base point coordinates of the curve of the target function and the private key;
    根据所述每条子信息对应的密钥对所述候选坐标进行加密,得到所述候选坐标的密文;Encrypt the candidate coordinates according to the key corresponding to each piece of sub-information to obtain the ciphertext of the candidate coordinates;
    对所述每条子信息对应的坐标信息与对应的候选坐标的密文进行融合,得到所述每条子信息对应的坐标信息的密文。The coordinate information corresponding to each piece of sub-information is fused with the ciphertext of the corresponding candidate coordinates to obtain the ciphertext of the coordinate information corresponding to each piece of sub-information.
  8. 一种基于共享根密钥的信息处理装置,包括:An information processing device based on a shared root key, comprising:
    根密钥生成模块,用于获取用于描述信息的目标函数,以及待处理的目标信息所属的机构对应的机构信息,根据所述机构信息生成所述目标信息对应的根密钥,所述机构信息包括所述机构的保密等级、所述机构的债务信息以及所述机构的盈利信息中的至少一种;The root key generation module is used to obtain the objective function used to describe the information and the institution information corresponding to the institution to which the target information to be processed belongs, and generate the root key corresponding to the target information according to the institution information. The information includes at least one of the confidentiality level of the institution, the debt information of the institution, and the profit information of the institution;
    子密钥生成模块,用于根据所述根密钥生成所述目标信息中每条子信息对应的密钥,所述目标信息包括至少两条子信息;a sub-key generation module, configured to generate a key corresponding to each piece of sub-information in the target information according to the root key, and the target information includes at least two pieces of sub-information;
    信息调整模块,用于获取所述每条子信息对应的第一随机数,根据所述第一随机数对所述每条子信息进行调整,得到调整后的每条子信息;an information adjustment module, configured to obtain a first random number corresponding to each piece of sub-information, adjust each piece of sub-information according to the first random number, and obtain each piece of adjusted sub-information;
    坐标获取模块,用于根据所述目标函数以及所述调整后的每条子信息,获取所述至少两条子信息中每条子信息对应的坐标信息;a coordinate obtaining module, configured to obtain coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information according to the objective function and each piece of adjusted sub-information;
    信息加密模块,用于采用所述每条子信息对应的密钥,对所述至少两条子信息中的对应子信息的坐标信息进行加密,得到所述每条子信息对应的坐标信息的密文;an information encryption module, configured to encrypt the coordinate information of the corresponding sub-information in the at least two pieces of sub-information by using the key corresponding to each piece of sub-information to obtain the ciphertext of the coordinate information corresponding to each of the sub-information;
    信息存储模块,用于将所述每条子信息对应的坐标信息的密文确定为所述目标信息的密文,将所述目标信息的密文存储至区块链网络中。An information storage module, configured to determine the ciphertext of the coordinate information corresponding to each piece of sub-information as the ciphertext of the target information, and store the ciphertext of the target information in the blockchain network.
  9. 一种计算机设备,包括:处理器、存储器以及网络接口;A computer device, comprising: a processor, a memory and a network interface;
    所述处理器与所述存储器、所述网络接口相连,其中,所述网络接口用于提供数据通信功能,所述存储器用于存储程序代码,所述处理器用于调用所述程序代码,以执行以下方法:The processor is connected to the memory and the network interface, wherein the network interface is used to provide a data communication function, the memory is used to store program codes, and the processor is used to call the program codes to execute The following methods:
    获取用于描述信息的目标函数,以及待处理的目标信息所属的机构对应的机构信息,根据所述机构信息生成所述目标信息对应的根密钥,所述机构信息包括所述机构的保密等级、所述机构的债务信息以及所述机构的盈利信息中的至少一种;Obtain the objective function used to describe the information, and the institution information corresponding to the institution to which the target information to be processed belongs, and generate the root key corresponding to the target information according to the institution information, where the institution information includes the security level of the institution , at least one of the debt information of the institution and the profit information of the institution;
    根据所述根密钥生成所述目标信息中每条子信息对应的密钥,所述目标信息包括至少两条子信息;Generate a key corresponding to each piece of sub-information in the target information according to the root key, where the target information includes at least two pieces of sub-information;
    获取所述每条子信息对应的第一随机数,根据所述第一随机数对所述每条子信息进行调整,得到调整后的每条子信息;obtaining a first random number corresponding to each piece of sub-information, and adjusting each piece of sub-information according to the first random number to obtain each piece of adjusted sub-information;
    根据所述目标函数以及所述调整后的每条子信息,获取所述至少两条子信息中每条子信息对应的坐标信息;According to the objective function and each piece of adjusted sub-information, obtain coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information;
    采用所述每条子信息对应的密钥,对所述至少两条子信息中的对应子信息的坐标信息进行加密,得到所述每条子信息对应的坐标信息的密文;Using the key corresponding to each piece of sub-information, encrypt the coordinate information of the corresponding sub-information in the at least two pieces of sub-information, and obtain the ciphertext of the coordinate information corresponding to each of the sub-information;
    将所述每条子信息对应的坐标信息的密文确定为所述目标信息的密文,将所述目标信息的密文存储至区块链网络中。The ciphertext of the coordinate information corresponding to each piece of sub-information is determined as the ciphertext of the target information, and the ciphertext of the target information is stored in the blockchain network.
  10. 根据权利要求9所述的计算机设备,其中,所述机构信息包括所述机构的保密等级,执行所述根据所述机构信息生成所述目标信息对应的根密钥,包括:The computer device according to claim 9, wherein the organization information includes a security level of the organization, and performing the generating of the root key corresponding to the target information according to the organization information includes:
    根据所述机构的保密等级生成第二随机数;generating a second random number according to the security level of the institution;
    获取所述第二随机数中的字节长度,根据所述字节长度对所述第二随机数进行填充处理,得到填充处理后的第二随机数;Obtaining the byte length in the second random number, and performing padding processing on the second random number according to the byte length to obtain a second random number after padding;
    对所述填充处理后的第二随机数进行哈希运算,得到所述目标信息对应的根密钥。Hash operation is performed on the filled second random number to obtain the root key corresponding to the target information.
  11. 根据权利要求9所述的计算机设备,其中,所述机构信息包括所述机构的债务信息和所述机构的盈利信息;执行所述根据所述机构信息生成所述目标信息对应的根密钥,包括:The computer device according to claim 9, wherein the institution information includes debt information of the institution and profit information of the institution; performing the generating of the root key corresponding to the target information according to the institution information, include:
    根据所述机构的债务信息和所述机构的盈利信息,确定所述机构的资金等级;Determine the funding level of the institution according to the debt information of the institution and the profit information of the institution;
    根据所述机构的资金等级生成第三随机数;generating a third random number based on the funding level of the institution;
    对所述第三随机数进行哈希运算,得到所述目标信息对应的根密钥。Hash operation is performed on the third random number to obtain the root key corresponding to the target information.
  12. 根据权利要求10或11所述的计算机设备,其中,执行所述根据所述根密钥生成所述目标信息中每条子信息对应的密钥,包括:The computer device according to claim 10 or 11, wherein performing the generating of the key corresponding to each piece of sub-information in the target information according to the root key comprises:
    获取所述每条子信息的生成时间;Obtain the generation time of each piece of sub-information;
    根据所述每条子信息的生成时间确定第一子信息和第二子信息,所述第二子信息的生成时间后于所述第一子信息的生成时间;Determine the first sub-information and the second sub-information according to the generation time of each piece of sub-information, and the generation time of the second sub-information is later than the generation time of the first sub-information;
    对所述根密钥进行哈希运算,得到所述第一子信息的密钥;Hash operation is performed on the root key to obtain the key of the first sub-information;
    对所述第一子信息的密钥进行哈希运算,得到所述第二子信息的密钥。Perform a hash operation on the key of the first sub-information to obtain the key of the second sub-information.
  13. 根据权利要求9所述的计算机设备,其中,执行所述根据所述第一随机数对所述每条子信息进行调整,得到调整后的每条子信息,包括:The computer device according to claim 9, wherein performing the adjustment of each piece of sub-information according to the first random number to obtain each piece of adjusted sub-information, comprising:
    将所述每条子信息与所述第一随机数相减,得到相减后的每条子信息;Subtracting each piece of sub-information from the first random number to obtain each piece of sub-information after the subtraction;
    若所述相减后的每条子信息小于信息阈值,则将所述相减后的每条子信息确定为调整后的每条子信息;If each piece of sub-information after the subtraction is less than the information threshold, then each piece of sub-information after the subtraction is determined as each piece of adjusted sub-information;
    若所述相减后的每条子信息大于或等于所述信息阈值,则调整所述第一随机数;将所述每条子信息与调整后的第一随机数相减,得到候选的每条子信息;若所述候选的每条子信息小于所述信息阈值,则将所述候选的每条子信息确定为调整后的每条子信息。If each piece of sub-information after the subtraction is greater than or equal to the information threshold, adjust the first random number; subtract each piece of sub-information from the adjusted first random number to obtain each piece of candidate sub-information ; If each piece of sub-information of the candidate is smaller than the information threshold, then each piece of sub-information of the candidate is determined as each piece of adjusted sub-information.
  14. 根据权利要求9所述的计算机设备,其中,执行所述对所述至少两条子信息中的对应子信息的坐标信息进行加密,得到所述每条子信息对应的坐标信息的密文,包括:The computer device according to claim 9, wherein performing the encryption of the coordinate information of the corresponding sub-information in the at least two pieces of sub-information to obtain the ciphertext of the coordinate information corresponding to each of the sub-information, comprising:
    获取所述目标信息所属的终端的私钥,以及所述每条子信息对应的密钥;Obtain the private key of the terminal to which the target information belongs, and the key corresponding to each piece of sub-information;
    获取所述目标信息对应的候选坐标,所述候选坐标是根据所述目标函数的曲线的基点坐标与所述私钥得到的;Obtain the candidate coordinates corresponding to the target information, the candidate coordinates are obtained according to the base point coordinates of the curve of the target function and the private key;
    根据所述每条子信息对应的密钥对所述候选坐标进行加密,得到所述候选坐标的密文;Encrypt the candidate coordinates according to the key corresponding to each piece of sub-information to obtain the ciphertext of the candidate coordinates;
    对所述每条子信息对应的坐标信息与对应的候选坐标的密文进行融合,得到所述每条子信息对应的坐标信息的密文。The coordinate information corresponding to each piece of sub-information is fused with the ciphertext of the corresponding candidate coordinates to obtain the ciphertext of the coordinate information corresponding to each piece of sub-information.
  15. 一种计算机可读存储介质,其中,所述计算机可读存储介质存储有计算机程序,所述计算机程序包括程序指令,所述程序指令当被处理器执行时使所述处理器执行以下方法:A computer-readable storage medium, wherein the computer-readable storage medium stores a computer program, the computer program comprising program instructions that, when executed by a processor, cause the processor to perform the following method:
    获取用于描述信息的目标函数,以及待处理的目标信息所属的机构对应的机构信息,根据所述机构信息生成所述目标信息对应的根密钥,所述机构信息包括所述机构的保密等级、所述机构的债务信息以及所述机构的盈利信息中的至少一种;Obtain the objective function used to describe the information, and the institution information corresponding to the institution to which the target information to be processed belongs, and generate the root key corresponding to the target information according to the institution information, where the institution information includes the security level of the institution , at least one of the debt information of the institution and the profit information of the institution;
    根据所述根密钥生成所述目标信息中每条子信息对应的密钥,所述目标信息包括至少两条子信息;Generate a key corresponding to each piece of sub-information in the target information according to the root key, where the target information includes at least two pieces of sub-information;
    获取所述每条子信息对应的第一随机数,根据所述第一随机数对所述每条子信息进行调整,得到调整后的每条子信息;obtaining a first random number corresponding to each piece of sub-information, and adjusting each piece of sub-information according to the first random number to obtain each piece of adjusted sub-information;
    根据所述目标函数以及所述调整后的每条子信息,获取所述至少两条子信息中每条子信息对应的坐标信息;According to the objective function and each piece of adjusted sub-information, obtain coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information;
    采用所述每条子信息对应的密钥,对所述至少两条子信息中的对应子信息的坐标信息进行加密,得到所述每条子信息对应的坐标信息的密文;Using the key corresponding to each piece of sub-information, encrypt the coordinate information of the corresponding sub-information in the at least two pieces of sub-information, and obtain the ciphertext of the coordinate information corresponding to each of the sub-information;
    将所述每条子信息对应的坐标信息的密文确定为所述目标信息的密文,将所述目标信 息的密文存储至区块链网络中。The ciphertext of the coordinate information corresponding to each piece of sub-information is determined as the ciphertext of the target information, and the ciphertext of the target information is stored in the blockchain network.
  16. 根据权利要求15所述的计算机可读存储介质,其中,所述机构信息包括所述机构的保密等级,执行所述根据所述机构信息生成所述目标信息对应的根密钥,包括:The computer-readable storage medium according to claim 15, wherein the institution information includes a security level of the institution, and performing the generating of the root key corresponding to the target information according to the institution information comprises:
    根据所述机构的保密等级生成第二随机数;generating a second random number according to the security level of the institution;
    获取所述第二随机数中的字节长度,根据所述字节长度对所述第二随机数进行填充处理,得到填充处理后的第二随机数;Obtaining the byte length in the second random number, and performing padding processing on the second random number according to the byte length to obtain a second random number after padding;
    对所述填充处理后的第二随机数进行哈希运算,得到所述目标信息对应的根密钥。Hash operation is performed on the filled second random number to obtain the root key corresponding to the target information.
  17. 根据权利要求15所述的计算机可读存储介质,其中,所述机构信息包括所述机构的债务信息和所述机构的盈利信息;执行所述根据所述机构信息生成所述目标信息对应的根密钥,包括:The computer-readable storage medium according to claim 15, wherein the institution information includes debt information of the institution and profit information of the institution; performing the generating of the root corresponding to the target information according to the institution information keys, including:
    根据所述机构的债务信息和所述机构的盈利信息,确定所述机构的资金等级;Determine the funding level of the institution according to the debt information of the institution and the profit information of the institution;
    根据所述机构的资金等级生成第三随机数;generating a third random number based on the funding level of the institution;
    对所述第三随机数进行哈希运算,得到所述目标信息对应的根密钥。Hash operation is performed on the third random number to obtain the root key corresponding to the target information.
  18. 根据权利要求16或17所述的计算机可读存储介质,其中,执行所述根据所述根密钥生成所述目标信息中每条子信息对应的密钥,包括:The computer-readable storage medium according to claim 16 or 17, wherein the generating the key corresponding to each piece of sub-information in the target information according to the root key comprises:
    获取所述每条子信息的生成时间;Obtain the generation time of each piece of sub-information;
    根据所述每条子信息的生成时间确定第一子信息和第二子信息,所述第二子信息的生成时间后于所述第一子信息的生成时间;Determine the first sub-information and the second sub-information according to the generation time of each piece of sub-information, and the generation time of the second sub-information is later than the generation time of the first sub-information;
    对所述根密钥进行哈希运算,得到所述第一子信息的密钥;Hash operation is performed on the root key to obtain the key of the first sub-information;
    对所述第一子信息的密钥进行哈希运算,得到所述第二子信息的密钥。Perform a hash operation on the key of the first sub-information to obtain the key of the second sub-information.
  19. 根据权利要求15所述的计算机可读存储介质,其中,执行所述根据所述第一随机数对所述每条子信息进行调整,得到调整后的每条子信息,包括:The computer-readable storage medium according to claim 15, wherein the adjusting each piece of sub-information according to the first random number to obtain each piece of sub-information after adjustment comprises:
    将所述每条子信息与所述第一随机数相减,得到相减后的每条子信息;Subtracting each piece of sub-information from the first random number to obtain each piece of sub-information after the subtraction;
    若所述相减后的每条子信息小于信息阈值,则将所述相减后的每条子信息确定为调整后的每条子信息;If each piece of sub-information after the subtraction is less than the information threshold, then each piece of sub-information after the subtraction is determined as each piece of adjusted sub-information;
    若所述相减后的每条子信息大于或等于所述信息阈值,则调整所述第一随机数;将所述每条子信息与调整后的第一随机数相减,得到候选的每条子信息;若所述候选的每条子信息小于所述信息阈值,则将所述候选的每条子信息确定为调整后的每条子信息。If each piece of sub-information after the subtraction is greater than or equal to the information threshold, adjust the first random number; subtract each piece of sub-information from the adjusted first random number to obtain each piece of candidate sub-information ; If each piece of sub-information of the candidate is smaller than the information threshold, then each piece of sub-information of the candidate is determined as each piece of adjusted sub-information.
  20. 根据权利要求15所述的计算机可读存储介质,其中,执行所述对所述至少两条子信息中的对应子信息的坐标信息进行加密,得到所述每条子信息对应的坐标信息的密文,包括:The computer-readable storage medium according to claim 15, wherein the encrypting the coordinate information of the corresponding sub-information in the at least two pieces of sub-information is performed to obtain the ciphertext of the coordinate information corresponding to each of the sub-information, include:
    获取所述目标信息所属的终端的私钥,以及所述每条子信息对应的密钥;Obtain the private key of the terminal to which the target information belongs, and the key corresponding to each piece of sub-information;
    获取所述目标信息对应的候选坐标,所述候选坐标是根据所述目标函数的曲线的基点坐标与所述私钥得到的;Obtain the candidate coordinates corresponding to the target information, the candidate coordinates are obtained according to the base point coordinates of the curve of the target function and the private key;
    根据所述每条子信息对应的密钥对所述候选坐标进行加密,得到所述候选坐标的密文;Encrypt the candidate coordinates according to the key corresponding to each piece of sub-information to obtain the ciphertext of the candidate coordinates;
    对所述每条子信息对应的坐标信息与对应的候选坐标的密文进行融合,得到所述每条子信息对应的坐标信息的密文。The coordinate information corresponding to each piece of sub-information is fused with the ciphertext of the corresponding candidate coordinates to obtain the ciphertext of the coordinate information corresponding to each piece of sub-information.
PCT/CN2021/109261 2020-09-29 2021-07-29 Shared root key-based information processing method and apparatus, and device and medium WO2022068360A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202011068461.4 2020-09-29
CN202011068461.4A CN112199697A (en) 2020-09-29 2020-09-29 Information processing method, device, equipment and medium based on shared root key

Publications (1)

Publication Number Publication Date
WO2022068360A1 true WO2022068360A1 (en) 2022-04-07

Family

ID=74012994

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/109261 WO2022068360A1 (en) 2020-09-29 2021-07-29 Shared root key-based information processing method and apparatus, and device and medium

Country Status (2)

Country Link
CN (1) CN112199697A (en)
WO (1) WO2022068360A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112199697A (en) * 2020-09-29 2021-01-08 深圳壹账通智能科技有限公司 Information processing method, device, equipment and medium based on shared root key
CN112202554B (en) * 2020-09-29 2022-03-08 平安科技(深圳)有限公司 Information processing method, device and equipment for generating key based on attribute of information
CN112202555B (en) * 2020-09-29 2023-07-18 平安科技(深圳)有限公司 Information processing method, device and equipment for generating random number based on information attribute

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102710668A (en) * 2012-06-29 2012-10-03 上海海事大学 Data privacy guarantee method suitable for cloud storage
US20140233736A1 (en) * 2011-11-01 2014-08-21 Huawei Technologies Co., Ltd. Method and related device for generating group key
CN110378128A (en) * 2019-06-17 2019-10-25 深圳壹账通智能科技有限公司 Data ciphering method, device and terminal device
CN110417553A (en) * 2019-08-07 2019-11-05 北京阿尔山区块链联盟科技有限公司 Secure Multi-Party communication means, device and user terminal
CN110839026A (en) * 2019-11-12 2020-02-25 深圳市网心科技有限公司 Data processing method based on block chain and related equipment
CN111339545A (en) * 2020-03-20 2020-06-26 苏州链原信息科技有限公司 Method for generating data tag, electronic device and computer storage medium
CN112199697A (en) * 2020-09-29 2021-01-08 深圳壹账通智能科技有限公司 Information processing method, device, equipment and medium based on shared root key

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140233736A1 (en) * 2011-11-01 2014-08-21 Huawei Technologies Co., Ltd. Method and related device for generating group key
CN102710668A (en) * 2012-06-29 2012-10-03 上海海事大学 Data privacy guarantee method suitable for cloud storage
CN110378128A (en) * 2019-06-17 2019-10-25 深圳壹账通智能科技有限公司 Data ciphering method, device and terminal device
CN110417553A (en) * 2019-08-07 2019-11-05 北京阿尔山区块链联盟科技有限公司 Secure Multi-Party communication means, device and user terminal
CN110839026A (en) * 2019-11-12 2020-02-25 深圳市网心科技有限公司 Data processing method based on block chain and related equipment
CN111339545A (en) * 2020-03-20 2020-06-26 苏州链原信息科技有限公司 Method for generating data tag, electronic device and computer storage medium
CN112199697A (en) * 2020-09-29 2021-01-08 深圳壹账通智能科技有限公司 Information processing method, device, equipment and medium based on shared root key

Also Published As

Publication number Publication date
CN112199697A (en) 2021-01-08

Similar Documents

Publication Publication Date Title
US10880077B2 (en) Processing blockchain data based on smart contract operations executed in a trusted execution environment
US11438383B2 (en) Controlling permissible actions a computing device can perform on a data resource based on a use policy evaluating an authorized context of the device
US10860710B2 (en) Processing and storing blockchain data under a trusted execution environment
WO2022068360A1 (en) Shared root key-based information processing method and apparatus, and device and medium
WO2022068237A1 (en) Information processing method and apparatus for generating key on the basis of attribute of information, and device
WO2022068236A1 (en) Method and apparatus for processing information on basis of features of information, and device and medium
US10791122B2 (en) Blockchain user account data
WO2022068355A1 (en) Encryption method and apparatus based on feature of information, device, and storage medium
WO2022068356A1 (en) Blockchain-based information encryption method and apparatus, device and medium
Tang et al. A secure and trustworthy medical record sharing scheme based on searchable encryption and blockchain
US20190260715A1 (en) Computer system, connection apparatus, and processing method using transaction
Bosamia et al. Current trends and future implementation possibilities of the Merkel tree
WO2022068235A1 (en) Information processing method and apparatus for generating random number on the basis of attribute of information, and device
WO2022068358A1 (en) Encryption method and apparatus for generating keys on basis of attributes of information, and device
WO2022068362A1 (en) Block chain-based information processing method and apparatus, device, and medium
WO2022068234A1 (en) Encryption method and apparatus based on shared root key, device and medium
WO2022068359A1 (en) Encryption method and apparatus for compressing ciphertext of information, and device and medium
Homoliak et al. An air-gapped 2-factor authentication for smart-contract wallets
WO2022068361A1 (en) Encryption method and apparatus based on amendment amount, and device, and medium
Charanya et al. Design of Secure Ehealth System Through Temporal Shadow using Blockchain
Sharma et al. Blockchain Application in Retirement Planning Investment: Improving Transparency and Viability
Patil Auditing authorization of big data on cloud

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21874022

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 03/07/2023)

122 Ep: pct application non-entry in european phase

Ref document number: 21874022

Country of ref document: EP

Kind code of ref document: A1