WO2022166556A1 - 在区块链网络中实现安全组播的方法及装置 - Google Patents
在区块链网络中实现安全组播的方法及装置 Download PDFInfo
- Publication number
- WO2022166556A1 WO2022166556A1 PCT/CN2022/071800 CN2022071800W WO2022166556A1 WO 2022166556 A1 WO2022166556 A1 WO 2022166556A1 CN 2022071800 W CN2022071800 W CN 2022071800W WO 2022166556 A1 WO2022166556 A1 WO 2022166556A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- security group
- multicast
- blockchain node
- group information
- message
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 64
- 230000005540 biological transmission Effects 0.000 claims abstract description 21
- 238000003860 storage Methods 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 7
- 238000004891 communication Methods 0.000 description 23
- 238000005516 engineering process Methods 0.000 description 9
- 230000008569 process Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 6
- 238000009826 distribution Methods 0.000 description 5
- 230000000694 effects Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000007774 longterm Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000002085 persistent effect Effects 0.000 description 2
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 1
- 239000006227 byproduct Substances 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 229910021389 graphene Inorganic materials 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/16—Arrangements for providing special services to substations
- H04L12/18—Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
- H04L9/0833—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/16—Arrangements for providing special services to substations
- H04L12/18—Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
- H04L12/1863—Arrangements for providing special services to substations for broadcast or conference, e.g. multicast comprising mechanisms for improved reliability, e.g. status reports
Definitions
- One or more embodiments of this specification relate to the technical field of terminals, and in particular, to a method and apparatus for implementing secure multicast in a blockchain network.
- the key server can distribute keys to each member that needs to implement multicast, so that these members can encrypt and transmit multicast messages through the distributed key, so as to implement secure multicast.
- the introduction of the key server increases the complexity of the architecture and the difficulty of management, and the role of the key server as a centralized management conflicts with the decentralization of the blockchain technology and cannot be applied to the security group in the blockchain scenario. broadcast.
- one or more embodiments of this specification provide a method and apparatus for implementing secure multicast in a blockchain network.
- a method for implementing secure multicast in a blockchain network including: a first blockchain node generates and sends a security group creation message, the security The group creation message contains the security group information structure corresponding to each target blockchain node to be added to the multicast security group, and each security group information structure contains the public key of the corresponding target blockchain node and the public key obtained by the public key.
- Ciphertext security group information obtained by encrypting plaintext security group information the plaintext security group information includes a security group session key, and the security group session key is used to encrypt multicast messages in the multicast security group transmission; after receiving the security group creation message, the second blockchain node searches for the security group information structure carrying its own public key from the security group creation message, and pairs the security group information found by its own private key The ciphertext security group information in the structure is decrypted to obtain the security group session key.
- a method for implementing secure multicast in a blockchain network comprising: a first blockchain node generating a security group creation message, the security group creation The message contains the security group information structure corresponding to each target blockchain node to be added to the multicast security group.
- Each security group information structure contains the public key of the corresponding target blockchain node and the plaintext paired by the public key.
- the plaintext security group information includes a security group session key, and the security group session key is used to encrypt and transmit multicast messages in the multicast security group;
- the first blockchain node sends the security group creation message, so that each target blockchain node searches for the security group information structure carrying its own public key from the security group creation message, and finds it through its own private key pair.
- the ciphertext security group information in the security group information structure body is decrypted to obtain the security group session key.
- a method for implementing secure multicast in a blockchain network including: a second blockchain node receiving a security group sent by a first blockchain node Create message, the security group creation message contains security group information structures corresponding to each target blockchain node to be added to the multicast security group, and each security group information structure contains the public information of the corresponding target blockchain node.
- the plaintext security group information includes the security group session key
- the security group session key is used to The second blockchain node searches for the security group information structure carrying its own public key from the security group creation message, and uses its own private key to pair the encrypted data in the found security group information structure.
- the security group information is decrypted to obtain the security group session key.
- an apparatus for implementing secure multicast in a blockchain network comprising: a message creation unit that enables a first blockchain node to generate a security group creation message,
- the security group creation message includes the security group information structure corresponding to each target blockchain node to be added to the multicast security group, and each security group information structure includes the public key of the corresponding target blockchain node and the
- the public key encrypts the ciphertext security group information obtained by encrypting the plaintext security group information, and the plaintext security group information includes the security group session key, and the security group session key is used for the multicast security group in the multicast security group.
- the message is encrypted and transmitted; the message sending unit enables the first blockchain node to send the security group creation message, so that each target blockchain node searches for the security group information structure carrying its own public key from the security group creation message. and decrypt the ciphertext security group information in the found security group information structure through its own private key to obtain the security group session key.
- an apparatus for implementing secure multicast in a blockchain network comprising: a message receiving unit that enables a second blockchain node to receive a first blockchain
- the security group creation message sent by the node, the security group creation message contains the security group information structure corresponding to each target blockchain node to be added to the multicast security group, and each security group information structure contains the corresponding target area
- the public key of the blockchain node and the ciphertext security group information obtained by encrypting the plaintext security group information with the public key, the plaintext security group information includes the security group session key, and the security group session key is used to
- the multicast messages in the multicast security group are encrypted and transmitted; the message processing unit enables the second blockchain node to search for the security group information structure carrying its own public key from the security group creation message, and pair it with its own private key.
- the ciphertext security group information in the found security group information structure is decrypted to obtain the security group session key.
- an electronic device comprising: a processor; a memory for storing executable instructions of the processor; wherein, the processor executes the executable instructions by running the executable instructions to implement the method according to the second aspect or the third aspect.
- a computer-readable storage medium having computer instructions stored thereon, the instructions implementing the second aspect or the third aspect when executed by a processor method.
- each blockchain node in the blockchain network can obtain the public keys of other blockchain nodes, so that the security group creation message generated by the first blockchain node is can contain security group information structures corresponding to each target blockchain node, and since each security group information structure only contains the public key of the corresponding target blockchain node and the ciphertext encrypted based on the public key Security group information, so that on the one hand, the target blockchain node can query its corresponding security group information structure by matching the public key, and on the other hand, it can ensure that the ciphertext security group information can only be used by the target blockchain
- the node decrypts with its own private key and cannot be decrypted by other blockchain nodes, thus realizing a safe and accurate key sharing operation without adding a centralized key server, and completing the creation of a multicast security group , so that the blockchain nodes in the multicast security group can implement secure multicast through the above-mentioned security group session key.
- FIG. 1 is a flowchart of a method for implementing secure multicast in a blockchain network provided by an exemplary embodiment.
- FIG. 2 is a flowchart of a method for implementing secure multicast in a blockchain network on the creator side provided by an exemplary embodiment.
- FIG. 3 is a flowchart of a method for implementing secure multicast in a blockchain network on a participant side provided by an exemplary embodiment.
- FIG. 4 is a schematic diagram of a multicast scenario provided by an exemplary embodiment.
- FIG. 5 is a schematic structural diagram of a device provided by an exemplary embodiment.
- FIG. 6 is a block diagram of an apparatus for implementing secure multicast in a blockchain network on the creator side provided by an exemplary embodiment.
- FIG. 7 is a block diagram of an apparatus for implementing secure multicast in a blockchain network on a participant side provided by an exemplary embodiment.
- the steps of the corresponding methods are not necessarily performed in the order shown and described in this specification. In some other embodiments, the methods thereof may comprise more or fewer steps than those described in this specification. In addition, a single step described in this specification may be decomposed into multiple steps for description in other embodiments; and multiple steps described in this specification may also be combined into a single step in other embodiments. describe.
- blockchain networks can be divided into public chains, private chains, and alliance chains. Among them, the openness of the public chain is the highest, the openness of the private chain is the lowest, and the alliance chain is in between.
- the blockchain network includes several blockchain nodes, and communication operations such as consensus, transaction transmission, and block synchronization need to be implemented between blockchain nodes.
- Each blockchain node can communicate through P2P (Peer to Peer, peer-to-peer) technology.
- each blockchain node can rely on the relay node in the blockchain relay communication network.
- the blockchain nodes that need to communicate are connected to the relay node respectively, so that the blockchain nodes can communicate with each other through the block chain. Chain relay communication network to achieve communication.
- the blockchain relay communication network is a backbone relay communication network for real-time blockchain transmission, each relay node can communicate and interact through high-quality bandwidth guaranteed by high QoS.
- the intermediate link of communication between blockchain nodes is taken over by the blockchain relay communication network, which can reduce communication delay and improve stability, thereby significantly improving the communication quality between blockchain nodes.
- the blockchain relay communication network in related technologies may include: the blockchain relay communication network applied to the public chain mainly includes Falcon, Fast Bitcoin Relay Network (FBRN), Fast Internet Bitcoin Relay Engine (FIBRE), etc., and
- the blockchain relay communication networks applied to the alliance chain mainly include BloXRoute, Blockchain Transmission Network (BTN), etc.
- the technical solution establishes a multicast security group between the part of the blockchain nodes, so that the communication efficiency can be improved through multicasting, there is no need for one-to-one inefficient communication between each blockchain node, and the Other blockchain nodes learn the content of the communication.
- FIG. 1 is a flowchart of a method for implementing secure multicast in a blockchain network provided by an exemplary embodiment.
- the method may include: Step 102, the first blockchain node generates and sends a security group creation message, where the security group creation message includes each target blockchain corresponding to each target blockchain to be added to the multicast security group
- the security group information structure of the node each security group information structure contains the public key of the corresponding target blockchain node and the ciphertext security group information obtained by encrypting the plaintext security group information with the public key.
- the information includes a security group session key, and the security group session key is used for encrypted transmission of multicast messages within the multicast security group.
- the first blockchain node can be any blockchain node in the blockchain network.
- the first blockchain node creates a multicast security group through a security group creation message, which is equivalent to the creator of the multicast security group. .
- certain restrictions can be imposed on the creators of multicast security groups.
- only one or more blockchain nodes specified in the blockchain network are allowed to be creators.
- the information of these blockchain nodes (such as public keys) can be recorded in the genesis block of the blockchain, and other blockchain nodes can verify whether the received security group creation message comes from these designated blockchains accordingly.
- the node if so, normally processes the received security group creation message, if not, discards the received security group creation message.
- the target blockchain node can be any one or more blockchain nodes in the blockchain network.
- the first blockchain node can determine the above-mentioned target blockchain node from the blockchain network through off-chain negotiation, offline negotiation, etc.
- the nodes form the above-mentioned multicast security group, so as to realize secure multicast among these blockchain nodes and prevent other blockchain nodes in the blockchain network from learning the content of the multicast message.
- both the first blockchain node and the target blockchain node need to maintain the same session key, and ensure that the session key is only maintained by the first blockchain node and the target blockchain node, It is not known by other blockchain nodes in the blockchain network, so that the first blockchain node and the target blockchain node can encrypt the transmission of multicast messages through the session key, and ensure that only the first blockchain node and the target blockchain node can encrypt and transmit multicast messages.
- the blockchain node and the target blockchain node are able to decrypt the received multicast message.
- the session key described here can be, for example, the security group session key in this specification.
- the first blockchain node can obtain the security group session key in any way, for example, the first blockchain node receives the user-configured security group session key, or the first blockchain node generates the security group session key through key generation rules.
- the security group session key, or the security group session key obtained by the first blockchain node from a key server outside the chain, etc., is not limited in this specification.
- the security group session key is obtained by the first blockchain node, and then distributed to the target blockchain node through the security group creation message, without the need to add a key server in related technologies in the blockchain network, which helps to simplify The network architecture, and this key distribution method can be applied to each blockchain node, in line with the decentralization characteristics of the blockchain network.
- Each blockchain node can join multiple multicast security groups at the same time, as long as the blockchain node can obtain the security group session key distributed in the corresponding multicast security group.
- Step 104 after receiving the security group creation message, the second blockchain node searches for the security group information structure carrying its own public key from the security group creation message, and uses its own private key to find the security group.
- the ciphertext security group information in the information structure is decrypted to obtain the security group session key.
- each blockchain node has a corresponding public-private key pair to represent its own identity.
- the private key in the public-private key pair is maintained by each blockchain node to avoid leakage, while the public key can be disclosed to the public.
- each blockchain node can obtain the public key of each blockchain node in the blockchain network, and the technical solution of this specification uses this feature to realize the security group session key. safe distribution.
- the function of the public key is divided into two parts: the first part, when generating the security group information structure corresponding to each target blockchain node, by including the corresponding security group information structure in the security group information structure
- the public key of the target blockchain node so that each blockchain node can use its own public key as an identifier to match after receiving the security group creation message, so as to accurately find the security group information structure corresponding to itself , of course, if it does not match, it means that it does not belong to the corresponding multicast security group, thus ensuring the accurate distribution of the security group session key
- the second part in the generation of the security group corresponding to each target blockchain node
- the public key of the corresponding target blockchain node is used to perform asymmetric encryption to generate the above-mentioned ciphertext security group information to ensure that only the target blockchain node corresponding to the security group information structure can access the security group.
- the ciphertext security group information is decrypted to obtain the security group session key, because as mentioned above, only the target blockchain node holds its own private key, thus ensuring the secure distribution of the security group session key. Therefore, if a first blockchain node wishes to add a second blockchain node as a member of a multicast security group, the first blockchain node can include the security corresponding to the second blockchain node in the security group creation message Group information structure, the security group information structure contains the public key of the second blockchain node and the ciphertext security group information encrypted and generated by the public key, so that the second blockchain node can find the security group through its own public key Security group information structure, decrypt to obtain the security group session key.
- all blockchain nodes in the blockchain network that obtain the security group session key form a multicast security group, and these blockchain nodes become members of the multicast security group .
- the members of a multicast security group can implement secure multicast: the multicast messages sent between each member will be encrypted and transmitted using the above-mentioned security group session key, so that these multicast messages can only be decrypted by these members, even if these The multicast message cannot be decrypted even if it is received by other blockchain nodes in the blockchain network, thus ensuring that the message content of the multicast message can only be obtained by members of the multicast security group, thus realizing secure multicast.
- the members of the multicast security group can pre-configure or negotiate the encryption algorithm adopted (for example, off-chain negotiation or offline negotiation, etc.).
- the encryption algorithm also uses for decrypting multicast messages.
- the plaintext security group information may include: encryption algorithm indication information, where the encryption algorithm indication information is used to represent the encryption algorithm used when the multicast message is encrypted and transmitted by using the security group session key, which is equivalent to the first blockchain node to specify the encryption algorithm to be used; of course, the encryption algorithm can also be pre-negotiated by the first blockchain node and the target blockchain node, and marked by the first blockchain node in the plaintext security group information .
- the encryption algorithm used can be any symmetric encryption algorithm, such as AES128-GCM, AES128-CCM, AES256-GCM, AES256-CCM, AEAD_CHACHA20_POLY1305, SM4-GCM, SM4-CCM etc., this specification does not limit it.
- the security group session key is an asymmetric key
- the security group session key includes a public-private key pair, wherein the public key is used to encrypt the multicast message, and the private key is used to decrypt the multicast message.
- the adopted encryption algorithm can be any asymmetric encryption algorithm, such as RSA, Elgamal, knapsack algorithm, Rabin, D-H, ECC (elliptic curve encryption algorithm), etc., which is not limited in this specification.
- a blockchain node If a blockchain node only joins one multicast security group at the same time, the blockchain node will only send and receive multicast messages in this multicast security group, and only needs to use the security group session password distributed in this multicast security group. encryption and decryption using the key, without the confusion of multicast or security group session keys.
- the same blockchain node can join multiple multicast security groups at the same time. At this time, the blockchain node needs to distinguish each multicast security group, such as the security group session used by each multicast security group. The key, the encryption algorithm used, etc., for example, which multicast security group the received multicast message belongs to, and whether it belongs to the multicast security group.
- the plaintext security group information may further include a security group identifier, and the security group identifier corresponds to the multicast security group, for example, there is a one-to-one correspondence between the security group identifier and the multicast security group.
- the security group identifier corresponding to the multicast security group may be included to indicate the multicast message.
- the recipient of the decryption operation is performed through the security group session key in the plaintext security group information containing the security group identifier.
- the receiver of a multicast message can determine the multicast security group to which the multicast message belongs based on the security group identifier contained in the multicast message, and if the receiver belongs to the multicast security group, the receiver maintains The plaintext security group information including the security group identifier obtained in the above steps 102-104, and then the multicast message is decrypted by using the security group session key contained in the plaintext security group information.
- the blockchain node can determine which multicast security group to communicate in, and can determine the security group ID corresponding to the determined multicast security group. Therefore, the security group session key is obtained from the plaintext security group information including the security group identifier, and the multicast message is encrypted and sent by using the security group session key.
- the above-mentioned security group creation message may also include a message signature generated by the private key of the first blockchain node. Then, after receiving the security group creation message, the second blockchain node can first verify the signature of the message through the public key of the first blockchain node, and determine if the signature is successful: the security group The creation message does come from the first blockchain node, and the security group creation message has not been tampered with during the transmission process. The first blockchain node can perform step 104 and other operations after confirming that the signature is successful, otherwise it can be discarded Or do not process the security group creation message.
- the above message signature can be generated by signing the key information in the security group creation message with the private key of the first blockchain node, so that in the case of successful signature verification, it can be specifically proved that the key information has not been tampered with.
- the key information may include: a security group information structure corresponding to each target blockchain node.
- the key information may also include at least one of the following: an anti-replay random number, the public key or digital certificate of the first blockchain node, etc., which are not discussed in this specification. limit.
- Different security group creation messages sent by the first blockchain node can respectively contain different anti-replay random numbers
- the second blockchain node can create a security group between the current received security group creation message and the historically received security group creation message. If the message contains the same anti-replay random number, confirm that the currently received security group creation message is a replay message and needs to be discarded or not processed, and only the currently received security group creation message and the historically received security group creation message are confirmed. Only when the anti-replay random numbers contained in the group creation message are different, the received security group creation message will be processed normally.
- the digital certificate of the first blockchain node is issued by the CA center, the digital certificate contains the public key of the first blockchain node, and the second blockchain node can determine that the digital certificate contains 's public key does belong to the first blockchain node.
- a multicast security group can be a long-term effective security group, or a short-term or temporary one.
- a short-term or temporary multicast security group it has certain timeliness; for example, such a multicast security group may have a validity period, so that the corresponding multicast security group can implement secure multicast only within the validity period.
- the plaintext security group information in any of the above embodiments may further include: a session validity period, the session validity period is used to represent the validity period of the plaintext security group information, so that: when the plaintext security group information is within the validity period, the plaintext security group information has been added to the corresponding group Each blockchain node of the multicast security group stores; when it is not within the validity period, the plaintext security group information is discarded or marked as invalid by each blockchain node that has joined the corresponding multicast security group.
- a session validity period is used to represent the validity period of the plaintext security group information, so that: when the plaintext security group information is within the validity period, the plaintext security group information has been added to the corresponding group
- Each blockchain node of the multicast security group stores; when it is not within the validity period, the plaintext security group information is discarded or marked as invalid by each blockchain node that has joined the corresponding multicast security group.
- the session validity period described here is used to manage the validity period of the plaintext security group information
- the secure multicast in the multicast security group needs to use the security group session key, session group identifier and other information contained in the plaintext security group information
- the The management of the plaintext security group information is actually the management of the multicast security group
- the validity period of the plaintext security group information is the validity period of the multicast security group. Because the longer the use time of the same plaintext security group information, the greater the risk of leakage of the plaintext security group information. Therefore, by setting the above session validity period, the potential security risks caused by the long-term use of the same plaintext security group information can be avoided. Force members of the corresponding multicast security group to update the plaintext security group information to improve multicast security.
- FIG. 2 is a flowchart of a method for implementing secure multicast in a blockchain network on the creator side provided by an exemplary embodiment.
- the method may include: Step 202, the first blockchain node generates a security group creation message, and the security group creation message includes information corresponding to each target blockchain node to be added to the multicast security group.
- Security group information structure each security group information structure contains the public key of the corresponding target blockchain node and the ciphertext security group information obtained by encrypting the plaintext security group information with the public key, and the plaintext security group information contains A security group session key, where the security group session key is used for encrypted transmission of multicast messages in the multicast security group.
- the first blockchain node In the case where the first blockchain node is used to generate the security group creation message, it is equivalent to the creation of the corresponding multicast session group initiated by the first blockchain node, so the first blockchain node can be regarded as The creator of this multicast session group.
- the first blockchain node can be regarded as The creator of this multicast session group.
- the same blockchain node can belong to the role of creator in some multicast security groups, and can also belong to the role of participant in other multicast security groups.
- Step 204 the first block chain node sends the security group creation message, so that each target block chain node searches for the security group information structure carrying its own public key from the security group creation message, and uses its own private key. Decrypt the ciphertext security group information in the found security group information structure to obtain the security group session key.
- the plaintext security group information further includes encryption algorithm indication information, where the encryption algorithm indication information is used to represent the encryption algorithm used when the multicast message is encrypted and transmitted by using the security group session key.
- the plaintext security group information also includes a session validity period, and the session validity period is used to represent the validity period of the plaintext security group information; wherein, when the plaintext security group information is within the validity period, the plaintext security group information has been added to Each block chain node of the multicast security group stores; when not within the validity period, the plaintext security group information is discarded or marked as invalid by each block chain node that has joined the multicast security group.
- the plaintext security group information further includes a security group identifier, and the security group identifier corresponds to the multicast security group; wherein, the multicast message in the multicast security group includes the security group identifier , to instruct the receiver of the multicast message to perform the decryption operation by using the security group session key in the plaintext security group information containing the security group identifier.
- the security group creation message further includes: a message signature generated by the private key of the first blockchain node.
- the message signature is generated by signing the key information in the security group creation message with the private key of the first blockchain node; wherein the key information includes: corresponding to each target blockchain The node's security group information structure.
- the key information further includes at least one of the following: an anti-replay random number; the public key or digital certificate of the first blockchain node.
- FIG. 3 is a flowchart of a method for implementing secure multicast in a blockchain network on a participant side provided by an exemplary embodiment.
- the method may include: Step 302, the second blockchain node receives a security group creation message sent by the first blockchain node, where the security group creation message contains messages corresponding to the multicast security groups to be added respectively.
- the security group information structure of each target blockchain node, each security group information structure contains the public key of the corresponding target blockchain node and the ciphertext security group information obtained by encrypting the plaintext security group information with the public key , the plaintext security group information includes a security group session key, and the security group session key is used to encrypt and transmit multicast messages in the multicast security group.
- Step 304 the second block chain node searches the security group information structure carrying its own public key from the security group creation message, and performs the ciphertext security group information in the found security group information structure through its own private key. Decrypt to get the security group session key.
- the plaintext security group information further includes encryption algorithm indication information, where the encryption algorithm indication information is used to represent the encryption algorithm used when the multicast message is encrypted and transmitted by using the security group session key.
- the plaintext security group information also includes a session validity period, and the session validity period is used to represent the validity period of the plaintext security group information; wherein, when the plaintext security group information is within the validity period, the plaintext security group information has been added to Each block chain node of the multicast security group stores; when not within the validity period, the plaintext security group information is discarded or marked as invalid by each block chain node that has joined the multicast security group.
- the plaintext security group information further includes a security group identifier, and the security group identifier corresponds to the multicast security group; wherein, the multicast message in the multicast security group includes the security group identifier , to instruct the receiver of the multicast message to perform the decryption operation by using the security group session key in the plaintext security group information containing the security group identifier.
- the security group creation message also includes a message signature generated by the private key of the first blockchain node; the method further includes: the second blockchain node passes the public key of the first blockchain node The message signature is verified.
- the message signature is generated by signing the key information in the security group creation message with the private key of the first blockchain node; wherein the key information includes: corresponding to each target blockchain The node's security group information structure.
- the key information further includes at least one of the following: an anti-replay random number; the public key or digital certificate of the first blockchain node.
- FIG. 4 is a schematic diagram of a multicast scenario provided by an exemplary embodiment.
- there are several blockchain nodes such as node A, node B, node C and node D in the blockchain network; among them, it is assumed that a multicast security group needs to be established between node A, node B and node C , so that some sensitive content can be transmitted between node A, node B, and node C, while avoiding other blockchain nodes such as node D from obtaining these sensitive content.
- node A, node B, and node C can perform key negotiation through BSGGP (Blockchain Security Group Generate Protocol) based on the embodiments of this specification to establish a multicast security group, and then pass The BSGMP (Blockchain Security Group Multicast Protocol) of the embodiments of this specification implements secure multicast.
- BSGGP Blockchain Security Group Generate Protocol
- BSGMP Blockchain Security Group Multicast Protocol
- BSGGP_GroupInfo Assuming that node A is the creator, node A needs to first generate a BSGGP-compliant security group creation message BSGGP_GroupInfo.
- the message structure of the BSGGP_GroupInfo can be:
- Encrypt_Session_chain is used to store the relevant information of the multicast security group, and the relevant information of the multicast security group may be the security group corresponding to each target blockchain node to be added to the multicast security group in the foregoing embodiment.
- information structure The structure of the Encrypt_Session_chain can be:
- BSG_Encrypt_Session is the above-mentioned security group information structure, and the security group information structures corresponding to each target blockchain node such as node B and node C can be linked together into a chain, which is added to the chain structure in a chain.
- Encrypt_Session_chain When these security group information structures form a chain structure, they can be spliced in sequence according to a preset order (such as the size order of IP addresses, the size order of node public keys, etc., which are not limited in this manual); they can also be spliced out of order. , the splicing order does not affect the negotiation effect.
- BSG_Encrypt_Session The structure of BSG_Encrypt_Session can be:
- PublicKey key //The public key of the target blockchain node
- Enc_Session sess //The ciphertext security group information generated after encrypting BSG_Session with the public key of the target blockchain node
- each target blockchain node can always find its corresponding BSG_Encrypt_Session by matching its own public key, so the splicing order between these BSG_Encrypt_Sessions will not affect the negotiation effect.
- Enc_Session is equivalent to the ciphertext security group information described above.
- Enc_Session is obtained by encrypting the BSG_Session with the public key of the target blockchain node corresponding to the BSG_Encrypt_Session to which it belongs.
- the BSG_Session is equivalent to the plaintext security group information described above.
- the contained Enc_Session is obtained by encrypting the BSG_Session with the public key of node B, while the contained Enc_Session in the BSG_Encrypt_Session corresponding to node C is obtained by encrypting the BSG_Session with the public key of node C.
- BSG_Encrypt_Session corresponding to each node
- the BSG_Session corresponding to the Enc_Session is the same.
- BSG_Session can contain any content that node A wishes to transmit to node B and node C. Of course, these content are usually related to the multicast session group that needs to be created.
- the structure of BSG_Session can be:
- each target blockchain node After each target blockchain node decrypts the BSG_Session, it will save the BSG_Session.
- the session_lifetime_hint contained in each BSG_Session is used to indicate the validity period of the corresponding multicast session group or the validity period of the corresponding session.
- the target blockchain node can delete the BSG_Session or add the The BSG_Session is marked as invalid, or if the session_lifetime_hint contained in the corresponding BSG_Session has expired before the multicast message needs to be sent, avoid using the Master_key in the BSG_Session for encryption; in other words, only when the session_lifetime_hint contained in the BSG_Session has not expired, the BSG_Session contains The Master_key will be used for encrypted transmission of multicast messages.
- the BSG_ID is used to mark the multicast session group or the session corresponding to the multicast session group, so that the multicast messages transmitted between the members of the multicast session group will include the BSG_ID, so that when a blockchain node is receiving After reaching the multicast message, it can match the BSG_Session maintained by itself according to the BSG_ID contained in the multicast message, and decrypt the received multicast message through the Master_key in the BSG_Session containing the BSG_ID.
- Master_key is used to encrypt and decrypt multicast messages.
- the cipher_id is used to indicate the members of the multicast session group and the algorithm used when performing encryption and decryption processing.
- node A, node B, and node C After node A, node B, and node C complete the negotiation in the above manner, node A, node B, and node C will maintain a BSG_Session locally, so that node A, node B, and node C form a multicast security group. These nodes can implement secure multicast based on the jointly maintained BSG_Session.
- BSG_Plaintext Assuming that node B wants to send multicast messages to node A and node C, node B first generates a message structure BSG_Plaintext that conforms to BSGMP.
- the structure of BSG_Plaintext can be:
- BSG_Plaintext the content of the message to be transmitted by Node B is recorded in content in plaintext.
- BSG_Plaintext may contain only content.
- the block structure is used to organize the BSG_Plaintext, for example, the length of each block is 128 bits, then when the length of the content is exactly an integer multiple of 128 bits, the content can just fill several corresponding blocks, then the same is true for BSG_Plaintext
- Zeros[length_of_padding-1] and length_of_padding may not be included; however, when the length of content is not exactly an integer multiple of 128bit, the 128bit of the last block cannot be filled, and these unfilled parts can be used in full 0 to fill, the above zeros[length_of_padding-1] corresponds to the part filled with 0 (ie padding), and length_of_padding is used to describe the length of padding.
- Node B can construct the above-mentioned BSG_Plaintext, thereby generating a multicast message BSG_Message, whose message structure can be:
- Node B When Node B generates BSG_Message, it needs to use the BSG_Session obtained in the preceding process. In fact, when Node B wishes to send a BSG_Message in a multicast session group, it should use the BSG_Session corresponding to the multicast session group, and generate the above-mentioned BSG_Message through the BSG_ID and Master_key contained in the BSG_Session.
- BSG_Ciphertext is generated by Node B encrypting BSG_Plaintext with Master_key.
- the encryption algorithm also requires the use of a random number iv to increase the security of symmetric encryption, so the structure of BSG_Message contains the above-mentioned seq_num.
- node B can send seq_num to node A and node C separately, instead of integrating it in the structure of BSG_Message, so even if both Master_key and BSG_Message are exposed, BSG_Ciphertext may not be exposed because seq_num is not exposed. Decrypt correctly, which helps improve security.
- seq_num in the structure of BSG_Message for sending, the increase in the number of interactions caused by sending seq_num alone is considered to be avoided, which helps to improve communication efficiency.
- BSG_Ciphertext AES128-GCM-Encrypt(Master_key,seq_num,additional_data,BSG_Plaintext)
- additional_data BSG_Message.length
- node C can match all BSG_Sessions maintained by itself according to the BSG_ID contained in the BSG_Message to determine the BSG_Session containing the BSG_ID. Further, node C can read the cipher_id and Master_key according to the determined BSG_Session, and decrypt the BSG_Ciphertext in the received BSG_Message accordingly to obtain the plaintext BSG_Plaintext. Still taking AES128-GCM as an example, BSG_Plaintext can be obtained by decrypting BSG_Ciphertext in the following way:
- BSG_Plaintext AES128-GCM-Decrypt(Master_key,seq_num,additional_data,BSG_Ciphertext)
- the blockchain node as the sender can specify the information of the blockchain node as the receiver in the corresponding message message, such as adding the IP addresses of these blockchain nodes in the message header. address, so that multicast messages can be directed to these blockchain nodes designated as receivers, and will not be sent to other blockchain nodes to save network resources.
- the blockchain nodes communicate through the blockchain relay communication network
- the identification information corresponding to these blockchain nodes can be added to the message message, so that the The blockchain relay communication network can direct multicast messages to these blockchain nodes designated as recipients, but not to other blockchain nodes.
- blockchain nodes that do not belong to the multicast session group may also receive multicast messages.
- node D receives the above-mentioned BSG_Message sent by node B
- node D can also match from all BSG_Sessions maintained by itself according to the BSG_ID contained in the BSG_Message, but node D cannot match the BSG_Session containing the BSG_ID, so it cannot Decrypt the BSG_Ciphertext in the received BSG_Message, then from the perspective of security, it is the same as the node D has not received the multicast message.
- each blockchain node in the blockchain network can obtain the public keys of other blockchain nodes, so that the security group creation message generated by the first blockchain node is included in the It can contain the security group information structure corresponding to each target blockchain node, and because each security group information structure only contains the public key of the corresponding target blockchain node and the ciphertext security encrypted based on the public key.
- the target blockchain node can query its corresponding security group information structure by matching the public key, and on the other hand, it can ensure that the ciphertext security group information can only be used by the target blockchain node Decrypted by its own private key, which cannot be decrypted by other blockchain nodes, it realizes a safe and accurate key sharing operation without adding a centralized key server, and completes the creation of a multicast security group.
- This enables the blockchain nodes in the multicast security group to implement secure multicast through the above-mentioned security group session key.
- Fig. 5 is a schematic structural diagram of a device provided by an exemplary embodiment.
- the device includes a processor 502 , an internal bus 504 , a network interface 506 , a memory 508 and a non-volatile memory 510 , and of course may also include hardware required for other services.
- the processor 502 reads the corresponding computer program from the non-volatile memory 510 into the memory 508 and then executes it, forming a device for realizing secure multicast in the blockchain network at the logical level.
- one or more embodiments of this specification do not exclude other implementations, such as logic devices or a combination of software and hardware, etc., that is to say, the execution subjects of the following processing procedures are not limited to each Logic unit, which can also be hardware or logic device.
- the device for implementing secure multicast in the blockchain network on the creator side may include:
- the message creation unit 61 enables the first blockchain node to generate a security group creation message, where the security group creation message includes the security group information structure corresponding to each target blockchain node to be added to the multicast security group, each The security group information structure includes the public key of the corresponding target blockchain node and the ciphertext security group information obtained by encrypting the plaintext security group information with the public key, and the plaintext security group information includes the security group session key, and the The security group session key is used for encrypted transmission of multicast messages in the multicast security group;
- the message sending unit 62 enables the first blockchain node to send the security group creation message, so that each target blockchain node searches for the security group information structure carrying its own public key from the security group creation message, and passes the message through the security group creation message.
- the own private key decrypts the ciphertext security group information in the found security group information structure to obtain the security group session key.
- the plaintext security group information further includes encryption algorithm indication information, where the encryption algorithm indication information is used to represent the encryption algorithm used when the multicast message is encrypted and transmitted by using the security group session key.
- the plaintext security group information further includes a session validity period, and the session validity period is used to represent the validity period of the plaintext security group information; wherein, when within the validity period, the plaintext security group information has been added to the Each block chain node of the multicast security group stores; when not within the validity period, the plaintext security group information is discarded or marked as invalid by each block chain node that has joined the multicast security group.
- the plaintext security group information further includes a security group identifier, and the security group identifier corresponds to the multicast security group; wherein, the multicast message in the multicast security group includes the security group identifier, to instruct the receiver of the multicast message to perform a decryption operation by using the security group session key in the plaintext security group information containing the security group identifier.
- the security group creation message further includes a message signature generated by the private key of the first blockchain node.
- the message signature is generated by signing the key information in the security group creation message with the private key of the first blockchain node; wherein the key information includes: corresponding to each target blockchain node security group information structure.
- the key information further includes at least one of the following: an anti-replay random number; the public key or digital certificate of the first blockchain node.
- the device for implementing secure multicast in the blockchain network on the participant side may include: a message receiving unit 71 , which enables the second blockchain node to receive messages sent by the first blockchain node
- the security group creation message contains the security group information structure corresponding to each target blockchain node to be added to the multicast security group, and each security group information structure contains the corresponding target blockchain
- the multicast messages in the security group are encrypted and transmitted;
- the message processing unit 72 enables the second blockchain node to search for the security group information structure carrying its own public key from the security group creation message, and to search through its own private key pair
- the ciphertext security group information in the obtained security group information structure is decrypted to obtain the security group session key.
- the plaintext security group information further includes encryption algorithm indication information, where the encryption algorithm indication information is used to represent the encryption algorithm used when the multicast message is encrypted and transmitted by using the security group session key.
- the plaintext security group information further includes a session validity period, and the session validity period is used to represent the validity period of the plaintext security group information; wherein, when within the validity period, the plaintext security group information has been added to the Each block chain node of the multicast security group stores; when not within the validity period, the plaintext security group information is discarded or marked as invalid by each block chain node that has joined the multicast security group.
- the plaintext security group information further includes a security group identifier, and the security group identifier corresponds to the multicast security group; wherein, the multicast message in the multicast security group includes the security group identifier, to instruct the receiver of the multicast message to perform a decryption operation by using the security group session key in the plaintext security group information containing the security group identifier.
- the security group creation message further includes a message signature generated by the private key of the first blockchain node; the method further includes: the second blockchain node uses the public key pair of the first blockchain node to The message signature is verified.
- the message signature is generated by signing the key information in the security group creation message with the private key of the first blockchain node; wherein the key information includes the key information corresponding to each target blockchain node.
- Security group information structure
- the key information further includes at least one of the following: an anti-replay random number; the public key or digital certificate of the first blockchain node.
- a typical implementation device is a computer, which may be in the form of a personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media player, navigation device, e-mail device, game control desktop, tablet, wearable device, or a combination of any of these devices.
- a computer includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
- processors CPUs
- input/output interfaces network interfaces
- memory volatile and non-volatile memory
- Memory may include forms of non-persistent memory, random access memory (RAM) and/or non-volatile memory in computer readable media, such as read only memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
- RAM random access memory
- ROM read only memory
- flash RAM flash memory
- Computer-readable media includes both persistent and non-permanent, removable and non-removable media, and storage of information may be implemented by any method or technology.
- Information may be computer readable instructions, data structures, modules of programs, or other data.
- Examples of computer storage media include, but are not limited to, phase-change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read only memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), Flash Memory or other memory technology, Compact Disc Read Only Memory (CD-ROM), Digital Versatile Disc (DVD) or other optical storage, Magnetic tape cartridges, disk storage, quantum memory, graphene-based storage media or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices.
- computer-readable media does not include transitory computer-readable media, such as modulated data signals and carrier waves.
- first, second, third, etc. may be used in this specification to describe various information, such information should not be limited by these terms. These terms are only used to distinguish the same type of information from each other.
- first information may also be referred to as the second information, and similarly, the second information may also be referred to as the first information without departing from the scope of one or more embodiments of the present specification.
- word "if” as used herein can be interpreted as "at the time of" or "when” or "in response to determining.”
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Claims (25)
- 一种在区块链网络中实现安全组播的方法,包括:第一区块链节点生成并发送安全组创建消息,所述安全组创建消息包含分别对应于待加入组播安全组的各个目标区块链节点的安全组信息结构体,每一安全组信息结构体包含相应的目标区块链节点的公钥和由该公钥对明文安全组信息加密得到的密文安全组信息,所述明文安全组信息包含安全组会话密钥,所述安全组会话密钥用于对所述组播安全组内的组播消息进行加密传输;第二区块链节点收到所述安全组创建消息后,从所述安全组创建消息中查找携带自身公钥的安全组信息结构体,并通过自身私钥对查找到的安全组信息结构体内的密文安全组信息进行解密以得到所述安全组会话密钥。
- 根据权利要求1所述的方法,所述明文安全组信息还包含加密算法指示信息,所述加密算法指示信息用于表征采用所述安全组会话密钥对所述组播消息进行加密传输时使用的加密算法。
- 根据权利要求1所述的方法,所述明文安全组信息还包含会话有效期,所述会话有效期用于表征所述明文安全组信息的有效期;其中,当处于有效期内时,所述明文安全组信息被已加入所述组播安全组的各个区块链节点存储;当未处于有效期内时,所述明文安全组信息被已加入所述组播安全组的各个区块链节点丢弃或标记为无效。
- 根据权利要求1所述的方法,所述明文安全组信息还包含安全组标识,所述安全组标识对应于所述组播安全组;其中,所述组播安全组内的组播消息包含所述安全组标识,以指示所述组播消息的接收方通过包含所述安全组标识的明文安全组信息中的安全组会话密钥进行解密操作。
- 根据权利要求1所述的方法,所述安全组创建消息还包含:由第一区块链节点的私钥生成的消息签名;第二区块链节点还通过第一区块链节点的公钥对所述消息签名进行验签。
- 根据权利要求5所述的方法,所述消息签名由第一区块链节点的私钥对所述安全组创建消息中的关键信息进行签名而生成;其中,所述关键信息包括:对应于各个目标区块链节点的安全组信息结构体。
- 根据权利要求6所述的方法,所述关键信息还包含以下至少之一:防重放随机数;第一区块链节点的公钥或数字证书。
- 一种在区块链网络中实现安全组播的方法,包括:第一区块链节点生成安全组创建消息,所述安全组创建消息包含分别对应于待加入组播安全组的各个目标区块链节点的安全组信息结构体,每一安全组信息结构体包含相应的目标区块链节点的公钥和由该公钥对明文安全组信息加密得到的密文安全组信息,所述明文安全组信息包含安全组会话密钥,所述安全组会话密钥用于对所述组播安全组 内的组播消息进行加密传输;第一区块链节点发送所述安全组创建消息,使各个目标区块链节点分别从所述安全组创建消息中查找携带自身公钥的安全组信息结构体,并通过自身私钥对查找到的安全组信息结构体内的密文安全组信息进行解密以得到所述安全组会话密钥。
- 根据权利要求8所述的方法,所述明文安全组信息还包含加密算法指示信息,所述加密算法指示信息用于表征采用所述安全组会话密钥对所述组播消息进行加密传输时使用的加密算法。
- 根据权利要求8所述的方法,所述明文安全组信息还包含会话有效期,所述会话有效期用于表征所述明文安全组信息的有效期;其中,当处于有效期内时,所述明文安全组信息被已加入所述组播安全组的各个区块链节点存储;当未处于有效期内时,所述明文安全组信息被已加入所述组播安全组的各个区块链节点丢弃或标记为无效。
- 根据权利要求8所述的方法,所述明文安全组信息还包含安全组标识,所述安全组标识对应于所述组播安全组;其中,所述组播安全组内的组播消息包含所述安全组标识,以指示所述组播消息的接收方通过包含所述安全组标识的明文安全组信息中的安全组会话密钥进行解密操作。
- 根据权利要求8所述的方法,所述安全组创建消息还包含:由第一区块链节点的私钥生成的消息签名。
- 根据权利要求12所述的方法,所述消息签名由第一区块链节点的私钥对所述安全组创建消息中的关键信息进行签名而生成;其中,所述关键信息包括:对应于各个目标区块链节点的安全组信息结构体。
- 根据权利要求13所述的方法,所述关键信息还包含以下至少之一:防重放随机数;第一区块链节点的公钥或数字证书。
- 一种在区块链网络中实现安全组播的方法,包括:第二区块链节点接收第一区块链节点发送的安全组创建消息,所述安全组创建消息包含分别对应于待加入组播安全组的各个目标区块链节点的安全组信息结构体,每一安全组信息结构体包含相应的目标区块链节点的公钥和由该公钥对明文安全组信息加密得到的密文安全组信息,所述明文安全组信息包含安全组会话密钥,所述安全组会话密钥用于对所述组播安全组内的组播消息进行加密传输;第二区块链节点从所述安全组创建消息中查找携带自身公钥的安全组信息结构体,并通过自身私钥对查找到的安全组信息结构体内的密文安全组信息进行解密以得到所述安全组会话密钥。
- 根据权利要求15所述的方法,所述明文安全组信息还包含加密算法指示信息,所述加密算法指示信息用于表征采用所述安全组会话密钥对所述组播消息进行加密传输时使用的加密算法。
- 根据权利要求15所述的方法,所述明文安全组信息还包含会话有效期,所述会话有效期用于表征所述明文安全组信息的有效期;其中,当处于有效期内时,所述明文安全组信息被已加入所述组播安全组的各个区块链节点存储;当未处于有效期内时,所述明文安全组信息被已加入所述组播安全组的各个区块链节点丢弃或标记为无效。
- 根据权利要求15所述的方法,所述明文安全组信息还包含安全组标识,所述安全组标识对应于所述组播安全组;其中,所述组播安全组内的组播消息包含所述安全组标识,以指示所述组播消息的接收方通过包含所述安全组标识的明文安全组信息中的安全组会话密钥进行解密操作。
- 根据权利要求15所述的方法,所述安全组创建消息还包含:由第一区块链节点的私钥生成的消息签名;所述方法还包括:第二区块链节点通过第一区块链节点的公钥对所述消息签名进行验签。
- 根据权利要求19所述的方法,所述消息签名由第一区块链节点的私钥对所述安全组创建消息中的关键信息进行签名而生成;其中,所述关键信息包括:对应于各个目标区块链节点的安全组信息结构体。
- 根据权利要求20所述的方法,所述关键信息还包含以下至少之一:防重放随机数;第一区块链节点的公钥或数字证书。
- 一种在区块链网络中实现安全组播的装置,包括:消息创建单元,使第一区块链节点生成安全组创建消息,所述安全组创建消息包含分别对应于待加入组播安全组的各个目标区块链节点的安全组信息结构体,每一安全组信息结构体包含相应的目标区块链节点的公钥和由该公钥对明文安全组信息加密得到的密文安全组信息,所述明文安全组信息包含安全组会话密钥,所述安全组会话密钥用于对所述组播安全组内的组播消息进行加密传输;消息发送单元,使第一区块链节点发送所述安全组创建消息,使各个目标区块链节点分别从所述安全组创建消息中查找携带自身公钥的安全组信息结构体,并通过自身私钥对查找到的安全组信息结构体内的密文安全组信息进行解密以得到所述安全组会话密钥。
- 一种在区块链网络中实现安全组播的装置,包括:消息接收单元,使第二区块链节点接收第一区块链节点发送的安全组创建消息,所述安全组创建消息包含分别对应于待加入组播安全组的各个目标区块链节点的安全组信息结构体,每一安全组信息结构体包含相应的目标区块链节点的公钥和由该公钥对明文安全组信息加密得到的密文安全组信息,所述明文安全组信息包含安全组会话密钥,所述安全组会话密钥用于对所述组播安全组内的组播消息进行加密传输;消息处理单元,使第二区块链节点从所述安全组创建消息中查找携带自身公钥的安全组信息结构体,并通过自身私钥对查找到的安全组信息结构体内的密文安全组信息进 行解密以得到所述安全组会话密钥。
- 一种电子设备,包括:处理器;用于存储处理器可执行指令的存储器;其中,所述处理器通过运行所述可执行指令以实现如权利要求8至21中任一项所述的方法。
- 一种计算机可读存储介质,其上存储有计算机指令,该指令被处理器执行时实现如权利要求8至21中任一项所述的方法。
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP22748835.0A EP4290804A1 (en) | 2021-02-03 | 2022-01-13 | Method and apparatus for realizing secure multicast in blockchain network |
US18/275,665 US20240129281A1 (en) | 2021-02-03 | 2022-01-13 | Method and apparatus for implementing secure multicast in blockchain network |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110152304.X | 2021-02-03 | ||
CN202110152304.XA CN114866267B (zh) | 2021-02-03 | 2021-02-03 | 在区块链网络中实现安全组播的方法及装置 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2022166556A1 true WO2022166556A1 (zh) | 2022-08-11 |
Family
ID=82623388
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2022/071800 WO2022166556A1 (zh) | 2021-02-03 | 2022-01-13 | 在区块链网络中实现安全组播的方法及装置 |
Country Status (4)
Country | Link |
---|---|
US (1) | US20240129281A1 (zh) |
EP (1) | EP4290804A1 (zh) |
CN (1) | CN114866267B (zh) |
WO (1) | WO2022166556A1 (zh) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117014234B (zh) * | 2023-10-07 | 2023-12-08 | 成都创一博通科技有限公司 | 基于区块链的信息加密传输方法 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050044356A1 (en) * | 1999-12-22 | 2005-02-24 | Sunil Srivastava | Method and apparatus for distributing and updating private keys of multicast group managers using directory replication |
CN1668000A (zh) * | 2004-03-11 | 2005-09-14 | 陈屹戎 | 用于无线网络的鉴别与保密方法 |
CN102684875A (zh) * | 2012-01-07 | 2012-09-19 | 河南科技大学 | 组播安全代理组件及组播加密管理方法 |
CN112217645A (zh) * | 2020-09-28 | 2021-01-12 | 电子科技大学 | 一种基于区块链技术的匿名通信系统路由选择方法 |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107171806B (zh) * | 2017-05-18 | 2020-04-10 | 北京航空航天大学 | 基于区块链的移动终端网络密钥协商方法 |
EP3707925A1 (en) * | 2017-11-09 | 2020-09-16 | Electric Society SA | An ad-hoc network |
CN108566375A (zh) * | 2018-03-12 | 2018-09-21 | 深圳壹账通智能科技有限公司 | 基于区块链的多端间消息通信的方法、终端及存储介质 |
KR102020898B1 (ko) * | 2018-10-31 | 2019-09-11 | 상명대학교 천안산학협력단 | 신뢰 실행 환경 기반 세션키 수립 방법 |
CN110046521B (zh) * | 2019-04-24 | 2023-04-18 | 成都派沃特科技股份有限公司 | 去中心化隐私保护方法 |
-
2021
- 2021-02-03 CN CN202110152304.XA patent/CN114866267B/zh active Active
-
2022
- 2022-01-13 EP EP22748835.0A patent/EP4290804A1/en active Pending
- 2022-01-13 US US18/275,665 patent/US20240129281A1/en active Pending
- 2022-01-13 WO PCT/CN2022/071800 patent/WO2022166556A1/zh active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050044356A1 (en) * | 1999-12-22 | 2005-02-24 | Sunil Srivastava | Method and apparatus for distributing and updating private keys of multicast group managers using directory replication |
CN1668000A (zh) * | 2004-03-11 | 2005-09-14 | 陈屹戎 | 用于无线网络的鉴别与保密方法 |
CN102684875A (zh) * | 2012-01-07 | 2012-09-19 | 河南科技大学 | 组播安全代理组件及组播加密管理方法 |
CN112217645A (zh) * | 2020-09-28 | 2021-01-12 | 电子科技大学 | 一种基于区块链技术的匿名通信系统路由选择方法 |
Also Published As
Publication number | Publication date |
---|---|
EP4290804A1 (en) | 2023-12-13 |
US20240129281A1 (en) | 2024-04-18 |
CN114866267A (zh) | 2022-08-05 |
CN114866267B (zh) | 2023-12-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108600227B (zh) | 一种基于区块链的医疗数据共享方法及装置 | |
TWI683566B (zh) | 量子密鑰輸出方法、儲存一致性驗證方法、裝置及系統 | |
TWI721122B (zh) | 資料安全傳輸方法、客戶端及服務端方法、裝置及系統 | |
US9338150B2 (en) | Content-centric networking | |
TWI744532B (zh) | 用以於區塊鏈網路節點間建立受信賴點對點通訊之方法與系統 | |
US8553887B2 (en) | Method for generating dynamic group key | |
CN111404950B (zh) | 一种基于区块链网络的信息共享方法、装置和相关设备 | |
WO2019178942A1 (zh) | 一种进行ssl握手的方法和系统 | |
JP2014514860A (ja) | セキュリティアソシエーションの発見法 | |
US20230188325A1 (en) | Computer-implemented system and method for highly secure, high speed encryption and transmission of data | |
WO2024001035A1 (zh) | 基于区块链中继通信网络系统的消息传输方法及装置 | |
WO2023078123A1 (zh) | 区块链中继通信网络的中立性验证 | |
Liu et al. | A communication model in multilevel security network using quantum key | |
WO2022166556A1 (zh) | 在区块链网络中实现安全组播的方法及装置 | |
CN114142995A (zh) | 面向区块链中继通信网络的密钥安全分发方法及装置 | |
Harn et al. | General logic-operation-based lightweight group-key distribution schemes for Internet of Vehicles | |
CN116684093A (zh) | 身份认证与密钥交换方法及系统 | |
CN117353932A (zh) | 一种基于p2p的跨平台剪贴数据共享方法 | |
WO2024001037A1 (zh) | 一种消息传输方法、装置、电子设备和存储介质 | |
US20220407689A1 (en) | Key sharing for media frames using blockchain | |
CN113918971A (zh) | 基于区块链的消息传输方法、装置、设备及可读存储介质 | |
CN111279655B (zh) | 数据共享方法、系统及服务器、通信终端、记录介质 | |
Papotti et al. | Quantum Key Distribution in OpenSSL | |
Hjelm | Security and Privacy for Modern and Emerging Mobile Systems | |
Al-Amin et al. | Secure Data Management in P2P Social Networks Using Access Tokens |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 22748835 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 18275665 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2022748835 Country of ref document: EP Effective date: 20230904 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 11202305861Q Country of ref document: SG |