CN114640468A - Block chain privacy protection method based on online and offline attribute encryption - Google Patents
Block chain privacy protection method based on online and offline attribute encryption Download PDFInfo
- Publication number
- CN114640468A CN114640468A CN202210255503.8A CN202210255503A CN114640468A CN 114640468 A CN114640468 A CN 114640468A CN 202210255503 A CN202210255503 A CN 202210255503A CN 114640468 A CN114640468 A CN 114640468A
- Authority
- CN
- China
- Prior art keywords
- user
- ciphertext
- chain
- data
- offline
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 230000008569 process Effects 0.000 claims abstract description 10
- 238000013500 data storage Methods 0.000 claims abstract description 5
- 230000007246 mechanism Effects 0.000 claims description 38
- 238000012795 verification Methods 0.000 claims description 35
- 238000004422 calculation algorithm Methods 0.000 claims description 19
- 238000013507 mapping Methods 0.000 claims description 11
- 239000011159 matrix material Substances 0.000 claims description 10
- 239000012634 fragment Substances 0.000 claims description 9
- 238000006243 chemical reaction Methods 0.000 claims description 8
- 102100040468 Guanylate kinase Human genes 0.000 claims description 6
- 101100453821 Homo sapiens GUK1 gene Proteins 0.000 claims description 6
- 238000004364 calculation method Methods 0.000 claims description 6
- 230000002457 bidirectional effect Effects 0.000 claims description 5
- 125000004122 cyclic group Chemical group 0.000 claims description 4
- 238000005516 engineering process Methods 0.000 description 5
- 238000003745 diagnosis Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003044 adaptive effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012512 characterization method Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000004883 computer application Methods 0.000 description 1
- 238000012946 outsourcing Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a block chain privacy protection method based on online and offline attribute encryption, which relates to a block chain system and a plurality of entity modules, wherein the entity modules comprise a data owner DO, a data user DU, a group manager GM, an offline encryption agency OEA, an offline decryption agency ODE, a alliance chain AC and a shared chain EST; the block chain system is used for providing a distributed and credible data storage cloud server system for the entity module, and the implementation mode of the block chain system comprises the following processes of a system initialization stage, a user registration stage, an encryption stage, a group signature authentication stage, a data user decryption stage and a responsibility pursuing stage. By adopting the protection method, the data owner and the verifier can be traced back in two directions, and the safety of numerical control is improved.
Description
Technical Field
The invention relates to the technical field of block chains, in particular to a block chain privacy protection method based on online and offline attribute encryption.
Background
The blockchain is a credible distributed data storage technology realized based on a P2P network and a cryptography technology, and the blockchain is increasingly favored by people and widely applied in various scenes as a decentralized distributed accounting system based on the characteristics of non-repudiation, consensus and transparency, non-falsification and the like. However, the conventional blockchain realizes the transparency and traceability of data, and the privacy security of the user is threatened to a certain extent. How to protect the privacy security of users while realizing the advantages of transparent traceability of the blockchain becomes a research hotspot.
For the problem of traceability and user privacy leakage of block chain data, in order to protect user privacy security, through retrieval, reference 1 ("adaptive security outsourcing attribute-based encryption scheme with keyword search", goulipt, jonqin, computer application, 2021, 41 (11): 3266-. Reference 3 ("block chain supervised privacy protection scheme based on group signature and attribute encryption", li, duhuna, billo, computer engineering: 1-9 [ 2022-01-04 ]. DOI: 10.19678/j.issn.1000-3428.0062464) proposes a block chain privacy protection scheme with a double-chain structure, which effectively protects the private information of a user through a group signature technology and an attribute encryption technology. However, only one verifier in the scheme cannot effectively prevent collusion between the verifier and the user, cannot effectively ensure authenticity and transparency of information, and cannot be well applied to equipment with limited computing resources. Reference 4 ("block chain privacy protection scheme certified safe based on SM9 algorithm", yang chars, caichuliang, zhuan wei, characterization, software report, 2019, 30 (06): 1692-1704. DOI: 10.13328/j.cnki.jos.005745) proposes a privacy protection scheme mainly applied to a federation chain, and through the setting of verifier groups (i.e., federation chains), privacy information of users is effectively protected. However, the scheme is mainly applied to a alliance chain, cannot be well applied to a double-chain structure, and cannot be well applied to equipment with limited computing resources.
In combination with the features of references 1 to 4, in order to be applicable to devices with limited computing resources, while implementing fine-grained user privacy protection, the protection scheme can also trace responsibility for owners and signers of data, and improve the security of the data, thereby providing a protection scheme based on online and offline attributes.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a privacy protection method aiming at the problems in the background technology and aiming at protecting the privacy security of a user, the user calculation overhead is reduced and the fine-grained user access control is realized through an online and offline attribute encryption algorithm, and the two-way tracing of the user and a verifier is realized through double-chain design and group signature verification, so that the data security is improved, in particular to a block chain privacy protection method based on online and offline attribute encryption.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows: a block chain privacy protection method based on online and offline attribute encryption relates to a block chain system and a plurality of entity modules, wherein the entity modules comprise a data owner DO, a data user DU, a group administrator GM, an offline encryption agency OEA, an offline decryption agency ODE, a union chain AC and a shared chain EST; the block chain system is used for providing a distributed and credible data storage cloud server system for the entity module, and the implementation mode of the block chain system comprises the following processes of a system initialization stage, a user registration stage, an encryption stage, a group signature authentication stage, a data user decryption stage and a responsibility pursuing stage.
Furthermore, the block chain privacy protection method based on online and offline attribute encryption provided by the invention has the advantages that through the online and offline attribute encryption algorithm, the block chain is combined with the offline encryption mechanism and the offline decryption mechanism, the calculation overhead of a user is reduced, meanwhile, the fine-grained user access control is realized, through the double-chain control of the sharing chain and the alliance chain, the single-point fault problem is prevented, collusion between the user and a verifier is prevented, meanwhile, through group signature verification, the bidirectional tracing of a data owner and the verifier is realized, and the numerical control safety is increased; the specific implementation mode comprises the following processes that a data owner DO sends an access structure to an offline encryption mechanism ODE, the offline encryption mechanism calculates an intermediate ciphertext based on a time period tree and the access structure and returns the intermediate ciphertext to the data owner DO, and the data owner DO encrypts data by using the intermediate ciphertext and sends the ciphertext to a cloud server system in a block chain system; a data user searches keywords through a cloud server system and obtains a matched ciphertext; the data user DU sends the ciphertext to the offline decryption mechanism ODE, the offline decryption mechanism ODE partially decrypts the ciphertext based on the attribute and the secret key of the data user DO to obtain a converted ciphertext, and the converted ciphertext is returned to the data user DO; and the data user DO decrypts the converted ciphertext by using the conversion key to obtain the data.
Further, the block chain privacy protection method based on online and offline attribute encryption described in the present invention, wherein the specific implementation manner of the system initialization stage is:
(1) in the system initialization phase, determining the system initialization related attributes: data owner runs a system setup algorithm SystemSetup (1)λ) → (PK, MSK), i.e. inputting a safety factor lambda, the system generates the public key PK, saidMSK=(α,a,γ);
Wherein, G1 and G2 are prime p-order cyclic groups, and G is a generator of G1; e is a bilinear map: g1 XG 1 → G2; random number alpha, a, beta ∈ Zp(ii) a j represents the number of attributes; select j random numbers hj∈G1(ii) a Hash function H0: {0,1} → G1, H1: {0,1} → G2, H2: {0,1} → G2;
(2) group administrator GM initialization: the group administrator runs a system establishment algorithm GMetup (PK) → (GMKey, GMPK, GMSK), inputs a public key PK, and the system generates a GMKey of each group administrator GM, a group public key GMPK and a group tracking key GMSK;
wherein i represents the number of group administrators; gamma rayiRepresents i random numbers; g1 is the generator of G1; random number delta1,δ2∈Zp;u,v∈G1;
(3) Initialization of a alliance chain AC: ACSetup (PK, id) → (SignPK ), inputting the public key PK, and generating a federation chain signature master key SignPK and each node signature private key SignPK by the system; in the alliance chain, the alliance chain is divided into a main node and a secondary node, wherein the main node is responsible for maintaining the block chain and distributing id and a signature private key for a newly added block;
T=H1(id||hid,N)+ks;
wherein k represents the number of key generation centers AAk in the alliance chain; ks, kek is the random number of the key generation center, and ks, kek∈[1,N-1]Kek are held by k key generation centers respectively, and N is a finite field; p2 is the generator of G2, P1 is the generator of G1; id is a unique identifier of each secondary node in the alliance chain and is a string of random numbers issued by the primary node; hid denotes concealment.
Further, the block chain privacy protection method based on online and offline attribute encryption described in the present invention, wherein the specific implementation manner of the user registration stage is as follows:
(1) the user acquires a user private key fragment UKeyi: GMKeyGen (PK) → UKeyi; the user submits a registration application Aply to a group administrator GM, if the group administrator GM agrees, i group administrators respectively generate corresponding user private key fragments UKeyi for the user and send the user private key fragments UKeyi to the user; in the block chain, the users can be subdivided into data owners DO and data users DU;
wherein, the random number x belongs to Zp;
(2) And (3) calculating by the user: GMKeyGen (PK, S, UKeyi) → (UKey, IDU, CPA _ SK); a user calculates a user private key UKey and a user identification IDU of the user through an algorithm, and submits a user attribute set AS { a1, a 2.., aj } to a group manager to obtain an attribute encryption key CPA _ SK and an offline verification key VK;
vj is the weight value of each attribute in the user attribute set AS; TK is a ciphertext conversion key with encrypted attributes; d, Z is a random number, and d, Z, mu ∈ Zp。
Further, the block chain privacy protection method based on online and offline attribute encryption described in the present invention, wherein the specific implementation manner of the encryption stage is as follows:
(1) the offline encryption mechanism OEA carries out offline encryption: OEA _ Enc (PK) → IC, and the data owner DO selects a secret s and passes it to the offline encryption mechanism; the off-line encryption mechanism calculates an intermediate ciphertext IC through the secret value s and sends the intermediate ciphertext IC to the data owner DO;
wherein the secret value s ∈ Zp(ii) a Random number epsilon, y epsilon, Zp;
(2) The data owner DO encrypts: DO _ Enc (PK, IC, VK, Message) → CT. The data owner DO finally encrypts the plaintext Message through the access structure AC and the intermediate ciphertext IC to obtain an attribute encrypted ciphertext CT;
wherein,for the mapping of the attribute aj in the access structure AC ═ M, ρ (x), θ is the secret share of aj in the mapping function ρ (x); r is a random ciphertext parameter, and R belongs to G2(ii) a M is a mapping matrix, and each row in M corresponds to one attribute.
Further, the block chain privacy protection method based on online and offline attribute encryption described in the present invention, wherein the specific implementation manner of the group signature authentication stage is as follows:
(1) and (3) signing the ciphertext CT by the AC secondary node A of the alliance chain: AC _ Sign (CT, SignMK, SignPk) → (SignCT, DO _ Verify). And the federation chain secondary node A signs the ciphertext CT, and the secondary node A in the federation chain performs signature operation through the signature main key SignMK and the signature private key SignPK of the secondary node A to obtain the group signature SignCT of the secondary node in the federation chain on the ciphertext CT and the source verification value DO _ Verify.
Wherein, the random number r1,r2∈[1,N-1](ii) a idA represents the id of the secondary node A; τ, χ are random numbers, and τ, χ ∈ Zp(ii) a Selecting a random blinding factor b1,b2,b3,b4,b5∈Zp。
(2) And (3) a federation chain AC authentication phase: AC _ verify (SignCT) → 1/0. The alliance chain receives the ciphertext CT and the corresponding group signature SignCT, and verifies the group signature through an algorithm. If the signature is proved to be generated by a certain node in the alliance chain, outputting 1; otherwise, 0 is output, and the ciphertext CT is discarded;
and (3) calculating: u shape1=e(SS·SignAG),U2=e(SS·SignPKA);
Verification U1=U2If the two are equal, carrying out next verification; if not, discarding the ciphertext CT;
from the received SignCT:
the verification is carried out by the user,if the CT is equal to the CT, the CT is sent to a sharing chain for sharing; otherwise, discarding the ciphertext CT; the verification can prove that the ciphertext CT passes the verification of the alliance chain signature;
(3) and (3) an uplink stage: adopting a UTXO form to uplink, sending the Number of the last transaction, the hash value HLast of the last transaction and the group signature SignCT of the current transaction to a main node V of the alliance chain by a secondary node A, generating a New block New _ block by the main node V, verifying the information in the block, merging the New block New _ block into a sharing chain if the verification is passed, and otherwise, discarding the block;
in the authentication phase of the alliance chain AC, each node in the alliance chain searches the last transaction information associated with the new block in the shared chain, compares whether the input value of the new block is the same as the output value of the last transaction, and if the input value of the new block is the same as the output value of the last transaction, the main node incorporates the new block into the shared chain, otherwise, discards the new block.
Further, the block chain privacy protection method based on online and offline attribute encryption described in the present invention, wherein the specific implementation manner of the data user decryption stage is as follows:
(1) the off-line decryption mechanism ODA performs partial decryption: ODA _ Dec (AC, CT, TK) → PC, and the data user DU transmits the ciphertext CT and the ciphertext transformation key TK to the offline decryption mechanism ODA; the off-line encryption mechanism ODA firstly checks whether the attribute set AS of the data user meets the requirement of accessing the structure AC, if so, partial decryption is carried out on the ciphertext CT and partial decrypted ciphertext PC is sent to the data user DU; otherwise, 0 is output;
PC=(AC,MM,R·e(g,g)αs,gs,e(g,g)daθ/z,C1);
(2) decrypting the data user DU: DU _ Dec (PC, CPA _ SK) → R; the data user DU decrypts the partial ciphertext PC through the attribute encryption key CPA _ SK to obtain a random ciphertext parameter R;
R=R·e(g,g)αs/(e(gs,gαhd)/e(g,g)das);
further, the block chain privacy protection method based on online and offline attribute encryption described in the present invention, wherein the tracing phase is specifically implemented as follows:
(1) accountability data owner DO: DO _ Accountability (DO _ Verify, GMSK) → idDO. If the group administrator votes to ask for tracing the data owner, the id of the data owner can be calculated and obtained through the source verification value DO _ Verify and the group tracing key GMSK;
(2) Accountant signer a: a _ Accountability (SignCT, SignPK) → idA; in the process of chain loading, by adopting a group signature verification method and a chain loading mode of UTXO, if a group administrator commits to require the data owner to be traced, the main node can find the initial address to trace the responsibility by a mode of tracing the source chain by chain for the transaction; and extracting the IDA hash value HID of the signer A through the group signature SignCT and the signature private key SignP, and finding the IDA of the signer by comparing the HID values corresponding to the ids of the sub-nodes one by the main node.
Compared with the prior art, the block chain privacy protection method based on online and offline attribute encryption has the beneficial effects that: by means of an online and offline attribute encryption algorithm, the block chain is combined with the offline encryption mechanism and the offline decryption mechanism, fine-grained user access control is achieved while computing overhead of a user is reduced, the method is suitable for equipment with limited computing resources, single-point failure is prevented through double-chain control of a sharing chain and a coalition chain, collusion between the user and a verifier is prevented, meanwhile, bidirectional tracing of a data owner and the verifier is achieved through group signature verification, and numerical control safety is improved.
Drawings
The present invention will be described in further detail with reference to the accompanying drawings.
FIG. 1 is a diagram illustrating a corresponding structure of an access structure control tree and an LSSS matrix according to the present invention;
FIG. 2 is a schematic diagram of a physical module according to the present invention;
fig. 3 is a schematic block diagram of a protection method according to the present invention.
Detailed Description
To further illustrate the concept of the present invention, embodiments of the present invention are described in further detail below with reference to the accompanying drawings and examples. The following detailed description of the embodiments and the accompanying drawings are provided to illustrate the principles of the invention and are not intended to limit the scope of the invention, i.e., the invention is not limited to the described embodiments.
The block chain privacy protection method based on online and offline attribute encryption is characterized in that an application scene needs to be designed, a doctor-patient communication platform based on a cloud service platform is assumed to exist, a user B is a patient registered on the internet, a doctor wants to be consulted on the cloud service platform and a treatment suggestion is obtained, but the user B does not reveal own diagnosis and treatment information while obtaining a diagnosis and treatment list, and a commitment can be provided to ensure that the diagnosis and treatment list is from a regular registered doctor and can trace the doctor and verifier for diagnosis and treatment when a medical accident occurs at a later stage. The traditional scheme can not be well applied to the scenes, and in order to solve the problems, the block chain privacy protection scheme based on online and offline attribute encryption is provided. Meanwhile, in order to facilitate understanding of the technical scheme of the present invention, the following description will be made with reference to the access structure and bilinear map, which relate to the knowledge of the access structure and bilinear map:
accessing a structure: suppose there is oneA non-empty set of user attributes a, a ═ { a1, a 2.., An }; there is a non-empty access control set S, S ═ S1, S2.., Sk }; if A and S satisfyThe set A is called an authorization set under the access control S; otherwise, the set a is called an unauthorized set under the access control S. In CP-ABE, if a is an authorization set, there is a matrix AA and a function ρ (x) exists, so that each row in the matrix AA can be mapped with an attribute in S one by one, the matrix AA is called LSSS matrix, and the row number of the LSSS matrix is equal to the number of leaf nodes on the access control tree, i.e. the number of attributes. The access structure control tree and LSSS matrix map shown in fig. 1.
Bilinear mapping: g1, G2 and G3 are prime p-order cyclic groups; there is a mapping e: g1 XG 2 → G3, if e is a bilinear pair, then:
B. Non-degeneration: there is one G1, G2, such that e (G1, G2) ≠ 1;
C. calculability: there is one efficient algorithm to compute e (G1, G2).
Aiming at the application scene, the fine-grained user privacy protection is realized, simultaneously, the responsibility tracing can be carried out on the owner and the signer of the data, the bidirectional tracing back on the user and the verifier is realized, and the data security is improved, so that the block chain privacy protection method based on the online and offline attribute encryption is provided, and the detailed design scheme of the protection method is as follows:
a block chain privacy protection method based on online and offline attribute encryption relates to a block chain system and a plurality of entity modules, the structural model of which is shown in FIG. 2, wherein the entity modules comprise a data owner DO, a data user DU, a group manager GM, an offline encryption agency OEA, an offline decryption agency ODE, a federation chain AC and a shared chain EST; the block chain system is used for providing a distributed and credible data storage cloud server system for the entity module, and the implementation mode of the block chain system comprises the following processes of a system initialization stage, a user registration stage, an encryption stage, a group signature authentication stage, a data user decryption stage and a responsibility tracing stage; the specific operation flow is shown in fig. 3, and specifically includes the following processes that a data owner DO sends an access structure to an offline encryption mechanism ODE, the offline encryption mechanism calculates an intermediate ciphertext based on a time period tree and the access structure and returns the intermediate ciphertext to the data owner DO, and the data owner DO encrypts data by using the intermediate ciphertext and sends the ciphertext to a cloud server system in a block chain system; a data user searches keywords through a cloud server system and obtains a matched ciphertext; the data user DU sends the ciphertext to the offline decryption mechanism ODE, the offline decryption mechanism ODE partially decrypts the ciphertext based on the attribute and the secret key of the data user DO to obtain a converted ciphertext, and the converted ciphertext is returned to the data user DO; and the data user DO decrypts the converted ciphertext by using the conversion key to obtain the data.
1. A system initialization stage:
(1) firstly, the system initialization related attributes are determined: data owner runs a system setup algorithm SystemSetup (1)λ) → (PK, MSK), i.e. inputting a safety factor lambda, the system generates the public key PK, saidMSK=(α,a,γ);
Wherein, G1 and G2 are prime p-order cyclic groups, and G is a generator of G1; e is a bilinear map: g1 XG 1 → G2; random number alpha, a, beta ∈ Zp(ii) a j represents the number of attributes; j random numbers h are selectedj∈G1(ii) a Hash function H0: {0,1} → G1, H1: {0,1} → G2, H2: {0,1} → G2;
(2) secondly, the group administrator GM is initialized: the group administrator runs a system establishment algorithm GMetup (PK) → (GMKey, GMPK, GMSK), inputs a public key PK, and generates a secret key GMKey, a group public key GMPK and a group tracking secret key GMSK of each group administrator GM;
wherein i represents the number of group administrators; gamma rayiRepresents i random numbers; g1 is the generator of G1; random number delta1,δ2∈Zp;u,v∈G1;
(3) Finally, initializing the alliance chain AC: ACSetup (PK, id) → (SignPK ), inputting the public key PK, and generating a federation chain signature master key SignPK and each node signature private key SignPK by the system; in the alliance chain, the alliance chain is divided into a main node and a secondary node, wherein the main node is responsible for maintaining the block chain and distributing id and a signature private key for a newly added block;
T=H1(id||hid,N)+ks;
wherein k represents the number of key generation centers AAk in the alliance chain; ks, kek is the random number of the key generation center, and ks, kek∈[1,N-1]Kek are held by k key generation centers respectively, and N is a finite field; p2 is the generator of G2, P1 is the generator of G1; id is a unique identifier of each secondary node in the alliance chain and is a string of random numbers issued by the primary node; hid denotes concealment.
2. A user registration stage:
(1) the user acquires a user private key fragment UKeyi: gmkeygen (pk) → UKeyi; the user submits a registration application Aply to a group administrator GM, if the group administrator GM agrees, i group administrators respectively generate corresponding user private key fragments UKeyi for the user and send the user private key fragments UKeyi to the user; in the block chain, the users can be subdivided into data owners DO and data users DU;
wherein, the random number x belongs to Zp;
(2) And (3) calculating by the user: GMKeyGen (PK, S, UKeyi) → (UKey, IDU, CPA _ SK); a user calculates a user private key UKey and a user identification IDU of the user through an algorithm, and submits a user attribute set AS { a1, a 2.., aj } to a group manager to obtain an attribute encryption key CPA _ SK and an offline verification key VK;
vj is the weight value of each attribute in the user attribute set AS; TK is a ciphertext conversion key for attribute encryption; d, Z is a random number, and d, Z, mu ∈ Zp。
3. And an encryption stage:
(1) the offline encryption mechanism OEA carries out offline encryption: OEA _ Enc (PK) → IC, data owner DO selecting a secret s to pass to an offline encryption mechanism; the off-line encryption mechanism calculates an intermediate ciphertext IC through the secret value s and sends the intermediate ciphertext IC to the data owner DO;
wherein the secret value s ∈ Zp(ii) a Random number epsilon, y epsilon, Zp;
(2) The data owner DO encrypts: DO _ Enc (PK, IC, VK, Message) → CT. The data owner DO finally encrypts the plaintext Message through the access structure AC and the intermediate ciphertext IC to obtain an attribute encrypted ciphertext CT;
C1=gμ/(β+μ),gβ·gμ,H1(e(g,g)μ,R·H1(Message),MM=H1(Message)⊕H1(R);
wherein,for the mapping of the attribute aj in the access structure AC ═ M, ρ (x), θ is the secret share of aj in the mapping function ρ (x); r is a random ciphertext parameter, and R belongs to G2(ii) a M is a mapping matrix, and each row in M corresponds to one attribute.
4. And (3) group signature authentication:
(1) and (3) signing the ciphertext CT by the AC secondary node A of the alliance chain: AC _ Sign (CT, SignMK, SignPk) → (SignCT, DO _ Verify). And the federation chain secondary node A signs the ciphertext CT, and makes the secondary node A in the federation chain perform signature operation through the signature main key SignMK and the signature private key SignPK of the secondary node A to obtain the group signature SignCT and the source verification value DO _ Verify of the ciphertext CT by the secondary node in the federation chain.
Wherein, the random number r1,r2∈[1,N-1](ii) a idA represents the id of the secondary node A; τ, χ are random numbers, and τ, χ ∈ Zp(ii) a Selecting a random blinding factor b1,b2,b3,b4,b5∈Zp。
(2) And (3) a federation chain AC authentication phase: AC _ verify (SignCT) → 1/0. The alliance chain receives the ciphertext CT and the corresponding group signature SignCT, and verifies the group signature through an algorithm. If the signature is proved to be generated by a certain node in the alliance chain, outputting 1, and; otherwise, 0 is output, and the ciphertext CT is discarded;
and (3) calculating: u shape1=e(SS·SignAG),U2=e(SS·SignPKA);
Verification U1=U2If the two are equal, carrying out next verification; if not, discarding the ciphertext CT;
from the received SignCT:
the verification is carried out by the user,if the CT is equal to the CT, the CT is sent to a sharing chain for sharing; otherwise, discarding the ciphertext CT; the ciphertext CT passes the verification of the alliance chain signature through verification;
(3) and (3) an uplink stage: adopting a UTXO form to uplink, sending the Number of the last transaction, the hash value HLast of the last transaction and the group signature SignCT of the current transaction to a main node V of the alliance chain by a secondary node A, generating a New block New _ block by the main node V, verifying the information in the block, merging the New block New _ block into a sharing chain if the verification is passed, and otherwise, discarding the block;
in the authentication phase of the alliance chain AC, each node in the alliance chain searches the last transaction information associated with the new block in the shared chain, compares whether the input value of the new block is the same as the output value of the last transaction, and if the input value of the new block is the same as the output value of the last transaction, the main node incorporates the new block into the shared chain, otherwise, discards the new block.
5. Data user decryption stage:
(1) the off-line decryption mechanism ODA performs partial decryption: ODA _ Dec (AC, CT, TK) → PC, and the data user DU transmits the ciphertext CT and the ciphertext conversion key TK to the offline decryption mechanism ODA; the off-line encryption mechanism ODA firstly checks whether the attribute set AS of the data user meets the requirement of accessing the structure AC, if so, partially decrypts the ciphertext CT and sends the partially decrypted ciphertext PC to the data user DU; otherwise, 0 is output;
PC=(AC,MM,R·e(g,g)αs,gs,e(g,g)daθ/z,C1);
(2) decrypting the data user DU: DU _ Dec (PC, CPA _ SK) → R; the data user DU decrypts the partial ciphertext PC through the attribute encryption key CPA _ SK to obtain a random ciphertext parameter R;
R=R·e(g,g)αs/(e(gs,gαhd)/e(g,g)das);
6. and (3) a responsibility following stage:
(1) data owner DO is accountable: DO _ Accountability (DO _ Verify, GMSK) → idDO. If the group administrator votes to ask for tracing the data owner, the id of the data owner can be calculated and obtained through the source verification value DO _ Verify and the group tracing key GMSK;
(2) Accountant signer a: a _ Accountability (SignCT, SignPK) → idA; in the process of chain loading, by adopting a group signature verification method and a chain loading mode of UTXO, if a group administrator commits to require the data owner to be traced, the main node can find the initial address to trace the responsibility by a mode of tracing the source chain by chain for the transaction; and extracting the idA hash value HID of the signer A through the group signature SignCT and the signature private key SignP, and comparing the HID values corresponding to the ids of the sub nodes one by the main node to find the idA of the signer.
By adopting the block chain privacy protection method, the block chain is combined with the offline encryption mechanism and the offline decryption mechanism through the online offline attribute encryption algorithm, the calculation overhead of a user is reduced, fine-grained user access control is realized, the block chain privacy protection method is suitable for equipment with limited calculation resources, the single-point fault problem is prevented through double-chain control of a sharing chain and a alliance chain, collusion between the user and a verifier is prevented, meanwhile, through group signature verification, bidirectional tracing of a data owner and the verifier is realized, and the safety of numerical control is improved.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art, and any modifications, equivalents, improvements, etc. made by using the present invention should be included in the protection scope of the present invention.
Claims (8)
1. A block chain privacy protection method based on online and offline attribute encryption is characterized in that: the protection method relates to a block link system and a plurality of entity modules, wherein the entity modules comprise a data owner DO, a data user DU, a group manager GM, an offline encryption agency OEA, an offline decryption agency ODE, an alliance link AC and a shared link EST; the block chain system is used for providing a distributed and credible data storage cloud server system for the entity module, and the implementation mode of the block chain system comprises the following processes of a system initialization stage, a user registration stage, an encryption stage, a group signature authentication stage, a data user decryption stage and a responsibility pursuing stage.
2. The method of claim 1, wherein the method for blockchain privacy protection based on online and offline attribute encryption comprises: the protection method has the advantages that through an online and offline attribute encryption algorithm, the block chain is combined with the offline encryption mechanism and the offline decryption mechanism, the calculation overhead of a user is reduced, meanwhile, fine-grained user access control is realized, through double-chain control of a sharing chain and a alliance chain, the problem of single-point failure is prevented, collusion between the user and a verifier is prevented, meanwhile, through group signature verification, bidirectional tracing of a data owner and the verifier is realized, and the safety of numerical control is improved; the specific implementation mode comprises the following processes that a data owner DO sends an access structure to an offline encryption mechanism ODE, the offline encryption mechanism calculates an intermediate ciphertext based on a time period tree and the access structure and returns the intermediate ciphertext to the data owner DO, and the data owner DO encrypts data by using the intermediate ciphertext and sends the ciphertext to a cloud server system in a block chain system; a data user searches keywords through a cloud server system and obtains a matched ciphertext; the data user DU sends the ciphertext to the offline decryption mechanism ODE, the offline decryption mechanism ODE partially decrypts the ciphertext based on the attribute and the secret key of the data user DO to obtain a converted ciphertext, and the converted ciphertext is returned to the data user DO; and the data user DO decrypts the converted ciphertext by using the conversion key to obtain the data.
3. The method according to claim 1, wherein the system initialization stage is implemented in a specific manner as follows:
(1) in the system initialization phase, determining the system initialization related attributes: data owner runs a system setup algorithm SystemSetup (1)λ) → (PK, MSK), i.e. entering a safety factor λ, the system generates the public key PK, saidMSK=(α,a,γ);
Wherein, G1 and G2 are prime p-order cyclic groups, and G is a generator of G1; e is a bilinear map: g1 XG 1 → G2;random number alpha, a, beta ∈ Zp(ii) a j represents the number of attributes; select j random numbers hj∈G1(ii) a Hash function H0: {0,1} → G1, H1: {0,1} → G2, H2: {0,1} → G2;
(2) group administrator GM initialization: the group administrator runs a system establishment algorithm GMetup (PK) → (GMKey, GMPK, GMSK), inputs a public key PK, and the system generates a GMKey of each group administrator GM, a group public key GMPK and a group tracking key GMSK;
wherein i represents the number of group administrators; gamma rayiRepresents i random numbers; g1 is the generator of G1; random number delta1,δ2∈Zp;u,v∈G1;
(3) Initialization of a alliance chain AC: ACSetup (PK, id) → (SignPK ), inputting a public key PK, and generating a federation chain signature master key SignPK and a signature private key SignPK of each node by the system; in the alliance chain, the alliance chain is divided into a main node and a secondary node, wherein the main node is responsible for maintaining the block chain and distributing id and a signature private key for a newly added block;
wherein k represents the number of key generation centers AAk in the alliance chain; ks, kek is the random number of the key generation center, and ks, kek∈[1,N-1]Kek are held by k key generation centers respectively, and N is a finite field; p2 is the generator of G2, P1 is the generator of G1; id is a unique identifier of each secondary node in the alliance chain and is a string of random numbers issued by the primary node; hid denotes concealment.
4. The blockchain privacy protection method based on online and offline attribute encryption according to claim 1, wherein a specific implementation manner of the user registration stage is as follows:
(1) the user acquires a user private key fragment UKeyi: gmkeygen (pk) → UKeyi; the user submits a registration application Aply to a group administrator GM, if the group administrator GM agrees, i group administrators respectively generate corresponding user private key fragments UKeyi for the user and send the user private key fragments UKeyi to the user; in the block chain, the users can be subdivided into data owners DO and data users DU;
wherein, the random number x belongs to Zp;
(2) And (3) user calculation: GMKeyGen (PK, S, UKeyi) → (UKey, IDU, CPA _ SK); a user calculates a user private key UKey and a user identification IDU of the user through an algorithm, and submits a user attribute set AS { a1, a2, a.., aj } to a group manager to obtain an attribute encryption key CPA _ SK and an offline verification key VK;
VK=(g1/(β+μ),μ);
wherein vj is the weight value of each attribute in the user attribute set AS; TK is a ciphertext conversion key for attribute encryption; d, Z is a random number, and d, Z, mu ∈ Zp。
5. The blockchain privacy protection method based on online and offline attribute encryption according to claim 1, wherein the encryption stage is specifically implemented as follows:
(1) the offline encryption mechanism OEA carries out offline encryption: OEA _ enc (pk) → IC, the data owner DO selects a secret value s to pass to the off-line encryption mechanism; the off-line encryption mechanism calculates an intermediate ciphertext IC through the secret value s and sends the intermediate ciphertext IC to the data owner DO;
wherein the secret value s ∈ Zp(ii) a Random number epsilon, y epsilon, Zp;
(2) The data owner DO encrypts: DO _ Enc (PK, IC, VK, Message) → CT;
the data owner DO finally encrypts the plaintext Message through the access structure AC and the intermediate ciphertext IC to obtain an attribute encryption ciphertext CT;
6. The method for blockchain privacy protection based on online and offline attribute encryption according to claim 1, wherein the specific implementation manner of the group signature authentication stage is as follows:
(1) and (3) signing the ciphertext CT by the AC secondary node A of the alliance chain: AC _ Sign (CT, SignMK, SignPK) → (sigct, DO _ Verify);
the federation chain secondary node A signs the ciphertext CT, and the secondary node A in the federation chain carries out signature operation through a signature main key SignMK and a signature private key SignPK of the secondary node A to obtain a group signature SignCT and a source verification value DO _ Verify of the secondary node in the federation chain on the ciphertext CT;
wherein, the random number r1,r2∈[1,N-1](ii) a idA represents the id of the secondary node A; τ, χ are random numbers, and τ, χ ∈ Zp;
Selecting a random blinding factor b1,b2,b3,b4,b5∈Zp;
(2) And (3) a federation chain AC authentication phase: AC _ verify (signct) → 1/0;
the alliance chain receives the ciphertext CT and the corresponding group signature SignCT, and verifies the group signature through an algorithm;
if the signature is proved to be generated by a certain node in the alliance chain, outputting 1, and; otherwise, 0 is output, and the ciphertext CT is discarded;
and (3) calculating: u shape1=e(SS·SignAG),U2=e(SS·SignPKA);
Verification U1=U2If the two are equal, carrying out next verification; if not, discarding the ciphertext CT;
from the received SignCT:
the verification is carried out by the user,if the CT is equal to the CT, the CT is sent to a sharing chain for sharing; otherwise, discarding the ciphertext CT; the verification can prove that the ciphertext CT passes the verification of the alliance chain signature;
(3) and (3) an uplink stage: adopting a UTXO form to uplink, sending the Number of the last transaction, the hash value HLast of the last transaction and the group signature SignCT of the current transaction to a main node V of the alliance chain by a secondary node A, generating a New block New _ block by the main node V, verifying the information in the block, merging the New block New _ block into a sharing chain if the verification is passed, and otherwise, discarding the block;
in the authentication phase of the alliance chain AC, each node in the alliance chain searches the last transaction information associated with the new block in the shared chain, compares whether the input value of the new block is the same as the output value of the last transaction, and if the input value of the new block is the same as the output value of the last transaction, the main node incorporates the new block into the shared chain, otherwise, discards the new block.
7. The method according to claim 1, wherein the data consumer decryption stage is implemented in a manner that:
(1) the off-line decryption mechanism ODA performs partial decryption: ODA _ Dec (AC, CT, TK) → PC, and the data user DU transmits the ciphertext CT and the ciphertext conversion key TK to the offline decryption mechanism ODA; the off-line encryption mechanism ODA firstly checks whether the attribute set AS of the data user meets the requirement of accessing the structure AC, if so, partial decryption is carried out on the ciphertext CT and partial decrypted ciphertext PC is sent to the data user DU; otherwise, 0 is output;
PC=(AC,MM,R·e(g,g)αs,gs,e(g,g)daθ/z,C1);
(2) decrypting the data user DU: DU _ Dec (PC, CPA _ SK) → R; the data user DU decrypts the partial ciphertext PC through the attribute encryption key CPA _ SK to obtain a random ciphertext parameter R;
R=R·e(g,g)αs/(e(gs,gαhd)/e(g,g)das);
8. the method according to claim 1, wherein the tracing phase is implemented in a specific manner as follows:
(1) accountability data owner DO: DO _ Accountability (DO _ Verify, GMSK) → idDO;
if the group administrator commits to require to pursue the data owner, the id of the data owner can be calculated and obtained through the source verification value DO _ Verify and the group tracking key GMSK;
(2) Accountability signer a: a _ Accountability (SignCT, SignPK) → idA; in the process of chain loading, by adopting a group signature verification method and a chain loading mode of UTXO, if a group administrator commits to require the data owner to be traced, the main node can find the initial address to trace the responsibility by a mode of tracing the source chain by chain for the transaction; and extracting the IDA hash value HID of the signer A through the group signature SignCT and the signature private key SignP, and finding the IDA of the signer by comparing the HID values corresponding to the ids of the sub-nodes one by the main node.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210255503.8A CN114640468B (en) | 2022-03-16 | 2022-03-16 | A blockchain privacy protection method based on online and offline attribute encryption |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210255503.8A CN114640468B (en) | 2022-03-16 | 2022-03-16 | A blockchain privacy protection method based on online and offline attribute encryption |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114640468A true CN114640468A (en) | 2022-06-17 |
| CN114640468B CN114640468B (en) | 2024-01-26 |
Family
ID=81948850
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210255503.8A Active CN114640468B (en) | 2022-03-16 | 2022-03-16 | A blockchain privacy protection method based on online and offline attribute encryption |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114640468B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115242398A (en) * | 2022-06-24 | 2022-10-25 | 蚂蚁区块链科技(上海)有限公司 | System, method and device for knowledge question answering based on blockchain |
| CN119728172A (en) * | 2024-12-02 | 2025-03-28 | 西北师范大学 | Encryption method, decryption method and system |
| CN119892452A (en) * | 2025-01-10 | 2025-04-25 | 天津科技大学 | Power data privacy security protection system, method and application based on ciphertext policy attribute-based encryption |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106503994A (en) * | 2016-11-02 | 2017-03-15 | 西安电子科技大学 | Block chain private data access control method based on encryption attribute |
| US20200244634A1 (en) * | 2019-01-29 | 2020-07-30 | Mastercard International Incorporated | Method and system for general data protection compliance via blockchain |
| CN113489733A (en) * | 2021-07-13 | 2021-10-08 | 郑州轻工业大学 | Block chain-based content center network privacy protection method |
| CN113595971A (en) * | 2021-06-02 | 2021-11-02 | 云南财经大学 | Block chain-based distributed data security sharing method, system and computer readable medium |
| CN113836222A (en) * | 2021-08-24 | 2021-12-24 | 北京理工大学 | A blockchain-based access control method that can hide policies and attributes |
| CN114065265A (en) * | 2021-11-29 | 2022-02-18 | 重庆邮电大学 | Fine-grained cloud storage access control method, system and equipment based on block chain technology |
-
2022
- 2022-03-16 CN CN202210255503.8A patent/CN114640468B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106503994A (en) * | 2016-11-02 | 2017-03-15 | 西安电子科技大学 | Block chain private data access control method based on encryption attribute |
| US20200244634A1 (en) * | 2019-01-29 | 2020-07-30 | Mastercard International Incorporated | Method and system for general data protection compliance via blockchain |
| CN113595971A (en) * | 2021-06-02 | 2021-11-02 | 云南财经大学 | Block chain-based distributed data security sharing method, system and computer readable medium |
| CN113489733A (en) * | 2021-07-13 | 2021-10-08 | 郑州轻工业大学 | Block chain-based content center network privacy protection method |
| CN113836222A (en) * | 2021-08-24 | 2021-12-24 | 北京理工大学 | A blockchain-based access control method that can hide policies and attributes |
| CN114065265A (en) * | 2021-11-29 | 2022-02-18 | 重庆邮电大学 | Fine-grained cloud storage access control method, system and equipment based on block chain technology |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115242398A (en) * | 2022-06-24 | 2022-10-25 | 蚂蚁区块链科技(上海)有限公司 | System, method and device for knowledge question answering based on blockchain |
| CN115242398B (en) * | 2022-06-24 | 2025-02-25 | 蚂蚁区块链科技(上海)有限公司 | System, method and device for knowledge question answering based on blockchain |
| CN119728172A (en) * | 2024-12-02 | 2025-03-28 | 西北师范大学 | Encryption method, decryption method and system |
| CN119892452A (en) * | 2025-01-10 | 2025-04-25 | 天津科技大学 | Power data privacy security protection system, method and application based on ciphertext policy attribute-based encryption |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114640468B (en) | 2024-01-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110493347B (en) | Block chain-based data access control method and system in large-scale cloud storage | |
| Zhu et al. | TBAC: Transaction-based access control on blockchain for resource sharing with cryptographically decentralized authorization | |
| CN114650137B (en) | Decryption outsourcing method and system based on block chain and supporting strategy hiding | |
| CN114036539B (en) | Secure and auditable IoT data sharing system and method based on blockchain | |
| CN106487506B (en) | Multi-mechanism KP-ABE method supporting pre-encryption and outsourcing decryption | |
| CN113434875B (en) | A lightweight access method and system based on blockchain | |
| CN104601605A (en) | Efficient privacy protection auditing scheme based on chameleon hash function in cloud storage | |
| JPH1041932A (en) | Ciphering key recovery method and equipment | |
| CN114640468B (en) | A blockchain privacy protection method based on online and offline attribute encryption | |
| CN116418560A (en) | An online rapid identity authentication system and method based on blockchain smart contracts | |
| EP4144040A1 (en) | Generating shared private keys | |
| CN111274594B (en) | Block chain-based secure big data privacy protection sharing method | |
| US12567975B2 (en) | Dynamically traceable privacy-preserving distributed threshold signature system and method | |
| WO2023016729A1 (en) | Generating digital signature shares | |
| CN119316156B (en) | Distributed digital identity authentication method and system with privacy protection and access control | |
| CN118133311A (en) | A privacy protection method for federated learning based on improved group signature | |
| CN110519040B (en) | Anti-quantum computation digital signature method and system based on identity | |
| CN113868450B (en) | Remote sensing image safety retrieval method based on block chain | |
| CN119519987B (en) | A searchable encryption method and system with forward and backward security | |
| CN114629640A (en) | White-box accountable attribute-based encryption system and method for solving key escrow problem | |
| Lin et al. | Leveraging dual‐blockchain collaboration for logistics supply chain supervision | |
| Liu et al. | Distributed Digital Identity Parking Authentication System Based on Blockchain | |
| CN118659877A (en) | Attribute-based encryption method and system for edge controller | |
| Akshay et al. | Dynamic list based data integrity verification in cloud environment | |
| Wu et al. | Verified CSAC-based CP-ABE access control of cloud storage in SWIM |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |






























































