CN114640468B - A blockchain privacy protection method based on online and offline attribute encryption - Google Patents

A blockchain privacy protection method based on online and offline attribute encryption Download PDF

Info

Publication number
CN114640468B
CN114640468B CN202210255503.8A CN202210255503A CN114640468B CN 114640468 B CN114640468 B CN 114640468B CN 202210255503 A CN202210255503 A CN 202210255503A CN 114640468 B CN114640468 B CN 114640468B
Authority
CN
China
Prior art keywords
user
ciphertext
offline
data
chain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210255503.8A
Other languages
Chinese (zh)
Other versions
CN114640468A (en
Inventor
高丹
欧君
李高俊
范玮
季小艳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Vocational And Technical College Of Anshun
Original Assignee
Vocational And Technical College Of Anshun
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vocational And Technical College Of Anshun filed Critical Vocational And Technical College Of Anshun
Priority to CN202210255503.8A priority Critical patent/CN114640468B/en
Publication of CN114640468A publication Critical patent/CN114640468A/en
Application granted granted Critical
Publication of CN114640468B publication Critical patent/CN114640468B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种基于在线离线属性加密的区块链隐私保护方法,所述保护方法涉及区块链系统和多个实体模块,所述实体模块包括有数据拥有者DO、数据使用者DU、群管理员GM、离线加密机构OEA、离线解密机构ODE、联盟链AC和共享链EST;所述区块链系统用于为实体模块提供分布式可信的数据存储云服务器系统,其实现方式包括以下过程,系统初始化阶段,用户注册阶段,加密阶段,群签名认证阶段,数据使用者解密阶段和追责阶段。采用本发明所述的保护方法,实现了对数据拥有者和验证者的双向追溯,增加了数控的安全性。

The invention discloses a blockchain privacy protection method based on online and offline attribute encryption. The protection method involves a blockchain system and multiple entity modules. The entity modules include data owner DO, data user DU, Group administrator GM, offline encryption agency OEA, offline decryption agency ODE, alliance chain AC and shared chain EST; the blockchain system is used to provide a distributed and trusted data storage cloud server system for the entity module, and its implementation methods include The following processes include system initialization stage, user registration stage, encryption stage, group signature authentication stage, data user decryption stage and accountability stage. By adopting the protection method of the present invention, two-way traceability of data owners and verifiers is realized, and the security of numerical control is increased.

Description

Block chain privacy protection method based on online offline attribute encryption
Technical Field
The invention relates to the technical field of blockchains, in particular to a blockchain privacy protection method based on online and offline attribute encryption.
Background
Blockchains are a trusted distributed data storage technology implemented based on P2P networks and cryptography, and are becoming popular and widely used in various scenarios based on their non-repudiation, consensus and transparency, and non-tampering, etc., as a decentralized distributed accounting system. However, the conventional blockchain achieves transparency and traceability of data, and meanwhile, the privacy security of a user is threatened to a certain extent. How to protect user privacy security while achieving the advantage of transparent traceability of blockchain has become a research hotspot.
Aiming at the problem of traceability of blockchain data and user privacy leakage, in order to protect user privacy security, reference 1 ("outsourced attribute-based encryption scheme with keyword search for self-adaptive security", guo Lifeng, wang Qianli, computer application, 2021, 41 (11): 3266-3273) and reference 2 ("CP-WABE scheme supporting offline/online encryption and verifiable outsource decryption", li Hang, feng Chaosheng, liu Shuaina, liu Bin, zhao Kaijiang, e-newspaper, 2020, 48 (11): 2146-2153) are searched to outsource partial encryption calculation and partial decryption calculation to offline institutions in an online/offline manner, and although the calculation cost of data owners and data users is reduced, the method is not well applicable to blockchain. Reference 3 ("blockchain manageable privacy protection scheme based on group signature and attribute encryption", li Li, du Huina, li Tao, computer engineering: 1-9[2022-01-04]. DOI: 10.19678/j.issn.1000-3428.0062464) proposes a blockchain privacy protection scheme of double-chain structure, which effectively protects private information of users through a group signature technique and an attribute encryption technique. However, the scheme has only one verifier, cannot effectively prevent collusion between the verifier and the user, cannot effectively ensure reality and transparency of information, and cannot be well applied to equipment with limited computing resources. Reference 4 ("blocking chain privacy protection scheme based on SM9 algorithm to prove security", yang Yatao, cai Juliang, zhangwei, yuan Zheng, software report, 2019, 30 (06): 1692-1704.DOI: 10.13328/j.cnki.jos.005745) proposes a privacy protection scheme mainly applied to federated chains, and by setting of a verifier population (i.e. federated chains), privacy information of users is effectively protected. However, the scheme is mainly applied to the alliance chain, cannot be well applied to the double-chain structure, and cannot be well applied to equipment with limited computing resources.
In combination with the features of references 1 to 4, in order to be suitable for devices with limited computing resources, fine-grained user privacy protection is realized, meanwhile, responsibility can be added to the owners and signers of data, and the security of the data is improved, so that a protection scheme based on online offline attributes is provided.
Disclosure of Invention
Aiming at the problems in the background technology, the invention provides a privacy protection method for protecting the privacy safety of users, which reduces the calculation cost of the users through an online offline attribute encryption algorithm, realizes fine-granularity user access control, and realizes bidirectional traceability of the users and verifiers through double-chain design and group signature verification so as to improve the safety of data, in particular to a blockchain privacy protection method based on online offline attribute encryption.
In order to solve the technical problems, the invention adopts the following technical scheme: the block chain privacy protection method based on online offline attribute encryption relates to a block chain system and a plurality of entity modules, wherein the entity modules comprise a data owner DO, a data user DU, a group manager GM, an offline encryption mechanism OEA, an offline decryption mechanism ODE, a alliance chain AC and a sharing chain EST; the block chain system is used for providing a distributed and trusted data storage cloud server system for the entity module, and the implementation mode of the block chain system comprises a system initialization stage, a user registration stage, an encryption stage, a group signature authentication stage, a data user decryption stage and a responsibility tracking stage.
Furthermore, the protection method based on online offline attribute encryption utilizes a blockchain to combine an offline encryption mechanism and an offline decryption mechanism through an online offline attribute encryption algorithm, so that fine-granularity user access control is realized while the calculation cost of a user is reduced, single-point fault problems are prevented, collusion is prevented between the user and a verifier through double-chain control of a shared chain and a alliance chain, and meanwhile, bidirectional traceability of a data owner and the verifier is realized through group signature verification, and the numerical control safety is improved; the data owner DO sends an access structure to an offline encryption mechanism ODE, the offline encryption mechanism calculates an intermediate ciphertext based on a time period tree and the access structure and returns the intermediate ciphertext to the data owner DO, and the data owner DO encrypts data by using the intermediate ciphertext and sends the ciphertext to a cloud server system in a blockchain system; the data user searches keywords through the cloud server system and obtains matched ciphertext; the data user DU sends the ciphertext to an offline decryption mechanism ODE, the offline decryption mechanism ODE carries out partial decryption on the ciphertext based on the attribute and the secret key of the data user DO to obtain a converted ciphertext, and the converted ciphertext is returned to the data user DO; the data user DO decrypts the transformed ciphertext using the transformed key to obtain the data.
Further, the blockchain privacy protection method based on online offline attribute encryption, disclosed by the invention, comprises the following specific implementation modes of the system initialization stage:
(1) In the system initialization stage, determining the related attribute of system initialization: data owner running System setup algorithm Systemsetup (1 λ ) -PK, MSK), i.e. inputting a security factor λ, the system generates a public key PK, saidMSK=(α,a,γ);
Wherein G1 and G2 are prime number p-order cyclic groups, and G is a generator of G1; e is bilinear map: g1×g1→g2; random numbers alpha, a, beta E Z p The method comprises the steps of carrying out a first treatment on the surface of the j represents the number of attributes; selecting j random numbers h j ∈G 1 The method comprises the steps of carrying out a first treatment on the surface of the Hash function H0: {0,1} → G1, H1: {0,1} → G2, H2: {0,1} → G2;
(2) Group administrator GM initialization: the group manager runs a system building algorithm GMSitup (PK) → (GMKey, GMPK, GMSK), inputs a public key PK, and generates a key GMKey, a group public key GMPK and a group tracking key GMSK of each group manager GM;
GMKey=γ iGMSK=(δ 12 ),
wherein i represents the number of group administrators; gamma ray i Representing i random numbers; g1 is a generator of G1; random number delta 12 ∈Z p ;u,v∈G 1
(3) Alliance chain AC initialization: actetup (PK, id) → (sign mk, sign PK), inputting public key PK, the system generating a federation chain signature master key sign mk and each node signature private key sign PK; in the alliance chain, the alliance chain is divided into a main node and a secondary node, wherein the main node is responsible for maintenance work of the blockchain and distributes id and signature private keys for newly added blocks;
T=H 1 (id||hid,N)+ks;
wherein k represents the number of key generation centers AAk in the alliance chain; ks, kek is a random number of the key generation center, and ks, ke k ∈[1,N-1]Kek are respectively held by k key generating centers, and N is a finite field; p2 is a generator of G2, and P1 is a generator of G1; id is the unique identifier of each secondary node in the alliance chain, and is a string of random numbers issued for the primary node; the hide indicates concealment.
Further, the blockchain privacy protection method based on online offline attribute encryption, disclosed by the invention, comprises the following specific implementation modes of the user registration stage:
(1) The user obtains a user private key fragment UKey i: GMKeyGen (PK) → ukyi; the user puts forward a registration application Apply to the group manager GM, if the group manager GM agrees, the i group managers respectively generate corresponding user private key fragments UKey i for the user, and send the user private key fragments UKey i to the user; while in the blockchain, users may be subdivided into data owners DO and data consumers DU;
wherein, the random number x epsilon Z p
(2) User calculation: GMKeyGen (PK, S, ukyi) → (UKey, IDU, cpa_sk); the user calculates a user private key UKey and a user identifier IDU of the user through an algorithm, and submits a user attribute set AS= { a1, a2, & gt, aj } to a group administrator to obtain an attribute encryption key CPA_SK and an offline verification key VK;
CPA_SK=(g α h d ,z,TK),VK=(g 1/(β+μ) ,μ);
wherein vj is the weight value of each attribute in the user attribute set AS; TK is a ciphertext conversion key of attribute encryption; d, Z is a random number, and d, Z, μ ε Z p
Further, the blockchain privacy protection method based on online offline attribute encryption disclosed by the invention comprises the following specific implementation modes of the encryption stage:
(1) The offline encryption mechanism OEA performs offline encryption: OEA_Enc (PK) →IC, and the data owner DO selects a secret value s to be transmitted to the off-line encryption mechanism; the offline encryption mechanism calculates an intermediate ciphertext IC through a secret value s and sends the intermediate ciphertext IC to a data owner DO;
wherein the secret value s epsilon Z p The method comprises the steps of carrying out a first treatment on the surface of the Random number epsilon, y epsilon Z p
(2) The data owner DO encrypts: DO_Enc (PK, IC, VK, message) →CT. The data owner DO finally encrypts the plaintext Message through an access structure AC and an intermediate ciphertext IC to obtain an attribute encrypted ciphertext CT;
C 1 =g μ/(β+μ) ,g β ·g μ ,H 1 (e(g,g) μ ,R·H 1 (Message),
wherein,for the mapping of the attribute aj in the access structure ac= (M, ρ (x)), θ is the secret share of aj in the mapping function ρ (x); r is a random ciphertext parameter, and R epsilon G 2 The method comprises the steps of carrying out a first treatment on the surface of the M is a mapping matrix, and each row in M corresponds to an attribute.
Further, the blockchain privacy protection method based on online offline attribute encryption, disclosed by the invention, comprises the following specific implementation modes of the group signature authentication stage:
(1) The alliance chain AC secondary node a signs the ciphertext CT: AC_Sign (CT, signMK, signPK) → (SignCT, DO_Verify). The method comprises the steps that a secondary node A of a alliance chain signs a ciphertext CT, so that the secondary node A in the alliance chain carries out signature operation through a signature master key SignMK and a signature private key SignPK of the secondary node A, and a group signature SignCT and a source verification value DO_Verify of the secondary node in the alliance chain to the ciphertext CT are obtained.
Wherein the random number r 1 ,r 2 ∈[1,N-1]The method comprises the steps of carrying out a first treatment on the surface of the idA represents the id identification of the secondary node a; τ, χ is a random number, and τ, χ ε Z p The method comprises the steps of carrying out a first treatment on the surface of the Selecting a random blinding factor b 1 ,b 2 ,b 3 ,b 4 ,b 5 ∈Z p
(2) Alliance chain AC verification phase: AC Verify (SignCT) →1/0. The alliance chain receives the ciphertext CT and the corresponding group signature SignCT, and verifies the group signature through an algorithm. If it is proved that the signature is generated by a certain node in the alliance chain, outputting 1 and; otherwise, outputting 0 and discarding the ciphertext CT;
and (3) calculating: u (U) 1 =e(SS·SignAG),U 2 =e(SS·SignPK A );
Verification U 1 =U 2 If the two types of data are equal, performing next verification; if not, discarding the ciphertext CT;
from the received SignCT calculation:
the verification is performed such that,if the CT is equal, the CT is sent to a sharing chain for sharing; otherwise, discarding the ciphertext CT; the ciphertext CT can be proved to pass the alliance chain signature verification through verification;
(3) And (3) a step of uplink: the method comprises the steps that a UTXO mode is adopted for uplink, a secondary node A sends a Number of a last transaction, a hash value HLast of the last transaction and a group signature SignCT of the current transaction to a alliance chain master node V, the master node V generates a New block and verifies information in the block, if the verification is passed, the New block is integrated into a shared chain, otherwise, the block is discarded;
in the alliance chain AC verification stage, each node in the alliance chain searches the last transaction information associated with the new block in the shared chain, compares whether the input of the new block is the same with the output value of the last transaction, and if the new block is agreed by most nodes in the alliance chain, the main node merges the new block into the shared chain, otherwise, discards the new block.
Further, the blockchain privacy protection method based on online offline attribute encryption of the present invention, wherein the specific implementation manner of the data user decryption stage is as follows:
(1) The offline decryption mechanism ODA performs partial decryption: ODA_Dec (AC, CT, TK) →PC, and data user DU transmits ciphertext CT and ciphertext conversion key TK to offline decryption mechanism ODA; the offline encryption mechanism ODA firstly checks whether the attribute set AS of the data user meets the requirement of the access structure AC, if so, carries out partial decryption on the ciphertext CT and sends the partial decrypted ciphertext PC to the data user DU; otherwise, outputting 0;
PC=(AC,MM,R·e(g,g) αs ,g s ,e(g,g) daθ/z ,C 1 );
(2) The data user DU decrypts: DU_Dec (PC, CPA_SK) →R; the data user DU decrypts the partial decryption ciphertext PC through the attribute encryption key CPA_SK to obtain a random ciphertext parameter R;
R=R·e(g,g) αs /(e(g s ,g α h d )/e(g,g) das );
further, the blockchain privacy protection method based on online offline attribute encryption, disclosed by the invention, comprises the following specific implementation modes of the responsibility following stage:
(1) The responsibilities data owner DO: DO_Account (GMSK) →idDO. If the group administrator votes to pass through the requirement of the data owner, the id of the data owner can be calculated and obtained through the source verification value DO_verity and the group tracking key GMSK;
is known to beThen->
(2) Responsibility-pursuing signer a: a_accountability (sign ct, sign pk) →ida; in the uplink process, if a group administrator votes through a request for a responsibility-following data owner by adopting a group signature verification method and a UTXO uplink mode, a master node can find a first address to carry out responsibility-following through a chain-by-chain source tracing mode for the transaction; through the group signature SignCT and the signature private key SignP, the idA hash value HID of the signer A is extracted, and the host node can find the idA of the signer by comparing the HID values corresponding to the ids of the child nodes one by one.
Compared with the prior art, the blockchain privacy protection method based on online and offline attribute encryption has the beneficial effects that: the block chain is utilized to combine the offline encryption mechanism and the offline decryption mechanism through the online offline attribute encryption algorithm, so that the computing expense of a user is reduced, fine-granularity user access control is realized, the method is applicable to equipment with limited computing resources, single-point fault problems are prevented, collusion between the user and a verifier is prevented through double-chain control of a shared chain and a alliance chain, and meanwhile, bidirectional traceability of a data owner and the verifier is realized through group signature verification, and the numerical control safety is improved.
Drawings
The invention is described in further detail below with reference to the accompanying drawings.
FIG. 1 is a schematic diagram of the corresponding structure of an access structure control tree and LSSS matrix according to the present invention;
FIG. 2 is a schematic diagram of a structural model of the entity module according to the present invention;
fig. 3 is a schematic block diagram of a protection method according to the present invention.
Detailed Description
In order to further illustrate the inventive concept, embodiments of the present invention are described in further detail below with reference to the drawings and examples. The following detailed description of the embodiments and the accompanying drawings are provided to illustrate the principles of the invention and are not intended to limit the scope of the invention, i.e., the invention is not limited to the embodiments described.
The invention discloses a blockchain privacy protection method based on online and offline attribute encryption, which is characterized in that an application scene is designed firstly, a doctor-patient communication platform based on a cloud service platform is assumed to exist, a user B is a patient registered on the internet and wants to consult doctors on the cloud service platform and acquire treatment suggestions, but the user B hopes that the doctor can acquire a diagnosis and treatment list without revealing own diagnosis and treatment information at the same time, and a promise can be provided for ensuring that the diagnosis and treatment list comes from a regular registered doctor and can follow up to a doctor and a verifier of diagnosis and treatment in the later medical accident. The scheme is suitable for equipment with limited computing resources, and can be used for carrying out responsibility-pursuing on owners and signers of data while achieving fine-grained user privacy protection. Meanwhile, in order to facilitate understanding of the technical scheme of the present invention, related knowledge of the access structure and bilinear map is involved, and the following description is made on the access structure and bilinear map:
access structure: assume there is a non-empty user attribute set a, a= { A1, A2,..an }; there is one non-empty access control set S, s= { S1, S2,..sk }; if A and S satisfyThen set a is referred to as the authorization set under access control S; otherwise, set a is referred to as an unauthorized set under access control S. In CP-ABE, if a is an authorization set, there is a matrix AA, and there is a function ρ (x), so that each row in the matrix AA can be mapped with the attributes in S one by one, then the matrix AA is called LSSS matrix, and the number of rows of the LSSS matrix is equal to the number of leaf nodes on the access control tree, i.e. the number of attributes. The access structure control tree and LSSS matrix map as shown in fig. 1.
Bilinear mapping: setting G1, G2 and G3 as prime number p-order cyclic groups; there is a mapping relationship e: g1×g2→g3, if e is a bilinear pair, then:
A. bilinear: any a, b E Zp, all have
B. Non-degradability: there is one G1, G2, such that e (G1, G2) noteq1;
C. calculability: there is an efficient algorithm to calculate e (G1, G2).
Aiming at the application scene, fine-granularity user privacy protection is realized, meanwhile, responsibility can be pursued for the owner and the signer of the data, bidirectional traceability is realized for the user and the verifier, and the safety of the data is improved, so that a blockchain privacy protection method based on online offline attribute encryption is provided, and the detailed design scheme of the protection method is as follows:
a block chain privacy protection method based on online offline attribute encryption relates to a block chain system and a plurality of entity modules, wherein the structure model of the block chain privacy protection method is shown in figure 2, and the entity modules comprise a data owner DO, a data user DU, a group manager GM, an offline encryption mechanism OEA, an offline decryption mechanism ODE, a alliance chain AC and a sharing chain EST; the block chain system is used for providing a distributed and credible data storage cloud server system for the entity module, and the implementation mode of the block chain system comprises a system initialization stage, a user registration stage, an encryption stage, a group signature authentication stage, a data user decryption stage and a responsibility tracking stage; the specific operation flow is shown in fig. 3, and specifically includes the following steps that the data owner DO sends an access structure to an offline encryption mechanism ODE, the offline encryption mechanism calculates an intermediate ciphertext based on a time period tree and the access structure and returns the intermediate ciphertext to the data owner DO, and the data owner DO encrypts data by using the intermediate ciphertext and sends the ciphertext to a cloud server system in the blockchain system; the data user searches keywords through the cloud server system and obtains matched ciphertext; the data user DU sends the ciphertext to an offline decryption mechanism ODE, the offline decryption mechanism ODE carries out partial decryption on the ciphertext based on the attribute and the secret key of the data user DO to obtain a converted ciphertext, and the converted ciphertext is returned to the data user DO; the data user DO decrypts the transformed ciphertext using the transformed key to obtain the data.
1. System initialization phase:
(1) First, the system initialization related attribute is to be determined: data owner running System setup algorithm Systemsetup (1 λ ) -PK, MSK), i.e. inputting a security factor λ, the system generates a public key PK, saidMSK=(α,a,γ);
Wherein G1 and G2 are prime number p-order cyclic groups, and G is a generator of G1; e is bilinear map: g1×g1→g2; random numbers alpha, a, beta E Z p The method comprises the steps of carrying out a first treatment on the surface of the j represents the number of attributes; selecting j random numbers h j ∈G 1 The method comprises the steps of carrying out a first treatment on the surface of the Hash function H0: {0,1} → G1, H1: {0,1} → G2, H2: {0,1} → G2;
(2) Secondly, initializing a group manager GM: the group manager runs a system building algorithm GMSitup (PK) → (GMKey, GMPK, GMSK), inputs a public key PK, and generates a key GMKey, a group public key GMPK and a group tracking key GMSK of each group manager GM;
GMKey=γ iGMSK=(δ 12 ),
wherein i represents the number of group administrators; gamma ray i Representing i random numbers; g1 is a generator of G1; random number delta 12 ∈Z p ;u,v∈G 1
(3) Finally, alliance chain AC initialization: actetup (PK, id) → (sign mk, sign PK), inputting public key PK, the system generating a federation chain signature master key sign mk and each node signature private key sign PK; in the alliance chain, the alliance chain is divided into a main node and a secondary node, wherein the main node is responsible for maintenance work of the blockchain and distributes id and signature private keys for newly added blocks;
T=H 1 (id||hid,N)+ks;
wherein k represents the number of key generation centers AAk in the alliance chain; ks, kek is a random number of the key generation center, and ks, ke k ∈[1,N-1]Kek are respectively held by k key generating centers, and N is a finite field; p2 is a generator of G2, and P1 is a generator of G1; id is the unique identifier of each secondary node in the alliance chain, and is a string of random numbers issued for the primary node; the hide indicates concealment.
2. A user registration stage:
(1) The user obtains a user private key fragment UKey i: GMKeyGen (PK) → ukyi; the user puts forward a registration application Apply to the group manager GM, if the group manager GM agrees, the i group managers respectively generate corresponding user private key fragments UKey i for the user, and send the user private key fragments UKey i to the user; while in the blockchain, users may be subdivided into data owners DO and data consumers DU;
wherein, the random number x epsilon Z p
(2) User calculation: GMKeyGen (PK, S, ukyi) → (UKey, IDU, cpa_sk); the user calculates a user private key UKey and a user identifier IDU of the user through an algorithm, and submits a user attribute set AS= { a1, a2, & gt, aj } to a group administrator to obtain an attribute encryption key CPA_SK and an offline verification key VK;
CPA_SK=(g α h d ,z,TK),
VK=(g 1/(β+μ) ,μ);
wherein vj is the weight value of each attribute in the user attribute set AS; TK is a ciphertext conversion key of attribute encryption; d, Z is a random number, and d, Z, μ ε Z p
3. Encryption stage:
(1) The offline encryption mechanism OEA performs offline encryption: OEA_Enc (PK) →IC, and the data owner DO selects a secret value s to be transmitted to the off-line encryption mechanism; the offline encryption mechanism calculates an intermediate ciphertext IC through a secret value s and sends the intermediate ciphertext IC to a data owner DO;
wherein the secret value s epsilon Z p The method comprises the steps of carrying out a first treatment on the surface of the Random number epsilon, y epsilon Z p
(2) The data owner DO encrypts: DO_Enc (PK, IC, VK, message) →CT. The data owner DO finally encrypts the plaintext Message through an access structure AC and an intermediate ciphertext IC to obtain an attribute encrypted ciphertext CT;
C 1 =g μ/(β+μ) ,g β ·g μ ,H 1 (e(g,g) μ ,R·H 1 (Message),MM=H 1 (Message)⊕H 1 (R);
wherein,for the mapping of the attribute aj in the access structure ac= (M, ρ (x)), θ is the secret share of aj in the mapping function ρ (x); r is a random ciphertext parameter, and R epsilon G 2 The method comprises the steps of carrying out a first treatment on the surface of the M is a mapping matrix, and each row in M corresponds to an attribute.
4. Group signature authentication phase:
(1) The alliance chain AC secondary node a signs the ciphertext CT: AC_Sign (CT, signMK, signPK) → (SignCT, DO_Verify). The method comprises the steps that a secondary node A of a alliance chain signs a ciphertext CT, so that the secondary node A in the alliance chain carries out signature operation through a signature master key SignMK and a signature private key SignPK of the secondary node A, and a group signature SignCT and a source verification value DO_Verify of the secondary node in the alliance chain to the ciphertext CT are obtained.
Wherein the random number r 1 ,r 2 ∈[1,N-1]The method comprises the steps of carrying out a first treatment on the surface of the idA represents the id identification of the secondary node a; τ, χ is a random number, and τ, χ ε Z p The method comprises the steps of carrying out a first treatment on the surface of the Selecting a random blinding factor b 1 ,b 2 ,b 3 ,b 4 ,b 5 ∈Z p
(2) Alliance chain AC verification phase: AC Verify (SignCT) →1/0. The alliance chain receives the ciphertext CT and the corresponding group signature SignCT, and verifies the group signature through an algorithm. If it is proved that the signature is generated by a certain node in the alliance chain, outputting 1 and; otherwise, outputting 0 and discarding the ciphertext CT;
and (3) calculating: u (U) 1 =e(SS·SignAG),U 2 =e(SS·SignPK A );
Verification U 1 =U 2 If equal, thenPerforming next verification; if not, discarding the ciphertext CT;
from the received SignCT calculation:
the verification is performed such that,if the CT is equal, the CT is sent to a sharing chain for sharing; otherwise, discarding the ciphertext CT; the ciphertext CT can be proved to pass the alliance chain signature verification through verification;
(3) And (3) a step of uplink: the method comprises the steps that a UTXO mode is adopted for uplink, a secondary node A sends a Number of a last transaction, a hash value HLast of the last transaction and a group signature SignCT of the current transaction to a alliance chain master node V, the master node V generates a New block and verifies information in the block, if the verification is passed, the New block is integrated into a shared chain, otherwise, the block is discarded;
in the alliance chain AC verification stage, each node in the alliance chain searches the last transaction information associated with the new block in the shared chain, compares whether the input of the new block is the same with the output value of the last transaction, and if the new block is agreed by most nodes in the alliance chain, the main node merges the new block into the shared chain, otherwise, discards the new block.
5. Data user decryption stage:
(1) The offline decryption mechanism ODA performs partial decryption: ODA_Dec (AC, CT, TK) →PC, and data user DU transmits ciphertext CT and ciphertext conversion key TK to offline decryption mechanism ODA; the offline encryption mechanism ODA firstly checks whether the attribute set AS of the data user meets the requirement of the access structure AC, if so, carries out partial decryption on the ciphertext CT and sends the partial decrypted ciphertext PC to the data user DU; otherwise, outputting 0;
PC=(AC,MM,R·e(g,g) αs ,g s ,e(g,g) daθ/z ,C 1 );
(2) The data user DU decrypts: DU_Dec (PC, CPA_SK) →R; the data user DU decrypts the partial decryption ciphertext PC through the attribute encryption key CPA_SK to obtain a random ciphertext parameter R;
R=R·e(g,g) αs /(e(g s ,g α h d )/e(g,g) das );
6. and (4) a responsibility following stage:
(1) The responsibilities data owner DO: DO_Account (GMSK) →idDO. If the group administrator votes to pass through the requirement of the data owner, the id of the data owner can be calculated and obtained through the source verification value DO_verity and the group tracking key GMSK;
is known to beThen->
(2) Responsibility-pursuing signer a: a_accountability (sign ct, sign pk) →ida; in the uplink process, if a group administrator votes through a request for a responsibility-following data owner by adopting a group signature verification method and a UTXO uplink mode, a master node can find a first address to carry out responsibility-following through a chain-by-chain source tracing mode for the transaction; through the group signature SignCT and the signature private key SignP, the idA hash value HID of the signer A is extracted, and the host node can find the idA of the signer by comparing the HID values corresponding to the ids of the child nodes one by one.
By adopting the blockchain privacy protection method, the blockchain is utilized to combine the offline encryption mechanism and the offline decryption mechanism through the online offline attribute encryption algorithm, so that the computing expense of a user is reduced, the fine-granularity user access control is realized, the blockchain privacy protection method is suitable for equipment with limited computing resources, the single-point fault problem is prevented, collusion is prevented between the user and a verifier through double-chain control of a shared chain and a alliance chain, and meanwhile, the bidirectional traceability of a data owner and the verifier is realized through group signature verification, and the security of numerical control is increased.
The above description is only of the preferred embodiments of the present invention, and it should be understood that various changes and modifications can be made by those skilled in the art, and any modifications, equivalents, improvements and the like made by the present invention should be included in the scope of the present invention.

Claims (7)

1. A blockchain privacy protection method based on online offline attribute encryption is characterized by comprising the following steps: the protection method relates to a blockchain system and a plurality of entity modules, wherein the entity modules comprise a data owner DO, a data user DU, a group manager GM, an off-line encryption mechanism OEA, an off-line decryption mechanism ODE, a alliance chain AC and a sharing chain EST; the block chain system is used for providing a distributed and credible data storage cloud server system for the entity module, and the implementation mode of the block chain system comprises a system initialization stage, a user registration stage, an encryption stage, a group signature authentication stage, a data user decryption stage and a responsibility tracking stage; the protection method utilizes a block chain to combine an offline encryption mechanism and an offline decryption mechanism through an online offline attribute encryption algorithm, reduces the calculation expense of a user, realizes fine-granularity user access control, prevents single-point fault problems from occurring between the user and a verifier through double-chain control of a shared chain and a alliance chain, and simultaneously realizes bidirectional traceability of the data owner and the verifier through group signature verification, thereby increasing the security of numerical control; the data owner DO sends an access structure to an offline encryption mechanism ODE, the offline encryption mechanism calculates an intermediate ciphertext based on a time period tree and the access structure and returns the intermediate ciphertext to the data owner DO, and the data owner DO encrypts data by using the intermediate ciphertext and sends the ciphertext to a cloud server system in a blockchain system; the data user searches keywords through the cloud server system and obtains matched ciphertext; the data user DU sends the ciphertext to an offline decryption mechanism ODE, the offline decryption mechanism ODE carries out partial decryption on the ciphertext based on the attribute and the secret key of the data user DO to obtain a converted ciphertext, and the converted ciphertext is returned to the data user DO; the data user DO decrypts the transformed ciphertext using the transformed key to obtain the data.
2. The blockchain privacy protection method based on online-offline attribute encryption according to claim 1, wherein the specific implementation manner of the system initialization stage is as follows:
(1) In the system initialization stage, determining the related attribute of system initialization: data owner running System setup algorithm Systemsetup (1 λ ) -PK, MSK), i.e. inputting a security factor λ, the system generates a public key PK, saidMSK=(α,a,γ);
Wherein G1 and G2 are prime number p-order cyclic groups, and G is a generator of G1; e is bilinear map: g1×g1→g2; random numbers alpha, a, beta E Z p The method comprises the steps of carrying out a first treatment on the surface of the j represents the number of attributes; selecting j random numbers h j ∈G 1 The method comprises the steps of carrying out a first treatment on the surface of the Hash function H0: {0,1} → G1, H1: {0,1} → G2, H2: {0,1} → G2;
(2) Group administrator GM initialization: the group manager runs a system building algorithm GMSitup (PK) → (GMKey, GMPK, GMSK), inputs a public key PK, and generates a key GMKey, a group public key GMPK and a group tracking key GMSK of each group manager GM;
GMKey=γ iGMSK=(δ 12 ),
wherein i represents the number of group administrators; gamma ray i Representing i random numbers; g1 is a generator of G1; random number delta 12 ∈Z p ;u,v∈G 1
(3) Alliance chain AC initialization: actetup (PK, id) → (sign mk, sign PK), inputting public key PK, the system generating a federation chain signature master key sign mk and each node signature private key sign PK; in the alliance chain, the alliance chain is divided into a main node and a secondary node, wherein the main node is responsible for maintenance work of the blockchain and distributes id and signature private keys for newly added blocks;
T=H 1 (id||hid,N)+ks;
wherein k represents the number of key generation centers AAk in the alliance chain; ks, kek is a random number of the key generation center, and ks, ke k ∈[1,N-1]Kek are respectively held by k key generating centers, and N is a finite field; p2 is a generator of G2, and P1 is a generator of G1; id is the unique identifier of each secondary node in the alliance chain, and is a string of random numbers issued for the primary node; the hide indicates concealment.
3. The blockchain privacy protection method based on online-offline attribute encryption as in claim 1, wherein the specific implementation manner of the user registration stage is as follows:
(1) The user obtains a user private key fragment UKey i: GMKeyGen (PK) → ukyi; the user puts forward a registration application Apply to the group manager GM, if the group manager GM agrees, the i group managers respectively generate corresponding user private key fragments UKey i for the user, and send the user private key fragments UKey i to the user; while in the blockchain, users may be subdivided into data owners DO and data consumers DU;
wherein, the random number x epsilon Z p
(2) User calculation: GMKeyGen (PK, S, ukyi) → (UKey, IDU, cpa_sk); the user calculates a user private key UKey and a user identification IDU of the user through an algorithm, and submits a user attribute set AS= { a1, a2, & gt, aj } to a group administrator to obtain an attribute encryption key CPA_SK and an offline verification key VK;
CPA_SK=(g α h d ,z,TK),
VK=(g 1/(β+μ) ,μ);
wherein vj is the weight value of each attribute in the user attribute set AS; TK is a ciphertext conversion key of attribute encryption; d, Z is a random number, and d, Z, μ ε Z p
4. The blockchain privacy protection method based on online-offline attribute encryption according to claim 1, wherein the specific implementation manner of the encryption stage is as follows:
(1) The offline encryption mechanism OEA performs offline encryption: oea_enc (PK) → IC, the data owner DO selects a secret value s to be transmitted to the off-line encryption mechanism; the offline encryption mechanism calculates an intermediate ciphertext IC through a secret value s and sends the intermediate ciphertext IC to a data owner DO;
wherein the secret value s epsilon Z p The method comprises the steps of carrying out a first treatment on the surface of the Random number epsilon, y epsilon Z p
(2) The data owner DO encrypts: DO_Enc (PK, IC, VK, message) to CT, the data owner DO finally encrypts the plaintext Message through the access structure AC and the intermediate ciphertext IC to obtain an attribute encrypted ciphertext CT;
C 1 =g μ/(β+μ) ,g β ·g μ ,H 1 (e(g,g) μ ,R·H 1 (Message),
wherein,for the mapping of the attribute aj in the access structure ac= (M, ρ (x)), θ is the secret share of aj in the mapping function ρ (x); r is a random ciphertext parameter, and R epsilon G 2 The method comprises the steps of carrying out a first treatment on the surface of the M is a mapping matrix, and each row in M corresponds to an attribute.
5. The blockchain privacy protection method based on online-offline attribute encryption as in claim 1, wherein the group signature authentication stage is specifically implemented as follows:
(1) The alliance chain AC secondary node a signs the ciphertext CT: an AC_Sign (CT, signMK, signPK) → (SignCT, DO_Verify), a alliance chain secondary node A signs a ciphertext CT, so that a secondary node A in the alliance chain carries out signature operation through a signature master key SignMK and a signature private key SignPK of the secondary node A to obtain a group signature SignCT and a source verification value DO_Verify of the secondary node in the alliance chain to the ciphertext CT;
wherein the random number r 1 ,r 2 ∈[1,N-1]The method comprises the steps of carrying out a first treatment on the surface of the idA represents the id identification of the secondary node a; τ, χ is a random number, and τ, χ ε Z p The method comprises the steps of carrying out a first treatment on the surface of the Selecting a random blinding factor b 1 ,b 2 ,b 3 ,b 4 ,b 5 ∈Z p;
(2) Alliance chain AC verification phase: ac_ Verify (SignCT) →1/0, the federation chain receives the ciphertext CT and the corresponding group signature sign CT, verifies the group signature by an algorithm, outputs 1 if it proves that the signature is generated by a certain node in the federation chain, and; otherwise, outputting 0 and discarding the ciphertext CT;
and (3) calculating: u (U) 1 =e(SS·SignAG),U 2 =e(SS·SignPK A );
Verification U 1 =U 2 If the two types of data are equal, performing next verification; if not, discarding the ciphertext CT;
from the received SignCT calculation:
the verification is performed such that,if the CT is equal, the CT is sent to a sharing chain for sharing; otherwise, discarding the ciphertext CT; the ciphertext CT can be proved to pass the alliance chain signature verification through verification;
(3) And (3) a step of uplink: the method comprises the steps that a UTXO mode is adopted for uplink, a secondary node A sends a Number of a last transaction, a hash value HLast of the last transaction and a group signature SignCT of the current transaction to a alliance chain master node V, the master node V generates a New block and verifies information in the block, if the verification is passed, the New block is integrated into a shared chain, otherwise, the block is discarded;
in the alliance chain AC verification stage, each node in the alliance chain searches the last transaction information associated with the new block in the shared chain, compares whether the input of the new block is the same with the output value of the last transaction, and if the new block is agreed by most nodes in the alliance chain, the main node merges the new block into the shared chain, otherwise, discards the new block.
6. The blockchain privacy protection method based on online-offline attribute encryption according to claim 1, wherein the specific implementation manner of the data user decryption stage is as follows:
(1) The offline decryption mechanism ODA performs partial decryption: ODA_Dec (AC, CT, TK) →PC, and the data user DU transmits the ciphertext CT and the ciphertext conversion key TK to the offline decryption mechanism ODA; the offline encryption mechanism ODA firstly checks whether the attribute set AS of the data user meets the requirement of the access structure AC, if so, carries out partial decryption on the ciphertext CT and sends the partial decrypted ciphertext PC to the data user DU; otherwise, outputting 0;
PC=(AC,MM,R·e(g,g) αs ,g s ,e(g,g) daθ/z ,C 1 );
(2) The data user DU decrypts: du_dec (PC, cpa_sk) →r; the data user DU decrypts the partial decryption ciphertext PC through the attribute encryption key CPA_SK to obtain a random ciphertext parameter R;
R=R·e(g,g) αs /(e(g s ,g α h d )/e(g,g) das );
7. the blockchain privacy protection method based on online-offline attribute encryption according to claim 1, wherein the specific implementation manner of the responsibility following stage is:
(1) The responsibilities data owner DO: DO_Account availability (GMSK) -idDO, if a group administrator votes to pass through the request for the data owner, then the id of the data owner can be calculated and obtained by the source verification value DO_verify and the group tracking key GMSK;
is known to beThen->
(2) Responsibility-pursuing signer a: a_accountability (SignCT, signPK) →ida; in the uplink process, if a group administrator votes through a request for a responsibility-following data owner by adopting a group signature verification method and a UTXO uplink mode, a master node can find a first address to carry out responsibility-following through a chain-by-chain source tracing mode for the transaction; through the group signature SignCT and the signature private key SignP, the idA hash value HID of the signer A is extracted, and the host node can find the idA of the signer by comparing the HID values corresponding to the ids of the child nodes one by one.
CN202210255503.8A 2022-03-16 2022-03-16 A blockchain privacy protection method based on online and offline attribute encryption Active CN114640468B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210255503.8A CN114640468B (en) 2022-03-16 2022-03-16 A blockchain privacy protection method based on online and offline attribute encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210255503.8A CN114640468B (en) 2022-03-16 2022-03-16 A blockchain privacy protection method based on online and offline attribute encryption

Publications (2)

Publication Number Publication Date
CN114640468A CN114640468A (en) 2022-06-17
CN114640468B true CN114640468B (en) 2024-01-26

Family

ID=81948850

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210255503.8A Active CN114640468B (en) 2022-03-16 2022-03-16 A blockchain privacy protection method based on online and offline attribute encryption

Country Status (1)

Country Link
CN (1) CN114640468B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115242398B (en) * 2022-06-24 2025-02-25 蚂蚁区块链科技(上海)有限公司 System, method and device for knowledge question answering based on blockchain
CN119728172B (en) * 2024-12-02 2025-10-10 西北师范大学 Encryption method, decryption method and system
CN119892452B (en) * 2025-01-10 2026-01-23 天津科技大学 Power data privacy security protection system, method and application based on ciphertext policy attribute-based encryption

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106503994A (en) * 2016-11-02 2017-03-15 西安电子科技大学 Block chain private data access control method based on encryption attribute
CN113489733A (en) * 2021-07-13 2021-10-08 郑州轻工业大学 Block chain-based content center network privacy protection method
CN113595971A (en) * 2021-06-02 2021-11-02 云南财经大学 Block chain-based distributed data security sharing method, system and computer readable medium
CN113836222A (en) * 2021-08-24 2021-12-24 北京理工大学 A blockchain-based access control method that can hide policies and attributes
CN114065265A (en) * 2021-11-29 2022-02-18 重庆邮电大学 Fine-grained cloud storage access control method, system and equipment based on block chain technology

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11368441B2 (en) * 2019-01-29 2022-06-21 Mastercard International Incorporated Method and system for general data protection compliance via blockchain

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106503994A (en) * 2016-11-02 2017-03-15 西安电子科技大学 Block chain private data access control method based on encryption attribute
CN113595971A (en) * 2021-06-02 2021-11-02 云南财经大学 Block chain-based distributed data security sharing method, system and computer readable medium
CN113489733A (en) * 2021-07-13 2021-10-08 郑州轻工业大学 Block chain-based content center network privacy protection method
CN113836222A (en) * 2021-08-24 2021-12-24 北京理工大学 A blockchain-based access control method that can hide policies and attributes
CN114065265A (en) * 2021-11-29 2022-02-18 重庆邮电大学 Fine-grained cloud storage access control method, system and equipment based on block chain technology

Also Published As

Publication number Publication date
CN114640468A (en) 2022-06-17

Similar Documents

Publication Publication Date Title
CN110493347B (en) Block chain-based data access control method and system in large-scale cloud storage
CN101019369B (en) Method for delivering direct proof private key to device using online service
CN108418681B (en) An attribute-based ciphertext retrieval system and method supporting proxy re-encryption
CN108881314B (en) Privacy protection method and system based on CP-ABE ciphertext under fog computing environment
CN114640468B (en) A blockchain privacy protection method based on online and offline attribute encryption
US20220327530A1 (en) Digital signature generation using a cold wallet
CN114650137B (en) Decryption outsourcing method and system based on block chain and supporting strategy hiding
WO2022199290A1 (en) Secure multi-party computation
CN104601605A (en) Efficient privacy protection auditing scheme based on chameleon hash function in cloud storage
Long et al. Blockchain-based anonymous authentication and key management for internet of things with Chebyshev chaotic maps
CN111274594B (en) Block chain-based secure big data privacy protection sharing method
CN114117475B (en) Improved attribute-based encryption scheme system and encryption algorithm thereof
US12567975B2 (en) Dynamically traceable privacy-preserving distributed threshold signature system and method
CN111917721B (en) Blockchain-Based Attribute Encryption Method
CN110784300A (en) A Key Synthesis Method Based on Multiplicative Homomorphic Encryption
CN113626831B (en) A CP-ABE method supporting privacy protection and decryption in the cloud
CN118133311A (en) A privacy protection method for federated learning based on improved group signature
CN119316156A (en) Distributed digital identity authentication method and system with privacy protection and access control
CN114629640A (en) White-box accountable attribute-based encryption system and method for solving key escrow problem
CN118659877A (en) Attribute-based encryption method and system for edge controller
CN115314208B (en) Safe and controllable SM9 digital signature generation method and system
CN115150062B (en) SM9 digital signature generation method and system with signature production data controlled safely
Akshay et al. Dynamic list based data integrity verification in cloud environment
CN117938397A (en) Multi-authority attribute-based encryption method supporting policy hiding and online/offline
CN113132097B (en) Lightweight certificateless cross-domain authentication method, system and application suitable for Internet of things

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant