CN109146479B - Data encryption method based on block chain - Google Patents

Data encryption method based on block chain Download PDF

Info

Publication number
CN109146479B
CN109146479B CN201810893439.XA CN201810893439A CN109146479B CN 109146479 B CN109146479 B CN 109146479B CN 201810893439 A CN201810893439 A CN 201810893439A CN 109146479 B CN109146479 B CN 109146479B
Authority
CN
China
Prior art keywords
transaction
data
block
encryption
certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810893439.XA
Other languages
Chinese (zh)
Other versions
CN109146479A (en
Inventor
杨国超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chinasoft Digital Intelligence Information Technology Wuhan Co ltd
Original Assignee
Chinasoft Digital Intelligence Information Technology Wuhan Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chinasoft Digital Intelligence Information Technology Wuhan Co ltd filed Critical Chinasoft Digital Intelligence Information Technology Wuhan Co ltd
Priority to CN201810893439.XA priority Critical patent/CN109146479B/en
Publication of CN109146479A publication Critical patent/CN109146479A/en
Application granted granted Critical
Publication of CN109146479B publication Critical patent/CN109146479B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • G06Q20/38215Use of certificates or encrypted proofs of transaction rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention provides a data encryption method based on a block chain, which comprises the following steps: receiving the encryption of the transaction certificate T by the payee by using the private key of the payee to form the encrypted transaction certificate T C (ii) a Informing each peer node of the alliance chain network to determine the peer node X generating the new transaction block through computing force comparison i (ii) a At peer node X i Generating a starting block on the transaction data alliance chain to form a transaction certificate T C Is encrypted hash value T Cx The summary of the transaction certificate, the encrypted information of the payee and the transaction certificate T C Is encrypted hash value T Cx Writing to the starting block of the transaction data federation chain. The invention provides a data encryption method based on a block chain, wherein each transaction certificate can record the change of data and the only corresponding ciphertext block data; the method and the device realize the unforgeability of the encrypted transaction voucher, realize the zero loss of the transaction voucher data and ensure the traceability of the transaction data change process.

Description

Data encryption method based on block chain
Technical Field
The present invention relates to a block chain, and more particularly, to a data encryption method based on a block chain.
Background
Financial transactions need to have the unique fidelity of data encryption, data cannot be forged, all data processes can be traced and the like, and the safety, reliability and easiness in supervision of a system are guaranteed. The traditional financial transaction information system mainly adopts a data centralized management mode, a server database stores all data, and all terminals are used through an application server. Due to the centralized storage mode, data is lost and falsified. Moreover, the process of data loss and counterfeiting behavior is not traceable. In the financial transaction management business, the problem that the transaction certificate can not be sufficiently trusted is easily caused.
Disclosure of Invention
In order to solve the problems in the prior art, the invention provides a data encryption method based on a block chain, which comprises the following steps:
receiving the encryption of the transaction certificate T by the payee by using the private key of the payee to form the encrypted transaction certificate T C
Informing each peer node of the alliance chain network to determine the peer node X generating the new transaction block through computing force comparison i ,X i To formAn ith node of a peer node of the federation chain network;
at peer node X i Generating a starting block on the transaction data alliance chain to form a transaction certificate T C Is encrypted hash value T Cx The summary of the transaction certificate, the encrypted information of the payee and the transaction certificate T C Is encrypted hash value T Cx Writing to a starting block of a transaction data federation chain;
the coordinating node automatically synchronizes the starting block of the transaction data alliance chain to all other peer nodes and returns an encrypted hash value T Cx (ii) a Recording a transaction voucher T C And encrypting the hash value T Cx
Receiving the transaction certificate T of the transaction monitoring party by using the private key thereof C The encryption is carried out to form an encrypted transaction certificate T CM Using the alliance chain network, informing each peer node of the alliance chain network to determine the peer node X generating the new transaction block through calculating force comparison j ,X j A jth node which is a peer node forming a alliance chain network;
at peer node X j Generating a header block on the transaction data alliance chain to form a transaction certificate T CM Is encrypted hash value T Cx The transaction voucher abstract, the transaction monitoring party encryption information and the transaction voucher T CM Is encrypted hash value T Cx Writing the data into a header block of a transaction data alliance chain;
the coordinating node automatically synchronizes the head block of the transaction data alliance chain to all other peer nodes and the transaction certificate T CM The encrypted hash value is returned to the transaction data generation unit, and the transaction voucher T is recorded in the voucher file storage unit CM And a transaction voucher T CM Is encrypted hash value T CMx
Receiving the encryption of the nth payer to form the encrypted transaction certificate T CM_P Using the alliance chain network, informing each peer node of the alliance chain network to determine the peer node X generating the new transaction block through calculating force comparison k ,X k A kth node which is a peer node forming a alliance chain network;
at peer node X k Generating the nth block on the transaction data alliance chain to form a transaction certificate T CM_P Is encrypted hash value T CM_Px The summary of the transaction certificate, the encrypted information of the payer and the transaction certificate T CM Is encrypted hash value T CMx Writing to the nth block of the transaction data alliance chain;
the coordinating node automatically synchronizes the nth block of the transaction data federation chain to other peer nodes and the transaction certificate T CM_P The encrypted hash value is returned to the transaction data generation unit, and the transaction voucher T is recorded in the voucher file storage unit CM_P And T CM_P Is encrypted hash value T CM_Px
Compared with the prior art, the invention has the following advantages:
the invention provides a data encryption method based on a block chain, wherein each transaction certificate can record the change of data and the only corresponding ciphertext block data; the method and the device realize the unforgeability of the encrypted transaction voucher, realize the zero loss of the transaction voucher data and ensure the traceability of the transaction data change process.
Drawings
Fig. 1 is a flowchart of a block chain-based data encryption method according to an embodiment of the present invention.
Detailed Description
A detailed description of one or more embodiments of the invention is provided below along with accompanying figures that illustrate the principles of the invention. The invention is described in connection with such embodiments, but the invention is not limited to any embodiment. The scope of the invention is limited only by the claims and the invention encompasses numerous alternatives, modifications and equivalents. In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention. These details are provided for the purpose of example and the invention may be practiced according to the claims without some or all of these specific details.
One aspect of the present invention provides a data encryption method based on a block chain. Fig. 1 is a flowchart of a data encryption method based on a blockchain according to an embodiment of the present invention.
The financial transaction voucher processing system based on the intelligent contract comprises a transaction data generation unit, a voucher file storage unit, an intelligent contract management unit and a alliance chain network.
The transaction data generation unit is used for realizing the formation management process of financial transaction certificates and comprises a transaction certificate issuing module, a payee encryption module, an intermediate party encryption module and a payer encryption module; the transaction certificate issuing module is used for receiving transaction certificates, accessing an alliance chain network, recording original transaction certificates and hash values on a transaction data alliance chain based on an intelligent contract, recording the original transaction certificates and the hash values in a certificate file storage unit, and creating transaction certificates T to generate the transaction data alliance chain; the payee encryption module is used for receiving the encryption of the transaction certificate T by the payee by using the private key of the payee to form an encrypted transaction certificate T C Using the alliance chain network, informing each peer node of the alliance chain network to determine the peer node X generating the new transaction block through calculating force comparison i ,X i For the ith node of the peer nodes forming the Federation link network, at peer node X i Generating a starting block on the transaction data alliance chain to form a transaction certificate T C Is encrypted hash value T Cx The summary of the transaction certificate, the encrypted information of the payee and the transaction certificate T C Is encrypted hash value T Cx Writing the data into the starting block of the transaction data alliance chain, automatically synchronizing the starting block of the transaction data alliance chain to all other peer nodes by the coordination node, and encrypting the hash value T Cx Returning to the transaction data generation unit, recording the transaction certificate T in the certificate file storage unit C And encrypting the hash value T Cx (ii) a The intermediate party encryption module is used for receiving a transaction certificate T which is used by the transaction monitoring party by using a private key thereof C The encryption is carried out to form an encrypted transaction certificate T CM Using the alliance chain network, informing each peer node of the alliance chain network to determine the peer node X generating the new transaction block through calculating force comparison j ,X j For the jth node of the peer nodes forming the alliance chain network, at peer node X j Transaction onGenerating a header block on a data alliance chain to form a transaction certificate T CM Is encrypted hash value T Cx The transaction voucher abstract, the transaction monitoring party encryption information and the transaction voucher T CM Is encrypted hash value T Cx Writing the transaction data into a head block of the transaction data alliance chain, automatically synchronizing the head block of the transaction data alliance chain to all other peer nodes by the coordination node, and enabling the transaction certificate T to be written into a head block of the transaction data alliance chain CM The encrypted hash value is returned to the transaction data generation unit, and the transaction voucher T is recorded in the voucher file storage unit CM And a transaction voucher T CM Is encrypted hash value T CMx (ii) a The payer encryption module is used for receiving the encryption of the nth payer to form an encrypted transaction certificate T CM_P Using the alliance chain network, informing each peer node of the alliance chain network to determine the peer node X generating the new transaction block through calculating force comparison k ,X k For the kth node of the peer nodes forming the alliance chain network, at peer node X k Generating the nth block on the transaction data alliance chain to form a transaction certificate T CM_P Is encrypted hash value T CM_Px The summary of the transaction certificate, the encrypted information of the payer and the transaction certificate T CM Is encrypted hash value T CMx Writing the transaction data into the nth block of the transaction data alliance chain, automatically synchronizing the nth block of the transaction data alliance chain to other peer nodes by the coordination node, and sending a transaction certificate T CM_P The encrypted hash value is returned to the transaction data generation unit, and the transaction voucher T is recorded in the voucher file storage unit CM_P And T CM_P Is encrypted hash value T CM_Px
The certificate file storage unit is used for persisting the encryption information and the block hash value information of the transaction certificate into the certificate file storage unit; the alliance chain network further comprises a block inspection module, an operation monitoring module and a coordination node besides the peer node; the block checking module is used for checking the transaction data information of each block stored in the block chain by various users; the operation monitoring module is used for monitoring the operation condition of each peer node of the alliance chain network; the coordination nodes are used for coordinating the modules on each peer node to operate uniformly and synchronizing the transaction data among the peer nodes. The block chain is used as a copy storage mode of the transaction data, and the original transaction processing system only needs to generate ciphertext data corresponding to the transaction data and then store the ciphertext data into the corresponding block chain to generate alliance chain backup data, so that the transaction data can not be modified.
When ciphertext data of the transaction certificate is generated, firstly, the determined characteristic data such as ID, time and money of both transaction parties in the transaction certificate are extracted, then the ciphertext data are generated according to the characteristic data, a plurality of different transaction certificates are extracted from the common characteristic data, the source data of the ciphertext data are simplified, the ciphertext data are generated quickly, and the data processing effect is improved. When the transaction voucher lacks at least one item of the feature data, determining a default value of the missing feature data according to a transaction type of the transaction voucher.
Correspondingly, acquiring alliance chain backup data associated with the transaction certificate from the stored alliance chain transaction certificate in the process of verifying the consistency of the transaction certificate; the alliance chain backup data comprises data information which is generated according to ciphertext data of a transaction certificate and stored in a block chain, and the ciphertext data in the adjacent last node alliance chain backup data is stored in the alliance chain backup data; calculating first ciphertext data of the transaction certificate, and acquiring second ciphertext data corresponding to the transaction certificate in the alliance chain backup data; and comparing whether the first ciphertext data is the same as the second ciphertext data, and if so, determining that the transaction data is not changed.
According to a specific embodiment, two transaction participants of the alliance chain system are set as a payee L and a payer V, transaction certificate data is initialized to be C, and an intermediate party P is formed by n nodes. The parameters are set as follows:
setting the private key of the payee L to be K s1 =x L .K s2 =z L ;l<x L ,z L <q, public key of payee L is K pL =(p,g,y L ,u L ),
Wherein g ∈ Z p *:
y L =g xL modp;
u L =g zL modp。
p and q are preset large prime numbers.
The private key of the payer V is x V ∈Z q (ii) a V has a public key of y V =g xV modp
Each intermediate party P i Has a private key of z i ∈Z q The public key is y i =h zi (mod q) and selecting a public parameter x i ∈Z q N, x i With each other.
Hashing value m for transaction voucher E Z q First, the payee L generates m non-counterfeitable watermarks. Selecting one [1, q-l ]]A random number T between, calculating T ═ g t mod p and m '═ T mod q, and then the transaction credential hash value m' is watermarked.
Selecting a random number R such that R is less than (p-1) and is interdependent with (p-1), calculating R ═ g R modp and calculates s such that m 'is rx + (Rs mod q), the watermark key that yields the transaction voucher hash value m' is (r, s), and the authentication form is g m’ =y L r s (modp) a non-counterfeitable watermark δ hashing the transaction document by a value m L Is (r, s, T).
When the payee L publishes the parameter t externally, the unforgeable watermark delta of the payee L is marked L Conversion to the general watermark delta L0 : (r, s, T), i.e. verifying whether there is T ═ g t (modp), and { uL mT )'=y L r s (modp) holds.
The payee L broadcasts the parameter t' ═ t + m (mod q), and shares it with n intermediaries. Random selection of payee L Z q Polynomial of degree k-1 above:
Figure BDA0001757536770000061
let f 0 T', publication S g t’ modp and F j =g fj mod p, let the subkey be
Figure BDA0001757536770000062
But s i Is by an intermediate party P i Public key y of i Encrypted and sent to the payer V, while the authentication token (C, D) is made i ):
Middle party P for payee L i Public key y of i To s i Encryption is carried out, namely the payee L selects a random number alpha epsilon Z q Obtaining a token (C, D) i )=(h α ,s i -1 ,y i α ) (mod q), where C ═ h α (mod q),D i =(s i -1 ,y i α ) (modq). The specific process is described as follows:
1) the payee L sends an unforgeable watermark delta to the transaction voucher m L (r, s, T) and an authentication token (C, D) i ) And for each s i Verifiable encrypted ciphertext s i -1 ,y i α To the payer V;
2) payer V authentication token (C, D) i ) Validity of (1), i.e. payer V verifies with known parameters whether the following holds:
Tg m =S
if true, then (C, D) is indicated i ) Is indeed with P i Is a public key pair s i And the payee L pairs n P i The shared secret is indeed the parameter t, so it can be determined that there are k or more intermediaries P i For ciphertext (C, D) i ) During decryption, the parameter t' can be reconstructed to obtain t, so that the unforgeable watermark of the payee L is converted into a common watermark. The payer V then performs an interactive verification with the payee L, delta L The process is as follows:
(1) the payer V generates two random numbers a and b, calculates ch ═ T Tma g b mod p and sends it to the payee L.
(2) The payee L generates a random number k and calculates h 1 =ch·g k mod p and h 2 =h 1 r sa modp, sends both numbers to payer V at the same time.
(3) The payer V sends a and b to the payee L.
(4) Payee L verifies ch as T Tma g b modp, sends k to payer V.
(5) Payer V verifies h 1 =ch·g k mod p and h 2 =h 1 r sa mod p. If the verification is passed, the payer V sends its own watermark delta V To the payee L.
The payee L receives the parameter t for verifying the validity of the watermark and then sends the parameter t for confirming the validity of the watermark to the payer V.
The payer V receives T and verifies whether there is T-g t (modp), if true, the whole process is completed, if false, the common watermark delta of the payee L is obtained L (r,s,T,t)。
The intelligent contract management unit is used for generating an intelligent contract through cooperative encryption between transaction parties, further generating reliable block data updating information between transaction users according to the intelligent contract and adding the reliable block data updating information into a alliance chain. The intelligent contract requesting party generates a reliability index value according to a preset contract to determine one or more contract signing parties which are cooperatively encrypted, the intelligent contract requesting party and the contract signing parties respectively correspond to one authority parameter value, and the sum of the authority parameter values corresponding to the intelligent contract requesting party and the one or more contract signing parties is not less than the preset contract generation reliability index value; generating transaction certificate block updating information of the transaction certificate; the transaction certificate block updating information is obtained by encrypting the block data information of the original transaction certificate based on the private key of the intelligent contract requester; the block data information of the original transaction certificate comprises: the intelligent contract request party ID, the contract signing party linked list or the public key of the contract signing party; sending transaction certificate block updating information to a contract signing party to request for collaborative encryption; receiving encrypted confirmation information from a contract signing party; and updating the data of the transaction certificate block according to the encrypted confirmation information.
When the intelligent contract requester is multiple, the transaction access is initiated by multiple transaction main bodies. When the system where the intelligent contract requester or the contract signing party is located submits the registration request, the unique user ID and the public and private key information are obtained. And initializing the user type and the user related data information after the user registration is successful. And distributing corresponding authority parameter values of transaction certificate data updating operation for each user according to the evaluation result of the user. The transaction credential data update operation type and the required reliability index value for each transaction credential data update operation type may be preset.
In the process of determining the contract signing party, the intelligent contract requesting party can independently select one or more contract signing parties in cooperative encryption to generate a contract signing party linked list except that the sum of the authority parameter values of the intelligent contract requesting party and the contract signing party is not less than a preset contract generation reliability index value, and the selected basis can be users needing to jointly complete transaction operation.
After the first contract signing party completes the encryption processing, the first contract signing party sends the transaction certificate block updating information containing the encryption information of the intelligent contract requesting party and the encryption processing result of the first contract signing party in the contract signing party chain table to the next user to request the cooperative encryption. After the N-1 bit user finishes the encryption processing, the N-1 bit user sends a transaction certificate block updating information request cooperative encryption containing the encryption information of the intelligent contract requester and the cooperative encryption processing result of the former N-1 bit contract signer to the N-1 bit contract signer until the cooperative encryption is finished.
In another case, after the intelligent contract requester generates the transaction certificate block update information, the intelligent contract requester may also send the transaction certificate block update information to all contract signers in the contract signer linked list to request for the collaborative encryption, and receive the encryption confirmation information obtained after the encryption processing from the contract signer. After each contract signing party completes the encryption processing, feeding back encryption confirmation information to the intelligent contract requesting party; or after all contract signing parties in the contract signing party linked list finish the encryption processing, the last contract signing party feeds back the encryption confirmation information to the intelligent contract requesting party.
The transaction certificate block data updating method provided by the invention updates the transaction certificate block data according to the encryption confirmation information of the contract signing party, and improves the expandability of the data updating of the transaction certificate block data which is encrypted cooperatively.
For each updating operation in the transaction voucher data updating operation linked list, a corresponding contract signing party is selected according to a preset operation reliability index value to form a contract signing party linked list so as to meet the reliability index value requirement of the transaction voucher data updating operation. If the reliability index value of the transaction voucher data updating operation O1 is T1, the authority parameter value of the intelligent contract requester U1 is W1, and if W1 is greater than T1, the intelligent contract requester U1 has the reliability index value meeting the transaction voucher data updating operation O1 by itself, and does not need to perform collaborative encryption, and only the intelligent contract requester U1 needs to encrypt in the data modification history. If W1 < T1, the intelligent contract requester U1 has no right to perform the transaction voucher data updating operation O1 alone, then it needs to obtain the cooperative encryption of one or more contract signers, so that the sum of the authority parameter value of the intelligent contract requester and the authority parameter value corresponding to one or more contract signers is not less than the reliability index value T1 of the preset transaction voucher data updating operation O1, and the transaction voucher data updating operation O1 is completed.
In addition to requiring that the sum of the authority parameter value of the intelligent contract requesting party and the authority parameter values corresponding to one or more contract signing parties is not less than a preset contract generation reliability index value, the method can also limit that the cooperative encryption must be completed within a cooperative encryption deadline. If the collaborative encryption period is exceeded and one or more contract signing parties still do not finish encryption processing or refuse to encrypt, the collaborative encryption of the transaction certificate block data updating is finished, and the result is failure. The intelligent contract requester can re-initiate a collaborative encryption request for updating the transaction certificate block data to the contract signers in the selected contract signer linked list, and can also re-select the contract signers to perform collaborative encryption for updating the transaction certificate block data, so that the efficiency of realizing the collaborative encryption is ensured.
After updating the transaction certificate block data according to the encrypted confirmation information, the method further comprises the following steps: after the transaction certificate block data updating is completed by the intelligent contract requesting party, the data modification history is broadcasted by using the block data, and the data modification history can also be broadcasted by the contract signing party which completes the encryption processing finally.
In the specific implementation, the verification of the transaction certificate block data comprises two steps, namely, the encryption effectiveness of all users who finish encryption is verified, namely, whether public keys of an intelligent contract requester and all contract subscribers can finish decryption of transaction certificate block updating information is judged; and secondly, verifying the reliability index value of the transaction voucher data updating operation, namely judging whether the sum of the authority parameter values of all intelligent contract requesters and all contract signatories is not less than the reliability index value of the transaction voucher data updating operation. The verification of the transaction credential block data may also verify the transaction credential block data based on the transaction credentials already present in the transaction credential block data. If the block data passes verification, consensus can be performed according to a workload certification algorithm. If the block data passes the consensus, the transaction certificate block update information is identified to be legal, and the block data can be included in the transaction certificate block data.
And if the trading party uploads the ciphertext data to the alliance chain and then allows the third-party user to access the trading certificate, the trading party uploads the first substring of the encrypted private key to the alliance chain access interface corresponding to the alliance chain. And then the transaction party receives the permission identification corresponding to the transaction certificate ciphertext data from the alliance chain access interface. Specifically, the federation link access interface generates the permission identifier according to a rule corresponding to an uploading user of the transaction credential data. And when the third-party user is allowed to access the encrypted transaction data, the transaction party sends the permission identifier and the second substring of the private key to the third-party user, wherein the second substring of the private key comprises the rest part of the private key except the first substring, so that when the third party sends an access request aiming at the transaction certificate ciphertext data to a alliance chain access interface, the permission identifier and the second substring of the private key are added to the access request.
In this way, the alliance chain access interface generates the private key according to the first substring and the second substring of the private key when determining that the permission identification is available, decrypts ciphertext data obtained from the alliance chain according to the generated private key, and provides the decrypted transaction certificate plaintext data to a third party.
The first substring and the second substring of the private key are spliced by the alliance chain access interface to form a complete private key. If the second substring of the private key obtained by the alliance chain access interface from the third party and the first substring of the private key obtained by the transaction party do not belong to the same private key, a correct private key cannot be spliced, and further decryption fails, the third party cannot obtain a transaction certificate plaintext and cannot successfully access the content of the data, and therefore the safety of the transaction certificate data uploaded by the transaction parties is effectively guaranteed.
When a third party requests to access corresponding transaction certificate data through a alliance chain access interface, the alliance chain access interface can firstly verify whether an approval identifier is available, under the condition that the approval identifier is available, a complete private key is obtained by utilizing a first substring and a second substring of the private key respectively obtained from a transaction party and the third party, if an incomplete private key provided by the third party is wrong, a correct complete private key cannot be obtained, ciphertext data cannot be successfully decrypted, and therefore data safety is guaranteed. In the scheme, the two have no authority of accessing the ciphertext data, so that the data security and the user privacy are effectively guaranteed. At this time, only the data obtained by the alliance chain access interface through access is decrypted transaction certificate plaintext data, if a certain user directly accesses on the block chain, the obtained data is transaction certificate ciphertext data, and plaintext data cannot be obtained.
In addition, after receiving the permission identifier, the transaction party may further generate an access password of the transaction certificate ciphertext data, where the access password includes the permission identifier and the second substring of the private key. The step of sending the license identifier and the second substring of the private key to the third party may specifically include: and sending the access password to the third party so that the third party carries the access password in the access request. The transaction part then sends the second substring of license identifier and private key to the third party. In this example, the transaction party allows the corresponding user to access the transaction credential ciphertext data uploaded by the corresponding user by issuing a password to the third party, and the issued password does not have a complete private key, and further verification is required in the federation chain access interface to obtain the complete private key for decryption processing.
The intelligent contract management unit is further used for receiving the intelligent contract file name and the transaction user name uploaded by a transaction party when the first substring of the private key is uploaded to the access interface, so that the alliance chain access interface generates an permission identifier according to a rule corresponding to the transaction user name, and the permission identifier is associated with the first substring of the private key, the intelligent contract file name and the transaction user name. And when receiving the access request, the alliance chain access interface can acquire the related permission identifier and the first substring of the private key according to the intelligent contract file name and the transaction user name contained in the access request, so as to determine whether the permission identifier contained in the access request is available according to the acquired permission identifier, and generate the private key according to the acquired first substring of the private key and the acquired second substring contained in the access request.
When the transaction party uploads the first substring of the private key, the access interface can determine the rule for generating the license identifier according to the ciphertext data transaction user name uploaded at the same time. And then, when the alliance chain access interface receives an access request, inquiring an intelligent contract file name corresponding to the ciphertext data which is requested to be accessed currently and a permission identifier associated with the transaction user name from a local part, if the permission identifier contained in the access request is consistent with the permission identifier inquired from the local part, indicating that the permission identifier contained in the access request is legal, and further verifying whether the address of the ciphertext data which is requested to be accessed currently belongs to the data address which is allowed to be accessed and corresponds to the permission identifier. When the verification is passed, the license identifier is determined to be available.
And when the permission identification is determined to be available, combining the obtained first substring of the private key associated with the intelligent contract file name and the transaction user name and the second substring of the private key contained in the access request into a complete private key.
For the access passwords, the transaction party maintains one or more access passwords, each transaction block datum uploaded by the transaction party corresponds to one access password, and each intelligent contract file name is also associated with one access password. Thus, when a third party requests data access from a transacting party, if the transacting party grants and determines a corresponding access password, the access password is issued to the third party.
In summary, the present invention provides a data encryption method based on a block chain, in which each transaction certificate records data changes and its unique corresponding ciphertext block data; the method and the device realize the unforgeability of the encrypted transaction voucher, realize the zero loss of the transaction voucher data and ensure the traceability of the transaction data change process.
It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented in a general purpose computing system, centralized on a single computing system, or distributed across a network of computing systems, and optionally implemented in program code that is executable by the computing system, such that the program code is stored in a storage system and executed by the computing system. Thus, the present invention is not limited to any specific combination of hardware and software.
It is to be understood that the above-described embodiments of the present invention are merely illustrative of or explaining the principles of the invention and are not to be construed as limiting the invention. Therefore, any modification, equivalent replacement, improvement and the like made without departing from the spirit and scope of the present invention should be included in the protection scope of the present invention. Further, it is intended that the appended claims cover all such variations and modifications as fall within the scope and boundaries of the appended claims or the equivalents of such scope and boundaries.

Claims (5)

1. A data encryption method based on a block chain is used for a financial transaction certificate processing system based on an intelligent contract, and is characterized by comprising the following steps:
receiving the encryption of the transaction certificate T by the payee by using the private key of the payee to form the encrypted transaction certificate T C
Notifying peer nodes of a federation chain network of peer-to-peer trafficComparing the calculated forces to determine a peer node X which generates a new transaction block i ,X i An ith node which is a peer node constituting a federation chain network;
at peer node X i Generating an initiation block on the transaction data alliance chain to form a transaction certificate T C Is encrypted hash value T Cx The summary of the transaction certificate, the encrypted information of the payee and the transaction certificate T C Is encrypted hash value T Cx Writing to a starting block of a transaction data federation chain;
the coordinating node automatically synchronizes the starting block of the transaction data alliance chain to all other peer nodes and returns an encrypted hash value T Cx (ii) a Recording a transaction voucher T C And encrypting the hash value T Cx
Receiving the transaction certificate T of the transaction monitoring party by using the private key thereof C The encryption is carried out to form an encrypted transaction certificate T CM Using the alliance chain network, informing each peer node of the alliance chain network to determine the peer node X generating the new transaction block through calculation force comparison j ,X j A jth node which is a peer node forming a alliance chain network;
at peer node X j Generating a header block on the transaction data alliance chain to form a transaction certificate T CM Is encrypted hash value T Cx The transaction voucher abstract, the transaction monitoring party encryption information and the transaction voucher T CM Is encrypted hash value T Cx Writing the data into a header block of a transaction data alliance chain;
the coordinating node automatically synchronizes the head block of the transaction data alliance chain to all other peer nodes and the transaction certificate T CM The encrypted hash value is returned to the transaction data generation unit, and the transaction voucher T is recorded in the voucher file storage unit CM And a transaction certificate T CM Is encrypted hash value T CMx
Receiving the encryption of the nth payer to form the encrypted transaction certificate T CM_P Using the alliance chain network, informing each peer node of the alliance chain network to determine the peer node X generating the new transaction block through calculating force comparison k ,X k To constructA kth node of a peer node of the federate link network;
at peer node X k Generating the nth block on the transaction data alliance chain to form a transaction certificate T CM_P Is encrypted hash value T CM_Px The transaction certificate abstract, the payer encrypted information and the transaction certificate T CM Is encrypted hash value T CMx Writing to the nth block of the transaction data alliance chain;
the coordinating node automatically synchronizes the nth block of the transaction data federation chain to other peer nodes and the transaction certificate T CM_P The encrypted hash value is returned to the transaction data generation unit, and the transaction voucher T is recorded in the voucher file storage unit CM_P And T CM_P Is encrypted hash value T CM_Px;
In the process of verifying the consistency of the transaction certificates, acquiring alliance chain backup data associated with the transaction certificates from the stored alliance chain transaction certificates; the alliance chain backup data comprises data information which is generated according to ciphertext data of a transaction certificate and stored in a block chain, and the ciphertext data in the adjacent last node alliance chain backup data is stored in the alliance chain backup data; calculating first ciphertext data of the transaction certificate, and acquiring second ciphertext data corresponding to the transaction certificate in the alliance chain backup data; comparing whether the first ciphertext data is the same as the second ciphertext data, and if so, determining that the transaction data is not changed;
after generating transaction certificate block updating information, an intelligent contract requester sends the transaction certificate block updating information to all contract signatories in a contract signatory linked list to request for collaborative encryption, and receives encryption confirmation information obtained after encryption processing from the contract signatories; after each contract signing party completes the encryption processing, feeding back encryption confirmation information to the intelligent contract requesting party; or after all contract signing parties in the contract signing party linked list finish the encryption processing, the last contract signing party feeds back the encryption confirmation information to the intelligent contract requesting party;
for each updating operation in the transaction certificate data updating operation linked list, selecting a corresponding contract signing party according to a preset operation reliability index value to form a contract signing party linked list so as to meet the reliability index value requirement of the transaction certificate data updating operation; if the reliability index value of the transaction voucher data updating operation O1 is T1, the authority parameter value of the intelligent contract requester U1 is W1, and if W1 is more than T1, the intelligent contract requester U1 has the reliability index value meeting the transaction voucher data updating operation O1 by itself, so that the cooperative encryption is not needed, and only the intelligent contract requester U1 is needed to encrypt in the data modification history; if W1 is less than T1, the intelligent contract requester U1 has no right to independently perform the transaction voucher data updating operation O1, then the cooperative encryption of one or more contract signatory is needed to be obtained, so that the sum of the authority parameter value of the intelligent contract requester and the authority parameter value corresponding to one or more contract signatory is not less than the reliability index value T1 of the preset transaction voucher data updating operation O1, and the transaction voucher data updating operation O1 is completed;
the method further comprises setting a cooperative encryption time limit for the cooperative encryption completion; if the collaborative encryption period is exceeded and one or more contract signing parties do not finish encryption processing or refuse to encrypt, the collaborative encryption of the transaction certificate block data updating is finished, and the result is failure; the intelligent contract requester can re-initiate a collaborative encryption request for updating the transaction certificate block data to the contract signers in the selected contract signer linked list, and can also re-select the contract signers to perform collaborative encryption for updating the transaction certificate block data so as to ensure the efficiency of realizing the collaborative encryption;
after updating the transaction certificate block data according to the encrypted confirmation information, the method further comprises the following steps: after the transaction certificate block data updating is completed by the intelligent contract requester, the block data is used for broadcasting the data modification history, and the contract signer finally completing the encryption processing can broadcast the data modification history.
2. The method of claim 1, wherein the coordinating node is configured to coordinate unified operation of modules at the peer nodes and synchronization of transaction data between the peer nodes.
3. The method according to claim 1, wherein when generating the cryptograph data of the transaction certificate, the feature data determined in the transaction certificate is extracted, and then the cryptograph data is generated according to the feature data, wherein the feature data comprises ID, time and amount of both parties of the transaction.
4. The method of claim 1, further comprising a block checking module in the alliance-chain network, wherein the block checking module is used for checking transaction data information stored in each block of the block chain by each type of user.
5. The method according to claim 1, further comprising an operation monitoring module in the federation link network, wherein the operation monitoring module is used for monitoring the operation condition of each peer node in the federation link network and the coordinating node.
CN201810893439.XA 2018-08-07 2018-08-07 Data encryption method based on block chain Active CN109146479B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810893439.XA CN109146479B (en) 2018-08-07 2018-08-07 Data encryption method based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810893439.XA CN109146479B (en) 2018-08-07 2018-08-07 Data encryption method based on block chain

Publications (2)

Publication Number Publication Date
CN109146479A CN109146479A (en) 2019-01-04
CN109146479B true CN109146479B (en) 2022-08-26

Family

ID=64791816

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810893439.XA Active CN109146479B (en) 2018-08-07 2018-08-07 Data encryption method based on block chain

Country Status (1)

Country Link
CN (1) CN109146479B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110009518A (en) * 2019-04-11 2019-07-12 阿里巴巴集团控股有限公司 Card read/write method and device based on block chain
CN111090626B (en) * 2019-11-05 2023-05-23 西安链融科技有限公司 File storage processing method based on block chain distributed file transaction system
CN111523869B (en) * 2020-04-09 2024-05-24 天地融科技股份有限公司 Off-line transaction method and system for digital currency
CN111709744B (en) * 2020-06-04 2022-07-22 江苏荣泽信息科技股份有限公司 Private transaction processing method based on block chain
CN111666540B (en) * 2020-06-05 2022-05-13 上海冠勇信息科技有限公司 Copyright storage and authentication method based on block chain and digital signature
CN111626850B (en) * 2020-06-05 2023-04-18 中国银行股份有限公司 Deposit information processing method and device, readable medium and equipment
CN114493585A (en) * 2020-10-26 2022-05-13 华为技术有限公司 Data transmission method and device based on block chain
CN114329616B (en) * 2022-03-10 2022-06-17 浙江数秦科技有限公司 Credible file system based on block chain

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106530088A (en) * 2016-12-19 2017-03-22 杜伯仁 Method for trading stock product based on block chain security nodes
CN106780033A (en) * 2016-12-16 2017-05-31 杭州云象网络技术有限公司 A kind of digital ticket transaction system construction method based on alliance's chain
CN107038638A (en) * 2017-02-24 2017-08-11 杭州象链网络技术有限公司 A kind of equity registration transaction system construction method based on alliance's chain

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106780033A (en) * 2016-12-16 2017-05-31 杭州云象网络技术有限公司 A kind of digital ticket transaction system construction method based on alliance's chain
CN106530088A (en) * 2016-12-19 2017-03-22 杜伯仁 Method for trading stock product based on block chain security nodes
CN107038638A (en) * 2017-02-24 2017-08-11 杭州象链网络技术有限公司 A kind of equity registration transaction system construction method based on alliance's chain

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"Blockchain-Based Secure Equipment Diagnosis Mechanism of Smart Grid";XIAOHONG ZHANG等;《IEEE Access》;20180724;第66165-66176页 *

Also Published As

Publication number Publication date
CN109146479A (en) 2019-01-04

Similar Documents

Publication Publication Date Title
CN109146479B (en) Data encryption method based on block chain
CN110875821B (en) Cryptography blockchain interoperation
CN110493347B (en) Block chain-based data access control method and system in large-scale cloud storage
CN110046521B (en) Decentralized privacy protection method
CN109845220B (en) Method and apparatus for providing blockchain participant identity binding
CN108924092B (en) Public arbitration distributed cloud storage method and system based on block chain
US10592642B2 (en) Systems and methods for decentralized content distribution
CN109829326B (en) Cross-domain authentication and fair audit de-duplication cloud storage system based on block chain
CN108781161B (en) Method for controlling and distributing blockchain implementation of digital content
WO2021120253A1 (en) Data storage method and verification method for blockchain structure, blockchain structure implementation method, blockchain-structured system, device, and medium
US10848315B2 (en) Contract agreement method, agreement verification method, contract agreement system, agreement verification device, contract agreement device, contract agreement program and agreement verification program
WO2021000419A1 (en) System and method for blockchain-based cross-entity authentication
CN110059503B (en) Traceable social information anti-leakage method
CN111819827B (en) Method and system for controlling access and integrity of resources on a blockchain
RU2300845C2 (en) Method and system for safe distribution of data transferred through public data network
Khovratovich et al. Sovrin: digital identities in the blockchain era
EP3788523A1 (en) System and method for blockchain-based cross-entity authentication
US20190295069A1 (en) Systems and methods for integrating cryptocurrency wallet identifiers with digital certificates
US20020108042A1 (en) Public key certificate issuing system, Public key certificate issuing method, digital certification apparatus, and program storage medium
CN109450843B (en) SSL certificate management method and system based on block chain
JP2001320356A (en) Data communication system using public key system cypher, and data communication system constructing method
CN113065961A (en) Power block chain data management system
CN114329529A (en) Asset data management method and system based on block chain
EP3966997B1 (en) Methods and devices for public key management using a blockchain
CN111915298A (en) Method and device for generating and verifying linkable ring signature in block chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20220729

Address after: 430205 Room 501, No. 1, floor 1-5, building 3-13, optical valley core center, No. 303, optical valley Avenue, fozuling street, East Lake New Technology Development Zone, Wuhan, Hubei Province

Applicant after: ChinaSoft digital intelligence information technology (Wuhan) Co.,Ltd.

Address before: 641103 No. 23, group 5, yangjiachong village, Shuangqiao Township, Dongxing District, Neijiang City, Sichuan Province

Applicant before: Yang Guochao

GR01 Patent grant
GR01 Patent grant