CN112019591A - Cloud data sharing method based on block chain - Google Patents

Cloud data sharing method based on block chain Download PDF

Info

Publication number
CN112019591A
CN112019591A CN202010656324.6A CN202010656324A CN112019591A CN 112019591 A CN112019591 A CN 112019591A CN 202010656324 A CN202010656324 A CN 202010656324A CN 112019591 A CN112019591 A CN 112019591A
Authority
CN
China
Prior art keywords
data
csc
key
user
kgc
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010656324.6A
Other languages
Chinese (zh)
Other versions
CN112019591B (en
Inventor
孙知信
陈露
赵学健
汪胡青
宋波
宫婧
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing University of Posts and Telecommunications
Original Assignee
Nanjing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University of Posts and Telecommunications filed Critical Nanjing University of Posts and Telecommunications
Priority to CN202010656324.6A priority Critical patent/CN112019591B/en
Publication of CN112019591A publication Critical patent/CN112019591A/en
Application granted granted Critical
Publication of CN112019591B publication Critical patent/CN112019591B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a cloud data sharing method based on a block chain, which comprises the steps of constructing the block chain, accessing an initialization generator and carrying out system initialization; the user registers identity, joins the block chain network and obtains identity ID; the data owner uploads the data index and the encrypted data to the CSC; after uploading successfully, the cloud storage center CSC stores the encrypted data and the index list; when the shared data is uploaded successfully, a data owner formulates an access strategy, encrypts an owner key, generates a new block in a block chain, and records data uploading information and an encryption key; a user sends an access request to a Cloud Storage Center (CSC) and uploads a data index needing to be accessed; the user submits the attribute to the KGC and the CSC, and the KGC and the CSC generate and issue a key to the user together according to the attribute; and the user acquires and decrypts the symmetric key ciphertext. The invention manages the encryption key of the data owner through the block chain, provides an effective key management mechanism and solves the problem of safe sharing of cloud data.

Description

Cloud data sharing method based on block chain
Technical Field
The invention belongs to the technical field of cloud data security sharing, and particularly relates to a block chain-based cloud data sharing method.
Background
In order to protect data privacy in cloud storage, users usually encrypt uploaded data, and in a one-to-one encryption mode, different users adopt different encryption keys, so that different ciphertexts are different, contradiction exists between data deduplication and repeated data detection and identification are not facilitated in cloud storage. In addition, the leakage of the user encryption key destroys the privacy of data, and as the data volume and the number of keys increase, the key management also becomes a bottleneck of cloud data sharing. Therefore, how to ensure the security of the data uploaded by the user while successfully completing the cloud data sharing is a core problem.
The concept of the block chain is firstly explained in 2008 by the inventor in the father of the block chain in the bit money white paper [3], and the block chain is a brand new decentralized infrastructure and distributed computing paradigm for ensuring the non-tampering property and the non-forgery property of data by using a cryptographic technology, generating and updating data by using a distributed node consensus algorithm, programming and operating the data by using an automatic script code (intelligent contract), and the essence of the block chain is a decentralized, non-tampering, traceable and multi-party commonly maintained distributed database.
Most existing data sharing schemes rely on a cloud storage server, but the data sharing schemes are not completely trusted, and the cloud storage server has the possibility of tampering storage information and possibly losing the storage information of files for various reasons. In order to enhance the security of data sharing in cloud storage, a secure cloud data sharing method based on a block chain is a key point of research. Due to various characteristics of the block chain, the block chain is applied to cloud data sharing, and an attribute encryption mechanism is combined, so that the data sharing can be realized, the security of data uploaded by a user can be guaranteed, and reliable key management and data operation traceability can be realized.
Disclosure of Invention
The purpose of the invention is as follows: the invention aims to provide a block chain-based cloud data sharing method, which solves the problems of security and data tampering of cloud data sharing in the prior art and provides an effective key management mechanism.
The invention content is as follows: the invention provides a cloud data sharing method based on a block chain, which specifically comprises the following steps:
(1) building a block chain according to a cloud data sharing relation, accessing an initialization generator, a semi-trusted key generation center KGC and a semi-trusted cloud storage center CSC, and performing system initialization;
(2) the user registers identity, joins the block chain network and obtains identity ID;
(3) the data owner uploads the data index and encrypted data to the CSC: the data owner encrypts the data to be shared by adopting a symmetric encryption mode, calculates a data hash value and uploads the data hash value to the CSC; after uploading successfully, the cloud storage center CSC stores the encrypted data and the index list;
(4) when the shared data is uploaded successfully, a data owner formulates an access strategy, encrypts an owner key, generates a new block in a block chain, and records data uploading information and an encryption key;
(5) a user sends an access request to a Cloud Storage Center (CSC) and uploads a data index needing to be accessed;
(6) the user submits the attribute to the KGC and the CSC, and the KGC and the CSC generate and issue a key to the user together according to the attribute;
(7) the user obtains and decrypts the symmetric key ciphertext; the cloud storage center searches data to be accessed, if the data to be accessed are searched successfully, the CSC returns encrypted data to the user, and the user decrypts the acquired encrypted data; and if the search fails, notifying the user that the data does not exist.
Further, the step (1) includes the steps of:
(11) running group generator of trusted initialization generator
Figure BDA0002576880250000023
Two cyclic groups G and G of order N are selectedTWherein N ═ p1p2p3,p1,p2,p3Selecting e for three different prime numbers: g → GTIs a complex order bilinear map, order
Figure BDA0002576880250000024
Represents a subgroup in G of order pi(ii) a Let g represent a subgroup
Figure BDA0002576880250000025
Is generated from the generator, X3Representative subgroups
Figure BDA0002576880250000026
Selecting a cryptographically secure hash function H: {0,1}*→ZNLet attribute set U be { at1,at2,......,atn},n∈ZNFor each attribute atiRandomly choosing xiCalculating
Figure BDA0002576880250000021
Generating public parameters
Figure BDA0002576880250000022
(12) KGC generates a master key and public key pair, firstly, KGC randomly selects alpha, beta E to ZN *Calculating y as gβ,t=gaWith the master key of KGC set to MKKGC(β, a), the public key is PKKGC=(y,t);
(13) CSC randomly selects alpha epsilon ZN *Then calculate e (g, g)α(ii) a Computing an additional public and private key pair (EX) according to the Paillier homomorphic encryption schemePK,EXSK) The main key and the public key generated by the CSC are respectively MKCSC=(EXSK,α),PKKGC=(e(g,g)α,EXPK)。
Further, the step (4) comprises the steps of:
(41) the data owner encrypts the symmetric key: selecting an access strategy (A, rho) by a data owner for a symmetric key plaintext M to be encrypted, wherein A is a matrix of l rows and n columns, rho is a mapping function, and mapping each row i of the access matrix to a specific attribute rho (i)
Figure BDA0002576880250000031
Figure BDA0002576880250000032
For i ═ 1, 2, … …, n, calculations
Figure BDA0002576880250000033
To AiRandom selection of ri∈ZNCalculating C ═ M.e (g, g)αs,C0=ys
Figure BDA0002576880250000034
Then generating a data ciphertext:
Figure BDA0002576880250000035
(42) after the encrypted data are uploaded to the CSC by the data owner, submitting a key ciphertext CT, a data hash value hash, an owner address and an owner ID to a block chain; the CSC submits storage location information of the uploaded data to the blockchain; and generating new blocks in the block chain, recording the information, and linking the blocks through data hash values.
Further, the step (6) further comprises the steps of:
(61) the user randomly selects kid as a signature private key to calculate gkidAs a public key, a signature key pair is generated as MKsig=kid,PKsig=gkid(ii) a Sending a key request to KGC, the KGC firstly verifying the authenticity of the attribute owned by the user, after the verification is passed, the KGC selecting a E to ZNInputting secret information { beta, a }, and inputting secret information { alpha } by the CSC; then KGC and CSC, executing a two-party secure computation protocol, outputting a piece of secret information x ═ β (α + a) by the two-party secure computation protocol, and sending the secret information x ═ β (α + a) to the CSC;
(62) the CSC obtains the secret information x and randomly selects mu e to ZNCalculating
Figure BDA0002576880250000036
Sending to KGC; after KGC obtains A, calculate
Figure BDA0002576880250000037
Then sending A' to the CSC; after CSC acquires A', it is recalculated
Figure BDA0002576880250000038
Figure BDA0002576880250000039
According to X in the published parameter PP3CSC random selection
Figure BDA00025768802500000310
The following private key components are generated for the user:
Figure BDA00025768802500000311
(63) the attribute set owned by the user is S, atiE.g. S, user ugidSelecting private key kid epsilon ZNCalculating h ═ H (gid)kid(ii) a Then submit identity information gid and attribute atiKgc to verify e (h, g) ═ e (h (gid), PKsig) Whether the condition can be met or not; if true, KGC is the attribute at of each SiRandom selection of R0′,
Figure BDA0002576880250000041
Calculating K2=gahR0′,Ki=Ui ahRi(ii) a The final KGC generated private key component is { h, gid, K2,Ki}. combine the two-part generated key components, the final key being:
Figure BDA0002576880250000042
the CSC sends the key to the user.
Further, the step (7) is realized as follows:
after obtaining the key returned by the CSC, the user sends a decryption request and a data hash value to the block chain, the block chain finds the block where the hash value is located, and a user symmetric key ciphertext is returned; the user uses the key obtained from the CSC
Figure BDA0002576880250000043
Decrypting, and if the decryption is successful, obtaining a plaintext of the symmetric key; if the decryption is unsuccessful, informing the user that the user does not have the right to access; and the user decrypts the encrypted data by using the symmetric key to obtain the data plaintext.
Has the advantages that: compared with the prior art, the invention has the beneficial effects that: 1. according to the cloud data sharing method based on the block chain, the data encryption key is encrypted and stored through the block chain, and the access of a user is strictly controlled, so that the safe storage and sharing of data are guaranteed; 2. the data of the data owner is stored in a Cloud Storage Center (CSC) through symmetric encryption, and the corresponding data index is uploaded to the CSC and stored in a block; the symmetric encryption key is encrypted through K2CP-ABE which is free of key escrow and can be traced, and is stored in the blocks, and the blocks are connected through the data index, so that the traceability of data and the key is facilitated; 3. the identity information of the visitor is represented by a group of attributes, the access strategy is set by the owner and is more flexible, the private key is generated by the CSC and the KGC together, the user signature is embedded into the secret key to provide tracing of a malicious user, higher safety is provided, and the storage expense of the secret key is not increased.
Drawings
FIG. 1 is a flow chart of the present invention;
FIG. 2 is a schematic diagram of an interaction relationship according to the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings:
first, the letter parameter definition in the embodiment is given as shown in table 1:
TABLE 1
Figure BDA0002576880250000044
Figure BDA0002576880250000051
The interaction relationship diagram of the invention is shown in fig. 2, and the invention provides a block chain-based cloud data sharing method, which specifically comprises the following steps as shown in fig. 1:
step 1: and building a block chain according to the cloud data sharing relation, accessing an initialization generator, a semi-trusted key generation center KGC and a semi-trusted cloud storage center CSC, and performing system initialization.
(1) Running group generator of trusted initialization generator
Figure BDA0002576880250000052
Two cyclic groups G and G of order N are selectedTWherein N ═ p1p2p3,p1,p2,p3Three different prime numbers. Selecting e: g → GTIs a complex order bilinear map. Order to
Figure BDA0002576880250000061
Represents a subgroup in G of order pi. Let g represent a subgroup
Figure BDA0002576880250000062
Is generated from the generator, X3Representative subgroups
Figure BDA0002576880250000063
The generator of (1). Selecting a cryptographically secure hash function H: {0,1}*→ZN. Let attribute set U be { at1,at2,......,atn},n∈ZNFor each attribute atiRandom selectionxiCalculating
Figure BDA0002576880250000064
Generating public parameters
Figure BDA0002576880250000065
(2) KGC generates a master key and public key pair, firstly, KGC randomly selects a, beta e to ZN *Calculating y as gβ,t=ga. KGC has the master key set to MKKGC(β, α), the public key is PKKGC(y, t). CSC randomly selects alpha epsilon ZN *Then calculate e (g, g)α(ii) a Computing an additional public and private key pair (EX) according to the Paillier homomorphic encryption schemePK,EXSK). Finally, the CSC generates the master key and the public key MK, respectivelyCSC=(EXSK,α),PKKGC=(e(g,g)α,EXPK)。
Step 2: and the user registers the identity, joins the block chain network and acquires the identity ID.
The users comprise data owners and data visitors (ordinary users), which register to join the blockchain network according to needs and acquire identity IDs.
And step 3: the data owner uploads the data index and encrypted data to the CSC: the data owner encrypts the data to be shared by adopting a symmetric encryption mode, the symmetric key is s, and the hash value of the data is calculated and uploaded to the CSC; and after the uploading is successful, the cloud storage center CSC stores the encrypted data and the index list.
And 4, successfully uploading the data to be shared, making an access strategy by a data owner, encrypting the owner key, generating a new block in the block chain, and recording data uploading information and an encryption key.
(1) The data owner encrypts s using the following method:
assuming that the symmetric key plaintext to be encrypted is M, the data owner selects an access policy (a, ρ), where a is a matrix of l rows and n columns, and ρ is a mapping function that maps each row i of the access matrix to a specific attribute ρ (i). RandomSelecting vectors
Figure BDA0002576880250000066
For i 1, 2
Figure BDA0002576880250000067
To AiRandom selection of ri∈ZNCalculating
C=M·e(g,g)αs,C0=ys
Figure BDA0002576880250000068
Then generating a data ciphertext:
Figure BDA0002576880250000071
(2) after the encrypted data are uploaded to the CSC by the data owner, submitting the key ciphertext CT, the data hash value hash, the owner address and the owner ID to the block chain; the CSC submits storage location information of the uploaded data to the blockchain; and generating new blocks in the block chain, recording the information, and linking the blocks through data hash values.
And 5: and the user sends an access request to the CSC and uploads the data index needing to be accessed.
Step 6: the user submits the attributes to the KGC and the CSC, and the KGC and the CSC jointly generate and issue the key to the user according to the attributes.
(1) The user randomly selects kid as a signature private key to calculate gkidAs a public key. Generating a signature Key pair as MKsig=kid,PKsig=gkid. A key request is sent to the KGC, which first verifies the authenticity of the user possession property. After the verification is passed, the KGC selects a to epsilon ZNThen, secret information { beta, a } is input, and secret information { alpha } is input by the CSC, then the KGC and the CSC execute a two-party secure computation protocol, and the two-party secure computation protocol outputs secret information x ═ beta (alpha + a) and transmits the secret information x ═ beta (alpha + a) to the CSC.
(2) The CSC obtains the secret information x and randomly selects mu e to ZNCalculating
Figure BDA0002576880250000072
Sending to KGC, after KGC obtains A, calculating
Figure BDA0002576880250000073
CSC sends A' to CSC, and calculates A
Figure BDA0002576880250000074
Figure BDA0002576880250000075
According to X in the published parameter PP3CSC random selection
Figure BDA0002576880250000076
The following private key components are generated for the user:
Figure BDA0002576880250000077
(3) the attribute set owned by the user is S, atiE.g. S. User ugidSelecting private key kid epsilon ZNCalculating h ═ H (gid)kid. Then submit identity information gid and attribute atiThe KGC was given. KGC verifies e (h, g) ═ e (h (gid), PKsig) Whether or not it can be established. If true, KGC is the attribute at of each SiRandom selection of R0′,Ri∈Gp3Calculating K2=gahR0′,Ki=Ui ahRi. The final KGC generated private key component is { h, gid, K2,Ki}. Combining the two-part generated key components, the final key is:
Figure BDA0002576880250000078
the CSC sends the key to the user.
And 7: and the user acquires and decrypts the symmetric key ciphertext. The cloud storage center searches data to be accessed, if the data to be accessed are searched successfully, the CSC returns encrypted data to the user, and the user decrypts the acquired encrypted data; and if the search fails, notifying the user that the data does not exist.
After obtaining the key returned by the CSC, the user sends a decryption request and a data hash value to the block chain, the block chain finds the block where the hash value is located, and a user symmetric key ciphertext is returned; the user uses the key obtained from the CSC
Figure BDA0002576880250000081
Decrypting, and if the decryption is successful, obtaining a plaintext of the symmetric key; and if the decryption is unsuccessful, informing the user that the user does not have the right to access. And the user decrypts the encrypted data by using the symmetric key to obtain the data plaintext, and the data sharing process is finished.
If the user attribute satisfies the access policy set by the data owner, the decryption process is as follows:
Figure BDA0002576880250000082
Figure BDA0002576880250000083
the final symmetric key plaintext is obtained by the following calculation:
Figure BDA0002576880250000084

Claims (5)

1. a cloud data sharing method based on a block chain is characterized by comprising the following steps:
(1) building a block chain according to a cloud data sharing relation, accessing an initialization generator, a semi-trusted key generation center KGC and a semi-trusted cloud storage center CSC, and performing system initialization;
(2) the user registers identity, joins the block chain network and obtains identity ID;
(3) the data owner uploads the data index and encrypted data to the CSC: the data owner encrypts the data to be shared by adopting a symmetric encryption mode, calculates a data hash value and uploads the data hash value to the CSC; after uploading successfully, the cloud storage center CSC stores the encrypted data and the index list;
(4) when the shared data is uploaded successfully, a data owner formulates an access strategy, encrypts an owner key, generates a new block in a block chain, and records data uploading information and an encryption key;
(5) a user sends an access request to a Cloud Storage Center (CSC) and uploads a data index needing to be accessed;
(6) the user submits the attribute to the KGC and the CSC, and the KGC and the CSC generate and issue a key to the user together according to the attribute;
(7) the user obtains and decrypts the symmetric key ciphertext; the cloud storage center searches data to be accessed, if the data to be accessed are searched successfully, the CSC returns encrypted data to the user, and the user decrypts the acquired encrypted data; and if the search fails, notifying the user that the data does not exist.
2. The method for sharing cloud data based on block chains according to claim 1, wherein the step (1) comprises the following steps:
(11) running group generator of trusted initialization generator
Figure FDA0002576880240000016
Two cyclic groups G and G of order N are selectedTWherein N ═ p1p2p3,p1,p2,p3Selecting e for three different prime numbers: g → GTIs a complex order bilinear map, order
Figure FDA0002576880240000011
Represents a subgroup in G of order pi(ii) a Let g represent a subgroup
Figure FDA0002576880240000012
Is generated from the generator, X3Representative subgroups
Figure FDA0002576880240000013
Selecting a cryptographically secure hash function H: {0,1}*→ZNLet attribute set U be { at1,at2,......,atn},n∈ZNFor each attribute atiRandomly choosing xiCalculating
Figure FDA0002576880240000014
Generating public parameters
Figure FDA0002576880240000015
(12) KGC generates a master key and public key pair, firstly, KGC randomly selects a, beta e to ZN *Calculating y as gβ,t=gaWith the master key of KGC set to MKKGC(β, a), the public key is PKKGC=(y,t);
(13) CSC randomly selects alpha epsilon ZN *Then calculate e (g, g)α(ii) a Computing an additional public and private key pair (EX) according to the Paillier homomorphic encryption schemePK,EXSK) The main key and the public key generated by the CSC are respectively MKCSC=(EXSK,α),PKKGC=(e(g,g)α,EXPK)。
3. The method for sharing cloud data based on block chains according to claim 1, wherein the step (4) comprises the following steps:
(41) the data owner encrypts the symmetric key: selecting an access strategy (A, rho) by a data owner for a symmetric key plaintext M to be encrypted, wherein A is a matrix of l rows and n columns, rho is a mapping function, and mapping each row i of the access matrix to a specific attribute rho (i)
Figure FDA0002576880240000021
Figure FDA0002576880240000022
For i 1, 2
Figure FDA0002576880240000023
To AiRandom selection of ri∈ZNCalculating C ═ M.e (g, g)αs,C0=ys
Figure FDA0002576880240000024
i=1,2,......,l;
Then generating a data ciphertext:
Figure FDA0002576880240000025
(42) after the encrypted data are uploaded to the CSC by the data owner, submitting a key ciphertext CT, a data hash value hash, an owner address and an owner ID to a block chain; the CSC submits storage location information of the uploaded data to the blockchain; and generating new blocks in the block chain, recording the information, and linking the blocks through data hash values.
4. The method for sharing cloud data based on block chain as claimed in claim 1, wherein said step (6) further comprises the steps of:
(61) the user randomly selects kid as a signature private key to calculate gkidAs a public key, a signature key pair is generated as MKsig=kid,PKsig=gkid(ii) a Sending a key request to KGC, the KGC firstly verifying the authenticity of the attribute owned by the user, after the verification is passed, the KGC selecting a E to ZNInputting secret information { beta, a }, and inputting secret information { alpha } by the CSC; then the KGC and the CSC execute a two-party secure computation protocol, the two-party secure computation protocol outputs a piece of secret information x ═ beta (alpha + a), and the secret information x ═ beta (alpha + a) is sent to the CSC;
(62) the CSC obtains the secret information x and randomly selects mu e to ZNCalculating
Figure FDA0002576880240000026
Sending to KGC; after KGC obtains A, calculate
Figure FDA0002576880240000027
Then sending A' to the CSC; after CSC acquires A', it is recalculated
Figure FDA0002576880240000028
Figure FDA0002576880240000029
According to X in the published parameter PP3CSC random selection
Figure FDA00025768802400000210
The following private key components are generated for the user:
Figure FDA00025768802400000211
(63) the attribute set owned by the user is S, atiE.g. S, user ugidSelecting private key kid epsilon ZNCalculating h ═ H (gid)kid(ii) a Then submit identity information gid and attribute atiKgc to verify e (h, g) ═ e (h (gid), PKsig) Whether the condition can be met or not; if true, KGC is the attribute at of each SiRandom selection of R0′,
Figure FDA0002576880240000031
Calculating K2=gahR0′,Ki=Ui ahRi(ii) a The final KGC generated private key component is { h, gid, K2,Ki}. combine the two-part generated key components, the final key being:
Figure FDA0002576880240000032
the CSC sends the key to the user.
5. The method for sharing cloud data based on block chains according to claim 1, wherein the step (7) is implemented as follows:
after obtaining the key returned by the CSC, the user sends a decryption request and a data hash value to the block chain, the block chain finds the block where the hash value is located, and a user symmetric key ciphertext is returned; the user uses the key obtained from the CSC
Figure FDA0002576880240000033
Decrypting, and if the decryption is successful, obtaining a plaintext of the symmetric key; if the decryption is unsuccessful, informing the user that the user does not have the right to access; and the user decrypts the encrypted data by using the symmetric key to obtain the data plaintext.
CN202010656324.6A 2020-07-09 2020-07-09 Cloud data sharing method based on block chain Active CN112019591B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010656324.6A CN112019591B (en) 2020-07-09 2020-07-09 Cloud data sharing method based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010656324.6A CN112019591B (en) 2020-07-09 2020-07-09 Cloud data sharing method based on block chain

Publications (2)

Publication Number Publication Date
CN112019591A true CN112019591A (en) 2020-12-01
CN112019591B CN112019591B (en) 2022-11-08

Family

ID=73499660

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010656324.6A Active CN112019591B (en) 2020-07-09 2020-07-09 Cloud data sharing method based on block chain

Country Status (1)

Country Link
CN (1) CN112019591B (en)

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112925850A (en) * 2021-02-25 2021-06-08 京信数据科技有限公司 Block chain data encryption uplink method, uplink sharing method and device
CN112989378A (en) * 2021-03-12 2021-06-18 北京航空航天大学 File trusted intermediate storage architecture based on attribute encryption
CN113065107A (en) * 2021-04-07 2021-07-02 福建师范大学 CP-ABE cloud data security sharing scheme based on block chain
CN113360925A (en) * 2021-06-04 2021-09-07 中国电力科学研究院有限公司 Method and system for storing and accessing trusted data in electric power information physical system
CN113438080A (en) * 2021-06-02 2021-09-24 重庆邮电大学 Block chain-based second-hand vehicle information sharing method
CN113595971A (en) * 2021-06-02 2021-11-02 云南财经大学 Block chain-based distributed data security sharing method, system and computer readable medium
CN113704815A (en) * 2021-07-27 2021-11-26 陕西科技大学 Flexible, safe and credible graph data sharing system and method based on block chain
CN113783685A (en) * 2021-08-30 2021-12-10 武汉海昌信息技术有限公司 System for protecting Internet of vehicles data by using block chain
CN113840115A (en) * 2021-04-26 2021-12-24 贵州大学 Monitoring video data encryption transmission system and method based on block chain
CN114039790A (en) * 2021-11-23 2022-02-11 重庆邮电大学 Block chain-based fine-grained cloud storage security access control method
CN114117475A (en) * 2021-11-12 2022-03-01 云南财经大学 Improved attribute-based encryption scheme system and encryption algorithm thereof
CN114244524A (en) * 2021-12-09 2022-03-25 中信银行股份有限公司 Data sharing method and system based on block chain
CN114285867A (en) * 2021-12-24 2022-04-05 北京航空航天大学云南创新研究院 Air-railway combined transport data sharing method and system based on alliance chain and attribute encryption
CN114510737A (en) * 2022-04-21 2022-05-17 浙江数秦科技有限公司 Operation data time-limited open system based on block chain
CN114531440A (en) * 2021-12-17 2022-05-24 重庆大学 Industry edge side data sharing system based on combination of active identification and block chain technology
CN115208656A (en) * 2022-07-12 2022-10-18 重庆邮电大学 Supply chain data sharing method and system based on block chain and authority management
CN115225258A (en) * 2022-09-19 2022-10-21 中电科新型智慧城市研究院有限公司 Block chain-based cross-domain trusted data security management method and system
CN117749526A (en) * 2024-02-06 2024-03-22 成都工业学院 Educational resource sharing method and system based on cloud computing
CN117768245A (en) * 2024-02-22 2024-03-26 暨南大学 full-link data security protection method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108259169A (en) * 2018-01-09 2018-07-06 北京大学深圳研究生院 A kind of file security sharing method and system based on block chain cloud storage
CN109559124A (en) * 2018-12-17 2019-04-02 重庆大学 A kind of cloud data safety sharing method based on block chain
CN110400642A (en) * 2019-06-12 2019-11-01 梁胤豪 A kind of medical data shared system and design method based on block chain technology

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108259169A (en) * 2018-01-09 2018-07-06 北京大学深圳研究生院 A kind of file security sharing method and system based on block chain cloud storage
CN109559124A (en) * 2018-12-17 2019-04-02 重庆大学 A kind of cloud data safety sharing method based on block chain
CN110400642A (en) * 2019-06-12 2019-11-01 梁胤豪 A kind of medical data shared system and design method based on block chain technology

Cited By (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112925850B (en) * 2021-02-25 2022-07-08 京信数据科技有限公司 Block chain data encryption uplink sharing method and device
CN112925850A (en) * 2021-02-25 2021-06-08 京信数据科技有限公司 Block chain data encryption uplink method, uplink sharing method and device
CN112989378A (en) * 2021-03-12 2021-06-18 北京航空航天大学 File trusted intermediate storage architecture based on attribute encryption
CN113065107A (en) * 2021-04-07 2021-07-02 福建师范大学 CP-ABE cloud data security sharing scheme based on block chain
CN113840115A (en) * 2021-04-26 2021-12-24 贵州大学 Monitoring video data encryption transmission system and method based on block chain
CN113840115B (en) * 2021-04-26 2023-04-18 贵州大学 Monitoring video data encryption transmission system and method based on block chain
CN113595971B (en) * 2021-06-02 2022-05-17 云南财经大学 Block chain-based distributed data security sharing method, system and computer readable medium
CN113595971A (en) * 2021-06-02 2021-11-02 云南财经大学 Block chain-based distributed data security sharing method, system and computer readable medium
CN113438080B (en) * 2021-06-02 2023-09-29 重庆邮电大学 Second-hand vehicle information sharing method based on block chain
CN113438080A (en) * 2021-06-02 2021-09-24 重庆邮电大学 Block chain-based second-hand vehicle information sharing method
CN113360925A (en) * 2021-06-04 2021-09-07 中国电力科学研究院有限公司 Method and system for storing and accessing trusted data in electric power information physical system
CN113360925B (en) * 2021-06-04 2024-04-30 中国电力科学研究院有限公司 Method and system for storing and accessing trusted data in power information physical system
CN113704815A (en) * 2021-07-27 2021-11-26 陕西科技大学 Flexible, safe and credible graph data sharing system and method based on block chain
CN113783685A (en) * 2021-08-30 2021-12-10 武汉海昌信息技术有限公司 System for protecting Internet of vehicles data by using block chain
CN114117475B (en) * 2021-11-12 2022-07-22 云南财经大学 Improved attribute-based encryption scheme system and encryption algorithm thereof
CN114117475A (en) * 2021-11-12 2022-03-01 云南财经大学 Improved attribute-based encryption scheme system and encryption algorithm thereof
CN114039790B (en) * 2021-11-23 2023-07-18 重庆邮电大学 Fine-grained cloud storage security access control method based on blockchain
CN114039790A (en) * 2021-11-23 2022-02-11 重庆邮电大学 Block chain-based fine-grained cloud storage security access control method
CN114244524A (en) * 2021-12-09 2022-03-25 中信银行股份有限公司 Data sharing method and system based on block chain
CN114244524B (en) * 2021-12-09 2024-01-30 中信银行股份有限公司 Block chain-based data sharing method and system
CN114531440A (en) * 2021-12-17 2022-05-24 重庆大学 Industry edge side data sharing system based on combination of active identification and block chain technology
CN114285867A (en) * 2021-12-24 2022-04-05 北京航空航天大学云南创新研究院 Air-railway combined transport data sharing method and system based on alliance chain and attribute encryption
CN114510737A (en) * 2022-04-21 2022-05-17 浙江数秦科技有限公司 Operation data time-limited open system based on block chain
CN114510737B (en) * 2022-04-21 2022-07-15 浙江数秦科技有限公司 Operation data time-limited open system based on block chain
CN115208656B (en) * 2022-07-12 2023-07-25 浪潮工创(山东)供应链科技有限公司 Supply chain data sharing method and system based on blockchain and authority management
CN115208656A (en) * 2022-07-12 2022-10-18 重庆邮电大学 Supply chain data sharing method and system based on block chain and authority management
CN115225258A (en) * 2022-09-19 2022-10-21 中电科新型智慧城市研究院有限公司 Block chain-based cross-domain trusted data security management method and system
CN117749526A (en) * 2024-02-06 2024-03-22 成都工业学院 Educational resource sharing method and system based on cloud computing
CN117749526B (en) * 2024-02-06 2024-05-28 成都工业学院 Educational resource sharing method and system based on cloud computing
CN117768245A (en) * 2024-02-22 2024-03-26 暨南大学 full-link data security protection method and system
CN117768245B (en) * 2024-02-22 2024-05-10 暨南大学 Full-link data security protection method and system

Also Published As

Publication number Publication date
CN112019591B (en) 2022-11-08

Similar Documents

Publication Publication Date Title
CN112019591B (en) Cloud data sharing method based on block chain
CN108632032B (en) Safe multi-keyword sequencing retrieval system without key escrow
CN111835500B (en) Searchable encryption data secure sharing method based on homomorphic encryption and block chain
CN108881314B (en) Privacy protection method and system based on CP-ABE ciphertext under fog computing environment
CN112073479A (en) Method and system for controlling de-centering data access based on block chain
CN111130757A (en) Multi-cloud CP-ABE access control method based on block chain
CN109145612B (en) Block chain-based cloud data sharing method for preventing data tampering and user collusion
Guo et al. TABE-DAC: Efficient traceable attribute-based encryption scheme with dynamic access control based on blockchain
CN106487506B (en) Multi-mechanism KP-ABE method supporting pre-encryption and outsourcing decryption
CN111614680B (en) CP-ABE-based traceable cloud storage access control method and system
CN114039790B (en) Fine-grained cloud storage security access control method based on blockchain
CN111274599A (en) Data sharing method based on block chain and related device
CN113987554B (en) Method, device and system for obtaining data authorization
Wang et al. Tag-based verifiable delegated set intersection over outsourced private datasets
CN117201132A (en) Multi-committee attribute base encryption method capable of achieving complete decentralization and application of multi-committee attribute base encryption method
Ali et al. Authorized attribute-based encryption multi-keywords search with policy updating
Ma et al. Be-trdss: Blockchain-enabled secure and efficient traceable-revocable data-sharing scheme in industrial internet of things
CN115982746B (en) Block chain-based data sharing method
WO2023134576A1 (en) Data encryption method, attribute authorization center, and storage medium
CN116318784B (en) Identity authentication method, identity authentication device, computer equipment and storage medium
CN115250205B (en) Data sharing method and system based on alliance chain, electronic device and storage medium
CN114629640B (en) White box disciplinable attribute-based encryption system and method for solving key escrow problem
CN106612173A (en) Encryption scheme for trusted key in cloud storage
CN116318663A (en) Multi-strategy safe ciphertext data sharing method based on privacy protection
CN116232568A (en) SM 9-based attribute-based encryption block chain access control method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 210003, 66 new model street, Gulou District, Jiangsu, Nanjing

Applicant after: NANJING University OF POSTS AND TELECOMMUNICATIONS

Address before: No. 186, software Avenue, Yuhuatai District, Nanjing, Jiangsu Province, 210012

Applicant before: NANJING University OF POSTS AND TELECOMMUNICATIONS

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant