CN112532580A - Data transmission method and system based on block chain and proxy re-encryption - Google Patents
Data transmission method and system based on block chain and proxy re-encryption Download PDFInfo
- Publication number
- CN112532580A CN112532580A CN202011145558.0A CN202011145558A CN112532580A CN 112532580 A CN112532580 A CN 112532580A CN 202011145558 A CN202011145558 A CN 202011145558A CN 112532580 A CN112532580 A CN 112532580A
- Authority
- CN
- China
- Prior art keywords
- data
- key
- terminal
- ciphertext
- requester
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a data transmission method and a system based on block chain and proxy re-encryption, wherein the system comprises a data owner terminal, a data proxy terminal and a data requester terminal; the data requester terminal initiates a data transmission request, the data owner terminal generates a proxy key, the proxy key is sent to the data proxy terminal, the proxy terminal re-encrypts the first ciphertext to generate a second ciphertext which can be decrypted by the key of the data requester, the second ciphertext is transmitted to the data requester terminal, and the data requester terminal decrypts the second ciphertext to obtain a plaintext. When the data owner terminal receives the data transmission request, the data to be transmitted which is uploaded does not need to be downloaded again, encrypted again and uploaded again, and the communication cost in the data transmission process is greatly reduced.
Description
Technical Field
The invention relates to the technical field of data transmission, in particular to a data transmission method and system based on block chain and proxy re-encryption.
Background
Most data management systems exist in a centralized fashion, where users need to store data in the management system in a clear, transacted and distributed manner by the management system when authorization is requested by the user. However, in this manner, when the management system is once hacked or an internal manager intentionally steals data, the user's original data is abused.
In order to solve the above problems, the prior art provides a decentralized management system based on a block chain technology, which enables a transaction authorization process of a user to be completed through an intelligent contract, and guarantees fairness and security between two parties of a transaction. In the technology, in order to protect own data from being controlled by a third party, a user encrypts and stores own data in a distributed database. When a user requests data, the data owner needs to download the ciphertext, then decrypts the ciphertext by using a private key of the data owner to obtain the plaintext, then re-encrypts the plaintext by using a public key of the data requester, and then uploads the re-encrypted ciphertext. In this process, the data owner needs to download the data again, encrypt the plaintext again by using the public key of the data requester, and upload the plaintext again, which may cause a significant communication cost.
Disclosure of Invention
The embodiment of the invention provides a data transmission method and a data transmission system based on block chains and proxy re-encryption, which can reduce the communication cost of data transmission.
A data transmission method based on block chain and proxy re-encryption comprises the following steps:
the data owner terminal encrypts data to be transmitted according to a public key of the data owner and a preset first encryption algorithm to generate a first ciphertext, and then transmits the first ciphertext to the data agent terminal; the data requester terminal uploads the public key of the data requester to the block chain and sends a data transmission request to the data owner terminal; the data owner terminal receives the data transmission request, acquires a public key of the data requester from the block chain, generates a proxy key according to the public key of the data requester, a private key of the data owner and a preset key generation algorithm, and transmits the proxy key to the data proxy terminal; the data agent terminal re-encrypts the first ciphertext according to the agent key and a preset second encryption algorithm to generate a second ciphertext corresponding to the public key of the data requester, and transmits the second ciphertext to the data requester terminal; and after receiving the second ciphertext, the data requester terminal decrypts the second ciphertext according to the key of the data requester to obtain the data plaintext of the data to be transmitted.
Preferably, the data to be transmitted is encrypted according to the public key of the data owner and a preset first encryption algorithm to generate a first ciphertext, which specifically includes: randomly selecting parameters e and v, and then encrypting data to be transmitted by the following formula:
E=[e]G=(x3,y3);V=[v]G=(x4,y4);S=v+eHash(x3||x4||y3||y4);
(v+e)pkAlice=(x5,y5);t=KDF(x5||y5,klen);
C2=Hash(x5||M||y5);C=C1||C2;CapsuleAclie=(E,V,S);
mixing (C, Capsule)Aclie) As the first ciphertext;
wherein, pkAliceIs a public key of the data owner, and pkAlice=skAliceG;skAliceA private key that is the owner of the data; EQ (F)q) Is FqA set of all rational points of the upper elliptic curve EQ; g isA base point of the elliptic curve EQ; n is the order of the base point G; hash () is a cryptographic Hash function based on SM 3; m is the data to be transmitted; KDF () is a key derivation function; klen is the bit length of key data to be obtained by KDF (); e is [1, n-1]](ii) a v belongs to [1, n-1]]。
Preferably, the generating of the proxy key according to the public key of the data requester, the private key of the data owner, and a preset key generating algorithm specifically includes: generating the proxy key by:
YA=xAG;d=Hash(YA||pkBob||xApkBob);rk=skAliced-1;
taking rk as the proxy key; wherein x isABelong to [1, n-1]];pkBobIs a public key of a data requester, and pkBob=skBobG;skBobIs the private key of the data requestor.
Preferably, the first ciphertext is re-encrypted according to the proxy key and a preset second encryption algorithm to generate a second ciphertext corresponding to the public key of the data requestor, specifically:
judging whether SG is equal to Hash (x)3||x4||y3||y4) E + V, if equal, re-encrypting the first ciphertext by:
E′=rkE;V′=rkV;S′=rkS;CapsuleBob=(E′,V′,S′);
mixing (C, Capsule)Bob) As the second ciphertext.
Preferably, the decrypting the second ciphertext according to the key of the data requester to obtain the data plaintext of the data to be transmitted specifically includes: judging whether SG is equal to Hash (x)3||x4||y3||y4) E + V, if equal, decrypting the second ciphertext by the following formula:
d=Hash(YA||pkBob||skBobYA);d(E′+V′)=(x′5,y′5);
t′=KDF(x′5||y′5,klen);
C′2=Hash(x′4||M′||y′4);
judging the C2Is equal to C'2And if so, taking M' as the data plaintext of the data to be transmitted.
Preferably, the data transmission method based on blockchain and proxy re-encryption further includes: and when encrypting the data to be transmitted, the data owner terminal generates a data abstract of the data to be transmitted and uploads the data abstract to the block chain, so that a data requester can judge whether the data to be transmitted is the data required by the data requester according to the data abstract.
Preferably, when the data requester queries the desired data in the block chain through the data summary, the data requester performs a data request operation, and the data requester terminal first initiates an offline sharing transaction request to the data owner; under the condition that the owner agrees, the requester stores the amount of money to be paid as a deposit in the intelligent contract through the data requester terminal; after the data owner knows that the data requester completes deposit payment through the data owner terminal, the data owner generates a proxy key by using a preset key generation algorithm by using the private key of the data owner and the public key of the requester through the data owner terminal.
A data transmission system based on blockchain and proxy re-encryption, comprising: the data agent terminal is connected with the data owner terminal;
the data owner terminal is used for encrypting data to be transmitted according to a public key of the data owner and a preset first encryption algorithm to generate a first ciphertext and then transmitting the first ciphertext to the data agent terminal;
the data requester terminal is used for uploading the public key of the data requester to the block chain and sending a data transmission request to the data owner terminal;
the data owner terminal is further used for receiving the data transmission request, acquiring a public key of the data requester from the block chain, generating an agent key according to the public key of the data requester, a private key of the data owner and a preset key generation algorithm, and transmitting the agent key to the data agent terminal;
the data agent terminal is used for re-encrypting the first ciphertext according to the agent key and a preset second encryption algorithm to generate a second ciphertext corresponding to the public key of the data requester and transmitting the second ciphertext to the data requester terminal;
and the data requester terminal is further used for decrypting the second ciphertext according to the key of the data requester after receiving the second ciphertext to obtain the data plaintext of the data to be transmitted.
By implementing the embodiment of the invention, the following beneficial effects are achieved:
the invention provides a data transmission method and a system based on a block chain and proxy re-encryption, wherein in the data transmission process, a user initiates a data transmission request through a data requester terminal, the data owner terminal does not need to re-download the uploaded encrypted data to be transmitted (namely, the first ciphertext), only needs to generate a proxy key, then sends the proxy key to the data proxy terminal, the proxy terminal re-encrypts the first ciphertext to generate a second ciphertext which can be decrypted by the key of the data requester, then transmits the second ciphertext to the data requester terminal, and the data requester terminal decrypts to obtain a plaintext. And then the data is encrypted again and then uploaded, so that the communication cost in the data transmission process is greatly reduced.
Drawings
Fig. 1 is a system architecture diagram of a data transmission system based on blockchain and proxy re-encryption according to an embodiment of the present invention.
Fig. 2 is a schematic flow chart of a data transmission method based on blockchain and proxy re-encryption according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The definitions of some of the letters and formulas involved in the present invention are explained first:
{skAlice,pkAlice}: public-private key pair of data owner, pkAlice=skAliceG;skAliceBeing the private key of the data owner, pkAliceIs the public key of the data owner.
{skBob,pkBob}: public and private key pair of data requester, where pkBob=skBobG;skBobIs the private key, pk, of the data requesterBobIs the public key of the data requestor.
EQ(Fq):FqThe set of all rational points of the upper elliptic curve EQ.
G: the base point of the elliptic curve has a large prime number n.
n: order of base point G (n is # E (F)q) Prime factor of).
Hash (): a cryptographic hash function based on SM 3.
M: data to be transmitted.
M': and the data information is obtained after being decrypted by the data requester.
rk: a proxy key.
KDF (): a key derivation function.
klen: represents the bit length of key data to be obtained by KDF ().
As shown in fig. 1, a data transmission system based on blockchain and proxy re-encryption according to an embodiment of the present invention includes: the data agent terminal is connected with the data owner terminal; referring to fig. 2, the data transmission method applicable to the data transmission system based on blockchain and proxy re-encryption is as follows:
the data owner terminal encrypts data to be transmitted according to a public key of the data owner and a preset first encryption algorithm to generate a first ciphertext, and then transmits the first ciphertext to the data agent terminal;
the data requester terminal uploads the public key of the data requester to the block chain and sends a data transmission request to the data owner terminal;
the data owner terminal receives the data transmission request, acquires a public key of the data requester from the block chain, generates a proxy key according to the public key of the data requester, a private key of the data owner and a preset key generation algorithm, and transmits the proxy key to the data proxy terminal;
the data agent terminal re-encrypts the first ciphertext according to the agent key and a preset second encryption algorithm to generate a second ciphertext corresponding to the public key of the data requester, and transmits the second ciphertext to the data requester terminal;
and after receiving the second ciphertext, the data requester terminal decrypts the second ciphertext according to the key of the data requester to obtain the data plaintext of the data to be transmitted.
In this embodiment: the method comprises the following steps of encrypting data to be transmitted according to a public key of a data owner and a preset first encryption algorithm to generate a first ciphertext, and specifically comprises the following steps: randomly selecting parameters e and v, and then encrypting data to be transmitted by the following formula:
E=[e]G=(x3,y3);V=[v]G=(x4,y4);S=v+eHash(x3||x4||y3||y4);
(v+e)pkAlice=(x5,y5);t=KDF(x5||y5,klen);
C2=Hash(x5||M||y5);C=C1||C2;CapsuleAclie=(E,V,A);
mixing (C, Capsule)Aclie) As the first ciphertext;
in a preferred embodiment, the generating a proxy key according to the public key of the data requester, the private key of the data owner, and a preset key generation algorithm specifically includes: generating the proxy key by:
YA=xAG;d=Hash(YA||pkBob||xApkBob);rk=skAliced-1;
taking rk as the proxy key;
wherein x isABelong to [1, n-1]];pkBobIs a public key of a data requester, and pkBob=skBobG;skBobIs the private key of the data requestor.
In this embodiment, the re-encrypting the first ciphertext according to the proxy key and a preset second encryption algorithm to generate a second ciphertext corresponding to the public key of the data requestor specifically includes:
judging whether SG is equal to Hash (x)3||x4||y3||y4) E + V, if equal, re-encrypting the first ciphertext by:
E′=rkE;V′=rkV;S′=rkS;CapsuleBob=(E′,V′,S′);
mixing (C, Capsule)Bob) As the second ciphertext.
In this embodiment, the decrypting the second ciphertext according to the key of the data requestor to obtain the data plaintext of the data to be transmitted specifically includes: judging whether SG is equal to Hash (x)3||x4||y3||y4) E + V, if equal, generating the decryption of the second ciphertext by the following formula:
d=Hash(YA||pkBob||skBobYA);d(E′+V′)=(x′5,y′5);
t′=KDF(x′5||y′5,klen);
C′2=Hash(x′4||M′||y′4);
judging the C2Is equal to C'2And if so, taking M' as the data plaintext of the data to be transmitted.
In this embodiment, the data owner terminal is further configured to generate a data digest of the data to be transmitted when the data to be transmitted is encrypted, and then the data digest is sent to the block chain, so that a data requester can determine whether the data to be transmitted is data required by the data requester according to the data digest.
The above is further explained below:
the initialization of the system is firstly completed by a data agent service terminal (data agent terminal), the initialization process does not involve the generation and registration of public and private keys of users (data owners and data requesters), and only the setting of relevant parameters in the SM2 algorithm (elliptic curve public key cryptography algorithm) is completed. Specifically, the data owner is from FqRandomly selecting a private key skAliceWhile computing the corresponding public key pkAlice=skAliceG. Similarly, other participants (data requestors) in the system generate public and private keys in the same manner. In this phase, each user may generate its own public-private key pair and publish the public key and associated descriptive information in the blockchain to indicate the user's identity and the data classes in possession.
This is followed by encryption of the data and publication of the data digest:
in the data encryption process, the data owner terminal completes the encryption of the data M to be transmitted based on the first encryption algorithm, and generates a first ciphertext (C, capsule alice) in the following specific process:
(1) randomly selecting e, v ← [1, n-1 ];
(2) calculating E ═ E]G=(x3,y3) And V ═ V]G=(x4,y4);
(3) Calculate S ═ v + eHash (x)3||x4||y3||y4);
(4) (v + e) pk was calculatedAlice=(x5,y5);
(5) Calculating t ═ KDF (x)5||y5,klen);
(6) Computing
(7) Calculating C2=Hash(x5||M||y5);
(8) Calculating C ═ C1||C2And CapsuleAclie=(E,V,S);
(9) Mixing (C, Capsule)Alice) And the first ciphertext is used as a first ciphertext and is sent to the data agent terminal.
Meanwhile, the data owner terminal publishes the Hash (M) of the data M to be transmitted and the description des of the data as a data abstract in a block chain in a transaction form, namely com0{ hash (m), des }. In order to prevent the data owner from sharing the data to the data requester, the data owner needs to lock a deposit coin in the smart contract0The deposit cannot be retrieved by the user himself during the data sharing phase, and can only be removed after a specified time limit, or in the presence of malicious activity.
This is followed by a data sharing exchange request initiation:
when the data requester inquires the desired data in the block chain through the data abstract, the data requester terminal can firstly initiate an offline sharing transaction request to the data owner by performing a data request operation. Under the condition of the owner's consent, the requester passes the amount to be paid as deposit through the data requester terminalStored in the smart contract. The data owner learns that the data requester completes deposit payment through the data owner terminal, and then sends the private key sk of the data owner terminalAliceAnd the public key sk of the requesterBobA proxy key rk is generated using a key generation algorithm and transmitted by the data owner terminal to the data proxy terminal, which then re-encrypts.
The data owner terminal generates the proxy key rk according to a key generation algorithm, and the specific process is as follows:
(1) randomly choosing xA←[1,n-1];
(2) Calculating YA=xAG;
(3) Calculating d-Hash (Y)A||pkBob||xApkBob);
(4) Calculating rk ═ skAliced-1;
Data re-encryption of the data proxy terminal follows:
in this stage, the data proxy server may complete the re-encryption calculation of the first ciphertext through the second encryption algorithm, and after the calculation is completed, a second ciphertext corresponding to the public key of the data requester may be obtained. In addition, the data proxy server sends a notification through the signature transaction that the blockchain has completed the re-encryption calculation and has sent the second ciphertext to the data requestor terminal, through which the data requestor terminal is required to confirm in the contract that the second ciphertext data has been received. If the data requester maliciously claims that the ciphertext data is not received, the data agent service terminal is required to disclose the corresponding ciphertext data, each block chain link node can download, and if most of nodes verify that the ciphertext data is correctly calculated, the data agent service terminal determines the malicious behavior of the requester and directly distributes the deposit stored by the requester to the data owner and each block chain node.
The data agent service terminal runs a second encryption algorithm to obtain a second ciphertext (C)Bob) And the specific process of transmitting to the data requester terminal is as follows:
(1) authenticationWhether SG equals Hash (x)3||x4||y3||y4) E + V, if the values are not equal, the operation is quitted, and if the values are equal, the next step is executed;
(2) calculating E 'rkE, V rkV and S' rkS;
(3)CapsuleBob=(E′,V′,S′);
(4) sending (C, Capsule)Bob) To the data requestor terminal.
And finally, decrypting the data:
after the data requester terminal acquires the second ciphertext data, the private key sk of the data requester may be utilizedBobDecryption is performed.
The specific decryption process is as follows:
(1) verify if SG equals Hash (x)3||x4||y3||y4) E + V; if yes, executing the next step, otherwise, ending, and failing to decrypt.
(2) Calculating d-Hash (Y)A||pkBob||skBobYA)
(3) Calculating d (E ' + V ') -x '5,y′5)
(4) Calculating t ═ KDF (x'5||y′5,klen)
(5) Computing
(6) C 'is calculated'2=Hash(x′4||M′||y′4)
(7) Verification C2Is equal to C'2If not, the operation is wrong and exits;
(8) the original message M is obtained.
In addition, the data in the invention has the capability of reserving the first ciphertext for decrypting the first ciphertext, and the decryption process of the first ciphertext is as follows:
(1) verify if SG equals Hash (x)3||x4||y3||y4) E + V; if yes, executing the next step, otherwise, ending, and failing to decrypt.
(2) Calculating d-Hash (Y)A||pkBob||skBobYA);
(3) Computing skAlice(E+V)=(x′5,y′5);
(4) Calculating t'rk=KDF(x′5||y′5,klen);
(5) Computing
(6) C 'is calculated'2=Hash(x′4||M′||y′4);
(7) Extracting C from C2Verification C2Is equal to C'2And equality results in the original message M.
The data requester can compare the decrypted message with the data abstract uploaded to the block chain by the data owner through the data requester terminal, if the decrypted message is inconsistent with the data abstract uploaded to the block chain by the data owner, the owner has malicious behaviors, and the data requester can upload corresponding evidence to perform non-compliance declaration. If no malicious behavior exists, after the specified time, the data owner can take the deposit locked by the data requester in the intelligent contract through the data owner terminal, so that the payment of the transaction is completed.
In summary, the data requester terminal initiates a data transmission request, the data owner terminal generates a proxy key, then sends the proxy key to the data proxy terminal, the proxy terminal re-encrypts the first ciphertext to generate a second ciphertext that can be decrypted by the key of the data requester, and then the second ciphertext is transmitted to the data requester terminal, and the data requester terminal decrypts the second ciphertext to obtain a plaintext. When the data owner terminal receives the data transmission request, the data to be transmitted which is uploaded does not need to be downloaded again, encrypted again and uploaded again, and the communication cost in the data transmission process is greatly reduced.
It should be noted that this method embodiment corresponds to the above system embodiment of the present invention, and the specific implementation principle thereof is the same as the principle disclosed in the above system embodiment, and is not described herein again.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention.
Claims (8)
1. A data transmission method based on block chain and proxy re-encryption is characterized by comprising the following steps:
the data owner terminal encrypts data to be transmitted according to a public key of the data owner and a preset first encryption algorithm to generate a first ciphertext, and then transmits the first ciphertext to the data agent terminal;
the data requester terminal uploads the public key of the data requester to the block chain and sends a data transmission request to the data owner terminal;
the data owner terminal receives the data transmission request, acquires a public key of the data requester from the block chain, generates a proxy key according to the public key of the data requester, a private key of the data owner and a preset key generation algorithm, and transmits the proxy key to the data proxy terminal;
the data agent terminal re-encrypts the first ciphertext according to the agent key and a preset second encryption algorithm to generate a second ciphertext corresponding to the public key of the data requester, and transmits the second ciphertext to the data requester terminal;
and after receiving the second ciphertext, the data requester terminal decrypts the second ciphertext according to the key of the data requester to obtain the data plaintext of the data to be transmitted.
2. The data transmission method based on the blockchain and the proxy re-encryption as claimed in claim 1, wherein the data to be transmitted is encrypted according to a public key of a data owner and a preset first encryption algorithm to generate a first ciphertext, specifically:
randomly selecting parameters e and v, and then encrypting data to be transmitted by the following formula:
E=[e]G=(x3,y3);V=[v]G=(x4,y4);S=v+eHash(x3||x4||y3||y4);
(v+e)pkAlice=(x5,y5);t=KDF(x5||y5,klen);
C2=Hash(x5||M||y5);C=C1||C2;CapsuleAclie=(E,V,S);
mixing (C, Capsule)Aclie) As the first ciphertext;
wherein, pkAliceIs a public key of the data owner, and pkAlice=skAliceG;skAliceA private key that is the owner of the data; EQ (F)q) Is FqA set of all rational points of the upper elliptic curve EQ; g is a base point of the elliptic curve EQ; n is the order of the base point G; hash () is a cryptographic Hash function based on SM 3; m is the data to be transmitted; KDF () is a key derivation function; klen is the bit length of key data to be obtained by KDF (); e is [1, n-1]](ii) a v belongs to [1, n-1]]。
3. The data transmission method based on blockchain and proxy re-encryption according to claim 2, wherein a proxy key is generated according to the public key of the data requester, the private key of the data owner, and a preset key generation algorithm, specifically:
generating the proxy key by:
YA=xAG;d=Hash(YA||pkBob||xApkBob);rk=skAliced-1;
taking rk as the proxy key;
wherein x isABelong to [1, n-1]];pkBobIs a public key of a data requester, and pkBob=skBobG;skBobIs the private key of the data requestor.
4. The data transmission method according to claim 3, wherein the re-encrypting the first ciphertext according to the proxy key and a preset second encryption algorithm to generate a second ciphertext corresponding to the public key of the data requestor is specifically:
judging whether SG is equal to Hash (x)3||x4||y3||y4) E + V, if equal, re-encrypting the first ciphertext by:
E′=rkE;V′=rkV;S′=rkS;CapsuleBob=(E′,V′,S′);
mixing (C, Capsule)Bob) As the second ciphertext.
5. The data transmission method based on the blockchain and the proxy re-encryption according to claim 4, wherein the decrypting the second ciphertext according to the key of the data requester to obtain the data plaintext of the data to be transmitted specifically comprises:
judging whether SG is equal to Hash (x)3||x4||y3||y4) E + V, if equal, decrypting the second ciphertext by the following formula:
d=Hash(YA||pkBob||skBobYA);d(E′+V′)=(x′5,y′5);
t′=KDF(x′5||y′5,klen);
C′2=Hash(x′4||M′||y′4);
judging the C2Is equal to C'2And if so, taking M' as the data plaintext of the data to be transmitted.
6. The data transmission method based on blockchain and proxy re-encryption according to claim 1, further comprising: and when encrypting the data to be transmitted, the data owner terminal generates a data abstract of the data to be transmitted and uploads the data abstract to the block chain, so that a data requester can judge whether the data to be transmitted is the data required by the data requester according to the data abstract.
7. The blockchain and proxy re-encryption based data transmission method according to claim 6, wherein when the data requester queries the desired data in the blockchain through the data digest, a data request operation is performed, and the data requester terminal first initiates an offline share transaction request to the data owner; under the condition that the owner agrees, the requester stores the amount of money to be paid as a deposit in the intelligent contract through the data requester terminal; after the data owner knows that the data requester completes deposit payment through the data owner terminal, the data owner generates a proxy key by using a preset key generation algorithm by using the private key of the data owner and the public key of the requester through the data owner terminal.
8. A data transmission system based on blockchain and proxy re-encryption, comprising: the data agent terminal is connected with the data owner terminal;
the data owner terminal is used for encrypting data to be transmitted according to a public key of the data owner and a preset first encryption algorithm to generate a first ciphertext and then transmitting the first ciphertext to the data agent terminal;
the data requester terminal is used for uploading the public key of the data requester to the block chain and sending a data transmission request to the data owner terminal;
the data owner terminal is further used for receiving the data transmission request, acquiring a public key of the data requester from the block chain, generating an agent key according to the public key of the data requester, a private key of the data owner and a preset key generation algorithm, and transmitting the agent key to the data agent terminal;
the data agent terminal is used for re-encrypting the first ciphertext according to the agent key and a preset second encryption algorithm to generate a second ciphertext corresponding to the public key of the data requester and transmitting the second ciphertext to the data requester terminal;
and the data requester terminal is further used for decrypting the second ciphertext according to the key of the data requester after receiving the second ciphertext to obtain the data plaintext of the data to be transmitted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011145558.0A CN112532580B (en) | 2020-10-23 | 2020-10-23 | Data transmission method and system based on block chain and proxy re-encryption |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011145558.0A CN112532580B (en) | 2020-10-23 | 2020-10-23 | Data transmission method and system based on block chain and proxy re-encryption |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112532580A true CN112532580A (en) | 2021-03-19 |
| CN112532580B CN112532580B (en) | 2022-09-06 |
Family
ID=74980311
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011145558.0A Active CN112532580B (en) | 2020-10-23 | 2020-10-23 | Data transmission method and system based on block chain and proxy re-encryption |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112532580B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113312647A (en) * | 2021-06-23 | 2021-08-27 | 东北大学秦皇岛分校 | Multi-agent data sharing method based on block chain storage |
| CN113315758A (en) * | 2021-05-11 | 2021-08-27 | 支付宝(杭州)信息技术有限公司 | Information agent method and device |
| CN113360886A (en) * | 2021-04-23 | 2021-09-07 | 山东英信计算机技术有限公司 | Method, device and equipment for sharing encrypted data and readable medium |
| CN114553431A (en) * | 2022-01-27 | 2022-05-27 | 北京信息科技大学 | Communication method and device with memory function |
| CN114844695A (en) * | 2022-04-28 | 2022-08-02 | 华能招标有限公司 | Service data circulation method, system and related equipment based on block chain |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011027189A1 (en) * | 2009-09-02 | 2011-03-10 | 独立行政法人情報通信研究機構 | Two-functional id-based encrypting method and cryptosystem |
| CN110430186A (en) * | 2019-07-31 | 2019-11-08 | 国网电子商务有限公司 | Block chain data transacting system and method based on proxy re-encryption and intelligent contract |
| CN110688673A (en) * | 2019-09-19 | 2020-01-14 | 安徽师范大学 | Medical data sharing method, device and system based on cloud server and block chain |
| WO2020084418A1 (en) * | 2018-10-27 | 2020-04-30 | nChain Holdings Limited | Computer implemented system and method for distributing shares of digitally signed data |
| CN111191288A (en) * | 2019-12-30 | 2020-05-22 | 中电海康集团有限公司 | Block chain data access authority control method based on proxy re-encryption |
| CN111222155A (en) * | 2020-01-08 | 2020-06-02 | 湖南智慧政务区块链科技有限公司 | Method and system for combining re-encryption and block link |
| CN111523133A (en) * | 2020-04-24 | 2020-08-11 | 远光软件股份有限公司 | Block chain and cloud data collaborative sharing method |
-
2020
- 2020-10-23 CN CN202011145558.0A patent/CN112532580B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011027189A1 (en) * | 2009-09-02 | 2011-03-10 | 独立行政法人情報通信研究機構 | Two-functional id-based encrypting method and cryptosystem |
| WO2020084418A1 (en) * | 2018-10-27 | 2020-04-30 | nChain Holdings Limited | Computer implemented system and method for distributing shares of digitally signed data |
| CN110430186A (en) * | 2019-07-31 | 2019-11-08 | 国网电子商务有限公司 | Block chain data transacting system and method based on proxy re-encryption and intelligent contract |
| CN110688673A (en) * | 2019-09-19 | 2020-01-14 | 安徽师范大学 | Medical data sharing method, device and system based on cloud server and block chain |
| CN111191288A (en) * | 2019-12-30 | 2020-05-22 | 中电海康集团有限公司 | Block chain data access authority control method based on proxy re-encryption |
| CN111222155A (en) * | 2020-01-08 | 2020-06-02 | 湖南智慧政务区块链科技有限公司 | Method and system for combining re-encryption and block link |
| CN111523133A (en) * | 2020-04-24 | 2020-08-11 | 远光软件股份有限公司 | Block chain and cloud data collaborative sharing method |
Non-Patent Citations (2)
| Title |
|---|
| SAHIL GARG等: "ECC-based Secure and Provable Authentication Mechanism for Smart Healthcare Ecosystem", 《ICC 2020 - 2020 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS (ICC)》 * |
| 李莉等: "基于区块链与代理重加密的数据共享方案", 《信息网络安全》 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113360886A (en) * | 2021-04-23 | 2021-09-07 | 山东英信计算机技术有限公司 | Method, device and equipment for sharing encrypted data and readable medium |
| CN113360886B (en) * | 2021-04-23 | 2023-02-28 | 山东英信计算机技术有限公司 | Method, device and equipment for sharing encrypted data and readable medium |
| CN113315758A (en) * | 2021-05-11 | 2021-08-27 | 支付宝(杭州)信息技术有限公司 | Information agent method and device |
| CN113312647A (en) * | 2021-06-23 | 2021-08-27 | 东北大学秦皇岛分校 | Multi-agent data sharing method based on block chain storage |
| CN113312647B (en) * | 2021-06-23 | 2022-06-24 | 东北大学秦皇岛分校 | Multi-agent data sharing method based on block chain storage |
| CN114553431A (en) * | 2022-01-27 | 2022-05-27 | 北京信息科技大学 | Communication method and device with memory function |
| CN114844695A (en) * | 2022-04-28 | 2022-08-02 | 华能招标有限公司 | Service data circulation method, system and related equipment based on block chain |
| CN114844695B (en) * | 2022-04-28 | 2024-06-25 | 华能招标有限公司 | Business data circulation method, system and related equipment based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112532580B (en) | 2022-09-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112532580B (en) | Data transmission method and system based on block chain and proxy re-encryption | |
| CN109040045B (en) | Cloud storage access control method based on ciphertext policy attribute-based encryption | |
| CN108352015B (en) | Secure multi-party loss-resistant storage and encryption key transfer for blockchain based systems in conjunction with wallet management systems | |
| CN113553574A (en) | Internet of things trusted data management method based on block chain technology | |
| US5315658A (en) | Fair cryptosystems and methods of use | |
| CN109768987A (en) | A kind of storage of data file security privacy and sharing method based on block chain | |
| CN109450843B (en) | SSL certificate management method and system based on block chain | |
| CN111371790B (en) | Data encryption sending method based on alliance chain, related method, device and system | |
| US20030081774A1 (en) | Method and apparatus for dynamic generation of symmetric encryption keys and exchange of dynamic symmetric key infrastructure | |
| CN115549887A (en) | Determination of a common secret and hierarchical deterministic keys for the secure exchange of information | |
| CN113225302B (en) | Data sharing system and method based on proxy re-encryption | |
| CN106487506B (en) | Multi-mechanism KP-ABE method supporting pre-encryption and outsourcing decryption | |
| CN110599163B (en) | Transaction record outsourcing method facing block chain transaction supervision | |
| US8806206B2 (en) | Cooperation method and system of hardware secure units, and application device | |
| USRE36918E (en) | Fair cryptosystems and methods of use | |
| CN112187798B (en) | Bidirectional access control method and system applied to cloud-side data sharing | |
| CN114039790A (en) | Block chain-based fine-grained cloud storage security access control method | |
| US12010216B2 (en) | Computer-implemented system and method for highly secure, high speed encryption and transmission of data | |
| CN110380845B (en) | Quantum secret communication alliance chain transaction method, system and equipment based on group symmetric key pool | |
| CN114036539A (en) | Safety auditable Internet of things data sharing system and method based on block chain | |
| CN109547413B (en) | Access control method of convertible data cloud storage with data source authentication | |
| US20200235915A1 (en) | Computer-implemented system and method for highly secure, high speed encryption and transmission of data | |
| CN114154181A (en) | Privacy calculation method based on distributed storage | |
| CN114244524A (en) | Data sharing method and system based on block chain | |
| CN110557367A (en) | Secret key updating method and system for quantum computing secure communication resistance based on certificate cryptography |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |