CN112925850B - Block chain data encryption uplink sharing method and device - Google Patents

Block chain data encryption uplink sharing method and device Download PDF

Info

Publication number
CN112925850B
CN112925850B CN202110211282.XA CN202110211282A CN112925850B CN 112925850 B CN112925850 B CN 112925850B CN 202110211282 A CN202110211282 A CN 202110211282A CN 112925850 B CN112925850 B CN 112925850B
Authority
CN
China
Prior art keywords
ciphertext
data
center
sharing
block chain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110211282.XA
Other languages
Chinese (zh)
Other versions
CN112925850A (en
Inventor
王济平
黎刚
汤克云
吴子弘
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jingxin Data Technology Co ltd
Original Assignee
Jingxin Data Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jingxin Data Technology Co ltd filed Critical Jingxin Data Technology Co ltd
Priority to CN202110211282.XA priority Critical patent/CN112925850B/en
Publication of CN112925850A publication Critical patent/CN112925850A/en
Application granted granted Critical
Publication of CN112925850B publication Critical patent/CN112925850B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Bioethics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention relates to a block chain data encryption uplink method, an uplink sharing method and an uplink sharing device. The method comprises the following steps: the data providing end encrypts the plaintext data for the first time to obtain a ciphertext ct1 and transmits the ciphertext to the trusted center; the trusted center randomly encrypts the ciphertext ct1 to obtain a ciphertext ct2, generates a unique ciphertext ct3 with a fixed length corresponding to the ciphertext ct2 by using an encryption algorithm, stores the ciphertext ct2 and the ciphertext ct3 in pair, and returns the ciphertext ct 3; and (4) saving the callback result after the ciphertext ct3 is successfully linked up and successfully linked up to the authorization center. The method of the invention can not cause pressure on account book storage, network and the like when the chain is encrypted by the large text, and can not cause adverse effect on the transaction performance and efficiency of the whole block chain. On the premise of not exposing the private key of the data owner, the problem of data sharing on the chain is solved through the authorization center, the data sharing and key management expenses are saved for the owner and the user, meanwhile, fine-grained management is carried out on the data sharing range, and one-time encryption and controllable sharing of data are achieved.

Description

Block chain data encryption uplink sharing method and device
Technical Field
The present invention relates to a block chain encryption technology, and in particular, to a block chain data encryption uplink method, an uplink sharing method and an apparatus.
Background
Under the large background that the block chain technology is widely applied and popularized in various industries, the block chain has the characteristic of public transparency, and each block chain node and a user can check the block chain data transaction chaining condition through a block chain browser. However, in the era of the blockchain 3.0, the blockchain technology is becoming more and more popular in industrialized applications, and unlike the traditional era of blockchain digital currency, the blockchain industrialized applications are focusing on protecting private data, and data on the blockchain is not completely opened and viewed by users, so that the data on the blockchain needs to be encrypted.
Due to the block chain distributed book characteristic, each block chain node stores the same global data. At present, a common public and private key mode is adopted for encryption, and after a result ciphertext is obtained, the size, length and length of data are generally similar to or larger than the size of original data. And decrypts the data using the private key encrypted by the corresponding encrypted public key. If data needs to be transmitted to multiple blockchain account numbers, the uplink needs to be encrypted for multiple times by using the public and private keys of all blockchain account numbers needing to be accepted. Due to the characteristic of distributed full data storage of the blockchain nodes, if the blockchain account book data is too large when more text data is needed to perform uplink application in certain service scenes, huge cost is brought during later maintenance and node capacity expansion synchronization.
From account book capacity, the existing mode of directly chaining after encrypting data to obtain a ciphertext can cause great pressure on account book storage, networks and the like, greatly adversely affect the transaction performance and efficiency of the whole block chain, and cause difficulty for operation and maintenance of the block chain. The existing block chain encryption storage mode is mainly based on a common public and private key encryption mode, data encryption is carried out through a public key, however, when large text data are encrypted, generated ciphertext data are amplified in the same proportion, and due to the distributed account book storage characteristic of block chain link points, in business scenes such as high concurrency business generation data and large amount of data sharing through data, if cochain storage is carried out through large text ciphertext data, storage bottlenecks are brought to each block chain link point, and data transmission efficiency is greatly influenced.
In addition, the control capability of the data sharing range of the conventional method is weak in view of the control capability of the on-chain data sharing range. When data sharing is performed based on the block chain, data owner usually needs to directly decrypt the data, or the data user needs to decrypt the data through the private key of the encryptor. These two current approaches are disadvantageous for reducing the workload of the data owner and controlling the scope of data sharing. If the data is decrypted by the data owner, each decryption is performed by the data owner, which may cause a large time and workload cost to the data owner. If the data is decrypted by the data user, the decryption private key needs to be provided for the data user, and besides the leakage of the private key, all the data encrypted by the public and private keys can be decrypted, so that the data sharing range is uncontrollable. If different public and private keys are used for encrypting and decrypting different data, in order to ensure the granularity of data sharing, a unique public and private key needs to be allocated for each piece of data. Although this can solve the problem of sharing the data range, it also brings huge cost to both encryption and decryption.
Disclosure of Invention
The present invention is directed to overcome the above drawbacks of the prior art, and provides a method and an apparatus for encrypted uplink of block chain data, and a method and an apparatus for uplink sharing, so as to solve the adverse effect of encrypted uplink of large text data.
In order to achieve the purpose, the invention adopts the following technical scheme: a method for block chain data encrypted uplink, comprising the steps of: step S1, encrypting the plaintext data for the first time by the data providing end to obtain a ciphertext ct1, and transmitting the ciphertext to the trusted center; step S2, the trusted center randomly encrypts the ciphertext ct1 to obtain a ciphertext ct2, generates a fixed-length unique ciphertext ct3 corresponding to the ciphertext ct2 by using an encryption algorithm, stores the ciphertext ct2 and the ciphertext ct3 in pair, and returns the ciphertext ct 3; step S3, the ciphertext ct3 is linked, and the callback result after successful linking is stored in the authorization center.
In step S1, the plaintext data is first encrypted using the public key of the data provider.
In step S2, the trusted center generates a random public and private key set supporting at least SM2, SM4, or AES encryption methods, and randomly selects a public key from the random public and private key set to encrypt the ciphertext ct1 to obtain a ciphertext ct 2; then, an SM3 encryption algorithm is adopted, and a ciphertext ct3 which is of a fixed length and is unique and corresponds to the ciphertext ct2 is generated by combining the data providing end account name, the current timestamp and the 10-bit random number.
In step S3, after the data providing end obtains the ciphertext ct3, it invokes a block chain intelligent contract to chain the ciphertext ct3 and the data tag and the timestamp of the plaintext data, extracts the block number from the callback result obtained after successful chain, and stores the block number, the data tag and the timestamp in the authorization center.
The invention also discloses a block chain data encryption uplink sharing method, which comprises the above block chain data encryption uplink method and also comprises the following steps:
step S4, the sharing request of the data using end is approved, and after the approval is passed, a ciphertext ct3 is inquired on the chain;
step S5, searching the corresponding ciphertext ct2 in the trusted center through the ciphertext ct3 and gradually decrypting the ciphertext ct1 and the plaintext data;
step S6, encrypt the plaintext data to get ciphertext ct4, and transmit the ciphertext to the data user for decryption.
In step S4, the authorization center receives the sharing request from the data user and the data provider performs a unified approval or a single authorization approval; and calling an intelligent contract to perform on-chain data query after the approval is passed, so as to obtain a set of ciphertext ct 3.
In step S5, after obtaining the searched ciphertext ct3, the trusted center authenticates the data using end through the authorization center; if the data using end is judged to be valid and has the corresponding data authority, the authorization center returns a public key publicKeyA of the account corresponding to the data using end and a private key privateKeyB of the account corresponding to the ciphertext ct3 to the trusted center; the trusted center queries from the trusted center database according to the ciphertext ct3 to obtain a corresponding ciphertext ct2, decrypts the ciphertext ct2 to obtain a ciphertext ct1, and decrypts the ciphertext ct1 by using the private key privateKeyB to obtain plaintext data.
In step S6, the plaintext data is encrypted by the public key publicKeyA to obtain the ciphertext ct4, and then the returned data using end decrypts the ciphertext ct4 by using the private key privateKeyA of the corresponding account to obtain the plaintext data.
The present invention also discloses an electronic device, comprising: a processor; and a memory having computer readable instructions stored thereon which, when executed by the processor, implement the above uplink method or uplink sharing method.
The invention also discloses a computer readable storage medium, on which a computer program is stored, the computer program, when executed by a processor, implements the uplink method or uplink sharing method above.
Compared with the prior art, the invention has the beneficial effects that: the ciphertext ct2 is generated through encryption, the ciphertext ct3 with the corresponding fixed length is generated, the ciphertext ct 3832 is stored in a pair by the trusted center, only the ciphertext ct3 with the fixed length needs to be linked, and whether plaintext data is a large text can not change the size of the ciphertext ct3, so that pressure on account book storage, networks and the like can not be caused when the ciphertext is encrypted to be linked, adverse effects on transaction performance and efficiency of the whole block chain can not be caused, meanwhile, the burden on operation and maintenance work of the block chain is reduced, a storage bottleneck can not occur in each block chain node, and the efficiency of data transmission can be improved. The service scene of the on-line requirement of the block chain of massive large text data is met. In addition, an authorization center is used as an approval medium, the problem of data sharing on a chain is solved through the authorization center on the premise that a private key of a data providing end is not exposed, data sharing and key management expenses are saved for the data providing end and a data using end, fine-grained management is conducted on a data sharing range, and data are encrypted once and shared controllably.
Drawings
FIG. 1 is a block diagram of the system of the present invention.
FIG. 2 is a flowchart of a method for encrypted uplink of blockchain data according to the present invention.
FIG. 3 is a flowchart illustrating a method for sharing uplink data in block chain data encryption according to the present invention.
It should be noted that, the products shown in the above views are all appropriately reduced/enlarged according to the size of the drawing and the clear view, and the size of the products shown in the views is not limited.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The same reference numerals denote the same or similar parts in the drawings, and thus, a repetitive description thereof will be omitted.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the disclosure. One skilled in the relevant art will recognize, however, that the embodiments of the disclosure can be practiced without one or more of the specific details, or with other methods, components, materials, devices, steps, and so forth. In other instances, well-known structures, methods, devices, implementations, materials, or operations are not shown or described in detail to avoid obscuring aspects of the disclosure.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. That is, these functional entities may be implemented in software, or in one or more software-hardened modules, or in different networks and/or processor devices and/or microcontroller devices.
First embodiment
The first embodiment is a block chain data encryption uplink method, which operates based on the system framework shown in fig. 1. As shown in FIG. 1, the system comprises an authorization center, a trust center, a data providing end and a data using end. And the data providing end and the data using end are both provided with a trusted center SDK for calling the function of the trusted center. As shown in fig. 2, the method for encrypted uplink of block chain data includes the following steps: step S1, encrypting the plaintext data for the first time by the data providing end to obtain a ciphertext ct1, and transmitting the ciphertext ct1 to the trusted center; step S2, the trusted center randomly encrypts the ciphertext ct1 to obtain a ciphertext ct2, generates a fixed-length unique ciphertext ct3 corresponding to the ciphertext ct2 by using an encryption algorithm, stores the ciphertext ct2 and the ciphertext ct3 in pair, and returns the ciphertext ct 3; step S3, the callback result after the ciphertext ct3 is linked and successfully linked is saved to the authorization center.
The block chain data encryption uplink method generates the ciphertext ct2 and the ciphertext ct3 with the corresponding fixed length through encryption, and enables the trusted center to store the ciphertext ct3 in pairs, and only the ciphertext ct3 needs to be uplinked with the fixed length, and whether the plaintext data is a big text or not can not change the size of the ciphertext ct3, so that pressure on account book storage, networks and the like can not be caused during encryption uplink of the big text, adverse effects on transaction performance and efficiency of the whole block chain can not be caused, burden on operation and maintenance of the block chain can be relieved, storage bottlenecks of all block chain nodes can not occur, and data transmission efficiency can be improved.
The following describes the steps of the block chain data encryption uplink method in detail.
Registration and initialization are required before proceeding to step S1. The user of the data providing end and the user of the data using end are registered in the authorization center to obtain respective public key and private key. Specifically, a user (a data providing end or a data using end) logs in an authorization center page to submit information such as an account number and a password for account registration. The authorization center generates a pair of unique public key and private key for each user through SM2 algorithm, stores the pair of unique public key and private key in the authorization center user database, and returns the public key and private key to the data providing end or the data using end.
The method comprises the following steps that a trusted center SDK of a data providing end receives parameters such as an account, a password, a public key and a private key, completes initialization of the trusted center SDK, and transmits the parameters to an authorization center for authentication, and after the authentication is passed, a corresponding login authorization character string token is returned, wherein the calling mode is as follows: token is a logic (account, password). The trust center SDK at the data consumer also completes initialization in the same way. And after the initialization of the trusted center SDK of the data providing end is completed, receiving the plaintext data Msg, the data tag MsTag, the timestamp MsTime and the like transmitted by the data providing end for subsequent use.
In step S1, the data providing end encrypts plaintext data for the first time to obtain ciphertext ct1, and transmits the ciphertext to the trust center. Specifically, after the trusted center SDK of the data providing end completes initialization uses the public key of the data providing end to encrypt the plaintext data Msg for the first time to obtain the ciphertext ct1, the trusted center SDK of the data providing end uploads the ciphertext ct1 to the trusted center.
In step S2, the trusted center randomly encrypts the ciphertext ct1 to obtain a ciphertext ct2, generates a unique ciphertext ct3 with a fixed length corresponding to the ciphertext ct2 by using an encryption algorithm, stores the ciphertext ct2 and the ciphertext ct3 in pair, and finally returns the ciphertext ct 3. Specifically, after obtaining the ciphertext ct1 and the token of the data providing end, the trusted center authenticates the token, and then transmits the token to the authorization center for token authentication, and after the authentication is passed, the trusted center performs encryption operation. An encryption algorithm pool supporting various encryption methods such as SM2, SM4 and AES is arranged in the trusted center, and a random public and private key set ppkeys corresponding to the various encryption methods of the encryption algorithm pool is generated. The trusted center randomly selects a public key in the random public and private key set to encrypt the ciphertext ct1 for the second time to obtain a ciphertext ct2, and the calling mode is as follows: ct2 (encryption (ct1, ppkeys). The trusted center generates a ciphertext ct3 with a fixed length and uniqueness by using an SM3 national cryptographic algorithm and combining a data providing end account name account, a current timestamp nowTimestamp (standard Beijing time) and a 10-bit random number params, wherein the calling mode is as follows: ct3 is encrypted sm2(account, nowTimestamp, params). The obtained ciphertext ct3 corresponds to the ciphertext ct2, and the trust center stores the ciphertext ct2 and the ciphertext ct3 in a database. Finally, the trusted center returns only the ciphertext ct3 to the trusted center SDK at the data provider.
In step S3, the data provider links the ciphertext ct3, and the callback result after successful linking is saved to the authorization center. Specifically, in step S3, after the trusted center SDK of the data provider obtains the ciphertext ct3, the block chain intelligent contract is invoked to chain the ciphertext ct3 and the data tag MsTag and the timestamp MsTime of the plaintext data to obtain the callback result res1, where the invocation mode is as follows: res1 ═ putChain (account, ct3, MsTag, MsTime). If the uplink is successful, the trusted center SDK extracts the block number blockId from the callback result res1, and stores the block number blockId, the data tag MsTag, and the timestamp MsTime in the authorization center and corresponding to the login account of the data provider, where the calling method is as follows: updateDataPower (token, blockId, MsTag, MsTime), where token is the aforementioned login authorization string.
Second embodiment
A second embodiment is a method for block chain data encryption uplink sharing, which operates based on the system framework shown in fig. 1. The method for block chain data encrypted uplink sharing includes the method for block chain data encrypted uplink of the first embodiment. As shown in fig. 3, the method for sharing uplink data encrypted by block chain further includes the following steps: step S4, the sharing request of the data using end is approved, and after the approval is passed, a ciphertext ct3 is inquired on the chain; step S5, searching the corresponding ciphertext ct2 in the trusted center through the ciphertext ct3 and gradually decrypting the ciphertext ct1 and the plaintext data; step S6, encrypt the plaintext data to get ciphertext ct4, and transmit the ciphertext to the data user for decryption.
The sharing method of the second embodiment adopts the authorization center as an approval medium, solves the problem of data sharing on the link through the authorization center on the premise of not exposing the private key of the data providing end, saves the data sharing and secret key management overhead for the data providing end and the data using end, and simultaneously carries out fine-grained management on the data sharing range, thereby realizing one-time encryption and controllable sharing of data.
The following describes the steps of the uplink sharing method for block chain data encryption.
Step S4 examines and approves the sharing request of the data using end, and queries the ciphertext ct3 on the chain after the approval is passed. Specifically, a data user logs in an authorization center and submits a data sharing application. The core items of the form of the shared application are: the data providing terminal account, the data tag MsTag, the timestamp range start value MsTimeStart, and the timestamp range end value MsTimeEnd. And after receiving the sharing request transmitted by the data using end, the authorization center initiates a notice to the corresponding data providing end for approval. And the data providing end logs in an authorization center to carry out unified approval on all sharing requests, or carries out approval and grants different data authorities item by item under the condition of different data authorities. After the data using end obtains the corresponding approval authority, a parameter params is transmitted in through a trusted center SDK of the data using end to call an intelligent contract to perform on-chain data query, and a set ct3List of a ciphertext ct3 is obtained, wherein the calling mode is as follows: ct3List ═ search (params). And traversing the set ct3List, and submitting the ciphertext ct3 to the trust center one by one for further query.
Step S5 finds the corresponding ciphertext ct2 in the trusted center through the ciphertext ct3 and decrypts it into ciphertext ct1 and plaintext data step by step. Specifically, in step S5, after the trusted center obtains the searched ciphertext ct3 and the token of the data user, the authorization center determines the token validity and the data authority of the data user. If the token of the data using end is judged to be valid and has the corresponding data authority, the authorization center returns the public key publickeyA of the account corresponding to the data using end and the private key privateKeyB of the data providing end account corresponding to the ciphertext ct3 to the trusted center. The trusted center queries from the trusted center database according to the ciphertext ct3 to obtain a corresponding ciphertext ct2, finds a corresponding private key from the random public and private key set, and decrypts the ciphertext ct2 to obtain a ciphertext ct1, wherein the calling method is as follows: ct1 (decryption) (ct2, ppkeys). And then the ciphertext ct1 is decrypted by the private key privateKeyB to obtain plaintext data Msg.
In step S6, the plaintext data is encrypted to obtain ciphertext ct4, which is then transmitted to the data user for decryption. Specifically, after obtaining the plaintext data Msg, the trusted center encrypts the plaintext data Msg through the public key publicKeyA by using the SM2 algorithm to obtain a ciphertext ct4, and returns to the trusted center SDK of the data using end. And the data using end decrypts the ciphertext ct4 by using the private key privateKeyA of the corresponding account to finally obtain plaintext data.
In addition, in an embodiment of the present invention, an electronic device capable of implementing the above-mentioned method for encrypted uplink data of block chain and/or the method for sharing encrypted uplink data of block chain is also provided.
As will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system, method or program product. Thus, various aspects of the invention may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.
The electronic device is in the form of a general purpose computing device. Components of the electronic device may include, but are not limited to: the system comprises at least one processing unit, at least one storage unit, a bus for connecting different system components (comprising the storage unit and the processing unit), and a display unit.
Wherein the storage unit stores program code which is executable by the processing unit to cause the processing unit to perform steps according to various exemplary embodiments of the present invention as described in the above section "exemplary methods" of the present description. For example, the processing unit may perform the block chain data encrypted uplink method and/or the block chain data encrypted uplink sharing method of the present invention.
The memory unit may include a readable medium in the form of a volatile memory unit, such as a random access memory unit (RAM) and/or a cache memory unit, and may further include a read only memory unit (ROM).
The storage unit may also include a program/utility having a set (at least one) of program modules including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
The bus may be any of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device may also communicate with one or more external devices (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device to communicate with one or more other computing devices. Such communication may be through an input/output (I/O) interface. Also, the electronic device may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet) via a network adapter. As shown, the network adapter communicates with other modules of the electronic device over a bus. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a terminal device, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
In an exemplary embodiment of the disclosure, a computer-readable storage medium is further provided, on which a program product capable of implementing the above-mentioned blockchain data encrypted uplink method and/or blockchain data encrypted uplink sharing method of the present specification is stored. In some possible embodiments, aspects of the invention may also be implemented in the form of a program product comprising program code means for causing a terminal device to carry out the steps according to various exemplary embodiments of the invention described in the above-mentioned "exemplary methods" section of the description, when the program product is run on the terminal device.
According to the program product for realizing the method, the portable compact disc read only memory (CD-ROM) can be adopted, the program code is included, and the program product can be operated on terminal equipment, such as a personal computer. However, the program product of the present invention is not limited in this regard and, in the present document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
A computer readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
Furthermore, the above-described figures are merely schematic illustrations of processes involved in methods according to exemplary embodiments of the invention, and are not intended to be limiting. It will be readily appreciated that the processes illustrated in the above figures are not intended to indicate or limit the temporal order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is to be limited only by the following claims.

Claims (8)

1. A method for sharing uplink in block chain data encryption, comprising the steps of:
step S1, the data provider uses the public key of the data provider account to encrypt the plaintext data for the first time to obtain the ciphertext ct1, and transmits the ciphertext to the trusted center;
step S2, the trusted center randomly encrypts the ciphertext ct1 to obtain a ciphertext ct2, generates a unique ciphertext ct3 with a fixed length corresponding to the ciphertext ct2 by using an encryption algorithm, stores the ciphertext ct2 and the ciphertext ct3 in pair, and transmits the ciphertext ct3 back to the data providing end;
step S3, the data providing end stores the callback result of successful chaining of the ciphertext ct3 to the authorization center;
step S4, the authorization center receives the sharing request of the data using end and the data providing end inquires the ciphertext ct3 on the chain after the approval is passed;
step S5, the trusted center searches for the corresponding ciphertext ct2 in the trusted center through the ciphertext ct3, and decrypts the ciphertext ct1 and the plaintext data step by step;
in step S6, the trusted center encrypts the plaintext data to obtain the ciphertext ct4, and transmits the ciphertext to the data user for decryption.
2. The method of claim 1, wherein in the step S2, the trust center generates a random public and private key set supporting at least SM2, SM4 or AES encryption method, and randomly selects a public key in the random public and private key set to encrypt the ciphertext ct1 to obtain a ciphertext ct 2; and then generating a ciphertext ct3 which has a fixed length and uniquely corresponds to the ciphertext ct2 by adopting an SM3 encryption algorithm and combining the data providing end account name, the current timestamp and the 10-bit random number.
3. The method as claimed in claim 1, wherein in step S3, after the data providing end obtains the ciphertext ct3, the data providing end invokes a blockchain intelligent contract to chain the ciphertext ct3 and the data tag and the timestamp of the plaintext data, and after the chain is successfully chained, the block number is extracted from the callback result, and the callback result, the data tag and the timestamp are stored in the authorization center.
4. The method according to claim 1, wherein in step S4, the authorization center accepts the sharing request from the data consumer and performs a unified approval or a single authorization approval from the data provider; after the approval, the data using end calls an intelligent contract to perform on-chain data query, so as to obtain a set of ciphertext ct 3.
5. The method of claim 1, wherein in step S5, after obtaining the searched ciphertext ct3, the trust center authenticates the data user through an authorization center; if the data using end is judged to be valid and has the corresponding data authority, the authorization center returns a data providing end account private key privatekeyB corresponding to the data using end account public key publicKeyA and the ciphertext ct3 to the trusted center; the trusted center queries from the trusted center database according to the ciphertext ct3 to obtain a corresponding ciphertext ct2, decrypts the ciphertext ct2 to obtain a ciphertext ct1, and decrypts the ciphertext ct1 by using the private key privateKeyB to obtain plaintext data.
6. The method as claimed in claim 5, wherein in step S6, the trusted center encrypts plaintext data by using the public key pubic keya to obtain a ciphertext ct4, and transmits the ciphertext ct4 back to the data consumer, and the data consumer decrypts the ciphertext ct4 by using its own private key privateKeyA to obtain plaintext data.
7. An electronic device, comprising:
a processor; and
a memory having computer readable instructions stored thereon which, when executed by the processor, implement the method of any of claims 1 to 6.
8. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1 to 6.
CN202110211282.XA 2021-02-25 2021-02-25 Block chain data encryption uplink sharing method and device Active CN112925850B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110211282.XA CN112925850B (en) 2021-02-25 2021-02-25 Block chain data encryption uplink sharing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110211282.XA CN112925850B (en) 2021-02-25 2021-02-25 Block chain data encryption uplink sharing method and device

Publications (2)

Publication Number Publication Date
CN112925850A CN112925850A (en) 2021-06-08
CN112925850B true CN112925850B (en) 2022-07-08

Family

ID=76171802

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110211282.XA Active CN112925850B (en) 2021-02-25 2021-02-25 Block chain data encryption uplink sharing method and device

Country Status (1)

Country Link
CN (1) CN112925850B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115208630B (en) * 2022-06-15 2024-04-09 网易(杭州)网络有限公司 Block chain-based data acquisition method and system and block chain system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020181845A1 (en) * 2019-03-14 2020-09-17 深圳壹账通智能科技有限公司 Method and device for encrypting blockchain data, computer apparatus, and storage medium
CN112019591A (en) * 2020-07-09 2020-12-01 南京邮电大学 Cloud data sharing method based on block chain

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018045568A1 (en) * 2016-09-09 2018-03-15 深圳大学 Access control method oriented to cloud storage service platform and system thereof
CN108462568B (en) * 2018-02-11 2021-08-06 西安电子科技大学 Block chain-based secure file storage and sharing method and cloud storage system
CN113095822A (en) * 2018-06-27 2021-07-09 创新先进技术有限公司 Intelligent contract calling method and device based on block chain and electronic equipment
CN109559124B (en) * 2018-12-17 2023-04-18 重庆大学 Cloud data security sharing method based on block chain
CN111726343A (en) * 2020-06-11 2020-09-29 桂林电子科技大学 Electronic official document safe transmission method based on IPFS and block chain
CN111986755B (en) * 2020-08-24 2023-05-19 中国人民解放军战略支援部队信息工程大学 Data sharing system based on blockchain and attribute-based encryption

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020181845A1 (en) * 2019-03-14 2020-09-17 深圳壹账通智能科技有限公司 Method and device for encrypting blockchain data, computer apparatus, and storage medium
CN112019591A (en) * 2020-07-09 2020-12-01 南京邮电大学 Cloud data sharing method based on block chain

Also Published As

Publication number Publication date
CN112925850A (en) 2021-06-08

Similar Documents

Publication Publication Date Title
US11665000B2 (en) Method and apparatus for processing privacy data of block chain, device, and storage medium
EP3852338A1 (en) Method and apparatus for verifying digital identity, device and storage medium
US10742407B2 (en) Method of hybrid searchable encryption and system using the same
JP5591232B2 (en) Information transmission using virtual input layout
US20120054491A1 (en) Re-authentication in client-server communications
CN103051600A (en) File access control method and system
CN112016104B (en) Encryption method, device and system for financial sensitive data
CN112788001A (en) Data encryption-based data processing service processing method, device and equipment
CN116436682A (en) Data processing method, device and system
US20070005966A1 (en) Derivation of a shared keystream from a shared secret
CN112925850B (en) Block chain data encryption uplink sharing method and device
US11050722B2 (en) Information processing device, program, and information processing method
CN112261015B (en) Information sharing method, platform, system and electronic equipment based on block chain
WO2024060630A1 (en) Data transmission management method, and data processing method and apparatus
CN104301102B (en) Widget communication means, apparatus and system
Zubair et al. A hybrid algorithm-based optimization protocol to ensure data security in the cloud
CN114095165B (en) Key updating method, server device, client device and storage medium
CN115022057A (en) Security authentication method, device and equipment and storage medium
JP2000221881A (en) Electronic signature terminal device, electronic signature management device and electronic signature system
CN116388970B (en) Centralized cloud computing implementation method and device based on multiparty data
CN112565156A (en) Information registration method, device and system
Rawat et al. An efficient technique to access cryptographic file system over network file system
CN116827632A (en) Application data message processing method and device for transport layer security protocol
EP4009212A1 (en) Consent management
CN116881516A (en) Method, device, equipment and medium for inquiring enterprise information hiding trace

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant