CN114036240A - Multi-service provider private data sharing system and method based on block chain - Google Patents

Multi-service provider private data sharing system and method based on block chain Download PDF

Info

Publication number
CN114036240A
CN114036240A CN202111413868.0A CN202111413868A CN114036240A CN 114036240 A CN114036240 A CN 114036240A CN 202111413868 A CN202111413868 A CN 202111413868A CN 114036240 A CN114036240 A CN 114036240A
Authority
CN
China
Prior art keywords
information
service provider
data
user
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111413868.0A
Other languages
Chinese (zh)
Other versions
CN114036240B (en
Inventor
李春晓
郭宇
谢宏程
王胜灵
王慎玲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Normal University
Original Assignee
Beijing Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Normal University filed Critical Beijing Normal University
Priority to CN202111413868.0A priority Critical patent/CN114036240B/en
Publication of CN114036240A publication Critical patent/CN114036240A/en
Application granted granted Critical
Publication of CN114036240B publication Critical patent/CN114036240B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2453Query optimisation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Medical Informatics (AREA)
  • Computational Linguistics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a block chain-based multi-service provider data sharing system with privacy protection. The invention solves the problem that different service providers need to rely on a trusted third party to share data by introducing the block chain, provides a decentralized, reliable and safe trusted system for different service providers, and different service providers can safely share own data on the block chain. Meanwhile, the invention deeply integrates the proxy re-encryption technology and the bilinear mapping cryptography primitive language, constructs a matchable data encryption algorithm supporting multiple users and multiple service providers and a chain protocol for data matching, and realizes the content matching in the ciphertext domain. The invention improves the proxy re-encryption algorithm, and the improved algorithm solves the problem of data security brought by the proxy re-encryption method.

Description

Multi-service provider private data sharing system and method based on block chain
Technical Field
The invention relates to the field of data encryption sharing and retrieval based on a block chain, in particular to a multi-service-provider private data sharing system with private data protection.
Background
At present, with the development of the internet, various servers such as real estate, crowdsourcing, social contact and the like provide bridges for internet users, and users from all over the world can establish a huge relational network. Furthermore, users often refer to private information when looking for matching resources, such as house location, task consideration, age, etc., which users are unwilling to disclose, but have to provide to the facilitator in order to complete the resource matching. Meanwhile, the protection of the private data of the user also becomes a barrier for the service provider to share the data.
In order to protect user privacy while supporting matching of encrypted data, a number of searchable data encryption algorithms have been proposed that allow users to search directly for encrypted data without requiring a service provider to decrypt the data. Early searchable encryption algorithms mainly addressed single-user search of encrypted data, for example, data publishers encrypted data using their own keys and then stored in a service provider database, and then encrypted data using the same keys to update or match previous data. This scheme requires the same key to be used by the data publisher and the data consumer, and thus the usage scenario is limited to a single-user scenario. Later, it was proposed to support single-publisher, multi-data-searcher scenarios by informing the data consumer of the encryption algorithm. Then, a proxy re-encryption method is proposed, which supports the scenes of a multi-information publisher and a multi-data searcher, but because the proxy re-encryption algorithm is fixed, namely, the encryption results of the same content by all the persons through proxy re-encryption are the same, the proxy re-encryption is easy to be attacked by statistics, namely, the attacker can decrypt the ciphertext by using the proxy re-encryption to encrypt the plaintext through the analysis of keyword word frequency.
The privacy of the user can be protected by adopting a data encryption technology, but different service providers want to share data and need the support of a trusted third party. But no third party trusted by all the facilitators exists. Although the third party cannot know the content of the encrypted data, the third party may have other malicious behaviors, for example, the third party may delete the data maliciously, and the third party returns only a part of the matching result when performing data matching.
Blockchains are an emerging decentralised technical paradigm, and are receiving increasing attention with the popularity of virtual currency. Blockchains are being introduced by more and more industries to address trust issues, as blockchains have properties of decentralization, data auditability, tamper resistance, and the like. But block chains are not suitable for large data storage.
Disclosure of Invention
The invention aims to provide a block chain-based multi-service provider private data sharing system and a block chain-based multi-service provider private data sharing method, so as to solve the technical problem that at present, all service provider systems are mutually isolated, the privacy of a user cannot be protected, and joint search cannot be carried out.
In order to solve the technical problem, the invention provides a block chain-based multi-service provider private data sharing system and method. The block chain intelligent contract is used as a trusted system for sharing data by different service providers, so that the information resources can be trusted and shared among different service providers, and a user can retrieve information in all service provider systems in one service provider system. Meanwhile, the agent re-encryption technology is deeply combined with bilinear mapping cryptography primitive language to construct a well-designed block chain content retrieval matching protocol so as to realize the high-efficiency information retrieval function in a ciphertext domain. The encrypted information matching protocol proposed by the research result is customized for the decentralized system, and a user can safely perform a matching function of a cross-service provider system on a chained task under the condition of not sharing a key of the user.
The technical scheme adopted by the invention for realizing the technical purpose is as follows: a multi-service provider private data sharing system, which is suitable for a multi-user and multi-service provider environment, comprises the following modules:
the key distribution module: the key management organization presets system security parameters, publishes a public key, generates a pair of private keys for each registered user, sends one of the private keys and the user security parameters to the registered user, sends the other private key and the service provider security parameters to a service provider corresponding to the user, and informs the service provider which user the private key corresponds to.
The information release module: the information publisher encrypts the information to be published by using a private key, a random number and a security parameter and sends the information to the service provider, after receiving the information sent by the information publisher, the service provider encrypts the information again by using an agent re-encryption method and a key corresponding to the information publisher, and stores the encrypted ciphertext in a local database and uploads the encrypted ciphertext to a block chain.
An information retrieval module: the information searcher encrypts the searching key word by using its own private key, random number and safety parameter and sends it to its service provider, after the service provider receives the message from the information searcher, it re-encrypts the data by using the proxy re-encryption method and the private key corresponding to the information searcher and sends the cipher text to the intelligent contract for matching.
After receiving the search request sent by the service provider, the intelligent contract performs matching operation on the search ciphertext and all ciphertexts on the block chain by using the algorithm designed by the invention, and returns the matching result to the service provider, and the service provider informs the data publisher that the matching is successful with the data searcher.
Furthermore, the system provides a trustable data sharing system for multiple service providers by using the characteristics of decentralized, auditable and tamper-proof of the block chain. While deploying intelligent contracts on the blockchain to perform data matching tasks. The intelligent contract has transparency, data of the intelligent contract is sourced from the block chain, and the executed program is built on a consensus basis.
The system depth fusion agent re-encryption and bilinear mapping encryption primitives encrypt the data of the user and support data matching of a ciphertext domain.
The system adopts the random number to carry out mask processing on the data, removes the sensitive information of the data, and simultaneously still supports the intelligent contract to carry out data matching of a ciphertext domain. Through mask processing, an attacker cannot encrypt a plaintext by using a public encryption algorithm and then probe a user to issue real information of a ciphertext.
The technical scheme adopted by the invention for realizing the technical purpose also comprises the following steps: a multi-service provider private data sharing method comprises the following steps:
s1, the key management organization presets system security parameters and publishes a public key;
s2 the key management organization generates a pair of private keys for each registered user, sends one of the private keys and the user security parameters to the registered user, sends the other private key and the service provider security parameters to the service provider corresponding to the user, and informs the service provider which user the private key corresponds to; the registered users comprise information publishers and information retrievers;
s3, the information publisher encrypts the information to be published by using a private key, a random number and a security parameter and sends the information to the service provider;
s4, after receiving the information sent by the information publisher, the service provider encrypts the information again by using an agent re-encryption method and a key corresponding to the information publisher, stores the encrypted ciphertext into a local database, and uploads the encrypted ciphertext to a block chain;
s5 the information retriever encrypts the retrieval key word by the private key, random number and security parameter and sends to the service provider;
s6 service provider receives the message from information searcher, re-encrypts the data by using agent re-encryption method and private key corresponding to searcher, and sends the cipher text to intelligent contract for matching;
and after receiving the retrieval request sent by the service provider, the intelligent contract of S7 uses a specific algorithm to perform matching operation on the retrieval ciphertext and all ciphertexts on the block chain, returns the matching result to the service provider, and informs the data publisher that the data publisher is successfully matched with the data searcher.
By adopting the technical scheme, the invention has the following beneficial effects:
1. the facilitators can share data securely in an untrusted and unsecure environment.
2. The information publisher can encrypt and store the private data of the information publisher into a database of a service provider, and an attacker cannot crack encrypted content.
3. The information retriever encrypts the search content of the information retriever and sends the encrypted search content to a service provider for retrieval, and an attacker cannot crack the encrypted content.
4. Under the situation of multiple users and multiple service providers, people encrypt data by using own private keys, and a data searcher can search the data of all users.
5. The intelligent contract automatically executes data matching, and the reliability of data matching is guaranteed.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description in the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is an overview of a system provided by an embodiment of the present invention;
FIG. 2 is a key distribution diagram provided by an embodiment of the present invention;
FIG. 3 is a table structure of a service provider key storage according to an embodiment of the present invention;
FIG. 4 is a flowchart of a process provided by an embodiment of the present invention;
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the accompanying drawings, and it should be understood that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The present invention will be further explained with reference to specific embodiments.
As shown in fig. 1, the present embodiment provides an overview of the architecture of the system. As can be seen from the figure, the system contains 3 roles: key management, data user, service provider.
The data users include information publishers and information retrievers, and since the information publishers can also be data retrievers and the data retrievers can also be information publishers, they are collectively referred to as data users, and for convenience of expression and distinction, the data users are distinguished from the information publishers and the data retrievers in some places. The information publisher is a producer and an owner of data, the content sent by the information publisher is divided into two parts, and one part is retrievable key information, such as interests, hobbies, house positions, crowdsourcing requirements and the like; the other part is data which does not need to be retrieved, and usually occupies a large storage space, such as house photos, crowd-sourced data to be processed and the like.
The service providers generally deploy own application systems at the cloud to provide services for users, particularly refer to intermediary service providers, do not generate data, all data come from users, such as house service providers like chain houses, love self houses, etc., exploration and impersonation social service providers, pig barnyard crowdsourcing, open source Chinese crowdsourcing and other crowdsourcing service providers, all data of the service providers come from users, do not generate data, and are only bridges for users. The user obtains corresponding service from the service provider, and establishes contact with other users by providing own information. For example: the house owner can publish the information and the price of the house to the service provider, the house renter can search house sources on the service provider system according to the requirements of the house owner, the user can send the interests and hobbies of the user and the requirements for friend making objects to the social system, and the social system matches the user according to the interests, hobbies and social requirements. The user group of the service provider is generally divided into two parties, but the two parties are equal and can mutually transfer identities, and the two parties can obviously distinguish the identities only when a certain action is performed, for example, a house renter can also be a house renter, when a user publishes a house source, the user is the house renter, and when the user seeks the house source, the user is the house renter. After receiving the data request of the user, the service provider stores the data generated by the user, and after receiving the retrieval request of the user, the service provider performs full-disk matching on the existing user data and finds the data which is matched with the user request to complete the service of the service provider.
The key management department is responsible for the generation and distribution of keys, generally governed by government departments, and has certain authority and public credibility. The key management department is responsible for secure key production and distributes keys to users.
The block chain has the properties of decentralization, audit and tamper resistance, and a trusted, safe and reliable environment is provided for data sharing. Meanwhile, the block chain provides a running environment for the intelligent contract, the intelligent contract is deployed on the block chain, programming is supported, the encrypted data matching algorithm is compiled into the intelligent contract and is deployed to the block chain, and data matching service can be executed. Because the intelligent contract has the characteristics of openness, transparency and reliability, the completeness and the reliability of data matching can be ensured by utilizing the intelligent contract to carry out data matching.
The invention is particularly applicable to scenarios with sensitive information about the user, such as the address of the renter's house, the age, hobbies of the socialist who only want the facilitator to help them find a matching user, and not for others to see the information. The tenant only wants to find a proper house source through the service provider, but does not want the tenant's own house-renting requirement to be known by the service provider.
Using UiIndicates the ith user, uses UpiIndicates the ith information publisher, uses UsiIndicating the ith information searcher. Using wuiRepresenting a user UiInformation of distribution of wsiRepresents UsiThe contents of the retrieval. Given content set wu1,wu2,…,wunAnd search content wsiThe problem to be solved by the invention is to let the intelligent contract follow the content set wu1,wu2,…,wunFind all and w insiThe contents of the match.
The invention has three advantages: 1) the invention adopts a hybrid storage architecture, so that the data stored on the blockchain is light, and the intelligent contract is efficient when performing matching operation. 2) Through data sharing, the information published by the information publisher can be retrieved by more information retrievers, not just registered users of the service provider. And the information retriever can retrieve the information published by more information publishers, not just registered users of the self service provider. 3) The data sharing system provided by the invention is a fair and transparent system.
The present invention aims to provide secure data sharing, which may face the following threats. The facilitator is semi-trusted and they will store the user's data as specified, but they may make curiosity about the user's data and snoop on the user's data. For example, the service provider may be curious about the income level, hobbies, etc. of the user. Each facilitator may also create curiosity about the data of other facilitators.
Fig. 3 shows the work flow of the system, and the data processing is divided into 3 stages and 8 steps:
1. initialization phase
a) The key management department presets system security parameters and publishes public keys.
b) The key management department generates a pair of private keys for each registered information publisher, sends one private key to the information publisher, sends the other private key to the service provider together with the security parameters, and informs the service provider which information publisher the private key corresponds to, and the service provider stores the private keys according to the mechanism shown in fig. 2.
c) The key management department generates a pair of private keys for each registered information retriever, sends one of the private keys to the information retriever, sends the other private key to the service provider together with the security parameters, and informs the service provider which information retriever the private key corresponds to, and the service provider stores the private keys according to the mechanism shown in fig. 2.
2. Information release phase
a) The information publisher encrypts the information to be published by the information publisher by using a private key and sends the information to the service provider.
b) And after receiving the information sent by the information publisher, the service provider stores the information in a local database, encrypts the information again by using a corresponding key and sends the information to the block chain.
3. Information retrieval phase
a) The information retriever encrypts the retrieval key word by using a private key of the information retriever and sends the retrieval key word to the service provider.
b) After receiving the message sent by the information searcher, the service provider uses the private key corresponding to the searcher to re-encrypt the data and sends the data to the intelligent contract for matching.
c) And after receiving the information sent by the service provider, the intelligent contract searches the information of all the service providers in the block, returns the matching result to the service provider, and returns the result to the data searcher by the service provider.
In order to realize the database sharing of different service providers, the main problem is to construct an encrypted information matching mode, especially, the keys of an information publisher and an information searcher are different, and if the keys are not shared, the intelligent contract is very difficult to directly match between the encrypted ciphertext of the information publisher and the encrypted search content of the information searcher. A proxy re-encryption algorithm is an algorithm that supports retrieval of encrypted data in a multi-user environment. The simplified workflow of proxy re-encryption is as follows: all users encrypt data by using the private key, and then transmit the encrypted data to a third party agent for re-encryption, so that the data encrypted by different private keys are converted into the data encrypted by the same key.
However, the proxy re-encryption algorithm cannot be directly applied to the shared database system for the following reasons: 1) no centralized trusted agent performs the re-encryption of the cryptogram to different facilitator systems because it is not possible to have all facilitators trust the same third party server. 2) The proxy re-encryption algorithm is fixed and the plaintext field is limited, so that an attacker can guess the ciphertext by using the same proxy re-encryption algorithm on the plaintext.
In order to solve the problems, distributed agent re-encryption is adopted and is deeply combined with bilinear mapping encryption primitive language, and different secrets are combined at each service providerThe key-encrypted ciphertext is re-encrypted. The specific process is as follows: the key center selects a key K and then splits the key K into key pairs { KUi,KPiAssign key pairs to user UiAnd a service provider PiThe cipher text of the data D after being encrypted twice by the user and the service provider is the same as the cipher text of the data D after being encrypted by the key K, so that the K is split into different key pairs and distributed to different users and service providers, the data of different users can form the encryption result of the same key after being encrypted twice under the conditions that the user keys are different and the service provider keys are different, and the retrieval of the encrypted data can be realized. And after the re-encrypted ciphertext is transmitted to the block chain, the intelligent contract completes data matching by utilizing customized bilinear mapping.
Because the proxy re-encryption process is fixed, an attacker can crack the ciphertext through statistical attack, and the encrypted data has the problem of cracked safety. In order to solve the security problem existing in proxy re-encryption, the invention introduces a random number and a security parameter when a user encrypts data, removes sensitive information through a mask, and introduces the encryption principle in detail. User use of private key KuEncrypting the content w to obtain a tuple
Figure BDA0003375201260000101
The encryption steps are as follows:
Figure BDA0003375201260000102
Figure BDA0003375201260000103
γuis a random number, F is a standard hash function, α is a security parameter, the private key ku,kpIs a key pair that is generated by the key authority by x. k is a radical ofu+kpX. thus
Figure BDA0003375201260000104
Can be equivalently expressed as
Figure BDA0003375201260000105
Service provider receives encrypted tuple sent by user
Figure BDA0003375201260000111
Then, the following operations are performed:
Figure BDA0003375201260000112
improved proxy re-encryption algorithm adds random number gamma when encrypting content wuSince an attacker cannot perform the same encryption on w by the same method even though w is limited, the security of data is improved. However, the security is not particularly high, and the service provider can not directly transmit twUploading to a blockchain. Therefore, an algorithm is designed to hide additional information that the data may contain and to support block chain secure execution of key matching. The specific method is that the service provider generates a random number and carries out twThe tuple is obtained by calculating
Figure BDA0003375201260000113
Figure BDA0003375201260000114
Figure BDA0003375201260000115
β and s are security parameters of the facilitator, and H is a standard hash function. When the block chain receives the inquiry ciphertext of the data searcher
Figure BDA0003375201260000116
Then, only the judgment needs to be passed
Figure BDA0003375201260000117
And
Figure BDA0003375201260000118
if the two are equal, the query ciphertext of the searcher is matched with the data ciphertext of the publisher, otherwise, the query ciphertext is not matched, e is a bilinear mapping function, and the bilinear mapping encryption primitive is briefly introduced below.
Using G1And G2Representing prime number P factorial cyclic group, g1And g2Are each G1And G2A linear mapping function e: G1×G2=GTHas the following properties: 1) linearity: for all u e G1,v∈G2And a, b ∈ Zp,ZpIs the largest integer not greater than p, all having e (u)a,vb)=e(u,v)ab(ii) a 2) It can be calculated: there are efficient algorithms to calculate e; 3) non-degradability: e (g)1,g2)≠1。
By utilizing bilinear mapping, the intelligent contract can still complete the comparison of ciphertext domains under the condition of introducing random numbers, the data security is enhanced by masking the original data by the random numbers to remove sensitive information, an attacker cannot obtain the same ciphertext after encrypting the same plaintext, and the statistics of attack is invalid.
The encryption principle of combining the proxy re-encryption and the bilinear mapping is introduced, and through principle analysis, the encryption method of combining the proxy re-encryption and the bilinear mapping can effectively guarantee the security of data and simultaneously support the matching of ciphertext domains. The following describes system initialization, information encryption distribution, and information encryption retrieval in detail. Fig. 4 shows a workflow for completing data publishing and data matching, and the detailed process corresponding to each step is as follows:
1. initializing a system: the key management organization uses its own key K to generate a pair of private keys
Figure BDA0003375201260000121
Are sent to U respectively together with the character parameters alpha, betai,PiAfter Pi receives the key, the key and the key of the information issuer or the information retriever corresponding to the key are stored in a hash table, the table structure is as shown in fig. 2, and the private key corresponding to the user can be obtained through the user ID.
2. Encryption of release information: when an information publisher publishes information, data is divided into two parts, namely a keyword wo and data D, the keyword wo is encrypted by adopting the following formula, and a tuple is obtained
Figure BDA0003375201260000122
γuo←{0,1}λ
Figure BDA0003375201260000123
Figure BDA0003375201260000124
Information publishers use shared session key ksAnd encrypting the data D to obtain D'.
The service provider is receiving
Figure BDA0003375201260000125
After D', the following operation is performed:
kpo←L[uo]
Figure BDA0003375201260000126
Figure BDA0003375201260000127
Figure BDA0003375201260000131
Figure BDA0003375201260000132
id=md5(D`)
the service provider stores D 'in the local server and stores D' in the local server
Figure BDA0003375201260000133
And sending the block chain to share.
3. Keyword matching
The information searcher calculates the following key words ws of the information searcher:
γus←{0,1}λ
Figure BDA0003375201260000134
Figure BDA0003375201260000135
information retriever obtains tuples
Figure BDA0003375201260000136
Then, the tuple is sent to the service provider of the service provider, and the service provider receives the information sent by the information searcher and then compares the information with the information of the service provider
Figure BDA0003375201260000137
The following operations are performed:
kps=L[us]
Figure BDA0003375201260000138
Figure BDA0003375201260000139
Figure BDA00033752012600001310
the service provider will
Figure BDA00033752012600001311
And submitting to the intelligent contract.
After receiving the search request from the service provider, the intelligent contract traverses all the issued encrypted information from the block chain
Figure BDA00033752012600001312
And the following operations are carried out:
Figure BDA00033752012600001313
Figure BDA00033752012600001314
after the values of p and q are obtained, the intelligent contract judges whether p and q are equal, if so, t is indicatedwsAnd twoAnd (4) matching. After traversing all published information, the intelligent contract informs the corresponding service provider of the resource D' with the serial number ididAnd sending the information to an information searcher. After receiving the resource, the information retriever uses the shared session key ksFor data DidAnd performing decryption, and finishing the process of sharing and matching the private data of the multiple service providers.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (7)

1. A block chain-based multi-service provider private data sharing system is suitable for a multi-user and multi-service provider environment and comprises the following modules:
the key distribution module: the key management mechanism presets system security parameters, publishes a public key, generates a pair of private keys for each registered user, sends one of the private keys and the user security parameters to the registered user, sends the other private key and the service provider security parameters to a service provider corresponding to the user, and informs the service provider which user the private key corresponds to; the registered users comprise information publishers and information retrievers;
the information release module: the information publisher encrypts the information to be published by using a private key, a random number and a security parameter and sends the information to the service provider, after receiving the information sent by the information publisher, the service provider encrypts the information again by using an agent re-encryption method and a key corresponding to the information publisher, and stores the encrypted ciphertext into a local database and uploads the encrypted ciphertext to a block chain;
an information retrieval module: the information searcher encrypts the searching keyword by using the private key, random number and safety parameter of the information searcher and sends the encrypted searching keyword to the service provider of the information searcher, after the service provider receives the information sent by the information searcher, the service provider re-encrypts the data by using the proxy re-encryption method and the private key corresponding to the information searcher and sends the ciphertext to the intelligent contract for matching;
after receiving a retrieval request sent by a service provider, the intelligent contract performs matching operation on the retrieval ciphertext and all ciphertexts on the block chain, returns a matching result to the service provider, and the service provider informs a data publisher that the data publisher is successfully matched with the data searcher.
2. The blockchain based multi-facilitator private data sharing system of claim 1, wherein: the system provides a trusted data sharing environment for multiple service providers by using the characteristics of decentralized, auditable and tamper-proof of the block chain.
3. The blockchain based multi-facilitator private data sharing system of claim 1, wherein: the system depth fusion agent re-encryption and bilinear mapping encryption primitives encrypt the data of the user and support data matching of a ciphertext domain.
4. The system deep fusion proxy re-encryption and bilinear map encryption primitive of claim 3, wherein: the system adopts random numbers to carry out mask processing on data, removes sensitive information of the data, and simultaneously still supports an intelligent contract to carry out data matching of a ciphertext domain; through mask processing, an attacker cannot encrypt a plaintext by using a public encryption algorithm and then probe a user to issue real information of a ciphertext.
5. The system deep fusion proxy re-encryption and bilinear map encryption primitive of claim 4, formulated as follows:
Figure FDA0003375201250000021
Figure FDA0003375201250000022
Figure FDA0003375201250000023
Figure FDA0003375201250000024
Figure FDA0003375201250000025
Figure FDA0003375201250000026
w is the plaintext, gamma, of the content to be encrypted distributed by the useruRandom number, g, generated for user u1And g2Are prime numbers P factorial cyclic groups G, respectively1And G2Is generated byuIs the private key of the user, kpA private key corresponding to user u stored for the facilitator, and ku+kpX is a key selected by a key management authority, F is a hash function, α is a security parameter,
Figure FDA0003375201250000027
and
Figure FDA0003375201250000028
two result variables, t, after the user u encrypts the published contentwAs a service provider pair
Figure FDA0003375201250000029
And
Figure FDA00033752012500000210
the result of executing proxy re-encryption is that ws is the plaintext of the content to be retrieved by the information retriever, gammausRandom number, k, generated for information retrieval usersusIs the private key of the data retriever us, kpsA private key corresponding to the user us stored for the facilitator, and kus+kps=x,
Figure FDA0003375201250000031
And
Figure FDA0003375201250000032
two result variables, t, after encryption of the search content for the user uswsAs a service provider pair
Figure FDA0003375201250000033
And
Figure FDA0003375201250000034
and executing the result after the agent re-encryption.
6. The system deep fusion proxy re-encryption and bilinear mapping encryption primitive of claim 5, wherein the data matching formula of the ciphertext domain is as follows:
Figure FDA0003375201250000035
Figure FDA0003375201250000036
Figure FDA0003375201250000037
Figure FDA0003375201250000038
Figure FDA0003375201250000039
s and beta are safety parameters which are used as the safety parameters,
Figure FDA00033752012500000310
and gammapTwo random numbers generated for the facilitator, H is a hash function,
Figure FDA00033752012500000311
and
Figure FDA00033752012500000312
for the facilitator to twThe two result variables after the operation are carried out,
Figure FDA00033752012500000313
and
Figure FDA00033752012500000314
for the facilitator to twsTwo result variables after operation, function e is a bilinear mapping function and has
Figure FDA00033752012500000315
If w is equal to ws, "? Whether or not equal is indicated.
7. A block chain-based multi-service provider private data sharing method is characterized by comprising the following steps:
s1, the key management organization presets system security parameters and publishes a public key;
s2 the key management organization generates a pair of private keys for each registered user, sends one of the private keys and the user security parameters to the registered user, sends the other private key and the service provider security parameters to the service provider corresponding to the user, and informs the service provider which user the private key corresponds to; the registered users comprise information publishers and information retrievers;
s3, the information publisher encrypts the information to be published by using a private key, a random number and a security parameter and sends the information to the service provider;
s4, after receiving the information sent by the information publisher, the service provider encrypts the information again by using an agent re-encryption method and a key corresponding to the information publisher, stores the encrypted ciphertext into a local database, and uploads the encrypted ciphertext to a block chain;
s5 the information retriever encrypts the retrieval key word by the private key, random number and security parameter and sends to the service provider;
s6 service provider receives the message from information searcher, re-encrypts the data by using agent re-encryption method and private key corresponding to searcher, and sends the cipher text to intelligent contract for matching;
and after receiving the retrieval request sent by the service provider, the intelligent contract of S7 uses a specific algorithm to perform matching operation on the retrieval ciphertext and all ciphertexts on the block chain, returns the matching result to the service provider, and informs the data publisher that the data publisher is successfully matched with the data searcher.
CN202111413868.0A 2021-11-25 2021-11-25 Multi-service provider privacy data sharing system and method based on block chain Active CN114036240B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111413868.0A CN114036240B (en) 2021-11-25 2021-11-25 Multi-service provider privacy data sharing system and method based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111413868.0A CN114036240B (en) 2021-11-25 2021-11-25 Multi-service provider privacy data sharing system and method based on block chain

Publications (2)

Publication Number Publication Date
CN114036240A true CN114036240A (en) 2022-02-11
CN114036240B CN114036240B (en) 2024-04-09

Family

ID=80145498

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111413868.0A Active CN114036240B (en) 2021-11-25 2021-11-25 Multi-service provider privacy data sharing system and method based on block chain

Country Status (1)

Country Link
CN (1) CN114036240B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114793237A (en) * 2022-03-14 2022-07-26 中国人民大学 Smart city data sharing method, device and medium based on block chain technology
CN114827212A (en) * 2022-06-27 2022-07-29 浙江省邮电工程建设有限公司 Vehicle communication management method for intelligent traffic
CN114884677A (en) * 2022-05-09 2022-08-09 重庆大学 Multi-user crowdsourcing task matching method and system based on block chain
CN114944941A (en) * 2022-04-24 2022-08-26 北京交通大学 Block chain-based Internet of things service distributed access control method
CN115208630A (en) * 2022-06-15 2022-10-18 网易(杭州)网络有限公司 Block chain based data acquisition method and system and block chain system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106375346A (en) * 2016-11-14 2017-02-01 北京邮电大学 Condition-based broadcast agent re-encryption data protection method for cloud environment
CN108418681A (en) * 2018-01-22 2018-08-17 南京邮电大学 A kind of searching ciphertext system and method based on attribute for supporting proxy re-encryption
CN111050317A (en) * 2019-12-07 2020-04-21 江西理工大学 Intelligent traffic data safety sharing method based on alliance block chain
US20210326868A1 (en) * 2020-08-31 2021-10-21 Alipay (Hangzhou) Information Technology Co., Ltd. Information sharing methods and systems
CN113595971A (en) * 2021-06-02 2021-11-02 云南财经大学 Block chain-based distributed data security sharing method, system and computer readable medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106375346A (en) * 2016-11-14 2017-02-01 北京邮电大学 Condition-based broadcast agent re-encryption data protection method for cloud environment
CN108418681A (en) * 2018-01-22 2018-08-17 南京邮电大学 A kind of searching ciphertext system and method based on attribute for supporting proxy re-encryption
CN111050317A (en) * 2019-12-07 2020-04-21 江西理工大学 Intelligent traffic data safety sharing method based on alliance block chain
US20210326868A1 (en) * 2020-08-31 2021-10-21 Alipay (Hangzhou) Information Technology Co., Ltd. Information sharing methods and systems
CN113595971A (en) * 2021-06-02 2021-11-02 云南财经大学 Block chain-based distributed data security sharing method, system and computer readable medium

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
YANGFANG LEI: "A Cloud Data Access Authorization Update Scheme Based on Blockchain", 2020 3RD INTERNATIONAL CONFERENCE ON SMART BLOCKCHAIN (SMARTBLOCK) *
乔双全: "基于区块链的去中心化数据安全共享平台", 中国优秀硕士学位论文全文数据库 信息科技辑 *
李春晓: "响应式许可链基础组件——RepChain∗", 软件学报 *
李涵: "一种支持前向安全更新和验证的加密搜索算法", 西安电子科技大学学报, vol. 47, no. 6 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114793237A (en) * 2022-03-14 2022-07-26 中国人民大学 Smart city data sharing method, device and medium based on block chain technology
CN114793237B (en) * 2022-03-14 2023-06-20 中国人民大学 Smart city data sharing method, device and medium based on block chain technology
CN114944941A (en) * 2022-04-24 2022-08-26 北京交通大学 Block chain-based Internet of things service distributed access control method
CN114944941B (en) * 2022-04-24 2023-03-17 北京交通大学 Block chain-based Internet of things service distributed access control method
CN114884677A (en) * 2022-05-09 2022-08-09 重庆大学 Multi-user crowdsourcing task matching method and system based on block chain
CN115208630A (en) * 2022-06-15 2022-10-18 网易(杭州)网络有限公司 Block chain based data acquisition method and system and block chain system
CN115208630B (en) * 2022-06-15 2024-04-09 网易(杭州)网络有限公司 Block chain-based data acquisition method and system and block chain system
CN114827212A (en) * 2022-06-27 2022-07-29 浙江省邮电工程建设有限公司 Vehicle communication management method for intelligent traffic

Also Published As

Publication number Publication date
CN114036240B (en) 2024-04-09

Similar Documents

Publication Publication Date Title
Mehmood et al. Protection of big data privacy
Dong et al. Achieving an effective, scalable and privacy-preserving data sharing service in cloud computing
CN108989026B (en) Method for revoking user attribute in publishing/subscribing environment
CN104021157B (en) Keyword in cloud storage based on Bilinear map can search for encryption method
Guo et al. Fedcrowd: A federated and privacy-preserving crowdsourcing platform on blockchain
CN114036240B (en) Multi-service provider privacy data sharing system and method based on block chain
Salam et al. Implementation of searchable symmetric encryption for privacy-preserving keyword search on cloud storage
JP6961324B2 (en) Searchable cryptographic processing system
Li et al. Secure and temporary access delegation with equality test for cloud-assisted IoV
CN114598472A (en) Conditional-hidden searchable agent re-encryption method based on block chain and storage medium
Hong et al. A fine-grained attribute based data retrieval with proxy re-encryption scheme for data outsourcing systems
Park et al. PKIS: practical keyword index search on cloud datacenter
Liu et al. Enhancing the security of cloud manufacturing by restricting resource access
EdalatNejad et al. {DatashareNetwork}: A Decentralized {Privacy-Preserving} Search Engine for Investigative Journalists
Yan et al. Secure and efficient big data deduplication in fog computing
Raj et al. Enhanced encryption for light weight data in a multi-cloud system
CN116248289A (en) Industrial Internet identification analysis access control method based on ciphertext attribute encryption
Cai et al. Vizard: A metadata-hiding data analytic system with end-to-end policy controls
Jiang et al. A novel privacy preserving keyword search scheme over encrypted cloud data
Raghavendra et al. DRSMS: Domain and range specific multi-keyword search over encrypted cloud data
CN113609502A (en) Space crowdsourcing system and method based on block chain
KR20220011449A (en) Data access control system based anonymous user attribute and method thereof
Ruan et al. A delegated offline private set intersection protocol for cloud computing environments
Raj et al. Efficient mechanism for sharing private data in a secured manner
Abdulhamid et al. Development of blowfish encryption scheme for secure data storage in public and commercial cloud computing environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant