CN114036240B - Multi-service provider privacy data sharing system and method based on block chain - Google Patents

Abstract

The invention provides a multi-service merchant data sharing system with privacy protection based on a blockchain. By introducing the blockchain, the invention solves the problem that different service providers need to rely on a trusted third party for sharing data, provides a reliable and safe trusted system with decentralization for different service providers, and can safely share own data to the blockchain. Meanwhile, the invention deeply fuses the agent re-encryption technology and bilinear mapping cryptography primitive language, constructs a link protocol supporting the matching of a data encryption algorithm and data of multiple users and multiple service providers, and realizes the content matching in a ciphertext domain. The invention improves the proxy re-encryption algorithm, and solves the data security problem brought by the proxy re-encryption method.

Description

Multi-service provider privacy data sharing system and method based on block chain

Technical Field

The invention relates to the field of data encryption sharing and retrieval based on blockchain, in particular to a multi-service provider privacy data sharing system with privacy data protection.

Background

At present, with the development of the internet, various service providers such as real estate, crowdsourcing and social contact provide a bridge for internet users, so that users from all over the world build a huge relationship network, but because each service provider operates independently, users often need to go to a plurality of service provider systems to search for matched resources, and resource waste is caused. In addition, users often refer to private information such as house location, task rewards, age, etc. that users are reluctant to disclose when looking for matching resources, but users have to provide such information to the facilitator in order to complete the resource matching. Meanwhile, protection of the private data of the user also becomes an obstacle for sharing the data by the service provider.

In order to protect user privacy while supporting matching of encrypted data, many searchable data encryption algorithms have been proposed that allow users to search directly for encrypted data without requiring the service provider to decrypt the data. Early searchable encryption algorithms primarily addressed single-user searches of encrypted data, for example, data publishers used their own keys to encrypt data and store it in a database of a service provider, and then used the same keys to encrypt data to update or match the previous data. This scheme requires the same key to be used by the data publisher and the data consumer, and thus the usage field Jing Xian is targeted for a single user scenario. Later, it was proposed to inform the data user of the encryption algorithm to support the single information publisher, multiple data retriever scenarios. The method for proxy re-encryption is provided later, and the scenes of the multi-information publisher and the multi-information retriever are supported, but because the proxy re-encryption algorithm is fixed, that is, the results of all persons encrypting the same content through proxy re-encryption are the same, the proxy re-encryption is easy to be subjected to statistical attack, that is, the attacker can encrypt plaintext through keyword word frequency analysis by using the proxy re-encryption to crack ciphertext.

The data encryption technology can protect the privacy of the user, but different service providers want to share data and also need trusted third party support. But a third party that lets all the facilitators trust is not present. The third party cannot know the content of the encrypted data, but other malicious actions may exist for the third party, for example, the third party may maliciously delete the data, and the third party returns only a part of the matching result when performing data matching.

Blockchains are an emerging technological paradigm for decentralization, with the popularity of virtual currencies, and growing interest in blockchains. Because blockchains have properties of decentralization, auditability of data, tamper resistance, etc., blockchains are being introduced by more and more industries to solve trust problems. But blockchains are not suitable for large capacity data storage.

Disclosure of Invention

The invention aims to provide a multi-service provider privacy data sharing system and method based on a block chain, which are used for solving the technical problems that the prior service provider systems are mutually isolated and cannot protect user privacy and are used for joint searching.

In order to solve the technical problems, the invention provides a multi-service provider privacy data sharing system and method based on a block chain. The block chain intelligent contract is used as a trusted system for sharing data among different service providers, so that the trusted sharing of information resources among different service providers is realized, and the user can search information in all service provider systems in one service provider system. Meanwhile, the proxy re-encryption technology is combined with bilinear mapping cryptography primitive language depth, and a carefully designed content retrieval matching protocol on the blockchain is constructed, so that the efficient information retrieval function in the ciphertext domain is realized. The encryption information matching protocol proposed by the research result is customized for the decentralization system, and users can safely execute the matching function of the cross-service provider system on the tasks on the chain without sharing the secret key.

The technical scheme adopted by the invention for realizing the technical purpose is as follows: a multi-service provider privacy data sharing system is applicable to multi-user and multi-service provider environments, and comprises the following modules:

a key distribution module: the key management mechanism presets system security parameters and publishes public keys, a pair of private keys are generated for each registered user, one private key and the user security parameters are sent to the registered user, the other private key and the server security parameters are sent to the corresponding server of the user, and the server is informed of which user the private key corresponds to.

The information release module: the information publisher encrypts and transmits the information to be published to the server by using a private key, a random number and a security parameter, and after receiving the information transmitted by the information publisher, the server encrypts the information again by using a proxy re-encryption method and a key corresponding to the information publisher, stores the encrypted ciphertext into a local database and uploads the encrypted ciphertext to a blockchain.

An information retrieval module: the information retriever encrypts the retrieval key by using the private key, the random number and the security parameter, and sends the encrypted retrieval key to the server, and after receiving the information sent by the information retriever, the server re-encrypts the data by using the proxy re-encryption method and the private key corresponding to the information retriever and sends the ciphertext to the intelligent contract for matching.

After receiving the search request sent by the service provider, the intelligent contract uses the algorithm designed by the invention to carry out matching operation on the search ciphertext and all the ciphertexts on the blockchain, and returns the matching result to the service provider, and the service provider informs the data publisher that the matching with the data searcher is successful.

Furthermore, the system provides a trusted data sharing system for multiple service providers by utilizing the characteristics of decentralization, auditability and tamper resistance of the blockchain. And meanwhile, intelligent contracts are deployed on the blockchain to execute the data matching task. The smart contracts are transparent, the data of the smart contracts originate from the blockchain, and the executed programs are based on the consensus.

The system depth fusion agent re-encrypts the user data with bilinear mapping encryption primitives, and supports data matching of ciphertext domains.

The system adopts random data to carry out mask processing on the data, removes sensitive information of the data, and still supports intelligent contracts to carry out data matching in ciphertext domain. Through the mask processing, an attacker cannot encrypt the plaintext by using the disclosed encryption algorithm and then try the real information of the ciphertext issued by the user.

The technical scheme adopted by the invention for realizing the technical purpose also comprises the following steps: a multi-service provider privacy data sharing method comprises the following steps:

s1, a key management mechanism presets system security parameters and publishes a public key;

s2, the key management mechanism generates a pair of private keys for each registered user, sends one private key and the user security parameter to the registered user, sends the other private key and the server security parameter to the corresponding server of the user, and informs the server of the corresponding user of the private key; the registered user comprises an information publisher and an information retriever;

s3, the information publisher encrypts the information to be published by using a private key, a random number and a security parameter and sends the information to the service provider;

s4, after receiving the information sent by the information publisher, the service provider encrypts the information again by using a proxy re-encryption method and a key corresponding to the information publisher, stores the encrypted ciphertext into a local database, and uploads the ciphertext to a block chain;

s5, the information retriever encrypts the retrieval key by using the private key, the random number and the security parameter and sends the encrypted retrieval key to the server;

s6, after receiving the information sent by the information retriever, the service provider re-encrypts the data by using a proxy re-encryption method and a private key corresponding to the retriever, and sends the ciphertext to the intelligent contract for matching;

and S7, after receiving a search request sent by the service provider, the intelligent contract uses a specific algorithm to carry out matching operation on the search ciphertext and all the ciphertext on the blockchain, and returns a matching result to the service provider, and the service provider informs the data publisher that the matching with the data searcher is successful.

By adopting the technical scheme, the invention has the following beneficial effects:

the servers can securely share data in environments that are not trusted and secure from each other. The information publisher can encrypt and store own private data into a database of a service provider, and an attacker cannot crack the encrypted content. The information retriever encrypts the search content and sends the encrypted search content to the service provider for retrieval, so that an attacker cannot crack the encrypted content. In the case of multiple users and multiple service providers, a person encrypts data by using his own private key, and a data retriever can retrieve data of all users. The intelligent contract automatically executes data matching, so that the reliability of data matching is ensured.

Drawings

In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings which are required in the description of the embodiments or the prior art will be briefly described, it being obvious that the drawings in the description below are some embodiments of the invention and that other drawings may be obtained from these drawings without inventive effort for a person skilled in the art.

FIG. 1 is an overview of a system provided by an embodiment of the present invention;

FIG. 2 is a key distribution diagram provided by an embodiment of the present invention;

FIG. 3 is a schematic diagram of a server key storage table structure according to an embodiment of the present invention;

FIG. 4 is a flowchart of the operation provided by an embodiment of the present invention;

Detailed Description

The following description of the embodiments of the present invention will be made apparent and fully in view of the accompanying drawings, in which some, but not all embodiments of the invention are shown. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.

The invention is further illustrated with reference to specific embodiments.

As shown in fig. 1, the present embodiment provides an overview of the architecture diagram of the system. As can be seen from the figure, the system comprises 3 roles: key management mechanism, data user, service provider.

The data users include information publishers and information retrievers, and because the information publishers can also be data retrievers and the data retrievers can also be information publishers, they are collectively called data users, and in order to facilitate the expression and the distinction, the data users are distinguished from the information publishers and the data retrievers in some places. The information publisher is a producer and an owner of the data, the content sent by the information publisher is divided into two parts, and one part is retrievable key information such as interest, house position, crowdsourcing requirements and the like; the other part is data which does not need to be retrieved, and generally occupies a large storage space, such as house photos, crowdsourcing data to be processed and the like.

The service providers generally provide services for users by deploying own application systems in the cloud, the service providers refer to intermediary service providers, data are not generated by the service providers, all data come from users, such as house property service providers like chain families, I love me families, etc., search and IQ social service providers, crowd-sourced service providers like Zhuan Zhong-recited and open source Zhong-recited, all data of the service providers come from users, data are not generated by the service providers, and the service providers are just bridges for users. The user obtains the corresponding service from the service provider and establishes contact with other users by providing own information. For example: the homeowner can release information and price of the house to the service provider, the house renter can search house sources on the service provider system according to the requirements of the homeowner, the user can send interests and hobbies of the homeowner and requirements on friend making objects to the social system, and the social system matches the user through the interests and hobbies and social requirements. The user group of the service provider is generally divided into two parties, but the two parties are equal and can mutually change identity, and the two parties can be obviously distinguished only when a certain action is executed, for example, a house renter can also be a house renter, when a user issues a house source, the user is the house renter, and when the user seeks the house source, the user is the house renter. After receiving the data request of the user, the service provider stores the data generated by the user, and after receiving the search request of the user, the service provider performs full-disc matching on the existing user data and finds the data which is wanted to be matched with the user request so as to complete the service of the service provider.

The key management department is responsible for the generation and distribution of keys, is generally managed by government departments, and has certain authority and public trust. The key management department is responsible for secure key production and distributes keys to users.

The blockchain has the properties of decentralization, audit and tamper resistance, and provides a trusted, safe and reliable environment for data sharing. Meanwhile, the blockchain provides an operation environment for the intelligent contracts, the intelligent contracts deployed on the blockchain support programming, the encryption data matching algorithm is compiled into the intelligent contracts and deployed to the blockchain, and the data matching service can be executed. Because the intelligent contract has the characteristics of disclosure, transparency and reliability, the completeness and reliability of data matching can be ensured by utilizing the intelligent contract to perform data matching.

The invention is particularly applicable to scenarios with sensitive information related to users, such as addresses of renter houses, ages, hobbies of social subscribers, who only want the service provider to help them find matching users, and not want others to see this information. The renter only wants to find the appropriate house source through the service provider, and does not want his own house renting requirements to be known by the service provider.

Using U _i Represents the ith user, using U _pi Representing the ith information publisher, using U _si Representing the i-th information retriever. UsingRepresenting user U _i Is->Representing U _si The retrieved content. Given content setAnd search content->The invention aims to solve the problem of enabling intelligent contracts to be distributed from a content setFind all AND->Matching content.

The invention has three advantages: 1) The invention adopts a hybrid storage architecture so that the data stored on the blockchain is lightweight and the intelligent contract is efficient when performing matching operations. 2) By data sharing, information published by information publishers can be retrieved by more information retrievers than just registered users of their own service providers. And the information retriever may retrieve information published by more information publishers than just registered users of its own service providers. 3) The shared data system proposed by the present invention is a fair, transparent system.

The present invention aims to provide secure data sharing, which may face the following threats. The service providers are semi-trusted in that they store the user's data as specified, but they may be curious about the user's data and snoop the user's data. For example, a facilitator may be curious about the user's revenue level and hobbies. Each facilitator may also create curiosity with respect to the data of other facilitators.

The data processing is divided into 3 stages and 8 steps:

the initialization stage a) the key management department presets system security parameters and publishes public keys.

b) The key management department generates a pair of private keys for each registered information publisher, sends one private key to the information publisher, sends the other private key together with the security parameters to the server, informs the server of which information publisher the private key corresponds to, and the server stores the keys according to the organization shown in fig. 2.

c) The key management department will generate a pair of private keys for each registered information retriever, send one private key to the information retriever, send the other private key together with the security parameters to the server, and inform the server which information retriever the private key corresponds to, and the server stores the key according to the organization shown in fig. 2.

The information release stage a) uses the private key to encrypt the information to be released and sends the information to the service provider.

b) After receiving the information sent by the information publisher, the service provider stores the information in a local database, encrypts the information again by using a corresponding key, and sends the information to the blockchain.

The information retrieval stage a) the information retriever encrypts the retrieval key with its own private key and sends it to the facilitator.

b) After receiving the information from the information retriever, the service provider uses the private key corresponding to the retriever to re-encrypt the data and sends the data to the intelligent contract for matching.

c) After receiving the information sent by the service provider, the intelligent contract searches with the information of all service providers in the block, returns the matching result to the service provider, and the service provider returns the result to the data retriever.

In order to realize database sharing among different service providers, the main problem is to construct an encrypted information matching mode, especially, if keys of an information publisher and an information retriever are different, if the keys are not shared, it is very difficult for an intelligent contract to directly match between ciphertext encrypted by the information publisher and search content encrypted by the information retriever. The proxy re-encryption algorithm is an algorithm that supports retrieval of encrypted data in a multi-user environment. The simplified workflow of proxy re-encryption is as follows: all users encrypt data by using the private key, and then the encrypted data is transmitted to a third party agent for re-encryption, so that the data encrypted by different private keys are converted into the data encrypted by the same key.

But proxy re-encryption algorithms cannot be used directly on shared database systems for the following reasons: 1) None of the centralized trusted agents performs the re-encryption of ciphertext for different server systems because it is not possible for all servers to trust the same third party's server. 2) The proxy re-encryption algorithm is fixed and the plaintext domain is limited, and an attacker can infer ciphertext using the same proxy re-encryption algorithm on plaintext.

In order to solve the problems, the distributed agent is adopted to re-encrypt, and ciphertext encrypted by different keys is combined with bilinear mapping encryption primitive language depth at each service providerRe-encryption is performed. The specific flow is as follows: the key center selects a key K, and then splits the key K into key pairs { K } _Ui ，K _Pi Assigning key pairs to user U _i And service provider P _i The ciphertext of the data D after twice encryption by the user and the service provider is the same as the data D after the encryption by using the key K, so that the encryption result of the same key can be formed by the data of different users after twice encryption under the condition that the keys of the user and the service provider are different and the keys of the service provider are different by splitting the K into different key pairs and distributing the different key pairs to the different users and the service provider, thereby realizing the retrieval of the encrypted data. After the re-encrypted ciphertext is passed to the blockchain, the intelligent contract utilizes a customized bilinear map to complete data matching.

Because the proxy re-encryption process is fixed, an attacker can crack the ciphertext through statistical attacks, and the encrypted data has the problem of cracked safety. In order to solve the security problem in proxy re-encryption, the invention introduces a random number and security parameters when the user encrypts the data, removes the sensitive information through the mask, and the encryption principle is described in detail below. User use private keyContent->Encryption is performed to obtain a tuple +.>The encryption steps are as follows:

is a random number, F is a standard hashFunction (F)>Is a security parameter, private key->Is a key pair that the key authority generates through x. />Thus->Can be equivalently expressed as:

the service provider receives the encrypted tuple sent by the userThen, the following operation is performed:

improved proxy re-encryption algorithm for contentDuring encryption, a random number is added>Because even->Is limited and the attacker cannot be treated in the same way>The same encryption is performed, and thus, the security of data is improved. However, the security is not particularly high, and the service provider cannot directly add +.>Uploading to the blockchain. Therefore, an algorithm is designed to hide additional information that the data may contain and support blockchain secure execution key matching. The specific method is that the service provider generates a random number and makes the right +.>The following calculation is performed to obtain the tuple->。

Is a security parameter for the service provider, H is a standard hash function. When the block chain receives the inquiry ciphertext of the data retriever>=/>After that, only by judging +.>And (3) withIf the query ciphertext is equal to the data ciphertext of the publisher, the query ciphertext of the searcher is matched with the data ciphertext of the publisher, otherwise, the query ciphertext is not matched with the data ciphertext of the publisher, and the query ciphertext is +.>For bilinear map functions, the following briefly describes bilinear map encryption primitives.

UsingAnd->Representing a prime number P factorial cyclic group, +.>Respectively->And->Is a linear mapping function +.>The preparation method has the following properties: 1) Linearity: for all ofAll have2) can calculate: there is an efficient algorithm to calculate +.>The method comprises the steps of carrying out a first treatment on the surface of the 3) Non-degradability: />。

By utilizing bilinear mapping, under the condition of introducing random numbers, the intelligent contract can still complete comparison of ciphertext domains, sensitive information is removed by masking original data through the random numbers, so that data security is enhanced, an attacker cannot obtain the same ciphertext after encrypting the same plaintext, and statistical attack is invalid.

The encryption principle of combining proxy re-encryption and bilinear mapping is introduced, and through principle analysis, the encryption method of combining proxy re-encryption and bilinear mapping can be known to effectively ensure the security of data, and meanwhile, the matching of ciphertext domains is supported. The system initialization, information encryption release and information encryption retrieval are described in detail below. FIG. 4 shows a workflow for completing data distribution and data matching, and the detailed process corresponding to each step is as follows:

initializing a system: the key management mechanism uses its own key K to generate a pair of private keys {Respectively send to U along with the character parameters alpha, beta _i

,P _i After Pi receives the key, the key and the key of the information publisher or the information retriever corresponding to the key are stored in the hash table, the table structure is shown in fig. 3, and the private key corresponding to the user can be obtained through the user ID. And (3) encrypting release information: when the information publisher publishes information, the data is divided into keywordsAnd data->Two parts, for keyword->The following formula pair->Encryption is performed and a tuple { }, is obtained>}。/>

Information publisher using shared session keyAnd encrypting the data D to obtain D'.

The service provider receives {After the two steps are performed, the following operation is performed:

the service provider saves D' in the local server and {And the block chains are transmitted to be shared.

The keyword matching information retriever performs the following operation on the retrieved keyword ws:

information retrievers obtain tuple {After } the tuple is sent to its own service provider, after the service provider receives the information sent by information retriever, the service provider sends the information to {>The following operation is performed:

the service provider will {Commit to the smart contract.

After receiving the search request from the service provider, the intelligent contract traverses all published encryption information { from the blockchain-and doing the following:

after the values of p and q are obtained, the intelligent contract judges whether p and q are equal or not, and if so, the intelligent contract judges whether the p and q are equalAfter traversing all published information, the intelligent contract informs the corresponding server of the resource with id number +.>To the information retriever. After the information retriever receives the resource, use the shared session key +.>Data->And decrypting until the process of sharing and matching the private data of one multi-service provider is completed.

Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the invention.

Claims (3)

1. A multi-service provider privacy data sharing system based on block chain, which is suitable for multi-user and multi-service provider environment, comprises the following modules:

a key distribution module: the key management mechanism presets system security parameters and publishes public keys, a pair of private keys are generated for each registered user, one private key and the user security parameters are sent to the registered user, the other private key and the server security parameters are sent to the corresponding server of the user, and the server is informed of which user the private key corresponds to;

the information release module: the information publisher encrypts and transmits the information to be published to the server by using a private key, a random number and a security parameter, and after receiving the information transmitted by the information publisher, the server encrypts the information again by using a proxy re-encryption method and a key corresponding to the information publisher, stores the encrypted ciphertext into a local database and uploads the encrypted ciphertext to a blockchain;

an information retrieval module: the information retriever encrypts the retrieval key by using the private key, the random number and the security parameter, and sends the encrypted retrieval key to the server, and after receiving the information sent by the information retriever, the server re-encrypts the data by using a proxy re-encryption method and the private key corresponding to the information retriever and sends the ciphertext to the intelligent contract for matching;

after receiving a search request sent by a service provider, the intelligent contract carries out matching operation on a search ciphertext and all ciphertext on a block chain, and returns a matching result to the service provider, and the service provider informs a data publisher that the matching with a data searcher is successful;

the system depth fusion agent re-encrypts the user data with bilinear mapping encryption primitives to support data matching of ciphertext domains;

the system depth fusion agent re-encrypts and bilinear maps encryption primitives with the following formula:

where wo is the plaintext of the content to be encrypted that the user publishes,random number generated for user uo, +.>Respectively prime number P factorial cyclic group +.>And->Is the root of (1),>for the private key of the user, < >>A private key corresponding to the user uo stored for the facilitator, and +.>，/>The key selected for the key management entity, function F being a hash function, < >>For safety parameters->And->Two result variables after encryption of the release content for the user uo>For the attendant pairs->And (3) withResult after performing proxy re-encryption, +.>Plaintext of content to be retrieved for information retriever, < >>Random number generated for information retrieval user, +.>For the private key of the data retriever us, < +.>A private key stored for the service provider and corresponding to the user us, and +.>，/>And->Two result variables after encryption of the search content for user us,/for user us>For the attendant pairs->And->Executing the result after proxy re-encryption;

the system depth fusion agent re-encrypts and bilinear maps encryption primitives, and the data matching formula of the ciphertext domain is as follows:

wherein s and beta are safety parameters,and->Two random numbers generated for the service provider, H being a hash function, < >>And (3) withFor service providersFor->Two result variables after the operation, +.>And->For the attendant pairs->Two result variables after operation; function e is a bilinear mapping function with +.>

Is described if wo is equal to wsMatched, "? = "indicates whether or not they are equal.

2. The system depth fusion proxy re-encryption and bilinear map encryption primitive of claim 1, wherein: the system adopts random data to carry out mask processing on the data, removes sensitive information of the data, and simultaneously still supports intelligent contracts to carry out data matching in a ciphertext domain; through the mask processing, an attacker cannot encrypt the plaintext by using the disclosed encryption algorithm and then try the real information of the ciphertext issued by the user.

3. A blockchain-based multi-facilitator privacy data sharing method applied to the blockchain-based multi-facilitator privacy data sharing system as claimed in any one of claims 1-2, characterized by comprising the following steps:

s1, a key management mechanism presets system security parameters and publishes a public key;

s2, the key management mechanism generates a pair of private keys for each registered user, sends one private key and the user security parameter to the registered user, sends the other private key and the server security parameter to the corresponding server of the user, and informs the server of the corresponding user of the private key; the registered user comprises an information publisher and an information retriever;

s3, the information publisher encrypts the information to be published by using a private key, a random number and a security parameter and sends the information to the service provider;

s4, after receiving the information sent by the information publisher, the service provider encrypts the information again by using a proxy re-encryption method and a key corresponding to the information publisher, stores the encrypted ciphertext into a local database, and uploads the ciphertext to a block chain;

s5, the information retriever encrypts the retrieval key by using the private key, the random number and the security parameter and sends the encrypted retrieval key to the server;

s6, after receiving the information sent by the information retriever, the service provider re-encrypts the data by using a proxy re-encryption method and a private key corresponding to the retriever, and sends the ciphertext to the intelligent contract for matching;

and S7, after receiving a search request sent by the service provider, the intelligent contract uses a specific algorithm to carry out matching operation on the search ciphertext and all the ciphertext on the blockchain, and returns a matching result to the service provider, and the service provider informs the data publisher that the matching with the data searcher is successful.