CN115589303A - Data sharing and privacy protection method based on SM9 algorithm and cross-chain technology - Google Patents
Data sharing and privacy protection method based on SM9 algorithm and cross-chain technology Download PDFInfo
- Publication number
- CN115589303A CN115589303A CN202210812867.1A CN202210812867A CN115589303A CN 115589303 A CN115589303 A CN 115589303A CN 202210812867 A CN202210812867 A CN 202210812867A CN 115589303 A CN115589303 A CN 115589303A
- Authority
- CN
- China
- Prior art keywords
- chain
- kgc
- organization
- alice
- transaction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 238000005516 engineering process Methods 0.000 title claims abstract description 26
- 230000008520 organization Effects 0.000 claims abstract description 92
- 230000007246 mechanism Effects 0.000 claims description 60
- 238000012795 verification Methods 0.000 claims description 26
- 238000004364 calculation method Methods 0.000 claims description 9
- 230000008569 process Effects 0.000 claims description 7
- 230000004044 response Effects 0.000 claims description 6
- 230000001360 synchronised effect Effects 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 claims description 4
- 230000003993 interaction Effects 0.000 description 5
- NAWXUBYGYWOOIX-SFHVURJKSA-N (2s)-2-[[4-[2-(2,4-diaminoquinazolin-6-yl)ethyl]benzoyl]amino]-4-methylidenepentanedioic acid Chemical compound C1=CC2=NC(N)=NC(N)=C2C=C1CCC1=CC=C(C(=O)N[C@@H](CC(=C)C(O)=O)C(O)=O)C=C1 NAWXUBYGYWOOIX-SFHVURJKSA-N 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000018109 developmental process Effects 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a data sharing and privacy protection method based on SM9 algorithm and cross-chain technology, which comprises an organization chain, a certificate storing chain, a key generation center (KGC for short) and a cloud service provider (CSP for short) module operation mode; by using the SM9 identification cryptographic algorithm, the identity of the user can be used for generating a public key pair and a private key pair of the user, the public key pair comprises a digital signature algorithm, a key exchange algorithm and a public key encryption algorithm, and the security of password protection, namely the data sharing and privacy protection security, is improved.
Description
Technical Field
The invention belongs to the technical field of data sharing and privacy protection, and particularly relates to a data sharing and privacy protection method based on an SM9 algorithm and a cross-chain technology.
Background
The block chain technology has the characteristics of decentralization, distrust and the like, so that information can be transmitted with other nodes under the condition of no trusted third party, the information interaction efficiency is effectively improved, the interaction cost is reduced, and the block chain technology has a wide prospect in the fields of industrial internet of things, finance and the like. As is the case today, however, the blockchain industry is isolated by many different platforms and protocols, thereby forming various blockchain islands. Limitations on data transmission between different blockchains reduce the effectiveness and comfort of data sharing between users of different blockchains and hinder new developments within blockchain ecosystems. Interoperability will necessarily become a new direction for blockchain technology. Meanwhile, in order to achieve the purpose of node consensus and the like, part of information in the block chain must be transparent or public to the nodes in the whole network, but this undoubtedly increases the risk of privacy disclosure among users, so protection of user identity privacy and transaction data privacy in the transaction process needs to be paid attention to.
The currently mainstream chain-crossing technology is summarized in a block chain-crossing technology development research published in 2019 by lufang et al, and the chain-crossing technology can be divided into three types: notary mechanisms, hash locks, and side chains/relays. Hash locking is simplest from the realization difficulty, but the method is only used for interaction of cross-chain assets, a notary mechanism theory is suitable for interaction of all block chains, but the credibility problem of the notary needs to be solved, and a side chain/relay mechanism has great potential but very high realization difficulty.
Identity-based cryptography (IBC) was proposed by Shamir et al in 1984, but the definition of the identity-based cryptosystem (IBE) was formally given by Boneh and Franklin et al in 2001. IBC is a kind of public key cryptography in which an identifier representing an identity of an entity is used as a public key. In an IBC system, a trusted party, named Key Generation Center (KGC), is responsible for creating a private key based on the identity of an entity. In fact, most existing authentication mechanisms are built on Public Key Infrastructure (PKI) systems, where a trusted third party, called a Certificate Authority (CA), is involved to provide a root of trust for all PKI certificates. The traditional PKI system is not in accordance with the characteristics of block chain "decentralized" and "distrust" because the trust center has too large weight, and moreover, the certificate is used for verifying the identity of individuals, equipment and other entities, but may bring high management cost, and the CA is vulnerable to potential attacks and is prone to operation errors.
"Identity-based mutual device authentication schemes for PLC systems" published in 2008 by heo et al, proposes an Identity-based interactive device authentication scheme for Power Line Communications (PLC). Since no public key certificate is used, the possibility of CA attacks is avoided, and the operational complexity of deploying and managing identities is effectively reduced.
The "Identity-based authentication for closed computing" published in 2009 by Li et al proposes an Identity-based cloud computing authentication scheme that is considered more efficient than the SSL authentication protocol. However, since the authenticator is a cloud server and a device user, mutual authentication of peer devices is not considered.
However, the existing data sharing and privacy protection methods related to the blockchain technology still have disadvantages, and firstly, the existing cross-chain technology has higher limitations, such as only being able to support exchange of tokens, but being unable to implement data sharing, and lacking privacy protection for both interaction parties, although having the potential of implementing more functions, it is still immature at the present stage, and being unable to implement data sharing between mechanism users maintaining different blockchains effectively. Secondly, as for the strategy for realizing privacy protection by using identity-based cryptography, although identity-based cryptography has been widely researched so far, most of the researches are developed around foreign proposed cryptographic algorithms, and the strategies of information security technology including cryptography and autonomous advanced security and controllable products in China are not met.
Therefore, a data sharing and privacy protection method that overcomes the above-mentioned deficiencies is desired.
Disclosure of Invention
In order to solve the technical problems, the invention provides a data sharing and privacy protection method based on an SM9 algorithm and a cross-chain technology.
In order to achieve the technical effect of solving the technical problems, the invention is realized by the following technical scheme: the data sharing and privacy protection method based on the SM9 algorithm and the cross-chain technology is characterized by comprising the following steps:
Step1:KGC A 、KGC B and KGC Root Respectively selecting random numbers ks A ∈[1,N A -1]、 ks B ∈[1,N B -1]And ks Root ∈[1,N Root -1]System master private key as organization A, organization B and chain of certificates of deposit, wherein KGC A 、KGC B And KGC Root Respectively representing a key generation center, N, in an organization A, an organization B and a chain system for storing certificates A 、N B And N Root Prime factors respectively representing the orders of elliptic curves used by a mechanism A, a mechanism B and a certificate storing chain system in the SM9 identification cryptographic algorithm;
step2: the system master public keys of the organization A, the organization B and the certificate storing chain are respectively as follows: andwhereinAndrespectively representing the loop groups used by the mechanism A, the mechanism B and the certificate chain storage system in the SM9 identification cryptographic algorithmAndthe system main public key is disclosed to the whole network, and the system main private key is kept by each KGC;
step3: the mechanism A, the mechanism B and the certificate storing chain system pass through KGC A 、KGC B And KGC Root Calculating a public and private key pair for nodes on the mechanism chain A, the mechanism chain B and the evidence storing chain;
step4: alice first generates its anonymous identityThen will beAnd self pairIs sent to KGC A Applying for anonymous identity signature private key dA Alice ;
Step5:KGC A After receiving the request of the Alice, the signature of the Alice is checked, if the verification fails, the request of the Alice is refused, and if the verification passes, the anonymous identity based on the Alice is checkedGenerating an anonymous identity signing key dA for Alice Alice And storing the corresponding relation between Alice and the anonymous identity in KGC after encrypting A In a local storage list and stores the anonymous identity of AliceIs sent to KGC Root ,KGC Root Recording the data in a local storage list;
step6: alice generates a data sharing request message m, signs the message m by using an anonymous identity signing private key, and sends the signature to KGC A Requesting the current value primary node B of the organization chain B 2 A public key in a chain of certificates of presence. Alice acquires the primary node B 2 After the public key, use Bob and main node B respectively 2 And a primary node A 2 After three layers of encryption, the public key is sent to A 2 :
Wherein Enc x (m) denotes the encryption of the message m using the public key of user x, sig x (m) denotes signing the message m using the private key of the user x,representing the signing of a message m using the anonymous identity signing private key of a user x, A 2 Decrypting after receiving the identity authentication request and verifying the true identity signature of Alice;
if passing, according to the organization chain unique identifier ID ChainB Sending the message to B 2 :
B 2 Decrypting after receiving, firstly inquiring KGC Root Whether or not to include the anonymous identity thereinIf not to primary node A 1 Sending a data update request, primary node A 1 Updating the latest anonymous identity on the organization chain A to KGC Root If the latest data after update is not includedThe transaction fails. If KGC Root Includes the anonymous identity, the anonymous identity signature is verified using the identity, and if passed, based on Bob's identity identifier ID Bob Sending the message to Bob;
step7: after receiving the message, bob decrypts the private key of Bob, verifies the true identity signature and the anonymous identity signature of Alice again, and generates the anonymous identity of Bob after the verification is passedAnd towards KGC B Application forSignature private key dA for its anonymous identity Bob KGC after successful generation B Will be provided withSaving to local store list, primary node B 1 To KGC Root Sending the updated anonymous identity information. Bob generates a data sharing response message containing the index information of the shared data and sends the data sharing response message to KGC B Requesting current value primary node A of organization chain A 2 A public key in a chain of certificates of presence. Get primary node A 2 After the public key, the message is similarly encrypted in three layers:
likewise, B 2 Decrypting the message after receiving the message, verifying the true identity signature of Bob, and after the verification is passed, carrying out anonymous identity, anonymous identity signature and B of Alice 2 The signature of the self to the message is uploaded to a transaction judgment intelligent contract, and the transaction state of the mechanism chain B is set as a pre-submission state. B 2 According to ID ChainA Further sending the message to A 2 :
A 2 Decrypting and verifying the anonymous identity signature of the Bob, the anonymous identity signature and the A after the verification is passed 2 The signature of the self to the message is uploaded to a transaction judgment intelligent contract, the transaction state of the institution chain A is also set as a pre-submission state, and the message is sent to Alice;
step8: and after the message is received by Alice, the Alice decrypts and verifies again, and applies for accessing the CSP by using the shared data index and the true identity signature of Bob after the message passes the verification. After verifying that the data index, the anonymous identity signature of the Alice and the true identity signature of the Bob pass, the CSP manager allows the Alice to acquire complete data, sends the data operation, the operation timestamp and the signature of the Alice to a transaction judgment intelligent contract, and sets the transaction state as pre-submission;
step9: when the transaction passes the verification of the transaction judgment intelligent contract, the contract generates transaction information to be written into the block:
and broadcasting in the certificate storing chain, after the verification of other nodes in the certificate storing chain is passed, the transaction is written into a certificate storing chain block A 2 、B 2 Transaction information is synchronized into an institution chain a and an institution chain B. When disputes occur in the transaction, the secondary node can send an application to the KGC to trace the transaction process;
further, in Step1, the mechanism A and the mechanism B respectively maintain the mechanism chain A and the mechanism chain B, and the KGC is used for controlling the mechanism chain A and the mechanism chain B to be respectively maintained A And KGC B The keys of users in organization A and organization B are managed and generated respectively, and the organization chain A and the organization chain B respectively select main nodes A 1 、A 2 And B 1 、B 2 As a representative access mechanism chain, in which the primary node A 1 、B 1 Responsible for updating the user identity information in the organization A and the organization B to the KGC Root Middle, main node A 2 、B 2 The secondary node is used as a middle person to be responsible for cross-link information transmission, and can initiate a cross-link data sharing request as a common user;
further, in Step2, the system master public key is published to the whole network, which means that a user in any organization can query the system master public key of another organization through KGC in the organization, and the system master private key is stored by each KGC to mean that the private key cannot be leaked;
further, in Step3, the public and private key pair calculation method of the node is as follows:
let ID be the identity identifier of user X in organization X x ,KGC X First in the finite field used by the organization XUpper calculation
t 1 =H 1 (ID x ||hid X ,N X )+ks X
Wherein hid X Key generating function identifier, N, representing the SM9 identity cryptographic algorithm used in the organization X X Prime factors, ks, representing the order of the elliptic curve used by mechanism X in SM9 ID cryptographic algorithms X Is the system master private key for organization X. If t 1 If the key is t =0, the system main private key and the system main public key need to be recalculated, the existing user private key needs to be updated, and if the key is t, the system main private key and the system main public key need to be recalculated, and if the key is t, the existing user private key needs to be updated 1 Not equal to 0, then calculate
WhereinIs the inverse of the multiplication, up to which the private key of user x can be calculated as
The public key of the user x can be obtained by calculating according to the formula (9) by any user
WhereinThe system main public key of the organization X is represented, and the public and private key pair of the user X can be represented as (pk) through the calculation x ,d x );
Further, in Step4, the anonymous identity is generated as follows:
let ID be the identity identifier of user X in organization X x Then the anonymous identity of user xCan be expressed as
Wherein H 1 () Is a cryptographic hash function used by the SM9 algorithm, nonce is a random number chosen by user x and is E [1, N ∈ X -1]Timestamp represents the current Timestamp;
further, KGC in Step5 A The mode of generating the public and private key pair with the Alice anonymous identity is the same as the mode of generating the public and private key pair with the node in Step 3. Anonymous identity for AliceThrough a primary node A 1 Is sent to KGC Root ;
Further, in Step6, KGC A Through a primary node A 1 Obtaining KGC Root Bob and B stored in (1) 2 Sending the public key information to Alice;
further, in Step7, the process of generating the anonymous identity of Bob is shown as formula (10), and the generation mode of the anonymous identity public and private key pair of Bob is the same as that of the node public and private key pair in Step 3. KGC B Through a primary node B 1 Obtaining KGC Root Alice and B stored in 2 And sending the public key information to Bob;
further, in Step7, the transaction decision intelligent contract is used for generating transaction information only when the main node A 2 、B 2 The CSP manager sets the transaction state as pre-submission, and the transaction judgment intelligent contract generates transaction information TX after the signature submitted by the CSP manager passes verification;
further, in Step9, users in mechanism chain A and mechanism chain B can change the main node A 1 、B 1 Synchronized to KGC A 、KGC B Transaction information and primary node a in (1) 2 、B 2 Issued transactionsThe information is compared with the consistency of the verified transaction information, meanwhile, the legality of the transaction can be checked through verifying the signature contained in the transaction information, and when a user disputes the transaction information, the transaction which generates the dispute can be traced or conscientiated by calling the data in each KGC and in the evidence storing chain;
the beneficial effects of the invention are:
the method provided by the invention comprises an organization chain, a certificate storing chain, a key generation center (KGC for short) and a cloud service provider (CSP for short) module operation mode; the organization chain is contained in a block chain system respectively maintained by each organization and is mainly used for storing related transaction information related to data held by the organization, and a data abstract and index information held in the organization, and the authenticity of the data is verified by comparing the data abstract stored on the chain with a recalculated hash value on an actual file; the complete data maintained by the user in the organization is stored in the CSP pointed by the index on the chain, and the user in the organization can acquire the complete data from the CSP according to the index so as to avoid storing a large amount of data on the block chain and improve the operating efficiency of the system. Meanwhile, the SM9 identification cryptographic algorithm is used, the identity identification of the user can be used for generating a public key pair and a private key pair of the user, the public key pair comprises a digital signature algorithm, a key exchange algorithm and a public key encryption algorithm, and the security of cryptographic protection is improved, namely the data sharing and privacy protection security are improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the description below are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a cross-chain data sharing framework model of the present invention;
FIG. 2 is a schematic diagram of a node configuration according to the present invention;
FIG. 3 is a cross-chain data sharing flow chart according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Examples
Referring to fig. 1 to 3, a data sharing and privacy protecting method based on an SM9 algorithm and a cross-chain technology is characterized by specifically including the following steps:
Step1:KGC A 、KGC B and KGC Root Respectively selecting random numbers ks A ∈[1,N A -1]、 ks B ∈[1,N B -1]And ks Root ∈[1,N Root -1]System master private key as organization A, organization B and chain of certificates of deposit, wherein KGC A 、KGC B And KGC Root Respectively representing a key generation center, N, in an organization A, an organization B and a chain system for storing certificates A 、N B And N Root Prime factors of elliptic curve orders used by a mechanism A, a mechanism B and a certificate storing chain system in the SM9 identification cryptographic algorithm are respectively represented;
step2: the system master public keys of the organization A, the organization B and the certificate storing chain are respectively as follows: andwhereinAndrespectively representing the loop groups used by the mechanism A, the mechanism B and the certificate chain storage system in the SM9 identification cryptographic algorithmAndthe system main public key is disclosed to the whole network, and the system main private key is kept by each KGC;
step3: the mechanism A, the mechanism B and the certificate storing chain system pass through KGC A 、KGC B And KGC Root Calculating a public and private key pair for nodes on the mechanism chain A, the mechanism chain B and the evidence storing chain;
step4: alice first generates its anonymous identityThen will beAnd self pairIs sent to KGC A Applying for anonymous identity signing private key dA Alice ;
Step5:KGC A After receiving the request of the Alice, the signature of the Alice is checked, if the verification fails, the request of the Alice is refused, and if the verification passes, the anonymous identity based on the Alice is checkedGenerating an anonymous identity signing key dA for Alice Alice And storing the corresponding relation between Alice and the anonymous identity in KGC after encrypting A In a local storage list and the anonymous identity of AliceIs sent to KGC Root ,KGC Root Recording the data in a local storage list;
step6: alice generates a data sharing request message m, signs the message m by using an anonymous identity signing private key, and sends the signature to KGC A Requesting current value primary node B of organization chain B 2 A public key in a chain of certificates of presence. Alice acquires the primary node B 2 After the public key, use Bob and main node B respectively 2 And a primary node A 2 After three layers of encryption, the public key is sent to A 2 :
Wherein Enc x (m) denotes the encryption of the message m using the public key of user x, sig x (m) denotes signing the message m using the private key of user x,representing the signing of a message m using the anonymous identity signing private key of a user x, A 2 Decrypting after receiving the identity authentication request, and verifying the true identity signature of Alice;
if passing, according to the organization chain unique identifier ID ChainB Sending the message to B 2 :
B 2 Decrypting after receiving, firstly inquiring KGC Root Whether or not to include the anonymous identity thereinIf not to primary node A 1 Sending a data update request, primary node A 1 Updating the latest anonymous identity on the organization chain A to KGC Root If the latest data after update is not includedThe transaction fails. If KGC Root Includes the anonymous identity, thenUsing the identity to verify the anonymous identity signature, if passed, based on Bob's identity identifier ID Bob Sending the message to Bob;
step7: after receiving the message, bob decrypts the private key of Bob, verifies the true identity signature and the anonymous identity signature of Alice again, and generates the anonymous identity of Bob after the verification is passedAnd towards KGC B Signature private key dA applying for its anonymous identity Bob KGC after successful generation B Will be provided withSaving to local storage list, primary node B 1 To KGC Root Sending the updated anonymous identity information. Bob generates a data sharing response message containing the index information of the shared data and sends the data sharing response message to KGC B Requesting current value primary node A of organization chain A 2 A public key in a chain of certificates of presence. Get primary node A 2 After the public key, the message is similarly encrypted in three layers:
likewise, B 2 Decrypting the message after receiving the message, verifying the true identity signature of Bob, and after the verification is passed, carrying out anonymous identity, anonymous identity signature and B of Alice 2 The signature of the self to the message is uploaded to a transaction judgment intelligent contract, and the transaction state of the mechanism chain B is set as a pre-submission state. B 2 According to ID ChainA Further sending the message to A 2 :
A 2 Decrypting and verifying the anonymous identity signature of the Bob, the anonymous identity signature and the A after the verification is passed 2 Self-bodyUploading the signature of the message to a transaction judgment intelligent contract, setting the transaction state of the mechanism chain A to be a pre-submission state, and sending the message to Alice;
step8: and after receiving the message, the Alice decrypts and verifies the message again, and applies for accessing the CSP by using the shared data index and the real identity signature of the Bob after the message passes the verification. After verifying that the data index, the anonymous identity signature of the Alice and the real identity signature of the Bob pass, the CSP manager allows the Alice to acquire complete data, sends the data operation, the operation timestamp and the signature of the Alice to a transaction judgment intelligent contract, and sets the transaction state as pre-submission;
step9: when the transaction passes the verification of the transaction judgment intelligent contract, the contract generates transaction information to be written into the block:
and broadcasting in the certificate storing chain, after the verification of other nodes in the certificate storing chain is passed, the transaction is written into a certificate storing chain block A 2 、B 2 Transaction information is synchronized into an institution chain a and an institution chain B. When disputes occur in the transaction, the secondary node can send an application to the KGC to trace the transaction process;
in the Step1, a mechanism A and a mechanism B respectively maintain a mechanism chain A and a mechanism chain B, and the mechanism chain A and the mechanism chain B are respectively maintained by KGC A And KGC B Managing and generating keys of users in organization A and organization B respectively, and electing main node A by organization chain A and organization chain B respectively 1 、A 2 And B 1 、B 2 As a representative access mechanism chain, in which the primary node A 1 、B 1 Responsible for updating the user identity information in the organization A and the organization B to the KGC Root Middle, main node A 2 、B 2 The secondary node is used as a middle person to be responsible for cross-link information transmission, and can initiate a cross-link data sharing request as a common user;
in Step2, the system master public key is published to the whole network, and the user in any organization can inquire the system master public key of another organization through the KGC in the organization, and the system master private key is stored by each KGC to show that the private key cannot be leaked;
in Step3, a public and private key pair calculation method of the nodes is as follows:
let ID be the identity identifier of user X in organization X x ,KGC X First in the finite field used by the organization XUpper calculation
t 1 =H 1 (ID x ||hid X ,N X )+ks X
Wherein hid X Key generating function identifier, N, representing the SM9 identity cryptographic algorithm used in the organization X X Prime factors, ks, representing the order of the elliptic curve used by mechanism X in SM9 ID cryptographic algorithms X Is the system master private key for institution X. If t 1 If the key is t =0, the system main private key and the system main public key need to be recalculated, the existing user private key needs to be updated, and if the key is t, the system main private key and the system main public key need to be recalculated, and if the key is t, the existing user private key needs to be updated 1 Not equal to 0, then calculate
WhereinIs the inverse of the multiplication, up to which the private key of user x can be calculated as
The public key of the user x can be obtained by calculating according to the formula (9) by any user
WhereinThe system main public key of the organization X is represented, and the public and private key pair of the user X can be represented as (pk) through the calculation x ,d x );
In Step4, the anonymous identity generation method comprises the following steps:
let ID be the ID of user X in organization X x Then the anonymous identity of user xCan be expressed as
Wherein H 1 () Is a cryptographic hash function used by the SM9 algorithm, nonces are random numbers selected by the user x and are E [1, N ] X -1]Timestamp represents the current Timestamp;
further, KGC in Step5 A The mode of generating the public and private key pair with the Alice anonymous identity is the same as the mode of generating the public and private key pair with the node in Step 3. Anonymous identity for AliceThrough a primary node A 1 Is sent to KGC Root ;
KGC in Step6 A Through a primary node A 1 Obtaining KGC Root Bob and B stored in (1) 2 And sending the public key information to Alice;
the process for generating the anonymous identity of Bob in Step7 is shown in formula (10), and the generation mode of the public and private key pair of the anonymous identity of Bob is the same as that of the public and private key pair of the node in Step 3. KGC B Through a primary node B 1 Obtaining KGC Root Alice and B stored in 2 And sending the public key information to Bob;
in Step7, the transaction decision intelligent contract is used for generating transaction information only when the main node A 2 、B 2 And the CSP administrator both set the transaction status to pre-commit,and the transaction information TX is generated only after the signature submitted by the transaction judgment intelligent contracts passes verification;
in Step9, users in the mechanism chain A and the mechanism chain B can change the main node A 1 、 B 1 Synchronized to KGC A 、KGC B Transaction information and primary node a in (1) 2 、B 2 The issued transaction information is compared with the consistency of the verified transaction information, meanwhile, the legality of the transaction can be checked through the signature contained in the verified transaction information, and when the user disputes the transaction information, the transaction which generates the dispute can be traced or blamed by calling the data in each KGC and in the evidence storing chain.
In summary, the method provided by the present invention includes an organization chain, a certificate chain, a key generation center (KGC for short), and a cloud service provider (CSP for short) module operation manner; the organization chain is contained in a block chain system respectively maintained by each organization and is mainly used for storing related transaction information related to data held by the organization, and a data abstract and index information held in the organization, and the authenticity of the data is verified by comparing the data abstract stored on the chain with a recalculated hash value on an actual file; the complete data maintained by the user in the mechanism is stored in the CSP pointed by the index on the chain, and the user in the mechanism can obtain the complete data from the CSP according to the index so as to avoid storing a large amount of data on the block chain and improve the operating efficiency of the system. Meanwhile, the SM9 identification cryptographic algorithm is used, the identity identification of the user can be used for generating a public key pair and a private key pair of the user, the public key pair comprises a digital signature algorithm, a key exchange algorithm and a public key encryption algorithm, and the security of cryptographic protection is improved, namely the data sharing and privacy protection security is improved.
In the description herein, references to the description of "one embodiment," "an example," "a specific example" or the like are intended to mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The preferred embodiments of the invention disclosed above are intended to be illustrative only. The preferred embodiments are not intended to be exhaustive or to limit the invention to the precise embodiments disclosed. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the invention and the practical application, to thereby enable others skilled in the art to best utilize the invention. The invention is limited only by the claims and their full scope and equivalents.
Claims (10)
1. The data sharing and privacy protection method based on the SM9 algorithm and the cross-chain technology is characterized by comprising the following steps:
Step1:KGC A 、KGC B and KGC Root Respectively selecting random numbers ks A ∈[1,N A -1]、ks B ∈[1,N B -1]And ks Root ∈[1,N Root -1]System master private key as organization A, organization B and chain of certificates of deposit, wherein KGC A 、KGC B And KGC Root Respectively representing a key generation center, N, in an organization A, an organization B and a chain system for storing certificates A 、N B And N Root Prime factors respectively representing the orders of elliptic curves used by a mechanism A, a mechanism B and a certificate storing chain system in the SM9 identification cryptographic algorithm;
step2: the system master public keys of the organization A, the organization B and the certificate storing chain are respectively as follows: andwhereinAndrespectively representing the loop groups used by the mechanism A, the mechanism B and the certificate chain storage system in the SM9 identification cryptographic algorithmAndthe system main public key is disclosed to the whole network, and the system main private key is kept by each KGC;
step3: the mechanism A, the mechanism B and the certificate storing chain system pass through KGC A 、KGC B And KGC Root Calculating a public and private key pair for nodes on the mechanism chain A, the mechanism chain B and the evidence storing chain;
step4: alice first generates its own anonymous identityThen will beAnd self pairIs sent to KGC A Applying for anonymous identity signing private key dA Alice ;
Step5:KGC A The method comprises the steps of receiving a request of Alice, checking and signing a signature of the Alice, rejecting the request of the Alice if the verification fails, and rejecting the request of the Alice based on the anonymous identity of the Alice if the verification passesGenerating an anonymous identity signing key dA for Alice Alice And are combinedThe corresponding relation between Alice and the anonymous identity is encrypted and then stored in KGC A In a local storage list and stores the anonymous identity of AliceIs sent to KGC Root ,KGC Root Recording the data in a local storage list;
step6: alice generates a data sharing request message m, signs the message m by using an anonymous identity signing private key, and sends the signature to KGC A Requesting current value primary node B of organization chain B 2 A public key in a chain of certificates of existence. Alice acquires the primary node B 2 After the public key, use Bob and main node B respectively 2 And a primary node A 2 After three layers of encryption, the public key is sent to A 2 :
Wherein Enc x (m) denotes the encryption of the message m using the public key of user x, sig x (m) denotes signing the message m using the private key of the user x,representing the signing of a message m using the anonymous identity signing private key of a user x, A 2 Decrypting after receiving the identity authentication request and verifying the true identity signature of Alice;
if passing, according to the organization chain unique identifier ID ChainB Sending the message to B 2 :
B 2 Decrypting after receiving, firstly inquiring KGC Root Whether or not to include the anonymous identity thereinIf not to primary node A 1 Sending a data update request, primary node A 1 Updating the latest anonymous identity on the organization chain A to KGC Root If the latest data after update is not includedThe transaction fails. If KGC Root Includes the anonymous identity, the anonymous identity signature is verified using the identity, and if passed, based on Bob's identity identifier ID Bob Sending the message to Bob;
step7: after receiving the message, bob decrypts the private key of the Bob, verifies the true identity signature and the anonymous identity signature of Alice again, and after the verification is passed, bob generates the anonymous identity of the AliceAnd towards KGC B Signature private key dA applying for its anonymous identity Bob KGC after successful generation B Will be provided withSaving to local store list, primary node B 1 To KGC Root Sending the updated anonymous identity information. Bob generates a data sharing response message containing the index information of the shared data and sends the data sharing response message to KGC B Requesting current value primary node A of organization chain A 2 A public key in a chain of certificates of presence. Get primary node A 2 After the public key, the message is similarly encrypted in three layers:
B 2 decrypting the message after receiving the message, verifying the true identity signature of Bob, and after the verification is passed, carrying out anonymous identity, anonymous identity signature and B of Alice 2 The signature of the self to the message is uploaded to a transaction judgment intelligent contract, and the transaction state of the mechanism chain B is set as a pre-submission state. B is 2 According to ID ChainA Further sending the message to A 2 :
A 2 Decrypting and verifying the anonymous identity signature of the Bob, the anonymous identity signature and the A after the verification is passed 2 The signature of the self to the message is uploaded to a transaction judgment intelligent contract, the transaction state of the mechanism chain A is also set as a pre-submission state, and the message is sent to Alice;
step8: and after receiving the message, the Alice decrypts and verifies the message again, and applies for accessing the CSP by using the shared data index and the real identity signature of the Bob after the message passes the verification. After verifying that the data index, the anonymous identity signature of the Alice and the real identity signature of the Bob pass, the CSP manager allows the Alice to acquire complete data, sends the data operation, the operation timestamp and the signature of the Alice to a transaction judgment intelligent contract, and sets the transaction state as pre-submission;
step9: when the transaction passes the verification of the transaction judgment intelligent contract, the contract generates transaction information to be written into the block:
and broadcasting in the certificate storing chain, after the verification of other nodes in the certificate storing chain is passed, the transaction is written into a certificate storing chain block A 2 、B 2 Transaction information is synchronized into an institution chain a and an institution chain B. When disputes occur in the transaction, the secondary node can send an application to the KGC to trace the transaction process.
2. The SM9 algorithm and cross-chain technology based data sharing and privacy protecting method as claimed in claim 1, wherein in Step1, organization A and organization B maintain organization chain A and organization chain B respectively, and KGC is used for maintaining organization chain A and organization chain B respectively A And KGC B The keys of users in organization A and organization B are managed and generated respectively, and the organization chain A and the organization chain B respectively select main nodes A 1 、A 2 And B 1 、B 2 As a representative access mechanism chain, in which the primary node A 1 、B 1 Responsible for updating the user identity information in organization A and organization B to KGC Root Middle, main node A 2 、B 2 The secondary node is used as a middleman for performing cross-link information transmission, and the secondary node as a common user can initiate a cross-link data sharing request.
3. The SM9 algorithm and chain-crossing technology based data sharing and privacy protection method as claimed in claim 1, wherein in Step2, the public system master public key is published to the whole network to indicate that a user in any organization can query the public system master public key of another organization through KGCs in the organization, and the private system master private key is self-stored by each KGC to indicate that the private key cannot be leaked.
4. The SM9 algorithm and chain-crossing technology based data sharing and privacy protection method as claimed in claim 1, wherein in Step3, the public and private key pair calculation method of the nodes is as follows:
let ID be the ID of user X in organization X x ,KGC X First in the finite field used by the organization XUpper calculation
t 1 =H 1 (ID x ||hid X ,N X )+ks X
Wherein hid X Key generating function identifier, N, representing the SM9 identity cryptographic algorithm used in the organization X X Prime factors, ks, representing the order of the elliptic curve used by mechanism X in SM9 ID cryptographic algorithms X Is the system master private key for institution X. If t 1 =0, recalculating the system main private key and the main public key, updating the existing user private key, and if t is equal to t 1 Not equal to 0, then calculate
WhereinIs the inverse of the multiplication, up to which the private key of user x can be calculated as
The public key of the user x can be obtained by calculating according to the formula (9) by any user
5. The data sharing and privacy protecting method based on SM9 algorithm and cross-chain technology as claimed in claim 1, wherein in Step4, the anonymous identity is generated as follows:
let ID be the ID of user X in organization X x Then the anonymous identity of user xCan be expressed as
Wherein H 1 () Is a cryptographic hash function used by the SM9 algorithm, nonce is a random number chosen by user x and is E [1, N ∈ X -1]Timestamp indicates the current Timestamp.
6. The SM9 algorithm and cross-chain technology-based data sharing and privacy protection method according to claim 1, wherein KGC in Step5 A The mode of generating the public and private key pair with the Alice anonymous identity is the same as the mode of generating the public and private key pair with the node in Step 3. Anonymous identity of AliceThrough a primary node A 1 Is sent to KGC Root 。
7. The SM9 algorithm and cross-chain technology-based data sharing and privacy protection method according to claim 1, wherein in Step6, KGC A Through a primary node A 1 Obtaining KGC Root Bob and B stored in (1) 2 Is a public keyAnd sending the message to Alice.
8. The method for data sharing and privacy protection based on SM9 algorithm and cross-chain technology as claimed in claim 1, wherein in Step7, bob's anonymous identity generation process is as shown in equation (10), and Bob's anonymous identity public and private key pair is generated in the same way as that of Step 3. KGC B Through a primary node B 1 Obtaining KGC Root Alice and B stored in 2 And sending the public key information to Bob.
9. The SM9 algorithm and cross-chain technology based data sharing and privacy protection method of claim 1, wherein in Step7, a transaction decision intelligence contract is used to generate transaction information only if a primary node A 2 、B 2 And the CSP administrator sets the transaction status to pre-submitted and the transaction decision smart contract will not generate transaction information TX until they have verified the signature submitted.
10. The SM9 algorithm and chain-crossing technology based data sharing and privacy protecting method as claimed in claim 1, wherein in Step9, users in mechanism chain A and mechanism chain B can use main node A 1 、B 1 Synchronized to KGC A 、KGC B Transaction information and primary node A in (1) 2 、B 2 The issued transaction information is compared with the consistency of the verified transaction information, meanwhile, the legality of the transaction can be checked through the signature contained in the verified transaction information, and when the user disputes the transaction information, the transaction which generates the dispute can be traced or blamed by calling the data in each KGC and in the evidence storing chain.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210812867.1A CN115589303B (en) | 2022-07-11 | 2022-07-11 | SM9 algorithm and cross-link technology based data sharing and privacy protection method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210812867.1A CN115589303B (en) | 2022-07-11 | 2022-07-11 | SM9 algorithm and cross-link technology based data sharing and privacy protection method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115589303A true CN115589303A (en) | 2023-01-10 |
CN115589303B CN115589303B (en) | 2024-02-27 |
Family
ID=84771130
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210812867.1A Active CN115589303B (en) | 2022-07-11 | 2022-07-11 | SM9 algorithm and cross-link technology based data sharing and privacy protection method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115589303B (en) |
Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108768607A (en) * | 2018-05-14 | 2018-11-06 | 中钞***产业发展有限公司杭州区块链技术研究院 | A kind of voting method, device, equipment and medium based on block chain |
CN109409884A (en) * | 2018-10-25 | 2019-03-01 | 北京安如山文化科技有限公司 | A kind of block chain secret protection scheme and system based on SM9 algorithm |
CN112261078A (en) * | 2020-09-11 | 2021-01-22 | 山东师范大学 | Block chain-based road rescue privacy protection system and method in fog computing environment |
WO2021120615A1 (en) * | 2019-12-19 | 2021-06-24 | 肖光昱 | Encryption apparatus, encryption system and data encryption method |
CN113468570A (en) * | 2021-07-15 | 2021-10-01 | 湖北央中巨石信息技术有限公司 | Private data sharing method based on intelligent contract |
CN113596777A (en) * | 2021-07-26 | 2021-11-02 | 一汽奔腾轿车有限公司 | Intelligent networking automobile anonymous identity authentication system and method based on block chain |
CN113783836A (en) * | 2021-08-02 | 2021-12-10 | 南京邮电大学 | Internet of things data access control method and system based on block chain and IBE algorithm |
CN113824563A (en) * | 2021-09-07 | 2021-12-21 | 电子科技大学 | Cross-domain identity authentication method based on block chain certificate |
CN114358772A (en) * | 2021-12-22 | 2022-04-15 | 江苏众享金联科技有限公司 | Block chain-based interconnection system |
WO2022089237A1 (en) * | 2020-10-29 | 2022-05-05 | 深圳壹账通智能科技有限公司 | Blockchain-based value verification method and apparatus, computer device and medium |
CN114499883A (en) * | 2022-02-09 | 2022-05-13 | 浪潮云信息技术股份公司 | Cross-organization identity authentication method and system based on block chain and SM9 algorithm |
CN114615095A (en) * | 2022-05-12 | 2022-06-10 | 北京邮电大学 | Block chain cross-chain data processing method, relay chain, application chain and cross-chain network |
CN114629720A (en) * | 2022-04-12 | 2022-06-14 | 浙江工业大学 | Industrial Internet cross-domain authentication method based on block chain and Handle identification |
-
2022
- 2022-07-11 CN CN202210812867.1A patent/CN115589303B/en active Active
Patent Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108768607A (en) * | 2018-05-14 | 2018-11-06 | 中钞***产业发展有限公司杭州区块链技术研究院 | A kind of voting method, device, equipment and medium based on block chain |
CN109409884A (en) * | 2018-10-25 | 2019-03-01 | 北京安如山文化科技有限公司 | A kind of block chain secret protection scheme and system based on SM9 algorithm |
WO2021120615A1 (en) * | 2019-12-19 | 2021-06-24 | 肖光昱 | Encryption apparatus, encryption system and data encryption method |
CN112261078A (en) * | 2020-09-11 | 2021-01-22 | 山东师范大学 | Block chain-based road rescue privacy protection system and method in fog computing environment |
WO2022089237A1 (en) * | 2020-10-29 | 2022-05-05 | 深圳壹账通智能科技有限公司 | Blockchain-based value verification method and apparatus, computer device and medium |
CN113468570A (en) * | 2021-07-15 | 2021-10-01 | 湖北央中巨石信息技术有限公司 | Private data sharing method based on intelligent contract |
CN113596777A (en) * | 2021-07-26 | 2021-11-02 | 一汽奔腾轿车有限公司 | Intelligent networking automobile anonymous identity authentication system and method based on block chain |
CN113783836A (en) * | 2021-08-02 | 2021-12-10 | 南京邮电大学 | Internet of things data access control method and system based on block chain and IBE algorithm |
CN113824563A (en) * | 2021-09-07 | 2021-12-21 | 电子科技大学 | Cross-domain identity authentication method based on block chain certificate |
CN114358772A (en) * | 2021-12-22 | 2022-04-15 | 江苏众享金联科技有限公司 | Block chain-based interconnection system |
CN114499883A (en) * | 2022-02-09 | 2022-05-13 | 浪潮云信息技术股份公司 | Cross-organization identity authentication method and system based on block chain and SM9 algorithm |
CN114629720A (en) * | 2022-04-12 | 2022-06-14 | 浙江工业大学 | Industrial Internet cross-domain authentication method based on block chain and Handle identification |
CN114615095A (en) * | 2022-05-12 | 2022-06-10 | 北京邮电大学 | Block chain cross-chain data processing method, relay chain, application chain and cross-chain network |
Non-Patent Citations (4)
Title |
---|
SHICHANG XUAN, HAIBO XIAO, DAPENG MAN, WEI WANG, AND WU YANG: "A Cross-Domain authentication optimization scheme between heterogeneous IOT application", 《HINDAWI》, 29 September 2021 (2021-09-29) * |
WANG HUAJIE, GAN JIN, FENG YONG, LI YINGNA, FU XIAODONG: "A privacy enhancement scheme based on blockchain and blind signature of Internet of vehicles", 《SPRINGER》, 1 January 2022 (2022-01-01) * |
杨亚涛;蔡居良;张筱薇;袁征;: "基于SM9算法可证明安全的区块链隐私保护方案", 软件学报, no. 06, 27 March 2019 (2019-03-27) * |
马晓婷;马文平;刘小雪;: "基于区块链技术的跨域认证方案", 电子学报, no. 11, 15 November 2018 (2018-11-15) * |
Also Published As
Publication number | Publication date |
---|---|
CN115589303B (en) | 2024-02-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112637278B (en) | Data sharing method and system based on block chain and attribute-based encryption and computer readable storage medium | |
CN109829326B (en) | Cross-domain authentication and fair audit de-duplication cloud storage system based on block chain | |
CN113783836B (en) | Internet of things data access control method and system based on block chain and IBE algorithm | |
Kim et al. | A secure smart-metering protocol over power-line communication | |
CN107733654B (en) | Intelligent equipment firmware updating and official user certificate distribution method based on combined key | |
CN112564903B (en) | Decentering access control method for data security sharing in smart power grid | |
CN1980123A (en) | Realizing method for PKI system based on IBE and key management apparatus | |
WO2023115850A1 (en) | Consortium blockchain consensus identity authentication method | |
CN114036539A (en) | Safety auditable Internet of things data sharing system and method based on block chain | |
CN114710275B (en) | Cross-domain authentication and key negotiation method based on blockchain in Internet of things environment | |
CN116432207B (en) | Power data authority hierarchical management method based on blockchain | |
CN114884698B (en) | Kerberos and IBC security domain cross-domain authentication method based on alliance chain | |
CN113872760A (en) | SM9 key infrastructure and security system | |
CN113434875A (en) | Lightweight access method and system based on block chain | |
CN116340331A (en) | Large instrument experimental result evidence-storing method and system based on blockchain | |
GB2421410A (en) | Generating and Identifier-Based Public / Private key Pair from a Multi-Component Signature | |
Cao et al. | Decentralized group signature scheme based on blockchain | |
Li et al. | A privacy-preserving lightweight energy data sharing scheme based on blockchain for smart grid | |
CN115883102B (en) | Cross-domain identity authentication method and system based on identity credibility and electronic equipment | |
Heng et al. | A strong secure V2I authentication scheme from PKI and accumulator | |
CN115189903B (en) | Distributed access control method supporting privacy protection in Internet of vehicles | |
CN115589303B (en) | SM9 algorithm and cross-link technology based data sharing and privacy protection method | |
CN115001673A (en) | Key processing method, device and system based on unified multi-domain identifier | |
Hassouna et al. | A New Level 3 Trust Hierarchal Certificateless Public Key Cryptography Scheme in the Random Oracle Model. | |
Wang et al. | Identity-based cross-domain authentication by blockchain via pki environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |