CN118214761A - Attribute-based encrypted data sharing method, system and device based on blockchain - Google Patents
Attribute-based encrypted data sharing method, system and device based on blockchain Download PDFInfo
- Publication number
- CN118214761A CN118214761A CN202410450180.7A CN202410450180A CN118214761A CN 118214761 A CN118214761 A CN 118214761A CN 202410450180 A CN202410450180 A CN 202410450180A CN 118214761 A CN118214761 A CN 118214761A
- Authority
- CN
- China
- Prior art keywords
- nodes
- node
- attribute
- level
- blockchain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 89
- 238000011156 evaluation Methods 0.000 claims abstract description 15
- 238000013475 authorization Methods 0.000 claims description 31
- 238000004422 calculation algorithm Methods 0.000 claims description 29
- 230000015654 memory Effects 0.000 claims description 24
- 230000006399 behavior Effects 0.000 claims description 13
- 238000004590 computer program Methods 0.000 claims description 11
- 238000012544 monitoring process Methods 0.000 claims description 9
- 238000004891 communication Methods 0.000 claims description 7
- 238000010276 construction Methods 0.000 claims description 3
- 230000008569 process Effects 0.000 abstract description 16
- 206010061619 Deformity Diseases 0.000 abstract 1
- 238000005516 engineering process Methods 0.000 description 16
- 239000012792 core layer Substances 0.000 description 12
- 230000006870 function Effects 0.000 description 11
- 238000012545 processing Methods 0.000 description 11
- 238000004364 calculation method Methods 0.000 description 10
- 238000013210 evaluation model Methods 0.000 description 9
- 239000010410 layer Substances 0.000 description 5
- 230000007246 mechanism Effects 0.000 description 5
- 238000007726 management method Methods 0.000 description 4
- 239000011159 matrix material Substances 0.000 description 4
- 230000001052 transient effect Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000011084 recovery Methods 0.000 description 3
- 239000013598 vector Substances 0.000 description 3
- 101100233916 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) KAR5 gene Proteins 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 2
- 238000007792 addition Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 101001121408 Homo sapiens L-amino-acid oxidase Proteins 0.000 description 1
- 101000827703 Homo sapiens Polyphosphoinositide phosphatase Proteins 0.000 description 1
- 102100026388 L-amino-acid oxidase Human genes 0.000 description 1
- 102100023591 Polyphosphoinositide phosphatase Human genes 0.000 description 1
- 230000004931 aggregating effect Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000013178 mathematical model Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003362 replicative effect Effects 0.000 description 1
- 238000013068 supply chain management Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Description
技术领域Technical Field
本申请涉及区块链技术领域,尤其涉及基于区块链的属性基加密数据共享方法、系统及装置。The present application relates to the field of blockchain technology, and in particular to a blockchain-based attribute-based encrypted data sharing method, system and device.
背景技术Background Art
属性基数据加密(Attribute-Based Encryption,ABE)是一种灵活的加密技术,它允许加密的数据根据一组属性和策略进行访问控制,而不是基于传统的公钥和私钥对。这种加密方法使得数据的加密和解密操作能够基于用户的属性来执行,从而提供了更为细粒度的访问控制机制。属性基加密技术在数据共享、云存储和细粒度访问控制等领域展现出广泛的应用潜力。它解决了传统加密方法在复杂访问控制需求面前的局限性,使得数据所有者能够更加灵活和精确地控制数据的访问权限。此外,ABE技术还增强了数据的安全性和隐私性,因为即使数据在不安全的环境中被共享或传输,没有相应属性的用户也无法解密该数据。随着数字化信息越来越多地在互联网上共享,属性基加密技术的重要性和应用范围预计将进一步扩大。Attribute-Based Encryption (ABE) is a flexible encryption technique that allows encrypted data to be access-controlled based on a set of attributes and policies, rather than based on traditional public and private key pairs. This encryption method enables data encryption and decryption operations to be performed based on the user's attributes, thereby providing a more fine-grained access control mechanism. Attribute-based encryption technology shows broad application potential in areas such as data sharing, cloud storage, and fine-grained access control. It addresses the limitations of traditional encryption methods in the face of complex access control requirements, allowing data owners to control data access rights more flexibly and accurately. In addition, ABE technology also enhances data security and privacy because even if data is shared or transmitted in an insecure environment, users without the corresponding attributes cannot decrypt the data. As digital information is increasingly shared on the Internet, the importance and application scope of attribute-based encryption technology are expected to expand further.
然而,现有的属性基数据加密方法存在加密过程中单一授权中心权利过大的问题,易导致数据泄露而造成损失,从而无法保证用户共享数据的安全性和隐私性。基于此,亟需设计一种能够保证用户共享数据的安全性和隐私性的属性基数据加密方式。However, the existing attribute-based data encryption method has the problem that a single authorization center has too much power during the encryption process, which can easily lead to data leakage and loss, and thus cannot guarantee the security and privacy of user shared data. Based on this, it is urgent to design an attribute-based data encryption method that can guarantee the security and privacy of user shared data.
发明内容Summary of the invention
鉴于此,本申请实施例提供了基于区块链的属性基加密数据共享方法、系统及装置,以消除或改善现有技术中存在的一个或更多个缺陷。In view of this, the embodiments of the present application provide a blockchain-based attribute-based encrypted data sharing method, system and device to eliminate or improve one or more defects existing in the prior art.
本申请的一个方面提供了一种基于区块链的属性基加密数据共享方法,包括:One aspect of the present application provides an attribute-based encrypted data sharing method based on blockchain, comprising:
基于预设的信任评估规则,自区块链网络当前的各个节点中选择一级节点以组成多授权中心,以基于该多授权中心中的各个所述一级节点、预设在所述区块链网络之外的存储系统和所述区块链网络,实现当前在所述区块链网络中作为数据提供者的节点和作为数据请求者的节点之间的属性基加密数据共享交易;Based on a preset trust evaluation rule, a primary node is selected from each current node of the blockchain network to form a multi-authorization center, so as to implement an attribute-based encrypted data sharing transaction between a node currently serving as a data provider and a node serving as a data requester in the blockchain network based on each of the primary nodes in the multi-authorization center, a storage system preset outside the blockchain network, and the blockchain network;
实时监测各个所述一级节点的交易状态数据和作恶次数,并根据所述交易状态数据更新各个所述一级节点的信任值;Monitor the transaction status data and the number of malicious acts of each of the first-level nodes in real time, and update the trust value of each of the first-level nodes according to the transaction status data;
根据各个所述一级节点的信任值和所述作恶次数,确定各个所述一级节点中是否包含有待降级节点,若是,则将与当前待降级节点数量相同的非一级节点更新为新的一级节点以加入所述多授权中心,并将当前的所述待降级节点自所述多授权中心删除并更新为新的非一级节点。Based on the trust value of each of the first-level nodes and the number of times they have committed evil, determine whether each of the first-level nodes contains nodes to be downgraded. If so, update the same number of non-first-level nodes as the current nodes to be downgraded to new first-level nodes to join the multi-authorization centers, and delete the current nodes to be downgraded from the multi-authorization centers and update them to new non-first-level nodes.
在本申请的一些实施例中,所述基于该多授权中心中的各个所述一级节点、预设在所述区块链网络之外的存储系统和所述区块链网络,实现当前在所述区块链网络中作为数据提供者的节点和作为数据请求者的节点之间的属性基加密数据共享交易,包括:In some embodiments of the present application, based on each of the primary nodes in the multiple authorization centers, a storage system preset outside the blockchain network, and the blockchain network, an attribute-based encrypted data sharing transaction between a node currently serving as a data provider and a node serving as a data requester in the blockchain network is implemented, including:
所述多授权中心中的各个所述一级节点生成并分发公共参数至所述区块链网络中的各个非一级节点;Each of the first-level nodes in the multiple authorization centers generates and distributes public parameters to each non-first-level node in the blockchain network;
当前在所述区块链网络中作为数据提供者的节点基于所述公共参数选择第一随机数和第二随机数来生成加密密钥,根据该加密密钥对目标明文进行加密,再将加密后生成的目标密文存储至区块链网络之外的存储系统,并采用预获取的公钥加密所述第二随机数和所述目标密文的访问路径以形成策略密文,将所述策略密文发布至所述区块链网络,并将所述第一随机数经由安全通道发送至当前在所述区块链网络中作为数据请求者的节点;The node currently serving as a data provider in the blockchain network selects a first random number and a second random number based on the public parameters to generate an encryption key, encrypts the target plaintext according to the encryption key, stores the encrypted target ciphertext in a storage system outside the blockchain network, and uses a pre-acquired public key to encrypt the second random number and the access path of the target ciphertext to form a policy ciphertext, publishes the policy ciphertext to the blockchain network, and sends the first random number to the node currently serving as a data requester in the blockchain network via a secure channel;
当前在所述区块链网络中作为数据请求者的节点将自身的属性集合发送至所述多授权中心;The node currently acting as a data requester in the blockchain network sends its own attribute set to the multi-authorization center;
所述多授权中心的各个所述一级节点采用属性基加密算法生成针对所述作为数据请求者的节点的私钥构件,并将该私钥构件和所述策略密文发送至所述作为数据请求者的节点;Each of the first-level nodes of the multiple authorization centers generates a private key component for the node as the data requester using an attribute-based encryption algorithm, and sends the private key component and the policy ciphertext to the node as the data requester;
所述作为数据请求者的节点根据所述私钥构件生成与所述公钥匹配的私钥,并基于该私钥对所述策略密文解密以得到所述第二随机数和所述目标密文的访问路径,而后基于所述目标密文的访问路径自所述存储系统调取所述目标密文,并基于所述第一随机数和所述第二随机数获取所述加密密钥,采用该加密密钥对所述目标密文解密以获取所述目标明文。The node serving as the data requester generates a private key matching the public key based on the private key component, and decrypts the policy ciphertext based on the private key to obtain the second random number and the access path to the target ciphertext, and then retrieves the target ciphertext from the storage system based on the access path to the target ciphertext, and obtains the encryption key based on the first random number and the second random number, and uses the encryption key to decrypt the target ciphertext to obtain the target plaintext.
在本申请的一些实施例中,所述基于预设的信任评估规则,自区块链网络当前的各个节点中选择一级节点以组成多授权中心,包括:In some embodiments of the present application, the method of selecting a primary node from each current node of the blockchain network to form a multi-authorization center based on a preset trust evaluation rule includes:
根据区块链网络当前的各个节点加入该区块链网络的先后顺序对各个所述节点进行编号;Numbering each node in the blockchain network according to the order in which each node currently joins the blockchain network;
自各个所述节点的编号由小至大的顺序,选取预设数量的所述节点作为当前的一级节点;Selecting a preset number of nodes as current first-level nodes from the order of the numbers of the nodes from small to large;
为一级节点和非一级节点分别设置不同的初始全局信任值,以作为各个所述一级节点和各个所述非一级节点当前各自的信任值。Different initial global trust values are set for the first-level nodes and non-first-level nodes respectively, so as to serve as the current trust values of each of the first-level nodes and each of the non-first-level nodes.
在本申请的一些实施例中,所述实时监测各个所述一级节点的交易状态数据和作恶次数,并根据所述交易状态数据更新各个所述一级节点的信任值,包括:In some embodiments of the present application, the real-time monitoring of the transaction status data and the number of malicious acts of each of the first-level nodes, and updating the trust value of each of the first-level nodes according to the transaction status data, includes:
实时监测各个所述一级节点的交易状态数据,所述交易状态数据包括:交易成功状态或交易失败状态;Real-time monitoring of transaction status data of each of the first-level nodes, wherein the transaction status data includes: transaction success status or transaction failure status;
以及,实时监测各个所述一级节点是否存在满足预设的作恶判断规则的作恶行为并记录对应的作恶次数;And, real-time monitoring of each of the first-level nodes to see whether there is any malicious behavior that meets the preset malicious judgment rules and recording the corresponding number of malicious behaviors;
计算发生属性基加密数据共享交易的一级节点当前的时间衰减因子,并根据该一级节点的时间衰减因子以及交易状态数据计算该一级节点当前的标准化信任值,并基于该标准化信任值更新该一级节点当前的所述信任值。Calculate the current time decay factor of the first-level node where the attribute-based encrypted data sharing transaction occurs, calculate the current standardized trust value of the first-level node based on the time decay factor of the first-level node and the transaction status data, and update the current trust value of the first-level node based on the standardized trust value.
在本申请的一些实施例中,所述根据各个所述一级节点的信任值和所述作恶次数,确定各个所述一级节点中是否包含有待降级节点,若是,则将与当前待降级节点数量相同的非一级节点更新为新的一级节点以加入所述多授权中心,并将当前的所述待降级节点自所述多授权中心删除并更新为新的非一级节点,包括:In some embodiments of the present application, the step of determining whether each of the first-level nodes includes nodes to be downgraded according to the trust value of each of the first-level nodes and the number of times the nodes have committed evil, and if so, updating the same number of non-first-level nodes as the current nodes to be downgraded to new first-level nodes to join the multiple authorization centers, and deleting the current nodes to be downgraded from the multiple authorization centers and updating them to new non-first-level nodes includes:
在当前的各个所述一级节点中,判断是否存在当前的所述作恶次数大于预设的次数阈值和/或基于所述标准化信任值更新后的信任值小于预设的信任阈值的任意一级节点,若是,则将该一级节点确定为当前的待降级节点;Among the current first-level nodes, determine whether there is any first-level node whose current number of malicious acts is greater than a preset number threshold and/or whose trust value updated based on the standardized trust value is less than a preset trust threshold. If so, determine the first-level node as the current node to be downgraded;
按照当前的各个所述非一级节点各自的信任值从大到小的顺序,选取与当前的所述待降级节点数量相同的所述非一级节点并更新为新的一级节点,以加入所述多授权中心,并将当前的所述待降级节点自所述多授权中心删除并更新为新的非一级节点。According to the order of the trust values of the current non-first-level nodes from large to small, the non-first-level nodes with the same number as the current nodes to be downgraded are selected and updated to new first-level nodes to join the multi-authorization center, and the current nodes to be downgraded are deleted from the multi-authorization center and updated to new non-first-level nodes.
在本申请的一些实施例中,在所述按照当前的各个所述非一级节点各自的信任值从大到小的顺序之前,还包括:In some embodiments of the present application, before the order of the trust values of the current non-primary nodes from large to small, the method further includes:
若接收到针对当前任一所述一级节点退出所述区块链网络的消息,则将该一级节点确定为当前的待降级节点。If a message is received for any current primary node to exit the blockchain network, the primary node is determined as the current node to be downgraded.
本申请的另一个方面提供了一种基于区块链的属性基加密数据共享装置,包括:Another aspect of the present application provides an attribute-based encrypted data sharing device based on blockchain, comprising:
初始构建模块,用于基于预设的信任评估规则,自区块链网络当前的各个节点中选择一级节点以组成多授权中心,以基于该多授权中心中的各个所述一级节点、预设在所述区块链网络之外的存储系统和所述区块链网络,实现当前在所述区块链网络中作为数据提供者的节点和作为数据请求者的节点之间的属性基加密数据共享交易;An initial construction module, for selecting a primary node from each current node of the blockchain network to form a multi-authorization center based on a preset trust evaluation rule, so as to implement an attribute-based encrypted data sharing transaction between a node currently serving as a data provider and a node serving as a data requester in the blockchain network based on each of the primary nodes in the multi-authorization center, a storage system preset outside the blockchain network, and the blockchain network;
状态监测模块,用于实时监测各个所述一级节点的交易状态数据和作恶次数,并根据所述交易状态数据更新各个所述一级节点的信任值;A status monitoring module, used to monitor the transaction status data and the number of malicious acts of each of the first-level nodes in real time, and update the trust value of each of the first-level nodes according to the transaction status data;
成员更新模块,用于根据各个所述一级节点的信任值和所述作恶次数,确定各个所述一级节点中是否包含有待降级节点,若是,则将与当前待降级节点数量相同的非一级节点更新为新的一级节点以加入所述多授权中心,并将当前的所述待降级节点自所述多授权中心删除并更新为新的非一级节点。The member update module is used to determine whether each of the first-level nodes contains nodes to be downgraded based on the trust value of each of the first-level nodes and the number of times the nodes have committed evil deeds. If so, the non-first-level nodes with the same number as the current nodes to be downgraded will be updated to new first-level nodes to join the multiple authorization centers, and the current nodes to be downgraded will be deleted from the multiple authorization centers and updated to new non-first-level nodes.
本申请的第三个方面提供了一种电子设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现所述的基于区块链的属性基加密数据共享方法。The third aspect of the present application provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the blockchain-based attribute-based encrypted data sharing method when executing the computer program.
本申请的第四个方面提供了一种计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现所述的基于区块链的属性基加密数据共享方法。The fourth aspect of the present application provides a computer-readable storage medium having a computer program stored thereon, which, when executed by a processor, implements the blockchain-based attribute-based encrypted data sharing method.
本申请的第五个方面提供了一种属性基加密数据共享系统,包括:构成区块链网络的各个节点、由各个所述节点中选取的一级节点构成的多授权中心以及设置在所述区块链网络外部的存储系统;各个所述节点分别与所述存储系统之间通信连接;The fifth aspect of the present application provides an attribute-based encrypted data sharing system, comprising: nodes constituting a blockchain network, a multi-authorization center consisting of primary nodes selected from each of the nodes, and a storage system arranged outside the blockchain network; each of the nodes is respectively connected to the storage system for communication;
所述多授权中心基于一基于区块链的属性基加密数据共享装置构建并进行一级节点的更新,所述基于区块链的属性基加密数据共享装置用于所述的基于区块链的属性基加密数据共享方法;The multi-authorization center is constructed based on a blockchain-based attribute-based encrypted data sharing device and updates the primary node. The blockchain-based attribute-based encrypted data sharing device is used for the blockchain-based attribute-based encrypted data sharing method;
其中,各个一级节点与所述区块链网络中除所述一级节点之外的非一级节点的交易身份均包括:数据提供者的节点和数据请求者。Among them, the transaction identities of each first-level node and non-first-level nodes in the blockchain network except the first-level node include: the node of the data provider and the data requester.
本申请的第六个方面提供了一种计算机程序产品,包括计算机程序,该计算机程序被处理器执行时实现所述的基于区块链的属性基加密数据共享方法。The sixth aspect of the present application provides a computer program product, including a computer program, which, when executed by a processor, implements the blockchain-based attribute-based encrypted data sharing method.
本申请提供的基于区块链的属性基加密数据共享方法,基于预设的信任评估规则,自区块链网络当前的各个节点中选择一级节点以组成多授权中心,以基于该多授权中心中的各个所述一级节点、预设在所述区块链网络之外的存储系统和所述区块链网络,实现当前在所述区块链网络中作为数据提供者的节点和作为数据请求者的节点之间的属性基加密数据共享交易;实时监测各个所述一级节点的交易状态数据和作恶次数,并根据所述交易状态数据更新各个所述一级节点的信任值;根据各个所述一级节点的信任值和所述作恶次数,确定各个所述一级节点中是否包含有待降级节点,若是,则将与当前待降级节点数量相同的非一级节点更新为新的一级节点以加入所述多授权中心,并将当前的所述待降级节点自所述多授权中心删除并更新为新的非一级节点,能够避免单一授权中心而导致的数据易泄露的问题,能够保证属性基加密数据的安全性及隐私性,进而能够提高属性基加密数据共享过程的可靠性及安全性。The blockchain-based attribute-based encrypted data sharing method provided by the present application selects a first-level node from each current node of the blockchain network to form a multi-authorization center based on a preset trust evaluation rule, so as to realize the attribute-based encrypted data sharing transaction between the node currently serving as a data provider and the node serving as a data requester in the blockchain network based on each of the first-level nodes in the multi-authorization center, a storage system preset outside the blockchain network, and the blockchain network; monitors the transaction status data and the number of malicious acts of each of the first-level nodes in real time, and updates the trust value of each of the first-level nodes according to the transaction status data; determines whether each of the first-level nodes contains nodes to be downgraded according to the trust value and the number of malicious acts of each of the first-level nodes, and if so, updates the non-first-level nodes with the same number as the current nodes to be downgraded to new first-level nodes to join the multi-authorization center, and deletes the current nodes to be downgraded from the multi-authorization center and updates them to new non-first-level nodes, which can avoid the problem of easy data leakage caused by a single authorization center, can ensure the security and privacy of attribute-based encrypted data, and thus can improve the reliability and security of the attribute-based encrypted data sharing process.
本申请的附加优点、目的,以及特征将在下面的描述中将部分地加以阐述,且将对于本领域普通技术人员在研究下文后部分地变得明显,或者可以根据本申请的实践而获知。本申请的目的和其它优点可以通过在说明书以及附图中具体指出的结构实现到并获得。Additional advantages, purposes, and features of the present application will be partially described in the following description, and will become partially apparent to those skilled in the art after studying the following, or may be learned from the practice of the present application. The purposes and other advantages of the present application can be achieved and obtained by the structures specifically pointed out in the specification and the drawings.
本领域技术人员将会理解的是,能够用本申请实现的目的和优点不限于以上具体所述,并且根据以下详细说明将更清楚地理解本申请能够实现的上述和其他目的。Those skilled in the art will understand that the purposes and advantages that can be achieved by the present application are not limited to the above specific description, and the above and other purposes that can be achieved by the present application will be more clearly understood based on the following detailed description.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
此处所说明的附图用来提供对本申请的进一步理解,构成本申请的一部分,并不构成对本申请的限定。附图中的部件不是成比例绘制的,而只是为了示出本申请的原理。为了便于示出和描述本申请的一些部分,附图中对应部分可能被放大,即,相对于依据本申请实际制造的示例性装置中的其它部件可能变得更大。在附图中:The drawings described herein are used to provide a further understanding of the present application, constitute a part of the present application, and do not constitute a limitation of the present application. The components in the drawings are not drawn to scale, but are only for the purpose of illustrating the principles of the present application. In order to facilitate the illustration and description of some parts of the present application, the corresponding parts in the drawings may be enlarged, that is, they may become larger relative to other components in the exemplary device actually manufactured according to the present application. In the drawings:
图1为本申请一实施例中的基于区块链的属性基加密数据共享方法的第一种流程示意图。FIG1 is a schematic diagram of a first flow chart of a blockchain-based attribute-based encrypted data sharing method in one embodiment of the present application.
图2为本申请一举例中的属性基加密数据共享的交互示意图。FIG. 2 is an interactive diagram of attribute-based encrypted data sharing in an example of the present application.
图3为本申请一实施例中的基于区块链的属性基加密数据共享方法的第二种流程示意图。FIG3 is a second flow chart of the attribute-based encrypted data sharing method based on blockchain in one embodiment of the present application.
图4为本申请一实施例中的基于区块链的属性基加密数据共享装置的结构示意图。FIG4 is a schematic diagram of the structure of an attribute-based encrypted data sharing device based on blockchain in one embodiment of the present application.
图5为本申请一应用实例中的基于区块链的信任评估模型算法的流程示意图。FIG5 is a flow chart of a trust assessment model algorithm based on blockchain in an application example of the present application.
具体实施方式DETAILED DESCRIPTION
为使本申请的目的、技术方案和优点更加清楚明白,下面结合实施方式和附图,对本申请做进一步详细说明。在此,本申请的示意性实施方式及其说明用于解释本申请,但并不作为对本申请的限定。In order to make the purpose, technical solution and advantages of the present application more clearly understood, the present application is further described in detail below in conjunction with the implementation modes and the accompanying drawings. Here, the illustrative implementation modes and descriptions of the present application are used to explain the present application, but are not intended to limit the present application.
在此,还需要说明的是,为了避免因不必要的细节而模糊了本申请,在附图中仅仅示出了与根据本申请的方案密切相关的结构和/或处理步骤,而省略了与本申请关系不大的其他细节。It should also be noted here that in order to avoid obscuring the present application due to unnecessary details, only the structures and/or processing steps closely related to the scheme according to the present application are shown in the accompanying drawings, while other details that are not very relevant to the present application are omitted.
应该强调,术语“包括/包含”在本文使用时指特征、要素、步骤或组件的存在,但并不排除一个或更多个其它特征、要素、步骤或组件的存在或附加。It should be emphasized that the term “include/comprises” when used herein refers to the presence of features, elements, steps or components, but does not exclude the presence or addition of one or more other features, elements, steps or components.
在此,还需要说明的是,如果没有特殊说明,术语“连接”在本文不仅可以指直接连接,也可以表示存在中间物的间接连接。It should also be noted that, unless otherwise specified, the term “connection” herein may refer not only to a direct connection but also to an indirect connection with an intermediate.
在下文中,将参考附图描述本申请的实施例。在附图中,相同的附图标记代表相同或类似的部件,或者相同或类似的步骤。Hereinafter, embodiments of the present application will be described with reference to the accompanying drawings. In the accompanying drawings, the same reference numerals represent the same or similar components, or the same or similar steps.
为了保证属性基加密数据的安全性及隐私性,本申请实施例分别提供一种基于区块链的属性基加密数据共享方法、用于执行该基于区块链的属性基加密数据共享方法的基于区块链的属性基加密数据共享装置、实体设备和计算机可读存储介质等,能够防止由于单一授权中心由于权利过大,导致数据泄露造成损失,从而保护数据的安全。In order to ensure the security and privacy of attribute-based encrypted data, the embodiments of the present application respectively provide a blockchain-based attribute-based encrypted data sharing method, a blockchain-based attribute-based encrypted data sharing device for executing the blockchain-based attribute-based encrypted data sharing method, a physical device and a computer-readable storage medium, etc., which can prevent losses caused by data leakage due to excessive power of a single authorization center, thereby protecting data security.
具体通过下述实施例进行详细说明。The details are described in detail through the following examples.
基于此,本申请实施例提供一种可由基于区块链的属性基加密数据共享装置实现的基于区块链的属性基加密数据共享方法,参见图1,所述基于区块链的属性基加密数据共享方法具体包含有如下内容:Based on this, the embodiment of the present application provides a blockchain-based attribute-based encrypted data sharing method that can be implemented by a blockchain-based attribute-based encrypted data sharing device. Referring to FIG. 1 , the blockchain-based attribute-based encrypted data sharing method specifically includes the following contents:
步骤100:基于预设的信任评估规则,自区块链网络当前的各个节点中选择一级节点以组成多授权中心,以基于该多授权中心中的各个所述一级节点、预设在所述区块链网络之外的存储系统和所述区块链网络,实现当前在所述区块链网络中作为数据提供者的节点和作为数据请求者的节点之间的属性基加密数据共享交易。Step 100: Based on a preset trust evaluation rule, a first-level node is selected from each current node of the blockchain network to form a multi-authorization center, so as to implement attribute-based encrypted data sharing transactions between nodes currently serving as data providers and nodes serving as data requesters in the blockchain network based on each of the first-level nodes in the multi-authorization center, a storage system preset outside the blockchain network, and the blockchain network.
在本申请的一个或多个实施例中,所述区块链网络中未被指定为一级节点的其他节点可以被称为非一级节点或者二级节点等。具体可以根据节点分级需求将所有节点分成两个层级或更多层级。In one or more embodiments of the present application, other nodes in the blockchain network that are not designated as primary nodes may be referred to as non-primary nodes or secondary nodes, etc. Specifically, all nodes may be divided into two or more levels according to node classification requirements.
可以理解的是,区块链技术是一种创新的分布式账本技术,以其独特的去中心化特性、不可篡改的数据记录以及高度的透明性和安全性而闻名。本质上,区块链通过在网络的多个节点上复制和存储数据,形成了一系列通过加密方式相互连接的数据块,每个数据块都包含一定数量的交易记录,并且一旦加入到链中,这些记录就无法被更改或删除。区块链技术已经扩展到金融服务、供应链管理、医疗保健、管理等多个领域,为这些领域带来了透明度、效率和信任度的提升。通过确保数据的完整性和可靠性,区块链技术为解决诸如交易安全性、数据篡改和中介信任等问题提供了独特的解决方案。随着技术的不断成熟和应用案例的增多,区块链正逐步被公认为一种能够深刻改变多个行业生态的技术。Understandably, blockchain technology is an innovative distributed ledger technology known for its unique decentralized characteristics, unalterable data records, and high transparency and security. In essence, blockchain forms a series of cryptographically connected data blocks by replicating and storing data on multiple nodes of the network. Each data block contains a certain number of transaction records, and once added to the chain, these records cannot be changed or deleted. Blockchain technology has expanded to many fields such as financial services, supply chain management, healthcare, and management, bringing transparency, efficiency, and trust to these fields. By ensuring the integrity and reliability of data, blockchain technology provides a unique solution to problems such as transaction security, data tampering, and intermediary trust. With the continuous maturity of technology and the increase in application cases, blockchain is gradually being recognized as a technology that can profoundly change the ecology of multiple industries.
在本申请的一个举例中,信任评估规则具体可以采用信任评估模型,信任评价模型首先被用于P2P网络中,计算范围分为两种计算,即全局信任计算(Eigen Trust)和局部信任计算(Peer Trust)。Eigen Trust算法通过聚合网络中所有用户的信任评分来计算每个用户的全局信任值。Eigen Trust利用复杂的数学模型,如特征向量和迭代计算,来确保网络中的交互尽可能地安全和可信。它通过减少恶意用户的影响并提高良好行为用户的可见性,来提升整个网络的信任度。Peer Trust算法则着重于在线交易环境,特别是考虑交易反馈、交易数量和交易质量等因素,以增强在线交易平台的信任管理。Peer Trust通过评估用户的历史行为和其他用户对其的反馈,来计算信任值。这种方法使得算法能够动态适应用户行为的变化,为电子市场中的买卖双方提供了一种可靠的信任评估机制。In an example of the present application, the trust evaluation rule can specifically adopt a trust evaluation model. The trust evaluation model is first used in a P2P network, and the calculation scope is divided into two types of calculations, namely global trust calculation (Eigen Trust) and local trust calculation (Peer Trust). The Eigen Trust algorithm calculates the global trust value of each user by aggregating the trust scores of all users in the network. Eigen Trust uses complex mathematical models, such as eigen vectors and iterative calculations, to ensure that interactions in the network are as safe and reliable as possible. It improves the trust of the entire network by reducing the impact of malicious users and increasing the visibility of well-behaved users. The Peer Trust algorithm focuses on the online trading environment, especially considering factors such as transaction feedback, transaction quantity and transaction quality to enhance the trust management of online trading platforms. Peer Trust calculates trust values by evaluating the user's historical behavior and other users' feedback on it. This method enables the algorithm to dynamically adapt to changes in user behavior and provides a reliable trust evaluation mechanism for buyers and sellers in the electronic market.
步骤200:实时监测各个所述一级节点的交易状态数据和作恶次数,并根据所述交易状态数据更新各个所述一级节点的信任值。Step 200: Monitor the transaction status data and the number of malicious behaviors of each of the first-level nodes in real time, and update the trust value of each of the first-level nodes according to the transaction status data.
需要说明的是,判断节点是否出现作恶行为的依据可以为:分析节点发起的交易,查看是否有异常或恶意的模式,比如如下行为:It should be noted that the basis for judging whether a node has committed malicious behavior can be: analyzing the transactions initiated by the node to see if there are abnormal or malicious patterns, such as the following behaviors:
(1)频繁发送无效交易,监测单个节点在短时间内发送的无效交易数量。频繁发送这类交易可判定为试图干扰网络或消耗其他节点资源的行为。(1) Frequent sending of invalid transactions: monitor the number of invalid transactions sent by a single node in a short period of time. Frequent sending of such transactions can be considered as an attempt to interfere with the network or consume other node resources.
(2)格式错误或是未能满足网络规则(如签名无效、nonce值不正确等)的交易都可认为是无效交易;(2) Transactions with incorrect formats or that fail to meet network rules (such as invalid signatures, incorrect nonce values, etc.) are considered invalid transactions;
(3)尝试双重支付的节点,该行为是指尝试将同一笔代币或数字货币同时支付给两个或更多的接收者,以欺骗交易接收方;(3) Nodes attempting double spending, which is an attempt to pay the same token or digital currency to two or more recipients at the same time in order to deceive the recipient of the transaction;
(4)交易速率异常的节点,特别是那些在网络不忙碌时仍持续高速发起交易的节点,可以视为意图进行DDoS攻击。(4) Nodes with abnormal transaction rates, especially those that continue to initiate transactions at high speeds when the network is not busy, can be considered to be attempting to carry out DDoS attacks.
步骤300:根据各个所述一级节点的信任值和所述作恶次数,确定各个所述一级节点中是否包含有待降级节点,若是,则将与当前待降级节点数量相同的非一级节点更新为新的一级节点以加入所述多授权中心,并将当前的所述待降级节点自所述多授权中心删除并更新为新的非一级节点。Step 300: Determine whether each of the first-level nodes contains nodes to be downgraded based on the trust value of each of the first-level nodes and the number of times the nodes have committed evil deeds. If so, update the same number of non-first-level nodes as the current number of nodes to be downgraded to new first-level nodes to join the multi-authorization center, and delete the current nodes to be downgraded from the multi-authorization center and update them to new non-first-level nodes.
从上述描述可知,本申请实施例提供的基于区块链的属性基加密数据共享方法,能够解决属性基加密过程中单一授权中心权利过大的问题,本申请通过采用区块链技术和信任评估模型,选取并构建多授权中心,用以实现属性基加密过程中生成公共参数和为用户生成对应私钥的功能。防止由于单一授权中心由于权利过大,导致数据泄露造成损失,从而保护数据的安全。解决在数据共享的场景下,数据从数据提供者到数据消费者的数据共享问题,本申请在上述多授权中心的属性基加密的基础上,提出数据共享方案,本申请支持细粒度的数据控制和权限管理,数据提供者可根据需要定义数据使用条件,而数据消费者必须满足这些条件才能获得解密和访问权限,有效保护数据安全共享。From the above description, it can be seen that the blockchain-based attribute-based encrypted data sharing method provided by the embodiment of the present application can solve the problem of excessive power of a single authorization center in the attribute-based encryption process. The present application selects and constructs multiple authorization centers by adopting blockchain technology and a trust assessment model to realize the function of generating public parameters and generating corresponding private keys for users in the attribute-based encryption process. Prevent data leakage and losses due to excessive power of a single authorization center, thereby protecting data security. In order to solve the problem of data sharing from data providers to data consumers in the data sharing scenario, the present application proposes a data sharing solution based on the attribute-based encryption of the above-mentioned multiple authorization centers. The present application supports fine-grained data control and authority management. Data providers can define data usage conditions as needed, and data consumers must meet these conditions to obtain decryption and access rights, effectively protecting data security sharing.
为了进一步提高属性基加密数据共享交易过程的有效性及安全性,在本申请实施例提供的一种基于区块链的属性基加密数据共享方法中,参见图2,以存储系统为IPFS存储系统为例,所述步骤100中提及的所述基于该多授权中心中的各个所述一级节点、预设在所述区块链网络之外的存储系统和所述区块链网络,实现当前在所述区块链网络中作为数据提供者的节点和作为数据请求者的节点之间的属性基加密数据共享交易,具体包含有如下内容:In order to further improve the effectiveness and security of the attribute-based encrypted data sharing transaction process, in an attribute-based encrypted data sharing method based on blockchain provided in an embodiment of the present application, referring to FIG. 2, taking the storage system as an IPFS storage system as an example, the said first-level nodes in the multi-authorization center, the storage system preset outside the said blockchain network and the said blockchain network mentioned in the said step 100, realize the attribute-based encrypted data sharing transaction between the node currently serving as the data provider and the node serving as the data requester in the said blockchain network, specifically including the following contents:
(1)所述多授权中心中的各个所述一级节点生成并分发公共参数至所述区块链网络中的各个非一级节点。(1) Each of the first-level nodes in the multiple authorization centers generates and distributes public parameters to each non-first-level node in the blockchain network.
具体来说,多授权中心的初始化操作,输入安全参数,然后输出公共参数GP和用户标识uid和多授权中心的aid。Specifically, the initialization operation of the multi-authorization center inputs security parameters and then outputs public parameters GP and user identifier uid and aid of the multi-authorization center.
GlobalSetup(λ)→(GP,aid,uid)GlobalSetup(λ)→(GP,aid,uid)
其中,GlobalSetup(λ)表示全局参数初始化。Among them, GlobalSetup(λ) represents global parameter initialization.
该算法由一级节点(即多授权中心AA)执行,输入公共参数GP,权限机构标识符aid,然后输出主密钥MSKaid和公钥PKaid:The algorithm is executed by the first-level node (i.e., the multi-authorization center AA), inputs the public parameter GP, the authority identifier aid, and then outputs the master key MSK aid and the public key PK aid :
AuthSetup(GP,aid)→(MSKaid,PKaid)AuthSetup(GP,aid)→(MSK aid ,PK aid )
其中,AuthSetup(GP,aid)表示授权中心初始化。Among them, AuthSetup(GP,aid) indicates the initialization of the authorization center.
生成加密密钥,数据提供者随机选择K1和K2,K1和K2经SHA256算法得到加密密钥K。Generate encryption key. The data provider randomly selects K1 and K2. K1 and K2 are processed by SHA256 algorithm to obtain encryption key K.
KEncrypt(K1,K2)→(K)KEncrypt(K 1 ,K 2 )→(K)
其中,KEncrypt(K1,K2)表示密钥生成。Here, KEncrypt (K 1 , K 2 ) represents key generation.
(2)当前在所述区块链网络中作为数据提供者的节点基于所述公共参数选择第一随机数K1和第二随机数K2来生成加密密钥K,根据该加密密钥K对目标明文mes进行加密,再将加密后生成的目标密文CT存储至区块链网络之外的存储系统,并采用预获取的公钥PK加密所述第二随机数K2和所述目标密文CT的访问路径以形成策略密文Cw(K2,L),将所述策略密文Cw(K2,L)发布至所述区块链网络,并将所述第一随机数K1经由安全通道发送至当前在所述区块链网络中作为数据请求者的节点。(2) The node currently serving as a data provider in the blockchain network selects a first random number K1 and a second random number K2 based on the public parameters to generate an encryption key K, encrypts the target plaintext mes according to the encryption key K, and then stores the encrypted target ciphertext CT in a storage system outside the blockchain network, and uses the pre-acquired public key PK to encrypt the second random number K2 and the access path of the target ciphertext CT to form a policy ciphertext C w (K 2 ,L), publishes the policy ciphertext C w (K 2 ,L) to the blockchain network, and sends the first random number K1 to the node currently serving as a data requester in the blockchain network via a secure channel.
具体来说,数据提供者DO将要共享的数据M进行对称加密,并将得到的密文CT上传至IPFS获得对应的路径,并对密钥K进行属性基加密的加密算法。具体步骤如下:Specifically, the data provider DO symmetrically encrypts the data M to be shared, uploads the obtained ciphertext CT to IPFS to obtain the corresponding path, and performs attribute-based encryption on the key K. The specific steps are as follows:
A.数据提供者DO输入数据明文mes和密钥K2最后输出密文,并将密文CT上传至IPFS,最终获得路径L。A. The data provider DO inputs the data plaintext mes and the key K2 and finally outputs the ciphertext, and uploads the ciphertext CT to IPFS, and finally obtains the path L.
MesEncrypt(M,K2)→(CT)MesEncrypt(M,K 2 )→(CT)
其中,MesEncrypt(M,K2)表示数据加密阶段。Wherein, MesEncrypt(M,K 2 ) represents the data encryption stage.
B.数据提供者DO输入密钥K2,路径L,公共参数GP、公钥PK、访问矩阵(M,p)、消息m,最后输出策略密文Cw(K2,L),最终将密文标识M_ID,数据提供者表示uid,和策略密文Cw(K2,L)发布到区块链上,区块链网络收到请求并且出发智能合约StoreCont进行响应。B. The data provider DO inputs the key K2, path L, public parameters GP, public key PK, access matrix (M, p), message m, and finally outputs the policy ciphertext Cw(K2, L). Finally, the ciphertext identifier M_ID, the data provider representation uid, and the policy ciphertext Cw(K2, L) are published to the blockchain. The blockchain network receives the request and triggers the smart contract StoreCont to respond.
OwnerEncrypt(GP,PK,w,L,K2)→(Cw(K2,L))OwnerEncrypt(GP,PK,w,L,K 2 )→(C w (K 2 ,L))
其中,OwnerEncrypt(GP,PK,w,L,K2)表示属性基加密阶段。Among them, OwnerEncrypt(GP,PK,w,L,K 2 ) represents the attribute-based encryption stage.
在智能合约StoreCont中,如表1所示,第1行用于配置区块链,第2行记录当前交易时间,第3行用于存储交易记录,最后第4行返回交易D。In the smart contract StoreCont, as shown in Table 1, line 1 is used to configure the blockchain, line 2 records the current transaction time, line 3 is used to store transaction records, and finally line 4 returns transaction D.
表1Table 1
数据提供者通过SSL安全信道与数据请求者建立联系,通过该安全通道将K1发送给数据请求者。The data provider establishes a connection with the data requester through an SSL secure channel and sends K1 to the data requester through the secure channel.
SslPart(K1)SslPart(K 1 )
(3)当前在所述区块链网络中作为数据请求者的节点将自身的属性集合发送至所述多授权中心。(3) The node currently acting as a data requester in the blockchain network sends its own attribute set to the multi-authorization center.
(4)所述多授权中心的各个所述一级节点采用属性基加密算法生成针对所述作为数据请求者的节点的私钥构件SKi,并将该私钥构件SKi和所述策略密文Cw(K2,L)发送至所述作为数据请求者的节点。(4) Each of the primary nodes of the multiple authorization centers generates a private key component SK i for the node serving as the data requester using an attribute-based encryption algorithm, and sends the private key component SK i and the policy ciphertext C w (K 2 , L) to the node serving as the data requester.
该阶段数据请求者向多授权中心发送访问请求,并且包含数据请求者的属性集合,多授权中心收到请求后触发智能合约,并为数据请求者生成对应的私钥构件。具体步骤如下:In this stage, the data requester sends an access request to the multi-authorization center, which contains the data requester's attribute set. After receiving the request, the multi-authorization center triggers the smart contract and generates the corresponding private key component for the data requester. The specific steps are as follows:
输入公钥PK、私钥MK、数据请求者的属性集合s,运行属性基加密算法的KeyGen密钥生成算法,其中利用分布式密钥生成技术生成私钥构件,t为DKG恢复密钥的门限数,这样可以抵御t-1个节点的恶意攻击,保护用户密钥的安全并且将Cw(K2,L)发送给数据请求者。Input the public key PK, private key MK, and attribute set s of the data requester, and run the KeyGen key generation algorithm of the attribute-based encryption algorithm, in which the private key component is generated using the distributed key generation technology. t is the threshold number of DKG recovery keys, which can resist malicious attacks from t-1 nodes, protect the security of user keys, and send C w (K 2 ,L) to the data requester.
UserKeyGen(PL,MK,s,t)→(SKi)UserKeyGen(PL,MK,s,t)→(SK i )
其中,UserKeyGen(PK,MK,s,t)表示用户密钥生成。Among them, UserKeyGen(PK,MK,s,t) represents user key generation.
(5)所述作为数据请求者的节点根据所述私钥构件SKi生成与所述公钥PK匹配的私钥SK,并基于该私钥SK对所述策略密文解密以得到所述第二随机数K2和所述目标密文CT的访问路径,而后基于所述目标密文CT的访问路径自所述存储系统调取所述目标密文CT,并基于所述第一随机数K1和所述第二随机数K2获取所述加密密钥K,采用该加密密钥K对所述目标密文CT解密以获取所述目标明文mes。(5) The node as the data requester generates a private key SK matching the public key PK based on the private key component SK i , and decrypts the policy ciphertext based on the private key SK to obtain the second random number K2 and the access path of the target ciphertext CT, and then retrieves the target ciphertext CT from the storage system based on the access path of the target ciphertext CT, and obtains the encryption key K based on the first random number K1 and the second random number K2, and uses the encryption key K to decrypt the target ciphertext CT to obtain the target plaintext mes.
具体来说,先输入私钥构件SKi,密文Cw(K2,L)和公钥PK,数据请求者将获取到的SKi通过调用Lagrange多项式差值公式来恢复私钥SK,并调用Decrypt解密算法对Cw(K2,L)进行解密,最终输出明文的K2和L。Specifically, first input the private key component SKi, the ciphertext Cw ( K2 , L) and the public key PK. The data requester will recover the private key SK by calling the Lagrange polynomial difference formula with the obtained SKi , and call the Decrypt decryption algorithm to decrypt Cw ( K2 , L), and finally output the plaintext K2 and L.
UserDecrypt(PK,SKi,Cw(K2,L))→(SK,K2,L)UserDecrypt(PK,SK i ,C w (K 2 ,L))→(SK,K 2 ,L)
其中,UserDecrypt(PK,SKi,Cw(K2,L))表示属性基加密阶段。Among them, UserDecrypt(PK,SK i ,C w (K 2 ,L)) represents the attribute-based encryption stage.
而在数据请求者收到K1和K2后,通过SHA256算法得到最终的加密密钥K,通过地址L在IPFS上得到密文CT,用K进行解密最终得到明文mes。After the data requester receives K1 and K2 , he obtains the final encryption key K through the SHA256 algorithm, obtains the ciphertext CT on IPFS through the address L, and decrypts it with K to finally obtain the plaintext mes.
KDecrypt(K1,K2,L)→(mes)KDecrypt(K 1 ,K 2 ,L)→(mes)
为了进一步提高基于区块链的属性基加密数据共享的有效性及适用广泛性,在本申请实施例提供的一种基于区块链的属性基加密数据共享方法中,参见图3,所述基于区块链的属性基加密数据共享方法的步骤100具体包含有如下内容:In order to further improve the effectiveness and wide applicability of blockchain-based attribute-based encrypted data sharing, in an attribute-based encrypted data sharing method based on blockchain provided in an embodiment of the present application, referring to FIG3 , step 100 of the blockchain-based attribute-based encrypted data sharing method specifically includes the following contents:
步骤110:根据区块链网络当前的各个节点加入该区块链网络的先后顺序对各个所述节点进行编号。Step 110: Number each node in the blockchain network according to the order in which each node currently joins the blockchain network.
步骤120:自各个所述节点的编号由小至大的顺序,选取预设数量的所述节点作为当前的一级节点。Step 120: Select a preset number of nodes from the order of the node numbers from small to large as current first-level nodes.
步骤130:为一级节点和非一级节点分别设置不同的初始全局信任值,以作为各个所述一级节点和各个所述非一级节点当前各自的信任值。Step 130: Different initial global trust values are set for the first-level nodes and non-first-level nodes respectively, to serve as the current trust values of each of the first-level nodes and each of the non-first-level nodes.
具体来说,初始化阶段,假设在初始化阶段,区块链网络中节点的数量为N,对所有节点根据加入网络的先后顺序进行i~N编号,并将最早加入的P(P<N)个节点作为信任节点,该组节点初始全局信任值为1/P,其余N-P个节点初始全局信任值为1/N。而后进行节点分级,该P个节点作为可信的一级节点作为核心层,参与到区块链网络共识流程和负责后面多授权中心的工作,其他节点为二级节点作为普通层,用来接收核心层的共识结果和日常交易。核心层中的节点可以通过在网络中进行交易来积累自身的信任值。如果一级节点出现作恶行为,将会被降级处理,并且在一段时间内无法进入核心层。同时,从普通层中选择信任值最高的节点作为一级节点并加入到核心层。Specifically, in the initialization phase, assuming that the number of nodes in the blockchain network is N, all nodes are numbered from i to N according to the order in which they join the network, and the earliest P (P<N) nodes are used as trusted nodes. The initial global trust value of this group of nodes is 1/P, and the initial global trust value of the remaining N-P nodes is 1/N. Then the nodes are graded. The P nodes are trusted first-level nodes as the core layer, participating in the blockchain network consensus process and responsible for the work of the subsequent multi-authorization center. The other nodes are second-level nodes as the ordinary layer, which are used to receive the consensus results and daily transactions of the core layer. The nodes in the core layer can accumulate their own trust value by trading in the network. If the first-level node behaves maliciously, it will be downgraded and cannot enter the core layer for a period of time. At the same time, the node with the highest trust value is selected from the ordinary layer as the first-level node and added to the core layer.
为了进一步提高基于区块链的属性基加密数据共享的有效性及适用广泛性,在本申请实施例提供的一种基于区块链的属性基加密数据共享方法中,参见图3,所述基于区块链的属性基加密数据共享方法的步骤200具体包含有如下内容:In order to further improve the effectiveness and wide applicability of blockchain-based attribute-based encrypted data sharing, in an attribute-based encrypted data sharing method based on blockchain provided in an embodiment of the present application, referring to FIG. 3 , step 200 of the blockchain-based attribute-based encrypted data sharing method specifically includes the following contents:
步骤210:实时监测各个所述一级节点的交易状态数据,所述交易状态数据包括:交易成功状态或交易失败状态。Step 210: Monitor the transaction status data of each of the first-level nodes in real time, wherein the transaction status data includes: transaction success status or transaction failure status.
以及,步骤220:实时监测各个所述一级节点是否存在满足预设的作恶判断规则的作恶行为并记录对应的作恶次数。And, step 220: monitor in real time whether each of the first-level nodes has malicious behavior that meets the preset malicious judgment rules and record the corresponding number of malicious behaviors.
步骤230:计算发生属性基加密数据共享交易的一级节点当前的时间衰减因子,并根据该一级节点的时间衰减因子以及交易状态数据计算该一级节点当前的标准化信任值,并基于该标准化信任值更新该一级节点当前的所述信任值。Step 230: Calculate the current time decay factor of the first-level node where the attribute-based encrypted data sharing transaction occurs, and calculate the current standardized trust value of the first-level node based on the time decay factor of the first-level node and the transaction status data, and update the current trust value of the first-level node based on the standardized trust value.
具体来说,现实中会有节点作恶,这时为了保证系统正常运行这是就需要动态更新授权中心的节点,并更新每个授权中心节点的私钥构件。本申请设定授权中心节点数量固定,所以节点作恶或者节点退出区块链网络都需要进行节点升级和降级操作。Specifically, in reality, there will be nodes that do evil. In order to ensure the normal operation of the system, it is necessary to dynamically update the nodes of the authorization center and update the private key components of each authorization center node. This application sets the number of authorization center nodes to be fixed, so nodes that do evil or exit the blockchain network need to be upgraded and downgraded.
ReSetup(σi)→(σ′i)ReSetup(σ i )→(σ′ i )
为了进一步提高用于属性基加密数据共享的多授权中心的应用有效性及可靠性,在本申请实施例提供的一种基于区块链的属性基加密数据共享方法中,参见图3,所述基于区块链的属性基加密数据共享方法的步骤300具体包含有如下内容:In order to further improve the application effectiveness and reliability of multiple authorization centers for attribute-based encrypted data sharing, in an attribute-based encrypted data sharing method based on blockchain provided in an embodiment of the present application, referring to FIG. 3 , step 300 of the attribute-based encrypted data sharing method based on blockchain specifically includes the following contents:
步骤310:在当前的各个所述一级节点中,判断是否存在当前的所述作恶次数大于预设的次数阈值和/或基于所述标准化信任值更新后的信任值小于预设的信任阈值的任意一级节点,若是,则将该一级节点确定为当前的待降级节点。Step 310: Among the current first-level nodes, determine whether there is any first-level node whose current number of malicious acts is greater than a preset number threshold and/or whose trust value updated based on the standardized trust value is less than a preset trust threshold. If so, determine the first-level node as the current node to be downgraded.
若未发现存在所述作恶次数大于预设的次数阈值和/或基于所述标准化信任值更新后的信任值小于预设的信任阈值的一级节点,则不进行后续处理,并返回步骤200继续监测。If no primary node is found whose number of malicious acts is greater than the preset number threshold and/or whose trust value updated based on the standardized trust value is less than the preset trust threshold, no subsequent processing is performed and the process returns to step 200 to continue monitoring.
步骤320:按照当前的各个所述非一级节点各自的信任值从大到小的顺序,选取与当前的所述待降级节点数量相同的所述非一级节点并更新为新的一级节点,以加入所述多授权中心,并将当前的所述待降级节点自所述多授权中心删除并更新为新的非一级节点。Step 320: According to the order of the trust values of the current non-first-level nodes from large to small, select the non-first-level nodes with the same number as the current nodes to be downgraded and update them to new first-level nodes to join the multi-authorization center, and delete the current nodes to be downgraded from the multi-authorization center and update them to new non-first-level nodes.
为了进一步提高用于属性基加密数据共享的多授权中心的应用有效性及可靠性,在本申请实施例提供的一种基于区块链的属性基加密数据共享方法中,参见图3,所述基于区块链的属性基加密数据共享方法的步骤320之前还具体包含有如下内容:In order to further improve the application effectiveness and reliability of multiple authorization centers for attribute-based encrypted data sharing, in an attribute-based encrypted data sharing method based on blockchain provided in an embodiment of the present application, referring to FIG. 3 , the attribute-based encrypted data sharing method based on blockchain further specifically includes the following contents before step 320:
步骤301:若接收到针对当前任一所述一级节点退出所述区块链网络的消息,则将该一级节点确定为当前的待降级节点。Step 301: If a message is received for any current first-level node to exit the blockchain network, the first-level node is determined as the current node to be downgraded.
本申请还提供一种用于执行所述基于区块链的属性基加密数据共享方法中全部或部分内容的基于区块链的属性基加密数据共享装置,参见图4,所述基于区块链的属性基加密数据共享装置具体包含有如下内容:The present application also provides a blockchain-based attribute-based encrypted data sharing device for executing all or part of the blockchain-based attribute-based encrypted data sharing method. Referring to FIG. 4 , the blockchain-based attribute-based encrypted data sharing device specifically includes the following contents:
初始构建模块10,用于基于预设的信任评估规则,自区块链网络当前的各个节点中选择一级节点以组成多授权中心,以基于该多授权中心中的各个所述一级节点、预设在所述区块链网络之外的存储系统和所述区块链网络,实现当前在所述区块链网络中作为数据提供者的节点和作为数据请求者的节点之间的属性基加密数据共享交易。The initial construction module 10 is used to select a first-level node from each current node of the blockchain network to form a multi-authorization center based on a preset trust evaluation rule, so as to realize attribute-based encrypted data sharing transactions between the node currently serving as a data provider and the node serving as a data requester in the blockchain network based on each of the first-level nodes in the multi-authorization center, a storage system preset outside the blockchain network, and the blockchain network.
状态监测模块20,用于实时监测各个所述一级节点的交易状态数据和作恶次数,并根据所述交易状态数据更新各个所述一级节点的信任值。The status monitoring module 20 is used to monitor the transaction status data and the number of malicious acts of each of the first-level nodes in real time, and update the trust value of each of the first-level nodes according to the transaction status data.
成员更新模块30,用于根据各个所述一级节点的信任值和所述作恶次数,确定各个所述一级节点中是否包含有待降级节点,若是,则将与当前待降级节点数量相同的非一级节点更新为新的一级节点以加入所述多授权中心,并将当前的所述待降级节点自所述多授权中心删除并更新为新的非一级节点。The member update module 30 is used to determine whether each of the first-level nodes contains nodes to be downgraded based on the trust value of each of the first-level nodes and the number of times the nodes have committed evil deeds. If so, the non-first-level nodes with the same number as the current nodes to be downgraded are updated to new first-level nodes to join the multi-authorization center, and the current nodes to be downgraded are deleted from the multi-authorization center and updated to new non-first-level nodes.
本申请提供的基于区块链的属性基加密数据共享装置的实施例具体可以用于执行上述实施例中的基于区块链的属性基加密数据共享方法的实施例的处理流程,其功能在此不再赘述,可以参照上述基于区块链的属性基加密数据共享方法实施例的详细描述。The embodiment of the blockchain-based attribute-based encrypted data sharing device provided in the present application can be specifically used to execute the processing flow of the embodiment of the blockchain-based attribute-based encrypted data sharing method in the above-mentioned embodiment. Its functions will not be repeated here, and reference can be made to the detailed description of the above-mentioned blockchain-based attribute-based encrypted data sharing method embodiment.
所述基于区块链的属性基加密数据共享装置进行基于区块链的属性基加密数据共享的部分可以在服务器中执行,也可以在客户端设备中完成。具体可以根据所述客户端设备的处理能力,以及用户使用场景的限制等进行选择。本申请对此不作限定。若所有的操作都在所述客户端设备中完成,所述客户端设备还可以包括处理器,用于所述基于区块链的属性基加密数据共享的具体处理。同时,本申请区块链网络中的节点均可以为服务器或客户端设备。The part of the blockchain-based attribute-based encrypted data sharing device that performs blockchain-based attribute-based encrypted data sharing can be executed in the server or completed in the client device. The specific selection can be based on the processing power of the client device and the limitations of the user's usage scenario. This application is not limited to this. If all operations are completed in the client device, the client device may also include a processor for specific processing of the blockchain-based attribute-based encrypted data sharing. At the same time, the nodes in the blockchain network of this application can all be servers or client devices.
上述的客户端设备可以具有通信模块(即通信单元),可以与远程的服务器进行通信连接,实现与所述服务器的数据传输。所述服务器可以包括任务调度中心一侧的服务器,其他的实施场景中也可以包括中间平台的服务器,例如与任务调度中心服务器有通信链接的第三方服务器平台的服务器。所述的服务器可以包括单台计算机设备,也可以包括多个服务器组成的服务器集群,或者分布式装置的服务器结构。The client device may have a communication module (i.e., a communication unit) that can communicate with a remote server to achieve data transmission with the server. The server may include a server on the task scheduling center side, and other implementation scenarios may also include a server on an intermediate platform, such as a server on a third-party server platform that has a communication link with the task scheduling center server. The server may include a single computer device, or a server cluster consisting of multiple servers, or a server structure of a distributed device.
上述服务器与所述客户端设备端之间可以使用任何合适的网络协议进行通信,包括在本申请提交日尚未开发出的网络协议。所述网络协议例如可以包括TCP/IP协议、UDP/IP协议、HTTP协议、HTTPS协议等。当然,所述网络协议例如还可以包括在上述协议之上使用的RPC协议(Remote Procedure Call Protocol,远程过程调用协议)、REST协议(Representational State Transfer,表述性状态转移协议)等。The server and the client device may communicate with each other using any suitable network protocol, including network protocols that have not yet been developed on the date of filing this application. The network protocols may include, for example, TCP/IP, UDP/IP, HTTP, HTTPS, etc. Of course, the network protocols may also include, for example, RPC (Remote Procedure Call Protocol) and REST (Representational State Transfer) protocols used on top of the above protocols.
从上述描述可知,本申请实施例提供的基于区块链的属性基加密数据共享装置,能够避免单一授权中心而导致的数据易泄露的问题,能够保证属性基加密数据的安全性及隐私性,进而能够提高属性基加密数据共享过程的可靠性及安全性。From the above description, it can be seen that the blockchain-based attribute-based encrypted data sharing device provided in the embodiment of the present application can avoid the problem of easy data leakage caused by a single authorization center, can ensure the security and privacy of attribute-based encrypted data, and thus can improve the reliability and security of the attribute-based encrypted data sharing process.
基于前述的基于区块链的属性基加密数据共享方法中全部或部分内容,本申请还提供一种属性基加密数据共享系统的实施例,所述属性基加密数据共享系统具体包含有如下内容:Based on all or part of the content of the aforementioned blockchain-based attribute-based encrypted data sharing method, the present application also provides an embodiment of an attribute-based encrypted data sharing system, and the attribute-based encrypted data sharing system specifically includes the following content:
构成区块链网络的各个节点、由各个所述节点中选取的一级节点构成的多授权中心以及设置在所述区块链网络外部的存储系统;各个所述节点分别与所述存储系统之间通信连接;Each node constituting the blockchain network, a multi-authorization center consisting of primary nodes selected from each of the nodes, and a storage system arranged outside the blockchain network; each of the nodes is respectively connected to the storage system in communication;
所述多授权中心基于一基于区块链的属性基加密数据共享装置构建并进行一级节点的更新,所述基于区块链的属性基加密数据共享装置用于执行前述实施例提及的所述基于区块链的属性基加密数据共享方法;The multi-authorization center is constructed based on a blockchain-based attribute-based encrypted data sharing device and updates the primary node. The blockchain-based attribute-based encrypted data sharing device is used to execute the blockchain-based attribute-based encrypted data sharing method mentioned in the above embodiment;
其中,各个一级节点与所述区块链网络中除所述一级节点之外的非一级节点的交易身份均包括:数据提供者的节点和数据请求者。Among them, the transaction identities of each first-level node and non-first-level nodes in the blockchain network except the first-level node include: the node of the data provider and the data requester.
具体来说,从系统架构角度来看,本方案包括以下五种角色:Specifically, from the perspective of system architecture, this solution includes the following five roles:
区块链网络(Block-Chain NetWork,BN):BN用来通过信任评估模型选取一组节点作为属性基加密的授权中心。Blockchain Network (BN): BN is used to select a group of nodes as the authorization center of attribute-based encryption through a trust evaluation model.
多授权中心(Attribute Authority,AA):AA主要负责生成和分发密钥。Multiple Authorization Centers (Attribute Authority, AA): AA is mainly responsible for generating and distributing keys.
数据提供者(Data Owner,DO):DO主要对共享的数据进行加密操作,并且向数据请求者发送部分密钥。Data Owner (DO): DO mainly performs encryption operations on shared data and sends part of the key to the data requester.
数据消费者(Data Consumer,DC):DC向AA提供自身属性获取对应私钥,通过后可以最终将密文解密获得明文。Data Consumer (DC): DC provides its own attributes to AA to obtain the corresponding private key, after which the ciphertext can be decrypted to obtain the plaintext.
IPFS存储系统:引入IPFS进行链下存储,解决区块链的存储问题,并且传递返回的索引值,增强系统的安全性和效率。IPFS storage system: Introduce IPFS for off-chain storage to solve the storage problem of blockchain, and transmit the returned index value to enhance the security and efficiency of the system.
也就是说,本申请实施例提供的属性基加密数据共享系统,提供了一个讲用户的数据实现安全共享的有效方法。通过引入多授权中心的机制,杜绝了单一授权中心权利过大,一旦出现作恶行为会导致用户隐私泄露的情况。通过信任评估模型选取信任值最高的节点作为多授权中心,提高系统的效率和鲁棒性。本申请通过对共享数据进行属性基加密,数据提供者可以设置合适的访问结构,对共享的数据进行细粒度的访问控制。通过区块链的不可篡改和公开的特性,确保了整个流程的公正性和可追溯性。同时将共享的数据在IPFS上进行存储,实现大文件的高效和安全的存储。为了防止所有授权中心节点集体作恶,串谋生成解密密钥而解密密文,加密密钥由两部分组成,一部分由数据提供者通过安全通道发送给数据请求者,另一部分进行属性基加密,最终将部分密钥进行SHA256运算才可得到解密密钥,更大程度保护数据的安全性。That is to say, the attribute-based encrypted data sharing system provided by the embodiment of the present application provides an effective method for sharing user data securely. By introducing the mechanism of multiple authorization centers, the situation where a single authorization center has too much power and once malicious behavior occurs, it will lead to the leakage of user privacy. The node with the highest trust value is selected as the multi-authorization center through the trust evaluation model to improve the efficiency and robustness of the system. By performing attribute-based encryption on shared data, the data provider can set a suitable access structure and perform fine-grained access control on the shared data. The fairness and traceability of the entire process are ensured by the immutable and public characteristics of the blockchain. At the same time, the shared data is stored on IPFS to achieve efficient and secure storage of large files. In order to prevent all authorization center nodes from collectively committing evil and conspiring to generate decryption keys to decrypt ciphertexts, the encryption key consists of two parts, one part is sent to the data requester by the data provider through a secure channel, and the other part is attribute-based encrypted. Finally, the decryption key can be obtained by performing SHA256 operation on part of the key to protect the security of the data to a greater extent.
为了进一步说明上述方案,本申请还提供一种基于信任评价模型和属性基加密的区块链数据共享方法,该方法利用信任评价模型和区块链技术,改进属性基加密授权中心权利过高的问题,同时在数据共享过程中做到安全可信,切实保护数据提供者和数据消费者的利益。参见图2和图5,图5中的Y表示“是”,N表示“否”;所述基于信任评价模型和属性基加密的区块链数据共享方法具体包含有如下内容:To further illustrate the above scheme, this application also provides a blockchain data sharing method based on a trust evaluation model and attribute-based encryption. This method uses the trust evaluation model and blockchain technology to improve the problem of excessive power of the attribute-based encryption authorization center, and at the same time, it is safe and reliable in the data sharing process, and effectively protects the interests of data providers and data consumers. See Figures 2 and 5, where Y in Figure 5 represents "yes" and N represents "no"; the blockchain data sharing method based on a trust evaluation model and attribute-based encryption specifically includes the following contents:
(一)步骤1:信任评估模型构建(I) Step 1: Building a trust assessment model
A.初始化阶段,假设在初始化阶段,区块链网络中节点的数量为N,对所有节点根据加入网络的先后顺序进行i~N编号,并将最早加入的P(P<N)个节点作为信任节点,该组节点初始全局信任值为1/P,其余N-P个节点初始全局信任值为1/N。A. Initialization phase. Assume that in the initialization phase, the number of nodes in the blockchain network is N. All nodes are numbered from i to N according to the order in which they join the network. The earliest P (P<N) nodes are taken as trusted nodes. The initial global trust value of this group of nodes is 1/P, and the initial global trust value of the remaining N-P nodes is 1/N.
B.节点分级,该P个节点作为可信的一级节点作为核心层,参与到区块链网络共识流程和负责后面多授权中心的工作,其他节点为二级节点作为普通层,用来接收核心层的共识结果和交易,并在每次交易过后对信任值进行更新。B. Node grading: The P nodes are trusted first-level nodes as the core layer, participating in the blockchain network consensus process and responsible for the work of multiple authorization centers. Other nodes are second-level nodes as the ordinary layer, which are used to receive the consensus results and transactions of the core layer and update the trust value after each transaction.
为实例化描述该步骤,本申请应用实例给出其具体算法描述To illustrate this step, the application example of this application gives a specific algorithm description.
首先本申请应用实例通过sigmoid函数还引入时间衰减因子γ,计算方法如下:First, the application example of this application also introduces the time attenuation factor γ through the sigmoid function, and the calculation method is as follows:
公式中,ttrans表示交易发生的时间,tnow表示当前时间,即交易距离当前近,γ的衰减成都越小,反之越大。In the formula, t trans represents the time when the transaction occurs, and t now represents the current time. That is, the closer the transaction is to the current time, the smaller the attenuation of γ is, and vice versa.
引入时间衰减因子之后,在每次交易成功或者失败之后对信任值进行计算After the time decay factor is introduced, the trust value is calculated after each transaction succeeds or fails.
满意的评价为:Satisfactory evaluation:
不满意的评价为:Unsatisfactory evaluations:
其中和分别为在t时间i节点与j节点发生交易后成功的评价和失败的评价。α和β分别是评价信任值时的权重,其中α+β=1。in and are the evaluation of success and failure after the transaction between node i and node j at time t. α and β are the weights for evaluating trust value, where α+β=1.
最终得出信任值的计算公式:Finally, the calculation formula of the trust value is obtained:
sij=sat(i,j)-unsat(i,j)-s ij =sat(i,j)-unsat(i,j)-
标准化后的信任值计算公式:The standardized trust value calculation formula is:
C.核心层中的节点可以通过在网络中进行交易来积累自身的信任值。如果一级节点出现作恶行为,将会被降级处理,并且在一段时间内无法进入核心层。同时,从普通层中选择信任值最高的节点作为一级节点并加入到核心层。C. Nodes in the core layer can accumulate their own trust value by conducting transactions in the network. If a first-level node behaves maliciously, it will be downgraded and will not be able to enter the core layer for a period of time. At the same time, the node with the highest trust value is selected from the ordinary layer as a first-level node and added to the core layer.
为实例化该步骤,本申请应用实例给出其具体算法描述:To instantiate this step, the application example of this application gives a specific algorithm description:
其中x表示节点作恶次数,Cij为更新前信任值,C′ij表示更新后的信任值。Where x represents the number of times the node has committed evil, C ij is the trust value before the update, and C′ ij represents the trust value after the update.
(二)步骤2:初始化阶段(II) Step 2: Initialization phase
A.多授权中心的初始化操作,输入安全参数,然后输出公共参数GP和用户标识uid和多授权中心的aid。A. Initialization operation of multiple authorization centers, input security parameters, and then output public parameters GP and user identifier uid and aid of multiple authorization centers.
GlobalSetup(λ)→(GP,aid,uid)GlobalSetup(λ)→(GP,aid,uid)
为实例化该步骤,本申请应用实例给出其具体算法描述。算法输入一个安全参数λ,再选取两个阶都为p的乘法群G和GT,g为G的生成元,双线性映射e:G×G→GT。算法选择三个哈希函数分别为H:{0,1}*→G,在选取一个提取器h∈和一个对称加密方案SE。最后为每个AA和用户分配独有的身份标识符uid和uid,输出公共参数GP={ρ,G,GT,g,e,H,H1,H2,h,SE}。To instantiate this step, the application example of this application gives a specific algorithm description. The algorithm inputs a security parameter λ, then selects two multiplication groups G and GT of order p, g is the generator of G, and the bilinear map e:G×G→ GT . The algorithm selects three hash functions, namely H:{0,1} * →G, When selecting an extractor h∈ and a symmetric encryption scheme SE. Finally, each AA and user is assigned a unique identity identifier uid and uid, and the public parameters GP = {ρ, G, GT , g, e, H, H1 , H2 , h, SE} are output.
B.该算法由AA执行,输入公共参数GP,权限机构标识符aid,然后输出子私钥MSKaid和子公钥PKaid B. The algorithm is executed by AA, inputting the public parameter GP, the authority identifier aid, and then outputting the sub-private key MSK aid and the sub-public key PK aid
AuthSetup(GP,aid)→(MSKaid,PKaid)AuthSetup(GP,aid)→(MSK aid ,PK aid )
为实例化该步骤,本申请应用实例给出其具体算法描述。每个授权中心执行初始化算法完成后生成子私钥和子公钥,接下来需要生成主公钥和主私钥。通过门限共享的思想来实现。设(t,T)门限,表示秘密需要t个授权中心来共同恢复才有效,T则为授权中心的集合。To instantiate this step, the application example of this application gives a specific algorithm description. After each authorization center executes the initialization algorithm, it generates a sub-private key and a sub-public key. Next, it needs to generate a master public key and a master private key. This is achieved through the idea of threshold sharing. Let (t, T) be the threshold, indicating that the secret requires t authorization centers to jointly recover it to be valid, and T is the set of authorization centers.
1.参与秘密恢复的所有授权中心Ai随机选取di、ki,建立t-1阶多项式fi(x)mod q,fi(x)如下:1. All authorized centers A i participating in secret recovery randomly select d i and k i and establish a t-1 order polynomial fi (x) mod q, where fi (x) is as follows:
fi(x)=fi(0)+a1ix+a1ix2+…+ai,i-1xt-1mod qf i (x)=f i (0)+a 1i x+a 1i x 2 +…+a i,i-1 x t-1 mod q
2.所有授权中心都需计算并向网络中的其他节点公布。授权中心还需计算除自身之外的私钥构件σi,j=fi(aidj)mod q。将计算结果用对方公钥加密并签名发送给对方。2. All authorized centers need to calculate The authorization center also needs to calculate the private key component σ i,j = fi (aid j ) mod q other than its own. The calculation result is encrypted with the other party's public key and signed and sent to the other party.
3.当授权中心收到其他至少t-1个授权中心的消息后,用自己的私钥进行解密获得σj,i,用等式验证是否合法。最终 3. When the authorization center receives the message from at least t-1 other authorization centers, it uses its own private key to decrypt and obtain σ j,i , using equation Verify legality.
4.当每个授权中心完场以上三个步骤之后,就可以得到以下各式:4. After each authorized center completes the above three steps, the following results can be obtained:
5.当集合T中的授权中心都收到了其他t-1个授权中心的数据后,则可以通过拉格朗日多项式插值公式计算得到私钥构件其中P为常数。5. When the authorized centers in set T have received the data from other t-1 authorized centers, the private key component can be calculated by the Lagrange polynomial interpolation formula Where P is a constant.
最终,得到系统公钥:y=gF(0)Rmodq,系统私钥 Finally, we get the system public key: y = g F(0) Rmodq, the system private key
C.生成加密密钥,数据提供者随机选择K1和K2,K1和K2经SHA256算法得到加密密钥K。C. Generate encryption key. The data provider randomly selects K1 and K2 . K1 and K2 are processed by SHA256 algorithm to obtain encryption key K.
KEncrypt(K1,K2)→(K)KEncrypt(K 1 ,K 2 )→(K)
(三)步骤3:数据加密阶段(III) Step 3: Data encryption stage
该阶段DO将要共享的数据明文mes进行对称加密,并将得到的密文CT上传至IPFS获得对应的路径,并对密钥K2进行属性基加密的加密算法。具体步骤如下:In this stage, DO symmetrically encrypts the plaintext data mes to be shared, uploads the obtained ciphertext CT to IPFS to obtain the corresponding path, and performs attribute-based encryption on the key K 2. The specific steps are as follows:
A.数据提供者DO输入数据明文mes和密钥K2最后输出密文,并将密文CT上传至IPFS,最终获得路径L。A. The data provider DO inputs the data plaintext mes and the key K 2 and finally outputs the ciphertext, and uploads the ciphertext CT to IPFS, and finally obtains the path L.
MesEncrypt(mes,K2)→(CT)MesEncrypt(mes,K 2 )→(CT)
B.数据提供者DO输入密钥K2,路径L,公共参数GP、公钥PK、访问矩阵(M,ρ),共享的数据明文mes,最后输出密文Cw(K2,L),最终将密文标识M_ID,数据提供者表示uid,和密文Cw(K2,L)发布到区块链上,区块链网络收到请求并且出发智能合约StoreCont进行响应。B. The data provider DO inputs the key K 2 , the path L, the public parameters GP, the public key PK, the access matrix (M,ρ), the shared data plaintext mes, and finally outputs the ciphertext C w (K 2 ,L). Finally, the ciphertext identifier M_ID, the data provider representation uid, and the ciphertext C w (K 2 ,L) are published on the blockchain. The blockchain network receives the request and triggers the smart contract StoreCont to respond.
OwnerEncrypt(GP,PK,(M,ρ),L,K2)→(Cw(K2,L))OwnerEncrypt(GP,PK,(M,ρ),L,K 2 )→(C w (K 2 ,L))
为实例化该步骤,本申请应用实例给出其具体算法描述。该阶段由数据提供者执行,首先通过生成一个l*n的访问矩阵M,,函数p映射到矩阵M每一行属性即p(i),选取随机数s∈Zp,。向量和0作为随机向量设之后计算C0=Re(g,g)s, 最终关于K2,L的密文为CT(K2,L)={(M,ρ),C0,C1,i,C2,i,C3,i}i∈[1,l]。To instantiate this step, the application example of this application gives a specific algorithm description. This stage is performed by the data provider, who first generates a l*n access matrix M, maps the function p to each row attribute of the matrix M, namely p(i), and selects a random number s∈Z p ,. vector and 0 as random vector set up Then calculate C 0 = Re(g,g) s , The final ciphertext about K 2 ,L is CT(K 2 ,L)={(M,ρ),C 0 ,C 1,i ,C 2,i ,C 3,i } i∈[1,l] .
(四)步骤4:数据请求阶段(IV) Step 4: Data Request Phase
该阶段数据请求者向多授权中心发送访问请求,并且包含数据请求者的属性集合,多授权中心收到请求后触发智能合约,并为数据请求者生成对应的私钥构件。具体步骤如下:In this stage, the data requester sends an access request to the multi-authorization center, which contains the data requester's attribute set. After receiving the request, the multi-authorization center triggers the smart contract and generates the corresponding private key component for the data requester. The specific steps are as follows:
输入公钥PK、私钥MK、数据请求者的属性集合s,运行属性基加密算法的KeyGen密钥生成算法,其中利用分布式密钥生成技术生成私钥构件,t为DKG恢复密钥的门限数,这样可以抵御t-1个节点的恶意攻击,保护用户密钥的安全。最后私钥构件SKi和CT(K2,L)发送给数据请求者。Input the public key PK, private key MK, and attribute set s of the data requester, and run the KeyGen key generation algorithm of the attribute-based encryption algorithm, in which the private key component is generated using the distributed key generation technology. t is the threshold number of DKG recovery keys, which can resist malicious attacks from t-1 nodes and protect the security of user keys. Finally, the private key component SK i and CT(K 2 ,L) are sent to the data requester.
UserKeyGen(PK,MK,s,t)→(SKi)UserKeyGen(PK,MK,s,t)→(SK i )
(五)步骤5:数据解密阶段(V) Step 5: Data decryption stage
A.数据提供者通过SSL安全信道与数据请求者建立联系,通过该安全通道将K1发送给数据请求者。A. The data provider establishes a connection with the data requester through an SSL secure channel and sends K1 to the data requester through the secure channel.
SslPart(K1)SslPart(K 1 )
B.输入私钥构件SKi,密文Cw(K2,L)和公钥PK,数据请求者将获取到的SKi通过调用Lagrange多项式差值公式来恢复并获得私钥SK,并调用Decrypt解密算法对Cw(K2,L)进行解密,最终输出明文的K2和L。B. Input the private key component SK i , ciphertext C w (K 2 ,L) and public key PK. The data requester recovers the obtained SK i by calling the Lagrange polynomial difference formula to obtain the private key SK, and calls the Decrypt decryption algorithm to decrypt C w (K 2 ,L), and finally outputs the plaintext K 2 and L.
UserDecrypt(PK,Ki,Cw(K2,L))→(Sk,K2,L)UserDecrypt(PK,K i ,C w (K 2 ,L))→(Sk,K 2 ,L)
为实例化该步骤,本申请应用实例给出其具体算法描述。To instantiate this step, the application example of this application provides a specific algorithm description.
1.如果用户的访问属性s不满足访问策略(M,ρ),则算法终止。1. If the user’s access attribute s does not satisfy the access policy (M, ρ), the algorithm terminates.
2.如果用户的访问属性s满足访问策略(M,ρ),则选择一个满足∑xciMi=(1,0,…,0)的常量对于i∈{1,2,…,l}计算:2. If the user's access attribute s satisfies the access policy (M,ρ), then select a constant that satisfies ∑ x c i M i =(1,0,…,0) For i∈{1,2,…,l} calculate:
最后,获得解密后的明文(K2,L)。 Finally, the decrypted plaintext (K 2 , L) is obtained.
C.数据请求者收到K1和K2后,通过SHA256算法得到最终的加密密钥K,通过地址L在IPFS上得到密文CT,用K进行解密最终得到明文M。C. After receiving K1 and K2 , the data requester obtains the final encryption key K through the SHA256 algorithm, obtains the ciphertext CT on IPFS through the address L, and decrypts it with K to finally obtain the plaintext M.
KDecrypt(K1,K2,L)→(M)KDecrypt(K 1 ,K 2 ,L)→(M)
(六)步骤6:核心层节点更新(VI) Step 6: Core layer node update
现实中会有节点作恶,这时为了保证系统正常运行m这是就需要动态更新授权中心的节点,并更新每个授权中心节点的私钥构件。本申请应用实例设定授权中心节点数量固定,所以节点作恶或者节点退出区块链网络都需要进行节点升级和降级操作。In reality, there will be nodes that behave maliciously. In order to ensure the normal operation of the system, it is necessary to dynamically update the nodes of the authorization center and update the private key components of each authorization center node. This application example sets the number of authorization center nodes to be fixed, so nodes that behave maliciously or exit the blockchain network need to be upgraded or downgraded.
ReSetup(σi)→(σ′i)ReSetup(σ i )→(σ′ i )
节点更新可分为如下两种情况:Node updates can be divided into the following two situations:
1.节点退出区块链网络,这时可以认为该节点是可信的,则旧节点直接与新节点交换数据即可。1. When a node exits the blockchain network, it can be considered trustworthy, and the old node can directly exchange data with the new node.
2.节点因为作恶行为被降级,需要从普通层新增一个节点,接着核心层删除一个节点。新增加的节点为AA′,AA′需要随机选择k’和d’,并构建一个t-1阶多项式f(x)modq,重复由步骤2可计算得出σi+1,j=fi+1(IDj)modq,并将计算结果加密和签名后发送给网络中其他授权中心节点。当AAj收到σi+1,j后,计算σj,i+1=fj(IDi+1)modq,并返回给AA′,同时更新自己的私钥构件σ‘j=(σj+σi+1,j)modq。并与区块链中其他授权中心节点重复该步骤。当AA′与其他节点同步完成后,即可得到自己的私钥构件之后再将作恶节点AAz降级处理,其他授权中心节点把自己的私钥构件更新为σ′i=(σi-σz)modq即可。2. The node is downgraded due to malicious behavior. It is necessary to add a new node from the ordinary layer, and then delete a node from the core layer. The newly added node is AA′. AA′ needs to randomly select k' and d', and construct a t-1 order polynomial f(x)modq. Repeating step 2 can calculate σ i+1,j = fi +1 (ID j )modq, and encrypt and sign the calculation result and send it to other authorized center nodes in the network. When AA j receives σ i+1,j , it calculates σ j,i+1 = f j (ID i+1 )modq and returns it to AA′, while updating its own private key component σ' j = (σ j +σ i+1,j )modq. Repeat this step with other authorized center nodes in the blockchain. When AA′ is synchronized with other nodes, it can obtain its own private key component. Afterwards, the malicious node AA z is downgraded, and other authorized central nodes update their private key components to σ′ i =(σ i -σ z )modq.
本申请应用实例提出了一种创新的数据共享方法,该方法巧妙地将信任评价模型与区块链技术相结合,旨在为属性基加密技术提供一个多授权中心的框架。通过在区块链中选取信任值较高的节点作为授权中心,本申请不仅增强了数据共享过程中的安全性和可信度,而且提高了系统的灵活性和扩展性。这种独特的结合方式,让数据共享和保护机制在去中心化的环境中得到了创新性的提升,为用户提供了更为安全、高效的数据交互体验。This application example proposes an innovative data sharing method that cleverly combines the trust evaluation model with blockchain technology, aiming to provide a multi-authorization center framework for attribute-based encryption technology. By selecting nodes with higher trust values in the blockchain as authorization centers, this application not only enhances the security and credibility of the data sharing process, but also improves the flexibility and scalability of the system. This unique combination allows data sharing and protection mechanisms to be innovatively improved in a decentralized environment, providing users with a safer and more efficient data interaction experience.
基于信任评价模型和区块链的属性基加密数据共享方法为多个领域提供了创新和安全的解决方案。在云计算领域,这种方法能够确保敏感数据在云存储和云服务中的安全,使得只有具备特定属性的用户才能访问数据,极大地提高了数据处理和存储的安全性与隐私性。在物联网领域,随着设备数量的激增和设备间互联的复杂性增加,本方法可以有效地管理和控制设备间的数据访问权限,确保数据在设备之间安全传输,防止未授权访问和数据泄露。在医疗健康和金融服务等领域也有着广阔的应用前景。The attribute-based encrypted data sharing method based on the trust evaluation model and blockchain provides innovative and secure solutions for multiple fields. In the field of cloud computing, this method can ensure the security of sensitive data in cloud storage and cloud services, so that only users with specific attributes can access the data, greatly improving the security and privacy of data processing and storage. In the field of the Internet of Things, with the surge in the number of devices and the increasing complexity of interconnection between devices, this method can effectively manage and control data access rights between devices, ensure the secure transmission of data between devices, and prevent unauthorized access and data leakage. It also has broad application prospects in fields such as healthcare and financial services.
与此同时要成功实施这一方法,需要依托于可靠的区块链网络,建立一个有效的信任评估模型来评价和筛选授权中心,并制定一套全面的属性管理机制和安全策略。此外,确保用户和设备的身份及其属性的真实性也是至关重要的,这要求有一套严格的认证流程。通过满足这些条件,该方法不仅能够增强数据交换过程中的安全性和可信度,还能提供足够的灵活性和扩展性,以适应不断变化的业务需求和技术环境,为数据安全、可靠共享提供新的解决方案。At the same time, to successfully implement this method, it is necessary to rely on a reliable blockchain network, establish an effective trust assessment model to evaluate and screen authorization centers, and formulate a comprehensive attribute management mechanism and security strategy. In addition, it is also crucial to ensure the authenticity of the identity of users and devices and their attributes, which requires a strict authentication process. By meeting these conditions, this method can not only enhance the security and credibility of the data exchange process, but also provide sufficient flexibility and scalability to adapt to the ever-changing business needs and technical environment, and provide new solutions for the safe and reliable sharing of data.
本申请实施例还提供了一种电子设备,该电子设备可以包括处理器、存储器、接收器及发送器,处理器用于执行上述实施例提及的基于区块链的属性基加密数据共享方法,其中处理器和存储器可以通过总线或者其他方式连接,以通过总线连接为例。该接收器可通过有线或无线方式与处理器、存储器连接。The embodiment of the present application also provides an electronic device, which may include a processor, a memory, a receiver and a transmitter, wherein the processor is used to execute the attribute-based encrypted data sharing method based on blockchain mentioned in the above embodiment, wherein the processor and the memory may be connected via a bus or other means, such as by bus connection. The receiver may be connected to the processor and the memory via wired or wireless means.
处理器可以为中央处理器(Central Processing Unit,CPU)。处理器还可以为其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现场可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等芯片,或者上述各类芯片的组合。The processor may be a central processing unit (CPU). The processor may also be other general-purpose processors, digital signal processors (DSP), application-specific integrated circuits (ASIC), field-programmable gate arrays (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or a combination of the above chips.
存储器作为一种非暂态计算机可读存储介质,可用于存储非暂态软件程序、非暂态计算机可执行程序以及模块,如本申请实施例中的基于区块链的属性基加密数据共享方法对应的程序指令/模块。处理器通过运行存储在存储器中的非暂态软件程序、指令以及模块,从而执行处理器的各种功能应用以及数据处理,即实现上述方法实施例中的基于区块链的属性基加密数据共享方法。As a non-transient computer-readable storage medium, the memory can be used to store non-transient software programs, non-transient computer executable programs and modules, such as program instructions/modules corresponding to the attribute-based encrypted data sharing method based on blockchain in the embodiment of the present application. The processor executes various functional applications and data processing of the processor by running the non-transient software programs, instructions and modules stored in the memory, that is, realizing the attribute-based encrypted data sharing method based on blockchain in the above method embodiment.
存储器可以包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需要的应用程序;存储数据区可存储处理器所创建的数据等。此外,存储器可以包括高速随机存取存储器,还可以包括非暂态存储器,例如至少一个磁盘存储器件、闪存器件、或其他非暂态固态存储器件。在一些实施例中,存储器可选包括相对于处理器远程设置的存储器,这些远程存储器可以通过网络连接至处理器。上述网络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。The memory may include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application required for at least one function; the data storage area may store data created by the processor, etc. In addition, the memory may include a high-speed random access memory, and may also include a non-volatile memory, such as at least one disk storage device, a flash memory device, or other non-volatile solid-state storage device. In some embodiments, the memory may optionally include a memory remotely disposed relative to the processor, and these remote memories may be connected to the processor via a network. Examples of the above-mentioned network include, but are not limited to, the Internet, an intranet, a local area network, a mobile communication network, and combinations thereof.
所述一个或者多个模块存储在所述存储器中,当被所述处理器执行时,执行实施例中的基于区块链的属性基加密数据共享方法。The one or more modules are stored in the memory, and when executed by the processor, the blockchain-based attribute-based encrypted data sharing method in the embodiment is executed.
在本申请的一些实施例中,用户设备可以包括处理器、存储器和收发单元,该收发单元可包括接收器和发送器,处理器、存储器、接收器和发送器可通过总线系统连接,存储器用于存储计算机指令,处理器用于执行存储器中存储的计算机指令,以控制收发单元收发信号。In some embodiments of the present application, the user equipment may include a processor, a memory, and a transceiver unit, which may include a receiver and a transmitter. The processor, memory, receiver, and transmitter may be connected through a bus system. The memory is used to store computer instructions, and the processor is used to execute the computer instructions stored in the memory to control the transceiver unit to send and receive signals.
作为一种实现方式,本申请中接收器和发送器的功能可以考虑通过收发电路或者收发的专用芯片来实现,处理器可以考虑通过专用处理芯片、处理电路或通用芯片实现。As an implementation method, the functions of the receiver and the transmitter in the present application can be considered to be implemented through a transceiver circuit or a dedicated chip for transceiver, and the processor can be considered to be implemented through a dedicated processing chip, a processing circuit or a general chip.
作为另一种实现方式,可以考虑使用通用计算机的方式来实现本申请实施例提供的服务器。即将实现处理器,接收器和发送器功能的程序代码存储在存储器中,通用处理器通过执行存储器中的代码来实现处理器,接收器和发送器的功能。As another implementation method, it is possible to use a general-purpose computer to implement the server provided in the embodiment of the present application, that is, to store the program code for implementing the functions of the processor, receiver, and transmitter in a memory, and the general-purpose processor implements the functions of the processor, receiver, and transmitter by executing the code in the memory.
本申请实施例还提供一种计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时以实现前述基于区块链的属性基加密数据共享方法的步骤。该计算机可读存储介质可以是有形存储介质,诸如随机存储器(RAM)、内存、只读存储器(ROM)、电可编程ROM、电可擦除可编程ROM、寄存器、软盘、硬盘、可移动存储盘、CD-ROM、或技术领域内所公知的任意其它形式的存储介质。The embodiment of the present application also provides a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, the steps of the aforementioned attribute-based encrypted data sharing method based on blockchain are implemented. The computer-readable storage medium can be a tangible storage medium, such as a random access memory (RAM), a memory, a read-only memory (ROM), an electrically programmable ROM, an electrically erasable programmable ROM, a register, a floppy disk, a hard disk, a removable storage disk, a CD-ROM, or any other form of storage medium known in the technical field.
本领域普通技术人员应该可以明白,结合本文中所公开的实施方式描述的各示例性的组成部分、系统和方法,能够以硬件、软件或者二者的结合来实现。具体究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。当以硬件方式实现时,其可以例如是电子电路、专用集成电路(ASIC)、适当的固件、插件、功能卡等等。当以软件方式实现时,本申请的元素是被用于执行所需任务的程序或者代码段。程序或者代码段可以存储在机器可读介质中,或者通过载波中携带的数据信号在传输介质或者通信链路上传送。It should be understood by those skilled in the art that the exemplary components, systems and methods described in conjunction with the embodiments disclosed herein can be implemented in hardware, software or a combination of the two. Whether it is specifically performed in hardware or software depends on the specific application and design constraints of the technical solution. Professional and technical personnel can use different methods to implement the described functions for each specific application, but such implementation should not be considered to be beyond the scope of this application. When implemented in hardware, it can be, for example, an electronic circuit, an application specific integrated circuit (ASIC), appropriate firmware, a plug-in, a function card, etc. When implemented in software, the elements of this application are programs or code segments used to perform the required tasks. The program or code segment can be stored in a machine-readable medium, or transmitted on a transmission medium or a communication link by a data signal carried in a carrier.
需要明确的是,本申请并不局限于上文所描述并在图中示出的特定配置和处理。为了简明起见,这里省略了对已知方法的详细描述。在上述实施例中,描述和示出了若干具体的步骤作为示例。但是,本申请的方法过程并不限于所描述和示出的具体步骤,本领域的技术人员可以在领会本申请的精神后,作出各种改变、修改和添加,或者改变步骤之间的顺序。It should be clear that the present application is not limited to the specific configuration and processing described above and shown in the figures. For the sake of simplicity, a detailed description of the known method is omitted here. In the above embodiments, several specific steps are described and shown as examples. However, the method process of the present application is not limited to the specific steps described and shown, and those skilled in the art can make various changes, modifications and additions, or change the order between the steps after understanding the spirit of the present application.
本申请中,针对一个实施方式描述和/或例示的特征,可以在一个或更多个其它实施方式中以相同方式或以类似方式使用,和/或与其他实施方式的特征相结合或代替其他实施方式的特征。In the present application, features described and/or illustrated for one embodiment may be used in the same manner or in a similar manner in one or more other embodiments, and/or combined with features of other embodiments or replace features of other embodiments.
以上所述仅为本申请的优选实施例,并不用于限制本申请,对于本领域的技术人员来说,本申请实施例可以有各种更改和变化。凡在本申请的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本申请的保护范围之内。The above description is only the preferred embodiment of the present application and is not intended to limit the present application. For those skilled in the art, the embodiments of the present application may have various modifications and variations. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Claims (10)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410450180.7A CN118214761A (en) | 2024-04-15 | 2024-04-15 | Attribute-based encrypted data sharing method, system and device based on blockchain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410450180.7A CN118214761A (en) | 2024-04-15 | 2024-04-15 | Attribute-based encrypted data sharing method, system and device based on blockchain |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118214761A true CN118214761A (en) | 2024-06-18 |
Family
ID=91448492
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410450180.7A Pending CN118214761A (en) | 2024-04-15 | 2024-04-15 | Attribute-based encrypted data sharing method, system and device based on blockchain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118214761A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118764172A (en) * | 2024-09-09 | 2024-10-11 | 万洲嘉智信息科技有限公司 | Data tracing method and system based on big data and multi-dimensional features |
| CN119788433A (en) * | 2025-03-11 | 2025-04-08 | 联通(山东)产业互联网有限公司 | Internet data processing method, system, equipment and medium |
-
2024
- 2024-04-15 CN CN202410450180.7A patent/CN118214761A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118764172A (en) * | 2024-09-09 | 2024-10-11 | 万洲嘉智信息科技有限公司 | Data tracing method and system based on big data and multi-dimensional features |
| CN119788433A (en) * | 2025-03-11 | 2025-04-08 | 联通(山东)产业互联网有限公司 | Internet data processing method, system, equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11978044B2 (en) | Client authentication using split key signing on a blockchain platform | |
| US20230023857A1 (en) | Data processing method and apparatus, intelligent device, and storage medium | |
| Conti et al. | A survey on security and privacy issues of bitcoin | |
| CN112016105B (en) | On-chain and off-chain data sharing method based on distributed oracles and homomorphic encryption | |
| Jesus et al. | A survey of how to use blockchain to secure internet of things and the stalker attack | |
| CN110741400B (en) | Blockchain network interaction controller | |
| US11038682B2 (en) | Communication method, apparatus and system, electronic device, and computer readable storage medium | |
| JP2020507222A (en) | System and method for information protection | |
| Rodrigues et al. | Blockchain signaling system (BloSS): cooperative signaling of distributed denial-of-service attacks | |
| CN115049398A (en) | Complete data asset trusted management and value transfer system and method | |
| CN118214761A (en) | Attribute-based encrypted data sharing method, system and device based on blockchain | |
| US12316758B2 (en) | Blockchain processing offload to network device | |
| Uddin et al. | An efficient selective miner consensus protocol in blockchain oriented IoT smart monitoring | |
| Tennant | Improving the Anonymity of the IOTA Cryptocurrency | |
| US12155750B2 (en) | Systems and methods for generating secure, encrypted communications across distributed computer networks for authorizing use of cryptography-based digital repositories in order to perform blockchain operations in decentralized applications | |
| Chen et al. | Trusted audit with untrusted auditors: A decentralized data integrity Crowdauditing approach based on blockchain | |
| CN115499379A (en) | Information interaction method, device, equipment and medium based on block chain | |
| Deebak et al. | Healthcare applications using blockchain with a cloud-assisted decentralized privacy-preserving framework | |
| Keshavarzkalhori et al. | Federify: A verifiable federated learning scheme based on zksnarks and blockchain | |
| CN116633525A (en) | Safe sharing method for industrial Internet of things data | |
| Gojka et al. | Security in distributed ledger technology: An analysis of vulnerabilities and attack vectors | |
| WO2021098152A1 (en) | Blockchain-based data processing method, device, and computer apparatus | |
| WO2020113546A1 (en) | Privacy protection and identity management method and system for multi-mode identifier network | |
| Wang et al. | Voltran: Unlocking trust and confidentiality in decentralized federated learning aggregation | |
| CN113656829A (en) | Medical data security sharing method based on lattice code and alliance chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |