CN112487464A - Encrypted data sharing method and device based on block chain - Google Patents
Encrypted data sharing method and device based on block chain Download PDFInfo
- Publication number
- CN112487464A CN112487464A CN202011475283.7A CN202011475283A CN112487464A CN 112487464 A CN112487464 A CN 112487464A CN 202011475283 A CN202011475283 A CN 202011475283A CN 112487464 A CN112487464 A CN 112487464A
- Authority
- CN
- China
- Prior art keywords
- ith
- encryption
- value
- private key
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 150000003839 salts Chemical class 0.000 claims abstract description 78
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 67
- 239000012634 fragment Substances 0.000 claims description 40
- 230000005540 biological transmission Effects 0.000 claims description 5
- 238000005516 engineering process Methods 0.000 abstract description 7
- 238000005336 cracking Methods 0.000 description 5
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 238000004364 calculation method Methods 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
- G06Q20/06—Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
- G06Q20/065—Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Accounting & Taxation (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Marketing (AREA)
- Computing Systems (AREA)
- Technology Law (AREA)
- Data Mining & Analysis (AREA)
- Economics (AREA)
- Development Economics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method and a device for sharing encrypted data based on a block chain, wherein the method comprises the following steps: aiming at the ith plaintext data, obtaining an ith first-layer encryption value according to a first encryption algorithm; generating an ith encryption private key of the ith plaintext data according to the ith first-layer encryption value and at least one random salt value; generating an ith encryption public key according to a third encryption algorithm at least according to the ith encryption private key; encrypting the ith plaintext data according to the third encryption algorithm at least according to the ith encryption public key to obtain the ith encrypted data; and uploading the ith encryption public key and the ith encryption data to a block chain. When the method is applied to financial technology (Fintech), the data sharing party only needs to manage the main private key even if the data sharing party shares the encrypted data with larger data volume.
Description
Technical Field
The invention relates to the field of block chains (blockchain) in the field of financial technology (Fintech), in particular to a method and a device for sharing encrypted data based on the block chains.
Background
With the development of computer technology, more and more technologies are applied in the financial field, and the traditional financial industry is gradually changing to financial technology (Fintech), but due to the requirements of the financial industry on safety and real-time performance, higher requirements are also put forward on the technologies. Block chains (blockchains) are often used in the field of financial technology as a non-tamperable database. The data sharing party can upload the data to the block chain, and then the block chain can carry out cross-platform data sharing through the distributed account book, so that the credibility and the tamper resistance of the data are declared. When the data user uses the data, the data user requests the data sharing party in a safe mode and obtains the original data, and after the data user obtains the original data, the data user compares the original data with the encrypted data on the chain through the same encryption algorithm to ensure the authenticity and credibility of the original data.
For some data with higher confidentiality, the easy copying and the easy transmission of the electronic data are considered. The data sharing party encrypts the data first and uploads the encrypted data to the block chain, so that the data is prevented from being abused. However, for some regular data, there is a risk of being brute-force cracked, such as the identification number. In the existing mode, in order to prevent data from being cracked violently, different keys are used by a data encryption party for encrypting different data, although the risk of cracking violently can be avoided, the data sharing party needs to manage the keys for encrypting the data, and when the data volume is large, a large number of keys need to be managed.
Disclosure of Invention
The invention provides a block chain-based encrypted data sharing method and device, and solves the problem that a data sharing party needs to manage a large number of keys when the data volume is large in the prior art.
In a first aspect, the present invention provides a method for sharing encrypted data based on a block chain, including: aiming at the ith plaintext data, obtaining an ith first-layer encryption value according to a first encryption algorithm; generating an ith encryption private key of the ith plaintext data according to the ith first-layer encryption value and at least one random salt value; any random salt value is generated at least according to a main private key and the ith plaintext data; generating an ith encryption public key according to a third encryption algorithm at least according to the ith encryption private key; encrypting the ith plaintext data according to the third encryption algorithm at least according to the ith encryption public key to obtain the ith encrypted data; uploading the ith encryption public key and the ith encryption data to a blockchain; and the ith encryption public key is used for encrypting the ith plaintext data after the data user acquires the ith plaintext data, and is compared with the ith encrypted data.
In the above method, for any ith plaintext data, an ith encrypted private key of the ith plaintext data may be generated according to the ith first-layer encrypted value and at least one random salt value, where any random salt value is generated at least according to a main private key and the ith plaintext data, that is, one main private key may generate at least one random salt value, and further generate an ith encrypted private key for the ith plaintext data, and generate an ith encrypted public key, and encrypt any ith plaintext data, only the ith encrypted private key and the ith encrypted public key need to be temporarily generated, and then encrypt the ith plaintext data, so as to obtain the ith encrypted data, a data sharing party only needs to store the main private key without storing the ith encrypted private key, and a data providing party may encrypt the ith plaintext data by using the ith encrypted public key published on a block chain after obtaining the ith plaintext data, if the comparison is the same as the ith encrypted data, the obtained data is proved to be the ith plaintext data declared on the block chain, so that the data sharing party only needs to manage the main private key even if sharing the encrypted data with larger data volume.
Optionally, the at least one random salt value is m random salt values, and m is an integer greater than 1; generating an ith encryption private key of the ith plaintext data according to the ith first-layer encryption value and at least one random salt value, wherein the generation comprises the following steps:
obtaining a kth private key fragment according to a kth random salt value in the m random salt values and the ith first-layer encrypted value;
after the m private key fragments are obtained in an accumulated mode, the ith encrypted private key is obtained according to the m private key fragments and preset operation.
In the method, each private key fragment is obtained by mixing the ith first-layer encryption value with the kth random salt value, the randomness is stronger, and the ith encryption private key is further obtained according to the m private key fragments and the preset operation, so that the ith encryption private key is not easy to crack.
Optionally, the obtaining a kth private key fragment according to a kth random salt value of the m random salt values and the ith first-layer encrypted value includes: according to a second encryption algorithm, obtaining a 1 st nested encryption value according to the kth random salt value and the ith first-layer encryption value; starting from j ═ 1, c-1 iterations are performed: according to the second encryption algorithm, acquiring a j +1 th nested encryption value according to a j nested encryption value and the ith first-layer encryption value; thereby obtaining c-1 nested cryptographic values; c is a positive integer greater than 2; according to the c nested encryption values, obtaining the kth private key fragment according to the preset operation; the c nested secret values comprise the c-1 nested secret value and the 1 st secret value.
In the method, the 1 st nested encryption value is obtained according to the kth random salt value and the ith first-layer encryption value, c-1 nested encryption values are obtained through iteration execution for c-1 times, and then the kth private key fragment is obtained, so that the randomness is stronger after the kth private key fragment is subjected to multiple confusion and iteration of the kth random salt value.
Optionally, the kth random salt value is obtained specifically according to the following manner: generating a kth random number according to the ith plaintext data, the main private key and the kth identification; and obtaining the kth random salt value according to the kth random value and the first encryption algorithm.
In the above manner, firstly, the kth random number is generated by combining the kth identifier, and the kth identifier is further encrypted to obtain the kth random number, so that the kth random salt value has stronger randomness.
Optionally, the generating a kth random number according to the ith plaintext data, the master private key, and the kth identifier includes: obtaining a random intermediate result according to the ith plaintext data and the main private key and the preset operation; obtaining a kth random code according to the kth identifier and a preset random coding mode; and generating the kth random number according to the random intermediate result and the kth random code.
In the above mode, after the random intermediate result is obtained, the kth random code is obtained according to a preset random coding mode and is mixed with the kth identifier to obtain the kth random number, so that the concealment of the kth random number is stronger.
Optionally, the preset operation is a preset logic bit operation.
In the above manner, by selecting the preset logic bit operation as the preset operation, the operation efficiency can be improved.
Optionally, the generating an ith encryption public key according to a third encryption algorithm at least according to the ith encryption private key includes:
determining the ith encryption public key according to the ith encryption private key and a generator of an elliptic curve and the third encryption algorithm;
the encrypting the ith plaintext data according to the third encryption algorithm at least according to the ith encryption public key to obtain the ith encrypted data includes:
and encrypting the ith plaintext data according to the third encryption algorithm and the ith encryption public key, the encryption random number and the generator to obtain the ith encrypted data.
After the ith encryption public key is determined by the generator of the elliptic curve, the ith plaintext data is encrypted to obtain the ith encrypted data, and the corresponding plaintext of the ith encrypted data does not need to be revealed during verification, so that the encrypted secrecy is stronger.
In a second aspect, the present invention provides an encrypted data sharing apparatus based on a block chain, including: the encryption module is used for obtaining an ith first-layer encryption value according to a first encryption algorithm aiming at the ith plaintext data; generating an ith encryption private key of the ith plaintext data according to the ith first-layer encryption value and at least one random salt value; any random salt value is generated at least according to a main private key and the ith plaintext data; generating an ith encryption public key according to a third encryption algorithm at least according to the ith encryption private key; encrypting the ith plaintext data according to the third encryption algorithm at least according to the ith encryption public key to obtain the ith encrypted data;
the data transmission module is used for uploading the ith encrypted public key and the ith encrypted data to a block chain; and the ith encryption public key is used for encrypting the ith plaintext data after the data user acquires the ith plaintext data, and is compared with the ith encrypted data.
Optionally, the at least one random salt value is m random salt values, and m is an integer greater than 1; the encryption module is specifically configured to:
obtaining a kth private key fragment according to a kth random salt value in the m random salt values and the ith first-layer encrypted value;
after the m private key fragments are obtained in an accumulated mode, the ith encrypted private key is obtained according to the m private key fragments and preset operation.
Optionally, the encryption module is specifically configured to: according to a second encryption algorithm, obtaining a 1 st nested encryption value according to the kth random salt value and the ith first-layer encryption value;
starting from j ═ 1, c-1 iterations are performed: according to the second encryption algorithm, acquiring a j +1 th nested encryption value according to a j nested encryption value and the ith first-layer encryption value; thereby obtaining c-1 nested cryptographic values; c is a positive integer greater than 2;
according to the c nested encryption values, obtaining the kth private key fragment according to the preset operation; the c nested secret values comprise the c-1 nested secret value and the 1 st secret value.
Optionally, the encryption module is specifically configured to:
generating a kth random number according to the ith plaintext data, the main private key and the kth identification;
and obtaining the kth random salt value according to the kth random value and the first encryption algorithm.
Optionally, the encryption module is specifically configured to: obtaining a random intermediate result according to the ith plaintext data and the main private key and the preset operation;
obtaining a kth random code according to the kth identifier and a preset random coding mode;
and generating the kth random number according to the random intermediate result and the kth random code.
Optionally, the preset operation is a preset logic bit operation.
Optionally, the encryption module is specifically configured to: determining the ith encryption public key according to the ith encryption private key and a generator of an elliptic curve and the third encryption algorithm; and encrypting the ith plaintext data according to the third encryption algorithm and the ith encryption public key, the encryption random number and the generator to obtain the ith encrypted data.
The advantageous effects of the second aspect and the various optional apparatuses of the second aspect may refer to the advantageous effects of the first aspect and the various optional methods of the first aspect, and are not described herein again.
In a third aspect, the present invention provides a computer device comprising a program or instructions for performing the method of the first aspect and the alternatives of the first aspect when the program or instructions are executed.
In a fourth aspect, the present invention provides a storage medium comprising a program or instructions which, when executed, is adapted to perform the method of the first aspect and the alternatives of the first aspect.
These and other aspects of the invention are apparent from and will be elucidated with reference to the embodiments described hereinafter.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a schematic view of a specific flow corresponding to a block chain-based encrypted data sharing method according to an embodiment of the present invention;
fig. 2 is a schematic view of a specific flow corresponding to a block chain-based encrypted data sharing method according to an embodiment of the present invention;
fig. 3 is a schematic diagram illustrating generation of a kth private key fragment in an encrypted data sharing method based on a block chain according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an encrypted data sharing apparatus based on a block chain according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The following first describes terms appearing in the embodiments of the present application.
Block chains: a novel distributed infrastructure and computing approach that utilizes block-chain data structures to verify and store data, utilizes distributed node consensus algorithms to generate and update data, cryptographically secures data transmission and access, and utilizes intelligent contracts composed of automated script code to program and manipulate data.
Public key system: the keys are generated in pairs, each pair consisting of a public key and a private key. In practical applications, the private key is kept by the owner, while the public key needs to be disclosed to the public.
Private key: the private key is the only credential for the blockchain account that is used to sign the transaction.
Asymmetric encryption: asymmetric encryption algorithms require two keys: public keys (public keys for short) and private keys (private keys for short). The public key and the private key are a pair, and if data is encrypted by the public key, the data can be decrypted only by the corresponding private key.
And (3) Hash algorithm: the algorithm is a cryptographic hash function family, and can calculate a character string (also called a message digest) with a fixed length corresponding to a digital message.
HMAC algorithm: the HMAC is a Hash-based Message Authentication Code (Hash-based Message Authentication Code) related to a key, and the HMAC uses a Hash algorithm to generate a Message digest as an output by taking a key and a Message as inputs.
In the operation process of financial institutions (banking institutions, insurance institutions or security institutions) in business (such as loan business, deposit business and the like of banks), a data sharing party can upload data to a block chain, and then the block chain can perform cross-platform data sharing through a distributed account book. The data sharing party encrypts the data first and uploads the encrypted data to the block chain, so that the data is prevented from being abused. However, for some regular data, there is a risk of being brute-force broken. If the data encryption party adopts different keys to encrypt the data, although the risk of brute force cracking can be avoided, the data sharing party needs to manage the keys for encrypting the data, and when the data volume is large, a large number of keys need to be managed. This situation does not meet the requirements of financial institutions such as banks, and the efficient operation of various services of the financial institutions cannot be ensured. As shown in fig. 1, the present application provides an encrypted data sharing method based on a block chain.
Step 101: and aiming at the ith plaintext data, obtaining an ith first-layer encryption value according to a first encryption algorithm.
Step 102: and generating an ith encryption private key of the ith plaintext data according to the ith first-layer encryption value and at least one random salt value.
And generating any random salt value at least according to the main private key and the ith plaintext data.
Step 103: and generating an ith encryption public key according to a third encryption algorithm at least according to the ith encryption private key.
Step 104: and encrypting the ith plaintext data according to the third encryption algorithm at least according to the ith encryption public key to obtain the ith encrypted data.
Step 105: and uploading the ith encryption public key and the ith encryption data to a block chain.
And the ith encryption public key is used for encrypting the ith plaintext data after the data user acquires the ith plaintext data, and is compared with the ith encrypted data.
It should be noted that the method in steps 101 to 105 provides an encrypted data sharing method based on a block chain. In the methods in steps 101 to 105, the first encryption algorithm is the irreversible algorithm by default, that is, the algorithm, such as the hash algorithm, for the ith plaintext data cannot be reversely exited through the ith first-layer encryption value. The random salt value is random confusion information generated according to a certain rule and used for increasing the randomness of data encryption. It should be noted that the random salt value may be generated in various ways, for example, generated according to a random number, a master private key, and the ith plaintext data, and some other random information or preset information may be added.
In the method of steps 101 to 105, the master private key may be generated by any public private key generation algorithm, and then, for each piece of plaintext data, a sub private key of the piece of plaintext data may be regenerated at least according to a random salt value of the piece of plaintext data generated by using the encrypted data and the master private key together, and the sub private key is used to encrypt the piece of plaintext data, so that even when a data sharing party shares encrypted data with a large data volume, only the master private key needs to be managed.
For example, the number of plaintext to be encryptedAccording to the set D ═ D1,...,di,...,dnD comprises n pieces of plaintext data, i, n are positive integers, wherein DiFor the ith plaintext data, the ith encryption public key KiAnd (4) chaining, the data provider does not need to store the encryption private key of the ith plaintext data, and only needs to store the main private key.
It should be noted that there are various ways to obtain the ith encryption private key, for example, directly according to a preset encryption algorithm, the encryption result of the ith first-layer encryption value and at least one random salt value is used as the ith encryption private key of the ith plaintext data, or an ith intermediate private key is obtained by first performing an operation according to the encryption result of the ith first-layer encryption value and at least one random salt value, and then the ith intermediate private key is encrypted to obtain the ith encryption private key, which is not limited herein. In addition, in addition to the ith primary encrypted value and the at least one random salt value, other information and the like can be added, so that the ith encrypted private key for generating the ith plaintext data can be generated.
In an alternative embodiment, the at least one random salt value is m random salt values, m being an integer greater than 1; step 102 may specifically be:
step 1021: and obtaining a kth private key fragment according to the kth random salt value in the m random salt values and the ith first-layer encrypted value.
Step 1022: after the m private key fragments are obtained in an accumulated mode, the ith encrypted private key is obtained according to the m private key fragments and preset operation.
For example, the m random salt values include: random salt number 1, random salt number 2, …, random salt number m.
Further, a 1 st private key fragment can be obtained according to the 1 st random salt value and the 1 st first-layer encryption value; obtaining a2 nd private key fragment according to the 2 nd random salt value and the 2 nd first-layer encryption value; and by analogy, obtaining the mth private key fragment according to the mth random salt value and the mth first-layer encryption value.
Then the m private key splits include: private key 1, private key 2, …, private key m. And then, obtaining the ith encryption private key according to preset operation.
In an alternative embodiment, the predetermined operation is a predetermined logic bit operation.
If the preset logic bit operation is an exclusive-or operation, the operation efficiency is improved.
In an alternative embodiment, step 1021 may specifically be:
step (1021-1): and according to a second encryption algorithm, obtaining a 1 st nested encryption value according to the kth random salt value and the ith first-layer encryption value.
Step (1021-2): starting from j ═ 1, c-1 iterations are performed: according to the second encryption algorithm, acquiring a j +1 th nested encryption value according to a j nested encryption value and the ith first-layer encryption value; thereby obtaining c-1 nested cryptographic values.
c is a positive integer greater than 2.
Step (1021-3): according to the c nested encryption values, obtaining the kth private key fragment according to the preset operation; the c nested secret values comprise the c-1 nested secret value and the 1 st secret value.
It should be noted that, in the step (1021-2), the 2 nd nested cryptographic value starts, and each nested cryptographic value is generated by the previous nested cryptographic value and the ith first-layer cryptographic value, so that c-1 nested cryptographic values are obtained through multiple layers of iteration, and the cracking difficulty is increased.
And further, according to the c nested encryption values and the preset operation, the kth private key fragment is obtained, so that the randomness of the kth private key fragment is stronger.
In an alternative embodiment, the kth random salt value is obtained in the following manner:
generating a kth random number according to the ith plaintext data, the main private key and the kth identification; and obtaining the kth random salt value according to the kth random value and the first encryption algorithm.
For example, the kth identifier is a function related to k, and can be associated with k, and then a random generation algorithm is combined to obtain the kth random number, and further the kth random salt value is obtained according to the first encryption algorithm, so that the kth random salt value is more difficult to crack.
More specifically, the kth random value may be obtained by:
obtaining a random intermediate result according to the ith plaintext data and the main private key and the preset operation; obtaining a kth random code according to the kth identifier and a preset random coding mode; and generating the kth random number according to the random intermediate result and the kth random code.
In the above method, after the random intermediate result is obtained, a random encoding mode may be further preset, so that the randomness is stronger, for example, the random encoding mode is big-byte encoding.
In an alternative embodiment, step 103 may specifically be:
and determining the ith encryption public key according to the ith encryption private key and the generator of the elliptic curve and the third encryption algorithm.
Step 104 may specifically be:
and encrypting the ith plaintext data according to the third encryption algorithm and the ith encryption public key, the encryption random number and the generator to obtain the ith encrypted data.
After the ith encryption public key is determined by the generator of the elliptic curve, the ith plaintext data is encrypted to obtain the ith encrypted data, and the corresponding plaintext of the ith encrypted data does not need to be revealed during verification, so that the encrypted secrecy is stronger.
The following describes in detail an encrypted data sharing method based on a blockchain according to the present application with reference to fig. 2.
Step (1): and generating a main private key by adopting any public private key generation algorithm, marking the main private key as a main private key MK, and keeping the main private key by a data provider.
Step (2): considering the security of the encryption private key, avoiding brute force cracking due to small isomorphic data sample base, the length (ckLen) of the ith encryption private key of the ith plaintext data needs to be defined by a data provider in a self-defining way, the sub private keys of the ith encryption private key are generally integer multiples of 256 bits, and if the length of the sub private key generated at one time does not meet the length of the specified private key, multiple times of generation and splicing are needed. The number of fragments m of the encryption private key needs to be calculated first, as follows.
And (3): for each private key fragment, such as the kth private key fragment, a kth random number R is generated according to the ith data plaintext, the main private key MK and the kth identification (subscript k) of the encrypted private key fragmentkWherein 0 is<And k is less than or equal to m, the generation mode is that exclusive or processing is carried out on the main private key and the data plaintext, and a 32-bit integer k value coded into a big byte order is spliced as shown in the following.
Rk=MK^di||INT_32_BE(k);
In this application, | | denotes concatenation.
And (4): according to the kth random number RkAnd calculating a kth random salt value for preventing reverse lookup and rainbow table attack on the encrypted private key fragment.
Saltk=SHA256(Rk) (ii) a SHA256 denotes SHA256 hash algorithm;
and (5): a first HMAC SHA256 value is calculated from the kth random salt value and the primary private key, when k equals 1, as shown below. In the case of adding random salt values in HMAC and SHA calculations, the possibility of brute force attacks can be reduced, but since the HASH operation is too fast, it cannot be guaranteed that the HASH is broken on the super hardware device (e.g., GPU), and therefore, the randomness can be increased by performing step (6) below.
HMAC1=HMAC_SHA_256(SHA_256(MK)+Saltk);
And (6): and carrying out forward iteration for multiple times through the iteration factor, and reducing the speed of backward calculation. The method is to continuously iterate the HMAC _ SHA _256 values for multiple times, so that the cracking difficulty is improved. Each iteration is denoted as HMACjWherein 0 is<j<c, c is the number of iterations, which may be set, for example, greater than 10000, where HMAC isjHas a random salt number ofHMAC _ SHA _256 value obtained from last calculation, i.e. HMACj-1. As shown in fig. 3.
HMACj=HMAC_SHA_256(SHA_256(MK)+HMACj-1),1<j<c;
And (7): performing exclusive OR operation on all HMACs, and calculating an encrypted private key fragment SmThe following.
SK=HMAC1^HMAC2^...^HMACc;
And (8): according to the number of the private key fragments, circularly executing the steps from the step (3) to the step (7), generating other m-1 private key fragments, splicing the m private key fragments, and generating the d-thiAn encryption private key for the piece of data.
CKi=S1||S2||...||Sm;
And (9): taking a public elliptic curve, selecting a public point G as a generator, and calculating a public key K corresponding to the ith encryption private keyi:
Ki=CKi*G;
Step (10): selecting a random number r, and performing comparison on the ith plaintext data diGenerating ith encrypted data C after encrypting with corresponding ith encrypted public keyi:
Ci={rG,di+rKi};
Step (11): will { Ki,CiThe information uplink facilitates subsequent data decryption and data correctness verification.
As shown in fig. 4, the present invention provides an encrypted data sharing apparatus based on a block chain, including: the encryption module 401 is configured to obtain an ith first-layer encryption value according to a first encryption algorithm for the ith plaintext data; generating an ith encryption private key of the ith plaintext data according to the ith first-layer encryption value and at least one random salt value; any random salt value is generated at least according to a main private key and the ith plaintext data; generating an ith encryption public key according to a third encryption algorithm at least according to the ith encryption private key; encrypting the ith plaintext data according to the third encryption algorithm at least according to the ith encryption public key to obtain the ith encrypted data;
a data transmission module 402, configured to upload the ith encrypted public key and the ith encrypted data to a blockchain; and the ith encryption public key is used for encrypting the ith plaintext data after the data user acquires the ith plaintext data, and is compared with the ith encrypted data.
Optionally, the at least one random salt value is m random salt values, and m is an integer greater than 1; the encryption module 401 is specifically configured to:
obtaining a kth private key fragment according to a kth random salt value in the m random salt values and the ith first-layer encrypted value;
after the m private key fragments are obtained in an accumulated mode, the ith encrypted private key is obtained according to the m private key fragments and preset operation.
Optionally, the encryption module 401 is specifically configured to: according to a second encryption algorithm, obtaining a 1 st nested encryption value according to the kth random salt value and the ith first-layer encryption value;
starting from j ═ 1, c-1 iterations are performed: according to the second encryption algorithm, acquiring a j +1 th nested encryption value according to a j nested encryption value and the ith first-layer encryption value; thereby obtaining c-1 nested cryptographic values; c is a positive integer greater than 2;
according to the c nested encryption values, obtaining the kth private key fragment according to the preset operation; the c nested secret values comprise the c-1 nested secret value and the 1 st secret value.
Optionally, the encryption module 401 is specifically configured to:
generating a kth random number according to the ith plaintext data, the main private key and the kth identification;
and obtaining the kth random salt value according to the kth random value and the first encryption algorithm.
Optionally, the encryption module 401 is specifically configured to: obtaining a random intermediate result according to the ith plaintext data and the main private key and the preset operation;
obtaining a kth random code according to the kth identifier and a preset random coding mode;
and generating the kth random number according to the random intermediate result and the kth random code.
Optionally, the preset operation is a preset logic bit operation.
Optionally, the encryption module 401 is specifically configured to: determining the ith encryption public key according to the ith encryption private key and a generator of an elliptic curve and the third encryption algorithm; and encrypting the ith plaintext data according to the third encryption algorithm and the ith encryption public key, the encryption random number and the generator to obtain the ith encrypted data.
Based on the same inventive concept, embodiments of the present invention further provide a computer device, which includes a program or an instruction, and when the program or the instruction is executed, the encrypted data sharing method based on the blockchain and any optional method provided in the embodiments of the present invention are executed.
Based on the same inventive concept, embodiments of the present invention further provide a computer-readable storage medium, which includes a program or instructions, and when the program or instructions are executed, the encrypted data sharing method based on the blockchain and any optional method provided by the embodiments of the present invention are executed.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (10)
1. An encrypted data sharing method based on a block chain is characterized by comprising the following steps:
aiming at the ith plaintext data, obtaining an ith first-layer encryption value according to a first encryption algorithm;
generating an ith encryption private key of the ith plaintext data according to the ith first-layer encryption value and at least one random salt value; any random salt value is generated at least according to a main private key and the ith plaintext data;
generating an ith encryption public key according to a third encryption algorithm at least according to the ith encryption private key;
encrypting the ith plaintext data according to the third encryption algorithm at least according to the ith encryption public key to obtain the ith encrypted data;
uploading the ith encryption public key and the ith encryption data to a blockchain; and the ith encryption public key is used for encrypting the ith plaintext data after the data user acquires the ith plaintext data, and is compared with the ith encrypted data.
2. The method of claim 1, wherein the at least one random salt value is m random salt values, m being an integer greater than 1; generating an ith encryption private key of the ith plaintext data according to the ith first-layer encryption value and at least one random salt value, wherein the generation comprises the following steps:
obtaining a kth private key fragment according to a kth random salt value in the m random salt values and the ith first-layer encrypted value;
after the m private key fragments are obtained in an accumulated mode, the ith encrypted private key is obtained according to the m private key fragments and preset operation.
3. The method of claim 2, wherein obtaining a kth private key slice from a kth random salt value of the m random salt values and the ith first-layer cryptographic value comprises:
according to a second encryption algorithm, obtaining a 1 st nested encryption value according to the kth random salt value and the ith first-layer encryption value;
starting from j ═ 1, c-1 iterations are performed: according to the second encryption algorithm, acquiring a j +1 th nested encryption value according to a j nested encryption value and the ith first-layer encryption value; thereby obtaining c-1 nested cryptographic values; c is a positive integer greater than 2;
according to the c nested encryption values, obtaining the kth private key fragment according to the preset operation; the c nested secret values comprise the c-1 nested secret value and the 1 st secret value.
4. The method of claim 2, wherein the kth random salt value is obtained in particular by:
generating a kth random number according to the ith plaintext data, the main private key and the kth identification;
and obtaining the kth random salt value according to the kth random value and the first encryption algorithm.
5. The method according to claim 4, wherein said generating a kth random number from said ith plaintext data, said primary private key, and a kth identification comprises:
obtaining a random intermediate result according to the ith plaintext data and the main private key and the preset operation;
obtaining a kth random code according to the kth identifier and a preset random coding mode;
and generating the kth random number according to the random intermediate result and the kth random code.
6. The method of claim 2, wherein the predetermined operation is a predetermined logic bit operation.
7. The method according to any one of claims 1 to 6, wherein said generating an ith encrypted public key according to a third encryption algorithm based on at least said ith encrypted private key comprises:
determining the ith encryption public key according to the ith encryption private key and a generator of an elliptic curve and the third encryption algorithm;
the encrypting the ith plaintext data according to the third encryption algorithm at least according to the ith encryption public key to obtain the ith encrypted data includes:
and encrypting the ith plaintext data according to the third encryption algorithm and the ith encryption public key, the encryption random number and the generator to obtain the ith encrypted data.
8. An encrypted data sharing device based on a block chain, comprising:
the encryption module is used for obtaining an ith first-layer encryption value according to a first encryption algorithm aiming at the ith plaintext data; generating an ith encryption private key of the ith plaintext data according to the ith first-layer encryption value and at least one random salt value; any random salt value is generated at least according to a main private key and the ith plaintext data; generating an ith encryption public key according to a third encryption algorithm at least according to the ith encryption private key; encrypting the ith plaintext data according to the third encryption algorithm at least according to the ith encryption public key to obtain the ith encrypted data;
the data transmission module is used for uploading the ith encrypted public key and the ith encrypted data to a block chain; and the ith encryption public key is used for encrypting the ith plaintext data after the data user acquires the ith plaintext data, and is compared with the ith encrypted data.
9. A computer device comprising a program or instructions that, when executed, perform the method of any of claims 1 to 7.
10. A computer-readable storage medium comprising a program or instructions which, when executed, perform the method of any of claims 1 to 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011475283.7A CN112487464A (en) | 2020-12-14 | 2020-12-14 | Encrypted data sharing method and device based on block chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011475283.7A CN112487464A (en) | 2020-12-14 | 2020-12-14 | Encrypted data sharing method and device based on block chain |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112487464A true CN112487464A (en) | 2021-03-12 |
Family
ID=74916332
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011475283.7A Pending CN112487464A (en) | 2020-12-14 | 2020-12-14 | Encrypted data sharing method and device based on block chain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112487464A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113438235A (en) * | 2021-06-24 | 2021-09-24 | 国网河南省电力公司 | Data layered credible encryption method |
CN113992325A (en) * | 2021-10-09 | 2022-01-28 | 深圳前海微众银行股份有限公司 | Private data sharing method and device |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106250721A (en) * | 2016-07-28 | 2016-12-21 | 杭州云象网络技术有限公司 | A kind of electronic copyright protection method based on block chain |
CN108830600A (en) * | 2018-06-19 | 2018-11-16 | 方欣科技有限公司 | A kind of electronic invoice system and implementation method based on block chain |
CN111192050A (en) * | 2019-12-31 | 2020-05-22 | 成都库珀区块链科技有限公司 | Digital asset private key storage and extraction method and device |
CN111639361A (en) * | 2020-05-15 | 2020-09-08 | 中国科学院信息工程研究所 | Block chain key management method, multi-person common signature method and electronic device |
-
2020
- 2020-12-14 CN CN202011475283.7A patent/CN112487464A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106250721A (en) * | 2016-07-28 | 2016-12-21 | 杭州云象网络技术有限公司 | A kind of electronic copyright protection method based on block chain |
CN108830600A (en) * | 2018-06-19 | 2018-11-16 | 方欣科技有限公司 | A kind of electronic invoice system and implementation method based on block chain |
CN111192050A (en) * | 2019-12-31 | 2020-05-22 | 成都库珀区块链科技有限公司 | Digital asset private key storage and extraction method and device |
CN111639361A (en) * | 2020-05-15 | 2020-09-08 | 中国科学院信息工程研究所 | Block chain key management method, multi-person common signature method and electronic device |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113438235A (en) * | 2021-06-24 | 2021-09-24 | 国网河南省电力公司 | Data layered credible encryption method |
CN113992325A (en) * | 2021-10-09 | 2022-01-28 | 深圳前海微众银行股份有限公司 | Private data sharing method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20240250808A1 (en) | Determining a common secret for the secure exchange of information and hierarchical, deterministic cryptographic keys | |
CN111066285B (en) | SM2 signature based public key recovery method | |
US8300828B2 (en) | System and method for a derivation function for key per page | |
KR20040007769A (en) | Method for an integrated protection system of data distributed processing in computer networks and system for carrying out said method | |
US8542832B2 (en) | System and method for the calculation of a polynomial-based hash function and the erindale-plus hashing algorithm | |
CN115804061A (en) | Generating a shared private key | |
Kasgar et al. | A review paper of message digest 5 (MD5) | |
US20210036864A1 (en) | Method and system for generating a keccak message authentication code (kmac) based on white-box implementation | |
Bhandari et al. | Enhancement of MD5 Algorithm for Secured Web Development. | |
Mohammed et al. | Advancing cloud image security via AES algorithm enhancement techniques | |
Liu et al. | Exploiting lsb self-quantization for plaintext-related image encryption in the zero-trust cloud | |
CN112487464A (en) | Encrypted data sharing method and device based on block chain | |
Jones et al. | Information Security: A Coordinated Strategy to Guarantee Data Security in Cloud Computing | |
CN114430321B (en) | DFA self-adaptive security-based black box traceable key attribute encryption method and device | |
CN108199836A (en) | A kind of key and apparatus bound, the method and device of solution binding | |
CN116980117A (en) | Secure multi-party computing collusion attack resisting method based on alliance chain | |
Akshay et al. | Dynamic list based data integrity verification in cloud environment | |
KR20240045231A (en) | Creation of digitally signed shares | |
Tang et al. | Fragile watermarking based proofs of retrievability for archival cloud data | |
Bidhuri | Enhancing Password Security Using a Hybrid Approach of SCrypt Hashing and AES Encryption | |
Lu et al. | White-box implementation of the KMAC message authentication code | |
Feng et al. | Mastering AI: Big Data, Deep Learning, and the Evolution of Large Language Models--Blockchain and Applications | |
Rahouma | Reviewing and applying security services with non-english letter coding to secure software applications in light of software trade-offs | |
CN117910024B (en) | Key generation method and device, electronic equipment and storage medium | |
CN117240479B (en) | Multiparty quantum signature method, multiparty quantum signature device, computer equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |