CN113992330A - Block chain data controlled sharing method and system based on proxy re-encryption - Google Patents
Block chain data controlled sharing method and system based on proxy re-encryption Download PDFInfo
- Publication number
- CN113992330A CN113992330A CN202111277801.9A CN202111277801A CN113992330A CN 113992330 A CN113992330 A CN 113992330A CN 202111277801 A CN202111277801 A CN 202111277801A CN 113992330 A CN113992330 A CN 113992330A
- Authority
- CN
- China
- Prior art keywords
- data
- user
- proxy
- management node
- authorization
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 33
- 238000013475 authorization Methods 0.000 claims abstract description 170
- 238000010276 construction Methods 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 description 8
- 238000004891 communication Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 7
- 238000004364 calculation method Methods 0.000 description 5
- 238000006243 chemical reaction Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000000586 desensitisation Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/76—Proxy, i.e. using intermediary entity to perform cryptographic operations
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- Mathematical Physics (AREA)
- Physics & Mathematics (AREA)
- Pure & Applied Mathematics (AREA)
- Mathematical Optimization (AREA)
- Computing Systems (AREA)
- Mathematical Analysis (AREA)
- General Physics & Mathematics (AREA)
- Algebra (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
本申请公开了一种基于代理重加密的区块链数据受控共享方法及系统,数据拥有用户将共享数据通过初始加密并构造代理重加密密钥,将共享数据的交易信息上传至区块链网络中,同时向区块链网络中的授权管理节点发送共享数据的数据访问权限授权列表,使得数据拥有用户可以通过更新数据访问权限授权列表,区块链网络中节点分工代理并对重加密密钥的解密参数分割管理,动态调整其他用户对共享数据的访问权限,解决了现有技术中区块链的共享性局限于预先设定的数据用户,难以实现高效扩展,在实现隐私保护的同时其实际可用性较低,无法满足数据共享的实际需要的技术问题。
This application discloses a method and system for controlled sharing of blockchain data based on proxy re-encryption. The data owner user encrypts the shared data initially and constructs a proxy re-encryption key, and uploads the transaction information of the shared data to the blockchain. In the network, the data access authorization list of the shared data is sent to the authorization management node in the blockchain network at the same time, so that the data owner can update the data access authorization authorization list. The decryption parameters of the key are segmented and managed, and the access rights of other users to the shared data are dynamically adjusted, which solves the problem that the sharing of the blockchain in the prior art is limited to pre-set data users, and it is difficult to achieve efficient expansion. While achieving privacy protection Its actual availability is low, and it cannot meet the technical problems of the actual needs of data sharing.
Description
Technical Field
The present application relates to the field of blockchain technologies, and in particular, to a method and a system for controlled sharing of blockchain data based on proxy re-encryption.
Background
The realization of data security sharing in a distributed environment is always a research hotspot, a block chain is a distributed book technology which is jointly maintained by multiple parties, and the block chain has the characteristics of decentralization, traceability and non-falsification, so that the application of the block chain technology is not limited to encryption currency, and a platform support is provided for data security sharing. However, these characteristics of blockchains also pose a problem of privacy disclosure of transaction data. Because the transaction information on the blockchain is transparent to all nodes in the network, each node can read transaction data, and an attacker can threaten the transaction privacy and the identity privacy of a user by analyzing the data in the blockchain account book, thereby seriously influencing the application of the blockchain in many service fields. In order to realize safe share of the block chain data while protecting the privacy of the transaction, firstly, the transaction data needs to be stored in the chain, and then the data can be operated and shared by using an intelligent contract. Second, to protect transaction data privacy, the data needs encryption processing on the chain. And finally, the encrypted transaction data supports authorized sharing, and a legal data user meeting the access authority can access the linked data.
Proxy Re-Encryption (PRE) supports the transfer of decryption rights on the basis of public key Encryption, first proposed by Blaze et al in the year of european cryptology in 1998. The PRE scheme allows a semi-trusted agent (proxy) to convert Alice decryptable ciphertext into Bob decryptable ciphertext of the same plaintext, and the semi-trusted agent cannot obtain any information in the plaintext of the data. The proxy re-encryption divides the encryption and decryption work during data sharing, in the process, a user completes the first encryption, an agent re-encrypts different sharing users based on a first ciphertext, a data owner shares data without repeated encryption operation, the encryption work is handed to a proxy server, and the workload is reduced. The proxy re-encryption can be divided into one-way proxy re-encryption and two-way proxy re-encryption according to the conversion direction of the ciphertext. The one-way proxy re-encryption can only realize the ciphertext conversion from Alice to Bob, and the two-way proxy re-encryption can not only realize the ciphertext conversion from Alice to Bob, but also realize the ciphertext conversion from Bob to Alice. Identity, attribute, key type for fine-grained management and the like are used as important parameters of the PRE key, and an important basis can be provided for research of ciphertext access control. Therefore, the proxy re-encryption technology has application value in block chain data sharing.
At present, a block chain data sharing scheme mainly protects transaction privacy and identity privacy through data desensitization, digital signature, zero knowledge proof, homomorphic encryption, attribute-based encryption and other cryptographic technologies, and effective balance between privacy protection and usability of block chain data sharing is difficult to achieve. The data desensitization technology solves the problem of transaction privacy disclosure at the expense of the accuracy of certain data on the premise of not destroying the statistical characteristics of the data. The group signature technique distributes a group key to members in a group set in advance, thereby realizing group user privacy protection. The homomorphic encryption technology is combined with an intelligent contract to carry out the overall encryption on the transaction information to finish the transaction privacy protection. The attribute-based encryption technology performs access control and sharing on transaction data, achieves fine-grained access control and safe sharing of the data, and needs to encrypt the data repeatedly when a user authorizes the change.
In the prior art, the sharing performance of a block chain is limited to preset data users, efficient expansion is difficult to realize, the actual usability is low while privacy protection is realized, and the actual requirement of data sharing cannot be met. Meanwhile, when the access authority of the block chain data is changed, the data needs to be repeatedly encrypted, so that the calculation amount of a user is increased, and the communication overhead of the user is also increased.
Disclosure of Invention
The application provides a block chain data controlled sharing method and system based on proxy re-encryption, which solves the problems that in the prior art, the sharing performance of a block chain is limited to preset data users, efficient expansion is difficult to realize, the actual availability is low while privacy protection is realized, and the actual requirement of data sharing cannot be met; meanwhile, when the access right of the block chain data is changed, the data needs to be repeatedly encrypted, so that the calculation amount of a user is increased, and the technical problem of communication overhead of the user is also increased.
In view of the above, a first aspect of the present application provides a method for controlled sharing of blockchain data based on proxy re-encryption, where the method includes:
the first user end of the data owning user initially encrypts the shared data and constructs an initial ciphertext C and a proxy re-encryption key rk after the proxy re-encryption key is constructedA→BUploading the transaction information tx to the blockchain network;
a first user end of the data owning user sends a data access authority authorization list of the shared data to an authorization management node in the block chain network, wherein the data access authorization list comprises a decryption parameter alpha;
and the first user end of the data owning user sends a data access authority authorization list updating request to the authorization management node, so that the authorization management node updates a decryption parameter alpha corresponding to a second user end of a legal data requesting user contained in the data access authority authorization list.
Optionally, the sending, by the first user of the data owning user, a data access right authorization list update request to the authorization management node, so that the updating, by the authorization management node, of the decryption parameter α corresponding to the second user of the legal data requesting user included in the data access right authorization list specifically includes:
and the first user end of the data owning user sends a data access authority authorization list deleting request to the authorization management node, so that the authorization management node deletes the decryption parameter alpha corresponding to the second user end of the legal data requesting user contained in the data access authority authorization list.
Optionally, the sending, by the first user of the data owning user, a data access right authorization list update request to the authorization management node, so that the updating, by the authorization management node, of the decryption parameter α corresponding to the second user of the legal data requesting user included in the data access right authorization list specifically includes:
the numberConstructing a proxy re-encryption key rk for a new legal data requesting user according to a first user terminal owning the userA→CAnd a decryption parameter alpha' in the data access authority authorization list;
the first user end of the data owning user sends a data access authority authorization list updating request to the authorization management node, so that the authorization management node updates the decryption parameter alpha in the data access authority authorization list into a decryption parameter alpha';
the data owning user broadcasts the proxy re-encryption key rk to the blockchain networkA→C。
Optionally, the method further comprises:
if the second user end of the legal data request user sends a data request to the block chain network, the miner node of the block chain network sends the initial ciphertext C in the transaction information tx through the proxy re-encryption key rkA→BCarrying out re-encryption to generate a re-encrypted ciphertext C';
the miner node sends the re-encrypted ciphertext C' to the legal data request user;
the authorization management node sends the decryption parameter alpha to a second user end of the legal data request user;
and the second user end of the legal data request user decrypts the re-encrypted ciphertext C' by using a user private key and the decryption parameter alpha to obtain the shared data.
Optionally, the first user side of the data owning user initially encrypts the shared data and constructs an initial ciphertext C and a proxy re-encryption key rk after the proxy re-encryption key is constructedA→BThe uploading of the transaction information tx to the blockchain network specifically includes:
the first user end of the data owning user passes through a user private key pkACarrying out initial encryption on the shared data to obtain an initial ciphertext C, wherein C is (C)1,C2,C3,C4);
The first user end of the data owning user constructs the proxy weight aiming at the legal data requesting userEncryption key rkA→BAnd a decryption parameter alpha in the data access authority authorization list;
the first user end of the data owning user is added with the initial ciphertext C and the proxy re-encryption key rkA→BThe transaction information tx is uploaded to a block chain network, so that a miner node in the block chain network verifies the transaction information tx and then adds the transaction information tx into a block chain account book.
A second aspect of the present application provides a blockchain data controlled system based on proxy re-encryption, the system including:
the system comprises a first user terminal belonging to a data owning user and a block chain network, wherein the block chain network comprises an authorization management node and a miner node;
wherein:
the first user end of the data owning user initially encrypts the shared data and constructs an initial ciphertext C and a proxy re-encryption key rk after the proxy re-encryption key is constructedA→BUploading the transaction information tx to the blockchain network;
a first user end of the data owning user sends a data access authority authorization list of the shared data to an authorization management node in the block chain network, wherein the data access authorization list comprises a decryption parameter alpha;
and the first user end of the data owning user sends a data access authority authorization list updating request to the authorization management node, so that the authorization management node updates a decryption parameter alpha corresponding to a second user end of a legal data requesting user contained in the data access authority authorization list.
Optionally, the sending, by the first user of the data owning user, a data access right authorization list update request to the authorization management node, so that the updating, by the authorization management node, of the decryption parameter α corresponding to the second user of the legal data requesting user included in the data access right authorization list specifically includes:
and the first user end of the data owning user sends a data access authority authorization list deleting request to the authorization management node, so that the authorization management node deletes the decryption parameter alpha corresponding to the second user end of the legal data requesting user contained in the data access authority authorization list.
Optionally, the sending, by the first user of the data owning user, a data access right authorization list update request to the authorization management node, so that the updating, by the authorization management node, of the decryption parameter α corresponding to the second user of the legal data requesting user included in the data access right authorization list specifically includes:
the first user end of the data owning user constructs a proxy re-encryption key rk aiming at a new legal data requesting userA→CAnd a decryption parameter alpha' in the data access authority authorization list;
the first user end of the data owning user sends a data access authority authorization list updating request to the authorization management node, so that the authorization management node updates the decryption parameter alpha in the data access authority authorization list into a decryption parameter alpha';
the data owning user broadcasts the proxy re-encryption key rk to the blockchain networkA→C。
Optionally, the system further comprises a second user terminal belonging to the legal data requesting user;
wherein:
if the second user end of the legal data request user sends a data request to the block chain network, the miner node of the block chain network sends the initial ciphertext C in the transaction information tx through the proxy re-encryption key rkA→BCarrying out re-encryption to generate a re-encrypted ciphertext C';
the miner node sends the re-encrypted ciphertext C' to the legal data request user;
the authorization management node sends the decryption parameter alpha to a second user end of the legal data request user;
and the second user end of the legal data request user decrypts the re-encrypted ciphertext C' by using a user private key and the decryption parameter alpha to obtain the shared data.
Optionally, the first user side of the data owning user initially encrypts the shared data and constructs an initial ciphertext C and a proxy re-encryption key rk after the proxy re-encryption key is constructedA→BThe uploading of the transaction information tx to the blockchain network specifically includes:
the first user end of the data owning user passes through a user private key pkACarrying out initial encryption on the shared data to obtain an initial ciphertext C, wherein C is (C)1,C2,C3,C4);
The first user end of the data owning user constructs a proxy re-encryption key rk aiming at a legal data requesting userA→BAnd a decryption parameter alpha in the data access authority authorization list;
the first user end of the data owning user is added with the initial ciphertext C and the proxy re-encryption key rkA→BThe transaction information tx is uploaded to a block chain network, so that a miner node in the block chain network verifies the transaction information tx and then adds the transaction information tx into a block chain account book.
According to the technical scheme, the embodiment of the application has the following advantages:
the application provides a block chain data controlled sharing method based on proxy re-encryption, wherein a data owner user initially encrypts shared data and constructs a proxy re-encryption key, uploads transaction information of the shared data to a block chain network, and simultaneously sends a data access authority authorization list of the shared data to an authorization management node in the block chain network, so that the data owner user can divide and manage decryption parameters of the re-encryption key by a work proxy in the block chain network through updating the data access authority authorization list, dynamically adjusts access authorities of other users to the shared data, solves the problem that the sharability of a block chain in the prior art is limited to a preset data user, is difficult to realize efficient expansion, has lower actual availability while realizing privacy protection, and cannot meet the actual requirement of data sharing; meanwhile, when the access right of the block chain data is changed, the data needs to be repeatedly encrypted, so that the calculation amount of a user is increased, and the technical problem of communication overhead of the user is also increased.
Drawings
Fig. 1 is a flowchart illustrating a method for controlled sharing of blockchain data based on proxy re-encryption according to an embodiment of the present disclosure;
FIG. 2 is a flow chart of an improved proxy re-encryption algorithm according to an embodiment of the present application;
fig. 3 is a system model diagram of a blockchain data-controlled sharing system based on proxy re-encryption according to an embodiment of the present application.
Detailed Description
In order to make the technical solutions of the present application better understood, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The application designs a block chain data controlled sharing method and system based on proxy re-encryption, and solves the problems that in the prior art, the sharing performance of a block chain is limited to preset data users, efficient expansion is difficult to realize, the actual usability is low while privacy protection is realized, and the actual requirement of data sharing cannot be met; meanwhile, when the access right of the block chain data is changed, the data needs to be repeatedly encrypted, so that the calculation amount of a user is increased, and the technical problem of communication overhead of the user is also increased.
For convenience of understanding, please refer to fig. 1 to 2, in which fig. 1 is a flowchart of a method for block chain data controlled sharing based on proxy re-encryption according to an embodiment of the present application, and fig. 2 is a flowchart of an improved proxy re-encryption algorithm according to an embodiment of the present application, and as shown in fig. 1 and 2, specifically, the method includes:
101. the first user end of the data owning user initially encrypts the shared data and constructs an initial ciphertext C and a proxy re-encryption key rk after the proxy re-encryption key is constructedA→BUploading the transaction information tx to the blockchain network;
it should be noted that, if the data owning user wants to publish the shared data in the blockchain network, it is first necessary to initially encrypt the shared data, construct a corresponding proxy re-encryption key, and encrypt the initial ciphertext C and the proxy re-encryption key rkA→BThe specific mode of uploading the transaction information tx to the block chain network is as follows:
the first user end of the data owning user passes the private key pk of the userACarrying out initial encryption on the shared data to obtain an initial ciphertext C, wherein C is (C)1,C2,C3,C4);
The first user end of the data owning user constructs a proxy re-encryption key rk aiming at a legal data requesting userA→BAnd a decryption parameter alpha in the data access authority authorization list;
the first user end of the data owning user is added with an initial ciphertext C and a proxy re-encryption key rkA→BThe transaction information tx is uploaded to the block chain network, so that a miner node in the block chain network verifies the transaction information tx and then adds the transaction information into a block chain account book.
In the encryption process, the specific execution process of the proxy re-encryption algorithm constructed based on the SM2 encryption algorithm is as follows:
1) setup (κ) → pp: the initialization algorithm outputs the public parameter pp by inputting the security parameter k.
And giving a security parameter kappa to obtain prime numbers p, q, E and G of the kappa bit. p represents the size of the finite field, E represents the size of the finite field defined in the finite field FpDefining p as a point on the elliptic curve E, and using the point as a generator of a group G, wherein G is a q-order cyclic group. Defining a set of hash functions H1,H2,H3,H4In which H is1:{0,1}*→{0,1}l,H2:G→Zq *,H3:{0,1}*→G,H4:{0,1}*→ G. The hash function may use secure cryptographic algorithm SM3, and the published system public parameter pp is { P, q, E, G, P, H1,H2,H3,H4}。
2)KeyGen(pp)→(skA,pkA): the key generation algorithm outputs the public and private key pair of the user by inputting the system public parameter pp.
Inputting the system public parameter pp, and selecting a random number x ∈ Zq *Private key skAX, public key pkA=xP。
3)Encrypt(M,pkA) → C: the initial encryption algorithm is realized by inputting a plaintext M and a data owner public key pkAAnd outputting an initial ciphertext C.
The data owner uses its own public key pkAEncrypting a plaintext M, wherein the length of M is l, i belongs to G randomly selected, and the encryption operation is as follows:
r=H2(i);
C1=rP=(x0,y0);
rpkA=(xA,yA);
t=H1(xA||yA);
C3=H3(xA||M||yA);
C4=H4(M||C1||C3);
ciphertext C ═ C1,C2,C3,C4);
The data user can use its own private key skAThe initial ciphertext C is decrypted, calculated as follows:
S=skAC1=(xA||yA);
t=H1(xA||yA);
C3'=H3(xA||M||yA);
if C3'=C3And obtaining a data plaintext M.
4)RekeyPara(r,pkA,pkB) → β: the proxy re-encryption key parameter generation algorithm: by inputting r, the data owner public key pkAAnd a public key pk of the data userBAnd outputting the proxy re-encryption key parameter beta.
β={rpkA,rpkB};
5)RekeyGen(α,β)→rkA→B: the agent re-encryption key generation algorithm outputs an agent re-encryption key rk by inputting an encryption parameter alpha and an agent re-encryption key parameter betaA→B。
102. A first user end of a data owning user sends a data access authority authorization list of shared data to an authorization management node in a block chain network, wherein the data access authorization list comprises a decryption parameter alpha;
it should be noted that the authorized management node in the blockchain network is selected through the blockchain consensus mechanism, and is used to complete registration of the node, distribution of the key, and management of the data access right. Therefore, the data owning user needs to send a data access authority authorization list of the shared data to the authorization management node, wherein the data access authority authorization list is provided with the decryption parameter alpha aiming at the legal data requesting user.
103. And the first user end of the data owning user sends a data access authority authorization list updating request to the authorization management node, so that the authorization management node updates the decryption parameter alpha corresponding to the second user end of the legal data requesting user contained in the data access authority authorization list.
It should be noted that, if the data owning user wants to update the legal data requesting user for the shared data, the data owning user needs to interact with the authorization management node to manage the data access authority list, so as to update the shared data access authority in the blockchain.
The updating mode may include:
the first user end of the data owning user sends a data access authority authorization list deleting request to the authorization management node, so that the authorization management node deletes the decryption parameter alpha corresponding to the second user end of the legal data requesting user contained in the data access authority authorization list.
It should be noted that, if the data owning user only wants to delete the access right of a legal data requesting user to the shared data, it only needs to send a data access right authorization list deletion request to the authorization management node, and delete the decryption parameter α corresponding to the original legal data requesting user in the data access right authorization list managed by the authorization management node for the shared data.
The updating method may further include:
the first user end of the data owning user constructs a proxy re-encryption key rk aiming at a new legal data requesting userA→CAnd a decryption parameter alpha' in the data access authority authorization list;
a first user end of a data owning user sends a data access authority authorization list updating request to an authorization management node, so that the authorization management node updates a decryption parameter alpha in the data access authority authorization list into a decryption parameter alpha';
data-owning user broadcasts proxy re-encryption key rk to blockchain networkA→C。
It should be noted that, if the data owning user needs to authorize the shared data to the new legal data requesting user, the proxy re-encryption key rk needs to be reconstructed for the legal data requesting userA→CAnd a decryption parameter alpha' in the authorization list of data access rights, broadcasting a new proxy re-encryption key rk in the blockchain networkA→CMeanwhile, a data access authority authorization list updating request is sent to the authorization management node, so that the authorization management node updates the decryption parameter alpha in the data access authority authorization list into a decryption parameter alpha', and visibility of shared data is improvedAnd (5) adjusting the state.
Further, still include:
if the second user end of the legal data request user sends a data request to the block chain network, the miner node of the block chain network encrypts the initial ciphertext C in the transaction information tx through the proxy re-encryption key rkA→BCarrying out re-encryption to generate a re-encrypted ciphertext C';
the miner node sends a re-encrypted ciphertext C' to a legal data request user;
the authorization management node sends a decryption parameter alpha to a second user end of a legal data request user;
and the second user end of the legal data request user decrypts the re-encrypted ciphertext C' by the user private key and the decryption parameter alpha to obtain the shared data.
It should be noted that, if a legal data request user wants to obtain shared data, after sending a data request to the blockchain network, a miner node in the blockchain network re-encrypts the initial ciphertext C in the transaction information tx through the proxy re-encryption key rkA→BCarrying out re-encryption to generate a re-encrypted ciphertext C', and the specific mode is as follows:
ReEncrypt(C,rkA→B) → C': the proxy re-encryption algorithm inputs an initial ciphertext C and a proxy re-encryption key rkA→BAnd outputs the re-encrypted ciphertext C'.
The proxy re-encryption for the initial ciphertext C is computed as follows:
C1'=C1;
C3'=C3;
C4'=C4;
re-encrypted ciphertext C ═ (C)1',C2',C3',C4')。
The legal data request user respectively receives the re-encrypted ciphertext C' sent by the miner node and the decryption parameter alpha sent by the authorization management nodeOver-user private key skBAnd decrypting the re-encrypted ciphertext C' by the decryption parameter alpha to obtain shared data, which specifically comprises the following steps:
calculating k as H4(M'||C1'||C3');
If k is ═ C4'if M is equal to M', legal data requests the user to obtain the plaintext M of the shared data.
Referring to fig. 3, fig. 3 is a system model diagram of a blockchain data controlled sharing system based on proxy re-encryption according to an embodiment of the present invention, as shown in fig. 3, including:
the system comprises a first user terminal belonging to a data owning user and a block chain network, wherein the block chain network comprises an authorization management node and a miner node;
wherein:
the first user end of the data owning user initially encrypts the shared data and constructs an initial ciphertext C and a proxy re-encryption key rk after the proxy re-encryption key is constructedA→BUploading the transaction information tx to the blockchain network;
a first user end of a data owning user sends a data access authority authorization list of shared data to an authorization management node in a block chain network, wherein the data access authorization list comprises a decryption parameter alpha;
and the first user end of the data owning user sends a data access authority authorization list updating request to the authorization management node, so that the authorization management node updates the decryption parameter alpha corresponding to the second user end of the legal data requesting user contained in the data access authority authorization list.
Further, the first user side of the data owning user sends a data access authority authorization list updating request to the authorization management node, so that the step of updating, by the authorization management node, the decryption parameter α corresponding to the second user side of the legal data requesting user included in the data access authority authorization list specifically includes:
the first user end of the data owning user sends a data access authority authorization list deleting request to the authorization management node, so that the authorization management node deletes the decryption parameter alpha corresponding to the second user end of the legal data requesting user contained in the data access authority authorization list.
Further, the first user side of the data owning user sends a data access authority authorization list updating request to the authorization management node, so that the step of updating, by the authorization management node, the decryption parameter α corresponding to the second user side of the legal data requesting user included in the data access authority authorization list specifically includes:
the first user end of the data owning user constructs a proxy re-encryption key rk aiming at a new legal data requesting userA→CAnd a decryption parameter alpha' in the data access authority authorization list;
a first user end of a data owning user sends a data access authority authorization list updating request to an authorization management node, so that the authorization management node updates a decryption parameter alpha in the data access authority authorization list into a decryption parameter alpha';
data-owning user broadcasts proxy re-encryption key rk to blockchain networkA→C。
Further, the system also comprises a second user terminal belonging to a legal data request user;
wherein:
if the second user end of the legal data request user sends a data request to the block chain network, the miner node of the block chain network encrypts the initial ciphertext C in the transaction information tx through the proxy re-encryption key rkA→BCarrying out re-encryption to generate a re-encrypted ciphertext C';
the miner node sends a re-encrypted ciphertext C' to a legal data request user;
the authorization management node sends a decryption parameter alpha to a second user end of a legal data request user;
and the second user end of the legal data request user decrypts the re-encrypted ciphertext C' by the user private key and the decryption parameter alpha to obtain the shared data.
Further, the first client of the data owning client will be paired with the shared numberAccording to the initial cipher text C after the initial encryption and the construction of the proxy re-encryption key and the proxy re-encryption key rkA→BThe uploading of the transaction information tx to the blockchain network specifically includes:
the first user end of the data owning user passes the private key pk of the userACarrying out initial encryption on the shared data to obtain an initial ciphertext C, wherein C is (C)1,C2,C3,C4);
The first user end of the data owning user constructs a proxy re-encryption key rk aiming at a legal data requesting userA→BAnd a decryption parameter alpha in the data access authority authorization list;
the first user end of the data owning user is added with an initial ciphertext C and a proxy re-encryption key rkA→BThe transaction information tx is uploaded to the block chain network, so that a miner node in the block chain network verifies the transaction information tx and then adds the transaction information into a block chain account book.
In the embodiment of the application, a block chain data controlled sharing method based on proxy re-encryption is provided, a data owner user carries out initial encryption on shared data and constructs a proxy re-encryption key, transaction information of the shared data is uploaded to a block chain network, meanwhile, sending a data access authority list of the shared data to an authorization management node in the block chain network, the data owning user can dynamically adjust the access authority of other users to the shared data by updating the data access authority authorization list, the node division agent in the block chain network and the division management of the decryption parameters of the re-encryption key, thereby solving the problems that the sharability of the block chain in the prior art is limited to the preset data user and the high-efficiency expansion is difficult to realize, the actual usability is low while privacy protection is realized, and the actual requirement of data sharing cannot be met; meanwhile, when the access right of the block chain data is changed, the data needs to be repeatedly encrypted, so that the calculation amount of a user is increased, and the technical problem of communication overhead of the user is also increased.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The terms "first," "second," "third," "fourth," and the like in the description of the application and the above-described figures, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are, for example, capable of operation in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be understood that in the present application, "at least one" means one or more, "a plurality" means two or more. "and/or" for describing an association relationship of associated objects, indicating that there may be three relationships, e.g., "a and/or B" may indicate: only A, only B and both A and B are present, wherein A and B may be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of single item(s) or plural items. For example, at least one (one) of a, b, or c, may represent: a, b, c, "a and b", "a and c", "b and c", or "a and b and c", wherein a, b, c may be single or plural.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.
Claims (10)
1. A method for controlled sharing of blockchain data based on proxy re-encryption is characterized by comprising the following steps:
the first user end of the data owning user initially encrypts the shared data and constructs an initial ciphertext C and a proxy re-encryption key rk after the proxy re-encryption key is constructedA→BUploading the transaction information tx to the blockchain network;
a first user end of the data owning user sends a data access authority authorization list of the shared data to an authorization management node in the block chain network, wherein the data access authorization list comprises a decryption parameter alpha;
and the first user end of the data owning user sends a data access authority authorization list updating request to the authorization management node, so that the authorization management node updates a decryption parameter alpha corresponding to a second user end of a legal data requesting user contained in the data access authority authorization list.
2. The method as claimed in claim 1, wherein the sending, by the first ue of the data owning user, a data access authority authorization list update request to the authorization management node, so that the updating, by the authorization management node, of the decryption parameter α corresponding to the second ue of the valid data requesting user included in the data access authority authorization list specifically includes:
and the first user end of the data owning user sends a data access authority authorization list deleting request to the authorization management node, so that the authorization management node deletes the decryption parameter alpha corresponding to the second user end of the legal data requesting user contained in the data access authority authorization list.
3. The method as claimed in claim 1, wherein the sending, by the first ue of the data owning user, a data access authority authorization list update request to the authorization management node, so that the updating, by the authorization management node, of the decryption parameter α corresponding to the second ue of the valid data requesting user included in the data access authority authorization list specifically includes:
the first user end of the data owning user constructs a proxy re-encryption key rk aiming at a new legal data requesting userA→CAnd a decryption parameter alpha' in the data access authority authorization list;
the first user end of the data owning user sends a data access authority authorization list updating request to the authorization management node, so that the authorization management node updates the decryption parameter alpha in the data access authority authorization list into a decryption parameter alpha';
the data owning user broadcasts the proxy re-encryption key rk to the blockchain networkA→C。
4. The method for blockchain data controlled sharing based on proxy re-encryption of claim 1, further comprising:
if the second user end of the legal data request user sends a data request to the block chain network, the miner node of the block chain network sends the initial ciphertext C in the transaction information tx through the proxy re-encryption key rkA→BCarrying out re-encryption to generate a re-encrypted ciphertext C';
the miner node sends the re-encrypted ciphertext C' to the legal data request user;
the authorization management node sends the decryption parameter alpha to a second user end of the legal data request user;
and the second user end of the legal data request user decrypts the re-encrypted ciphertext C' by using a user private key and the decryption parameter alpha to obtain the shared data.
5. The method as claimed in claim 1, wherein the first client of the data owning user initially encrypts the shared data and constructs an initial cipher text C after the proxy re-encryption key and the proxy re-encryption key rkA→BThe uploading of the transaction information tx to the blockchain network specifically includes:
the first user end of the data owning user passes through a user private key pkACarrying out initial encryption on the shared data to obtain an initial ciphertext C, wherein C is (C)1,C2,C3,C4);
The first user end of the data owning user constructs a proxy re-encryption key rk aiming at a legal data requesting userA→BAnd a decryption parameter alpha in the data access authority authorization list;
the first user end of the data owning user is added with the initial ciphertext C and the proxy re-encryption key rkA→BThe transaction information tx is uploaded to a block chain network, so that a miner node in the block chain network verifies the transaction information tx and then adds the transaction information tx into a block chain account book.
6. A system for controlling blockchain data based on proxy re-encryption, comprising: the system comprises a first user terminal belonging to a data owning user and a block chain network, wherein the block chain network comprises an authorization management node and a miner node;
wherein:
the first user end of the data owning user initially encrypts the shared data and constructs an initial ciphertext C and a proxy re-encryption key rk after the proxy re-encryption key is constructedA→BUploading the transaction information tx to the blockchain network;
a first user end of the data owning user sends a data access authority authorization list of the shared data to an authorization management node in the block chain network, wherein the data access authorization list comprises a decryption parameter alpha;
and the first user end of the data owning user sends a data access authority authorization list updating request to the authorization management node, so that the authorization management node updates a decryption parameter alpha corresponding to a second user end of a legal data requesting user contained in the data access authority authorization list.
7. The system according to claim 6, wherein the sending of the data access right grant list update request from the first ue of the data owning user to the authorization management node, so that the updating of the decryption parameter α corresponding to the second ue of the valid data requesting user included in the data access right grant list by the authorization management node specifically includes:
and the first user end of the data owning user sends a data access authority authorization list deleting request to the authorization management node, so that the authorization management node deletes the decryption parameter alpha corresponding to the second user end of the legal data requesting user contained in the data access authority authorization list.
8. The system according to claim 6, wherein the sending of the data access right grant list update request from the first ue of the data owning user to the authorization management node, so that the updating of the decryption parameter α corresponding to the second ue of the valid data requesting user included in the data access right grant list by the authorization management node specifically includes:
the first user end of the data owning user constructs a proxy re-encryption key rk aiming at a new legal data requesting userA→CAnd a decryption parameter alpha' in the data access authority authorization list;
the first user end of the data owning user sends a data access authority authorization list updating request to the authorization management node, so that the authorization management node updates the decryption parameter alpha in the data access authority authorization list into a decryption parameter alpha';
the data owning user broadcasts the proxy re-encryption key rk to the blockchain networkA→C。
9. The system according to claim 6, further comprising a second client belonging to the legitimate data requesting user;
wherein:
if the second user end of the legal data request user sends a data request to the block chain network, the miner node of the block chain network sends the initial ciphertext C in the transaction information tx through the proxy re-encryption key rkA→BCarrying out re-encryption to generate a re-encrypted ciphertext C';
the miner node sends the re-encrypted ciphertext C' to the legal data request user;
the authorization management node sends the decryption parameter alpha to a second user end of the legal data request user;
and the second user end of the legal data request user decrypts the re-encrypted ciphertext C' by using a user private key and the decryption parameter alpha to obtain the shared data.
10. The system of claim 6, wherein the first client of the data owning user initially encrypts the shared data and constructs an initial cipher text C after the proxy re-encryption key and the proxy re-encryption key rkA→BThe uploading of the transaction information tx to the blockchain network specifically includes:
the first user end of the data owning user passes through a user private key pkACarrying out initial encryption on the shared data to obtain an initial ciphertext C, wherein C is (C)1,C2,C3,C4);
The first user end construction of the data owning user aims atProxy re-encryption key rk for legitimate data requesting usersA→BAnd a decryption parameter alpha in the data access authority authorization list;
the first user end of the data owning user is added with the initial ciphertext C and the proxy re-encryption key rkA→BThe transaction information tx is uploaded to a block chain network, so that a miner node in the block chain network verifies the transaction information tx and then adds the transaction information tx into a block chain account book.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111277801.9A CN113992330B (en) | 2021-10-30 | 2021-10-30 | Agent re-encryption-based blockchain data controlled sharing method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111277801.9A CN113992330B (en) | 2021-10-30 | 2021-10-30 | Agent re-encryption-based blockchain data controlled sharing method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113992330A true CN113992330A (en) | 2022-01-28 |
| CN113992330B CN113992330B (en) | 2024-06-04 |
Family
ID=79744964
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111277801.9A Active CN113992330B (en) | 2021-10-30 | 2021-10-30 | Agent re-encryption-based blockchain data controlled sharing method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113992330B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114866236A (en) * | 2022-05-11 | 2022-08-05 | 西安电子科技大学 | Data sharing method for Internet of things in cloud based on alliance chain |
| CN114866323A (en) * | 2022-04-29 | 2022-08-05 | 华中科技大学 | User-controllable private data authorization sharing system and method |
| CN114944915A (en) * | 2022-06-10 | 2022-08-26 | 敏于行(北京)科技有限公司 | Threshold proxy re-encryption method and related device for non-interactive dynamic proxy |
| CN115348054A (en) * | 2022-06-30 | 2022-11-15 | 海南大学 | Block chain data proxy re-encryption model based on IPFS |
| CN116318696A (en) * | 2023-03-16 | 2023-06-23 | 南开大学 | A proxy re-encryption digital asset authorization method without initial trust between the two parties |
| CN117097566A (en) * | 2023-10-18 | 2023-11-21 | 江西农业大学 | Weighted attribute proxy re-encryption information fine granularity access control system and method |
| CN118427847A (en) * | 2024-02-01 | 2024-08-02 | 国网山东省电力公司营销服务中心(计量中心) | Power credit data security access control method and system based on blockchain |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101516114B1 (en) * | 2014-02-13 | 2015-05-04 | 부경대학교 산학협력단 | Certificate-based proxy re-encryption method and its system |
| CN104683099A (en) * | 2015-02-03 | 2015-06-03 | 香港应用科技研究院有限公司 | An improved method and apparatus for encrypting/decrypting content and distributing encrypted content |
| US20180025172A1 (en) * | 2015-02-20 | 2018-01-25 | Mitsubishi Electric Corporation | Data storage apparatus, data processing method, and computer readable medium |
| CN108600217A (en) * | 2018-04-23 | 2018-09-28 | 南京理工大学 | A kind of data grant certainty update method of the high in the clouds based on proxy re-encryption |
| CN109120639A (en) * | 2018-09-26 | 2019-01-01 | 众安信息技术服务有限公司 | A kind of data cloud storage encryption method and system based on block chain |
| CN109144961A (en) * | 2018-08-22 | 2019-01-04 | 矩阵元技术(深圳)有限公司 | Authority sharing method and device |
| CN110610102A (en) * | 2019-09-23 | 2019-12-24 | 郑州师范学院 | A data access method, device and system |
| CN111191288A (en) * | 2019-12-30 | 2020-05-22 | 中电海康集团有限公司 | Block chain data access authority control method based on proxy re-encryption |
| US20200313856A1 (en) * | 2019-03-29 | 2020-10-01 | 0Chain, LLC | Systems and methods of blockchain platform for intermediaries and passwordless login |
| CN112104455A (en) * | 2020-08-12 | 2020-12-18 | 福建师范大学 | Multi-authority encryption method and system |
| CN112685763A (en) * | 2021-03-18 | 2021-04-20 | 上海众旦信息科技有限公司 | Data opening method and system based on ciphertext authorized access |
| CN112861157A (en) * | 2021-03-01 | 2021-05-28 | 北京欧凯联创网络科技有限公司 | Data sharing method based on decentralized identity and proxy re-encryption |
| CN113067857A (en) * | 2021-03-15 | 2021-07-02 | 新疆大学 | A cross-hospital sharing method of electronic medical records based on double-chain structure |
-
2021
- 2021-10-30 CN CN202111277801.9A patent/CN113992330B/en active Active
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101516114B1 (en) * | 2014-02-13 | 2015-05-04 | 부경대학교 산학협력단 | Certificate-based proxy re-encryption method and its system |
| CN104683099A (en) * | 2015-02-03 | 2015-06-03 | 香港应用科技研究院有限公司 | An improved method and apparatus for encrypting/decrypting content and distributing encrypted content |
| US20180025172A1 (en) * | 2015-02-20 | 2018-01-25 | Mitsubishi Electric Corporation | Data storage apparatus, data processing method, and computer readable medium |
| CN108600217A (en) * | 2018-04-23 | 2018-09-28 | 南京理工大学 | A kind of data grant certainty update method of the high in the clouds based on proxy re-encryption |
| CN109144961A (en) * | 2018-08-22 | 2019-01-04 | 矩阵元技术(深圳)有限公司 | Authority sharing method and device |
| CN109120639A (en) * | 2018-09-26 | 2019-01-01 | 众安信息技术服务有限公司 | A kind of data cloud storage encryption method and system based on block chain |
| US20200313856A1 (en) * | 2019-03-29 | 2020-10-01 | 0Chain, LLC | Systems and methods of blockchain platform for intermediaries and passwordless login |
| CN110610102A (en) * | 2019-09-23 | 2019-12-24 | 郑州师范学院 | A data access method, device and system |
| CN111191288A (en) * | 2019-12-30 | 2020-05-22 | 中电海康集团有限公司 | Block chain data access authority control method based on proxy re-encryption |
| CN112104455A (en) * | 2020-08-12 | 2020-12-18 | 福建师范大学 | Multi-authority encryption method and system |
| CN112861157A (en) * | 2021-03-01 | 2021-05-28 | 北京欧凯联创网络科技有限公司 | Data sharing method based on decentralized identity and proxy re-encryption |
| CN113067857A (en) * | 2021-03-15 | 2021-07-02 | 新疆大学 | A cross-hospital sharing method of electronic medical records based on double-chain structure |
| CN112685763A (en) * | 2021-03-18 | 2021-04-20 | 上海众旦信息科技有限公司 | Data opening method and system based on ciphertext authorized access |
Non-Patent Citations (3)
| Title |
|---|
| 周艺华;李洪明;: "基于区块链的数据管理方案", 信息安全研究, no. 01, 5 January 2020 (2020-01-05) * |
| 李莉;曾庆贤;文义红;王士成;: "基于区块链与代理重加密的数据共享方案", 信息网络安全, no. 08, 10 August 2020 (2020-08-10) * |
| 杨珂;: "云存储中的代理重加密技术研究", 西南民族大学学报(自然科学版), no. 06, 25 November 2019 (2019-11-25) * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114866323A (en) * | 2022-04-29 | 2022-08-05 | 华中科技大学 | User-controllable private data authorization sharing system and method |
| CN114866323B (en) * | 2022-04-29 | 2023-09-29 | 华中科技大学 | User-controllable privacy data authorization sharing system and method |
| CN114866236A (en) * | 2022-05-11 | 2022-08-05 | 西安电子科技大学 | Data sharing method for Internet of things in cloud based on alliance chain |
| CN114866236B (en) * | 2022-05-11 | 2024-03-29 | 西安电子科技大学 | Alliance chain-based IoT data sharing method in the cloud |
| CN114944915A (en) * | 2022-06-10 | 2022-08-26 | 敏于行(北京)科技有限公司 | Threshold proxy re-encryption method and related device for non-interactive dynamic proxy |
| CN115348054A (en) * | 2022-06-30 | 2022-11-15 | 海南大学 | Block chain data proxy re-encryption model based on IPFS |
| CN116318696A (en) * | 2023-03-16 | 2023-06-23 | 南开大学 | A proxy re-encryption digital asset authorization method without initial trust between the two parties |
| CN116318696B (en) * | 2023-03-16 | 2023-09-19 | 南开大学 | A proxy re-encryption digital asset authorization method without initial trust between the two parties |
| CN117097566A (en) * | 2023-10-18 | 2023-11-21 | 江西农业大学 | Weighted attribute proxy re-encryption information fine granularity access control system and method |
| CN117097566B (en) * | 2023-10-18 | 2024-01-26 | 江西农业大学 | Weighted attribute proxy re-encryption information fine granularity access control system and method |
| CN118427847A (en) * | 2024-02-01 | 2024-08-02 | 国网山东省电力公司营销服务中心(计量中心) | Power credit data security access control method and system based on blockchain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113992330B (en) | 2024-06-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113992330B (en) | Agent re-encryption-based blockchain data controlled sharing method and system | |
| CN111191288B (en) | Block chain data access right control method based on proxy re-encryption | |
| CN108881314B (en) | Privacy protection method and system based on CP-ABE ciphertext under fog computing environment | |
| JP6363032B2 (en) | Key change direction control system and key change direction control method | |
| CN114065265B (en) | Fine-grained cloud storage access control method, system and equipment based on blockchain technology | |
| US9197410B2 (en) | Key management system | |
| US7817802B2 (en) | Cryptographic key management in a communication network | |
| CN114039790A (en) | Block chain-based fine-grained cloud storage security access control method | |
| CN107566386A (en) | A kind of voidable attribute base encryption method | |
| CN105721146B (en) | A kind of big data sharing method towards cloud storage based on SMC | |
| Takabi | Privacy aware access control for data sharing in cloud computing environments | |
| Ramachandran et al. | Secure and efficient data forwarding in untrusted cloud environment | |
| Anjali et al. | Design and implementation of secure cloud storage system using hybrid cryptography algorithms with role based access control model | |
| Verma et al. | A hybrid two layer attribute based encryption for privacy preserving in public cloud | |
| Chaitanya et al. | Implementation of security and bandwidth reduction in multi cloud environment | |
| CN107769915B (en) | Data encryption and decryption system and method with fine-grained user control | |
| Nikose et al. | TRO-CP-ABE: a secure and flexible layer with traceability and easy revocation in ciphertext-policy attribute-based encryption | |
| Bagyalakshmi et al. | A survey on attribute-based encryption techniques in data security using cloud environment | |
| Baviskar et al. | Reliable and Efficient Revocation and Data Sharing using Identity-based Encryption over Cloud | |
| Divya et al. | Secure Data Sharing in Cloud Environment Using Multi Authority Attribute Based Encryption | |
| CN120050030A (en) | An autonomous path access authorization method for encrypted data in cloud storage environment | |
| CN119484076A (en) | An outsourced decryption method for revocable user attributes based on cloud environment data protection | |
| Jiang et al. | Cloud Security Key Management: Cloud User Controls | |
| Jun et al. | Research on smart grid access control based on CP-ABE | |
| CN114697027A (en) | Ciphertext access control method for big data platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |