Disclosure of Invention
The embodiment of the invention provides a distributed privacy data storage and access control method and system driven by a block chain, which can solve the problems in the prior art.
In a first aspect of an embodiment of the present invention,
Provided is a blockchain-driven distributed private data storage and access control method, comprising:
The method comprises the steps of receiving privacy data, carrying out semantic analysis on the privacy data to obtain sensitivity scores, carrying out slicing treatment on the privacy data based on the sensitivity scores to obtain data slices, calculating a data fingerprint value of each data slice, organizing the data fingerprint value into bloom filters, constructing a hierarchical integrity proving tree based on the bloom filters, carrying out encryption treatment on the data slices by adopting a bilinear pairing encryption algorithm to obtain encrypted data slices, submitting the encrypted data slices and the integrity proving tree to a distributed storage network, and generating a proving record of the data fingerprints in a block chain;
Receiving a data access application, extracting behavior characteristics of a visitor, obtaining a behavior risk score through deep learning based on the behavior characteristics of the visitor, dynamically generating a layered access key according to the behavior risk score, and carrying out threshold segmentation on the layered access key to obtain a key component; constructing an authentication node trust network, selecting an authorization node group in the authentication node trust network based on a consensus algorithm, distributing key components in the authorization node group, collecting authorization signatures of the authorization node group by adopting a threshold signature scheme based on a lattice password, generating authorization credentials containing the authorization signatures, and writing the authorization credentials into a blockchain;
Receiving a visitor request, reading a corresponding authorization credential, acquiring a data fingerprint from a storage record in a blockchain, acquiring a corresponding encrypted data fragment and an integrity certification tree from a distributed storage network, verifying data integrity, acquiring a key component from the authorization node group, executing a secure multiparty computing protocol to reorganize the key component to obtain a hierarchical access key, decrypting the encrypted data fragment of a corresponding authority level by using the hierarchical access key to obtain decrypted data, creating an access record, submitting the access record to the blockchain, and updating the behavior risk score of the visitor.
In an alternative embodiment of the present invention,
Calculating a data fingerprint value for each data fragment, organizing the data fingerprint values into bloom filters, constructing a hierarchical integrity certification tree based on the bloom filters, comprising:
calculating the data fragments by adopting a secure hash algorithm to obtain a data fingerprint value, and performing exclusive-or operation on the data fingerprint value to generate a check sequence;
According to the number of data fragments and the system security level, the size of a bloom filter is adaptively adjusted, a plurality of independent hash functions are selected to respectively process the data fingerprint values to obtain a plurality of mapping positions, bits corresponding to the plurality of mapping positions in the bloom filter are updated to be effective values, marking positions are determined, the check sequence is divided into subsequences with the same number as the marking positions according to the sequence, and each subsequence is stored in one marking position in a one-to-one correspondence mode to form a check information matrix;
Dynamically adjusting the division granularity of the bloom filter according to the distribution rule of data sensitivity to obtain a plurality of data blocks with different sizes, wherein each data block forms a leaf node, and calculating the weight coefficient of the corresponding leaf node according to the number of marking positions contained in each data block;
performing weighted sorting on the leaf nodes, pairing the leaf nodes with weight coefficients smaller than similar weight thresholds to form node groups according to a preset first node weight threshold, calculating weighted hash connection values of two leaf nodes in each node group to obtain father nodes, recording weight coefficients of the corresponding leaf nodes and numbers of marked positions in the father nodes, repeating pairing until a root node is generated, and constructing a hierarchical integrity proving tree;
And carrying out rebalancing operation on the nodes of the integrity proving tree according to a preset period, triggering node reorganization when the difference of the weight coefficients of the leaf nodes exceeds a preset second node weight threshold value, recalculating the weight coefficients according to the number of the reorganized nodes containing the marked positions, and updating the subsequences corresponding to the marked positions in the bloom filter.
In an alternative embodiment of the present invention,
Encrypting the data fragments by adopting a bilinear pairing encryption algorithm to obtain encrypted data fragments comprises the following steps:
Selecting a system safety parameter to obtain a prime number order value, constructing a first cyclic group and a second cyclic group based on the prime number order value, and verifying that the order of the first cyclic group is equal to the order of the second cyclic group;
Selecting a first generation element from the first cyclic group, generating a system main private key by utilizing random number operation, performing scalar multiplication operation on the system main private key and the first generation element to generate a system public parameter, and selecting a corresponding second generation element from the second cyclic group;
Constructing bilinear mapping, mapping elements of the first cyclic group and the second cyclic group to a target group, and determining bilinear properties of the target group and a bilinear mapping operation mode;
Acquiring user identity information and current system time, splicing the user identity information and the current system time, generating a space-time joint identifier, executing safe hash operation, and mapping the space-time joint identifier to the first cyclic group to obtain a first mapping point;
receiving data to be encrypted, slicing the data to be encrypted according to a preset length to obtain a plurality of data slices, generating random numbers for each data slice, and executing bilinear pairing operation by using the first mapping points and the second generating elements to generate a session key belonging to the target group;
And performing symmetric encryption operation on the corresponding data fragments by adopting each session key to obtain ciphertext fragments, performing scalar multiplication operation on each random number and the system public parameter to generate encryption auxiliary parameters, and combining the ciphertext fragments and the corresponding encryption auxiliary parameters to form encrypted data fragments.
In an alternative embodiment of the present invention,
Dynamically generating a hierarchical access key according to the behavior risk score, and performing threshold segmentation on the hierarchical access key to obtain a key component comprises:
Receiving a behavioral risk score, the behavioral risk score being a real number between 0 and 1;
multiplying the behavior risk score by a preset maximum hierarchy number to obtain a product value, and rounding up the product value to obtain a hierarchy value of the hierarchical access key;
Acquiring a random salt value, splicing the behavior risk score, the level value and the random salt value according to a preset sequence to obtain a spliced value, and calculating the spliced value by using a secure hash function to obtain a hierarchical access key;
Generating a polynomial, wherein the highest degree of the polynomial is equal to a preset threshold value minus one, and the constant term of the polynomial is equal to the hierarchical access key;
Substituting continuous integers from 1 into the polynomial in sequence to obtain a plurality of function values, and forming a plurality of key components by the continuous integers and the corresponding function values;
And adding the hierarchy value and the behavior risk score to the key component to generate a key component with identification information.
In an alternative embodiment of the present invention,
Selecting an authorized node group in the authentication node trust network based on a consensus algorithm comprises:
Acquiring a calculation capability index, an online time length proportion and a historical credit record of each authentication node in an authentication node trust network, and summing the product of the calculation capability index and a first weight, the product of the online time length proportion and a second weight and the product of the historical credit record and a third weight to obtain an authentication node trust value of each authentication node;
Based on the authentication node trust values of all authentication nodes, sorting, and selecting the authentication node with the highest authentication node trust value as a master authentication node, wherein the master authentication node generates a pre-preparation message containing a view number, a serial number and an information abstract;
The master authentication node sends the preparation message to other authentication nodes in the authentication node trust network, the other authentication nodes are divided into different trust groups based on respective authentication node trust values, wherein the authentication nodes with authentication node trust values larger than a first preset threshold value are divided into high trust groups, the authentication nodes with authentication node trust values larger than a second preset threshold value and smaller than the first preset threshold value are divided into medium trust groups, and the authentication nodes with authentication node trust values smaller than the second preset threshold value are divided into low trust groups;
after receiving the pre-preparation message, the authentication node in the high trust group verifies continuity of view numbers, uniqueness of serial numbers and integrity of information abstracts in the pre-preparation message, generates a first preparation message after verification is passed, and sends the first preparation message to the authentication nodes in the medium trust group and the low trust group;
The authentication node in the middle signaling group receives the pre-preparation message and the first preparation message, verifies the consistency of the pre-preparation message and the first preparation message, generates a second preparation message and sends the second preparation message; the authentication node in the low trust group receives the pre-preparation message, the first preparation message and the second preparation message, generates a third preparation message after executing verification operation and sends the third preparation message;
The authentication node in the authentication node trust network receives the first preparation message, the second preparation message and the third preparation message, and when the total number of the preparation messages received by a certain authentication node exceeds twice of the number of preset fault nodes and is added, the corresponding authentication node generates a confirmation message;
Receiving the confirmation messages sent by each authentication node, setting a weighting coefficient according to the authentication node trust value sending the confirmation messages, wherein the weighting coefficient is positively correlated with the authentication node trust value, weighting the confirmation messages to obtain weighted confirmation messages and calculating the total number of the weighted confirmation messages;
When the total number of the weighted confirmation messages is not more than twice the number of the preset fault nodes, selecting an authentication node with the next highest authentication node trust value as a new master authentication node, regenerating the pre-prepared message by the new master authentication node and executing the pre-prepared message until reaching the consensus, and when the total number of the weighted confirmation messages is more than twice the number of the preset fault nodes, reaching the consensus, selecting the authentication node in the high trust group based on the consensus, and constructing an authorization node group.
In an alternative embodiment of the present invention,
The step of collecting the authorization signature of the authorization node group by adopting a threshold signature scheme based on a lattice password comprises the following steps:
Acquiring authentication node information in an authorization node group;
Selecting a first dimension parameter, a second dimension parameter and a modulus parameter, determining a lattice password parameter, and determining a Gaussian distribution parameter based on a Gaussian distribution random number;
Constructing a random matrix according to the first dimension parameter, the second dimension parameter and the modulus parameter, wherein the number of rows of the random matrix corresponds to the first dimension parameter, the number of columns corresponds to the second dimension parameter, and the element value range is determined based on the modulus parameter;
Constructing a unit vector according to the first dimension parameter, and combining the random matrix and the unit vector to generate a group public key;
Generating a short base matrix and an error vector for each authentication node in the authorization node group based on the Gaussian distribution parameters, wherein the number of rows and the number of columns of the short base matrix correspond to the second dimension parameter, and combining the short base matrix and the error vector to generate a signature private key;
receiving a message to be signed, calculating a hash mapping vector of the message to be signed, multiplying the short base matrix by the hash mapping vector by each authentication node in the authorization node group by using a respective signature private key, and adding the short base matrix into the error vector to obtain respective partial signatures;
Combining all partial signatures generated by the authorization node group through an iterative optimization lattice-based shortest vector algorithm, and calculating and reducing norms of the partial signatures in each iterative process to finally obtain combined signatures;
And calculating the product of the norm of the combined signature and the random matrix and the combined signature, and confirming that the authorized signature of the authorized node group is obtained when the norm of the combined signature is smaller than a preset norm threshold and the product of the random matrix and the combined signature is equal to the unit vector.
In an alternative embodiment of the present invention,
Receiving a visitor request, reading a corresponding authorization credential, acquiring a data fingerprint from a credential storage record in a blockchain, acquiring a corresponding encrypted data fragment and an integrity certification tree from a distributed storage network, verifying data integrity, acquiring a key component from the authorization node group, executing a secure multiparty computing protocol to reorganize the key component to obtain a hierarchical access key, decrypting the encrypted data fragment of a corresponding authority level by using the hierarchical access key to obtain decrypted data, simultaneously creating an access record, submitting the access record to the blockchain, and updating a behavior risk score of the visitor, wherein the method comprises the steps of:
Receiving a data access request of a visitor, extracting a visitor identity, a target data identifier and an access authority level from the data access request, and inquiring a corresponding authorization credential from a blockchain according to the visitor identity;
Verifying a threshold signature in the authorization credential, wherein the threshold signature is generated by an authorization node group by adopting a threshold signature scheme based on a lattice password, and comparing the access permission level recorded in the authorization credential with the access permission level in the data access request;
Acquiring a data fingerprint and a bloom filter parameter from a certification record of a blockchain according to the target data identifier, and constructing a bloom filter structure based on the bloom filter parameter;
Acquiring an encrypted data fragment and an integrity proving tree from a distributed storage network, calculating a data fingerprint of the encrypted data fragment, inputting the data fingerprint into the bloom filter structure for searching, and verifying the integrity of the encrypted data fragment through the integrity proving tree;
sending a key component acquisition request to the authorization node group, wherein the key component acquisition request carries the authorization credential and receives a key component returned by the authorization node group;
Starting a secure multiparty computing protocol, taking the visitor as a protocol initiator, taking the nodes of the authorized node group as protocol participants, inputting key components held by the protocol participants, and recombining the key components by adopting a homomorphic encryption mode to obtain a layered access key;
Decrypting the encrypted data fragments by using a key corresponding to the access authority level in the hierarchical access key to obtain decrypted data;
Generating an access record, wherein the access record comprises the visitor identity identifier, the target data identifier, the access permission level and an access time stamp, and submitting the access record to the blockchain;
and calculating the access frequency and time interval distribution of the visitor based on the access records, and updating the behavior risk score of the visitor in combination with the historical access records of the visitor.
In a second aspect of an embodiment of the present invention,
There is provided a blockchain-driven distributed private data storage and access control system comprising:
The first unit is used for receiving the privacy data, carrying out semantic analysis on the privacy data to obtain a sensitivity score, and carrying out slicing treatment on the privacy data based on the sensitivity score to obtain data slicing; the method comprises the steps of calculating a data fingerprint value of each data fragment, organizing the data fingerprint value into bloom filters, constructing a hierarchical integrity certification tree based on the bloom filters, encrypting the data fragments by adopting a bilinear pairing encryption algorithm to obtain encrypted data fragments, submitting the encrypted data fragments and the integrity certification tree to a distributed storage network, and generating a certification record of the data fingerprints in a blockchain;
The second unit is used for receiving a data access application, extracting behavior characteristics of a visitor, obtaining a behavior risk score through deep learning based on the behavior characteristics of the visitor, dynamically generating a layered access key according to the behavior risk score, and carrying out threshold segmentation on the layered access key to obtain a key component;
The third unit is used for receiving the request of the visitor, reading the corresponding authorization certificate, acquiring the data fingerprint from the certificate storage record in the blockchain, acquiring the corresponding encrypted data fragment and the integrity certification tree from the distributed storage network, verifying the data integrity, acquiring the key component from the authorization node group, executing the secure multiparty computing protocol to reorganize the key component to obtain a layered access key, decrypting the encrypted data fragment of the corresponding authority level by using the layered access key to obtain decrypted data, creating an access record, submitting the access record to the blockchain, and updating the behavior risk score of the visitor.
In a third aspect of an embodiment of the present invention,
There is provided an electronic device including:
A processor;
A memory for storing processor-executable instructions;
Wherein the processor is configured to invoke the instructions stored in the memory to perform the method described previously.
In a fourth aspect of an embodiment of the present invention,
There is provided a computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the method as described above.
In the embodiment of the invention, the private data is subjected to slicing processing through semantic analysis and sensitivity grading, the data slicing is encrypted by adopting bilinear pairing encryption algorithm, unauthorized access and data leakage are effectively prevented, data security is improved, a bloom filter and a hierarchical integrity proving tree are utilized, the integrity and verifiability of the data are ensured, the data is prevented from being tampered, a finer data access control is realized based on a dynamic hierarchical access key generated by visitor behavior characteristics and deep learning, the reliability of a key security distribution and authorization process is ensured by adopting a threshold segmentation and grid password-based threshold signature scheme, the security and flexibility of access control are further improved, the encrypted data slicing and integrity proving tree are stored in a distributed storage network, data access delay is reduced, an authorization node group is selected by constructing an authentication node trust network and a consensus algorithm, the key distribution and authorization flow are optimized, the data access efficiency is improved, and meanwhile, the access record is uplink, convenience and audit is promoted, and transparency and standardization of data use are also promoted.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The technical scheme of the invention is described in detail below by specific examples. The following embodiments may be combined with each other, and some embodiments may not be repeated for the same or similar concepts or processes.
Fig. 1 is a flow chart of a block chain driven distributed private data storage and access control method according to an embodiment of the present invention, as shown in fig. 1, the method includes:
S101, receiving private data, carrying out semantic analysis on the private data to obtain sensitivity scores, carrying out slicing treatment on the private data based on the sensitivity scores to obtain data slices, calculating data fingerprint values of each data slice, organizing the data fingerprint values into bloom filters, and constructing a hierarchical integrity proving tree based on the bloom filters;
In the embodiment, slicing processing is performed based on sensitivity scores, a bilinear pairing encryption algorithm is adopted to encrypt data slicing, so that the safety and privacy of sensitive data are ensured, a data integrity verification mechanism is effectively constructed through a bloom filter and a hierarchical integrity proving tree, the integrity and credibility of the data in the storage and access processes are ensured, the data slicing and distributed storage are combined, the data storage performance is optimized, meanwhile, the traceability of data access and operation is ensured by using a blockchain certificate, the blockchain certificate record of a data fingerprint realizes operation non-falsifiability and high transparency, and powerful safety guarantee is provided for the storage and management of private data.
S102, receiving a data access application, extracting behavior characteristics of a visitor, obtaining a behavior risk score through deep learning based on the behavior characteristics of the visitor, dynamically generating a hierarchical access key according to the behavior risk score, and performing threshold segmentation on the hierarchical access key to obtain a key component;
In the embodiment, the generation of a hierarchical access key is dynamically adjusted based on visitor behavior characteristics and deep learning to realize the security access control of refinement and risk perception, the access key is decomposed into a plurality of key components through a threshold segmentation technology, distributed distribution and storage are carried out, the security and reliability of key management are improved, single-point faults are prevented, an authentication node trust network and a consensus algorithm are utilized to select an authorization node group, the signature is collected through a threshold signature scheme based on a lattice password to ensure the credibility and the anti-attack capability of an authorization process, an authorization credential generated by the authorization signature is written into a blockchain to ensure the transparency and the non-falsification of the access authorization process, a reliable basis is provided for subsequent tracing, and the capability of a system for resisting advanced attack means such as quantum computation is enhanced by combining a lattice password technology to improve the overall security of the system.
S103, receiving a visitor request, reading a corresponding authorization credential, acquiring a data fingerprint from a certification record in a blockchain, acquiring a corresponding encrypted data fragment and an integrity certification tree from a distributed storage network, verifying data integrity, acquiring a key component from the authorization node group, executing a secure multiparty computing protocol to reorganize the key component to obtain a hierarchical access key, decrypting the encrypted data fragment of a corresponding authority level by using the hierarchical access key to obtain decrypted data, creating an access record, submitting the access record to the blockchain, and updating a behavior risk score of the visitor.
In the embodiment, the data fingerprint and the integrity proving tree in the blockchain certification record are verified to ensure that the data is not tampered, the reliability of storage and transmission is improved, a secure multi-party computing protocol is adopted to reorganize key components to generate a layered access key, the key leakage risk is avoided, meanwhile, the security of the key in a distributed environment is ensured, strict matching of authority control and data decryption is realized based on data slicing corresponding to the decryption authority level of the layered access key, unauthorized access is prevented, the access record is submitted to the blockchain and behavior risk scores of visitors are updated in real time, complete operation traceability and risk assessment feedback are provided, the transparency and dynamic security of the system are enhanced, an updating mechanism of the behavior risk scores is utilized to continuously optimize an access control strategy, the security level is dynamically adjusted, and self-adaptive management of potential risks is realized.
In an alternative embodiment, computing data fingerprint values for each data slice, organizing the data fingerprint values into bloom filters, building a hierarchical integrity certification tree based on the bloom filters includes:
calculating the data fragments by adopting a secure hash algorithm to obtain a data fingerprint value, and performing exclusive-or operation on the data fingerprint value to generate a check sequence;
According to the number of data fragments and the system security level, the size of a bloom filter is adaptively adjusted, a plurality of independent hash functions are selected to respectively process the data fingerprint values to obtain a plurality of mapping positions, bits corresponding to the plurality of mapping positions in the bloom filter are updated to be effective values, marking positions are determined, the check sequence is divided into subsequences with the same number as the marking positions according to the sequence, and each subsequence is stored in one marking position in a one-to-one correspondence mode to form a check information matrix;
Dynamically adjusting the division granularity of the bloom filter according to the distribution rule of data sensitivity to obtain a plurality of data blocks with different sizes, wherein each data block forms a leaf node, and calculating the weight coefficient of the corresponding leaf node according to the number of marking positions contained in each data block;
performing weighted sorting on the leaf nodes, pairing the leaf nodes with weight coefficients smaller than similar weight thresholds to form node groups according to a preset first node weight threshold, calculating weighted hash connection values of two leaf nodes in each node group to obtain father nodes, recording weight coefficients of the corresponding leaf nodes and numbers of marked positions in the father nodes, repeating pairing until a root node is generated, and constructing a hierarchical integrity proving tree;
And carrying out rebalancing operation on the nodes of the integrity proving tree according to a preset period, triggering node reorganization when the difference of the weight coefficients of the leaf nodes exceeds a preset second node weight threshold value, recalculating the weight coefficients according to the number of the reorganized nodes containing the marked positions, and updating the subsequences corresponding to the marked positions in the bloom filter.
In one embodiment, first, the data is fragmented, for example, a 1GB file is fragmented into 1024 1MB sized data fragments. The fingerprint value for each data slice is then calculated using a secure hash algorithm, such as SHA-256. Assume that the hash value of a certain data fragment is "e5b7e998". And performing bitwise exclusive OR operation on the fingerprint values of all the data fragments to generate a check sequence. For example, the result of exclusive-or of the two fingerprint values "e5b7e998" and "a1b2c3d4" is "44458a6c".
Next, the bloom filter is adaptively sized according to the number of data fragments and the system security level. For example, 1024 data slices, the security level requires a false alarm rate below 0.1%, and the bloom filter size may be set to 10240 bits. A plurality of independent hash functions, such as three hash functions h1, h2 and h3, are selected, and fingerprint values of each data slice are respectively processed to obtain a plurality of mapping positions. Assume that the fingerprint value "e5b7e998" is subjected to three hash functions, and the obtained mapping positions are 100, 200 and 300, respectively. The bits in the bloom filter corresponding to these three positions are set to 1, indicating that these positions have been marked. All the fingerprint values of the data slices are processed in this way, eventually forming a bloom filter, with some bits being 1 and the rest being 0. The positions of these bits with a value of 1 are the mark positions. The previously generated check sequence is sequentially divided into sub-sequences equal to the number of mark positions. For example, the check sequence is "44458a6c", and there are three marker positions, and then it is divided into three subsequences of "44", "45" and "8a6 c". And storing each sub-sequence into a mark position in a one-to-one correspondence manner to form a check information matrix.
Then, the division granularity is dynamically adjusted according to the distribution rule of the data sensitivity, and the bloom filter is divided into a plurality of data blocks with unequal sizes. For example, the bloom filter is divided into three data blocks containing 200, 300, and 540 marker positions, respectively. Each data block constitutes a leaf node. And calculating the weight coefficient of the corresponding leaf node according to the number of the mark positions contained in each data block. For example, the weight coefficient of a leaf node containing 200 marker positions is 200.
The leaf nodes are weighted ordered, e.g., from small to large by weight coefficient. According to a preset first node weight threshold, for example 500, leaf nodes with weight coefficients smaller than the threshold are paired to form a node group. For example, two leaf nodes with weight coefficients of 200 and 300 are paired. And calculating weighted hash connection values of two leaf nodes in each node group to obtain parent nodes. For example, the weight coefficients of two leaf nodes and the numbers of the marker positions are connected, and then the hash value thereof is calculated as the value of the parent node. The weight coefficient of the corresponding leaf node and the number of the marker position are recorded in the parent node. Repeating pairing until generating a root node, and constructing a hierarchical integrity certification tree.
Finally, the nodes of the integrity certification tree are re-balanced according to a preset period, such as once a day. Node reorganization is triggered when the difference of the weight coefficients of the leaf nodes exceeds a preset second node weight threshold, e.g., 100. For example, if the weight coefficient of one leaf node is 600 and the other is 200, then reorganization is triggered. And recalculating the weight coefficient according to the number of the mark positions contained in the node after recombination, and updating the subsequence corresponding to the mark positions in the bloom filter.
In the embodiment, the hierarchical integrity proving tree structure can quickly position data tampering positions, avoid full data scanning, improve verification efficiency, effectively compress data fingerprint information, reduce storage cost, dynamically adjust the dividing granularity and the node structure of the bloom filter according to data sensitivity and node weight difference, and adapt to different data scenes and security requirements.
In an alternative embodiment, encrypting the data fragments using a bilinear pairing encryption algorithm to obtain encrypted data fragments includes:
Selecting a system safety parameter to obtain a prime number order value, constructing a first cyclic group and a second cyclic group based on the prime number order value, and verifying that the order of the first cyclic group is equal to the order of the second cyclic group;
Selecting a first generation element from the first cyclic group, generating a system main private key by utilizing random number operation, performing scalar multiplication operation on the system main private key and the first generation element to generate a system public parameter, and selecting a corresponding second generation element from the second cyclic group;
Constructing bilinear mapping, mapping elements of the first cyclic group and the second cyclic group to a target group, and determining bilinear properties of the target group and a bilinear mapping operation mode;
Acquiring user identity information and current system time, splicing the user identity information and the current system time, generating a space-time joint identifier, executing safe hash operation, and mapping the space-time joint identifier to the first cyclic group to obtain a first mapping point;
receiving data to be encrypted, slicing the data to be encrypted according to a preset length to obtain a plurality of data slices, generating random numbers for each data slice, and executing bilinear pairing operation by using the first mapping points and the second generating elements to generate a session key belonging to the target group;
And performing symmetric encryption operation on the corresponding data fragments by adopting each session key to obtain ciphertext fragments, performing scalar multiplication operation on each random number and the system public parameter to generate encryption auxiliary parameters, and combining the ciphertext fragments and the corresponding encryption auxiliary parameters to form encrypted data fragments.
The cyclic group specifically refers to a mathematical structure, all elements of which can be generated by repeatedly executing group operation through a specific "generator", and finally return to the starting point to form a cyclic closed system. The operation result in the group is always kept in the group, and each element has an inverse element, so that the operation result can be restored to the original state. In short, a cyclic group is a periodic set of all members generated from a single element by repeating operations, and is often used in cryptography to ensure certainty and security of computation.
The prime order refers specifically to an attribute in a mathematical structure that describes the total number of elements in a cyclic group. It is a prime number, meaning that this number can only be divided by 1 and itself. In group theory, prime order values ensure that the group has special properties, e.g., each non-zero element has a unique inverse, and the entire group can be generated by a specific operation. Prime order is a key number used to define the size of a cyclic group, ensuring that the operation and structure of the group follow specific mathematical rules.
The generator specifically refers to a specific element in the group, and by repeatedly operating the specific element a plurality of times, all other elements in the group can be generated. It is the "core member" of the cluster, which determines the structure and scope of the cluster. A generator is a special "starting element" from which the entire group can be constructed.
In one embodiment, first, a suitable system security parameter is selected, for example, a key length is set, so as to determine a prime number p, and the value of p determines the security strength of the system. Based on this prime number p, two cyclic groups are constructed, denoted G1 and G2. The order of the two cyclic groups, i.e. the number of elements in the group, must be equal and both equal to p. For example, a point group on an elliptic curve may be selected as a cyclic group, and the order is ensured to be equal by an elliptic curve parameter. It is verified whether the orders of G1 and G2 are equal.
Then, one generator G1 is selected from the G1 group. The generator is an element in one group, and all other elements in the group can be obtained by repeating group operation. The system master private key x, which is a positive integer less than p, is generated using a secure random number generator. And performing scalar multiplication operation on the system main private key x and the generator G1 in the G1 group, namely calculating the power x of the G1, and taking the obtained result as a system public parameter P and disclosing the P. Meanwhile, one generator G2 corresponding to G1 is selected from the G2 group. For example, G2 may be a mapping of G1 in the G2 group.
Next, a bilinear map e is constructed, which maps the elements of the G1 group and the G2 group into another cyclic group GT, which is called target group. This bilinear map needs to meet certain mathematical properties, such as bilinear properties and non-degradability. Bilinear properties refer to e (g1 a, g2 b) =e (g 1, g 2) ab, where a and b are arbitrary integers. Non-degenerate means that e (g 1, g 2) is not equal to the unit cell of the target group GT. The bilinear nature of the target group GT and the specific way of operation of the bilinear map are determined. For example, an appropriate elliptic curve pairing algorithm may be selected as the bilinear map.
The identity information ID of the user, e.g. a user name or an identification card number, and the current system time T are acquired. And splicing the user identity information ID and the current system time T together to form a space-time joint identification ID I T. A secure hash operation, such as SHA-256 algorithm, is performed on the spatio-temporal joint identification, and the hash result H (ID T) is mapped into the G1 group to obtain an element in the G1 group, which is denoted as Q. This mapping may be achieved by converting the hash result to an integer and then performing the integer power operation on the generator G1 of G1.
Data D to be encrypted is received. And slicing the data D according to a preset length, for example 128 bits, to obtain a plurality of data slices Di. A random number ri is generated for each data slice Di. And (3) performing bilinear pairing operation by using the element Q in the G1 group and the generator G2 in the G2 group obtained before and the random number ri, and calculating e (Q, G2)/(ri) to obtain an element belonging to the target group GT as a session key Ki.
Symmetric encryption operations are performed on the corresponding data slices Di using each session key Ki, for example using the AES algorithm, resulting in ciphertext slices Ci. And (3) performing scalar multiplication operation on each random number ri and the system public parameter P, namely calculating the ri power of P to obtain an encryption auxiliary parameter Ai. The ciphertext fragment Ci is combined with the corresponding encryption assistance parameter Ai to form an encrypted data fragment (Ci, ai).
For example, assume that the User identification information ID is "User123", the current system time T is "20241027100000", and the data D to be encrypted is "THIS IS A TEST message. And (3) splicing the ID and the T, performing hash operation to obtain a hash value, and mapping the hash value to a G1 group to obtain Q. Assuming a slice length of 8 bits, data D is divided into a plurality of slices. A random number ri is generated for each slice, and a session key ki=e (Q, g 2)/(ri) is calculated. And encrypting the corresponding fragments by using the Ki to obtain the Ci. Ai=p++ri is calculated. The encrypted data pieces (C1, A1), (C2, A2) are finally obtained.
In the embodiment, a session key is generated by adopting a mode of combining a bilinear pairing encryption algorithm and a symmetric encryption algorithm, so that the security of data encryption is improved, data leakage is effectively prevented, fine-granularity access control on data fragments can be realized by combining user identity information and time information to generate a space-time joint identifier, only users with correct identity information and within a specified time can decrypt the data, the data are subjected to fragment processing, the data fragments can be encrypted and decrypted in parallel, and the data processing efficiency is improved, so that the method is particularly suitable for large-scale data encryption and decryption scenes.
In an optional implementation manner, dynamically generating the hierarchical access key according to the behavior risk score, and performing threshold segmentation on the hierarchical access key to obtain a key component includes:
Receiving a behavioral risk score, the behavioral risk score being a real number between 0 and 1;
multiplying the behavior risk score by a preset maximum hierarchy number to obtain a product value, and rounding up the product value to obtain a hierarchy value of the hierarchical access key;
Acquiring a random salt value, splicing the behavior risk score, the level value and the random salt value according to a preset sequence to obtain a spliced value, and calculating the spliced value by using a secure hash function to obtain a hierarchical access key;
Generating a polynomial, wherein the highest degree of the polynomial is equal to a preset threshold value minus one, and the constant term of the polynomial is equal to the hierarchical access key;
Substituting continuous integers from 1 into the polynomial in sequence to obtain a plurality of function values, and forming a plurality of key components by the continuous integers and the corresponding function values;
And adding the hierarchy value and the behavior risk score to the key component to generate a key component with identification information.
The random salt value refers to a piece of randomly generated additional data introduced for enhancing the security of encryption or hash process in the field of cryptography or data security. The key function of the method is that the same input data generates different output results after encryption or hash processing, so that an attacker is effectively prevented from reversely pushing out the original data through a pre-calculation table (such as a rainbow table). The random salt value is a randomly generated additional data used to increase the unpredictability and security of encryption or hashing.
In one embodiment, first, system parameters are preset. The maximum number of levels is set to 5, the secure hash function selects SHA-256, and the preset threshold value is set to 3.
Next, a behavioral risk score for the user is received. For example, a user's behavioral risk score is 0.6.
Then, a hierarchical value of the hierarchical access key is calculated. The behavioral risk score 0.6 is multiplied by the maximum number of levels 5 to obtain a product value of 3. And rounding up the product value 3, and still being 3, the hierarchical access key level value of the user is 3.
Random salt values are generated. For example, the random salt value generated is "SaltValue123".
Hierarchical access keys are spliced and calculated. And splicing the behavior risk score of 0.6, the level value of 3 and the random salt value of SaltValue & lt 123 & gt in the sequence of 'the behavior risk score-the level value-the random salt value', so as to obtain a character string of '0.6-3-SaltValue & lt 123 & gt'. And calculating the spliced character strings by using an SHA-256 algorithm to obtain a hierarchical access key, such as a hash value sample.
And constructing a polynomial. A polynomial with a highest degree of 2 (preset threshold 3 minus 1) is constructed, and the constant term of the polynomial is equal to the hierarchical access key "hash_value_sample". Assuming that other coefficients of the polynomial are randomly generated, for example, the first order coefficient is 1234 and the second order coefficient is 5678, the polynomial can be expressed as: f (x) =5678 x x+1234 x + hash value example.
A key component is generated. Successive integers starting from 1 are substituted into the polynomial in turn.
For example, substituting 1 into the polynomial results in a first function value f (1) =5678+1234+hash_value_sample= "first_function_value".
Substituting 2 into the polynomial results in a second function value f (2) =5678×4+1234×2+hash_value_sample= "second_function_value".
The consecutive integers and their corresponding function values are combined into a plurality of key components, for example, (1), (2), "second_function_value").
Identification information is added. A hierarchy value of 3 and a behavioral risk score of 0.6 are added to each key component, generating a key component with identification information, e.g., (1), (3, 0.6), (2), (second_function_value), (3, 0.6).
In the embodiment, the security of the secret key is effectively protected by introducing a hierarchical access control and threshold secret sharing mechanism, the security of the system is enhanced by dynamically generating the hierarchical access secret key based on the behavior risk score without causing the leakage of the complete secret key even if part of the secret key components are leaked, the access authority of the system can be dynamically adjusted according to the risk level of the user, the security and the flexibility of the system are improved, and the original secret key can be recovered as long as a sufficient number of secret key components are collected due to the threshold secret sharing mechanism, so that the usability and the fault tolerance of the system are improved.
In an alternative embodiment, selecting the set of authorized nodes in the authentication node trust network based on a consensus algorithm comprises:
Acquiring a calculation capability index, an online time length proportion and a historical credit record of each authentication node in an authentication node trust network, and summing the product of the calculation capability index and a first weight, the product of the online time length proportion and a second weight and the product of the historical credit record and a third weight to obtain an authentication node trust value of each authentication node;
Based on the authentication node trust values of all authentication nodes, sorting, and selecting the authentication node with the highest authentication node trust value as a master authentication node, wherein the master authentication node generates a pre-preparation message containing a view number, a serial number and an information abstract;
The master authentication node sends the preparation message to other authentication nodes in the authentication node trust network, the other authentication nodes are divided into different trust groups based on respective authentication node trust values, wherein the authentication nodes with authentication node trust values larger than a first preset threshold value are divided into high trust groups, the authentication nodes with authentication node trust values larger than a second preset threshold value and smaller than the first preset threshold value are divided into medium trust groups, and the authentication nodes with authentication node trust values smaller than the second preset threshold value are divided into low trust groups;
after receiving the pre-preparation message, the authentication node in the high trust group verifies continuity of view numbers, uniqueness of serial numbers and integrity of information abstracts in the pre-preparation message, generates a first preparation message after verification is passed, and sends the first preparation message to the authentication nodes in the medium trust group and the low trust group;
The authentication node in the middle signaling group receives the pre-preparation message and the first preparation message, verifies the consistency of the pre-preparation message and the first preparation message, generates a second preparation message and sends the second preparation message; the authentication node in the low trust group receives the pre-preparation message, the first preparation message and the second preparation message, generates a third preparation message after executing verification operation and sends the third preparation message;
The authentication node in the authentication node trust network receives the first preparation message, the second preparation message and the third preparation message, and when the total number of the preparation messages received by a certain authentication node exceeds twice of the number of preset fault nodes and is added, the corresponding authentication node generates a confirmation message;
Receiving the confirmation messages sent by each authentication node, setting a weighting coefficient according to the authentication node trust value sending the confirmation messages, wherein the weighting coefficient is positively correlated with the authentication node trust value, weighting the confirmation messages to obtain weighted confirmation messages and calculating the total number of the weighted confirmation messages;
When the total number of the weighted confirmation messages is not more than twice the number of the preset fault nodes, selecting an authentication node with the next highest authentication node trust value as a new master authentication node, regenerating the pre-prepared message by the new master authentication node and executing the pre-prepared message until reaching the consensus, and when the total number of the weighted confirmation messages is more than twice the number of the preset fault nodes, reaching the consensus, selecting the authentication node in the high trust group based on the consensus, and constructing an authorization node group.
In one embodiment, the computing power index, the online time length proportion and the historical credit record of each authentication node in the network are firstly required to be obtained. Assume that there are three authentication nodes A, B and C in the network. The computing power index of the A node is 90, the online time length proportion is 0.95, the historical credit record is 0.98, the computing power index of the B node is 85, the online time length proportion is 0.92, the historical credit record is 0.95, the computing power index of the C node is 75, the online time length proportion is 0.88, and the historical credit record is 0.92.
Then, the computing capability index, the online time length proportion and the historical credit record are multiplied by corresponding weights respectively, and then the three products are added to obtain the trust value of each authentication node. Assume weights of three indices of 0.5, 0.3 and 0.2, respectively. The trust value of node a is 90×0.5+0.95×0.3+0.98×0.2=45+0.285+0.196=45.481, the trust value of node b is 85×0.5+0.92×0.3+0.95×0.2=42.5+0.276+0.19=42.966, and the trust value of node c is 75×0.5+0.88×0.3+0.92×0.2=37.5+0.264+0.184= 37.948.
And sequencing the authentication nodes according to the calculated trust values, and selecting the node with the highest trust value as the master authentication node. In this example, the trust value of the a node is highest, so the a node is selected as the master authentication node. The master authentication node a generates a pre-preparation message containing the view number, the sequence number and the information digest. Assuming view number 1, sequence number 100, and message digest "datahash".
The master authentication node a sends a pre-prepare message to the other authentication nodes B and C in the network. And dividing other authentication nodes into different trust groups according to a preset threshold value. Assume that the first preset threshold is 45 and the second preset threshold is 40. Node B is divided into medium trust groups and node C is divided into low trust groups.
The nodes in the high trust group (in this case master node a only) verify the continuity of the view number, the uniqueness of the sequence number and the integrity of the message digest in the message after receiving the pre-prepare message. After the verification is passed, a first preparation message is generated and sent to nodes B and C in the medium and low trust groups.
After the node B in the middle trust group receives the pre-preparation message and the first preparation message, the consistency of the two messages is verified. After passing the verification, a second preparation message is generated and sent to other nodes A and C. And after receiving the pre-preparation message, the first preparation message and the second preparation message, the node C in the low trust group verifies, generates a third preparation message after verification is passed, and sends the third preparation message to other nodes A and B.
All authentication nodes A, B and C in the network receive the first, second, and third provisioning messages. When the total number of the preparation messages received by a certain node exceeds twice the number of the preset fault nodes by one, the node generates a confirmation message. Assuming that the number of preset failed nodes is 0, a confirmation message is generated when one node receives 2×0+1=1 preparation messages.
And receiving the confirmation messages sent by all the nodes, and setting a weighting coefficient according to the trust value of the sending node. The higher the confidence value, the greater the weighting coefficient. Multiplying the confirmation messages by the corresponding weighting coefficients to obtain weighted confirmation messages, and calculating the total number of the weighted confirmation messages.
If the total number of the weighted confirmation messages does not exceed twice the number of the preset fault nodes plus one, selecting the node with the next highest trust value as a new master authentication node, regenerating the prepared message and executing the steps until consensus is achieved. If the total number of the weighted confirmation messages exceeds twice the number of the preset fault nodes plus one, consensus is achieved, and the nodes in the high trust group are selected to construct an authorized node group. In this example, if consensus is reached, node a is selected to construct an authorized node group.
In the embodiment, the risk of single-point faults and malicious attacks is effectively reduced through a consensus algorithm and a multiple verification mechanism, the stable operation of the system is ensured, the weights of different nodes are distinguished through trust values, high-trust nodes are preferentially selected to participate in the consensus process, the consensus efficiency is improved, the system performance is optimized, and the data security of the system is ensured by verifying the integrity and consistency of messages, so that the data tampering and counterfeiting are prevented.
In an alternative embodiment, collecting the authorization signatures of the group of authorization nodes using a lattice-password based threshold signature scheme includes:
Acquiring authentication node information in an authorization node group;
Selecting a first dimension parameter, a second dimension parameter and a modulus parameter, determining a lattice password parameter, and determining a Gaussian distribution parameter based on a Gaussian distribution random number;
Constructing a random matrix according to the first dimension parameter, the second dimension parameter and the modulus parameter, wherein the number of rows of the random matrix corresponds to the first dimension parameter, the number of columns corresponds to the second dimension parameter, and the element value range is determined based on the modulus parameter;
Constructing a unit vector according to the first dimension parameter, and combining the random matrix and the unit vector to generate a group public key;
Generating a short base matrix and an error vector for each authentication node in the authorization node group based on the Gaussian distribution parameters, wherein the number of rows and the number of columns of the short base matrix correspond to the second dimension parameter, and combining the short base matrix and the error vector to generate a signature private key;
receiving a message to be signed, calculating a hash mapping vector of the message to be signed, multiplying the short base matrix by the hash mapping vector by each authentication node in the authorization node group by using a respective signature private key, and adding the short base matrix into the error vector to obtain respective partial signatures;
Combining all partial signatures generated by the authorization node group through an iterative optimization lattice-based shortest vector algorithm, and calculating and reducing norms of the partial signatures in each iterative process to finally obtain combined signatures;
And calculating the product of the norm of the combined signature and the random matrix and the combined signature, and confirming that the authorized signature of the authorized node group is obtained when the norm of the combined signature is smaller than a preset norm threshold and the product of the random matrix and the combined signature is equal to the unit vector.
The first dimension parameter refers in particular to the number of rows used to describe the random matrix, which represents the structural height of the matrix. The method determines the longitudinal size of the random matrix in the group public key and signature algorithm, has direct influence on the generation of the matrix and the safety of subsequent operation, and the first dimension parameter defines the number of rows in the random matrix, so that the method is one of the bases of matrix construction.
The second dimension parameter refers in particular to the number of columns used to describe the random matrix, which represents the structural width of the matrix. The parameter directly influences the size of a short base matrix in a signature private key and the performance of an algorithm, determines the computational complexity and encryption strength of a system, and the second dimension parameter defines the number of columns in a random matrix, which is an important part of matrix construction.
The modulus parameter is specifically used for determining the value range of elements in the random matrix, and each numerical value in the matrix is ensured to be within a specified range. The parameter controls the size of the matrix elements, thereby affecting the security and anti-attack capability of the system, and the modulus parameter limits the maximum range of the random matrix elements, so as to ensure that the matrix meets the expected security attribute.
In one embodiment, first, information is obtained for all authentication nodes in a group of authorized nodes. This includes a unique identifier for each node and public key information for subsequent communications. For example, an authorized Node group includes three nodes, with identifiers node_a, node_b, and node_c, respectively.
Next, parameters of the lattice password are determined. A first dimension parameter n, a second dimension parameter m and a modulus parameter q are selected. The choice of these parameters can affect the safety and efficiency of the scheme. For example, n=1024, m=2048, q=a large prime number, e.g. the 128 th power of 2, can be chosen. Meanwhile, a Gaussian distribution parameter sigma is determined based on the Gaussian distribution random number and used for generating a secret key. For example, σ may be set to 6.
Then, a random matrix A is constructed. The number of rows of the matrix corresponds to a first dimension parameter n, the number of columns corresponds to a second dimension parameter m, and the value range of the elements is determined based on a modulus parameter q, namely between 0 and q-1. For example, A is a matrix of 1024 rows and 2048 columns, each element of which is a random number between 0 and 2 to the power of 128-1.
Next, an n-dimensional unit vector u is constructed. The random matrix a and the unit vector u are combined to generate a group public key (a, u). The group public key is published to all nodes.
A signature private key is then generated for each authentication node in the set of authorized nodes. Based on the gaussian distribution parameter σ, a short basis matrix S and an error vector e are generated for each node. The number of rows and columns of the short base matrix S correspond to the second dimension parameter m, and the dimension of the error vector e is the same as the first dimension parameter n. The short base matrix S and the error vector e are combined to generate a signature private key (S, e). For example, the private key of node_a is (s_a, e_a), the private key of node_b is (s_b, e_b), and the private key of node_c is (s_c, e_c).
When a message needs to be signed, firstly, a hash mapping vector h of the message to be signed is calculated. The vector dimension is the same as the first dimension parameter n. For example, the hash-map vector h of the message "Agreement" is a 1024-dimensional vector.
Each authentication node in the set of authentication nodes signs the hash map vector using a respective signature private key. Specifically, each node multiplies its own short base matrix by the hash mapping vector h, and then adds its own error vector to obtain its own partial signature z. For example, the number of the cells to be processed, node a calculates z a = S _ a x h + e _ a, node B calculates z b=s B x h + e B, node_c calculates z_c = s_c×h+e_c.
After collecting the partial signatures of all nodes, the partial signatures are combined by using an iterative optimized lattice-based shortest vector algorithm. And calculating and reducing the norms of partial signatures in each iteration process, and finally obtaining the combined signature z.
Finally, the product A x z of the norm of the merged signature z and the random matrix A with the merged signature z is calculated. When the norm of the combined signature z is smaller than the preset norm threshold T and the product of the random matrix a and the combined signature z is equal to the unit vector u, the authorized signature z of the authorized node group is confirmed to be obtained. For example, if z < T and axz=u, then z is a valid authorization signature.
In the embodiment, the lattice password technology is adopted, so that the signature scheme has the potential of resisting the attack of a quantum computer, compared with the traditional signature scheme based on RSA or ECC, the security is higher, the threshold-passing signature mechanism can generate an effective authorization signature only when a sufficient number of authorization nodes participate in the signature, the attack of single-point faults and malicious nodes is avoided, the iterative optimization lattice shortest vector algorithm can quickly combine part of the signatures to generate a final authorization signature, and the efficiency of the signature process is improved.
In an alternative embodiment, receiving a request of a visitor, reading a corresponding authorization credential, acquiring a data fingerprint from a certification record in a blockchain, acquiring a corresponding encrypted data fragment and an integrity certification tree from a distributed storage network, verifying data integrity, acquiring a key component from the authorization node group, executing a secure multiparty computing protocol to reorganize the key component to obtain a hierarchical access key, decrypting the encrypted data fragment of a corresponding authority level using the hierarchical access key to obtain decrypted data, creating an access record, submitting the access record to the blockchain, and updating a behavioral risk score of the visitor comprises:
Receiving a data access request of a visitor, extracting a visitor identity, a target data identifier and an access authority level from the data access request, and inquiring a corresponding authorization credential from a blockchain according to the visitor identity;
Verifying a threshold signature in the authorization credential, wherein the threshold signature is generated by an authorization node group by adopting a threshold signature scheme based on a lattice password, and comparing the access permission level recorded in the authorization credential with the access permission level in the data access request;
Acquiring a data fingerprint and a bloom filter parameter from a certification record of a blockchain according to the target data identifier, and constructing a bloom filter structure based on the bloom filter parameter;
Acquiring an encrypted data fragment and an integrity proving tree from a distributed storage network, calculating a data fingerprint of the encrypted data fragment, inputting the data fingerprint into the bloom filter structure for searching, and verifying the integrity of the encrypted data fragment through the integrity proving tree;
sending a key component acquisition request to the authorization node group, wherein the key component acquisition request carries the authorization credential and receives a key component returned by the authorization node group;
Starting a secure multiparty computing protocol, taking the visitor as a protocol initiator, taking the nodes of the authorized node group as protocol participants, inputting key components held by the protocol participants, and recombining the key components by adopting a homomorphic encryption mode to obtain a layered access key;
Decrypting the encrypted data fragments by using a key corresponding to the access authority level in the hierarchical access key to obtain decrypted data;
Generating an access record, wherein the access record comprises the visitor identity identifier, the target data identifier, the access permission level and an access time stamp, and submitting the access record to the blockchain;
and calculating the access frequency and time interval distribution of the visitor based on the access records, and updating the behavior risk score of the visitor in combination with the historical access records of the visitor.
In one embodiment, first, a data access request is received for a visitor. The request contains a visitor identification (e.g., a visitor's digital certificate hash value "8f3 b."), a target data identification (e.g., a data file hash value "e4a 2.") and an access permission level (e.g., read permission or write permission, here assumed to be "read").
And then, inquiring corresponding authorization credentials from the blockchain according to the identity of the visitor. Suppose that the visitor's authorization credential is recorded in a block of the blockchain, which has a hash value of "b1c4. The authorization credential includes a signature generated by the group of authorized nodes using a grid-password based threshold signature scheme. The threshold signature is verified to ensure the validity of the authorization credential. And meanwhile, comparing the access authority level recorded in the authorization credential with the access authority level in the data access request, and refusing access if the access authority level is not matched with the access authority level in the data access request. Assuming that the access permission level in the authorization credential is also "read," the comparison passes.
Next, "acquire data fingerprint" f7d3., "and bloom filter parameters from the certification record of the blockchain" are identified according to the target data. Let the bloom filter parameters be (m=1024, k=3). A bloom filter structure is constructed based on these parameters.
The encrypted data fragments and the integrity certification tree are then obtained from the distributed storage network. Let the encrypted data fragment be { "c1", "c2", "c3" }, the root hash value of the integrity certification tree be "a8b9. The data fingerprint of the encrypted data slice is calculated, assuming "f7d3. The fingerprint is input into a bloom filter structure for lookup. If the search is successful, the next step is carried out, otherwise, the access is refused. Since the calculated data fingerprint is consistent with the data fingerprint obtained from the blockchain, the search is successful. Next, the integrity of the encrypted data fragments is verified through the integrity certification tree, ensuring that the data has not been tampered with.
Thereafter, a key component acquisition request is sent to an authorized group of nodes (e.g., node A, B, C). The request carries the authorization credential "b1c4. After the authorization node group verifies the authorization credentials, the authorization node group returns the key components held by the authorization node group. Suppose node A returns the key component "k_A", node B returns "k_B", and node C returns "k_C".
Next, a secure multiparty computing protocol is initiated. The visitor acts as a protocol initiator and the node A, B, C of the authorized node group acts as a protocol participant. The protocol participant inputs the key components k_ A, k _ B, k _C held by the protocol participant, and the key components are recombined in a homomorphic encryption mode to obtain a hierarchical access key. Let k= { k_read, k_write }, the reorganized hierarchical access key.
And reading the decrypted encrypted data fragment { "c1", "c2", "c3" } by using a key K_corresponding to the access authority level read in the hierarchical access key to obtain decrypted data. The decrypted data is assumed to be "plaintext data".
Finally, an access record is generated. The record contains a visitor identity "8f3b.," target data identity "e4a2.," access permission level "read", access timestamp "2024-07-27 10:00:00". The access record is submitted to the blockchain.
Based on the access record and the historical access record of the visitor, the access frequency and time interval distribution of the visitor are calculated. For example, 3 visits have been made in the past hour with an average time interval of 20 minutes. The behavioral risk scores of the visitors are updated in conjunction with this information. For example, the risk score is upgraded from low risk to medium risk.
In the embodiment, the security of data access is ensured by adopting the technologies of a grid-password-based threshold signature, a bloom filter, an integrity proving tree, homomorphic encryption and the like, unauthorized access and data tampering are prevented, fine granularity control of data access is realized by a hierarchical access key mechanism, users with different authority levels can only access data in an authorized range, the bloom filter can rapidly judge whether the data exists or not, the efficiency of data access is improved, and a secure multiparty computing protocol can finish the recombination and data decryption of key components while protecting the data privacy, so that a complex key management flow is avoided.
FIG. 2 is a schematic diagram of a block chain driven distributed private data storage and access control system according to an embodiment of the present invention, as shown in FIG. 2, the system includes:
The first unit is used for receiving the privacy data, carrying out semantic analysis on the privacy data to obtain a sensitivity score, and carrying out slicing treatment on the privacy data based on the sensitivity score to obtain data slicing; the method comprises the steps of calculating a data fingerprint value of each data fragment, organizing the data fingerprint value into bloom filters, constructing a hierarchical integrity certification tree based on the bloom filters, encrypting the data fragments by adopting a bilinear pairing encryption algorithm to obtain encrypted data fragments, submitting the encrypted data fragments and the integrity certification tree to a distributed storage network, and generating a certification record of the data fingerprints in a blockchain;
The second unit is used for receiving a data access application, extracting behavior characteristics of a visitor, obtaining a behavior risk score through deep learning based on the behavior characteristics of the visitor, dynamically generating a layered access key according to the behavior risk score, and carrying out threshold segmentation on the layered access key to obtain a key component;
The third unit is used for receiving the request of the visitor, reading the corresponding authorization certificate, acquiring the data fingerprint from the certificate storage record in the blockchain, acquiring the corresponding encrypted data fragment and the integrity certification tree from the distributed storage network, verifying the data integrity, acquiring the key component from the authorization node group, executing the secure multiparty computing protocol to reorganize the key component to obtain a layered access key, decrypting the encrypted data fragment of the corresponding authority level by using the layered access key to obtain decrypted data, creating an access record, submitting the access record to the blockchain, and updating the behavior risk score of the visitor.
In a third aspect of an embodiment of the present invention,
There is provided an electronic device including:
A processor;
A memory for storing processor-executable instructions;
Wherein the processor is configured to invoke the instructions stored in the memory to perform the method described previously.
In a fourth aspect of an embodiment of the present invention,
There is provided a computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the method as described above.
The present invention may be a method, apparatus, system, and/or computer program product. The computer program product may include a computer readable storage medium having computer readable program instructions embodied thereon for performing various aspects of the present invention.
It should be noted that the above embodiments are merely for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the above embodiments, it should be understood by those skilled in the art that the technical solution described in the above embodiments may be modified or some or all of the technical features may be equivalently replaced, and these modifications or substitutions do not make the essence of the corresponding technical solution deviate from the scope of the technical solution of the embodiments of the present invention.