CN114124499B - Charity system privacy protection method and system based on blockchain - Google Patents
Charity system privacy protection method and system based on blockchain Download PDFInfo
- Publication number
- CN114124499B CN114124499B CN202111344485.2A CN202111344485A CN114124499B CN 114124499 B CN114124499 B CN 114124499B CN 202111344485 A CN202111344485 A CN 202111344485A CN 114124499 B CN114124499 B CN 114124499B
- Authority
- CN
- China
- Prior art keywords
- box
- information
- data
- matrix
- blockchain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/42—Anonymization, e.g. involving pseudonyms
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a charitable system privacy protection method and system based on a blockchain. The privacy protection of the charitable system is divided into user-oriented privacy protection and data-oriented privacy protection. The privacy protection for the user limits the access data authority of the user by writing intelligent contracts, and ensures the privacy data; the data-oriented privacy protection is realized by dynamically constructing an S box by using an improved AES algorithm, so that various properties of the S box are randomly transformed, and the security of an encryption algorithm is improved; and meanwhile, a digest algorithm is used for calculating the digest of the generated ciphertext, so that the integrity of the data is ensured. The improved AES algorithm and the digest algorithm are used for guaranteeing the data encryption safety and integrity in the charity system, and meanwhile, the operation efficiency is improved, so that the whole system has enough public confidence, and the risk of data leakage of the traditional charity system is effectively compensated.
Description
Technical Field
The invention relates to the field of blockchain technology and encryption and decryption of cryptographic data, and in particular relates to a blockchain-based charitable system privacy protection method and system.
Background
In the charitable field, the flow direction of the charities is recorded through the advanced characteristics of the blockchain technology, through means of online donation and the like, and the direction of the charities can be inquired at any time. The charity system applying the blockchain technology can track the charity, perform operations such as fair disclosure on the charity accounts, and improve the transparency of the charity organization to the information, so that the trust of the public to the charity organization is improved.
While guaranteeing charity system public trust, the privacy data of users are more important. The value of data is continuously highlighted in the informatization today, and how to ensure the security of core data is a great challenge. For the user, the user expects his own data to be protected. Therefore, how to protect the privacy of the data while ensuring the high-efficiency availability of the data becomes one of the hot spots for research of domestic and foreign scientific researchers.
Blockchains are a new technology that is significantly different from traditional IT architectures. In a conventional IT architecture, data is usually stored in a centralized server, and how to ensure privacy security of the data is converted into how to ensure security of the centralized server, so that purchasing a high-performance server or improving anti-attack capability of the server is an important point of privacy protection. There is always no suitable solution for privacy protection of blockchain systems. Blockchains have become a trend of internet development as a distributed database system in which a plurality of nodes participate in supervision and management together.
Currently, the mainstream encryption algorithms include homomorphic encryption, secure multiparty computation, key management and the like. The homomorphic encryption is to realize the calculation and verification of data under the condition of no decryption by a third party, and the secure multi-party calculation formula is a universal cipher primitive, is a plurality of data owners under a mutually-untrusted distributed environment, and jointly calculates the same function without revealing own input data. The key management is divided according to whether the Internet is accessed or not, and the cold wallet cannot be accessed by the network, so that the risk of stealing the private key by a hacker is avoided. The hot wallet can conduct transactions at any time in a networking state, and is more convenient for users who conduct frequent transactions.
How to ensure that user privacy data on a blockchain is not stolen is the main work focus of research. The existing privacy protection method mainly uses an asymmetric encryption algorithm to encrypt data. The information is encrypted by a public key, decrypted using a private key, or encrypted by a public key. The method takes a large amount of time for encryption and decryption, has low speed, and is only suitable for encrypting a small amount of data. But is not applicable to the large amounts of data generated by the charity system.
Disclosure of Invention
In order to meet the requirements of the openness, transparency, non-falsification and data security of the charity system, the invention provides a block chain-based privacy protection method and system for the charity system. The system aims at solving the privacy protection problem. A privacy protection method facing users and facing data is adopted. The present invention solves privacy protection problems by using blockchain intelligence contracts and cryptography-related knowledge. For users, the access rights of the users are controlled by writing intelligent contracts, and the privacy data of the users are ensured. And for the data, the encryption algorithm is utilized to encrypt the data, and meanwhile, the digest algorithm is utilized to carry out integrity check, so that the data security is improved. Various encryption algorithms have been proposed by researchers for data encryption problems. The AES algorithm is mainly improved, the S box is dynamically constructed, so that the S box has no obvious structural characteristics, various properties are randomly transformed, and the cracking difficulty is increased; and meanwhile, a digest algorithm is used to ensure the integrity of the user data. Finally, the operation efficiency of data encryption is verified, and the correctness and feasibility of the improved algorithm are verified.
The technical scheme adopted by the invention for achieving the purpose is as follows: the charitable system privacy protection method based on the block chain comprises the following steps:
limiting access rights of users in the charitable system according to the intelligent contract;
and encrypting and storing the information of the uploaded blockchain by using an AES algorithm based on a dynamic construction S box.
The AES algorithm based on the dynamic construction S box comprises the following steps:
step 1: the provided key is subjected to Murmurhash2 transformation, a 32-bit transformation factor E is calculated, and the 32-bit transformation factor E is converted into hexadecimal numbers which are eight bits in total and divided into four upper bits and four lower bits:
E=Murmurhash2(key)
wherein, murmurhash2 represents Murmurhash2 transformation, and key represents an encryption key of an AES algorithm;
step 2: the upper four bits h and the fourth bit 1 are respectively added with different interference factors (u, v) As row and column transform variables (k, p), respectively; the interference factor being derived from the prime number F { x } 1 ,x 2 ,…x n Selecting from the set;
k=(h+u)mod 16u∈rondom(F)
p=(l+v)mod16v∈rondom(F)
wherein mod represents the remainder, rondom represents randomly selecting a number from the prime number set F;
step 3: initializing a 16 x 16S-box matrix, sequentially increasing the values of elements in the matrix from 0 to 255, filling 256 positions of the matrix row by row from left to right, denoted by T 0 ;
Step 4: for the initial S box matrix, traversing each row of data, firstly performing row transformation, and then connecting T 0 The values of the elements in the i and j positions are assigned to the corresponding T 1 X, j position element values of (a); the formula is as follows:
x=(k+i+j)mod 16
T 1 [x][j]=T 0 [i][j]
wherein i and j respectively represent the current data in S box T 0 In the row and column coordinates, k represents the row transformation variable, x represents the number of bits moved by the final row, T 1 Representing a temporary storage matrix;
step 5: matrix T generated by line transformation 1 Column conversion is performed to convert T 1 Corresponding values of the i and j positions in the table are assigned to T 2 I, y positions of (2); the formula is as follows:
y=(p+i+j)mod 16
T 2 [i][y]=T 1 [i][j]
wherein i, j represent T 1 Row and column coordinates in the matrix, p represents the column transform variable, y represents the number of bits moved by the final column, T 2 Representing a temporary storage matrix;
t obtained 2 The matrix is the generated S box;
step 6: according to the generated S box, obtaining an inverse S box through position exchange;
step 7: splitting the plaintext into a plurality of independent plaintext blocks, each plaintext block having a length of 128 bits; when the plaintext block is less than 128 bits, then the blank character is complemented at the end of the plaintext block so as to make the length of the plaintext block be 128 bits;
step 8: and 5, replacing the S box in the byte replacement process of the AES algorithm with the S box generated in the step 5, executing the AES algorithm on each plaintext block, and splicing the generated ciphertext blocks to generate a complete ciphertext.
The interference factor is a constant and serves as a row transform variable K and a column transform variable P, respectively.
The reverse S box is obtained through position exchange according to the generated S box, and the method comprises the following steps:
an initial 16 x 16 matrix S 1 The value of each position is 0;
data of i row and j column positions of the S box are expressed as 0xmn, and S is that 1 Filling 0xij into m rows and n columns of the matrix to form a corresponding matrix;
traversing all elements in the S box, and sequentially carrying out S 1 Finishing the filling of the matrix to obtain S 1 Is an inverse S box.
And calculating the digest of the generated ciphertext by using an SHA256 algorithm, and splicing the calculation result to the rear of the ciphertext for verifying the integrity of the ciphertext.
And decrypting the encrypted information of the uploading block chain, and decrypting through the constructed inverse S box.
The information of the uploading block chain comprises: the information may include the information of the contribution, and the information of the account usage.
The intelligent contract layer sets access rights of a receiver, access rights of a donator and access rights of a supervisor;
the subject access rights: accessing the assisted information, including a total donation amount, and a donation amount of the donor, without access to personal information of the donor;
the donor access rights: accessing the donation information participated by the person, the assisted information of the assisted person and the money-taking information of the assisted person, and having no right to access the personal information of the assisted person;
the supervisor uses the rights: all the assisted information, all the donation information of the donators, and all the use information of the charities are accessed.
A charity system privacy protection system based on blockchain, comprising:
the application layer is used for the interaction of the block chain charity system and external information and transmitting the information into the intelligent contract layer;
the intelligent contract layer is used for writing the incoming information into intelligent contracts so as to limit the access rights of users;
and the data processing layer is used for encrypting the information uploaded into the blockchain.
The invention has the following beneficial effects and advantages:
1. compared with the existing charitable system, the invention has higher privacy protection requirement and extremely high credibility.
2. User access rights are set for data access of the charity system, different users have different access rights, and privacy protection is provided from the user perspective.
3. And by dynamically constructing the S box, the AES algorithm is used for encryption to ensure the privacy data of the user. After encryption using the modified AES algorithm, the data is stored in the blockchain to protect privacy security from the data perspective.
4. After the data generated by the transaction is encrypted by an encryption algorithm, the digest is calculated, and the data integrity is ensured.
5. The charitable system adopts a mode of combining chain up-chain and chain down-chain to provide the space utilization rate of the blockchain.
Drawings
FIG. 1 is a schematic view of a user-oriented privacy preserving model of the present invention;
FIG. 2 is a schematic diagram of a data-oriented privacy preserving model of the present invention;
FIG. 3a is a schematic diagram of the resulting S-box;
FIG. 3b is a schematic diagram of the resulting inverted S box;
FIG. 4 is a flow chart of the charity system donation and query;
FIG. 5 is a schematic diagram of a charitable system privacy protection system based on blockchain.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples.
The invention limits the access data authority of the user by writing the intelligent contract for privacy protection of the user, and ensures the privacy data; the data-oriented privacy protection is realized by dynamically constructing an S box by using an improved AES algorithm, so that various properties of the S box are randomly transformed, and the security of an encryption algorithm is improved; and meanwhile, a digest algorithm is used for calculating the digest of the generated ciphertext, so that the integrity of the data is ensured. The improved AES algorithm and the digest algorithm are used for guaranteeing the data encryption safety and integrity in the charity system, and meanwhile, the operation efficiency is improved, so that the whole system has enough public confidence, and the risk of data leakage of the traditional charity system is effectively compensated.
As shown in fig. 5, the system for charitable system privacy protection based on blockchain includes:
application layer: the system is used for the interaction of the block chain charity system and external information, and the information is transmitted into an intelligent contract layer;
the intelligent contract layer is used for writing the incoming information into intelligent contracts so as to limit the access rights of users;
the data processing layer is used for encrypting and decrypting the information uploaded into the blockchain;
data storage layer: for storing user and system generated data information.
And the access rights of the user are limited by writing rights intelligent contracts, so that the privacy data of the user are ensured.
By encrypting the data written into the blockchain and using an improved AES algorithm, the S box is dynamically constructed, so that the S box has no obvious structural characteristics, the cracking difficulty is increased, and meanwhile, the digest algorithm is improved, so that the integrity of the user data is ensured.
The interaction information comprises: the information of the assisted, donation and the use of the money provided by the assisted.
The intelligent contract layer comprises: the recipient access rights, the donor access rights, and the supervisor access rights.
The access rights of the helpers: access to the information related to the recipient, including the total donation amount, and the donation amount of the donor, is not authorized to access personal information of the donor.
Donor access rights: accessing the donation records in which the user participates, the assisted information of the assisted person, and the money-taking records of the assisted person, and having no right to access the personal information of the assisted person.
Supervisor usage rights: access all of the assisted information, all of the donation records for the donator, and all of the use records for the charity.
The data storage layer includes: an under-chain memory module and an on-chain memory module.
And the under-chain storage module is as follows: and storing basic information of the user, including the account and the role of the user and the unique identification ID of the user, by adopting a traditional database.
On-chain storage module: and storing related data of the charitable system by adopting a blockchain, wherein the related data comprises a aided application of a aided person, a donation record of the aided person and a charity use record.
Data protection employs improved AES algorithms and digest algorithms, including dynamically constructing S-boxes, parallelizing the AES algorithms, and computing digests for encrypted data.
Dynamically constructing an S box: the initialized S boxes are rotated by performing Murmurhash2 transformation on the secret key and adding interference factors, so that the initialized S boxes have no obvious structural characteristics, various properties are randomly transformed, and different S boxes are generated by different secret keys, so that information security is ensured.
Parallelization of the AES algorithm: the conventional AES algorithm is of a serial structure, so that the problems of overlong encryption and decryption time response, poor interaction experience and the like of a system are caused. Therefore, the serialization structure of the AES algorithm can be changed into a parallelization calculation structure, as shown in fig. 2, and the calculation efficiency of data encryption and decryption can be improved.
Calculating abstract: and the consistency of the encrypted ciphertext before and after the encrypted ciphertext and the data integrity are ensured by calculating the abstract.
The aided information is submitted to the supervisor for auditing by the aided person, and after the auditing is passed, the aided information is uploaded to the blockchain. The donor performs the donation by selecting the item to be promoted. The method specifically comprises the following steps:
the block chain charity system transmits information submitted by a receiver to the intelligent contract layer after the information is checked and passed by a supervisor;
the intelligent contract layer survives the corresponding intelligent contracts according to the submitted aided information;
the data processing layer records the registered aided information and encrypts the interactive data;
the data storage layer stores the encrypted data.
As shown in fig. 1, the charity system privacy protection based on blockchain designed herein is mainly divided into two parts, and the specific content is as follows:
(1) User-oriented privacy protection
The privacy protection for the user is the access control authority of the user to the data and the anonymity in the blockchain system, the access control strategy is one of the important strategies for protecting the data privacy, and the information cannot be illegally acquired by limiting the access authority of the data, so that the data security is ensured.
In a charitable system, a user applies for registration, and a system administrator assigns roles to the user through auditing information. After the user obtains the role authority, the accessed information can be determined in the authority range through intelligent contracts in the system. If the user has no access right, the corresponding data cannot be queried. The entire charity system includes the following roles:
general user role: including donors and donors, may access the donation assistance information associated therewith.
The system manager: and assigning roles for the users, and determining the access rights of different users.
The supervisor: and verifying whether the user has access rights according to the writing rule of the intelligent contract, and if so, acquiring related information through the blockchain account and returning the related information to the user.
Wherein the intelligent contract mainly sets access rules for system users, and each user contains user rights. The system manager can distribute different user rights according to the rules of the intelligent contract, so that the flexibility of the intelligent contract is improved.
(2) Data-oriented privacy protection
The data-oriented privacy protection is mainly oriented to data information, and the privacy protection method based on encryption is mainly adopted to protect the privacy and the integrity of data. The information uploaded to the blockchain by users in a charitable system may contain a portion of the private information that must be encrypted in order to prevent other attackers from illegally acquiring user data. In order to achieve both encryption safety and encryption efficiency, the generation process of the S box is improved on the basis of an AES algorithm, the difficulty of decoding information is increased, meanwhile, the integrity of the information is verified by using a summary algorithm, and the information safety is guaranteed.
As shown in fig. 2, the specific steps are as follows:
step 1: the provided key is subjected to Murmurhash2 transformation, a 32-bit transformation factor E is calculated, and the 32-bit transformation factor E is divided into a high four bits and a low four bits.
E=Murmurhash2(key)
Step 2: the upper four bits h and the fourth bit 1 are added with different interference factors (u, v) respectively, which can be derived from the prime number F { x ] 1 ,x 2 ,…x n Selected from the set. Or a constant value as the row transform variable K and the column transform variable P, respectively.
k=(h+u)mod16u∈rondom(F)
p=(l+v)mod16v∈rondom(F)
Step 3: initializing a 16X 16S box matrix, wherein the values of the matrix are sequentially 0-255 from small to large, each row is arranged from small to large, and the corresponding positions of the matrix are sequentially filled with the matrix, which is expressed as T 0 。
Step 4: for the initial S box matrix, traversing each row of data, firstly performing row transformation, wherein the transformation formula is as follows:
x=(k+i+j)mod 16
T 1 [x][i]=T 0 [j][i]
wherein i, j represents the current data in S box T 0 In the row and column coordinates, k represents the row transformation variable, x represents the number of bits moved by the final row, T 1 Representing a temporary storage matrix. Then T is taken up 0 Middle j,Assignment of i position to T 1 X, i positions of (c).
Step 5: matrix T generated by line transformation 1 Column conversion is performed, and the conversion formula is as follows:
y=(p+i+j)mod 16
T 2 [i][y]=T 1 [i][j]
wherein i, j represent T 1 Row and column coordinates in the matrix, p represents the column transform variable, y represents the number of bits moved by the final column, T 2 Representing a temporary storage matrix. Will T 1 Corresponding values of the i and j positions in the table are assigned to T 2 I, y positions of (c). Taking h and l as 3,5, u and v as 2 and 3 respectively to generate S box T 2 Fig. 3a and 3b are as follows:
step 6: and exchanging the corresponding positions according to the generated S matrix. As shown in fig. 3a and 3b, the data of the S-box 0 row and 0 column position is taken to be 2e, the corresponding positions of the S-box 2 row and e column are taken to be 00 in the inverse S-box, and the matrix is filled in sequence, so that the inverse S-box is obtained, and the calculation is not needed again.
Step 7: the plaintext is split into individual plaintext blocks, each plaintext block being 128 bits in length, and if the plaintext block is less than 128 bits, a corresponding number of null characters are appended at the end of the plaintext block.
Step 8: byte substitution, row shifting, column scrambling, and round key addition operations of the AES algorithm are performed on each plaintext block, replacing the S-box in the byte substitution process with a modified S-box. And finally, splicing the generated ciphertext blocks to generate a complete ciphertext block.
And calculating the digest of the generated ciphertext by using an SHA256 digest algorithm, and splicing the calculation result to the rear of the ciphertext for verifying the integrity of the ciphertext.
As shown in fig. 4, the present invention includes the steps of:
1. the helped person provides the helped information to generate the intelligent contract. The aided people submit the information to the supervisor by filling in basic aided information including aided reasons, money, certificates, basic conditions and the like, and after the supervisor passes the audit, intelligent contracts are generated and issued to the blockchain.
2. The donator inquires the information of the donation and performs donation. After the donator logs in the system, the donation information provided by the donator can be inquired, and the donation is performed by transferring accounts to the appointed supervision account.
3. The donation information is stored in the blockchain after being encrypted. After donation by a donator, the transfer voucher is submitted in the system, and after passing the audit by a supervisor, the data is encrypted and stored in a blockchain.
4. The supervisor supervises the money-on account dynamics and records the information in the blockchain. After the donation is completed, the beneficiary may use the charities in the administrative account to save the credentials to use the charities in the blockchain by the supervisor.
5. The helpers and the donors query for relevant information. The beneficiary can inquire about the donation situation of the good at any time, and meanwhile, the donation can inquire about the donation records and the use situation of the good of the beneficiary, but has no right to access other information beyond the authority range of the beneficiary.
Claims (5)
1. The charitable system privacy protection method based on the blockchain is characterized by comprising the following steps of:
limiting access rights of users in the charitable system according to the intelligent contract;
encrypting and storing the information of the uploaded blockchain by an AES algorithm based on a dynamic construction S box;
the AES algorithm based on the dynamic construction S box comprises the following steps:
step 1: the provided key is subjected to Murmurhash2 transformation, a 32-bit transformation factor E is calculated, and the 32-bit transformation factor E is converted into hexadecimal numbers which are eight bits in total and divided into four upper bits and four lower bits:
E=Murmurhash2(key)
wherein, murmurhash2 represents Murmurhash2 transformation, and key represents an encryption key of an AES algorithm;
step 2: adding different interference factors (u, v) to the upper four bits h and the lower four bits l respectively as row and column transformation variables (k, p) respectively; the interference factor being derived from the prime number F { x } 1 ,x 2 ,…x n Selecting from the set;
k=(h+u)mod 16 u∈rondom(F)
p=(l+v)mod 16 v∈rondom(F)
wherein mod represents the remainder, rondom represents randomly selecting a number from the prime number set F;
step 3: initializing a 16 x 16S-box matrix, sequentially increasing the values of elements in the matrix from 0 to 255, filling 256 positions of the matrix row by row from left to right, denoted by T 0 ;
Step 4: for the initial S box matrix, traversing each row of data, firstly performing row transformation, and then connecting T 0 The values of the elements in the i and j positions are assigned to the corresponding T 1 X, j position element values of (a); the formula is as follows:
x=(k+i+j)mod 16
T 1 [x][j]=T 0 [i][j]
wherein i and j respectively represent the current data in S box T 0 In the row and column coordinates, k represents the row transformation variable, x represents the number of bits moved by the final row, T 1 Representing a temporary storage matrix;
step 5: matrix T generated by line transformation 1 Column conversion is performed to convert T 1 Corresponding values of the i and j positions in the table are assigned to T 2 I, y positions of (2); the formula is as follows:
y=(p+i+j)mod 16
T 2 [i][y]=T 1 [i][j]
wherein i, j represent T 1 Row and column coordinates in the matrix, p represents the column transform variable, y represents the number of bits moved by the final column, T 2 Representing a temporary storage matrix;
t obtained 2 The matrix is the generated S box;
step 6: according to the generated S box, obtaining an inverse S box through position exchange;
step 7: splitting the plaintext into a plurality of independent plaintext blocks, each plaintext block having a length of 128 bits; when the plaintext block is less than 128 bits, then the blank character is complemented at the end of the plaintext block so as to make the length of the plaintext block be 128 bits;
step 8: replacing the S box in the byte substitution process of the AES algorithm with the S box generated in the step 5, executing the AES algorithm on each plaintext block, and splicing the generated ciphertext blocks to generate a complete ciphertext;
the interference factor is a constant and is respectively used as a row transformation variable K and a column transformation variable P;
the reverse S box is obtained through position exchange according to the generated S box, and the method comprises the following steps:
an initial 16 x 16 matrix S 1 The value of each position is 0;
data of i row and j column positions of the S box are expressed as 0xmn, and S is that 1 Filling 0xij into m rows and n columns of the matrix to form a corresponding matrix;
traversing all elements in the S box, and sequentially carrying out S 1 Finishing the filling of the matrix to obtain S 1 Is an inverse S box.
2. The blockchain-based charity system privacy protection method of claim 1, wherein the generated ciphertext is used to verify the integrity of the ciphertext by computing a digest of the ciphertext using the SHA256 algorithm, and stitching the computed result to the back of the ciphertext.
3. The charitable system privacy protection method based on blockchain as claimed in claim 1, wherein the encrypted information of the uploaded blockchain is decrypted, and decrypted by the constructed inverse S-box.
4. The blockchain-based charity system privacy protection method of claim 1, wherein the uploading blockchain information includes: the information may include the information of the contribution, and the information of the account usage.
5. The blockchain-based charity system privacy protection method of claim 1, wherein the intelligent contract layer sets a recipient access right, a donor access right, and a supervisor access right;
the access rights of the helped person are as follows: accessing the assisted information, including a total donation amount and a donation amount of the donor, without access to personal information of the donor;
the donor access rights, comprising: accessing the donation information participated by the person, the assisted information of the assisted person and the money-taking information of the assisted person, and having no right to access the personal information of the assisted person;
the supervisor use right comprises: all the assisted information, all the donation information of the donators, and all the use information of the charities are accessed.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111344485.2A CN114124499B (en) | 2021-11-15 | 2021-11-15 | Charity system privacy protection method and system based on blockchain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111344485.2A CN114124499B (en) | 2021-11-15 | 2021-11-15 | Charity system privacy protection method and system based on blockchain |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114124499A CN114124499A (en) | 2022-03-01 |
CN114124499B true CN114124499B (en) | 2023-08-29 |
Family
ID=80395999
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111344485.2A Active CN114124499B (en) | 2021-11-15 | 2021-11-15 | Charity system privacy protection method and system based on blockchain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114124499B (en) |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100889056B1 (en) * | 2008-07-03 | 2009-03-17 | 주식회사 유비콘테크놀로지 | Aes ccm arithmetic apparatus of wireless usb system |
CN107332657A (en) * | 2017-07-21 | 2017-11-07 | 广州智慧城市发展研究院 | A kind of encryption method and system based on block chain digital signature |
CN108377189A (en) * | 2018-05-09 | 2018-08-07 | 深圳壹账通智能科技有限公司 | User's communication encrypting method, device, terminal device and storage medium on block chain |
CN110661790A (en) * | 2019-09-10 | 2020-01-07 | 连连银通电子支付有限公司 | Block chain private data protection method, device, equipment and medium |
EP3742320A1 (en) * | 2019-05-21 | 2020-11-25 | Ordnance Survey Limited | Method and system for granting access to data in an immutable ledger system |
CN112507022A (en) * | 2020-11-25 | 2021-03-16 | 中国科学院沈阳计算技术研究所有限公司 | Block chain charitable system based on novel data storage model |
CN112685760A (en) * | 2021-01-08 | 2021-04-20 | 浙江泰科数联信息技术有限公司 | Financial data privacy processing and sharing method capable of authorizing on block chain |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11341261B2 (en) * | 2019-04-05 | 2022-05-24 | Spideroak, Inc. | Integration of a block chain, managing group authority and access in an enterprise environment |
-
2021
- 2021-11-15 CN CN202111344485.2A patent/CN114124499B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100889056B1 (en) * | 2008-07-03 | 2009-03-17 | 주식회사 유비콘테크놀로지 | Aes ccm arithmetic apparatus of wireless usb system |
CN107332657A (en) * | 2017-07-21 | 2017-11-07 | 广州智慧城市发展研究院 | A kind of encryption method and system based on block chain digital signature |
CN108377189A (en) * | 2018-05-09 | 2018-08-07 | 深圳壹账通智能科技有限公司 | User's communication encrypting method, device, terminal device and storage medium on block chain |
EP3742320A1 (en) * | 2019-05-21 | 2020-11-25 | Ordnance Survey Limited | Method and system for granting access to data in an immutable ledger system |
CN110661790A (en) * | 2019-09-10 | 2020-01-07 | 连连银通电子支付有限公司 | Block chain private data protection method, device, equipment and medium |
CN112507022A (en) * | 2020-11-25 | 2021-03-16 | 中国科学院沈阳计算技术研究所有限公司 | Block chain charitable system based on novel data storage model |
CN112685760A (en) * | 2021-01-08 | 2021-04-20 | 浙江泰科数联信息技术有限公司 | Financial data privacy processing and sharing method capable of authorizing on block chain |
Non-Patent Citations (1)
Title |
---|
《区块链应用中AES和RSA混合加密算法分析》;彭俊霞;《电子技术与软件工程》(第2021年第2期);第222-224页 * |
Also Published As
Publication number | Publication date |
---|---|
CN114124499A (en) | 2022-03-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110099043B (en) | Multi-authorization-center access control method supporting policy hiding and cloud storage system | |
CN110474893A (en) | A kind of isomery is across the close state data safety sharing method of trust domain and system | |
Yu et al. | Achieving secure, scalable, and fine-grained data access control in cloud computing | |
CN110959163B (en) | Computer-implemented system and method for enabling secure storage of large blockchains on multiple storage nodes | |
CN112019591A (en) | Cloud data sharing method based on block chain | |
CN107483198A (en) | A kind of block catenary system supervised and method | |
CN106487506B (en) | Multi-mechanism KP-ABE method supporting pre-encryption and outsourcing decryption | |
CN111368318B (en) | Object tracking method for multi-mode blockchain transaction | |
CN113643134B (en) | Internet of things blockchain transaction method and system based on multi-key homomorphic encryption | |
CN113761583A (en) | Attribute-based access control method on block chain | |
Chen et al. | Threshold proxy re-encryption and its application in blockchain | |
Chen et al. | Titanium: A metadata-hiding file-sharing system with malicious security | |
Liu et al. | A fair data access control towards rational users in cloud storage | |
Zhang et al. | A traceable and revocable multi-authority access control scheme with privacy preserving for mHealth | |
Aruna et al. | Medical healthcare system with hybrid block based predictive models for quality preserving in medical images using machine learning techniques | |
Wang et al. | Enabling privacy and leakage resistance for dynamic blockchain-based access control systems | |
CN114430321A (en) | DFA self-adaptive security-based black box traceable key attribute encryption method and device | |
CN114511322A (en) | Relay-based chain-handling cross-link structure and access control method thereof | |
CN117056983B (en) | Multistage controllable data sharing authorization method, device and blockchain system | |
Ramachandran et al. | Secure and efficient data forwarding in untrusted cloud environment | |
CN115982746B (en) | Block chain-based data sharing method | |
Xu et al. | Decentralized and expressive data publish-subscribe scheme in cloud based on attribute-based keyword search | |
CN114124499B (en) | Charity system privacy protection method and system based on blockchain | |
Gunupudi et al. | Generalized non-interactive oblivious transfer using count-limited objects with applications to secure mobile agents | |
CN114866289B (en) | Privacy credit data security protection method based on alliance chain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |