[go: up one dir, main page]

CN120217449A - A method and system for securely storing cross-domain data flow information on a chain based on Bloom filters - Google Patents

A method and system for securely storing cross-domain data flow information on a chain based on Bloom filters Download PDF

Info

Publication number
CN120217449A
CN120217449A CN202510270552.2A CN202510270552A CN120217449A CN 120217449 A CN120217449 A CN 120217449A CN 202510270552 A CN202510270552 A CN 202510270552A CN 120217449 A CN120217449 A CN 120217449A
Authority
CN
China
Prior art keywords
domain
data
supervisor
bloom filter
cross
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202510270552.2A
Other languages
Chinese (zh)
Inventor
代炜琦
周阳
孙一鸣
李家健
付才
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huazhong University of Science and Technology
Original Assignee
Huazhong University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huazhong University of Science and Technology filed Critical Huazhong University of Science and Technology
Priority to CN202510270552.2A priority Critical patent/CN120217449A/en
Publication of CN120217449A publication Critical patent/CN120217449A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Computing Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention belongs to the technical field of data cross-domain transfer, in particular to a method and a system for safely storing a certificate on a data cross-domain transfer information chain based on a bloom filter, wherein each domain manager interacts with a supervisor to obtain a private key only mastered by the domain manager; each domain manager stores the generated current cross-domain circulation information into a bloom filter controlled by a manager by accessing the domain manager by adopting an element insertion algorithm preset by a manager parameter, if the insertion fails, the number of elements contained in the filter reaches the upper limit or the filter currently reaches the periodic uplink time requirement, the current bloom filter carries out anonymous signature on a private key mastered by the domain manager and records the private key in a blockchain, and the manager can inquire whether certain cross-domain circulation information of the appointed data exists in a certain bloom filter or not to obtain a circulation path of the appointed data so as to realize safe storage. The invention can obtain a reliable data flow path when risks occur.

Description

Data cross-domain transfer information chain security storage method and system based on bloom filter
Technical Field
The invention belongs to the technical field of data cross-domain transfer, and particularly relates to a method and a system for safely storing certificates on a data cross-domain transfer information chain based on a bloom filter.
Background
Today, data is an important production element, and leads the digital economy of China to develop vigorously. The construction of the compliance and efficient data cross-domain circulation and the reinforcement of the data security guarantee are the precondition of the value of the data elements. The data cross-domain scene is not only limited to data outbound, such as communication and communication between automobiles through a plurality of road side units in the intelligent Internet of vehicles, cross-hospital sharing of electronic medical records in medical data, repeated examination of patients is avoided, timely treatment is promoted, and cross-domain sharing of data of a large number of sensors in the industrial Internet is needed, so that a management department can fuse multi-source information to make comprehensive decisions. When data cross-domain circulation is processed, the trusted record of the information is ensured to become a basic stone for ensuring the compliance verification of the circulation. Given that this process often involves numerous entities and departments, the staggering of the flow paths further exacerbates the difficulty of management, thereby promoting a series of novel and urgent security and privacy protection challenges that are significantly different from traditional centralized data transmission modes.
Chinese patent CN114844695B discloses a method, a system and related devices for traffic data transfer based on blockchain, which ensures the security of data in the process of traffic data transfer by introducing a third party agent and using encryption technology, and does not pay attention to specific information of the data transfer path. Chinese patent CN118114310A discloses a data circulation method and system, which comprises the following steps of S1, uploading data, S2, encrypting the data, S3, dispatching the data, S4, writing the received encrypted data block into a block chain, and S5, using the data. The invention ensures the integrity, traceability and non-repudiation of the data in the circulation process. Compared with the traditional data circulation mode, the method solves the problems that data is easy to tamper and the data source is difficult to trace. However, the invention fully uses the blockchain to store all data information, which is very stressed on the blockchain network, and in addition, although the source tracing of the data source is supported, the related information of the data transmission process is not concerned.
Therefore, the data contains abundant sensitive information, and in order to ensure the safe circulation, the circulation and verification mechanism in the cross-domain process is important and needs to be solved.
Disclosure of Invention
Aiming at the defects or improvement demands of the prior art, the invention provides a bloom filter-based data cross-domain transfer information chain safety certification method and system, and aims to provide a data cross-domain transfer certification method which can obtain a reliable data transfer path when risks occur.
In order to achieve the above object, according to one aspect of the present invention, there is provided a bloom filter-based secure storage method on a data cross-domain circulation information chain, in which a supervisor required for a data cross-domain circulation process and a domain administrator of each cross-domain node are configured so that the supervisor and the domain administrator can implement secure storage on the data cross-domain circulation information chain by:
Each domain manager interacts with the supervisor based on a preset anonymous signature private key generation protocol to obtain a private key held only by the domain manager;
Each domain manager generates current cross-domain circulation information of each piece of data when transferring the data, the generated current cross-domain circulation information is stored into a bloom filter controlled by a supervisor by adopting an element insertion algorithm preset by supervisor parameters, and if insertion fails, the number of elements contained in the bloom filter reaches an upper limit or the bloom filter currently reaches a periodic uplink time requirement, the current bloom filter carries out anonymous signature on the current bloom filter by adopting the private key mastered by the domain manager and records the current bloom filter in a blockchain;
and the supervisor queries whether certain cross-domain circulation information of the specified data exists in a certain bloom filter or not by adopting an element query algorithm preset by supervisor parameters according to the request of the data user or the self requirement so as to obtain a circulation path of the specified data, and realizes the secure storage of the data cross-domain circulation information chain based on the bloom filter.
Further, the data user is also configured so that the data user, the supervisor and/or the domain administrator respectively adopt public keys corresponding to each signature based on verification requirements, and the signature is verified through an anonymous signature verification algorithm preset by supervisor parameters so as to verify whether the private key of the domain administrator generating the signature is legal.
Furthermore, as a data user of the block chain full node, the method can also apply to a supervisor for the access authority of the existence of the self data crossing flow information in the bloom filter according to the self requirement, and inquire whether certain crossing flow information of the self data exists in a bloom filter or not through an element inquiry algorithm preset by supervisor parameters so as to obtain a flow path of the self data, thereby realizing the safety certificate on a data crossing flow information chain based on the bloom filter.
Further, when a circulation path is obtained by a supervisor, each data user serving as a blockchain light node can also verify the correctness of the circulation path.
Further, the element insertion algorithm is as follows:
obtaining a current filter or a newly-built filter (kappa, eta, lambda) -CBF, wherein kappa represents the total number of hash functions required by the bloom filter CBF, eta represents the optimal number of elements inserted into the bloom filter CBF, and lambda represents the binary bit length of non-0 value in the bloom filter CBF;
setting element insertion tag as-1, adopting bilinear mapping function preset by supervisor parameter Calculating the product of a known data unique identifier (lambada m) and a known 1 st private key d i,1 of an i-th domain administrator and a1 st main public key MPK 1 of a supervisor to obtain an intermediate variable u, splicing the first l 1 bits of u with an i-th domain administrator binary number N i to obtain an element result to be inserted, wherein the bit length of the number N i is l 2, and the requirement that l 2+l1 =lambda is met;
looping through kappa hash functions preset by supervisor parameters Representing the position index maximum from 0 to (kappa, eta, lambda) -CBFInteger space between them, calculating to obtain kappa mapping positions of u in (kappa, eta, lambda) -CBFStoring the subscript of the first empty mapping position into an insertion tag, writing a selected random number r v in a specified range [0,2 λ -1] in other empty mapping positions, calculating exclusive OR results of values r v and result of all mapping positions except the mapping position corresponding to the subscript stored in the tag, and writing the exclusive OR results into the first empty mapping position;
If the element insertion mark tag is not equal to-1, the element insertion is successful, the updated (kappa, eta, lambda) -CBF is returned, otherwise, the element insertion is failed.
Further, the element verification algorithm is as follows:
using bilinear mapping functions preset by supervisor parameters Calculating the unique identification of the known data lambada m and the product of the 1 st private key s 1 of the known supervisor and the public key DPK * of a certain domain manager to obtain an element u' to be queried;
looping through kappa hash functions preset by supervisor parameters Representing the position index maximum from 0 to CBFInteger space between the two, calculating to obtain kappa mapping positions of the element u' to be queried in (kappa, eta, lambda) -CBFObtaining kappa values in the mapping positions, and performing exclusive OR calculation to obtain a calculation result';
And splicing the first l 1 bits of the element u 'to be queried and the ith domain administrator binary number N i to obtain a spliced result, if the administrator number N i is legal and the spliced result is equal to the calculation result', successfully querying, and returning to the domain administrator number N i, otherwise, failing to query.
According to the invention, the system for safely storing the data cross-domain circulation information chain based on the bloom filter comprises a supervisor, a domain manager and data users, wherein each party realizes a safe storing flow on the data cross-domain circulation information chain based on the data cross-domain circulation information chain safety storing method based on the bloom filter.
According to another aspect of the invention there is provided an electronic device comprising a memory storing a computer program and a processor implementing the steps of the method as described above when the processor executes the computer program.
According to another aspect of the present invention there is provided a computer readable storage medium comprising a stored computer program, wherein the computer program, when run by a processor, controls a device on which the storage medium is located to carry out the steps of the method as described above.
In general, compared with the prior art, the technical scheme provided by the invention has the following main beneficial effects:
1. The invention provides a data cross-domain anonymous evidence-preserving method based on a bloom filter (CBF, constrained bloom filter) with access being controlled by a supervisor, so that a domain manager can effectively record the information of the entering and exiting domains of data by using the method. If there is no authority, the correct result cannot be queried in the filter. The invention also provides a traceable anonymous signature, the domain manager and the supervisor together generate an anonymous private key, and the identity of the signer of the anonymous signature can be tracked by the supervisor. The domain administrator uses the filter as blockchain transaction content and signs the upper chain with the anonymized signature against the capped bloom filter. The supervisor can inquire the recorded information on the chain at any time, and the inquiry results can be effectively and publicly verified. The method is beneficial to effectively tracing the source and analyzing the harm of the data transmission path when the risk occurs and provides credible data main body violation proof.
2. The invention also provides a bloom filter based on the limit set controlled by the access manager, the manager can authorize the data user to inquire the authority of the data transmission record on the chain, and the data in possession can be ensured to normally circulate.
Drawings
FIG. 1 is a block diagram of a secure document on a data cross-domain transfer information chain based on bloom filters according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a secure document storage flow on a data cross-domain circulation information chain based on a bloom filter according to an embodiment of the present invention.
The same reference numbers are used throughout the drawings to reference like elements or structures, wherein:
1 is a supervisor, 2 is a blockchain network, 3 and 4 are domain administrators, and 5 and 6 are data users.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention. In addition, the technical features of the embodiments of the present invention described below may be combined with each other as long as they do not collide with each other.
Example 1
A data cross-domain circulation information chain safety certificate storage method based on bloom filter configures a supervisor required by a data cross-domain circulation process and a domain manager of each cross-domain node, so that the supervisor and the domain manager can realize the data cross-domain circulation information chain safety certificate storage through the following modes:
As shown in FIG. 1, each domain manager interacts with a supervisor based on a preset anonymous signature private key generation protocol to obtain a private key mastered by the domain manager, each domain manager generates current cross-domain circulation information of each piece of data when transferring the data, the generated current cross-domain circulation information is stored into a bloom filter controlled by the supervisor by adopting an element insertion algorithm preset by supervisor parameters, if the insertion fails, the number of elements contained in the bloom filter reaches the upper limit or the bloom filter currently reaches a periodical uplink time requirement (can be formulated by the supervisor), the current bloom filter (namely, hash value of the current bloom filter) is signed by adopting the private key mastered by the domain manager and recorded in a block chain, and the supervisor inquires whether certain cross-domain circulation information of specified data exists in a bloom filter by adopting an element inquiry algorithm preset by supervisor parameters according to a data user request or self requirement so as to obtain a circulation path of the specified data, thereby realizing the secure existence of the data flow information on the cross-domain based on the bloom filter.
The method of the present embodiment involves a supervisor (RR, regulators) required for the data cross-domain flow process and a domain administrator (DA, domain administrator) for each cross-domain node. At least 1 of the supervisors follow the requirements of laws or self management scope, and the trusted authorities for managing the sensitive data flow can be the compliance management of a large-scale group or government supervision authorities. The method comprises the steps of inquiring and verifying stored data cross-domain when data transmission risks occur, finding out a data transmission route to support judgment of illegal and illegal transmission behaviors of sensitive data, distributing numbers for domain administrators by a supervisor and interactively generating anonymous signature keys, wherein the number of the domain administrators can be multiple semi-honest administrators which are managed and controlled by the data in-out domain process, and the semi-honest administrators can be gateways, trunk routers and the like, are responsible for managing control of inflow and outflow of domain data and uploading relevant circulation records to a blockchain for auditing and checking by the supervisor, and the blockchain network can be 1 and is used for storing data cross-domain circulation information uploaded by the domain administrators for auditing and checking by the supervisor or for verification or inquiry of partial data users.
In the method, a verifiable anonymous signature private key generation protocol is used, each domain administrator interacts with a supervisor (verifiable but not known) to obtain a private key (also a public key), and the private key is only held in the hands of the domain administrator. In the method, an anonymous signature algorithm is also used, each domain manager signs the transferred bloom filter containing the data cross-domain transfer information through the anonymous signature algorithm by using the private key mastered by the domain manager, and each signature corresponds to a public key. In the method, a supervisor can directly inquire on a blockchain or reduce the inquiry scope according to known information, establish a propagation path of data from a sending domain to a receiving domain, and verify the identity of a signer.
The data user may be further configured as a preferred embodiment, so that the data user, the administrator and/or the domain administrator respectively adopt a public key corresponding to each signature based on the verification requirement, and verify the signature through an anonymous signature verification algorithm preset by the administrator parameters to verify whether the private key of the domain administrator generating the signature is legal.
Therefore, an anonymous signature verification algorithm is also used in the method, any party (a supervisor, a domain administrator and a data user) in the system can verify the signature of the domain administrator through the anonymous signature verification algorithm by using the public key corresponding to each signature, and whether the main private key of the domain administrator is legal or not can be verified, namely whether a signer is registered at the supervisor or not can be verified, but the specific identity of the signer cannot be known.
The method can be further used as a preferred implementation mode, the data user of the block chain full node can also apply the supervisor for the access right of the existence of the own data crossing transfer information in the bloom filter according to the own needs, and the supervisor can inquire whether certain crossing transfer information of the own data exists in a certain bloom filter through an element inquiry algorithm preset by the supervisor parameters so as to obtain a transfer path of the own data, thereby realizing the security storage on a data crossing transfer information chain based on the bloom filter.
There are a plurality of Data Users (DU), and the data users may transmit data across domains or receive data across domains according to requirements, which may be a content server, a data cloud, or the like. When the data user is used as a blockchain light node, the on-chain query result of the supervisor can be verified. When the data user actively declares the transmitted data and is used as the full node, the capability of actively inquiring and declaring the data transmission condition on the chain can be obtained, that is, if the data user wants to actively search the record of own data flow information on the blockchain, the data user needs to declare the relevant information of own transmitted data to the supervisor before the data transmission, and the complete blockchain is maintained.
As a preferred embodiment, when a circulation path is obtained by a supervisor, each data user serving as a blockchain light node can also verify the correctness of the circulation path.
The supervisor queries the information on the chain for a propagation path for data m, which can be verified by any party maintaining the light nodes (supervisor, domain administrator, data user) as to whether the propagation path exists on the blockchain.
As a preferred embodiment, the element insertion algorithm of the bloom filter is:
obtaining a current filter or a newly-built filter (kappa, eta, lambda) -CBF, wherein kappa represents the total number of hash functions required by the bloom filter CBF, eta represents the optimal number of elements inserted into the bloom filter CBF, and lambda represents the binary bit length of non-0 value in the bloom filter CBF;
setting element insertion tag as-1, adopting bilinear mapping function preset by supervisor parameter Calculating the product of a known data unique identifier (lambada m) and a known 1 st private key d i,1 of an i-th domain administrator and a1 st main public key MPK 1 of a supervisor to obtain an intermediate variable u, splicing the first l 1 bits of u with an i-th domain administrator binary number N i to obtain an element result to be inserted, wherein the bit length of the number N i is l 2, and the requirement that l 2+l1 =lambda is met;
looping through kappa hash functions preset by supervisor parameters Representing the position index maximum from 0 to (kappa, eta, lambda) -CBFInteger space between them, calculating to obtain kappa mapping positions of u in (kappa, eta, lambda) -CBFStoring the subscript of the first empty mapping position into an insertion tag, writing a selected random number r v in a specified range [0,2 λ -1] in other empty mapping positions, calculating exclusive OR results of values r v and result of all mapping positions except the mapping position corresponding to the subscript stored in the tag, and writing the exclusive OR results into the first empty mapping position;
If the element insertion mark tag is not equal to-1, the element insertion is successful, the updated (kappa, eta, lambda) -CBF is returned, otherwise, the element insertion is failed.
The algorithm involves inserting (kappa, eta, lambda) -CBF with element number not exceeding eta, using parameters such as unique identification of data lambda m, private key of domain manager, master public key MPK 1 of manager, number N i of domain manager, hash function preset by manager parameters Is the position index maximum in the CBF. Updated (κ, η, λ) -CBF is obtained after insertion.
The embodiment method relates to a bloom filter element insertion algorithm based on cryptography design, in particular to an element insertion method in a bloom filter (() -CBF) controlled by an access supervisor. The core of the algorithm is to ensure the access control of the bloom filter through a cryptography means, and simultaneously, the privacy protection of the inserted elements is realized by utilizing the characteristics of a confusion bloom filter (GBF).
The core steps of the algorithm are as follows:
Intermediate variable calculation, namely calculating an intermediate variable u through a bilinear mapping function e, wherein the variable carries information of a data unique identifier, a domain manager private key and a supervisor main public key. The nature of the bilinear mapping function ensures that the information contained in u can be verified, but cannot be inversely deduced to a specific unique data identity or private key. This design ensures that only the supervisor and authorized data users can calculate the correct u, thereby achieving tight control over bloom filter access.
And generating and compressing the element, namely splicing the front designated bit of u with the domain manager number to generate an element result to be inserted. This step not only inherits the information of u, but also reduces the space consumption of the bloom filter by compressing the length of u, optimizing the storage efficiency.
And calculating and inserting mapping positions, namely calculating k mapping positions of result in a bloom filter by using a preset hash function, and ensuring that the exclusive or result of the values of the positions is equal to result by random number generation and exclusive or operation. The exclusive OR operation ensures that all query results are 'absent' under the condition that the correct u is not known, thereby avoiding information leakage.
In general, the algorithm implements access control and privacy protection. The core innovation of the algorithm is that the cryptographic algorithm is combined with the bloom filter, so that the strict supervision on the bloom filter access is realized. The supervisor can calculate all u in the system by holding the master private key and authorize other participants to query. In addition, the GBF design further enhances privacy protection, and the hash information of elements is prevented from being directly exposed by the bit array through the confusion technology.
Further as a preferred embodiment, the element verification algorithm is as follows:
using bilinear mapping functions preset by supervisor parameters Calculating the unique identification of the known data lambada m and the product of the 1 st private key s 1 of the known supervisor and the public key DPK * of a certain domain manager to obtain an element u' to be queried;
looping through kappa hash functions preset by supervisor parameters Representing the position index maximum from 0 to CBFInteger space between the two, calculating to obtain kappa mapping positions of the element u' to be queried in (kappa, eta, lambda) -CBFObtaining kappa values in the mapping positions, and performing exclusive OR calculation to obtain a calculation result';
And splicing the first lambda-l DA bits of the element u 'to be queried and the ith domain manager number N i to obtain a spliced result, if the manager number N i is legal and the spliced result is equal to the calculation result', successfully querying, and returning to the domain manager number N i, otherwise, failing to query.
The algorithm inputs include (κ, η, λ) -CBF, the domain administrator's public key DPK *, the unique identification of the data Λ m, the supervisor's private key s 1, the algorithm outputs include which CBF is present, and the domain administrator number.
The present embodiment also relates to a bloom filter query algorithm based on cryptographic design for verifying the presence of data in an access supervisor controlled bloom filter (κ, η, λ) -CBF and returning the relevant domain administrator number. The algorithm complements the insertion algorithm, and the tracking and verification of the data transmission path are realized together.
The core steps of the algorithm are as follows:
generating an element to be queried, namely calculating a data unique identifier, a supervisor private key and a domain administrator public key through a bilinear mapping function e to generate an element u' to be queried. The element has the same mathematical property as u in the insertion algorithm, namely contains the information of the unique data identifier, the supervisor private key and the domain administrator public key, but cannot be reversely deduced to the specific content. This design ensures the security of the query process.
And calculating and exclusive-or calculating the mapping positions of u 'in the bloom filter by using a preset hash function, and obtaining the values of the positions to perform exclusive-or operation to obtain a calculation result'. This process is the inverse of the operation in the insertion algorithm, verifying by exclusive-or operation whether the value of the mapped location is consistent with the expected value.
And (3) verifying a splicing result, namely splicing the front designated bit of u' with the domain manager number Ni to generate a splicing result. If the splicing result is equal to result' and the domain manager number is legal, the query is successful, the domain manager number N i is returned, otherwise, the query is failed. This design enables the query results to not only verify the existence of the data, but also track the propagation path of the data.
Cross-domain propagation tracking-data can be determined to be propagated across the two domains by returning the domain administrator numbers N 1 and N 2 for the outgoing domain and the receiving domain, respectively, from two queries. The characteristic makes the algorithm have important application value in the aspects of data tracking and path verification.
In a specific implementation, in order to realize the secure storage of the bloom filter-based data cross-domain flow information chain, in general, the method comprises the steps of S1, system initialization, S2, domain manager signature verification, S3, data cross-domain flow storage certificate (signature propagation information), S4, on-chain flow storage certificate inquiry, and S5, on-chain flow storage certificate verification.
First, technical terms are explained as follows.
The blockchain and SPV are an important data storage mode, and have the characteristics of decentralization, non-tampering, transparency and the like. Each block consists of a block head and a block body. The block header contains the hash value of the previous block and the root hash value of the merck tree of all transactions in that block. The zone block records all transaction information, and occupies a larger storage space. The node that holds only the block header is called a light node. The light node can verify through SPV (SIMPLIFIED PAYMENT verification) whether a certain transaction exists and is correct. When it is desired to verify whether a transaction exists in the blockchain, the prover need not provide a complete block of blocks, but only a related hash value and auxiliary information.
Asymmetric bilinear group with mapping relationThree different cyclic groups of (a)The asymmetric bilinear group is called a map if the following properties are satisfiedIs a bilinear map. Group settingThe order of (a) is a large prime number q,The generator of the group is respectively.
Bilinear, arbitrary a, b.epsilon.Z q andAll have
Non-degeneracy of existence ofSo that
Calculability of arbitraryCan be efficiently calculated.
Bloom Filters (BF) are filters used to implement efficient verification of whether elements are in a collectionIs a data structure of one of the above, has wide application. Classical bloom filters can be seen as a one-dimensional array a, with each index position corresponding to a value of 0 or 1. Initially, all values in the array are set to 0. For elements within a collectionThrough a set of preset hash functionsThe value mapped into the filter, i.e. the corresponding index position is set to 1,For an element, if the query BF finds that all of its mapped locations are 1, then the element is considered to belong to the collection, otherwise it is determined not to be within the collection.
Paillier homomorphic encryption algorithm (as a tool for the various algorithms involved) Paillier encryption algorithm is a classical addition homomorphic public key encryption scheme. The public key is used for encryption, and the obtained ciphertext can be decrypted only by the corresponding private key. And (3) representing ciphertext obtained by encrypting the plaintext m by the Paillier encryption algorithm by using < m >. Assuming that both < m 1 > and < m 2 > are ciphertexts encrypted with the same public key and c is a constant, the homomorphism of the ciphertexts is as follows.
Addition homomorphism of < m 1+m2>=<m1>·<m2 >
Scalar multiplication: < m 1c=<c·m1 >.
S1, system initialization
The RR generates the basic public parameters used by the whole certification method. The system initialization involves the following S101-S105:
S101. RR selection with bilinear mapping Is a group of (3)The order of the groups is a large prime number q. A set of secure cryptographic hash functionsSetting relevant parameters lambda, eta and safe hash function of CBF of filterΛ represents the binary bit length of the non-0 value in the filter, η represents the optimal number of inserted filter elements, i.e. the maximum number of inserts with a false positive rate within a tolerable range, and κ represents the number of hash functions.
S102 RR random selectionAs the master private key MSK, the corresponding master public key is calculated respectivelyAndThe public information is:
S103, n DA are arranged, RR distributes a string of binary numbers for each DA A set of assigned binary numbers. The operation of each DA is consistent during the initialization phase. Taking DA i as an example without loss of generality, the initialization process is as follows:
S104 DA i random Generation As the private key, the corresponding public key isParameters and public keys of the Paillier encryption algorithm are initialized. The result of signing with the key (D i,1,di,1 Q) is expressed as that the correspondence between σ i.DAi and the public key DPK i, the number N i, and the management domain D i is public information.
Protocol 1 verifiable anonymous signature private key generation protocol
Inputs are the Paillier encryption algorithm public key of DA i, the main private key MSK of RR, and public parameters P, Q, Q.
The RR records (a iτibiP,aiP,DAi),DAi obtains the anonymous master private key d i,2=s1s2+s2biτi (modq).
1) DA i random selectionAnd encrypted using the Paillier encryption algorithm to obtain ciphertext < b i >, only DA i may decrypt. DA i random selectionA ibi P and a i P were calculated. Ciphertext < b i > and calculation result a ibiP,ai P are sent to the RR.
2) RR randomly selects a numberAssigned to DA i. The identity of the public key and ciphertext was calculated using the Paillier encryption algorithm of DA i:
ciphertext result < s 2biτi+s1s2 > is sent to DA i.
3) DA i decrypts < s 2biτi+s1s2 > to obtain plaintext d i,2=s1s2+s2biτi (mod Q), calculates a idi,2 Q and sends it to RR.
4) RR verification equation
If so, the calculation a=h 2(s2·aibiP)·τi Q is sent to the DA i, otherwise the protocol is aborted. RR record (a iτibiP,aiP,DAi).
5) DAi calculates b=h 2(aibi·MPK2)-1·bi ·a, and verifies whether the following equation holds
Τ ibi q=b if true, ending the protocol, otherwise re-executing the protocol.
S105, after DA i authenticates the identity of the user to RR, the DA i interacts with the RR through a protocol 1 to obtain an anonymous private keyThe generation mode of the protocol 1 does not have a key escrow problem, and the RR cannot obtain the generation d i,2 after the protocol is finished. Using anonymous private key d i,2 and algorithm 1, DA i can continually generate anonymous signaturesThe public key corresponding to each signature is used only once.
S2, signing and verifying by domain administrator
Domain administrator signature verification is optional, and any party can verify the domain administrator signature in any step after initialization is performed.
Algorithm 1 anonymous signature algorithm
Inputting a DA i anonymous main private key d i,2, and signing a message m to be signed;
output anonymous signature
1) Generating fresh random numbers
2) Calculation dSK i,j=rjdi,2,dPKi,j=rjdi,2 Q
3) Selecting a secure signature algorithm (unified in the whole system), and signing by dSK i,j to obtain signature sigma i,j
4) Calculation of r js2P,rjQ,rjτibi Q
5) Outputting anonymous signatures
Using anonymous master private key d i,2 and algorithm 1, DA i can continually generate anonymous signaturesThe public key corresponding to each signature is used only once. Anyone can verify the anonymous signature generated by the domain administrator through algorithm 2, confirming that the signer is registered at the RR, but does not know the specific identity of the signer.
Algorithm 2 anonymous signature verification algorithm
Inputs of public parameters (Q, MPK 1,MPK2) and anonymous signature ζ
The output is { True, false }
1) Resolution
2) Verify signature σ using dPK *, return False if failed
3) The following two equations are verified:
If they are all equal, return True, otherwise return False.
If the equation is true, then it is believed that verification public key dPK * contains master public key MPK 1,MPK2 information, i.e., generated by a domain administrator.
S3, data cross-domain streaming and storage certificate
When data users transport data information across domains, the data transmission information is captured by a relevant domain administrator and forms a certificate uplink, at least the following steps S301-S303 are involved:
s301 data user DU se sends data m to data user DU re of another domain. The data m and the accompanying transmission information info are captured by the domain administrator where the two users are located.
S302 DA se obtains the identificationAnd signature σ sem||info||Nre) is sent to DA re. At the same time, DA se will identifyA set limit cloth Long Qi is inserted using algorithm 3 and the relevant information is signed and then wound up.
Algorithm 3 (kappa, eta, lambda) -CBF filter element insertion
The (kappa, eta, lambda) -CBF with the number of inserted elements not exceeding eta, the unique identification of the data lambda m, the domain manager private key d i,1, the master public key MPK 1 of RR, the sending domain or receiving domain manager number N i.
Is the position index maximum in the CBF.
Output (kappa, eta, lambda) -CBF
1)tag=-1
2)
3)Definition of/Minimum lambda-l DA bits in u binary form
4)For i=1,...,κdo
5)If CBFthen
6)If tag==-1then
7)
8)Else
9)
10)
11)Else
12)
13)End for
14)CBF[tag]=1||result
15)Output(κ,η,λ)-CBF
All positions collide when an element is inserted, i.e. tag = -1 after the end of the loop means that the insertion failed. The element is inserted in the new filter. The DA i signs and links up the (kappa, eta, lambda) -CBF using the anonymous private key and an anonymous signature algorithm within a specified time or when the number of insertions reaches eta. A new filter (k, η, λ) -CBF' is generated for continuing to record data information.
S303, for the domain administrator DA re of the receiving domain, the transmission data is captured and the signature σ se is received as well. After verification of signature σ se, calculation of signature σ rem||info||Nse) is sent to DA se to acknowledge receipt thereof. The administrator DA re uses the CBF filter to record information and upload it to the blockchain. Domain administrator signature σ *m||info||N*) and transmission related information info are left in preparation for supporting trace data flow conditions.
S4, on-chain uploading certificate query
And inquiring and verifying stored data cross-domain transportation information when the data propagation risk occurs, and finding out a data propagation route to support judgment of illegal and illegal propagation behaviors of the sensitive data. The RR may query directly on the blockchain or narrow the query based on known information. And judging the credibility of the circulation information stored by the DA through the query result recorded by the CBF filter on the chain. The step S4 at least includes steps S401 to S403.
S401, calculating the data m according to the public key DPK se of the domain administratorU' is queried as input to the CBF on the chain. The query of CBF is found in algorithm 4.
Algorithm 4 (kappa, eta, lambda) -CBF filter element query
Input (κ, η, λ) -CBF, domain administrator's public key DPK *, unique identification of data Λ m, private key s 1 of RR.
Output of the send or receive domain administrator number N i
1)
2)result=0
3)For i=1,...,κdo
4)If CBFthen
5)Break
6)Else
7)
8)End for
9)Ifandthen
10)Output Ni
11)Else
12)Break
And S402, after the result N re is queried, verifying that the signer of the transaction where the CBF is located is DA se, and continuing to query if the result is failed. When verification is successful, calculateThe query continues.
S403, after inquiring the result N se, verifying that the signer of the transaction where the CBF is located is DA re, if the verification is successful, believing the correctness of the DA storage information, and if the verification is failed, continuing.
The RR establishes a propagation path for data m from the transmitting domain to the receiving domain. Under normal conditions, the supervisor only verifies the identity of the signer, and does not traverse the whole (a iτibiP,aiP,DAi), i epsilon [1, n ] to carry out identity tracking.
S5, verification of chain up-flow transfer certificate
One propagation path for information on the RR query chain to get data m can be verified by any party maintaining the light node, e.g., m sender DUs se. Depending on whether the DU se is added to the system as a light node or a full node, the DU se has different rights and steps when performing the on-chain up-flow transfer certificate verification. When DU se is used as a light node to join the system, at least the following S501-S504 are involved:
s501. RR random Generation Gamma lambda m is calculated. The γΛ m is sent to the two administrators DA re and DA se on the propagation path, asking them to calculate d se,1γΛm,dre,1γΛm and return.
S502, RR calculates gamma -1·dse,1γΛm and gamma -1·dre,1γΛm, and sends the hash value of d se,1Λm,dre,1Λm and other transactions required by SPV corresponding to the blockchain transaction where the CBF filter hit in the query process is located to DU se.
The DU se first rebuilds the merck tree based on the transmitted transaction and the auxiliary hash value, and verifies whether the root hash is consistent with the locally stored lightweight node. The agreement is that the transaction sent is indeed recorded on the chain.
S504 DU se next calculates
Queries are performed in the corresponding CBF filters. From a pair of query results (N se,Nre), the public keys (DPK se,DPKre) corresponding to the two domain administrators are found. The following two formulas
Equal, DU se can determine the correctness of this propagation path.
When DU se is used as the full node to join the system, the record of the own data stream information on the blockchain can be actively searched, and step S5 at least comprises steps S505-S508.
S505, the DU se first declares the relevant information of the own transmission data to the supervisor RR before the data transmission, and maintains the complete blockchain.
S506 after the RR audit is passed, S 1Λm is sent to the data user DU se.
S507 DU se can verify the formulaAndWhether equal ensures that the received result is correct. If the abnormal circulation condition of the own data m is known, the user DU se can autonomously calculate the element according to the public informationAnd queries are performed on the chain.
It should be noted that, anonymous signature verification, circulation path verification, etc. are optional operations in the certificate, as shown in fig. 2, a certificate storage scheme is shown, 1 is a supervisor, 2 is a blockchain network, 3 and 4 are domain administrators, 5 and 6 are data users, in the figure, a dotted line frame represents a domain range managed by the domain administrators, the data users 5 and 6 are in regions managed by two different domain administrators, S1 in the figure is the system initialization, S2 is the domain administrator signature verification, S3 is the data cross-domain circulation certificate (signed propagation information), S4 is the chain circulation certificate inquiry, and S5 is the chain circulation certificate verification.
Example two
The data cross-domain transfer information chain security certification system based on the bloom filter comprises a supervisor, a domain administrator and data users, wherein each party realizes a data cross-domain transfer information chain security certification flow based on the data cross-domain transfer information chain security certification method based on the bloom filter.
The related technical solution is the same as the first embodiment, and will not be described herein.
Example III
The application also relates to an electronic device comprising a memory storing a computer program and a processor implementing the steps of the above method when the processor executes the computer program.
The electronic device can be a computing device such as a desktop computer, a notebook computer, a palm computer, a cloud server and the like. The Processor may be a central processing unit (Central Processing Unit, CPU), other general purpose Processor, digital signal Processor (DIGITAL SIGNAL Processor, DSP), application SPECIFIC INTEGRATED Circuit (ASIC), off-the-shelf Programmable gate array (Field-Programmable GATE ARRAY, FPGA) or other Programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. The memory may be used to store computer programs and/or modules, and the processor may be used to perform various functions of the electronic device by executing or executing the computer programs and/or modules stored in the memory, and invoking data stored in the memory.
The related technical schemes are the same and will not be described in detail herein.
Example IV
The application also relates to a computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, implements the steps of the above method.
In particular, the memory may include high-speed random access memory, and may also include non-volatile memory, such as a hard disk, memory, plug-in hard disk, smart memory card (SMART MEDIA CARD, SMC), secure Digital (SD) card, flash memory card (FLASH CARD), at least one disk storage device, flash memory device, or other volatile solid-state storage device.
The related technical schemes are the same and will not be described in detail herein.
It will be readily appreciated by those skilled in the art that the foregoing description is merely a preferred embodiment of the invention and is not intended to limit the invention, but any modifications, equivalents, improvements or alternatives falling within the spirit and principles of the invention are intended to be included within the scope of the invention.

Claims (9)

1. The data cross-domain circulation information chain safety certificate-storing method based on bloom filter is characterized in that a supervisor required by the data cross-domain circulation process and a domain manager of each cross-domain node are configured, so that the supervisor and the domain manager can realize the data cross-domain circulation information chain safety certificate-storing through the following modes:
Each domain manager interacts with the supervisor based on a preset anonymous signature private key generation protocol to obtain a private key held only by the domain manager;
Each domain manager generates current cross-domain circulation information of each piece of data when transferring the data, the generated current cross-domain circulation information is stored into a bloom filter controlled by a supervisor by adopting an element insertion algorithm preset by supervisor parameters, and if insertion fails, the number of elements contained in the bloom filter reaches an upper limit or the bloom filter currently reaches a periodic uplink time requirement, the current bloom filter carries out anonymous signature on the current bloom filter by adopting the private key mastered by the domain manager and records the current bloom filter in a blockchain;
and the supervisor queries whether certain cross-domain circulation information of the specified data exists in a certain bloom filter or not by adopting an element query algorithm preset by supervisor parameters according to the request of the data user or the self requirement so as to obtain a circulation path of the specified data, and realizes the secure storage of the data cross-domain circulation information chain based on the bloom filter.
2. The method of claim 1, wherein the data user is further configured such that the data user, the administrator and/or the domain administrator respectively verify the signature by using a public key corresponding to each signature based on the verification requirement through an anonymous signature verification algorithm preset by the administrator parameters, so as to verify whether the private key of the domain administrator generating the signature is legal.
3. The method for safely storing the data on the cross-domain circulation information chain according to claim 2, wherein the data user serving as the block chain full node can also apply the supervisor for the access authority of whether the self data cross-domain circulation information exists in the bloom filter according to the self requirement, and inquire whether certain cross-domain circulation information of the self data exists in a certain bloom filter through an element inquiry algorithm preset by supervisor parameters so as to obtain a circulation path of the self data, thereby realizing the safety storing of the data on the cross-domain circulation information chain based on the bloom filter.
4. The method for secure storage on a data cross-domain flow information chain of claim 2, wherein when a flow path is obtained by a supervisor, each data user acting as a blockchain light node is further capable of verifying the correctness of the flow path.
5. The method for securely storing data across a domain flow information chain according to any one of claims 1 to 4, wherein the element insertion algorithm is:
obtaining a current filter or a newly-built filter (kappa, eta, lambda) -CBF, wherein kappa represents the total number of hash functions required by the bloom filter CBF, eta represents the optimal number of elements inserted into the bloom filter CBF, and lambda represents the binary bit length of non-0 value in the bloom filter CBF;
setting element insertion tag as-1, adopting bilinear mapping function preset by supervisor parameter Calculating the product of a known data unique identifier (lambada m) and a known 1 st private key d i,1 of an i-th domain administrator and a1 st main public key MPK 1 of a supervisor to obtain an intermediate variable u, splicing the first l 1 bits of u with an i-th domain administrator binary number N i to obtain an element result to be inserted, wherein the bit length of the number N i is l 2, and the requirement that l 2+l1 =lambda is met;
looping through kappa hash functions preset by supervisor parameters
Representing the position index maximum from 0 to (kappa, eta, lambda) -CBFInteger space between them, calculating to obtain kappa mapping positions of u in (kappa, eta, lambda) -CBFStoring the subscript of the first empty mapping position into an insertion tag, writing a selected random number r v in a specified range [0,2 λ -1] in other empty mapping positions, calculating exclusive OR results of values r v and result of all mapping positions except the mapping position corresponding to the subscript stored in the tag, and writing the exclusive OR results into the first empty mapping position;
If the element insertion mark tag is not equal to-1, the element insertion is successful, the updated (kappa, eta, lambda) -CBF is returned, otherwise, the element insertion is failed.
6. The method for securely storing data across a domain transfer information chain of claim 5, wherein the element verification algorithm is:
using bilinear mapping functions preset by supervisor parameters Calculating the unique identification of the known data lambada m and the product of the 1 st private key s 1 of the known supervisor and the public key DPK * of a certain domain manager to obtain an element u' to be queried;
looping through kappa hash functions preset by supervisor parameters Representing the position index maximum from 0 to CBFInteger space between the two, calculating to obtain kappa mapping positions of the element u' to be queried in (kappa, eta, lambda) -CBFObtaining kappa values in the mapping positions, and performing exclusive OR calculation to obtain a calculation result';
And splicing the first l 1 bits of the element u 'to be queried and the ith domain administrator binary number N i to obtain a spliced result, if the administrator number N i is legal and the spliced result is equal to the calculation result', successfully querying, and returning to the domain administrator number N i, otherwise, failing to query.
7. The bloom filter-based data cross-domain circulation information on-chain security certificate storage system is characterized by comprising a supervisor, a domain manager and data users, wherein each party realizes a data cross-domain circulation information on-chain security certificate storage flow based on the bloom filter-based data cross-domain circulation information on-chain security certificate storage method according to any one of claims 1 to 6.
8. An electronic device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method according to any one of claims 1 to 6 when the computer program is executed.
9. A computer readable storage medium, characterized in that the computer readable storage medium comprises a stored computer program, wherein the computer program, when run by a processor, controls a device in which the storage medium is located to perform the steps of the method according to any one of claims 1 to 6.
CN202510270552.2A 2025-03-07 2025-03-07 A method and system for securely storing cross-domain data flow information on a chain based on Bloom filters Pending CN120217449A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202510270552.2A CN120217449A (en) 2025-03-07 2025-03-07 A method and system for securely storing cross-domain data flow information on a chain based on Bloom filters

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202510270552.2A CN120217449A (en) 2025-03-07 2025-03-07 A method and system for securely storing cross-domain data flow information on a chain based on Bloom filters

Publications (1)

Publication Number Publication Date
CN120217449A true CN120217449A (en) 2025-06-27

Family

ID=96115860

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202510270552.2A Pending CN120217449A (en) 2025-03-07 2025-03-07 A method and system for securely storing cross-domain data flow information on a chain based on Bloom filters

Country Status (1)

Country Link
CN (1) CN120217449A (en)

Similar Documents

Publication Publication Date Title
CN111372243B (en) Security distributed aggregation and access system and method based on fog alliance chain
Zhao et al. Multi-user keyword search scheme for secure data sharing with fine-grained access control
CN111614680B (en) CP-ABE-based traceable cloud storage access control method and system
Liu et al. Secure and scalable cross-domain data sharing in zero-trust cloud-edge-end environment based on sharding blockchain
Zhao et al. A verifiable hidden policy CP‐ABE with decryption testing scheme and its application in VANET
Zhou et al. BLDSS: A blockchain-based lightweight searchable data sharing scheme in vehicular social networks
GB2603495A (en) Generating shared keys
CN114866244B (en) Method, system and device for controllable anonymous authentication based on ciphertext block chaining encryption
Jiang et al. A distributed internet of vehicles data privacy protection method based on zero-knowledge proof and blockchain
CN117614604A (en) Power grid data privacy protection and sharing system and method based on blockchain technology
Hu et al. CP_ABSC: An attribute-based signcryption scheme to secure multicast communications in smart grids
CN115908001A (en) Transaction supervision method and device based on block chain, electronic equipment and storage medium
Qin et al. Simultaneous authentication and secrecy in identity-based data upload to cloud
Parmar et al. Privacy-preserving authentication scheme for VANETS using blockchain technology
CN115001673B (en) Key processing method, device and system based on unified multi-domain identification
CN116232732A (en) A blockchain-based lightweight distributed secure communication authentication method and system
Huang et al. Efficient and privacy-preserving authentication for federated learning in industrial internet of things data sharing application
CN117828673B (en) Block chain-based data circulation and privacy protection method and device
Yao et al. A lightweight access control mechanism for mobile cloud computing
CN116566745B (en) A data sharing and monitoring system and method based on blockchain
Thorncharoensri et al. Secure and efficient communication in VANETs using level‐based access control
Zhang et al. A location-aware verifiable outsourcing data aggregation in multiblockchains
Saxena et al. A Lightweight and Efficient Scheme for e-Health Care System using Blockchain Technology
CN115720137B (en) Information management system, method and device
CN120217449A (en) A method and system for securely storing cross-domain data flow information on a chain based on Bloom filters

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination