Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Referring to fig. 1, a flow diagram of a block chain encryption method for irreversible dynamic failure re-check reconstruction according to the present invention is shown.
The invention requests to protect an irreversible dynamic failure re-check reconstruction block chain encryption method, which is characterized by comprising the following steps:
encrypting the block chain link points by adopting an encryption function, using a public key to encrypt the encryption function, and setting a private key as decrypted data information;
if the decryption result carries the user identification, determining that the data entry is the data information of the user corresponding to the user identification;
identifying whether the decryption result is sent by a node on a blockchain, if so, creating a conditional balance between path nodes, and then sending a transaction initiator to a transaction receiver, namely a parameter field in supplement, of a transaction certificate;
according to the request of the client to access the file, retrieving the encryption block through a peer node to reconstruct the node adding part, retrieving at least some private shares for reconstructing a private key, and decrypting the node adding part by using the reconstructed private key;
broadcasting the initiator signature and the encrypted shares into a blockchain;
the sender uses the key to encrypt the message plaintext, and sends out the message plaintext after obtaining the node, and the receiver uses the same key as the sender after receiving the node and uses the inverse algorithm of the encryption algorithm used by the sender to decrypt the node to obtain the plaintext;
all transactions packaged by the current block are recorded in a Mercker tree mode, the field records the root hash value of the transaction tree, when each transaction enters the block to be packaged, the field needs to be recalculated and updated once, and the root value of the Mercker tree is the root node hash value of all recorded transactions in the block.
Further, the encrypting the block link points by using the encryption function, the encrypting the block link points by using the public key, and the decrypting the data information by using the private key specifically include:
only the sharing of the sub public key and the sub private key is independently generated by each participant, and the participants know the respective secret sharing, so that any attacker who encrypts data under the public key cannot obtain the secret sharing of the master key and cannot obtain the information shared by any sub key;
the encryption function adopts a conic curve digital encryption algorithm, and firstly, a finite field is represented by using a function (1)Curve E above;
(1)
wherein,order setRepresents a set of all points (x, y) satisfying a function (1), wherein(ii) a In addition to this, the present invention is,also comprises a special point O; during initialization, common variables of a system need to be determined; selecting a root nodeThe order of G is n, and the main parameters of the conic section digital encryption algorithm areThe algorithm is described in detail as follows:
the key generation algorithm: randomly selecting integersCalculatingIf the public key is Q, the private key is d;
and (3) encryption algorithm: inputting a message m and a private key d, randomly selectingCalculatingConverting x into integer, calculatingIf r =0, k is reselected and calculated,For selected hash functions, calculatingIf s =0, k is reselected, and the encryption result pair (r, s) is output;
and (3) a verification algorithm: and inputting the encryption result pair (r, s), the message m and the public key G, and outputting legal if the following formula is established, or outputting illegal.
Preferably, if the decryption result carries the user identifier, determining that the data entry is the data information of the user corresponding to the user identifier specifically includes:
the hash value of the public key is used as an account address and is the only public identification of the account in the network, an issuing center certificate is generated through an issuing center private key and is used for issuing a user certificate, and a root certificate is an important tool of the operation of transaction signature and the like in an EPID format;
taking as input the certificate provided by the monitor and checking this certificate according to a domain certificate policy
A reconstruction list is specified that allows issuance of certificates for that particular domain. If the certificate is issued by a rebuild that is not on this list, a response policy is implemented that operates to transfer abnormally rebuilt blockchains to affected users and monitors that report violations.
Local storage is the simplest way to store the private key, and the private key is typically stored in a file format on a local disk or in a local database. When a transaction needs to be created, the blockchain client software reads the private key data, signs the transaction and broadcasts the signature to the network, and the blockchain public key of the user and the corresponding private key are automatically generated and backed up by the client regularly. The local storage has many advantages, firstly, because only the blockchain client can access the file directory of the private key, the user only needs to log in the client once, and can operate without additional authentication. Secondly, the storage space of the local disk is large, so that a large number of private keys can be stored. Finally, the user can generate the transaction by only using the blockchain client to perform some simple operations. However, this simple and convenient mode also poses a certain threat, such as that data of a private key file may be compromised
And malicious software reading, particularly when a user uses a network or shares data, a private key file directory needs to be prevented from being disclosed. In addition, the local equipment is prevented from physical accidents, such as damage, theft and the like. In order to improve the safety of local storage, an encryption wallet is proposed, which is a special local storage mode, and is different from the mode that a private key is directly stored on a disk, the encryption wallet encrypts a private key file and then stores the encrypted private key file in the local, and the encrypted secret is stored
The key is derived from a password selected by the user. Compared to local storage, the encryption wallet can be resistant to physical theft: even if the wallet device is stolen, the private key cannot be used without the password, but the digital theft is not meaningful, for example, if an attacker implants malicious software into the wallet device in advance and tracks and acquires the input password of the user, the password protection at the moment does not work any more.
Referring to fig. 2, a flow diagram of an embodiment of a block chain encryption method for irreversible dynamic failure re-check reconstruction according to an embodiment of the invention is shown.
Further, the sender uses the secret key to carry out encryption algorithm processing on the message plaintext to obtain a node and then sends out the node, and the receiver uses the secret key same as that of the sender after receiving the node and uses the inverse algorithm of the encryption algorithm used by the sender to decrypt the node to obtain the plaintext;
the new node will request the complete information of the block chain from the random complete node in the network, and when receiving the blocks, the new node will check the correctness of the blocks in turn according to the sequence on the block chain;
if the block data of the block chain cannot be synchronously completed in a delayed way, the new node can stand by for a period of time, and after a certain time threshold value is exceeded, the new node turns to other nodes to obtain the block chain data, and when the node is offline for too long time from the block chain network and is online again, block chain synchronous reconstruction is required;
if the participant agrees to sign, performing hash operation on the content to obtain a second hash value, encrypting the second hash value by using a private key of the participant to obtain a signature of the participant, and broadcasting the signature of the participant to the block chain;
the initiator can obtain the participant signature broadcast by each participant from the blockchain, decrypt the corresponding participant signature by using the participant public key of each participant respectively, if the decryption is successful, prove that the signature is the signature of the corresponding participant, and if the decryption is failed, prove that the signature is not the signature of the participant.
When the failure reconstruction is realized, some data structures are designed, which are mainly used for convenience, stored in a database in a binary mode through a serialization method during storage, and read into a memory through an deserialization method during reading.
Rebuilding certificate chain table
Initially, the reconstruction certificate is added to the linked list, which has only one element. When the reconstruction key is replaced, the corresponding new reconstruction certificate is also requested to be stored, and the new reconstruction certificate is added to the end of the single linked list.
Verifying certificates
When a user inquires and verifies the validity of a certain certificate, the information of an issuer is obtained according to the certificate, then the certificate is traversed in a reconstruction certificate chain table, and after finding out the information, the certificate is verified to verify whether the signature of the certificate is issued by the corresponding reconstruction certificate. And if the signature is failed to be verified or cannot be found, the certificate is invalid.
Identity authentication
When a new certificate issuance request is received, the latest reconstruction certificate, that is, the certificate at the end of the linked list, needs to be used for verification. If the verification is successful, the certificate is a valid certificate, and subsequent storage is carried out. Otherwise, the certificate is considered to be illegal, and failure is returned.
Further, all transactions in the current block packing are recorded in a mercker tree, the field records a tree root hash value of the transaction tree, when each transaction enters a block to be packed, the field needs to be recalculated and updated once, and the root value of the mercker tree is a root node hash value of all recorded transactions in the block, and the method specifically includes:
the whole node determines all blocks possibly including the transaction according to the characteristics of the transaction, at this time, the blocks of nearby time can be determined according to the transaction timestamp, the whole node searches the transaction information from the possible blocks, generates a Merkle tree of all transactions of the whole blocks, calculates a Merkle authentication path of the information, and returns the authentication path to the SPV node, and at this time, the Merkle technology is used;
the communication network of the blockchain system is a centerless, point-to-point broadcast network that is used to broadcast newly generated transactions and blocks. All nodes in the network are equal, and the topology of the network is random. When a new node wants to join the network, the new node only needs to communicate with one known node, the node is called a seed node, the seed node broadcasts the known node to the new access node, and after the steps are repeated for many times, the new access node can communicate with a plurality of nodes. The nodes issue messages through the mechanism: when the node sends out a connection request, the node simultaneously broadcasts out the connection information of the node, and when the node receives the connection request, the node also inquires the connection information. The mechanism establishes an effective random network and can quickly broadcast information;
when a user communicates on a block chain and other behaviors needing security requirements, data entries of the user are encrypted, and under the condition that indexes and data keys are not lost, each user has a complete plaintext state of all own data;
the Merkle tree is used to summarize all transactions in a block, while generating a digital fingerprint of the entire transaction set, and provides an efficient way to verify whether a transaction exists in a block. Generating a complete Merkle tree requires recursively hashing a pair of nodes and inserting the newly generated hash node into the Merkle tree until only one hash node remains, which is the root of the Merkle tree;
when a user in the blockchain wants to obtain the plaintext data of other users, the user must be authorized to obtain the plaintext data. It should be noted that, the index of each data entry includes that the user identifier in the user identifier is not in a plaintext state, and the user identifier can be obtained only after the index of the data entry is decrypted.
To protect against malware attacks, the private key may be stored on the portable device offline. The private key may be printed on paper, stored on a USB device, etc., for example. The protection of the private key becomes a physical security issue and can be protected in a conventional manner, such as placing the portable device in a safe. Offline storage also has the disadvantage that it cannot create transactions, each time a private key signature is used a signature is generated by means of a computable device and issued to the network. Offline storage is suitable for backing up the private key, in which case the offline device needs to update the private key periodically in order to keep it synchronized with other blockchain wallets.
The dynamic node in the block chain network collects the newly generated transactions in the network in the last period of time, firstly, the dynamic node checks whether the received transactions are legal or not, and after the checks are successful, the dynamic node adds the transactions into a transaction confirmation queue to wait for confirmation. Dynamically combining the transactions to be confirmed into a block of data, and then determining who can confirm the transactions by competing for the workload proving problem, the first node solving the workload proving problem is considered to be paying sufficient calculation power to confirm the transactions. Then the node broadcasts its own block to the whole network, and informs other nodes in the network to add its own block to the back of the original block chain.
Based on a symmetric and asymmetric double encryption algorithm in a cryptology theory, the irreversible quadruple encryption (Token + public key + private key + dynamic failure double-check reconstruction) + a unique core algorithm originally created by a multi-original-chain technical team is integrated, so that contract transmission, transaction and data are safer, and cracking becomes history. The multi-original-chain technical team originally creates a full-point intercommunication communication protocol, permission DIY, and can establish point-to-point communication in application, linear communication between application packages, linear communication between application A and application B and public-chain bridging communication on the premise of following a multi-original-chain platform protocol. To achieve the diversity and flexibility of contracts, tokens, and business processes.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.