信息网络安全 ›› 2022, Vol. 22 ›› Issue (5): 54-63.doi: 10.3969/j.issn.1671-1122.2022.05.007

• 技术研究 • 上一篇    下一篇

基于区块链的隐私信用数据受限共享技术研究

刘嘉微, 马兆丰(), 王姝爽, 罗守山   

  1. 北京邮电大学网络空间安全学院,北京 100876
  • 收稿日期:2022-01-20 出版日期:2022-05-10 发布日期:2022-06-02
  • 通讯作者: 马兆丰 E-mail:mzf@bupt.edu.cn
  • 作者简介:刘嘉微(1997—),女,江西,硕士研究生,主要研究方向为区块链及安全技术|马兆丰(1974—),男,甘肃,副教授,博士,主要研究方向为区块链理论与技术、区块链核心创新及应用|王姝爽(1998—),女,山东,硕士研究生,主要研究方向为区块链及安全技术|罗守山(1962—),男,安徽,教授,博士,主要研究方向为区块链、密码学、网络与信息安全
  • 基金资助:
    国家重点研发计划(2020YFB1005500);北京市自然科学基金(M21034)

Research on the Restricted Sharing Technology of Private Credit Data Based on Blockchain

LIU Jiawei, MA Zhaofeng(), WANG Shushuang, LUO Shoushan   

  1. The School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, China
  • Received:2022-01-20 Online:2022-05-10 Published:2022-06-02
  • Contact: MA Zhaofeng E-mail:mzf@bupt.edu.cn

摘要:

随着当前信用体系的发展,信用数据数字化是推动社会信用建设的必然选择。当前用户信用数据主要是以明文形式存储在中心化的信用机构中,存在共享难、安全性差的问题。由于区块链具有可追溯、不可篡改的特性,这为信用领域提供了一种新型的分布式存储解决方案。文章结合区块链、同态加密算法、访问控制算法和非对称算法,提出了一个数据受限共享与隐私保护的区块链模型,模型中通过调用ECC非对称算法对信用数据进行加密后发送到云服务器中;在云端引入SEAL库中的CKKS算法进行同态加密,解决了密文计算开销大的痛点;以区块链证书颁发中心作为可信第三方,完成改进后的访问控制算法CP-ABE的初始化、密钥生成与分发;然后将信用数据存证在区块链上。本文模型实现的系统可确保用户权限的细粒度访问控制与隐私保护。功能和性能评测表明,文章所提方法在数字信用领域中的隐私保护、信用存证、访问控制等方面具有重要的参考意义与应用价值,应用系统吞吐量及区块链TPS能够满足实际应用性能需要。

关键词: 数字信用, 区块链, 同态加密, 访问控制, 非对称加密

Abstract:

With the development of credit system, the digitization of credit data is an inevitable choice to promote the construction of social credit. At present, user credit data is mainly stored in clear text in centralized credit institutions, which has the problems of difficult sharing and poor security. Thanks to the traceability and non tamperability of blockchain, it provides a new distributed storage solution for the credit field. Combined with blockchain, homomorphic encryption algorithm, access control algorithm and asymmetric algorithm, this paper proposed a blockchain model of limited data sharing and privacy protection. In the model, the credit data was encrypted by calling ECC asymmetric algorithm and sent to the cloud server. CKKS algorithm in seal database was introduced into the cloud for homomorphic encryption, which solved the pain point of high overhead in ciphertext calculation. Took the blockchain certificate issuing center as the trusted third party to complete the initialization, key generation and distribution of the improved access control algorithm CP-ABE. Finally, deposit the credit data on the blockchain. The system implemented by this model can ensure fine-grained access control and privacy protection of user rights. The function and performance evaluation shows that the method proposed in this paper has good reference significance and application value in the field of privacy protection, credit deposit and access control in the field of digital credit. The application system throughput and blockchain TPS can meet the needs of practical application performance.

Key words: digital credit, blockchain, homomorphic encryption, access control, asymmetric encryption

中图分类号: