支持国密算法的区块链交易数据隐私保护方案

doi:10.3969/j.issn.1671-1122.2023.03.009

摘要/Abstract

摘要：

随着区块链技术的发展，链上数据共享越来越重要。当前区块链交易数据在链上公开透明，存在隐私数据共享受限问题，而且Hyperledger Fabric平台缺乏国密算法的支持，在国内应用中受限。文章首先采用国密算法改造Hyperledger Fabric平台；然后提出交易数据隐私保护方案，以国密算法完成对交易数据的安全和限时共享；最后对改造的Hyperledger Fabric平台和提出的方案做系统实现和性能测试。实验结果表明，文章方法实现了对Hyperledger Fabric平台的国密改造，该方案的执行效率和系统性能均满足实际需求。

关键词: 区块链, 隐私保护, 国密算法, Hyperledger Fabric

Abstract:

With the development of blockchain technology, the realization of data sharing on the chain has become an important application to promote the implementation of the blockchain industry. The transaction data of the current blockchain is open and transparent on the chain, with problems of restricted sharing. At the same time, considering that the Hyperledger Fabric platform is limited in domestic applications due to the lack of support of the national cryptographic algorithm, this paper transformed the Fabric platform by adopting the national cryptographic algorithm firstly. Secondly, a transaction data privacy-preserving scheme was proposed to complete the security and limited sharing of transaction data with national cryptographic algorithm. Finally, the modified Fabric platform and the proposed solution were tested for system implementation and performance. The experimental results show that this paper completes the national cryptographic algorithm transformation of the Fabric platform, which ensures the correctness of various operations. The implementation efficiency and system performance of the privacy protection scheme also meet the practical requirements.

Key words: blockchain, privacy-preserving, national cryptographic algorithm, Hyperledger Fabric

中图分类号:

TP309

王晶宇, 马兆丰, 徐单恒, 段鹏飞. 支持国密算法的区块链交易数据隐私保护方案[J]. 信息网络安全, 2023, 23(3): 84-95.

WANG Jingyu, MA Zhaofeng, XU Danheng, DUAN Pengfei. Blockchain Transaction Data Privacy-Preserving Scheme Supporting National Cryptographic Algorithm[J]. Netinfo Security, 2023, 23(3): 84-95.

图/表 11

图1

图2

图3

图4

表1

图5

图6

表2

图7

图8

图9

参考文献 36

[1]	NAKAMOTO S. Bitcoin: A Peer-to-Peer Electronic Cash System[EB/OL]. [2022-09-06]. https://bitcoin.org/bitcoin.pdf.
[2]	XIA Yadong, CHE Lu, WANG Guanxiang, et al. Design of Passwordless Authentication System Using Decentralized Identity in Universities[EB/OL]. (2022-07-13)[2022-09-06]. http://kns.cnki.net/kcms/detail/61.1224.TN.20220712.1526.002.html.
	夏亚东, 车路, 王关祥, 等. 高校去中心化身份无密码认证系统设计[EB/OL]. (2022-07-13)[2022-09-06]. http://kns.cnki.net/kcms/detail/61.1224.TN.20220712.1526.002.html.
[3]	LIN Chao, HE Debiao, HUANG Xinyi. Blockchain-Based Electronic Medical Record Secure Sharing[EB/OL]. (2022-01-17)[2022-09-06]. http://kns.cnki.net/kcms/detail/51.1307.TP.20220115.1014.002.html.
	林超, 何德彪, 黄欣沂. 基于区块链的电子医疗记录安全共享[EB/OL]. (2022-01-17)[2022-09-06]. http://kns.cnki.net/kcms/detail/51.1307.TP.20220115.1014.002.html.
[4]	ZHAI Sheping, TONG Tong, BAI Xifang. Blockchain-Based Attribute Proxy Re-encryption Data Sharing Scheme[EB/OL]. (2022-07-20)[2022-09-21]. http://kns.cnki.net/kcms/detail/11.2127.TP.20220719.1534.004.html.
	翟社平, 童彤, 白喜芳. 基于区块链的属性代理重加密数据共享方案[EB/OL]. (2022-07-20)[2022-09-21]. http://kns.cnki.net/kcms/detail/11.2127.TP.20220719.1534.004.html.
[5]	AZZI R, CHAMOUN R K, SOKHN M. The Power of a Blockchain-Based Supply Chain[J]. Computers & Industrial Engineering, 2019, 135: 582-592. doi: 10.1016/j.cie.2019.06.042 URL
[6]	JING Nan, LIU Qi, SUGUMARAN V. A Blockchain-Based Code Copyright Management System[EB/OL]. [2022-09-21]. https://xueshu.baidu.com/usercenter/paper/show?paperid=1u630e30dh420p90xj430270st462748&site=xueshu_se.
[7]	MA Zhaofeng, JIANG Ming, GAO Hongmin, et al. Blockchain for Digital Rights Management[J]. Future Generation Computer Systems, 2018, 89: 746-764. doi: 10.1016/j.future.2018.07.029 URL
[8]	MA Zhaofeng, WANG Xiaochang, JAIN D K, et al. A Blockchain-Based Trusted Data Management Scheme in Edge Computing[J]. IEEE Transactions on Industrial Informatics, 2019, 16(3): 2013-2021. doi: 10.1109/TII.9424 URL
[9]	MA Zhaofeng, WANG Lingyun, WANG Xiaochang, et al. Blockchain-Enabled Decentralized Trust Management and Secure Usage Control of IoT Big Data[J]. IEEE Internet of Things Journal, 2019, 7(5): 4000-4015. doi: 10.1109/JIoT.6488907 URL
[10]	ZHONG Sheng, HUANG Xinyi. Introduction to Security and Privacy in Blockchain Applications[J]. Chinese Science: Information Science, 2020, 50(3): 461-462.
	仲盛, 黄欣沂. 区块链应用中的安全隐私专题简介[J]. 中国科学:信息科学, 2020, 50(3): 461-462.
[11]	SHI Kun, ZHOU Yong, ZHANG Qiliang, et al. Privacy-Preserving Scheme of Energy Trading Data Based on Consortium Blockchain[EB/OL]. (2022-08-12)[2022-09-13]. http://kns.cnki.net/kcms/detail/50.1075.tp.20220810.0952.024.html.
	时坤, 周勇, 张启亮, 等. 基于联盟链的能源交易数据隐私保护方案[EB/OL]. (2022-08-12)[2022-09-13]. http://kns.cnki.net/kcms/detail/50.1075.tp.20220810.0952.024.html.
[12]	LI Li, DU Huina, LI Tao. Blockchain Supervisable Privacy Protection Scheme Based on Group Signature and Attribute Encryption[J]. Computer Engineering, 2022, 48(6): 132-138.
	李莉, 杜慧娜, 李涛. 基于群签名与属性加密的区块链可监管隐私保护方案[J]. 计算机工程, 2022, 48(6): 132-138.
[13]	LIANG Wei, YANG Yang, YANG Ce, et al. PDPChain: A Consortium Blockchain-Based Privacy Protection Scheme for Personal Data[J]. IEEE Transactions on Reliability, 2022: 1-13.
[14]	WANG Baocheng, LI Zetao. Healthchain: A Privacy Protection System for Medical Data Based on Blockchain[J]. Future Internet, 2021, 13(10): 247. doi: 10.3390/fi13100247 URL
[15]	LUO Yurong, CAO Jin, LI Hui, et al. Electronic Invoice Public Verification Scheme based on SM2 Coalition Signature Algorithm[J]. Chinese Journal of Network and Information Security, 2022, 8(2): 122-131.
	罗玙榕, 曹进, 李晖, 等. 基于SM2联合签名的电子发票公开验证方案[J]. 网络与信息安全学报, 2022, 8(2): 122-131.
[16]	HU Wei, WU Qiuhan, LIU Shengli, et al. Design of Secure eID and Identity Authentication Agreement in Mobile Terminal Based on Guomi Algorithm and Blockchain[J]. Netinfo Security, 2018, 18 (7): 7-15.
	胡卫, 吴邱涵, 刘胜利, 等. 基于国密算法和区块链的移动端安全eID及认证协议设计[J]. 信息网络安全, 2018, 18(7): 7-15.
[17]	LI Min, CHEN Fulong, PANG Hui. Vehicle PEPS and EMS Security Certification Based on Encryption Algorithm SM4[J]. Journal of Nanjing University of Information Science & Technology(Natural Science Edition), 2022, 14(5): 543-550.
	李敏, 陈付龙, 庞辉. 基于国密算法SM4的车载PEPS和EMS安全认证方法研究[J]. 南京信息工程大学学报(自然科学版), 2022, 14(5): 543-550.
[18]	WANG Xiaoyun, YU Hongbo. SM3 Cryptographic Hash Algorithm[J]. Journal of Information Security Research, 2016, 2(11): 983-994.
	王小云, 于红波. SM3密码杂凑算法[J]. 信息安全研究, 2016, 2(11): 983-994.
[19]	SUN Rongyan, CAI Changshu, ZHOU Zhou, et al. The Comparision between Digital Signature Based on SM2 and ECDSA[J]. Network Security Technology & Application, 2013(2): 60-62.
	孙荣燕, 蔡昌曙, 周洲, 等. 国密SM2数字签名算法与ECDSA算法对比分析研究[J]. 网络安全技术与应用, 2013(2): 60-62.
[20]	WU Zhihong, ZHAO Jianning, ZHU Yuan, et al. Comparative Study on Application of Chinese Cryptographic Algorithms and International Cryptographic Algorithms in Vehicle Microcotrollers[J]. Netinfo Security, 2019, 19(8): 68-75.
	吴志红, 赵建宁, 朱元, 等. 国密算法和国际密码算法在车载单片机上应用的对比研究[J]. 信息网络安全, 2019, 19(8): 68-75.
[21]	ALI O, JARADAT A, KULAKLI A, et al. A Comparative Study: Blockchain Technology Utilization Benefits, Challenges and Functionalities[J]. IEEE Access, 2021, 9: 12730-12749. doi: 10.1109/Access.6287639 URL
[22]	MA Zhaofeng. Blockchain Technology Development Guide[M]. Beijing: Tsinghua University Press, 2020.
	马兆丰. 区块链技术开发指南[M]. 北京: 清华大学出版社, 2020.
[23]	BHUTTA M N M, KHWAJA A A, NADEEM A, et al. A Survey on Blockchain Technology: Evolution, Architecture and Security[J]. IEEE Access, 2021, 9: 61048-61073. doi: 10.1109/ACCESS.2021.3072849 URL
[24]	WANG Huaqun, WU Tao. Cryptography on the Blockchain[J]. Journal of Nanjing University of Posts and Telecommunications(Natural Science Edition), 2017, 37(6): 61-67.
	王化群, 吴涛. 区块链中的密码学技术[J]. 南京邮电大学学报(自然科学版), 2017, 37(6): 61-67.
[25]	YANG Long, HAN Dan, OUYANG Weile. Application of Commercial Cipher Algorithm in Blockchain Technology[J]. Computer Engineering and Applications, 2020(s): 29-35.
	杨龙, 韩丹, 欧阳维乐. 商用密码算法在区块链技术中的应用[J]. 计算机工程与应用, 2020(s): 29-35.
[26]	GM/T 0003-2012 SM2 Elliptic Curve Public Key Cryptography:[S]. China: State Cryptography Administration, 2012.
	GM/T 0003-2012 SM2椭圆曲线公钥密码算法[S]. 中国: 国家密码管理局, 2012.
[27]	WANG Zhaohui, ZHANG Zhenfeng. Overview on Public Key Cryptographic Algorithm SM2 Based on Elliptic Curves[J]. Journal of Information Security Research, 2016, 2(11): 972-982.
	汪朝晖, 张振峰. SM2椭圆曲线公钥密码算法综述[J]. 信息安全研究, 2016, 2(11): 972-982.
[28]	YANG Kai. IP Core Design Compatible with DES, AES and SM4 Algorithms[D]. Xi’an: Xidian University, 2017.
	杨凯. 兼容DES、AES和SM4算法的IP核设计[D]. 西安: 西安电子科技大学, 2017.
[29]	LYU Shuwang, SU Bozhan, WANG Peng, et al. Overview on SM4 Algorithm[J]. Journal of Information Security Research, 2016, 2(11): 995-1007.
	吕述望, 苏波展, 王鹏, 等. SM4分组密码算法综述[J]. 信息安全研究, 2016, 2(11): 995-1007.
[30]	Hyperledger Fabric Official Documentation[EB/OL]. [2022-08-21]. https://hyperledgerfabric.readthedocs.io/en/release-1.4.
[31]	XU Xiaoqiong, SUN Gang, LUO Long, et al. Latency Performance Modeling and Analysis for Hyperledger Fabric Blockchain Network[EB/OL]. (2021-01-12)[2022-07-21]. https://xueshu.baidu.com/usercenter/paper/show?paperid=1x5v0gc04w1q0aj0xy3y0cg00v032442&site=xueshu_se.
[32]	CASTRO M, LISKOV B. Practical Byzantine Fault Tolerance and Proactive Recovery[J]. ACM Transactions on Computer Systems, 2002, 20(4): 398-461. doi: 10.1145/571637.571640 URL
[33]	CAO Qi, RUAN Shuhua, CHEN Xingshu, et al. Embedding of National Cryptographic Algorithm in Hyperledger Fabric[J]. Chinese Journal of Network and Information Security, 2021, 7(1): 65-75.
	曹琪, 阮树骅, 陈兴蜀, 等. Hyperledger Fabric平台的国密算法嵌入研究[J]. 网络与信息安全学报, 2021, 7(1): 65-75.
[34]	Tongji Blockchain Research Institute. Implementation of State Secret SM2, SM3 and SM4 algorithms[EB/OL]. [2022-08-21]. https://github.com/tjfoc/gmsm.
	同济区块链研究院. 国密 SM2、SM3 和 SM4 算法实现[EB/OL]. [2022-08-21]. https://github.com/tjfoc/gmsm.
[35]	Tongji Blockchain Research Institute. TLS/SSL Code Based on National Secret Algorithm[EB/OL]. [2022-08-26]. https://github.com/tjfoc/gmtls.
	同济区块链研究院. 基于国密算法的TLS/SSL代码库[EB/OL]. [2022-08-26]. https://github.com/tjfoc/gmtls.
[36]	LI Yanfeng, DING Liping, WU Jingzheng, et al. Research on a New Network Covert Channel Model in Blockchain Environment[J]. Journal on Communications, 2019, 40(5): 67-78. doi: 10.11959/j.issn.1000-436x.2019111
	李彦峰, 丁丽萍, 吴敬征, 等. 区块链环境下的新型网络隐蔽信道模型研究[J]. 通信学报, 2019, 40(5): 67-78. doi: 10.11959/j.issn.1000-436x.2019111

符号	符号定义
$FK$	SM4中4个8字节的系统参数
$CK$	SM4中32个8字节的固定参数
${{M}_{p}}$	待加密的用户隐私数据
${{C}_{p}}$	SM4加密后的密文
$MK$	SM4初始密钥
$M{K}''$	经过编码调制后的对称密钥
$Cert$	CA机构向用户颁发的数字证书
$s{{k}_{v}}$	区块链中验证节点的SM2私钥
$p{{k}_{v}}$	区块链中验证节点的SM2公钥
$s{{k}_{i}}$	数据提供者客户端的SM2私钥
$p{{k}_{i}}$	数据提供者客户端的SM2公钥
$SM2\_Enc(m,pk)$	SM2的加密算法
$SM2\_Dec(c,sk)$	SM2的解密算法
$ID$	区块链交易ID
$payload$	区块链交易数据内容
$Timestamp$	区块链交易时间戳

	国密Fabric平台	原生Fabric平台
网络启动执行时间/s	13.302	12.337
SDK发起交易时间/ms	33.86	20.58