阅读说明：本技术 一种应用于联盟链的动态椭圆曲线加密方法 (A kind of Dynamic Oval curve cryptographic methods applied to alliance's chain ) 是由 黄步添 罗春凤 周伟华 石太彬 刘振广 陈建海 于 2019-08-27 设计创作，主要内容包括：本发明公开了一种应用于联盟链的动态椭圆曲线加密方法,包括：(1)选择椭圆曲线加密算法对联盟链进行加解密；(2)实现公钥和私钥的建立,保存密钥身份信息,完成动态网络密钥更新；(3)利用联盟链的节点功能进行密钥管理,实现适应动态网络结构。根据场景选择椭圆曲线作为加解密的密码算法,在使用这种密码算法的密码系统中,采用密钥更新和适应网络变化的密钥管理方式,实时更新整个网络的动态。本发明的动态椭圆曲线加密方法能够适应动态网络变化进行密钥更新和文件或消息传输,通过这种方式设计的加密系统提高了具有分布式特点且存储大的联盟链网络的加解密效率。(The invention discloses a kind of Dynamic Oval curve cryptographic methods applied to alliance's chain, comprising: (1) selects elliptic curve encryption algorithm to carry out encryption and decryption to alliance's chain；(2) foundation for realizing public key and private key, saves cipher key identity information, completes dynamic network key updating；(3) key management is carried out using the nodal function of alliance's chain, realizes and adapts to dynamic network structure.Cryptographic algorithm of the elliptic curve as encryption and decryption is selected according to scene, in the cryptographic system using this cryptographic algorithm, using the key management mode of key updating and adaptation network change, the dynamic of real-time update whole network.Dynamic Oval curve cryptographic methods of the invention can adapt to dynamic network variation and carry out key updating and file or message transmission, and the encryption system designed in this way improves with distributed nature and stores the encryption and decryption efficiency of big alliance's chain network.)

1. a kind of Dynamic Oval curve cryptographic methods applied to alliance's chain, which is characterized in that realize that step includes:

(1) selection elliptic curve encryption algorithm carries out encryption and decryption to alliance's chain；

(2) foundation for realizing public key and private key, saves cipher key identity information, completes dynamic network key updating；

(3) key management is carried out using the nodal function of alliance's chain, realizes and adapts to dynamic network structure.

2. the Dynamic Oval curve cryptographic methods according to claim 1 applied to alliance's chain, which is characterized in that carrying out In the transmission process of certain part of file or message, steps are as follows for the realization of the step (1):

1.1 receiving parties are grouped information, form the cleartext information block in finite field；

1.2 receiving parties select elliptic curve, and choose on elliptic curve a little as basic point, and cleartext information block is embedded into Basic point on elliptic curve；

1.3 receiving parties select a private key, and generate corresponding public key；

1.4 receiving parties by selected elliptic curve and curve basic point and public key be sent to information sender；

1.5 information senders receive the information in step 1.4, generate the random number for being less than basic point order on elliptic curve As private key, using the point on private key recovery curve, certain part of file or message on calculating elliptic curve pass through encrypted close Text and public key；

Ciphertext and public key are sent back receiving party by 1.6 information senders；

After 1.7 receiving parties are connected to the information of the step 1.6 of information sender, by calculating, obtain needing received file Or message.

3. being applied to the Dynamic Oval curve cryptographic methods of alliance's chain according to claim 2, which is characterized in that wherein, In In the case that information sender and receiving party contact for the first time, it is related to the step 1.2 and step 1.3 further includes appointing What legitimate user all decodable codes restore to look for such random number less than basic point order on elliptic curve as private key in plain text, Size is allowed to meet between 2⁸Times cleartext information block is to 2⁸Times cleartext information block adds between 1, and determines the quadratic residue on curve, The random number for being less than basic point order on elliptic curve is found as private key, completes cleartext information coding.

4. being applied to the Dynamic Oval curve cryptographic methods of alliance's chain according to claim 2, which is characterized in that wherein, In During carrying out certain part of file or message transmission for the first time, receiving party is needed to select elliptic curve, determine basic point, generate Private key and public key transmit basic parameter to information sender, are established and are contacted for the first time by information sender and receiving party Afterwards, receiving party can directly decrypt the ciphertext of information sender, thereby realize and add solution using elliptic curve cryptography system The process of confidential information.

5. being applied to the Dynamic Oval curve cryptographic methods of alliance's chain according to claim 1, which is characterized in that the step (2) specific implementation step includes:

2.1 private keys generate center operating system and establish algorithm, export common parameter and main private key, and open common parameter saves master Private key；

2.2 private keys generate center and run private key generating algorithm, defeated after input common parameter, main private key and user identity Corresponding initial private key out；User's enrollment status in alliance's chain, identity and its digital signature are published on alliance's chain；

2.3 user identity generate new private key and safe preservation when needing to update public key at random according to system parameter, further according to Private key generates corresponding public key, after being mapped into line number word signature, is published on alliance's chain.

6. being applied to the Dynamic Oval curve cryptographic methods of alliance's chain according to claim 1, which is characterized in that the step (3) specific implementation step includes:

3.1 newcomers need Key Management Center when being initially added network be its enrollment status information and key；

3.2 safety management nodes change identity information and the relevant all keying materials of identity in real time, and central management node is it Generate new identity and key；

3.3 Key Management Center carry out the revocation of malicious node identity, i.e. Key Management Center passes through retrieval as independent review side Alliance's chain examines node member's malicious act, once malicious act is confirmed, announces the identity of malicious node and its described close Key.

7. being applied to the Dynamic Oval curve cryptographic methods of alliance's chain according to claim 1, which is characterized in that alliance's chain can It is complete by intelligent contract to complete communication by the common recognition mechanism of members in the case where non-stop layer node participates in safeguarding At the update of key and the variation of adaptation network structure.

Technical field

The invention belongs to block chain encryption technology fields, and in particular to a kind of Dynamic Oval curve applied to alliance's chain adds Decryption method.

Technical background

Block chain integrates encryption technology, intelligent contract, common recognition mechanism and distribution as a kind of emerging network information technology The technologies such as formula account book technology have the characteristics that verifiability, programmability, trackability and prevent from maliciously distorting, encryption technology It is the basic technology for ensureing alliance's chain safety.It is related to attacking a series of event layers for causing losses on line out not due to various every year Thoroughly.Network attack causes the economic loss of block chain ecology to increase year by year, shows according to PeckShield Situation Awareness platform data, 15 more typical security incidents occur altogether for entire block chain ecology between this month of in July, 2019, and loss amounts to nearly 400,000,000 yuan of people Coin, it is seen then that the encryption technology of block chain has improved space.Whether block chain field of cryptography is identical according to public key and private key Can be divided into: two kinds of encryption methods of symmetric encipherment algorithm and rivest, shamir, adelman, public key and the identical encryption method of private key claim For symmetric encipherment algorithm, common symmetric encipherment algorithm includes: DES, AES, 3DES, IDEA, Blowfish, RC series and CAST Deng symmetric encipherment algorithm encryption/decryption speed is fast, but safety is low compared with rivest, shamir, adelman.

RAS, DSA, ECC (elliptic curve encryption algorithm) are currently used rivest, shamir, adelmans, and MIPS refers to every The computers that second executes 1,000,000 instructions are run 1 year, and 10,000 arithmetic speeds reach the computer parallel processing system of 1000MIPS, are broken Solution takes 9600, and Generally Recognized as safe break time is 10 at present¹²MIPS.Therefore, RSA and DSA wants a length of 1024bit of modulus, and ECC only needs 160bit, and when key length increases, the safety ratio RSA/DSA of ECC increases faster, and 240bit key is long The long RSA/DSA safety of the ECC ratio 2048bit mould of degree.As it can be seen that ECC ratio RSA/DSA is capable of providing smaller key length.

The elliptic curve cryptography of Elliptic Curve Discrete Logarithm difficulty based on finite field is safety so far A kind of highest public key encryption algorithm has calculation amount, amount of storage, bandwidth, software, hardware realization small scale and encryption, signature The features such as speed is high, is very suitable to the limited terminal device of computing resource and integrated circuit is limited, Bandwidth-Constrained, requires high speed The case where realization, such as IC card, wireless communication and certain computer networks etc..But its own also has limitation for example: 1) ellipse Circular curve cryptographic algorithm it is desirable that discrete value fixed-point calculation, do not allow to be rounded in cryptographic algorithm；2) safe ellipse is bent Line cryptographic system requires 160 Large-number operations, but the CPU of general microcomputer mostly only supports 64 operations；3) great Rong is required The data of amount store；4) require the node of processing itself that there is certain concurrency.Block chain network is a kind of distributed dynamic The database of network, distributed ad-hoc network mode have topological dynamics, non-stop layer distributivity, node member's identity state The features such as highly dynamic property, keeps key management under distributed network environment complex, becomes the research hotspot in corresponding field.It is close Key management refers to providing the services such as key generation, key distribution and key updating, key management for group entirety legal person Because the dynamic change efficiency of network is often affected.The special construction of block chain network needs suitable encryption method.

Summary of the invention

The present invention is based on the problems of above-mentioned background and prior art, proposes and count a kind of dynamic applied to alliance's chain Elliptic curve key design method, elliptic curve cryptography are usually used in distributed ad-hoc network, and this network avoids ellipse The limitation of circular curve cryptographic algorithm itself.Because elliptic curve encryption algorithm encryption signature it is short, calculation amount it is small thus encrypt It is high-efficient, and elliptic curve has certain adaptability to dynamic network, so can be protected using elliptic curve cryptography Hinder the safety on alliance's chain chain.It can also realize the real-time update of key, by constantly updating key and its corresponding to certificate Method ensures that user when connecting network progress encryption and decryption operation, ensures the data safety of user.

In order to realize these mesh of the invention, a kind of Dynamic Oval curve cryptographic methods applied to alliance's chain are provided, Its design procedure is as follows:

(1) selection elliptic curve encryption algorithm carries out encryption and decryption to alliance's chain；

(2) foundation for realizing public key and private key, saves cipher key identity information, completes dynamic network key updating；

(3) key management is carried out using the nodal function of alliance's chain, realizes and adapts to dynamic network structure.

Preferably, wherein the public key of two side of information sender and receiving party is obtained by the private key of oneself, With the public key of other side when encrypting plaintext, the private key of oneself is used when decrypting ciphertext.Information sender is sent to receiving party Part file or message embody the encryption and decryption step of the step (1) using the process of elliptic curve cryptography system transmission file, It implements step are as follows:

1.1 receiving parties are grouped information, form the cleartext information block in finite field；

1.2 receiving parties select elliptic curve, and choose on elliptic curve a little as basic point, and cleartext information block is embedding Enter the basic point onto elliptic curve；

1.3 receiving parties select a private key, and generate corresponding public key；

Point on selected elliptic curve and curve is sent to information sender by 1.4 receiving parties；

1.5 information senders receive the information in step 1.4, and generating a random number, (this random number is less than oval bent The order of basic point on line) it is used as private key, using the point on private key recovery curve, calculate certain part of file or message on elliptic curve By encrypted ciphertext and public key；

Ciphertext and public key are sent back receiving party by 1.6 information senders；

After 1.7 receiving parties are connected to the information of the step 1.6 of information sender, by calculating, obtain needing received File.

Further, during first time carries out file or message is transmitted, receiving party is needed to select oval bent Line determines basic point, generation private key and public key, transmits basic parameter to information sender, passes through information sender and information receives The connection that side establishes for the first time, receiving party can directly decrypt the ciphertext of information sender, thereby realize using oval The process of curve encryption system encryption and decryption information.

Further, the step of being related to the step 1.2 and step 1.3 further includes that any legitimate user all decodable codes are extensive Recover lost eyesight text, to look for such x (random number), be allowed to meet 256m≤x≤256 (m+1), and determines the quadratic residue on curve, X is found, cleartext information coding is completed.

Preferably, the specific implementation step of the step (2) includes:

2.1 private keys generate center operating system and establish algorithm, export common parameter and main private key, and open common parameter is protected Deposit main private key；

2.2 private keys generate center and run private key generating algorithm, input common parameter, main private key and user identity it Afterwards, corresponding initial private key is exported.User's enrollment status in alliance's chain, is published to alliance for identity and its digital signature On chain；

2.3 user identity generate new private/public key and peace when needing to update public/private keys at random according to system parameter All risk insurance is deposited, and generates corresponding public key further according to private key, after being mapped into line number word signature, is published on alliance's chain.

Preferably, the specific implementation step of the step (3) includes:

3.1 newcomers need Key Management Center when being initially added alliance's chain network be its enrollment status information and key；

3.2 safety management node changes identity information and the relevant all keying materials of identity, central management node in real time New identity and key are generated for it；

3.3 Key Management Center carry out the revocation of malicious node identity, i.e. Key Management Center passes through as independent review side Retrieval alliance's chain examines that node member's malicious act announces identity and its institute of malicious node once malicious act is confirmed State key.

Further, alliance's chain can pass through the common recognition machine of members in the case where non-stop layer node participates in safeguarding System completes communication, completes the update of key by intelligent contract and adapts to the variation of network structure.Common recognition mechanism be alliance's chain from Band, in the present invention, the function that the present invention communicates is realized by common recognition mechanism；Intelligent contract is that alliance's chain is included, at this In invention, key updating is realized by intelligent contract and adapts to the variation of network structure.

Further, wherein newcomer, safety management node, central management node, Key Management Center and malicious node It is related to the specific node-classification situation of alliance's chain, setting can be made under concrete scene.

Advantages of the present invention, target and feature will be partially reflected by the following instructions, and part will also be by the present invention Research and practice and be understood by the person skilled in the art.The present invention is include at least the following beneficial effects:

1. design obtains a kind of file suitable for distributed alliance's chain and in the case that data store greatly；

2. realizing that key updating adapts to dynamic network, it is ensured that alliance's chain safety；

3. devising a kind of method encrypted using elliptic curve for adapting to dynamic network.

Detailed description of the invention

Fig. 1 is encryption and decryption flow chart of the invention；

Fig. 2 is the schematic diagram of key updating of the present invention；

Fig. 3 is the network change situation that the present invention adapts to network change.

Specific embodiment

The present invention is illustrated for clarity, keeps the purposes, technical schemes and advantages of the embodiment of the present invention clearer, below The attached drawing in the embodiment of the present invention is combined, technical scheme in the embodiment of the invention is clearly and completely described, to enable Those skilled in the art's refer to the instruction text can be implemented accordingly.Below by attached drawing combination specific embodiment to of the invention Technology is described in detail.

1. Fig. 1 shows encryption and decryption flow chart of the invention, specific embodiment will be introduced in conjunction with attached drawing and will be carried out specifically It is bright.The mode for using representative symbol to illustrate carries out the narration of specific embodiment: setting user A as information sender, user B is letter Recipient is ceased, M is the message file that A is sent to B；There are various forms of elliptic curves for different finite fields, if Ep (a, b) For the elliptic curve in prime number finite field, wherein p ≠ 2,3, a, b be the real number for meeting certain conditions.

Step 1: B is grouped information, forms the cleartext information block m in finite field；

Step 2: B selectes Ep (a, b): y²=x³+ax+b,a,b∈Ep,4a³+27b²≠ 0 (modp), and choose oval song A basic point P on line, P m block being embedded on elliptic curve；

Step 3: B selects a private key k, and generates corresponding public key L=kP；

Step 4: selected elliptic curve and P, L are sent to A by B；

Step 5: A receives the information in step 4, and generating a random number x, (x < r, r are the rank of basic point on elliptic curve Number) it is used as private key, it is allowed to meet 256m≤x≤256 (m+1), and f (x)=x³Quadratic residue on+ax+b (modp) curve, Wherein p indicates the finite field Fp, a, b ∈ Fp of elliptic curve.X is found, cleartext information coding is completed.Using on private key recovery curve Public key, calculate elliptic curve on certain part of file M pass through encrypted ciphertext C₁=M+xL and public key C₂=xP；

Step 6: A is by C₁And C₂It is sent to B；

Step 7: B is connected to the C of A₁And C₂Information after, pass through M=C₁-kC₂, obtain file.

2. will be described in detail in conjunction with attached drawing Fig. 2 shows the flow chart of key updating of the present invention.Illustrate in figure Alliance's chain technology real-time update key is utilized in system.Private key generates center operating system and establishes algorithm in figure, exports public ginseng Several and main private key, open common parameter, saves main private key, private key generating algorithm of reruning, input common parameter, main private key with And after user identity, corresponding initial private key is exported.A and B enrollment status in alliance's chain signs identity and its number Name is published on alliance's chain；A and B identity generates new private key according to system parameter when needing to update public key at random and protects safely It deposits, generates corresponding public key further according to private key, after being mapped into line number word signature, be published on alliance's chain.

3. Fig. 3 shows the implementation method that the present invention adapts to network change, will be described in detail in conjunction with attached drawing.This hair To illustrate that the network of dynamic change, has common recognition attribute based on alliance's chain, the function of credible positioning is realized, so as to reality in bright When adjust network state information.It is the processing method for coping with the variation of alliance's chain network below:

Processing method 1: newcomer (user) needs Key Management Center K when being initially added network be its enrollment status information And key；

Processing method 2: safety management node S changes identity information and the relevant all keying materials of identity in real time, center Management node C generates new identity and key for it；

Processing method 3:K carries out the revocation of malicious node identity, i.e. K is examined as independent review side by retrieval alliance's chain Node member's malicious act, once malicious act is confirmed, announce malicious node identity and its key.

It is apparent to one skilled in the art to the application of design method of the invention, modifications and variations 's.As described above, according to the present invention, since elliptic curve cryptography signature is few highly-safe, it is distributed to be suitable for alliance's chain The encryption of dynamic network, in addition cipher mode when the key updating of the corresponding design of the present invention and network dynamic change, realizes this hair The effect of the practical operation of bright above description design.

The above-mentioned description to embodiment is for that can understand and apply the invention convenient for those skilled in the art. Person skilled in the art obviously easily can make various modifications to above-described embodiment, and described herein general Principle is applied in other embodiments without having to go through creative labor.Therefore, the present invention is not limited to the above embodiments, ability Field technique personnel announcement according to the present invention, the improvement made for the present invention and modification all should be in protection scope of the present invention Within.