CN-121125182-B - Multi-exchange assisted data batch escrow transaction method and system

Abstract

The invention discloses a data batch escrow transaction method and system assisted by a plurality of exchanges, the method comprises the steps that a data owner encrypts a plurality of data with the assistance of a multi-exchange and uploads the encrypted data to a cloud server for storage. The data owner synthesizes a plurality of ciphertexts into corresponding global signatures with the assistance of a plurality of exchanges and uploads the global signatures to the cloud server for storage. The buyer obtains a subset signature for the corresponding subset of data based on the global and verifies the signature. The buyer decrypts the target data ciphertext under the assistance of the multi-exchange to obtain the data plaintext. The method is characterized in that the transaction is managed in batches by data assisted by a plurality of exchanges, the data owner can generate an encryption key and a data authentication signature under the assistance of the exchanges, confidentiality of data on unauthorized entities such as the exchanges, cloud servers and buyers and authenticability of data on authorized buyers are ensured, and data to be sold of the data owner is encrypted and signed in batches under the assistance of the exchanges, so that calculation and communication efficiency is improved.

Inventors

• ZHANG YUAN
• HE XINYU
• WANG YALI

Assignees

• 电子科技大学

Dates

Publication Date

20260512

Application Date

20250820

Claims (10)

1. 1. A multi-exchange assisted data batch escrow transaction method, comprising: The data owner sends a plurality of data groups to each exchange; the data owner calculates a first group key according to a plurality of first key fragments to encrypt each data to obtain a plurality of ciphertexts; the data owner uploads the plurality of ciphertext to a cloud server; The data owner sends the plurality of ciphertext to each exchange, the exchange calculates corresponding signature fragments according to the plurality of ciphertext, and the exchange sends the signature fragments back to the data owner; The data owner uploads the global signature to a cloud server; the buyer downloads the ciphertext of the target data subset and the global signature from the cloud server, derives a subset signature corresponding to the target data subset based on the global signature, verifies the subset signature according to the global signature, and determines that the transaction can be carried out if the verification is passed, or aborts the protocol.
2. 2. The multi-exchange-assisted data batch escrow transaction method of claim 1, further comprising: generating a system public parameter PP according to the security parameter: wherein G 1 、G 2 is the p-order addition cyclic group of points on the elliptic curve, G, Respectively, G 1 、G 2 , Z p = {0,1,2,..p-1 is an integer ring modulo p, e is bilinear map G 1 ×G 2 →G T ;H、H 1 and H 2 is three hash functions ,H:{0,1} * ×{0,1} * →G 1 ,H 0 :{0,1} * →G 1 ,H 2 :{0,1} * →G 2 ;PRG(·):G T →Z p are pseudo-random number generators, n is the number of exchanges, and t is the threshold for Shamir secret sharing.
3. 3. The multi-exchange-assisted data batch escrow transaction method of claim 1 or 2 wherein a plurality of exchanges use Shamir secret sharing techniques to jointly generate a set of symmetric keys, a set of private keys, and a set of public keys, wherein each exchange holds a symmetric key fragment, a private key fragment, and a public key fragment.
4. 4. The multi-exchange-assisted data batch escrow transaction method of claim 1, wherein the data owner sending a plurality of data groups to each exchange comprises: the data owner selects a random number and generates a group commitment, a unique commitment vector, and a commitment open vector for the plurality of data, and then sends a triplet request packet to the exchange, the triplet request packet including the group commitment, ID information of the data owner, and an accompanying instruction identifier.
5. 5. The multi-exchange-assisted data bulk escrow transaction method of claim 4, wherein the exchange bulk encrypts the plurality of data and sends back a first key fragment comprising: Each exchange verifies the ID information of the data owner, if verification is passed, the first key fragments of each data are calculated, and then the plurality of first key fragments are sent back to the data owner.
6. 6. The multi-exchange-assisted data bulk escrow transaction method of claim 1, wherein the data owner computing a first group key from a number of first key fragments to encrypt each piece of data to obtain a plurality of ciphertext comprises: After receiving at least t first key fragments of a threshold value, a data owner calculates to obtain a first group key, and according to the first group key, the data owner generates a data key for each data and encrypts the data piece by piece to obtain a plurality of ciphertext.
7. 7. The multi-exchange-assisted data bulk escrow transaction method of claim 2, wherein the buyer converting the subset signature corresponding to the target subset of data based on the global signature comprises: the buyer downloads the ciphertext of the target subset and the global signature from the cloud server, and derives a subset signature corresponding to the target data subset from the global signature based on the ciphertext of the target subset and the public key fragment.
8. 8. The multi-exchange-assisted data batch escrow transaction method of claim 7, wherein the public key is Each exchange has a symmetric key fragment sk i and a private key fragment Public key slicing Let the non-target subset be Defining public key shards on non-target subsets as Defining public key shards on a target subset as Verifying the buyer with the subset signature from the global signature includes: Buyer verification And Whether the two equations are satisfied, if so, the verification is passed, wherein, Is the master public key and is used to store the data, The four components of the ith signature fragment, respectively.
9. 9. The multi-exchange-assisted data batch escrow transaction method of claim 1, further comprising: After verification, the buyer sends each ciphertext of the target data subset to each exchange, each exchange verifies the identity of the buyer and sends the second key fragments back to the buyer, the buyer receives the second key fragments sent back by each exchange to calculate the second group key, and then decrypts the second group key to obtain the data plaintext.
10. 10. A multi-exchange assisted data batch escrow transaction device for implementing the multi-exchange assisted data batch escrow transaction method of any one of claims 1-9, comprising: The first terminal is at least used for executing the steps that a data owner sends a plurality of data groups to each exchange, the data owner calculates a first group key according to a plurality of first key fragments to encrypt each data to obtain a plurality of ciphertexts, and the data owner uploads the plurality of ciphertexts to a cloud server; The buyer terminal is at least used for executing the steps that the buyer downloads the ciphertext of the target data subset and the global signature from the cloud server, the buyer obtains the subset signature corresponding to the target data subset based on global signature conversion, the buyer verifies the subset signature according to the global signature, if the buyer passes the verification, the buyer is determined to be capable of trading, and otherwise, the buyer stops the protocol; The exchange server is communicated with the first terminal and the buyer terminal and is at least used for executing the steps that the exchange server encrypts a plurality of data in batches and then sends back a first key fragment; And the cloud server is communicated with at least the first terminal and the buyer terminal.

Description

Multi-exchange assisted data batch escrow transaction method and system Technical Field The invention relates to the technical field of information security, in particular to a data batch escrow transaction method assisted by a multi-exchange. Background In the prior art, on-site data transactions (Exchange-ASSISTED DATA TRADING, EADT) are a key mode of releasing the value of data elements. The current mainstream EADT relies on a single exchange as an intermediary, raw data is delivered to the exchange through a data owner, the exchange processes and generates a data product and then hosts the data product to a cloud server, and a buyer purchases access rights through the exchange. However, this method of on-site data transaction based on a single exchange has a number of drawbacks, including at least the following two aspects: in the first aspect, the data owners need to interact with the exchange one by one, so that the efficiency of data batch hosting transaction is low, and with the increase of cross-domain data fusion requirements (such as medical-financial joint modeling), the traditional mode has difficulty in meeting the requirement of multiple data. In a second aspect, there is a security risk that a single transaction may conduct an on-site data transaction, the exchange or cloud server may steal unauthorized data content to gain benefit, and the data owner or exchange may put on shelf unauthorized illegal data to cause malicious information to propagate. Thus, despite the strict policy as a passive measure of protection of interests and privacy, data owners and buyers are still concerned that privacy is violated, as transactions are controlled by exchanges and cloud servers. Disclosure of Invention The invention aims to overcome the defects of the prior art, provides a multi-exchange assisted data batch escrow transaction method and a system, and provides a batch escrow transaction method to replace a single exchange transaction method in the prior art so as to avoid various defects of the traditional method. The aim of the invention is realized by the following technical scheme: The application discloses a data batch escrow transaction method assisted by a multi-exchange, which comprises the steps that a data owner sends a plurality of data groups to each exchange, the exchanges send the data back to a first key fragment after encrypting the data groups in batches, the data owner calculates a first group key according to a plurality of first key fragments to encrypt the data groups to obtain a plurality of ciphers, the data owner uploads the ciphers to a cloud server, the data owner sends the ciphers to each exchange, the exchanges calculate corresponding signature fragments according to the ciphers, the exchanges send the signature fragments back to the data owner, the data owner generates a global signature according to the signature fragments, the data owner uploads the global signature to the cloud server, a buyer downloads the ciphers of a target data subset and the global signature from the cloud server, the buyer obtains a subset signature corresponding to the target data subset based on the global signature, the buyer verifies the signature and the subset according to the global signature, and if the signature passes verification of the subset, the transaction can be confirmed as the transaction is stopped, and otherwise, the transaction can be confirmed as the transaction is stopped. The method has the advantages that through completing the transaction of the target data set, the data assisted by the multi-exchange in the process hosts the transaction in batches, the data owner can generate the encryption key and the data authentication signature under the assistance of the exchange, the confidentiality of the data to unauthorized entities such as the exchange, the cloud server, the buyer and the like and the authenticability of the data to the authorized buyer are ensured, the data to be sold of the data owner is encrypted and signed in batches under the assistance of the exchange, the calculation and communication efficiency is improved, and meanwhile, the single-point fault problem of the server is avoided. The data storage is outsourced to the cloud server, the delivery of the data decryption key is managed to the multi-exchange, after the data ciphertext and the signature are generated and uploaded, the data owner does not need to be kept on line, full-right management is achieved, the exchange is a light node, and all the data ciphertext and the signature for sale are stored at the cloud server. Further, the method comprises the steps of generating a system public parameter PP according to the security parameter: wherein G 1、G2 is the p-order addition cyclic group of points on the elliptic curve, G, Respectively, G 1、G2, Z p = {0,1,2,..p-1 is an integer ring modulo p, e is bilinear map G 1×G2→GT;H、H1 and H 2 is three hash functions ,H:{0,1}*×{0,1}*→G1,H0:{0,1}*→G1,H2:{0,1}*→G2;PRG