CN-121984658-A - Cross-chain data tracing method based on credibility value evaluation and CP-ABE

Abstract

A cross-chain data tracing method based on reputation value assessment and CP-ABE is characterized in that a framework structure of the cross-chain data tracing method is composed of a data owner DO, a data user DU, an initiating chain, a target chain, a cross-chain route, an intelligent contract and an authority attribute mechanism, the whole tracing process is achieved, the whole process from the uploading of DO encryption data to a block chain and a database to the final decryption of DU to obtain data meeting the conditions is completed, the reputation value mechanism is introduced to further standardize the authority of system members, the integrity of data which can be checked by a user is restrained through the reputation value, the instantaneity of reputation value grade is guaranteed through the intelligent contract, the ZKP is verified through zero knowledge of a plurality of fields, the rationality and the legality of the data are guaranteed, and the reputation value mechanism is tightly combined with a CP-ABE source tracing scene in a mode of embedding the reputation value judging mechanism into an access tree.

Inventors

• DONG ZHENJIANG
• HOU ZHEN
• HU XIAOXUAN
• QI JIN
• SUN YANFEI

Assignees

• 南京邮电大学

Dates

Publication Date

20260505

Application Date

20260209

Claims (5)

1. 1. A cross-chain data tracing method based on reputation value evaluation and CP-ABE is characterized by comprising the following steps: step 1, uploading data: the data owner DO generates a security level set before starting to upload data ; After generating data, DO encrypts the data by using a ciphertext-policy attribute-based encryption CP-ABE, uploads the encrypted data to a target chain which is a chain where the DO is located, sets an access policy for the target chain, encrypts the data according to the access policy, then generates a random number beta in a system, converts ciphertext into a binary format alpha, simultaneously generates public parameters g and h, and calculates Generating a corresponding zero knowledge proof ZKP, and storing the ZKP on a chain in an intelligent contract manner; Step 2, initiating a request: When a data user DU applies for data access, firstly decrypting an AES key by using an attribute of the data user DU, if the data user DU is a legal user, successfully decrypting the key, encrypting an initiator and a receiver required by the user by using the AES key, submitting the encrypted data to a cross-link gateway, forwarding the encrypted data to a corresponding target link by the cross-link gateway through a request, and inquiring data meeting the requirement from a database under the link after the target link acquires the data of the initiator and the transaction party encrypted by the AES; Step 3, responding to the request: After the target chain inquires the data, other verification nodes in the system can verify the authenticity and the integrity of the data based on the published zero knowledge proof ZKP and initiate credible evaluation to the target chain user, the intelligent contract aggregates the evaluation result and automatically executes credit value update, if the data verification is passed, the credit value of the user is increased and the data is returned to the DU, if the data is found to be tampered, the credit value of the data is deducted and the DO is notified to resubmit the data until the data is passed, after the ciphertext is returned to the DU, the DU uses an attribute private key of the DU to decrypt to obtain plaintext, the whole-flow user behavior is continuously monitored in the flow, and once malicious operation is detected, a credit value punishment mechanism is automatically triggered, so that dynamic constraint on the node behavior is realized.
2. 2. The method for tracing the cross-chain data based on the reputation value evaluation and the CP-ABE according to claim 1, wherein in step 1, the security level set is obtained Wherein each security level Only the different access security strengths are represented, between which a strict partial order relation is fulfilled: The system is for each security level , Internally maintaining a corresponding threshold value of continuous reputation value And managed by a system mapping function: Wherein the method comprises the steps of Is the reputation value space, i refers to all time in the last n events of the behavior, a mapping function Only maintained by the system, DO not disclose specific numerical values, only ensure the relative magnitude relation between the thresholds corresponding to different levels, namely: where j is a variable that is not equal to i, Indicating a security level while satisfying I.e. j has a security level greater than i, deducing The reputation value actually corresponding to Greater than The reputation value actually corresponding to 。
3. 3. The method for tracing cross-chain data based on reputation value evaluation and CP-ABE according to claim 2 is characterized in that in step 1, ZKP is stored on a chain to verify data correctness by adopting a mode of joint storage under the chain, encrypted data is stored under the chain, two index field initiator identifications and two index field receiver identifications are additionally introduced when ciphertext data are stored in order to support efficient retrieval of ciphertext, the two fields are encrypted by adopting an AES symmetric encryption algorithm, an AES master key for encryption is encrypted by adopting the CP-ABE algorithm, and the AES master key is encrypted and protected by adopting the CP-ABE algorithm, so that the encrypted AES key is decrypted and obtained only when the attribute of a visitor meets a predefined strategy of a system, namely, the visitor is verified to be a legal system member.
4. 4. The method of claim 3, wherein step 1 includes a data encryption stage, DO cannot directly specify a specific reputation threshold, but only a reputation level set provided from the system Selecting a desired grade And bind it to the corresponding node in the access tree And, in performing the encryption operation, according to the selected level Automatically analyzing to obtain a corresponding continuous reputation value threshold value: to achieve the reputation value determination described above, DO calculates the ciphertext component associated with the reputation value as follows when generating the ciphertext: Where G is the generator of the bilinear group G.
5. 5. The method for tracing cross-chain data based on reputation evaluation and CP-ABE according to claim 4, wherein in step 3, a public aggregation access tree is adopted and is divided into three layers, namely a basic access strategy, an industry layer and a specific enterprise layer, and a reputation judgment function f is embedded in a node of the specific enterprise layer ) Automatically executing f in the process of encryption and decryption ) As to whether the node is activatable to be embedded in the tree; when the user tries to decrypt the data, after the DU meets all the requirements of DO for removing the reputation value, the reputation value judgment, namely the function f is carried out ) Detection, first deriving its reputation value from the user's key SK After that, calculation: Wherein the method comprises the steps of For decrypting the private key component generated by the user based on the reputation value thereof and used for reputation value determination, G is the generator of the linear group G, and then the reputation value determination function in the access tree node is calculated: Wherein the method comprises the steps of A specific reputation value of the security level set for DO, Representing the reputation value of the decrypting user, and finally judging: I.e., discrete boolean values are used to determine a continuous reputation value problem, where e () represents a bilinear operation.

Description

Cross-chain data tracing method based on credibility value evaluation and CP-ABE Technical Field The invention belongs to the technical field of blockchains, and particularly relates to a cross-chain data tracing method based on credibility value evaluation and CP-ABE. Background Based on the decentralization, transparency and non-tamperability characteristics of the blockchain, the technology has wide application potential in various fields, and particularly has outstanding data tracing aspects. The block chain tracing technology can effectively record and trace the circulation path of products, funds or data, and ensure that the data of each link is traceable and can not be tampered, thereby improving the transparency and the safety of scenes such as supply chain management, product authentication and the like. In the supply chain scene, the blockchain is widely applied to record the whole flow information from raw materials to finished products, and effectively prevent the circulation of counterfeit and inferior products. As the traceability system extends to the multi-chain collaborative scene, the cross-chain technology becomes a key for realizing the interconnection of data and assets. Currently, the chain crossing mechanism has evolved from early simple asset chain crossing to an infrastructure supporting trusted data exchange and complex business collaboration, reduces asset fragmentation risks through mechanisms such as shared ordering, promised delivery and the like, and optimizes transaction cost and privacy protection by means of various encryption technologies. However, the cross-link environment still faces challenges such as non-uniform identity among links and difficult behavior evaluation, so that the problem of 'data islanding' is not completely solved, and the global trusted intercommunication of the traceable system is restricted. In order to further enhance the privacy controllability of the traceability data, the ciphertext policy attribute-based encryption CP-ABE is introduced into a cross-chain traceability system to form a hybrid architecture of on-chain policy management and off-chain ciphertext storage, and fine-grained access control based on attributes is realized. Although the scheme can ensure confidentiality of data in cross-link forwarding, key problems exist in the aspects that firstly, data authenticity is achieved, malicious nodes can submit false information and cannot be obligated to follow up, secondly, a CP-ABE strategy is usually set statically, permission adjustment requirements required by dynamic change of node behaviors in a cross-link scene are difficult to adapt, and reliability and flexibility of a system are limited. Disclosure of Invention The invention provides a cross-chain data tracing method based on reputation value assessment and CP-ABE, which introduces a dynamic reputation value mechanism cooperated with the CP-ABE to restrict and excite node behaviors and break the limitation of static strategies. The system is internally provided with a plurality of security levels which can be selected by the encryptor, and the higher the security level selected by the encryptor is, the higher the credit value required by the decryptor is. The key innovation is that reputation evaluation and update logic is solidified into an automatically executed rule through an intelligent contract, so that the access authority of the node can be automatically adjusted in real time based on the verifiable on-chain behavior, and the fundamental transition of the access control strategy from static preset to dynamic response is realized. The aim is to construct a reputation evaluation system consistent with a cross-chain, support the hierarchical disclosure of dynamic data based on reputation, and finally comprehensively improve the credibility and adaptability of the cross-chain traceability system on the premise of guaranteeing privacy. A cross-chain data tracing method based on reputation value assessment and CP-ABE comprises the following steps: step 1, uploading data: the data owner DO generates a security level set before starting to upload data ; After generating data, DO encrypts the data by using a ciphertext-policy attribute-based encryption CP-ABE, uploads the encrypted data to a target chain which is a chain where the DO is located, sets an access policy for the target chain, encrypts the data according to the access policy, then generates a random number beta in a system, converts ciphertext into a binary format alpha, simultaneously generates public parameters g and h, and calculatesGenerating a corresponding zero knowledge proof ZKP, and storing the ZKP on a chain in an intelligent contract manner; Step 2, initiating a request: When a data user DU applies for data access, firstly decrypting an AES key by using an attribute of the data user DU, if the data user DU is a legal user, successfully decrypting the key, encrypting an initiator and a receiver required by th