CN-121984744-A - Trusted digital certificate issuing method and system based on web3 information Internet

Abstract

The invention relates to the field of digital certificates, in particular to a method and a system for issuing a trusted digital certificate based on web3 information Internet, which are characterized by acquiring original certificate data in a preset period and determining a target blockchain network, acquiring a set of merkel root hashes of transactions to be confirmed and a specified length suffix of hashes of latest blocks from intelligent contracts and on-chain states in real time as a dynamic on-chain state entropy source, adaptively adjusting suffix digits according to a network communication delay maximum value, cutting the original certificate data into a plurality of data segments, dynamically determining encryption arrangement sequence based on the on-chain state entropy source, sequentially encrypting each data segment, generating an entropy source reading mode identifier, packaging and sending the entropy source and the encrypted data segments, and a receiving end re-acquiring the entropy source based on the reading mode identifier, restoring the encryption sequence, decrypting and recombining the data to restore the original certificate. The invention realizes the use of dynamic state entropy sources on the Web3 chain to enhance the unpredictability and the replay attack resistance of credential issuance, and improves the security of data transmission.

Inventors

• QIU YUXIA

Assignees

• 广州元沣智能科技有限公司

Dates

Publication Date

20260505

Application Date

20260129

Claims (10)

1. 1. A trusted digital voucher issuing method based on web3 information Internet is characterized by comprising the steps of acquiring original voucher data of a digital voucher to be issued in a preset period, determining a target blockchain network bound with the original voucher data, acquiring a dynamic on-chain state entropy source in a current period from the target blockchain network, wherein the on-chain state entropy source comprises a Merkel root hash of a set of transactions to be confirmed in the current period and a specified length suffix of a block hash generated most recently in the current period, cutting the original voucher data into a plurality of data segments based on the on-chain state entropy source, dynamically determining an encryption arrangement sequence for the plurality of data segments according to the on-chain state entropy source, sequentially conducting encryption processing on the data segments according to the encryption arrangement sequence, generating a reading mode identifier for indicating information required by acquiring the on-chain state entropy source, packaging the encrypted data segments and the reading mode identifier together into a transmission packet to be sent, acquiring the state entropy source from the target blockchain network based on the reading mode identifier, restoring the encrypted data according to the decryption arrangement sequence, and sequentially restoring the received data according to the encryption arrangement sequence; the number of digits of the suffix with the specified length is dynamically determined based on the maximum value of the network communication delay monitored when the original credential data is acquired.
2. 2. The web3 information internet-based trusted digital voucher issuing method of claim 1, wherein said determining a target blockchain network bound to said original voucher data comprises, Analyzing a blockchain network set declared in the identity mark according to the identity mark carried in the original credential data of the digital credential to be issued, and selecting one blockchain with the current network state meeting the declaration and the lowest state cost from the supported blockchain network sets according to the blockchain network set to serve as a target blockchain network.
3. 3. The method for issuing a trusted digital voucher based on the web3 information Internet as recited in claim 1, wherein obtaining a dynamic on-chain state entropy source for the current period comprises, The method comprises the steps of receiving a request for acquiring a target block chain network, sending a query to a node interface of the target block chain network to acquire a latest generated block hash in an entropy source acquisition window defined by the starting moment of the preset period and the network communication delay maximum value, acquiring all sets of transactions to be confirmed in the entropy source acquisition window from a public memory Chi Jiekou of the target block chain network, calculating a merkel root hash of the sets of transactions to be confirmed, determining the number of digital bits of a suffix with the specified length according to the network communication delay maximum value through a preset mapping table, intercepting the hash of a latest block according to the determined number of digital bits to obtain the suffix with the specified length, and splicing the suffix and the merkel root hash to jointly form a state entropy source on the chain.
4. 4. The web3 information internet-based trusted digital voucher issuing method of claim 1, wherein said cutting said original voucher data into data pieces based on said on-chain state entropy source comprises, And according to the cutting parameters, sequentially scanning and boundary dividing the original credential data into a plurality of data segments with the number of the data segments, wherein the actual length of each data segment is adjusted within the allowable floating range of the proposed length so as to ensure that all the original credential data are completely divided and no data is lost.
5. 5. The method for issuing a trusted digital voucher based on the web3 information Internet as recited in claim 1, wherein said dynamically determining an encryption ranking order for said plurality of data segments based on said on-chain state entropy source comprises, The method comprises the steps of constructing a chain state entropy source, carrying out hash operation on the chain state entropy source to obtain an entropy value sequence for sorting, calculating a corresponding sorting index value for each data segment based on the entropy value sequence, and determining a pseudo-random encryption arrangement sequence according to each sorting index value obtained through calculation.
6. 6. The web3 information internet-based trusted digital voucher issuing method of claim 5, wherein said computing a corresponding ranking index value for each of said data segments based on said sequence of entropy values comprises, Dividing the entropy value sequence into subsequences with the same number as the data segments; The values of the sub-sequences are mapped to an unoccupied sequential position to construct a ranking index value.
7. 7. The web3 information internet-based trusted digital voucher issuing method of claim 1, wherein said obtaining said on-chain state entropy source from said target blockchain network based on said read-way identification comprises, The method comprises the steps of analyzing a reading mode identifier, acquiring parameters which are contained in the reading mode identifier and are used for uniquely determining a state entropy source on a chain, wherein the parameters at least comprise a target block chain network identifier and a time range of an entropy source acquisition window, inquiring and acquiring block hashes generated in the entropy source acquisition window based on the time range of the entropy source acquisition window according to the target block chain network identifier which is connected to a corresponding block chain node, acquiring merkel root hashes of a set of transactions to be confirmed recorded in the time range of the entropy source acquisition window from the same block chain node, intercepting the acquired block hashes according to the number of the suffix with the specified length which is analyzed from the reading mode identifier, and splicing the prefix with the merkel root hashes after the specified length to restore the state entropy source on the chain.
8. 8. The method for issuing a trusted digital voucher based on the web3 information Internet according to claim 1, wherein restoring said encryption ranking order, sequentially decrypting each received encrypted data segment and reorganizing in the restored order to obtain said original voucher data includes, The encryption arrangement sequence is calculated again by adopting the same algorithm process as the transmitting end based on the re-acquired state entropy source on the chain, each encrypted data segment is decrypted in sequence according to the sequence indicated by the encryption arrangement sequence to obtain corresponding decrypted data segments, all the decrypted data segments are spliced and recombined according to the encryption arrangement sequence, and after the integrity of the recombined data is checked, the data is output as the original credential data.
9. 9. The method for issuing a trusted digital voucher based on the web3 information internet as claimed in claim 1, wherein said number of digits of said specified length suffix comprises, And according to the corresponding relation between the preset delay interval and the number of digits, obtaining the number of digits corresponding to the target delay interval as the number of digits of the suffix with the specified length.
10. 10. A system applying the web3 information Internet-based trusted digital voucher issuing method according to claim 1 to 9, comprising, The data acquisition and network determination module is used for acquiring original credential data of a digital credential to be issued in a preset period and determining a target blockchain network bound with the original credential data; The entropy source acquisition and processing module is connected to the data acquisition and network determination module and is used for acquiring a state entropy source on a dynamic chain in a current period from the target blockchain network and determining the number of digits of a block hash suffix in the state entropy source on the chain according to the monitored maximum value of network communication delay; The data cutting ordering and encrypting module is connected with the entropy source acquiring and processing module and is used for cutting the original credential data into data segments based on the on-chain state entropy source, dynamically determining the encryption ordering sequence, sequentially carrying out encryption processing on each data segment and generating a corresponding reading mode identifier; the transmission packaging module is connected with the data cutting ordering and encrypting module and is used for packaging the encrypted data segments, the reading mode identifiers and related metadata together into a transmission packet for transmission; The receiving decryption and recombination module is used for receiving the transmission packet, analyzing the reading mode identifier in the transmission packet, re-acquiring the state entropy source on the chain, restoring the encryption arrangement sequence, and sequentially completing the decryption and sequence recombination of the data segments so as to restore the original credential data.

Description

Trusted digital certificate issuing method and system based on web3 information Internet Technical Field The invention relates to the field of digital certificates, in particular to a method and a system for issuing a trusted digital certificate based on web3 information Internet. Background The digital certificate is used as a core component for identity authentication, asset validation and behavior authorization in the Web3 information Internet, and is widely applied to the scenes of decentralization finance, supply chain management on a chain, a distributed identity system and the like. CN111814129A provides a failure method, a verification method and a corresponding device of a digital certificate, wherein the failure method comprises the steps of firstly judging whether a first digital certificate is a digital certificate to be subjected to failure processing, if so, acquiring a first certificate identification of the first digital certificate, and sending a recording request to a node in a blockchain network so that the node records the first certificate identification on the blockchain. The verification method comprises the steps of obtaining a second certificate identifier of a second digital certificate to be verified, and sending a query request to a node in the blockchain network to enable the node to query whether the second certificate identifier is recorded in the blockchain. If the query result shows that the second credential identification is recorded in the blockchain, the second digital credential is determined to be a spent credential. However, the prior art has the following problems 1. In the prior art, the enhancement of the security of the credential issuing process by taking the dynamic state of the blockchain network as a high-strength entropy source is not considered, so that the credential encryption parameters are easy to predict or suffer from replay attack; 2. In the prior art, the risk of man-in-the-middle attack and data segmentation stealing is difficult to effectively defend, and the receiving end is difficult to timely verify the network security state and the data integrity at the time of issuing the certificate. Disclosure of Invention Therefore, the invention provides a trusted digital certificate issuing method and system based on web3 information Internet, which are used for solving the problems that in the prior art, the dynamic state of a blockchain network is not considered as a high-strength entropy source to enhance the security of a certificate issuing process, so that the certificate encryption parameters are easy to predict or suffer from replay attack, the risk of man-in-the-middle attack and data segmentation theft is difficult to effectively defend, and the network security state and the data integrity at the moment of certificate issuing are difficult to verify in time by a receiving end. In order to achieve the aim, the invention provides a trusted digital voucher issuing method based on web3 information Internet, which comprises the steps of acquiring original voucher data of a digital voucher to be issued in a preset period, and determining a target blockchain network bound with the original voucher data; the method comprises the steps of obtaining a dynamic on-chain state entropy source in a current period from a target blockchain network, wherein the on-chain state entropy source comprises a merkel root hash of a set of transactions to be confirmed in the current period and a specified length suffix of a block hash which is newly generated in the current period, cutting original credential data into a plurality of data segments based on the on-chain state entropy source, dynamically determining encryption arrangement sequences for the plurality of data segments according to the on-chain state entropy source, sequentially carrying out encryption processing on the data segments according to the encryption arrangement sequences to generate a reading mode identifier for indicating information required by obtaining the on-chain state entropy source, packaging the encrypted data segments and the reading mode identifier together into a transmission packet for transmission, obtaining the on-chain state entropy source from the target blockchain network based on the reading mode identifier, restoring the encryption arrangement sequences, sequentially decrypting the received encrypted data segments and recombining according to the restored sequences to obtain the original credential data; the number of digits of the suffix with the specified length is dynamically determined based on the maximum value of the network communication delay monitored when the original credential data is acquired. Further, the determining the target blockchain network to which the original credential data is bound includes, Analyzing a block chain network set declared in the identity mark according to the identity mark carried in the original credential data of the digital credential