CN-121984765-A - Safe and reliable message encryption communication system based on blockchain network

Abstract

This application discloses a secure and trustworthy message encryption communication system based on blockchain networks, belonging to the field of blockchain technology. The technical solution includes a smart contract layer, an encrypted communication layer, a privacy protection layer, and a certificate audit layer. This application has the ability to implement decentralized identity authentication based on smart contracts, provide end-to-end secure encrypted communication, ensure the trustworthiness of messages, protect user communication privacy, support flexible permission management, and achieve the effect of message tampering prevention and traceability.

Inventors

• WU YAOLONG
• YE ZHENQIANG

Assignees

• 厦门慢雾科技有限公司

Dates

Publication Date

20260505

Application Date

20260210

Claims (10)

1. 1. A secure and trusted message encryption communication system based on a blockchain network is characterized by comprising an intelligent contract layer, an encryption communication layer, a privacy protection layer and a certificate storage audit layer, wherein the layers cooperatively realize the message encryption communication with decentralization and security and reliability, The intelligent contract layer is deployed in the blockchain network and comprises an identity management contract, a message storage contract, a right management contract and a key management contract, wherein the identity management contract is used for node identity authentication and authorization management, the message storage contract is used for message uplink memory card, the right management contract realizes fine-grained right configuration based on role-based access control (RBAC), and the key management contract is used for generation, distribution and dynamic update of session keys; The encryption communication layer comprises an asymmetric encryption module, a symmetric encryption module, a key exchange module and a digital signature module, wherein the asymmetric encryption module is used for encrypting and transmitting a session key, the symmetric encryption module adopts an AES encryption algorithm to encrypt message contents, the key exchange module realizes secure key exchange based on a Diffie-Hellman protocol, and the digital signature module is used for carrying out signature verification on a sent message; The privacy protection layer comprises a zero knowledge proof module, a ring signature module and an confusion network module, wherein the zero knowledge proof module is used for privacy protection in the identity verification process, the ring signature module is used for realizing anonymous communication, and the confusion network module is used for confusing a communication path; The evidence storage audit layer comprises a message Ha Xicun evidence unit, a time stamp service unit and an evidence chain management unit, wherein the message Ha Xicun evidence unit stores the hash value of the message content in a uplink manner, the time stamp service unit adds a time stamp to the message, and the evidence chain management unit carries out ordered management on the evidence storage information.
2. 2. The system of claim 1, wherein the identity authentication process of the identity management contract comprises submitting the identity information to the blockchain network, verifying the authenticity of the identity information by the identity management contract through a zero knowledge proof module, generating a unique de-centralized identity identifier (DID) after the verification is passed, and storing the mapping relationship between the identity information and the DID in a uplink manner.
3. 3. The system of claim 1, wherein the key exchange module generates a temporary key pair based on Diffie-Hellman protocol, encrypts a transmission public key through an asymmetric encryption module, and records the generation time, validity period and associated node information of the session key by the key management contract after the two parties negotiate to generate the session key, and automatically triggers an update mechanism when the validity period of the session key expires.
4. 4. The system of claim 1, wherein the rights management contract supports custom role configuration, a user can call and set message access rights of different roles through the intelligent contract, and a rights change record is uplink in real time, so that traceability of rights operation is ensured.
5. 5. The system for encrypted communication of secure and trusted messages based on blockchain network as recited in claim 1, wherein the anonymous communication of the ring signature module is implemented by a sender selecting public keys of a plurality of random nodes in the blockchain network to form a signature ring with its own public key, and sending the message after ring signature, wherein the receiver can only verify that the message comes from a node in the signature ring, and cannot determine the identity of a specific sender.
6. 6. The system of claim 1, wherein the message authentication process of the authentication and audit layer comprises the steps that after the message is sent, a message Ha Xicun authentication unit calculates a hash value of the message content, a timestamp service unit obtains the current blockchain block time as a timestamp, and an evidence chain management unit stores the message hash value, the timestamp, the sender DID, the receiver DID and the authority information in an associated mode to form a complete evidence chain.
7. 7. A method for secure trusted message encryption communication based on a blockchain network, characterized by applying the system of any one of claims 1-6, comprising the steps of: S1, identity registration and authentication, wherein a user submits identity information through an identity management contract, and generates a de-centralized identity identification (DID) after verification by a zero knowledge proof module to finish identity registration; S2, key negotiation and management, namely exchanging public keys by the two parties through a key exchange module based on a Diffie-Hellman protocol, negotiating to generate a session key, recording session key related information by a key management contract and realizing dynamic update; s3, encrypting and transmitting the message by a sender through an AES algorithm, signing the encrypted message through a digital signature module, processing the encrypted message through a ring signature module to realize anonymization, and transmitting the encrypted message to a receiver through an confusion network module; s4, message receiving and decrypting, namely, receiving the message by the receiver through the confusion network module, after verifying the validity of the digital signature, decrypting the message content by using the session key S5, message evidence and audit, wherein an evidence audit layer links the message hash value, the timestamp, the identity information and the authority information into an evidence for evidence, so as to form a traceable evidence chain and support subsequent audit operation And S6, controlling the access authority of the receiver to the message according to the preset role authority by the authority management contract, and ensuring that the message is only checked by an authorized user.
8. 8. The method for securely trusted message encryption communication based on blockchain network of claim 7, wherein the identity authentication in step 1 further comprises the steps of periodically checking the validity of the user DID by an identity management contract, automatically triggering a permission freezing mechanism if the identity information is found to be abnormal, and uploading the abnormal record.
9. 9. The method of claim 7, wherein the message encryption process in step 3 further comprises performing secondary encryption on the sensitive message field by using an asymmetric encryption module, and the public key of the secondary encryption is obtained by the DID association of the receiver.
10. 10. The method for securely communicating messages with a trusted source based on a blockchain network of claim 7, wherein said evidence chain in step 5 further comprises a message sending status, a message receiving status, and a message decrypting status record, all of which are linked by a message storage contract to ensure tamper resistance.

Description

Safe and reliable message encryption communication system based on blockchain network Technical Field The application relates to the technical field of blockchain, in particular to a secure and trusted message encryption communication system based on a blockchain network. Background With the rapid development of blockchain technology, the application of decentralization has become the main stream of technological innovation gradually. Traditional communication systems rely on centralized servers, have single-point faults and risks of data leakage, and are difficult to ensure the safety and privacy of communication contents. Current common encryption communication techniques include: 1. Traditional centralized server mode, forwarding information through a central server, but with single point failure and trust problems. 2. Point-to-point (P2P) network communication is not centralised dependent, but authentication is vulnerable. 3. SSL/TLS encryption channel based on PKI system is widely used in network communication, but the key management is complex. 4. An end-to-end encryption (E2 EE) scheme can ensure the whole process encryption of information from sending to receiving, but has great dependence on node security. Although these schemes improve security to a certain extent, there are still drawbacks such as centralized risk, weak identity authentication, complex key management, and the like, and there is still a great room for improvement. Disclosure of Invention Aiming at the defects existing in the prior art, the invention aims to provide a safe and reliable message encryption communication system based on a blockchain network, which has the advantages of realizing the identification of the decentralised avatar based on intelligent contracts, providing the safe and encrypted communication from end to end, ensuring the reliable evidence and audit of the message, protecting the communication privacy of users, supporting flexible authority management and realizing the tamper resistance and tracing of the message. In order to achieve the aim, the invention provides the technical scheme that the safe and reliable message encryption communication system based on the blockchain network comprises an intelligent contract layer, an encryption communication layer, a privacy protection layer and a certificate storage audit layer, wherein the layers cooperatively realize the message encryption communication with decentralization and safety and reliability: The intelligent contract layer is deployed in the blockchain network and comprises an identity management contract, a message storage contract, a right management contract and a key management contract, wherein the identity management contract is used for node identity authentication and authorization management, the message storage contract is used for message uplink memory card, the right management contract realizes fine-grained right configuration based on role-based access control (RBAC), and the key management contract is used for generation, distribution and dynamic update of session keys; The encryption communication layer comprises an asymmetric encryption module, a symmetric encryption module, a key exchange module and a digital signature module; The asymmetric encryption module is used for encrypting and transmitting a session key, the symmetric encryption module encrypts the message content by adopting an AES encryption algorithm, the key exchange module realizes secure key exchange based on a Diffie-Hellman protocol, and the digital signature module is used for carrying out signature verification on a sent message; The privacy protection layer comprises a zero knowledge proof module, a ring signature module and an confusion network module, wherein the zero knowledge proof module is used for privacy protection in the identity verification process, the ring signature module is used for realizing anonymous communication, and the confusion network module is used for confusing a communication path; The evidence storage audit layer comprises a message Ha Xicun evidence unit, a time stamp service unit and an evidence chain management unit, wherein the message Ha Xicun evidence unit stores the hash value of the message content in a uplink manner, the time stamp service unit adds a time stamp to the message, and the evidence chain management unit carries out ordered management on the evidence storage information. The identity authentication process of the identity management contract further preferably comprises the steps that a user submits identity information to a blockchain network, the identity management contract verifies the authenticity of the identity information through a zero knowledge proof module, a unique decentralised identity identifier (DID) is generated after verification is passed, and the mapping relation between the identity information and the DID is stored in a uplink mode. The invention further preferably includes a session key managemen