Search

CN-122001561-A - Electronic document encryption and decryption system, method, medium and equipment based on blockchain

CN122001561ACN 122001561 ACN122001561 ACN 122001561ACN-122001561-A

Abstract

The application provides an electronic document encryption and decryption system, method, medium and equipment based on a blockchain, wherein the system comprises a blockchain document tracing layer, an electronic document security layer and a security access and identity management layer, the blockchain document tracing layer is used for tracing the document of data uploading, the electronic document security layer comprises an uploading node processor and a downloading node processor, the uploading node processor is used for encrypting uploading data by using uploading data nodes, the downloading data nodes are used for decrypting the block data, the encryption and decryption process is processed by using a custom ciphertext policy attribute proxy encryption mechanism, and the security access and identity management layer is used for verifying the security attribute of the nodes and managing the security attribute. The application supports dynamic and fine granularity regulation and control of the access authority of the encrypted document while realizing traceability and tamper resistance of the whole link of the document flow, and comprehensively ensures the authenticity, privacy and controllable sharing of data.

Inventors

  • LIU YIN
  • ZHU JICHAO
  • Sha Kebin
  • LIU YUMING
  • CAI YONG
  • LIU HONGFENG

Assignees

  • 上海国际港务(集团)股份有限公司
  • 上海海勃数科技术有限公司

Dates

Publication Date
20260508
Application Date
20260407

Claims (10)

  1. 1. An electronic document encryption and decryption system based on a blockchain, which is characterized by comprising: a blockchain certificate tracing layer, an electronic document security layer and a secure access and identity management layer, wherein, The blockchain evidence accumulation tracing layer is used for tracing the evidence accumulation of data uploading; The electronic document security layer comprises an uploading node processor and a downloading node processor, wherein the uploading node processor is used for encrypting uploading data by using an uploading data node, the downloading node processor is used for decrypting block data by using a downloading data node, the encryption and decryption process is processed based on a self-defined ciphertext policy attribute proxy re-encryption mechanism, the ciphertext policy attribute proxy re-encryption mechanism comprises an encryption stage, in the encryption stage, when the uploading node uploads an encrypted electronic document to a storage system, a storage address corresponding to the electronic document is determined, and the storage address is combined with an encryption symmetric key to be packed into an index, and when the uploading node uploads the index to a block chain system, a consensus node is screened, and the consensus node and the uploading node are subjected to index consensus to generate a new block containing an encryption index; the security access and identity management layer is used for verifying and managing security attributes of the nodes.
  2. 2. The system of claim 1, wherein the system further comprises a decryption stage, wherein during the decryption stage, when the download node is to download new block data, the user attribute of the current download node is determined, the user attribute comprises an authorized user and an unauthorized user, wherein the authorized user directly decrypts the new block data, and the unauthorized user waits for the new block data to be decrypted after the new block data is re-encrypted.
  3. 3. The electronic document encryption and decryption system based on blockchain as in claim 1, wherein when the uploading node uploads the encrypted electronic document to the storage system, the storage address corresponding to the electronic document is determined, and the electronic document is packaged into an index based on the storage address in combination with the encryption symmetric key, and the system specifically comprises: The storage system comprises a IPFS system, an uploading node firstly encrypts an electronic document by using a symmetric key, and when the encrypted electronic document is stored in the IPFS system, the storage address is determined and comprises a IPFS address hash value; and carrying out attribute encryption on the symmetric key to obtain an encrypted symmetric key, and combining the encrypted symmetric key of the electronic document and the IPFS address hash value to obtain the index, wherein the IPFS address hash value is Wen Fang in the index.
  4. 4. The blockchain-based electronic document encryption and decryption system of claim 1, wherein after the uploading node uploads the index to the blockchain system, the node is screened out and the node is index-consensus-identified with the uploading node to generate a new block containing the encrypted index, and the method specifically comprises: When an uploading node uploads an index to a blockchain system, screening out consensus nodes, wherein all the consensus nodes rank the data streams of the uploading node consistently under the same view; the consensus node and the uploading node are subjected to index consensus, and the method specifically comprises a pre-preparation stage, a preparation stage and a submitting stage, wherein, In the PRE-preparation stage, the uploading node allocates corresponding numbers for ciphertext fragments of each index and broadcasts and verifies, wherein broadcast content comprises < < PRE-PREPARE, v, n, d >, CT >, verification content comprises whether ciphertext digests are consistent with index ciphertext content, view numbers, whether ciphertext fragment allocation numbers are within a preset range and whether other messages containing the same view numbers and ciphertext fragment allocation numbers but different index ciphertext content are not received by the current node, when verification is passed, the uploading node and the consensus node store the index ciphertext content locally and broadcast, and broadcast content comprises < PREPARE, v, n, d, i >, wherein v is the view number, n is the ciphertext fragment allocation number, d is the ciphertext digest, CT is the index ciphertext content, and i is the node number; In the preparation stage, verification is also performed, wherein verification contents comprise whether ciphertext digests are consistent with ciphertext digests in the pre-preparation stage, whether view numbers are consistent with ciphertext fragment allocation numbers in a preset range, after verification is passed, a current node i writes broadcasting contents of < PREPARE, v, n, d, i > into a log, and completes the preparation stage when receiving 2f preparation messages which come from different nodes and are consistent with the pre-preparation stage, wherein v is the view number, n is the ciphertext fragment allocation number, d is the ciphertext digest, i is the node number, and f is the number of fault nodes; In the submitting stage, all nodes broadcast < COMMIT, v, n, D (CT), i >, wherein v is a view number, n is a ciphertext fragment allocation number, CT is index ciphertext content, D (CT) is an index ciphertext content hash operation value, i is a node number, if the number of reply messages received by an uploading node reaches f+1, the success of consensus is indicated, a new block containing an encryption index is generated at the moment, and f is the number of fault nodes.
  5. 5. The blockchain-based electronic document encryption and decryption system according to claim 2, wherein when the downloading node is to download new block data, the system specifically comprises: Determining user attributes of the download node based on the set of attributes and the access result, the user attributes including authorized users, unauthorized users, and data owners, wherein, When the authorized user downloads the data in the new block, directly decrypting the index on the chain, and acquiring and decrypting the data from the storage system; The unauthorized user submits an access application to the data owner or the authorized manager, and after the application passes, the data owner or the authorized manager generates a re-encryption key, wherein the re-encryption key is related to the identity attribute of the unauthorized user, the re-encryption key is used for re-encrypting the encryption symmetric key, and after the encryption symmetric key is re-encrypted, the unauthorized user decrypts the index on the chain, and obtains and decrypts the data from the IPFS system.
  6. 6. A blockchain-based electronic document encryption method, which is applied to the uploading node processor in the blockchain-based electronic document encryption and decryption system of claim 1, the method comprising the following steps: Firstly encrypting an electronic document by using a symmetric key, uploading the encrypted electronic document to a IPFS system to obtain a IPFS address hash value of the electronic document, carrying out attribute encryption on the symmetric key to obtain an encrypted symmetric key, and packing the encrypted symmetric key into an index based on a storage address in combination with the encrypted symmetric key, wherein the index is obtained by combining the encrypted symmetric key of the electronic document and the IPFS address hash value, and the IPFS address hash value is Wen Fang in the index; Uploading indexes to a blockchain system, carrying out index consensus with consensus nodes to generate new blocks, wherein all the consensus nodes rank the data streams of uploading nodes consistently under the same view, the index consensus of the consensus nodes specifically comprises a PRE-preparation stage, a preparation stage and a submitting stage, in the PRE-preparation stage, corresponding numbers are allocated to ciphertext fragments of each index and broadcast and verification are carried out, wherein broadcast contents comprise < < PRE-PREPARE, v, n, D >, CT >, verification contents comprise ciphertext digests and index ciphertext contents are consistent, view numbers, ciphertext fragment allocation numbers are within a preset range, and the current node does not receive other messages containing the same view numbers and ciphertext fragment allocation numbers but different index ciphertext contents, after verification is passed, the preparation stage is entered, the uploading nodes and the consensus nodes store the index ciphertext contents to the local and broadcast, and the broadcast contents comprise < PRE, v, n, D, i >; in the preparation stage, verification is also carried out, the verification content comprises whether ciphertext abstracts are consistent with ciphertext abstracts in the preparation stage, whether view numbers are consistent with ciphertext fragment allocation numbers are within a preset range, after verification is passed, a current node i writes broadcasting content of < PREPARE, v, n, D, i > into a log, and completes the preparation stage when receiving 2f preparation messages which come from different nodes and are consistent with the preparation stage, in the submission stage, all nodes broadcast < COMMIT, v, n, D (CT), i >, if the number of reply messages received by a consensus node reaches f+1, the consensus is successful, a new block containing an encryption index is generated at the moment, wherein, v is the view number, n is the ciphertext fragment allocation number, D is the ciphertext digest, CT is the index ciphertext content, i is the node number, f is the number of fault nodes, and D (CT) is the index ciphertext content hash operation value.
  7. 7. A blockchain-based electronic document decryption method, which is applied to the download node processor in the blockchain-based electronic document encryption and decryption system of claim 1, the method comprising the following steps: Determining user attributes of the download node based on the set of attributes and the access result, the user attributes including authorized users, unauthorized users, and data owners, wherein, When the authorized user downloads the data in the new block, directly decrypting the index on the chain, and acquiring and decrypting the data from the IPFS system; The unauthorized user submits an access application to the data owner or the authorized manager, and after the application passes, the data owner or the authorized manager generates a re-encryption key, wherein the re-encryption key is related to the identity attribute of the unauthorized user, the re-encryption key is used for re-encrypting the encryption symmetric key, and after the encryption symmetric key is re-encrypted, the unauthorized user decrypts the index on a chain, and obtains and decrypts the data from the IPFS system.
  8. 8. A computer readable storage medium having stored thereon a computer program, which when executed by a processor, implements the blockchain-based electronic document encryption method of claim 6 and/or the blockchain-based electronic document decryption method of claim 7.
  9. 9. A computer program product comprising computer program code embodied therein, which when run on a computer causes the computer to implement the blockchain-based electronic document encryption method of claim 6 and/or the blockchain-based electronic document decryption method of claim 7.
  10. 10. An electronic device comprising a processor and a memory, wherein the memory is configured to store a computer program, and the processor is configured to execute the computer program stored in the memory, so that the electronic device performs the blockchain-based electronic document encryption method according to claim 6 and/or the blockchain-based electronic document decryption method according to claim 7.

Description

Electronic document encryption and decryption system, method, medium and equipment based on blockchain Technical Field The application belongs to the technical field of blockchains, and particularly relates to an electronic document encryption and decryption system, method, medium and equipment based on a blockchain. Background The port shipping logistics is used as a core link of international trade, and the business process covers tens of participation subjects such as shipcompanies, port operators, ship agents, freight agents, warehouse enterprises, customs clearance lines, inland carriers, and the like, and under the traditional operation mode, each party relies on paper documents (such as bill of lading, billboards, boxing sheets, bill of lading and the like) for information transmission and rights confirmation, so that the process is complicated, the efficiency is low, the cost is high, and mistakes are easy to occur. In recent years, although some enterprises try to introduce Electronic data interchange (EDI, electronic DATA INTERCHANGE) or self-built information systems to improve efficiency, these approaches are still weak in terms of trust mechanism and security, wherein a centralized document platform has a single point of failure risk, and data is managed by a single authority, which causes general concerns about data authenticity, integrity and privacy disclosure, and in addition, currently existing Electronic transmission approaches, such as FTP (FILE TRANSFER Protocol ), or HTTPS (Hypertext Transfer Protocol Secure, hypertext transfer security Protocol), have obvious disadvantages in terms of tamper resistance, repudiation resistance, fine-grained privacy protection, and the like. Disclosure of Invention In view of the above drawbacks of the prior art, the present application is directed to providing a blockchain-based electronic document encryption and decryption system, method, medium and device, which are used for solving the problems of high centralized storage risk, easy tampering, weak repudiation and insufficient privacy protection of the conventional protocol in the prior art. In a first aspect, the present application provides a blockchain-based electronic document encryption and decryption system, the system comprising: a blockchain certificate tracing layer, an electronic document security layer and a secure access and identity management layer, wherein, The blockchain evidence accumulation tracing layer is used for tracing the evidence accumulation of data uploading; The electronic document security layer comprises an uploading node processor and a downloading node processor, wherein the uploading node processor is used for encrypting uploading data by using an uploading data node, the downloading node processor is used for decrypting block data by using a downloading data node, the encryption and decryption process is processed based on a self-defined ciphertext policy attribute proxy re-encryption mechanism, the ciphertext policy attribute proxy re-encryption mechanism comprises an encryption stage, in the encryption stage, when the uploading node uploads an encrypted electronic document to a storage system, a storage address corresponding to the electronic document is determined, and the storage address is combined with an encryption symmetric key to be packed into an index, and when the uploading node uploads the index to a block chain system, a consensus node is screened, and the consensus node and the uploading node are subjected to index consensus to generate a new block containing an encryption index; the security access and identity management layer is used for verifying and managing security attributes of the nodes. In some embodiments of the first aspect of the present application, the encryption policy attribute proxy re-encryption mechanism based on the customization further includes a decryption stage, where, during the decryption stage, when the downloading node is to download the new block data, the user attribute of the current downloading node is determined, where the user attribute includes an authorized user and an unauthorized user, and the authorized user directly decrypts the new block data, and the unauthorized user waits for re-encryption of the new block data before decrypting the new block data. In some embodiments of the first aspect of the present application, when the uploading node uploads the encrypted electronic document to the storage system, determining a storage address corresponding to the electronic document, and packing the electronic document into an index based on the storage address in combination with the encryption symmetric key, specifically including: The storage system comprises a IPFS system, an uploading node firstly encrypts an electronic document by using a symmetric key, and when the encrypted electronic document is stored in the IPFS system, the storage address is determined and comprises a IPFS address hash value; and carrying