[go: up one dir, main page]

CN108880795A - A kind of block chain security mechanism and device - Google Patents

A kind of block chain security mechanism and device Download PDF

Info

Publication number
CN108880795A
CN108880795A CN201810651605.5A CN201810651605A CN108880795A CN 108880795 A CN108880795 A CN 108880795A CN 201810651605 A CN201810651605 A CN 201810651605A CN 108880795 A CN108880795 A CN 108880795A
Authority
CN
China
Prior art keywords
block
hash value
public key
chain
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810651605.5A
Other languages
Chinese (zh)
Inventor
方亚南
齐佳音
高睿泽
尚进
刘传高
陈文光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201810651605.5A priority Critical patent/CN108880795A/en
Publication of CN108880795A publication Critical patent/CN108880795A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention discloses a kind of novel block chain security authentication mechanism, the security mechanism recalled using needs, distorts so that block chain thoroughly be prevented to be had ultrahigh speed operational capability person or control the malice of 51% node person.In each block, while recording the HASH value C an of block and the encryption data C1 with the private key of N-K block to HASH value C;When examining this block, C1 is decrypted with the public key (being recorded in the N-K block) of N-K block, is compared with C, otherwise it is illegal block that the two, which unanimously confirms that this block is a legal block,.Additionally provide a kind of block chain safety device.

Description

A kind of block chain security mechanism and device
Technical field
The invention belongs to the technical fields of block chain, more particularly to a kind of block chain security mechanism, and use the machine The device of system.
Background technique
Currently, being linked between the block of all block chains with HASH value, if attacker wants to distort some block N's Content needs to recalculate the random number of this block N, and generates the new block N ' after distorting, then be with this new block N ' Starting point continues original chain to be substituted, if distorting until generating a new chain followed by modification (N+1, N+2 ...) to chain In the case that the operational capability of person is sufficiently large, it is possible to complete the modification of all subsequent blocks, and due to its new chain Length long enough, it is likely that received by all other blocks chain users as new legal chain, to achieve the purpose that distort.
If chain length total length is M, interpolater distorts since n-th block, then he needs to distort M-N+1 block.
In brief, current any block chain, as long as can be all able to achieve to chain from the supper-fast modification backward of some block Distort.
Summary of the invention
Technology of the invention solves the problems, such as:A kind of block chain security mechanism is overcome the deficiencies of the prior art and provide, benefit The security mechanism recalled with needs, so that block chain thoroughly be prevented to be had ultrahigh speed operational capability person either to control 51% The malice of node person is distorted.
The technical solution of the invention is as follows:This block chain security mechanism in each block, while recording one Encryption data C1 of the private key of the N-K block of HASH value C and use of block to HASH value C;When examining this block, use The public key decryptions C1 of N-K block, compares with C, and the two unanimously confirms that this block is that a substantially legal block (also needs In addition original block chain authentication mechanism), otherwise it is determined as illegal block.
The present invention without modification, has only been superimposed a new security strategy, each to the original security system of block chain History block (the N-K block) before block increase has recorded the public key of this block and uses a upper block cryptographic Hash The value that private key is encrypted, if it is desired to distort wherein some block in block chain, then must modify the chain by modification mesh Block, all blocks after it and all blocks before it are marked, needs is equivalent to and remodifies and establish entire chain. It could modify the security mechanism of either block in chain using needing to recall modification, and block chain is thoroughly prevented to be had ultrahigh speed It operational capability person or controls 51% malice of chain node person and distorts.
Additionally provide a kind of block chain safety device comprising logging modle, encrypting module, deciphering module, comparison module;
In each block, the HASH value that a upper block is recorded by logging modle is C, before being used by encrypting module The private key of some block obtains encryption data C1 to the HASH value C;When examining this block, with that block (N-K before Block) public key (being recorded in the N-K block) by deciphering module decrypt C1, compared by comparing module and C, two Person unanimously confirms that this block is a legal block, is otherwise illegal block.
Detailed description of the invention
Fig. 1 is the schematic diagram of block chain security mechanism according to the present invention.
Fig. 2 is the structure chart of traditional block chain.
Fig. 3 is block link composition of the present invention (by taking k=3 as an example).
Specific embodiment
As shown in Figure 1, this block chain security mechanism, in each block, while recording the HASH value an of block For C and with the private key of N-K block to the encryption data C1 of HASH value C;When examining this block, with the public affairs of N-K block Key (being recorded in the N-K block) decrypts C1, compares with C, the two unanimously confirms that this block is a legal block, no It is then illegal block
The present invention without modification, has only been superimposed a new security strategy, each to the original security system of block chain Block increases the value encrypted with private key an of public key and a cryptographic Hash, if it is desired to distort in block chain wherein some Block, it is necessary to all blocks of the chain are modified, entire chain is re-established, so it is using the security mechanism recalled of needs, from And block chain is thoroughly prevented to be had the malice of ultrahigh speed operational capability person to distort, also prevent the participation for controlling 51% node Person distorts chain.
To a block on modification chain, then the HASH value C of the block is caused to be changed, becomes C' and next C1 in block with the value after N-K block public key decryptions with regard to inconsistent, it is consistent to both make, must just find N-K The private key of a block again encrypts C', if the private key of N-K block can not be found, can not carry out encryption and obtain C'1, Block modification failure.Another amending method is also to change the public key of the N-K block, private key together, to give birth to again Current block is written at C' and C'1, but so, when modifying some block, must just recall modification, that is to say, that It to modify some block N, removes and needs to modify N, except N+1, N+2 ... block, it is necessary to N-K, N-K-1 ... 3 are modified, 2,1.In summary, core of the invention is, if it is desired to distort wherein some block in block chain, it is necessary to it is all to modify the chain Block, re-establish entire chain, it is clear that just lose completely to chain modification meaning and possibility, as long as backtracking modification More than certain citing (such as the 10th block of inverse before modification current block), then it will be found and be considered by all nodes Block chain is distorted, the case where 51% node of control puts to the vote and modifies block chain has also just been taken precautions against.
Preferably, this approach includes the following steps:
(1) each block is equipped with a public key and a private key, public key are recorded in the block;
(2) after block N is generated, when generating new block N+1, the HASH value B of block N is recorded, while using this HASH value The private key of N-K block is encrypted, and is obtained B1 and is recorded;The public affairs of data content and N+1 block that the needs of record N+1 block save Key;Calculate the random number of N+2 block;
(3) according to step (1), (2), next block is generated;
(4) checkout procedure of block legitimacy:Whether the inspection to N+1 block examines the HASH value of B and block N consistent, will Whether B1 obtains B2 with the public key decryptions of N-K block, and wherein K is the integer greater than 0 and less than N, examine B and B2 consistent;If no Unanimously, illustrate that block is tampered with.
That is, examining the authenticity of N+1 block, N should be used, it is also necessary to shifted on again the public key of the N-K block into Performing check.
Safety philosophy:
To distort the data of nth block, the HASH value (B) of new N block must be just recalculated.It also needs to regenerate new N The secret value (B1) of the HASH value of block, this just needs to use the private key of N-K block, needs to find the owner of N-K block, to his rope Private key is taken, this is with regard to difficult.If the private key is only abandoned with primary later, that can not just find and regenerate legal B1.
In order to regenerate legal B1, a method is to find the private key of N-K block, even if the people of N-K block is ready to cooperate The private key is provided, legal B1 can be generated, then, he just needs to modify N+1 block, then he needs to obtain the private of N-K+2 block again Key, and so on, unless he obtains N-K block, and N-K+1 block ..., until all private keys of N-1 block, can smoothly build Found new chain.Obvious difficulty is too big.As long as this K private key has one can not obtain, or can not give for change than abandoning, then repairing Change be cannot be successful.
Another way of interpolater does not remove the private key for obtaining N-K block exactly when distorting N block, but directly N-K block is modified, the private key of N-K block is directly changed, then being exactly backtracking modification, if modification N-K block, he be will be seen that, modify again N-K-K block continues backtracking modification ... .., it is clear that be the thing of an innumerable head.
In addition, any node, in spite of there is the new block for seeming legal, can be thought if discovery has backtracking to modify It is illegal modifications.That is, even if N-K block of modification can succeed, it will not be received by other nodes, also just cannot achieve The broadcast of chain after distorting can thus take precautions against controlling the user of 51% node and distort to chain.
For theoretically, the broadcast of chain can only broadcast several last blocks, old, " sizing " chain, be It does not need to re-broadcast.
If N-K node is ganged up between N number of node, respective private key is all provided, theoretically sees, is that can repair Change all nodes backward from N node, so K must be sufficiently large, can be set as needed its value, this value is bigger, collusion Possibility is fewer, but when generating block chain, the cooperation difficulty needed is also suitably increased, because generating N+1 block, needs The generator of nth block generates B value (the HASH value of nth block) and the generator of N-K block generates the (private of B value N-K block of B1 value Key encryption) and nth block public key, be put into togerther N+1 block.
Preferably, B is obtained with SHA256 algorithm in the step (2).
Preferably, K >=3 in the step (4).
Additionally provide a kind of block chain safety device comprising logging modle, encrypting module, deciphering module, comparison module;
It is C by the HASH value that logging modle records a upper block in each block, uses one by encrypting module The private key of a block obtains encryption data C1 to the HASH value C;When examining this block, pass through solution with the public key of a block Close module decrypts C1, compares by comparing module and C, the two unanimously confirms that this block is a legal block, otherwise For illegal block.
Preferably, the logging modle configures to record public key, the HASH value B, encryption data B1 of block N;The encryption Module configures to be encrypted to HASH value B with the private key of N-K block;The deciphering module is configured the B1 public affairs of N-K block Key is decrypted to obtain B2, and wherein K is the integer greater than 0 and less than N;The comparison module configures the HASH value to examine B Yu block N It is whether consistent, it examines B and B2 whether consistent, if inconsistent, illustrates that block is tampered with.
The above is only presently preferred embodiments of the present invention, is not intended to limit the present invention in any form, it is all according to According to technical spirit any simple modification, equivalent change and modification to the above embodiments of the invention, still belong to the present invention The protection scope of technical solution.

Claims (6)

1. a kind of block chain security mechanism, it is characterised in that:In each block, while the HASH value for recording N-K block is C With the encryption data C1 with the private key of N-K block to HASH value C;When examining this block, with the public key solution of N-K block Close C1, compares with C, otherwise it is illegal block that the two, which unanimously confirms that this block is a legal block,.
2. block chain security mechanism according to claim 1, it is characterised in that:This approach includes the following steps:
(1) each block is equipped with a public key and a private key, public key are recorded in the block;
(2) after block N is generated, when generating new block N+1, the HASH value B of block N is recorded, while to this HASH value N-K block Private key encrypted, obtain B1 and record;The public key of data content and N+1 block that the needs of record N+1 block save;Meter Calculate the random number of N+2 block;
(3) according to step (1), (2), next block is generated;
(4) checkout procedure of block legitimacy:Whether the inspection to N+1 block examines the HASH value of B and block N consistent, B1 is used Whether the public key decryptions of N-K block obtain B2, and wherein K is the integer greater than 0 and less than N, examine B and B2 consistent;If inconsistent, Illustrate that block is tampered with.
3. block chain security mechanism according to claim 2, it is characterised in that:SHA256 algorithm is used in the step (2) Obtain B.
4. block chain security mechanism according to claim 2, it is characterised in that:K >=3 in the step (4).
5. a kind of block chain safety device, it is characterised in that:It includes logging modle, encrypting module, deciphering module, compares mould Block;
It is C by the HASH value that logging modle records a upper block in each block, by encrypting module with N-K The private key of block obtains encryption data C1 to the HASH value C;When examining this block, pass through solution with the public key of the N-K block Close module decrypts C1, compares by comparing module and C, the two unanimously confirms that this block is a legal block, otherwise For illegal block.
6. block chain safety device according to claim 5, it is characterised in that:The logging modle configuration is to record block Public key, the HASH value B, encryption data B1 of N;The encrypting module configuration is to encrypt HASH value B with the private key of N-K block; B1 is obtained B2 with the public key decryptions of N-K block by the deciphering module configuration, and wherein K is the integer greater than 1 and less than N;Institute Comparison module configuration is stated to examine the HASH value of B and block N whether consistent, examines B and B2 whether consistent, if inconsistent, explanation Block is tampered with.
CN201810651605.5A 2018-06-22 2018-06-22 A kind of block chain security mechanism and device Pending CN108880795A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810651605.5A CN108880795A (en) 2018-06-22 2018-06-22 A kind of block chain security mechanism and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810651605.5A CN108880795A (en) 2018-06-22 2018-06-22 A kind of block chain security mechanism and device

Publications (1)

Publication Number Publication Date
CN108880795A true CN108880795A (en) 2018-11-23

Family

ID=64340856

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810651605.5A Pending CN108880795A (en) 2018-06-22 2018-06-22 A kind of block chain security mechanism and device

Country Status (1)

Country Link
CN (1) CN108880795A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110443073A (en) * 2019-07-31 2019-11-12 南瑞集团有限公司 A kind of anti-tamper date storage method, apparatus and system based on block chain
WO2021204181A1 (en) * 2020-04-09 2021-10-14 堡垒科技有限公司 Method and device for preventing forking of blockchain
US11580240B2 (en) 2020-03-24 2023-02-14 Kyndryl, Inc. Protecting sensitive data

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160330035A1 (en) * 2015-05-05 2016-11-10 ShoCard, Inc. User Identification Management System and Method
CN106789908A (en) * 2016-11-23 2017-05-31 江苏通付盾科技有限公司 Block common recognition method for building up and system in block chain
CN107005574A (en) * 2016-12-23 2017-08-01 深圳前海达闼云端智能科技有限公司 Block generation method and device and block chain network
CN107154850A (en) * 2017-05-17 2017-09-12 北京汇通金财信息科技有限公司 A kind of processing method and processing device of block chain data
CN107196966A (en) * 2017-07-05 2017-09-22 北京信任度科技有限公司 The identity identifying method and system of multi-party trust based on block chain
CN107659410A (en) * 2017-08-30 2018-02-02 湖南众享政联科技有限公司 Based on the anti-tamper official document transmission of block chain and storage method
CN107733651A (en) * 2017-09-11 2018-02-23 联动优势科技有限公司 A kind of block chain generation method, node and system
CN107994991A (en) * 2017-10-31 2018-05-04 深圳市轱辘车联数据技术有限公司 A kind of data processing method, data processing server and storage medium
CN108092982A (en) * 2017-12-22 2018-05-29 广东工业大学 A kind of date storage method and system based on alliance's chain

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160330035A1 (en) * 2015-05-05 2016-11-10 ShoCard, Inc. User Identification Management System and Method
CN106789908A (en) * 2016-11-23 2017-05-31 江苏通付盾科技有限公司 Block common recognition method for building up and system in block chain
CN107005574A (en) * 2016-12-23 2017-08-01 深圳前海达闼云端智能科技有限公司 Block generation method and device and block chain network
CN107154850A (en) * 2017-05-17 2017-09-12 北京汇通金财信息科技有限公司 A kind of processing method and processing device of block chain data
CN107196966A (en) * 2017-07-05 2017-09-22 北京信任度科技有限公司 The identity identifying method and system of multi-party trust based on block chain
CN107659410A (en) * 2017-08-30 2018-02-02 湖南众享政联科技有限公司 Based on the anti-tamper official document transmission of block chain and storage method
CN107733651A (en) * 2017-09-11 2018-02-23 联动优势科技有限公司 A kind of block chain generation method, node and system
CN107994991A (en) * 2017-10-31 2018-05-04 深圳市轱辘车联数据技术有限公司 A kind of data processing method, data processing server and storage medium
CN108092982A (en) * 2017-12-22 2018-05-29 广东工业大学 A kind of date storage method and system based on alliance's chain

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
邵奇峰等: "区块链技术:架构及进展", 《计算机学报》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110443073A (en) * 2019-07-31 2019-11-12 南瑞集团有限公司 A kind of anti-tamper date storage method, apparatus and system based on block chain
US11580240B2 (en) 2020-03-24 2023-02-14 Kyndryl, Inc. Protecting sensitive data
US12105823B2 (en) 2020-03-24 2024-10-01 Kyndryl, Inc. Protecting sensitive data
WO2021204181A1 (en) * 2020-04-09 2021-10-14 堡垒科技有限公司 Method and device for preventing forking of blockchain
US12254468B2 (en) 2020-04-09 2025-03-18 The Blockhouse Technology Limited Method and device for preventing forking of blockchain

Similar Documents

Publication Publication Date Title
US6278782B1 (en) Method of implementing a key recovery system
CN111464301B (en) Key management method and system
US8050405B2 (en) Shared key encryption using long keypads
US7634659B2 (en) Roaming hardware paired encryption key generation
US7457411B2 (en) Information security via dynamic encryption with hash function
CN108683510B (en) User identity updating method for encrypted transmission
US7860254B2 (en) Computer system security via dynamic encryption
CN112564906B (en) Block chain-based data security interaction method and system
JPH1041932A (en) Ciphering key recovery method and equipment
CN110427762B (en) Encryption and decryption method for realizing video security transmission of power monitoring system
CN110969431A (en) Safe trusteeship method, equipment and system of block chain digital currency private key
CN107534558B (en) Method for protecting the information security of data transmitted via a data bus and data bus system
CN110336673B (en) A privacy protection based blockchain design method
CN105162797A (en) Bidirectional authentication method based on video surveillance system
JP2022540653A (en) Data protection and recovery system and method
CN107749845A (en) The attack resistance method and system of CAN message based on block chain technology
CN108880795A (en) A kind of block chain security mechanism and device
US6370251B1 (en) Traffic key access method and terminal for secure communication without key escrow facility
US7376232B2 (en) Computer system security via dynamic encryption
CN103117850B (en) A kind of method for building up of the cryptographic system based on random sequence database
CN111131311A (en) Blockchain-based data transmission method and blockchain node
CN112039663B (en) Data transmission method and system
CN114189338A (en) SM9 secret key safety distribution and management system and method based on homomorphic encryption technology
JP2005012466A (en) Message authentication method and system
CN112653686A (en) CAN bus message authentication method based on MAC encryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181123