In the manufacturing, pharmaceutical and other industries, there is a lot of sleeping data. Harnessing this data has the potential to drive technological innovation or decipher the life sciences. However, at the same time, these data involve business secrets and user privacy protection, and it has always been a difficult problem to achieve secure data sharing in an untrusted environment. Traditional centralized solutions have data leakage, data tampering, and difficulty in tracking and monitoring data whereabouts. Difficulty, etc. The data sharing scheme under the public key system has problems such as communication cost, high computational cost and poor practicability. Between the two extremes of data slumber and data abuse, can there be technical means to complete the authorization and secret sharing of data?
This article will discuss the integration scheme of blockchain technology and proxy re-encryption (PRE) technology. This scheme can use the technical capabilities provided by the middle party, but can avoid the middle party to obtain the plaintext of the data, and has achieved the safe sharing of data.
public key direct encryption
Let's first see if there is any easy way to share data directly. The following takes Alice (the data owner) sharing a file to Bob (the data receiver) as an example to illustrate the direct public key encryption method.
1. Alice uses Bob's public key to encrypt the file.
2. Share the data with Bob.
3. Bob decrypts the file and obtains the information.
This process is simple and straightforward, and this is the public key direct encryption method. But if faced with the situation of using the storage network for data sharing, is there any advantage to the direct public key encryption method?
Since the data is stored in the storage network, and her private key cannot be leaked, Alice needs to download the file first, decrypt it, re-encrypt it with Bob's public key, and upload it to the storage network, and then Bob can obtain the file from the storage network.
There is also a problem. If Alice wants to share the data with Alex one day, he needs to perform the above operation again.
Analyzing the above problem, we actually only use the storage function of the storage network, but not the computing function of the storage network. So "direct public key encryption" is a very unwieldy method.
Proxy Re-Encryption ( PRE )
The process of public key encryption is actually quite simple. In this process, the input is a file encrypted with Alice's public key, and the output is a file encrypted with Bob's public key. So can Alice do this without leaking her private key to the storage network?
In order to ensure the privacy and security of data during transmission and storage, we will encrypt the data with a randomly generated symmetric key through a symmetric key algorithm such as AES in the trusted area. Just as private keys are for digital assets, these symmetric keys are almost as valuable as the plaintext of the data.
How to manage these keys? This is reminiscent of a key management system (KMS). The term was coined because of Microsoft's License authorization system. Microsoft's KMS is a centralized key management solution. Microsoft's KMS server holds all keys to assist users in activating software issued by Microsoft on the client. Because the client side only needs one script to complete the activation, this method is very safe and efficient in large-scale deployment scenarios. However, the centralized key management system is obviously not suitable for the scenario of managing secret sharing, because the value of keys and data is related to the sovereign party of the data, not the provider of the technology.
These demands gave birth to the KMS scheme based on proxy re-encryption. Different from centralized KMS, PRE implements two encryption processes for the secret of the key itself, and provides the ability of KMS as the encryption proxy service of the middle party, but it does not have access to the key in the whole process.
In general, proxy re-encryption is an implementation of a cryptographic scheme based on a public key encryption system. Thanks to this scheme, the cryptographic proxy service can transfer keys from an entity corresponding to one public key to an entity corresponding to another public key without knowing the contents of the key.
We reintroduce Alice and Bob, two classic cryptographic roles, to illustrate the principle of this process.
Alice : The owner of the data.
Bob : The consumer of the data.
Proxy : The ignorant proxy encryption intermediary.
1. Alice uses her public key pkA to encrypt the key (m) that needs to be shared. We know that the encrypted result cA can only be decrypted by Alice's private key skA; this encryption operation can be performed by any Alice's trusted device. Finish;
cA=pkA(m)
2. Alice is going to authorize this key (m) to Bob, of course, her intention is to authorize Bob to access the data corresponding to the key. Alice uses Bob's public key and her own private key to create a re-encryption key (rkA→B). The generation of rkA→B is a one-way process, and the part of skA cannot be known:
rkA → B = rekey (skA, pkB)
3. Proxy encryption The intermediate party Proxy has obtained Alice's encrypted key ciphertext cA and re-encryption key rkA→B. The only thing that can be done is to encrypt again and produce cB:
cB = reencrypt(rkA→B,cA)
4. Bob gets cB and can use his private key skB to receive the key (m) shared by Alice:
m=skB(cB)
Here is a more detailed algorithm process:
Of course, negotiated calculations between the two parties can also be used to transmit keys. But the advantage of proxy re-encryption is that it is not 1-to-1, it is N-to-N; and it is based on non-interaction and does not require participants to be online at the same time.
To sum up, proxy re-encryption is a key conversion algorithm that can convert the ciphertext encrypted by the public key of the data owner (authorizer) into another ciphertext, and the converted ciphertext can be used by the data user ( Authorized person) private key to decrypt. The ciphertext conversion process is performed by a semi-trusted proxy server. Before executing the process, the proxy node needs to hold a conversion key from the authorizer to the authorized person. Generally, the authorizer generates and sends it to the proxy in advance. node. The ciphertext cannot be directly parsed by converting the key, and the authorized person's private key is required to decrypt it, so the proxy node cannot obtain the plaintext information.
PRE + PlatONE
The proxy re-encryption node is relatively centralized. If it is used in a trustless decentralized scenario, the risk of the node doing evil needs to be considered. Even using the key to shard to multiple nodes can only reduce the possibility of the node doing evil. Use blockchain smart contracts to manage nodes, and formulate corresponding reward and punishment measures to punish malicious nodes. At the same time, the blockchain can also store the hash value of private data to ensure the consistency of data stored in the cloud.
After joining the blockchain, there are many ways in terms of reward and punishment mechanism. For example, before a node becomes a proxy node, it needs to pledge a certain Token in the blockchain to register as a node; the token is unfrozen after the node is unregistered, and a certain Token will be deducted when the node is malicious; the node earns money through normal key conversion A certain reward; if the entrustee fails to decrypt after applying for re-encryption through the node, he can check whether the node is evil through the smart contract, and if so, deduct a certain amount of tokens from the evil node as a punishment
Therefore, on the basis of PRE, we introduce the PlatONE alliance chain, use the chain's account system, establish the data sovereign party through the chain's certificate storage ability, and then realize the data market through Token economics.
PlatONE is a consortium chain that supports privacy computing, and it is used as a support for the PRE solution, mainly because PlatONE has a complete enterprise-level authority management mechanism, which can realize multi-level and multi-dimensional control of data sovereignty; it supports the CA certificate mechanism, which can Realize the level-by-level authorization of data sovereignty. In addition, PlatONE supports a variety of privacy-preserving cryptographic algorithms such as homomorphic encryption and zero-knowledge proof, which can solve the problem of leakage of sensitive information such as identities of both parties during the data authorization process.
We know that the account mechanism of the blockchain is also based on the public key cryptosystem. The account address is actually calculated from the public key. The public keys of Alice and Bob can be associated with the account addresses on PlatONE.
Before the data is secretly shared, Alice can hash the data content and form an information set with the data overview, sovereign information, the actual storage location of the data, and the charging rules for data usage. Alice signs this information set with her private key and sends it to a smart contract on PlatONE that establishes data sovereignty.
Alice 's authorization mechanism for data access is also implemented through smart contracts. In this way, before authorizing, Alice can ask Bob for the usage fee of the last data.
Application prospect
Take the medical and health data in real life as an example. These data are private data for individuals, such as case information, physical examination results, etc. These information are generally stored in the database of medical institutions, and users do not have the ownership of their own medical and health data. If the institution shares the data with some other research institutions, pharmaceutical companies, etc., it will leak the user's personal privacy.
Combined with the consortium chain platform PlatONE+ proxy re-encryption, the user's personal health data can be encrypted and stored on the chain or on the server of a medical institution, and the key is kept by the user himself. If there are other research institutions or pharmaceutical companies that need the user's health data for research, the user can use the proxy re-encryption + blockchain solution to share it with the corresponding institutions and companies after the evaluation, and get a certain amount of remuneration. In this way, the ownership of the user's own medical and health data is in his own hands, and since it is stored encrypted, there is no need to worry about revealing personal privacy. At the same time, the immutability of the blockchain can also ensure the authenticity of the data.