A double-blind information distribution method, device and computer readable storage medium

By combining ring signature verification and elliptic curve cryptography, double-blind information distribution is achieved, solving the problem that user and system privacy information cannot be protected simultaneously in existing technologies, and ensuring the security and privacy of information distribution.

CN114448640BActive Publication Date: 2026-06-05SHENZHEN STORLEAD TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
SHENZHEN STORLEAD TECH CO LTD
Filing Date
2021-12-22
Publication Date
2026-06-05

AI Technical Summary

Technical Problem

Existing privacy data acquisition systems cannot simultaneously protect the privacy information of users and the system, posing security risks.

Method used

The system uses a ring signature verification function to verify user identity and generates a public key and ciphertext using elliptic curve cryptography to achieve double-blind information distribution.

Benefits of technology

This achieves a double-blind system for both users and the system, ensuring the security of privacy information, preventing the system from knowing the user's privacy information, and protecting the user's query behavior.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN114448640B_ABST
    Figure CN114448640B_ABST
Patent Text Reader

Abstract

According to the double-blind information distribution method, device and computer readable storage medium provided by the scheme, the client sends a privacy information request carrying a ring signature to the system server; the system server sends a random number set corresponding to the overall privacy information and a system public key to the client; the client generates an encryption ciphertext public key according to a target random number in the random number set and the system public key, and sends the encryption ciphertext public key to the system server; the system server generates an encryption function according to the encryption ciphertext public key, and sends an information ciphertext including the encryption function and the overall privacy information to the client; the client calculates a ciphertext decryption public key corresponding to the system public key and a preset user decryption private key through elliptic curve multiplication, and obtains the privacy information corresponding to the ciphertext decryption public key in the information ciphertext according to the ciphertext decryption public key. Through the implementation of the scheme, the system server and the client are double-blind, and the security of the user and system privacy information is ensured.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of network security technology, and in particular to a double-blind information distribution method, apparatus and computer-readable storage medium. Background Technology

[0002] With the implementation of the EU's General Data Protection Regulation (GDPR), the protection of privacy data has become increasingly important. For broader data sharing, most data on the internet is accessible to the general public, and the methods of data acquisition are open. However, for specific privacy data, data can only be accessed by a limited number of users. For example, to keep employee salaries confidential, employees can only view their own salaries and not those of other employees. Existing privacy data acquisition systems generally verify user identity and provide specific privacy information to specific users. This method effectively exposes the privacy information of the person querying the data, such as the user not wanting the system to know that they have queried salary information. Therefore, existing information acquisition solutions cannot simultaneously protect the privacy of both users and the system, posing a significant security risk in the internet age. Summary of the Invention

[0003] This application provides a double-blind information distribution method, apparatus, and computer-readable storage medium, which can at least solve the problem in related technologies that cannot simultaneously protect the privacy information of users and systems.

[0004] The first aspect of this application provides a double-blind information distribution method, applied to an information distribution system server, including:

[0005] When receiving a privacy information request sent by an information distribution client, the ring signature carried in the privacy information request is verified through a ring signature verification function;

[0006] If the ring signature verification passes, the user of the information distribution client is determined to be a legitimate user, and a set of random numbers corresponding to the overall privacy information and the system public key are sent to the information distribution client; wherein, the overall privacy information includes the privacy information of all ring members in the user ring;

[0007] The system receives an encrypted public key generated by the information distribution client based on a target random number from the random number set and the system public key; wherein the target random number is a random number corresponding to the target privacy information requested by the information distribution client.

[0008] An encryption function is generated based on the encrypted public key, and the encrypted information, including the encryption function and the overall privacy information, is sent to the information distribution client.

[0009] A second aspect of this application provides a double-blind information distribution method, applied to an information distribution client, comprising:

[0010] A ring signature is generated according to the ring signature function, and a privacy information request carrying the ring signature is sent to the information distribution system server.

[0011] The system receives a set of random numbers corresponding to the overall privacy information and the system public key sent by the information distribution system server when the ring signature verification is successful; wherein, the overall privacy information includes the privacy information of all ring members in the user ring;

[0012] An encrypted public key is generated based on a target random number from the set of random numbers and the system public key, and the encrypted public key is sent to the information distribution system server; wherein, the target random number is a random number corresponding to the target privacy information requested by the information distribution client, and the encrypted public key is used by the information distribution system server to generate the corresponding encryption function;

[0013] Receive encrypted information, including the encryption function and the overall privacy information, sent by the information distribution system server;

[0014] The ciphertext decryption public key corresponding to the system public key and the preset user decryption private key is calculated by elliptic curve multiplication. The privacy information corresponding to the ciphertext decryption public key in the ciphertext is obtained based on the ciphertext decryption public key.

[0015] A third aspect of this application provides a double-blind information distribution device, applied to an information distribution system server, comprising:

[0016] The verification module is used to verify the ring signature carried in the privacy information request by means of a ring signature verification function when receiving a privacy information request sent by the information distribution client.

[0017] The first sending module is configured to, if the ring signature verification passes, determine that the user of the information distribution client is a legitimate user, and send a set of random numbers corresponding to the overall privacy information and the system public key to the information distribution client; wherein, the overall privacy information includes the privacy information of all ring members in the user ring;

[0018] The first receiving module is configured to receive the encrypted public key generated by the information distribution client based on the target random number in the random number set and the system public key; wherein, the target random number is the random number corresponding to the target privacy information requested by the information distribution client;

[0019] The second sending module is used to generate an encryption function based on the encrypted public key and send encrypted information including the encryption function and the overall privacy information to the information distribution client.

[0020] A fourth aspect of this application provides a double-blind information distribution device, applied to an information distribution client, comprising:

[0021] The third sending module is used to generate a ring signature according to the ring signature function and send a privacy information request carrying the ring signature to the information distribution system server;

[0022] The second receiving module is used to receive the set of random numbers corresponding to the overall privacy information and the system public key sent by the information distribution system server when the ring signature verification is successful; wherein, the overall privacy information includes the privacy information of all ring members in the user ring;

[0023] The fourth sending module is used to generate an encrypted public key based on a target random number in the random number set and the system public key, and send the encrypted public key to the information distribution system server; wherein, the target random number is a random number corresponding to the target privacy information requested by the information distribution client, and the encrypted public key is used by the information distribution system server to generate a corresponding encryption function;

[0024] The third receiving module is used to receive encrypted information sent by the information distribution system server, including the encryption function and the overall privacy information;

[0025] The acquisition module is used to calculate the ciphertext decryption public key corresponding to the system public key and the preset user decryption private key through elliptic curve multiplication, and to obtain the privacy information in the ciphertext corresponding to the ciphertext decryption public key based on the ciphertext decryption public key.

[0026] The fifth aspect of this application provides an electronic device, including a memory and a processor, wherein the processor is configured to execute a first computer program or a second computer program stored in the memory. When the processor executes the first computer program, it implements the steps of the double-blind information distribution method provided in the first aspect of this application. When the processor executes the second computer program, it implements the steps of the double-blind information distribution method provided in the second aspect of this application.

[0027] A sixth aspect of this application provides a computer-readable storage medium storing a first computer program or a second computer program thereon. When the first computer program is executed by a processor, it implements the steps of the double-blind information distribution method provided in the first aspect of this application. When the second computer program is executed by a processor, it implements the steps of the double-blind information distribution method provided in the second aspect of this application.

[0028] As can be seen from the above, according to the double-blind information distribution method, apparatus, and computer-readable storage medium provided in this application, the client sends a request for privacy information carrying a ring signature to the system server; the system server sends a set of random numbers corresponding to the overall privacy information and the system public key to the client; the client generates an encrypted ciphertext public key based on the target random number in the random number set and the system public key, and sends the encrypted ciphertext public key to the system server; the system server generates an encryption function based on the encrypted ciphertext public key, and sends ciphertext containing the encryption function and the overall privacy information to the client; the client calculates the ciphertext decryption public key corresponding to the system public key and the preset user decryption private key using elliptic curve multiplication, and obtains the privacy information corresponding to the ciphertext decryption public key in the ciphertext based on the ciphertext decryption public key. Through the implementation of this application, double-blind operation is achieved between the system server and the client, ensuring the security of user and system privacy information. Attached Figure Description

[0029] Figure 1 A flowchart of a double-blind information distribution system provided in the first embodiment of this application;

[0030] Figure 2 A basic flowchart illustrating a double-blind information distribution method applied to the server side of an information distribution system, as provided in the first embodiment of this application;

[0031] Figure 3 A flowchart of the ring signature provided for the first embodiment of this application;

[0032] Figure 4 This is a basic flowchart illustrating the double-blind information distribution method applied to the information distribution client side provided in the first embodiment of this application.

[0033] Figure 5 This is a detailed flowchart illustrating the double-blind information distribution method applied to a double-blind information distribution system provided in the second embodiment of this application.

[0034] Figure 6 A schematic diagram of the program modules of a double-blind information distribution device applied to the server side of an information distribution system, as provided in the third embodiment of this application;

[0035] Figure 7A schematic diagram of the program modules of a double-blind information distribution device applied to the information distribution client side, provided in the third embodiment of this application;

[0036] Figure 8 This is a schematic diagram of the structure of an electronic device provided in the fourth embodiment of this application.

[0037] Specific implementation details

[0038] To make the inventive objectives, features, and advantages of this application more apparent and understandable, the technical solutions in the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only a part of the embodiments of this application, and not all of them. Based on the embodiments of this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.

[0039] To address the issue that related technologies cannot simultaneously protect the privacy information of both users and the system, based on... Figure 1 The first embodiment of this application provides a double-blind information distribution method, as shown in the double-blind information distribution process, applied to a binocular information distribution system, such as... Figure 2 This is a basic flowchart of the double-blind information distribution method provided in this embodiment. The double-blind information distribution method includes the following steps:

[0040] Step 201: When receiving a privacy information request sent by the information distribution client, verify the ring signature carried in the privacy information request through the ring signature verification function.

[0041] Specifically, in this embodiment, such as Figure 3 As shown, ring signatures are an anonymous signing technique. Ring signatures guarantee that the signature was made by one of the users in the ring, but cannot distinguish which specific user it was made by. All possible signers form a ring U = (U1, U2, ..., U...). n Each user in the ring has a public-private key pair (pk). i ,sk i ),i=1,2,...,n. Suppose U k (1≤k≤n) represents the actual signatory.

[0042] ring_sign():

[0043] Input: The information to be signed, m; the public keys U of all users in the ring; and the private key sk of the actual signer. k ;

[0044] Output: Actual signer U k The ring signature σ for message m, σ = ring_sign(m, pk1, pk2, ..., pkn ,sk k ).

[0045] When receiving a privacy information request from an information distribution client, the system server verifies the ring signature sent by the client. Using all users' public keys, it calls the ring signature verification function `ring_verify()` to check the result. If the result is 1, the user is a qualified user and can query the system's data; if the result is 0, the user is an illegitimate user and is not allowed to query the system. By verifying the user's legitimacy, the system confirms the user's legitimacy, but cannot obtain specific user information, thus verifying the user's identity while ensuring user privacy.

[0046] ring_verify():

[0047] Input: The signature pair (σ, m) to be verified, and the public keys of all members in the ring;

[0048] Output: Verification result, 1 indicates a valid signature, 0 indicates an invalid signature. 1or0 = ring_verify(m,σ,pk1,pk2,...,pk n ).

[0049] Step 202: If the ring signature verification is successful, the user of the information distribution client is determined to be a legitimate user, and a set of random numbers corresponding to the overall privacy information and the system public key are sent to the information distribution client.

[0050] Specifically, the overall privacy information includes the privacy information of all members in the user loop. This embodiment uses oblivious transfer (OT) technology for information distribution. The system server has a set of user privacy information to be obtained. Users need to find their corresponding privacy information from the system server. During the search process, users need to hide their query behavior so that the system can obtain the specific user information of the query data. The system must protect the privacy information of all users and can only provide users with the corresponding privacy information; other user information cannot be exposed. When the privacy information request sent by the client is verified, the system server generates a random number set of overall privacy information and the system public key, and sends them to the client.

[0051] Assume the privacy information of N users in the system server is x0, x1, ..., xn. N-1 The user needs to obtain the i-th piece of privacy information, where i∈{0,1,...,N-1}. The system selects an elliptic curve for encryption: y 2 =x 3 +ax+b(mod q), where a and b are parameters of the elliptic curve, and parameters a and b are numbers over a finite field, a,b∈F.q q is the modulus parameter of the elliptic curve, which is generally a very large integer. If (x, y) satisfies the equation of the elliptic curve (x, y) ∈ F... q ×F q If (x, y) is a point on the elliptic curve, then (x, y) is called a point on the elliptic curve.

[0052] Addition of elliptic curves: P = (x...) ... P ,y P ),Q=(x Q ,y Q Their addition is defined as P + Q = R, R = (x R ,y R ), where the formula for calculating the coordinates of R is:

[0053] x R =(m 2 -x P -x Q )mod q

[0054] y R =y P +m(x R -x Q )mod q

[0055] in,

[0056] Elliptic curve multiplication: Elliptic curve multiplication is achieved through addition. For example, to calculate the multiplication of a point g on an elliptic curve, we multiply it by a number r, convert r to a power of 2, and repeat this process. Elliptic curve multiplication is achieved through addition. For example, to calculate the elliptic curve multiplication g... 57 First, we use elliptic curve addition to calculate g. 2 =g + g,g 4 =g 2 +g 2 ,..,g 32 =g 16 +g 16 The sum of powers of 57 is 57 = 1 + 8 + 16 + 32, which is g 57 =g+g 8 +g 16 +g 32 .

[0057] Division on elliptic curves: Multiplication on elliptic curves is achieved through multiplication. An elliptic curve is defined over a finite field F. p p generally takes the value of a prime number. Therefore

[0058] In one optional implementation of this embodiment, the step of sending a set of random numbers corresponding to the overall privacy information and the system public key to the information distribution client includes: generating a set of random numbers corresponding to the overall privacy information and generating a system private key; calculating a system public key corresponding to the system private key using elliptic curve multiplication; and sending the set of random numbers and the system public key to the information distribution client.

[0059] Specifically, in this embodiment, the system server selects a base point g = (x, y) on the elliptic curve, and the system generates a random number r ∈ F. q As the private key, the system server computes the corresponding public key g using elliptic curve multiplication. r The system server generates N random numbers C0, C1, C2, ..., Cn. N-1 , where C i ∈F q The random number is a finite field F q A randomly selected integer. The system server then sends g... r ,C0,C1,C2,...,C N-1 Send it to the user. Although the public key g is sent... r The private key r is sent to the user in advance, but because calculating the discrete logarithm is difficult, the user still cannot know the specific value of r. The system stores the private key r and generates N random numbers C0, C1, C2, ..., C... N-1 and public key g r Send to the user.

[0060] Step 203: The receiving information distribution client generates an encrypted ciphertext public key based on the target random number in the random number set and the system public key;

[0061] Step 204: Generate an encryption function based on the public key of the encrypted ciphertext, and send the encrypted information, including the encryption function and overall privacy information, to the information distribution client.

[0062] Specifically, in this embodiment, the system server generates a corresponding encryption function based on the public key of the encrypted ciphertext sent by the client, and generates ciphertext using a hash function. There are N-1 encrypted ciphertexts E0, E1, E2, ..., E N-1 Corresponding to N user privacy information x0, x1, ..., x N-1 H is a hash function, and j represents a random number corresponding to the user's private information, which can be obtained using the SHA256 algorithm. This is an XOR operation. The system will perform a parsing operation on all ciphertexts E0, E1, E2, ..., E N-1 Send a random string R to the user.

[0063] In one optional implementation of this embodiment, the step of generating an encryption function based on the encrypted ciphertext public key includes: using the system private key and the encrypted ciphertext public key, calculating the system encrypted public key through elliptic curve multiplication; calculating the user decryption public key corresponding to the system encrypted public key through elliptic curve division; and performing a hash calculation on the user decryption public key to generate the encryption function.

[0064] Specifically, in this embodiment, the system first uses its private key r and the encrypted public key pk0 sent by the user to calculate the system's encrypted public key (pk0) using elliptic curve multiplication. r Subsequently, for 0 ≤ j ≤ N-1, the system uses elliptic curve division to calculate the user's decryption public key: (ph j ) r =(C j ) r / (pk0) r For each string j = 0, 1, 2, ..., N-1, the system server generates a random string R and uses hash calculation to generate an encryption function H((ph) corresponding to the user's decryption public key and the random string. j ) r ,R,j).

[0065] Correspondingly, such as Figure 1 As shown in the flowchart of the double-blind information distribution system, the first embodiment of the present invention also provides a double-blind information distribution method, applied to an information distribution client, such as... Figure 4 This is a basic flowchart of the double-blind information distribution method provided in this embodiment. The double-blind information distribution method includes the following steps:

[0066] Step 401: Generate a ring signature using the ring signature function and send a request for privacy information carrying the ring signature to the information distribution system server.

[0067] Specifically, in this embodiment, the client generates a ring signature corresponding to all users' public keys according to the ring signature function. The user's public key is the public key in a public-private key pair generated for each user. When a user needs to query the corresponding privacy information, the client sends a privacy information request containing the ring signature to the system server for verification.

[0068] In one optional implementation of this embodiment, the step of generating a ring signature according to the ring signature function includes: constructing a user ring among all legitimate users; publicly disclosing the public keys of legitimate users in the user ring; and generating a ring signature using the ring signature function based on the public keys of all legitimate users.

[0069] Specifically, in this embodiment, the system server selects qualified users, and all qualified users form a user ring. For example, in a payroll system, the system users are the company's employees; in an exam results query system, qualified users are all students who took the exam. Users need to publish their public keys in the system so that both users and the system can see the public keys of all users. This is beneficial for the system server to verify the ring signature in the privacy information request. By using the public keys of all users, the ring signature function ring_sign() is used to generate a ring signature σ, which helps the system server determine that the user is a legitimate user in the user ring when verifying the ring signature.

[0070] Step 402: When the loop signature verification of the information distribution system server is successful, a set of random numbers corresponding to the overall privacy information and the system public key are sent.

[0071] Step 403: Generate an encrypted public key based on the target random number in the random number set and the system public key, and send the encrypted public key to the information distribution system server.

[0072] Specifically, in this embodiment, the target random number is the random number corresponding to the target privacy information requested by the client. The encrypted public key is used by the system server to generate the corresponding encryption function. In this embodiment, after receiving the set of random numbers corresponding to the overall privacy information and the system public key from the system server, the client uses the randomly generated user decryption private key to decrypt the system public key and calculates the user public key through elliptic curve multiplication. Based on the user public key and the target random number in the random number set, the client generates the encrypted public key through elliptic curve division. The client saves the user decryption private key and sends the encrypted public key to the system server.

[0073] In one optional implementation of this embodiment, the step of generating an encrypted ciphertext public key based on a target random number in the random number set and the system public key includes: decrypting the system public key based on a preset user decryption private key; calculating the user public key using elliptic curve multiplication based on the decrypted data information; and generating the encrypted ciphertext public key using elliptic curve division based on the user public key and the target random number in the random number set.

[0074] Specifically, in this embodiment, the client is in the finite field F q A random integer k is selected as the user's private key. The system public key is then decrypted, and the user's public key pk is calculated using elliptic curve multiplication. i =g k If the user needs to retrieve the i-th piece of information, the client selects the i-th random number C sent by the system server. i The public key for the encrypted ciphertext, pk0 = C, is calculated using elliptic curve division. i / pki .

[0075] Step 404: Receive the encrypted information, including the encryption function and overall privacy information, sent by the information distribution system server;

[0076] Step 405: Calculate the ciphertext decryption public key corresponding to the system public key and the preset user decryption private key using elliptic curve multiplication, and obtain the privacy information corresponding to the ciphertext decryption public key in the information ciphertext based on the ciphertext decryption public key.

[0077] Specifically, in this embodiment, after the client receives the encrypted information sent by the system server, for the i-th piece of information that the user needs to obtain, the public key for decrypting the i-th encrypted information can be calculated using the formula (ph). i ) r =(C i ) r / (pk0) r =(C i ) r / (C i / pk i ) r =(pk i ) r =(g k ) r =(g r ) k The client uses the public key g sent by the system server. r Using the user's private key k, the public key for decrypting the i-th ciphertext is calculated using elliptic curve multiplication (ph). i ) r =(g r ) k The information obtained is the private information in the ciphertext that corresponds to the public key used to decrypt the ciphertext.

[0078] In one optional implementation of this embodiment, the step of obtaining the privacy information corresponding to the ciphertext decryption public key in the ciphertext based on the ciphertext decryption public key includes: calculating the corresponding encryption function based on the ciphertext decryption public key; performing an XOR operation between the corresponding encryption function and the ciphertext to obtain the privacy information corresponding to the ciphertext decryption public key.

[0079] Specifically, in this embodiment, the client calculates the encryption function H((ph) corresponding to the user based on the ciphertext decryption public key. i ) r ,R,i), and H((ph i ) r ,R,i) and the ciphertext E sent by the system server i XOR The operation yields the decrypted information x.i ,Right now It should be noted that for the remaining ciphertext information j (j≠i), according to the above formula for calculating the ciphertext decryption public key: (ph j ) r =(C j ) r / (pk0) r =(C j ) r / (C i / pk i ) r =(pk i ) r (C j / C i ) r Because users cannot obtain the system server's private key r, they cannot calculate the corresponding ciphertext decryption public key (ph). j ) r Therefore, it is impossible to decrypt the remaining private information. At the same time, since the user's private key k is stored locally and cannot be obtained from the network, even if the encryption result of the system is obtained by a third party, it is impossible to decrypt any of the ciphertext information.

[0080] Based on the embodiments of the above application, the client sends a request for privacy information carrying a ring signature to the system server; the system server sends a set of random numbers corresponding to the overall privacy information and the system public key to the client; the client generates an encrypted ciphertext public key based on the target random number in the random number set and the system public key, and sends the encrypted ciphertext public key to the system server; the system server generates an encryption function based on the encrypted ciphertext public key, and sends ciphertext containing the encryption function and the overall privacy information to the client; the client calculates the ciphertext decryption public key corresponding to the system public key and the preset user decryption private key using elliptic curve multiplication, and obtains the privacy information corresponding to the ciphertext decryption public key in the ciphertext based on the ciphertext decryption public key. Through the implementation of this application's solution, a double-blind mechanism is achieved for both the system server and the client, ensuring the security of user and system privacy information.

[0081] Figure 5 The method described in the second embodiment of this application is a refined double-blind information distribution method, applied to a double-blind information distribution system including an information distribution client and an information distribution system server. The double-blind information distribution method includes:

[0082] Step 501: The information distribution client generates a ring signature based on the ring signature function and sends a request for privacy information carrying the ring signature to the information distribution system server.

[0083] Step 502: When the information distribution system server receives a privacy information request sent by the information distribution client, it verifies the ring signature carried in the privacy information request through the ring signature verification function.

[0084] Step 503: When the information distribution system server passes the ring signature verification, it determines that the user of the information distribution client is a legitimate user and sends the information distribution client a set of random numbers corresponding to the overall privacy information and the system public key.

[0085] Step 504: The information distribution client receives the set of random numbers corresponding to the overall privacy information and the system public key sent by the information distribution system server.

[0086] Step 505: The information distribution client generates an encrypted public key based on the target random number in the random number set and the system public key, and sends the encrypted public key to the information distribution system server.

[0087] Step 506: The information distribution system server receives the encrypted public key sent by the information distribution client.

[0088] Step 507: The information distribution system server generates an encryption function based on the encrypted public key and sends the encrypted information, including the encryption function and overall privacy information, to the information distribution client.

[0089] Step 508: The information distribution client receives the encrypted information, including the encryption function and overall privacy information, sent by the information distribution system server.

[0090] Step 509: The information distribution client calculates the ciphertext decryption public key corresponding to the system public key and the preset user decryption private key using elliptic curve multiplication, and obtains the privacy information corresponding to the ciphertext decryption public key in the ciphertext based on the ciphertext decryption public key.

[0091] It should be understood that the sequence number of each step in this embodiment does not imply the order in which the steps are executed. The execution order of each step should be determined by its function and internal logic, and should not constitute a unique limitation on the implementation process of this application embodiment.

[0092] According to the double-blind information distribution method provided in this application, the user sends a request for privacy information with a ring signature to the system server through the client. The system verifies the ring signature to determine that the user is a legitimate user, but the system cannot obtain the specific user information. The system provides information to the user through unintentional transmission, and the user obtains their own relevant privacy information. The user cannot decrypt the information of other users, and the system is unaware of the privacy information obtained by the user. This achieves double-blindness for both the system and the user, ensuring the security of the privacy information of both the user and the system.

[0093] Figure 6A double-blind information distribution device is provided in the third embodiment of this application and is applied to an information distribution system server. This double-blind information distribution device can be used to implement the double-blind information distribution method on the server side of the information distribution system in the aforementioned embodiments. Figure 6 As shown, the double-blind information distribution device mainly includes:

[0094] The verification module 601 is used to verify the ring signature carried in the privacy information request through the ring signature verification function when receiving the privacy information request sent by the information distribution client.

[0095] The first sending module 602 is used to determine that the user of the information distribution client is a legitimate user if the ring signature verification is successful, and to send a set of random numbers corresponding to the overall privacy information and the system public key to the information distribution client; wherein, the overall privacy information includes the privacy information of all ring members in the user ring;

[0096] The first receiving module 603 is used to receive the encrypted public key generated by the information distribution client based on the target random number in the random number set and the system public key; wherein, the target random number is the random number corresponding to the target privacy information requested by the information distribution client;

[0097] The second sending module 604 is used to generate an encryption function based on the public key of the encrypted ciphertext and send the encrypted information, including the encryption function and overall privacy information, to the information distribution client.

[0098] In one optional implementation of this embodiment, the first sending module is specifically used to: generate a set of random numbers corresponding to the overall privacy information and generate a system private key; calculate a system public key corresponding to the system private key using elliptic curve multiplication; and send the set of random numbers and the system public key to the information distribution client.

[0099] Furthermore, in an optional implementation of this embodiment, when the second sending module performs the function of generating an encryption function based on the encrypted ciphertext public key, it is specifically used to: calculate the system encrypted public key using the system private key and the encrypted ciphertext public key through elliptic curve multiplication; calculate the user decryption public key corresponding to the system encrypted public key through elliptic curve division; and perform hash calculation on the user decryption public key to generate an encryption function.

[0100] Figure 7 A double-blind information distribution device is provided in the third embodiment of this application, applied to an information distribution client. This double-blind information distribution device can be used to implement the double-blind information distribution method on the information distribution client side in the aforementioned embodiments. Figure 7 As shown, the double-blind information distribution device mainly includes:

[0101] The third sending module 701 is used to generate a ring signature according to the ring signature function and send a request for privacy information carrying the ring signature to the information distribution system server.

[0102] The second receiving module 702 is used to receive the set of random numbers corresponding to the overall privacy information and the system public key sent by the information distribution system server when the ring signature verification is successful; wherein, the overall privacy information includes the privacy information of all ring members in the user ring;

[0103] The fourth sending module 703 is used to generate an encrypted public key based on a target random number in the random number set and the system public key, and send the encrypted public key to the information distribution system server; wherein, the target random number is the random number corresponding to the target privacy information requested by the information distribution client, and the encrypted public key is used by the information distribution system server to generate the corresponding encryption function;

[0104] The third receiving module 704 is used to receive encrypted information, including encryption functions and overall privacy information, sent by the information distribution system server.

[0105] The acquisition module 705 is used to calculate the ciphertext decryption public key corresponding to the system public key and the preset user decryption private key through elliptic curve multiplication, and to obtain the privacy information corresponding to the ciphertext decryption public key in the information ciphertext based on the ciphertext decryption public key.

[0106] In an optional implementation of this embodiment, when the third sending module performs the function of generating a ring signature based on the ring signature function, it is specifically used to: construct a user ring among all legitimate users; publicly disclose the public key of the legitimate users in the user ring; wherein the public key is the public key in the public-private key pair generated by the legitimate users; and generate a ring signature based on the public keys of all legitimate users through the ring signature function.

[0107] In one optional implementation of this embodiment, when the fourth sending module performs the function of generating an encrypted ciphertext public key based on a target random number in the random number set and the system public key, it is specifically used to: decrypt the system public key based on a preset user decryption private key; calculate the user public key using elliptic curve multiplication based on the decrypted data information; and generate the encrypted ciphertext public key using elliptic curve division based on the user public key and the target random number in the random number set.

[0108] In one optional implementation of this embodiment, the acquisition module is specifically used to: calculate the corresponding encryption function based on the ciphertext decryption public key; perform an XOR operation between the corresponding encryption function and the ciphertext to obtain the privacy information corresponding to the ciphertext decryption public key.

[0109] It should be noted that the double-blind information distribution methods in the first and second embodiments can be implemented based on the double-blind information distribution device provided in this embodiment. Those skilled in the art can clearly understand that, for the sake of convenience and brevity, the specific working process of the security function identification device described in this embodiment can be referred to the corresponding process in the aforementioned method embodiments, and will not be repeated here.

[0110] According to the double-blind information distribution device provided in this application, the client sends a request for privacy information carrying a ring signature to the system server; the system server sends the client a set of random numbers corresponding to the overall privacy information and the system public key; the client generates an encrypted ciphertext public key based on the target random number in the random number set and the system public key, and sends the encrypted ciphertext public key to the system server; the system server generates an encryption function based on the encrypted ciphertext public key, and sends ciphertext containing the encryption function and the overall privacy information to the client; the client calculates the ciphertext decryption public key corresponding to the system public key and the preset user decryption private key using elliptic curve multiplication, and obtains the privacy information corresponding to the ciphertext decryption public key in the ciphertext based on the ciphertext decryption public key. Through the implementation of this application, a double-blind mechanism is achieved between the system server and the client, ensuring the security of user and system privacy information.

[0111] Figure 8 An electronic device is provided as a fourth embodiment of this application. This electronic device can be used to implement the double-blind information distribution method in the foregoing embodiments. For example... Figure 8 As shown, the electronic device mainly includes:

[0112] The system includes a memory 801, a processor 802, and a computer program 803 stored on the memory 801 and executable on the processor 802. The memory 801 and the processor 802 are connected via communication. When the processor 802 executes the computer program, it implements the double-blind information distribution method described in the foregoing embodiments. The number of processors can be one or more.

[0113] The memory 801 can be a high-speed random access memory (RAM) or a non-volatile memory, such as a disk storage device. The memory 801 is used to store executable program code, and the processor 802 is coupled to the memory 801.

[0114] Furthermore, embodiments of this application also provide a computer-readable storage medium, which may be disposed in the electronic device described in the above embodiments, and the computer-readable storage medium may be as described above. Figure 8 The memory in the illustrated embodiment.

[0115] The computer-readable storage medium stores a computer program that, when executed by a processor, implements the double-blind information distribution method described in the foregoing embodiments. Furthermore, the computer-readable storage medium can also be a USB flash drive, a portable hard drive, a read-only memory (ROM), RAM, a magnetic disk, or an optical disk, or any other medium capable of storing program code.

[0116] In the several embodiments provided in this application, it should be understood that the disclosed apparatus and methods can be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative; for instance, the division of modules is only a logical functional division, and in actual implementation, there may be other division methods. For example, multiple modules or components may be combined or integrated into another system, or some features may be ignored or not executed. Furthermore, the coupling or direct coupling or communication connection shown or discussed may be through some interfaces; the indirect coupling or communication connection between apparatuses or modules may be electrical, mechanical, or other forms.

[0117] The modules described as separate components may or may not be physically separate. Similarly, the components shown as modules may or may not be physical modules; they may be located in one place or distributed across multiple network modules. Some or all of the modules can be selected to achieve the purpose of this embodiment, depending on actual needs.

[0118] Furthermore, the functional modules in the various embodiments of this application can be integrated into one processing module, or each module can exist physically separately, or two or more modules can be integrated into one module. The integrated modules described above can be implemented in hardware or as software functional modules.

[0119] If the integrated module is implemented as a software functional module and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or all or part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a readable storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods of the various embodiments of this application. The aforementioned readable storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, ROM, RAM, magnetic disks, or optical disks.

[0120] It should be noted that, for the sake of simplicity, the foregoing method embodiments are all described as a series of actions. However, those skilled in the art should understand that this application is not limited to the described order of actions, as some steps may be performed in other orders or simultaneously according to this application. Furthermore, those skilled in the art should also understand that the embodiments described in the specification are preferred embodiments, and the actions and modules involved are not necessarily essential to this application.

[0121] In the above embodiments, the descriptions of each embodiment have different focuses. For parts not described in detail in a certain embodiment, please refer to the relevant descriptions in other embodiments.

[0122] The above is a description of the double-blind information distribution method, apparatus and computer-readable storage medium provided in this application. For those skilled in the art, based on the ideas of the embodiments of this application, there will be changes in the specific implementation and application scope. Therefore, the content of this specification should not be construed as a limitation of this application.

Claims

1. A double-blind information distribution method, applied to an information distribution system server, characterized in that, include: When receiving a privacy information request sent by an information distribution client, the ring signature carried in the privacy information request is verified through a ring signature verification function; If the ring signature verification passes, the user of the information distribution client is determined to be a legitimate user, and a set of random numbers corresponding to the overall privacy information and the system public key are sent to the information distribution client; wherein, the overall privacy information includes the privacy information of all ring members in the user ring; The system receives an encrypted public key generated by the information distribution client based on a target random number from the random number set and the system public key; wherein the target random number is a random number corresponding to the target privacy information requested by the information distribution client. An encryption function is generated based on the public key of the encrypted ciphertext. Based on the encryption function and the overall privacy information, ciphertext including the encryption function and the overall privacy information is generated and sent to the information distribution client.

2. The double-blind information distribution method according to claim 1, characterized in that, The step of sending a set of random numbers corresponding to the overall privacy information and the system public key to the information distribution client includes: Generate a set of random numbers corresponding to the overall privacy information and generate a system private key; The system public key corresponding to the system private key is calculated using elliptic curve multiplication. The set of random numbers and the system public key are sent to the information distribution client.

3. The double-blind information distribution method according to claim 2, characterized in that, The step of generating an encryption function based on the encrypted ciphertext public key includes: Using the system private key and the encrypted ciphertext public key, the system encrypted public key is calculated via elliptic curve multiplication. The user's decryption public key corresponding to the system's encryption public key is calculated using the elliptic curve division. The user's decryption public key is hashed to generate an encryption function.

4. A double-blind information distribution method, applied to an information distribution client, characterized in that, include: A ring signature is generated according to the ring signature function, and a privacy information request carrying the ring signature is sent to the information distribution system server. The system receives a set of random numbers corresponding to the overall privacy information and the system public key sent by the information distribution system server when the ring signature verification is successful; wherein, the overall privacy information includes the privacy information of all ring members in the user ring; An encrypted public key is generated based on a target random number from the set of random numbers and the system public key, and the encrypted public key is sent to the information distribution system server; wherein, the target random number is a random number corresponding to the target privacy information requested by the information distribution client, and the encrypted public key is used by the information distribution system server to generate the corresponding encryption function; The system receives encrypted information, including the encryption function and the overall privacy information, sent by the information distribution system server; wherein the encrypted information is generated based on the encryption function and the overall privacy information. The ciphertext decryption public key corresponding to the system public key and the preset user decryption private key is calculated by elliptic curve multiplication, and the corresponding encryption function is calculated based on the ciphertext decryption public key. The encrypted information is XORed with an encryption function calculated based on the public key used to decrypt the encrypted information to obtain the privacy information corresponding to the public key used to decrypt the encrypted information.

5. The double-blind information distribution method according to claim 4, characterized in that, The step of generating a ring signature based on the ring signature function includes: Construct the user ring among all legitimate users; The public key of the legitimate user is publicly disclosed in the user ring; wherein, the public key is the public key in the public-private key pair generated by the legitimate user; A ring signature is generated using the ring signature function based on the public keys of all legitimate users.

6. The double-blind information distribution method according to claim 4, characterized in that, The step of generating an encrypted ciphertext public key based on a target random number from the random number set and the system public key includes: The system public key is decrypted based on the preset user decryption private key; Based on the decrypted data, the user's public key is calculated using elliptic curve multiplication. Based on the user's public key and the target random number in the random number set, an encrypted ciphertext public key is generated by elliptic curve division.

7. A double-blind information distribution device, applied to an information distribution system server, characterized in that, include: The verification module is used to verify the ring signature carried in the privacy information request by means of a ring signature verification function when receiving a privacy information request sent by the information distribution client. The first sending module is configured to, if the ring signature verification passes, determine that the user of the information distribution client is a legitimate user, and send a set of random numbers corresponding to the overall privacy information and the system public key to the information distribution client; wherein, the overall privacy information includes the privacy information of all ring members in the user ring; The first receiving module is configured to receive the encrypted public key generated by the information distribution client based on the target random number in the random number set and the system public key; wherein, the target random number is the random number corresponding to the target privacy information requested by the information distribution client; The second sending module is used to generate an encryption function based on the encrypted public key, generate ciphertext including the encryption function and the overall privacy information based on the encryption function and the overall privacy information, and send the ciphertext to the information distribution client.

8. A double-blind information distribution device, applied to an information distribution client, characterized in that, include: The third sending module is used to generate a ring signature according to the ring signature function and send a privacy information request carrying the ring signature to the information distribution system server; The second receiving module is used to receive the set of random numbers corresponding to the overall privacy information and the system public key sent by the information distribution system server when the ring signature verification is successful; wherein, the overall privacy information includes the privacy information of all ring members in the user ring; The fourth sending module is used to generate an encrypted public key based on a target random number in the random number set and the system public key, and send the encrypted public key to the information distribution system server; wherein, the target random number is a random number corresponding to the target privacy information requested by the information distribution client, and the encrypted public key is used by the information distribution system server to generate a corresponding encryption function; The third receiving module is used to receive ciphertext information including the encryption function and the overall privacy information sent by the information distribution system server; wherein the ciphertext information is generated based on the encryption function and the overall privacy information. The acquisition module is used to calculate the ciphertext decryption public key corresponding to the system public key and the preset user decryption private key through elliptic curve multiplication, calculate the corresponding encryption function based on the ciphertext decryption public key, and perform an XOR operation on the ciphertext information and the encryption function calculated based on the ciphertext decryption public key to obtain the privacy information corresponding to the ciphertext decryption public key.

9. An electronic device, characterized in that, Includes memory and processor, of which: The processor is used to execute a first computer program or a second computer program stored in the memory; When the processor executes the first computer program, it implements the steps of the method according to any one of claims 1 to 3; when the processor executes the second computer program, it implements the steps of the method according to any one of claims 4 to 6.

10. A computer-readable storage medium having a first computer program or a second computer program stored thereon, characterized in that, When the first computer program is executed by the processor, it implements the steps of the method according to any one of claims 1 to 3; when the second computer program is executed by the processor, it implements the steps of the method according to any one of claims 4 to 6.