Data transmission system, method and apparatus based on an inadvertent transmission protocol
By introducing a key management device with a trusted execution environment into the unintentional transmission protocol, the generation and management of raw keys are achieved, solving the efficiency and cost problems in the prior art and realizing efficient and secure data transmission.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- ANT BLOCKCHAIN TECHNOLOGY (SHANGHAI) CO LTD
- Filing Date
- 2022-12-30
- Publication Date
- 2026-07-10
AI Technical Summary
Existing unintentional transport protocols have shortcomings in terms of execution efficiency and cost, especially in multi-round interactions and device costs, which need to be improved.
By introducing a key management device within a trusted execution environment as a third party, the device generates and manages the original keys. Multiple sets of original keys are generated within the trusted execution environment and sent to the sender and receiver, thereby enabling the encryption and decryption of data and reducing reliance on symmetric or asymmetric operations.
It improves the security and efficiency of data transmission, reduces implementation costs, and optimizes resource utilization in the overall transmission process.
Smart Images

Figure CN116032470B_ABST
Abstract
Description
Technical Field
[0001] This specification relates to the field of computer technology, and in particular to a data transmission system, method and apparatus based on an unintentional transmission protocol. Background Technology
[0002] Oblivious transfer (OT) is a widely used fundamental protocol for multi-party computation (MPC), and different implementations of this protocol can directly affect the operational efficiency of MPC. Therefore, maximizing the processing efficiency of this protocol has become a common challenge that the industry needs to address and solve.
[0003] In related technologies, constructing oblivious transfers usually involves asymmetric operations. However, the process of performing asymmetric operations is time-consuming and slow. Alternatively, an extended oblivious transfer (OTE) approach, such as "a small number of public-key algorithms combined with a large number of symmetric algorithms," can be used to improve execution efficiency. However, such methods have high performance requirements for pre-computation and are costly to implement. Summary of the Invention
[0004] In view of this, this specification provides a data transmission system, method and apparatus based on an unintentional transmission protocol to address the shortcomings of related technologies.
[0005] Specifically, this specification is implemented through the following technical solution:
[0006] According to a first aspect of the embodiments of this specification, a data transmission system based on an unintentional transmission protocol is provided, comprising: a key management device, a transmitter, and a receiver, wherein the key management device is equipped with a trusted execution environment, and the transmitter maintains multiple sets of original data corresponding to different indices; wherein:
[0007] The key management device is used to obtain the target index sent by the receiving end; and to generate multiple sets of original keys corresponding to different indices in the trusted execution environment, and send the multiple sets of original keys to the sending end, and send the target key corresponding to the target index among the multiple sets of original keys to the receiving end.
[0008] The sending end is configured to encrypt the original data with the same index in the multiple sets of original data according to each of the multiple sets of original keys to obtain multiple sets of encrypted data, and send the multiple sets of encrypted data to the receiving end.
[0009] The receiving end is used to decrypt the encrypted data corresponding to the target index in the multiple sets of encrypted data according to the target key, so as to obtain the target original data.
[0010] According to a second aspect of the embodiments of this specification, a data transmission method based on an unintentional transfer protocol is provided, applied to a key management device, the key management device being equipped with a trusted execution environment, the method comprising:
[0011] Obtain the target index sent by the receiving end, and generate multiple sets of original keys within the trusted execution environment. The multiple sets of original keys include the target key corresponding to the target index.
[0012] The multiple sets of original keys are sent to the sending end, and the target key is sent to the receiving end, so that the sending end: encrypts the original data with the same index in the multiple sets of original data according to each of the multiple sets of original keys to obtain multiple sets of encrypted data, and sends the multiple sets of encrypted data to the receiving end; and the receiving end: decrypts the encrypted data corresponding to the target index in the multiple sets of encrypted data according to the target key to obtain the target original data.
[0013] According to a third aspect of the embodiments of this specification, a data transmission method based on an unintentional transmission protocol is provided, applied at a sending end, wherein the sending end maintains multiple sets of original data corresponding to different indices, the method comprising:
[0014] Receive multiple sets of raw keys from the key management device. These raw keys are generated within the trusted execution environment mounted on the key management device and each corresponds to a different index.
[0015] Each of the multiple sets of original keys is used to encrypt the original data with the same index in the multiple sets of original data to obtain multiple sets of encrypted data.
[0016] The multiple sets of encrypted data are sent to the receiving end, so that the receiving end can decrypt the encrypted data corresponding to the target index in the multiple sets of encrypted data according to the target key, so as to obtain the target original data.
[0017] According to a fourth aspect of the embodiments of this specification, a data transmission method based on an unintentional transmission protocol is provided, applied at a receiving end, the method comprising:
[0018] The target index is sent to the key management device, so that the key management device generates multiple sets of original keys corresponding to different indices in its own trusted execution environment, and sends the multiple sets of original keys to the sending end, and sends the target key corresponding to the target index in the multiple sets of original keys to the receiving end;
[0019] The system receives the target key returned by the key management device and multiple sets of encrypted data sent by the sending end. The sending end maintains multiple sets of original data corresponding to different indices. The multiple sets of encrypted data are obtained by the sending end encrypting the original data with the same index in the multiple sets of original data according to each of the multiple sets of original keys.
[0020] The encrypted data corresponding to the target index in the plurality of encrypted data is decrypted according to the target key to obtain the original target data.
[0021] According to a fifth aspect of the embodiments of this specification, a data transmission apparatus based on an unintentional transfer protocol is provided, applied to a key management device, the key management device being equipped with a trusted execution environment, the apparatus comprising:
[0022] A key generation unit is used to obtain the target index sent by the receiving end and generate multiple sets of original keys in the trusted execution environment, wherein the multiple sets of original keys include a target key corresponding to the target index.
[0023] A key sending unit is configured to send the multiple sets of original keys to a sending end and the target key to a receiving end, so that the sending end: encrypts the original data with the same index in the multiple sets of original data according to each of the multiple sets of original keys to obtain multiple sets of encrypted data, and sends the multiple sets of encrypted data to the receiving end; and the receiving end: decrypts the encrypted data corresponding to the target index in the multiple sets of encrypted data according to the target key to obtain the target original data.
[0024] According to a sixth aspect of the embodiments of this specification, a data transmission apparatus based on an unintentional transmission protocol is provided, applied at a sending end, wherein the sending end maintains multiple sets of raw data corresponding to different indices, the apparatus comprising:
[0025] A key receiving unit is used to receive multiple sets of raw keys from a key management device. The multiple sets of raw keys are generated within the trusted execution environment mounted on the key management device and each corresponds to a different index.
[0026] A data encryption unit is used to encrypt the original data with the same index in the multiple sets of original data according to each of the multiple sets of original keys to obtain multiple sets of encrypted data.
[0027] An encrypted data sending unit is used to send the multiple sets of encrypted data to the receiving end, so that the receiving end can decrypt the encrypted data corresponding to the target index in the multiple sets of encrypted data according to the target key to obtain the target original data.
[0028] According to a seventh aspect of the embodiments of this specification, a data transmission apparatus based on an unintentional transmission protocol is provided, applied at a receiving end, the apparatus comprising:
[0029] The target index sending unit is used to send the target index to the key management device, so that the key management device generates multiple sets of original keys corresponding to different indices in its own trusted execution environment, and sends the multiple sets of original keys to the sending end and sends the target key corresponding to the target index among the multiple sets of original keys to the receiving end.
[0030] The data receiving unit is used to receive the target key returned by the key management device and multiple sets of encrypted data sent by the sending end. The sending end maintains multiple sets of original data corresponding to different indices. The multiple sets of encrypted data are obtained by the sending end encrypting the original data with the same index in the multiple sets of original data according to each original key in the multiple sets of original keys.
[0031] The data decryption unit is used to decrypt the encrypted data corresponding to the target index in the plurality of encrypted data according to the target key, so as to obtain the target original data.
[0032] According to an eighth aspect of the embodiments of this specification, a computer-readable storage medium is provided having a computer program stored thereon, which, when executed by a processor, implements the steps of the method described in the second, third, or fourth aspects.
[0033] According to a ninth aspect of the embodiments of this specification, an electronic device is provided, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the program to implement the steps of the method described in the second, third, or fourth aspects.
[0034] In the technical solution provided in this specification, a key management device that generates the original key using a trusted execution environment is used as a trusted third party, in addition to the sender and receiver, to uniformly manage the relevant keys of the sender and receiver. This allows the sender to encrypt its own maintained original data using the received original key, and the receiver to decrypt the encrypted data from the sender using the received target key, without involving a large number of asymmetric or symmetric operations. This ensures both the security and efficiency of data transmission while reducing implementation costs.
[0035] It should be understood that the above general description and the following detailed description are exemplary and explanatory only, and are not intended to limit this specification. Attached Figure Description
[0036] To more clearly illustrate the technical solutions in the embodiments or prior art of this specification, the drawings used in the description of the embodiments or prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments recorded in this specification. For those skilled in the art, other drawings can be obtained based on these drawings.
[0037] Figure 1 This is a schematic diagram of the architecture of a data transmission system shown in an exemplary embodiment of this specification;
[0038] Figure 2 This is a schematic diagram illustrating an exemplary embodiment of a data transmission method based on a basic unintentional transmission protocol.
[0039] Figure 3 This is a schematic diagram illustrating an exemplary embodiment of a data transmission method based on the Unintentional Transmission Extension Protocol (UTP).
[0040] Figure 4 This is a schematic diagram of a three-party interaction process of a data transmission system based on an unintentional transmission protocol, as illustrated in an exemplary embodiment of this specification.
[0041] Figure 5 This is a schematic flowchart illustrating an exemplary embodiment of a data transmission method based on an unintentional transmission protocol.
[0042] Figure 6 This is a schematic flowchart illustrating another data transmission method based on an unintentional transmission protocol, as shown in an exemplary embodiment of this specification.
[0043] Figure 7 This is a schematic flowchart illustrating yet another data transmission method based on an unintentional transmission protocol, as shown in an exemplary embodiment of this specification.
[0044] Figure 8 This is a schematic structural diagram of an electronic device shown in an exemplary embodiment of this specification;
[0045] Figure 9 This is a schematic diagram illustrating the structure of a data transmission device based on an unintentional transmission protocol, as shown in an exemplary embodiment of this specification.
[0046] Figure 10 This is a schematic diagram illustrating the structure of another data transmission device based on an unintentional transmission protocol, as shown in an exemplary embodiment of this specification.
[0047] Figure 11 This is a schematic diagram illustrating the structure of another data transmission device based on an unintentional transmission protocol, as shown in an exemplary embodiment of this specification. Detailed Implementation
[0048] Exemplary embodiments will now be described in detail, examples of which are illustrated in the accompanying drawings. When the following description relates to the drawings, unless otherwise indicated, the same numbers in different drawings denote the same or similar elements. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with this specification. Rather, they are merely examples of apparatuses and methods consistent with some aspects of this specification.
[0049] It should be noted that in other embodiments, the steps of the corresponding methods are not necessarily performed in the order shown and described in this specification. In some other embodiments, the methods may include more or fewer steps than those described in this specification. Furthermore, a single step described in this specification may be broken down into multiple steps in other embodiments; and multiple steps described in this specification may be combined into a single step in other embodiments. It should be understood that although the terms first, second, third, etc., may be used in this specification to describe various information, this information should not be limited to these terms. These terms are only used to distinguish information of the same type from each other. For example, without departing from the scope of this specification, first information may also be referred to as second information, and similarly, second information may also be referred to as first information. Depending on the context, the word "if" as used herein may be interpreted as "when," "when," or "in response to a determination."
[0050] In related technologies, unintentional transmission is a frequently used secure two-party communication protocol in cryptography, and it is also a fundamental protocol in cryptography. This protocol specifies the communication method between the sender and receiver, ensuring that after the protocol execution, the receiver can obtain the information it wants, but cannot obtain any other information from the sender. The sender is unaware of which message the receiver has received. In other words, the core requirement for unintentional transmission is that the receiver does not want the sender to determine the data it needs, while the sender wants the receiver to only obtain the data it needs, and not other data. Therefore, unintentional transmission protocols are typically implemented in similar... Figure 1 During the data transmission and processing between the receiving end 12 and the sending end 13.
[0051] Since there are multiple ways to achieve the aforementioned unintentional transmission, this specification categorizes unintentional transmission into "1-out-of-2 (OT)" (abbreviated as "2-out-of-2") based on the amount of data available from the sender to the receiver. ) and "n-choose-1(1-out-of-n)OT" (abbreviated as These are the two types of implementation methods.
[0052] The following implements the inadvertent transmission protocol using the Diffie-Hellman (DH) key exchange algorithm. For example, combined with Figure 2 The implementation of a data transmission method based on a 2-to-1 unintentional transmission protocol is discussed:
[0053] (1) Assume that the sender 21 is S and the receiver 22 is R. S has two data M0 and M1, and S generates a random number a and R generates a random number b.
[0054] (2) S can first put g b This parameter is sent to R.
[0055] (3) So that when R wants to obtain M0, g can be... b Send it to S; if R wants to obtain M1, then B = g a ·g b Send to S.
[0056] (4) S calculates k0 = Hash(B) respectively. a ) and k1 = Hash((B / g a ) a ).
[0057] (5) Calculate based on k0 and k1 respectively and Then send e0 and e1 to R.
[0058] (6) At this time, R has g a If R wants to obtain M0, it can do so through B and b. a =(g b ) a =(g a ) b The relational expression is used to decrypt k0, which in turn decrypts M0. Since R does not know a, it cannot calculate k1 and therefore cannot decrypt M1; conversely, if R wants to obtain M1, it can do so through (B / g). a ) a =(g b ) a =(g a ) b The relational expression is used to decrypt k1, and then M1 is decrypted. Since R does not know a, it cannot calculate k0 and therefore cannot decrypt M0.
[0059] In the appeal step (4), since S itself is not actually aware that it received g b or g a ·g b Furthermore, the calculation of the corresponding discrete logarithm in the above key exchange algorithm is extremely difficult, so it is almost impossible to directly determine whether the specific data that R wants to obtain is M0 or M1 by brute force, thus ensuring the security of the data.
[0060] Those skilled in the art will understand that the aforementioned unintentional transmission protocol can also be implemented using public-key encryption algorithms such as Elliptic Curve Cryptosystems (ECC) key exchange algorithms (i.e., ECDH), Elgamal, or RSA (Rivest-Shamir-Adleman), and this specification does not impose any limitations on it.
[0061] However, the above embodiments require multiple rounds of interaction between the sending and receiving ends for a single 1-out-of-2 unintentional transmission. In real-world applications, users typically need to perform a large number of unintentional transmissions at once. Therefore, if the original unintentional transmission protocol is used for each transmission, the overall data transmission efficiency will be extremely low.
[0062] In another embodiment, to address the shortcomings of the previous embodiment, the existing Base OT protocol can be improved to obtain an OT extension protocol similar to the one described below, thereby improving the execution efficiency of the OT protocol. The following describes the implementation of a multiple OT protocol based on IKNP03. For example, combined with Figure 3 The implementation of a data transmission method based on a multiple 2-to-1 unintentional transmission protocol is discussed:
[0063] (1) Assume the sender has n pairs of data and the receiver has n select bits. The receiver wants to obtain the data identified by the select bits from the sender. Normally, the basic 1-out-of-2 unintentional transfer protocol can be executed n times. However, as mentioned earlier, this implementation increases the communication complexity as n increases. The unintentional transfer extension protocol, on the other hand, only requires k unintentional transfers to achieve the same effect as n unintentional transfers, thus greatly improving the applicability of unintentional transfers. Here, k is a fixed value, independent of the size of n.
[0064] (2) Input n pairs of data from the transmitter S The receiver R has n selection bits as input, i = (i1, i2, ..., i...). n ), i∈{0,1}, at this time, both parties jointly hold a security parameter k (i.e. the number of times an unintentional transmission is performed), assuming there is a random primitive H (usually a hash function), assuming there is a 1-out-of-2 unintentional transmission as follows.
[0065] (3) The sending end S initializes a random vector s∈{0,1} of length k. k The receiving end R initializes a random bit matrix T of size n*k.
[0066] (4) Both parties perform k unintentional 1-out-of-2 transmissions. In these k unintentional transmissions, S, as the receiving end, holds k selection bits, namely s1, ... s2. k R, as the sender, holds k pairs of data. Where t a Let T represent the a-th column, and i be a vector consisting of n selected bits of R. Those skilled in the art will understand that the sending end and the receiving end in this step can be defined according to the Private Set Intersection (PSI) method, meaning the object obtaining the final output can be defined as the receiving end, thus changing the identities of S and R.
[0067] (5) Take Q as an n×k matrix composed of the data received by the sender S in the k unintentional transmissions in step 4. Each row and column of Q satisfies the following properties: Where q a Let q represent the a-th column of Q. b This represents the b-th row of Q. Subsequently, the sender S sends n data pairs. in
[0068] (6) The receiver can calculate H(b, t) b ),Depend on Get the corresponding
[0069] From the above formula, we can further deduce q. b The property of i. That is, if i b =0, then q b =t b ; if i b =1, then Therefore, when generating n data pairs At that time, it was possible to pass through This ensures that the receiving end R can successfully decrypt the data it needs. Those skilled in the art will understand that the above-described unintentional transmission protocol can also be implemented using, for example, methods based on KK13 (the Kolesnikov-Kolesnikov protocol of 2013) or KOS15 (the Keller-Orsini-Scholl protocol of 2013), and this specification does not impose any limitations on it.
[0070] Although the unintentional transmission extension protocol in the above embodiments, based on the matrix transformation concept, enables the construction of a large number of unintentional transmission instances using a small number of basic unintentional transmissions and symmetric keys, thus improving data transmission efficiency, it requires the construction of a corresponding number of data matrices based on the aforementioned basic unintentional transmissions, leading to an increase in the equipment cost of unintentional transmissions. Therefore, this specification proposes the following technical solutions to address the above problems.
[0071] This specification implements a data transmission system based on an unintentional transmission protocol. Figure 1 This is a schematic diagram illustrating the architecture of a data transmission system according to an exemplary embodiment of this specification. Figure 1As shown, the system further includes a key management device 11 in addition to the original sender 12 and receiver 13. The key management device can be an electronic device equipped with a Trusted Execution Environment (TEE). The sender and receiver are two electronic devices, each with data transmission and reception capabilities. The sender maintains multiple sets of raw data corresponding to different indices. The key management device 11 can serve as a physical server on an independent host or can be deployed on a virtual server hosted by a host cluster. One or more embodiments of this specification do not limit this. Users can use electronic devices such as mobile phones, tablets, laptops, PDAs (Personal Digital Assistants), and wearable devices (such as smart glasses and smartwatches). One or more embodiments of this specification do not limit this.
[0072] The aforementioned key management device can also act as a blockchain node in a blockchain network and execute a series of operations described below through, for example, smart contracts.
[0073] The smart contracts in the aforementioned blockchain are contracts that can be triggered and executed by transactions on the blockchain system. Smart contracts can be defined in the form of code. Calling a smart contract in the blockchain involves initiating a transaction pointing to the smart contract's address, causing each node in the blockchain to run the smart contract code in a distributed manner. It should be noted that besides users creating smart contracts, the system can also set smart contracts in the genesis block. These contracts are generally called genesis contracts. Typically, the genesis contract can set some blockchain data structures, parameters, attributes, and methods. Furthermore, accounts with system administrator privileges can create or modify system-level contracts (referred to as system contracts). These system contracts can be used to add data structures for different business operations to the blockchain.
[0074] In a contract deployment scenario, for example, Bob sends a transaction containing information about creating a smart contract (i.e., deploying the contract) to a server such as... Figure 1 In the blockchain shown, the `data` field of the transaction includes the code (such as bytecode or machine code) of the contract to be created, and the `to` field of the transaction is empty, indicating that the transaction is used to deploy the contract. After the nodes reach an agreement through the consensus mechanism, the contract address "0x6f8ae93…" is determined. Each node adds a contract account corresponding to the contract address of the smart contract to the state database, allocates state storage corresponding to the contract account, and saves the contract code in the contract's state storage, thus the contract is successfully created.
[0075] In scenarios where contracts are invoked, for example, Bob sends a transaction to invoke a smart contract, such as... Figure 1 In the blockchain shown, the `from` field of this transaction is the address of the account of the transaction initiator (i.e., Bob), the `to` field "0x6f8ae93…" represents the address of the smart contract being invoked, and the `data` field of the transaction includes the method and parameters for invoking the smart contract. After consensus is reached on this transaction in the blockchain, each node in the blockchain can execute the transaction, thereby executing the contract separately, and updating the state database based on the execution of the contract.
[0076] Figure 4 This is a schematic diagram illustrating a three-way interaction process of a data transmission system based on an unintentional transmission protocol, as shown in an exemplary embodiment of this specification. Figure 4 As shown, in the data transmission system described in this specification, the key management device, the transmitter, and the receiver respectively perform the following operations.
[0077] S401. The receiving end sends the target index to the key management device.
[0078] When the receiving end needs to obtain a target original data from multiple original data sources at the sending end, it can send a target index corresponding to the target original data to the key management device. This index can be an integer determined according to a rule starting from 0 and incrementing sequentially, or it can be an ordered arrangement specified by other rules; this specification does not impose any restrictions on this.
[0079] Those skilled in the art will understand that the triggering condition for the receiving end to send the aforementioned target index can be a subscription sending request initiated by the user or other devices, or the subscription timed sending process pre-deployed locally on the receiving end reaching a preset sending time point. This specification does not impose any restrictions on this.
[0080] Before sending the target index, the solution in this specification can also determine whether to execute subsequent procedures by verifying the legitimacy of the identities of the receiver and the sender.
[0081] In one embodiment, the key management device can authenticate the receiving end and the sending end based on a preset authentication interaction protocol. If authentication is successful, it distributes corresponding credentials to both the receiving end and the sending end, enabling them to establish data transmission connections with the key management device based on the obtained credentials. The credentials contain at least the identity identifier of the credential holder. Conversely, if authentication fails, the key management device can cancel the corresponding unintentional transmission and generate relevant logs to report back to the system administrator. Since the principles and implementation methods of authentication interaction protocols are largely disclosed in related technologies, this specification will not elaborate further.
[0082] S402. The key management device generates multiple sets of original keys, each corresponding to a different index, within a trusted execution environment.
[0083] The aforementioned Trusted Execution Environment (TEE), constructed within the central processing unit of the key management device using both hardware and software methods, ensures the confidentiality and integrity of the programs and data loaded within it. Therefore, the multiple sets of original keys possess high security. Alternatively, the original keys can be randomly generated within the TEE of the key management device. Using non-fixed original keys avoids situations like the sender recording duplicate keys to illegally obtain other original data corresponding to non-target indices. Furthermore, the random generation method conforms to One-Time-Pad encryption, guaranteeing absolute security as long as the length of the original key is greater than or equal to the length of the original data. In addition, compared to unintended transmission extensions in related technologies, the aforementioned TEE does not require pre-calculation for the generation and distribution of random numbers and has no quantity limit, thereby reducing the system resources required for unintended transmission.
[0084] The content of the aforementioned original key can be changed according to different actual needs, thereby altering the encryption and decryption methods corresponding to this key in subsequent S405 and S406. For example, the aforementioned original key can be a pair of public and private keys, or a set of characters. The public and private keys can be generated based on algorithms such as RSA, ElGamal, or ECC, and the character set can be a set of binary sequences, or other character combinations that can be converted into binary sequences. This specification does not impose any restrictions on this.
[0085] It should be noted that this specification only requires that the indices corresponding to the above-mentioned multiple sets of original keys and the indices corresponding to the multiple sets of original data maintained by the sending end belong to the same standard or specification, and does not restrict the actual content of the two. For example, the two can both be integers in Arabic numerals, or combinations of characters consisting only of English letters.
[0086] For example, as mentioned above, when the key management device is a blockchain node in a blockchain network, the key management device can obtain the key generation transaction initiated by the receiving end to the blockchain node, and execute the corresponding key generation contract within the trusted execution environment to generate multiple sets of original keys corresponding to different indices. The target indices included in the key generation transaction can be provided as input parameters to the key generation contract, so that the transaction receipt corresponding to the key generation transaction includes a first event carrying the multiple sets of original keys and a second event carrying the target key corresponding to the target indices. Simultaneously, when the key management device responds to the detected first event, it can send the original key contained in the first event to the sending end; or, in response to the detected second event, it can send the original key contained in the second event to the receiving end. In this embodiment, since the transmission operations of the target indices, original keys, and target keys are all implemented and driven by blockchain transactions, the key management device can further enhance data security by utilizing the immutability and traceability characteristics of blockchain.
[0087] Furthermore, there is no strict execution order between S402 and S401. It is possible that the key management device generates the multiple sets of original keys after obtaining the target index sent by the receiving end; or the key management device generates the multiple sets of original keys and then obtains the target index; or the two are executed in parallel. This specification does not impose any restrictions on this.
[0088] S403. The key management device sends multiple sets of original keys to the sending end.
[0089] S404. The key management device sends the target key corresponding to the target index from multiple sets of original keys to the receiving end.
[0090] As a trusted third-party device that generates the original key based on a trusted execution environment, the aforementioned key management device allows the receiving and sending ends to focus their computing resources more on the subsequent encryption or decryption process without needing to concern themselves with the correctness of the original key received by each other.
[0091] Similarly, this specification does not restrict the order between S403 and S404. They can be executed in parallel or in a serial order. After the key management device successfully sends multiple sets of original keys to the sending end, the sending end can immediately execute the subsequent S405.
[0092] It should be noted that in the process of the receiving end and the sending end interacting with the trusted execution environment of the key management device, such as S401, S403 and S404, multiple data can be processed by the trusted execution environment at one time through batch processing, which reduces the average number of times to read or write to the trusted execution environment, thereby optimizing the overall transmission efficiency.
[0093] S405. The sending end encrypts the original data with the same index in the multiple sets of original data according to each of the multiple sets of original keys to obtain multiple sets of encrypted data.
[0094] After receiving the multiple sets of original keys, the sending end can match and encrypt the original data by matching the indices of the original keys with the indices of the original data sets it maintains. For example, in the case of a two-to-one OT (On-Time) operation, the sending end can maintain original data m0 with index "0" and m1 with index "1". The multiple sets of original keys can include key w0 with index "0" and key w1 with index "1". Since m0 and w0, and m1 and w1 have the same index, w0 can be encrypted based on m0, and w1 can be encrypted based on m1 to obtain two sets of corresponding encrypted data c0 and c1. For example, as mentioned above, the content of different original keys can change the encryption method of the key. Taking the original key as a set of characters as an example, the sending end can perform an XOR operation on each set of original keys with the same index and the original data to quickly and efficiently obtain the corresponding encrypted data.
[0095] S406. The sending end sends multiple sets of encrypted data to the receiving end.
[0096] S407. The receiving end decrypts the encrypted data corresponding to the target index in multiple sets of encrypted data according to the target key to obtain the original target data.
[0097] Once the receiving end receives the multiple sets of encrypted data, it can query the encrypted data with the same target index from among the multiple sets of encrypted data, and decrypt the encrypted data using the target key to obtain the original target data. For example, as mentioned above, assuming the target index sent by the receiving end is "1", then it can decrypt the encrypted data c0 and c1 corresponding to index "1" using the target key. Of course, the receiving end can also try to decrypt other encrypted data whose index is not the target index, but since the encryption keys for different encrypted data are different, the decrypted data is usually not readable.
[0098] For example, as mentioned above, the content of different original keys can change the encryption method of the key. Taking the original key as a set of characters again, the receiving end can determine the target key and encrypted data corresponding to the target index, and perform an XOR operation on the target key and the encrypted data. Since the content of the original data remains unchanged after two XOR operations with the same key, the encrypted data after the XOR operation is the original data corresponding to the target index in the sending end.
[0099] Figure 5 This is a schematic flowchart illustrating an exemplary embodiment of a data transmission method based on an unintentional transmission protocol. Figure 5 As shown, the method is applied to a key management device equipped with a trusted execution environment, and the method includes:
[0100] S501, obtain the target index sent by the receiving end, and generate multiple sets of original keys in the trusted execution environment, wherein the multiple sets of original keys include the target key corresponding to the target index.
[0101] S502, the multiple sets of original keys are sent to the sending end, and the target key is sent to the receiving end, so that the sending end: encrypts the original data with the same index in the multiple sets of original data according to each of the multiple sets of original keys to obtain multiple sets of encrypted data, and sends the multiple sets of encrypted data to the receiving end; and the receiving end: decrypts the encrypted data corresponding to the target index in the multiple sets of encrypted data according to the target key to obtain the target original data.
[0102] As mentioned above, the original key is randomly generated by the key management device within the trusted execution environment.
[0103] As mentioned above, the method further includes:
[0104] The receiving end and the sending end are authenticated based on a preset authentication interaction protocol.
[0105] Upon successful authentication, corresponding credentials are distributed to the receiving end and the sending end respectively, so that the receiving end and the sending end can establish data transmission connections with the key management device based on the obtained credentials. The credentials contain at least the identity identifier of the credential holder.
[0106] As mentioned above, the key management device is a blockchain node in a blockchain network;
[0107] The step of obtaining the target index sent by the receiving end includes: obtaining the key generation transaction initiated by the receiving end to the blockchain node;
[0108] The step of generating multiple sets of original keys in the trusted execution environment includes: executing a corresponding key generation contract in the trusted execution environment according to the key generation transaction to generate multiple sets of original keys corresponding to different indices, and the target index contained in the key generation transaction is provided as an input parameter to the key generation contract, so that the transaction receipt corresponding to the key generation transaction contains a first event carrying the multiple sets of original keys and a second event carrying the target key corresponding to the target index.
[0109] The step of sending the multiple sets of original keys to the sending end and sending the target key corresponding to the target index from the multiple sets of original keys to the receiving end includes: in response to a first event that is detected, sending the original key contained in the first event to the sending end; in response to a second event that is detected, sending the original key contained in the second event to the receiving end.
[0110] Figure 6 This is a schematic flowchart illustrating another data transmission method based on an unintentional transmission protocol, as shown in an exemplary embodiment of this specification. Figure 6 As shown, this method is applied to the sending end, which maintains multiple sets of original data corresponding to different indices. The method includes:
[0111] S601, receive multiple sets of raw keys from the key management device. The multiple sets of raw keys are generated within the trusted execution environment mounted on the key management device and each corresponds to a different index.
[0112] S602, based on each of the multiple sets of original keys, encrypt the original data with the same index in the multiple sets of original data to obtain multiple sets of encrypted data.
[0113] S603, the multiple sets of encrypted data are sent to the receiving end, so that the receiving end can decrypt the encrypted data corresponding to the target index in the multiple sets of encrypted data according to the target key to obtain the target original data.
[0114] As mentioned above, the original key is randomly generated by the key management device within the trusted execution environment.
[0115] As mentioned above, the original key is a set of characters;
[0116] The step of encrypting the original data with the same index in the multiple sets of original data according to each of the multiple sets of original keys includes:
[0117] Perform an XOR operation on each group of original keys and original data with the same index.
[0118] The step of decrypting the encrypted data corresponding to the target index in the plurality of encrypted data according to the target key includes:
[0119] The receiving end determines the target key and encrypted data corresponding to the target index, and performs an XOR operation on the target key and the encrypted data.
[0120] As mentioned above, the key management device is a blockchain node in the blockchain network; the multiple sets of original keys are generated by the key management device executing the corresponding key generation contract in the trusted execution environment according to the key generation transaction sent by the receiving end, so that the transaction receipt corresponding to the key generation transaction contains a first event carrying the multiple sets of original keys respectively.
[0121] Receiving multiple sets of raw keys from the key management device includes: receiving the raw key contained in a first event sent by the key management device in response to a first event detected by the key management device.
[0122] Figure 7 This is a schematic flowchart illustrating another data transmission method based on an unintentional transmission protocol, as shown in an exemplary embodiment of this specification. Figure 7 As shown, this method is applied to the receiving end, and the method includes:
[0123] S701, the target index is sent to the key management device, so that the key management device generates multiple sets of original keys corresponding to different indices in its own trusted execution environment, and sends the multiple sets of original keys to the sending end, and sends the target key corresponding to the target index in the multiple sets of original keys to the receiving end.
[0124] S702, receive the target key returned by the key management device, and multiple sets of encrypted data sent by the sending end. The sending end maintains multiple sets of original data corresponding to different indices. The multiple sets of encrypted data are obtained by the sending end encrypting the original data with the same index in the multiple sets of original data according to each original key in the multiple sets of original keys.
[0125] S703, decrypt the encrypted data corresponding to the target index in the multiple sets of encrypted data according to the target key to obtain the target original data.
[0126] As mentioned above, the original key is randomly generated by the key management device within the trusted execution environment.
[0127] As mentioned above, the original key is a set of characters;
[0128] The step of encrypting the original data with the same index in the multiple sets of original data according to each of the multiple sets of original keys includes:
[0129] The sending end performs an XOR operation on each group of original keys and original data with the same index;
[0130] The step of decrypting the encrypted data corresponding to the target index in the plurality of encrypted data according to the target key includes:
[0131] Determine the target key and encrypted data corresponding to the target index, and perform an XOR operation on the target key and the encrypted data.
[0132] As mentioned above, the key management device is a blockchain node in a blockchain network;
[0133] Sending the target index to the key management device includes: initiating a key generation transaction to the blockchain node, so that the key management device executes the corresponding key generation contract in the trusted execution environment according to the key generation transaction to generate multiple sets of original keys corresponding to different indices, and the target index contained in the key generation transaction is provided as an input parameter to the key generation contract, so that the transaction receipt corresponding to the key generation transaction contains a second event carrying the target key corresponding to the target index;
[0134] Receiving the target key returned by the key management device includes: receiving the original key contained in the second event returned by the key management device in response to the monitored second event.
[0135] As can be seen from the above embodiments, the solution in this specification only requires simple "encryption and decryption" operations on the transmitted message itself during the entire unintentional transmission process, avoiding computationally intensive algorithms such as asymmetric and symmetric encryption involved in related technologies, thus significantly improving the data transmission efficiency.
[0136] Figure 8 This is a schematic structural diagram of an electronic device according to an exemplary embodiment. Please refer to... Figure 8 At the hardware level, the electronic device includes a processor, internal bus, network interface, memory, and non-volatile memory, and may also include other necessary hardware. The processor reads the corresponding computer program from the non-volatile memory into memory and then executes it, forming a data transmission device based on an implicit transfer protocol at the logical level. Of course, in addition to software implementation, this specification does not exclude other implementation methods, such as logic devices or a combination of hardware and software, etc. That is to say, the execution subject of the following processing flow is not limited to individual logic units, but can also be hardware or logic devices.
[0137] Corresponding to the aforementioned embodiments of the data transmission method based on the unintentional transmission protocol, this specification also provides embodiments of a data transmission apparatus based on the unintentional transmission protocol. Furthermore, while ensuring data security, the trusted execution environment does not require pre-computation of the generation and distribution of raw keys such as random numbers, has no quantity limit, and the interaction with the trusted execution environment can be further optimized through batch processing to improve the throughput of interactive data between the sender and receiver.
[0138] Please refer to Figure 9 , Figure 9 This is a schematic diagram illustrating the structure of a data transmission device based on an inadvertent transmission protocol, as shown in an exemplary embodiment. Figure 9 As shown, in a software implementation, the device is applied to a key management device, which is equipped with a trusted execution environment and may include:
[0139] The key generation unit 901 is used to obtain the target index sent by the receiving end and generate multiple sets of original keys in the trusted execution environment, wherein the multiple sets of original keys include the target key corresponding to the target index.
[0140] The key sending unit 902 is used to send the multiple sets of original keys to the sending end and the target key to the receiving end, so that the sending end: encrypts the original data with the same index in the multiple sets of original data according to each of the multiple sets of original keys to obtain multiple sets of encrypted data, and sends the multiple sets of encrypted data to the receiving end; and the receiving end: decrypts the encrypted data corresponding to the target index in the multiple sets of encrypted data according to the target key to obtain the target original data.
[0141] Optionally, the original key is randomly generated by the key management device within the trusted execution environment.
[0142] Optionally, the device further includes:
[0143] The authentication unit 903 is used to authenticate the receiving end and the sending end based on a preset authentication interaction protocol.
[0144] Upon successful authentication, corresponding credentials are distributed to the receiving end and the sending end respectively, so that the receiving end and the sending end can establish data transmission connections with the key management device based on the obtained credentials. The credentials contain at least the identity identifier of the credential holder.
[0145] Optionally, the key management device is a blockchain node in a blockchain network;
[0146] The key generation unit 901 is specifically used for:
[0147] According to the key generation transaction, the corresponding key generation contract is executed in the trusted execution environment to generate multiple sets of original keys corresponding to different indices. The target index contained in the key generation transaction is provided as an input parameter to the key generation contract, so that the transaction receipt corresponding to the key generation transaction contains a first event carrying the multiple sets of original keys and a second event carrying the target key corresponding to the target index.
[0148] The key sending unit 902 is specifically used for:
[0149] In response to a first event detected, the original key contained in the first event is sent to the sending end; in response to a second event detected, the original key contained in the second event is sent to the receiving end.
[0150] Please refer to Figure 10 , Figure 10 This is a schematic diagram illustrating the structure of another data transmission device based on an unintentional transmission protocol, as shown in an exemplary embodiment. Figure 10 As shown, in the software implementation, this is applied to the sending end, which maintains multiple sets of raw data corresponding to different indices, which may include:
[0151] The key receiving unit 1001 is used to receive multiple sets of raw keys from the key management device. The multiple sets of raw keys are generated in the trusted execution environment carried by the key management device and each corresponds to a different index.
[0152] The data encryption unit 1002 is used to encrypt the original data with the same index in the multiple sets of original data according to each of the multiple sets of original keys to obtain multiple sets of encrypted data.
[0153] The encrypted data sending unit 1003 is used to send the multiple sets of encrypted data to the receiving end, so that the receiving end can decrypt the encrypted data corresponding to the target index in the multiple sets of encrypted data according to the target key to obtain the target original data.
[0154] Optionally, the original key is randomly generated by the key management device within the trusted execution environment.
[0155] Optionally, the original key is a set of characters;
[0156] The data encryption unit 1002 is specifically used for:
[0157] Perform an XOR operation on each group of original keys and original data with the same index.
[0158] The encrypted data sending unit 1003 is specifically used for:
[0159] The receiving end determines the target key and encrypted data corresponding to the target index, and performs an XOR operation on the target key and the encrypted data.
[0160] Optionally, the key management device is a blockchain node in a blockchain network; the multiple sets of original keys are generated by the key management device executing a corresponding key generation contract in the trusted execution environment according to the key generation transaction sent by the receiving end to generate multiple sets of original keys corresponding to different subscripts, so that the transaction receipt corresponding to the key generation transaction contains a first event carrying the multiple sets of original keys respectively.
[0161] The key receiving unit 1001 is specifically used to: receive the original key contained in the first event sent by the key management device in response to the first event detected by the monitoring device.
[0162] Please refer to Figure 11 , Figure 11 This is a schematic diagram illustrating the structure of another data transmission device based on an unintentional transmission protocol, as shown in an exemplary embodiment. Figure 11 As shown, in the software implementation, the application at the receiving end may include:
[0163] The target index sending unit 1101 is used to send the target index to the key management device, so that the key management device generates multiple sets of original keys corresponding to different indices in its own trusted execution environment, and sends the multiple sets of original keys to the sending end and sends the target key corresponding to the target index among the multiple sets of original keys to the receiving end.
[0164] The data receiving unit 1102 is used to receive the target key returned by the key management device and multiple sets of encrypted data sent by the sending end. The sending end maintains multiple sets of original data corresponding to different indices. The multiple sets of encrypted data are obtained by the sending end encrypting the original data with the same index in the multiple sets of original data according to each original key in the multiple sets of original keys.
[0165] The data decryption unit 1103 is used to decrypt the encrypted data corresponding to the target index in the plurality of encrypted data according to the target key, so as to obtain the target original data.
[0166] Optionally, the original key is randomly generated by the key management device within the trusted execution environment.
[0167] Optionally, the original key is a set of characters;
[0168] The data receiving unit 1102 is specifically used for:
[0169] The sending end performs an XOR operation on each group of original keys and original data with the same index;
[0170] The data decryption unit 1103 is specifically used for:
[0171] Determine the target key and encrypted data corresponding to the target index, and perform an XOR operation on the target key and the encrypted data.
[0172] Optionally, the key management device is a blockchain node in a blockchain network;
[0173] The target index sending unit 1101 is specifically used for:
[0174] A key generation transaction is initiated to the blockchain node, so that the key management device executes the corresponding key generation contract in the trusted execution environment according to the key generation transaction to generate multiple sets of original keys corresponding to different indices. The target index contained in the key generation transaction is provided as an input parameter to the key generation contract, so that the transaction receipt corresponding to the key generation transaction contains a second event carrying the target key corresponding to the target index.
[0175] The data receiving unit 1102 is specifically used for:
[0176] The original key contained in the second event returned by the key management device in response to the monitored second event is received.
[0177] The specific implementation process of the functions and roles of each unit in the above device can be found in the implementation process of the corresponding steps in the above method, and will not be repeated here.
[0178] For the device embodiments, since they basically correspond to the method embodiments, the relevant parts can be referred to in the description of the method embodiments. The device embodiments described above are merely illustrative. The units described as separate components may or may not be physically separate, and the components shown as units may or may not be physical units, that is, they may be located in one place or distributed across multiple network units. Some or all of the modules can be selected to achieve the purpose of the solution in this specification according to actual needs. Those skilled in the art can understand and implement this without creative effort.
[0179] The embodiments of the subject matter and functional operation described in this specification can be implemented in the following ways: digital electronic circuits, tangibly embodied computer software or firmware, computer hardware including the structures disclosed in this specification and their structural equivalents, or combinations thereof. Embodiments of the subject matter described in this specification can be implemented as one or more computer programs, i.e., one or more modules of computer program instructions encoded on a tangible, non-transitory program carrier for execution by a data processing apparatus or for controlling the operation of a data processing apparatus. Alternatively or additionally, the program instructions may be encoded on artificially generated propagation signals, such as machine-generated electrical, optical, or electromagnetic signals, which are generated to encode information and transmit it to a suitable receiving device for execution by the data processing apparatus. The computer storage medium may be a machine-readable storage device, a machine-readable storage substrate, a random or serial access memory device, or combinations thereof.
[0180] The processing and logic flow described in this specification can be executed by one or more programmable computers that execute one or more computer programs to perform corresponding functions by operating on input data and generating output. The processing and logic flow can also be executed by dedicated logic circuitry—such as FPGAs (Field-Programmable Gate Arrays) or ASICs (Application-Specific Integrated Circuits), and the device can also be implemented as dedicated logic circuitry.
[0181] Suitable computers for executing computer programs include, for example, general-purpose and / or special-purpose microprocessors, or any other type of central processing unit. Typically, the central processing unit receives instructions and data from read-only memory and / or random access memory. The basic components of a computer include a central processing unit for implementing or executing instructions and one or more memory devices for storing instructions and data. Typically, a computer will also include one or more mass storage devices for storing data, such as disks, magneto-optical disks, or optical disks, or the computer will be operatively coupled to such mass storage devices to receive data from or transfer data to them, or both. However, a computer is not required to have such devices. Furthermore, a computer can be embedded in another device, such as a mobile phone, a personal digital assistant (PDA), a mobile audio or video player, a game console, a global positioning system (GPS) receiver, or a portable storage device such as a universal serial bus (USB) flash drive, to name a few.
[0182] Computer-readable media suitable for storing computer program instructions and data include all forms of non-volatile memory, media, and memory devices, such as semiconductor memory devices (e.g., EPROM, EEPROM, and flash memory devices), magnetic disks (e.g., internal hard disks or removable disks), magneto-optical disks, and CD-ROM and DVD-ROM disks. Processors and memory may be supplemented by or incorporated into dedicated logic circuitry.
[0183] While this specification contains numerous specific implementation details, these should not be construed as limiting the scope of any invention or the scope of the claims, but rather are primarily intended to describe features of specific embodiments of a particular invention. Certain features described in the various embodiments herein may also be implemented in combination in a single embodiment. Conversely, various features described in a single embodiment may also be implemented separately in various embodiments or in any suitable sub-combination. Furthermore, while features may function in certain combinations as described above and even initially claimed in this way, one or more features from a claimed combination may be removed from that combination in some cases, and a claimed combination may refer to a sub-combination or a variation thereof.
[0184] Similarly, although the operations are depicted in a specific order in the accompanying drawings, this should not be construed as requiring these operations to be performed in the specific order shown or sequentially, or requiring all illustrated operations to be performed to achieve the desired result. In some cases, multitasking and parallel processing may be advantageous. Furthermore, the separation of various system modules and components in the above embodiments should not be construed as requiring such separation in all embodiments, and it should be understood that the described program components and systems can generally be integrated together in a single software product or packaged into multiple software products.
[0185] Therefore, specific embodiments of the subject matter have been described. Furthermore, the processes depicted in the figures are not necessarily shown in a specific order or sequence to achieve the desired result. In some implementations, multitasking and parallel processing may be advantageous.
[0186] The above description is merely a preferred embodiment of this specification and is not intended to limit this specification. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of this specification should be included within the scope of protection of this specification.
Claims
1. A data transmission system based on an unintentional transmission protocol, comprising: The system comprises a key management device, a sender, and a receiver. The key management device is equipped with a trusted execution environment. The sender maintains multiple sets of original data corresponding to different indices. The key management device is a blockchain node in the blockchain network. The key management device is configured to acquire a target index sent by a receiving end, including: the key management device acquiring a key generation transaction initiated by the receiving end to the blockchain node; and generating multiple sets of original keys corresponding to different indices within the trusted execution environment, including: executing a corresponding key generation contract within the trusted execution environment according to the key generation transaction to generate multiple sets of original keys corresponding to different indices, wherein the target index contained in the key generation transaction is provided as an input parameter to the key generation contract, so that the transaction receipt corresponding to the key generation transaction contains a first event carrying the multiple sets of original keys and a second event carrying a target key corresponding to the target index, and sending the multiple sets of original keys to the sending end and sending the target key corresponding to the target index from the multiple sets of original keys to the receiving end, including: in response to the first event being monitored, sending the original key contained in the first event to the sending end; in response to the second event being monitored, sending the original key contained in the second event to the receiving end, wherein the original key is randomly generated by the key management device within the trusted execution environment, and the random generation method conforms to the one-time pad encryption method; The sending end is configured to encrypt the original data with the same index in the multiple sets of original data according to each of the multiple sets of original keys to obtain multiple sets of encrypted data, and send the multiple sets of encrypted data to the receiving end. The receiving end is used to decrypt the encrypted data corresponding to the target index in the multiple sets of encrypted data according to the target key, so as to obtain the target original data.
2. The system according to claim 1, wherein the original key is a set of characters; The step of encrypting the original data with the same index in the multiple sets of original data according to each of the multiple sets of original keys includes: The sending end performs an XOR operation on each group of original keys and original data with the same index; The step of decrypting the encrypted data corresponding to the target index in the plurality of encrypted data according to the target key includes: The receiving end determines the target key and encrypted data corresponding to the target index, and performs an XOR operation on the target key and the encrypted data.
3. The system according to claim 1, wherein the key management device is further configured to: The receiving end and the sending end are authenticated based on a preset authentication interaction protocol. Upon successful authentication, corresponding credentials are distributed to the receiving end and the sending end respectively, so that the receiving end and the sending end can establish data transmission connections with the key management device based on the obtained credentials. The credentials contain at least the identity identifier of the credential holder.
4. A data transmission method based on an unintentional transmission protocol, applied to a key management device, wherein the key management device is equipped with a trusted execution environment and is a blockchain node in a blockchain network, the method comprising: The target index sent by the receiving end is obtained, and multiple sets of original keys are generated in the trusted execution environment. The multiple sets of original keys include the target key corresponding to the target index. The original key is randomly generated by the key management device in the trusted execution environment. The random generation method conforms to the one-time pad encryption method. The multiple sets of original keys are sent to the sending end, and the target key is sent to the receiving end, so that the sending end: encrypts the original data with the same index in the multiple sets of original data according to each of the multiple sets of original keys to obtain multiple sets of encrypted data, and sends the multiple sets of encrypted data to the receiving end; and the receiving end: decrypts the encrypted data corresponding to the target index in the multiple sets of encrypted data according to the target key to obtain the target original data; The step of obtaining the target index sent by the receiving end includes: obtaining the key generation transaction initiated by the receiving end to the blockchain node; The step of generating multiple sets of original keys in the trusted execution environment includes: executing a corresponding key generation contract in the trusted execution environment according to the key generation transaction to generate multiple sets of original keys corresponding to different indices, and the target index contained in the key generation transaction is provided as an input parameter to the key generation contract, so that the transaction receipt corresponding to the key generation transaction contains a first event carrying the multiple sets of original keys and a second event carrying the target key corresponding to the target index. The step of sending the multiple sets of original keys to the sending end and sending the target key to the receiving end includes: in response to a first event that is detected, sending the original key contained in the first event to the sending end; and in response to a second event that is detected, sending the original key contained in the second event to the receiving end.
5. The method according to claim 4, further comprising: The receiving end and the sending end are authenticated based on a preset authentication interaction protocol. Upon successful authentication, corresponding credentials are distributed to the receiving end and the sending end respectively, so that the receiving end and the sending end can establish data transmission connections with the key management device based on the obtained credentials. The credentials contain at least the identity identifier of the credential holder.
6. A data transmission method based on an unintentional transmission protocol, applied at a sending end, wherein the sending end maintains multiple sets of original data corresponding to different indices, the method comprising: The system receives multiple sets of raw keys from a key management device. These raw keys are generated within a trusted execution environment (TEX) on the key management device and correspond to different indices. The raw keys are randomly generated by the key management device within the TEX, and the random generation method conforms to one-time pad encryption. The key management device is a blockchain node in a blockchain network. The system generates these raw keys by executing a corresponding key generation contract within the TEX based on a key generation transaction initiated by the receiving end to the blockchain node. The target index included in the key generation transaction is provided as an input parameter to the key generation contract, so that the transaction receipt corresponding to the key generation transaction includes a first event carrying the multiple sets of raw keys. Each of the multiple sets of original keys is used to encrypt the original data with the same index in the multiple sets of original data to obtain multiple sets of encrypted data. The multiple sets of encrypted data are sent to the receiving end, so that the receiving end can decrypt the encrypted data corresponding to the target index in the multiple sets of encrypted data according to the target key to obtain the target original data; Receiving multiple sets of raw keys from the key management device includes: receiving the raw key contained in a first event sent by the key management device in response to a first event detected by the key management device.
7. The method according to claim 6, wherein the original key is a set of characters; The step of encrypting the original data with the same index in the multiple sets of original data according to each of the multiple sets of original keys includes: Perform an XOR operation on each group of original keys and original data that have the same index; The step of decrypting the encrypted data corresponding to the target index in the plurality of encrypted data according to the target key includes: The receiving end determines the target key and encrypted data corresponding to the target index, and performs an XOR operation on the target key and the encrypted data.
8. The method according to claim 6, wherein the key management device is a blockchain node in a blockchain network; the multiple sets of original keys are generated by the key management device executing a corresponding key generation contract in the trusted execution environment according to the key generation transaction sent by the receiving end to generate multiple sets of original keys corresponding to different indices, so that the transaction receipt corresponding to the key generation transaction contains a first event carrying the multiple sets of original keys respectively. The receiving of multiple sets of raw keys from the key management device includes: The original key contained in the first event sent by the key management device in response to the first event detected by the monitoring device is received.
9. A data transmission method based on an unintentional transmission protocol, applied at a receiving end, the method comprising: The target index is sent to the key management device, which generates multiple sets of original keys corresponding to different indices within its trusted execution environment. The set of original keys is then sent to the sending end, and the target key corresponding to the target index is sent to the receiving end. The original key is randomly generated by the key management device within the trusted execution environment, and the random generation method conforms to the one-time pad encryption method. The key management device is a blockchain node in the blockchain network. The system receives the target key returned by the key management device and multiple sets of encrypted data sent by the sending end. The sending end maintains multiple sets of original data corresponding to different indices. The multiple sets of encrypted data are obtained by the sending end encrypting the original data with the same index in the multiple sets of original data according to each of the multiple sets of original keys. The encrypted data corresponding to the target index in the multiple sets of encrypted data is decrypted according to the target key to obtain the original target data; Sending the target index to the key management device includes: initiating a key generation transaction to the blockchain node, so that the key management device executes the corresponding key generation contract in the trusted execution environment according to the key generation transaction to generate multiple sets of original keys corresponding to different indices, and the target index contained in the key generation transaction is provided as an input parameter to the key generation contract, so that the transaction receipt corresponding to the key generation transaction contains a second event carrying the target key corresponding to the target index; Receiving the target key returned by the key management device includes: receiving the original key contained in the second event returned by the key management device in response to the monitored second event.
10. The method according to claim 9, wherein the original key is a set of characters; The step of encrypting the original data with the same index in the multiple sets of original data according to each of the multiple sets of original keys includes: The sending end performs an XOR operation on each group of original keys and original data with the same index; The step of decrypting the encrypted data corresponding to the target index in the plurality of encrypted data according to the target key includes: Determine the target key and encrypted data corresponding to the target index, and perform an XOR operation on the target key and the encrypted data.
11. The method according to claim 9, wherein the key management device is a blockchain node in a blockchain network; Sending the target index to the key management device includes: initiating a key generation transaction to the blockchain node, so that the key management device executes the corresponding key generation contract in the trusted execution environment according to the key generation transaction to generate multiple sets of original keys corresponding to different indices, and the target index contained in the key generation transaction is provided as an input parameter to the key generation contract, so that the transaction receipt corresponding to the key generation transaction contains a second event carrying the target key corresponding to the target index; Receiving the target key returned by the key management device includes: receiving the original key contained in the second event returned by the key management device in response to the monitored second event.
12. A data transmission device based on an unintentional transmission protocol, applied to a key management device, the key management device being equipped with a trusted execution environment, the key management device being a blockchain node in a blockchain network, the device comprising: A key generation unit is used to obtain the target index sent by the receiving end and generate multiple sets of original keys in the trusted execution environment. The multiple sets of original keys include a target key corresponding to the target index. The original keys are randomly generated by the key management device in the trusted execution environment. The random generation method conforms to the one-time pad encryption method. A key sending unit is configured to send the multiple sets of original keys to a sending end and the target key to a receiving end, so that the sending end: encrypts the original data with the same index in the multiple sets of original data according to each of the multiple sets of original keys to obtain multiple sets of encrypted data, and sends the multiple sets of encrypted data to the receiving end; and the receiving end: decrypts the encrypted data corresponding to the target index in the multiple sets of encrypted data according to the target key to obtain the target original data. The key generation unit is specifically used for: The receiving end initiates a key generation transaction to the blockchain node; according to the key generation transaction, the corresponding key generation contract is executed in the trusted execution environment to generate multiple sets of original keys corresponding to different indices, and the target index contained in the key generation transaction is provided as an input parameter to the key generation contract, so that the transaction receipt corresponding to the key generation transaction contains a first event carrying the multiple sets of original keys and a second event carrying the target key corresponding to the target index; The key sending unit is specifically used for: In response to a first event detected, the original key contained in the first event is sent to the sending end; in response to a second event detected, the original key contained in the second event is sent to the receiving end.
13. A data transmission device based on an unintentional transmission protocol, applied at a sending end, wherein the sending end maintains multiple sets of raw data corresponding to different indices, the device comprising: A key receiving unit is configured to receive multiple sets of raw keys from a key management device. These raw keys are generated within a trusted execution environment (TEX) on the key management device and each corresponds to a different index. The raw keys are randomly generated by the key management device within the TEX, and the random generation conforms to a one-time pad encryption method. The key management device is a blockchain node in a blockchain network. The multiple sets of raw keys are generated by the key management device executing a corresponding key generation contract within the TEX based on a key generation transaction initiated by the receiving end to the blockchain node. The target index included in the key generation transaction is provided as an input parameter to the key generation contract, so that the transaction receipt corresponding to the key generation transaction includes a first event carrying the multiple sets of raw keys. The data encryption unit is used to encrypt the original data with the same index in the multiple sets of original data according to each of the multiple sets of original keys to obtain multiple sets of encrypted data. An encrypted data sending unit is used to send the multiple sets of encrypted data to the receiving end, so that the receiving end can decrypt the encrypted data corresponding to the target index in the multiple sets of encrypted data according to the target key to obtain the target original data; The key receiving unit is specifically used for: The original key contained in the first event sent by the key management device in response to the first event detected by the monitoring device is received.
14. A data transmission device based on an unintentional transmission protocol, applied at a receiving end, the device comprising: The target index sending unit is used to send the target index to the key management device, so that the key management device generates multiple sets of original keys corresponding to different indices in its trusted execution environment, and sends the multiple sets of original keys to the sending end and sends the target key corresponding to the target index in the multiple sets of original keys to the receiving end. The original key is randomly generated by the key management device in the trusted execution environment, and the random generation method conforms to the one-time one-key encryption method. The key management device is a blockchain node in the blockchain network. The data receiving unit is used to receive the target key returned by the key management device and multiple sets of encrypted data sent by the sending end. The sending end maintains multiple sets of original data corresponding to different indices. The multiple sets of encrypted data are obtained by the sending end encrypting the original data with the same index in the multiple sets of original data according to each of the multiple sets of original keys. The data decryption unit is used to decrypt the encrypted data corresponding to the target index in the plurality of encrypted data according to the target key, so as to obtain the target original data; The target index sending unit is specifically used to: initiate a key generation transaction to the blockchain node, so that the key management device executes the corresponding key generation contract in the trusted execution environment according to the key generation transaction to generate multiple sets of original keys corresponding to different indices, and the target index contained in the key generation transaction is provided as an input parameter to the key generation contract, so that the transaction receipt corresponding to the key generation transaction contains a second event carrying the target key corresponding to the target index; The data receiving unit is specifically used to: receive the original key contained in the second event returned by the key management device in response to the monitored second event.
15. A computer-readable storage medium having a computer program stored thereon, the program being executed by a processor to implement the steps of the method as claimed in any one of claims 4 to 11.
16. An electronic device comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor, when executing the program, implements the steps of the method as claimed in any one of claims 4 to 11.