Smart contract-based differential fine-grained ownership transfer method and system
By setting permission thresholds and ownership shares on the blockchain, and using smart contracts and the Lagrange four-square theorem to generate interval proofs, a dynamic and effective user ring is constructed, realizing fine-grained data ownership transfer in a cloud storage environment. This solves the problems of high encryption overhead, security risks, and transaction fragmentation in existing technologies, and improves transfer efficiency and security.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- SUQIAN COLLEGE
- Filing Date
- 2026-04-27
- Publication Date
- 2026-06-05
AI Technical Summary
Existing technologies for transferring data ownership in cloud storage environments suffer from several problems, including high overhead for full data re-encryption, security risks due to reliance on trusted third parties, lack of fine-grained ownership transfer mechanisms, lack of share verification mechanisms, and separation of ownership transfer from fund settlement. These issues result in low transfer efficiency and difficulty in preventing malicious transactions.
By setting minimum permission thresholds and ownership shares through smart contracts on the blockchain, generating interval proofs using the Lagrange four-square theorem, constructing a dynamic and valid user ring, dynamically negotiating joint keys for double-layer encryption, and uniformly executing ownership share transfers, signature verification, and fund settlement through smart contracts, fine-grained privacy-preserving permission management and data encryption are achieved, ensuring data security and transaction atomicity.
It enables efficient and secure fine-grained data ownership transfer without relying on third parties, improving transfer efficiency and security, preventing malicious transactions, and ensuring the timeliness and integrity of data access.
Smart Images

Figure CN122153940A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of blockchain technology, and in particular to a method and system for fine-grained differential ownership transfer based on smart contracts. Background Technology
[0002] With the rapid development of cloud storage technology, more and more individuals and enterprises are choosing to upload large amounts of data to the cloud for storage to reduce local data maintenance costs and improve the flexibility of data access. In application scenarios such as metaverse digital asset trading, cross-institutional collaborative research and development, and smart healthcare data sharing, the transfer of data ownership between multiple entities is frequently required. How to securely and efficiently achieve the transfer of data ownership in a cloud storage environment has become an important research direction in the field of data security storage.
[0003] Currently, some solutions have achieved controlled access and ownership transfer of cloud data, but they still suffer from technical shortcomings such as excessive overhead of full data re-encryption, security risks associated with relying on trusted third parties, lack of fine-grained ownership transfer mechanisms, lack of share verification mechanisms, and separation of ownership transfer from fund settlement. Specifically, some existing solutions rely on re-encrypting all data to achieve ownership transfer. After user permissions change, to prevent unauthorized users from continuing to access the data, all data stored in the cloud must be downloaded, decrypted, re-encrypted, and then uploaded again. For large files in the GB or even TB range, this re-encryption method incurs huge computational and communication overhead, making it difficult to meet the dynamic ownership transfer needs in high-frequency, large-file scenarios. Centralized permission management solutions based on trusted third parties rely on third-party nodes for key distribution and user permission management. Once the central node is compromised or malicious behavior occurs, the security of the entire system will be compromised, and the user privacy information recorded on the central node will also be at risk of leakage. Furthermore, existing ownership transfer mechanisms are usually based on full transfer, unable to perform secure fine-grained transfers according to specific proportions, making them difficult to adapt to complex application scenarios involving multiple participants and dynamically changing shares. Currently, there is a scheme that supports share transfer in an unencrypted state, allowing ownership to be transferred in fractional form. However, it lacks a compliance verification mechanism for shares in an encrypted state, and it also fails to verify whether the initiator's remaining shares after the transfer are within a normal range. This could lead to malicious users initiating transactions with negative or excessive shares, thereby illegally obtaining data access rights. Many schemes separate ownership transfer from fund settlement, creating inconsistencies between on-chain ownership transfer and off-chain fund settlement. This can easily result in issues such as not receiving ownership after payment or not receiving payment after ownership transfer, reducing the reliability of the transaction process.
[0004] Therefore, traditional ownership transfer methods often suffer from low transfer efficiency and difficulty in preventing malicious transactions because they rely on data re-encryption and trusted third parties, only support coarse-grained overall transfers, and cannot securely verify the legality of transactions in encrypted form. Summary of the Invention
[0005] In order to solve the above-mentioned technical problems, a method and system for fine-grained ownership transfer based on smart contracts is provided, which can realize fine-grained privacy transfer of ownership and improve the efficiency, security and reliability of ownership transfer.
[0006] A method for fine-grained differential ownership transfer based on smart contracts, the method comprising:
[0007] Set minimum permission thresholds and ownership shares through smart contracts on the blockchain, and publish global public parameters;
[0008] Each user calculates their share commitment based on their own ownership share, generates an interval proof using the Lagrange four-square theorem, and submits the interval proof to the smart contract; after the smart contract verifies the proof, users are selected based on the minimum permission threshold to construct a dynamic and valid user ring;
[0009] Users within the dynamic effective user ring dynamically negotiate and generate a joint key by exchanging blinding factors and ring differential values. They then use the inner encryption key derived from the plaintext to encrypt the data to obtain the inner ciphertext, and use the outer encryption key to perform stream encryption to obtain the outer ciphertext. The inner encryption key is then encapsulated into a digital envelope, and the outer ciphertext and the digital envelope are sent to the cloud service provider for storage.
[0010] The ownership initiator sends the ownership share in encryption to the receiving user. After confirmation, the receiving user submits a signature and funds to the smart contract. The ownership initiator generates a share conservation proof and submits it to the smart contract. After the smart contract verifies that the signature and share conservation proof are valid, it automatically updates the share commitment in the ownership vector table and completes the fund settlement.
[0011] The smart contract removes users with zero ownership, reconstructs the valid user ring based on the updated ownership vector table, generates a new outer encryption key, and generates a key difference token. The ownership initiator user sends the key difference token and the updated digital envelope to the cloud service provider, which performs a differential update on the outer ciphertext without decrypting the full data.
[0012] Users in the updated valid user ring download the updated outer ciphertext and digital envelope from the cloud service provider. The smart contract resolves multi-writer concurrency conflicts based on proof-of-share and randomly elects auditors according to ownership shares to verify data integrity.
[0013] In one embodiment, a minimum permission threshold and ownership share are set via a smart contract on the blockchain, and globally public parameters are published, including:
[0014] A safe prime number is selected through a smart contract on the blockchain, a multiplicative cyclic group of order of the safe prime number is constructed, and a hash function is configured.
[0015] The smart contract sets ownership share, minimum read permission threshold, and minimum read / write permission threshold, and encapsulates the safe prime number, multiplicative cyclic group, hash function, ownership share, minimum read permission threshold, and minimum read / write permission threshold as global public parameters and broadcasts them on the blockchain.
[0016] In one embodiment, each user calculates a share commitment based on their ownership share, generates an interval proof using the Lagrange four-square theorem, and submits the interval proof to the smart contract. After the smart contract verifies the proof, it selects users based on the minimum permission threshold to construct a dynamic and valid user ring, including:
[0017] Each user combines their ownership share with the blinding factor they selected to generate a corresponding ownership share commitment.
[0018] Each user calculates the difference between their own share and the minimum read-only permission threshold, the minimum read-write permission threshold, and the total ownership share based on the Lagrange four-square sum theorem. Based on the difference, they generate an interval proof of read-only permission, read-write permission, and share limit, and submit the interval proof and ownership share commitment to the smart contract.
[0019] The smart contract verifies the legality of the share commitment and interval proof, and establishes a dynamic and valid user ring based on the verified users.
[0020] In one embodiment, users within the dynamic effective user ring dynamically negotiate and generate a joint key by exchanging blinding factors and ring differential values. They then encrypt data using an inner encryption key derived from the plaintext to obtain inner ciphertext, perform stream encryption using an outer encryption key to obtain outer ciphertext, encapsulate the inner encryption key into a digital envelope, and send the outer ciphertext and the digital envelope to a cloud service provider for storage. This includes:
[0021] Users within the dynamic effective user ring select random numbers and calculate weighted shares based on their own ownership shares, generate blinding factors and send them to neighboring users, and calculate circumferential difference values based on the blinding factors of neighboring users for broadcasting.
[0022] Users within the dynamic effective user ring obtain a joint key in a decentralized manner based on the blinding factor and the ring differential value, and then obtain the outer encryption key through a hash function;
[0023] Users within the dynamic valid user ring generate an inner encryption key based on the plaintext data using a hash function. The data is then symmetrically encrypted using the inner encryption key to obtain the inner ciphertext. Finally, the inner ciphertext is stream encrypted using the outer encryption key to obtain the outer ciphertext.
[0024] Users within the dynamic valid user ring use the outer encryption key to symmetrically encrypt the inner encryption key, encapsulating it into a digital envelope; and calculate the hash value of each inner ciphertext, then concatenate the hash values of all inner ciphertexts and perform another hash operation to obtain the root hash value;
[0025] Users within the dynamic active user ring send the hash values of the outer ciphertext, digital envelope, and inner ciphertext to the cloud service provider for storage, and submit the root hash value to the smart contract.
[0026] In one embodiment, the ownership initiator sends an encrypted ownership share to the receiving user. Upon confirmation, the receiving user submits a signature and funds to the smart contract. The ownership initiator generates a share conservation proof and submits it to the smart contract. After verifying the signature and share conservation proof, the smart contract automatically updates the share commitment in the ownership vector table and completes the fund settlement, including:
[0027] The ownership initiator uses the recipient user's public key to perform asymmetric encryption on the ownership share to be transferred and a random number, and then sends it to the recipient user.
[0028] After the receiving user decrypts and verifies the legality of the transferred shares, a transaction signature is generated and the signature and settlement funds are submitted to the smart contract.
[0029] The smart contract locks the funds after verifying the validity of the receiving user's transaction signature.
[0030] The ownership initiator generates a share conservation zero-knowledge proof based on the original share commitment, the transferred share commitment, and the remaining share commitment, and submits it to the smart contract.
[0031] After verifying the validity of the share conservation proof without exposing the share in plaintext, the smart contract updates the corresponding share commitment in the ownership vector table and transfers the locked funds to the ownership initiator user, thus completing atomic settlement.
[0032] In one embodiment, the smart contract removes users with zero ownership, reconstructs the effective user ring based on the updated ownership vector table, generates a new outer encryption key, and generates a key difference token. The ownership initiating user sends the key difference token and the updated digital envelope to the cloud service provider, which performs a differential update on the outer ciphertext without decrypting the full data, including:
[0033] The smart contract verifies and removes users with zero ownership through Lagrange quadratic and nonnegative proofs, and reconstructs the effective user ring based on the updated ownership vector table and the minimum permission threshold.
[0034] The reconstructed effective user ring is renegotiated with the blinding factor and the ring-direction difference value to generate a new outer encryption key;
[0035] A key difference token is calculated based on the new and old outer encryption keys, and an updated digital envelope is generated using the new outer encryption key;
[0036] The ownership initiator user sends the key difference token and the updated digital envelope to the cloud service provider;
[0037] Without decrypting or downloading the full data, the cloud service provider uses the key difference token to perform an XOR overwrite on the original outer ciphertext, thus completing the difference update of the outer ciphertext.
[0038] In one embodiment, the smart contract resolves multi-writer concurrency conflicts based on proof-of-share and randomly elects auditors according to ownership shares to verify data integrity, including:
[0039] When multiple read and write users generate concurrent write conflicts, the smart contract generates a share comparison proof based on the Lagrange four-square theorem, and determines the effective modification according to the hierarchical rules of ownership share, submission timestamp, and user votes.
[0040] The smart contract generates a random factor based on the latest block hash of the blockchain and the audit round number, and randomly selects and verifies auditors according to their ownership share.
[0041] The auditor initiates a data integrity challenge to the cloud service provider, strips off the outer ciphertext and calculates the hash of the inner ciphertext, compares it with the hash root stored on the blockchain, completes the data integrity verification, and uploads the audit results to the blockchain for evidence storage.
[0042] In one embodiment, the method further includes:
[0043] The auditor election is based on a random number generated from the latest block hash and the audit round number. Users with ownership shares greater than the random number are elected as auditors through zero-knowledge proofs.
[0044] A fine-grained ownership transfer system based on smart contracts, the system comprising:
[0045] The blockchain is used to set minimum permission thresholds and ownership shares, and publish global public parameters; receive and verify interval proofs submitted by users based on the Lagrange Four-Square Sum Theorem, and select users to construct a dynamic and valid user ring based on the minimum permission threshold; receive and verify signatures and funds submitted by receiving users, receive and verify share conservation proofs submitted by ownership initiators, update share commitments in the ownership vector table after successful verification, and complete fund settlement; require users with zero shares to submit zero-share proofs based on the Lagrange Four-Square Sum Theorem, and remove those that pass verification or fail to prove within the time limit; reconstruct the valid user ring based on the updated ownership vector table; verify the share size of conflicting parties using share comparison proofs generated based on the Lagrange Four-Square Sum Theorem, adopt the modification of the party with the higher share, and determine concurrent conflicts based on timestamps or voting when shares are equal; generate random numbers using the latest block hash value of the blockchain and the election round number, verify the election proofs submitted by users, and confirm the auditor;
[0046] The user terminal includes the initiating user of ownership, the receiving user, and ordinary users within the valid user ring. The user terminal is used for: calculating share commitments based on their own share, generating interval proofs, and submitting them to the smart contract of the blockchain; each user within the ring generates a weighted share and a blinding factor based on their own share, sends them to their neighbors within the ring, calculates the ring-directed difference value based on the neighbor's blinding factor and broadcasts it, collects all ring-directed difference values, and then dynamically negotiates and generates an outer encryption key through combination operations and bilinear mapping; encrypts data using the inner encryption key derived from the plaintext to obtain the inner ciphertext, performs stream encryption using the outer encryption key to obtain the outer ciphertext, and then... The encryption key is encapsulated in a digital envelope, and the hash value of the inner ciphertext and the root hash are calculated. The ownership initiator sends its share in encryption to the receiving user, generates a share conservation proof, and submits it to the smart contract. Users with zero shares generate a zero share proof and submit it to the smart contract. A key difference token is generated by XORing the hashes of the new and old outer encryption keys with the data index. Users within the updated ring download the outer ciphertext and the digital envelope, decrypt the envelope using the new outer key to obtain the inner key, strip the outer ciphertext to obtain the inner ciphertext, and then decrypt it to obtain the plaintext. Users with a share greater than that generated by the smart contract generate an election proof and submit it to the smart contract.
[0047] The cloud service provider is used to receive and store the outer ciphertext, digital envelope, and inner ciphertext hash value sent by the user terminal; receive the key difference token and updated digital envelope sent by the initiating user of the ownership, and XOR overwrite the outer ciphertext without decrypting the full data; and respond to the auditor's challenge request by returning the corresponding outer ciphertext.
[0048] The aforementioned method and system for fine-grained ownership transfer based on smart contracts achieve decentralized and trusted parameter publishing by uniformly setting permission thresholds and global public parameters through smart contracts, avoiding single points of failure and privacy risks associated with centralized management. It employs share commitment and Lagrange four-square interval proofs to verify user legitimacy without exposing plaintext ownership, automatically constructing a dynamic and valid user ring based on permission thresholds, thus achieving fine-grained and privacy-preserving permission filtering and dynamic user management. Based on a blinding factor and cyclic differential values, it uses decentralized negotiation of joint keys, combined with double-layer encryption and a digital envelope structure, ensuring high data security while eliminating reliance on third parties for key management and data encryption. This allows for the transfer of ownership shares... Transfer, signature verification, share conservation proof, and fund settlement are all executed uniformly by smart contracts, achieving atomic synchronization of ownership changes and fund transactions, effectively avoiding transaction breaches and ownership disputes; direct differential updates of outer ciphertext without decryption or download are achieved through key difference tokens, improving the efficiency of ownership transfer in large file scenarios; users with zero ownership are removed and user rings and keys are reconstructed in real time, ensuring that historical users cannot access updated data, enhancing the timeliness and security of data access; concurrent conflicts among multiple writers are handled based on share comparison proofs, and auditors are randomly elected according to ownership shares, matching permissions, write priorities, and audit responsibilities with ownership shares, ensuring fairness while achieving reliable verification of data integrity and on-chain evidence storage. Attached Figure Description
[0049] Figure 1 This is a schematic diagram of the application environment and system structure of a smart contract-based differential fine-grained ownership transfer method in one embodiment;
[0050] Figure 2 This is a flowchart illustrating a smart contract-based fine-grained ownership transfer method in one embodiment. Detailed Implementation
[0051] To make the objectives, technical solutions, and advantages of this application clearer, the following detailed description is provided in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative and not intended to limit the scope of this application.
[0052] The differential fine-grained ownership transfer method based on smart contracts provided in this application can be applied to, for example... Figure 1 The application environment shown. For example... Figure 1 As shown, the application environment includes a user client (User100), a cloud service provider (CSP200), and a blockchain (BC300), all interconnected and communicating with each other. User100 submits its ownership share commitment, a share conservation zero-knowledge proof, and a transaction digital signature to the blockchain (BC300) to complete the on-chain notarization of the ownership transaction. Based on the user share compliance verification results, the blockchain (BC300) constructs a valid user ring, randomly elects auditors, and synchronously feeds back the ownership transaction results to User100. User100 initiates an audit challenge to the cloud storage service provider (CSP200) and simultaneously issues an updated key difference token. The cloud service provider (CSP200) responds to the audit request, returning the corresponding stored ciphertext to User100 and updating the ciphertext without decryption based on the token. The cloud service provider (CSP200) uploads the data integrity audit verification certificate to the blockchain (BC300) for permanent notarization, ensuring the audit results are tamper-proof and the entire process is traceable and verifiable. The system forms a decentralized and trusted closed loop encompassing on-chain ownership verification and auditing, cloud-based encrypted storage, and user privacy control, fully matching the entire business logic of fine-grained dynamic ownership transfer, lightweight encrypted updates, and data integrity auditing.
[0053] In one embodiment, such as Figure 2 As shown, a method for fine-grained ownership transfer based on smart contracts is provided, including the following steps:
[0054] Step 202: Set the minimum permission threshold and ownership share through a smart contract on the blockchain, and publish global public parameters.
[0055] The smart contract is responsible for initializing the system and publishing global parameters.
[0056] In one embodiment, a smart contract-based fine-grained ownership transfer method may further include a system initialization process, which specifically includes: selecting a safe prime number through a smart contract on the blockchain, constructing a multiplicative cyclic group of order 1 to the safe prime number, and configuring a hash function; the smart contract sets the ownership share, minimum read permission threshold, and minimum read / write permission threshold, and encapsulates the safe prime number, multiplicative cyclic group, hash function, ownership share, minimum read permission threshold, and minimum read / write permission threshold as global public parameters and broadcasts them on the blockchain.
[0057] A smart contract on the blockchain can choose a large prime number. Construct two orders of order Multiplication cyclic group , Next, the smart contract is selected. generator ,for Satisfaction: Does not exist Make Meanwhile, smart contracts can choose a hash function. Input bilinear group The elements in the dataset are used to output a hash value of fixed length 256 bits. Input a binary string of arbitrary length, output a hash value of fixed length 256 bits; the smart contract sets the minimum ownership share threshold for reading permissions in the system. Ownership share threshold for minimum read / write permissions ,satisfy Next, the ownership share constant of the smart contract definition system. (Integer mapping of 100.00% share).
[0058] Ultimately, smart contracts can output and publish public parameters including safe prime numbers, multiplicative cyclic groups, hash functions, ownership shares, minimum read permission thresholds, and minimum read / write permission thresholds. .
[0059] Step 204: Each user calculates their share commitment based on their own ownership share, generates an interval proof using the Lagrange four-square theorem, and submits the interval proof to the smart contract. After the smart contract verifies the proof, it selects users based on the minimum permission threshold to construct a dynamic and valid user ring.
[0060] Users can submit proof of ownership share range, where the share is higher than The users together constitute an effective user loop.
[0061] In one embodiment, a smart contract-based fine-grained ownership transfer method may further include a process of constructing a dynamic and effective user ring. Specifically, this process includes: each user performing a combination calculation based on their ownership share and the blinding factor selected by the user to generate a corresponding ownership share commitment; each user calculating the difference between their share and the minimum read-only permission threshold, the minimum read-write permission threshold, and the total ownership share based on the Lagrange four-square theorem, and generating interval proofs for read-only permission, read-write permission, and share cap based on these differences; submitting the interval proofs and ownership share commitments to the smart contract; and the smart contract verifying the legality of the share commitments and interval proofs, establishing a dynamic and effective user ring based on the verified users.
[0062] Users can calculate their ownership share commitment based on a random number selected from their own ownership share. They then express the difference between their own share and the minimum read-only threshold, minimum read-write threshold, and total share limit as the sum of squares of four integers using the Lagrange four-square theorem, and generate a corresponding interval proof based on this sum. Next, the user submits the share commitment and interval proof to the smart contract. The smart contract verifies the validity of the share commitment and interval proof; if the verification is successful, the user is deemed a legitimate user. Finally, the smart contract can select users who meet the permission requirements from the legitimate users based on a preset minimum permission threshold, constructing and maintaining a dynamic and valid user cycle.
[0063] Specifically, in this embodiment, a set of ownership shares is defined as follows: ( (Indicates the number of owners). Because ownership shares are not stored in plaintext on the blockchain, users need to provide a range of ownership shares to the smart contract in order to screen users. At least a read-only user; Read and write users; Each user's ownership share cannot exceed the total ownership share. Specifically, after system initialization, each participating user calculates a share commitment locally based on their own data ownership share. The share commitment is obtained by combining the user's share value with a blinding factor randomly selected by the user. The share commitment hides the user's true share value, preventing the public exposure of the user's share information on the blockchain; simultaneously, it is binding and unforgeable, meaning users cannot later deny the correspondence between their submitted share commitment and the original share. After calculating their share commitment, each user submits it to a smart contract deployed on the blockchain as the basis for subsequent verification and screening.
[0064] Each user calculates their share commitment based on their ownership percentage. This share commitment is obtained by combining the share value with a blinding factor selected by the user, and is used to hide the true share value; that is, the user... Select random number Calculate ownership share commitment: in, and Both represent generators publicly available by the system. This represents the ownership share held by user j. This represents the blinding factor selected by user j.
[0065] Next, each user, based on Lagrange's four-square theorem, calculates the difference between their own share and the minimum reading threshold, the difference between their own share and the minimum reading / writing threshold, and the difference between the total share constant and their own share, and expresses each difference as the sum of the squares of four integers. That is, according to Lagrange's four-square theorem, any natural number can be expressed as the sum of the squares of at most four integers. Thus, users calculate: ; ; ;user Select random number Calculate the commitment: ; ; ;in, Indicates user share With minimum reading permission threshold The difference; Indicates user share With minimum read / write permission threshold The difference; Indicates user share The difference between the total share constant and the total share constant; The user splits each integer , , The randomly selected blinding factors; , , All are committed values.
[0066] Next, for each of the four integers derived from the difference, the user selects a corresponding random number, calculates the commitment fragment corresponding to each integer, and packages all commitment fragments and their corresponding blinding parameters into an interval proof data packet. That is, the user... Package all commitments: ;in, Each user then submits their share commitment and range proof data packet to the smart contract.
[0067] The smart contract verifies the proofs regarding the minimum reading threshold, the minimum read / write threshold, and the upper limit threshold in the interval proof data packet to determine whether the user's share is not lower than the minimum reading threshold, not lower than the minimum read / write threshold, and not exceeding the total share constant. In other words, the smart contract verifies: If this holds true, it would at least apply to read-only users; specifically, smart contracts could... Substituting, we get: left Will Substituting, we get: Simplifying the left side yields: The final result is: . If true, then at least the users are read and write users. If true, it means that the user's ownership share has not exceeded [a certain threshold]. .
[0068] The smart contract incorporates all verified users into a valid user ring, organizing them according to their records in the ownership vector table to form a dynamic valid user ring. Simultaneously, users with zero ownership are removed from the ownership vector table. All users (including external users) can choose... Use the private key to calculate the public key. Smart contracts can ( , Write it into the ownership vector table OVR, according to Submitted interval proofs are filtered to be valid. Building an effective user loop ,in .
[0069] Step 206: Users within the dynamic effective user ring exchange blinding factors and ring differential values to dynamically negotiate and generate a joint key. They use the inner encryption key derived from the plaintext to encrypt the data to obtain the inner ciphertext, and use the outer encryption key to perform stream encryption to obtain the outer ciphertext. The inner encryption key is then encapsulated into a digital envelope, and the outer ciphertext and the digital envelope are sent to the cloud service provider for storage.
[0070] Users within a dynamic, valid user ring can negotiate the outer encryption key in a decentralized manner. Then, the data encryption key derived from the plaintext features is used ( The data is encrypted to obtain the inner ciphertext, and then... Stream encryption yields the outer ciphertext. and will Encapsulated in digital envelopes Finally, the hash value of the inner ciphertext is calculated, and... , The hash value of the outer ciphertext is handed over to the CSP for storage.
[0071] In one embodiment, a smart contract-based differential fine-grained ownership transfer method may further include a file encryption process. The specific process includes: users within the dynamic effective user ring selecting random numbers and calculating a weighted share based on their own ownership share, generating a blinding factor and sending it to neighboring users, and calculating a ring-wise differential value based on the neighboring users' blinding factors and broadcasting it; users within the dynamic effective user ring decentrally calculating a joint key based on the blinding factor and the ring-wise differential value, and obtaining an outer encryption key through a hash function; users within the dynamic effective user ring then hash the data plaintext using a hash function. An inner encryption key is generated. The data is then symmetrically encrypted using the inner encryption key to obtain the inner ciphertext. The inner ciphertext is then stream-encrypted using the outer encryption key to obtain the outer ciphertext. Users within the dynamic active user ring use the outer encryption key to symmetrically encrypt the inner encryption key, encapsulating it into a digital envelope. The hash value of each inner ciphertext is calculated, and the hash values of all inner ciphertexts are concatenated and hashed again to obtain the root hash value. Users within the dynamic active user ring send the outer ciphertext, the digital envelope, and the hash value of the inner ciphertext to the cloud service provider for storage, and submit the root hash value to the smart contract.
[0072] Each user within the effective user ring generates a local random number based on their ownership share. The share is multiplied by the random number to obtain a weighted share value. This weighted share value is then used to generate a blinding factor based on publicly available system parameters. Next, each user sends the blinding factor to their neighboring users within the ring, including predecessor and successor neighbors, and receives the corresponding blinding factor from these neighbors. In other words, users within the ring... Select random number Combined with their own ownership share Calculate the weighted average ownership share: Then Calculate the blinding factor: Send it to your neighbor , ,thereby Received from the neighbor and .
[0073] Next, each user generates a cyclic difference value by exponentially calculating the ratio of the blinding factor of the successor neighbor to the blinding factor of the predecessor neighbor, combined with their own weighted share value. This cyclic difference value is then broadcast to all users within the ring. In other words, the calculated cyclic difference value is: The circumferential difference value is then sent to all users.
[0074] Each user performs a combination operation based on all received circumferential difference values, neighbor blinding factors, and their own weighted share value, and generates a joint key through bilinear mapping and hash operations, which serves as the outer encryption key. That is, each user... After obtaining all the circumferential difference values After that, each Calculate the key: Then calculate the outer encryption key: .
[0075] Next, the user divides the original file into multiple data blocks, derives the inner encryption key from the original file content through hash operations, and uses the inner encryption key to perform symmetric encryption on each data block to obtain the inner ciphertext block; that is, the file... Division For a data block: ; Calculate the inner encryption key: ;use The data block is symmetrically encrypted (e.g., AES, SM4) to obtain the inner ciphertext block: Next, the user combines the outer encryption key with the data block index and performs a hash operation to generate a keystream. The inner ciphertext block is then XORed with the keystream bitwise to obtain the outer ciphertext block; that is, the outer ciphertext block is obtained by sequentially XORing the inner ciphertext block.
[0076] Users can use the outer encryption key Inner layer encryption key Perform symmetric encryption and encapsulate into a digital envelope. By calculating the hash value of each inner ciphertext block. Then, the hash values of all inner ciphertext blocks are concatenated and hashed again to obtain the root hash value: The user combines the hash values of the outer ciphertext block, the digital envelope, and the inner ciphertext block. , The data is sent to the cloud service provider for storage, and the root hash value is submitted to a smart contract on the blockchain for notarization.
[0077] Step 208: The ownership initiator sends the ownership share in encryption to the receiving user. After the receiving user confirms, the user submits the signature and funds to the smart contract. The ownership initiator generates a share conservation proof and submits it to the smart contract. After the smart contract verifies the signature and share conservation proof, it automatically updates the share commitment in the ownership vector table and completes the fund settlement.
[0078] When ownership initiates a transaction, the ownership initiator calculates a share conservation proof locally and submits it to the blockchain. The ownership initiator then encrypts the transferred shares and sends them to the receiving user. After confirmation, the receiving user sends a confirmation signature and funds to the smart contract. The smart contract verifies the proof submitted by the user without knowing the specific transferred shares. Once the verification is successful, it automatically updates the OVR table.
[0079] In one embodiment, a smart contract-based fine-grained ownership transfer method may further include an ownership transfer process, specifically comprising: the ownership initiator using the recipient's public key to asymmetrically encrypt the ownership share to be transferred and a random number, and sending the encrypted data to the recipient; the recipient decrypting and verifying the legality of the transferred share, generating a transaction signature, and submitting the signature and settlement funds to the smart contract; the smart contract locking the funds after verifying the validity of the recipient's transaction signature; the ownership initiator generating a share conservation zero-knowledge proof based on the original share commitment, the transferred share commitment, and the remaining share commitment, and submitting it to the smart contract; the smart contract verifying the share conservation proof without exposing the plaintext of the shares, updating the corresponding share commitment in the ownership vector table, and transferring the locked funds to the ownership initiator, thus completing the atomic settlement.
[0080] The initiating user determines the share allocation scheme to be transferred to one or more receiving users and its own remaining share. For each receiving user, a random number corresponding to this transaction is selected. The share value is combined with the random number and then asymmetrically encrypted using the receiving user's public key to generate encrypted transaction parameters, which are then sent to the corresponding receiving user. Simultaneously, the initiating user calculates a transfer commitment based on the transferred share and the corresponding random number, and submits the transfer commitment to the smart contract. Specifically, the initiating user A currently owns a certain percentage of ownership. The share commitment is A intends to transfer ownership to individual users ( It can be the receiving user, where The set of transferred shares is: A's remaining share: Next, A selects a random number. use public key Asymmetric encryption of transaction parameters: Send it to A calculates the transfer commitment: Submit it to the smart contract.
[0081] After receiving the encrypted transaction parameters, the receiving user decrypts them using their private key to obtain the share value and a random number. They then recalculate the transfer commitment and compare it with the transfer commitment submitted by the initiator to verify the authenticity and positivity of the share value. Upon successful verification, the receiving user selects a temporary random number to calculate a random number commitment, concatenates the transaction-related information, hashes it to generate a transaction parameter hash value, generates a digital signature using their private key, and packages the random number commitment, transaction parameter hash value, and signature into a package and submits it to the smart contract. The corresponding funds are then transferred to the account managed by the smart contract. The smart contract recalculates the transaction parameter hash value and compares it with the hash value submitted by the recipient. Simultaneously, it performs signature verification based on the recipient's public key, random number commitment, and signature. Only after both verifications pass can the transaction continue. Upon receiving Then, local decryption is performed to obtain... , To calculate verify and the share transferred If true, Select a random number Calculate random number commitment Combined with timestamps Sending a signature to the smart contract: First, calculate the hash of the transaction parameters. Calculate the signature value: Finally, submit the signature to the smart contract: Simultaneously, the corresponding settlement funds are submitted. Next, the smart contract recalculates the transaction parameter hash: Verify the equation: To verify if this is true, we can then check the equation again. If any one of the conditions is not met, the transaction will be terminated immediately.
[0082] The ownership initiator calculates the aggregation blinding factor, packages the aggregation blinding factor with all transfer commitments and remaining share commitments to generate a share conservation proof, and submits it to the smart contract. The smart contract verifies whether the algebraic relationship between the product of the original share commitments and the transfer commitments, the remaining share commitments, and the aggregation blinding parameter is equal to confirm that the share is conserved before and after the transfer, that the share is non-negative, and that there was no over-transfer. That is, A selects the blinding factor. Calculate the remaining share commitment: Submit transaction information to the blockchain: A submits the blinding parameters for the aggregation: Smart contract verification:
[0083]
[0084] Next, the smart contract recalculates the hash value of the transaction parameters and compares it with the hash value submitted by the recipient. Simultaneously, it performs signature verification based on the recipient's public key, random number commitment, and signature. The transaction can only proceed after both verifications pass. Specifically, the transaction will only succeed if the following conditions are met: the smart contract has collected... One valid Signature Verification passed; A's share commitment is ; If it's an internal user If it's an external user, the smart contract creates a new record in the table. At the same time, their identities were legalized; funds came from... The money was transferred from A's account to A's account.
[0085] After successful verification, the smart contract updates the ownership vector table: for receiving users with existing records, their original share commitment is merged with the transfer commitment to generate a new share commitment; for external users, a new public key and share commitment record is created in the ownership vector table; the initiator's share commitment is updated to the remaining share commitment; the smart contract transfers the funds transferred by the receiving user from the escrow account to the initiator's account, achieving atomic unity between ownership transfer and fund settlement. That is, if A completes the ownership transfer, the smart contract will require A to submit proof of ownership: A, based on the Lagrange four-square theorem, will... Represented as: ,in A selects a random number. Calculate the commitment: A calculates random numbers: , It is a random number committed by A for the remaining share; A submits proof to the smart contract: The smart contract verifies whether the following equations hold true: If the equation is true, it means that A's ownership is 0, and the smart contract will permanently remove A's identity from the OVR table. If A fails to submit proof within the specified time or the verification fails, the smart contract will also permanently remove A from the OVR table.
[0086] Step 210: The smart contract removes users with zero ownership, reconstructs the valid user ring based on the updated ownership vector table, generates a new outer encryption key, and generates a key difference token. The ownership initiator user sends the key difference token and the updated digital envelope to the cloud service provider, who then performs a differential update on the outer ciphertext without decrypting the full data.
[0087] After the transaction is completed, the smart contract removes the user with zero ownership from the OVR table and reconstructs the valid user ring to generate a new encryption key. The user sends a key difference token to the CSP, and the CSP uses the token to rewrite the old outer ciphertext. This process does not require any re-encryption of the ciphertext.
[0088] In one embodiment, a smart contract-based fine-grained ownership transfer method may further include a decryption process, specifically comprising: the smart contract verifying and removing users with zero ownership through Lagrange quadratic and non-negative proofs; reconstructing the effective user ring based on the updated ownership vector table and the minimum permission threshold; renegotiating a new outer encryption key through a blinding factor and a ring-shaped difference value on the reconstructed effective user ring; calculating a key difference token based on the old and new outer encryption keys; generating an updated digital envelope using the new outer encryption key; the ownership initiating user sending the key difference token and the updated digital envelope to the cloud service provider; and the cloud service provider, without decryption or downloading the full data, performing an XOR overwrite on the original outer ciphertext using the key difference token to complete the differential update of the outer ciphertext.
[0089] After the ownership transfer is completed, the smart contract requires users who may have zero shares to submit a zero-share proof generated based on the Lagrange four-square theorem. The smart contract determines whether a user's share is zero by verifying the algebraic relationship between the committed shards and the user's current share commitment. For users with zero shares who pass the verification or fail to submit proof within the specified time, the smart contract permanently removes their identity from the ownership vector table and revokes all their data access permissions.
[0090] Next, the smart contract can iterate through all users who have not been removed from the updated ownership vector table, obtain each user's share commitment and public key information, and require each user to submit an interval proof based on the Lagrange four-square theorem. Based on the verification results, users meeting the reading and reading / writing thresholds are selected and organized into a new effective user ring in a predetermined order, and the new ring information is recorded on the blockchain. Each user in the new effective user ring generates a local random number based on their current ownership share, calculates a weighted share value, and generates a blinding factor. This blinding factor is sent to the predecessor and successor neighbor users within the ring. Each user calculates the ratio of the successor's blinding factor to the predecessor's blinding factor based on the received neighbor blinding factors, performs a power operation based on their own weighted share value to generate a ring-directed difference value, and broadcasts it to all users within the ring. After collecting all ring-directed difference values, each user combines the neighbor blinding factors and their own weighted share value to generate a new outer encryption key through bilinear mapping and hash operations. In other words, the smart contract can construct a new effective user ring. The new outer encryption key is obtained: .
[0091] The user obtains the old outer encryption key and the new outer encryption key. For each data block, the user performs a hash operation using the old and new keys combined with the data block index to generate an old key stream and a new key stream. The user then performs a bitwise XOR operation on the two to obtain the key difference token corresponding to each data block. The user uses the new outer encryption key to perform symmetric encryption on the inner encryption key, generating a new digital envelope. The user sends the key difference token set and the new digital envelope to the cloud service provider. After receiving the key difference token and the new digital envelope, the cloud service provider reads the old outer ciphertext from the storage system for each data block, performs a bitwise XOR operation on the old outer ciphertext and the corresponding key difference token, overwrites the original old outer ciphertext with the result, and replaces the original old digital envelope with the new digital envelope. The entire update process does not require decrypting any data, and the computational complexity of updating each data block is constant.
[0092] Specifically, smart contracts can generate update tokens for digital envelopes: Calculate the outer ciphertext difference token: ( (This is a data block index); The message is sent to the cloud service provider (CSP). Upon receiving it, the CSP does not need to decrypt the ciphertext; it directly overwrites the outer ciphertext.
[0093] Step 212: Users in the updated valid user ring download the updated outer ciphertext and digital envelope from the cloud service provider. The smart contract resolves multi-writer concurrency conflicts based on share comparison proof and randomly elects auditors according to ownership shares to verify data integrity.
[0094] Updated effective user ring Users within the system download the updated outer ciphertext from the CSP. Digital envelopes ;use right Decryption yields the inner encryption key: ;use After stripping away the outer ciphertext, the inner ciphertext is obtained: Decrypt the inner ciphertext using the inner key to obtain the plaintext: .
[0095] To control concurrency issues among multiple writers, a priority system is adopted, first by share size, then by timestamp timing, and finally by the number of votes cast. To verify data integrity, the smart contract filters auditors within the valid user loop based on ownership share, thereby ensuring data security.
[0096] In one embodiment, a smart contract-based fine-grained ownership transfer method may further include a multi-writer concurrency control process. Specifically, when multiple read / write users experience concurrent write conflicts, the smart contract generates a share comparison proof based on the Lagrange four-square theorem, determining the effective modification according to a hierarchical rule of ownership share, submission timestamp, and user votes. The smart contract generates a random factor based on the latest blockchain block hash and audit round number, randomly selecting and verifying auditors according to ownership share size. The auditor initiates a data integrity challenge to the cloud service provider, stripping the outer ciphertext and calculating the inner ciphertext hash, comparing it with the hash root stored on the blockchain, completing data integrity verification, and storing the audit result on the blockchain.
[0097] When multiple users with read and write permissions modify data and upload encrypted data simultaneously, a concurrency conflict occurs. To resolve this issue, this embodiment employs a mechanism that prioritizes users with higher share of access. and For example, if the user (Ownership commitment) ) and users (Ownership commitment) If a concurrent conflict occurs, the smart contract will execute the following process:
[0098] Calculate the commitment ratio of both: ; To prove To prove
[0099] Based on Lagrange's four-square sum theorem, For example: Will Split: ,
[0100] Calculate commitment fragmentation:
[0101] Package commitment to fragmentation: Submit to the smart contract;
[0102] The smart contract receives Next, verify:
[0103] in, If the equation holds true, then Smart contracts adopt Modifications; if not valid, If the submitted proof is valid, then the smart contract will be adopted. Modifications; if and If none of the submitted proofs are valid, then it means... At this point, the smart contract retrieves the timestamp of the modification record stored on the blockchain, and the smart contract uses the modification submitted by the user first.
[0104] If the timestamps are the same, both changes will be broadcast to other users within the ring, and a voting system will be used to select the change with the most votes.
[0105] In one embodiment, a smart contract-based differential fine-grained ownership transfer method may further include an auditing process, wherein the auditor election is a random number generated by the latest block hash and the audit round number, and the user whose ownership share is greater than the random number is elected as the auditor through zero-knowledge proof.
[0106] The smart contract initiates periodic auditor elections using the latest block hash of the blockchain. Combined with the current election round number Generated random numbers: Local judgment If the following conditions are met, that is: Based on Lagrange's four-square sum theorem, Decompose it into the sum of the squares of four integers: A random number representing the ownership share commitment. Split into: ,in Calculate election commitment segments: Generate audit voter proofs by packaging: And submit it to the blockchain.
[0107] Blockchain receives Then, verification will be performed. If the verification passes, it means... , The selected auditor will be chosen for this round; if multiple users meet the criteria, the order in which they submit their evidence will be used; after an auditor is selected, the auditor on duty will issue an audit challenge to the CSP: This is the index number of the data block; after receiving the challenge request, the CSP returns the set of outer ciphertext blocks corresponding to the challenge index. Next, the auditor can perform the following calculation locally: using The returned outer ciphertext block is calculated to obtain the corresponding inner ciphertext block: Calculate the hash value of each inner ciphertext block: Concatenate the hash values of the challenge blocks in index order, and then calculate the hash root: The calculation result is compared with the root hash stored on the blockchain. If they match, the audit is passed; otherwise, the audit is failed, and the audit result is written to the blockchain.
[0108] This application provides a differential fine-grained ownership transfer method based on smart contracts. It uses smart contracts deployed on the blockchain to construct an ownership vector table (OVR), quantifies ownership proportionally, and automatically filters legitimate users to construct an effective user ring based on a set minimum ownership threshold. This prevents users with low ownership shares from decrypting the entire data and forcibly removes users with zero ownership. No trusted third-party institution is required, avoiding single points of failure. The encryption key is not static but dynamically calculated by users in the effective user ring through exchanging blinding factors and ring differential values. The addition and removal of users can trigger the synchronous update of the key and the outer ciphertext block, ensuring that even historical users who have retained historical keys locally cannot decrypt the updated ciphertext, thus guaranteeing data security. During the ownership transfer phase, Lagrange quadratic proofs and non-negativity proofs and share conservation proofs are introduced. The smart contract can verify the transfer transaction without knowing the remaining share of the ownership transfer initiator, preventing malicious users from initiating transactions with negative or excessive shares and protecting user transaction privacy. When encrypting data, convergence encryption and digital envelope double encryption are combined. After the ownership transfer is completed, only a key difference token needs to be sent. The CSP can directly rewrite the old outer ciphertext, reducing the computational complexity from O(N) (N is the file size) to O(1), thus improving the efficiency of ownership transfer.
[0109] It should be understood that although the steps in the flowchart above are shown sequentially as indicated by the arrows, these steps are not necessarily executed in the order indicated by the arrows. Unless explicitly stated herein, there is no strict order restriction on the execution of these steps, and they can be executed in other orders. Moreover, at least some steps in the flowchart above may include multiple sub-steps or multiple stages. These sub-steps or stages are not necessarily completed at the same time, but can be executed at different times. The execution order of these sub-steps or stages is not necessarily sequential, but can be performed alternately or in turn with other steps or at least some of the sub-steps or stages of other steps.
[0110] In one embodiment, such as Figure 1 As shown, a smart contract-based fine-grained ownership transfer system is provided, comprising: a user terminal User100, a cloud service provider CSP200, and a blockchain BC300, wherein:
[0111] Blockchain 300 is used to set minimum permission thresholds and ownership shares, and publish global public parameters; it receives and verifies interval proofs submitted by users based on the Lagrange Four-Square Sum Theorem, and selects users to construct a dynamic and valid user ring based on the minimum permission threshold; it receives and verifies signatures and funds submitted by receiving users, and receives and verifies share conservation proofs submitted by ownership initiators, updating the share commitments in the ownership vector table and completing fund settlement after successful verification; it requires users with zero shares to submit zero-share proofs based on the Lagrange Four-Square Sum Theorem, and removes those that pass verification or fail to prove within the deadline; it reconstructs the valid user ring based on the updated ownership vector table; it verifies the share size of conflicting parties using share comparison proofs generated based on the Lagrange Four-Square Sum Theorem, adopting the modification of the party with the higher share, and determining concurrent conflicts based on timestamps or voting when shares are equal; it generates random numbers using the latest blockchain block hash value and election round number combination, verifies election proofs submitted by users, and confirms the auditor;
[0112] The user end consists of 100 users, including the initiating user, the receiving user, and ordinary users within the valid user ring. The user end is used for: calculating share commitments based on their own share, generating interval proofs, and submitting them to the blockchain smart contract; each user within the ring generates a weighted share and a blinding factor based on their own share, sends these to their neighbors within the ring, calculates the ring-directed difference value based on the neighbors' blinding factors and broadcasts it, collects all ring-directed difference values, and then dynamically negotiates and generates an outer encryption key through combination operations and bilinear mapping; encrypts data using the inner encryption key derived from the plaintext to obtain the inner ciphertext, and performs stream encryption using the outer encryption key to obtain the outer ciphertext. The layer encryption key is encapsulated into a digital envelope, and the hash value of the inner ciphertext and the root hash are calculated. The user who initiates ownership sends their share in encryption to the receiving user, generates a share conservation proof, and submits it to the smart contract. Users with zero shares generate a zero share proof and submit it to the smart contract. The new and old outer encryption keys are hashed with the data index respectively, and then XORed to generate a key difference token. Users within the updated ring download the outer ciphertext and the digital envelope, decrypt the envelope using the new outer key to obtain the inner key, peel off the outer ciphertext to obtain the inner ciphertext, and then decrypt it to obtain the plaintext. Users with a share greater than that generated by the smart contract generate an election proof and submit it to the smart contract.
[0113] The cloud service provider 200 is used to receive and store the outer ciphertext, digital envelope, and inner ciphertext hash value sent by the user; receive the key difference token and updated digital envelope sent by the initiating user, and XOR overwrite the outer ciphertext without decrypting the full data; and respond to the auditor's challenge request by returning the corresponding outer ciphertext.
[0114] In one embodiment, User 100 (Users, U) is divided into internal users and external users. Internal users are further divided into read-only users and read-write users based on their ownership share. External users do not have an ownership share and become internal users after the transaction is completed. When initiating a transfer, internal users are responsible for calculating zero-knowledge proofs, participating in key negotiation, and can read and write data, audit data, and perform other operations.
[0115] Cloud Service Provider (CSP): Responsible for storing the outer ciphertext, digital envelope, and inner ciphertext hash; after the transaction is completed, it receives the token sent by the user and rewrites the outer ciphertext; at the same time, it also responds to the user's audit challenge and returns the hash value of the inner ciphertext.
[0116] Blockchain 300 (BC): The deployed smart contracts are responsible for maintaining the Ownership Vector Table (OVR) and constructing a valid user ring by filtering users based on the lowest ownership threshold. During the ownership transfer phase, they are responsible for verifying the zero-knowledge proof initiated by the user transferring ownership and verifying the recipient's signature; after successful verification, they update the share commitment in the OVR table and permanently remove users with zero ownership; in addition, the smart contracts are also responsible for concurrency control of multiple writers and the selection of auditors.
[0117] In one embodiment, a computer device is provided, including a memory and a processor, the memory storing a computer program, the processor executing the computer program to implement steps of a smart contract-based fine-grained ownership transfer method.
[0118] In one embodiment, a computer-readable storage medium is provided having a computer program stored thereon, the computer program being executed by a processor to implement the steps of a smart contract-based fine-grained ownership transfer method.
[0119] Those skilled in the art will understand that all or part of the processes in the methods of the above embodiments can be implemented by a computer program instructing related hardware. The computer program can be stored in a non-volatile computer-readable storage medium, and when executed, it can include the processes of the embodiments of the above methods. Any references to memory, storage, databases, or other media used in the embodiments provided in this application can include non-volatile and / or volatile memory. Non-volatile memory can include read-only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. Volatile memory can include random access memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in various forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), dual data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous link DRAM (SLDRAM), Rambus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.
[0120] The technical features of the above embodiments can be combined in any way. For the sake of brevity, not all possible combinations of the technical features in the above embodiments are described. However, as long as there is no contradiction in the combination of these technical features, they should be considered to be within the scope of this specification.
[0121] The embodiments described above are merely illustrative of several implementation methods of this application, and while the descriptions are relatively specific and detailed, they should not be construed as limiting the scope of the invention patent. It should be noted that those skilled in the art can make various modifications and improvements without departing from the concept of this application, and these all fall within the protection scope of this application. Therefore, the protection scope of this patent application should be determined by the appended claims.
Claims
1. A method for differential fine-grained ownership transfer based on smart contracts, characterized in that, The method includes: Set minimum permission thresholds and ownership shares through smart contracts on the blockchain, and publish global public parameters; Each user calculates their share commitment based on their own ownership share, generates an interval proof using the Lagrange four-square theorem, and submits the interval proof to the smart contract; after the smart contract verifies the proof, users are selected based on the minimum permission threshold to construct a dynamic and valid user ring; Users within the dynamic effective user ring dynamically negotiate and generate a joint key by exchanging blinding factors and ring differential values. They then use the inner encryption key derived from the plaintext to encrypt the data to obtain the inner ciphertext, and use the outer encryption key to perform stream encryption to obtain the outer ciphertext. The inner encryption key is then encapsulated into a digital envelope, and the outer ciphertext and the digital envelope are sent to the cloud service provider for storage. The ownership initiator sends the ownership share in encryption to the receiving user. After confirmation, the receiving user submits a signature and funds to the smart contract. The ownership initiator generates a share conservation proof and submits it to the smart contract. After the smart contract verifies that the signature and share conservation proof are valid, it automatically updates the share commitment in the ownership vector table and completes the fund settlement. The smart contract removes users with zero ownership, reconstructs the valid user ring based on the updated ownership vector table, generates a new outer encryption key, and generates a key difference token. The ownership initiator user sends the key difference token and the updated digital envelope to the cloud service provider, which performs a differential update on the outer ciphertext without decrypting the full data. Users in the updated valid user ring download the updated outer ciphertext and digital envelope from the cloud service provider. The smart contract resolves multi-writer concurrency conflicts based on proof-of-share and randomly elects auditors according to ownership shares to verify data integrity.
2. The method for differential fine-grained ownership transfer based on smart contracts according to claim 1, characterized in that, Minimum permission thresholds and ownership shares are set through smart contracts on the blockchain, and globally public parameters are published, including: A safe prime number is selected through a smart contract on the blockchain, a multiplicative cyclic group of order of the safe prime number is constructed, and a hash function is configured. The smart contract sets ownership share, minimum read permission threshold, and minimum read / write permission threshold, and encapsulates the safe prime number, multiplicative cyclic group, hash function, ownership share, minimum read permission threshold, and minimum read / write permission threshold as global public parameters and broadcasts them on the blockchain.
3. The method for differential fine-grained ownership transfer based on smart contracts according to claim 2, characterized in that, Each user calculates their share commitment based on their own ownership share, generates an interval proof using the Lagrange four-square theorem, and submits the interval proof to the smart contract. After the smart contract is verified, users are selected based on the minimum permission threshold to construct a dynamic and valid user ring, including: Each user combines their ownership share with the blinding factor they selected to generate a corresponding ownership share commitment. Each user calculates the difference between their own share and the minimum read-only permission threshold, the minimum read-write permission threshold, and the total ownership share based on the Lagrange four-square sum theorem. Based on the difference, they generate an interval proof of read-only permission, read-write permission, and share limit, and submit the interval proof and ownership share commitment to the smart contract. The smart contract verifies the legality of the share commitment and interval proof, and establishes a dynamic and valid user ring based on the verified users.
4. The method for differential fine-grained ownership transfer based on smart contracts according to claim 1, characterized in that, Users within the dynamically active user ring dynamically negotiate and generate a joint key by exchanging blinding factors and ring-direction difference values. They then encrypt data using an inner encryption key derived from the plaintext to obtain inner ciphertext, perform stream encryption using an outer encryption key to obtain outer ciphertext, encapsulate the inner encryption key into a digital envelope, and send the outer ciphertext and digital envelope to the cloud service provider for storage. This includes: Users within the dynamic effective user ring select random numbers and calculate weighted shares based on their own ownership shares, generate blinding factors and send them to neighboring users, and calculate circumferential difference values based on the blinding factors of neighboring users for broadcasting. Users within the dynamic effective user ring obtain a joint key in a decentralized manner based on the blinding factor and the ring differential value, and then obtain the outer encryption key through a hash function; Users within the dynamic valid user ring generate an inner encryption key based on the plaintext data using a hash function. The data is then symmetrically encrypted using the inner encryption key to obtain the inner ciphertext. Finally, the inner ciphertext is stream encrypted using the outer encryption key to obtain the outer ciphertext. Users within the dynamic valid user ring use the outer encryption key to symmetrically encrypt the inner encryption key, encapsulating it into a digital envelope; and calculate the hash value of each inner ciphertext, then concatenate the hash values of all inner ciphertexts and perform another hash operation to obtain the root hash value; Users within the dynamic active user ring send the hash values of the outer ciphertext, digital envelope, and inner ciphertext to the cloud service provider for storage, and submit the root hash value to the smart contract.
5. The method for differential fine-grained ownership transfer based on smart contracts according to claim 1, characterized in that, The ownership initiator sends the ownership share in encryption to the receiving user. After confirmation, the receiving user submits a signature and funds to the smart contract. The ownership initiator generates a share conservation proof and submits it to the smart contract. After the smart contract verifies the signature and the proof of share conservation, it automatically updates the share commitment in the ownership vector table and completes the fund settlement, including: The ownership initiator uses the recipient user's public key to perform asymmetric encryption on the ownership share to be transferred and a random number, and then sends it to the recipient user. After the receiving user decrypts and verifies the legality of the transferred shares, a transaction signature is generated and the signature and settlement funds are submitted to the smart contract. The smart contract locks the funds after verifying the validity of the receiving user's transaction signature. The ownership initiator generates a share conservation zero-knowledge proof based on the original share commitment, the transferred share commitment, and the remaining share commitment, and submits it to the smart contract. After verifying the validity of the share conservation proof without exposing the share in plaintext, the smart contract updates the corresponding share commitment in the ownership vector table and transfers the locked funds to the ownership initiator user, thus completing atomic settlement.
6. The method for differential fine-grained ownership transfer based on smart contracts according to claim 1, characterized in that, The smart contract removes users with zero ownership, reconstructs the effective user ring based on the updated ownership vector table, generates a new outer encryption key, and generates a key difference token. The ownership initiator user sends the key difference token and the updated digital envelope to the cloud service provider, which performs a differential update on the outer ciphertext without decrypting the full data, including: The smart contract verifies and removes users with zero ownership through Lagrange quadratic and nonnegative proofs, and reconstructs the effective user ring based on the updated ownership vector table and the minimum permission threshold. The reconstructed effective user ring is renegotiated with the blinding factor and the ring-direction difference value to generate a new outer encryption key; A key difference token is calculated based on the new and old outer encryption keys, and an updated digital envelope is generated using the new outer encryption key; The ownership initiator user sends the key difference token and the updated digital envelope to the cloud service provider; Without decrypting or downloading the full data, the cloud service provider uses the key difference token to perform an XOR overwrite on the original outer ciphertext, thus completing the difference update of the outer ciphertext.
7. The method for differential fine-grained ownership transfer based on smart contracts according to claim 1, characterized in that, The smart contract resolves multi-writer concurrency conflicts based on proof-of-share, and randomly elects auditors according to ownership shares to verify data integrity, including: When multiple read and write users generate concurrent write conflicts, the smart contract generates a share comparison proof based on the Lagrange four-square theorem, and determines the effective modification according to the hierarchical rules of ownership share, submission timestamp, and user votes. The smart contract generates a random factor based on the latest block hash of the blockchain and the audit round number, and randomly selects and verifies auditors according to their ownership share. The auditor initiates a data integrity challenge to the cloud service provider, strips off the outer ciphertext and calculates the hash of the inner ciphertext, compares it with the hash root stored on the blockchain, completes the data integrity verification, and uploads the audit results to the blockchain for evidence storage.
8. The method for differential fine-grained ownership transfer based on smart contracts according to claim 7, characterized in that, The method further includes: The auditor election is based on a random number generated from the latest block hash and the audit round number. Users with ownership shares greater than the random number are elected as auditors through zero-knowledge proofs.
9. A fine-grained ownership transfer system based on smart contracts, characterized in that, The system includes: The blockchain is used to set minimum permission thresholds and ownership shares, and publish global public parameters; receive and verify interval proofs submitted by users based on the Lagrange Four-Square Sum Theorem, and select users to construct a dynamic and valid user ring based on the minimum permission threshold; receive and verify signatures and funds submitted by receiving users, receive and verify share conservation proofs submitted by ownership initiators, update share commitments in the ownership vector table after successful verification, and complete fund settlement; require users with zero shares to submit zero-share proofs based on the Lagrange Four-Square Sum Theorem, and remove those that pass verification or fail to prove within the time limit; reconstruct the valid user ring based on the updated ownership vector table; verify the share size of conflicting parties using share comparison proofs generated based on the Lagrange Four-Square Sum Theorem, adopt the modification of the party with the higher share, and determine concurrent conflicts based on timestamps or voting when shares are equal; generate random numbers using the latest block hash value of the blockchain and the election round number, verify the election proofs submitted by users, and confirm the auditor; The user terminal includes the initiating user of ownership, the receiving user, and ordinary users within the valid user ring. The user terminal is used for: calculating share commitments based on their own share, generating interval proofs, and submitting them to the smart contract of the blockchain; each user within the ring generates a weighted share and a blinding factor based on their own share, sends them to their neighbors within the ring, calculates the ring-directed difference value based on the neighbor's blinding factor and broadcasts it, collects all ring-directed difference values, and then dynamically negotiates and generates an outer encryption key through combination operations and bilinear mapping; encrypts data using the inner encryption key derived from the plaintext to obtain the inner ciphertext, performs stream encryption using the outer encryption key to obtain the outer ciphertext, and then... The encryption key is encapsulated in a digital envelope, and the hash value of the inner ciphertext and the root hash are calculated. The ownership initiator sends its share in encryption to the receiving user, generates a share conservation proof, and submits it to the smart contract. Users with zero shares generate a zero share proof and submit it to the smart contract. A key difference token is generated by XORing the hashes of the new and old outer encryption keys with the data index. Users within the updated ring download the outer ciphertext and the digital envelope, decrypt the envelope using the new outer key to obtain the inner key, strip the outer ciphertext to obtain the inner ciphertext, and then decrypt it to obtain the plaintext. Users with a share greater than that generated by the smart contract generate an election proof and submit it to the smart contract. The cloud service provider is used to receive and store the outer ciphertext, digital envelope, and inner ciphertext hash value sent by the user terminal; receive the key difference token and updated digital envelope sent by the initiating user of the ownership, and XOR overwrite the outer ciphertext without decrypting the full data; and respond to the auditor's challenge request by returning the corresponding outer ciphertext.