主权项 |
1. A system, comprising:
a first node, a second node, and an intermediate node, the first node, the second node, and the intermediate node each comprising an electronic computing device configured to encrypt data using an Elliptic Curve Cryptography (ECC) encryption scheme and to handle a respective private key and public key for the ECC encryption scheme, the ECC encryption scheme defined by a base point (G) on an elliptic curve, the system being configured to secure a data unit during a transfer from the first node to the second node via the intermediate node, wherein:
the electronic computing device of the first node is configured to encrypt the data unit using the ECC encryption scheme and kpG derived based on the private key of the first node and a random number, and to send the encrypted data unit to the intermediate node,the electronic computing device of the intermediate node is configured to receive a request for the data unit from the second node, the request comprising the public key of the second node, and in response to the request send a further request to the first node for authorization to transfer the data unit to the second node, wherein the further request comprises the public key of the second node,the electronic computing device of the first node is configured to derive kr and kuG satisfying the equation kp+kr=ku ka, where ku is associated with the private key ka of the second node, and to send kr and kuG to the intermediate node in response to the further request,the electronic computing device of the intermediate node is configured to re-encrypt the encrypted data unit using the ECC encryption scheme and kr, and to send the re-encrypted data unit and kuG to the second node, andthe electronic computing device of the second node is configured to decrypt the re-encrypted data unit using the ECC encryption scheme and the private key ka of the second node. |