1
/
of
12
www.ChineseStandard.us -- Field Test Asia Pte. Ltd.
GM/T 0111-2021 English PDF (GM/T0111-2021)
GM/T 0111-2021 English PDF (GM/T0111-2021)
Regular price
$215.00
Regular price
Sale price
$215.00
Unit price
/
per
Shipping calculated at checkout.
Couldn't load pickup availability
GM/T 0111-2021: Technical requirements for blockchain cryptography application
Delivery: 9 seconds. Download (& Email) true-PDF + Invoice.
Get Quotation: Click GM/T 0111-2021 (Self-service in 1-minute)
Historical versions (Master-website): GM/T 0111-2021
Preview True-PDF (Reload/Scroll-down if blank)
GM/T 0111-2021
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE'S REPUBLIC OF CHINA
ICS 35.030
CCS L 80
Technical requirements for blockchain cryptography
application
ISSUED ON: OCTOBER 19, 2021
IMPLEMENTED ON: MAY 1, 2022
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 5
2 Normative references ... 5
3 Terms and definitions ... 6
4 Abbreviations ... 7
5 Blockchain cryptography application technology architecture ... 8
6 Blockchain cryptographic application requirements ... 11
7 General requirements for blockchain cryptographic applications ... 12
7.1 Cryptographic algorithm requirements ... 12
7.2 Digital signature requirements ... 13
7.3 Security requirements for cryptographic devices ... 13
7.4 Key management security requirements ... 13
7.5 Certificate management requirements ... 13
7.6 Data security requirements ... 13
7.7 Consensus protocol security requirements ... 14
7.8 Smart contract security requirements ... 14
8 Technical requirements for cryptographic application in various business links of
blockchain ... 15
8.1 User registration ... 15
8.2 Real-name authentication ... 15
8.3 Transaction creation ... 15
8.4 Transaction verification ... 16
8.5 Ledger storage ... 16
8.6 Off-chain transactions ... 17
8.7 Identity management of nodes and users ... 17
8.8 Transaction supervision ... 17
Appendix A (Informative) Blockchain-based electronic evidence storage application
solution ... 18
A.1 Solution overview ... 18
A.2 Cryptographic application design ... 20
Technical requirements for blockchain cryptography
application
1 Scope
This document specifies the cryptographic security elements of the consortium
blockchain and the technical requirements for cryptographic applications.
This document is intended to guide the design and use of consortium blockchain
cryptographic applications and products.
2 Normative references
The provisions of the following documents constitute the essential clauses of this
document through normative references in this text. Among them, for referenced
documents with dates, only the versions corresponding to the dates are applicable to
this document; for referenced documents without dates, the latest versions (including
all amendments) are applicable to this document.
GB/T 20518 Information security technology - Public key infrastructure - Digital
certificate format
GB/T 25056 Information security technology - Specifications of cryptograph and
related security technology for certificate authentication system
GB/T 32905 Information security techniques - SM3 cryptographic hash algorithm
GB/T 32907 Information security technology - SM4 block cipher algorithm
GB/T 32915 Information security technology - Randomness test methods for
binary sequence
GB/T 32918 Information security technology - Public key cryptographic algorithm
SM2 based on elliptic curves
GB/T 35275 Information security technology - SM2 cryptographic algorithm
encrypted signature message syntax specification
GB/T 35276 Information security technology - SM2 cryptographic algorithm usage
specification
GB/T 37092 Information security technology - Security requirements for
cryptographic modules
GB/T 38635.1 Information security technology - Identity-based cryptographic
algorithms SM9 - Part 1: General
GB/T 38635.2 Information security technology - Identity-based cryptographic
algorithms SM9 - Part 2: Algorithms
GM/T 0033 Interface specifications of time stamp
GM/T 0037 Certificate authority system test specification
GM/T 0038 Key management of certificate authority system test specification
GM/Z 4001 Cryptology Terminology
3 Terms and definitions
The terms and definitions defined in GM/Z 4001 and the following apply to this
document.
3.1 blockchain
A new application model and fusion technology that uses distributed data storage, peer-
to-peer transmission, consensus mechanism, cryptographic algorithm, smart contract
and other technologies.
3.2 consensus mechanism
An algorithm that implements trust building and rights acquisition between different
nodes in the blockchain system.
3.3 smart contract
A set of conventions defined in numerical form.
NOTE: A treaty that is jointly observed by the contract participants and the blockchain system.
3.4 decentralized ledger
A data record that can be shared across a network of multiple nodes, geographical
locations, or organizations.
3.5 transaction record
A message broadcasted in a blockchain network.
NOTE: It contains information such as the transaction initiator, transaction content, transaction recipient,
and the user signature of the transaction initiator.
3.6 transaction
A transfer of digital assets or a call to a smart contract.
3.7 public blockchain
A blockchain system in which each node can freely join or exit the network and
participate in the reading and writing of data on the chain.
3.8 consortium blockchain
A blockchain system in which each node corresponds to an entity organization and can
only join or exit the network after authorization.
3.9 private blockchain
A blockchain system in which the write and read permissions of each node are internally
controlled.
3.10 Merkle tree
A type of binary tree based on the hash pointer that can quickly verify the integrity of
information.
3.11 digital assets
A valuable asset that exists in the form of electronic data and can be sold or exchanged
by the holder.
3.12 identity-based cryptographic
An identity-based password system.
NOTE: It is an asymmetric public key cryptography system.
4 Abbreviations
The following abbreviations apply to this document.
CA: Certification Authority
CSR: Certificate Signing Request
DPoS: Delegated Proof of Stake
a) Data layer: After the transaction passes the legality verification, it is
persistently stored in the database in the form of a transaction set (such as a
block) or a single transaction, and the data is time-series connected through
hash values.
b) Network layer: Each network node in the blockchain communicates through
P2P technology, and TLS and other technologies can be used to establish a
secure channel.
c) Consensus layer: The consensus protocol is the core of the blockchain. In
practical applications, the appropriate consensus protocol shall be selected
according to needs.
d) Incentive layer: Integrate economic factors or other incentive factors into the
blockchain technology system, mainly including the issuance mechanism and
distribution mechanism of economic incentives, etc. Consortium blockchains
and private blockchains do not need to use incentive mechanisms.
e) Smart contract layer: A smart contract is a set of commitments defined in
digital form, including the protocols for the contract participants to execute
these commitments. It can be regarded as a program deployed on the
blockchain that can run automatically. It mainly encapsulates various scripts,
algorithms, and instructions, and is the basis of the programmable nature of
the blockchain.
f) Application layer: Various application scenarios and environments in which
blockchains are used.
Each layer in the blockchain technology architecture requires corresponding
cryptographic technology support. In the blockchain technology architecture, the
required cryptographic technology shall be independent of the functional architecture
and provide support for the blockchain functional architecture. Therefore, it is
necessary to build an independent cryptographic technology support environment (as
shown on the right side of Figure 1) to serve each layer in the blockchain functional
architecture to protect its application security and operation security.
The blockchain cryptographic technology support environment involves three aspects.
a) Basic cryptographic algorithm: The lowest-level cryptographic algorithms
used to ensure the confidentiality, integrity, authenticity, and non-repudiation
of information in blockchain systems, mainly including symmetric key
algorithms, asymmetric key algorithms, hash algorithms, etc.
b) Cryptographic protocols: Cryptographic protocols require multi-party
interaction to meet various security requirements in blockchain systems.
Cryptographic protocols mainly include homomorphic encryption, searchable
encryption, ring signatures, group signatures, secure multiparty computation,
entity authentication, key agreement, secret sharing, order-preserving
encryption, commitment, zero-knowledge proof, etc.
c) Cryptographic infrastructure: The cryptographic infrastructure of the
blockchain system mainly includes the PKI cryptographic system and the
identity-based cryptographic system.
6 Blockchain cryptographic application requirements
Blockchain systems can be divided into public blockchains, consortium blockchains,
and private blockchains according to different node access control mechanisms and
application scenarios. Transactions usually include user registration, real-name
authentication, transaction creation, transaction verification and block consensus, block
confirmation and synchronization, and block query. Data such as transaction behaviors
between users are stored in the form of decentralized ledgers on multiple participating
nodes. To ensure the security of blockchain transactions, the following cryptographic
application security requirements exist.
a) Entity authentication and permission control requirements for blockchain
transactions. Entity authentication is to confirm whether the identity of an
entity (user, device, system, etc.) is authentic and legal when the entity
conducts transactions in a blockchain network. Permission control needs to
ensure that blockchain users have the authority to perform transactions and
other operations.
b) Transaction confidentiality requirements. Prevent secret information in user
transaction information from being illegally stolen during storage and
transmission.
c) Integrity requirements for blockchain transaction records and blockchain
ledgers:
-- It is necessary to ensure that the information seen by all parties in the
blockchain network is completely consistent. Therefore, it is required to
ensure the integrity of transaction information during the transaction
generation, storage, and transmission process, and prevent it from being
illegally tampered with;
-- It is necessary to ensure the consistency of the blockchain ledger information
stored on each node. Therefore, on the basis of combining the consensus
protocol, the integrity of the blockchain ledger is ensured to prevent it from
being illegally tampered with.
7.2 Digital signature requirements
The digital signature format and usage requirements shall comply with GB/T 35276,
GB/T 35275, GB/T 38635.1 and GB/T 38635.2.
7.3 Security requirements for cryptographic devices
It shall pass commercial cryptography testing and certification.
7.4 Key management security requirements
Identity authentication keys, data encryption keys, etc. in blockchain applications shall
use cryptographic devices or modules that have passed commercial cryptography
testing and certification to achieve secure management of key generation, storage,
distribution, import and export, use, backup and recovery, archiving, and destruction.
The keys for the encryption of communication data between blockchain nodes and the
encryption of data stored on blockchain nodes shall be properly stored by cryptographic
devices or modules that have been certified by commercial cryptography testing. The
keys shall also be strictly managed for their life cycle, shall not be permanently valid,
and shall be replaced after a certain period of time.
7.5 Certificate management requirements
Digital certificates in blockchain are mainly divided into two categories: one is the
digital certificate used by end users to complete identity authentication, secure
communication and transaction signature; the other is the digital certificate used by
blockchain nodes to complete identity authentication, transaction endorsement and
secure communication.
a) The construction of the certificate authentication system and related key
management system shall comply with GB/T 25056, GM/T 0037 and GM/T
0038;
b) The digital certificate and CRL format shall comply with GB/T 20518.
7.6 Data security requirements
In principle, data exchange between nodes of the blockchain shall not be transmitted in
plain text. It is advisable to use asymmetric cryptographic technology to negotiate keys
and use symmetric encryption algorithms to encrypt and decrypt data. Data providers
shall also strictly evaluate the sensitivity and security level of the data, decide whether
to send the data to the blockchain, whether to desensitize the data, and adopt strict
access control measures.
Secure channels can be configured between nodes of the blockchain and between the
application end and nodes to ensure the security of data communication. The secure
channel shall use cryptographic algorithms and cryptographic protocols that meet the
requirements of national cryptographic standards and industry standards to ensure the
confidentiality and integrity of transmitted data.
7.7 Consensus protocol security requirements
The consensus protocol shall provide clear cryptographic mechanisms to ensure that
the consensus protocol has the following properties in the operating environment:
a) All parties involved in consensus negotiation shall use cryptographic
technology to achieve identity authentication;
b) Sensitive information sent during the execution of the consensus protocol shall
use cryptographic technology to ensure confidentiality, integrity, and non-
repudiation;
c) Clear security boundaries shall be proposed to ensure the fault tolerance,
consistency and availability of consensus protocol execution;
d) All honest consensus negotiation nodes reach consensus within ...
Delivery: 9 seconds. Download (& Email) true-PDF + Invoice.
Get Quotation: Click GM/T 0111-2021 (Self-service in 1-minute)
Historical versions (Master-website): GM/T 0111-2021
Preview True-PDF (Reload/Scroll-down if blank)
GM/T 0111-2021
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE'S REPUBLIC OF CHINA
ICS 35.030
CCS L 80
Technical requirements for blockchain cryptography
application
ISSUED ON: OCTOBER 19, 2021
IMPLEMENTED ON: MAY 1, 2022
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 5
2 Normative references ... 5
3 Terms and definitions ... 6
4 Abbreviations ... 7
5 Blockchain cryptography application technology architecture ... 8
6 Blockchain cryptographic application requirements ... 11
7 General requirements for blockchain cryptographic applications ... 12
7.1 Cryptographic algorithm requirements ... 12
7.2 Digital signature requirements ... 13
7.3 Security requirements for cryptographic devices ... 13
7.4 Key management security requirements ... 13
7.5 Certificate management requirements ... 13
7.6 Data security requirements ... 13
7.7 Consensus protocol security requirements ... 14
7.8 Smart contract security requirements ... 14
8 Technical requirements for cryptographic application in various business links of
blockchain ... 15
8.1 User registration ... 15
8.2 Real-name authentication ... 15
8.3 Transaction creation ... 15
8.4 Transaction verification ... 16
8.5 Ledger storage ... 16
8.6 Off-chain transactions ... 17
8.7 Identity management of nodes and users ... 17
8.8 Transaction supervision ... 17
Appendix A (Informative) Blockchain-based electronic evidence storage application
solution ... 18
A.1 Solution overview ... 18
A.2 Cryptographic application design ... 20
Technical requirements for blockchain cryptography
application
1 Scope
This document specifies the cryptographic security elements of the consortium
blockchain and the technical requirements for cryptographic applications.
This document is intended to guide the design and use of consortium blockchain
cryptographic applications and products.
2 Normative references
The provisions of the following documents constitute the essential clauses of this
document through normative references in this text. Among them, for referenced
documents with dates, only the versions corresponding to the dates are applicable to
this document; for referenced documents without dates, the latest versions (including
all amendments) are applicable to this document.
GB/T 20518 Information security technology - Public key infrastructure - Digital
certificate format
GB/T 25056 Information security technology - Specifications of cryptograph and
related security technology for certificate authentication system
GB/T 32905 Information security techniques - SM3 cryptographic hash algorithm
GB/T 32907 Information security technology - SM4 block cipher algorithm
GB/T 32915 Information security technology - Randomness test methods for
binary sequence
GB/T 32918 Information security technology - Public key cryptographic algorithm
SM2 based on elliptic curves
GB/T 35275 Information security technology - SM2 cryptographic algorithm
encrypted signature message syntax specification
GB/T 35276 Information security technology - SM2 cryptographic algorithm usage
specification
GB/T 37092 Information security technology - Security requirements for
cryptographic modules
GB/T 38635.1 Information security technology - Identity-based cryptographic
algorithms SM9 - Part 1: General
GB/T 38635.2 Information security technology - Identity-based cryptographic
algorithms SM9 - Part 2: Algorithms
GM/T 0033 Interface specifications of time stamp
GM/T 0037 Certificate authority system test specification
GM/T 0038 Key management of certificate authority system test specification
GM/Z 4001 Cryptology Terminology
3 Terms and definitions
The terms and definitions defined in GM/Z 4001 and the following apply to this
document.
3.1 blockchain
A new application model and fusion technology that uses distributed data storage, peer-
to-peer transmission, consensus mechanism, cryptographic algorithm, smart contract
and other technologies.
3.2 consensus mechanism
An algorithm that implements trust building and rights acquisition between different
nodes in the blockchain system.
3.3 smart contract
A set of conventions defined in numerical form.
NOTE: A treaty that is jointly observed by the contract participants and the blockchain system.
3.4 decentralized ledger
A data record that can be shared across a network of multiple nodes, geographical
locations, or organizations.
3.5 transaction record
A message broadcasted in a blockchain network.
NOTE: It contains information such as the transaction initiator, transaction content, transaction recipient,
and the user signature of the transaction initiator.
3.6 transaction
A transfer of digital assets or a call to a smart contract.
3.7 public blockchain
A blockchain system in which each node can freely join or exit the network and
participate in the reading and writing of data on the chain.
3.8 consortium blockchain
A blockchain system in which each node corresponds to an entity organization and can
only join or exit the network after authorization.
3.9 private blockchain
A blockchain system in which the write and read permissions of each node are internally
controlled.
3.10 Merkle tree
A type of binary tree based on the hash pointer that can quickly verify the integrity of
information.
3.11 digital assets
A valuable asset that exists in the form of electronic data and can be sold or exchanged
by the holder.
3.12 identity-based cryptographic
An identity-based password system.
NOTE: It is an asymmetric public key cryptography system.
4 Abbreviations
The following abbreviations apply to this document.
CA: Certification Authority
CSR: Certificate Signing Request
DPoS: Delegated Proof of Stake
a) Data layer: After the transaction passes the legality verification, it is
persistently stored in the database in the form of a transaction set (such as a
block) or a single transaction, and the data is time-series connected through
hash values.
b) Network layer: Each network node in the blockchain communicates through
P2P technology, and TLS and other technologies can be used to establish a
secure channel.
c) Consensus layer: The consensus protocol is the core of the blockchain. In
practical applications, the appropriate consensus protocol shall be selected
according to needs.
d) Incentive layer: Integrate economic factors or other incentive factors into the
blockchain technology system, mainly including the issuance mechanism and
distribution mechanism of economic incentives, etc. Consortium blockchains
and private blockchains do not need to use incentive mechanisms.
e) Smart contract layer: A smart contract is a set of commitments defined in
digital form, including the protocols for the contract participants to execute
these commitments. It can be regarded as a program deployed on the
blockchain that can run automatically. It mainly encapsulates various scripts,
algorithms, and instructions, and is the basis of the programmable nature of
the blockchain.
f) Application layer: Various application scenarios and environments in which
blockchains are used.
Each layer in the blockchain technology architecture requires corresponding
cryptographic technology support. In the blockchain technology architecture, the
required cryptographic technology shall be independent of the functional architecture
and provide support for the blockchain functional architecture. Therefore, it is
necessary to build an independent cryptographic technology support environment (as
shown on the right side of Figure 1) to serve each layer in the blockchain functional
architecture to protect its application security and operation security.
The blockchain cryptographic technology support environment involves three aspects.
a) Basic cryptographic algorithm: The lowest-level cryptographic algorithms
used to ensure the confidentiality, integrity, authenticity, and non-repudiation
of information in blockchain systems, mainly including symmetric key
algorithms, asymmetric key algorithms, hash algorithms, etc.
b) Cryptographic protocols: Cryptographic protocols require multi-party
interaction to meet various security requirements in blockchain systems.
Cryptographic protocols mainly include homomorphic encryption, searchable
encryption, ring signatures, group signatures, secure multiparty computation,
entity authentication, key agreement, secret sharing, order-preserving
encryption, commitment, zero-knowledge proof, etc.
c) Cryptographic infrastructure: The cryptographic infrastructure of the
blockchain system mainly includes the PKI cryptographic system and the
identity-based cryptographic system.
6 Blockchain cryptographic application requirements
Blockchain systems can be divided into public blockchains, consortium blockchains,
and private blockchains according to different node access control mechanisms and
application scenarios. Transactions usually include user registration, real-name
authentication, transaction creation, transaction verification and block consensus, block
confirmation and synchronization, and block query. Data such as transaction behaviors
between users are stored in the form of decentralized ledgers on multiple participating
nodes. To ensure the security of blockchain transactions, the following cryptographic
application security requirements exist.
a) Entity authentication and permission control requirements for blockchain
transactions. Entity authentication is to confirm whether the identity of an
entity (user, device, system, etc.) is authentic and legal when the entity
conducts transactions in a blockchain network. Permission control needs to
ensure that blockchain users have the authority to perform transactions and
other operations.
b) Transaction confidentiality requirements. Prevent secret information in user
transaction information from being illegally stolen during storage and
transmission.
c) Integrity requirements for blockchain transaction records and blockchain
ledgers:
-- It is necessary to ensure that the information seen by all parties in the
blockchain network is completely consistent. Therefore, it is required to
ensure the integrity of transaction information during the transaction
generation, storage, and transmission process, and prevent it from being
illegally tampered with;
-- It is necessary to ensure the consistency of the blockchain ledger information
stored on each node. Therefore, on the basis of combining the consensus
protocol, the integrity of the blockchain ledger is ensured to prevent it from
being illegally tampered with.
7.2 Digital signature requirements
The digital signature format and usage requirements shall comply with GB/T 35276,
GB/T 35275, GB/T 38635.1 and GB/T 38635.2.
7.3 Security requirements for cryptographic devices
It shall pass commercial cryptography testing and certification.
7.4 Key management security requirements
Identity authentication keys, data encryption keys, etc. in blockchain applications shall
use cryptographic devices or modules that have passed commercial cryptography
testing and certification to achieve secure management of key generation, storage,
distribution, import and export, use, backup and recovery, archiving, and destruction.
The keys for the encryption of communication data between blockchain nodes and the
encryption of data stored on blockchain nodes shall be properly stored by cryptographic
devices or modules that have been certified by commercial cryptography testing. The
keys shall also be strictly managed for their life cycle, shall not be permanently valid,
and shall be replaced after a certain period of time.
7.5 Certificate management requirements
Digital certificates in blockchain are mainly divided into two categories: one is the
digital certificate used by end users to complete identity authentication, secure
communication and transaction signature; the other is the digital certificate used by
blockchain nodes to complete identity authentication, transaction endorsement and
secure communication.
a) The construction of the certificate authentication system and related key
management system shall comply with GB/T 25056, GM/T 0037 and GM/T
0038;
b) The digital certificate and CRL format shall comply with GB/T 20518.
7.6 Data security requirements
In principle, data exchange between nodes of the blockchain shall not be transmitted in
plain text. It is advisable to use asymmetric cryptographic technology to negotiate keys
and use symmetric encryption algorithms to encrypt and decrypt data. Data providers
shall also strictly evaluate the sensitivity and security level of the data, decide whether
to send the data to the blockchain, whether to desensitize the data, and adopt strict
access control measures.
Secure channels can be configured between nodes of the blockchain and between the
application end and nodes to ensure the security of data communication. The secure
channel shall use cryptographic algorithms and cryptographic protocols that meet the
requirements of national cryptographic standards and industry standards to ensure the
confidentiality and integrity of transmitted data.
7.7 Consensus protocol security requirements
The consensus protocol shall provide clear cryptographic mechanisms to ensure that
the consensus protocol has the following properties in the operating environment:
a) All parties involved in consensus negotiation shall use cryptographic
technology to achieve identity authentication;
b) Sensitive information sent during the execution of the consensus protocol shall
use cryptographic technology to ensure confidentiality, integrity, and non-
repudiation;
c) Clear security boundaries shall be proposed to ensure the fault tolerance,
consistency and availability of consensus protocol execution;
d) All honest consensus negotiation nodes reach consensus within ...
Share
