CN110460536B - Data processing method and apparatus for block chain, medium, and electronic device - Google Patents

Data processing method and apparatus for block chain, medium, and electronic device Download PDF

Info

Publication number
CN110460536B
CN110460536B CN201910789386.1A CN201910789386A CN110460536B CN 110460536 B CN110460536 B CN 110460536B CN 201910789386 A CN201910789386 A CN 201910789386A CN 110460536 B CN110460536 B CN 110460536B
Authority
CN
China
Prior art keywords
preparation
message
node
verification information
return
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910789386.1A
Other languages
Chinese (zh)
Other versions
CN110460536A (en
Inventor
徐植君
裴磊
黄剑
王舒榕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN201910789386.1A priority Critical patent/CN110460536B/en
Publication of CN110460536A publication Critical patent/CN110460536A/en
Application granted granted Critical
Publication of CN110460536B publication Critical patent/CN110460536B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present specification provides a data processing method and apparatus, a medium, and an electronic device for a block chain, the data processing method including: generating pre-preparation verification information according to the preparation message; under the condition that the number of the pre-preparation verification information is determined to be 2f + a and the number of the pre-preparation verification information which is the same as the pre-preparation verification information stored by the main node is larger than f, generating a second return message to enable the main node to generate a consensus message; and generating preparation verification information according to the consensus information, and executing the service request acquired from the client under the condition that the number of the preparation verification information is determined to be 2f + b and the number of the preparation verification information which is the same as the self-stored preparation verification information is more than f. The slave nodes enable the communication complexity of the distributed network to be kept in the order of O (n); as the number of distributed network nodes increases substantially, the communication complexity only grows linearly.

Description

Data processing method and apparatus for block chain, medium, and electronic device
Technical Field
The present specification relates to the technical field of distributed system data transmission processing, and specifically relates to a data processing method and apparatus for a block chain, a medium storing the foregoing method, and an electronic device implementing the foregoing method.
Background
In a distributed system with the byzantine problem, each node needs to agree on the network state through a consensus mechanism, and then a service request initiated by a client needs to be processed. Currently, the Practical Byzantine Fault-tolerant algorithm (PBFT) has been applied in some federation chains of network node numbers.
Because each node in the PBFT algorithm needs to receive the messages broadcast by other N-1 nodesThe message is to be broadcast to the other N-1 nodes, and thus the communication complexity is O (N) 2 ) (wherein N = N-1). Conceivably, if the PBFT algorithm is adopted to achieve consensus of nodes, as the number of nodes increases, the communication complexity of the entire distributed network may increase sharply; in order to meet the availability requirement, the number of nodes in the distributed network needs to be strictly limited, and the requirement of increasing the number of nodes for capacity expansion of the distributed network in practical application cannot be met.
Disclosure of Invention
The present specification provides the following data processing method and apparatus, medium, and electronic device that executes the data processing method.
In a first aspect, the present specification provides a data processing method applied to a slave node in a distributed network, the method including:
acquiring pre-preparation verification information according to the preparation message; the preparation message is generated by the master node according to a first return message sent by 2f + a different slave nodes; the first return message comprises pre-preparation check information generated by the corresponding slave node according to the pre-preparation message and a first signature;
Figure GDA0003874494770000011
n is the number of nodes of the distributed network, and a is more than or equal to 1 and less than or equal to f;
judging whether the number of the pre-preparation verification information is 2f + a or not and whether the number of the pre-preparation verification information which is the same as the pre-preparation verification information stored in the pre-preparation verification information is larger than f or not; if so, generating a second return message and sending the second return message to the main node; the second return message comprises preparation verification information generated according to the preparation message and a second signature; b is more than or equal to 1 and less than or equal to f;
generating preparation verification information according to the consensus information; wherein, the consensus message is generated by the master node according to 2f + b second return messages;
judging whether the number of the prepared verification information is 2f + b or not and whether the number of the prepared verification information which is the same as the prepared verification information stored by the user is larger than f or not; and if so, executing the service request acquired from the client.
Optionally, the preparation message includes a first multiple signature and a first number set; the first multiple signature is generated by the master node according to a first return message sent by 2f + a different slave nodes; the first number set is generated by the master node according to the numbers of 2f + a slave nodes which send the first return message;
the acquiring the pre-preparation verification information according to the preparation message includes:
and selecting a public key corresponding to the node number to decrypt the first multiple signature according to the node number in the first number set, and generating pre-preparation verification information.
Optionally, the consensus message includes a second multiple signature and a second number set; the second multiple signature is generated by the master node according to a second return message sent by 2f + b different slave nodes; the second number set is generated by the master node according to the numbers of 2f + b slave nodes which send the second return message;
the obtaining of the preparation verification information according to the preparation message includes:
and selecting a public key corresponding to the node number to decrypt the second multiple signature according to the node number in the second number set, and generating pre-preparation verification information.
Optionally, the foregoing method further includes:
and if the number of the information to be verified is less than 2f + b, initiating the master node switching.
Optionally, the method further includes:
and if the number of the prearranged verification information is judged to be less than 2f + a, initiating the main node switching.
In another aspect, the present specification provides another data processing method applied to a master node of a distributed network, the method including:
generating a preparation message according to the received 2f + a first return messages, and broadcasting the preparation message to the slave nodes so that the slave nodes generate second return messages; wherein the first return message comprises pre-preparation check information generated by the corresponding slave node according to the pre-preparation message, and a first signature;
Figure GDA0003874494770000021
n is the number of nodes of the distributed network, and a is more than or equal to 1 and less than or equal to f;
generating a consensus message according to the received 2f + b second return messages, and broadcasting the consensus message to the slave nodes so that the slave nodes generate preparation verification information; wherein 1 ≦ b ≦ f, the second return message includes preparation check information generated from the preparation message corresponding to the slave node, and a second signature.
Optionally, the generating a preparation message according to the received 2f + a first return message includes:
generating a first multiple signature according to the received 2f + a first return messages by adopting a multiple signature algorithm, and generating a first number set according to the numbers of 2f + a slave nodes sending the first return messages; the prepare message includes the first multiple signature and the first number set.
Optionally, the generating a consensus message according to the received 2f + b second return messages includes:
generating a second multiple signature according to the received 2f + b second return messages by adopting a multiple signature algorithm, and generating a second number set according to the numbers of 2f + b slave nodes sending the second return messages; the consensus message comprises the second multiple signature and the second number set.
Optionally, the multiple signature algorithm is an EC-Schnorr algorithm; and/or the presence of a gas in the atmosphere,
the first number set and/or the second number set are/is a Bitmap data set.
In yet another aspect, the present specification provides another data processing method for use in a distributed network, the distributed network including a master node and slave nodes; the method comprises the following steps:
the master node generates a preparation message according to the received 2f + a first return messages and broadcasts the preparation message to the slave nodes; wherein the first return message comprises pre-preparation check information generated from a node according to a pre-preparation message, and a first signature;
Figure GDA0003874494770000031
n is the number of nodes of the distributed network, and a is more than or equal to 1 and less than or equal to f;
the slave node acquires pre-preparation verification information according to the preparation message;
judging whether the number of the pre-preparation verification information is 2f + a or not and whether the number of the pre-preparation verification information which is the same as the pre-preparation verification information stored by the slave node is larger than f or not; if so, generating a second return message and sending the second return message to the main node; the second return message comprises preparation verification information generated according to the preparation message and a second signature;
the master node generates a consensus message according to the received 2f + b second return messages and broadcasts the consensus message to the slave nodes; wherein b is more than or equal to 1 and less than or equal to f;
the slave node generates preparation verification information according to the consensus information;
judging whether the number of pieces of preparation verification information is 2f + b or not and whether the number of pieces of preparation verification information which is the same as the self-stored preparation verification information is larger than f or not by the slave node; and if so, executing the service request acquired from the client.
Optionally, the master node generates a preparation message according to the received 2f + a first return messages, including: generating a first multiple signature according to the received 2f + a first return messages by adopting a multiple signature algorithm, and generating a first number set according to the numbers of 2f + a slave nodes sending the first return messages; the prepare message includes the first multiple signature and the first number set;
the slave node acquires the pre-preparation verification information according to the preparation message, and the method comprises the following steps: selecting a public key corresponding to the node number to decrypt the first multiple signature according to the node number in the first number set, and generating pre-preparation verification information; and/or the presence of a gas in the gas,
the master node generates a consensus message according to the received 2f + b second return messages, including: generating a second multiple signature according to the received 2f + b second return messages by adopting a multiple signature algorithm, and generating a second number set according to the numbers of 2f + b slave nodes sending the second return messages; the consensus message comprises the second multiple signature and the second number set;
the slave node generates preparation verification information according to the consensus information, and the preparation verification information comprises the following steps: and selecting a public key corresponding to the node number to decrypt the second multiple signature according to the node number in the second number set, and generating the verification preparation information.
Optionally, the multiple signature algorithm is an EC-Schnorr algorithm; and/or the presence of a gas in the gas,
the first number set and/or the second number set are/is a Bitmap data set.
Optionally, the foregoing method further includes:
and if the slave node judges that the number of the information to be verified is less than 2f + b, initiating the master node switching.
Optionally, the method further includes:
and if the number of the prearranged verification information is judged to be less than 2f + a, initiating the main node switching.
The present specification provides a data processing apparatus, the apparatus comprising:
a pre-preparation authentication information generation unit for acquiring pre-preparation authentication information according to the preparation message; wherein, the preparation message is generated by the master node according to a first return message sent by 2f + a different slave nodes; the first return message comprises corresponding pre-preparation check information generated by the slave node according to the pre-preparation message and a first signature;
Figure GDA0003874494770000041
n is the number of nodes of the distributed network, and a is more than or equal to 1 and less than or equal to f;
a first judging unit, configured to judge whether the number of pieces of pre-preparation verification information is 2f + a and whether the number of pieces of pre-preparation verification information that is the same as the pre-preparation verification information stored by itself is greater than f;
a first execution unit, configured to generate a second return message and send the second return message to the master node when the number of pre-preparation authentication information is 2f + a and the number of pre-preparation authentication information that is the same as the pre-preparation authentication information stored in the slave node itself is greater than f; the second return message comprises preparation verification information generated according to the preparation message and a second signature; b is more than or equal to 1 and less than or equal to f;
a preparation authentication information generation unit for generating preparation authentication information based on the consensus message; wherein, the consensus message is generated by the master node according to 2f + b second return messages;
a second judging unit, configured to judge whether the number of pieces of preparation verification information is 2f + b and whether the number of pieces of preparation verification information that is the same as the preparation verification information stored by itself is greater than f;
and a second execution unit, configured to execute the service request acquired from the client if the number of pieces of preparation verification information is 2f + b and the number of pieces of preparation verification information that is the same as the preparation verification information stored by the second execution unit is greater than f.
Optionally, the preparation message includes a first multiple signature and a first number set; the first multiple signature is generated by the master node according to a first return message sent by 2f + a different slave nodes; the first number set is generated by the master node according to the numbers of the 2f + a slave nodes sending the first return message;
the acquiring the pre-preparation verification information according to the preparation message includes:
and selecting a public key corresponding to the node number to decrypt the first multiple signature according to the node number in the first number set, and generating pre-preparation verification information.
Optionally, the consensus message includes a second multiple signature and a second number set; the second multiple signature is generated by the master node according to a second return message sent by 2f + b different slave nodes; the second number set is generated by the master node according to the numbers of 2f + b slave nodes which send the second return message;
the obtaining of the preparation verification information according to the preparation message includes:
and selecting a public key corresponding to the node number to decrypt the second multiple signature according to the node number in the second number set, and generating pre-preparation verification information.
Optionally, the first execution unit is configured to initiate master node switching when the number of pre-preparation authentication information is less than 2f + a.
Optionally, the second performing unit is configured to initiate master node switching when the number of pieces of preparation authentication information is less than 2f + b.
The present specification provides a data processing apparatus, the apparatus comprising:
a first generating unit, configured to generate a preparation message according to the received 2f + a first return messages, and broadcast the preparation message to the slave node, so that the slave node generates a second return message; wherein the first return message comprises pre-preparation check information generated by the corresponding slave node according to the pre-preparation message, and a first signature;
Figure GDA0003874494770000051
n is the number of nodes of the distributed network, and a is more than or equal to 1 and less than or equal to f;
a second generating unit, configured to generate a consensus message according to the received 2f + b second return messages, and broadcast the consensus message to the slave nodes, so that the slave nodes generate preparation verification information; wherein 1 ≦ b ≦ f, the second return message includes preparation check information generated from the preparation message corresponding to the slave node, and a second signature.
Optionally, the generating a preparation message according to the received 2f + a first return messages includes:
generating a first multiple signature according to the received 2f + a first return messages by adopting a multiple signature algorithm, and generating a first number set according to the numbers of 2f + a slave nodes sending the first return messages; the prepare message includes the first multiple signature and the first number set.
Optionally, the generating a consensus message according to the received 2f + b second return messages includes:
generating a second multiple signature according to the received 2f + b second return messages by adopting a multiple signature algorithm, and generating a second number set according to the numbers of 2f + b slave nodes sending the second return messages; the consensus message comprises the second multiple signature and the second number set.
Optionally, the multiple signature algorithm is an EC-Schnorr algorithm; and/or the presence of a gas in the gas,
the first number set and/or the second number set are/is a Bitmap data set.
The present specification provides a data processing apparatus comprising a master node and a slave node,
the master node generates a preparation message according to the received 2f + a first return messages and broadcasts the preparation message to the slave nodes; wherein the first return message comprises pre-preparation check information generated from a node according to a pre-preparation message, and a first signature;
Figure GDA0003874494770000061
n is the number of nodes of the distributed network, and a is more than or equal to 1 and less than or equal to f;
the slave node acquires pre-preparation verification information according to the preparation message;
under the condition that the slave node judges that the number of the pre-preparation verification information is 2f + a and the number of the pre-preparation verification information which is the same as the pre-preparation verification information stored by the slave node is larger than f, generating a second return message and sending the second return message to the master node; the second return message comprises preparation verification information generated according to the preparation message and a second signature;
the master node generates a consensus message according to the received 2f + b second return messages and broadcasts the consensus message to the slave nodes; wherein b is more than or equal to 1 and less than or equal to f;
the slave node generates preparation verification information according to the consensus information;
the slave node executes the service request acquired from the client under the condition that the number of the preparation verification information is judged to be 2f + b and the number of the preparation verification information which is the same as the preparation verification information stored by the slave node is larger than f.
Optionally, the master node generates a preparation message according to the received 2f + a first return messages, including: generating a first multiple signature according to the received 2f + a first return messages by adopting a multiple signature algorithm, and generating a first number set according to the numbers of 2f + a slave nodes sending the first return messages; the prepare message includes the first multiple signature and the first number set;
the slave node acquires the pre-preparation verification information according to the preparation message, and the method comprises the following steps: selecting a public key corresponding to the node number to decrypt the first multiple signature according to the node number in the first number set, and generating pre-preparation verification information; and/or the presence of a gas in the atmosphere,
the master node generates a consensus message according to the received 2f + b second return messages, including: generating a second multiple signature according to the received 2f + b second return messages by adopting a multiple signature algorithm, and generating a second number set according to the numbers of 2f + b slave nodes sending the second return messages; the consensus message comprises the second multiple signature and the second number set;
the slave node generates preparation verification information according to the consensus information, and the preparation verification information comprises the following steps: and selecting a public key corresponding to the node number to decrypt the second multiple signature according to the node number in the second number set, and generating the verification preparation information.
Optionally, the multiple signature algorithm is an EC-Schnorr algorithm; and/or the presence of a gas in the atmosphere,
the first number set and/or the second number set are/is a Bitmap data set.
Optionally, the system further includes: and the slave node initiates the master node switching under the condition that the number of the information ready for verification is judged to be less than 2f + b.
Optionally, the system further includes: and the slave node initiates the master node switching under the condition that the number of the pre-preparation authentication information is judged to be less than 2f + a.
The present specification provides a medium having stored thereon a plurality of instructions adapted to be loaded by a processor and to perform the data processing method as described above.
The present specification provides an electronic device comprising a memory and a processor; the memory stores a plurality of instructions; the instructions are adapted to be loaded by the processor and to perform the data processing method as described above.
When the data processing method, the slave node, the master node and the data processing system provided by the specification run, after the master node sends a pre-preparation message or a preparation message to the slave node, the slave node only generates a corresponding first return message or a corresponding second return message, and returns the first return message or the second return message to the master node; therefore, the communication complexity of the whole network is kept in the order of O (n); as the number of distributed network nodes increases substantially, the communication complexity only grows linearly.
Drawings
FIG. 1 is a schematic diagram of a distributed network;
FIG. 2 is a general schematic diagram of a data processing method according to an embodiment;
FIG. 3 is an interaction flow diagram of a data processing method according to an embodiment;
FIG. 4 is a flowchart of a data processing method according to a second embodiment;
FIG. 5 is a flowchart of a data processing method according to a third embodiment;
FIG. 6 is a schematic structural diagram of a data processing apparatus according to a fourth embodiment;
FIG. 7 is a schematic structural diagram of a data processing apparatus according to a fifth embodiment;
FIG. 8 is a schematic structural diagram of an electronic device provided by the seventh embodiment;
wherein: 11-a pre-preparation authentication information generation unit, 12-a first judgment unit, 13-a first execution unit, 14-a preparation authentication information generation unit, 15-a second judgment unit, 16-a second execution unit; 21-a first generating unit, 22-a second generating unit; 31-central processor, 32-memory, 33-communication module, 34-power supply, 35-output component, 36-input component.
Detailed Description
The present specification will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not to be construed as limiting the invention. It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings.
Before describing the specific embodiments provided in this specification, a brief introduction will be made to the structure of the distributed network. Fig. 1 is a schematic diagram of a distributed network. As shown in fig. 1, the distributed network includes a plurality of nodes and clients; in order to realize that a plurality of network nodes can form consensus, each network node becomes a main node in the network through a certain competition mechanism; the overall network consensus is then achieved by sending various authentication messages between the master node and the slave nodes, or between the slave nodes and the slave nodes.
According to the mathematic proof of the Byzantine problem, in a distributed network with N total number of nodes, only under the condition that N is more than or equal to 3f +1 (f is the number of malignant nodes), the whole network can achieve consensus through a Byzantine fault-tolerant algorithm; therefore, the following embodiments can be implemented on the premise that: determining a maximum number of rogue nodes in an overall network
Figure GDA0003874494770000081
In addition, another premise that the nodes in the distributed network can achieve consensus is that: the nodes adopt an asymmetric encryption algorithm. That is, the node initiating the message signs the initiated message by using the private key, and the node receiving the message can authenticate the signature by using the corresponding public key to verify whether the message is tampered.
Example one
FIG. 2 is a general diagram illustrating a data processing flow in a distributed network according to an embodiment; fig. 3 is an interaction flowchart of a data processing method in a distributed network according to an embodiment. The specific implementation process implemented in the present specification is analyzed with reference to fig. 2 and 3; the method provided by the embodiment comprises steps S101-S111.
S101: the client generates a request message and broadcasts the request message.
Step S101 corresponds to the request phase in fig. 2.
After a client initiates a service request, the client broadcasts a request message to the distributed network, so that each available node (i.e., a node with normal network connection) in the distributed network can receive the request message.
In practical application, there may be multiple clients in a distributed network, each client may generate a service request, and each client may initiate multiple service requests in a short time, and in order to distinguish request messages sent by different clients at different times, the content in the request messages includes: service request, timestamp, client ID, signature.
S102: the main node generates a pre-preparation message according to the request message and broadcasts the pre-preparation message.
Step S102 corresponds to the left half of the "preliminary preparation phase" in fig. 2.
Here, the master node is a node selected according to the competition rule in the distributed network and capable of performing a data relay and specific data aggregation generation function within a time period.
In one embodiment, the computational formula p = v mod | N | may be employed to determine which node in the distributed network is the master node; wherein: v is the view number, p is the obtained number of the forming master node, and N is the number of all nodes in the distributed network. In other embodiments, other contention rules known in the art may be employed to select the master node. It should be noted that without the slave node being authenticated, it is not possible to confirm whether the master node is a non-rogue node.
Here, in order to implement the description of the solution of the present embodiment, it is assumed that the master node is a non-malicious node, and a description is made on the whole flow of the solution; additionally, in some steps and in the following discussion, consider again the process flow of a master node being a rogue node.
And after receiving the request message sent by the client and verifying the signature of the request message, the main node generates a pre-prepared message according to the service request in the request message.
In one possible embodiment, such as the aforementioned embodiment that uses the view number to determine the master node, the content of the pre-preparation message includes: view number, current request number, request message digest, and signature.
The current request number is a number which is allocated by the main node for the current request, can be matched with the view number and can realize unique identification of the pre-prepared message in the distributed network.
The request message abstract is verification information generated by the main node according to the service request in the request message, so that the slave node can verify whether the prepared message initiated by the main node corresponds to the correct request message, and then verify whether the main node is a malicious main node.
In some practical applications, the request digest may be obtained by converting the request content in the request message by using a hash algorithm, and generating a hash value as the request digest. In some applications, the request message may also be used as a request digest if the fields of the request message are small. Of course, in other embodiments, other verification methods may be used to generate the request message digest.
The signature in the pre-prepared message is used to verify whether the pre-prepared message is tampered by other nodes than the master node or whether it is a forged pre-prepared message by other nodes.
S103: and the slave node generates a first return message according to the received request message and the pre-preparation message and sends the first return message to the master node.
Step S103 corresponds to the right half of the "preparatory phase" in fig. 2. In the embodiment of the present specification, the slave node may be a non-malicious slave node or a malicious slave node.
After the non-malicious slave node receives the pre-preparation message, verifying whether the pre-preparation message is tampered or not through a signature and a public key corresponding to the master node; after verifying that the pre-prepared message is not tampered, the non-malicious slave node verifies the request message digest in the pre-prepared message according to the received request message, and determines whether the request message digest in the pre-prepared message is generated according to the request message; and under the condition that the request message digest is determined to be generated according to the request message, the non-malicious slave node generates the pre-preparation check information according to the pre-preparation message, generates a signature, and forms the pre-preparation check information and the signature into a first return message. That is, the first return message includes the pre-preparation verification information and a signature for verifying whether the first return message is tampered.
It should be noted that the pre-preparation check information in the first return message generated by all non-rogue slave nodes is the same.
The operation of the rogue node includes several possibilities: (1) After receiving the pre-preparation message, the malicious slave node does not process the pre-preparation message and does not generate pre-preparation check information; (2) After verifying the pre-preparation message, the malicious slave node does not generate pre-preparation check information according to the pre-preparation message, but generates wrong pre-preparation check information; subsequently, the slave node doing malicious also generates a signature and forms a first return message; (3) In some cases, the rogue node does not rogue at this step, but rather generates the first return message as a non-rogue node.
Of course, in practice, without a large number of comparisons of a large number of first return messages, it is not possible to determine which first return message was generated by a rogue node.
S104: after receiving 2f +1 first return messages, the master node generates a preparation message according to 2f +1 first return messages and broadcasts the preparation message to the slave nodes.
Step S104 corresponds to the left half of the "preparation stage" in fig. 2. Wherein
Figure GDA0003874494770000111
After receiving 2f +1 first return messages sent by different slave nodes, the master node may integrate the first return messages to generate a preparation message.
In the case where the master node is a non-rogue node, the master node does not tamper with the preparation message generated from the first return message in the process of generating the preparation message.
In the case where the master node is a rogue node, the master node may tamper with the prepare message generated from the first return message.
In practical applications, the method for generating the preparation message by the master node according to the first return message at least includes the following two methods.
a. The master node directly integrates the 2f +1 first return messages into a data table to generate a preparation message; at this time, if the master node falsifies the preparation message, the master node falsifies the content that is originally the same as the first return message and is stored in the preparation message.
b. The master node generates a first multiple signature according to the signatures in the 2f +1 first return messages, writes the node numbers corresponding to the first return messages generating the first multiple signature into a first number set, and writes the multiple signature and the first number set into the preparation message. Wherein the first number set is used to inform the slave nodes in a subsequent step which slave nodes use the corresponding public keys to decrypt the multiple signatures.
If the master node is a rogue node, the way to tamper with the prepare message is as follows: the multiple signature content is tampered, and the number in the first number set can also be tampered.
In particular embodiments, the master node may use the EC-Schnorr algorithm to form the multiple first multiple signatures, or may use other algorithms known in the art to form the first multiple signatures. In addition, in order to simplify the data amount of the first number set, the first number set may be a data set in a Bitmap form.
S105: the slave node generates pre-provisioning validation information based on the provisioning message.
Step S105 corresponds to the right half of the "preparation phase" in fig. 2.
According to the method of the master node forming the preparation message in the aforementioned step S104, there are two methods of the non-malicious slave node obtaining the pre-preparation authentication information from the preparation message.
c. For the method a in S104, the slave node directly adopts the public key of each slave node forming the first return message to verify whether each first return message in the preparation message is tampered; and under the condition that the first return message is not tampered, taking the pre-preparation verification information in the corresponding first return message as pre-preparation verification information.
d. For the method b in S104, the slave node selects a public key corresponding to each slave node according to the slave node number in the first number set to verify the multiple signature. Obtaining 2f +1 pieces of pre-preparation verification information as pre-preparation verification information under the condition that the multiple signatures are verified to pass; if the authentication fails, the pre-prepared authentication information cannot be obtained.
After the malicious slave node obtains the preparation message, the possible operations are as follows: (1) Operating in the manner of the non-rogue node; and (2) not processing the prepare message.
It should be noted that in practice, in order to ensure that the preparation message received from the master node is sent by the master node: s104 after the master node generates the prepare message, the master node signs the prepare message, and the slave node verifies that the prepare message is sent by the master node and is not tampered with, and then S105 is executed.
S106: judging whether to generate 2f +1 pieces of pre-preparation verification information from the nodes, and judging whether the number of the pre-preparation verification information which is the same as the pre-preparation verification information stored by the nodes is larger than f; if yes, go to step S107.
Step S106 corresponds to the right half of the "preparation phase" in fig. 2.
Judging whether obtaining 2f +1 pieces of pre-preparation verification information or not, wherein the information is used for judging whether the main node generates a preparation message for tampering; if obtaining 2f +1 pieces of pre-preparation verification information, determining that the main node does not tamper with the preparation information, and trusting the main node in the step; and if less than 2f +1 pieces of pre-preparation verification information are obtained, the master node is determined to tamper the preparation information and is used as a malicious node.
And judging whether the number of the pre-preparation verification information which is the same as the pre-preparation verification information stored by the slave node is larger than f or not, wherein the judgment is used for judging whether most slave nodes follow a principle of few obedients and majority and determining whether most slave nodes agree with the pre-preparation message sent by the master node or not. If the number of the pre-preparation verification information which is the same as the pre-preparation verification information stored in the slave node is larger than f, determining that most slave nodes agree with the pre-preparation information sent by the master node; if instead, it may be verified that rogue nodes of the distributed network may be too many to reach consensus.
It should be noted that the slave node not doing malicious must execute step S106; the behavior of the rogue node is not expected, and may execute S106 on the basis of executing step S105, or may not execute S106.
S107: and the slave node generates a second return message according to the preparation message and sends the first return message to the master node.
Step S107 corresponds to the right half of the "preparation phase" in fig. 2.
In step S107, the non-rogue slave node generates preparation verification information from the preparation message, generates a signature, and forms the preparation verification information and the signature into a second return message. That is, the second return message includes the preparation verification information and a signature for verifying whether the second return message is tampered with.
It should be noted that the prepare check information in the second return message generated by all non-rogue slave nodes is the same.
The operation of the rogue node includes the following possibilities: (1) After receiving the preparation message, the malicious slave node does not process the preparation message and does not generate preparation verification information; (2) After verifying the preparation message, the malicious slave node does not generate preparation check information according to the preparation message, but generates an error preparation check message; subsequently, the slave node doing malicious also generates a signature and forms a second return message; (3) In some cases, the rogue node does not rogue at this step, but generates a second return message as a non-rogue node.
Of course, in practice, without a large number of comparisons of a large number of second return messages, it is not possible to determine which first return message was generated by a rogue node.
S108: and after receiving the 2f +1 second return messages, the master node generates a consensus message and broadcasts the consensus message to the slave nodes.
Step S108 corresponds to the consensus phase in fig. 2.
After receiving 2f +1 second return messages sent by different slave nodes, the master node may integrate the second return messages to generate a consensus message.
In the case where the master node is a non-rogue node, the master node does not tamper with the preparation message generated from the second return message in the process of generating the consensus message. In the case where the master node is a malicious node, the master node may tamper with the consensus message generated from the second return message.
In practical applications, the method for the master node to generate the consensus message according to the second return message at least includes the following two methods.
e. The master node directly integrates the 2f +1 second return messages into a data table to generate a consensus message; at this time, if the master node falsifies the consensus message, the master node falsifies the content originally identical to the second return message, which is stored in the consensus message.
f. The master node generates a second multiple signature according to the signatures in the 2f +1 second return messages, writes the node number corresponding to the second return message generating the second multiple signature into a second number set, and writes the second multiple signature and the second number set into the consensus message. Wherein the second number set is used to inform the slave nodes in a subsequent step which slave nodes correspond to public keys with which to verify the second multiple signature.
If the master node is a rogue node, the way to tamper with the prepare message is: tampering with the second multi-signed content may also be tampering with the numbers in the second set of numbers.
In particular embodiments, the master node may use the EC-Schnorr algorithm to form the plurality of second multiple signatures, or may use other algorithms known in the art to form the second multiple signatures. In addition, to simplify the data amount of the second number set, the second number set may be a data set in the form of a Bitmap.
S109: the slave node generates the preparation verification information according to the consensus information.
Step S109 corresponds to the "reply phase" in fig. 2.
According to the method of the master node forming the consensus message in the aforementioned step S108, there are two methods for the non-malicious slave node to obtain the preparation authentication information from the consensus message.
g. For the e method in S108, the slave node directly adopts the public key of each slave node forming the second return message to verify whether each second return message in the consensus message is tampered; and under the condition that the second return message is not tampered, taking the preparation verification information in the corresponding second return message as preparation verification information.
d. For the method f in S108, the slave node selects a public key corresponding to each slave node according to the slave node number in the second number set to verify the second multiple signature. Obtaining 2f +1 pieces of preparation verification information as preparation verification information under the condition that the second multiple signature passes verification; if the verification fails, the prepared verification information cannot be obtained.
After the malicious slave node obtains the consensus message, the possible operations are as follows: (1) Operating in the manner of the non-rogue node; and (2) not processing the consensus message.
It should be noted that, in practical applications, in order to ensure that the consensus message received from the node is sent by the master node: s109 the master node generates the consensus message, signs the consensus message, and the slave node verifies that the consensus message is sent by the master node through the signature and is not tampered with before executing S109.
S110: judging whether 2f +1 pieces of preparation verification information are generated from the nodes, and whether the number of the preparation verification information which is the same as the preparation verification information stored by the nodes is larger than f; if yes, go to step S111.
Step S110 corresponds to the "reply stage" in fig. 2.
Judging whether 2f +1 pieces of preparation verification information are obtained or not, and judging whether the main node generates a consensus message for tampering or not; if 2f +1 pieces of preparation verification information are obtained, the main node is determined not to tamper with the consensus information, and the main node can be trusted in the step; and if less than 2f +1 pieces of ready-to-verify information are obtained, the master node is determined to tamper the consensus message and is used as a malicious node.
Judging whether the number of pieces of preparation verification information identical to the preparation verification information stored by the slave node is larger than f is used for judging whether most slave nodes are known: most slave nodes agree on the message of the pre-prepared message sent by the master node. If the number of pieces of preparation verification information identical to the preparation verification information stored by itself is greater than f, it is determined that most of the slave nodes are known: most slave nodes agree on the message of the pre-prepared message sent by the master node; if instead, it may be verified that rogue nodes of the distributed network may be too many to reach consensus.
It should be noted that the slave node that is not malicious must execute step S110; the behavior of the rogue node is not expected, and may execute S110 on the basis of executing step S109, or may not execute S110.
S111: the slave node performs the service request in the request message.
Step S111 corresponds to "the recovery phase" in fig. 2. In specific application, the processing result generated by each slave node for processing the service request is sent to the corresponding client.
As can be seen from the foregoing analysis, in the distributed network provided in the embodiments of the present specification:
(1) In the request phase, the communication complexity of the client performing step S101 is O (N).
(2) In the pre-preparation phase, the communication complexity of the master node for executing the step S102 is O (N), the communication complexity of each slave node for executing the step S103 is O (1), and the communication complexity of N-1 slave nodes for executing the step S103 is O (N); the communication in the pre-preparation stage is complicated to O (2N).
(3) In the preparation phase, the communication complexity of the master node for executing the step 104 is O (N), the communication complexity of each slave node for executing the step S107 is also O (1), and the communication complexity of N-1 slave nodes for executing the step S107 is O (N); the communication complexity of the preparation phase is O (2N).
(4) In the consensus phase, the communication complexity of the master node performing step S108 is O (N).
(5) In the reply phase, the slave node executes step S110 with the maximum communication complexity of O (N)
It can be known from the combinations of (1) to (5) that, in the embodiment of the present specification, after the client initiates the request message, the communication complexity for executing a service request in the distributed network is O (6N).
When the number of nodes is increased, the communication complexity of the whole network only shows linear increase, and does not reach O (N) as the communication complexity in the PBFT algorithm 2 ) Of the order of magnitude of (c). That is, the method provided by the embodiments of the present specification achieves power series reduction of communication complexity compared to the BPFT algorithm. In practical application, the distributed network increases the number of nodes in a large amount in real time, and the communication complexity of the whole network is only linearly increased; thus, with a large number of nodes, communication of the distributed network is still achievable.
In the foregoing step S106, it is determined from the node whether 2f +1 pieces of pre-preparation verification information are obtained and the number of pieces of pre-preparation verification information that are the same as the pre-preparation verification information stored in the node is greater than f, and if so, S107 is performed. On the other hand, if the pre-preparation verification information of 2f +1 is not obtained, it proves that the master node falsifies the data in the process of generating the preparation message according to the first return message, so that the master node can be verified as a rogue node and is not determined as a non-rogue node, and therefore step S112 is performed.
S112: the slave node triggers the master node switch.
The slave node triggers the master node switch to trigger the distributed network to reselect one master node. In a specific application, the slave node initiating the master node switching request may be initiating a view switching request, so as to select a new master node through view switching. In other embodiments, the master node switch may be implemented by initiating other types of requests.
It should be noted that in practice, a non-rogue slave node may definitely trigger a master node switch, while a rogue slave node may not trigger a master node switch.
Similar to the previous paragraph, in step S110, the slave node determines whether 2f +1 pieces of preparation verification information are obtained and the number of pieces of preparation verification information that is the same as the preparation verification information stored by itself is greater than f, if yes, S111 is executed; if the preparation verification information of 2f +1 is not obtained, it proves that the master node falsifies the data in the process of generating the preparation message according to the second return message, so that the master node can be verified as a malicious node and is no longer determined as a non-malicious node, and thus step S112 is performed.
In the foregoing step S104, after receiving 2f +1 first return messages, the master node generates a preparation message; the slave node must obtain 2f +1 pieces of pre-preparation authentication information in step S106 to possibly perform S107; in other embodiments, the aforementioned first return message may also be 2f + a pieces of pre-preparation verification information, where 1 < a ≦ f, obtained through verification in step S106.
Similarly, in the foregoing steps S108 and S110, the number of second return messages may also be 2f + b, and 2f + b pieces of preparation verification information are verified in step S110, where 1 < b ≦ f.
Example two
The method for processing data in the distributed network provided by the embodiment two is applied to slave nodes in the distributed network. Fig. 4 is a flowchart of a data processing method in a distributed network according to a second embodiment; as shown in fig. 4, the method provided by the second embodiment includes steps S201 to S210.
S201: and generating a first return message according to the received request message and the pre-preparation message, and sending the first return message to the main node.
The request message is broadcast by the client and comprises the content of the service request; the request message is used to trigger whether the respective node has agreed to execute the service request and whether to execute the service request subsequently.
The pre-prepared message is generated by the master node according to the request message and is broadcast to each slave node. The pre-prepared message may include [ view number, current request number, request message digest, signature ], where the request message digest is used to verify whether the pre-prepared message initiated by the slave node verifying master node corresponds to a correct request message, and then to verify whether the master node is a rogue node; the signature is used to verify whether the pre-prepared message is tampered by other nodes than the master node or whether the pre-prepared message is forged by other nodes.
The slave node performing step S201 may be a non-malicious slave node or a malicious slave node; this embodiment is not particularly limited.
After the non-malicious slave node receives the pre-preparation message, verifying whether the pre-preparation message is tampered or not through the signature verification pre-preparation message and a public key corresponding to the master node; after verifying that the pre-prepared message is not tampered, the non-malicious slave node verifies the request message digest in the pre-prepared message according to the received request message, and determines whether the request message digest in the pre-prepared message is generated according to the request message; and under the condition that the request message digest is determined to be generated according to the request message, the non-malicious slave node generates the pre-preparation check information according to the pre-preparation message, generates a signature, and forms the pre-preparation check information and the signature into a first return message. That is, the first return message includes the pre-preparation verification information and a signature for verifying whether the first return message has been tampered with.
If the malicious slave node executes the step S201, after verifying the pre-preparation message, the malicious slave node does not generate the pre-preparation check information according to the pre-preparation message, but generates a tampered pre-preparation check information; the spoofing slave node then also generates a signature and forms a first return message.
It should be noted that the pre-preparation check information in the first return message generated by all non-rogue slave nodes is the same. In practice, without a large number of comparisons of a large number of first return messages, it is not possible to determine which first return message was generated by a rogue node.
S202: the slave node generates pre-provisioning validation information based on the provisioning message.
The preparation message is generated after the master node receives first return messages sent by 2f + a different slave nodes; wherein
Figure GDA0003874494770000171
In a specific implementation, the method for the master node to generate the preparation message according to the first return message includes two methods.
a. The master node directly integrates the 2f +1 first return messages into a data table to generate a preparation message; at this time, if the master node falsifies the preparation message, the contents originally identical to the first return message, which are stored in the preparation message, are falsified.
b. The master node generates a first multiple signature according to the signatures in the 2f +1 first return messages, writes the node numbers corresponding to the first return messages generating the first multiple signature into a first number set, and writes the multiple signature and the first number set into the preparation message. Wherein the first number set is used to inform the slave nodes in a subsequent step which slave nodes use their corresponding public keys to decrypt the multiple signatures.
In particular embodiments, the primary node may form the plurality of first multiple signatures using an EC-Schnorr algorithm, or may form the first multiple signatures using other algorithms known in the art. In addition, in order to simplify the data amount of the first number set, the first number set may be a data set in a Bitmap form.
If the master node is a rogue node, the way to tamper with the prepare message is: the multiple signature content is tampered, and the number in the first number set can also be tampered.
With respect to the foregoing two methods, there are the following two methods for obtaining the pre-preparation authentication information from the node according to the preparation message.
c. According to the method a, the slave nodes directly adopt the public keys of the slave nodes forming the first return messages to verify whether the first return messages in the prepared messages are tampered or not; and under the condition that the first return message is not tampered, taking the pre-preparation verification information in the corresponding first return message as pre-preparation verification information.
d. And for the method b, the slave nodes select the public keys corresponding to the slave nodes to verify the multiple signatures according to the slave node numbers in the first number set. Obtaining 2f +1 pieces of pre-preparation verification information as pre-preparation verification information under the condition that the multiple signatures pass through verification; if the authentication fails, the pre-prepared authentication information cannot be obtained.
S203: judging whether to generate 2f + a pieces of pre-preparation verification information; if yes, executing S204; if not, go to S210.
Judging whether obtaining 2f + a pieces of pre-preparation verification information or not, wherein the pre-preparation verification information is used for judging whether the main node tampers with data when generating a preparation message or not; if the 2f + a pieces of pre-preparation verification information are obtained, the master node is determined not to tamper the preparation information, and the master node can be trusted in the step; if less than 2f + a of pre-preparation authentication information is obtained, it is determined that the master node tampered with the data when generating the preparation message, and the master node is a malicious node.
S204: judging whether the number of the pre-preparation verification information which is the same as the pre-preparation verification information stored by the user self exceeds f; if yes, go to S205; if not, the execution is finished.
The slave node judges whether the number of the pre-preparation verification information which is the same as the pre-preparation verification information stored in the slave node is larger than f or not, and is used for judging whether most slave nodes follow the principle of few majority obeys and determining whether most slave nodes agree with the pre-preparation information sent by the master node or not. If the number of the pre-preparation verification information which is the same as the pre-preparation verification information stored in the slave node is larger than f, determining that most slave nodes approve the pre-preparation message sent by the master node; if not, the rogue nodes of the distributed network may be verified to be too many to reach consensus.
S205: and generating a second return message according to the preparation message, and sending the second return message to the main node.
In step S205, the slave node generates preparation verification information from the preparation message, generates a signature, and forms the preparation verification information and the signature into a second return message. That is, the second return message includes the preparation verification information and a signature for verifying whether the second return message is tampered with.
S206: the slave node generates the preparation authentication information based on the consensus message.
The consensus message is generated by the master node according to a second return message sent by different slave nodes of 2f + b.
In a specific implementation, the two methods for the master node to generate the consensus message according to the second return message include two methods.
e. The master node directly integrates the 2f +1 second return messages into a data table to generate a consensus message; at this time, if the host node falsifies the consensus message, the host node falsifies the content that is stored in the consensus message and is originally the same as the second return message.
f. The master node generates a second multiple signature according to the signatures in the 2f +1 second return messages, writes the node number corresponding to the second return message generating the second multiple signature into a second number set, and writes the second multiple signature and the second number set into the consensus message. Wherein the second number set is used to inform the slave nodes in a subsequent step which slave nodes correspond to public keys with which to verify the second multiple signature.
In particular embodiments, the primary node may form the plurality of second multi-signatures using the EC-Schnorr algorithm, or may form the second multi-signatures using other algorithms known in the art. In addition, to simplify the data amount of the second number set, the second number set may be a data set in the form of a Bitmap.
If the master node is a rogue node, the way to tamper with the prepare message is as follows: tampering with the second multi-signed content may also be tampering with the numbers in the second set of numbers.
Correspondingly, the method for generating the preparation verification information by the slave node according to the consensus information comprises the following two methods:
aiming at the e method, the slave node directly adopts the public key of each slave node forming the second return message to verify whether each second return message in the consensus message is tampered; and under the condition that the second return message is not tampered, taking the preparation verification information in the corresponding second return message as preparation verification information.
And aiming at the method f, the slave nodes select the public key corresponding to each slave node according to the slave node number in the second number set to verify the second multiple signature. Obtaining 2f +1 pieces of preparation verification information as preparation verification information under the condition that the second multiple signature passes verification; if the verification fails, the prepared verification information cannot be obtained.
S207: judging whether to generate 2f + b ready verification information; if yes, go to S208; if not, go to S210.
Judging whether 2f + b pieces of preparation verification information are obtained or not, wherein the preparation verification information is used for judging whether the main node falsifies data when generating the consensus message or not; if the 2f + b pieces of ready verification information are obtained, determining that the main node does not tamper with the data when the consensus information is generated, wherein the main node can be trusted; if less than 2f + b pre-preparation authentication information is obtained, it is determined that the master node falsifies data when the preparation message is generated, the master node is a malicious node, and thus step S210 is performed. Note that 1. Ltoreq. B. Ltoreq.f.
S208: judging whether the number of the prepared verification information which is the same as the self-stored prepared verification information exceeds f or not; if yes, go to S209; if not, the execution is finished.
The slave node judges whether the number of pieces of preparation verification information identical to the preparation verification information stored by the slave node is larger than f, and is used for judging whether most slave nodes are known: most slave nodes agree on the message of the pre-prepared message sent by the master node. If the number of pieces of preparation verification information identical to the preparation verification information stored by itself is greater than f, it is determined that most of the slave nodes are known: most slave nodes agree on the message of the pre-prepared message sent by the master node; if instead, it may be verified that rogue nodes of the distributed network may be too many to reach consensus.
S209: the service request in the request message is executed.
In specific application, the processing result generated by each slave node for processing the service request is sent to the corresponding client.
S210: triggering the main node switching.
The slave node triggers the master node switch to trigger the distributed network to reselect one master node. In a specific application, the slave node initiating the master node switching request may be initiating a view switching request, so as to select a new master node through view switching. In other specific applications, the master node switch may also be implemented by initiating other types of requests.
As can be seen from the foregoing analysis, in the distributed network provided in the embodiment of the present specification, the process of each slave node performing steps S202 to S208 is a process of determining that the network node reaches consensus; in steps S202-S208, when receiving the corresponding messages (pre-preparation message, preparation message) broadcast by the master node, each slave node only returns the corresponding response message (first return message, second return message) to the master node, instead of each slave node broadcasting its own generated message as in the PBFT algorithm, so that the communication complexity of the foregoing method can be determined to be of the order of O (N).
In practical application, the distributed network increases the number of nodes in a large amount in real time, and the communication complexity of the whole network is only linearly increased; thus, with a large number of nodes, communication of the distributed network is still achievable.
Step S201 in this embodiment may include S2011-S2012.
S2011: the slave node initiates timing according to the received request message.
S2012: judging whether the timing time is greater than the preset time, if so, executing S210; if not, the user needs to wait urgently.
It should be appreciated that the slave node generating the first return message from the pre-prepare message is premised on the ability to receive the pre-prepare message. The predetermined time may be an empirically determined maximum network delay for the distributed network. And if the slave node does not receive the pre-preparation message, judging that the master node does not send the pre-preparation message, and judging that the master node is a malicious node at the moment, so that the slave node can directly initiate master node switching.
EXAMPLE III
The method for achieving consensus by distributed network nodes provided by the third embodiment is applied to a master node of a distributed network. Fig. 5 is a flowchart of a data processing method according to the third embodiment. As shown in fig. 3, the method provided in the third embodiment includes steps S301 to S303.
S301: and generating a pre-preparation message according to the received request message, and broadcasting the pre-preparation message.
The request message is broadcast by the client and comprises the content of the service request; the request message is used to trigger whether the respective node has agreed to execute the service request and whether to execute the service request subsequently. In one particular application, the content of the request message may include a service request, a timestamp, a client ID, and a signature. Where the timestamp and client ID are used to uniquely identify the request message, the signature is used to verify whether the request message content was tampered with, or the request message is a forged request message.
After receiving the request message and verifying that the request message is not advertised through the signature, the main node generates a request message digest according to the service request and adds the request message digest to the pre-prepared message. In one practical application, the content of the pre-prepared message includes a view number, a current request number, a request message digest and a signature, wherein the view number and the current request number are used for uniquely representing the pre-prepared message, and the signature is used for verifying whether the pre-prepared message is tampered.
S302: and generating a preparation message according to the received 2f + a first return message, and broadcasting the preparation message to the slave nodes.
The first return message is generated by the slave node from the received pre-prepare message and request message, which includes [ pre-prepare check information, signature ]]. The foregoing description of the invention
Figure GDA0003874494770000211
Specifically, after receiving the pre-preparation message and verifying that the pre-preparation message is sent by the master node, the slave node extracts a request message abstract in the pre-preparation message, compares the request message abstract with a message abstract generated by the slave node according to the service request, and determines whether the request message abstract and the message abstract are the same; if the two are the same, the main node is determined to be a non-malicious node, and pre-preparation check information can be generated according to the pre-preparation message.
After the pre-preparation check information is generated, the slave node generates a corresponding signature to form a complete first return message and sends the complete first return message to the master node.
The method for the master node to generate the preparation message according to the 2f + a first return messages includes two methods.
a. The main node directly integrates the first return messages 2f +1 into a data table to generate a preparation message; at this time, if the master node falsifies the preparation message, the contents originally identical to the first return message, which are stored in the preparation message, are falsified.
b. The master node generates a first multiple signature according to the signatures in the 2f +1 first return messages, writes the node numbers corresponding to the first return messages generating the first multiple signature into a first number set, and writes the multiple signature and the first number set into the preparation message. Wherein the first number set is used to inform the slave nodes in a subsequent step which slave nodes use their corresponding public keys to decrypt the multiple signatures.
In particular embodiments, the master node may use the EC-Schnorr algorithm to form the multiple first multiple signatures, or may use other algorithms known in the art to form the first multiple signatures. In addition, in order to simplify the data amount of the first number set, the first number set may be a data set in a Bitmap form.
After generating the prepare message, the master node broadcasts the prepare message to the slave nodes in the network so that the slave nodes can learn that most of the slave nodes agree on the pre-prepare message sent by the master node, and then generates a second return message.
S303: and generating a consensus message according to the received 2f + b second return messages, and broadcasting the consensus message.
The second return message is executed by the slave node in case of completing the following two decisions: (1) Determining whether the master node is a rogue node (i.e., determining that the master node has not tampered with the prepare message data); (2) The decision is made that most of the slave nodes agree upon the pre-prepared message sent by the master node.
The slave node judges whether the master node is a malicious node or not by judging whether the number of the pre-preparation verification information obtained according to the preparation message is 2f + a or not; if the number of the pre-prepared verification information is 2f + a, determining that the main node is a non-malicious node; if the number of the pre-prepared authentication information is less than 2f + a, the master node is determined to be a malicious node, and the slave node can trigger the master node to switch.
In specific applications, for the method of generating the preparation message by the master node in S302, there are the following two methods for generating the pre-preparation verification information by the slave node according to the preparation message.
c. For the method a, the slave nodes directly adopt the public keys of the slave nodes forming the first return messages to verify whether the first return messages in the prepared messages are tampered; and under the condition that the first return message is not tampered, taking the pre-preparation verification information in the corresponding first return message as pre-preparation verification information.
d. And aiming at the method b, the slave node selects the public key corresponding to each slave node according to the slave node number in the first number set to verify the multiple signature. Obtaining 2f +1 pieces of pre-preparation verification information as pre-preparation verification information under the condition that the second multiple signature passes verification; in the case where the second most slave signature cannot be verified, the pre-prepared verification information cannot be obtained.
The slave node determines whether most of the slave nodes agree upon the prepare message sent by the master node in the event that the completing master node is not a rogue node. At this time, the slave node determines whether the number of pieces of pre-preparation authentication information identical to the pre-preparation check information stored by itself exceeds f. If so, a second return message may be generated; if not, the network is determined to be unable to achieve consensus if the number of rogue nodes in the network exceeds f.
The slave node generates a second return message including [ prepare check information, signature ]. Wherein the preparation check information is generated according to the preparation message; the preparation check information generated by the non-malicious slave node is the same.
After receiving second return messages sent by 2f + b different slave nodes, the master node generates a consensus message according to the 2f + b second return messages; wherein b is more than or equal to 1 and less than or equal to f.
In a specific implementation, the two methods for the master node to generate the consensus message according to the second return message include two methods.
e. The master node directly integrates the 2f +1 second return messages into a data table to generate a consensus message; at this time, if the master node falsifies the consensus message, the master node falsifies the content originally identical to the second return message, which is stored in the consensus message.
f. And the master node generates a second multiple signature according to the signatures in the 2f +1 second return messages, writes the node number corresponding to the second return message generating the second multiple signature into a second number set, and writes the second multiple signature and the second number set into the consensus message. Wherein the second number set is used to inform the slave nodes in a subsequent step which slave nodes correspond to public keys with which to verify the second multiple signature.
In particular embodiments, the master node may use the EC-Schnorr algorithm to form the plurality of second multiple signatures, or may use other algorithms known in the art to form the second multiple signatures. In addition, to simplify the data amount of the second number set, the second number set may be a data set in the form of a Bitmap.
It should be noted that the master node, after generating the consensus message, adds a signature to the consensus message and broadcasts it to the slave nodes.
And after receiving the consensus information, the slave node generates preparation verification information according to the consensus information, and judges whether to execute the service request in the request information according to the quantity and the content of the preparation verification information.
The slave node performing the service request is performed with the following two decisions being completed: (1) Determining again that the master node is not a rogue node (i.e., determining that the master node has not tampered with the prepare message data); (2) learn that most slave nodes are known: most slave nodes agree on a pre-prepared message sent by the master node.
The slave node judges whether the master node is a malignant node again by judging whether the number of the preparation verification information obtained according to the consensus information is 2f + b; if the number of the information to be verified is 2f + b, determining that the main node is a non-malicious node; if the number of ready-to-verify messages is less than 2f + b, the master node is determined to be a malicious node.
For two methods of generating the consensus message by the master node, the following two methods are available for the slave node to generate the preparation verification information according to the formula message.
g. For the method e, the slave node directly adopts the public key of each slave node forming the second return message to verify whether each second return message in the prepared message is tampered; and under the condition that the second return message is not tampered, taking the preparation verification information in the corresponding second return message as the pre-preparation verification information.
h. And aiming at the method b, the slave nodes select the public key corresponding to each slave node according to the slave node number in the second number set to verify the second multiple signature. Obtaining 2f +1 pieces of preparation verification information as preparation verification information under the condition that the second multiple signature passes verification; however, in the case where the second most slave signature cannot be verified, the preparation verification information cannot be obtained.
The method for the slave node to judge that most slave nodes know that most slave nodes accept the pre-preparation message sent by the master node is to determine whether the number of the preparation verification messages which are the same as the preparation verification messages stored by the slave node exceeds f.
As can be seen from the foregoing analysis, in this embodiment of the present specification, steps S301 to S303 are performed by the master node to determine that the network node agrees to cooperate with the slave node, and may execute the service request in the request message. In the above step, during the interaction between the master node and the slave nodes, when receiving the corresponding messages (pre-preparation message, preparation message) broadcast by the master node, each slave node only returns the corresponding response message (first return message, second return message) to the master node, instead of each slave node broadcasting its own generated message as in the PBFT algorithm, so that it can be determined that the communication complexity of the foregoing method is of the order of O (N).
That is, the method provided by the embodiments of the present specification achieves power series reduction of communication complexity compared to the BPFT algorithm. In practical application, the distributed network increases the number of nodes in a large amount in real time, and the communication complexity of the whole network is only linearly increased; thus, with a large number of nodes, communication of the distributed network is still achievable.
In addition to providing the foregoing data processing method, the present specification also provides a data processing system for executing the method in the first embodiment, a slave node for executing the method in the second embodiment, and a master node for executing the method in the third embodiment, respectively.
Example four
Fig. 6 is a schematic structural diagram of a data processing apparatus according to a fourth embodiment. As shown in fig. 6, the data processing apparatus in the fourth embodiment includes a preliminary preparation authentication information generation unit 11, a first judgment unit 12, a first execution unit 13, a preparation authentication information generation unit 14, a second judgment unit 15, and a second execution unit 16. The data processing apparatus in this embodiment is applied to the slave node.
The pre-preparation authentication information generation unit 11 is configured to acquire pre-preparation authentication information from the preparation message; wherein, the preparation message is generated by the master node according to the first return message sent by 2f + a different slave nodes; the first return message comprises corresponding pre-preparation check information generated by the slave node according to the pre-preparation message and a first signature;
Figure GDA0003874494770000241
n is the number of nodes of the distributed network, and a is more than or equal to 1 and less than or equal to f;
a first judging unit 12 is configured to judge whether the number of pieces of pre-preparation verification information is 2f + a and whether the number of pieces of pre-preparation verification information that is the same as the pre-preparation verification information stored by itself is greater than f;
the first execution unit 13 is configured to generate a second return message and send the second return message to the master node when the number of pre-preparation authentication information is 2f + a and the number of pre-preparation authentication information that is the same as the pre-preparation verification information stored in the slave node itself is greater than f; the second return message comprises preparation verification information generated according to the preparation message and a second signature; b is more than or equal to 1 and less than or equal to f;
the preparation authentication information generation unit 14 is configured to generate preparation authentication information from the consensus message; wherein, the consensus message is generated by the master node according to 2f + b second return messages;
the second judging unit 15 is configured to judge whether the number of pieces of preparation verification information is 2f + b and whether the number of pieces of preparation verification information that is the same as the preparation verification information stored by itself is greater than f;
the second execution unit 16 is configured to execute the service request acquired from the client if the number of pieces of preparation verification information is 2f + b and the number of pieces of preparation verification information that is the same as the preparation verification information stored by itself is greater than f.
The slave node provided by the embodiment of the specification: after receiving the pre-preparation message sent by the main node, not broadcasting a first return message generated according to the pre-preparation message; after receiving the preparation message sent by the master node, the first return message and the second return message are only returned to the master node without broadcasting the second return message generated according to the preparation message. Therefore, the communication complexity of the entire network is of the order of O (N).
In practical application, the distributed network increases the number of nodes in a large amount in real time, and the communication complexity of the whole network is only linearly increased; thus, with a large number of nodes, communication of the distributed network is still achievable.
In the foregoing slave node, acquiring the pre-preparation authentication information according to the preparation message includes: and selecting a public key corresponding to the node number to decrypt the first multiple signature according to the node number in the first number set, and generating the pre-preparation verification information. Preparing a message comprising a first multiple signature and a first set of numbers; the first multiple signature is generated by the master node according to the first return message sent by 2f + a different slave nodes; the first number set is generated by the master node according to the numbers of the 2f + a slave nodes which send the first return message;
in the foregoing slave node, obtaining the preparation verification information according to the preparation message includes: and selecting the public key corresponding to the node number to decrypt the second multiple signature according to the node number in the second number set, and generating the pre-preparation verification information. The consensus message comprises a second multiple signature and a second number set; the second multiple signature is generated by the master node according to second return messages sent by 2f + b different slave nodes; the second number set is generated by the master node according to the numbers of 2f + b slave nodes sending the second return message.
In the foregoing slave node, the first execution unit 13 is configured to initiate master node switching in a case that the number of pieces of pre-preparation authentication information is less than 2f + a; the second execution unit 16 is configured to initiate master node switching if the number of preparation authentication information is less than 2f + b.
EXAMPLE five
Fig. 7 is a schematic structural diagram of a data processing apparatus according to a fifth embodiment. As shown in fig. 7, the master node in the fifth embodiment includes a first generating unit 21 and a second generating unit 22. The data processing apparatus provided in this embodiment is applied to a master node of a distributed system.
The first generating unit 21 is configured to generate a preparation message according to the received 2f + a first return messages, and broadcast the preparation message to the slave nodes, so that the slave nodes generate second return messages; wherein the first return message comprises pre-preparation check information generated from the node according to the pre-preparation message and a first signature;
Figure GDA0003874494770000251
n is the number of nodes of the distributed network, and a is more than or equal to 1 and less than or equal to f;
the second generating unit 22 is configured to generate a consensus message according to the received 2f + b second return messages, and broadcast the consensus message to the slave nodes, so that the slave nodes generate preparation verification information; wherein 1 ≦ b ≦ f, the second return message includes the corresponding preparation check information generated from the node from the preparation message, and the second signature.
In the foregoing master node, a preparation message is generated according to the received 2f + a first return messages, which includes: generating a first multiple signature according to the received 2f + a first return messages by adopting a multiple signature algorithm, and generating a first number set according to the numbers of 2f + a slave nodes sending the first return messages; the prepare message includes a first multisignature and a first number set.
In the foregoing master node, generating a consensus message according to the received 2f + b second return messages, including: generating a second multiple signature according to the received 2f + b second return messages by adopting a multiple signature algorithm, and generating a second numbering set according to the numbers of 2f + b slave nodes sending the second return messages; the consensus message comprises a second multiple signature and a second number set.
The aforementioned multiple signature algorithm is the EC-SchNorr algorithm; the first number set and/or the second number set may be a Bitmap data set.
With the master node provided by the embodiment, the preparation message can be generated according to the first return message generated by 2f + a slave nodes, and the preparation message is rebroadcast to the slave nodes, so that the slave nodes do not need to broadcast the first return message; similarly, the master node may generate the consensus message according to the second return messages generated by 2f + b slave nodes, and broadcast the consensus message to the slave nodes, so that the slave nodes do not need to broadcast the second return messages, and thus the communication complexity of the entire network is in the order of O (N).
In addition to providing the foregoing data processing method, the present specification also provides a data processing system for executing the method in the first embodiment, a slave node for executing the method in the second embodiment, and a master node for executing the method in the third embodiment, respectively.
EXAMPLE six
An embodiment provides a data processing apparatus including a master node and a slave node. Wherein:
the master node generates a preparation message according to the received 2f + a first return messages and broadcasts the preparation message to the slave nodes; wherein the first return message comprises pre-preparation check information generated from the node according to the pre-preparation message and a first signature;
Figure GDA0003874494770000261
n is the number of nodes of the distributed network, and a is more than or equal to 1 and less than or equal to f;
the slave node acquires pre-preparation verification information according to the preparation message;
under the condition that the slave node judges that the number of the pre-preparation verification information is 2f + a and the number of the pre-preparation verification information which is the same as the pre-preparation verification information stored by the slave node is larger than f, generating a second return message and sending the second return message to the master node; the second return message comprises preparation verification information generated according to the preparation message and a second signature;
the master node generates a consensus message according to the received 2f + b second return messages and broadcasts the consensus message to the slave nodes; wherein b is more than or equal to 1 and less than or equal to f;
the slave node generates preparation verification information according to the consensus information;
the slave node executes the service request acquired from the client under the condition that the number of the preparation verification information is judged to be 2f + b and the number of the preparation verification information which is the same as the preparation verification information stored by the slave node is larger than f.
When the data processing system works, after the master node broadcasts the pre-preparation message to the slave nodes, the slave nodes return a first return message generated according to the pre-preparation message to the master node; similarly, after the master node broadcasts the preparation message to the slave nodes, the slave nodes return second return messages generated according to the preparation message to the master node. The data is only transmitted or broadcast in one way in combination with other parts, so the network communication complexity of the whole system is in the order of O (N).
In the foregoing system, the master node generates a preparation message according to the received 2f + a first return messages, which may include: generating a first multiple signature according to the received 2f + a first return messages by adopting a multiple signature algorithm, and generating a first number set according to the numbers of 2f + a slave nodes sending the first return messages; the prepare message includes a first multiple signature and a first set of numbers.
Correspondingly, the slave node acquires the pre-preparation verification information according to the preparation message, and the method comprises the following steps: and selecting the public key corresponding to the node number to decrypt the first multiple signature according to the node number in the first number set, and generating the pre-preparation verification information.
Similarly, the master node generates a consensus message according to the received 2f + b second return messages, including: generating a second multiple signature according to the received 2f + b second return messages by adopting a multiple signature algorithm, and generating a second number set according to the numbers of 2f + b slave nodes sending the second return messages; the consensus message comprises a second multiple signature and a second number set;
correspondingly, the slave node generates the preparation verification information according to the consensus information, and the preparation verification information comprises the following steps: and selecting the public key corresponding to the node number to decrypt the second multiple signature according to the node number in the second number set, and generating the verification preparation information.
In the method, the multiple signature algorithm is an EC-Schnorr algorithm; and the first number set and the second number set are Bitmap data sets.
In the foregoing system, the slave node initiates master node switching in a case where it is determined that the number of pieces of preparation authentication information is less than 2f + b and in a case where it is determined that the number of pieces of preparation information is less than 2f + a.
EXAMPLE seven
Fig. 8 is a schematic structural diagram of an electronic device provided in the seventh embodiment. As shown in fig. 8, the electronic device may include a central processor 31 and a memory 32; the central processor 31 is coupled to a memory 32.
In practice, the memory 32 may be a solid state memory such as a Read Only Memory (ROM), a Random Access Memory (RAM), a SIM card, or the like. There may also be a memory that holds information even when power is off, can be selectively erased, and is provided with more data, an example of which is sometimes called an EPROM or the like. The memory may also be other memory known in the art of computer devices.
In a write application, the central processing unit may load a program stored in a memory or other device connected to the electronic device to implement the functions of the slave node, and execute the following data processing method.
S401: and acquiring the pre-preparation verification information according to the preparation message.
The preparation message is generated by the master node according to a first return message sent by 2f + a different slave nodes; the first return message comprises pre-preparation check information generated by the corresponding slave node according to the pre-preparation message and a first signature;
Figure GDA0003874494770000281
n is the number of nodes of the distributed network, and a is more than or equal to 1 and less than or equal to f.
S402: judging whether the number of the pre-preparation verification information is 2f + a or not and whether the number of the pre-preparation verification information which is the same as the pre-preparation verification information stored in the pre-preparation verification information is larger than f or not; if yes, go to step S403.
S403: generating a second return message and sending the second return message to the main node; the second return message comprises preparation verification information generated according to the preparation message and a second signature; b is more than or equal to 1 and less than or equal to f.
S404: and generating the preparation verification information according to the consensus information.
The consensus message is generated by the master node according to 2f + b second return messages;
s405: judging whether the number of the prepared verification information is 2f + b or not and whether the number of the prepared verification information which is the same as the prepared verification information stored by the user is larger than f or not; if yes, go to step S406.
S406: and executing the service request acquired from the client.
As can be seen from steps S401 to S406, when the electronic device provided in the embodiment of the present application is used as a slave node, and receives corresponding messages (pre-preparation message, preparation message) broadcast by the master node, the electronic device only returns corresponding response messages (first return message, second return message) to the master node, so that the communication complexity of the entire network is in the order of O (N).
In other applications, the central storage in the electronic device may also be loaded with programs to implement the functions of the master node and perform the data processing methods described below.
S501: and generating a preparation message according to the received 2f + a first return messages, and broadcasting the preparation message to the slave nodes so that the slave nodes generate second return messages.
Wherein the first return message comprises pre-preparation check information generated from a node according to a pre-preparation message, and a first signature;
Figure GDA0003874494770000291
n is the number of nodes of the distributed network, and a is more than or equal to 1 and less than or equal to f.
S502: and generating a consensus message according to the received 2f + b second return messages, and broadcasting the consensus message to the slave nodes so that the slave nodes generate the preparation verification information.
Wherein 1 ≦ b ≦ f, the second return message includes preparation check information generated from the preparation message corresponding to the slave node, and a second signature.
Combining steps S501 and S502, it can be known that, when the electronic device is used as a master node to execute the foregoing method, the electronic device may integrate the first return message or the second return message generated by each slave node, generate the corresponding preparation message and consensus message, and then broadcast the corresponding preparation message and consensus message to the slave nodes, which may avoid that the slave nodes broadcast the first return message and the second return message generated by the slave nodes to other slave nodes after receiving the message sent by the master node, and then make the communication complexity of the entire network an order of O (N).
Referring to fig. 8, the electronic device provided in this embodiment, in addition to the central processing unit 31 and the memory 32, further includes a communication module 33 for implementing communication with other electronic devices, and a power supply module 34 for supplying power; further, the electronic apparatus may further include an output section 35, an input section 36.
It should be noted that in other embodiments, the electronic device may also be provided with a dedicated processing chip independent of the central processing unit for executing the method described in steps S401-S408 or the method described in steps S501-S502 when the corresponding program is loaded.
In addition, the present specification also provides a storage medium, and after being loaded by an electronic device, a program code stored in the storage medium can cause the electronic device to execute the method of the foregoing steps S401 to S406 or the method of the foregoing steps S501 to S502. Similar to the above description, the storage medium provided in the present specification can make the communication complexity of the entire network on the order of O (N).
The above description is only a preferred embodiment of the present description and is illustrative of the principles of the technology employed. It will be appreciated by a person skilled in the art that the scope of the invention as referred to in the present description is not limited to the specific combination of features described above, but also covers other embodiments where any combination of the features described above or their equivalents is made without departing from the inventive concept described above. For example, the above features and the technical features disclosed in the present specification but not limited to having similar functions are mutually replaced to form the technical solution.

Claims (20)

1. A data processing method applied to a slave node in a distributed network, the method comprising:
acquiring pre-preparation verification information according to the preparation message; the preparation message is generated by the master node according to a first return message sent by 2f + a different slave nodes; the first return message comprises pre-preparation check information generated by the corresponding slave node according to the pre-preparation message and a first signature;
Figure FDA0003899339910000011
n is the number of nodes of the distributed network, and a is more than or equal to 1 and less than or equal to f;
judging whether the number of the pre-preparation verification information is 2f + a or not and whether the number of the pre-preparation verification information which is the same as the pre-preparation verification information stored in the pre-preparation verification information is larger than f or not; if so, generating a second return message and sending the second return message to the main node; the second return message comprises preparation verification information generated according to the preparation message and a second signature; b is more than or equal to 1 and less than or equal to f;
generating preparation verification information according to the consensus information; wherein, the consensus message is generated by the master node according to 2f + b second return messages;
judging whether the number of the prepared verification information is 2f + b or not and whether the number of the prepared verification information which is the same as the prepared verification information stored by the user is larger than f or not; if yes, executing a service request acquired from the client;
the prepare message includes a first multisignature and a first number set; the first multiple signature is generated by the master node according to a first return message sent by 2f + a different slave nodes; the first number set is generated by the master node according to the numbers of the 2f + a slave nodes sending the first return message;
the acquiring the pre-preparation verification information according to the preparation message includes:
selecting a public key corresponding to the node number to decrypt the first multiple signature according to the node number in the first number set, and generating pre-preparation verification information;
the consensus message comprises a second multiple signature and a second number set; the second multiple signature is generated by the master node according to a second return message sent by 2f + b different slave nodes; the second number set is generated by the master node according to the numbers of 2f + b slave nodes which send the second return message;
the obtaining of the preparation verification information according to the preparation message includes:
and selecting a public key corresponding to the node number to decrypt the second multiple signature according to the node number in the second number set, and generating pre-preparation verification information.
2. The method of claim 1, further comprising:
and if the number of the information to be verified is less than 2f + b, initiating the master node switching.
3. The method of claim 2, further comprising:
and if the number of the prearranged verification information is judged to be less than 2f + a, initiating the main node switching.
4. A data processing method is applied to a main node of a distributed network, and is characterized by comprising the following steps:
generating a preparation message according to the received 2f + a first return messages, and broadcasting the preparation message to the slave nodes so that the slave nodes generate second return messages; wherein the first return message comprises pre-preparation check information generated from a node according to a pre-preparation message, and a first signature;
Figure FDA0003899339910000021
n is the number of nodes of the distributed network, and a is more than or equal to 1 and less than or equal to f;
generating a consensus message according to the received 2f + b second return messages, and broadcasting the consensus message to the slave nodes so that the slave nodes generate preparation verification information; b is more than or equal to 1 and less than or equal to f, and the second return message comprises preparation check information generated correspondingly from the nodes according to the preparation message and a second signature;
generating a preparation message according to the received 2f + a first return message, including:
generating a first multiple signature according to the received 2f + a first return messages by adopting a multiple signature algorithm, and generating a first number set according to the numbers of 2f + a slave nodes sending the first return messages; the prepare message includes the first multiple signature and the first number set;
generating a consensus message according to the received 2f + b second return messages, comprising:
generating a second multiple signature according to the received 2f + b second return messages by adopting a multiple signature algorithm, and generating a second number set according to the numbers of 2f + b slave nodes sending the second return messages; the consensus message comprises the second multiple signature and the second number set.
5. The method of claim 4,
the multiple signature algorithm is an EC-Schnorr algorithm; and/or the presence of a gas in the gas,
the first number set and/or the second number set are/is a Bitmap data set.
6. A data processing method is applied to a distributed network, and the distributed network comprises a main node and a slave node; characterized in that the method comprises:
the master node generates a preparation message according to the received 2f + a first return messages and broadcasts the preparation message to the slave nodes; wherein the first return message comprises pre-preparation check information generated by the corresponding slave node according to the pre-preparation message, and a first signature;
Figure FDA0003899339910000031
n is the number of nodes of the distributed network, and a is more than or equal to 1 and less than or equal to f;
the slave node acquires pre-preparation verification information according to the preparation message;
judging whether the number of the pre-preparation verification information is 2f + a or not and whether the number of the pre-preparation verification information which is the same as the pre-preparation verification information stored by the slave node is larger than f or not; if so, generating a second return message and sending the second return message to the main node; the second return message comprises preparation verification information generated according to the preparation message and a second signature;
the master node generates a consensus message according to the received 2f + b second return messages and broadcasts the consensus message to the slave nodes; wherein b is more than or equal to 1 and less than or equal to f;
the slave node generates preparation verification information according to the consensus information;
judging whether the number of the prepared verification information is 2f + b or not and whether the number of the prepared verification information which is the same as the prepared verification information stored by the slave node is larger than f or not; if yes, executing a service request acquired from the client;
the master node generates a preparation message according to the received 2f + a first return message, including: generating a first multiple signature according to the received 2f + a first return messages by adopting a multiple signature algorithm, and generating a first numbering set according to the numbering of 2f + a slave nodes sending the first return messages; the prepare message includes the first multiple signature and the first number set;
the slave node acquires the pre-preparation authentication information according to the preparation message, and the method comprises the following steps: selecting a public key corresponding to the node number to decrypt the first multiple signature according to the node number in the first number set, and generating pre-preparation verification information; and/or the presence of a gas in the atmosphere,
the master node generates a consensus message according to the received 2f + b second return messages, including: generating a second multiple signature according to the received 2f + b second return messages by adopting a multiple signature algorithm, and generating a second numbering set according to the numbers of 2f + b slave nodes sending the second return messages; the consensus message comprises the second multiple signature and the second number set;
the slave node generates the preparation verification information according to the consensus information, and the preparation verification information comprises the following steps: and selecting a public key corresponding to the node number to decrypt the second multiple signature according to the node number in the second number set, and generating the verification preparation information.
7. The method of claim 6, wherein:
the multiple signature algorithm is an EC-Schnorr algorithm; and/or the presence of a gas in the gas,
the first number set and/or the second number set are/is a Bitmap data set.
8. The method according to any one of claims 6 or 7, further comprising:
and if the slave node judges that the number of the information to be verified is less than 2f + b, initiating the master node switching.
9. The method of claim 8, further comprising:
and if the number of the prearranged verification information is judged to be less than 2f + a, initiating the main node switching.
10. A data processing apparatus for use in a distributed network, the apparatus comprising:
a pre-preparation authentication information generation unit for acquiring pre-preparation authentication information according to the preparation message; the preparation message is generated by the master node according to a first return message sent by 2f + a different slave nodes; the first return message comprises corresponding pre-preparation check information generated by the slave node according to the pre-preparation message and a first signature;
Figure FDA0003899339910000041
n is the number of nodes of the distributed network, and a is more than or equal to 1 and less than or equal to f;
a first judgment unit, configured to judge whether the number of pieces of pre-preparation authentication information is 2f + a, and whether the number of pieces of pre-preparation authentication information that is the same as the pre-preparation authentication information stored in the first judgment unit is greater than f;
a first execution unit, configured to generate a second return message and send the second return message to the master node when the number of pre-preparation authentication information is 2f + a and the number of pre-preparation authentication information that is the same as the pre-preparation authentication information stored in the slave node itself is greater than f; the second return message comprises preparation verification information generated according to the preparation message and a second signature; b is more than or equal to 1 and less than or equal to f;
a preparation authentication information generation unit for generating preparation authentication information based on the consensus message; wherein the consensus message is generated by the master node according to 2f + b second return messages;
a second judging unit, configured to judge whether the number of pieces of preparation verification information is 2f + b and whether the number of pieces of preparation verification information that is the same as the preparation verification information stored by itself is greater than f;
a second execution unit, configured to execute the service request acquired from the client if the number of pieces of preparation verification information is 2f + b and the number of pieces of preparation verification information that is the same as the preparation verification information stored in the second execution unit is greater than f;
the prepare message includes a first multiple signature and a first number set; the first multiple signature is generated by the master node according to a first return message sent by 2f + a different slave nodes; the first number set is generated by the master node according to the numbers of 2f + a slave nodes which send the first return message;
the acquiring the pre-preparation authentication information according to the preparation message includes:
selecting a public key corresponding to the node number to decrypt the first multiple signature according to the node number in the first number set, and generating pre-preparation verification information;
the consensus message comprises a second multiple signature and a second number set; the second multiple signature is generated by the master node according to a second return message sent by 2f + b different slave nodes; the second number set is generated by the master node according to the numbers of 2f + b slave nodes which send the second return message;
the obtaining of the preparation verification information according to the preparation message includes:
and selecting a public key corresponding to the node number to decrypt the second multiple signature according to the node number in the second number set, and generating pre-preparation verification information.
11. The apparatus of claim 10, wherein:
the first execution unit is used for initiating main node switching under the condition that the number of the pre-prepared authentication information is less than 2f + a.
12. The apparatus of claim 11, wherein:
the second execution unit is used for initiating the master node switching under the condition that the number of the ready-to-verify information is less than 2f + b.
13. A data processing apparatus for use in a distributed network, the apparatus comprising:
a first generating unit, configured to generate a preparation message according to the received 2f + a first return messages, and broadcast the preparation message to the slave node, so that the slave node generates a second return message; wherein the first return message comprises pre-preparation check information generated from a node according to a pre-preparation message, and a first signature;
Figure FDA0003899339910000051
n is the number of nodes of the distributed network, and a is more than or equal to 1 and less than or equal to f;
a second generating unit, configured to generate a consensus message according to the received 2f + b second return messages, and broadcast the consensus message to the slave node, so that the slave node generates preparation verification information; b is more than or equal to 1 and less than or equal to f, and the second return message comprises preparation check information generated correspondingly from the nodes according to the preparation message and a second signature;
generating a preparation message according to the received 2f + a first return message, including:
generating a first multiple signature according to the received 2f + a first return messages by adopting a multiple signature algorithm, and generating a first number set according to the numbers of 2f + a slave nodes sending the first return messages; the prepare message includes the first multiple signature and the first number set;
generating a consensus message according to the received 2f + b second return messages, comprising:
generating a second multiple signature according to the received 2f + b second return messages by adopting a multiple signature algorithm, and generating a second numbering set according to the numbers of 2f + b slave nodes sending the second return messages; the consensus message includes the second multiple signature and the second number set.
14. The apparatus of claim 13,
the multiple signature algorithm is an EC-Schnorr algorithm; and/or the presence of a gas in the gas,
the first number set and/or the second number set are/is a Bitmap data set.
15. A data processing apparatus applied to a distributed network, the data processing apparatus comprising a master node and a slave node, characterized in that:
the master node generates a preparation message according to the received 2f + a first return messages and broadcasts the preparation message to the slave nodes; wherein the first return message comprises pre-preparation check information generated by the corresponding slave node according to the pre-preparation message, and a first signature;
Figure FDA0003899339910000061
n is the number of nodes of the distributed network, and a is more than or equal to 1 and less than or equal to f;
the slave node acquires pre-preparation verification information according to the preparation message;
under the condition that the slave node judges that the number of the pre-preparation verification information is 2f + a and the number of the pre-preparation verification information which is the same as the pre-preparation verification information stored by the slave node is larger than f, generating a second return message and sending the second return message to the master node; the second return message comprises preparation verification information generated according to the preparation message and a second signature;
the master node generates a consensus message according to the received 2f + b second return messages and broadcasts the consensus message to the slave nodes; wherein b is more than or equal to 1 and less than or equal to f;
the slave node generates preparation verification information according to the consensus information;
under the condition that the slave node judges that the number of the ready-to-verify information is 2f + b and the number of the ready-to-verify information which is the same as the self-stored ready-to-verify information is larger than f, executing a service request acquired from a client;
the master node generates a preparation message according to the received 2f + a first return messages, including: generating a first multiple signature according to the received 2f + a first return messages by adopting a multiple signature algorithm, and generating a first numbering set according to the numbering of 2f + a slave nodes sending the first return messages; the prepare message includes the first multiple signature and the first number set;
the slave node acquires the pre-preparation verification information according to the preparation message, and the method comprises the following steps: selecting a public key corresponding to the node number to decrypt the first multiple signature according to the node number in the first number set, and generating pre-preparation verification information; and/or the presence of a gas in the gas,
the master node generates a consensus message according to the received 2f + b second return messages, including: generating a second multiple signature according to the received 2f + b second return messages by adopting a multiple signature algorithm, and generating a second number set according to the numbers of 2f + b slave nodes sending the second return messages; the consensus message comprises the second multiple signature and the second number set;
the slave node generates preparation verification information according to the consensus information, and the preparation verification information comprises the following steps: and selecting a public key corresponding to the node number to decrypt the second multiple signature according to the node number in the second number set, and generating the verification preparation information.
16. The apparatus of claim 15,
the multiple signature algorithm is an EC-Schnorr algorithm; and/or the presence of a gas in the gas,
the first number set and/or the second number set are/is a Bitmap data set.
17. The apparatus according to any one of claims 15 or 16, comprising:
and the slave node initiates the master node switching under the condition that the number of the information ready for verification is judged to be less than 2f + b.
18. The apparatus of claim 17, comprising:
and the slave node initiates the master node switching under the condition that the number of the pre-preparation authentication information is judged to be less than 2f + a.
19. A computer-readable storage medium, characterized in that it stores a plurality of instructions adapted to be loaded by a processor and to perform the data processing method according to any one of claims 1 to 5.
20. An electronic device, characterized in that: comprises a memory and a processor;
the memory stores a plurality of instructions; the instructions are adapted to be loaded by the processor and to perform the data processing method of any of claims 1-5.
CN201910789386.1A 2019-08-26 2019-08-26 Data processing method and apparatus for block chain, medium, and electronic device Active CN110460536B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910789386.1A CN110460536B (en) 2019-08-26 2019-08-26 Data processing method and apparatus for block chain, medium, and electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910789386.1A CN110460536B (en) 2019-08-26 2019-08-26 Data processing method and apparatus for block chain, medium, and electronic device

Publications (2)

Publication Number Publication Date
CN110460536A CN110460536A (en) 2019-11-15
CN110460536B true CN110460536B (en) 2022-11-29

Family

ID=68489032

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910789386.1A Active CN110460536B (en) 2019-08-26 2019-08-26 Data processing method and apparatus for block chain, medium, and electronic device

Country Status (1)

Country Link
CN (1) CN110460536B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111404928B (en) * 2020-03-13 2021-07-06 电子科技大学 Block chain link point consensus method suitable for real-time transaction scene
CN113301002B (en) * 2020-04-24 2023-05-09 阿里巴巴集团控股有限公司 Information processing method, device, electronic equipment and storage medium
CN111901293B (en) * 2020-06-08 2021-08-27 北京邮电大学 Resource malicious competition avoiding method for alliance chain

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106789095A (en) * 2017-03-30 2017-05-31 腾讯科技(深圳)有限公司 Distributed system and message treatment method
CN107038578A (en) * 2017-04-19 2017-08-11 浙江数秦科技有限公司 Multi-signature exchange information processing method in data trade platform based on block chain
CN107819749A (en) * 2017-10-26 2018-03-20 平安科技(深圳)有限公司 Block catenary system and transaction data processing method based on ether mill
CN108848056A (en) * 2018-05-03 2018-11-20 南京理工大学 Block chain common recognition method based on verifying
CN110012100A (en) * 2019-04-09 2019-07-12 杭州秘猿科技有限公司 A kind of the block chain common recognition method, apparatus and electronic equipment of bandwidth optimization

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180308091A1 (en) * 2017-04-21 2018-10-25 Vmware, Inc. Fairness preserving byzantine agreements

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106789095A (en) * 2017-03-30 2017-05-31 腾讯科技(深圳)有限公司 Distributed system and message treatment method
CN107038578A (en) * 2017-04-19 2017-08-11 浙江数秦科技有限公司 Multi-signature exchange information processing method in data trade platform based on block chain
CN107819749A (en) * 2017-10-26 2018-03-20 平安科技(深圳)有限公司 Block catenary system and transaction data processing method based on ether mill
CN108848056A (en) * 2018-05-03 2018-11-20 南京理工大学 Block chain common recognition method based on verifying
CN110012100A (en) * 2019-04-09 2019-07-12 杭州秘猿科技有限公司 A kind of the block chain common recognition method, apparatus and electronic equipment of bandwidth optimization

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"基于聚合签名的共识算法优化方案";苑超 等;《计算机科学》;20180228;第45卷(第2期);全文 *

Also Published As

Publication number Publication date
CN110460536A (en) 2019-11-15

Similar Documents

Publication Publication Date Title
CN109936457B (en) Block chain multi-party witness method, device, equipment and computer readable storage medium
CN107566124B (en) Hash operation-based consensus establishing method, block chain system and storage medium
CN110460536B (en) Data processing method and apparatus for block chain, medium, and electronic device
CN110958118B (en) Certificate authentication management method, device, equipment and computer readable storage medium
CN111625593B (en) Block chain-based data processing method and device and computer equipment
CN111949953A (en) Identity authentication method, system and device based on block chain and computer equipment
CN112600678B (en) Data processing method, device, equipment and storage medium
EP1389376B1 (en) Methods and apparatus for efficient computation of one-way chains in cryptographic applications
CN108769230B (en) Transaction data storage method, device, server and storage medium
CN109688186B (en) Data interaction method, device, equipment and readable storage medium
CN113301114B (en) Block chain consensus node selection method and device, computer equipment and storage medium
CN110602455B (en) Video storage system, video processing method, device, equipment and storage medium
CN109660545B (en) Alliance chain consensus method and computer storage medium
CN111614548A (en) Message pushing method and device, computer equipment and storage medium
US20200169416A1 (en) Consensus protocol for permissioned ledgers
CN110928880A (en) Data processing method, device, terminal and medium based on block chain
CN111211911A (en) Collaborative signature method, device, equipment and system
CN114390068A (en) Block chain consensus method and computer-readable storage medium
CN112398949A (en) Transaction confirmation method, system, device and computer equipment
CN111401904A (en) Consensus method and system in alliance chain
CN110191467A (en) A kind of method for authenticating of internet of things equipment, unit and storage medium
CN110213230B (en) network security verification method and device for distributed communication
CN113259326B (en) Consensus optimization method and device based on alliance chain network and computer equipment
US11240661B2 (en) Secure simultaneous authentication of equals anti-clogging mechanism
CN109274674B (en) Block chain heterogeneous consensus method with high security and terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant