CN110597911B

CN110597911B - Certificate processing method and device for block chain network, electronic equipment and storage medium

Info

Publication number: CN110597911B
Application number: CN201910866712.4A
Authority: CN
Inventors: 吴小龙; 刘长辉
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2019-09-12
Filing date: 2019-09-12
Publication date: 2021-08-17
Anticipated expiration: 2039-09-12
Also published as: CN113609222A; CN110597911A

Abstract

The invention provides a certificate processing method and device for a block chain network, electronic equipment and a storage medium; the method comprises the following steps: the method comprises the steps that a node of a block chain network carries out consensus on blocks, when the consensus passes, a digital certificate is extracted from the transaction of the blocks, and the digital certificate is stored in a database of the node; receiving a transaction submitted by a client, and replacing the digital certificate in the submitted transaction with the hash value of the correspondingly extracted digital certificate when the digital certificate in the submitted transaction is inquired from the database; constructing the transaction subjected to the replacement processing into a new block; when the new block is identified through the node of the blockchain network, the hash value is extracted from the transaction of the new block, the digital certificate corresponding to the hash value is inquired from the database of the node, and the transaction in the new block is verified by using the inquired digital certificate. The invention can effectively reduce the volume of transaction, thereby improving the throughput of the block chain network.

Description

Certificate processing method and device for block chain network, electronic equipment and storage medium

Technical Field

The present invention relates to a blockchain technology, and in particular, to a certificate processing method and apparatus for a blockchain network, an electronic device, and a storage medium.

Background

Blockchain networks have been developed from the first designed to perform encrypted digital currency transactions to background services that support the versatility of various applications, and are increasingly commonly used in different industries due to the intelligent contracts deployed in blockchain networks, the ability to uplink store data submitted by applications, the ability to perform business logic-related processing and query services, and the realization of data tamper-resistant and traceability features.

However, the block chain network provided by the related art has the problem of overlarge block size, which seriously affects the scalability of the system; on one hand, the volume of the transaction in the block is too large, so that the propagation of the block and the transaction between system nodes is slowed down, and the throughput of the whole block chain network is limited; on the other hand, the memory space occupied by storing all historical blocks and transactions in the blockchain network is also increased rapidly with the passage of time.

The prior art does not provide a general blockchain volume reduction scheme, which is only suitable for a blockchain network of digital currency using scripts to implement asset transfers. Not applicable to blockchain networks using intelligent contracts, e.g., not applicable to federation chains using certificates as blockchain digital identities.

Disclosure of Invention

Embodiments of the present invention provide a certificate processing method and apparatus for a blockchain network, an electronic device, and a storage medium, which can effectively reduce a volume of a transaction, thereby improving throughput of the blockchain network.

The technical scheme of the embodiment of the invention is realized as follows:

the embodiment of the invention provides a certificate processing method of a block chain network, which comprises the following steps:

a node of a block chain network performs consensus on a block, extracts a digital certificate from the transaction of the block when the consensus passes, and stores the digital certificate in a database of the node;

receiving a transaction submitted by a client through a node of the blockchain network, and replacing a digital certificate in the submitted transaction with a corresponding hash value when the digital certificate in the submitted transaction is inquired from the database;

constructing the replaced transaction as a new block by a node in the blockchain network;

when the new tile is consensus by a node of the blockchain network, extracting a hash value from the transaction of the new tile, querying a database of the node for a digital certificate corresponding to the hash value, and

and verifying the transaction in the new block by using the inquired digital certificate.

An embodiment of the present invention provides a certificate processing apparatus for a blockchain network, including:

a certificate extraction module to:

a transaction tailoring module to:

receiving a transaction submitted by a client through a node of the blockchain network, and replacing a digital certificate in the submitted transaction with a hash value of the correspondingly extracted digital certificate when the digital certificate in the submitted transaction is inquired from the database;

In the foregoing solution, the certificate extraction module is further configured to:

performing, by a node in the blockchain network, the following verification operations for each transaction in the block:

verifying a client digital signature in the transaction by a client digital certificate in the transaction;

verifying a node digital signature in the transaction by a node digital certificate of the transaction;

verifying that the transaction in the block complies with an endorsement policy.

before the block is identified by the node of the block chain network, receiving a transaction proposal submitted by the client through the node of the block chain network;

verifying the transaction proposal based on an endorsement policy, and returning a proposal response to the client when the verification is passed;

wherein the proposal response comprises: the transaction result, the digital certificate of the node passing the endorsement policy verification and the digital signature of the node passing the endorsement policy verification on the transaction result are used for leading the transaction result, the endorsement policy verification and the digital signature of the node passing the endorsement policy verification to be different

And when the client receives the transaction proposal, constructing the transaction proposal and the proposal response into a transaction, and submitting the constructed transaction to a node in the block chain network.

and sequencing the replaced transactions constructed and submitted by the client according to the receiving sequence through the nodes in the block chain network to construct blocks, and broadcasting the constructed blocks to the block chain network so as to enable the nodes receiving the constructed blocks to be in consensus.

extracting, from each transaction in the block when consensus passes, a digital certificate of a client submitting the transaction and a digital certificate of a node endorsed for the transaction;

storing key-value pairs of the extracted digital certificate in a database of the node; and the key in the key value pair is the hash value of the extracted digital certificate, and the value in the key value pair is binary data of the extracted digital certificate.

In the foregoing solution, the transaction cutting module is further configured to:

receiving, by a node in the blockchain network, a transaction proposal submitted by the client prior to consensus on the new block by the node in the blockchain network,

when a node receiving the transaction proposal inquires a digital certificate of the node in a local database and verifies that the transaction proposal passes based on an endorsement strategy, determining the node as the transaction endorsement and returning a proposal response to the client;

wherein the proposal response comprises: a transaction result, a hash value of a digital certificate of a node that is the transaction endorsement, a digital signature for the transaction result for the node that is the transaction endorsement, such that

And when the client receives the transaction proposal, constructing the transaction proposal and the proposal response into a transaction, and submitting the encapsulated transaction to a node in the block chain network.

and sequencing the transactions packaged and submitted by the client according to the receiving sequence through the nodes in the block chain network to construct new blocks, and broadcasting the constructed new blocks to the block chain network so as to enable the nodes receiving the constructed new blocks to be in consensus.

extracting, from each transaction in the new tile, a hash value of a digital certificate of a client submitting the transaction and a hash value of a digital certificate of a node endorsed by the node;

and inquiring the digital certificate of the client submitting the transaction and the digital certificate of the node endorsed for the transaction from the database of the node through the extracted hash value.

verifying the digital certificate of the node endorsed for the transaction by the root certificate of the node;

when the verification is passed, extracting a public key of the node which is the transaction endorsement from the digital certificate of the node which is the transaction endorsement, and verifying the node digital signature in the transaction through the extracted public key;

and when the verification is passed, extracting the public key of the node which is the transaction endorsement from the digital certificate of the node which is the transaction endorsement, and verifying the node digital signature in the transaction through the extracted public key.

In the foregoing solution, the transaction cutting module is configured to:

verifying that the transaction format in the block is correct when a node in the blockchain network performs a verification operation on each transaction in the block;

verifying that the node endorsement for the transaction joins a channel indicated in the transaction to receive the transaction;

verifying that the transaction complies with an endorsement policy.

storing key-value pairs of digital certificates with query frequency higher than a frequency threshold in a cache of the node;

inquiring a digital certificate corresponding to the hash value from a cache of the node;

and when the hash value is not found, inquiring the digital certificate corresponding to the hash value from the database of the node.

determining a frequency with which digital certificates of transactions of the nodes in respective channels joined in the blockchain network are used;

storing the digital certificate of which the use frequency in each channel is higher than the frequency threshold value into a local cache of the node.

An embodiment of the present invention provides an electronic device for operating a node in a block chain network, including:

a memory for storing executable instructions;

and the processor is used for realizing the certificate processing method of the block chain network provided by the embodiment of the invention when the executable instruction stored in the memory is executed.

An embodiment of the present invention provides a storage medium, which stores executable instructions for causing a processor to execute the storage medium, so as to implement the certificate processing method for a block chain network provided in the embodiment of the present invention.

The embodiment of the invention has the following beneficial effects:

the digital certificate in the transaction is collected and stored in the database in a mode of replacing the digital certificate with the hash value in the consensus process, the transaction is verified in a mode of extracting the corresponding digital certificate from the database by using the hash value, the multiplexing of the digital certificate in the database is realized, and the digital certificate is not required to be stored in the transaction; meanwhile, the transactions of various block chain networks are based on the digital certificates as the certificates, so the method can be widely applied to various block chain networks.

Drawings

Fig. 1 is a schematic diagram of an exemplary application system 100 of a blockchain network 200 provided by an embodiment of the present invention;

fig. 2 is a schematic diagram of an application architecture 100 of a blockchain network 200 according to an embodiment of the present invention;

fig. 3 is a schematic diagram of a transaction processing flow of a blockchain network according to an embodiment of the present invention;

fig. 4 is a schematic diagram of a logical functional architecture of a blockchain network 200 according to an embodiment of the present invention;

fig. 5 is a schematic structural diagram of an electronic device running a consensus node in a blockchain network 200 according to an embodiment of the present invention;

fig. 6A is a flowchart illustrating a certificate processing method of a blockchain network according to an embodiment of the present invention;

fig. 6B is a flowchart illustrating a certificate processing method of a blockchain network according to an embodiment of the present invention;

FIG. 7 is a block-chain transaction flow diagram illustrating a process for extracting a digital certificate of a transaction according to an embodiment of the present invention;

fig. 8 is a schematic flow chart illustrating transaction trimming performed in a transaction process of a blockchain network according to an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail with reference to the accompanying drawings, the described embodiments should not be construed as limiting the present invention, and all other embodiments obtained by a person of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

In the following description, reference is made to "some embodiments" which describe a subset of all possible embodiments, but it is understood that "some embodiments" may be the same subset or different subsets of all possible embodiments, and may be combined with each other without conflict.

Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used herein is for the purpose of describing embodiments of the invention only and is not intended to be limiting of the invention.

Before further detailed description of the embodiments of the present invention, terms and expressions mentioned in the embodiments of the present invention are explained, and the terms and expressions mentioned in the embodiments of the present invention are applied to the following explanations.

1) A transaction Proposal (promusal) is a request for executing a smart contract invocation (hereinafter simply referred to as executing a transaction) included in a transaction, including an identification of a channel that receives the transaction, an identification of a smart contract that needs to be invoked in the channel, and parameter information that needs to be passed to the invoked smart contract.

2) A Transaction, also referred to as a Transaction request, is equivalent to the computer term Transaction (Transaction), which includes the operations that need to be committed to the blockchain network for execution, and the corresponding Transaction results. Rather than simply referring to transactions in the business context, embodiments of the present invention follow this convention in view of the convention colloquially employed in blockchain technology for the term "transaction".

For example, the transactions may include a Deploy (Deploy) transaction for deploying smart contracts into nodes of the blockchain network and ready to be invoked and a call (Invoke) transaction; the Invoke (Invoke) transaction is used to perform a query operation (i.e., a read operation) or an update operation (i.e., a write operation, including additions, deletions, and modifications) on the state database in the ledger.

3) A Block chain (Blockchain) is a storage structure for encrypted, chained transactions formed from blocks (blocks). The header of each block can comprise the hash values of all transactions in the block and also comprises the hash values of all transactions in the previous block, so that the falsification and forgery prevention of the transactions in the block are realized on the basis of the hash values; newly generated transactions, after being filled into the tiles and passing through the consensus of nodes in the blockchain network, are appended to the end of the blockchain to form a chain growth.

4) A Blockchain Network (Blockchain Network) incorporates new blocks into a set of nodes of a Blockchain in a consensus manner.

5) Ledger (legger) is a general term for a block chain (also called Ledger data) and a state database synchronized with the block chain. Wherein, the blockchain records the transaction in the form of a file in a file system; the state database records the transactions in the blockchain in the form of different types of Key (Key) Value pairs for supporting fast query of the transactions in the blockchain.

6) Intelligent Contracts (Smart Contracts), also known as chain codes (chaincodes) or application codes, carry transaction-related business logic, deployed in nodes of a blockchain network, running in an isolated execution environment (e.g., container or virtual machine).

7) Consensus (Consensus), a process in a blockchain network, is used to agree on a transaction in a block between the nodes involved, the agreed block to be appended to the end of the blockchain. Mechanisms to achieve consensus include Proof of workload (PoW, Proof of Work), Proof of rights and interests (PoS, Proof of stamp), Proof of equity authority (DPoS, relieved Proof of stamp), Proof of Elapsed Time (PoET, Proof of Elapsed Time), and the like.

8) Members (members), also called business entities, represent a specific entity identity (e.g., companies, enterprises, social groups, etc.), have their own root certificates in a blockchain network, and a node in a blockchain belongs to a Member, which may have multiple nodes in the same channel.

9) Organization (Organization), a domain formed by some members (a subset of all members in an access blockchain network) to implement a particular service (without all members participating), the members within the Organization having the same root certificate.

10) A Channel (Channel), which is a logical structure and is composed of various nodes in physical existence, and provides a private isolation environment for the nodes of the members in the organization in the block chain network; the intelligent contracts and the accounts in the channels are only visible to nodes of members joining (also called subscribing) the channels, the same node can join a plurality of channels, and one account is maintained corresponding to each channel.

Referring to fig. 1, fig. 1 is a schematic diagram of an exemplary application system 100 of a blockchain network 200 provided by an embodiment of the present invention, which includes a blockchain network 200 (including multiple nodes), a client 510/410, and a Certificate Authority (CA) 300.

Nodes in the blockchain network 200 have one or more functions, where the ledger function (i.e., maintaining ledgers) and the consensus function (i.e., making consensus) are the default functions for the nodes; the nodes can also have a sorting function for ensuring consistency in sorting transactions among the nodes, an endorsement function for endorsement verification of transaction proposals submitted by clients, and a certificate database for storing digital certificates collected by the nodes from the blocks during the consensus phase. In some embodiments, the certificate database may be replaced by a default account book database, so as to reduce the complexity of the node functional architecture and improve the database operation efficiency of the node.

The type of blockchain network 200 is flexible and may be, for example, any of a public chain, a private chain, or a federation chain. Taking a public link as an example, a client running in a terminal or a server of any service agent can access the blockchain network 200 without authorization to become a special node, called a client node; taking a federation chain as an example, after a service agent is authorized to become a member of the blockchain network 200, a corresponding client may access the blockchain network 200 to become a client node, and for convenience of description, the client node is also referred to as a client for short hereinafter.

By way of example, the client may be an application of various uses related to the business of the business entity, such as a social networking client, a logistics client; the client may be an application program of various platforms, such as mobile APP (android APP and iOS APP), desktop software (Widow system software and MAC system software), and the like.

It is noted that there is no limit to the number of client nodes belonging to the same service entity, and one client 510 used by the service entity 500 is shown in fig. 1 and can access the blockchain network 200 to become a client node, and similarly, one client 410 used by the service entity 400 can access the blockchain network 200 to become a client node.

The client node is a special node different from the native node in the blockchain network 200, and the function of the native node in the blockchain network 200 may be omitted by default, so that the development difficulty of the client is reduced and the lightweight of the client is realized. The delivery of events between clients and blockchain network 200 is supported, for example, by clients that can listen/subscribe to events related to intelligent contract invocations in the operation of blockchain network 200, such as events that generate new blocks, thereby triggering related business logic of local or external systems when a particular event occurs in blockchain network 200.

In some embodiments, the operation of the client for the ledger in the blockchain network 200 mainly includes two types of ledger query and ledger update. For ledger query, a client initiates a transaction proposal to the blockchain network 200, transaction data in the transaction proposal (intelligent contract call related to query operation), the intelligent contract call included in the transaction proposal is executed by a node of the blockchain network 200 to query the ledger, and the queried data is carried as a transaction result in a proposal response to be returned to the client.

For ledger update, a client node initiates a transaction proposal to the blockchain network 200, wherein the transaction proposal comprises intelligent contract calls (i.e. transaction data) related to update operation, the node of the blockchain network 200 simulates and executes (i.e. the ledger cannot be changed) the transaction data (i.e. the intelligent contract calls related to the update operation) included in the transaction proposal by the node of the blockchain network 200, the obtained key value pair simulated and executed is taken as a transaction result and is returned to the client, the client node further constructs the transaction proposal and the proposal response into a transaction and submits the transaction proposal and the transaction to the blockchain network 200, and the node of the blockchain network 200 records the transaction into the ledger.

The certificate authority 300 outside the blockchain network 200 is configured to return a registration password for login in response to a registration request from a client 410/510 (hereinafter, simply referred to as a client) so as to obtain a digital certificate for announcing identity information of a member to which the client belongs. As an alternative to the Certificate Authority (CA) 300, a CA node may be provided in the blockchain network 200 to implement the function of the Certificate Authority (CA) 300.

In some embodiments, the accounting nodes in the blockchain network 200 may be divided into different types according to functions implemented in addition to the ledger function and the consensus function, as an example of the division of the blockchain network 200 into different types shown in fig. 1, see fig. 2, fig. 2 is a schematic diagram of the application architecture 100 of the blockchain network 200 provided by the embodiment of the present invention, except for a client node (client 410/510), the nodes in the blockchain network 200 have the consensus function and the ledger function by default, wherein the nodes having only the functions of validating transactions and accounting are called accounting nodes (commit) or consensus nodes, and include some special types of accounting nodes: an endorsement node (Endorser) with an endorsement function, a sorting node (Orde rer) with a sorting function, and a master node (Leader Peer) representing the accounting node in the channel and the sorting node channel.

The above nodes in the blockchain network 200 may join channels of different organizations, and each organization (organization 1 and organization 2) includes a plurality of accounting nodes belonging to members of the organization in the channel, as shown in fig. 2, which shows organization 1 and organization 2 performing different services, and the nodes belonging to members of the organization 1/2 in the blockchain network 200 may correspondingly join the channel of the organization 1/2, and the nodes in each channel receive transactions related to the services submitted by the clients of the organization and send the transactions to the ledger, which is isolated for the nodes outside the channel.

In some embodiments, a Software Development Kit (SDK) is built in the client to implement management and control of the blockchain network 200, so that native code of the client may only concern about implementing service-related logic, omit internal operation details of the blockchain network 200, and reduce development difficulty of the client.

By way of example, the SDK provides clients with a series of Application Programming Interfaces (APIs) that Interface with Remote Procedure Call (RPC) based connections between nodes of the blockchain network 200 for the clients to manage and use the functions of the blockchain network 200, including: identity management, ledger management, transaction management, smart contracts, transaction management, membership management, consensus services, smart contract services, security and cryptographic services, event handling, and the like, which will be described in detail below.

As an example of transaction management, a transaction management function implemented by a client through an SDK includes two stages of submitting a transaction proposal and submitting a transaction, and referring to fig. 3 below, fig. 3 is a schematic diagram of a transaction processing flow of a blockchain network provided in an embodiment of the present invention, and the functions of the above different types of nodes are described with reference to the processing procedures of the two stages of transaction proposal and submitting a transaction shown in fig. 3.

The client initiates a transaction proposal to an endorsement node in one or more channels in the blockchain network 200, the transaction proposal including a transaction number, a timestamp (time the transaction proposal was initiated), and transaction data. Wherein the transaction data includes: the identification (such as a serial number or a name) of a channel on which the transaction is executed (i.e., the channel on which the invoked intelligent contract in the transaction is located), and the intelligent contract invocation (including the identification (such as the name or the serial number) of the intelligent contract that needs to be invoked, the version of the intelligent contract, and the parameter information that needs to be passed to the intelligent contract) that need to be executed in the channel. The intelligent contract and the parameter are related to the operation that the client needs to execute, for example, the intelligent contract can be used for adding, deleting, inquiring or modifying the operation, and the parameter information can be data of the adding, deleting, inquiring or modifying operation.

The transaction proposal also carries a client digital certificate which is issued to the client by the authentication center and a digital signature which is signed by the client aiming at the transaction data in the transaction proposal, wherein the client digital certificate comprises: the authentication center signs the identity information of the client and the public key of the client by using a private key of the authentication center (corresponding to the public key in a root certificate which is requested by the client and the node from the authentication center in advance). The client digital certificate is used for declaring the identity information of the member to which the client belongs, and the client digital signature is used for proving that the transaction data in the transaction proposal is not tampered.

After receiving the transaction proposal, the endorsement node performs endorsement verification according to an endorsement policy, including: whether the digital certificate carried by the transaction proposal is issued by a trusted certificate authority; whether the digital signature of the transaction proposal is valid; whether the format of the transaction proposal is correct; whether the transaction proposal is repeatedly submitted; and whether the client is authorized to have write permission in the channel for requesting to execute the intelligent contract call. And if the judgment result is yes, the endorsement verification is successful.

In some embodiments, when the endorsement node verifies that the transaction proposal is successful, the endorsement node simulates execution of transaction data based on a state database of a locally maintained ledger, i.e., executes a smart contract call included in the transaction proposal to obtain a transaction result. The endorsement node uses its own private key to sign the transaction result (i.e. endorsement), and the digital signature of the endorsement node is combined with the digital certificate of the endorsement node (including the public key of the endorsement node and the digital signature signed by the certification center using the private key of the certification center to the public key and the identity information of the endorsement node) and other related information to form a Proposal Response (promusal Response), and then the Proposal Response is returned to the client.

As an example, when the transaction proposal includes an intelligent contract call for a query operation, the transaction result is a Read Set (Read Set) containing key-value pairs Read from the ledger database during the simulation execution; when the transaction proposal includes an intelligent contract call for a query operation, the transaction results in a Write Set (Write Set) that also contains a list of unique keys, as well as key-value pairs that are written to the ledger database during the execution of the simulation.

As an example, the other related information described above may include: a success code (indicating that the verification transaction proposal was successful), a timestamp (the time the proposal response was generated), an identification of the channel that received the transaction (e.g., a serial number or name), and a hash value of the transaction proposal (for one-to-one binding with the transaction proposal to avoid tampering with the transaction by the client at the stage of submitting the transaction).

In some embodiments, when the endorsement node fails to verify the transaction proposal, a proposal response carrying a failure code (indicating the type of error that failed to verify the transaction proposal) is returned to the client.

When the client receives the proposal response, the validity of the proposal response is confirmed by verifying the digital certificate and the digital signature carried by the transaction proposal. When the client collects a sufficient number (a preset number) of proposal responses of the endorsement nodes and the transaction results in the proposal responses are consistent, a transaction is constructed according to the transaction proposal and the proposal responses.

As an example, the transaction includes: a timestamp (time the transaction was constructed), an identification of the channel on which the transaction was received, an identification of the smart contract that needs to be invoked in the channel (e.g., a name or serial number), a version of the smart contract and parameters passed to the smart contract, etc., and the transaction results (e.g., read/write sets), as well as a digital signature of the endorsement node for the transaction results.

It should be noted that if the intelligent contract call in the transaction proposal submitted by the client is only used for inquiring the ledger (and not for updating the ledger), the client will not construct the transaction, and only the transaction result in the proposal response is used as the ledger inquiry result to complete the relevant business logic.

After the client constructs the transaction, the transaction is broadcasted to the sequencing node in the block chain network 200, for the received transaction, the sequencing node reads the identifier of the channel to which the transaction belongs from the transaction, constructs the block of the corresponding channel corresponding to the transaction received by each channel according to the sequence of the received transaction, and sends the block to the main node in the corresponding channel.

Taking fig. 2 as an example, when the sorting node receives a transaction, it determines whether a channel that needs to receive the transaction is a channel of the organization 1 or a channel of the organization 2 according to an identifier of the channel in the transaction, constructs a block corresponding to the channel of the organization 1 and a block corresponding to the channel of the organization 2 according to a sequence of receiving the transaction corresponding to each channel, and correspondingly sends the blocks to the master node in the channel of the organization 1/the organization 2.

The main node is a node for representing the communication between other accounting nodes in the channel and the sequencing node, and is used for acquiring the latest block from the sequencing node and synchronizing the latest block in the channel; the master node may be forced or generated by dynamic election.

And the accounting nodes in the channel respectively carry out consensus verification on each transaction in the received block, add the verification to the tail part of the block chain maintained by each accounting node after the verification is passed, and update the account book database by using the transaction result of the transaction in the block.

In some embodiments, the consensus verification of the transaction in the block by the accounting node comprises: whether the transaction format is correct or not and whether legal signatures exist (including the digital signature of the client and the digital signature of the endorsement node) or not are judged, namely whether the transaction content is tampered or not is verified; whether the accounting node joins a channel for receiving the transaction indicated in the transaction; whether the transaction complies with the endorsement policy. The endorsement strategy is a rule for endorsement of transactions by endorsement nodes, and specifies an organization from which an endorsement required by a transaction before submission comes, the type of nodes in the corresponding organization and the number of effective endorsements. And when the judgment results are all yes, the consensus verification is passed.

An exemplary logical function architecture of the blockchain network provided in the embodiment of the present invention is described below, referring to fig. 4, fig. 4 is a schematic diagram of a logical function architecture of the blockchain network 200 provided in the embodiment of the present invention, which is described below separately.

The upper layer of the block chain network 200 is connected with a client, a standard RPC interface is provided in the client 410/510, and an SDK is packaged on the basis of an API, so that developers can develop various service logics based on the block chain in the SDK; the event mechanism of the client enables the client to execute a predefined callback function when receiving various events of the blockchain network 200, for example, when receiving an event of creating a new block or an event of executing an intelligent contract, so as to shorten the execution time for achieving consensus among the nodes as much as possible.

In some embodiments, from the perspective of the top level of interfacing clients with blockchain network 200, the functionality of blockchain network 200 includes the functionality of identity management, ledger management, transaction management, and smart contracts, described separately below.

(1) Identity management

After a user of a client registers and logs in an authentication center, the client acquires a digital certificate (EC ert) of a member, all other operations need to be signed by a private key associated with the digital certificate, a message receiving party and the member hold the same root certificate from the authentication center, and the message receiving party firstly carries out signature and verification of the digital certificate and then carries out subsequent message processing. The node also uses a digital certificate issued by the certificate authority, for example, when a member of the access area block chain network starts a system of the subordinate node and manages the subordinate node, the identity management function authenticates and authorizes the identity information of the member.

(2) Account book management

The members authorized to access the blockchain network 200 may query the ledger by various means, including querying the block according to the block number, querying the block according to the block hash, querying the block according to the transaction number, querying the transaction according to the transaction number, and obtaining the queried blockchain according to the channel name.

(3) Transaction management

The account book can only be updated by submitting a transaction, the client submits a transaction proposal through a transaction management function of the block chain network 200, and submits the transaction to the sequencing node after acquiring the endorsement of the transaction, and then the sequencing node is constructed into a block.

(4) Intelligent contract

The method realizes a Programmable Ledger (Programmable Ledger), executes transaction through intelligent contract calling, and realizes intelligent contract business logic based on a block chain. Only the intelligent contract can update the ledger.

In some embodiments, from the perspective of the blockchain network 200 interfacing with the underlying layers, the functions of the blockchain network 200 include membership management, consensus services, chain code services, security and cryptographic services, as described separately below.

(1) Member management

And authenticating the identity information of the member by using a Public Key Infrastructure (PKI) through a Root of Trust Certificate (Root of Trust Certificate) system, and verifying the digital signature of the member. And combining an authentication center or a third-party authentication center in the blockchain network to provide the registration function of the member and manage the digital certificate of the member, such as addition and revocation of the certificate. Illustratively, digital certificates are classified into a registration certificate (ECert), a transaction certificate (TCert), and a TLS certificate (TLS Cert), which are used for user identity, transaction signature, and secure Transport Layer protocol (TLS) transmission, respectively.

(2) Consensus service

The consensus mechanism is completed by 3 phases: the client submits a proposal to the endorsement node to obtain the endorsement, submits the transaction to the sequencing node for sequencing to generate a block after obtaining the endorsement, and broadcasts the block to the accounting node to verify the local account book written into the accounting node after the transaction in the block.

(3) Chain code service

The realization of the intelligent contract depends on a safe execution environment, and the safe execution process and the isolation of user data are ensured.

(4) Security and cryptographic services

And the basic functions of key generation, Hash operation, signature verification, encryption, decryption and the like are realized.

An exemplary structure of an electronic device running a node of a blockchain network according to an embodiment of the present invention is described below, referring to fig. 5, where fig. 5 is a schematic structural diagram of an electronic device running a node of a blockchain network 200 according to an embodiment of the present invention, where the electronic device may be a terminal (e.g., a PC), a server, or a cluster of servers, and provides a virtualized node running environment, and an electronic device 600 shown in fig. 5 includes: at least one processor 610, memory 650, and at least one network interface 620. Various components in the electronic device are coupled together by a bus system 640. It is understood that bus system 640 is used to enable communications among the components.

The Processor 610 may be an integrated circuit chip having Signal processing capabilities, such as a general purpose Processor, a Digital Signal Processor (DSP), or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like, wherein the general purpose Processor may be a microprocessor or any conventional Processor, or the like.

The memory 650 may be removable, non-removable, or a combination thereof. Exemplary hardware devices include solid state memory, hard disk drives, optical disk drives, and the like. Memory 650 optionally includes one or more storage devices physically located remote from processor 610.

The memory 650 includes volatile memory or nonvolatile memory, and may include both volatile and nonvolatile memory. The nonvolatile memory may be a Read Only Memory (ROM), and the volatile memory may be a Random Access Memory (RAM). The depicted memory 650 of embodiments of the invention is intended to comprise any suitable type of memory.

In some embodiments, memory 650 can store data to support various operations, examples of which include programs, modules, and data structures, or subsets or supersets thereof, as exemplified below.

An operating system 651 including system programs for handling various basic system services and performing hardware-related tasks, such as a framework layer, a core library layer, a driver layer, etc., for implementing various basic services and for handling hardware-based tasks;

a network communication module 652 for reaching other computing devices via one or more (wired or wireless) network interfaces 420, exemplary network interfaces 420 including: bluetooth, wireless compatibility authentication (WiFi), and Universal Serial Bus (USB), etc.;

in some embodiments, the certificate processing apparatus 655 of the blockchain network provided by the embodiments of the present invention may be implemented in software, and fig. 5 shows the certificate processing apparatus 655 stored in the memory 650, which may be software in the form of programs and plug-ins, and includes the following software modules: a certificate extraction module 4551 and a transaction tailoring module 4552, which are logical and thus may be arbitrarily combined or further split depending on the functionality implemented. The functions of the respective modules will be explained below.

The exemplary application and implementation of the blockchain network provided by the embodiment of the present invention will be described in detail with reference to the method for processing a certificate of a blockchain network provided by the embodiment of the present invention, which includes a certificate collection stage and a transaction clipping stage, where a blockchain processes multiple transactions in each stage, for example, the blockchain network receives multiple transactions submitted by different clients/the same client in the certificate collection stage, so as to collect a certificate from the transactions to a certificate database; in a transaction cutting stage, submitting a plurality of transactions to the same/different clients, and cutting according to a certificate database so as to reduce the transaction volume; in the following, the example of processing one transaction each in the certificate collection phase and the transaction cutting phase is taken as an example, but should not be taken as a limitation on the number of transactions processed in each phase.

In addition, the following description focuses on the scheme of certificate collection in the certificate collection stage and the scheme related to transaction clipping in the transaction clipping stage, and for other processing links of the blockchain network for transactions, the other processing links can be understood according to the above transaction processing procedures (including two stages of submitting a transaction proposal and submitting a transaction) of the blockchain network, and the description is not repeated.

Referring to fig. 6A, fig. 6A is a schematic flowchart of a certificate processing method of a blockchain network according to an embodiment of the present invention, and the following description is made with reference to the steps shown in fig. 6A.

In step 101, a node through a network of block chains agrees on a block,

in some embodiments, the consensus for a block by a node of a blockchain network comprises: performing the following verification operations by nodes in the blockchain network for each transaction in the block: verifying the client digital signature in the transaction through the client digital certificate in the transaction; verifying the node digital signature in the transaction through the node digital certificate of the transaction; and verifying that the transaction conforms to the endorsement policy.

In some embodiments, referring to fig. 6B, fig. 6B is a flowchart illustrating a certificate processing method of a blockchain network according to an embodiment of the present invention, before a node in the blockchain network performs consensus on a block, a transaction proposal submitted by a client may be received by the node in the blockchain network in step 108; in step 109, the transaction proposal is (endorsed) verified based on the endorsement policy, and when the verification is passed, a proposal response is returned to the client; wherein the proposal response comprises: the transaction result, the digital certificate of the node passing the endorsement policy verification, and the digital signature of the node passing the endorsement policy verification for the transaction result, so that when the client receives the transaction proposal, in step 110, the transaction proposal and the proposal response are constructed as a transaction, and the constructed transaction is submitted to the node in the blockchain network.

In step 102, a digital certificate is extracted from the transaction of the block when the consensus passes and stored in a database of the node.

In some embodiments, extracting the digital certificate from the transaction of the block when the consensus passes, storing the digital certificate in a database of the node, comprises: extracting from each transaction in the block, when the consensus passes, a digital certificate of the client submitting the transaction and a digital certificate of the node endorseing the transaction; storing the key-value pairs of the extracted digital certificates in a database of the node, such as a dedicated certificate database, or a state database used by the node for storing the state of the ledger; wherein, the key in the key value pair is the hash value of the extracted digital certificate, and the value in the key value pair is the binary data of the extracted digital certificate.

Note that the steps described above are the certificate collection nodes of the blockchain network collecting digital certificates from transactions to the database of nodes, and the steps described below are the process of the blockchain network clipping (i.e., reducing the volume) subsequently received transactions based on the certificate database.

In step 103, a transaction submitted by a client is received by a node of the blockchain network.

In some embodiments, as shown in fig. 6B, before receiving the transaction submitted by the client through the node in the blockchain network, the transaction proposal submitted by the client may also be received through the node in the blockchain network in step 111, and when the node receiving the transaction proposal queries its own digital certificate in a local database and verifies that the transaction proposal passes based on the endorsement policy, the transaction is determined to be endorsed and a proposal response is returned to the client in step 112.

Wherein the proposal response comprises: the transaction result, the hash value of the digital certificate of the node being the transaction endorsement, the digital signature for the transaction result by the node being the transaction endorsement, such that when the proposal response is received by the client, the transaction proposal and the proposal response are structured as a transaction in step 113, to submit the encapsulated transaction to the nodes in the blockchain network in step 103.

In step 104, when the digital certificate in the submitted transaction is queried from the database, the digital certificate in the submitted transaction is replaced with the corresponding hash value.

For example, each transaction of the block includes a client digital certificate and a node digital certificate, by querying the database for the corresponding hash value and replacing the digital certificate in the transaction.

In step 105, the replacement processed transaction is constructed as a new tile by a node in the blockchain network.

In some embodiments, after the transactions encapsulated and submitted by the clients are sorted according to the receiving sequence by the nodes in the blockchain network to construct new blocks, as shown in fig. 6B, in step 114, the constructed new blocks are broadcasted in the blockchain network, so that the nodes receiving the constructed new blocks can perform consensus.

In step 106, when the new block is identified by the node of the blockchain network, the hash value is extracted from the transaction of the new block, and the digital certificate corresponding to the hash value is queried from the database of the node.

In some embodiments, extracting the hash value from the transaction of the new block, and querying a database of the node for a digital certificate corresponding to the hash value includes: extracting, from each transaction in the new block, a hash value of the digital certificate of the client submitting the transaction and a hash value of the digital certificate of the node being endorsed by the node; and inquiring the digital certificate of the client submitting the transaction and the digital certificate of the node endorsed for the transaction from the database of the node through the extracted hash value.

In some embodiments, as shown in fig. 6B, key-value pairs of digital certificates with usage frequency higher than the frequency threshold may also be stored in the cache of the node in step 115; for example, determining the frequency with which digital certificates of transactions of nodes in respective channels joined in a blockchain network are used; and storing the digital certificate of which the use frequency is higher than the frequency threshold value in each channel into a cache local to the node. Correspondingly, before querying the digital certificate corresponding to the hash value from the database of the node, the digital certificate corresponding to the hash value may also be queried from the cache of the node when the new block is identified in step 116; and when the digital certificate is not found, inquiring the digital certificate corresponding to the hash value from the database of the node. Therefore, database access is reduced, and the processing efficiency of the digital certificate is improved.

In step 107, the transaction in the new block is verified using the queried digital certificate.

In some embodiments, the (consensus) verification of the transaction in the new block using the queried digital certificate comprises: performing the following verification operations by nodes in the blockchain network for each transaction in the block: verifying the digital certificate of the node as the transaction endorsement through the root certificate of the node; when the verification passes, extracting a public key of the node which is the transaction endorsement from the digital certificate of the node which is the transaction endorsement, and verifying the node digital signature in the transaction through the extracted public key; verifying the digital certificate of the node as the transaction endorsement through the root certificate of the node; and when the verification is passed, extracting the public key of the node which is the transaction endorsement from the digital certificate of the node which is the transaction endorsement, and verifying the digital signature of the node in the transaction through the extracted public key. In addition, when the node in the block chain network carries out verification operation on each transaction in the block, the transaction format in the block can be verified to be correct; the node verified as the transaction endorsement joins a channel indicated in the transaction for receiving the transaction; and verifying that the transaction conforms to the endorsement policy.

When the node passes the new block consensus, the block is added to the tail of the recorded block chain, and the transaction result (read-write set) of the transaction in the block is used for updating the account book database by using the transaction result of each transaction in the block.

The embodiment of the invention reduces the block chain network of the block chain volume by multiplexing the certificate in the transaction in the block chain, and simultaneously increases the number of effective transactions which can be stored in a single block, thereby improving the throughput of the block chain network. It should be noted that the solution provided by the embodiment of the present invention is applicable to any blockchain network that uses a certificate for authentication.

The basic flow of the technical scheme provided by the embodiment of the invention is as follows: 1) when the transaction is submitted to the blockchain network, after the consensus is achieved by the nodes in the blockchain network, the digital certificates in the transaction of the blocks are uniformly extracted and stored in a local certificate database (for example, a state database) of the nodes; 2) for subsequent received transactions within the blockchain network, the node queries a local certificate database and, if a digital certificate in the transaction is found to already exist, replaces the corresponding certificate in the transaction with the hash value of the digital certificate. Because the volume of the certificate far exceeds the transaction data per se, for example, the X509 certificate is generally more than 800 bytes, while the volume of a common transaction is generally within 100 bytes, the volume of the transaction propagated in the blockchain network is greatly reduced after the digital certificate in the transaction is replaced; and because the digital certificate record of the local certificate database of the node in the blockchain network is generated in the consensus phase, consistency can be ensured, when the node in the blockchain network verifies the transaction in the consensus phase, the corresponding digital certificate in the certificate database can be inquired according to the hash value extracted from the transaction, and then the transaction is verified through the digital certificate, so that the security of the transaction can be ensured. In order to improve the performance, the common digital certificate can be cached by using the internal memory of the node so as to realize the rapid speed of the digital certificate, thereby improving the processing efficiency of the transaction in the consensus phase.

The certificate handling scheme provided by embodiments of the present invention is described below in conjunction with a particular blockchain network.

Referring to fig. 7, fig. 7 is a schematic diagram illustrating a process of extracting a digital certificate of a transaction in a blockchain transaction process according to an embodiment of the present invention, which is described in conjunction with fig. 7.

Fig. 7 shows 3 organizations (organization 0, organization 1, and organization 2) joining a blockchain network, each organization's member having multiple peer nodes (i.e., accounting nodes, only 1 peer node being exemplarily shown for each organization in fig. 7) in the blockchain network. The certificate extraction process is illustrated by the example of a client initiating a transaction to the channel of organization 0, and is similar for the processes to organizations 1 and 2.

The client initiates a transaction proposal to a peer node (also called endorsement node) with endorsement function of organization 0 in the blockchain network, wherein the transaction proposal comprises a transaction number (denoted as txid), a digital certificate (denoted as clientCert) of the client, transaction data and a digital signature of the client for the transaction data (denoted as data). The transaction proposal also includes a timestamp of the generation of the transaction proposal.

And each peer0 node with the endorsement function in the organization 0 verifies the transaction proposal according to the endorsement policy, and after the verification is passed, a digital certificate (denoted as peer Cer t) of the peer0 node and a digital signature of a transaction result obtained by simulating execution of transaction data are added in the transaction proposal and sent to the client as proposal response. The proposed response also includes a timestamp of the generation of the proposed response.

After the client collects a sufficient number of signed proposal responses returned by the peer node with the endorsement function in the organization 0, the transaction proposal and the proposal response are constructed into a transaction (denoted as tx) and sent to a sequencing node (order) in the blockchain network, wherein the transaction comprises a transaction number, a digital signature of the client on transaction data, a digital certificate of the client, a digital certificate of the peer node and a digital signature of the peer node on a transaction result.

For the transactions received from the client, the sequencing node sequences the transactions (for example, sequencing according to the time stamps of the transaction proposal or the transaction response), packages the transactions into a block (containing a plurality of transactions), and sends the block to all peer nodes in the organization 0; the peer node and the sequencing node in the organization 0 can carry out consensus on the blocks, verify the digital certificate and the digital signature in each transaction in the consensus process, add the blocks to the tail part of a local block chain after the verification is passed, and update a state database according to transaction results; meanwhile, extracting the digital certificates (including peerCert and clientCert) in all transactions in the block, and forming a key-value pair, which is a hash value (hash) of the digital certificate, where the value is the digital certificate (i.e., binary data of the digital certificate), and the key-value pair is expressed as: key hash (cert), value cert, and is stored in a local certificate database (e.g., a state database).

The above process is repeated so that the peer node and the sequencing node in the blockchain network can comprehensively collect the digital certificates of the client and other nodes. In the following, it is assumed that each node has collected enough digital certificates of clients and other nodes (including a peer node and a sort node) in its respective certificate database, and the processing of transactions subsequently submitted to the blockchain network according to the certificate database and the clipping processing of transactions during this processing are described.

Referring to fig. 8, fig. 8 is a schematic flowchart of performing transaction trimming in a transaction process of a blockchain network according to an embodiment of the present invention, which is described with reference to the steps shown in fig. 8.

The client initiates a transaction proposal to a peer node (also called endorsement node) with the endorsement function in the organization 0, wherein the transaction proposal comprises a transaction number, a certificate (marked as clientCert) of the client, transaction data and a digital signature of the client for the transaction data; also included is a timestamp of the submission of the transaction proposal.

After each peer node (namely, endorsement node) with the endorsement function in the organization 0 passes the endorsement policy transaction proposal verification, a local certificate database DB is inquired, the fact that the local peer Cert of the peer0 node exists in a key-value pair mode is found, the hash of the certificate peer Cert of the peer node and the digital signature aiming at the transaction result are added in the transaction proposal, and the transaction proposal is sent to the client as a proposal response.

After the client collects a sufficient number of transaction proposals signed by peer nodes with endorsement function, the transaction proposals and proposal responses are constructed into transactions, and the transactions comprise transaction numbers (denoted as txid), digital certificates (denoted as clientCert) of the client, transaction data and digital signatures aiming at the transaction data (denoted as data) of the client. The transaction proposal also includes a timestamp of the generation of the transaction proposal.

The client sends the constructed transaction to a sequencing node, the sequencing node preprocesses the received multiple transactions, queries a local certificate database to find that a client digital certificate in the transaction already has a corresponding key value pair, replaces the client digital certificate with a hash value of the client digital certificate in the transaction, sequences the preprocessed transaction to generate a new block (containing multiple transactions), and sends the new block to all peer nodes in the organization 0.

After receiving the new block, the peer node in the organization 0 verifies the transaction consensus in the new block, in the verification process, finds that the transaction carries the hash value of the digital certificate, queries the corresponding digital certificate from a local certificate database, and completes the verification of the transaction by using the digital certificate, after the verification is passed, adds the block to the tail of the local block chain of the peer node, and updates the state database according to the transaction result of the transaction.

The certificate processing scheme provided by the embodiment of the invention is applied to a alliance chain, for a block containing 100 transactions, the volume of the block is reduced by more than 80% under the condition that different endorsement strategies are adopted as shown in the following table 1 by experimental data pairs.

TABLE 1

Continuing with the exemplary structure of the implementation of the certificate processing apparatus 655 of the blockchain network provided by the embodiments of the present invention as a software module, in some embodiments, as shown in fig. 5, the software module in the certificate processing apparatus 655 of the blockchain network stored in the memory 650 may include a certificate extraction module 6551 and a transaction clipping module 6552, which are described separately below.

A certificate extraction module 6551 to: the method comprises the steps that a node of a block chain network carries out consensus on blocks, when the consensus passes, a digital certificate is extracted from the transaction of the blocks, and the digital certificate is stored in a database of the node;

a transaction tailoring module 6552 to: receiving a transaction submitted by a client through a node of a block chain network, and replacing a digital certificate in the submitted transaction with a hash value of the correspondingly extracted digital certificate when the digital certificate in the submitted transaction is inquired from a database; constructing the replaced transaction as a new block by a node in the block chain network; when the new block is identified through the node of the blockchain network, the hash value is extracted from the transaction of the new block, the digital certificate corresponding to the hash value is inquired from the database of the node, and the transaction in the new block is verified by using the inquired digital certificate.

In some embodiments, the certificate extraction module 6551 is further configured to: performing the following verification operations by nodes in the blockchain network for each transaction in the block: verifying the client digital signature of the transaction through the client digital certificate in the transaction; verifying the node digital signature in the transaction through the node digital certificate of the transaction; the transaction in the verification block conforms to the endorsement policy.

In some embodiments, the certificate extraction module 6551 is further configured to: before receiving a transaction submitted by a client through a node of a block chain network, receiving a transaction proposal submitted by the client through the node in the block chain network; verifying the transaction proposal based on the endorsement policy, and returning a proposal response to the client when the verification is passed; wherein the proposal response comprises: and the transaction result, the digital certificate of the node passing the endorsement policy verification and the digital signature of the node passing the endorsement policy verification for the transaction result are used, so that when the client receives a transaction proposal, the transaction proposal and the proposal response are constructed into a transaction, and the constructed transaction is submitted to the node in the blockchain network.

In some embodiments, the certificate extraction module 6551 is further configured to: and sequencing the transactions constructed and submitted by the client according to the receiving sequence through the nodes in the block chain network to construct blocks, and broadcasting the constructed blocks in the block chain network so as to enable the nodes receiving the constructed blocks to be in consensus.

In some embodiments, the certificate extraction module 6551 is further configured to: extracting from each transaction in the block, when the consensus passes, a digital certificate of the client submitting the transaction and a digital certificate of the node endorseing the transaction; storing the key-value pairs of the extracted digital certificate in a database of the node; wherein, the key in the key value pair is the hash value of the extracted digital certificate, and the value in the key value pair is the binary data of the extracted digital certificate.

In some embodiments, the transaction tailoring module 6552 is further configured to: before the node of the block chain network identifies the new block, the node of the block chain network receives a transaction proposal submitted by a client, and when the node receiving the transaction proposal inquires a digital certificate of the node in a local database and verifies that the transaction proposal passes based on an endorsement strategy, the node determines the transaction endorsement and returns a proposal response to the client; wherein the proposal response comprises: the transaction result, the hash value of the digital certificate of the node that is the transaction endorsement, and the digital signature of the node that is the transaction endorsement for the transaction result, so that when the client receives the proposal response, the transaction proposal and the proposal response are constructed as a transaction, and the encapsulated transaction is submitted to the nodes in the blockchain network.

In some embodiments, the transaction tailoring module 6552 is further configured to: and sequencing the transactions packaged and submitted by the client according to the receiving sequence through the nodes in the block chain network to construct a new block, and broadcasting the constructed new block to the block chain network so as to enable the nodes receiving the constructed new block to be identified.

In some embodiments, the transaction tailoring module 6552 is further configured to: extracting, from each transaction in the new block, a hash value of the digital certificate of the client submitting the transaction and a hash value of the digital certificate of the node being endorsed by the node; and inquiring the digital certificate of the client submitting the transaction and the digital certificate of the node endorsed for the transaction from the database of the node through the extracted hash value.

In some embodiments, the transaction tailoring module 6552 is further configured to: performing the following verification operations by nodes in the blockchain network for each transaction in the block: verifying the digital certificate of the node as the transaction endorsement through the root certificate of the node; when the verification passes, extracting a public key of the node which is the transaction endorsement from the digital certificate of the node which is the transaction endorsement, and verifying the digital signature of the node in the transaction through the public key; verifying the digital certificate of the node as the transaction endorsement through the root certificate of the node; and when the verification passes, extracting the public key of the node which is the transaction endorsement from the digital certificate of the node which is the transaction endorsement, and verifying the digital signature of the node in the transaction through the public key.

In some embodiments, a transaction tailoring module 6552 to: when the node in the block chain network executes verification operation on each transaction in the block, verifying that the transaction format in the block is correct; the node verified as the transaction endorsement joins a channel indicated in the transaction for receiving the transaction; and verifying that the transaction conforms to the endorsement policy.

In some embodiments, the certificate extraction module 6551 is further configured to: storing key-value pairs of digital certificates with query frequency higher than a frequency threshold value in a cache of a node; inquiring a digital certificate corresponding to the hash value from a cache of the node; and when the hash value is not found, inquiring the digital certificate corresponding to the hash value from the database of the node.

In some embodiments, the certificate extraction module 6551 is further configured to: determining the frequency of inquiring the digital certificates of the transactions in each channel which is added into the block chain network by the node; and storing the digital certificate of which the use frequency is higher than the frequency threshold value in each channel into a cache local to the node.

Embodiments of the present invention provide a storage medium storing executable instructions, where the executable instructions are stored, and when executed by a processor, will cause the processor to execute a method provided by embodiments of the present invention, for example, a certificate processing method of a blockchain network as shown in any one of fig. 3, 6A, 6B, 7 and 8.

In some embodiments, the storage medium may be a memory such as FRAM, ROM, PROM, EPROM, EE PROM, flash, magnetic surface memory, optical disk, or CD-ROM; or may be various devices including one or any combination of the above memories.

By way of example, executable instructions may be deployed to be executed on one computing device or on multiple computing devices at one site or distributed across multiple sites and interconnected by a communication network.

In summary, in the embodiments of the present invention, through a certificate multiplexing manner, after the internal nodes recognize the certificate appearing in the transaction, the hash value of the certificate and the binary data information of the digital certificate are combined into the key value pair stored in the local certificate database of the network node of the blockchain, so that the digital certificates in all subsequent transactions are replaced by corresponding hash values, and the digital certificate corresponding to the hash value is locally obtained from the node for verification during transaction verification, thereby reducing the volume size of the transaction and the block. The method is suitable for all scenes of a alliance chain, and any block chain network using the digital certificate as identity authentication is adopted, so that the volume of each block is fundamentally reduced, and the throughput of the whole block chain network can be improved.

The above description is only an example of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, and improvement made within the spirit and scope of the present invention are included in the protection scope of the present invention.

Claims

1. A method of certificate handling for a blockchain network, the method comprising:

receiving a transaction proposal submitted by a client through a node in the blockchain network;

when a node receiving the transaction proposal inquires a digital certificate of the node in a local database and verifies that the transaction proposal passes based on an endorsement policy, determining the node as the transaction endorsement and returning a proposal response to the client, so that the client constructs the transaction proposal and the proposal response as a transaction when receiving the proposal response;

wherein the proposal response comprises: a transaction result, a hash value of a digital certificate of a node that is the transaction endorsement, a digital signature for the transaction result for the node that is the transaction endorsement;

receiving the transaction submitted by the client through a node of the blockchain network, and replacing the digital certificate in the submitted transaction with a corresponding hash value when the digital certificate in the submitted transaction is inquired from the database;

2. The method of claim 1, wherein the consensus for the block by the node of the blockchain network comprises:

verifying that the transaction complies with an endorsement policy.

3. The method of claim 1, wherein prior to the consensus for a block by nodes of a blockchain network, the method further comprises:

receiving, by a node in the blockchain network, a transaction proposal submitted by the client;

4. The method of claim 3, further comprising:

and sequencing the transactions constructed and submitted by the client according to the receiving sequence through the nodes in the block chain network to construct blocks, and broadcasting the constructed blocks in the block chain network so as to enable the nodes receiving the constructed blocks to be in consensus.

5. The method of claim 1, wherein said extracting a digital certificate from a transaction of said block when consensus passes, storing said digital certificate in a database of said node, comprises:

6. The method of claim 1, wherein constructing the replacement processed transaction as a new tile by a node in the blockchain network comprises:

through the nodes in the block chain network, the replaced transactions packaged and submitted by the client are sequenced according to the receiving sequence to construct a new block;

the method further comprises the following steps: broadcasting the constructed new block into the block chain network so that nodes receiving the constructed new block can be identified.

7. The method of claim 1, wherein the extracting the hash value from the transaction of the new block, and querying the database of the node for the digital certificate corresponding to the hash value comprises:

8. The method of claim 1, wherein said verifying the transaction in the new block using the queried digital certificate comprises:

verifying the digital certificate of the node as the transaction endorsement through the root certificate of the node;

9. The method of claim 8, wherein when performing an authentication operation on each transaction in the block by a node in the blockchain network, the method further comprises:

verifying that the transaction format in the block is correct;

verifying that the transaction complies with an endorsement policy.

10. The method according to any one of claims 1 to 9, further comprising:

the querying, from the database of the node, the digital certificate corresponding to the hash value includes:

11. The method of claim 10, wherein storing key-value pairs of digital certificates in the cache of the node with query frequency higher than a frequency threshold comprises:

12. An apparatus for certificate processing for a blockchain network, the apparatus comprising:

a certificate extraction module to:

a transaction tailoring module to:

receiving the transaction submitted by the client through a node of the blockchain network, and replacing the digital certificate in the submitted transaction with the hash value of the correspondingly extracted digital certificate when the digital certificate in the submitted transaction is inquired from the database;

13. An electronic device for operating a node in a blockchain network, the electronic device comprising:

a memory for storing executable instructions;

a processor for implementing the certificate handling method of a blockchain network of any one of claims 1 to 11 when executing executable instructions stored in the memory.

14. A storage medium having stored thereon executable instructions for causing a processor to perform a method of certificate handling for a blockchain network as claimed in any one of claims 1 to 11 when executed.