CN111767569A

CN111767569A - Access authorization method and node of block chain

Info

Publication number: CN111767569A
Application number: CN202010579598.XA
Authority: CN
Inventors: 罗强; 苏恒; 黄大光; 吴业骏
Original assignee: Industrial and Commercial Bank of China Ltd ICBC
Current assignee: Industrial and Commercial Bank of China Ltd ICBC
Priority date: 2020-06-23
Filing date: 2020-06-23
Publication date: 2020-10-13

Abstract

The access authorization method and the node of the block chain, which are provided by the invention, utilize the consensus accounting node to obtain the attribute information of the access node, generating an attribute key according to the attribute information, and simultaneously generating the same attribute key by the access node requesting access according to the attribute information of the access node, and further, the security problem that the data owner can share the transaction information in a limited way can be effectively solved by using the attribute key generated by the data owner to decrypt the transaction information encrypted by the common identification accounting node, the invention takes the data provider as the provider of the CA certificate and the authorization subject to design a ciphertext strategy, namely, the attribute encryption is carried out by providing an attribute strategy based on a ciphertext strategy, an information access user applies for the access right through a block chain network, the method gets rid of the bottleneck of dependence on the CA of the authentication center, and improves the reliability and efficiency of privacy protection of transaction data.

Description

Access authorization method and node of block chain

Technical Field

The invention belongs to the technical field of block chains, and particularly relates to an access authorization method and a node of a block chain.

Background

With the spanning of the internet from information interconnection to value interconnection and then to order interconnection, the block chain technology comes up, is a decentralized consensus accounting technology, and has the characteristics of decentralization, no falsification, openness and transparency and the like. In order to reduce the risk of collusion caused by a large-scale computing resource control network, the block chain network adopts a group consensus method to ensure the consistency of transactions. Group consensus is a mechanism that employs multi-node joint accounting and voting. Specifically, the block chain network is composed of a plurality of common identification accounting nodes, each accounting node stores a full-amount account book and votes autonomously to form a group decision, so that the modification of the full-amount account book by a few nodes cannot influence the result of the group voting, and the block chain network has the characteristics of non-falsification, safety and reliability.

Although blockchain networks have a large number of consensus nodes involved in billing, most transactions occur between only a limited number of parties, such as: private article transaction, information sharing, data transfer and the like all occur in a limited range, and transaction information generated by limited transaction parties is transmitted to the whole network, so that the risk of privacy data leakage is increased, and the efficiency of transaction concurrency is reduced. To solve the above problems, the earlier patent (a loosely coupled blockchain autonomous trading system and method) proposed the concept of a loosely coupled trading circle, i.e., a temporary consensus trading circle formed by autonomously selecting partners. The loosely coupled trading circle has the characteristics of temporality, uncertainty and consistency, a trading party can independently select joining or quitting time, uncertainty exists in scale, life cycle, trading type and the like, and the consistency of group consensus needs to be guaranteed in a limited range. With the establishment of a loose coupling transaction circle, the transaction data of the participant has privacy and confidentiality, a transaction data owner allows authorization to be given to an authorized person for access, a user needs to access the data through an authentication party of an encryption attribute and an encryption strategy, and meanwhile risks such as collusion, information leakage and external attack are prevented, so that a plurality of defects exist.

Disclosure of Invention

The invention provides a block chain access authorization method and a node, which at least solve at least one of the problems.

One aspect of the present invention provides a method for access authorization of a blockchain, including:

the consensus accounting node receives a transaction information access request; the transaction information access request comprises attribute information of an access node;

the consensus accounting node generates an attribute key according to the attribute information, encrypts accessed transaction information by using the attribute key and generates a transaction information ciphertext; wherein the access node generates the attribute key based on its own attribute information;

broadcasting the transaction information ciphertext to enable the access node to decrypt the transaction information ciphertext by using the attribute key of the access node, so as to obtain the transaction information; and generating the attribute key of the access node in the same way as the attribute key of the consensus accounting node.

In a preferred embodiment, the transaction information access request further includes security authentication information;

before generating an attribute key according to the attribute information, the access authorization method further includes:

and verifying the security authentication information in the transaction information access request, and if the transaction information access request passes the verification, generating an attribute key according to the attribute information.

In a preferred embodiment, further comprising:

a plurality of loosely coupled trading circles are established and each loosely coupled trading circle is uniquely identified with a version number.

In a preferred embodiment, establishing each loosely coupled transaction circle and uniquely identifying the corresponding loosely coupled transaction circle with a version number includes:

broadcasting the loosely coupled transaction request so that each transaction node judges whether the transaction node is a node in a loosely coupled transaction circle according to the received loosely coupled transaction request; the loosely coupled transaction request includes a unique version number;

receiving a notification response message which is sent by a non-self transaction node and achieves loose coupling together with other nodes which judge that the self belongs to the loose coupling transaction circle;

and sending version number application success confirmation information and broadcasting the version number together with other nodes which judge that the nodes belong to the loose coupling trading circle so as to inform non-self nodes in the loose coupling trading circle.

In a preferred embodiment, the loosely coupled transaction request further includes transaction node address information; each transaction node judges whether the transaction node is a node in a loose coupling transaction circle according to the received loose coupling transaction request, and the method comprises the following steps:

each transaction node judges whether the address information of the transaction node is included in the address information in the loosely coupled transaction request, and if the address information is included in the address information, the transaction node is determined to be a node in a loosely coupled transaction circle.

In a preferred embodiment, each common identification accounting node corresponds to a node unique identification; the generating an attribute key according to the attribute information includes:

and generating the attribute key according to the attribute information, the corresponding node unique identifier and the safety authentication information.

Another aspect of the present invention provides a method for access authorization of a blockchain, including:

the access node sends a transaction information access request to a consensus accounting node in the block chain; the transaction information access request comprises attribute information of an access node;

receiving a transaction information ciphertext sent by the consensus accounting node; the transaction information ciphertext is obtained by the consensus accounting node generating an attribute key according to the attribute information and encrypting accessed transaction information by using the attribute key;

decrypting the transaction information ciphertext by using the attribute key of the access node to obtain the transaction information; and generating the attribute key of the access node in the same way as the attribute key of the consensus accounting node.

The invention also provides a method for authorizing access to a system of a block chain, which comprises the following steps:

the consensus accounting node records the transaction information generated by the transaction node;

the access node sends a transaction information access request to the consensus accounting node; the transaction information access request comprises attribute information of an access node;

the consensus accounting node generates an attribute key according to the attribute information, encrypts accessed transaction information by using the attribute key to generate a transaction information ciphertext and broadcasts the transaction information ciphertext;

the access node receives the transaction information ciphertext sent by the consensus accounting node, decrypts the transaction information ciphertext by using the attribute key of the access node, and further obtains the transaction information; and generating the attribute key of the access node in the same way as the attribute key of the consensus accounting node.

In another aspect, the present invention provides a block chain consensus accounting node, including:

the access request receiving module is used for receiving the transaction information access request by the consensus accounting node; the transaction information access request comprises attribute information of an access node;

the attribute key generation module is used for generating an attribute key by the consensus accounting node according to the attribute information, encrypting the accessed transaction information by using the attribute key and generating a transaction information ciphertext; wherein the access node generates the attribute key based on its own attribute information;

the transaction information ciphertext broadcasting module is used for broadcasting the transaction information ciphertext to enable the access node to decrypt the transaction information ciphertext by using the attribute key of the access node so as to obtain the transaction information; and generating the attribute key of the access node in the same way as the attribute key of the consensus accounting node.

Yet another aspect of the present invention provides an access node of a blockchain, including:

the access request sending module is used for sending a transaction information access request to the consensus accounting node in the block chain by the access node; the transaction information access request comprises attribute information of an access node;

the transaction information ciphertext receiving module is used for receiving the transaction information ciphertext transmitted by the consensus accounting node; the transaction information ciphertext is obtained by the consensus accounting node generating an attribute key according to the attribute information and encrypting accessed transaction information by using the attribute key;

the decryption module is used for decrypting the transaction information ciphertext by using the attribute key of the access node so as to obtain the transaction information; and generating the attribute key of the access node in the same way as the attribute key of the consensus accounting node.

Yet another aspect of the present invention provides an authorized access system for a block chain, including: the system comprises a transaction node, a consensus accounting node and an access node;

According to another aspect of the present invention, an electronic device includes a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the access authorization method for the block chain when executing the program.

According to another aspect of the invention, a computer-readable storage medium has stored thereon a computer program which, when being executed by a processor, carries out the above-mentioned method of access authorization of a blockchain.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.

FIG. 1: a schematic diagram of a block chain multi-center transaction privacy protection system based on loose consensus;

FIG. 2: a block chain multi-center transaction privacy protection schematic diagram based on loose consensus;

FIG. 3: a schematic diagram of a request message format;

FIG. 4: a flow chart of a method of access authorization for a blockchain;

FIG. 5: a block chain common identification accounting node structure is shown.

FIG. 6: the computer equipment structure schematic diagram is suitable for the embodiment of the invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

The consensus accounting node in the blockchain network adds blocks after consensus is completed to ensure the information integrity of each node in the network. However, when an actual transaction occurs, not all transactions need to be identified in the whole network, but the transactions only need to be identified in a limited range, so that in order to solve the problem that the whole network identification needs to be performed in the conventional blockchain, the invention provides a loose coupling transaction circle which is constructed on the conventional blockchain network, and compared with the conventional blockchain transaction, the loose coupling transaction circle does not need to anchor the coalition members in advance to form a relatively stable network. The method provided by the invention introduces concepts of a loose coupling consensus intelligent contract and an application level intelligent contract, wherein the loose coupling consensus intelligent contract executes a loose coupling protocol, nodes to which transaction participants belong are anchored according to the range of a loose coupling transaction circle, consensus accounting in a limited range is realized, and the application level intelligent contract is responsible for calling the loose coupling consensus intelligent contract when business transaction is executed. The loose coupling protocol supports the independent joining and withdrawing of trading alliances by any number of trading parties, and flexible ecology is constructed.

After a series of transactions, the blockchain reaches a final transaction state, wherein the state is represented by sigma and comprises data of account balance, sequence number, timestamp, transaction opponents and the like of the blockchain transaction; the blockchain transaction is denoted by T, which is a legal rule connecting two states before and after, and the states are formally expressed as follows:

σ_t+1＝γ(σ_t,T)

where γ represents the state transfer function. To distinguish from traditional blockchain transactions, a version number is introduced in the state transfer functionv, i.e. gamma_vAnd v ∈ N, v ≧ 0, when v is 0, γ_vRepresenting a traditional blockchain transaction; when v > 0, γ_vIndicating that a loosely coupled transaction is to be performed. It should be noted that the version number v is unique in the whole network, and the used version number v is stored in the whole network common identification accounting node for distinguishing intelligent contract state transfer functions of different loose coupling transaction circles. The method comprises the following specific steps:

σ_t+1＝γ_v(σ_t,T)

the above relationship formalizes as:

executing a loosely coupled intelligent contract state transfer function gamma_vAnd then, the transaction information is only physically stored in the node to which the transaction party belongs.

In the present invention, the transaction node is a verification node of the transaction party, for example, if the participant a is a banking institution, the corresponding verification node is a client terminal of the participant a in the blockchain network.

As shown in fig. 1, a schematic diagram of a loosely coupled blockchain autonomous transaction system and method includes: the system comprises a block chain infrastructure cloud (BaaS)1, a block chain consensus accounting node 2, a loose coupling transaction circle 3, a loose coupling transaction circle 4 and a transaction party 5. Wherein the nature of the loosely coupled

trading circles

3 and 4 is the same, but with different numbers of trading parties.

Block chain infrastructure cloud (BaaS) 1: the virtual node is responsible for providing and distributing network resources, computing resources and storage resources according to a networking resource request of a user, creating a block chain networking service, and supporting the selection of a block chain product mirror image and the creation of a virtual node according to a block chain product standard of the user.

Block chain consensus accounting node 2: the block chain network is provided with a plurality of block chain consensus accounting nodes which are used as block chain computing nodes and mainly responsible for block chain transaction access and processing and intelligent contract execution, transaction consensus and transaction accounting. In the blockchain infrastructure cloud (BaaS)1, all the blockchain consensus accounting nodes are virtual computing nodes.

Loosely coupled circle of transaction 3: in blockchain infrastructure cloud 1, a transaction circle is temporarily made up of transaction parties. Furthermore, the trading party arbitrarily selects a temporary trading circle established by other trading parties according to trading needs, a local consensus protocol is executed for achieving trading, and the trading data is only stored in the node where the trading party is located and is not diffused to the nodes of the whole network like the traditional block chain network. This loose coupling circle comprises 3 trading parties: participant a, participant B, participant C.

Loosely coupled trading circle 4: in blockchain infrastructure cloud 1, a transaction circle is temporarily made up of transaction parties. Furthermore, the transaction party arbitrarily selects a temporary transaction circle established by other transaction parties according to the service requirement, and executes a local consensus protocol for achieving the transaction, and the transaction data is only stored in the node where the transaction party is located and is not diffused to the nodes of the whole network like the traditional block chain network. This loose coupling circle comprises 3 trading parties: participant D, participant E.

The transaction party 5: transaction participants performing blockchain consensus transactions.

Compared with the traditional block chain transaction, the loose coupling transaction circle is constructed on the basis of the traditional block chain network, the alliance members do not need to be anchored in advance to form a relatively stable network, only the consensus accounting node of the transaction party stores the transaction book, and the data storage efficiency is improved; the loose coupling transaction also has the characteristics of flexible transaction mode, high execution efficiency and the like.

The loosely coupled trading circle has the characteristics of temporality, uncertainty and consistency, a trading party can independently select joining or quitting time, uncertainty exists in scale, life cycle, trading type and the like, and the consistency of group consensus needs to be guaranteed in a limited range. With the establishment of the loosely coupled transaction circle, the transaction data of the participant has privacy and confidentiality, the transaction data owner allows authorization to be given to an authorized person for access, a user needs to access the data through an authentication party of an encryption attribute and an encryption strategy, and risks of collusion, information disclosure, external attack and the like are prevented.

Therefore, the core concept of the invention is to introduce a CA authentication method into a Multi-authorization subject of the loose coupling transaction circle, realize certificate issuance and attribute encryption (Multi-authorization CP-ABE), realize information authorization and protection of multiple transaction parties in and outside the loose coupling transaction circle, and improve the reliability and efficiency of transaction data privacy protection inside and outside the loose coupling transaction circle.

Specifically, the attribute information is used as a condition for generating the key, and the same key is generated by the access node and the consensus accounting node, so that the consensus accounting node can be used as an authentication center to share the transaction information to an accessor, and other nodes which do not have access to the key are prevented from accessing.

As shown in fig. 2, a schematic diagram of privacy protection for blockchain multi-center transactions based on loose consensus includes: transaction information accessor 20, loosely coupled transaction circle 21, billing node/attribute authority 22, transaction participant 23.

Transaction information visitor 20: the transaction participants who perform the blockchain consensus transaction are also the publishers of the transaction information. The transaction information accessor 20 provides the attribute credentials needed for the attribute access policy. The participants in this embodiment access the loosely coupled transaction circle through the blockchain consensus accounting node/attribute authority 22 to execute transaction, encrypt and authorize transaction information.

In some embodiments, the attribute information includes, but is not limited to, a unit address, a unit name, a unit organization, a work group, and a position hierarchy.

The attribute access policy may be formally expressed as:

wherein S is₁,S₂,...,S_NRepresenting the N attribute sets, and traversing the N attribute sets by the algorithm, wherein j is 1, 2.

Loosely coupled transaction circles 21: in blockchain infrastructure cloud 1, a transaction circle is temporarily made up of transaction parties. The transaction party randomly selects a temporary transaction circle established by other transaction parties according to business requirements, a local consensus protocol is executed for achieving transaction, and transaction data are only stored in a node where the transaction party is located and are not diffused to nodes of the whole network like a traditional block chain network.

Accounting node/attribute authority 22: the system is responsible for providing the safety certification of the block chain network block chain common identification accounting node and providing the global parameter GP for the transaction information. Executing GlobalSetup (), CreateUser (), and CreateAuthority () algorithms, respectively representing initialization, creating users, and creating attribute authorization center operations:

global Setup () algorithm: for generating the public and secret keys of the central CA. Let e be G₁×G₁→G_TIn a bijective relationship, G₁Denotes an n-th order addition group, G_TRepresenting an n-order multiplicative group, G ∈ G is taken as a G generator, two elements P and Q ∈ G of the G group are randomly selected, and a public key of a certificate authority CA is represented as M_CA＝{G,G_TE, g, P, e (g, Q) }, the key denoted S_CA＝Q。

CreateUser (): for creating a public key and a secret key for the participant user u. Let mk_u∈Z_pIs an addition group Z_pElement of (1), public key of participant user u

The key is expressed as

CreateAuthority (): random hash function H for providing criteria for an attribute authority_x:{0,1}^*→Z_pIts returned value x_aKey S as an attribute authority_a:＝x_a

The transaction participant 23: the participating parties of the transaction that execute the blockchain consensus transaction access the loosely coupled transaction circle through the blockchain consensus accounting node/attribute authorization center 22 to execute the transaction, encryption, authorization transaction information and other processes.

In the following description of the application of the present invention, fig. 4 shows an access authorization method for a blockchain in an embodiment of the present invention, as shown in fig. 4, including:

s11: the consensus accounting node receives a transaction information access request; the transaction information access request comprises attribute information of an access node;

s12: the consensus accounting node generates an attribute key according to the attribute information, encrypts accessed transaction information by using the attribute key and generates a transaction information ciphertext; wherein the access node generates the attribute key based on its own attribute information;

s13: broadcasting the transaction information ciphertext to enable the access node to decrypt the transaction information ciphertext by using the attribute key of the access node, so as to obtain the transaction information; and generating the attribute key of the access node in the same way as the attribute key of the consensus accounting node.

The access authorization method of the block chain provided by the invention utilizes the common identification accounting node to obtain the attribute information of the access node, generating an attribute key according to the attribute information, and simultaneously generating the same attribute key by the access node requesting access according to the attribute information of the access node, and further, the security problem that the data owner can share the transaction information in a limited way can be effectively solved by using the attribute key generated by the data owner to decrypt the transaction information encrypted by the common identification accounting node, the invention takes the data provider as the provider of the CA certificate and the authorization subject to design a ciphertext strategy, namely, the attribute encryption is carried out by providing an attribute strategy based on a ciphertext strategy, an information access user applies for the access right through a block chain network, the method gets rid of the bottleneck of dependence on the CA of the authentication center, and improves the reliability and efficiency of privacy protection of transaction data.

It can be understood that the transaction information access request in the present invention includes an identifier of the transaction information, such as an address of the transaction information, that is, the transaction information on the corresponding block can be called by reading the transaction information access request.

In a preferred embodiment, further comprising:

In the present invention, fig. 3 shows a schematic diagram of a request message format.

The present invention will be described in detail with reference to specific scenarios.

Forming a loosely coupled transaction circle

A block chain multi-center transaction privacy protection flow chart based on loose consensus comprises the following steps:

step S40: the attribute authorization center starts an initialization program GlobalSetup (), wherein G represents a bijective group with the rank of N, and N is equal to p₁p₂p₃Wherein p is₁,p₂,p₃Is 3 prime numbers. The global parameter GP represents N and

generating element g of₁. Similarly, a standard random hash function H is introduced, wherein H is {0,1}^*→ G, a mapping from the globally unique identification GID to G is implemented. The form is as follows:

GlobalSetup(λ)→GP

where λ represents a safety parameter. The GP is shared with other accounting nodes through the block chain network.

Step S41: the transaction data owning node applies to become an attribute authority, executes a CreateAuthority () algorithm, and is represented in a formalized way as follows:

CreateAuthority(GID,GP)→PK_GID,SK_GID

the formula inputs global attribute GP and outputs attribute authorization center public and private key Pairs (PK)_GID,SK_GID) For each attribute i belonging to the rights issuer, two numbers α are randomly selected_i,β_i∈ Z as an exponent, the public key PK is expressed as follows:

the private key SK is represented as follows:

step S42: user u applies for secret key K from attribute authorization center a_i,GIDExecuting the CreateUser () algorithm, accepting the input (GID, GP, i, SK), generating a key K for the user u with respect to the attribute i_i,GIDAnd the GID is the global ID of the accounting node to which the user belongs. Formally expressed as:

CreateUser(GID,GP,i,SK)→K_i,GID

the attribute authority creates a key for attribute i of the GID, formally expressed as:

step S43: the attribute authorization center provides attribute authority verification, data encryption and decryption services for the user u: (1) and verifying the attribute authority. Transaction information access user u_gAnd submitting an information access request to an attribute authorization center, and executing a RequestAttribute () algorithm by the attribute authorization center to verify whether a transaction information requester has access right. If the detection fails, false is returned. Otherwise, returning the attribute key S to the transaction information requester_uFormally expressed as:

(2) and (5) encrypting data. Attribute authority center enforces Encrypt (T, GP, PK)_1,GID,PK_2,GID,...,M_n,GID) And performing attribute encryption on the transaction information T. The generated ciphertext T_cFormalization is as follows:

(3) and (6) decrypting the data. The attribute authorization center executes a decryption algorithm of Decrypt () and receives a global parameter GP and a ciphertext T_CAnd attribute key cluster { K_i,GIDAnd (i is more than or equal to 1 and less than or equal to N), globally identifying the GID, outputting a plaintext T when the attribute cluster meets the attribute strategy, and otherwise, failing to decrypt.

Decrypt(T_c,GP,{K_i,GID})→T

A decryption flow chart of a loosely coupled block-chain multi-party transaction system comprises the following steps:

step S50: a transaction information access user u submits an application for accessing transaction information T to a block chain node b (which is also an attribute authorization center of u), b sends an access request to an attribute authorization center a where the transaction information T is located, and at the same time, attribute information (u) of u is transmitted to an attribute authorization center a where the transaction information T is located₁,u₂,...,u_n) Together to the attribute authority a.

Step S51: the attribute authorization center a executes a RequestAttribute () algorithm to verify whether the transaction information requester has access right (adopting an Access Tree () access tree algorithm, which is not described in the invention). If the detection fails, false is returned. Otherwise, generating an attribute key SK (a) of u, wherein SK (a) is expressed in the form:

if S_u(a) Containing N attribute values, is denoted as SK_u(a)＝(SK_u1，SK_u2，...，SK_un) And returning the return result to the blockchain node b through the blockchain network.

Step S52: block chain node b (and u at the same time)_gProperty authority) executes a decryption algorithm Decrypt (), and the input parameters are as follows: decrypt (PK)_A,T_C,,SK_u(a) Wherein T) is_CRepresenting ciphertext, S_u(a) Attribute key of u, in the form of SK_u(a)＝(SK_u1，SK_u2，...，SK_un) Satisfy AThe ccessfree () access tree algorithm (not illustrated in the present invention). The plaintext T can be represented as the following equation:

wherein the content of the first and second substances,

R_j∈Z_pa random constant for each attribute policy group.

A block chain multi-center transaction privacy protection system transaction information protection flow chart based on loose consensus comprises the following specific steps (assuming that a block chain network comprises 4 transaction parties: A, B, C, D, D do not participate in loose coupling transactions):

step S600: acquiring the latest version number v of the whole network;

step S601: the transaction party A sends a local consensus request to the transaction party B, C through the verification node where the transaction party A is located, and the verification node where the transaction party A is located does not send a loose coupling request to the transaction party D any more because the transaction party D is not loosely coupled with the transaction circle; the request broadcast message contains address information for the target counterparty, which in this example includes counterparty B, C. Let P_TA loosely coupled transaction message representing transaction T, formally:

P_T＝(v,n,(ρ₁,ρ₂,...,ρ_n),...,chksum)

where v is the version number, n is the number of parties to the transaction, p₁,ρ₂,...,ρ_nId numbers and IP addresses representing 1 to n transaction parties, chksum being a check bit.

The format of the loosely coupled transaction message is shown in the following figure.

Step S602: the verification node where the transaction party A is located monitors and receives a loosely coupled message request from the transaction party A, and message security verification is carried out;

step S603: the verification node where the transaction party A is located analyzes and extracts the message request message of the local consensus transaction to obtain the transaction party of the loosely coupled transaction circle, which is A, B, C in the example; the transaction consensus is performed in the verification node where A, B, C is located, using the PBFT (byzantine fault tolerant) algorithm.

Step S604: the verification node where the transaction party B is located monitors and receives a loosely coupled message request from the transaction party A, and message security verification is carried out;

step S605: the verification node where the transaction party B is located analyzes and extracts the message request message of the local consensus transaction to obtain the transaction party of the loosely coupled transaction circle, which is A, B, C in the example; the transaction consensus is performed in the verification node where A, B, C is located, using the PBFT (byzantine fault tolerant) algorithm.

Step S606: the verification node where the transaction party C is located monitors and receives a loosely coupled message request from the transaction party A, and message security verification is carried out;

step S607: the verification node where the transaction party C is located analyzes and extracts the message request message of the local consensus transaction to obtain the transaction party of the loosely coupled transaction circle, which is A, B, C in the example; the transaction consensus is performed in the verification node where A, B, C is located, using the PBFT (byzantine fault tolerant) algorithm.

Step S608: and receiving the transaction information from other nodes at the verification node where the transaction party A is positioned, and verifying the stock transaction according to the version number v. In order to verify the correctness of the transaction, the following relationship must be satisfied:

H_v＝TRIE(L_S(Π(σ,β)))

let T_pRepresenting application-level Smart contract transactions, T_sRepresenting the system level intelligent contract transaction, and expanding the following formula:

σ_t+1＝Π(σ_t,B)

wherein the content of the first and second substances,

B＝(...,(T_p,1,T_s,1),(T_p,0,T_s,0),...)

∏(σ,B)≡Ω(B,γ(γ(σ,(T_p,0,T_s,0)),(T_p,1,T_s,1))...)

Ω denotes the final state, B denotes the transaction sequence, T_p,0,T_p,1Respectively represent the 0 th and 1 st application-level intelligent contract transaction sequences, T_s,0,T_s,1Respectively representing the 0 th and 1 st system-level intelligent contract transaction sequences (T)_p,0,T_s,0) Representing a combination of application-level and system-level intelligent contract transactions.

Step S609: and if the intelligent contract is successfully authenticated, sending a notification broadcast.

Step S610: and receiving the transaction information from other nodes at the verification node where the transaction party B is positioned, and verifying the stock transaction according to the version number V. Refer specifically to step S708.

Step S611: and if the intelligent contract is successfully authenticated, sending a notification broadcast.

Step S612: and receiving the transaction information from other nodes at the verification node where the transaction party B is positioned, and verifying the stock transaction according to the version number V. Refer specifically to step S708.

Step S613: and if the intelligent contract is successfully authenticated, sending a notification broadcast.

Step S614: and executing a GlobalSetup () intelligent contract to generate a global parameter GP, forming a Hash by providing a public key by a user, the Hash of the previous block and the Hash of the current transaction together, and simultaneously checking a local consensus message and locally storing the transaction information. Formally expressed as:

H_V＝kec(PH_V,TH_V,O_u)

wherein H_VExpressed as the Hash value of the current transaction, kec represents the Hash function calculated using the keccak-256 algorithm, PH_VRepresenting the block Hash, TH of the preceding entry_VCurrent transaction group Hash, O_uIndicating the user public key (u ═ B1).

Step S615: and executing a GlobalSetup () intelligent contract to generate a global parameter GP, forming a Hash by providing a public key by a user, the Hash of the previous block and the Hash of the current transaction together, and simultaneously checking a local consensus message and locally storing the transaction information. Refer specifically to step S614.

Step S616: and executing a GlobalSetup () intelligent contract to generate a global parameter GP, forming a Hash by providing a public key by a user, the Hash of the previous block and the Hash of the current transaction together, and simultaneously checking a local consensus message and locally storing the transaction information. Refer specifically to step S614.

Step S617: the node where the participant is located, namely the attribute authorization center, is responsible for encrypting the transaction information of the participant. In particular, Encrypt (T, GP, PK) is executed_1,GID,PK_2,GID,...,M_n,GID) And performing attribute encryption on the transaction information T. The generated ciphertext T_cFormalization is as follows:

the GP and transaction information are stored locally.

Step S618: the node where the participant is located, namely the attribute authorization center, is responsible for encrypting the transaction information of the participant. In particular, Encrypt (T, GP, PK) is executed_1,GID,PK_2,GID,...,M_n,GID) And performing attribute encryption on the transaction information T. The generated ciphertext T_cFormalization is as follows:

the GP and transaction information are stored locally.

Step S619: the node where the participant is located, namely the attribute authorization center, is responsible for encrypting the transaction information of the participant. In particular, Encrypt (T, GP, PK) is executed_1,GID,PK_2,GID,...,M_n,GID) And performing attribute encryption on the transaction information T. The generated ciphertext T_cFormalization is as follows:

the GP and transaction information are stored locally.

In some embodiments, a loose consensus-based information access authorization method of a block chain multi-center transaction privacy protection system is responsible for providing decrypted transaction information services for accessing users.

The method comprises the following specific steps:

step S700: and the visiting user submits a transaction information visiting application to the affiliated block link point.

Step S701: and the attribute authorization center executes an algorithm RequestAttribute () to check the authority of the access user. And verifying whether the transaction information requester has the access right.

Step S702: judging the execution condition of the algorithm RequestAttribute (), and if the detection fails, returning a Null value. Otherwise, returning the attribute key SK to the transaction information requester_uFormally represented by

Step S703: if the algorithm requestAttribute () returns false, it indicates that the accessing user does not have the access right to the transaction information, and thus the process is ended.

Step S704: if the algorithm RequestAttribute () returns the attribute key S_uAnd the attribute authorization center further applies for accessing the transaction information to the accounting node to which the transaction information belongs.

Step S705: and the accounting node transmits the transaction information in the ciphertext format back to the attribute authorization center.

Step S706: and the attribute authorization center receives the transaction information in the ciphertext format, executes a decryption algorithm Decrypt (), and generates a plaintext T. The input parameters are as follows: decrypt (PK)_A,T_C,,SK_u(a) Wherein T) is_CRepresenting ciphertext, S_u(a) Attribute key of u, in the form of SK_u(a)＝(SK_u1，SK_u2，...，SK_un) And satisfies the access tree () algorithm (not described in the present invention). The plaintext T can be represented as the following equation:

wherein the content of the first and second substances,

R_j∈Z_pfor each attribute policy groupA random constant.

Step S707: the accessing user receives the plaintext information T.

From the scene description, the invention supports the node to which the transaction party belongs to authenticate multiple transactions generated by a plurality of loose coupling transaction circles by enhancing the loose coupling Hash index in the block, and promotes the security and efficiency of the transactions. The invention has the following advantages:

1. through the interaction of the system-level intelligent contract and the application-level intelligent contract, the transaction parties can anchor any number of transaction parties independently in the transaction consensus process based on the block chain, a loosely-coupled transaction circle is formed, and the autonomy of the transaction parties for independently joining and quitting transactions is improved;

2. by introducing public attribute parameters GP and GID, centralized authentication of a block chain removed authentication center CA is realized, a single-level security authentication architecture of an attribute authorization center is realized, physical storage of transaction information of all parties in a loose coupling transaction circle is ensured, dependence on the authentication center CA is avoided, high privacy protection capability is provided, and meanwhile, the flexible sharing efficiency of the transaction information is improved;

3. the ciphertext strategy privacy protection based on the loosely coupled trading circle is provided, the loosely coupled trading parties are allowed to arrange the access strategy according to self customization, and the trading information can be promoted to be shared outside the trading circle. Meanwhile, a transaction group based on the version number is provided, so that a block chain transaction network forms a plurality of concurrently executed transaction circles, the system flexibility and the concurrent execution efficiency are improved, and the ecological development of the high-efficiency alliance is facilitated;

4. due to the fact that the transaction group is physically isolated based on the version number, transaction privacy and information leakage are effectively prevented, and the method has high safety.

Based on the same inventive concept, another aspect of the present invention provides an access authorization method for a blockchain, including:

In another aspect, the present invention provides a block chain consensus accounting node, as shown in fig. 5, including:

the access request receiving module 11 is used for receiving the transaction information access request by the consensus accounting node; the transaction information access request comprises attribute information of an access node;

the attribute key generation module 12 is used for generating an attribute key by the consensus accounting node according to the attribute information, and encrypting the accessed transaction information by using the attribute key to generate a transaction information ciphertext; wherein the access node generates the attribute key based on its own attribute information;

a transaction information ciphertext broadcasting module 13, configured to broadcast the transaction information ciphertext, so that the access node decrypts the transaction information ciphertext by using the attribute key of the access node, thereby obtaining the transaction information; and generating the attribute key of the access node in the same way as the attribute key of the consensus accounting node.

From a hardware aspect, in order to solve the problem of consistency of cache data between contract containers, the present invention provides an embodiment of an electronic device for implementing all or part of contents in the blockchain transaction processing method, where the electronic device specifically includes the following contents:

a processor (processor), a memory (memory), a communication Interface (Communications Interface), and a bus; the processor, the memory and the communication interface complete mutual communication through the bus; the communication interface is used for realizing information transmission among related equipment such as a server, a device, a distributed message middleware cluster device, various databases, a user terminal and the like; the electronic device may be a desktop computer, a tablet computer, a mobile terminal, and the like, but the embodiment is not limited thereto. In this embodiment, the electronic device may refer to the embodiments of the blockchain transaction processing method in the embodiments and the embodiments of the blockchain transaction processing apparatus in the embodiments for implementation, and the contents thereof are incorporated herein, and repeated descriptions are omitted.

Fig. 6 is a schematic block diagram of a system configuration of an electronic device 9600 according to an embodiment of the present invention. As shown in fig. 6, the electronic device 9600 can include a central processor 9100 and a memory 9140; the memory 9140 is coupled to the central processor 9100. Notably, this FIG. 6 is exemplary; other types of structures may also be used in addition to or in place of the structure to implement telecommunications or other functions.

In one embodiment, the blockchain transaction processing functionality may be integrated into the central processor 9100. For example, the central processor 9100 may be configured to control as follows:

s1: acquiring a latest version number corresponding to a current transaction request message, wherein each version number corresponds to a loosely-coupled transaction circle in a one-to-one manner, each loosely-coupled transaction circle comprises a plurality of transaction nodes, an application-level intelligent contract and a loosely-coupled consensus intelligent contract are deployed in a container corresponding to each transaction node, and the loosely-coupled consensus intelligent contract is used for determining the loosely-coupled transaction circle through consensus;

s2: if the transaction node belongs to the node in the loosely coupled transaction circle corresponding to the latest version number, the transaction node and other transaction nodes in the loosely coupled transaction circle jointly execute consensus on the current transaction;

s3: if the consensus is passed, calling the application-level intelligent contract to execute the current transaction; and writing the transaction data into a transaction data set of a corresponding block, the block further comprising: the method comprises the steps that a hash index set and a transaction hash set are adopted, wherein the hash index set comprises a transaction group hash value corresponding to each version number in a previous block, and the transaction hash set comprises a transaction group hash value corresponding to each version number in a current block;

s4: and calculating to obtain the transaction group hash value corresponding to the latest version number in the transaction hash set of the current block according to the hash value of the current transaction and the transaction group hash value corresponding to the latest version number in the last block of the hash index set.

As can be seen from the above description, embodiments of the present invention provide an electronic device that enables a trading party to anchor any number of participants autonomously during a trade, form a loosely coupled trading circle, and ensure that trade consensus limits are performed within the loosely coupled trading circle through the interaction of loosely coupled smart contracts and application-level smart contracts. The method improves the autonomy and the consensus efficiency of the transaction party, supports the node to which the transaction party belongs to authenticate multiple transactions generated by a plurality of loosely coupled transaction circles through the loosely coupled Hash indexes in the enhanced block, and promotes the safety and the efficiency of the transactions.

In another embodiment, the blockchain transaction processing apparatus may be configured separately from the central processor 9100, for example, the blockchain transaction processing apparatus may be configured as a chip connected to the central processor 9100, and the blockchain transaction processing function is realized under the control of the central processor.

As shown in fig. 6, the electronic device 9600 may further include: a communication module 9110, an input unit 9120, an audio processor 9130, a display 9160, and a power supply 9170. It is noted that the electronic device 9600 also does not necessarily include all of the components shown in fig. 6; further, the electronic device 9600 may further include components not shown in fig. 6, which may be referred to in the art.

As shown in fig. 6, a central processor 9100, sometimes referred to as a controller or operational control, can include a microprocessor or other processor device and/or logic device, which central processor 9100 receives input and controls the operation of the various components of the electronic device 9600.

The memory 9140 can be, for example, one or more of a buffer, a flash memory, a hard drive, a removable media, a volatile memory, a non-volatile memory, or other suitable device. The information relating to the failure may be stored, and a program for executing the information may be stored. And the central processing unit 9100 can execute the program stored in the memory 9140 to realize information storage or processing, or the like.

The input unit 9120 provides input to the central processor 9100. The input unit 9120 is, for example, a key or a touch input device. Power supply 9170 is used to provide power to electronic device 9600. The display 9160 is used for displaying display objects such as images and characters. The display may be, for example, an LCD display, but is not limited thereto.

The memory 9140 can be a solid state memory, e.g., Read Only Memory (ROM), Random Access Memory (RAM), a SIM card, or the like. There may also be a memory that holds information even when power is off, can be selectively erased, and is provided with more data, an example of which is sometimes called an EPROM or the like. The memory 9140 could also be some other type of device. Memory 9140 includes a buffer memory 9141 (sometimes referred to as a buffer). The memory 9140 may include an application/function storage portion 9142, the application/function storage portion 9142 being used for storing application programs and function programs or for executing a flow of operations of the electronic device 9600 by the central processor 9100.

The memory 9140 can also include a data store 9143, the data store 9143 being used to store data, such as contacts, digital data, pictures, sounds, and/or any other data used by an electronic device. The driver storage portion 9144 of the memory 9140 may include various drivers for the electronic device for communication functions and/or for performing other functions of the electronic device (e.g., messaging applications, contact book applications, etc.).

The communication module 9110 is a transmitter/receiver 9110 that transmits and receives signals via an antenna 9111. The communication module (transmitter/receiver) 9110 is coupled to the central processor 9100 to provide input signals and receive output signals, which may be the same as in the case of a conventional mobile communication terminal.

Based on different communication technologies, a plurality of communication modules 9110, such as a cellular network module, a bluetooth module, and/or a wireless local area network module, may be provided in the same electronic device. The communication module (transmitter/receiver) 9110 is also coupled to a speaker 9131 and a microphone 9132 via an audio processor 9130 to provide audio output via the speaker 9131 and receive audio input from the microphone 9132, thereby implementing ordinary telecommunications functions. The audio processor 9130 may include any suitable buffers, decoders, amplifiers and so forth. In addition, the audio processor 9130 is also coupled to the central processor 9100, thereby enabling recording locally through the microphone 9132 and enabling locally stored sounds to be played through the speaker 9131.

An embodiment of the present invention further provides a computer-readable storage medium capable of implementing all the steps in the blockchain transaction processing method in the above embodiment, where the computer-readable storage medium stores thereon a computer program, and when the computer program is executed by a processor, the computer program implements all the steps of the blockchain transaction processing method in the above embodiment.

As can be seen from the above description, embodiments of the present invention provide a computer-readable storage medium that enables a counterparty to autonomously anchor any number of participants during a transaction, form a loosely coupled transaction circle, and ensure that a transaction consensus limit is performed within the scope of the loosely coupled transaction circle through the interaction of loosely coupled smart contracts and application-level smart contracts. The method improves the autonomy and the consensus efficiency of the transaction party, supports the node to which the transaction party belongs to authenticate multiple transactions generated by a plurality of loosely coupled transaction circles through the loosely coupled Hash indexes in the enhanced block, and promotes the safety and the efficiency of the transactions.

As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (devices), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

The principle and the implementation mode of the invention are explained by applying specific embodiments in the invention, and the description of the embodiments is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims

1. A method for access authorization of a blockchain, comprising:

2. The access authorization method according to claim 1, characterized in that the transaction information access request further comprises security authentication information;

3. The access authorization method according to claim 1, further comprising:

4. The access authorization method according to claim 3, characterized in that establishing a loosely coupled transaction circle and uniquely identifying the corresponding loosely coupled transaction circle with a version number comprises:

5. The access authorization method according to claim 4, characterized in that the loosely coupled transaction request further comprises transaction node address information; each transaction node judges whether the transaction node is a node in a loose coupling transaction circle according to the received loose coupling transaction request, and the method comprises the following steps:

6. The access authorization method according to claim 2, characterized in that each consensus node corresponds to a node unique identifier; the generating an attribute key according to the attribute information includes:

7. A method for access authorization of a blockchain, comprising:

8. A method for granting access to a blockchain, comprising:

9. A block chain common-identity accounting node, comprising:

10. An access node of a blockchain, comprising:

11. A system for granting access to a blockchain, comprising: the method comprises the steps of identifying a bookkeeping node and an access node;

12. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method for access authorization of a block chain according to any of claims 1 to 8 when executing the program.

13. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out a method for access authorization of a block chain according to any one of claims 1 to 8.