CN112636926B - Signature processing method and device and electronic equipment - Google Patents

Signature processing method and device and electronic equipment Download PDF

Info

Publication number
CN112636926B
CN112636926B CN202011556916.7A CN202011556916A CN112636926B CN 112636926 B CN112636926 B CN 112636926B CN 202011556916 A CN202011556916 A CN 202011556916A CN 112636926 B CN112636926 B CN 112636926B
Authority
CN
China
Prior art keywords
node
signature
fragment
group
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011556916.7A
Other languages
Chinese (zh)
Other versions
CN112636926A (en
Inventor
王挺
赖奕宇
曹崇瑞
杜茂兵
王康
徐昊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Netease Hangzhou Network Co Ltd
Original Assignee
Netease Hangzhou Network Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Netease Hangzhou Network Co Ltd filed Critical Netease Hangzhou Network Co Ltd
Priority to CN202011556916.7A priority Critical patent/CN112636926B/en
Publication of CN112636926A publication Critical patent/CN112636926A/en
Application granted granted Critical
Publication of CN112636926B publication Critical patent/CN112636926B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a signature processing method and device and electronic equipment. Wherein, the method comprises the following steps: responding to an operation request of the user terminal for the signature, and analyzing a block group identifier and an operation type identifier from the operation request by a first node in the first fragment; the first node determines a target fragment corresponding to the block group identifier based on the corresponding relation; and triggering at least one target node in the target fragment to respectively execute the operation corresponding to the operation type identifier, and respectively returning the operation result to the user terminal by the at least one target node. In the method, the signature platform is fragmented in advance, the fragmented nodes process the operation corresponding to the user operation type identifier, and a plurality of nodes of one fragment can process different operations of the same block group, so that the aim of parallel processing is fulfilled, the efficiency and performance of the whole signature process can be improved, and the signature experience of a user is improved.

Description

Signature processing method and device and electronic equipment
Technical Field
The present invention relates to the field of block chain technologies, and in particular, to a signature processing method and apparatus, and an electronic device.
Background
And the signature platform, the client service platform and the block chain platform in the block chain are sequentially in communication connection. The client service platform can be used for calling the signature service from the signature platform and uploading the service to the block chain platform, the signature platform is a single-point platform, and the block chain platform comprises services such as anonymous voting, anonymous certificate storage, anonymous auction and anonymous transaction. The following disadvantages exist in the process of performing the signature service:
(1) before the group of the signature service is created, a linear pair needs to be initialized to generate a linear parameter, a bilinear group pair is generated through the linear parameter, and the bilinear group pair needs to be calculated through the linear parameter generated when the group is created before the steps of member adding, signature verification and certificate opening. The initialization of linear parameters and the bilinear group pairing process involve a series of calculations, and as the signature platform is a single-point platform, any operation of any group under a single node can only be operated in a serial single-thread mode, so that the whole process efficiency and the performance of group signature are low.
(2) Group/ring creation, group/ring member joining, group/ring signature, group/ring verification signature, and group opening signature require a series of mathematical formula calculations, which are time-consuming and not easy to simplify, and cannot improve the operational TPS (Transactions Per Second, system throughput) in a standalone environment (i.e., a single-point platform). Meanwhile, the system frequently performs operations of signing, signature verification and signature group opening, and the more frequent the operation times, the system performance is linearly reduced; therefore, the signature experience of the user is seriously influenced by the low single-machine operation performance.
(3) In a signature platform node, a group owner private key, a group private message and a group member private key; the private key of the ring member relates to the security problem, cannot be revealed to the user, and only the signature platform can persist by itself, so that the user cannot carry the group/ring parameters, the member parameters and the like to different signature nodes for signature and other operations by itself, and further the performance is low.
(4) The local storage of the group linear parameters, the group/ring parameters and the member parameters has a single-point problem, and data loss is easily caused by various reasons such as disk damage and the like.
Disclosure of Invention
In view of this, the present invention provides a signature processing method, a signature processing apparatus, and an electronic device, so as to improve the efficiency and performance of the whole process of signature and increase the signature experience of a user.
In a first aspect, an embodiment of the present invention provides a signature processing method, where a signature platform executes operations in a group signature or ring signature application process, where the signature platform includes multiple fragments, each fragment includes multiple nodes, and the nodes store a correspondence between block groups and the fragments in advance, and each block group is a group or a ring group; the method comprises the following steps: responding to an operation request of the user terminal for the signature, and analyzing a block group identifier and an operation type identifier from the operation request by a first node in the first fragment; the first fragment is any one of a plurality of fragments, and the first node is any one of a plurality of nodes contained in the first fragment; the first node determines a target fragment corresponding to the block group identifier based on the corresponding relation; and triggering at least one target node in the target fragment to respectively execute the operation corresponding to the operation type identifier, and respectively returning the operation result to the user terminal by the at least one target node.
In a preferred embodiment of the present invention, the step of triggering at least one target node in the target segment to respectively execute the operation corresponding to the operation type identifier includes: judging whether the first fragment is a target fragment or not; if yes, at least one target node of the first fragment executes the operation corresponding to the operation type identifier respectively; wherein at least one target node of the first segment comprises the first segment; if not, the first node forwards the operation request to at least one target node in the target fragment, and at least one trigger target node executes the operation corresponding to the operation type identifier.
In a preferred embodiment of the present invention, the step of forwarding, by the first node, the operation request to at least one target node in the target segment includes: the first node determines at least one target node based on the load of the nodes in the target fragment; the first node forwards the operation request to at least one target node.
In a preferred embodiment of the present invention, the step of the first node determining at least one target node based on the load of the nodes in the target segment includes: the first node randomly selects a second node from nodes in the target fragment; judging whether the load of the second node is greater than a preset load threshold value or not; if the load of the second node is less than or equal to the load threshold, taking the second node as a target node; and if the load of the second node is greater than the load threshold, randomly selecting at least one target node from the nodes of which the load contained in the target fragment is less than or equal to the preset load threshold.
In a preferred embodiment of the present invention, the step of the first node determining, based on the correspondence, a target segment corresponding to the block group identifier includes: the first node performs preset Hash calculation on the block group identification to obtain a Hash calculation result; the first node takes the hash settlement result for the number of the fragments included by the signature platform to obtain a residue taking calculation result; and the first node determines a target fragment corresponding to the remainder calculation result based on the corresponding relation.
In a preferred embodiment of the present invention, the above-mentioned fragmented nodes pre-store signature parameters of the block groups; the step of executing the operation corresponding to the operation type identifier by the at least one target node includes: and at least one target node acquires the signature parameters and executes the operation corresponding to the operation type identification based on the signature parameters.
In a preferred embodiment of the present invention, the operation type identifier includes: a signature generation operation identifier, a signature verification identifier, or a certificate opening identifier.
In a preferred embodiment of the present invention, the method further includes: a plurality of shards is established in a signature platform.
In a preferred embodiment of the present invention, the step of establishing a plurality of fragments in the signature platform includes: acquiring addresses of nodes in the fragments and numbers of the nodes in the fragments; and taking the node with the largest number in the fragments as a main node of the fragments.
In a preferred embodiment of the present invention, after the step of establishing a plurality of fragments in the signature platform, the method further includes: the third node of the designated fragment responds to the block group creation request of the user terminal and creates a block group in the designated fragment; wherein the designated fragment comprises a distributed lock; the distributed lock represents that the number of nodes which simultaneously create block groups in the designated fragment is 1.
In a preferred embodiment of the present invention, the step of creating a group of blocks in a designated fragment includes: the third node generates a signature parameter of the block group based on the block group creation request; the third node sends the signature parameters to the main node of the designated fragment; and the designated fragmented master node sends the signature parameters and the fragmented transaction log of the master node to other nodes except the master node and the third node in the designated fragment.
In a preferred embodiment of the present invention, after the step of creating the group of blocks in the designated fragment, the method further includes: and the third node generates a creation result of the block group and sends the creation result to the user terminal.
In a preferred embodiment of the present invention, after the step of creating the group of blocks in the designated fragment, the method further includes: and the fourth node of the designated fragment responds to the member adding request of the user terminal and adds the designated member in the block group.
In a preferred embodiment of the present invention, the nodes in the fragment record fragment transactions through a fragment transaction log; the method further comprises the following steps: if the main node in the fragment breaks communication, the node with the largest log number recorded by the fragment transaction log in the fragment is taken as the main node; and if the fifth node except the main node in the fragment breaks communication, the main node sends the stored signature parameters and the fragment transaction log to the fifth node.
In a second aspect, an embodiment of the present invention further provides a signature processing apparatus, which executes an operation in a group signature or ring signature application process through a signature platform, where the signature platform includes a plurality of fragments, each fragment includes a plurality of nodes, and each node stores a correspondence between a block group and the fragment in advance, and the block group is a group or a ring group; the device comprises: the operation request analysis module is used for responding to an operation request of the user terminal aiming at the signature, and a first node in the first fragment analyzes the block group identifier and the operation type identifier from the operation request; the first fragment is any one of a plurality of fragments, and the first node is any one of a plurality of nodes contained in the first fragment; the target fragment determining module is used for determining a target fragment corresponding to the block group identifier by the first node based on the corresponding relation; and the target node execution module is used for triggering at least one target node in the target fragment to respectively execute the operation corresponding to the operation type identifier, and the at least one target node respectively returns the operation result to the user terminal.
In a third aspect, an embodiment of the present invention further provides an electronic device, which includes a processor and a memory, where the memory stores computer-executable instructions that can be executed by the processor, and the processor executes the computer-executable instructions to implement the steps of the signature processing method described above.
In a fourth aspect, the embodiments of the present invention also provide a computer-readable storage medium, in which computer-executable instructions are stored, and when the computer-executable instructions are called and executed by a processor, the computer-executable instructions cause the processor to implement the steps of the signature processing method described above.
The embodiment of the invention has the following beneficial effects:
in the signature processing method, the signature processing device, and the electronic device provided by the embodiments of the present invention, a first node in a first segment may respond to an operation request of a user terminal in a segment manner, determine a target segment of a block group identifier after parsing out a block group identifier and an operation type identifier, execute an operation corresponding to the operation type identifier by a target node of the target segment, and return an operation result to the user terminal by the target node. In the method, the signature platform is fragmented in advance, the fragmented nodes process the operation corresponding to the user operation type identifier, and a plurality of nodes of one fragment can process different operations of the same block group, so that the aim of parallel processing is fulfilled, the efficiency and performance of the whole signature process can be improved, and the signature experience of a user is improved.
Additional features and advantages of the disclosure will be set forth in the description which follows, or in part may be learned by the practice of the above-described techniques of the disclosure, or may be learned by practice of the disclosure.
In order to make the aforementioned objects, features and advantages of the present disclosure more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a schematic diagram of a signature scheme in a block chain according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a signature platform and a fragment signature platform according to an embodiment of the present invention;
fig. 3 is a flowchart of a signature processing method according to an embodiment of the present invention;
fig. 4 is a flowchart of another signature processing method according to an embodiment of the present invention;
fig. 5 is a schematic diagram of an anonymous credential storage scheme provided by an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a signature processing apparatus according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of another signature processing apparatus according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Currently, signature schemes in blockchains include group signatures and ring signatures. Among other things, a group signature scheme allows any group member to be anonymously signed using group parameters without revealing the identity of the user and with regulatory authority. There is no correlation between the signature and the group members in the group signature scheme and it is not possible to decide whether two different group signatures come from the same signer. A group signature typically consists of the following steps:
1. linear parameter initialization, before group creation, linear parameters need to be initialized, and the main flow comprises: first, the linear pairs are initialized with different linear pairs, generating group linearity parameters (pbc _ param), and the group linearity parameters are persisted, and then the bilinear group pairings are initialized with the linearity parameters. Where the linear pair introduces:
the linear pair includes: type A, Type A1, Type D, Type E, Type F, Type G, the security of different types, efficiency difference. Type a linear pairs are currently less secure and type F linear pairs can be used.
The type A linear pair construction formula: y is2=x3+ x construction at FqSome prime numbers q 3mod4 all
Figure GDA0003577752070000071
And
Figure GDA0003577752070000072
is constructed at E (F)q)。
Construction of class B Linear pairs: a general curve with an embedding degree of 6 is constructed, the order of which is a prime number or a prime number multiplied by a small constant.
Class F linear pair: using elaborate polynomials, one can construct k-12 pairings. Representing one set of elements requiring only 160 bits and the other set requiring 320 bits. Also, the embedding degree k-12 allows for a higher security short signature. (k-6 curves cannot be used to extend security from 160 bits to 256 bits because limited field attacks are sub-exponential.
2. Group creation: inputting a group name parameter (group _ name), firstly, a user executes a first step of operation, and then generating a group private key (gmsk _ info) (which cannot be revealed), a group public key (gpk _ info) and private information (gamma) (which cannot be revealed) through bilinear group pairing; while locally persisting the group parameters.
3. Inputting a group name (group _ name) and a member name (member _ name), and interactively generating a user private key (gsk _ info) (which cannot be revealed) and a certificate (cert) by reading a linear parameter (pbc _ param), a group private key (gsk _ info) and group private information (gamma); becomes a member of the group and persists as membership parameters, where the certificate can be published.
4. Signature, namely inputting a signature msg, a group name parameter (group _ name) and a member name (member _ name), reading a local linear parameter (pbc _ param), a group owner public key (gpk _ info) and a member private key (gsk _ info) to sign the message (msg), and generating signature data (sign).
5. And (4) signature verification, namely inputting a signature (sign) and signature data (msg), reading a local linear pairing parameter (pbc _ param) and a group owner public key (gpk _ info), and verifying whether the signature is valid.
6. And (4) opening a signature, namely inputting a signature (sign), signature data (msg), a group name (group _ name), reading a local linear pairing parameter (pbc _ param), a group owner private key (gmsk _ info) and signature data to open a certificate (cert) of the user, so that the identity of the user can be determined through the certificate.
A ring signature scheme allows any ring member to be anonymously signed using group parameters without revealing the identity of the user and without being policeable. In the ring signature scheme, the signature is completed once through the assistance of ring members, and a signer cannot be deduced from any signature once. A ring signature generally consists of the following steps:
1. and (3) generating a ring: inputting a ring name (ring _ name), generating a ring parameter (ring _ param _ info) through a ring signature algorithm such as LSAG, and persisting the ring parameter.
2. The method comprises the steps of adding a member, inputting a ring name (ring _ name), randomly generating a private key (private _ key) and a public key (public _ key) of the member through a ring parameter (ring _ param _ info) read locally, sequentially increasing the position (pos) of the member in a ring (private _ key) and storing the private key (private _ key), the public key (public _ key), the position (pos) of the member and the total number (member _ count).
3. Ring signature: the method comprises the steps of inputting a signature (msg), member positions (pos), the number of public key lists (member _ num), ring names (ring _ name), signing a specified message (msg) by reading a private key (private _ key) of a certain member in a ring, a public key list (public _ key _ list) of a certain number (member _ num) of members in the ring and a ring parameter (ring _ param _ info), and returning signature data (sign).
4. And (3) signature verification: inputting a signature (msg), signature data (sign), a ring name (ring _ name), reading a ring parameter (ring _ param _ info), and verifying whether the signature is valid.
Referring to fig. 1, a schematic diagram of a signature scheme in a blockchain is shown, in which a signature platform is a single-point platform; the customer service is used for signature service calling, business chaining and other functions; the block chain platform comprises various services, and a local signature library can be called for signature verification when the user signs to chain. The main application scenarios of the above platform are as follows: anonymous voting, anonymous credentialing, anonymous auctions, anonymous transactions, and the like. The core steps of the platform are as follows:
1. and starting the stand-alone signature node.
2. The user will operate at the signing node: group/ring creation, group/ring member joining.
3. The user may deploy intelligent contracts on the blockchain platform.
4. The user uploads a message (msg) (wherein the message can be a message such as voting, certificate storing, auction and the like) to a signature platform, a signature (group signature or ring signature) is completed at a signature node, and then signature data (sig) and a signature plaintext (msg) are linked up, so that the purpose of hiding the user identity is achieved. If the signature is a group signature, the signature platform returns a group linear parameter (pbc _ param) and a group owner public key (gpk _ info) to the user uplink; if the ring signature is present, the signature platform returns a ring parameter (ring _ param _ info) to the user uplink. (user signatures are also the most frequent operations in the signature platform). The signature (sign) and the message (msg) generated in the step can call a signature verification interface at the signature node if necessary to perform secondary verification, so as to ensure that the uplink data is valid.
5. And (3) the user uplinks the signature (sign) and the message (msg), the block chain platform verifies the signature, and the uplink data validity is verified by calling a local signature library (sign _ lib), so that the uplink is completed. The verification of the signature is the process of the 5 th step of the group signature and the 4 th step of the ring signature.
6. In a group signature scene, a user certificate can be monitored, a user downloads a signature (sign) and original text data (msg) on a chain through a block chain platform, and a signature node is called to execute a6 th step of group signature to verify the user certificate.
Because the signature platform in the block chain is a single-point platform, any operation of any group under a single node can only run in a serial single thread mode, and because the Processing capacity of a Central Processing Unit (CPU) of a single-machine environment machine is limited, when a group is operated in a multi-thread mode, the complex calculation of group/ring operation leads the calculation capacity to be only provided for limited requests, and further the throughput capacity of the system is reduced.
Based on this, the signature processing method, the signature processing device and the electronic device provided by the embodiment of the invention can be applied to devices which can realize human-computer interaction, such as a server, a client, a computer, a mobile phone, a tablet computer and the like, and are particularly suitable for a signature platform of a block chain.
For the convenience of understanding the present embodiment, a detailed description will be given to a signature processing method disclosed in the present embodiment.
The embodiment provides a signature processing method, which executes an operation in a group signature or ring signature application process through a signature platform, wherein the signature platform includes a plurality of fragments, each fragment includes a plurality of nodes, and each node stores a corresponding relationship between a block group and the fragment in advance, and the block group is a group or a ring group.
Referring to fig. 2, which is a schematic diagram of a signature platform and a fragment signature platform, the signature platform in fig. 2(a) is a single-point platform, that is, a platform operating on a single machine, and all group/ring related computations are operated on a single machine, so that the linear pairing process cannot be performed in parallel or in a fragment manner. In the segment signature platform in fig. 2(b), the signature platform may be divided into a plurality of segments, and each segment includes a plurality of nodes. The corresponding relation between the block groups and the fragments is stored in each node. The block group is a group or a ring group, the group is a member group of the group signature, and the ring group is a member group of the ring signature.
Based on the above description, referring to the flowchart of a signature processing method shown in fig. 3, the signature processing method includes the following steps:
step S302, responding to an operation request of a user terminal aiming at a signature, a first node in a first fragment analyzes a block group identifier and an operation type identifier from the operation request; the first fragment is any one of a plurality of fragments, and the first node is any one of a plurality of nodes contained in the first fragment.
The first shard may be any one of the random shards in the signature platform, and the first node may be any one of the random nodes in the first shard. The user terminal can be a mobile phone, a computer, a platform computer and other equipment which is in communication connection with the signature platform and has an interaction function. The user terminal may randomly communicate with the nodes of the signature platform.
If the user terminal sends the operation request to the first node in the first segment, the first node may respond to the operation request and analyze the block group identifier and the operation type identifier included in the operation request. The group identifier can be used to indicate the group of the user terminal, and the operation type identifier can ensure the operation that the user terminal wants to perform. For example: the operation type identification comprises: and the signature generation operation identifier, the signature verification identifier or the certificate opening identifier respectively ensure that the user terminal wants to perform signature generation operation, signature verification operation or certificate opening operation.
Step S304, the first node determines a target segment corresponding to the block group identifier based on the correspondence.
The group of blocks may be established in advance in the signature platform, where the group of blocks is established in one partition, that is, the operation of the group of blocks may be performed by the partition, which is the target partition of the group of blocks. Therefore, the first fragment analyzes the block group identifier, each node stores the corresponding relationship between the block group and the fragment in advance, and the target fragment corresponding to the block group identifier can be determined according to the corresponding relationship, and then the target fragment performs the corresponding operation.
The correspondence may be created and modified by an administrator of the signature platform, where one segment may correspond to multiple block groups, and one block group may also correspond to multiple segments. For example: slice a corresponds to block group x and block group y, and both operations of block group x and block group y can be performed by slice a. And both the partition B and the partition C correspond to the partition group z, and the operation of the partition group z can be executed by the partition B and the partition C in parallel.
Step S306, triggering the target nodes in at least one target fragment to respectively execute the operation corresponding to the operation type identifier, and respectively returning the operation result to the user terminal by at least one target node.
After the first node determines the target node, the operation request may be sent to at least one target node, the at least one target node executes the operation corresponding to the operation type identifier, and the at least one target node returns the operation result to the user terminal, so as to implement the fragment processing and the parallel processing of the operation request.
In the signature processing method provided by the embodiment of the present invention, a first node in a first fragment may respond to an operation request of a user terminal in a fragment manner, and after a block group identifier and an operation type identifier are analyzed, a target fragment of the block group identifier is determined, and a target node of the target fragment executes an operation corresponding to the operation type identifier, and returns an operation result to the user terminal. In the method, the signature platform is fragmented in advance, the fragmented nodes process the operation corresponding to the user operation type identifier, and a plurality of nodes of one fragment can process different operations of the same block group, so that the aim of parallel processing is fulfilled, the efficiency and performance of the whole signature process can be improved, and the signature experience of a user is improved.
The embodiment provides another signature processing method, which is implemented on the basis of the above embodiment; this embodiment mainly describes a specific implementation manner in which the first node triggers the target node in the target segment to execute the operation corresponding to the operation type identifier. Referring to a flowchart of another signature processing method shown in fig. 4, the signature processing method in the present embodiment includes the following steps:
step S402, responding to the operation request of the user terminal aiming at the signature, a first node in the first fragment analyzes a block group identifier and an operation type identifier from the operation request; the first fragment is any one of a plurality of fragments, and the first node is any one of a plurality of nodes contained in the first fragment.
In this embodiment, a concept of fragmentation is introduced into a signature platform, and the core steps include: determining cluster fragmentation parameters, fragmentation positioning, fragmentation data storage, fragmentation calculation, fragmentation load calculation and fragmentation assisted calculation. A plurality of fragments may be first established in the signature platform, and a group of fragments may be established in the fragment, and therefore, the method further includes: a plurality of shards is established in a signature platform.
The execution subject of the step of establishing the shards is the signature platform. When the fragments are established, all fragments in the signature platform and all nodes in the fragments need to be numbered, and a master node (i.e. master node) is selected, which can be used for data synchronization. Thus, multiple shards can be built in a signature platform by: acquiring addresses of nodes in the fragments and serial numbers of the nodes in the fragments; and taking the node with the largest number in the fragments as a main node of the fragments.
Specifically, the signature platform may be first divided into N pieces, each of which is M machines; each slice is identified and processed separately. For example, the signature platform has 9 nodes, 3 segments, and 3 machines per segment; such as 6 machines, 2 slices, 3 calculated patterns per machine for the signature platform.
After the number of machines and the number of fragments are determined, the fragment number and the node number of each signature node can be determined (the node numbers can be sequentially increased). For example, slice 1 has 3 nodes, then { [ fragId:1, indexId:1], [ fragId:1, indexId:2], [ fragId:1, indexId:3] }; slice 2 has 3 nodes, then { [ fragId:2, indexId:4], [ fragId:2, indexId:5], [ fragId:2, indexId:6 }. Meanwhile, each node is configured with a node address list of each fragment and all the addresses of other fragmented nodes.
When the master node is determined, the nodes of each fragment are respectively started, and the node with the largest number of the elected nodes of each fragment can be the master node in the fragment when the node is started for the first time. Besides, the master node in the segment may also be selected in other manners, which is not described herein again. The master node can be determined by adopting a custom convention rule of a user, and the node with the largest number is selected to be a simpler scheme.
After slicing a signature platform, a group of blocks may be established in a given slice by: the third node of the designated fragment responds to the block group creation request of the user terminal and creates a block group in the designated fragment; wherein the designated fragment comprises a distributed lock; the distributed lock representation specifies that the number of nodes simultaneously creating a group of blocks in a shard is 1.
Establishing a block group can also be called a group creation process, a user terminal can randomly hit a block group creation request to any node (namely a third node) of a designated fragment of a signature platform, the third node hashes a group name (groupName) and takes the remainder of the fragment (hash (groupName)% fragCount) to obtain a designated fragment fragId; at this time, if the fragment fragId is not the fragment Id of the node, the request is forwarded to a random node in the corresponding fragment to create a group, and this process is fragment positioning. If the ring signature is the ring signature, the ring name (ringName) is used for fragment positioning.
The reference pseudo code is as follows:
Figure GDA0003577752070000131
Figure GDA0003577752070000141
for example: getFrag ("group1",3)// group name group1, shards 3, result 1.
After the node positioning is finished, the group is established in one node in the appointed fragment to carry out the establishing process of the group; a concurrency problem is involved in that clusters of the same name may be created multiple times at different nodes, so that creation is performed with the addition of distributed locks.
Under a high concurrency request, a user creates and joins members of the same group, transactions can be sent to different nodes of the same fragment, different nodes process the request at the same time, and if a distributed lock does not exist, a plurality of results can exist, so that data confusion is caused. The purpose of distributed locks is to ensure data consistency in high concurrency scenarios. The following is the service pseudo code that creates the group:
Figure GDA0003577752070000142
Figure GDA0003577752070000151
Figure GDA0003577752070000161
the group creation involves data storage that generates linear parameters and group parameters (the linear parameters and the group parameters belong to signature parameters), and the master node in this implementation may send the signature parameters of other nodes to all nodes of the segment, and perform data submission of two-phase submission at each node of the current segment. May be performed by: the third node generates a signature parameter of the block group based on the block group creation request; the third node sends the signature parameters to the main node of the designated fragment; and the designated fragmented master node sends the signature parameters and the fragmented transaction log of the master node to other nodes except the master node and the third node in the designated fragments.
The method comprises the following specific steps: 1. firstly, the current node (namely, the third node) initiates a transaction request for storing the linear parameters to the master node, and if the master node is the third node, the transaction request is sent to the third node. And 2, after the master node receives the transaction request, setting the transaction ID (processID) marked by the current transaction request in continuous increment. The master node forwards the transaction pre request to all other nodes in the fragment. 4. After writing the transaction request into the transaction log (provedLog), the respective node returns the state that the master is successful. And 5, after receiving the state that more than half of nodes successfully store, the master node initiates a commit request. 6. Each node receives the commit request, and stores the linear parameters (kv structure storage group name: linear parameters pbc _ param) of the local storage group, wherein the storage database can be leveldb; finally, each node updates the transaction number of the currently stored transaction log to the local maximum transaction number (maxProposedId). 7. At this time, after the current node finishes data storage, the next operation can be carried out.
And meanwhile, the storage of the group public key and the group private key is designed in the group creation, the storage process of the group parameters is consistent with the storage process, and finally the group public key and the group private key are written into the transaction log and kv data of the group public key and the group private key of the local database. If the ring is created, two-stage storage of the ring parameters is carried out. The following is pseudo code for a two-phase storage data reference:
Figure GDA0003577752070000171
Figure GDA0003577752070000181
after completing the group creation and the group linear parameter and group parameter storage in the two stages, the third node may return the user creation result through the following steps: and the third node generates a creation result of the block group and sends the creation result to the user terminal.
After the group creation related operation is completed, members may be added to the created group of blocks, for example: and the fourth node of the designated fragment responds to the member adding request of the user terminal and adds the designated member in the block group. The fourth node and the third node belong to the same segment (i.e., the designated segment), and the third node and the fourth node may be the same node or different nodes.
When adding group members, the same fragmentation positioning is carried out, and the group members join the storage concurrency problem related to the member data, so that the distributed lock is also added to the group. Member joining involves reading the group linear parameters, so the current node only needs to read directly from the local node according to the group name. And then, storing the private key and the certificate of the member, and similarly, storing data to each node by adopting the two-stage submission mode and returning a user joining result. If the ring member joins, the ring member parameters and the ring member position information are stored in two stages.
The method provided by the embodiment of the invention can perform fragmentation processing on the signature platform, set the main node in the designated fragments, create the block group in the designated fragments, add members after the block group is created, and perform data synchronization through the main node. By the mode, the fragmentation operation of the signature platform can be completed, so that the members of each block group are in the same fragment, and the nodes of the same fragment process the operation of different members of one block group, thereby realizing the parallel processing of the operation and improving the operation processing speed.
Step S404, the first node determines a target segment corresponding to the block group identifier based on the correspondence.
And the step of determining the target fragment is essentially to perform fragment positioning and execute signing, signature verification or certificate opening operation through the positioned target fragment. Specifically, the target segment may be determined by performing a preset hash operation remainder on the chunk group identifier, for example: the first node performs preset Hash calculation on the block group identification to obtain a Hash calculation result; the first node takes the hash settlement result for the number of the fragments included by the signature platform to obtain a residue taking calculation result; and the first node determines a target fragment corresponding to the remainder calculation result based on the corresponding relation.
It should be noted that, the manner of the hash calculation and the manner of performing the region may be the same as or similar to the manner described in step S402, and are not described herein again. In terms of distance, the block group is identified as: the grouptest, fragCount is 5, and the hash calculation result of the sha-1 algorithm is: ecb98ec52937b32fac5bfde430aa6db333ae1380, the residue taking calculation result of residue taking for hash% 5 is 2, and the target fragment is fragment 2. The purpose of hashing and taking the remainder of the shards is to ensure that the same group/ring request is hit to the same shard through a certain mechanism.
Step S406, determine whether the first segment is the target segment. If yes, go to step S408; if not, step S410 is performed.
If the first fragment to which the first node belongs is the target fragment, the first node can be used as the target node to execute the operation corresponding to the operation type identifier; and if the first fragment to which the first node belongs is not the target fragment, the target node of the target fragment is required to execute the operation corresponding to the operation type identifier.
Step S408, at least one target node of the first fragment executes the operation corresponding to the operation type identifier; wherein at least one target node of the first shard comprises the first shard.
Besides the first node serving as the target node to execute the operation corresponding to the operation type identifier, other nodes of the first segment serving as the target node may execute the operation corresponding to the operation type identifier. Generally, the load of the first segment may be monitored, and if the load of the first node is higher than a preset load threshold, the other nodes of the first segment may be used as target nodes to perform operations corresponding to the operation type identifiers.
When the target node executes the operation corresponding to the operation type identifier, the group linear parameter, the group parameter and the user parameter can be acquired, and the most time-consuming signing/signature verification/certificate opening operation is executed. Since the storage of data is not involved, a distributed lock is not required to be added, and a user can operate at any one node, so that the performance of any one group can be improved by N times if N nodes exist for the operation of any one group. Furthermore, because different fragments do not store data of other fragments, different groups are dispersed in group operation of different fragment nodes, so that the fragments are not interfered with each other, the data security between the fragments is ensured, and the capability of multi-fragment parallel computing is also achieved.
Step S410, the first node forwards the operation request to at least one target node in the target segment, so as to trigger the at least one target node to execute the operation corresponding to the operation type identifier.
If the first fragment is not the target fragment, the first node needs to forward the operation request to the target node in the target fragment, and may forward the operation request according to the load level of the node of the target fragment, for example: the first node determines at least one target node based on the load of the nodes in the target fragment; the first node forwards the operation request to at least one target node.
The target node may be determined by: the first node randomly selects a second node from the nodes in the target fragment; judging whether the load of the second node is greater than a preset load threshold value or not; if the load of the second node is less than or equal to the load threshold, taking the second node as a target node; and if the load of the second node is greater than the load threshold, randomly selecting at least one target node from the nodes of which the load contained in the target fragment is less than or equal to the preset load threshold.
Each fragment node can start load monitoring of the local machine, each node sends load data to a fragment master node at regular time, and the master node counts the average load data of all nodes of the current fragment to calculate the load. And then, the average load of the current fragment is distributed to each node of the signature platform, and each node can know the load condition of any fragment.
The first node can randomly select a second node from the target fragment, and if the load of the second node meets the requirement (namely, is less than or equal to the load threshold), the second node can be taken as the target node; if the load of the second node is not satisfactory (i.e. greater than the load threshold), the target node may be randomly selected from the nodes with a load less than or equal to the preset load threshold in the target segment.
At this time, the operations of signing, verifying, signing and opening the certificate are performed, and if the current fragmentation node finds that the self fragmentation load is too high. Through calculation of loads and forwarding of requests, the capacity of assisting calculation of all nodes in the cluster is achieved, the fragment calculation capacity is further improved, and the problem of linear performance reduction when signature operation is frequent is solved. The group signature fragment computation pseudocode may be:
Figure GDA0003577752070000211
Figure GDA0003577752070000221
after selecting the target node, the target node may first read the pre-stored signature parameters of the group of blocks, such as the group linear parameter, the group parameter, the member parameter, and the like, and then execute the operation corresponding to the operation type identifier. For example: and at least one target node acquires the signature parameters and executes the operation corresponding to the operation type identification based on the signature parameters.
The signature parameters are required for executing the operation corresponding to the operation type identifier, so that at least one target node can read the pre-stored signature parameters and respectively execute the operation corresponding to the operation type identifier based on the read signature parameters.
Step S412, at least one target node returns the operation result to the user terminal.
No matter whether the node executing the operation corresponding to the operation type identifier is the target node or not, the target node can finally return the operation result to the user terminal. For example, if the target sharded node finds that its sharded load is too high. Then, at this time, the target node reads out parameters such as group linear parameters, group parameters, member parameters, and the like from the local node, and forwards the request to other nodes with lower loads for assisted calculation (only calculation and no data storage). And after other nodes complete the most time-consuming calculation operation, returning the result to the forwarded target node, and then returning the result to the user by the target node.
In the above process, if a certain node of the fragment is disconnected from communication, loses data or adds data later, all transaction requests can be replayed locally by downloading the transaction logs from nearby nodes through the current fragment transaction log and the maximum transaction number (promosedid), and data can be recovered quickly to maintain data consistency. For example, the above method further comprises: if the main node in the fragment breaks communication, the node with the largest log number recorded by the fragment transaction log in the fragment is taken as the main node; and if the fifth node except the main node in the fragment breaks communication, the main node sends the stored signature parameters and the fragment transaction log to the fifth node.
Meanwhile, if the master node of the current fragment is hung, the fragment node can judge the maximum transaction ID (disposedID) of the node, judge the maximum fragment ID again, determine that the larger is a new master, and perform data synchronization by using the new master node. Thereby further solving the single point problem of data loss.
For example, a slice has 3 nodes { [ fragId:1, indexId:1], [ fragId:1, indexId:2], [ fragId:1, indexId:3 }. Node 1 maximum transaction ID: 11000, node 2 maximum transaction ID is 1000, node 3 Master maximum transaction ID is 11000. The node 2 is restarted after being hung for various reasons, and the node 2 acquires the current maximum transaction Id number from the node 3(master node) and compares the current maximum transaction Id number with the local maximum transaction number. Node 2 finds that the local transaction is 10000 times behind the other nodes. The transaction node 2 downloads the transaction logs from 1001 to 10000 of the node 3 in sequence, stores each transaction log in turn in sequence and updates a local leveldb database; the synchronization of the data is completed.
For another example, a slice has 3 nodes { [ fragId:1, indexId:1], [ fragId:1, indexId:2], [ fragId:1, indexId:3 }. Node 1 maximum transaction ID: 11000, node 2 maximum transaction ID is 11000, node 3 Master maximum transaction ID is 11000. Node 3 hangs up for various reasons and the cluster loses the master node. At this time, the node 1 and the node 2 firstly judge the maximum transaction ID of the cluster, find that the two are consistent, judge the node number again, find that the node 2 number is greater than the node 1, and at this time, the node 1 and the node 2 elect the node 2 to be a new master node. Node 1 and node 2 can now make two-phase transaction requests. At the same time node 3 has later restarted, node 3 performs data synchronization from the new master node 2.
Referring to fig. 5, a schematic diagram of an anonymous evidence saving scheme is shown, and fig. 5 illustrates the following whole process by taking an example of anonymous evidence saving as an example:
1. firstly, the signature node determines the fragment number (fragId) of the signature node, the node number (indexId), the fragment information of all nodes in the configured cluster, the node address of each fragment and rpc port information. The pseudo code may be as follows:
Figure GDA0003577752070000241
Figure GDA0003577752070000251
2. starting each signature node, firstly completing data synchronization through the transaction logs of the nearby nodes, and starting RPC service/fragment positioning/load calculation service.
3. And the service party creates a group/ring: the request of the service party is sent to a random fragmentation node, the fragmentation node carries out fragmentation positioning according to the group/ring name, and the request is redirected to any node of the appointed fragmentation.
4. And designating the creation of the fragment node group/ring, performing two-stage data storage on the group/ring parameters, and returning a user creation result.
5. The join process of group/ring members is performed in the same manner.
6. The service party deploys the intelligent contract of anonymous evidence at the block chain platform. Contract code is implemented with Solidty and will not be described again here.
7. The service party stores the data certificate, and before storing the certificate, the user identity needs to be hidden and group/ring signature is carried out. Randomly sending a signature request to a node A, and redirecting to a designated fragment node B through fragment positioning; the signature node B decides whether to sign locally according to the load condition of the self fragment: and if the load of the local node is low, locally reading the group/ring parameters and the member parameters for signature. If the current fragmentation load is too high, the node firstly locally reads the group/ring parameters and the member parameters, randomly selects a node C with lower load, takes the necessary parameters for signature, and calls the node C to execute signature calculation; the node C completes the signature calculation and returns the result to the node B; and finally, the node B returns the result to the service party.
8. And the service side performs signature verification when necessary: and the verification of the signature is completed according to the fragment positioning, the fragment load and the fragment calculation in the same way.
9. And the service party carries out chaining of the certificate storing data, a signature (sign) and the certificate storing data (msg) are chained, the block chain platform verifies the signature, and the chaining is completed by calling a local signature library (sign _ lib) to verify the validity of the chaining data. The verification of the signature is the process of the 5 th step of the group signature and the 4 th step of the ring signature.
10. In a group signature scene, a user certificate can be monitored, a group signature verification structure downloads a signature (sign) and original text storage certificate data (msg) on a chain through a block chain platform, a node of the signature platform for opening the certificate is called, and the identity verification of a signature user is completed by fragmentation positioning, fragmentation load and fragmentation calculation in the same way.
The method provided by the embodiment of the invention can cluster the whole group/ring related operation of the signature platform. The operation of different groups/rings can be performed parallel computation at different nodes of different fragments, so that the fragment computation is achieved, and the goal of data security is also achieved.
In the method, the linear pairing process of the cluster can be parallelized through cluster fragmentation calculation of the signature platform, and N nodes are equivalent to N threads which can perform parallel calculation. The group/ring signature, the group/ring verification signature and the group signature open certificate can be calculated at all nodes in the fragment, and further, the group/ring operation can be performed at all nodes in the cluster through the fragment load calculation, so that the problems of improving the linear performance of the fragment calculation and linearly reducing the anti-positive performance are solved. The method simultaneously stores the group linear parameters, the group parameters and the member parameters in a fragmentation mode, and solves the problems of single-point data and safety.
Corresponding to the above method embodiment, an embodiment of the present invention provides a signature processing apparatus, which executes an operation in a group signature or ring signature application process through a signature platform, where the signature platform includes a plurality of segments, each segment includes a plurality of nodes, and each node stores a correspondence between a block group and the segment, and the block groups are a group or a ring group. Fig. 6 is a schematic structural diagram of a signature processing apparatus, which includes:
an operation request parsing module 61, configured to, in response to an operation request for a signature of a user terminal, parse a block group identifier and an operation type identifier from the operation request by a first node in a first slice; the first fragment is any one of a plurality of fragments, and the first node is any one of a plurality of nodes contained in the first fragment;
a target fragment determining module 62, configured to determine, by the first node, a target fragment corresponding to the block group identifier based on the correspondence;
and the target node executing module 63 is configured to trigger at least one target node in the target segment to respectively execute the operation corresponding to the operation type identifier, and the at least one target node respectively returns the operation result to the user terminal.
In the signature processing apparatus provided in the embodiment of the present invention, a first node in a first segment may respond to an operation request of a user terminal in a segment manner, determine a target segment of a block group identifier after parsing out a block group identifier and an operation type identifier, execute an operation corresponding to the operation type identifier by a target node of the target segment, and return an operation result to the user terminal by the target node. In the method, the signature platform is fragmented in advance, the fragmented nodes process the operation corresponding to the user operation type identifier, and a plurality of nodes of one fragment can process different operations of the same block group, so that the aim of parallel processing is fulfilled, the efficiency and performance of the whole signature process can be improved, and the signature experience of a user is improved.
The target node execution module is configured to determine whether the first fragment is a target fragment; if so, the first node is used as a target node in the target fragment to execute the operation corresponding to the operation type identifier; if not, the first node forwards the operation request to a target node in the target fragment so as to trigger the target node to execute the operation corresponding to the operation type identifier.
The target node execution module is configured to determine, by the first node, a target node based on a load of a node in the target segment; the first node forwards the operation request to the target node.
The target node execution module is configured to randomly select a second node from nodes in the target fragment by the first node; if the load of the second node is smaller than or equal to a preset load threshold value, taking the second node as a target node; and if the load of the second node is greater than the preset load threshold, randomly selecting a target node from the nodes of which the load is less than or equal to the preset load threshold in the target fragment.
The target fragment determining module is used for the first node to perform preset hash calculation on the block group identifier to obtain a hash calculation result; the first node takes the hash settlement result for the number of the fragments included by the signature platform to obtain a residue taking calculation result; and the first node determines a target fragment corresponding to the remainder calculation result based on the corresponding relation.
The above-mentioned node of the fragmentation stores the signature parameter of the block group in advance; the target node execution module is configured to obtain the signature parameter by the target node, and execute an operation corresponding to the operation type identifier based on the signature parameter.
Referring to fig. 7, another schematic structural diagram of a signature processing apparatus includes a fragment creation module 64 connected to an operation request parsing module 61; the fragment establishing module is used for establishing a plurality of fragments in the signature platform.
The fragment establishing module is used for acquiring the addresses of the nodes in the fragments and the numbers of the nodes in the fragments; and taking the node with the largest number in the fragments as a main node of the fragments.
The fragment establishing module is further configured to enable a third node of the designated fragment to respond to a block group creation request of the user terminal and create a block group in the designated fragment; wherein the designated fragment comprises a distributed lock; the distributed lock represents that the number of nodes which simultaneously create block groups in the designated fragment is 1.
The segment establishing module is further configured to generate, by the third node, a signature parameter of the block group based on the block group creation request; the third node sends the signature parameters to the main node of the designated fragment; and the designated fragmented master node sends the signature parameters and the fragmented transaction log of the master node to other nodes except the master node and the third node in the designated fragments.
The fragment establishing module is further configured to generate a creating result of the group of fragments by the third node, and send the creating result to the user terminal.
The fragment establishing module is further configured to add the designated member in the block group by the fourth node of the designated fragment in response to the member addition request of the user terminal.
Referring to fig. 7, another signature processing apparatus is shown, which includes a data synchronization module 65 connected to the operation request parsing module 61; the nodes in the fragments record fragment transactions through fragment transaction logs; the data synchronization module is used for taking the node with the largest log number recorded by the fragment transaction log in the fragment as the master node if the master node in the fragment disconnects communication; and if the fifth node except the main node in the fragment breaks communication, the main node sends the stored signature parameters and the fragment transaction log to the fifth node.
The signature processing device provided by the embodiment of the invention has the same technical characteristics as the signature processing method provided by the embodiment, so that the same technical problems can be solved, and the same technical effects can be achieved.
The embodiment of the invention also provides electronic equipment, which is used for operating the signature processing method; referring to fig. 8, an electronic device includes a memory 100 and a processor 101, where the memory 100 is used to store one or more computer instructions, and the one or more computer instructions are executed by the processor 101 to implement the signature processing method.
Further, the electronic device shown in fig. 8 further includes a bus 102 and a communication interface 103, and the processor 101, the communication interface 103, and the memory 100 are connected through the bus 102.
The Memory 100 may include a high-speed Random Access Memory (RAM) and may further include a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. The communication connection between the network element of the system and at least one other network element is realized through at least one communication interface 103 (which may be wired or wireless), and the internet, a wide area network, a local network, a metropolitan area network, and the like can be used. The bus 102 may be an ISA bus, PCI bus, EISA bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown in FIG. 8, but that does not indicate only one bus or one type of bus.
The processor 101 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 101. The Processor 101 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the device can also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, or a discrete hardware component. The various methods, steps and logic blocks disclosed in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present invention may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in the memory 100, and the processor 101 reads the information in the memory 100, and completes the steps of the method of the foregoing embodiment in combination with the hardware thereof.
The embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium stores computer-executable instructions, and when the computer-executable instructions are called and executed by a processor, the computer-executable instructions cause the processor to implement the signature processing method, and specific implementation may refer to method embodiments, and is not described herein again.
The signature processing method, the signature processing apparatus, and the computer program product of the electronic device provided in the embodiments of the present invention include a computer-readable storage medium storing a program code, where instructions included in the program code may be used to execute the method in the foregoing method embodiments, and specific implementations may refer to the method embodiments and are not described herein again.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the system and/or the apparatus described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In addition, in the description of the embodiments of the present invention, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, an electronic device, or a network device) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In the description of the present invention, it should be noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc., indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of description and simplicity of description, but do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present invention. Furthermore, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
Finally, it should be noted that: the above-mentioned embodiments are only specific embodiments of the present invention, which are used for illustrating the technical solutions of the present invention and not for limiting the same, and the protection scope of the present invention is not limited thereto, although the present invention is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: any person skilled in the art can modify or easily conceive the technical solutions described in the foregoing embodiments or equivalent substitutes for some technical features within the technical scope of the present disclosure; such modifications, changes or substitutions do not depart from the spirit and scope of the embodiments of the present invention, and they should be construed as being included therein. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (17)

1. A signature processing method is characterized in that a signature platform is used for executing operation in a group signature or ring signature application process, wherein the signature platform comprises a plurality of fragments, each fragment comprises a plurality of nodes, the nodes pre-store corresponding relations between block groups and the fragments, the block groups are groups or ring groups, the groups are member groups of group signatures, and the ring groups are member groups of ring signatures; the method comprises the following steps:
responding to an operation request of a user terminal for signature, and analyzing a block group identifier and an operation type identifier from the operation request by a first node in a first fragment; the first fragment is any one of the plurality of fragments, and the first node is any one of a plurality of nodes contained in the first fragment;
the first node determines a target fragment corresponding to the block group identifier based on the corresponding relation;
and triggering at least one target node in the target fragment to respectively execute the operation corresponding to the operation type identifier, and respectively returning an operation result to the user terminal by the at least one target node.
2. The method according to claim 1, wherein the step of triggering at least one target node in the target segment to respectively execute the operation corresponding to the operation type identifier includes:
judging whether the first fragment is the target fragment;
if yes, at least one target node of the first fragment executes the operation corresponding to the operation type identifier respectively; wherein at least one target node of the first shard comprises the first shard;
if not, the first node forwards the operation request to at least one target node in the target fragment so as to trigger the at least one target node to execute the operation corresponding to the operation type identifier.
3. The method according to claim 2, wherein the step of the first node forwarding the operation request to at least one target node in the target shard comprises:
the first node determines at least one target node based on the load of nodes in the target fragment;
the first node forwards the operation request to at least one of the target nodes.
4. The method according to claim 3, wherein the step of the first node determining at least one target node based on the load of the nodes in the target shard comprises:
the first node randomly selects a second node from nodes in the target fragment;
judging whether the load of the second node is greater than a preset load threshold value or not;
if the load of the second node is less than or equal to the load threshold, taking the second node as the target node;
and if the load of the second node is greater than the load threshold value, randomly selecting at least one target node from the nodes of which the loads contained in the target shards are less than or equal to the load threshold value.
5. The method according to claim 1, wherein the step of the first node determining, based on the correspondence, a target segment corresponding to the chunk group identifier comprises:
the first node performs preset Hash calculation on the block group identification to obtain a Hash calculation result;
the first node takes the hash settlement result for the number of the fragments included by the signature platform to obtain a surplus calculation result;
and the first node determines the target fragment corresponding to the remainder calculation result based on the corresponding relation.
6. The method according to claim 1, wherein the fragmented nodes store signature parameters of the group of fragments in advance;
the step that at least one target node executes the operation corresponding to the operation type identification comprises the following steps:
and at least one target node acquires the signature parameter and executes the operation corresponding to the operation type identifier based on the signature parameter.
7. The method of claim 1, wherein the operation type identification comprises: a signature generation operation identifier, a signature verification identifier, or a certificate opening identifier.
8. The method of claim 1, further comprising:
establishing a plurality of the shards in the signature platform.
9. The method according to claim 8, wherein the step of creating a plurality of the shards in the signature platform comprises:
acquiring addresses of nodes in the fragments and numbers of the nodes in the fragments;
and taking the node with the largest number in the fragments as the main node of the fragments.
10. The method of claim 9, wherein after the step of establishing a plurality of the shards in the signing platform, the method further comprises:
a third node of the designated fragment responds to a block group creation request of the user terminal, and creates the block group in the designated fragment; wherein the designated shard comprises a distributed lock; the distributed lock represents that the number of the nodes which simultaneously create the block group in the designated fragment is 1.
11. The method according to claim 10, wherein the step of creating the group of blocks in the designated slice comprises:
the third node generating a signature parameter for the group of blocks based on the group of blocks creation request;
the third node sends the signature parameters to the main node of the designated fragment;
and the main node of the appointed fragment sends the signature parameter and the fragment transaction log of the main node to other nodes except the main node and the third node in the appointed fragment.
12. The method of claim 10, wherein after the step of creating the group of blocks in the designated shard, the method further comprises:
and the third node generates a creation result of the block group and sends the creation result to the user terminal.
13. The method of claim 10, wherein after the step of creating the group of blocks in the designated shard, the method further comprises:
and the fourth node of the appointed fragment responds to a member adding request of the user terminal, and adds an appointed member in the block group.
14. The method of claim 9, wherein nodes in the shard record sharded transactions via a sharded transaction log; the method further comprises the following steps:
if the main node in the fragment breaks communication, the node with the largest log number recorded by the fragment transaction log in the fragment is used as the main node;
and if the fifth node except the main node in the fragment breaks communication, the main node sends the stored signature parameters and the fragment transaction log to the fifth node.
15. A signature processing device is characterized in that a signature platform is used for executing operations in a group signature or ring signature application process, wherein the signature platform comprises a plurality of fragments, each fragment comprises a plurality of nodes, the nodes pre-store the corresponding relation between a block group and the fragment, the block group is a group or a ring group, the group is a member group of a group signature, and the ring group is a member group of a ring signature; the device comprises:
the operation request analysis module is used for responding to an operation request of a user terminal aiming at the signature, and a first node in the first fragment analyzes a block group identifier and an operation type identifier from the operation request; the first fragment is any one of the plurality of fragments, and the first node is any one of a plurality of nodes contained in the first fragment;
a target fragment determining module, configured to determine, by the first node, a target fragment corresponding to the block group identifier based on the correspondence;
and the target node execution module is used for triggering at least one target node in the target fragment to respectively execute the operation corresponding to the operation type identifier, and the at least one target node respectively returns the operation result to the user terminal.
16. An electronic device, characterized in that the electronic device comprises: a processing device and a storage device;
the storage means has stored thereon a computer program which, when executed by the processing apparatus, performs the signature processing method of any one of claims 1 to 14.
17. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processing device, carries out the steps of the signature processing method according to any one of claims 1 to 14.
CN202011556916.7A 2020-12-24 2020-12-24 Signature processing method and device and electronic equipment Active CN112636926B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011556916.7A CN112636926B (en) 2020-12-24 2020-12-24 Signature processing method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011556916.7A CN112636926B (en) 2020-12-24 2020-12-24 Signature processing method and device and electronic equipment

Publications (2)

Publication Number Publication Date
CN112636926A CN112636926A (en) 2021-04-09
CN112636926B true CN112636926B (en) 2022-05-27

Family

ID=75324761

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011556916.7A Active CN112636926B (en) 2020-12-24 2020-12-24 Signature processing method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN112636926B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109815728A (en) * 2018-12-21 2019-05-28 暨南大学 The fair contract with secret protection based on block chain signs method
CN110190970A (en) * 2019-06-25 2019-08-30 电子科技大学 Based on publicly-owned chain can anonymity revocation ring signatures and its generation and cancelling method
CN110400141A (en) * 2019-06-28 2019-11-01 苏州浪潮智能科技有限公司 Block chain digital signature method and system
CN110781140A (en) * 2019-09-06 2020-02-11 平安科技(深圳)有限公司 Method and device for data signature in block chain, computer equipment and storage medium
CN112000744A (en) * 2020-09-01 2020-11-27 中国银行股份有限公司 Signature method and related equipment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11146405B2 (en) * 2019-02-19 2021-10-12 International Business Machines Corporation Blinded endorsement for blockchain

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109815728A (en) * 2018-12-21 2019-05-28 暨南大学 The fair contract with secret protection based on block chain signs method
CN110190970A (en) * 2019-06-25 2019-08-30 电子科技大学 Based on publicly-owned chain can anonymity revocation ring signatures and its generation and cancelling method
CN110400141A (en) * 2019-06-28 2019-11-01 苏州浪潮智能科技有限公司 Block chain digital signature method and system
CN110781140A (en) * 2019-09-06 2020-02-11 平安科技(深圳)有限公司 Method and device for data signature in block chain, computer equipment and storage medium
CN112000744A (en) * 2020-09-01 2020-11-27 中国银行股份有限公司 Signature method and related equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于信任委托的区块链分层共识优化;段靓等;《计算机工程》;20201015(第10期);第126-136+142页 *

Also Published As

Publication number Publication date
CN112636926A (en) 2021-04-09

Similar Documents

Publication Publication Date Title
US10178076B2 (en) Cryptographic security functions based on anticipated changes in dynamic minutiae
CN111949953B (en) Identity authentication method, system and device based on block chain and computer equipment
CN107396360B (en) Block verification method and device
EP3726804B1 (en) Device authentication method, service access control method, device, and non-transitory computer-readable recording medium
CN109543456B (en) Block generation method and computer storage medium
CN108805571B (en) Data protection method, platform, block chain node, system and storage medium
CN110597489B (en) Random number generation method, equipment and medium
CN111523890A (en) Data processing method and device based on block chain, storage medium and equipment
CN112380584B (en) Block chain data updating method and device, electronic equipment and storage medium
EP3659060B1 (en) Consensus protocol for permissioned ledgers
US20210241270A1 (en) System and method of blockchain transaction verification
CN112055017B (en) Single-account multi-application unified login method and device and computer equipment
CN111800262A (en) Digital asset processing method and device and electronic equipment
CN110990790B (en) Data processing method and equipment
CN112948083A (en) Data processing method and device and electronic equipment
CN112468465B (en) Guarantee derivation-based terminal account identity authentication method and system in zero trust environment
CN111586013B (en) Network intrusion detection method, device, node terminal and storage medium
CN112636926B (en) Signature processing method and device and electronic equipment
CN113255011A (en) Block chain state mapping method, system, computer device and storage medium
CN110784318B (en) Group key updating method, device, electronic equipment, storage medium and communication system
CN111597537A (en) Block chain network-based certificate issuing method, related equipment and medium
CN111522563A (en) Block chain-based terminal upgrade protection system and method
CN112398924A (en) Block chain node admission control method, block chain node admission control device, computer equipment and storage medium
US10681045B2 (en) Multi-TTP-based method and device for verifying validity of identity of entity
CN113486375B (en) Storage method and device of equipment information, storage medium and electronic device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant