CN110012126A - A kind of DNS system based on block chain technology - Google Patents
A kind of DNS system based on block chain technology Download PDFInfo
- Publication number
- CN110012126A CN110012126A CN201910260964.2A CN201910260964A CN110012126A CN 110012126 A CN110012126 A CN 110012126A CN 201910260964 A CN201910260964 A CN 201910260964A CN 110012126 A CN110012126 A CN 110012126A
- Authority
- CN
- China
- Prior art keywords
- subchain
- node
- block
- main chain
- committee
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000005516 engineering process Methods 0.000 title claims abstract description 31
- 238000012545 processing Methods 0.000 claims description 11
- 239000012634 fragment Substances 0.000 claims description 7
- 238000013507 mapping Methods 0.000 claims description 3
- 238000000034 method Methods 0.000 abstract description 10
- 230000008569 process Effects 0.000 abstract description 5
- 230000000694 effects Effects 0.000 abstract description 2
- RTZKZFJDLAIYFH-UHFFFAOYSA-N Diethyl ether Chemical compound CCOCC RTZKZFJDLAIYFH-UHFFFAOYSA-N 0.000 description 8
- 230000007246 mechanism Effects 0.000 description 5
- 238000004364 calculation method Methods 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 3
- 238000012217 deletion Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 230000037430 deletion Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000009825 accumulation Methods 0.000 description 1
- 230000001154 acute effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000005012 migration Effects 0.000 description 1
- 238000013508 migration Methods 0.000 description 1
- KAICRBBQCRKMPO-UHFFFAOYSA-N phosphoric acid;pyridine-3,4-diamine Chemical compound OP(O)(O)=O.NC1=CC=NC=C1N KAICRBBQCRKMPO-UHFFFAOYSA-N 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
A kind of DNS system based on block chain technology provided by the invention records a small amount of important information using a main chain, the cryptographic Hash of the request and subchain that are mainly responsible in storage top level domain;The a plurality of subchain for being separately connected the main chain, it can be extended, migrate and appropriate give up, all operation requests being mainly responsible under one specific TLD of storage, different subchains store the record under different TLDs, and all subchains all maintain identical block height with main chain;Node distribution is on the main chain and the subchain and allowing an only storage main chain and part subchain, guarantee the anonymity of voting process federation node using linkable ring signatures technology, node handles the operation in the subchain not stored using allograph, the handling capacity of system is improved using allocation methods, it is poor to solve safety in the prior art, limited performance, scalability is poor, the low technical problem of handling capacity, realize that safety is higher, scalability is higher, and handling capacity is higher, anonymity superior technique effect.
Description
Technical field
The present invention relates to internet areas, in particular to a kind of DNS system based on block chain technology.
Background technique
As shown in Figure 1, domain name system DNS is infrastructure important on internet.Domain name it is convenient it is appreciated that and use,
IP address is then more advantageous to computer and is handled, and DNS is responsible for domain name being converted to IP address, so that more convenient people access
Internet.Current DNS is a kind of distributed frame for having center, and United Dispatching and management are carried out by ICANN, and ICANN makees
Centered on the tissue changed fully control the distribution of domain name, there is serious detournement de pouvoir risk and single point failure risks for this.
In addition, current DNS is highly susceptible to, DDOS attack, caching pollution attack, deorienting risk, blinding risk etc. are various to be asked
Topic reports that 2018 at least 77% tissues are at least by primary according to " Global DNS Threat Report 2018 "
DNS attack.There is scholar to propose the DNSSEC agreement by the methods of authenticating, encrypting to solve these problems, but this does not change
The foundation structure for becoming DNS, still can have that various centralizations cause.
Block chain have the characteristics that decentralization, it is safe, credible, can not distort and seem can solve above-mentioned these problems.
Bit coin was proposed that subsequent people extract the Floor layer Technology of bit coin and are named as block chain by middle acute hearing in 2009.Block
Chain is a kind of believable distributed data base, in chronological order storage record, and block chain agreement is in the network of decentralization
Safeguard distributed database.According to its different access limit and centralization degree, block chain is divided into publicly-owned chain, connection
Alliance's chain and privately owned chain, this three's decentralization degree are lower and lower.Bit coin is the representative of block chain 1.0, and ether mill is as area
The representative of block chain 2.0 combines block chain 1.0 and intelligent contract, and so as to allow developer to remove deployment DAPP, this is greatly
Enrich the function of block chain.Domain name coin is first domain name system based on block chain, but it is faced with serious safety
Threaten, Blockstack is then first domain name system directly run on the chain of bit coin, but its performance by
The limitation of bottom bit coin, similar also Nebulis and ConsortiumDNS scheme, but the scalability in these schemes
The requirement of domain name service is far from satisfying with handling capacity.
Namecoin: domain name coin for the first time combines domain name service with block chain technology, directly uses bit coin
Code is made an amendment, so possessing many identical functions and mechanism such as POW with bit coin, they use identical mathematical problem
Mine is dug, so miner only needs to spend a power of calculating that can carry out digging mine in two systems, this may cause safety wind
Danger.Domain name coin uses .bit as its top level domain, it means that at present all domain name can by plus .bit come into
Row transplanting such as .com.bit .cn.bit etc..But domain name coin use POW as its know together mechanism, it means that early stage its
Probably due to it is calculated power deficiency and calculates power attack by 51%.
Blockstack: being first system directly operated in bit coin system.In view of in domain name coin
Domain name system is transplanted in bit coin system by safety problem, Blockstack, this calculation power that can use bit coin abundance is come
It resists 51% and calculates power attack, simultaneously because technologies, the bit coin nodes such as layering and virtual chain has been used to fail to recognize that
The presence of Blockstack, shortcoming are exactly the limited performance of Blockstack in the performance of bit coin.
Nebulis: it is a platform similar with Blockstack, can be understood as a global distributed directory
Come substitute presently, there are domain name system, with Blockstack the difference is that it uses substitution of the IPFS as HTTP,
And domain name service is provided using ether mill, but it is limited also by the performance in ether mill.
ConsortiumDNS: it proposes to carry out management domain name service using the form of alliance's chain, network node is divided into and is looked into
It askes node and digs mine node, and system is designed to three-decker, i.e. block link layer, common recognition layer, accumulation layer, use external storage
Layer goes to solve the storage problem of block chain itself.Meanwhile system building block accelerates the effect of domain name mapping with the index recorded
Rate.Different from the public chain form that domain name coin and Blockstack use, alliance's chain form that ConsortiumDNS is used is more advantageous
In carrying out rights management, this can reduce the digital crime in domain name, but ConsortiumDNS have in the structure of chain it is poor
Scalability and lower throughput of system.
Wherein, Namecoin: there are serious security risks;Blockstack: limited performance is in bit coin system;
Nebulis: limited performance is in ether mill system;ConsortiumDNS: scalability is poor, handling capacity is lower.
Summary of the invention
The present invention provides a kind of DNS system based on block chain technology, using a main chain, records a small amount of important letter
Breath, the cryptographic Hash of the request and subchain that are mainly responsible in storage top level domain;The a plurality of subchain for being separately connected the main chain, Ke Yijin
Row extension, migration and all operation requests appropriate given up, be mainly responsible under one specific TLD of storage, different subchains are deposited
The record under different TLDs is stored up, all subchains all maintain identical block height with main chain;Node, including federation node and
Ordinary node is distributed in the main chain and the subchain simultaneously storage section subchain, is allowed at node using allograph
Manage the operation in the subchain that those are not stored;The federation node is distributed on the main chain, can be to the request on TLD
Carry out rights management;The ordinary node is distributed in the subchain, can participate in the various operation requests under TLD, is solved existing
There is safety in technology poor, limited performance, scalability is poor, the low technical problem of handling capacity.
This DNS system based on block chain technology that the present invention provides to solve above-mentioned technical problem, including,
Main chain, only one, record a small amount of important information, the Kazakhstan of the request and subchain that are mainly responsible in storage top level domain
Uncommon value,;
Subchain, there are a plurality of and be separately connected the main chain, can be extended, migrate and it is appropriate give up, it is main negative
All operation requests under one specific TLD of duty storage, different subchains store the record under different TLDs, all subchains
All identical block height is maintained with main chain;
Node, including federation node and ordinary node are distributed in the main chain and the subchain simultaneously storage unit molecule
Chain allows the operation in those subchains for not storing of node processing using allograph;
The federation node is distributed on the main chain, can carry out rights management to the request on TLD;
The ordinary node is distributed in the subchain, can participate in the various operation requests under TLD.
Further, the block structure of the main chain includes,
Main chain block head, including main chain identifier, block height, the cryptographic Hash of previous block, entire block body
Merkle root information;
Main chain block body, there are two parts altogether, and first part is the various operations to top level domain, and second part is same
The cryptographic Hash of all requests in one period each subchain.
Further, the block structure of the subchain includes,
Subchain block head, including .com subchain identifier, timestamp, block height, the cryptographic Hash of previous block, block
Merkle root, version number and the other some important informations of body;
Subchain block body records all operation requests under top level domain .com.
Further, a full connection is established between the federation node, forms a committee, alliance to manage main chain, when
When some organizes to want application for registration .com top level domain, choose whether it is allowed to register in a vote by the federation node,
Guarantee the fairness of voting process and the anonymity of ballot node by linkable ring signatures LRS.
Further, the linkable ring signatures LRS includes,
Init: assuming that have n user inside the committee, alliance,
The list of public keys of group members are as follows: PK=PK1, PK2 ..., PKn },
Private key list are as follows: SK={ SK1, SK2 ..., SKn },
Message m ∈ { 0, the 1 } * being signed,
The public private key pair of anonymity signature person are as follows: { PKi, SKi } (1≤i≤n);
Sign: using the public key PK of all group members, the private key Ski of signer, message m as input, output one can chain
The ring signatures LRS value σ connect;
Verify: whether effectively corresponding according to it using the public key PK of all group members, message m, signature value σ as input
Output 1 or 0;
Link: it is invalid then without output if there is signature value using two signature value σ and σ ' as input, it is no
Whether the corresponding output 1 or 0 of link property is then had according to it,
When Verify and Link then claims the linkable ring signatures LRS to be to all PK, SK, i, when m, m' are set up
Correctly, it may be assumed that
Verify (PK, m, Sign (PK, Ski, m))=1
Link (Sign (PK, Ski, m), Sign (PK, Ski, m'))=1.
Further, the ordinary node connects the ordinary node in the same fragment by slotted protocol entirely,
A common committee is formed to verify the validity of each request.
Further, the slotted protocol be by all node divisions be in one cycle the smaller committee, each
The committee possess N number of member and can independent processing a part operation,.
Further, the committee, alliance is responsible for collecting and verifying the common recognition of all common committees as a result, and in committee member
Meeting internal operation Byzantine failure tolerance algorithm forms a final common recognition result and is broadcasted, remaining ordinary node receives
Final common recognition result is verified, and adds block on main chain and corresponding subchain.
Further, the allograph,
Assuming that two users A and B, they respectively possess public key: (PKA, SKA) and private key: (PKB, SKB), A are a tops
The owner of grade domain name, B is the owner of a subdomain, if following condition meets:
A calculates σ using its private key SKA, and σ is sent to B in confidence;
B generates a new key: σ A → B using σ and its private key SKB;
B represents A using newly generated key and signs to message m: s=Sign (σ A → B, m);
There are the algorithms that a disclosure can verify that: VerA → B:PK × S × M → { True, False }, for any m and
S meets: VerA → B (PKA, s, m)=True <=> s=Sign (σ A → B, m)
Claim TLD (A) to issue its part number signature power to give subdomain (B), A is original signer, and B is allograph
Person, σ are proxy signature key, and σ A → B is proxy signature key, and s is allograph.
It further, further include key-value database, the key-value database indexes in chain external storage and improves domain
The efficiency of name parsing.
The utility model has the advantages that this DNS system based on block chain technology provided by the invention, safety possessed by of the invention
It is higher;Scalability is with height;Handling capacity is higher;Anonymity is more preferable;Amount of storage is lower.
Detailed description of the invention
Fig. 1 is prior art domain name mapping flow chart.
Fig. 2 is the DNS system construction drawing of the present invention based on block chain technology.
Specific embodiment
In conjunction with above-mentioned Detailed description of the invention specific embodiments of the present invention.
As shown in Fig. 2, the present invention provides a kind of DNS system based on block chain technology, including
Main chain, only one, record a small amount of important information, the Kazakhstan of the request and subchain that are mainly responsible in storage top level domain
Uncommon value,;
Subchain, there are a plurality of and be separately connected the main chain, can be extended, migrate and it is appropriate give up, it is main negative
All operation requests under one specific TLD of duty storage, different subchains store the record under different TLDs, all subchains
All identical block height is maintained with main chain;
Node, including federation node and ordinary node are distributed in the main chain and the subchain simultaneously storage unit molecule
Chain allows the operation in those subchains for not storing of node processing using allograph;
The federation node is distributed on the main chain, can carry out rights management to the request on TLD;
The ordinary node is distributed in the subchain, can participate in the various operation requests under TLD.
This system architecture provided by the invention is a main chain and a plurality of subchain, and main chain is mainly responsible in storage top level domain
Request and subchain cryptographic Hash, subchain is mainly responsible for all operation requests under one specific TLD of storage, and the TLD includes
Com, org, all subchains all maintain identical block height with main chain.It is now assumed that each country safeguards alliance's section
Point establishes a full connection in the world, forms a committee, alliance to manage main chain between the node of All Countries maintenance.
Since main chain and subchain play the part of different roles, their respective block structures are also different,
Further, the block structure of the main chain includes, such as following table,
Main chain block head, including main chain identifier, block height, the cryptographic Hash of previous block, entire block body
Merkle root information;
Main chain block body, there are two parts altogether, and first part is the various operations to top level domain, and second part is same
The cryptographic Hash of all requests in one period each subchain.
Further, the block structure of the subchain includes, such as following table,
Subchain block head, including .com subchain identifier, timestamp, block height, the cryptographic Hash of previous block, block
Merkle root, version number and the other some important informations of body;
Subchain block body records all operation requests under top level domain .com.
Further, a full connection is established between the federation node, forms a committee, alliance to manage main chain, when
When some organizes to want application for registration .com top level domain, choose whether it is allowed to register in a vote by the federation node,
Guarantee the fairness of voting process and the anonymity of ballot node by linkable ring signatures LRS.
When a tissue wants to apply for the registration of a top level domain, registration request, agency are initiated to federation node first
Federation node the committee, alliance is issued into request, federation node initiates ballot after auditing to request, only works as vote of assent
Quantity reach specifically to register after certain proportion and can just be allowed to, then organizing ability possesses the subchain of oneself.
Further, the linkable ring signatures LRS includes,
Init: assuming that have n user inside the committee, alliance,
The list of public keys of group members are as follows: PK=PK1, PK2 ..., PKn },
Private key list are as follows: SK={ SK1, SK2 ..., SKn },
Message m ∈ { 0, the 1 } * being signed,
The public private key pair of anonymity signature person are as follows: { PKi, SKi } (1≤i≤n);
Sign: using the public key PK of all group members, the private key Ski of signer, message m as input, output one can chain
The ring signatures LRS value σ connect;
Verify: whether effectively corresponding according to it using the public key PK of all group members, message m, signature value σ as input
Output 1 or 0;
Link: it is invalid then without output if there is signature value using two signature value σ and σ ' as input, it is no
Whether the corresponding output 1 or 0 of link property is then had according to it,
When Verify and Link then claims the linkable ring signatures LRS to be to all PK, SK, i, when m, m' are set up
Correctly, it may be assumed that
Verify (PK, m, Sign (PK, Ski, m))=1
Link (Sign (PK, Ski, m), Sign (PK, Ski, m'))=1.
The linkable ring signatures LRS has property below:
Unforgeable: it is computationally difficult that a signature is forged for the other users in addition to legitimate user
's;
Anonymity: under the premise of signer does not stick one's chin out identity, anyone wants to know real signer identity
Probability will not be over the probability purely guessed;
Link property: anyone can detect whether two signatures are to be signed by the same group members.
The linkable ring signatures LRS, which is able to achieve, to vote anonymously, but block chain be not but it is anonymous, block even in
Address is only merely assumed name, and especially all nodes both know about the address of federation node, will when node issues voting results
Exposure voter.So issuing voting results using a common account in the present invention, as shown in the table, federation node is acted on behalf of
It is disclosed afterwards with the public private key pair (pk, sk) of the public key encryption common account of all federation nodes, then all federation node energy
The public private key pair that corresponding decryption obtains common account is carried out using the private key of oneself.
Further, the ordinary node connects the ordinary node in the same fragment by slotted protocol entirely,
A common committee is formed to verify the validity of each request, if the desired application for registration .com domain name of someone, at this moment committee member
It may require that and verify whether the request was signed by the owner of com top level domain.
Further, the slotted protocol be by all node divisions be in one cycle the smaller committee,
Each committee possess N number of member and can independent processing a part operation, slotted protocol can allow the gulping down of whole system
The calculation power of the amount of spitting and whole network linearly increases, while can tolerate a certain proportion of Byzantium's node, the core of slotted protocol
Thought thinks to be exactly to be evenly dividing calculation power, wherein introducing the concept in period.
In each period, the workflow of the node including the following steps:
S1. node collected the operation requests in a upper period;
S2. node establishes the identity of oneself: each ordinary node using a upper period by federation node generate it is public with
Randomness of the machine character string as epicycle POW, using IP | | PK | | Randomness | | POW Solution as their identity,
The solution of POW can permit other nodes also to verify and receive its identity, while can also be to avoid Sybil attack;
S3. node forms the committee: node will be assigned to the different committees according to its identity established, for example save
Either there are the 2k committees for remainder after putting the cryptographic Hash Mo Shang committee quantity for establishing identity, then according to k- thereafter
Bit is divided;
S4. the node of node and the same committee establishes connection: federation node is randomly from having solved the problems, such as the two of POW
The catalogue committee is selected in grade domain name node and is broadcasted, and the identity that oneself is established is sent to catalogue committee member by other nodes
Meeting, the validity of the independent verifying identity of each catalogue committee node simultaneously collects N number of member, then in the catalogue committee
Portion does union and picks out the highest N number of member of the frequency of occurrences, and list is broadcasted, then ordinary node can with it is affiliated same
The node of one committee establishes point-to-point connection, and this method can be with without establishing the catalogue committee compared to direct broadcast
Message complexity is reduced to 0 (Nn) by 0 (n2);
S5. committee's internal consensus: bifurcated is avoided using deterministic common recognition algorithm such as PBFT inside each committee
With tolerance Byzantium's node, if having 3f+1 node in a committee, then f Byzantium's node of PBFT most tolerables;
Each fragment reaches common understanding to final result: R1, R2 ..., RN, and then committeeman's representative broadcasts its result and gives alliance committee member
Meeting;
S6. alliance committee member will form final common recognition result: the result of each fragment processing and progress are collected by the committee, alliance
Verifying, obtains result of finally knowing together: R={ R2 ..., RN } in internal operation PBFT, it is assumed that R1 is verified as in vain, last alliance
R is broadcast to other ordinary nodes by node;
S7. the common recognition result in this period of nodes records: all nodes receive final result and verify its validity,
Then record is added on the main chain of oneself deployment and subchain, it is notable that main chain does not store all operation notes,
And the possible storage section subchain of ordinary node, R2 can be added to com- subchain and then ignored in other subchains by they
As a result;
S8. the committee, alliance generates the random number in next period: federation node runs a distributed commit-xor
Scheme will be used in the public random string of next period POW to generate.
Further, the committee, alliance is responsible for collecting and verifying the common recognition of all common committees as a result, and in committee member
Meeting internal operation Byzantine failure tolerance algorithm forms a final common recognition result and is broadcasted, remaining ordinary node receives
Final common recognition result is verified, and adds block on main chain and corresponding subchain.
Further, the allograph is,
Assuming that two users A and B, they respectively possess public key: (PKA, SKA) and private key: (PKB, SKB), A are a tops
The owner of grade domain name, B is the owner of a subdomain, if following condition meets:
A calculates σ using its private key SKA, and σ is sent to B in confidence;
B generates a new key: σ A → B using σ and its private key SKB;
B represents A using newly generated key and signs to message m: s=Sign (σ A → B, m);
There are the algorithms that a disclosure can verify that: VerA → B:PK × S × M → { True, False }, for any m and
S meets: VerA → B (PKA, s, m)=True <=> s=Sign (σ A → B, m)
Claim TLD (A) to issue its part number signature power to give subdomain (B), A is original signer, and B is allograph
Person, σ are proxy signature key, and σ A → B is proxy signature key, and s is allograph.
Over time, block catenary system will become more and more huger, and famous bit coin system is so far
Already close to 200GB.Huge memory capacity will improve the standard of node addition, this does not meet using block chain technology and weighs
The original intention of structure DNS, more nodes can preferably provide domain name service, can also accomplish load balancing.In order to reduce depositing for node
Storage burden, this DNS system based on block chain technology provided by the invention allow " light node " only to store main chain and part institute
The subchain needed, is employed herein slotted protocol, and node will be assigned in a fragment by random, so using agency
Signature technology allows the operation in those subchains for not storing of node processing.From another perspective, current domain name
Space is a kind of tree-shaped data structure, and there may be many a subdomain names under a TLD, allograph can also be TLD's
Administration authority is handed down to subdomain, reduces the administrative burden of TLD, and subdomain is allowed to possess the right of the subdomain of management oneself.
In the present invention, it is assumed that original signer is the mechanism for possessing top level domain com, proxy signers are to possess subdomain
The company of xxxx.com, if someone wants registered domain name mail.xxxx.com, xxxx.com company first judges that it whether may be used
With registration, allograph just is carried out to it if any, other nodes only need to verify the label using the public key of com mechanism
Whether name is legal.In addition, allograph has properties: it is by original that such as other nodes, which can easily distinguish signature,
What beginning signer or proxy signers were signed, and proxy signers cannot forge the signature of original signer.
It further, further include key-value database, the key-value database indexes in chain external storage and improves domain
The efficiency of name parsing.
This DNS system based on block chain technology provided by the invention is a kind of safe, expansible, high performance domain
Name system.Most important in domain name system is exactly top level domain TLD, and there are three types of classification by TLD: general top level domain gTLD, for example, com and
org;National top level domain ccTLD, such as cn and us;Infrastructure top level domain arpa.In order to reduce system centralization degree and
TLD is preferably managed, present invention employs the forms of alliance's chain, it is assumed that each country is a federation node, all states
Family forms an alliance to manage this chain, needs to be chosen in a vote by alliance to the various operations of top level domain, make in the present invention
Ensured to vote with linkable ring signatures technology the anonymity of node and the fairness of voting process.It can in order to enhance system
Scalability uses the structure of multichain, i.e. a main chain and a plurality of subchain in this programme, and main chain is responsible for recording the request on TLD,
Subchain is then responsible for the operation requests under TLD, this also complies with the hierarchical structure of current DNS.In order to enhance the handling capacity of system and keep away
Exempt from subchain participate in node it is very little caused by centralization problem, present invention uses slotted protocols uniformly random node to be divided into
The smaller committee, the request in each committee one subchain of independent processing, slotted protocol can allow the handling capacity of system
As the computing capability of network increases and increase.In order to reduce the lower deployment cost of system, the present invention allows node only to store main chain
Entire slotted protocol can be participated in while with part subchain and carries out rapid requests verifying, wherein having used the skill of allograph
Art.
This DNS system based on block chain technology provided by the invention compared to current domain name analysis system,
In terms of safety, DNS cache pollution: requestor can initiate analysis request to the node of multiple connections, this will
Increase the cost of doing evil of attacker, furthermore requestor and data cached node can dispose " light chain " comprising main chain, request
Response results can be verified in its local if person is if desired, so that it is guaranteed that the result is that believable;DDOS attack: connection
Alliance's node only be responsible for TLD on registration, de-registration request, and these request must be by applicant chain extroversion act on behalf of alliance section
Point initiates application, and then by acting on behalf of federation node publication, furthermore all ordinary nodes can also provide domain name resolution service,
All present invention can resist DDOS attack well;51% calculation power attack: Sybil attack is prevented using POW, uses determination
The common recognition algorithm PBFT of property is as main common recognition mechanism, so all decisions are all by alliance committee member there is no bifurcated
Can vote generation, one ticket of a state, so the present invention can attack to avoid power is calculated;Deorienting risk: important TLD is recorded in master
On chain, and only it just can be carried out registration and deletion when the vote of assent of country is more than certain proportion, as subdomain, owner
It is managed, is only just considered effective by request that the private key signature of owner is crossed, so the present invention can be to avoid
Deorienting risk;Blinding risk: being not present blinding risk, can possess if all nodes are if desired complete
Domain-name information, and even if node do not have complete domain-name information its can also to multiple nodes initiate analysis request.
In terms of scalability, the structure in the present invention is a main chain and a plurality of subchain, and main chain only needs to store all sons
The cryptographic Hash of data on chain, as long as application is ballot that is legal and having passed through the committee, alliance, subchain in theory
Quantity can be with infinite extension, over time, more and more domain names at different TLD needs are handled by system, this
When system can be expanded by accessing more subchains to main chain, in addition, certain strip chained record is at some fixation TLD
Domain name registration and deletion, if many useless letters can be stored on chain there are excessive registration-deletion pair in this subchain
Breath, node can apply for reopening the subchain of a same TLD to the committee, alliance at this time, abandon after useful information is transplanted
That subchain before, this can purify whole system.
In terms of high-throughput, slotted protocol is employed herein to realize high-throughput, equably by network node
It is divided into the smaller committee, and each committee can request in independent processing in a fragment, so processing is parallel
Change, it is almost in a linear relationship that the handling capacity of system with it calculates power.
In terms of anonymity, linkable ring signatures technology is employed herein, there is very applicable property in the present invention,
For example its validity for allowing group members to verify ballot does not know exact voter but, while public ballot account can solve
The problem of assumed name, such design may insure identity anonymous and the ballot of reduction relationship.
In terms of storage, the multichained construction in the present invention allows the limited node of memory capacity only to store main chain and part use
The higher subchain of frequency, and node can participate in all processes, and this can be reduced the addition standard of node, more participate in node
Domain name resolution service can be preferably provided, this is also beneficial to the load balancing of whole system.
The above content is a further detailed description of the present invention in conjunction with specific preferred embodiments, and it cannot be said that
Present invention specific implementation is only limited to these instructions, for those of ordinary skill in the art to which the present invention belongs, not
Under the premise of being detached from present inventive concept, a number of simple deductions or replacements can also be made, all shall be regarded as belonging to the protection of invention
Range.
Claims (10)
1. a kind of DNS system based on block chain technology, it is characterised in that: including,
Main chain, only one, record a small amount of important information, the Hash of the request and subchain that are mainly responsible in storage top level domain
Value;
Subchain, there are a plurality of and be separately connected the main chain, can be extended, migrate and it is appropriate give up, be mainly responsible for and deposit
Store up all operation requests under a specific TLD, different subchains stores the record under different TLDs, all subchains all and
Main chain maintains identical block height;
Node, including federation node and ordinary node are distributed in the main chain and the subchain simultaneously storage section subchain, benefit
Allow the operation in those subchains for not storing of node processing with allograph;
The federation node is distributed on the main chain, can carry out rights management to the request on TLD;
The ordinary node is distributed in the subchain, can participate in the various operation requests under TLD.
2. the DNS system according to claim 1 based on block chain technology, it is characterised in that: the block knot of the main chain
Structure includes,
Main chain block head, including main chain identifier, block height, the cryptographic Hash of previous block, entire block body Merkle
Root information;
Main chain block body, there are two parts altogether, and first part is the various operations to top level domain, and second part is in same week
The cryptographic Hash of all requests in phase each subchain.
3. the DNS system according to claim 1 based on block chain technology, it is characterised in that: the block knot of the subchain
Structure includes,
Subchain block head, including .com subchain identifier, timestamp, block height, the cryptographic Hash of previous block, block body
Merkle root, version number and other some important informations;
Subchain block body records all operation requests under top level domain .com.
4. the DNS system according to claim 1 based on block chain technology, it is characterised in that: between the federation node
A full connection is established, forms a committee, alliance to manage main chain, when some organizes to want application for registration .com top level domain
It when name, chooses whether it is allowed to register in a vote by the federation node, was voted by linkable ring signatures LRS guarantee
The fairness of journey and the anonymity of ballot node.
5. the DNS system according to claim 4 based on block chain technology, it is characterised in that: the linkable ring label
Name LRS include,
Init: assuming that have n user inside the committee, alliance,
The list of public keys of group members are as follows: PK=PK1, PK2 ..., PKn },
Private key list are as follows: SK={ SK1, SK2 ..., SKn },
Message m ∈ { 0, the 1 } * being signed,
The public private key pair of anonymity signature person are as follows: { PKi, SKi } (1≤i≤n);
Sign: using the public key PK of all group members, the private key Ski of signer, message m as input, output one is linkable
Ring signatures LRS value σ;
Verify: using the public key PK of all group members, message m, signature value σ as input, according to its whether effectively corresponding output 1
Or 0;
Link: invalid then without output, otherwise root if there is signature value using two signature value σ and σ ' as input
Whether there is the corresponding output 1 or 0 of link property according to it,
When Verify and Link then claims the linkable ring signatures LRS to be correct to all PK, SK, i, when m, m' are set up
, it may be assumed that
Verify (PK, m, Sign (PK, Ski, m))=1
Link (Sign (PK, Ski, m), Sign (PK, Ski, m'))=1.
6. the DNS system according to claim 5 based on block chain technology, it is characterised in that: the ordinary node passes through
Slotted protocol connects the ordinary node in the same fragment entirely, forms a common committee to verify each request
Validity.
7. the DNS system according to claim 6 based on block chain technology, it is characterised in that: the slotted protocol be
It by all node divisions is the smaller committee in a cycle, each committee possesses N number of member and can be independent
Processing a part operation,.
8. the DNS system according to claim 6 based on block chain technology, it is characterised in that: the committee, alliance is negative
The common recognition of all common committees is collected and verified to duty as a result, and forming one in committee's internal operation Byzantine failure tolerance algorithm
Final common recognition result is simultaneously broadcasted, remaining ordinary node receives final common recognition result and verified, and in main chain
Block is added in corresponding subchain.
9. the DNS system according to claim 1 based on block chain technology, it is characterised in that: the allograph,
Assuming that two users A and B, they respectively possess public key: (PKA, SKA) and private key: (PKB, SKB), A are a top level domain
The owner of name, B is the owner of a subdomain, if following condition meets:
A calculates σ using its private key SKA, and σ is sent to B in confidence;
B generates a new key: σ A → B using σ and its private key SKB;
B represents A using newly generated key and signs to message m: s=Sign (σ A → B, m);
There are the algorithms that a disclosure can verify that: VerA → B:PK × S × M → { True, False }, full for any m and s
Foot: VerA → B (PKA, s,M)=True <=> s=Sign (σ A → B, m)
Claim TLD (A) to issue its part number signature power to give subdomain (B), A is original signer, and B is proxy signers, and σ is
Proxy signature key, σ A → B are proxy signature keys, and s is allograph.
10. the DNS system according to claim 1 based on block chain technology, it is characterised in that: further include key-value
Database, the key-value database index the efficiency for improving domain name mapping in chain external storage.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910260964.2A CN110012126B (en) | 2019-04-02 | 2019-04-02 | DNS system based on block chain technology |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910260964.2A CN110012126B (en) | 2019-04-02 | 2019-04-02 | DNS system based on block chain technology |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110012126A true CN110012126A (en) | 2019-07-12 |
CN110012126B CN110012126B (en) | 2022-01-21 |
Family
ID=67169439
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910260964.2A Expired - Fee Related CN110012126B (en) | 2019-04-02 | 2019-04-02 | DNS system based on block chain technology |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110012126B (en) |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110572404A (en) * | 2019-09-12 | 2019-12-13 | 北京笔新互联网科技有限公司 | lightweight blockchain network architecture |
CN111010394A (en) * | 2019-08-15 | 2020-04-14 | 腾讯科技(深圳)有限公司 | Block chain multi-chain management method and device |
CN111178894A (en) * | 2020-04-10 | 2020-05-19 | 支付宝(杭州)信息技术有限公司 | Asset type registration and transaction record verification method and system |
CN111262959A (en) * | 2020-01-13 | 2020-06-09 | 平安科技(深圳)有限公司 | Block link point access method, device and storage medium |
CN111597269A (en) * | 2020-05-21 | 2020-08-28 | 昆明大棒客科技有限公司 | Block chain-based contract implementation method, device and equipment |
CN111680050A (en) * | 2020-05-25 | 2020-09-18 | 杭州趣链科技有限公司 | Fragmentation processing method, device and storage medium for alliance link data |
CN112468602A (en) * | 2019-09-06 | 2021-03-09 | 傲为信息技术(江苏)有限公司 | Decentralized domain name registration system and method based on block chain |
CN112468525A (en) * | 2019-09-06 | 2021-03-09 | 傲为信息技术(江苏)有限公司 | Domain name management system based on block chain |
WO2021042785A1 (en) * | 2019-09-06 | 2021-03-11 | 南京瑞祥信息技术有限公司 | Smart contract-based domain name management system |
CN112818379A (en) * | 2021-01-11 | 2021-05-18 | 北京信息科技大学 | Aviation gravity data security access control method and system based on block chain |
CN113127910A (en) * | 2021-04-30 | 2021-07-16 | 复旦大学 | Controllable anonymous voting system based on block chain and decentralization traceable attribute signature |
CN113132384A (en) * | 2021-04-20 | 2021-07-16 | 哈尔滨工业大学 | Decentralized DNS root zone management system |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106296138A (en) * | 2016-08-09 | 2017-01-04 | 西安电子科技大学 | Bit coin payment system based on Partial Blind Signature technology and method thereof |
US20170132619A1 (en) * | 2015-11-06 | 2017-05-11 | SWFL, Inc., d/b/a "Filament" | Systems and methods for autonomous device transacting |
CN108064444A (en) * | 2017-04-19 | 2018-05-22 | 北京大学深圳研究生院 | A kind of domain name analysis system based on block chain |
CN108124502A (en) * | 2017-03-31 | 2018-06-05 | 北京大学深圳研究生院 | A kind of top level domain management method and system based on alliance's chain |
US20180302366A1 (en) * | 2017-04-17 | 2018-10-18 | Verisign, Inc. | Domain name registration reservation through the use of encoding domain names |
US20190066066A1 (en) * | 2017-08-28 | 2019-02-28 | Stephen Boyd Lindsey | System and Method of Indexing Websites Using Contextually Unique Domain Extensions |
-
2019
- 2019-04-02 CN CN201910260964.2A patent/CN110012126B/en not_active Expired - Fee Related
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170132619A1 (en) * | 2015-11-06 | 2017-05-11 | SWFL, Inc., d/b/a "Filament" | Systems and methods for autonomous device transacting |
CN106296138A (en) * | 2016-08-09 | 2017-01-04 | 西安电子科技大学 | Bit coin payment system based on Partial Blind Signature technology and method thereof |
CN108124502A (en) * | 2017-03-31 | 2018-06-05 | 北京大学深圳研究生院 | A kind of top level domain management method and system based on alliance's chain |
US20180302366A1 (en) * | 2017-04-17 | 2018-10-18 | Verisign, Inc. | Domain name registration reservation through the use of encoding domain names |
CN108064444A (en) * | 2017-04-19 | 2018-05-22 | 北京大学深圳研究生院 | A kind of domain name analysis system based on block chain |
US20190066066A1 (en) * | 2017-08-28 | 2019-02-28 | Stephen Boyd Lindsey | System and Method of Indexing Websites Using Contextually Unique Domain Extensions |
Cited By (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111010394B (en) * | 2019-08-15 | 2021-06-08 | 腾讯科技(深圳)有限公司 | Block chain multi-chain management method and device |
CN111010394A (en) * | 2019-08-15 | 2020-04-14 | 腾讯科技(深圳)有限公司 | Block chain multi-chain management method and device |
WO2021042786A1 (en) * | 2019-09-06 | 2021-03-11 | 南京瑞祥信息技术有限公司 | Decentralized domain name registration system and method based on blockchain |
CN112468602A (en) * | 2019-09-06 | 2021-03-09 | 傲为信息技术(江苏)有限公司 | Decentralized domain name registration system and method based on block chain |
CN112468525A (en) * | 2019-09-06 | 2021-03-09 | 傲为信息技术(江苏)有限公司 | Domain name management system based on block chain |
WO2021042785A1 (en) * | 2019-09-06 | 2021-03-11 | 南京瑞祥信息技术有限公司 | Smart contract-based domain name management system |
CN112468525B (en) * | 2019-09-06 | 2022-06-28 | 傲为有限公司 | Domain name management system based on block chain |
CN112468602B (en) * | 2019-09-06 | 2023-09-22 | 傲为有限公司 | Block chain-based decentralised domain name registration system and method |
CN110572404A (en) * | 2019-09-12 | 2019-12-13 | 北京笔新互联网科技有限公司 | lightweight blockchain network architecture |
CN110572404B (en) * | 2019-09-12 | 2021-08-24 | 北京笔新互联网科技有限公司 | Lightweight block chain network system |
CN111262959A (en) * | 2020-01-13 | 2020-06-09 | 平安科技(深圳)有限公司 | Block link point access method, device and storage medium |
CN111178894A (en) * | 2020-04-10 | 2020-05-19 | 支付宝(杭州)信息技术有限公司 | Asset type registration and transaction record verification method and system |
CN111597269A (en) * | 2020-05-21 | 2020-08-28 | 昆明大棒客科技有限公司 | Block chain-based contract implementation method, device and equipment |
CN111680050A (en) * | 2020-05-25 | 2020-09-18 | 杭州趣链科技有限公司 | Fragmentation processing method, device and storage medium for alliance link data |
CN111680050B (en) * | 2020-05-25 | 2023-09-26 | 杭州趣链科技有限公司 | Fragment processing method, device and storage medium for alliance chain data |
CN112818379A (en) * | 2021-01-11 | 2021-05-18 | 北京信息科技大学 | Aviation gravity data security access control method and system based on block chain |
CN112818379B (en) * | 2021-01-11 | 2023-04-25 | 北京信息科技大学 | Aviation gravity data security access control method and system based on blockchain |
CN113132384B (en) * | 2021-04-20 | 2022-04-19 | 哈尔滨工业大学 | Decentralized DNS root zone management system |
CN113132384A (en) * | 2021-04-20 | 2021-07-16 | 哈尔滨工业大学 | Decentralized DNS root zone management system |
CN113127910A (en) * | 2021-04-30 | 2021-07-16 | 复旦大学 | Controllable anonymous voting system based on block chain and decentralization traceable attribute signature |
Also Published As
Publication number | Publication date |
---|---|
CN110012126B (en) | 2022-01-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110012126A (en) | A kind of DNS system based on block chain technology | |
CN107613041B (en) | Domain name management system, domain name management method and domain name resolution method based on block chain | |
CN110945853B (en) | Method for generating and managing multimode identification network based on alliance chain voting consensus algorithm | |
Liu et al. | A data storage method based on blockchain for decentralization DNS | |
CN111611315B (en) | Financial big data-oriented multi-fork tree structure block chain integrated optimization storage method | |
CN110061838A (en) | A kind of the decentralization storage system and its realization, information retrieval method of DNS resource record | |
WO2020154865A1 (en) | Progressive ip removal method and system supporting multi-mode identifier network addressing and storage medium | |
Maniatis et al. | Secure history preservation through timeline entanglement | |
WO2018191882A1 (en) | Domain name resolution system based on block chain | |
WO2018176406A1 (en) | Top-level domain name management method and system based on alliance chain | |
CN103248726B (en) | A kind of many reciprocity Internet of Things identification analytic method | |
CN109040012A (en) | A kind of data security protecting and sharing method based on block chain and system and application | |
CN106910051A (en) | A kind of DNS resource record notarization method and system based on alliance's chain | |
CN101193103B (en) | A method and system for allocating and validating identity identifier | |
CN110138560A (en) | A kind of dual-proxy cross-domain authentication method based on id password and alliance's chain | |
CN112199726A (en) | Block chain-based alliance trust distributed identity authentication method and system | |
CN113824563B (en) | Cross-domain identity authentication method based on block chain certificate | |
CN105007284B (en) | With the public audit method of secret protection in multi-manager group shared data | |
Li et al. | B-DNS: A secure and efficient DNS based on the blockchain technology | |
CN112100665A (en) | Data sharing system based on block chain | |
Liu et al. | Cross-heterogeneous domain authentication scheme based on blockchain | |
CN113656839A (en) | Electronic academic certificate management system based on alliance chain | |
Yu et al. | Blockchain-based pki system and its application in internet of things | |
CN116614519A (en) | Video and related information lightweight trusted uplink method based on optimization consensus algorithm | |
CN115664682A (en) | Consensus method for sharing medical data based on alliance chain master-slave multi-chain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20220121 |