CN111294379B - Block chain network service platform, authority hosting method thereof and storage medium - Google Patents
Block chain network service platform, authority hosting method thereof and storage medium Download PDFInfo
- Publication number
- CN111294379B CN111294379B CN201811506512.XA CN201811506512A CN111294379B CN 111294379 B CN111294379 B CN 111294379B CN 201811506512 A CN201811506512 A CN 201811506512A CN 111294379 B CN111294379 B CN 111294379B
- Authority
- CN
- China
- Prior art keywords
- proxy
- node
- signature
- private key
- hosting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The embodiment of the invention provides a block chain network service platform, an authority hosting method and a storage medium thereof, wherein the method comprises the following steps: when a hosting request is received, hosting information is obtained from the hosting request, and the hosting information is used for representing the authority of at least one delegation node for hosting the delegation node to the proxy node; respectively generating at least one agent private key fragment on at least one delegation node according to the hosting information, wherein the at least one agent private key fragment corresponds to the at least one delegation node one to one, and the at least one agent private key fragment is used for representing the hosting authority of the at least one delegation node; generating an agent signature on the agent node according to at least one agent private key fragment; and when the agent signature is judged to be valid on the signature checking node, the authority of at least one delegation node is managed to the agent node.
Description
Technical Field
The invention relates to a communication technology, in particular to a block chain network service platform, an authority hosting method and a storage medium thereof.
Background
Blockchain techniques and their applications are subverting existing traffic patterns. Various industries are actively exploring the implementation of their own services in blockchain networks, including financial institutions, government agencies, traditional enterprises, internetworking companies, and the like. However, the blockchain technology has a high technical threshold, the architecture of the blockchain network is too complex, and the implementation manner of the blockchain network from the bottom layer to the upper layer is very different.
An enterprise-level blockchain network service platform, namely a blockchain as a service (BaaS) platform, provides a quick solution for quickly deploying blockchain networks for users in different industries and deploying applications supporting services in the blockchain networks.
The blockchain network service platform provides an anti-counterfeiting and anti-tampering distributed book for participants in the system. The participants can complete the operations of digital asset transfer, important data information uplink and the like without the assistance of the central node. In some scenes, some participants want to host their own authority to a designated agent, so that the designated agent can exercise the rights of asset transfer, participation in voting and the like on behalf of the participants.
The existing authority hosting mode is a mode of utilizing a certificate set to host authority to an agent, specifically, the agent utilizes a signature private key of a signer to generate an agent private key, and utilizes the agent private key to generate an agent signature of the agent, a signer verifies the to-be-signed agent signature, and the authority of the agent is hosted to the agent when the verification passes, so that the agent can exercise the authority of a client. However, since the calculation cost required for verifying the certificate is linear to the number of delegates, when the number of delegates is large, the delegates need to generate a large number of proxy signatures according to a large number of signature private keys, and the signers need to verify the large number of proxy signatures, thereby resulting in low efficiency of authority hosting.
Disclosure of Invention
The embodiment of the invention provides a block chain network service platform, an authority hosting method thereof and a storage medium, which can improve the efficiency of authority hosting.
The technical scheme of the embodiment of the invention is realized as follows:
in a first aspect, an embodiment of the present invention provides a method for authority hosting of a blockchain network service platform, where the method includes:
when a hosting request is received, hosting information is obtained from the hosting request, and the hosting information is used for representing the authority of at least one delegation node for hosting the delegation node to a proxy node;
respectively generating at least one proxy private key fragment on the at least one delegation node according to the hosting information, wherein the at least one proxy private key fragment corresponds to the at least one delegation node one to one, and the at least one proxy private key fragment is used for representing the hosting authority of the at least one delegation node;
generating an agent signature on the agent node according to the at least one agent private key fragment;
and when the proxy signature is judged to be valid on the signature verification node, the authority of the at least one delegation node is hosted to the proxy node.
In the above method, the hosting information includes a hosting start-stop time, an identity of the at least one delegate node, and an identity of the proxy node.
In the above method, the generating at least one proxy private key shard according to the escrow information includes:
calculating a first signature public key and a first signature private key of a first entrusting node by using a key generation algorithm on the first entrusting node of at least one entrusting node, wherein the first entrusting node is any one entrusting node of the at least one entrusting node;
on the first entrusting node, generating a first commitment value according to a preset value corresponding to the first entrusting node;
on the first delegation node, calculating a first proxy private key fragment corresponding to the first delegation node according to the escrow information, the first commitment value and the first signature private key;
forming the first proxy private key shard into the at least one proxy private key shard.
In the above method, the generating, at the proxy node, a proxy signature according to the at least one proxy private key fragment includes:
sending the at least one proxy private key shard, at least one signing public key, the escrow information, and at least one commitment value to the proxy node, the at least one commitment value consisting of the first commitment value, the at least one signing public key consisting of the first signing public key;
Generating, at the proxy node, the proxy signature based on the at least one proxy private key shard, the at least one public signature key, the escrow information, and the at least one commitment value.
In the above method, the generating the proxy signature according to the at least one proxy private key shard, the at least one signature public key, the escrow information, and the at least one commitment value includes:
verifying the validity of the at least one proxy private key shard and the at least one commitment value according to the at least one public signature key, the at least one proxy private key shard and the at least one commitment value;
when the verification is passed, overlapping the at least one proxy private key fragment to obtain a proxy private key;
and taking the proxy private key and the message to be signed as input, and generating the proxy signature by using a proxy multiple signature algorithm.
In the above method, after verifying validity of the at least one proxy private key fragment and the commitment value according to the at least one public signature key, the at least one proxy private key fragment, and the at least one commitment value, the method further includes:
and when the verification is passed, multiplying the at least one commitment value to obtain a commitment value product.
In the above method, after generating the proxy signature according to the at least one proxy private key shard and before hosting the authority of the at least one delegate node to the proxy node, the method further comprises:
sending the escrow information, the message to be signed, the proxy signature, the commitment value product and at least one signature public key to the signature verification node;
and inputting the escrow information, the message to be signed, the proxy signature, the commitment value product and the at least one signature public key on the signature verification node, and verifying whether the proxy signature is valid by using a proxy multiple signature verification method corresponding to the proxy multiple signature algorithm.
In a second aspect, an embodiment of the present invention provides a blockchain network service platform, where the blockchain network service platform is configured to, when a hosting request is received, obtain hosting information from the hosting request, where the hosting information is used to characterize a permission of at least one delegate node to host itself to an agent node; respectively generating at least one proxy private key fragment on the at least one entrusting node according to the escrow information, wherein the at least one proxy private key fragment corresponds to the at least one entrusting node one by one, and the at least one proxy private key fragment is used for representing the escrow authority of the at least one entrusting node; generating an agent signature on the agent node according to the at least one agent private key fragment; and when the agent signature is judged to be valid on the signature checking node, the authority of the at least one delegation node is managed to the agent node.
In the blockchain network service platform, the hosting information includes a hosting start-stop time, an identity of the at least one delegation node, and an identity of the proxy node.
In the block chain network service platform, the block chain network service platform is further configured to calculate, by using a key generation algorithm, a first signature public key and a first signature private key of a first delegation node in at least one delegation node, where the first delegation node is any one of the at least one delegation node; generating a first commitment value according to a preset value corresponding to the first delegation node on the first delegation node; on the first entrusting node, calculating a first proxy private key fragment corresponding to the first entrusting node according to the escrow information, the first commitment value and the first signature private key; forming the first proxy private key shard into the at least one proxy private key shard.
In the blockchain network service platform, the blockchain network service platform is further configured to send the at least one proxy private key fragment, at least one signature public key, the escrow information, and at least one commitment value to the proxy node, where the at least one commitment value is composed of the first commitment value, and the at least one signature public key is composed of the first signature public key; generating, at the proxy node, the proxy signature based on the at least one proxy private key shard, the at least one signature public key, the escrow information, and the at least one commitment value.
In the blockchain network service platform, the blockchain network service platform is further configured to verify validity of the at least one proxy private key fragment and the at least one commitment value according to the at least one signature public key, the at least one proxy private key fragment and the at least one commitment value; when the verification is passed, overlapping the at least one proxy private key fragment to obtain a proxy private key; and taking the proxy private key and the message to be signed as input, and generating the proxy signature by using a proxy multiple signature algorithm.
In the above block chain network service platform, the block chain network service platform is further configured to multiply the at least one commitment value when the verification passes, so as to obtain a commitment value product.
In the block chain network service platform, the block chain network service platform is further configured to send the escrow information, the message to be signed, the proxy signature, the product of commitment values, and at least one signature public key to the signature verification node; and inputting the escrow information, the to-be-signed message, the proxy signature, the commitment value product and the at least one signature public key on the signature verification node, and verifying whether the proxy signature is effective by using a proxy multiple signature verification method corresponding to the proxy multiple signature algorithm.
In a third aspect, an embodiment of the present invention provides a block chain network service platform, where the block chain network service platform includes:
at least one memory to store executable instructions;
and the at least one processor is used for executing the executable instructions stored in the at least one memory to realize the authority hosting method of the block chain network service platform.
In a fourth aspect, an embodiment of the present invention provides a storage medium storing executable instructions, which when executed, are configured to cause a processor to execute the method for authority hosting of a blockchain network service platform.
The embodiment of the invention is applied to realize the following beneficial effects:
because a blockchain network service platform, a permission hosting method thereof and a storage medium are adopted, the method can comprise the following steps: when a hosting request is received, hosting information is obtained from the hosting request, and the hosting information is used for representing the authority of at least one delegation node for hosting the delegation node to the proxy node; respectively generating at least one agent private key fragment on at least one delegation node according to the hosting information, wherein the at least one agent private key fragment corresponds to the at least one delegation node one to one, and the at least one agent private key fragment is used for representing the hosting authority of the at least one delegation node; generating an agent signature on an agent node according to at least one agent private key fragment; when the agent signature is judged to be valid on the signature verification node, the authority of at least one delegation node is hosted to the agent node. Therefore, when at least one delegation node exists, the block chain network service platform enables the start and stop time of the delegation, the identity of the at least one delegation node and the identity of the proxy node to form the delegation information, at least one proxy private key fragment is generated on the at least one delegation node according to the delegation information, then on the proxy node, the at least one proxy private key fragment is formed into a proxy private key, the proxy private key is used for signing a file to be signed, a proxy signature is obtained, at the moment, a signer only needs to verify the proxy signature, and therefore the authority hosting efficiency is improved.
Drawings
Fig. 1 is a functional architecture diagram of a block chain network service platform according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a resource layer constructed as a container cluster 200 by deploying a containerization management system according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a developer accessing a blockchain network service platform 100 through a terminal 300 according to an embodiment of the present invention;
fig. 4A to 4Q are schematic diagrams illustrating various function management pages of a blockchain network service platform according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an exemplary blockchain network deployed by using a blockchain network service platform according to an embodiment of the present invention;
fig. 6 is a flowchart illustrating an exemplary transaction using a blockchain network services platform according to an embodiment of the present invention;
fig. 7 is a first flowchart of a method for authority hosting of a blockchain network service platform according to an embodiment of the present invention;
fig. 8 is a flowchart illustrating a second method for authority hosting of a blockchain network service platform according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of a block chain network service platform according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail with reference to the accompanying drawings, the described embodiments should not be construed as limiting the present invention, and all other embodiments obtained by persons skilled in the art without inventive work shall fall within the scope of protection of the present invention.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used herein is for the purpose of describing embodiments of the invention only and is not intended to be limiting of the invention.
Before further detailed description of the embodiments of the present invention, terms and expressions mentioned in the embodiments of the present invention are explained, and the terms and expressions mentioned in the embodiments of the present invention are applied to the following explanations.
1) Transaction (Transaction), equivalent to the computer term "thing", includes three different simulated Transaction operations: deployment (deployment), invocation (Invoke) and Query (Query). The present invention is directed to deploying transactions for installing a specified chain code to a node of a blockchain network, invoking and querying type transactions for invoking a chain code of a deployment number to implement operations on related data of a target account in an ledger, including operations of adding, deleting, looking up, changing, modifying data in the form of Key-Value pairs in the account, or adding a new account in the ledger, not simply referring to transactions in a business context, which is followed by embodiments of the present invention in view of the convention that "transactions" are colloquially used in blockchain technology.
2) A Block (Block) recording a data structure of the ledger data updated by the exchange within a period of time, marked with a timestamp and a unique mark (e.g. a digital fingerprint) of a previous Block, and appended to the end of the Block chain to become a new Block after the Block is verified by the common identification of the nodes in the Block chain network.
3) Block chaining (Blockchain), a chained data structure of blocks assembled in a sequential manner, references in each block the hash value of the previous block or a subset thereof, thus cryptographically securing the recorded transaction as being non-falsifiable and non-forgeable.
4) A blockchain network incorporates new blocks into a set of centerless nodes of the blockchain in a consensus manner.
5) The Ledger (Legger), the sum of data recorded in a block chain network with accounts as dimensions, includes Ledger data, Ledger status certification, block index and other elements.
6) The ledger data, the actual block data storage, i.e. the record of a series of ordered and non-tamperable transactions recorded in the block chain, may be presented in the form of files of a file system, and the update of the data in the account/account is realized when an intelligent contract called in the transaction is executed.
7) The ledger status, also referred to as status data, i.e. the status of ledger data, may be in the form of key-value pairs in the database, where the real-time ledger status is used to represent the latest record of key-value pairs updated by the consensus exchange, and the historical ledger status is used to represent the historical record of key-value pairs.
8) Consensus (Consensus), a process in a blockchain network, is used to agree on the transaction results among the involved nodes, and the mechanisms for implementing Consensus include Proof of workload (PoW), Proof of rights (PoS, Proof of stamp), Proof of equity authority (DPoS), Proof of Elapsed Time (PoET, Proof of Elapsed Time), and so on.
9) Intelligent Contracts (Smart Contracts), also known as chain codes (chainodes), deployed in blockchain networks, run in a secure container with conditional execution-triggered program chain codes to initialize and manage ledger data and ledger states.
10) Techniques for container orchestration, scheduling and clustering of containers provide a basic mechanism for applying extensibility based on containers, using containers to provide services and orchestration to decide how interactions between containers should take place. An exemplary functional architecture of a blockchain network for implementing the embodiment of the present invention is described below, and referring to fig. 1, fig. 1 is a schematic diagram of a functional architecture of a blockchain network provided in the embodiment of the present invention, which includes an application layer 101, a consensus layer 102, a network layer 103, a data layer 104, and a resource layer 105, which are described below respectively.
The resource layer 105 encapsulates various available computing and storage resources, such as those in computers, servers/clusters, and clouds, abstracts and provides a uniform interface to the data layer 104 to mask the variability of the underlying hardware implementing the resource layer 105.
The computing resources include various forms of processors such as a Central Processing Unit (CPU), an Application Specific Integrated Circuit (ASIC), and a Field-Programmable Gate Array (FPGA).
The storage resources include various types of storage media such as various volatile memories and nonvolatile memories. The nonvolatile Memory may be a Read Only Memory (ROM) or a Programmable Read-Only Memory (PROM). The volatile Memory may be a Random Access Memory (RAM), which acts as an external cache Memory.
The computing resources and storage resources of the resource layer 105 may be mapped to various types of nodes in a blockchain network, and the storage medium implementing an embodiment of the present invention stores executable instructions for implementing the blockchain network deployment method of an embodiment of the present invention, and once the executable instructions deployed to the nodes are executed, the underlying resources (e.g., various types of processors) implementing the nodes will implement the deployment of various types of nodes in the blockchain network and perform the functions of the various types of nodes, thereby implementing ledgers for transactions in business processes and various applications based on the ledgers.
By way of example, executable instructions may be written in any form of programming language, including compiled or interpreted languages, or declarative or procedural languages, in the form of software (including system programs and applications), software modules, scripts, plug-ins, and the like, and they may be deployed in any form, including as stand-alone programs or as modules, components, or other units suitable for use in a computing environment.
Data layer 104 encapsulates various data structures that implement the ledger, including ledger data implemented in a file system, ledger state and presence proofs implemented in database form.
Network layer 103 encapsulates point-to-point (P2P) network protocols, data propagation and verification mechanisms, access and authentication mechanisms, and service agent identities. The P2P network protocol realizes communication among nodes in the blockchain network, a data propagation mechanism ensures the propagation of transaction/transaction results in the blockchain network, and a data verification mechanism is used for realizing the reliability of data transmission among the nodes based on an encryption method (such as a digital certificate, a digital signature and a public/private key pair); the access and authentication mechanism is used for managing the access and authentication of the terminal based on the identity of the service subject.
The consensus layer 102 encapsulates mechanisms for achieving consistency of transaction results propagated in the block chain, including POS, POW, DPOS, etc., and supports pluggable consensus mechanisms.
The application layer 101 encapsulates various services that the blockchain network can implement, including transaction settlement, tracing, and evidence storage.
Referring to fig. 2, it is a schematic structural diagram of a resource layer constructed as a container cluster 200 by deploying a containerization management system, where two types of nodes, namely a management Node (Master Server)200 and a service Node 300 (Node), are formed by deploying corresponding components of the containerization management system in a machine providing resources to the resource layer, the management Node is used to manage scheduling and running of containers in the service Node, the service Node is mainly used to run various containers, and provide an isolated running environment for various applications in a block chain network, for example, a chain code container for running a chain code, a Node container for running a code of a Node (i.e., a code of various types of nodes in the block chain network), and the following description is separately given.
The management node (Master Server)200 is responsible for managing the cluster, providing access to the cluster's resource data in the form of a Service (Service) to the outside, and includes several exemplary components.
1) A state component (etcd) for saving the state of the entire cluster.
2) And the application program interface service (API Server) component is used for providing a unique entrance for resource operation and providing mechanisms of authentication, authorization, access control, API registration, discovery and the like.
3) And the scheduling (Scheduler) component is used for being responsible for scheduling the resources and scheduling the containers to the appropriate nodes to run according to a preset scheduling strategy. For applications of the blockchain network, the container group (Pod) of the same group of resources in the shared machines (i.e., the machines deploying the service node components) in the container run by the service node is the minimum unit of invocation, and can be implemented by one or more container groups, where the resources shared by the containers in the container group include: application namespace, network namespace, hostname, and storage Volume (Volume).
Taking the shared storage volume as an example, when a shared File System component is deployed on a node, such as a Network File System (NFS), a cluster File System (GlusterFS), or a ceph File System (Cephfs), the scheduling component can easily schedule (mount) a container group mounted on the storage volume to a storage volume of another machine (node).
4) And the control management (Controller Manager) component is used for monitoring/maintaining the state of the cluster, monitoring the current state of each resource object of the whole cluster in real time through an interface provided by the application program interface service component, and restoring the current state to the expected state when the system state changes due to various faults.
5) A copy Controller (RC) component that controls the running of a certain number of Pod copies in a certain time; for example, if the running Pod copy exceeds a set value, closing part of Pod copies; if the Pod copy is less than the set value, a new Pod copy is created.
6) And the Deployment Controller (Deployment Controller) component is used for managing and maintaining a resource object-Deployment (Deployment) object in the container cluster finding, associating the Deployment object with the replica Controller, and providing declarative updates for the container group and the replica Controller in the Deployment object, so as to declare the target states of the container group and the replica Controller, and thus when the Deployment object is updated, the update of the replica Controller and the container group is controlled and realized.
1) And the container engine (noted as Docker) is used for taking charge of all specific image downloading and container operation.
2) The daemon component (denoted as Kubelet) is responsible for maintaining the life cycle of the container (creation, start and stop) and also for the management of the storage volume and the Container Network Interface (CNI).
Taking management of a storage volume as an example, a daemon component mounts each container in a container group to the same storage volume through a component of a shared File System deployed in a node, such as a Network File System (NFS), a cluster File System (GlusterFS), and a ceph File System (Cephfs), so that each container uses the same storage volume to store data produced in an operation process, and the data in the storage volume can be accessed by any container in the same container group.
3) And the load balancing component (denoted as Proxy) is responsible for providing Service discovery and load balancing inside the cluster for Service.
Based on the cluster shown in fig. 2, an exemplary process in which an image of an application deploying one blockchain network is encapsulated into a container group (referred to as a target Pod in the following example) and runs on a Node (referred to as a target Node in the following example) is as follows.
First, the management tool (Kubectl) of the container cluster 200 submits a request for creating a copy Controller (RC), which includes the definition of the target Pod; the number of copies that the target Pod needs to run; target Pod label (label) to be monitored, and the like.
Then, the request is written into the etcd through the API Server, and at this time, the Controller Manager monitors the RC event through the interface of the API Server that monitors the resource change, finds that there is no Pod instance corresponding to the RC in the current cluster, generates a Pod object according to the Pod template definition in the RC, and writes into the etcd through the API Server.
Immediately after the RC event is discovered by the Scheduler, it immediately executes a scheduling procedure: and selecting a Node of the drop for the new Pod, writing the result into the etcd through the API Server, monitoring the new Pod through the API Server by a Kubelet process running on the target Node, and starting the new Pod according to the definition of the new Pod until the life of the Pod is finished.
Subsequently, Kubectl submits a new Service creation request mapped to the target Pod, Controller Manager queries the associated Pod instance through Label, then generates endpoint (Endpoints) information (including addresses and ports) of Service, and writes the endpoint information into etcd through API Server; and Proxy processes running on all nodes in the container cluster inquire through an API (application program interface) Server, monitor the Service object and the corresponding endpoint information, and establish a load balancer in a software mode to realize the flow forwarding function from the Service access to the backend Pod.
In combination with the above, the blockchain network service platform implementing the embodiment of the present invention is implemented by deploying a container cluster at the resource layer and running a container encapsulated with a blockchain network application, and thus, the blockchain network implementing the embodiment of the present invention may be provided in the form of a memory and a processor, where executable instructions are stored in the memory, and when the executable instructions are executed by the processor, the container cluster is established on a plurality of nodes running the processor and the memory, and the chain code installation method in the blockchain network service platform implementing the embodiment of the present invention is implemented by running the encapsulated application in the container.
The blockchain network platform implementing the embodiment of the present invention is connected to a developer in various ways, and provides various graphical ways to deploy and manage the blockchain network, which is described below.
Referring to fig. 3, fig. 3 is a schematic diagram of a developer accessing the blockchain network service platform 100 through a terminal 300 according to an embodiment of the present invention, an SDK/Web 320 interface of the developer terminal 300 is connected to a corresponding SDE/Web interface of the data layer 104 in the blockchain network service platform 100, the blockchain network supporting a specific service is deployed locally and remotely on the developer terminal 300, and a management page of various functions of the blockchain network service platform 100 is displayed in a graphical interface 310 of the terminal 300, including creation of a container cluster and accessing of a new container cluster, management of storage resources, one-key deployment of the blockchain network, chain code management (running state view), application store management, and the like.
Referring to fig. 4A to 4Q, which are schematic display diagrams of various function management pages of the blockchain network service platform according to an embodiment of the present invention, the function management pages displayed in the graphical interface 310 of the developer terminal 300 in fig. 3 will be exemplarily described with reference to fig. 4A to 4Q.
Fig. 4A shows a status view page of the blockchain network service platform 100, in which the running status of the blockchain network, such as CPU usage, memory usage, and resource (node) usage, is shown.
Fig. 4B shows a console page of one-key deployment of the blockchain network service platform 100, which supports the developer to set basic information (including blockchain domain name, version number) and organization (including organization name, node number, user number, etc.) of the blockchain network, and to set advanced options with default values, including sorting node type, channel name, and chain code name, etc.
Fig. 4C illustrates a console page of resource management of the resource layer 105 of the blockchain web services platform 100, wherein related information of the cluster that can be deployed by the developer through the blockchain web services platform 100, including the status of whether to connect, the CPU/memory usage, and the like, is displayed.
Adding a container cluster for supporting a de-blocking chain network is supported in the step 4D, and a cluster name is recorded; the create page will be entered after the create cluster functionality option is triggered.
Fig. 4E shows a console page of the query cluster of the blockchain network service platform 100, and when a function button of the query cluster is triggered, the console page enters a cluster list page to support operations of adding a cluster, querying a cluster, deleting a cluster, and editing a cluster.
Fig. 4F shows a console page of the storage management of the blockchain network service platform 100, which enters a storage management list page when a function button of the storage management is triggered, and displays the created storage items in the cluster, including the storage query and delete function.
A console page of the blockchain network service platform 100 for storage details is shown in fig. 4G, and the storage details are shown in fig. 4H and support dynamic storage space expansion for storage.
A console page of the blockchain network service platform 100 for adding storage is shown in fig. 4I, supporting setting of storage name and node for adding, adding a node to a container cluster according to the setting, and displaying detailed information after adding storage, including a list of nodes of the container cluster, in fig. 4J.
A console page of the super ledger of blockchain network services platform 100 is shown in fig. 4K, showing information of the name, network version, status and creation time of the super ledger used to deploy the blockchain network.
In fig. 4L, a console page of one-touch deployment of a super ledger of the blockchain network service platform 100 is shown, which provides configuration items of basic information for super ledger deployment, and advanced configuration items adopting default values, such as sorting node type, channel, default chain code, and initialization parameters.
In fig. 4M/N, a console page of upload/installation of a chain code of the blockchain network service platform 100 is shown, in which setting items of a chain code name and a version number are provided; configuration items for chain code version, initialization parameters, organization, and nodes are provided in the installed console page.
Fig. 4O shows a console page of the network details of the blockchain network service platform 100, which supports viewing of information such as organization members, height of a block, transaction amount, and contract amount of different channels, and may also display information such as organization names, intra-channel node names, and intra-channel chain code names of the viewed channels.
Fig. 4P shows a console page for chain code query of the blockchain network service platform 100, which supports matching query of chain codes by using network names, chain code parameters, account book names, and chain code functions, and the query dimensions include status, messages, and data.
In fig. 4Q, a console page of an application store of the blockchain network service platform 100 is shown, which enables a developer to select an application to be deployed, and once an application is determined to be deployed to the blockchain network, rapid deployment of a container cluster to the resource layer 105 is completed by multiplexing images of the application.
Referring to fig. 5, for an exemplary architecture of a blockchain network deployed using a blockchain network services platform, an application obtains a legitimate identity certificate from a CA to join an application channel within the network. Before the positive transaction is initiated, a transaction Proposal (promosal) needs to be constructed and submitted to endorsement nodes in an organization 1 and an organization 2 for endorsement; after the client collects enough endorsement support (the number is determined according to the endorsement policy), a legal transaction request (endorsement carrying endorsement nodes) can be constructed by using the endorsement, and the legal transaction request is sent to a sequencing node (order) in the sequencing service for sequencing so as to package transactions to form a block.
Referring to fig. 6, a transaction flow of an application and a blockchain network is shown, where functions of a client and each node in the transaction flow are as follows:
client (application): the SDK is used to interact with the blockchain network. First, the client obtains a legitimate identity certificate from the CA to join the application channel within the network. Before the formal transaction is initiated, a transaction Proposal (promosal) needs to be constructed and submitted to an endorsement node for endorsement; after the client collects enough endorsement support (the number is determined according to the endorsement strategy), a legal transaction request (endorsement with endorsement nodes) can be constructed by using the endorsement, and the legal transaction request is sent to a sequencing node (Orderer) for sequencing so as to package the transactions into blocks. The client can also monitor messages in the network through an event mechanism to know whether the transaction is successfully received.
Endorsement node (Endorser): the method is mainly provided for the client to call and complete the endorsement (signature) processing of the transaction proposal. After receiving a transaction proposal from a client, firstly, checking the validity and ACL authority, simulating the operation transaction if the check is passed (the transaction can execute the chain code name and parameters required to be executed, and execute the transaction, which is essentially to execute the chain code appointed in the transaction), endorsing (namely, digitally signing) the state change caused by the transaction (recorded in a read-write set form, including the key and the version of the read state and the key value of the written state), and returning the result whether the client supports the transaction.
Sort node (Orderer): and receiving the transaction containing the endorsement signature, sequencing the unpacked transactions to generate a block, and broadcasting the block to the Peer node.
Master node (Leader Peer): and a node in communication with the sequencing node, responsible for obtaining the latest tiles from the sequencing node and synchronizing internally in the blockchain network.
Accounting node (commit): the structure of the block chain and the ledger (including the status DB, history DB, index DB, etc.) is maintained. The node will periodically obtain the sorted batch transaction block structure from the sorting node and check the transactions (including transaction message structure, signature integrity, whether it is duplicated, whether the read and write set versions match, etc.). And executing legal transaction after the check is passed, writing the result into an account book, and constructing a new block.
It should be noted that all Peer nodes are accounting nodes and are responsible for verifying transactions in the block of the sequencing node and maintaining state data and copies of the account book. Some Peer nodes will perform transactions and sign endorsements to the results, acting as endorsement nodes. The endorsement node is a dynamic role and is bound with a specific chain code. Each chain code in the chain code container sets an endorsement policy when being instantiated, and specifies which nodes are valid after the transaction endorsement. And the endorsement node is only used when the application program initiates a transaction endorsement request to the endorsement node, and is a common accounting node at other times, and the endorsement node is only used for verifying the transaction and accounting.
Example one
An embodiment of the present invention provides a method for delegating authority of a blockchain network service platform, where as shown in fig. 7, the method may include:
s101, when a hosting request is received, hosting information is obtained from the hosting request, and the hosting information is used for representing the authority of at least one delegation node for hosting the delegation node to the proxy node.
The permission hosting method of the block chain network service platform is suitable for a scene that a delegation node in the block chain network service platform delegates the self permission to a proxy node.
In the embodiment of the invention, when the blockchain network service platform receives the trusteeship request, the blockchain network service platform forms at least one entrusting node into a trusteeship group and obtains trusteeship information corresponding to the trusteeship group, wherein the trusteeship information comprises start and stop time of trusteeship, an identity of at least one entrusting node and an identity of an agent node.
S102, respectively generating at least one proxy private key fragment on at least one proxy node according to the hosting information, wherein the at least one proxy private key fragment corresponds to the at least one proxy node one to one, and the at least one proxy private key fragment is used for representing the hosting authority of the at least one proxy node.
After the blockchain network service platform acquires the hosting information from the hosting request, the blockchain network service platform generates at least one proxy private key fragment according to the hosting information on at least one delegation node.
In the embodiment of the invention, the block chain network service platform transmits the hosting information to at least one entrusting node, and the entrusting node generates at least one corresponding agent private key fragment according to the hosting information.
In the embodiment of the invention, on a first entrusting node in at least one entrusting node, a first signature public key and a first signature private key of the first entrusting node are calculated by using a key generation algorithm, wherein the first entrusting node is any one entrusting node in the at least one entrusting node; on the first delegation node, generating a first commitment value according to a preset value corresponding to the first delegation node; on the first entrusting node, calculating a first proxy private key fragment corresponding to the first entrusting node according to the escrow information, the first commitment value and the signature private key; the block chain network service platform forms the first proxy private key fragment into at least one proxy private key fragment.
In the embodiment of the invention, the preset value corresponding to the first entrusting node is a random value selected by the first entrusting node, the first entrusting node calculates a first commitment value by using a formula (1),
wherein k isiIs a preset value corresponding to the first delegate node,Kiis the first commitment value, g is the generator.
In the embodiment of the invention, the key generation algorithm is a formula (2)
(x,y=gx) (2)
Wherein x is a public signature key, and y is a private signature key.
In the embodiment of the invention, on the first entrusting node, the hash value of the escrow information is calculated by using the formula (3),
eD=H(mD)mD=TS||TE||ID1||…||IDn||IDP (3)
wherein e isDFor hash values of managed information, mDTo host information, TSFor delegating the starting time, TEDeadline for delegation, ID1…IDnIdentity, ID, of at least one delegate nodePFor the identity of the agent node, H is a hash function and | represents a data connection.
Thereafter, at the first delegate node, a first proxy private key shard is computed using the hash value, the first signature private key, and the first commitment value.
Specifically, a first proxy private key fragment is calculated using formula (4),
xP,i=xi+eDKi (4)
wherein x isP,iIs a fragment of a first agent private key, xiIs the first signature private key.
S103, generating an agent signature on the agent node according to at least one agent private key fragment.
When the blockchain network service platform is respectively arranged on at least one entrusting node, after at least one agent private key fragment is generated according to the entrusting information, the blockchain network service platform generates an agent signature according to the at least one agent private key fragment on the agent node.
In the embodiment of the invention, after at least one proxy node calculates at least one proxy private key fragment corresponding to the proxy node, the blockchain network service platform instructs the at least one proxy node to send the at least one proxy private key fragment, the at least one signature public key, the escrow information and the at least one commitment value to the proxy node.
In the embodiment of the invention, at least one proxy node sends at least one proxy private key fragment, at least one signature public key, escrow information and at least one commitment value to the proxy node through a security channel such as a dedicated channel.
In the embodiment of the invention, the blockchain network service platform generates the proxy signature on the proxy node according to at least one proxy private key fragment, at least one signature public key, escrow information and at least one commitment value.
Specifically, at the agent node, verifying the validity of at least one agent private key fragment and at least one commitment value according to at least one signature public key, at least one agent private key fragment and at least one commitment value; when the verification is passed, at least one proxy private key fragment is overlapped on the proxy node to obtain a proxy private key; and generating a proxy signature by using a proxy multiple signature algorithm according to the proxy private key and the message to be signed as input.
In the embodiment of the invention, when the verification is not passed, the at least one proxy private key fragment and the at least one commitment value are retransmitted to the at least one proxy node.
Further, before verifying the validity of the at least one proxy private key fragment and the at least one commitment value at the proxy node, the validity of the delegation information is verified a priori at the proxy node, and when the verification is passed, the validity of the at least one proxy private key fragment and the at least one commitment value is verified.
In an embodiment of the present invention, at the proxy node, the validity of the at least one proxy private key fragment and the at least one commitment value is verified using formula (5),
wherein, yiIs at least one public signature key.
In the embodiment of the invention, at least one proxy private key fragment is superposed on the proxy node by using a formula (6) to obtain a proxy private key,
wherein x isPIs the proxy private key.
In the embodiment of the invention, the proxy multiple signature algorithm is a Schnorr signature algorithm.
In the embodiment of the invention, an agent private key and a message to be signed are input on an agent node, and an agent signature(s) is generated by using a Schnorr signature algorithmP,eP) Specifically, the proxy signature is generated using equation (7),
Wherein, tPFor random values corresponding to proxy nodes, mPIs a message to be signed.
Further, after verifying that the validity of the at least one proxy private key fragment and the at least one commitment value passes, multiplying the at least one commitment value at the proxy node to obtain a commitment value product, and sending the commitment value product to the signature verification node for signature verification.
And S104, when the signature verification node judges that the proxy signature is valid, the authority of at least one delegation node is managed to the proxy node.
After the blockchain network service platform generates an agent signature on the agent node according to at least one agent private key fragment, the blockchain network service platform judges whether the agent signature is valid on the signature checking node, and when the signature checking node judges that the agent signature is valid, the blockchain network service platform trusts the authority of at least one delegation node to the agent node.
In the embodiment of the invention, a block chain network service platform instructs an agent node to send escrow information, a message to be signed, an agent signature, a commitment value product and at least one signature public key to a signature verification node; inputting the escrow information, the message to be signed, the proxy signature, the product of the commitment value and at least one signature public key on a signature verification node, and verifying whether the proxy signature is valid by using a proxy multiple signature verification method corresponding to a proxy multiple signature algorithm; when the blockchain network service platform judges that the proxy signature is valid on the signature checking node, the blockchain network service platform trusts the authority of at least one delegation node to the proxy node.
In the embodiment of the present invention, the proxy multi-signature verification method corresponding to the proxy multi-signature algorithm is shown in formula (8),
wherein, y1,…,ynIs at least one public signature key.
In the embodiment of the invention, when the blockchain network service platform judges that the proxy signature is effective on the signature verification node, the blockchain network service platform trusts the authority of at least one delegation node to the proxy node, and at the moment, the proxy node can exercise some right of at least one delegation node, such as management of digital assets, participation in ticket voting and the like.
Further, since the hosting start-stop time is set in the hosting information, when the blockchain network service platform judges that the hosting stop time is reached, the blockchain network service platform stops hosting the authority of the at least one delegation node to the proxy node, and at this time, the at least one delegation node withdraws the authority of the at least one delegation node.
It can be understood that when at least one delegation node exists, the blockchain network service platform enables a delegation start-stop time, an identity of the at least one delegation node and an identity of the proxy node to form a delegation message, generates at least one proxy private key fragment on the at least one delegation node according to the delegation message, forms the at least one proxy private key fragment into a proxy private key on the proxy node, signs a file to be signed by using the proxy private key, and obtains a proxy signature.
Example two
An embodiment of the present invention provides a method for delegating authority of a blockchain network service platform, where as shown in fig. 8, the method may include:
s201, when the blockchain network service platform receives a hosting request, the blockchain network service platform obtains hosting information from the hosting request, and the hosting information is used for representing the authority of at least one delegation node to host the blockchain network service platform to the proxy node.
The permission delegation method of the block chain network service platform is suitable for a scene that a delegation node in the block chain network service platform delegates the self permission to a proxy node.
Here, the description of S201 in the embodiment of the present invention is identical to the description of S101 in the first embodiment, and is not repeated here.
S202, the block chain network service platform calculates a first signature public key and a first signature private key of a first entrusting node on the first entrusting node of the at least one entrusting node by using a key generation algorithm, wherein the first entrusting node is any one entrusting node of the at least one entrusting node.
After the blockchain network service platform acquires the escrow information from the escrow request, the blockchain network service platform calculates at least one proxy private key fragment on at least one delegation node by using the escrow information.
In the embodiment of the invention, the key generation algorithm is formula (2)
(x,y=gx) (2)
Wherein, x is a public signature key, y is a private signature key, and g is a generator.
S203, the block chain network service platform generates a first commitment value according to a preset value corresponding to the first commitment node on the first commitment node.
After the block chain network service platform acquires the hosting information, the block chain network service platform generates a first commitment value on the first entrusting node according to a preset value corresponding to the first entrusting node.
In the embodiment of the invention, the preset value corresponding to the first entrusting node is a random value selected by the first entrusting node, the first entrusting node calculates a first commitment value by using a formula (1),
wherein k isiIs a preset value, K, corresponding to the first delegate nodeiIs the first commitment value.
It can be understood that, at least one delegation node hides at least one proxy private key fragment by using an independent random value of the delegation node, and therefore the security of the generated proxy private key can be improved.
It should be noted that S202 and S203 are two parallel steps after S201, and are specifically selected according to actual situations, and the embodiment of the present invention is not specifically limited.
S204, the block chain network service platform calculates a first proxy private key fragment corresponding to the first delegation node on the first delegation node according to the hosting information, the first commitment value and the first signature private key.
After the blockchain network service platform calculates a first commitment value, a first signature public key and a first signature private key on a first delegation node, the blockchain network service platform calculates a first proxy private key fragment on the first delegation node according to the delegation information, the first commitment value and the first signature private key.
In the embodiment of the invention, on the first entrusting node, the hash value of the escrow information is calculated by using the formula (3),
eD=H(mD)mD=TS||TE||ID1||…||IDn||IDP (3)
wherein e isDFor hash values of managed information, mDTo host information, TSFor delegating the starting time, TEDeadline for delegation, ID1…IDnIdentity, ID, of at least one delegate nodePFor the identity of the agent node, H is a hash function and | represents a data connection.
Thereafter, at the first delegate node, a first proxy private key shard is computed using the hash value, the first signature private key, and the first commitment value.
Specifically, a first proxy private key fragment is calculated using formula (4),
xP,i=xi+eDKi (4)
wherein x isP,iIs a fragment of a first agent private key, xiIs the first signature private key.
S205, the block chain network service platform enables the first proxy private key fragments to form at least one proxy private key fragment, and the at least one proxy private key fragment is used for representing the hosting authority of at least one delegate node.
After the block chain network service platform calculates the first proxy private key fragment corresponding to the first entrusting node, the block chain network service platform enables the first proxy private key fragment to form at least one proxy private key fragment corresponding to at least one entrusting node.
In the embodiment of the invention, the block chain network service platform sequentially forms the first proxy private key fragments into at least one proxy private key fragment corresponding to at least one proxy node.
S206, the block chain network service platform sends at least one proxy private key fragment, at least one signature public key, escrow information and at least one commitment value to the proxy node, wherein the at least one commitment value consists of a first commitment value, and the at least one signature public key consists of a first signature public key.
After the blockchain network service platform calculates at least one proxy private key fragment on at least one proxy node, the blockchain network service platform sends the at least one proxy private key fragment, at least one signature public key, escrow information and at least one commitment value to the proxy node.
In the embodiment of the invention, at least one proxy node sends at least one proxy private key fragment, at least one signature public key, escrow information and at least one commitment value to the proxy node through a security channel such as a dedicated channel.
S207, the block chain network service platform verifies the validity of the at least one proxy private key fragment and the at least one commitment value on the proxy node according to the at least one signature public key, the at least one proxy private key fragment and the at least one commitment value.
After the blockchain network service platform sends the at least one proxy private key fragment, the at least one signature public key, the hosting information and the at least one commitment value to the proxy node, the blockchain network service platform verifies the validity of the at least one proxy private key fragment and the at least one commitment value on the proxy node according to the at least one signature public key, the at least one proxy private key fragment and the at least one commitment value.
In an embodiment of the present invention, at the proxy node, the validity of the at least one proxy private key fragment and the at least one commitment value is verified using formula (5),
wherein, yiIs at least one public signature key.
Further, the validation of the delegation information is verified a priori at the proxy node before the validation of the at least one proxy private key fragment and the at least one commitment value is verified at the proxy node, and the validation of the at least one proxy private key fragment and the at least one commitment value is verified only when the validation is passed.
And S208, when the verification is passed, the block chain network service platform superposes at least one proxy private key fragment to obtain a proxy private key.
When the blockchain network service platform verifies that the validity of at least one proxy private key fragment and at least one commitment value passes, the blockchain network service platform superposes the at least one proxy private key fragment to obtain a proxy private key.
In the embodiment of the invention, at least one proxy private key fragment is superposed on a proxy node by using a formula (6) to obtain a proxy private key,
wherein x isPIs the proxy private key.
S209, the block chain network service platform takes the agent private key and the message to be signed as input, and generates an agent signature by using an agent multiple signature algorithm.
After the blockchain network service platform obtains the agent private key, the blockchain network service platform takes the agent private key and the message to be signed as input, and generates an agent signature by using an agent multiple signature algorithm.
In the embodiment of the invention, the proxy multiple signature algorithm is a Schnorr signature algorithm.
In the embodiment of the invention, an agent private key and a message to be signed are input on an agent node, and an agent signature(s) is generated by using a Schnorr signature algorithm P,eP) Specifically, the proxy signature is generated using equation (7),
wherein, tPFor random values corresponding to proxy nodes, mPIs a message to be signed.
It should be noted that in the Schnorr signature algorithm, participants share the prime order group G and the generator G thereof, and the method includes the following three steps:
(1) and (3) key generation: the signer uses a key generation algorithm to generate a public-private key pair (x, y ═ g)x)。
(2) Signature generation: signer signs private key x and waitingThe signed message m is used as input, a signature result (s, e) is generated and sent to the signer, wherein e is H (r | | | m), s is t-ex, and r is gtT is a random value selected by a signer, H is a hash function, and | represents data connection;
(3) signature verification: the verifier takes the signature result (s, e) and the public key of the signer y and the message m as input to verify whether e is H (g)sye| m) to determine whether the signature is valid.
S210, when the verification is passed, the block chain network service platform multiplies at least one commitment value to obtain a commitment value product.
When the blockchain network service platform verifies that the validity of the at least one proxy private key fragment and the at least one commitment value passes, the blockchain network service platform multiplies the at least one commitment value to obtain a commitment value product.
In the embodiment of the invention, after verifying that the validity of at least one proxy private key fragment and at least one commitment value passes, the blockchain network service platform multiplies at least one commitment value on a proxy node to obtain a commitment value product, and sends the commitment value product to a signature verification node for signature verification.
It should be noted that S208-S209 and S210 are two parallel steps after S207, which are selected to be executed according to actual situations, and the embodiment of the present invention is not limited in particular.
S211, the block chain network service platform sends the escrow information, the message to be signed, the proxy signature, the commitment value product and at least one signature public key to a signature verification node.
After the blockchain network service platform calculates the commitment value product and the proxy signature, the blockchain network service platform sends the escrow information, the message to be signed, the proxy signature, the commitment value product and at least one signature public key to the signature verification node.
S212, the block chain network service platform inputs the escrow information, the message to be signed, the proxy signature, the commitment value product and at least one signature public key on the signature checking node, and verifies whether the proxy signature is valid by using a proxy multiple signature verification method corresponding to a proxy multiple signature algorithm.
After the block chain network service platform sends the escrow information, the message to be signed, the proxy signature, the commitment value product and the at least one signature public key to the signature verification node, the block chain network service platform inputs the escrow information, the message to be signed, the proxy signature, the commitment value product and the at least one signature public key on the signature verification node, and verifies whether the proxy signature is valid or not by using a proxy multiple signature verification method corresponding to a proxy multiple signature algorithm.
In the embodiment of the present invention, the proxy multi-signature verification method corresponding to the proxy multi-signature algorithm is shown in formula (8),
wherein, y1,…,ynIs at least one public signature key.
And S213, when the signature verification node judges that the proxy signature is valid, the block chain network service platform trusts the authority of at least one delegation node to the proxy node.
When the blockchain network service platform verifies that the proxy signature is valid on the signature verification node, the blockchain network service platform trusts the authority of at least one delegation node to the proxy node.
Here, the description of S214 in the embodiment of the present invention is the same as that of S104 in the first embodiment, and is not repeated here.
It can be understood that when at least one delegation node exists, the blockchain network service platform enables a delegation start-stop time, an identity of the at least one delegation node and an identity of the proxy node to form a delegation message, generates at least one proxy private key fragment on the at least one delegation node according to the delegation message, forms the at least one proxy private key fragment into a proxy private key on the proxy node, signs a file to be signed by using the proxy private key, and obtains a proxy signature.
EXAMPLE III
An embodiment of the present invention provides a blockchain network service platform 100, as shown in fig. 1, where the blockchain network service platform 100 is configured to, when receiving a hosting request, obtain hosting information from the hosting request, where the hosting information is used to represent an authority of at least one delegate node to host itself to a proxy node; respectively generating at least one proxy private key fragment on the at least one delegation node according to the hosting information, wherein the at least one proxy private key fragment corresponds to the at least one delegation node one to one, and the at least one proxy private key fragment is used for representing the hosting authority of the at least one delegation node; generating, at the proxy node, a proxy signature from the at least one proxy private key fragment; and when the proxy signature is judged to be valid on the signature verification node, the authority of the at least one delegation node is hosted to the proxy node.
Optionally, the hosting information includes a hosting start-stop time, an identity of the at least one delegation node, and an identity of the proxy node.
Optionally, the block chain network service platform 100 is further configured to calculate, by using a key generation algorithm, a first signature public key and a first signature private key of a first delegated node in at least one delegated node, where the first delegated node is any delegated node in the at least one delegated node; generating a first commitment value according to a preset value corresponding to the first delegation node on the first delegation node; on the first entrusting node, calculating a first proxy private key fragment corresponding to the first entrusting node according to the escrow information, the first commitment value and the first signature private key; forming the first proxy private key shard into the at least one proxy private key shard.
Optionally, the blockchain network service platform 100 is further configured to send the at least one proxy private key fragment, at least one signature public key, the escrow information, and at least one commitment value to the proxy node, where the at least one commitment value is composed of the first commitment value, and the at least one signature public key is composed of the first signature public key; generating, at the proxy node, the proxy signature from the at least one proxy private key shard, the at least one public signature key, the escrow information, and the at least one commitment value.
Optionally, the blockchain network service platform 100 is further configured to verify validity of the at least one proxy private key fragment and the at least one commitment value according to the at least one signature public key, the at least one proxy private key fragment, and the at least one commitment value; when the verification is passed, overlapping the at least one proxy private key fragment to obtain a proxy private key; and taking the proxy private key and the message to be signed as input, and generating the proxy signature by using a proxy multiple signature algorithm.
Optionally, the block chain network service platform 100 is further configured to multiply the at least one commitment value when the verification passes, so as to obtain a commitment value product.
Optionally, the blockchain network service platform 100 is further configured to send the escrow information, the message to be signed, the proxy signature, the commitment value product, and at least one signature public key to the signature verification node; and inputting the escrow information, the message to be signed, the proxy signature, the commitment value product and the at least one signature public key on the signature verification node, and verifying whether the proxy signature is valid by using a proxy multiple signature verification method corresponding to the proxy multiple signature algorithm.
It can be understood that when at least one delegation node exists, the block chain network service platform enables a delegation start and stop time, an identity of the at least one delegation node, and an identity of the proxy node to form delegation information, at least one proxy private key fragment is generated on the at least one delegation node according to the delegation information, then on the proxy node, the at least one proxy private key fragment forms a proxy private key, a signature is made on a file to be signed by using the proxy private key, and a proxy signature is obtained.
Example four
Fig. 9 is a schematic structural diagram of a block chain network service platform according to an embodiment of the present invention, and in an actual application, based on the same inventive concept of the first embodiment to the third embodiment, as shown in fig. 9, a block chain network service platform 100 according to an embodiment of the present invention includes: at least one processor 10, at least one memory 11 and at least one communication bus 12. In a specific embodiment, the at least one Processor 11 may be at least one of an Application Specific Integrated Circuit (ASIC), a Digital Signal Processor (DSP), a Digital Signal Processing terminal (DSPD), a Programmable Logic terminal (PLD), a Field Programmable Gate Array (FPGA), a CPU, a controller, a microcontroller, and a microprocessor. It will be appreciated that the electronic devices used to implement the processor functions described above may be other devices, and embodiments of the present invention are not limited in particular.
In the embodiment of the present invention, the at least one communication bus 12 is used for realizing connection communication between the at least one processor 10 and the at least one memory 11; at least one memory 11 for storing executable instructions;
At least one processor 10, configured to execute the executable instructions stored in the at least one memory 11, to implement the rights management method according to embodiments one to three.
An embodiment of the present invention provides a storage medium, where the storage medium stores one or more programs, where the one or more programs are executable by one or more processors and applied to a blockchain network service platform, and when the program is executed by at least one processor, the right hosting method according to the first to third embodiments is implemented.
In summary, the embodiments of the present invention have the following beneficial effects: when at least one delegation node exists, the block chain network service platform enables the delegation start and stop time, the identity of the at least one delegation node and the identity of the proxy node to form the delegation information, at least one proxy private key fragment is generated on the at least one delegation node according to the delegation information, then on the proxy node, the at least one proxy private key fragment forms a proxy private key, the proxy private key is used for signing the file to be signed, and a proxy signature is obtained.
The above description is only an example of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, and improvement made within the spirit and scope of the present invention are included in the protection scope of the present invention.
Claims (16)
1. A method for authority hosting of a blockchain network service platform, the method comprising:
when a hosting request is received, hosting information is obtained from the hosting request, and the hosting information is used for representing the authority of at least one delegation node for hosting the delegation node to a proxy node;
respectively generating at least one proxy private key fragment on the at least one delegation node according to the hosting information, wherein the at least one proxy private key fragment corresponds to the at least one delegation node one to one, and the at least one proxy private key fragment is used for representing the hosting authority of the at least one delegation node;
generating an agent signature according to the at least one agent private key fragment on the agent node;
when the proxy signature is judged to be valid on the signature verification node, the authority of the at least one delegation node is hosted to the proxy node;
wherein the generating at least one proxy private key shard according to the escrow information comprises:
And generating the at least one proxy private key fragment according to the escrow information, the signature private key corresponding to the at least one delegation node and a commitment value corresponding to the at least one delegation node.
2. The method of claim 1, wherein the hosting information comprises a hosting start-stop time, an identity of the at least one delegate node, and an identity of the proxy node.
3. The method of claim 2, wherein generating at least one proxy private key shard from the escrow information comprises:
calculating a first signature public key and a first signature private key of a first entrusting node on the first entrusting node of at least one entrusting node by using a key generation algorithm, wherein the first entrusting node is any one entrusting node of the at least one entrusting node;
generating a first commitment value according to a preset value corresponding to the first delegation node on the first delegation node;
on the first entrusting node, calculating a first proxy private key fragment corresponding to the first entrusting node according to the escrow information, the first commitment value and the first signature private key;
Forming the first proxy private key shard into the at least one proxy private key shard.
4. The method of claim 3, wherein generating, at the proxy node, a proxy signature from the at least one proxy private key shard comprises:
sending the at least one proxy private key shard, at least one public signature key, the escrow information, and at least one commitment value to the proxy node, the at least one commitment value consisting of the first commitment value, the at least one public signature key consisting of the first public signature key;
generating, at the proxy node, the proxy signature based on the at least one proxy private key shard, the at least one public signature key, the escrow information, and the at least one commitment value.
5. The method of claim 4, wherein generating the proxy signature from the at least one proxy private key shard, the at least one public signature key, the escrow information, and the at least one commitment value comprises:
verifying the validity of the at least one proxy private key shard and the at least one commitment value according to the at least one public signature key, the at least one proxy private key shard and the at least one commitment value;
When the verification is passed, overlapping the at least one proxy private key fragment to obtain a proxy private key;
and taking the proxy private key and the message to be signed as input, and generating the proxy signature by using a proxy multiple signature algorithm.
6. The method of claim 5, wherein after verifying the validity of the at least one proxy private key shard and the commitment value based on the at least one public signature key, the at least one proxy private key shard and the at least one commitment value, the method further comprises:
and when the verification is passed, multiplying the at least one commitment value to obtain a commitment value product.
7. The method of claim 6, wherein after generating the proxy signature from the at least one proxy private key shard and before hosting the authority of the at least one delegate node to the proxy node, the method further comprises:
sending the escrow information, the message to be signed, the proxy signature, the commitment value product and at least one signature public key to the signature verification node;
and inputting the escrow information, the message to be signed, the proxy signature, the commitment value product and the at least one signature public key on the signature verification node, and verifying whether the proxy signature is valid by using a proxy multiple signature verification method corresponding to the proxy multiple signature algorithm.
8. The blockchain network service platform is used for acquiring hosting information from a hosting request when the hosting request is received, wherein the hosting information is used for representing the authority of at least one entrusting node for hosting the blockchain network service platform to an agent node; respectively generating at least one proxy private key fragment on the at least one delegation node according to the hosting information, wherein the at least one proxy private key fragment corresponds to the at least one delegation node one to one, and the at least one proxy private key fragment is used for representing the hosting authority of the at least one delegation node; generating an agent signature according to the at least one agent private key fragment on the agent node; when the proxy signature is judged to be valid on the signature verification node, the authority of the at least one delegation node is hosted to the proxy node; and generating the at least one proxy private key fragment according to the escrow information, the signature private key corresponding to the at least one delegation node and the commitment value corresponding to the at least one delegation node.
9. The blockchain network service platform of claim 8, wherein the hosting information includes a hosting start-stop time, an identity of the at least one delegate node, and an identity of the proxy node.
10. The blockchain network service platform of claim 9,
the block chain network service platform is further configured to calculate, by using a key generation algorithm, a first signature public key and a first signature private key of a first delegated node in at least one delegated node, where the first delegated node is any one of the at least one delegated node; generating a first commitment value according to a preset value corresponding to the first delegation node on the first delegation node; on the first entrusting node, calculating a first proxy private key fragment corresponding to the first entrusting node according to the escrow information, the first commitment value and the first signature private key; forming the first proxy private key shard into the at least one proxy private key shard.
11. The blockchain network service platform of claim 10,
the blockchain network service platform is further configured to send the at least one proxy private key fragment, at least one signature public key, the escrow information, and at least one commitment value to the proxy node, where the at least one commitment value is composed of the first commitment value, and the at least one signature public key is composed of the first signature public key; generating, at the proxy node, the proxy signature based on the at least one proxy private key shard, the at least one public signature key, the escrow information, and the at least one commitment value.
12. The blockchain network service platform of claim 11,
the blockchain network service platform is further used for verifying the validity of the at least one proxy private key fragment and the at least one commitment value according to the at least one signature public key, the at least one proxy private key fragment and the at least one commitment value; when the verification is passed, overlapping the at least one proxy private key fragment to obtain a proxy private key; and taking the proxy private key and the message to be signed as input, and generating the proxy signature by using a proxy multiple signature algorithm.
13. The blockchain network service platform of claim 12,
and the block chain network service platform is further used for multiplying the at least one commitment value when the verification is passed to obtain a commitment value product.
14. The blockchain network service platform of claim 13,
the blockchain network service platform is further used for sending the escrow information, the message to be signed, the proxy signature, the commitment value product and at least one signature public key to the signature verification node; and inputting the escrow information, the message to be signed, the proxy signature, the commitment value product and the at least one signature public key on the signature verification node, and verifying whether the proxy signature is valid by using a proxy multiple signature verification method corresponding to the proxy multiple signature algorithm.
15. A blockchain network service platform, the blockchain network service platform comprising:
at least one memory to store executable instructions;
at least one processor configured to execute executable instructions stored in the at least one memory to implement the rights hosting method of the blockchain network services platform of any of claims 1-7.
16. A storage medium having stored thereon executable instructions for causing a processor to perform the method of rights hosting of a blockchain network services platform of any one of claims 1 to 7 when the executable instructions are executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811506512.XA CN111294379B (en) | 2018-12-10 | 2018-12-10 | Block chain network service platform, authority hosting method thereof and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811506512.XA CN111294379B (en) | 2018-12-10 | 2018-12-10 | Block chain network service platform, authority hosting method thereof and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111294379A CN111294379A (en) | 2020-06-16 |
| CN111294379B true CN111294379B (en) | 2022-06-07 |
Family
ID=71024084
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811506512.XA Active CN111294379B (en) | 2018-12-10 | 2018-12-10 | Block chain network service platform, authority hosting method thereof and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111294379B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113849851A (en) * | 2020-06-28 | 2021-12-28 | 中兴通讯股份有限公司 | Proxy method, device and computer readable storage medium |
| CN112989436B (en) * | 2021-03-30 | 2022-04-22 | 广西师范大学 | Multi-signature method based on block chain platform |
| CN113326321B (en) * | 2021-06-10 | 2023-08-01 | 蚂蚁胜信(上海)信息技术有限公司 | User data management method and device based on block chain |
| CN113434905B (en) * | 2021-07-05 | 2022-11-15 | 网易(杭州)网络有限公司 | Data transmission method and device, computer equipment and storage medium |
| CN115708339B (en) * | 2021-08-20 | 2024-03-12 | 清华大学 | Data processing method, device and storage medium |
| CN113935070B (en) * | 2021-12-16 | 2022-06-07 | 北京百度网讯科技有限公司 | Data processing method, device and equipment based on block chain and storage medium |
| CN115313642A (en) * | 2022-08-10 | 2022-11-08 | 国电南瑞科技股份有限公司 | Power system scene and configuration oriented trusteeship system and trusteeship method |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1471682A1 (en) * | 2003-04-22 | 2004-10-27 | France Telecom | Method for digital signature with delegation mechanism, systems and programs for implementing the method |
| CN1992714A (en) * | 2005-12-29 | 2007-07-04 | 联想(北京)有限公司 | Authority principal method based on trusted computing platform |
| EP0872080B1 (en) * | 1995-06-05 | 2010-12-15 | CQRCert LLC | Multi-step digital signature method and system |
| CN103259662A (en) * | 2013-05-02 | 2013-08-21 | 电子科技大学 | Novel procuration signature and verification method based on integer factorization problems |
| CN107395567A (en) * | 2017-06-16 | 2017-11-24 | 深圳市盛路物联通讯技术有限公司 | A kind of equipment access right acquisition methods and system based on Internet of Things |
| CN107612870A (en) * | 2016-07-11 | 2018-01-19 | 香港理工大学深圳研究院 | Delegable method, server, terminal and the internet of things equipment of internet of things equipment |
| CN107623569A (en) * | 2017-09-30 | 2018-01-23 | 矩阵元技术(深圳)有限公司 | Block chain key escrow and restoration methods, device based on Secret sharing techniques |
| CN108173648A (en) * | 2017-12-29 | 2018-06-15 | 数安时代科技股份有限公司 | Security processing method, equipment and storage medium based on private key escrow |
| CN108604983A (en) * | 2015-02-14 | 2018-09-28 | 瓦利梅尔公司 | The commission of the safety of private key is distributed by domain name service |
| CN108769258A (en) * | 2018-06-29 | 2018-11-06 | 上海点融信息科技有限责任公司 | Method and apparatus for block chain network to be hosted in block chain application platform |
-
2018
- 2018-12-10 CN CN201811506512.XA patent/CN111294379B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0872080B1 (en) * | 1995-06-05 | 2010-12-15 | CQRCert LLC | Multi-step digital signature method and system |
| EP1471682A1 (en) * | 2003-04-22 | 2004-10-27 | France Telecom | Method for digital signature with delegation mechanism, systems and programs for implementing the method |
| CN1992714A (en) * | 2005-12-29 | 2007-07-04 | 联想(北京)有限公司 | Authority principal method based on trusted computing platform |
| CN103259662A (en) * | 2013-05-02 | 2013-08-21 | 电子科技大学 | Novel procuration signature and verification method based on integer factorization problems |
| CN108604983A (en) * | 2015-02-14 | 2018-09-28 | 瓦利梅尔公司 | The commission of the safety of private key is distributed by domain name service |
| CN107612870A (en) * | 2016-07-11 | 2018-01-19 | 香港理工大学深圳研究院 | Delegable method, server, terminal and the internet of things equipment of internet of things equipment |
| CN107395567A (en) * | 2017-06-16 | 2017-11-24 | 深圳市盛路物联通讯技术有限公司 | A kind of equipment access right acquisition methods and system based on Internet of Things |
| CN107623569A (en) * | 2017-09-30 | 2018-01-23 | 矩阵元技术(深圳)有限公司 | Block chain key escrow and restoration methods, device based on Secret sharing techniques |
| CN108173648A (en) * | 2017-12-29 | 2018-06-15 | 数安时代科技股份有限公司 | Security processing method, equipment and storage medium based on private key escrow |
| CN108769258A (en) * | 2018-06-29 | 2018-11-06 | 上海点融信息科技有限责任公司 | Method and apparatus for block chain network to be hosted in block chain application platform |
Non-Patent Citations (2)
| Title |
|---|
| PKI托管在当前电子商务安全性方面的方案探讨;钟远涛;《郧阳师范高等专科学校学报》;20131215(第06期);全文 * |
| Secure Attribute-Based Signature Scheme With Multiple Authorities for Blockchain in Electronic Health Records Systems;Rui Guo etc.;《IEEE Access ( Volume: 6)》;20180202;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111294379A (en) | 2020-06-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111294379B (en) | Block chain network service platform, authority hosting method thereof and storage medium | |
| EP3732857B1 (en) | Apparatus and method for decentralized-identifier creation | |
| EP3688930B1 (en) | System and method for issuing verifiable claims | |
| US20200328878A1 (en) | System and method for blockchain-based cross-entity authentication | |
| US20200145229A1 (en) | System and method for blockchain-based cross-entity authentication | |
| US11741083B2 (en) | Cross-shard private atomic commit | |
| JP2022174127A (en) | DAG-based transaction processing method and system in distributed ledger | |
| AU2020414467B2 (en) | Partially-ordered blockchain | |
| Lohachab et al. | Performance evaluation of Hyperledger Fabric-enabled framework for pervasive peer-to-peer energy trading in smart Cyber–Physical Systems | |
| CN115769241A (en) | Privacy preserving architecture for licensed blockchains | |
| CN111737104A (en) | Block chain network service platform, test case sharing method thereof and storage medium | |
| Khan et al. | Blockchain and edge computing–based architecture for participatory smart city applications | |
| JP2024505692A (en) | Data processing methods, devices and computer equipment based on blockchain networks | |
| US20230267220A1 (en) | Privacy preserving asset token exchange | |
| CN116975158B (en) | Request processing method, apparatus, computer device and storage medium | |
| US11375009B1 (en) | Minimizing the impact of malfunctioning peers on blockchain | |
| CN112565211B (en) | Block chain network service platform, information processing method, equipment and storage medium | |
| US20230267457A1 (en) | Privacy preserving asset transfer between networks | |
| Marcer Albareda | Fog-Applying blockchain to secure a distributed set of clusters | |
| CN112333132A (en) | Block chain network service platform, electronic acceptance method thereof and storage medium | |
| CN117436861A (en) | Block chain asset pre-allocation method, device, equipment, storage medium and program | |
| CN116244709A (en) | Determination method and related device for block-out node in block chain network | |
| CN117061089A (en) | Voting management method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |