CN113645295A - Block chain network security setting method based on Paxos algorithm - Google Patents

Block chain network security setting method based on Paxos algorithm Download PDF

Info

Publication number
CN113645295A
CN113645295A CN202110907699.XA CN202110907699A CN113645295A CN 113645295 A CN113645295 A CN 113645295A CN 202110907699 A CN202110907699 A CN 202110907699A CN 113645295 A CN113645295 A CN 113645295A
Authority
CN
China
Prior art keywords
sequence
module
big data
block chain
network security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110907699.XA
Other languages
Chinese (zh)
Other versions
CN113645295B (en
Inventor
施麟
张新华
薛飞
庞进明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Higher Vocational And Technical School Of Finance And Economics Nanjing Women's Secondary Vocational School
Nanjing Musk Information Technology Co ltd
Southeast University
Hohai University HHU
Original Assignee
Nanjing Higher Vocational And Technical School Of Finance And Economics Nanjing Women's Secondary Vocational School
Nanjing Musk Information Technology Co ltd
Southeast University
Hohai University HHU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Higher Vocational And Technical School Of Finance And Economics Nanjing Women's Secondary Vocational School, Nanjing Musk Information Technology Co ltd, Southeast University, Hohai University HHU filed Critical Nanjing Higher Vocational And Technical School Of Finance And Economics Nanjing Women's Secondary Vocational School
Priority to CN202110907699.XA priority Critical patent/CN113645295B/en
Publication of CN113645295A publication Critical patent/CN113645295A/en
Application granted granted Critical
Publication of CN113645295B publication Critical patent/CN113645295B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1044Group management mechanisms 
    • H04L67/1051Group master selection mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2212/00Encapsulation of packets
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Theoretical Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to the technical field of network security, in particular to a block chain network security setting method based on a Paxos algorithm, which comprises the following steps of; s1: a main node is generated periodically based on a Paxos algorithm; s2: generating a sequence of the master node information in the step S1, and executing a consistency algorithm; s3: analyzing the sequence; s4: the same operation sequence obtains a consistent state; s5: the series of tasks ends and returns to the initial state. In the distributed database system, a big data acquisition module collects big data and transmits the big data to a network security module through a big data output module, a main node is periodically generated based on a Paxos algorithm, each node generates the same operation sequence, and then the nodes can finally obtain a consistent state, otherwise, the network cannot be started, so that the network security can be powerfully guaranteed.

Description

Block chain network security setting method based on Paxos algorithm
Technical Field
The invention relates to a network security setting method, in particular to a block chain network security setting method based on a Paxos algorithm, and belongs to the technical field of network security.
Background
From the perspective of network operation and managers, it is desirable that the operations of accessing, reading and writing and the like of local network information are protected and controlled, threats such as 'trapdoor', virus, illegal access, denial of service, illegal occupation of network resources, illegal control and the like are avoided, attacks of network hackers are prevented and defended, for security and confidentiality departments, the operations of filtering and preventing illegal, harmful or information related to national confidentiality are desirable, confidential information is prevented from being leaked, harm to the society is avoided, and huge losses are caused to the country.
With the rapid development of computer technology, services processed on a computer are also developed from stand-alone-based mathematical operations, file processing, internal service processing based on a simply connected Intranet, office automation, and the like to enterprise-level computer processing systems based on a complex Intranet (Intranet), an Extranet (Extranet), and the global Internet (Internet), and information sharing and service processing worldwide.
While the processing capacity of the system is improved, the connection capacity of the system is also continuously improved, but while the connection capacity information and the circulation capacity are improved, the safety problem based on network connection is increasingly prominent, the problems of physical safety of the network, safety of a network topological structure, safety of a network system, safety of an application system, safety of network management and the like are increasingly prominent, the traditional method only carries out multiple encryption, lawless persons can carry out decryption one by one, and the safety of the network cannot be powerfully ensured for the time.
Therefore, it is desirable to improve the method for setting the security of the blockchain network to solve the above existing problems.
Disclosure of Invention
The invention aims to provide a block chain network security setting method based on a Paxos algorithm.A main server platform and a plurality of block chain computers form a distributed system, the initial states of the block chain computers are consistent in a distributed database system, a big data acquisition module collects big data and transmits the big data to a network security module through a big data output module, a main node is regularly generated based on the Paxos algorithm, each node generates the same operation sequence, and finally the nodes can obtain a consistent state, otherwise, the network cannot be started, so that the security of the network can be powerfully guaranteed.
In order to achieve the purpose, the invention adopts the main technical scheme that:
a block chain network security setting method based on a Paxos algorithm comprises a main server platform and a plurality of block chain computers connected with the main server platform, the inside of the general server platform is provided with a data processing module, the block chain computer comprises a big data management module, a big data acquisition module, a big data distribution module, a big data output module and a network security module, the big data management module, the big data acquisition module, the big data distribution module, the big data output module and the network security module are connected in sequence, the output end of the network security module is in communication connection with the blockchain computer, the network security module is used for providing a main node for the blockchain computer and transmitting the main node to the master server platform, and the specific setting method comprises the following steps;
s1: the big data acquisition module in each block chain computer collects big data and transmits the big data to the network security module through the big data output module, and then a master node is periodically generated in the network security module based on a Paxos algorithm;
s2: the big data management module is responsible for generating a sequence from the information of the main node in the S1, the sequence is pushed to the block chain computer through the network security module, and a consistency algorithm is executed on one sequence;
s3: the general server platform receives the sequences in the block chain computers in sequence, the block chain computers transmit the sequences to the data processing module in sequence, and the data processing module analyzes the sequences;
s4: if each block chain computer executes the same operation sequence, a consistent state is obtained;
s5: after the series of tasks are finished, returning to an initial state, and waiting for consistency based on a Paxos algorithm for the next time;
according to the technical scheme, a main server platform and a plurality of blockchain computers connected with the main server platform form a distributed system, if the initial states of all blockchain computers are consistent in a distributed database system, a big data acquisition module in each blockchain computer collects big data and transmits the big data to a network security module through a big data output module, then a main node is periodically generated in the network security module based on a Paxos algorithm, and all nodes generate the same operation sequence, so that the main server platform and the blockchain computers can finally obtain a consistent state;
to ensure that each node executes the same command sequence, a consistency algorithm needs to be executed on the blockchain computer to ensure that the instructions seen by each blockchain computer are consistent;
a general consistency algorithm can be applied to a plurality of scenes and is an important problem in distributed computing, a Paxos algorithm can be used in occasions where a plurality of processes need to reach a certain consistency, and after the consistency algorithms on a plurality of block chain computers in distributed storage reach consistency, the block chain computers can be started, so that the safety protection of the whole network is achieved, and the network safety of users is improved.
Preferably, Paxos algorithm is used to ensure that the blockchain computers can keep consistent, and in Paxos, each Paxos algorithm needs to perform a round of master node selection and generate a sequence as a consistency algorithm.
Preferably, in Paxos, each Paxos Instance needs to perform one or more rounds of complete two-stage request processes of Prepare- > plan- > advance- > Accept to complete the selection of a proposed value, in order to improve the algorithm operation performance as much as possible on the premise of ensuring correctness, a set of sequence number assignment mechanism can be shared by multiple instances, and Prepare- > plan is merged into one stage, which is specifically as follows:
when a copy node becomes Master through election, broadcasting a Prepare message by using a newly allocated number N, wherein the Prepare message is shared by all the instances which do not reach consistency and the instances which do not start at present;
when the Acceptor receives the Prepare message, it must respond to multiple instances at the same time, which can be usually implemented by encapsulating feedback information in a data packet, and assuming that at most K instances are allowed to select offer values at the same time:
packaging the last accepted proposed value of each of the pending instances into a data packet and returning the proposed value as a Promise message;
at the same time, determining whether N is greater than the current Acceptor's highestPromisedNum value (the maximum proposed number value that has been currently accepted), and if so, marking the pending Instances and all future Instances' highestPromisedNum values as N, so that none of the pending Instances and all future Instances can accept any more proposals with numbers less than N;
master performs the processing of the Prepare- > Accept stage on all pending instances and all future instances respectively, and if the Master can run stably all the time, then the Prepare- > Prepare processing is not needed in the following algorithm running process. However, once the Master finds that the Acceptor returns a Reject message, indicating that there is another Master in the cluster and trying to send a Prepare message using a larger proposal number, the current Master needs to reassign the new proposal number and perform the Prepare- > Prepare phase again.
Preferably, one or more rounds of Prepare- > Promise- > Propose- > Accept, and the algorithm is selected according to the formula:
MasterPrepare=max((T+t)/t);
where T is the sequence generation latency and T is the sequence transfer processing time.
Preferably, the Master performs the processing of the Propose- > Accept stage on all pending instances and all future instances, respectively, with the overall algorithm:
MasterAccept=(N*n+I*K+P)/(N+K+P);
wherein N is the number of the generated sequence, N is the number of the generated number, I is the generated sequence of the Instance, K is the number of the generated Instance, and P is the sequence with normal performance index.
Preferably, the network security module comprises a detection unit, an encryption unit and a decryption unit, and the detection unit establishes communication connection with the input ends of the big data management module and the big data acquisition module;
through the technical scheme, the method and the device are used for detecting and encrypting the sequence sent by the user, the abnormal sequence can be generated once the detection unit finds the abnormality, so that the user computer cannot be started, the encryption unit encrypts the sequence after the detection unit detects no abnormality so as to ensure the consistency of the sequence, and after a plurality of consistency algorithms reach the consistency, the sequence can be encryptedStarting the computer to improve the use safety of the computer, and generating a pseudo-random number generator by the key of the encryption unit, wherein the pseudo-random number generator generates a random number sequence { Kn-said pseudo-random number sequence KnThe generation mode comprises the following steps,
step (A) of setting a vector sequence { SnThe number of the channels is as follows,
Figure BDA0003202334690000051
wherein,
Figure BDA0003202334690000052
is a sequence of vectors SnI is in the range of 0 ≦ i ≦ 14, and an initial vector S0In order to realize the purpose,
S0=[65535,0,0,65535,0,65535,0,65535,0,0,0,0,0,0,0]mod is a modulo operation, b is 65536;
step (B) of setting a sequence RnIn order to realize the purpose,
Figure BDA0003202334690000053
step (C) of setting a sequence TnIn order to realize the purpose,
Figure BDA0003202334690000054
step (D) of aligning the sequence RnAnd array TnBitwise XOR, sequence { K1nThe number of the channels is as follows,
Figure BDA0003202334690000061
wherein n belongs to Z and n is more than or equal to 0, Z is an integer field,
Figure BDA0003202334690000062
is bitwise exclusive-or operation;
step (E) of aligning the sequence RnAnd array TnBy bit or, sequence { K2nThe number of the channels is as follows,
K2n=Rn|Tn
wherein n belongs to Z, n is more than or equal to 0, Z is an integer field, and | is bitwise OR operation;
step (F), the sequence { K1nAnd the sequence K2nBitwise AND to obtain a pseudo-random number sequence KnThe bit is set to be equal to the bit,
Kn=K1n&K2n
wherein n belongs to Z, n is more than or equal to 0, Z is an integer field, and & is bitwise AND operation.
Preferably, the node includes a timing module and a detection module, the timing module is configured to start a timer to start timing, and the detection module is configured to detect the node.
Preferably, when the block chain computer is synchronously connected with the main server platform, the block chain computer firstly acquires a consistency algorithm;
through the technical scheme, the network can be started only after the consistency is achieved through the processing, so that the safety of the network can be comprehensively ensured.
Preferably, the network security module establishes a communication connection with the data processing module, and the data processing module is configured to detect whether consistency algorithms of the plurality of network security modules are consistent.
Preferably, after the master node sets the latest status information as the current status information of the master node, the master node takes the current status information of the master node as the master node status information, and generates a sequence.
The invention has at least the following beneficial effects:
a main server platform and a plurality of block chain computers form a distributed system, in a distributed database system, a big data acquisition module collects big data and transmits the big data to a network security module through a big data output module, a main node is generated regularly based on a Paxos algorithm, each node generates the same operation sequence, and then the nodes can finally obtain a consistent state, otherwise, the network cannot be started, so that the security of the network can be powerfully guaranteed, and the secret key of an encryption unit is a unique generation mode of a pseudo-random number generator, has high encryption complexity and further improves the effect of network security.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a schematic flow chart of the block chain network security setting method based on Paxos algorithm according to the present invention.
Fig. 2 is a system structure diagram of the block chain network security setting method based on Paxos algorithm of the present invention.
In the figure, 1 is a general server platform, 2 is a block chain computer, 3 is a big data management module, 4 is a big data acquisition module, 5 is a big data distribution module, 6 is a big data output module, 7 is a network security module, 8 is a consistency processing module, 9 is a detection unit, 10 is an encryption unit, 11 is a decryption unit, 12 is a timing module and 13 is a detection module.
Detailed Description
Embodiments of the present application will be described in detail with reference to the drawings and examples, so that how to implement technical means to solve technical problems and achieve technical effects of the present application can be fully understood and implemented.
As shown in fig. 1-2, the block chain network security setting method based on Paxos algorithm provided in this embodiment includes a main server platform 1 and a plurality of block chain computers 2 connected to the main server platform 1, a data processing module 8 is disposed inside the main server platform 1, the block chain computers 2 include a big data management module 3, a big data acquisition module 4, a big data distribution module 5, and a big data output module 6, the system comprises a network security module 7, a big data management module 3, a big data acquisition module 4, a big data distributed module 5, a big data output module 6 and a network security module 7 which are sequentially connected, wherein the output end of the network security module 7 is in communication connection with a blockchain computer 2, the network security module 7 is used for providing a main node for the blockchain computer 2 and transmitting the main node to a master server platform 1, and the specific setting method comprises the following steps;
s1: the big data acquisition module 4 in each block chain computer 2 collects big data and transmits the big data to the network security module 7 through the big data output module 6, and then a master node is periodically generated in the network security module 7 based on a Paxos algorithm;
s2: the big data management module 3 is responsible for generating a sequence from the main node information in the S1, the sequence is pushed to the block chain computer 2 through the network security module 7, and a consistency algorithm is executed on one sequence;
s3: the general server platform 1 receives the sequences in the block chain computers 2 in sequence, the block chain computers 2 transmit the sequences to the data processing module 8 in sequence, and the data processing module 8 analyzes the sequences;
s4: if each blockchain computer 2 executes the same operation sequence, a consistent state is obtained;
s5: after the series of tasks are finished, returning to an initial state, and waiting for consistency based on a Paxos algorithm for the next time;
the system comprises a main server platform 1 and a plurality of block chain computers 2 connected with the main server platform 1, so that the main server platform 1 and the block chain computers 2 form a distributed system, in a distributed database system, if the initial states of the block chain computers 2 are consistent, a big data acquisition module 4 in each block chain computer 2 collects big data and transmits the big data to a network security module 7 through a big data output module 6, then a main node is periodically generated in the network security module 7 based on a Paxos algorithm, and each node generates the same operation sequence, so that the nodes can finally obtain a consistent state;
after setting the latest state information as the current state information of the master node, the master node takes the current state information of the master node as the master node state information and generates a sequence;
to ensure that each node executes the same command sequence, a consistency algorithm needs to be executed on the blockchain computer 2 to ensure that the instructions seen by each blockchain computer 2 are consistent;
a general consistency algorithm can be applied to a plurality of scenes and is an important problem in distributed computing, a Paxos algorithm can be used in occasions where a plurality of processes need to reach a certain consistency, and after the consistency algorithms on a plurality of block chain computers 2 in distributed storage reach consistency, the block chain computers 2 can be started, so that the safety protection of the whole network is achieved, and the network safety of users is improved.
In this embodiment, as shown in fig. 1, Paxos algorithm is used to ensure that the blockchain computers 2 can keep consistent, and in Paxos, each Paxos algorithm needs to perform a round of selection of master nodes and generate a sequence as a consistency algorithm;
in Paxos, each Paxos Instance needs to perform one or more rounds of complete two-stage request processes such as Prepare- > plan- > dispose- > Accept to complete the selection of a proposed value, in order to improve the algorithm performance as much as possible on the premise of ensuring correctness, a set of sequence number assignment mechanism can be shared by multiple instances, and Prepare- > plan is merged into one stage, where "Prepare- > plan- > Accept" means "Prepare- > Promise- > Propose- > Accept", and "Instance" means as follows:
when a replica node becomes Master by election, wherein the Master means primary, a Prepare message is broadcasted by using a newly allocated number N, and the Prepare message is shared by all the instances which do not reach consistency and the instances which do not start at present;
when the Acceptor receives the Prepare message, it must respond to multiple instances at the same time, which can be usually implemented by encapsulating feedback information in a data packet, assuming that at most K instances are allowed to select offer values at the same time, where "Acceptor" means "recipient", then:
packaging the last accepted proposed value of each of the pending instances into a data packet and returning the proposed value as a Promise message;
at the same time, determining whether N is greater than the current Acceptor's highestPromisedNum value (the maximum proposed number value that has been currently accepted), and if so, marking the pending Instances and all future Instances' highestPromisedNum values as N, so that none of the pending Instances and all future Instances can accept any more proposals with numbers less than N;
master performs the processing of the Prepare- > Accept stage on all pending instances and all future instances respectively, and if the Master can run stably all the time, then the Prepare- > Prepare processing is not needed in the following algorithm running process. However, once the Master finds that the Acceptor returns a Reject message, the "Reject" indicates that there is another Master in the cluster and attempts to send the Prepare message using the larger proposal number, at which point the current Master needs to reassign the new proposal number and perform the Prepare- > Prepare phase again.
One or more rounds of the complete sequence of Prepare- > Promise- > Propose- > Accept are selected according to the formula:
MasterPrepare=max((T+t)/t);
where T is the sequence generation latency and T is the sequence transfer processing time.
Master performs the processing of the Propose- > Accept stage on all pending and future instances respectively, and the overall algorithm is as follows:
MasterAccept=(N*n+I*K+P)/(N+K+P);
wherein N is the number of the generated sequence, N is the number of the generated number, I is the generated sequence of the Instance, K is the number of the generated Instance, and P is the sequence with normal performance index.
In this embodiment, as shown in fig. 2, the network security module 7 includes a detection unit 9, an encryption unit 10, and a decryption unit 11, where the detection unit 9 establishes a communication connection with the input ends of the big data management module 3 and the big data acquisition module 4;
the encryption unit is used for detecting and encrypting sequences sent by a user, the abnormal sequences can appear once the detection unit 9 detects that the abnormal sequences exist, so that a user computer cannot be started, the encryption unit 10 encrypts the sequences after the detection unit 9 detects that no abnormal sequence exists to ensure the consistency of the sequences, the computer can be started after a plurality of consistency algorithms are consistent, the use safety of the computer is improved, a secret key of the encryption unit is generated by the pseudo-random number generator, and the pseudo-random number generator generates a random number sequence { K }n-said pseudo-random number sequence KnThe generation mode comprises the following steps,
step (A) of setting a vector sequence { SnThe number of the channels is as follows,
Figure BDA0003202334690000111
wherein,
Figure BDA0003202334690000112
is a sequence of vectors SnI is in the range of 0 ≦ i ≦ 14, and an initial vector S0In order to realize the purpose,
S0=[65535,0,0,65535,0,65535,0,65535,0,0,0,0,0,0,0]mod is to get
Modulo arithmetic, b 65536;
step (B) of setting a sequence RnIn order to realize the purpose,
Figure BDA0003202334690000113
step (C) of setting a sequence TnIn order to realize the purpose,
Figure BDA0003202334690000114
step (D) of aligning the sequence RnAnd array TnBitwise XOR, sequence { K1nThe number of the channels is as follows,
Figure BDA0003202334690000115
wherein n belongs to Z and n is more than or equal to 0, Z is an integer field,
Figure BDA0003202334690000116
is bitwise exclusive-or operation;
step (E) of aligning the sequence RnAnd array TnBy bit or, sequence { K2nThe number of the channels is as follows,
K2n=Rn|Tn
wherein n belongs to Z, n is more than or equal to 0, Z is an integer field, and | is bitwise OR operation;
step (F), the sequence { K1nAnd the sequence K2nBitwise AND to obtain a pseudo-random number sequence KnThe bit is set to be equal to the bit,
Kn=K1n&K2n
wherein n belongs to Z, n is more than or equal to 0, Z is an integer field, and & is bitwise AND operation.
The encryption mode is unique and high in complexity, and the safety performance of the block chain network is further improved.
The node comprises a timing module 12 and a detection module 13, wherein the timing module 12 is used for starting a timer to start timing, and the detection module 13 is used for detecting the node.
When the blockchain computer 2 is synchronously connected with the main server platform 1, the blockchain computer 2 firstly obtains a consistency algorithm, then processes the consistent algorithm through 8 on the main server platform 1, and the network can be started after the consistency is achieved through the 8 processing, so that the safety of the network can be comprehensively ensured.
The network security module 7 establishes communication connection with the data processing module 8, and the data processing module 8 is used for detecting whether consistency algorithms of the plurality of network security modules 7 are consistent or not.
According to the block chain network security setting method based on the Paxos algorithm, a distributed system is formed by a main server platform and a plurality of block chain computers, in a distributed database system, a big data acquisition module collects big data and transmits the big data to a network security module through a big data output module, a main node is regularly generated based on the Paxos algorithm, each node generates the same operation sequence, and then the nodes can finally obtain a consistent state, otherwise, the network cannot be started, so that the network security can be powerfully guaranteed, in addition, the key of an encryption unit is a unique pseudo-random number generator generation mode, the encryption complexity is high, and the network security effect is further improved.
As used in the specification and in the claims, certain terms are used to refer to particular components. As one skilled in the art will appreciate, manufacturers may refer to a component by different names. This specification and claims do not intend to distinguish between components that differ in name but not function. In the following description and in the claims, the terms "include" and "comprise" are used in an open-ended fashion, and thus should be interpreted to mean "include, but not limited to. "substantially" means within an acceptable error range, and a person skilled in the art can solve the technical problem within a certain error range to achieve the technical effect basically.
It is noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a good or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such good or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of additional like elements in the article or system in which the element is included.
The foregoing description shows and describes several preferred embodiments of the invention, but as aforementioned, it is to be understood that the invention is not limited to the forms disclosed herein, but is not to be construed as excluding other embodiments and is capable of use in various other combinations, modifications, and environments and is capable of changes within the scope of the inventive concept as expressed herein, commensurate with the above teachings, or the skill or knowledge of the relevant art. And that modifications and variations may be effected by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (10)

1. A block chain network security setting method based on a Paxos algorithm comprises a main server platform (1) and a plurality of block chain computers (2) connected with the main server platform (1), and is characterized in that a data processing module (8) is arranged inside the main server platform (1), each block chain computer (2) comprises a big data management module (3), a big data acquisition module (4), a big data distribution module (5), a big data output module (6) and a network security module (7), the big data management module (3), the big data acquisition module (4), the big data distribution module (5), the big data output module (6) and the network security module (7) are sequentially connected, and the output end of the network security module (7) is in communication connection with the block chain computers (2), the network security module (7) is used for providing a main node for the block chain computer (2) and transmitting the main node to the general server platform (1), and the specific setting method comprises the following steps;
s1: the big data acquisition module (4) in each block chain computer (2) collects big data and transmits the big data to the network security module (7) through the big data output module (6), and then a master node is periodically generated inside the network security module (7) based on a Paxos algorithm;
s2: the big data management module (3) is responsible for generating a sequence from the information of the main node in the S1, the sequence is pushed to the block chain computer (2) through the network security module (7), and a consistency algorithm is executed on one sequence;
s3: the general server platform (1) sequentially receives sequences in the block chain computers (2), the block chain computers (2) sequentially transmit the sequences to the data processing module (8), and the data processing module (8) analyzes the sequences;
s4: if each block chain computer (2) executes the same operation sequence, a consistent state is obtained;
s5: the series of tasks are ended, the initial state is returned, and the consistency based on the Paxos algorithm is waited for next time.
2. The method for setting the security of the blockchain network based on the Paxos algorithm according to claim 1, wherein: the Paxos algorithm is used for ensuring that the blockchain computers (2) can keep consistent, and in Paxos, each Paxos algorithm needs to perform a round of selection of a main node and generate a sequence as a consistency algorithm.
3. The method for setting the security of the blockchain network based on the Paxos algorithm according to claim 1, wherein: in Paxos, each Paxos Instance needs to perform one or more rounds of complete sequence request processes such as Prepare- > premise- > promose- > Accept to complete the selection of a master node, and generate Prepare- > Promise as a consistency algorithm, which is as follows:
s3.1, after the Master node of the blockchain computer (2) becomes Master through election, broadcasting a Prepare message through a number N, wherein the Prepare message is shared by all the instances which do not reach consistency and the instances which do not start at present;
s3.2, after the Acceptor receives the Prepare message, responding to a plurality of instances at the same time, and generating a sequence by using feedback information to realize, wherein if K instances are allowed to select proposed values at most at the same time, then:
multiple K does not reach a consistent Instance, and a sequence is generated by the last accepted proposed value of each pending Instance and returned as a Promise message;
judging whether N is larger than the value of highestPromisedNum of the current Acceptor, if so, marking the value of highestPromisedNum of the pending instances and all future instances as N, so that the pending instances and all future instances can not accept any proposal with the number less than N;
s3.3, Master respectively executes the processing of the Propose- > Accept stage on all pending instances and all future instances.
4. The method for setting the security of the blockchain network based on the Paxos algorithm according to claim 3, wherein: one or more rounds of the complete sequence of Prepare- > Promise- > Propose- > Accept are selected according to the formula:
MasterPrepare=max((T+t)/t);
where T is the sequence generation latency and T is the sequence transfer processing time.
5. The method for setting the security of the blockchain network based on the Paxos algorithm according to claim 3, wherein: master performs the processing of the Propose- > Accept stage on all pending and future instances respectively, and the overall algorithm is as follows:
MasterAccept=(N*n+I*K+P)/(N+K+P);
wherein N is the number of the generated sequence, N is the number of the generated number, I is the generated sequence of the Instance, K is the number of the generated Instance, and P is the sequence with normal performance index.
6. The method for setting the security of the blockchain network based on the Paxos algorithm according to claim 1, wherein: the network security module (7) comprises a detection unit (9), an encryption unit (10) and a decryption unit (11), the detection unit (9) is in communication connection with the input ends of the big data management module (3) and the big data acquisition module (4), a secret key of the encryption unit (10) is generated by a pseudo-random number generator, and the pseudo-random number generator generates a random number sequence { K }n-said pseudo-random number sequence KnThe generation mode comprises the following steps,
step (A) of setting a vector sequence { SnThe number of the channels is as follows,
Figure FDA0003202334680000031
wherein,
Figure FDA0003202334680000032
is a sequence of vectors SnI is in the range of 0 ≦ i ≦ 14, and an initial vector S0In order to realize the purpose,
S0=[65535,0,0,65535,0,65535,0,65535,0,0,0,0,0,0,0]mod is a modulo operation, b is 65536;
step (B) of setting a sequence RnIn order to realize the purpose,
Figure FDA0003202334680000033
step (C) of setting a sequence TnIn order to realize the purpose,
Figure FDA0003202334680000041
step (D) of aligning the sequence RnAnd array TnBitwise XOR, sequence { K1nThe number of the channels is as follows,
Figure FDA0003202334680000042
wherein n belongs to Z and n is more than or equal to 0, Z is an integer field,
Figure FDA0003202334680000043
is bitwise exclusive-or operation;
step (E) of aligning the sequence RnAnd array TnBy bit or, sequence { K2nThe number of the channels is as follows,
K2n=Rn|Tn
wherein n belongs to Z, n is more than or equal to 0, Z is an integer field, and | is bitwise OR operation;
step (F), the sequence { K1nAnd the sequence K2nBitwise AND to obtain a pseudo-random number sequence KnThe bit is set to be equal to the bit,
Kn=K1n&K2n
wherein n belongs to Z, n is more than or equal to 0, Z is an integer field, and & is bitwise AND operation.
7. The method for setting the security of the blockchain network based on the Paxos algorithm according to claim 1, wherein: the node comprises a timing module (12) and a detection module (13), wherein the timing module (12) is used for starting a timer to start timing, and the detection module (13) is used for detecting the node.
8. The method for setting the security of the blockchain network based on the Paxos algorithm according to claim 1, wherein: when the block chain computer (2) is synchronously connected with the main server platform (1), the block chain computer (2) firstly acquires a consistency algorithm.
9. The method for setting the security of the blockchain network based on the Paxos algorithm according to claim 6, wherein: the network security module (7) is in communication connection with the data processing module (8), and the data processing module (8) is used for detecting whether consistency algorithms of the network security modules (7) are consistent or not.
10. The method for setting the security of the blockchain network based on the Paxos algorithm according to claim 1, wherein: and after setting the latest state information as the current state information of the main node, the main node takes the current state information of the main node as the main node state information and generates a sequence.
CN202110907699.XA 2021-08-09 2021-08-09 Block chain network security setting method based on Paxos algorithm Active CN113645295B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110907699.XA CN113645295B (en) 2021-08-09 2021-08-09 Block chain network security setting method based on Paxos algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110907699.XA CN113645295B (en) 2021-08-09 2021-08-09 Block chain network security setting method based on Paxos algorithm

Publications (2)

Publication Number Publication Date
CN113645295A true CN113645295A (en) 2021-11-12
CN113645295B CN113645295B (en) 2023-04-07

Family

ID=78420231

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110907699.XA Active CN113645295B (en) 2021-08-09 2021-08-09 Block chain network security setting method based on Paxos algorithm

Country Status (1)

Country Link
CN (1) CN113645295B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114244859A (en) * 2022-02-23 2022-03-25 阿里云计算有限公司 Data processing method and device and electronic equipment
CN117799673A (en) * 2023-11-22 2024-04-02 北京城建智控科技股份有限公司 Train speed optimization method, device, system, electronic equipment and storage medium

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101674180A (en) * 2008-09-10 2010-03-17 中国人民解放军信息工程大学 Pseudorandom sequence generation method and pseudorandom sequence encryption method
CN103458296A (en) * 2013-09-10 2013-12-18 江苏银河电子股份有限公司 Method for generating intelligent set top box safe key
US20180019867A1 (en) * 2016-07-15 2018-01-18 Mastercard International Incorporated Method and system for partitioned blockchains and enhanced privacy for permissioned blockchains
CN109150923A (en) * 2018-11-06 2019-01-04 江苏怡通数码科技有限公司 Transmitted data on network security processing based on Hybrid Encryption
US20200235988A1 (en) * 2019-06-28 2020-07-23 Alibaba Group Holding Limited Changing a master node in a blockchain system
CN111464549A (en) * 2020-04-09 2020-07-28 山东水利职业学院 Computer network information security event processing method
CN111930840A (en) * 2020-08-06 2020-11-13 平安科技(深圳)有限公司 Consensus mechanism optimization method and system based on Paxos algorithm and block chain network
CN111953699A (en) * 2020-08-17 2020-11-17 汪金玲 Data encryption method and system based on block chain
CN112118117A (en) * 2020-08-27 2020-12-22 紫光云(南京)数字技术有限公司 Block chain consensus method based on Paxos algorithm

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101674180A (en) * 2008-09-10 2010-03-17 中国人民解放军信息工程大学 Pseudorandom sequence generation method and pseudorandom sequence encryption method
CN103458296A (en) * 2013-09-10 2013-12-18 江苏银河电子股份有限公司 Method for generating intelligent set top box safe key
US20180019867A1 (en) * 2016-07-15 2018-01-18 Mastercard International Incorporated Method and system for partitioned blockchains and enhanced privacy for permissioned blockchains
CN109150923A (en) * 2018-11-06 2019-01-04 江苏怡通数码科技有限公司 Transmitted data on network security processing based on Hybrid Encryption
US20200235988A1 (en) * 2019-06-28 2020-07-23 Alibaba Group Holding Limited Changing a master node in a blockchain system
CN111464549A (en) * 2020-04-09 2020-07-28 山东水利职业学院 Computer network information security event processing method
CN111930840A (en) * 2020-08-06 2020-11-13 平安科技(深圳)有限公司 Consensus mechanism optimization method and system based on Paxos algorithm and block chain network
CN111953699A (en) * 2020-08-17 2020-11-17 汪金玲 Data encryption method and system based on block chain
CN112118117A (en) * 2020-08-27 2020-12-22 紫光云(南京)数字技术有限公司 Block chain consensus method based on Paxos algorithm

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
BIN LI ET AL.: "Security Analysis of Paxos Mechanism Design Based on Game Theory", 《2020 IEEE INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY,BIG DATA AND ARTIFICIAL INTELLIGENCE (ICIBA)》 *
FAW67J7: "底层算法系列:Paxos算法", 《CSDN博客HTTPS://BLOG.CSDN.NET/FAW67J7/ARTICLE/DETAILS/79885821》 *
王辉鹏;: "基于区块链的网络安全防御关键技术研究" *
赵春扬;肖冰;郭进伟;钱卫宁;: "一致性协议在分布式数据库系统中的应用" *
陆歌皓;谢莉红;李析禹;: "区块链共识算法对比研究" *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114244859A (en) * 2022-02-23 2022-03-25 阿里云计算有限公司 Data processing method and device and electronic equipment
CN117799673A (en) * 2023-11-22 2024-04-02 北京城建智控科技股份有限公司 Train speed optimization method, device, system, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN113645295B (en) 2023-04-07

Similar Documents

Publication Publication Date Title
Liu et al. Establishing pairwise keys in distributed sensor networks
Yang et al. Faster authenticated key agreement with perfect forward secrecy for industrial internet-of-things
Liu et al. Multilevel μTESLA: Broadcast authentication for distributed sensor networks
US6128742A (en) Method of authentication based on intersection of password sets
Liu et al. Improving key predistribution with deployment knowledge in static sensor networks
Liu et al. Group-based key predistribution for wireless sensor networks
JP5637991B2 (en) Method for secure communication in network, communication device, network, and computer program
CN113645295B (en) Block chain network security setting method based on Paxos algorithm
US11924178B2 (en) Method and system for secure information distribution based on group shared key
Zhou et al. Searchable public-key encryption with cryptographic reverse firewalls for cloud storage
CN1758597B (en) Method for authentication of elements of a group
Blaß et al. An efficient key establishment scheme for secure aggregating sensor networks
Hu et al. Smart contract assisted privacy-preserving data aggregation and management scheme for smart grid
CN111200604A (en) Privacy protection method and system based on data aggregation
Saraswathi et al. Dynamic and probabilistic key management for distributed wireless sensor networks
JP4133215B2 (en) Data division method, data restoration method, and program
US20090300354A1 (en) Method and apparatus for preventing replay attack in wireless network environment
Wu et al. New Practical Attacks on GEA‐1 Based on a New‐Found Weakness
Sun et al. Security-aware and time-guaranteed service placement in edge clouds
Safdar et al. A novel common control channel security framework for cognitive radio networks
Nair et al. A location‐aware physical unclonable function and Chebyshev map‐based mutual authentication mechanism for internet of surveillance drones
Chen et al. SEEK: model extraction attack against hybrid secure inference protocols
Moniruzzaman et al. Overview of Wireless Sensor Networks: Detection of Cloned Node Using RM, LSN, SET, Bloom Filter and AICN Protocol and Comparing Their Performances
Elmallah et al. Logarithmic keying
CN115361682B (en) Underwater wireless sensor network key pre-allocation method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant