CN113645295A - Block chain network security setting method based on Paxos algorithm - Google Patents

Block chain network security setting method based on Paxos algorithm Download PDF

Info

Publication number
CN113645295A
CN113645295A CN202110907699.XA CN202110907699A CN113645295A CN 113645295 A CN113645295 A CN 113645295A CN 202110907699 A CN202110907699 A CN 202110907699A CN 113645295 A CN113645295 A CN 113645295A
Authority
CN
China
Prior art keywords
sequence
module
network security
big data
instances
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110907699.XA
Other languages
Chinese (zh)
Other versions
CN113645295B (en
Inventor
施麟
张新华
薛飞
庞进明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Higher Vocational And Technical School Of Finance And Economics Nanjing Women's Secondary Vocational School
Nanjing Musk Information Technology Co ltd
Southeast University
Hohai University HHU
Original Assignee
Nanjing Higher Vocational And Technical School Of Finance And Economics Nanjing Women's Secondary Vocational School
Nanjing Musk Information Technology Co ltd
Southeast University
Hohai University HHU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Higher Vocational And Technical School Of Finance And Economics Nanjing Women's Secondary Vocational School, Nanjing Musk Information Technology Co ltd, Southeast University, Hohai University HHU filed Critical Nanjing Higher Vocational And Technical School Of Finance And Economics Nanjing Women's Secondary Vocational School
Priority to CN202110907699.XA priority Critical patent/CN113645295B/en
Publication of CN113645295A publication Critical patent/CN113645295A/en
Application granted granted Critical
Publication of CN113645295B publication Critical patent/CN113645295B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1044Group management mechanisms 
    • H04L67/1051Group master selection mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2212/00Encapsulation of packets
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Theoretical Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明涉及网络安全技术领域,具体为一种基于Paxos算法的区块链网络安全设置方法,包括以下步骤;S1:基于Paxos算法定期生成一个主节点;S2:将S1中的主节点信息生成一个序列,并执行一个一致性算法;S3:对序列进行解析处理;S4:相同的操作序列,便得到一个一致的状态;S5:该系列任务结束,回归初始状态。本发明一个总服务器平台与多个区块链计算机形成一个分布式的系统,在一个分布式数据库系统中,大数据采集模块将大数据收集并通过大数据输出模块传输到网络安全模块,基于Paxos算法定期生成一个主节点,每个节点都生成相同的操作序列,那么他们最后能得到一个一致的状态,否则将无法启用网络,因此可以有力的保障网络的安全性。

Figure 202110907699

The invention relates to the technical field of network security, in particular to a block chain network security setting method based on Paxos algorithm, comprising the following steps: S1: periodically generate a master node based on the Paxos algorithm; S2: generate a master node information in S1 into a sequence, and execute a consensus algorithm; S3: parse and process the sequence; S4: the same operation sequence, a consistent state is obtained; S5: the series of tasks ends, return to the initial state. In the present invention, a total server platform and multiple blockchain computers form a distributed system. In a distributed database system, the big data collection module collects big data and transmits it to the network security module through the big data output module. Based on Paxos The algorithm periodically generates a master node, and each node generates the same sequence of operations, so they can finally get a consistent state, otherwise the network will not be enabled, so the security of the network can be effectively guaranteed.

Figure 202110907699

Description

一种基于Paxos算法的区块链网络安全设置方法A security setting method of blockchain network based on Paxos algorithm

技术领域technical field

本发明涉及一种网络安全设置方法,特别是涉及一种基于Paxos算法的区块链网络安全设置方法,属于网络安全技术领域。The invention relates to a network security setting method, in particular to a block chain network security setting method based on Paxos algorithm, and belongs to the technical field of network security.

背景技术Background technique

从网络运行和管理者角度说,希望对本地网络信息的访问、读写等操作受到保护和控制,避免出现“陷门”、病毒、非法存取、拒绝服务和网络资源非法占用和非法控制等威胁,制止和防御网络黑客的攻击,对安全保密部门来说,他们希望对非法的、有害的或涉及国家机密的信息进行过滤和防堵,避免机要信息泄露,避免对社会产生危害,对国家造成巨大损失。From the perspective of network operation and administrators, it is hoped that operations such as access, reading and writing of local network information will be protected and controlled to avoid "trapdoors", viruses, illegal access, denial of service, and illegal occupation and control of network resources. Threat, stop and defend against cyber hacker attacks. For security and confidentiality departments, they hope to filter and prevent illegal, harmful or state secret information, avoid confidential information leakage, and avoid harm to society. The country caused huge losses.

随着计算机技术的迅速发展,在计算机上处理的业务也由基于单机的数学运算、文件处理,基于简单连接的内部网络的内部业务处理、办公自动化等发展到基于复杂的内部网(Intranet)、企业外部网(Extranet)、全球互联网(Internet)的企业级计算机处理系统和世界范围内的信息共享和业务处理。With the rapid development of computer technology, the business processed on the computer has also developed from the mathematical operation and file processing based on a single machine, the internal business processing and office automation based on the simple connection of the internal network to the complex internal network (Intranet), Enterprise extranet (Extranet), global Internet (Internet) enterprise-level computer processing system and worldwide information sharing and business processing.

在系统处理能力提高的同时,系统的连接能力也在不断的提高,但在连接能力信息、流通能力提高的同时,基于网络连接的安全问题也日益突出,网络的物理安全、网络拓扑结构安全、网络系统安全、应用系统安全和网络管理的安全等问题也日益突出,传统的方法只是进行多重的加密,不法分子会逐次单个进行破解,因次并不能够有力的保证网络的安全。While the processing capability of the system is improved, the connection capability of the system is also continuously improved. However, while the connection capability information and circulation capability are improved, the security issues based on network connection are becoming increasingly prominent. The physical security of the network, the security of network topology, Problems such as network system security, application system security, and network management security are also becoming increasingly prominent. The traditional method is to perform multiple encryptions, and criminals will crack them one by one, which cannot effectively guarantee the security of the network.

因此,亟需对区块链网络安全设置方法进行改进,以解决上述存在的问题。Therefore, it is urgent to improve the security setting method of the blockchain network to solve the above problems.

发明内容SUMMARY OF THE INVENTION

本发明的目的是提供一种基于Paxos算法的区块链网络安全设置方法,一个总服务器平台与多个区块链计算机形成一个分布式的系统,在一个分布式数据库系统中,各区块链计算机的初始状态一致,大数据采集模块将大数据收集并通过大数据输出模块传输到网络安全模块,基于Paxos算法定期生成一个主节点,每个节点都生成相同的操作序列,那么他们最后能得到一个一致的状态,否则将无法启用网络,因此可以有力的保障网络的安全性。The purpose of the present invention is to provide a block chain network security setting method based on Paxos algorithm, a total server platform and a plurality of block chain computers form a distributed system, in a distributed database system, each block chain computer The initial state is the same, the big data collection module collects big data and transmits it to the network security module through the big data output module. Based on the Paxos algorithm, a master node is generated periodically, and each node generates the same sequence of operations, then they can finally get a Consistent state, otherwise the network will not be enabled, so the security of the network can be effectively guaranteed.

为了达到上述目的,本发明采用的主要技术方案包括:In order to achieve the above-mentioned purpose, the main technical scheme adopted in the present invention includes:

一种基于Paxos算法的区块链网络安全设置方法,包括总服务器平台以及与所述总服务器平台相连接的若干个区块链计算机,所述总服务器平台的内部设置有数据处理模块,所述区块链计算机包括大数据管理模块、大数据采集模块、大数据分布式模块、大数据输出模块、网络安全模块,所述大数据管理模块、所述大数据采集模块、所述大数据分布式模块以及所述大数据输出模块以及所述网络安全模块依次连接,所述网络安全模块的输出端与所述区块链计算机建立通信连接,所述网络安全模块用于对所述区块链计算机提供主节点并传输至所述总服务器平台,具体设置方法包括以下步骤;A block chain network security setting method based on Paxos algorithm, comprising a total server platform and several block chain computers connected with the total server platform, the total server platform is provided with a data processing module inside, the The blockchain computer includes a big data management module, a big data acquisition module, a big data distribution module, a big data output module, and a network security module. The big data management module, the big data acquisition module, and the big data distribution module The module, the big data output module and the network security module are connected in sequence, the output end of the network security module establishes a communication connection with the blockchain computer, and the network security module is used for the blockchain computer. The master node is provided and transmitted to the total server platform, and the specific setting method includes the following steps;

S1:每个所述区块链计算机中的所述大数据采集模块将大数据收集并通过所述大数据输出模块传输到所述网络安全模块,然后所述网络安全模块内部的基于Paxos算法定期生成一个主节点;S1: The big data collection module in each blockchain computer collects big data and transmits it to the network security module through the big data output module, and then the Paxos algorithm inside the network security module periodically Generate a master node;

S2:再由所述大数据管理模块负责将S1中的主节点信息生成一个序列,通过所述网络安全模块将序列推送到所述区块链计算机,一个序列上执行一个一致性算法;S2: The big data management module is then responsible for generating a sequence of the master node information in S1, pushing the sequence to the blockchain computer through the network security module, and executing a consensus algorithm on a sequence;

S3:所述总服务器平台会依次接收到若干个所述区块链计算机中的序列,若干个所述区块链计算机会依次将序列传输到所述数据处理模块上,所述数据处理模块对序列进行解析处理;S3: The total server platform will sequentially receive sequences from several blockchain computers, and several blockchain computers will sequentially transmit the sequences to the data processing module. The sequence is parsed and processed;

S4:若每个所述区块链计算机都执行相同的操作序列,便得到一个一致的状态;S4: If each of the blockchain computers performs the same sequence of operations, a consistent state is obtained;

S5:该系列任务结束,回归初始状态,等待下一次基于Paxos算法的一致性;S5: The series of tasks ends, returns to the initial state, and waits for the next consistency based on the Paxos algorithm;

通过以上技术方案,总服务器平台以及与总服务器平台相连接的若干个区块链计算机,因此一个总服务器平台与多个区块链计算机形成一个分布式的系统,在一个分布式数据库系统中,如果各区块链计算机的初始状态一致,每个区块链计算机中的大数据采集模块将大数据收集并通过大数据输出模块传输到网络安全模块,然后网络安全模块内部的基于Paxos算法定期生成一个主节点,每个节点都生成相同的操作序列,那么他们最后能得到一个一致的状态;Through the above technical solutions, the total server platform and several blockchain computers connected to the total server platform form a distributed system with a total server platform and multiple blockchain computers. In a distributed database system, If the initial state of each blockchain computer is consistent, the big data acquisition module in each blockchain computer collects the big data and transmits it to the network security module through the big data output module, and then the Paxos algorithm inside the network security module generates a regular The master node, each node generates the same sequence of operations, then they can finally get a consistent state;

为保证每个节点执行相同的命令序列,需要在区块链计算机上执行一个一致性算法以保证每个区块链计算机看到的指令一致;In order to ensure that each node executes the same sequence of commands, a consensus algorithm needs to be executed on the blockchain computer to ensure that the instructions seen by each blockchain computer are consistent;

一个通用的一致性算法可以应用在许多场景中,是分布式计算中的重要问题,在多个过程需要达成某种一致的场合可以使用Paxos算法,分布式存储中多个区块链计算机上的一致性算法达到一致性后可以启动区块链计算机,达到对整个网络的安全防护,提升用户的网络安全。A general consensus algorithm can be applied in many scenarios and is an important issue in distributed computing. Paxos algorithm can be used when multiple processes need to reach a certain consensus. After the consensus algorithm reaches the consistency, the blockchain computer can be started to achieve the security protection of the entire network and improve the network security of users.

优选的,Paxos算法用于保证所述区块链计算机能够保持一致,在Paxos中,每一个Paxos算法中都需要进行一轮主节点的选定,并生成一个序列,作为一个一致性算法。Preferably, the Paxos algorithm is used to ensure that the blockchain computers can be consistent. In Paxos, each Paxos algorithm needs to select a round of master nodes, and generate a sequence as a consensus algorithm.

优选的,在Paxos中,每一个Paxos Instance都需要进行一轮或多轮的Prepare->Promise->Propose->Accept这样完整的二阶段请求过程来完成对一个提议值的选定,为了保证正确性的前提下尽可能地提高算法运行性能,可以让多个Instance共用一套序号分配机制,并将Prepare->Promise合并为一个阶段,具体做法如下:Preferably, in Paxos, each Paxos Instance needs to perform one or more rounds of Prepare->Promise->Propose->Accept such a complete two-stage request process to complete the selection of a proposed value. In order to ensure correctness To improve the performance of the algorithm as much as possible under the premise of stability, multiple Instances can share a set of sequence number allocation mechanism, and combine Prepare->Promise into one stage. The specific methods are as follows:

当某个副本节点通过选举成为Master后,就会使用新分配的编号N来广播一个Prepare消息,该Prepare消息会被所有未达成一致的Instance和目前还未开始的Instance共用;When a replica node becomes a Master through election, it will use the newly allocated number N to broadcast a Prepare message, which will be shared by all instances that have not reached an agreement and instances that have not yet started;

当Acceptor接收到Prepare消息后,必须对多个Instance同时做出回应,这通常可以通过将反馈信息封装在一个数据包中来实现,假设最多允许K个Instance同时进行提议值的选定,那么:When the Acceptor receives the Prepare message, it must respond to multiple Instances at the same time. This can usually be achieved by encapsulating the feedback information in a data packet. Assuming that at most K Instances are allowed to select the proposed value at the same time, then:

当前之多存在K个未达成一致的Instance,将这些未决的Instance各自最后接受的提议值封装进一个数据包,并作为Promise消息返回;At present, there are as many K Instances that have not reached an agreement, and the proposed values finally accepted by these pending Instances are encapsulated into a data packet and returned as a Promise message;

同时,判断N是否大于当前Acceptor的highestPromisedNum值(当前已经接受的最大的提议编号值),如果大于,那么就标记这些未决Instance和所有未来的Instance的highestPromisedNum的值为N,这样,这些未决Instance和所有未来Instance都不能再接受任何编号小于N的提议;At the same time, judge whether N is greater than the highestPromisedNum value of the current Acceptor (the maximum proposal number value that has been accepted currently), if it is greater than, then mark the highestPromisedNum value of these pending Instances and all future Instances is N, in this way, these pending Instances Instance and all future Instances can no longer accept any proposal with a number less than N;

Master对所有未决Instance和所有未来Instance分别执行Propose->Accept阶段的处理,如果Master能够一直稳定运行的话,那么在接下来的算法运行过程中,就不再需要进行Prepare->Promise处理了。但是,一旦Master发现Acceptor返回了一个Reject消息,说明集群中存在另一个Master并且试图使用更大的提议编号发送了Prepare消息,此时,当前Master就需要重新分配新的提议编号并再次进行Prepare->Promise阶段的处理。The Master performs the processing of the Propose->Accept phase on all pending Instances and all future Instances respectively. If the Master can run stably all the time, then in the next algorithm running process, the Prepare->Promise processing is no longer required. However, once the Master finds that the Acceptor has returned a Reject message, indicating that there is another Master in the cluster and trying to send a Prepare message with a larger proposal number, the current Master needs to reassign a new proposal number and prepare again-Prepare- >Promise phase processing.

优选的,一轮或多轮的Prepare->Promise->Propose->Accept这样完整序列的选定,该算法选择依据的公式是:Preferably, one or more rounds of selection of a complete sequence such as Prepare->Promise->Propose->Accept, the algorithm selection is based on the formula:

MasterPrepare=max((T+t)/t);MasterPrepare=max((T+t)/t);

其中T为序列生成等待时间,t为序列传送处理时间。Where T is the sequence generation waiting time, and t is the sequence transmission processing time.

优选的,Master对所有未决Instance和所有未来Instance分别执行Propose->Accept阶段的处理,其总算法为:Preferably, the Master performs the processing of the Propose->Accept stage on all pending Instances and all future Instances respectively, and the total algorithm is as follows:

MasterAccept=(N*n+I*K+P)/(N+K+P);MasterAccept=(N*n+I*K+P)/(N+K+P);

其中N为生成序列的编号,n为生成编号的个数,I为Instance的生成数列,K为生成Instance的个数,P为性能指标正常的序列。Among them, N is the number of the generated sequence, n is the number of generated numbers, I is the generated sequence of Instances, K is the number of generated Instances, and P is the sequence with normal performance indicators.

优选的,所述网络安全模块包括检测单元、加密单元以及解密单元,所述检测单元与所述大数据管理模块以及所述大数据采集模块的输入端建立通信连接;Preferably, the network security module includes a detection unit, an encryption unit and a decryption unit, and the detection unit establishes a communication connection with the big data management module and the input end of the big data acquisition module;

通过以上技术方案,用于对用户发送的序列进行检测和加密,一旦检测单元发现异常将会出现异常序列,因此无法启动用户计算机,在检测单元检测无异常之后,加密单元便对序列进行加密,以保证序列的一致性,多个一致性算法达成一致后,可以启动计算机,提升计算机使用的安全性,且加密单元的密钥为伪随机数生成器生成,伪随机数生成器生成随机数序列{Kn},所述伪随机数序列{Kn}生成方式,包括以下步骤,The above technical solution is used to detect and encrypt the sequence sent by the user. Once the detection unit finds an abnormality, an abnormal sequence will appear, so the user's computer cannot be started. After the detection unit detects that there is no abnormality, the encryption unit encrypts the sequence. In order to ensure the consistency of the sequence, after multiple consensus algorithms are agreed, the computer can be started to improve the security of computer use, and the key of the encryption unit is generated by the pseudo-random number generator, and the pseudo-random number generator generates a random number sequence {K n }, the generation method of the pseudo-random number sequence {K n }, including the following steps:

步骤(A),设向量序列{Sn}为,Step (A), let the vector sequence {S n } be,

Figure BDA0003202334690000051
Figure BDA0003202334690000051

其中,

Figure BDA0003202334690000052
为向量序列{Sn}的第i个分量,i的范围为0≤i≤14,初始向量S0为,in,
Figure BDA0003202334690000052
is the ith component of the vector sequence {S n }, the range of i is 0≤i≤14, and the initial vector S 0 is,

S0=[65535,0,0,65535,0,65535,0,65535,0,0,0,0,0,0,0],mod为取模运算,b=65536;S 0 =[65535,0,0,65535,0,65535,0,65535,0,0,0,0,0,0,0], mod is the modulo operation, b=65536;

步骤(B),设数列Rn为,Step (B), let the sequence R n be,

Figure BDA0003202334690000053
Figure BDA0003202334690000053

步骤(C),设数列Tn为,Step (C), let the sequence T n be,

Figure BDA0003202334690000054
Figure BDA0003202334690000054

步骤(D),将数列Rn和数列Tn按位异或,序列{K1n}为,Step (D), XOR the sequence R n and the sequence T n bitwise, the sequence {K1 n } is,

Figure BDA0003202334690000061
Figure BDA0003202334690000061

其中n∈Z且n≥0,Z为整数域,

Figure BDA0003202334690000062
为按位异或运算;where n∈Z and n≥0, Z is the integer field,
Figure BDA0003202334690000062
is a bitwise XOR operation;

步骤(E),将数列Rn和数列Tn按位或,序列{K2n}为,In step (E), the sequence R n and the sequence T n are bitwise ORed, and the sequence {K2 n } is,

K2n=Rn|Tn K2 n =R n |T n

其中n∈Z且n≥0,Z为整数域,|为按位或运算;where n∈Z and n≥0, Z is the integer field, | is the bitwise OR operation;

步骤(F),将序列{K1n}和序列{K2n}按位与,得到伪随机数序列{Kn}位,Step (F), bitwise AND the sequence {K1 n } and the sequence {K2 n } to obtain the pseudo-random number sequence {K n } bits,

Kn=K1n&K2n K n =K1 n &K2 n

其中n∈Z且n≥0,Z为整数域,&为按位与运算。Where n∈Z and n≥0, Z is the integer field, & is the bitwise AND operation.

优选的,所述节点包括计时模块和检测模块,所述计时模块用于启动定时器开始计时,所述检测模块用于对所述节点进行检测。Preferably, the node includes a timing module and a detection module, the timing module is used to start a timer to start timing, and the detection module is used to detect the node.

优选的,所述区块链计算机与所述总服务器平台为同步连接时,所述区块链计算机先获取一致性算法;Preferably, when the blockchain computer and the total server platform are synchronously connected, the blockchain computer first obtains the consensus algorithm;

通过以上技术方案,然后再通过上的进行处理,经过处理达到一致后才能启动网络,因此可以全面保证网络的安全性。Through the above technical solutions, and then through the above processing, the network can be started only after the processing reaches a consensus, so the security of the network can be fully guaranteed.

优选的,所述网络安全模块与所述数据处理模块建立通信连接,所述数据处理模块用于检测若干个所述网络安全模块的一致性算法是否一致。Preferably, the network security module establishes a communication connection with the data processing module, and the data processing module is configured to detect whether the consistency algorithms of several of the network security modules are consistent.

优选的,所述主节点将最新状态信息设定为所述主节点的当前状态信息后,将所述主节点的当前状态信息作为主节点状态信息,并生成序列。Preferably, after the master node sets the latest state information as the current state information of the master node, the current state information of the master node is used as the master node state information, and a sequence is generated.

本发明至少具备以下有益效果:The present invention at least has the following beneficial effects:

一个总服务器平台与多个区块链计算机形成一个分布式的系统,在一个分布式数据库系统中,大数据采集模块将大数据收集并通过大数据输出模块传输到网络安全模块,基于Paxos算法定期生成一个主节点,每个节点都生成相同的操作序列,那么他们最后能得到一个一致的状态,否则将无法启用网络,因此可以有力的保障网络的安全性,而且,加密单元的密钥为伪随机数生成器生成方式独特,加密复杂程度高,进一步提高网络安全的效果。A total server platform and multiple blockchain computers form a distributed system. In a distributed database system, the big data collection module collects big data and transmits it to the network security module through the big data output module. Based on the Paxos algorithm, it regularly Generate a master node, each node generates the same sequence of operations, then they can finally get a consistent state, otherwise the network will not be enabled, so the security of the network can be effectively guaranteed, and the key of the encryption unit is fake The random number generator has a unique generation method and a high degree of encryption complexity, which further improves the effect of network security.

附图说明Description of drawings

此处所说明的附图用来提供对本申请的进一步理解,构成本申请的一部分,本申请的示意性实施例及其说明用于解释本申请,并不构成对本申请的不当限定。在附图中:The drawings described herein are used to provide further understanding of the present application and constitute a part of the present application. The schematic embodiments and descriptions of the present application are used to explain the present application and do not constitute an improper limitation of the present application. In the attached image:

图1为本发明的基于Paxos算法的区块链网络安全设置方法的流程示意图。FIG. 1 is a schematic flowchart of a method for setting up blockchain network security based on the Paxos algorithm of the present invention.

图2为本发明的基于Paxos算法的区块链网络安全设置方法的系统结构图。FIG. 2 is a system structure diagram of a block chain network security setting method based on the Paxos algorithm of the present invention.

图中,1-总服务器平台,2-区块链计算机,3-大数据管理模块,4-大数据采集模块,5-大数据分布式模块,6-大数据输出模块,7-网络安全模块,8-一致性处理模块,9-检测单元,10-加密单元,11-解密单元,12-计时模块,13-检测模块。In the figure, 1-total server platform, 2-blockchain computer, 3-big data management module, 4-big data acquisition module, 5-big data distribution module, 6-big data output module, 7-network security module , 8-consistency processing module, 9-detection unit, 10-encryption unit, 11-decryption unit, 12-timing module, 13-detection module.

具体实施方式Detailed ways

以下将配合附图及实施例来详细说明本申请的实施方式,借此对本申请如何应用技术手段来解决技术问题并达成技术功效的实现过程能充分理解并据以实施。The embodiments of the present application will be described in detail below with reference to the accompanying drawings and examples, so as to fully understand and implement the implementation process of how to apply technical means to solve technical problems and achieve technical effects in the present application.

如图1-图2所示,本实施例提供的基于Paxos算法的区块链网络安全设置方法,包括总服务器平台1以及与总服务器平台1相连接的若干个区块链计算机2,总服务器平台1的内部设置有数据处理模块8,区块链计算机2包括大数据管理模块3、大数据采集模块4、大数据分布式模块5、大数据输出模块6、网络安全模块7,大数据管理模块3、大数据采集模块4、大数据分布式模块5以及大数据输出模块6以及网络安全模块7依次连接,网络安全模块7的输出端与区块链计算机2建立通信连接,网络安全模块7用于对区块链计算机2提供主节点并传输至总服务器平台1,具体设置方法包括以下步骤;As shown in FIG. 1-FIG. 2, the block chain network security setting method based on the Paxos algorithm provided by this embodiment includes a general server platform 1 and several blockchain computers 2 connected to the general server platform 1. The general server platform 1 The platform 1 is provided with a data processing module 8, and the blockchain computer 2 includes a big data management module 3, a big data acquisition module 4, a big data distribution module 5, a big data output module 6, a network security module 7, and a big data management module. Module 3, big data acquisition module 4, big data distribution module 5, big data output module 6 and network security module 7 are connected in sequence, the output end of the network security module 7 establishes a communication connection with the blockchain computer 2, and the network security module 7 It is used to provide the master node to the blockchain computer 2 and transmit it to the total server platform 1, and the specific setting method includes the following steps;

S1:每个区块链计算机2中的大数据采集模块4将大数据收集并通过大数据输出模块6传输到网络安全模块7,然后网络安全模块7内部的基于Paxos算法定期生成一个主节点;S1: The big data collection module 4 in each blockchain computer 2 collects big data and transmits it to the network security module 7 through the big data output module 6, and then the network security module 7 generates a master node periodically based on the Paxos algorithm;

S2:再由大数据管理模块3负责将S1中的主节点信息生成一个序列,通过网络安全模块7将序列推送到区块链计算机2,一个序列上执行一个一致性算法;S2: The big data management module 3 is responsible for generating a sequence of the master node information in S1, pushes the sequence to the blockchain computer 2 through the network security module 7, and executes a consensus algorithm on a sequence;

S3:总服务器平台1会依次接收到若干个区块链计算机2中的序列,若干个区块链计算机2会依次将序列传输到数据处理模块8上,数据处理模块8对序列进行解析处理;S3: The total server platform 1 will sequentially receive sequences from several blockchain computers 2, and several blockchain computers 2 will sequentially transmit the sequences to the data processing module 8, and the data processing module 8 parses and processes the sequences;

S4:若每个区块链计算机2都执行相同的操作序列,便得到一个一致的状态;S4: If each blockchain computer 2 performs the same sequence of operations, a consistent state is obtained;

S5:该系列任务结束,回归初始状态,等待下一次基于Paxos算法的一致性;S5: The series of tasks ends, returns to the initial state, and waits for the next consistency based on the Paxos algorithm;

总服务器平台1以及与总服务器平台1相连接的若干个区块链计算机2,因此一个总服务器平台1与多个区块链计算机2形成一个分布式的系统,在一个分布式数据库系统中,如果各区块链计算机2的初始状态一致,每个区块链计算机2中的大数据采集模块4将大数据收集并通过大数据输出模块6传输到网络安全模块7,然后网络安全模块7内部的基于Paxos算法定期生成一个主节点,每个节点都生成相同的操作序列,那么他们最后能得到一个一致的状态;The total server platform 1 and several blockchain computers 2 connected to the total server platform 1, so a total server platform 1 and multiple blockchain computers 2 form a distributed system. In a distributed database system, If the initial state of each blockchain computer 2 is the same, the big data collection module 4 in each blockchain computer 2 collects and transmits the big data to the network security module 7 through the big data output module 6, and then the data inside the network security module 7 Based on the Paxos algorithm, a master node is periodically generated, and each node generates the same sequence of operations, so they can finally get a consistent state;

主节点将最新状态信息设定为主节点的当前状态信息后,将主节点的当前状态信息作为主节点状态信息,并生成序列;After the master node sets the latest state information as the current state information of the master node, the current state information of the master node is used as the master node state information, and a sequence is generated;

为保证每个节点执行相同的命令序列,需要在区块链计算机2上执行一个一致性算法以保证每个区块链计算机2看到的指令一致;In order to ensure that each node executes the same sequence of commands, a consensus algorithm needs to be executed on the blockchain computer 2 to ensure that the instructions seen by each blockchain computer 2 are consistent;

一个通用的一致性算法可以应用在许多场景中,是分布式计算中的重要问题,在多个过程需要达成某种一致的场合可以使用Paxos算法,分布式存储中多个区块链计算机2上的一致性算法达到一致性后可以启动区块链计算机2,达到对整个网络的安全防护,提升用户的网络安全。A general consensus algorithm can be applied in many scenarios and is an important issue in distributed computing. The Paxos algorithm can be used in situations where multiple processes need to reach some kind of consensus. In distributed storage, multiple blockchain computers 2 After the consensus algorithm reaches the consistency, the blockchain computer 2 can be started to achieve the security protection of the entire network and improve the network security of users.

在本实施例中,如图1所示,Paxos算法用于保证区块链计算机2能够保持一致,在Paxos中,每一个Paxos算法中都需要进行一轮主节点的选定,并生成一个序列,作为一个一致性算法;In this embodiment, as shown in Figure 1, the Paxos algorithm is used to ensure that the blockchain computer 2 can be consistent. In Paxos, each Paxos algorithm needs to select a round of master nodes and generate a sequence , as a consensus algorithm;

在Paxos中,每一个Paxos Instance都需要进行一轮或多轮的Prepare->Promise->Propose->Accept这样完整的二阶段请求过程来完成对一个提议值的选定,为了保证正确性的前提下尽可能地提高算法运行性能,可以让多个Instance共用一套序号分配机制,并将Prepare->Promise合并为一个阶段,其中“Prepare->Promise->Propose->Accept”表示“准备->承诺->提议->接受”的意思,其中“Instance”表示“实例”的意思,具体做法如下:In Paxos, each Paxos Instance needs to perform one or more rounds of Prepare->Promise->Propose->Accept such a complete two-stage request process to complete the selection of a proposed value, in order to ensure the correctness of the premise In order to improve the running performance of the algorithm as much as possible, multiple Instances can share a set of sequence number allocation mechanism, and combine Prepare->Promise into one stage, where "Prepare->Promise->Propose->Accept" means "Prepare->Promise" Promise -> Proposal -> Accept", where "Instance" means "instance". The specific methods are as follows:

当某个副本节点通过选举成为Master后,其中“Master”表示“主要的”的意思,就会使用新分配的编号N来广播一个Prepare消息,该Prepare消息会被所有未达成一致的Instance和目前还未开始的Instance共用;When a replica node becomes a Master through election, where "Master" means "main", it will use the newly allocated number N to broadcast a Prepare message, which will be used by all instances that have not reached an agreement and the current Instance sharing that has not yet started;

当Acceptor接收到Prepare消息后,必须对多个Instance同时做出回应,这通常可以通过将反馈信息封装在一个数据包中来实现,假设最多允许K个Instance同时进行提议值的选定,其中“Acceptor”表示“接受者”的意思,那么:When the Acceptor receives the Prepare message, it must respond to multiple Instances at the same time. This can usually be achieved by encapsulating the feedback information in a data packet. It is assumed that at most K Instances are allowed to select the proposed value at the same time, where " Acceptor" means "acceptor", then:

当前之多存在K个未达成一致的Instance,将这些未决的Instance各自最后接受的提议值封装进一个数据包,并作为Promise消息返回;At present, there are as many K Instances that have not reached an agreement, and the proposed values finally accepted by these pending Instances are encapsulated into a data packet and returned as a Promise message;

同时,判断N是否大于当前Acceptor的highestPromisedNum值(当前已经接受的最大的提议编号值),如果大于,那么就标记这些未决Instance和所有未来的Instance的highestPromisedNum的值为N,这样,这些未决Instance和所有未来Instance都不能再接受任何编号小于N的提议;At the same time, judge whether N is greater than the highestPromisedNum value of the current Acceptor (the maximum proposal number value that has been accepted currently), if it is greater than, then mark the highestPromisedNum value of these pending Instances and all future Instances is N, in this way, these pending Instances Instance and all future Instances can no longer accept any proposal with a number less than N;

Master对所有未决Instance和所有未来Instance分别执行Propose->Accept阶段的处理,如果Master能够一直稳定运行的话,那么在接下来的算法运行过程中,就不再需要进行Prepare->Promise处理了。但是,一旦Master发现Acceptor返回了一个Reject消息,“Reject”表示“拒绝”的意思,说明集群中存在另一个Master并且试图使用更大的提议编号发送了Prepare消息,此时,当前Master就需要重新分配新的提议编号并再次进行Prepare->Promise阶段的处理。The Master performs the processing of the Propose->Accept phase on all pending Instances and all future Instances respectively. If the Master can run stably all the time, then in the next algorithm running process, the Prepare->Promise processing is no longer required. However, once the Master finds that the Acceptor has returned a Reject message, "Reject" means "reject", indicating that there is another Master in the cluster and trying to use a larger proposal number to send the Prepare message. At this time, the current Master needs to re-run Assign a new proposal number and go through the Prepare->Promise stage again.

一轮或多轮的Prepare->Promise->Propose->Accept这样完整序列的选定,该算法选择依据的公式是:One or more rounds of selection of a complete sequence such as Prepare->Promise->Propose->Accept, the algorithm selection is based on the formula:

MasterPrepare=max((T+t)/t);MasterPrepare=max((T+t)/t);

其中T为序列生成等待时间,t为序列传送处理时间。Where T is the sequence generation waiting time, and t is the sequence transmission processing time.

Master对所有未决Instance和所有未来Instance分别执行Propose->Accept阶段的处理,其总算法为:The Master performs the processing of the Propose->Accept phase on all pending Instances and all future Instances respectively. The total algorithm is:

MasterAccept=(N*n+I*K+P)/(N+K+P);MasterAccept=(N*n+I*K+P)/(N+K+P);

其中N为生成序列的编号,n为生成编号的个数,I为Instance的生成数列,K为生成Instance的个数,P为性能指标正常的序列。Among them, N is the number of the generated sequence, n is the number of generated numbers, I is the generated sequence of Instances, K is the number of generated Instances, and P is the sequence with normal performance indicators.

在本实施例中,如图2所示,网络安全模块7包括检测单元9、加密单元10以及解密单元11,检测单元9与大数据管理模块3以及大数据采集模块4的输入端建立通信连接;In this embodiment, as shown in FIG. 2 , the network security module 7 includes a detection unit 9 , an encryption unit 10 and a decryption unit 11 , and the detection unit 9 establishes a communication connection with the input ends of the big data management module 3 and the big data acquisition module 4 ;

用于对用户发送的序列进行检测和加密,一旦检测单元9发现异常将会出现异常序列,因此无法启动用户计算机,在检测单元9检测无异常之后,加密单元10便对序列进行加密,以保证序列的一致性,多个一致性算法达成一致后,可以启动计算机,提升计算机使用的安全性,且加密单元的密钥为伪随机数生成器生成,伪随机数生成器生成随机数序列{Kn},所述伪随机数序列{Kn}生成方式,包括以下步骤,It is used to detect and encrypt the sequence sent by the user. Once the detection unit 9 finds an abnormality, an abnormal sequence will occur, so the user's computer cannot be started. After the detection unit 9 detects that there is no abnormality, the encryption unit 10 encrypts the sequence to ensure Consistency of the sequence, after multiple consensus algorithms reach an agreement, the computer can be started to improve the security of the computer, and the key of the encryption unit is generated by the pseudo-random number generator, and the pseudo-random number generator generates a random number sequence {K n }, the generation method of the pseudo-random number sequence {K n } includes the following steps:

步骤(A),设向量序列{Sn}为,Step (A), let the vector sequence {S n } be,

Figure BDA0003202334690000111
Figure BDA0003202334690000111

其中,

Figure BDA0003202334690000112
为向量序列{Sn}的第i个分量,i的范围为0≤i≤14,初始向量S0为,in,
Figure BDA0003202334690000112
is the ith component of the vector sequence {S n }, the range of i is 0≤i≤14, and the initial vector S 0 is,

S0=[65535,0,0,65535,0,65535,0,65535,0,0,0,0,0,0,0],mod为取S 0 =[65535,0,0,65535,0,65535,0,65535,0,0,0,0,0,0,0], mod is the

模运算,b=65536;Modulo operation, b = 65536;

步骤(B),设数列Rn为,Step (B), let the sequence R n be,

Figure BDA0003202334690000113
Figure BDA0003202334690000113

步骤(C),设数列Tn为,Step (C), let the sequence T n be,

Figure BDA0003202334690000114
Figure BDA0003202334690000114

步骤(D),将数列Rn和数列Tn按位异或,序列{K1n}为,Step (D), XOR the sequence R n and the sequence T n bitwise, the sequence {K1 n } is,

Figure BDA0003202334690000115
Figure BDA0003202334690000115

其中n∈Z且n≥0,Z为整数域,

Figure BDA0003202334690000116
为按位异或运算;where n∈Z and n≥0, Z is the integer field,
Figure BDA0003202334690000116
is a bitwise XOR operation;

步骤(E),将数列Rn和数列Tn按位或,序列{K2n}为,In step (E), the sequence R n and the sequence T n are bitwise ORed, and the sequence {K2 n } is,

K2n=Rn|Tn K2 n =R n |T n

其中n∈Z且n≥0,Z为整数域,|为按位或运算;where n∈Z and n≥0, Z is the integer field, | is the bitwise OR operation;

步骤(F),将序列{K1n}和序列{K2n}按位与,得到伪随机数序列{Kn}位,Step (F), bitwise AND the sequence {K1 n } and the sequence {K2 n } to obtain the pseudo-random number sequence {K n } bits,

Kn=K1n&K2n K n =K1 n &K2 n

其中n∈Z且n≥0,Z为整数域,&为按位与运算。Where n∈Z and n≥0, Z is the integer field, & is the bitwise AND operation.

上述的加密方式独特,复杂程度高,进一步提供区块链网络的安全性能。The above-mentioned encryption method is unique and highly complex, which further provides the security performance of the blockchain network.

节点包括计时模块12和检测模块13,计时模块12用于启动定时器开始计时,检测模块13用于对节点进行检测。The node includes a timing module 12 and a detection module 13. The timing module 12 is used to start a timer to start timing, and the detection module 13 is used to detect the node.

区块链计算机2与总服务器平台1为同步连接时,区块链计算机2先获取一致性算法,然后再通过1上的8进行处理,经过8处理达到一致后才能启动网络,因此可以全面保证网络的安全性。When the blockchain computer 2 and the total server platform 1 are synchronously connected, the blockchain computer 2 first obtains the consensus algorithm, and then processes it through 8 on 1. After the 8 processing reaches consistency, the network can be started, so it can be fully guaranteed. network security.

网络安全模块7与数据处理模块8建立通信连接,数据处理模块8用于检测若干个网络安全模块7的一致性算法是否一致。The network security module 7 establishes a communication connection with the data processing module 8, and the data processing module 8 is used to detect whether the consistency algorithms of several network security modules 7 are consistent.

本发明的基于Paxos算法的区块链网络安全设置方法,一个总服务器平台与多个区块链计算机形成一个分布式的系统,在一个分布式数据库系统中,大数据采集模块将大数据收集并通过大数据输出模块传输到网络安全模块,基于Paxos算法定期生成一个主节点,每个节点都生成相同的操作序列,那么他们最后能得到一个一致的状态,否则将无法启用网络,因此可以有力的保障网络的安全性,而且,加密单元的密钥为伪随机数生成器生成方式独特,加密复杂程度高,进一步提高网络安全的效果。In the block chain network security setting method based on the Paxos algorithm of the present invention, a total server platform and a plurality of block chain computers form a distributed system, and in a distributed database system, the big data collection module collects big data into The big data output module is transmitted to the network security module, and a master node is generated periodically based on the Paxos algorithm. Each node generates the same sequence of operations, so they can finally get a consistent state, otherwise the network will not be able to be enabled, so it can be powerful The security of the network is guaranteed, and the key of the encryption unit is generated by a pseudo-random number generator in a unique way, and the encryption complexity is high, which further improves the effect of network security.

如在说明书及权利要求当中使用了某些词汇来指称特定组件。本领域技术人员应可理解,硬件制造商可能会用不同名词来称呼同一个组件。本说明书及权利要求并不以名称的差异来作为区分组件的方式,而是以组件在功能上的差异来作为区分的准则。如在通篇说明书及权利要求当中所提及的“包含”为一开放式用语,故应解释成“包含但不限定于”。“大致”是指在可接收的误差范围内,本领域技术人员能够在一定误差范围内解决技术问题,基本达到技术效果。As used in the specification and claims, certain terms are used to refer to particular components. It should be understood by those skilled in the art that hardware manufacturers may refer to the same component by different nouns. The description and claims do not use the difference in name as a way to distinguish components, but use the difference in function of the components as a criterion for distinguishing. As mentioned in the entire specification and claims, "comprising" is an open-ended term, so it should be interpreted as "including but not limited to". "Approximately" means that within an acceptable error range, those skilled in the art can solve technical problems within a certain error range, and basically achieve technical effects.

需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的商品或者系统不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种商品或者系统所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括要素的商品或者系统中还存在另外的相同要素。It should be noted that the terms "comprising", "comprising" or any other variation thereof are intended to encompass non-exclusive inclusion, such that a commodity or system comprising a list of elements includes not only those elements, but also those not explicitly listed Other elements, or also include elements inherent to the commodity or system. Without further limitation, an element qualified by the phrase "comprising a..." does not preclude the presence of additional identical elements in the commodity or system that includes the element.

上述说明示出并描述了本发明的若干优选实施例,但如前所述,应当理解本发明并非局限于本文所披露的形式,不应看作是对其他实施例的排除,而可用于各种其他组合、修改和环境,并能够在本文所述发明构想范围内,通过上述教导或相关领域的技术或知识进行改动。而本领域人员所进行的改动和变化不脱离本发明的精神和范围,则都应在本发明所附权利要求的保护范围内。The foregoing description shows and describes several preferred embodiments of the present invention, but as previously mentioned, it should be understood that the present invention is not limited to the form disclosed herein, and should not be construed as an exclusion of other embodiments, but may be used in various and other combinations, modifications and environments, and can be modified within the scope of the inventive concepts described herein, from the above teachings or from skill or knowledge in the relevant art. However, modifications and changes made by those skilled in the art do not depart from the spirit and scope of the present invention, and should all fall within the protection scope of the appended claims of the present invention.

Claims (10)

1.一种基于Paxos算法的区块链网络安全设置方法,包括总服务器平台(1)以及与所述总服务器平台(1)相连接的若干个区块链计算机(2),其特征在于,所述总服务器平台(1)的内部设置有数据处理模块(8),所述区块链计算机(2)包括大数据管理模块(3)、大数据采集模块(4)、大数据分布式模块(5)、大数据输出模块(6)、网络安全模块(7),所述大数据管理模块(3)、所述大数据采集模块(4)、所述大数据分布式模块(5)以及所述大数据输出模块(6)以及所述网络安全模块(7)依次连接,所述网络安全模块(7)的输出端与所述区块链计算机(2)建立通信连接,所述网络安全模块(7)用于对所述区块链计算机(2)提供主节点并传输至所述总服务器平台(1),具体设置方法包括以下步骤;1. a block chain network security setting method based on Paxos algorithm, comprising a total server platform (1) and several block chain computers (2) connected with the total server platform (1), it is characterized in that, A data processing module (8) is provided inside the total server platform (1), and the blockchain computer (2) includes a big data management module (3), a big data acquisition module (4), and a big data distribution module (5), a big data output module (6), a network security module (7), the big data management module (3), the big data acquisition module (4), the big data distribution module (5), and The big data output module (6) and the network security module (7) are connected in sequence, and the output end of the network security module (7) establishes a communication connection with the blockchain computer (2). The module (7) is used to provide the master node to the blockchain computer (2) and transmit it to the total server platform (1), and the specific setting method includes the following steps; S1:每个所述区块链计算机(2)中的所述大数据采集模块(4)将大数据收集并通过所述大数据输出模块(6)传输到所述网络安全模块(7),然后所述网络安全模块(7)内部的基于Paxos算法定期生成一个主节点;S1: the big data collection module (4) in each of the blockchain computers (2) collects big data and transmits it to the network security module (7) through the big data output module (6), Then a master node is periodically generated based on the Paxos algorithm inside the network security module (7); S2:再由所述大数据管理模块(3)负责将S1中的主节点信息生成一个序列,通过所述网络安全模块(7)将序列推送到所述区块链计算机(2),一个序列上执行一个一致性算法;S2: The big data management module (3) is responsible for generating a sequence of the master node information in S1, and the network security module (7) pushes the sequence to the blockchain computer (2), a sequence Execute a consensus algorithm on it; S3:所述总服务器平台(1)会依次接收到若干个所述区块链计算机(2)中的序列,若干个所述区块链计算机(2)会依次将序列传输到所述数据处理模块(8)上,所述数据处理模块(8)对序列进行解析处理;S3: The total server platform (1) will sequentially receive sequences from several of the blockchain computers (2), and several of the blockchain computers (2) will sequentially transmit the sequences to the data processing On the module (8), the data processing module (8) parses and processes the sequence; S4:若每个所述区块链计算机(2)都执行相同的操作序列,便得到一个一致的状态;S4: If each of the blockchain computers (2) performs the same sequence of operations, a consistent state is obtained; S5:该系列任务结束,回归初始状态,等待下一次基于Paxos算法的一致性。S5: The series of tasks ends, returns to the initial state, and waits for the next consistency based on the Paxos algorithm. 2.根据权利要求1所述的一种基于Paxos算法的区块链网络安全设置方法,其特征在于:Paxos算法用于保证所述区块链计算机(2)能够保持一致,在Paxos中,每一个Paxos算法中都需要进行一轮主节点的选定,并生成一个序列,作为一个一致性算法。2. a kind of block chain network security setting method based on Paxos algorithm according to claim 1, is characterized in that: Paxos algorithm is used to guarantee that described block chain computer (2) can keep consistent, in Paxos, every In a Paxos algorithm, a round of primary node selection is required, and a sequence is generated as a consensus algorithm. 3.根据权利要求1所述的一种基于Paxos算法的区块链网络安全设置方法,其特征在于:在Paxos中,每一个Paxos Instance都需要进行一轮或多轮的Prepare->Promise->Propose->Accept这样完整的序列请求过程来完成对一个主节点的选定,并将Prepare->Promise生成为一个一致性算法,具体做法如下:3. a kind of block chain network security setting method based on Paxos algorithm according to claim 1 is characterized in that: in Paxos, each Paxos Instance needs to carry out one or more rounds of Prepare->Promise-> Propose->Accept is a complete sequence request process to complete the selection of a master node, and prepare->Promise is generated as a consensus algorithm. The specific methods are as follows: S3.1、所述区块链计算机(2)的主节点通过选举成为Master后,通过编号N来广播一个Prepare消息,该Prepare消息被所有未达成一致的Instance和目前还未开始的Instance共用;S3.1. After the master node of the blockchain computer (2) is elected as the Master, it broadcasts a Prepare message through the number N, and the Prepare message is shared by all the Instances that have not reached an agreement and the Instances that have not yet started; S3.2、Acceptor接收到Prepare消息后,对多个Instance同时做出回应,通过将反馈信息生成一个序列来实现,假设最多允许K个Instance同时进行提议值的选定,那么:S3.2. After the Acceptor receives the Prepare message, it responds to multiple Instances at the same time. This is achieved by generating a sequence of feedback information. Assuming that at most K Instances are allowed to select the proposed value at the same time, then: 多个K未达成一致的Instance,将这些未决的Instance各自最后接受的提议值生成一个序列,并作为Promise消息返回;For Instances for which multiple Ks have not reached an agreement, generate a sequence of the proposed values finally accepted by these pending Instances and return them as Promise messages; 判断N是否大于当前Acceptor的highestPromisedNum值,如果大于,那么就标记这些未决Instance和所有未来的Instance的highestPromisedNum的值为N,这样,这些未决Instance和所有未来Instance都不能再接受任何编号小于N的提议;Determine whether N is greater than the highestPromisedNum value of the current Acceptor. If it is greater, then mark the highestPromisedNum value of these pending Instances and all future Instances as N, so that these pending Instances and all future Instances can no longer accept any number less than N proposal; S3.3、Master对所有未决Instance和所有未来Instance分别执行Propose->Accept阶段的处理。S3.3, the Master performs the processing of the Propose->Accept phase on all pending Instances and all future Instances respectively. 4.根据权利要求3所述的一种基于Paxos算法的区块链网络安全设置方法,其特征在于:一轮或多轮的Prepare->Promise->Propose->Accept这样完整序列的选定,该算法选择依据的公式是:4. a kind of block chain network security setting method based on Paxos algorithm according to claim 3 is characterized in that: the selection of such complete sequence of Prepare->Promise->Propose->Accept of one or more rounds, The formula on which the algorithm is chosen is: MasterPrepare=max((T+t)/t);MasterPrepare=max((T+t)/t); 其中T为序列生成等待时间,t为序列传送处理时间。Where T is the sequence generation waiting time, and t is the sequence transmission processing time. 5.根据权利要求3所述的一种基于Paxos算法的区块链网络安全设置方法,其特征在于:Master对所有未决Instance和所有未来Instance分别执行Propose->Accept阶段的处理,其总算法为:5. a kind of block chain network security setting method based on Paxos algorithm according to claim 3, is characterized in that: Master carries out the processing of Propose->Accept stage to all pending Instance and all future Instance respectively, its total algorithm for: MasterAccept=(N*n+I*K+P)/(N+K+P);MasterAccept=(N*n+I*K+P)/(N+K+P); 其中N为生成序列的编号,n为生成编号的个数,I为Instance的生成数列,K为生成Instance的个数,P为性能指标正常的序列。Among them, N is the number of the generated sequence, n is the number of generated numbers, I is the generated sequence of instances, K is the number of generated instances, and P is the sequence with normal performance indicators. 6.根据权利要求1所述的一种基于Paxos算法的区块链网络安全设置方法,其特征在于:所述网络安全模块(7)包括检测单元(9)、加密单元(10)以及解密单元(11),所述检测单元(9)与所述大数据管理模块(3)以及所述大数据采集模块(4)的输入端建立通信连接,所述加密单元(10)的密钥为伪随机数生成器生成,伪随机数生成器生成随机数序列{Kn},所述伪随机数序列{Kn}生成方式,包括以下步骤,6. A kind of block chain network security setting method based on Paxos algorithm according to claim 1, is characterized in that: described network security module (7) comprises detection unit (9), encryption unit (10) and decryption unit (11), the detection unit (9) establishes a communication connection with the input end of the big data management module (3) and the big data acquisition module (4), and the encryption key of the encryption unit (10) is pseudo The random number generator generates, the pseudo-random number generator generates a random number sequence {K n }, and the generation method of the pseudo-random number sequence {K n } includes the following steps: 步骤(A),设向量序列{Sn}为,Step (A), let the vector sequence {S n } be,
Figure FDA0003202334680000031
Figure FDA0003202334680000031
 其中,
Figure FDA0003202334680000032
为向量序列{Sn}的第i个分量,i的范围为0≤i≤14,初始向量S0为,in,
Figure FDA0003202334680000032
is the ith component of the vector sequence {S n }, the range of i is 0≤i≤14, and the initial vector S 0 is, S0=[65535,0,0,65535,0,65535,0,65535,0,0,0,0,0,0,0],mod为取模运算,b=65536;S 0 =[65535,0,0,65535,0,65535,0,65535,0,0,0,0,0,0,0], mod is the modulo operation, b=65536; 步骤(B),设数列Rn为,Step (B), let the sequence R n be,
Figure FDA0003202334680000033
Figure FDA0003202334680000033
 步骤(C),设数列Tn为,Step (C), let the sequence T n be,
Figure FDA0003202334680000041
Figure FDA0003202334680000041
 步骤(D),将数列Rn和数列Tn按位异或,序列{K1n}为,Step (D), XOR the sequence R n and the sequence T n bitwise, the sequence {K1 n } is,
Figure FDA0003202334680000042
Figure FDA0003202334680000042
 其中n∈Z且n≥0,Z为整数域,
Figure FDA0003202334680000043
为按位异或运算;where n∈Z and n≥0, Z is the integer field,
Figure FDA0003202334680000043
is a bitwise XOR operation; 步骤(E),将数列Rn和数列Tn按位或,序列{K2n}为,In step (E), the sequence R n and the sequence T n are bitwise ORed, and the sequence {K2 n } is, K2n=Rn|Tn K2 n =R n |T n 其中n∈Z且n≥0,Z为整数域,|为按位或运算;where n∈Z and n≥0, Z is the integer field, | is the bitwise OR operation; 步骤(F),将序列{K1n}和序列{K2n}按位与,得到伪随机数序列{Kn}位,Step (F), bitwise AND the sequence {K1 n } and the sequence {K2 n } to obtain the pseudo-random number sequence {K n } bits, Kn=K1n&K2n K n =K1 n &K2 n 其中n∈Z且n≥0,Z为整数域,&为按位与运算。Where n∈Z and n≥0, Z is the integer field, & is the bitwise AND operation. 7.根据权利要求1所述的一种基于Paxos算法的区块链网络安全设置方法,其特征在于:所述节点包括计时模块(12)和检测模块(13),所述计时模块(12)用于启动定时器开始计时,所述检测模块(13)用于对所述节点进行检测。7. A kind of block chain network security setting method based on Paxos algorithm according to claim 1, is characterized in that: described node comprises timing module (12) and detection module (13), described timing module (12) Used to start the timer to start timing, and the detection module (13) is used to detect the node. 8.根据权利要求1所述的一种基于Paxos算法的区块链网络安全设置方法,其特征在于:所述区块链计算机(2)与所述总服务器平台(1)为同步连接时,所述区块链计算机(2)先获取一致性算法。8. a kind of block chain network security setting method based on Paxos algorithm according to claim 1, is characterized in that: when described block chain computer (2) and described total server platform (1) are synchronously connected, The blockchain computer (2) first obtains the consensus algorithm. 9.根据权利要求6所述的一种基于Paxos算法的区块链网络安全设置方法,其特征在于:所述网络安全模块(7)与所述数据处理模块(8)建立通信连接,所述数据处理模块(8)用于检测若干个所述网络安全模块(7)的一致性算法是否一致。9. A kind of block chain network security setting method based on Paxos algorithm according to claim 6, is characterized in that: described network security module (7) establishes communication connection with described data processing module (8), described The data processing module (8) is used for detecting whether the consistency algorithms of several of the network security modules (7) are consistent. 10.根据权利要求1所述的一种基于Paxos算法的区块链网络安全设置方法,其特征在于:所述主节点将最新状态信息设定为所述主节点的当前状态信息后,将所述主节点的当前状态信息作为主节点状态信息,并生成序列。10. A method for setting up blockchain network security based on Paxos algorithm according to claim 1, characterized in that: after the master node sets the latest state information as the current state information of the master node, The current state information of the master node is used as the master node state information, and a sequence is generated.
CN202110907699.XA 2021-08-09 2021-08-09 Block chain network security setting method based on Paxos algorithm Active CN113645295B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110907699.XA CN113645295B (en) 2021-08-09 2021-08-09 Block chain network security setting method based on Paxos algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110907699.XA CN113645295B (en) 2021-08-09 2021-08-09 Block chain network security setting method based on Paxos algorithm

Publications (2)

Publication Number Publication Date
CN113645295A true CN113645295A (en) 2021-11-12
CN113645295B CN113645295B (en) 2023-04-07

Family

ID=78420231

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110907699.XA Active CN113645295B (en) 2021-08-09 2021-08-09 Block chain network security setting method based on Paxos algorithm

Country Status (1)

Country Link
CN (1) CN113645295B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114244859A (en) * 2022-02-23 2022-03-25 阿里云计算有限公司 Data processing method and device and electronic equipment
CN117799673A (en) * 2023-11-22 2024-04-02 北京城建智控科技股份有限公司 Train speed optimization method, device, system, electronic equipment and storage medium

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101674180A (en) * 2008-09-10 2010-03-17 中国人民解放军信息工程大学 Pseudorandom sequence generation method and pseudorandom sequence encryption method
CN103458296A (en) * 2013-09-10 2013-12-18 江苏银河电子股份有限公司 Method for generating intelligent set top box safe key
US20180019867A1 (en) * 2016-07-15 2018-01-18 Mastercard International Incorporated Method and system for partitioned blockchains and enhanced privacy for permissioned blockchains
CN109150923A (en) * 2018-11-06 2019-01-04 江苏怡通数码科技有限公司 Transmitted data on network security processing based on Hybrid Encryption
US20200235988A1 (en) * 2019-06-28 2020-07-23 Alibaba Group Holding Limited Changing a master node in a blockchain system
CN111464549A (en) * 2020-04-09 2020-07-28 山东水利职业学院 Computer network information security event processing method
CN111930840A (en) * 2020-08-06 2020-11-13 平安科技(深圳)有限公司 Consensus mechanism optimization method and system based on Paxos algorithm and block chain network
CN111953699A (en) * 2020-08-17 2020-11-17 汪金玲 Data encryption method and system based on block chain
CN112118117A (en) * 2020-08-27 2020-12-22 紫光云(南京)数字技术有限公司 Block chain consensus method based on Paxos algorithm

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101674180A (en) * 2008-09-10 2010-03-17 中国人民解放军信息工程大学 Pseudorandom sequence generation method and pseudorandom sequence encryption method
CN103458296A (en) * 2013-09-10 2013-12-18 江苏银河电子股份有限公司 Method for generating intelligent set top box safe key
US20180019867A1 (en) * 2016-07-15 2018-01-18 Mastercard International Incorporated Method and system for partitioned blockchains and enhanced privacy for permissioned blockchains
CN109150923A (en) * 2018-11-06 2019-01-04 江苏怡通数码科技有限公司 Transmitted data on network security processing based on Hybrid Encryption
US20200235988A1 (en) * 2019-06-28 2020-07-23 Alibaba Group Holding Limited Changing a master node in a blockchain system
CN111464549A (en) * 2020-04-09 2020-07-28 山东水利职业学院 Computer network information security event processing method
CN111930840A (en) * 2020-08-06 2020-11-13 平安科技(深圳)有限公司 Consensus mechanism optimization method and system based on Paxos algorithm and block chain network
CN111953699A (en) * 2020-08-17 2020-11-17 汪金玲 Data encryption method and system based on block chain
CN112118117A (en) * 2020-08-27 2020-12-22 紫光云(南京)数字技术有限公司 Block chain consensus method based on Paxos algorithm

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
BIN LI ET AL.: "Security Analysis of Paxos Mechanism Design Based on Game Theory", 《2020 IEEE INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY,BIG DATA AND ARTIFICIAL INTELLIGENCE (ICIBA)》 *
FAW67J7: "底层算法系列:Paxos算法", 《CSDN博客HTTPS://BLOG.CSDN.NET/FAW67J7/ARTICLE/DETAILS/79885821》 *
王辉鹏;: "基于区块链的网络安全防御关键技术研究" *
赵春扬;肖冰;郭进伟;钱卫宁;: "一致性协议在分布式数据库系统中的应用" *
陆歌皓;谢莉红;李析禹;: "区块链共识算法对比研究" *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114244859A (en) * 2022-02-23 2022-03-25 阿里云计算有限公司 Data processing method and device and electronic equipment
CN117799673A (en) * 2023-11-22 2024-04-02 北京城建智控科技股份有限公司 Train speed optimization method, device, system, electronic equipment and storage medium
CN117799673B (en) * 2023-11-22 2025-03-21 北京城建智控科技股份有限公司 Train speed optimization method, device, system, electronic device and storage medium

Also Published As

Publication number Publication date
CN113645295B (en) 2023-04-07

Similar Documents

Publication Publication Date Title
Zhou et al. Searchable public-key encryption with cryptographic reverse firewalls for cloud storage
US20150163211A1 (en) Unclonable id based chip-to-chip communication
US10073980B1 (en) System for assuring security of sensitive data on a host
Su et al. Decentralized self-auditing scheme with errors localization for multi-cloud storage
Rui et al. Research on secure transmission and storage of energy IoT information based on Blockchain
Nguyen et al. LogSafe: Secure and scalable data logger for IoT devices
CN117093423B (en) Data synchronization method, system, electronic equipment and storage medium between trusted DCS terminals
CN113645295A (en) Block chain network security setting method based on Paxos algorithm
CN114417382A (en) Data transmission encryption and decryption method, device, equipment and storage medium
Wang et al. Secure access method of power internet of things based on zero trust architecture
Farha et al. Mitigating replay attacks with ZigBee solutions
Pu et al. liteGAP: Lightweight group authentication protocol for internet of drones systems
JP4133215B2 (en) Data division method, data restoration method, and program
Hena et al. A three-tier authentication scheme for kerberized hadoop environment
Yeh et al. Improvement of two lightweight RFID authentication protocols
Irshad et al. A secure convergence of data transmission and intelligent authentication using a sensing approach for the internet of thing
Wu et al. Blockchain consensus mechanism for distributed energy transactions
Sun et al. Security-aware and time-guaranteed service placement in edge clouds
Szalachowski et al. Secure broadcast in distributed networks with strong adversaries
Ni et al. A design of extensible architecture based on consortium blockchain
Cifuentes et al. Poor Man's Hardware Security Module (pmHSM) A Threshold Cryptographic Backend for DNSSEC
CN116155491A (en) Symmetric key synchronization method of security chip and security chip device
Zhang et al. Privacy-Preserving and Lightweight Verification of Deep Packet Inspection in Clouds
Mathew et al. Intelligent edge security with dynamic task offloading in fog environment
Al-Zumia et al. A novel fault-tolerant privacy-preserving cloud-based data aggregation scheme for lightweight health data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant