CN114401125A - Consensus method, device and system for satisfying reason sequence and computer storage medium - Google Patents

Consensus method, device and system for satisfying reason sequence and computer storage medium Download PDF

Info

Publication number
CN114401125A
CN114401125A CN202111639345.8A CN202111639345A CN114401125A CN 114401125 A CN114401125 A CN 114401125A CN 202111639345 A CN202111639345 A CN 202111639345A CN 114401125 A CN114401125 A CN 114401125A
Authority
CN
China
Prior art keywords
secret
server
data
protocol
consensus
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111639345.8A
Other languages
Chinese (zh)
Other versions
CN114401125B (en
Inventor
张海滨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202111639345.8A priority Critical patent/CN114401125B/en
Publication of CN114401125A publication Critical patent/CN114401125A/en
Application granted granted Critical
Publication of CN114401125B publication Critical patent/CN114401125B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Storage Device Security (AREA)

Abstract

The application relates to the technical field of data processing, and provides a method, a device, a system and a computer storage medium for satisfying the consensus of the factor order, wherein the method comprises the following steps: controlling each server to receive secret packaging data sent by the distributed system, wherein the secret packaging data comprise verifiable secret shares, ciphertext data, a protocol unique identifier, and a relationship certificate between the protocol unique identifier and the verifiable secret shares; controlling each server to operate and identify the unique protocol identifier and the ciphertext data thereof according to the relationship certificate; controlling each server to run a secret extraction protocol, and broadcasting a verifiable secret share of each server to obtain secret data of the ciphertext data in each server; and controlling each server to decrypt the ciphertext data thereof through the secret data thereof to obtain the inquiry request in the ciphertext data thereof. The consensus method meeting the cause sequence provided by the embodiment of the application realizes malicious defense and resists Byzantine errors.

Description

Consensus method, device and system for satisfying reason sequence and computer storage medium
Technical Field
The present application relates to the field of data processing technologies, and in particular, to a method, an apparatus, a system, and a computer storage medium for satisfying a consensus of a cause order.
Background
In a distributed system, it is assumed that there are n servers, and there may be f false/malicious servers. n servers need to maintain a consistent system state. The n servers are consistent by running a consensus protocol. The consensus protocol comprises a downtime consensus and a Byzantine (Byzantine) error consensus. Byzantine consensus is considered by default. Even if the consensus of n servers is realized, the following problems are faced:
when a user issues a query R, if the malicious server receives the query R, a new related query R ' is issued in cooperation with a malicious user, and if the related query R ' is preferentially executed, the distributed system violates the query's cause. The correct reason for this is to execute R first and then R'. Therefore, in addition to satisfying the common consensus, there is a need to satisfy the causal sequence. Protocols that satisfy both of these properties are said to "satisfy the consensus of the cause sequence. "this is an important issue for distributed systems, originally proposed by Reiter and Birman in 1994.
For example, in a domain name service system, if a user a wants to register a domain name a, a malicious server reveals the domain name a, and cooperates with another user B to register the domain name a, if an application of the user B is processed preferentially, the user a needs to pay for purchasing the domain name a through the user B. As another example, if the user C sends a purchase request to buy the stock of the company X, if the purchase request is utilized by a malicious server, the cooperative user D also decides that buying the stock of the company X may make the stock of the company X more expensive due to the purchase of the user D, thereby causing a loss of the user C. Similar problems exist for dealing with transactions between digital money (e.g. bitcoin) and real money, and transactions between digital money, as in (digital) money transaction systems. In fact, any system that engages in a first come first served system needs to satisfy the consensus system due to the endianness.
Disclosure of Invention
The application provides a consensus method, a device and a system for satisfying the cause order and a computer storage medium, aiming at realizing malicious defense and resisting Byzantine errors.
In a first aspect, the present application provides a method for satisfying a consensus of cause sequences, comprising:
controlling each server to receive secret packaging data sent by a distributed system, wherein the secret packaging data comprises verifiable secret shares, ciphertext data, a protocol unique identifier, and a relationship certificate between the protocol unique identifier and the verifiable secret shares;
controlling each server to operate and identify the unique protocol identifier and the ciphertext data thereof according to the relationship certificate;
controlling each server to run a secret extraction protocol, and broadcasting a verifiable secret share of each server to obtain secret data of the ciphertext data in each server;
and controlling each server to decrypt the ciphertext data of the server through the secret data of the server to obtain the inquiry request in the ciphertext data of the server.
In one embodiment, after the controlling the servers to receive the secret packaged data sent by the distributed system, the controlling the servers further includes:
controlling each server to operate and identify the access control authority, the unique protocol identifier and the ciphertext data thereof according to the relationship certificate;
and controlling each server to send the verifiable secret shares of the server to the user terminal according to the access control authority of the server, so that the user terminal can decrypt the ciphertext data by combining the secret extraction protocol and each verifiable secret share to obtain the inquiry request.
The controlling each server to run a secret extraction protocol and broadcast its own verifiable secret share to obtain secret data of the ciphertext data in each server includes:
and controlling each server to run the secret extraction protocol and the HotStuff consensus protocol, and broadcasting the verifiable secret share of the server to obtain the secret data of the ciphertext data in each server.
The control of each server for identifying the unique protocol identifier, the ciphertext data or/and the access control authority thereof according to the relationship certification comprises the following steps:
controlling each server to verify whether the relation certificate is correct or not;
and if each server verifies that the relation certificate is correct, controlling each server to operate and agree on the unique protocol identifier, the ciphertext data or/and the access control authority of the server.
After the controlling each server verifies whether the relationship proof is correct, the method further includes:
and if each server verifies that the relationship certificate is incorrect, controlling each server to end the subsequent flow.
In a second aspect, the present application provides a method for satisfying a consensus of cause orders, comprising:
receiving an inquiry request and secret data, and encrypting the inquiry request by combining the secret data with a symmetric encryption algorithm to obtain ciphertext data;
generating the secret data into respective verifiable secret shares of the respective servers by a secret sharing protocol of a consensus protocol;
creating a protocol unique identifier for the secret data, and creating a proof of relationship between the protocol unique identifier and each of the verifiable secret shares;
and packaging the ciphertext data, each verifiable secret share, the protocol unique identifier and each relation certificate to obtain each secret packaged data, and sending each secret packaged data to each server through an authentication secret channel.
In a third aspect, the present application further provides a consensus device satisfying the cause sequence, comprising:
the receiving module is used for controlling each server to receive secret packaging data sent by the distributed system, wherein the secret packaging data comprise verifiable secret shares, ciphertext data, protocol unique identifiers and relationship proofs between the protocol unique identifiers and the verifiable secret shares;
the consensus module is used for controlling each server to operate consensus on the unique protocol identifier and the ciphertext data of the server according to the relationship certificate of the server;
the broadcast acquisition module is used for controlling each server to run a secret extraction protocol and broadcasting a verifiable secret share of the broadcast acquisition module to acquire secret data of the ciphertext data in each server;
and the decryption module is used for controlling each server to decrypt the ciphertext data through the secret data of the server to obtain the inquiry request in the ciphertext data.
In a fourth aspect, the present application further provides a consensus device satisfying the cause sequences, comprising:
the receiving encryption module is used for receiving the inquiry request and the secret data and encrypting the inquiry request by combining the secret data with a symmetric encryption algorithm to obtain ciphertext data;
a generating module, configured to generate, according to a secret sharing protocol of a consensus protocol, the secret data into verifiable secret shares of the servers;
a creation module for creating a protocol unique identifier for the secret data and for creating a proof of relationship between the protocol unique identifier and each of the verifiable secret shares;
and the packaging and sending module is used for packaging the ciphertext data, the verifiable secret shares, the protocol unique identifier and the relationship certificates to obtain secret packaging data, and sending the secret packaging data to the servers through an authentication secret channel.
In a fifth aspect, the present application further provides a consensus system satisfying the cause order, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements the steps of the consensus method satisfying the cause order according to the first aspect or/and the second aspect when executing the computer program.
In a sixth aspect, the present application further provides a computer readable storage medium comprising a computer program which, when executed by a processor, performs the steps of the method of the first aspect or/and the second aspect for satisfying the consensus of the cause order.
In a seventh aspect, the present application further provides a computer program product comprising a computer program which, when executed by a processor, performs the steps of the method for consensus on the cause order of the first aspect or/and the second aspect.
According to the consensus method, the device and the system for satisfying the factor sequence and the computer storage medium, in the process of decrypting ciphertext data, operation consensus needs to be proved according to the relation between the unique protocol identifier and the verifiable secret share, then the secret extraction protocol is operated to recover the secret data, and finally the ciphertext data is decrypted through the secret data, so that malicious resistance is realized through the consensus protocol, and Byzantine errors are resisted.
Drawings
In order to more clearly illustrate the technical solutions of the present application, the drawings needed for the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
FIG. 1 is a schematic flow chart of a consensus method for satisfying the cause order provided herein;
FIG. 2 is a schematic diagram of a logical implementation of the consensus method for satisfying the cause order provided herein;
FIG. 3 is a second schematic flow chart of a consensus method for satisfying the causal sequence provided by the present application;
FIG. 4 is a schematic structural diagram of a consensus device satisfying the cause sequence provided by the present application;
FIG. 5 is a second schematic structural diagram of a consensus device satisfying the causal sequence provided by the present application;
fig. 6 is a schematic structural diagram of a consensus system satisfying the cause order provided by the present application.
Detailed Description
To make the purpose, technical solutions and advantages of the present application clearer, the technical solutions in the present application will be clearly and completely described below with reference to the drawings in the present application, and it is obvious that the described embodiments are some, but not all embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The consensus method, apparatus, system and computer storage medium for satisfying the cause order provided by the present application are described below with reference to fig. 1-6.
Specifically, referring to fig. 1 to 6, fig. 1 is a schematic flow chart of a consensus method for satisfying the cause order provided by the present application; FIG. 2 is a schematic diagram of a logical implementation of the consensus method for satisfying the cause order provided herein; FIG. 3 is a second schematic flow chart of a consensus method for satisfying the causal sequence provided by the present application; FIG. 4 is a schematic structural diagram of a consensus device satisfying the cause sequence provided by the present application; FIG. 5 is a second schematic structural diagram of a consensus device satisfying the causal sequence provided by the present application; fig. 6 is a schematic structural diagram of a consensus system satisfying the cause order provided by the present application.
While the embodiments of the present application provide embodiments of a consensus method that satisfies the requirements of a sequence of events, it should be noted that, although a logical order is shown in the flow chart, in some cases, the steps shown or described may be performed in a different order than presented herein.
Referring to fig. 1, fig. 1 is a schematic flow chart of a consensus method satisfying a factor order provided by the present application, and the consensus method satisfying the factor order provided by the embodiment of the present application includes:
and step S50, controlling each server to receive the secret package data sent by the distributed system, wherein the secret package data comprises the verifiable secret share, the ciphertext data, the protocol unique identifier and the relationship certification between the protocol unique identifier and the verifiable secret share.
It should be noted that the consensus protocol satisfying the cause sequence in the embodiment of the present application may be understood as BFT (Byzantine fault tolerance system) satisfying the cause sequence, which may be referred to as atomic broadcast satisfying the cause sequence or a Byzantine fault tolerance system satisfying the cause sequence, and therefore, the consensus protocol satisfying the cause sequence may be understood as a protocol satisfying the cause sequence and preventing a Byzantine error. Further, satisfying the consensus protocol for the cause order requires satisfying the following characteristics: security (total order), factor order (customer order), and liveness (liveness), where security, i.e., the order of processing of any two transactions by multiple correct servers, is consistent; the result sequence is the result sequence between transactions and is carried through by all correct servers; liveness, i.e., any one transaction, can be processed within a certain time.
Further, the safety and the result order are not contradictory, but the two are not dependent on each other. A system should preferably satisfy both security and causal sequences security properties.
Further, the consensus protocol satisfying the cause order in the embodiments of the present application is embodied in, but not limited to, AVSS verifiable secret sharing protocol.
The AVSS verifiable secret sharing protocol is a protocol involving n servers, where the AVSS verifiable secret sharing protocol must have a special secret sharing server, which may be understood as a dealer (distributor) in the AVSS verifiable secret sharing protocol, and the special secret sharing server dealer may belong to one of the n servers or may not belong to the n servers.
Further, the AVSS may verify that the secret sharing protocol includes a secret sharing protocol (share protocol) and a secret extraction protocol (reconstruct protocol).
For the secret sharing protocol: it is understood that the special secret sharing server dealer splits the secret data by means of secret sharing s, i.e. splits the secret data into a plurality of verifiable secret shares s _ i (i e [ 1. ], n ]), where n is determined according to the number of servers, and sends each verifiable secret share s _ i to the corresponding respective server p _ i.
It should be further noted that, the number relationship between the number n of total servers and the number f of malicious servers in the distributed system is n ≧ 3 × f +1, that is, if the number of total servers is 4, the number of malicious servers can be at most 1.
In an embodiment, the number of servers is 4, 4 servers are p _1, p _2, p _3, and p _4, respectively, then the secret data is split into 4 verifiable secret shares, 4 verifiable secret shares are s _1, s _2, s _3, and s _4, respectively, and s _1 is sent to p _1, s _2 is sent to p _2, s _3 is sent to p _3, and s _4 is sent to p _ 4.
For the secret extraction protocol: it can be understood that each correct server sends its s _ i to the server needing decryption through the encrypted authentication channel, or sends its s _ i to all servers in a broadcast manner.
The protocol unique identifier ct of AVSS is typically very flexible and may be, but is not limited to, commitment (commit) and hash values of the secret data s.
Further, the consensus method satisfying the factor order according to the embodiment of the present application may include a request (request) phase, a consensus (consensus) phase, an AVSS secret extraction (AVSS recovery) phase, and a reply (reply) phase. As shown in fig. 2, fig. 2 is a schematic diagram of a logic implementation of the consensus method for satisfying the cause order provided by the present application.
As shown in fig. 2, the specific analysis is: the request phase distributed system needs to send verifiable secret shares s _ i, protocol unique identifier ct, proof of relationship proof _ i and ciphertext data C to the various servers. A consensus (consensus) phase, in which each server performs consensus on the protocol unique identifier ct and the ciphertext data C, extracts secret data according to a secret extraction protocol that the AVSS can verify the secret sharing protocol, and replies with data decrypted by the secret data. Wherein, the request phase, namely the AVSS can verify the transmission phase of the secret sharing protocol, and is completed in the distributed system; the consensus phase, AVSS secret extraction phase and reply phase are all done in the server. Therefore, the distributed system needs to prepare verifiable secret shares S _ i, protocol unique identifier ct, relationship proof _ i, and ciphertext data C, as shown in steps S10 to S40.
It is further noted that consensus protocols are a traditional concept of distributed systems. The consensus system should be full of safety and activity.
Thus, based on time and network condition assumptions, distributed systems can be classified into types including, but not limited to: synchronous protocol (synchronization) type, semi-synchronous protocol (semi-synchronization) type, and asynchronous protocol (asynchronous) type. The safety and the activity of the distributed system of the synchronous protocol type depend on the network condition, so the safety and the reliability of the distributed system of the synchronous protocol type are lower; the safety of the semi-synchronous protocol type distributed system does not depend on the network condition, and the activity of the semi-synchronous protocol type distributed system is realized when the network is required to be good; asynchronous protocol type distributed systems are less efficient than semi-synchronous protocol type distributed systems, but are not dependent on any time assumption for security and activity and are therefore most robust.
Therefore, the distributed system in the embodiment of the present application is preferentially an asynchronous protocol type distributed system, and may also be a semi-synchronous protocol type distributed system.
Further, referring to fig. 3, fig. 3 is a second schematic flow chart of the consensus method satisfying the cause order provided by the present application, and steps S10 to S40 are described as follows:
step S10, receiving an inquiry request and secret data, and encrypting the inquiry request by combining the secret data with a symmetric encryption algorithm to obtain ciphertext data;
step S20, generating the secret data into each verifiable secret share of each server through the secret sharing protocol of the consensus protocol;
step S30, creating a protocol unique identifier of the secret data, and creating a proof of relationship between the protocol unique identifier and each of the verifiable secret shares;
step S40, packing the ciphertext data, each verifiable secret share, the protocol unique identifier, and each relationship certificate to obtain each secret packed data, and sending each secret packed data to each server through an authentication secure channel.
Specifically, the AVSS may verify the delivery phase (request phase) of the secret sharing protocol: the distributed system detects whether an inquiry request sent by inquiry equipment is received, wherein the inquiry equipment can be a user terminal or a cloud system, and for clearly explaining the embodiment of the application, a concrete representation form taking the user terminal as the inquiry equipment is used for example. It can be further understood that the distributed system detects whether a query request sent by the user terminal is received, and if the query request sent by the user terminal is received, the distributed system needs to inform the user terminal that secret data is to be randomly generated, where the query request is represented by m and the secret data is represented by s.
After receiving a query request m and secret data s of a user terminal, a distributed system encrypts the query request m through the secret data s in combination with a symmetric encryption algorithm to obtain ciphertext data, wherein the ciphertext data is represented by C, and the symmetric encryption algorithm can be SE, so that the ciphertext data C can be represented by C-SEs(m), wherein the decryption algorithm corresponding to the ciphertext data C is m-SE-1 s(C)。
Then, the distributed system runs a secret sharing protocol of the consensus protocol, and the secret data s is split into verifiable secret shares s _ i, i of each server through the secret sharing protocol, wherein the verifiable secret shares s _ i, i are determined according to the number of the servers in the distributed system, and if the number of the servers is n, s _ i can be represented as s _ i, i belongs to [1, 2. Then, the distributed system creates a protocol unique identifier for the secret data s, which is denoted by ct, and at the same time, the distributed system creates a relationship proof between the protocol unique identifier ct and each verifiable secret share s _ i, which is denoted by proof _ i, which corresponds to the verifiable secret share s _ i, i.e. it can be understood that if the verifiable secret shares s _ i are s _1, s _2, s _3 and s _4, the relationship proof is proof _1, proof _2, proof _3 and proof _ 4. The relation proof is used to prove that the verifiable secret share s _ i is a secret share corresponding to the value in the protocol unique identifier ct. As long as the protocol unique identifier ct agrees between the correct servers, the secret share s _ i can be verified as uniquely determined.
Finally, the distributed system packages each verifiable secret share s _ i, the protocol unique identifier ct, the ciphertext data C and each relationship proof _ i to obtain each secret package data, and the secret package data can be expressed as (s _ i, ct, C and proof _ i). Meanwhile, the distributed system sends each secret packed data to each server through an authentication secret channel, wherein each server is represented by p _ i.
In an embodiment, each verifiable secret share s _ i is s _1, s _2, s _3, and s _4, each relationship proof _ i is proof _1, proof _2, proof _3, and proof _4, the distributed system then packages the verifiable secret share s _1, the protocol unique identifier ct, the ciphertext data C, and the relationship proof _1, and sends the secret packaged data 1 to the server p _1, where the secret packaged data 1 is (s _1, ct, C, and proof _ 1). Meanwhile, the distributed system packages the verifiable secret share s _2, the protocol unique identifier ct, the ciphertext data C and the relation proof _2, and obtains secret package data 2, wherein the secret package data 2 are (s _2, ct, C and proof _2) and are sent to the server p _ 2. Meanwhile, the distributed system packages the verifiable secret share s _3, the protocol unique identifier ct, the ciphertext data C and the relation proof _3, and obtains secret package data 3, wherein the secret package data 3 are (s _3, ct, C and proof _3) and are sent to the server p _ 3. Meanwhile, the distributed system packages the verifiable secret share s _4, the protocol unique identifier ct, the ciphertext data C and the relation proof _4, and obtains secret package data 4, wherein the secret package data 4 are (s _4, ct, C and proof _4) and are sent to the server p _ 4.
The embodiment of the application provides a consensus method meeting the cause sequence, ciphertext data C, each verifiable secret share s _ i, a protocol unique identifier ct and each relation proof _ i are packaged through a secret sharing protocol of the consensus protocol, each secret packaged data is sent to each server, the safety and the confidentiality of the secret packaged data are guaranteed, and malicious resistance is further achieved through the consensus protocol.
Further, the AVSS may verify the consensus phases (consensus phase, AVSS secret extraction phase, and reply phase) of the secret sharing protocol: each server p _ i receives the secret package data sent by the distributed system, analyzes the secret package data, and obtains verifiable secret shares s _ i, ciphertext data C, a protocol unique identifier ct in the secret package data, and a relationship proof of each verifiable secret share s _ i. The consensus phase, AVSS secret extraction phase and reply phase are completed according to the verifiable secret shares S _ i, the ciphertext data C, the protocol unique identifier ct, and the proof of relationship proof _ i, as described in steps S60-S80.
Further, in the embodiment of the present application, the user terminal may send the query request m to the server itself. Therefore, when the user terminal needs to send the query request m to the server, the user terminal needs to generate secret data s, and encrypt the query request m by combining the secret data s with a symmetric encryption algorithm to obtain ciphertext data C. The user terminal then runs a secret sharing protocol, i.e. splits the secret data s into individual verifiable secret shares s _ i, which generate individual servers. Then, the user terminal creates a protocol-unique identifier ct for the secret data s, and at the same time, a proof of relationship proof _ i between the protocol-unique identifier ct and the respective verifiable secret shares s _ i. Finally, the user terminal packs each verifiable secret share s _ i, the protocol unique identifier ct, the ciphertext data C and each relation proof _ i to obtain each secret packed data (s _ i, ct, C and proof _ i). Meanwhile, the user terminal transmits the respective secret packet data (s _ i, ct, C, and proof _ i) to the respective servers p _ i through the authenticated secure channel.
And step S60, controlling each server to operate and identify the unique protocol identifier and the ciphertext data thereof according to the relationship certificate.
Before the ciphertext data C and the protocol unique identifier ct are identified, each server p _ i needs to verify the correctness of the relationship proof _ i in the secret packed data to obtain a verification result, wherein the verification result may be that the relationship proof _ i is correct, and the verification result may also be that the relationship proof _ i is incorrect. Next, each server p _ i determines whether the ciphertext data C and the protocol unique identifier ct thereof are identified by the AVSS verifiable secret sharing protocol according to the verification result, as described in step S601 to step S603.
And if the fact that the ciphertext data C and the protocol unique identifier ct are identified by the AVSS verifiable secret sharing protocol according to the verification result is determined, wherein the identification means that the ciphertext data C and the protocol unique identifier ct are sequenced, namely the ciphertext data C and the protocol unique identifier ct are sequenced to meet the preset sequential execution logic.
Further, the description of steps S601 to S603 is as follows:
step S601, controlling each server to verify whether the relation proof is correct;
step S602, if each server verifies that the relationship proves to be correct, controlling each server to operate and agree to the unique protocol identifier, the ciphertext data or/and the access control authority of the server;
step S603, if each server verifies that the relationship certificate is incorrect, controlling each server to end the subsequent process.
Specifically, each server p _ i determines whether the relationship between its protocol unique identifier ct and the verifiable secret share s _ i conforms to a preset prescribed relationship according to its relationship proof. If the relation between the protocol unique identifier ct and the verifiable secret share s _ i is determined to be in accordance with the preset specified relation, each server p _ i determines that the relation proves proof of proof is correct.
For the case where no access control rights are joined: each server p _ i can verify the secret sharing protocol through the AVSS to identify the ciphertext data C and the protocol unique identifier ct thereof.
For the join access control rights case: each server p _ i can verify the secret sharing protocol through the AVSS to commonly identify the access control authority, the ciphertext data C and the protocol unique identifier ct thereof.
Further, if the relation between the protocol unique identifier ct and the verifiable secret share s _ i is determined not to conform to the preset specified relation, each server p _ i determines that the relation proves proof to be incorrect, and the subsequent process is ended.
According to the embodiment of the application, the mutual recognition is carried out through the relation certification, the malicious defense is realized, and the Byzantine error is resisted.
In principle, the security (safety) that satisfies the consensus of the cause order is determined by three properties: the security of the original consensus protocol determines the consistency of the unique identifier ct of the protocol, the existence of the system is proved to determine that each correct server p _ i obtains a correct verifiable secret share s _ i, the AVSS retrieval phase determines that the correct server can obtain correct and consistent secret data s, the consistency of the ciphertext data C and a decryption algorithm SE-1The uniqueness of (a) determines the consistency of the query. In principle, the cause order satisfying the consensus of the cause order is determined by the confidentiality of AVSS, and AVSS reconstruct is later than the consensus of the protocol unique identifier ct and the ciphertext data C. In principle, the activity to satisfy the consensus of the gene sequences is determined by the original consensus and the activity of AVSS.
Further, the optimized method of step S60 is to add the HotStuff consensus protocol on the basis of the secret extraction protocol of the AVSS verifiable secret sharing protocol, wherein the HotStuff consensus protocol is a three-round consensus protocol, and for the HotStuff consensus protocol and its variants, the servers run in parallel in conjunction with the secret extraction protocol and the last (third) round of consensus protocol of the HotStuff: and broadcasting the verifiable secret shares s _ i of the server, and acquiring the secret data s of the ciphertext data C in each server.
Further, other optimization methods may be BKR (Ben-Or, Kemler, Rabin, PODC 1994) protocol and its variants, which uses RBC (reliable broadcast) and binary consensus (ABA). Wherein, the system efficiency is higher only by replacing the RBC part with a secret sharing protocol (share protocol) of the AVSS verifiable secret sharing protocol. After agreement is achieved, the AVSS may run a secret extraction protocol (reconstruct protocol) that may verify the secret sharing protocol.
Further, other optimization methods may also be a multi-valued validated Byzantine acquisition element (MVBA) based consensus protocol, which is made into a linear communication protocol by a method similar to the AVSS validated secret sharing protocol, and then replaces a protocol for transmitting data in the MVBA consensus protocol. AVSS for linear communication may be implemented using a threshold signature or an aggregate signature.
And step S70, controlling each server to run the secret extraction protocol, and broadcasting the verifiable secret share of the server to obtain the secret data of the ciphertext data in each server.
Each server broadcasts its own verifiable secret share s _ i via the secret extraction protocol of the AVSS verifiable secret sharing protocol. Then, each server determines the recovery threshold number of the secret data, acquires a corresponding number of verifiable secret shares s _ i according to the recovery threshold number, and reconstructs the secret data s of the ciphertext data C of each server, wherein the corresponding number is greater than or equal to the recovery threshold number.
In one embodiment, the number of recovery thresholds is 5, and each server needs to obtain a number of verifiable secret shares s _ i greater than or equal to 5 to reconstruct the secret data s of the ciphertext data C of each server itself.
And step S80, controlling each server to decrypt the ciphertext data thereof through the secret data thereof, so as to obtain the inquiry request in the ciphertext data thereof.
After acquiring the secret data s of each server, each server decrypts the ciphertext data C of each server through the secret data s of each server to obtain an inquiry request m in the ciphertext data C, wherein a decryption algorithm corresponding to the ciphertext data C is that the inquiry request m is SE-1 s(C) In that respect Further, after obtaining the query request m, each server determines a query result R according to the query request m, and replies the query result R to the user terminal.
The embodiment of the application provides a consensus method meeting the factor sequence, in the process of ciphertext data decryption, operation consensus needs to be proved according to the relation between the unique protocol identifier and the verifiable secret share, then the secret extraction protocol is operated to recover secret data, and finally the ciphertext data is decrypted through the secret data, so that malicious defense is realized through the consensus protocol, and the Byzantine error is resisted.
It should be noted that the challenge request m and the ciphertext data C may be large, and the verifiable secret shares s _ 1., s _ n are small as verifiable secret shares, each verifiable secret share being typically 128 bits or more (but not too large), so that the broadcast of n through n does not significantly increase the communication complexity of the protocol.
Further, once the AVSS can verify that the secret sharing protocol is complete, at least f +1 correct servers obtain the corresponding challenge request m, which is enough that the user terminal can obtain a correct reply in the future, i.e., f +1 identical messages (containing the same challenge request m).
Further, the AVSS verifiable secret sharing protocol in the embodiments of the present application for a conventional secret sharing protocol (e.g., the secret sharing protocol of samell), the AVSS verifiable secret sharing protocol in the embodiments of the present application may implement: even if the special secret sharing server dealer is a wrong/malicious server, once the AVSS can verify that the secret sharing protocol can be completed, the correct server can get the corresponding verifiable secret share. Although not corresponding to the secret data s, each correct server can obtain the same s' and therefore the consistency must be satisfied.
Further, the secret package data may include an access control right in addition to the verifiable secret share s _ i, the ciphertext data C, the protocol unique identifier ct, and the proof of relationship proof _ i, so that when the distributed system sends the secret package data to each server p _ i, the access control right needs to be written into the secret package data, as described in step a to step b.
Step a, controlling each server to operate and identify the access control authority, the unique protocol identifier and the ciphertext data thereof according to the relationship certificate;
and b, controlling each server to send the verifiable secret shares of the server to the user terminal according to the access control authority of the server, and decrypting the ciphertext data by the user terminal in combination with the secret extraction protocol and each verifiable secret share to obtain the inquiry request.
The embodiment performs access control on the basis of satisfying the consensus protocol, which is specifically as follows: and each server p _ i verifies the correctness of the relation proof _ i in the secret packaging data of the server p _ i to obtain a verification result. If the verification result is determined to be correct, each server p _ i can verify the common identification of the access control authority, the ciphertext data C and the protocol unique identifier ct through the AVSS. Finally, each server p _ i sends its own verifiable secret share s _ i to the user terminal according to its access control authority. The user terminal receives the verifiable secret shares s _ i sent by each server p _ i, when the number of the received verifiable secret shares s _ i is larger than or equal to the number of the recovery thresholds, the user terminal recovers the secret data s through a secret extraction protocol of the AVSS verifiable secret sharing protocol, and decrypts the ciphertext data C according to the recovered secret data s to obtain query data m.
The embodiment of the application provides a consensus method meeting the reason sequence, which combines a consensus protocol and access control to enhance confidentiality and access control.
Further, the advantages of the consensus-based protocol (AVSS verifiable secret sharing protocol) of the embodiments of the present application over the previous protocol are as follows: 1. (Reiter and Birman 1994; Cachi et al 2001) is distinct from the method based on threshold encryption; the disadvantage of threshold encryption is that the protocol efficiency is too low; and relies on various mathematical assumptions. Whereas the AVSS of embodiments of the present application may verify that the secret sharing protocol does not need to rely on various mathematical assumptions. 2. The approach based on the anti-stretch commitment scheme (Duan, Reiter, and Zhang 2017) requires twice the amount of interaction. The AVSS of embodiments of the present application may verify that the secret sharing protocol does not increase the amount of interaction. 3. Based on the conventional secret sharing protocol (non-AVSS verifiable secret sharing protocol), it is impossible to defend against malicious intent. The AVSS of the embodiments of the present application may verify that the secret sharing protocol is resistant to malicious intent.
Further, referring to fig. 4 to 5, the consensus device satisfying the cause sequence provided by the present application is described below, and the consensus device satisfying the cause sequence described below and the consensus method satisfying the cause sequence described above may be referred to correspondingly.
As shown in fig. 4, fig. 4 is a schematic structural diagram of a consensus device satisfying the cause order provided by the present application, and the consensus device satisfying the cause order includes:
a receiving module 401, configured to control each server to receive secret packed data sent by the distributed system;
a consensus module 402, configured to control each server to perform consensus on the unique protocol identifier and the ciphertext data thereof according to the relationship certificate;
a broadcast obtaining module 403, configured to control each server to run a secret extraction protocol, and broadcast its own verifiable secret share to obtain secret data of the ciphertext data in each server;
and a decryption module 404, configured to control each server to decrypt the ciphertext data thereof through the secret data thereof, so as to obtain an inquiry request in the ciphertext data thereof.
Further, the consensus module 402 is further configured to:
and controlling each server to operate and identify the access control authority, the protocol unique identifier and the ciphertext data thereof according to the relationship certificate.
Further, the broadcast acquiring module 403 is further configured to:
and controlling each server to send the verifiable secret shares of the server to the user terminal according to the access control authority of the server, so that the user terminal can decrypt the ciphertext data by combining the secret extraction protocol and each verifiable secret share to obtain the inquiry request.
Further, the broadcast acquiring module 403 is further configured to:
and controlling each server to run the secret extraction protocol and the HotStuff consensus protocol, and broadcasting the verifiable secret share of the server to obtain the secret data of the ciphertext data in each server.
Further, the consensus module 402 is further configured to:
controlling each server to verify whether the relation certificate is correct or not;
if each server verifies that the relation proves to be correct, controlling each server to operate and identify the unique protocol identifier, the ciphertext data or/and the access control authority of the server;
and if each server verifies that the relationship certificate is incorrect, controlling each server to end the subsequent flow.
The specific embodiment of the device for consensus satisfying the causal sequence provided by the present application is substantially the same as each embodiment of the method for consensus satisfying the causal sequence, and is not repeated.
As shown in fig. 5, fig. 5 is a second schematic structural diagram of the consensus device satisfying the factor order provided by the present application, and the consensus device satisfying the factor order includes:
a receiving encryption module 501, configured to receive an inquiry request and secret data, and encrypt the inquiry request by using the secret data in combination with a symmetric encryption algorithm to obtain ciphertext data;
a generating module 502, configured to generate, according to a secret sharing protocol of the consensus protocol, the secret data into verifiable secret shares of the servers;
a creating module 503, configured to create a protocol unique identifier of the secret data, create a proof of relationship between the protocol unique identifier and each of the verifiable secret shares;
a packing and sending module 504, configured to pack the ciphertext data, each verifiable secret share, the protocol unique identifier, and each relationship certificate to obtain each secret packed data, and send each secret packed data to each server through an authentication and privacy channel.
The specific embodiment of the device for consensus satisfying the causal sequence provided by the present application is substantially the same as each embodiment of the method for consensus satisfying the causal sequence, and is not repeated.
Fig. 6 illustrates an entity structure diagram of a consensus system satisfying the cause order, which may include: a processor (processor)610, a communication Interface (Communications Interface)620, a memory (memory)630 and a communication bus 640, wherein the processor 610, the communication Interface 620 and the memory 630 communicate with each other via the communication bus 640.
The processor 610 may call logic instructions in the memory 630 to perform a consensus method that satisfies the cause order, the method comprising:
controlling each server to receive secret packaging data sent by a distributed system, wherein the secret packaging data comprises verifiable secret shares, ciphertext data, a protocol unique identifier, and a relationship certificate between the protocol unique identifier and the verifiable secret shares;
controlling each server to operate and identify the unique protocol identifier and the ciphertext data thereof according to the relationship certificate;
controlling each server to run a secret extraction protocol, and broadcasting a verifiable secret share of each server to obtain secret data of the ciphertext data in each server;
and controlling each server to decrypt the ciphertext data of the server through the secret data of the server to obtain the inquiry request in the ciphertext data of the server.
The processor 610 may call logic instructions in the memory 630 to perform a consensus method that satisfies the cause order, the method comprising:
receiving an inquiry request and secret data, and encrypting the inquiry request by combining the secret data with a symmetric encryption algorithm to obtain ciphertext data;
generating the secret data into respective verifiable secret shares of the respective servers by a secret sharing protocol of a consensus protocol;
creating a protocol unique identifier for the secret data, and creating a proof of relationship between the protocol unique identifier and each of the verifiable secret shares;
and packaging the ciphertext data, each verifiable secret share, the protocol unique identifier and each relation certificate to obtain each secret packaged data, and sending each secret packaged data to each server through an authentication secret channel.
In addition, the logic instructions in the memory 630 may be implemented in software functional units and stored in a computer readable storage medium when the logic instructions are sold or used as independent products. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In another aspect, the present application further provides a computer program product, the computer program product includes a computer program stored on a non-transitory computer readable storage medium, the computer program includes program instructions, when the program instructions are executed by a computer, the computer can execute the consensus method satisfying the cause order provided by the above methods, the method includes:
controlling each server to receive secret packaging data sent by a distributed system, wherein the secret packaging data comprises verifiable secret shares, ciphertext data, a protocol unique identifier, and a relationship certificate between the protocol unique identifier and the verifiable secret shares;
controlling each server to operate and identify the unique protocol identifier and the ciphertext data thereof according to the relationship certificate;
controlling each server to run a secret extraction protocol, and broadcasting a verifiable secret share of each server to obtain secret data of the ciphertext data in each server;
and controlling each server to decrypt the ciphertext data of the server through the secret data of the server to obtain the inquiry request in the ciphertext data of the server.
In another aspect, the present application further provides a computer program product, the computer program product includes a computer program stored on a non-transitory computer readable storage medium, the computer program includes program instructions, when the program instructions are executed by a computer, the computer can execute the consensus method satisfying the cause order provided by the above methods, the method includes:
receiving an inquiry request and secret data, and encrypting the inquiry request by combining the secret data with a symmetric encryption algorithm to obtain ciphertext data;
generating the secret data into respective verifiable secret shares of the respective servers by a secret sharing protocol of a consensus protocol;
creating a protocol unique identifier for the secret data, and creating a proof of relationship between the protocol unique identifier and each of the verifiable secret shares;
and packaging the ciphertext data, each verifiable secret share, the protocol unique identifier and each relation certificate to obtain each secret packaged data, and sending each secret packaged data to each server through an authentication secret channel.
In yet another aspect, the present application further provides a non-transitory computer readable storage medium having stored thereon a computer program, which when executed by a processor, is implemented to perform the above-provided consensus method satisfying an order of cause, the method comprising:
controlling each server to receive secret packaging data sent by a distributed system, wherein the secret packaging data comprises verifiable secret shares, ciphertext data, a protocol unique identifier, and a relationship certificate between the protocol unique identifier and the verifiable secret shares;
controlling each server to operate and identify the unique protocol identifier and the ciphertext data thereof according to the relationship certificate;
controlling each server to run a secret extraction protocol, and broadcasting a verifiable secret share of each server to obtain secret data of the ciphertext data in each server;
and controlling each server to decrypt the ciphertext data of the server through the secret data of the server to obtain the inquiry request in the ciphertext data of the server.
In yet another aspect, the present application further provides a non-transitory computer readable storage medium having stored thereon a computer program, which when executed by a processor, is implemented to perform the above-provided consensus method satisfying an order of cause, the method comprising:
receiving an inquiry request and secret data, and encrypting the inquiry request by combining the secret data with a symmetric encryption algorithm to obtain ciphertext data;
generating the secret data into respective verifiable secret shares of the respective servers by a secret sharing protocol of a consensus protocol;
creating a protocol unique identifier for the secret data, and creating a proof of relationship between the protocol unique identifier and each of the verifiable secret shares;
and packaging the ciphertext data, each verifiable secret share, the protocol unique identifier and each relation certificate to obtain each secret packaged data, and sending each secret packaged data to each server through an authentication secret channel.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.

Claims (10)

1. A method for satisfying a consensus of causal sequences, comprising:
controlling each server to receive secret packaging data sent by a distributed system, wherein the secret packaging data comprises verifiable secret shares, ciphertext data, a protocol unique identifier, and a relationship certificate between the protocol unique identifier and the verifiable secret shares;
controlling each server to operate and identify the unique protocol identifier and the ciphertext data thereof according to the relationship certificate;
controlling each server to run a secret extraction protocol, and broadcasting a verifiable secret share of each server to obtain secret data of the ciphertext data in each server;
and controlling each server to decrypt the ciphertext data of the server through the secret data of the server to obtain the inquiry request in the ciphertext data of the server.
2. The consensus method of claim 1, wherein the secret packet data comprises access control rights, and wherein after the controlling the servers to receive the secret packet data sent by the distributed system, the method further comprises:
controlling each server to operate and identify the access control authority, the unique protocol identifier and the ciphertext data thereof according to the relationship certificate;
and controlling each server to send the verifiable secret shares of the server to the user terminal according to the access control authority of the server, so that the user terminal can decrypt the ciphertext data by combining the secret extraction protocol and each verifiable secret share to obtain the inquiry request.
3. The consensus method of claim 1, wherein said controlling each of said servers to run a secret extraction protocol to broadcast its own verifiable secret share to obtain secret data of the ciphertext data in each of said servers, comprises:
and controlling each server to run the secret extraction protocol and the HotStuff consensus protocol, and broadcasting the verifiable secret share of the server to obtain the secret data of the ciphertext data in each server.
4. The consensus method satisfying the cause order as claimed in claim 1 or 2, wherein the controlling each of the servers to perform consensus on its protocol unique identifier, its ciphertext data, or/and its access control authority according to its relationship certificate comprises:
controlling each server to verify whether the relation certificate is correct or not;
and if each server verifies that the relation certificate is correct, controlling each server to operate and agree on the unique protocol identifier, the ciphertext data or/and the access control authority of the server.
5. The consensus method of claim 4, wherein said controlling each of said servers to verify whether the relationship proof is correct further comprises:
and if each server verifies that the relationship certificate is incorrect, controlling each server to end the subsequent flow.
6. A consensus method for satisfying a causal sequence, comprising:
receiving an inquiry request and secret data, and encrypting the inquiry request by combining the secret data with a symmetric encryption algorithm to obtain ciphertext data;
generating the secret data into respective verifiable secret shares of the respective servers by a secret sharing protocol of a consensus protocol;
creating a protocol unique identifier for the secret data, and creating a proof of relationship between the protocol unique identifier and each of the verifiable secret shares;
and packaging the ciphertext data, each verifiable secret share, the protocol unique identifier and each relation certificate to obtain each secret packaged data, and sending each secret packaged data to each server through an authentication secret channel.
7. A consensus device for satisfying a cause sequence, comprising:
the receiving module is used for controlling each server to receive secret packaging data sent by the distributed system, wherein the secret packaging data comprise verifiable secret shares, ciphertext data, protocol unique identifiers and relationship proofs between the protocol unique identifiers and the verifiable secret shares;
the consensus module is used for controlling each server to operate consensus on the unique protocol identifier and the ciphertext data of the server according to the relationship certificate of the server;
the broadcast acquisition module is used for controlling each server to run a secret extraction protocol and broadcasting a verifiable secret share of the broadcast acquisition module to acquire secret data of the ciphertext data in each server;
and the decryption module is used for controlling each server to decrypt the ciphertext data through the secret data of the server to obtain the inquiry request in the ciphertext data.
8. A consensus device for satisfying a cause sequence, comprising:
the receiving encryption module is used for receiving the inquiry request and the secret data and encrypting the inquiry request by combining the secret data with a symmetric encryption algorithm to obtain ciphertext data;
a generating module, configured to generate, according to a secret sharing protocol of a consensus protocol, the secret data into verifiable secret shares of the servers;
a creation module for creating a protocol unique identifier for the secret data and for creating a proof of relationship between the protocol unique identifier and each of the verifiable secret shares;
and the packaging and sending module is used for packaging the ciphertext data, the verifiable secret shares, the protocol unique identifier and the relationship certificates to obtain secret packaging data, and sending the secret packaging data to the servers through an authentication secret channel.
9. A consensus system for satisfying an order of cause comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor when executing the computer program performs the steps of the consensus method for satisfying an order of cause according to any of claims 1 to 6.
10. A computer-readable storage medium comprising a computer program, wherein the computer program is adapted to perform the steps of the method of satisfying an endian consensus as claimed in any one of claims 1 to 6 when executed by a processor.
CN202111639345.8A 2021-12-29 2021-12-29 Consensus method, device and system for meeting factor infinitesimal and computer storage medium Active CN114401125B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111639345.8A CN114401125B (en) 2021-12-29 2021-12-29 Consensus method, device and system for meeting factor infinitesimal and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111639345.8A CN114401125B (en) 2021-12-29 2021-12-29 Consensus method, device and system for meeting factor infinitesimal and computer storage medium

Publications (2)

Publication Number Publication Date
CN114401125A true CN114401125A (en) 2022-04-26
CN114401125B CN114401125B (en) 2023-07-25

Family

ID=81228400

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111639345.8A Active CN114401125B (en) 2021-12-29 2021-12-29 Consensus method, device and system for meeting factor infinitesimal and computer storage medium

Country Status (1)

Country Link
CN (1) CN114401125B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9443089B1 (en) * 2013-03-13 2016-09-13 Hrl Laboratories, Llc System and method for mobile proactive secret sharing
US9552407B1 (en) * 2013-09-11 2017-01-24 Amazon Technologies, Inc. Log-based synchronization with conditional append
CN109034915A (en) * 2018-09-03 2018-12-18 王昆 A kind of artificial intelligent type e-commerce system using digital asset or integral as the media of exchange
US20190207762A1 (en) * 2017-05-26 2019-07-04 Cloudminds (Shenzhen) Robotics Systems Co., Ltd. Communication method, apparatus and system, electronic device, and computer readable storage medium
US20200250511A1 (en) * 2019-02-01 2020-08-06 Zhaoyang Hu Artist comprehensive ability evaluation and cultivation assistant system based on artificial intelligence
CN112463311A (en) * 2021-01-28 2021-03-09 腾讯科技(深圳)有限公司 Transaction processing method and device, computer equipment and storage medium
CN113259123A (en) * 2021-06-08 2021-08-13 清华大学 Block chain data writing and accessing method and device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9443089B1 (en) * 2013-03-13 2016-09-13 Hrl Laboratories, Llc System and method for mobile proactive secret sharing
US9552407B1 (en) * 2013-09-11 2017-01-24 Amazon Technologies, Inc. Log-based synchronization with conditional append
US20190207762A1 (en) * 2017-05-26 2019-07-04 Cloudminds (Shenzhen) Robotics Systems Co., Ltd. Communication method, apparatus and system, electronic device, and computer readable storage medium
CN109034915A (en) * 2018-09-03 2018-12-18 王昆 A kind of artificial intelligent type e-commerce system using digital asset or integral as the media of exchange
US20200250511A1 (en) * 2019-02-01 2020-08-06 Zhaoyang Hu Artist comprehensive ability evaluation and cultivation assistant system based on artificial intelligence
CN112463311A (en) * 2021-01-28 2021-03-09 腾讯科技(深圳)有限公司 Transaction processing method and device, computer equipment and storage medium
CN113259123A (en) * 2021-06-08 2021-08-13 清华大学 Block chain data writing and accessing method and device

Also Published As

Publication number Publication date
CN114401125B (en) 2023-07-25

Similar Documents

Publication Publication Date Title
US10554392B2 (en) Cryptographic key distribution
US9698979B2 (en) QKD key management system
CN110519046B (en) Quantum communication service station key negotiation method and system based on one-time asymmetric key pair and QKD
CN111339199B (en) Block chain key recovery method and device
CN101605137A (en) Safe distribution file system
CN106941404B (en) Key protection method and device
CN110932850B (en) Communication encryption method and system
CN110601830B (en) Key management method, device, equipment and storage medium based on block chain
CN109547218B (en) Alliance link node key distribution and backup system for improving BIP (building information processing) protocol
CN112400299B (en) Data interaction method and related equipment
US10586065B2 (en) Method for secure data management in a computer network
CN110362984B (en) Method and device for operating service system by multiple devices
CN109905384B (en) Data migration method and system
CN113239403A (en) Data sharing method and device
CN110690969A (en) Method and system for completing bidirectional SSL/TLS authentication in cooperation of multiple parties
CN110581829A (en) Communication method and device
CN114142995B (en) Key security distribution method and device for block chain relay communication network
US20240113885A1 (en) Hub-based token generation and endpoint selection for secure channel establishment
CN112003690B (en) Password service system, method and device
CN110827034B (en) Method and apparatus for initiating a blockchain transaction
CN114401125B (en) Consensus method, device and system for meeting factor infinitesimal and computer storage medium
CN116155483A (en) Block chain signing machine safety design method and signing machine
US20050108528A1 (en) Computer network and method for transmitting and authenticating data in the computer network
CN113987546A (en) Alliance chain system based on identification password system
CN110048856B (en) Data transmission method and device and POS machine system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant