CN114401125B

CN114401125B - Consensus method, device and system for meeting factor infinitesimal and computer storage medium

Info

Publication number: CN114401125B
Application number: CN202111639345.8A
Authority: CN
Inventors: 张海滨
Original assignee: Individual
Current assignee: Individual
Priority date: 2021-12-29
Filing date: 2021-12-29
Publication date: 2023-07-25
Anticipated expiration: 2041-12-29
Also published as: CN114401125A

Abstract

The application relates to the technical field of data processing, and provides a method, a device, a system and a computer storage medium for meeting consensus of a factor, wherein the method comprises the following steps: controlling each server to receive secret packaging data sent by the distributed system, wherein the secret packaging data comprises verifiable secret shares, ciphertext data, a protocol unique identifier and a relation proof between the protocol unique identifier and the verifiable secret shares; controlling each server to operate consensus on the unique protocol identifier and the ciphertext data according to the relation proof; controlling each server to operate a secret extraction protocol, broadcasting self verifiable secret shares thereof to obtain secret data of ciphertext data in each server; and controlling each server to decrypt the ciphertext data through the secret data to obtain the inquiry request in the ciphertext data. The consensus method meeting the requirement of the infinitesimal realizes malicious defense and defends the Bayesian error.

Description

Consensus method, device and system for meeting factor infinitesimal and computer storage medium

Technical Field

The present disclosure relates to the field of data processing technologies, and in particular, to a consensus method, device, system, and computer storage medium for satisfying a causal infinitesimal sequence.

Background

Assuming there are n servers in a distributed system, there may be f error/malicious servers. n servers need to maintain consistent system state. The n servers are consistent by running a consensus protocol. The consensus protocol includes a downtime consensus and a Byzantine (Byzantine) error consensus. The bayer consensus is considered by default. Even if the consensus of n servers is achieved, the following problems are faced:

when a user issues a query R, if a malicious server receives the query R, a new related query R 'is issued in cooperation with a malicious user, and if the related query R' is preferentially executed, the distributed system violates the cause and the effect of the query. The correct cause is that R is performed first and then R' is performed second. Therefore, in addition to meeting common consensus, it is also necessary to meet causal infinitesimal. A protocol that satisfies both of these properties is called "satisfying the consensus of the causal infinitesimal". "this is an important issue for distributed systems, originally proposed by Reiter and Birman 1994.

If a user a wants to register a domain name a, a malicious server leaks the domain name a and registers the domain name a in cooperation with another user B, and if the application of the user B is preferentially processed, the user a needs to pay for purchasing the domain name a through the user B. If the user C sends a purchase request for buying the stock of the company X, the cooperative user D also decides to buy the stock of the company X due to the purchase of the user D if the purchase request is utilized by the malicious server, which may make the stock of the company X more expensive, thereby causing the loss of the user C. Similar problems also exist in (digital) money transaction systems, which engage in transactions between digital money (e.g. bitcoin) and real money, and between digital money. In fact, any system engaged in "first come, first served" needs to meet the consensus system for the cause of the infinitesimal.

Disclosure of Invention

The application provides a consensus method, a device, a system and a computer storage medium for meeting the requirement of a sequence of fruit, aiming at realizing malicious defense and resisting Bayesian errors.

In a first aspect, the present application provides a consensus method for satisfying causal infinitesimal, comprising:

controlling each server to receive secret packaging data sent by a distributed system, wherein the secret packaging data comprises verifiable secret shares, ciphertext data, a protocol unique identifier and a relation proof between the protocol unique identifier and the verifiable secret shares;

controlling each server to operate consensus on the unique protocol identifier and the ciphertext data according to the relation proof;

controlling each server to operate a secret extraction protocol, broadcasting the verifiable secret share of each server so as to acquire secret data of ciphertext data in each server;

and controlling each server to decrypt the ciphertext data through the secret data thereof to obtain an inquiry request in the ciphertext data.

In one embodiment, the secret packaging data includes access control rights, and after controlling each server to receive the secret packaging data sent by the distributed system, the method further includes:

Controlling each server to operate consensus on the access control authority, the protocol unique identifier and the ciphertext data according to the relation proof;

and controlling each server to send the self verifiable secret share to the user terminal according to the access control authority thereof so that the user terminal can decrypt the ciphertext data by combining the secret extraction protocol and each verifiable secret share to obtain the inquiry request.

The controlling each server to operate a secret extraction protocol, broadcasting its own verifiable secret share to obtain secret data of ciphertext data in each server, including:

and controlling each server to operate the secret extraction protocol and the HotStuff consensus protocol, and broadcasting the verifiable secret share of each server to acquire secret data of ciphertext data in each server.

The control of each server according to the relation proof, the operation consensus of the unique identifier of the protocol, the ciphertext data or/and the access control authority of the server comprises the following steps:

controlling each server to verify whether the relation of the server is correct;

and if each server verifies that the relation proves correct, controlling each server to run consensus on the unique identifier of the protocol, the ciphertext data or/and the access control authority of the server.

After the control of each server verifies whether the relation is correct, the control further comprises:

and if each server verifies that the relation proves incorrect, controlling each server to finish the subsequent flow.

In a second aspect, the present application provides a consensus method for satisfying causal infinitesimal sequences, comprising:

receiving an inquiry request and secret data, and encrypting the inquiry request through the secret data and a symmetric encryption algorithm to obtain ciphertext data;

generating each verifiable secret share of each server from the secret data via a secret sharing protocol of a consensus protocol;

creating a protocol unique identifier of the secret data, and creating a proof of relationship between the protocol unique identifier and each of the verifiable secret shares;

and packaging the ciphertext data, each verifiable secret share, each protocol unique identifier and each relationship certificate to obtain each secret packaging data, and sending each secret packaging data to each server through an authentication security channel.

In a third aspect, the present application further provides a consensus device for satisfying a causal sequence, comprising:

The receiving module is used for controlling each server to receive secret packaging data sent by the distributed system, wherein the secret packaging data comprises verifiable secret shares, ciphertext data, a protocol unique identifier and a relation proof between the protocol unique identifier and the verifiable secret shares;

the consensus module is used for controlling each server to operate consensus on the unique protocol identifier and the ciphertext data according to the relation proof;

the broadcast acquisition module is used for controlling each server to operate a secret extraction protocol and broadcasting the verifiable secret share of the server so as to acquire secret data of ciphertext data in each server;

and the decryption module is used for controlling each server to decrypt the ciphertext data through the secret data thereof to obtain an inquiry request in the ciphertext data.

In a fourth aspect, the present application further provides a consensus device for satisfying a causal sequence, comprising:

the receiving encryption module is used for receiving the inquiry request and secret data, and encrypting the inquiry request through the secret data and a symmetric encryption algorithm to obtain ciphertext data;

a generation module for generating each verifiable secret share of each server from the secret data via a secret sharing protocol of a consensus protocol;

A creation module for creating a protocol unique identifier of the secret data and creating a proof of relationship between the protocol unique identifier and each of the verifiable secret shares;

and the packaging and transmitting module is used for packaging the ciphertext data, each verifiable secret share, each protocol unique identifier and each relation certificate to obtain each secret packaging data, and transmitting each secret packaging data to each server through an authentication security channel.

In a fifth aspect, the present application further provides a consensus system for satisfying a causal pattern, comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the consensus method for satisfying a causal pattern of the first aspect or/and the second aspect when the computer program is executed.

In a sixth aspect, the present application also provides a computer readable storage medium comprising a computer program which, when executed by a processor, implements the steps of the consensus method of the first aspect or/and the second aspect to satisfy the causal infinitesimal order.

In a seventh aspect, the present application also provides a computer program product comprising a computer program which, when executed by a processor, implements the steps of the consensus method of the first aspect or/and the second aspect to meet a causal endian.

The consensus method, the device, the system and the computer storage medium for meeting the requirement of the infinitesimal order, in the process of decrypting ciphertext data, the running consensus is proved according to the relationship between the unique protocol identifier and the verifiable secret share, then the secret extraction protocol is run to recover the secret data, and finally the ciphertext data is decrypted through the secret data, so that malicious defense is realized through the consensus protocol, and the Bayesian error is resisted.

Drawings

In order to more clearly illustrate the technical solutions of the present application, the following description will be given with a brief introduction to the drawings that are needed in the embodiments or prior art descriptions, it being obvious that the drawings in the following description are some embodiments of the present application, and that other drawings can be obtained from these drawings without inventive effort for a person skilled in the art.

FIG. 1 is a schematic flow chart of a consensus method for satisfying causal infinitesimal sequences provided in the present application;

FIG. 2 is a schematic diagram of a logic implementation of the consensus method for satisfying causal infinitesimal presented in the present application;

FIG. 3 is a second flow chart of the consensus method for satisfying the causal infinitesimal presented in the present application;

FIG. 4 is a schematic structural diagram of a consensus device satisfying the causal sequences provided in the present application;

FIG. 5 is a schematic diagram of a second embodiment of a consensus device satisfying the causal relationships provided in the present application;

fig. 6 is a schematic structural diagram of a consensus system satisfying the causal infinitesimal presented in the present application.

Detailed Description

For the purposes of making the objects, technical solutions and advantages of the present application more apparent, the technical solutions in the present application will be clearly and completely described below with reference to the drawings in the present application, and it is apparent that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.

The consensus method, apparatus, system and computer storage medium for satisfying causal infinitesimal presented in the present application are described below in conjunction with fig. 1 to 6.

Specifically, referring to fig. 1 to 6, fig. 1 is one of the flow charts of the consensus method for satisfying causal infinitesimal provided in the present application; FIG. 2 is a schematic diagram of a logic implementation of the consensus method for satisfying causal infinitesimal presented in the present application; FIG. 3 is a second flow chart of the consensus method for satisfying the causal infinitesimal presented in the present application; FIG. 4 is a schematic structural diagram of a consensus device satisfying the causal sequences provided in the present application; FIG. 5 is a schematic diagram of a second embodiment of a consensus device satisfying the causal relationships provided in the present application; fig. 6 is a schematic structural diagram of a consensus system satisfying the causal infinitesimal presented in the present application.

The present embodiments provide embodiments satisfying the consensus method of the cause-endianness, and it should be noted that although a logic order is shown in the flow chart, the steps shown or described may be accomplished in an order different from that shown or described herein under certain data.

Referring to fig. 1, fig. 1 is one of flow charts of a consensus method for satisfying a causal infinitesimal presented in the present application, where the consensus method for satisfying a causal infinitesimal presented in the embodiment of the present application includes:

in step S50, each server is controlled to receive secret packaging data sent by the distributed system, where the secret packaging data includes verifiable secret shares, ciphertext data, a protocol unique identifier, and a proof of relationship between the protocol unique identifier and the verifiable secret shares.

It should be noted that, in the embodiment of the present application, the consensus protocol satisfying the infinitesimal may be understood as satisfying the BFT (Byzantine fault tolerance, bayer fault-tolerant system) of the infinitesimal, and may be referred to as satisfying the atomic broadcast of the infinitesimal or satisfying the bayer fault-tolerant system of the infinitesimal, and thus, the consensus protocol satisfying the infinitesimal may be understood as satisfying the infinitesimal and preventing the bayer fault. Further, meeting consensus protocols for infinitesimal needs to meet the following characteristics: security (total order), cause and effect order (liveness), wherein security is the order in which a plurality of correct servers are processed for any two transactions is consistent; the implementation of all correct servers is obtained due to the infinitesimal order, namely the causal order between transactions; activity, i.e. any transaction, can be processed within a certain time.

Further, safety and causal infinitesimal are not contradictory, but neither are interdependent. A system should preferably meet both safety and causal security properties.

Further, the consensus protocol satisfying the infinit in the embodiments of the present application is embodied in an AVSS verifiable secret sharing protocol, but is not limited thereto.

The AVSS verifiable secret sharing protocol is a protocol involving n servers, wherein a special secret sharing server must exist in the AVSS verifiable secret sharing protocol, which may or may not belong to one of the n servers, and may be understood as a distributor in the AVSS verifiable secret sharing protocol.

Further, AVSS may verify that the secret sharing protocol includes a secret sharing protocol (share protocol) and a secret extraction protocol (reconstruct protocol).

For a secret sharing protocol: it is understood that a particular secret sharing server scaler splits secret data into verifiable secret shares s_i (i e 1, n) by means of secret sharing s, where n is determined according to the number of servers and each verifiable secret share s_i is to be sent to a corresponding respective server p_i.

It should be further noted that, the number relationship between the number n of total servers and the number f of malicious servers in the distributed system is n being equal to or greater than 3 xf+1, i.e. if the number of total servers is 4, the number of malicious servers can be at most 1.

In one embodiment, where the number of servers is 4, and the number of 4 servers is p_1, p_2, p_3, and p_4, respectively, then the secret data is split into 4 verifiable secret shares, the 4 verifiable secret shares being s_1, s_2, s_3, and s_4, respectively, and s_1 is sent to p_1, s_2 is sent to p_2, s_3 is sent to p_3, and s_4 is sent to p_4.

For a secret extraction protocol: it can be understood that each correct server sends its own s_i to the server requiring decryption through the encrypted authentication channel, or sends its own s_i to all servers in a broadcast manner.

The protocol unique identifier ct of AVSS is typically very flexible and can be, but is not limited to, commitment (commit) and hash equivalence of secret data s.

Further, the consensus method of meeting the causal infinitesimal may include a request (request) phase, a consensus (consensus) phase, an AVSS secret extraction (AVSS recovery) phase, and a reply (reply) phase. As shown in fig. 2, fig. 2 is a schematic diagram of a logic implementation of the consensus method for satisfying the cause-endian provided in the present application.

As shown in fig. 2, the specific analysis is: the request (request) phase distributed system needs to send the verifiable secret share s_i, the protocol unique identifier ct, the relationship proof proof_i and the ciphertext data C to the respective servers. The consensus (consensus) phase, i.e. each server performs a consensus on the protocol unique identifier ct and the ciphertext data C, and extracts the secret data according to the secret extraction protocol of the AVSS verifiable secret sharing protocol, and replies with the decrypted data of the secret data. The request phase, namely the delivery phase of the AVSS verifiable secret sharing protocol, is completed in a distributed system; the consensus phase, AVSS secret extraction phase and reply phase are all completed in the server. Thus, the distributed system needs to prepare verifiable secret share s_i, protocol unique identifier ct, relationship proof proof_i, and ciphertext data C, as shown in steps S10 through S40.

It is further noted that the consensus protocol is a conventional concept of a distributed system. Consensus systems should be safe and active.

Thus, based on time and network condition assumptions, distributed systems may be divided into types including, but not limited to: a synchronous protocol (synchronous) type, a semi-synchronous protocol (partially synchronous) type, and an asynchronous protocol (asynchrous) type. The security and activity of the synchronous protocol type distributed system depend on network conditions, so that the security and reliability of the synchronous protocol type distributed system are low; the security of the distributed system of the semi-synchronous protocol type is independent of the network condition, and the activity of the distributed system is realized when the network is required to be good; asynchronous protocol type distributed systems are not as efficient as semi-synchronous protocol type distributed systems, but neither security nor activity relies on any temporal assumptions and are therefore the most robust.

Therefore, the distributed system in the embodiment of the present application is preferentially an asynchronous protocol type distributed system, and may also be a semi-synchronous protocol type distributed system.

Further, referring to fig. 3, fig. 3 is a second flow chart of the consensus method for satisfying the causal infinitesimal sequences provided in the present application, and steps S10 to S40 are described as follows:

step S10, receiving an inquiry request and secret data, and encrypting the inquiry request through the secret data and a symmetric encryption algorithm to obtain ciphertext data;

step S20, generating each verifiable secret share of each server by the secret data through a secret sharing protocol of a consensus protocol;

step S30, creating a protocol unique identifier of the secret data and creating a relation proof between the protocol unique identifier and each verifiable secret share;

and step S40, packaging the ciphertext data, each verifiable secret share, the protocol unique identifier and each relation certificate to obtain each secret packaging data, and sending each secret packaging data to each server through an authentication security channel.

Specifically, AVSS may verify the transport phase (request phase) of the secret sharing protocol: the distributed system detects whether a query request sent by a query device is received, where the query device may be a user terminal or a cloud system, and for clarity of explanation of the embodiment of the present application, a concrete expression form in which the user terminal is the query device is exemplified. It may further be understood that the distributed system detects whether a query request sent by the user terminal is received, and if the query request sent by the user terminal is received, the distributed system needs to inform the user terminal that secret data is to be randomly generated, where the query request is represented by m and the secret data is represented by s.

After the distributed system receives the query request m and the secret data s of the user terminal, the query request m is encrypted by the secret data s in combination with a symmetric encryption algorithm to obtain ciphertext data, wherein the ciphertext data is represented by C, and the symmetric encryption algorithm can be SE, so that the ciphertext data C can be represented by c=se _s (m), wherein the decryption algorithm corresponding to the ciphertext data C is m=se ^-1 _s (C)。

The distributed system then runs a secret sharing protocol of the consensus protocol, by which secret data s is split into individual verifiable secret shares s_i, which are generated for individual servers, which are determined according to the number of servers in the distributed system, s_i can be denoted s_i if the number of servers is n, i e 1, 2. Then, the distributed system creates a protocol unique identifier with respect to the secret data s, the protocol unique identifier being represented by ct, and at the same time, the distributed system creates a proof of relationship between the protocol unique identifier ct and each verifiable secret share s_i, each proof of relationship being represented by proof_i, the proof of relationship proof proof_i corresponding to the verifiable secret shares s_i, i.e. it can be understood that if the verifiable secret shares s_i are s_1, s_2, s_3 and s_4, the proof of relationship proof proof_i is proof_1, proof_2, proof_3 and proof_4. The relationship proof proof_i is used to prove that the verifiable secret share s_i is the secret share corresponding to the value in the protocol unique identifier ct. As long as the protocol unique identifier ct agrees between the correct servers, the verifiable secret share s_i is uniquely determined.

Finally, the distributed system packages each verifiable secret share s_i, the protocol unique identifier ct, the ciphertext data C, and each relationship proof proof_i, resulting in each secret packaged data, which can be expressed as (s_i, ct, C, and proof_i). Meanwhile, the distributed system sends each secret packed data to each server through an authentication security channel, wherein each server is denoted by p_i.

In one embodiment, each verifiable secret share s_i is s_1, s_2, s_3, and s_4, each relationship proof proof_i is proof_1, proof_2, proof_3, and proof_4, and the distributed system packages each verifiable secret share s_1, protocol unique identifier ct, ciphertext data C, and relationship proof proof_1 to obtain secret packaged data 1, and secret packaged data 1 is (s_1, ct, C, and proof_1) sent to server p_1. Meanwhile, the distributed system packages the verifiable secret share s_2, the protocol unique identifier ct, the ciphertext data C and the relationship proof proof_2, and obtains secret package data 2, and the secret package data 2 is (s_2, ct, C and proof_2) and sends the secret package data 2 to the server p_2. Meanwhile, the distributed system packages the verifiable secret share s_3, the protocol unique identifier ct, the ciphertext data C and the relationship proof proof_3, and obtains secret package data 3, and the secret package data 3 is (s_3, ct, C and proof_3) and sends the secret package data 3 to the server p_3. Meanwhile, the distributed system packages the verifiable secret share s_4, the protocol unique identifier ct, the ciphertext data C and the relationship proof proof_4, and obtains secret package data 4, and the secret package data 4 is (s_4, ct, C and proof_4) and sends the secret package data 4 to the server p_4.

The embodiment of the application provides a secret sharing protocol which satisfies the requirement of a common-mode method due to the infinitesimal, the ciphertext data C, each verifiable secret share s_i, a protocol unique identifier ct and each relationship proof proof_i are packaged, each secret packaging data is sent to each server, the security and confidentiality of the secret packaging data are guaranteed, and further malicious defense is realized through the common-mode protocol.

Further, the AVSS may verify the consensus phase (consensus phase, AVSS secret extraction phase, and reply phase) of the secret sharing protocol: each server p_i receives the secret packaging data sent by the distributed system, and analyzes the secret packaging data to obtain verifiable secret shares s_i, ciphertext data C, a protocol unique identifier ct and a relation proof of each verifiable secret share s_i in the secret packaging data. The consensus phase, AVSS secret extraction phase and reply phase are completed according to the verifiable secret share s_i, ciphertext data C, protocol unique identifier ct and relationship proof proof_i, as described in steps S60 to S80.

Further, the embodiment of the application may also be that the user terminal itself sends the query request m to the server. Therefore, when the user terminal needs to send the query request m to the server, the user terminal needs to generate a secret data s, and encrypt the query request m through the secret data s in combination with the symmetric encryption algorithm to obtain ciphertext data C. The user terminal then runs a secret sharing protocol, i.e. splits the secret data s into individual verifiable secret shares s_i which are generated for the individual servers. Then, the user terminal creates a protocol unique identifier ct for the secret data s, and at the same time creates a proof of relationship proof of i between the protocol unique identifier ct and the respective verifiable secret shares s_i. Finally, the user terminal packages each verifiable secret share s_i, the protocol unique identifier ct, the ciphertext data C and each relationship proof proof_i to obtain each secret package data (s_i, ct, C and proof_i). At the same time, the user terminal transmits the respective secret packed data (s_i, ct, C, and proof_i) to the respective server p_i through the authenticated secret channel.

And step S60, controlling each server to operate consensus on the unique protocol identifier and the ciphertext data according to the relation proof.

Before the ciphertext data C and the protocol unique identifier ct are commonly recognized, each server p_i needs to verify the correctness of the relationship proof proof_i in the secret packed data to obtain a verification result, wherein the verification result can be the relationship proof proof_i is correct, and the verification result can also be the relationship proof proof_i is incorrect. Next, each server p_i determines whether the secret sharing protocol is authorized to share the ciphertext data C and the protocol unique identifier ct by the AVSS according to the authentication result, as described in step S601 to step S603.

If it is determined that the secret sharing protocol can be verified through the AVSS according to the verification result to perform consensus on the ciphertext data C and the protocol unique identifier ct, wherein the consensus is to sort the ciphertext data C and the protocol unique identifier ct, i.e., sort the ciphertext data C and the protocol unique identifier ct to satisfy the preset execution logic.

Further, the descriptions of step S601 to step S603 are as follows:

step S601, controlling each server to verify whether the relation of the server is correct;

Step S602, if each server verifies that the relationship proves correct, controlling each server to run consensus on the unique identifier of the protocol, the ciphertext data or/and the access control authority of the server;

and step S603, if each server verifies that the relationship proves incorrect, controlling each server to finish the subsequent flow.

Specifically, each server p_i determines, based on its relationship proof, whether the relationship between its protocol unique identifier ct and the verifiable secret share s_i meets a preset prescribed relationship. If it is determined that the relationship between its protocol unique identifier ct and the verifiable secret share s_i corresponds to a preset prescribed relationship, each server p_i determines that its relationship proves proof to be correct.

For the case where no access control rights are added: each server p_i shares its ciphertext data C and protocol unique identifier ct with the AVSS verifiable secret sharing protocol.

For the case of joining access control rights: each server p_i can verify through AVSS that the secret sharing protocol has a consensus on its access control rights, ciphertext data C, and protocol unique identifier ct.

Further, if it is determined that the relationship between the protocol unique identifier ct and the verifiable secret share s_i does not conform to the preset prescribed relationship, each server p_i determines that the relationship proof is incorrect, and ends the subsequent flow.

The embodiment of the application realizes malicious defense by consensus through relationship proof, and defends the Bayesian error.

In principle, the safety (safety) of meeting consensus due to infinitesimas is determined by the nature of the three aspects: the security of the original consensus protocol determines the consistency of the protocol unique identifier ct, the presence of the proving system determines that each correct server p_i gets the correct verifiable secret share s_i, the AVSS recovery stage determines that the correct server can get the correct and consistent secret data s, the consistency of the ciphertext data C and the decryption algorithm SE ^-1 The uniqueness of (c) determines the consistency of the query. In principle, causal sequences satisfying the consensus of the infinit are due to the confidentiality decisions of AVSS, and AVSS reconstruct is later than the consensus of the protocol unique identifier ct and ciphertext data C. In principle, the activity satisfying the consensus of the causative motif is determined by the consensus and the activity of AVSS.

Further, the optimizable method in step S60 is to add the HotStuff consensus protocol based on the secret extraction protocol of the AVSS verifiable secret sharing protocol, wherein the HotStuff consensus protocol is a three-round consensus protocol, and for the HotStuff consensus protocol and its variants, each server performs parallel operation in combination with the secret extraction protocol and the HotStuff last-round (third-round) consensus protocol: the verifiable secret shares s_i of the server itself are broadcasted, and secret data s of ciphertext data C in the respective server itself are obtained.

Further, other optimization methods may be the BKR (Ben-Or, kemler, rabin, PODC 1994) protocol and its variants, with BKR using RBC (reliable broadcast, reliably broadcast) and binary consensus (asynchronous binary agreement, ABA). Wherein, only the RBC part needs to be replaced by a secret sharing protocol (share protocol) of the AVSS verifiable secret sharing protocol, and the system efficiency is higher. After consensus is reached, the AVSS may run a secret abstraction protocol (reconstruct protocol) that may validate the secret sharing protocol.

Further, other optimization methods may be a multi-component verifiable consensus (multi-valued Byzantine agreement, MVBA) based consensus protocol, making a linear communication protocol with a method similar to the AVSS verifiable secret sharing protocol, and then replacing the protocol for transmitting data within the MVBA consensus protocol. The AVSS for linear communication may be implemented using a threshold signature or an aggregate signature.

Step S70, controlling each server to operate a secret extraction protocol, and broadcasting the verifiable secret share of each server to acquire secret data of ciphertext data in each server.

Each server broadcasts its own verifiable secret share s_i through the secret extraction protocol of the AVSS verifiable secret sharing protocol. Then, each server determines a recovery threshold number of the secret data, acquires a corresponding number of verifiable secret shares s_i according to the recovery threshold number, and reconstructs secret data s of ciphertext data C of each server, wherein the corresponding number is greater than or equal to the recovery threshold number.

In one embodiment, the recovery threshold number is 5, and each server needs to obtain a number of verifiable secret shares s_i greater than or equal to 5 to reconstruct the secret data s of the ciphertext data C of each server itself.

And step S80, controlling each server to decrypt the ciphertext data through the secret data thereof to obtain an inquiry request in the ciphertext data.

After each server obtains the secret data s of the server, the server decrypts the ciphertext data C of the server through the secret data s of the server to obtain an inquiry request m in the ciphertext data C, wherein a decryption algorithm corresponding to the ciphertext data C is the inquiry request m=SE ^-1 _s (C) A. The invention relates to a method for producing a fibre-reinforced plastic composite Further, after each server obtains the query request m, determining a query result R according to the query request m, and replying the query result R to the user terminal.

The embodiment of the application provides a consensus method meeting the requirement of an infinitesimal, in the process of decrypting ciphertext data, running consensus is required to be proved according to the relationship between a protocol unique identifier and a verifiable secret share, then a secret extraction protocol is run to recover secret data, and finally the ciphertext data is decrypted through the secret data, so that malicious defense is realized through the consensus protocol, and the Bayesian error is resisted.

It is noted that challenge request m and ciphertext data C may be large, verifiable secret shares s_1,..s_n are all small as verifiable secret shares, each verifiable secret share typically being 128 bits or more (but not too large), so that the broadcasting of n to n does not significantly increase the communication complexity of the protocol.

Further, once the AVSS can verify that the secret sharing protocol is complete, at least f+1 correct servers obtain the corresponding challenge request m, which is sufficient so that the user terminal can obtain correct replies in the future, i.e., f+1 consistent information (containing the same challenge request m).

Further, the AVSS verifiable secret sharing protocol in the embodiments of the present application may implement, for a conventional secret sharing protocol (e.g., a samil's secret sharing protocol): even if the special secret sharing server dialer is the wrong/malicious server, once the AVSS can verify that the secret sharing protocol can be completed, the correct server can get the corresponding verifiable secret share. Although not corresponding to secret data s, each correct server can obtain the same s' and therefore, consistency must be satisfied.

Further, the secret packed data may include access control rights in addition to the verifiable secret share s_i, the ciphertext data C, the protocol unique identifier ct and the relationship proof proof_i, and thus the distributed system needs to write the access control rights to the secret packed data when sending the secret packed data to the respective server p_i, as described in particular in steps a to b.

Step a, controlling each server to operate consensus on the access control authority, the protocol unique identifier and the ciphertext data according to the relation proof;

and b, controlling each server to send the self verifiable secret share to the user terminal according to the access control authority, and decrypting the ciphertext data by the user terminal in combination with the secret extraction protocol and each verifiable secret share to obtain the inquiry request.

The access control is achieved on the basis of meeting the consensus protocol in the embodiment, and the specific steps are as follows: each server p_i verifies the correctness of the relation proof proof_i in the secret packaging data of the server p_i to obtain a verification result. If the verification result is determined to be correct, each server p_i can verify the access control authority and the ciphertext data C of the server p_i through the AVSS and the protocol unique identifier ct is identified. Finally, each server p_i sends its own verifiable secret share s_i to the user terminal according to its access control rights. The user terminal receives verifiable secret shares s_i sent by each server p_i, when the number of the received verifiable secret shares s_i is larger than or equal to the recovery threshold number, the user terminal recovers the secret data s through a secret extraction protocol of an AVSS verifiable secret sharing protocol, and decrypts ciphertext data C according to the recovered secret data s to obtain query data m.

The embodiment of the application provides a consensus method for meeting the requirement of the infinitesimal, which combines a consensus protocol and access control, and enhances confidentiality and access control.

Further, the advantages of the consensus-based protocol (AVSS verifiable secret sharing protocol) versus the previous protocol of the embodiments of the present application are compared as follows: 1. (Reiter and Birman 1994; casin et al 2001) is distinct from the method based on threshold encryption threshold encryption; a disadvantage of threshold encryption threshold encryption is that the protocol is inefficient; and rely on various mathematical assumptions. While AVSS of embodiments of the present application may verify that the secret sharing protocol does not need to rely on various mathematical assumptions. 2. Methods based on the anti-ductile commitment scheme (Duan, reiter, and Zhang 2017) require twice the amount of interaction. While AVSS of embodiments of the present application may verify that the secret sharing protocol does not increase the amount of interaction. 3. Based on the traditional secret sharing protocol (non-AVSS verifiable secret sharing protocol), it is not possible to defend against malicious intent. The AVSS of the embodiments of the present application may verify that the secret sharing protocol may be resistant to malicious intent.

Further, referring to fig. 4 to 5, the consensus device for satisfying the causal infinitesimal provided in the present application is described below, and the consensus device for satisfying the causal infinitesimal described below and the consensus method for satisfying the causal infinitesimal described above may be referred to correspondingly.

As shown in fig. 4, fig. 4 is a schematic structural diagram of a consensus device for satisfying a cause of an infinitesimal, where the consensus device for satisfying a cause of an infinitesimal includes:

a receiving module 401, configured to control each server to receive the secret packed data sent by the distributed system;

a consensus module 402, configured to control each of the servers to perform consensus on its protocol unique identifier and its ciphertext data according to its relationship proof;

a broadcast obtaining module 403, configured to control each of the servers to run a secret extraction protocol, and broadcast its own verifiable secret share to obtain secret data of ciphertext data in each of the servers;

and the decryption module 404 is configured to control each server to decrypt its ciphertext data through its secret data, so as to obtain an inquiry request in its ciphertext data.

Further, the consensus module 402 is further configured to:

and controlling each server to operate consensus on the access control authority, the protocol unique identifier and the ciphertext data according to the relation proof.

Further, the broadcast acquisition module 403 is further configured to:

Further, the consensus module 402 is further configured to:

if each server verifies that the relation proves correct, controlling each server to run consensus on the unique identifier of the protocol, the ciphertext data or/and the access control authority of the server;

The specific embodiments of the consensus device meeting the requirement of the infinitesimal sequences provided by the application are basically the same as each embodiment of the consensus method meeting the requirement of the infinitesimal sequences, and are not repeated.

As shown in fig. 5, fig. 5 is a second schematic structural diagram of a consensus device satisfying the cause of infinitesimal, where the consensus device satisfying the cause of infinitesimal includes:

a receiving encryption module 501, configured to receive an inquiry request and secret data, and encrypt the inquiry request by combining the secret data with a symmetric encryption algorithm to obtain ciphertext data;

A generation module 502 for generating respective verifiable secret shares of respective servers from the secret data via a secret sharing protocol of a consensus protocol;

a creation module 503 for creating a protocol unique identifier of the secret data, creating a proof of relationship between the protocol unique identifier and each of the verifiable secret shares;

a packaging and transmitting module 504, configured to package the ciphertext data, each verifiable secret share, the unique protocol identifier, and each relationship certificate, to obtain each secret packaging data, and transmit each secret packaging data to each server through an authentication security channel.

FIG. 6 illustrates a physical structure diagram of a consensus system satisfying the causal infinitesimal, which may include: processor 610, communication interface (Communications Interface) 620, memory 630, and communication bus 640, wherein processor 610, communication interface 620, and memory 630 communicate with each other via communication bus 640.

The processor 610 may invoke logic instructions in the memory 630 to perform a consensus method that satisfies the causal infinitesimal, the method comprising:

Further, the logic instructions in the memory 630 may be implemented in the form of software functional units and stored in a computer-readable storage medium when sold or used as a stand-alone product. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.

In another aspect, the present application also provides a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, are capable of performing a consensus method for meeting a causal motif provided by the methods described above, the method comprising:

In yet another aspect, the present application also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, is implemented to perform the above-provided consensus method of satisfying causal infinitesimas, the method comprising:

The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.

From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.

Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present application, and are not limiting thereof; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the corresponding technical solutions.

Claims

1. A consensus method for satisfying causal infinitesimal sequences, comprising:

receiving a query request and secret data, and encrypting the query request through the secret data and a symmetric encryption algorithm to obtain ciphertext data;

packaging the ciphertext data, each verifiable secret share, each protocol unique identifier and each relationship certificate to obtain each secret packaging data, and sending each secret packaging data to each server through an authentication security channel;

2. The consensus method for satisfying a causal sequence according to claim 1, wherein the secret packing data comprises an access control authority, and the controlling each server after receiving the secret packing data sent by the distributed system further comprises:

3. The method of claim 1, wherein controlling each of the servers to run a secret extraction protocol to broadcast its own verifiable secret shares to obtain secret data of ciphertext data in each of the servers, comprises:

4. The consensus method for satisfying the causal infinitesimal order according to claim 1 or 2, wherein said controlling each of said servers to operate consensus on its protocol unique identifier, its ciphertext data, or/and its access control authority according to its relationship proof comprises:

5. The consensus method for satisfying a causal sequence according to claim 4, wherein said controlling each of said servers after verifying whether the relationship thereof proves correct, further comprises:

6. A consensus device for satisfying causal infinitesimal sequences, comprising:

the receiving encryption module is used for receiving the query request and secret data, and encrypting the query request through the secret data and a symmetric encryption algorithm to obtain ciphertext data;

the packaging and transmitting module is used for packaging the ciphertext data, each verifiable secret share, the protocol unique identifier and each relation certificate to obtain each secret packaging data, and transmitting each secret packaging data to each server through an authentication and confidentiality channel;

7. A consensus system satisfying a causal infinit comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the consensus method satisfying a causal infinit according to any of claims 1 to 5 when executing the computer program.

8. A computer readable storage medium comprising a computer program, characterized in that the computer program when executed by a processor implements the consensus method satisfying the causal infliction according to any of claims 1 to 5.