CN114422146A - Anonymous sorting method for block chain main nodes - Google Patents

Anonymous sorting method for block chain main nodes Download PDF

Info

Publication number
CN114422146A
CN114422146A CN202210083287.3A CN202210083287A CN114422146A CN 114422146 A CN114422146 A CN 114422146A CN 202210083287 A CN202210083287 A CN 202210083287A CN 114422146 A CN114422146 A CN 114422146A
Authority
CN
China
Prior art keywords
node
anonymous
nodes
ordered
commitment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210083287.3A
Other languages
Chinese (zh)
Other versions
CN114422146B (en
Inventor
胡凯
万季
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Priority to CN202210083287.3A priority Critical patent/CN114422146B/en
Publication of CN114422146A publication Critical patent/CN114422146A/en
Application granted granted Critical
Publication of CN114422146B publication Critical patent/CN114422146B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/42Anonymization, e.g. involving pseudonyms
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Abstract

The invention discloses an anonymous sorting method of a block chain main node, which comprises the following steps: initializing a blockchain system, wherein all nodes in a node set in the blockchain system generate the same century creation block; calculating a public commitment; sending an anonymous commitment; generating an ordered leader sequence; collecting votes; broadcasting an ordered leader sequence; waiting for the sequence leader sequence to time out. The identity authentication mechanism of the anonymous node is designed by comprehensively using the identities of various hidden host nodes of threshold signature and ring signature; on the premise that the respective identities are not revealed, the nodes generate a common main node sequence, and the ordered leader node list is periodically updated; the communication complexity of the algorithm is only O (n), and the performance and the expandability are good; the identity of the main node can be hidden through the algorithm, system faults caused by failure of the main node are reduced, and the safety of the block chain system is improved.

Description

Anonymous sorting method for block chain main nodes
Technical Field
The invention belongs to the technical field of block chain consensus, and particularly relates to an anonymous sorting method for a block chain main node.
Background
The blockchain is a revolutionary technology which is currently focused by strategic interest of each country, and is a distributed ledger-based database which is not falsifiable, traceable and grows continuously. A block chain is a chained data structure, and consists of growing blocks linked back and forth by hash pointers. Data in the blockchain can only be added, can not be deleted or tampered. The blockchain system is typically a distributed system in which each node maintains a copy of the local blockchain data. In the blockchain system, a blockchain consensus protocol sets a group of rules which each node must obey, and finally, the consistency of blockchain data backup of each node in the distributed system is ensured.
The consensus algorithm is an algorithm that all participants agree on task execution results under the condition of multi-party cooperation, and the consensus algorithm is mostly applied to ensure data consistency of a distributed system. To add a new node to the blockchain system, a consensus of each node through the blockchain is also needed. The block chain consensus algorithm is divided into two main steps: master node election and block consensus. In the master node election phase, a node (or nodes) becomes a block node and a new block is proposed. Due to the influence of malicious nodes and branching blocks which may exist in the distributed network, other nodes cannot directly add the new block into the local block chain after receiving the new block. All nodes need to agree on the new block and the backbone it constitutes using backbone consensus. The master node election and the block consensus jointly ensure the correctness and consistency of the block chain data, so that technical support is provided for establishing a trust relationship between untrusted subjects in a distributed environment. The blockchain consensus generally requires selecting a leader node that is responsible for initiating and sending proposals to other nodes, which update data based on the proposals. The leader node is responsible for proposing and generating blocks, which directly affects the performance and stability of the blockchain system. The selection mechanism of the out-block node of the block chain consensus protocol is similar to the leader election (leader election) problem in the traditional distributed protocol, namely that a leader node is selected by adopting a certain mechanism in the distributed system, the node is responsible for initiating a proposal and sending the proposal to other nodes, and the other nodes update data based on the proposal, so that the operation efficiency of the distributed system is improved. The leader election idea is applied to a series of subsequent distributed system consensus protocols, and as most of the blockchain systems are initiated by the out-of-block nodes and sent to other nodes, the stability of the main node is directly related to the overall stability of the system. The out-of-block node election mechanism is similar to the leader election problem, except that the out-of-block node election mechanism of the blockchain consensus protocol needs to defend against malicious nodes in the open network environment. By forging a large number of virtual nodes in the P2P network, malicious nodes may launch a witch attack, thereby controlling the blockchain system. In order to solve the problem, the block chain system usually has workload certification, rights and interests certification and verifiable random numbers in the selection link of the out-block nodes.
The block chain master node selection algorithm in the prior art comprises:
1. proof of workload
The first time, the bitcoin uses the Proof of work (PoW) mechanism to select the out-of-block nodes, and then a large amount of block chain research works and systems adopt the mechanism. Workload proofs are used to implement verifiable computing tasks. Workload proofs include two roles, a prover and a verifier, with the prover presenting proof to the verifier that he has completed a certain number of computational tasks within a certain period of time. Since generating evidence consumes a certain amount of computing resources, workload proofs may be used to mitigate spam and other denial of service attack issues.
Due to the sensitive input and collision resistance characteristics of the hash algorithm, the node only continuously adjusts input values (Nonce, transaction data and the like) to find the Nonce meeting the conditions. Thus, the probability that a node solves a problem and thus becomes a chunking node is proportional to its available computing resources. The investment of computing resources can be regarded as an identity pricing mechanism, even if an attacker forges a large number of virtual identities, the computing resources cannot be improved, and therefore the advantage of being a block outlet node is increased. Thus, the workload proving challenge solves the witch attack problem in distributed systems. On the other hand, due to the characteristics of quick forward and difficult reverse of the hash algorithm, the verification node can quickly verify the correctness by using the solution searched by the block node. Thus, the workload proving challenge enables publicly verifiable authentication in anonymous distributed networks.
2. Certificate of rights and interests
Aiming at the problem of resource waste of a workload certification mechanism, a bit currency community firstly proposes a rights and interests certification mechanism in 2011, and a block node is selected according to the number of bit currencies mastered by the node instead of a calculation force as a weight. The security of the equity certification mechanism is based on the assumption that the equity owner is more motivated to maintain network security than miners, and when the block chain system is attacked, the interests of the equity owner are more easily damaged. In 2012, the equity proof mechanism was first applied in the Point coin (Peercoin/Ppcin) system. The money points and points take the rights and interests as election weight, and the difficulty of rights and interests certification is brought forward.
Compared with the difficult problem of the workload certification of the bit currency, the difficult problem of the right and interest certification of the point currency is mainly different from two points: random number Nonce is removed in the hash operation, and the difficult problem of currency age adjustment is introduced. Due to the removal of the random number Nonce, the point currency and interest proving difficulty reduces the workload proving difficulty and the competitive problem. Given the metadata blockData, the consensus node can try only to obtain the timestamp variable in solving the point-currency interest proving difficult problem. Because the point coins adopt UNIX time stamps counted in seconds, the trial space is limited when the nodes solve the problem. Therefore, the money counting and right interest proving problem greatly reduces the calculation trial space of the workload proving problem and reduces the resource waste problem caused by the calculation force competition.
3. Verifiable random function
The equity proof mechanism alleviates the problem of computational waste of the workload proof mechanism to a certain extent, but the competitive election mechanism based on the difficult problem solution is adopted. In order to further solve the problem of power waste and improve the election efficiency of the node of the block, some systems adopt a mechanism based on a random function. The mechanism adopts a random algorithm to determine the block nodes, and meanwhile, other nodes can verify the correctness of the identity of the block nodes through the random algorithm. As the block node is formed by no longer using the computational competition, the rights and interests based on the random function prove to belong to a non-competitive election mechanism.
The verifiable random function can be regarded as a random prediction machine, and a random number output is obtained through any input, so that the following conditions are met:
1) the output values are random for different inputs and are evenly distributed over the range of values.
2) For the same input, the resulting output must be the same.
But the verifiable randomizer has a non-interactive zero-knowledge proof that the randomizer has more than one random function, and can be used to prove the correctness of the random number output, indicating that the random number was indeed generated by someone. It contains four functions: generating a secret key, generating random number output, calculating zero knowledge proof and verifying random number output. The process of generating the random number and its proof is performed locally, the input being the private key and a value. The output is the random number and its zero knowledge proof. After receiving the input and the proof, the other nodes can verify the random number by combining the public key of the node generating the random number. The host node can be randomly selected by adopting a mechanism based on a random function, and compared with a polling algorithm, the security of the system is improved to a certain extent.
However, most of the existing consensus algorithms have the following disadvantages:
1. all the nodes and the identity information are publicly visible in the whole network, and the nodes are sequentially used as main nodes to generate blocks according to a fixed sequence, so that the main nodes are easily attacked by malicious nodes, the proposal of the main nodes is interrupted, and the activity and the safety of the system are influenced.
2. The existing main node selection algorithm adopts a difficult problem solving or random selection mechanism, needs to pay more system computing power, and is difficult to adapt to a use scene with higher performance and expansibility; the expression is as follows: when the leader node is selected by strategies such as workload certification, right and interest certification, verifiable random functions and the like, a competitive election mechanism based on difficult problem solving needs to pay more calculation power. Although the verifiable random function solves the problems of generation and verification of random numbers, and selects the main node through the random number strategy, the system resource needs to be consumed more because of calling various encryption algorithms and zero knowledge proof, and the system resource is difficult to adapt to the use scene with higher performance and expansibility.
Disclosure of Invention
The invention aims to provide an anonymous block chain master node sorting method, which hides the identity of master nodes through various algorithms, and all the nodes periodically generate the same master node sequence on the premise of not revealing the respective identity of each node. The algorithm can hide the identity of the main node, reduce system failure caused by the attack of the main node and improve the safety of the block chain system.
The invention provides an anonymous sorting method of a block chain main node on one hand, which comprises the following steps:
step 1: initializing a blockchain system, wherein all nodes in a node set in the blockchain system generate the same century creation block, the century creation block is a special block and comprises ID and IP information of the nodes in an initial state, and the nodes in the blockchain system sequentially become main nodes of the blockchain system according to the sequence of the nodes in the century creation block;
step 2: calculating a public commitment;
and step 3: sending an anonymous commitment;
and 4, step 4: generating an ordered leader sequence;
and 5: collecting votes;
step 6: broadcasting an ordered leader sequence;
and 7: waiting for the sequence leader sequence to time out.
Preferably, the step 2 comprises: if the view increment value of the node is equal to the period piThen an anonymous master node selection algorithm is initiated, node N in the blockchain systemiComputing certificates
Figure RE-RE-GDA0003550986390000061
The certificate
Figure RE-RE-GDA0003550986390000062
Representing a node NiDigital signature at block height h, the certificate
Figure RE-RE-GDA0003550986390000063
Is an important proof of node identity, each node only stores own certificate and cannot forge certificates of other common nodes, and node calculation is carried out to generate public commitment
Figure RE-RE-GDA0003550986390000064
Pairing said credentials by irreversibility of a Hash function
Figure RE-RE-GDA0003550986390000065
To enable anonymous hiding.
Preferably, the step 3 comprises: the node NiAnonymous commitment of
Figure RE-RE-GDA0003550986390000066
Figure RE-RE-GDA0003550986390000067
Including the public promise
Figure RE-RE-GDA0003550986390000068
And its ring signature, height hiAnd view viSaid node NiSending anonymous commitments to anonymous master node sequences
Figure RE-RE-GDA0003550986390000069
A corresponding node, wherein n has an initial value of 1 and n > 0.
Preferably, the step 4 comprises: node NjReceiving anonymous commitment sent by other nodes
Figure RE-RE-GDA0003550986390000071
Then, first, the public acceptance is judged
Figure RE-RE-GDA0003550986390000072
Whether it is valid, including signing the ring
Figure RE-RE-GDA0003550986390000073
And the public promise
Figure RE-RE-GDA0003550986390000074
Verifying the public promise by a verification function as an input parameter
Figure RE-RE-GDA0003550986390000075
The effectiveness of (a); if the anonymous commitment
Figure RE-RE-GDA0003550986390000076
Validation of corresponding public commitments
Figure RE-RE-GDA0003550986390000077
Putting into an ordered leader sequence in ascending order; if the anonymous commitment
Figure RE-RE-GDA0003550986390000078
Invalidating, discarding the corresponding public commitments
Figure RE-RE-GDA0003550986390000079
Wherein the node NjOnly the anonymous commitment can be determined
Figure RE-RE-GDA00035509863900000710
Is ring signed by a node in the node set, but cannot know which node specifically generated the anonymous commitment;
node NiMultiple different anonymous commitments may be generated due to network failure or malicious failure
Figure RE-RE-GDA00035509863900000711
And
Figure RE-RE-GDA00035509863900000712
these anonymous commitments are sent to node Nj. To prevent multiple anonymous commitments from being generated by the same node, the impact is to generate a correct generation ordered leader sequence. Node NjAfter receiving anonymous commitment
Figure RE-RE-GDA00035509863900000713
When this happens, verification is required. An anonymous commitment is considered if and only if the following constraints are met
Figure RE-RE-GDA00035509863900000714
The method has the advantages of high efficiency,
Figure RE-RE-GDA00035509863900000715
invalid and discarded:
Figure RE-RE-GDA00035509863900000716
Figure RE-RE-GDA00035509863900000717
constraint conditions are as follows:
(1)
Figure RE-RE-GDA00035509863900000718
(2)
Figure RE-RE-GDA00035509863900000719
(3)vi′≥vi
(4)hi′≥hi
constraint (1) indicates that node NiOnly a unique public commitment at altitude h can be made otherwise the node must be a byzantine failed node. Constraint (2) representation
Figure RE-RE-GDA00035509863900000720
And
Figure RE-RE-GDA00035509863900000721
is composed of the same consensus node NiDifferent anonymous commitments under the height h generated. Constraint (3) and constraint (4) indicate having a higher view vi' or height hiThe anonymous commitment of' is valid. If all the constraint conditions cannot be satisfied simultaneously, the node N is also considerediIs a byzantine fault node.
Preferably, the step 5 comprises: after the maximum waiting time is exceeded, node NjBroadcasting ordered leader sequences to other nodes in a node set
Figure RE-RE-GDA0003550986390000081
Node NiExamination ofValidity thereof, i.e. determining self-open commitments
Figure RE-RE-GDA0003550986390000082
Whether or not to be included in
Figure RE-RE-GDA0003550986390000083
Performing the following steps; if the verification is passed, the node NiTo node NjSending partial threshold signature votes representing node NiAgreeing on the validity of the ordered leader sequence.
Preferably, the step 6 includes: if node NjReceiving more than 2f +1 ordered leader sequences
Figure RE-RE-GDA0003550986390000084
Partial threshold signature of messages, considering that most honest nodes vote to agree with the ordered leader sequence
Figure RE-RE-GDA0003550986390000085
Node synthesizing the ordered leader sequence
Figure RE-RE-GDA0003550986390000086
And broadcasting an ordered leader sequence
Figure RE-RE-GDA0003550986390000087
And a corresponding full threshold signature message.
Preferably, the step 7 comprises: if node NiNot receiving an ordered leader sequence at maximum latency
Figure RE-RE-GDA0003550986390000088
And the corresponding complete threshold signature message, skipping to step 3, and the node NiTo the leader node
Figure RE-RE-GDA0003550986390000089
And (4) the corresponding node sends an anonymous commitment, the steps 3 to 7 are repeated, and finally the algorithm returns an ordered leader sequence.
A second aspect of the present invention provides an anonymous sorting system for a blockchain master node, including:
the system comprises an initialization module, a block chain system and a block chain management module, wherein the initialization module is used for initializing the block chain system, all nodes in a node set in the block chain system generate the same century creation block, the century creation block comprises ID and IP information of the nodes in an initial state, and the nodes in the block chain system sequentially become main nodes of the block chain system according to the sequence of the nodes in the century creation block;
a public promise calculating module for calculating a public promise;
an anonymous commitment sending module, which is used for sending anonymous commitments;
an ordered leader sequence generation module to generate an ordered leader sequence;
the voting collection module is used for collecting votes;
an ordered leader sequence broadcasting module for broadcasting an ordered leader sequence;
and the waiting module is used for waiting for the sequence overtime of the sequence leader.
A third aspect of the invention provides an electronic device comprising a processor and a communication circuit, the processor being connected to the communication circuit and configured to execute instructions to implement the method according to the first aspect.
A fourth aspect of the invention provides a computer readable storage medium storing a plurality of instructions readable by a processor and performing the method of the first aspect.
The anonymous sorting method, system and electronic device for the block chain main nodes provided by the invention have the following beneficial effects:
the identity authentication mechanism of the anonymous node is designed by comprehensively using the identities of various hidden host nodes of threshold signature and ring signature. On the premise that the respective identities are not revealed, the nodes generate a common master node sequence, and the ordered leader node list is periodically updated. The communication complexity of the algorithm is only O (n), and the method has good performance and expandability. The identity of the main node can be hidden through the algorithm, system faults caused by failure of the main node are reduced, and the safety of the block chain system is improved.
Drawings
Fig. 1 is a flow chart of a method according to a preferred embodiment of the present invention.
Fig. 2 is a configuration diagram of an electronic apparatus according to a preferred embodiment of the present invention.
Detailed Description
The following detailed description of embodiments of the present invention is provided in connection with the accompanying drawings and examples. The following examples are intended to illustrate the invention but are not intended to limit the scope of the invention.
Referring to fig. 1, the embodiment provides an anonymous block chain master node sorting method, where master node identities are hidden through multiple algorithms, and on the premise that respective identities are not revealed by each node, all nodes periodically generate the same master node sequence, and the algorithm has a linear communication complexity, and a message transfer complexity is only o (n), so that the algorithm has good performance and expandability. The algorithm can hide the identity of the main node, reduce system failure caused by the attack of the main node and improve the safety of the block chain system.
To achieve anonymous communication between nodes, a concept of commitment is first involved. All nodes participating in the consensus have a commitment
Figure RE-RE-GDA0003550986390000101
The commitment consists of three parts. Wherein
Figure RE-RE-GDA0003550986390000102
Represents a credential, is node NiA digital signature generated using a private key for a block of height h itself. For public acceptance
Figure RE-RE-GDA0003550986390000103
Is expressed according to a certificate
Figure RE-RE-GDA0003550986390000104
And calculating the hash generation. Anonymous commitments
Figure RE-RE-GDA0003550986390000105
Is calculated from the public commitments using a ring signature algorithm.
Voucher(s)
Figure RE-RE-GDA0003550986390000106
Representing a node NiThe digital signature at block height h is different for different heights of corresponding credentials. The voucher needs to be generated by the private key of the node, and one node cannot forge the voucher for generating other nodes. Since the public key is publicly visible, the certificate
Figure RE-RE-GDA0003550986390000107
May be verified by other nodes in the node set.
Open promise
Figure RE-RE-GDA0003550986390000108
Is based on certificates
Figure RE-RE-GDA0003550986390000109
And calculating and taking the result of the Hash value. Irreversibility pair certificate through Hash function
Figure RE-RE-GDA00035509863900001010
The information of (2) is hidden anonymously. Other nodes in the node set can calculate the public promise according to the certificate, but the certificate cannot be deduced reversely from the public promise, and each certificate and the public promise are in one-to-one correspondence.
Anonymous commitments
Figure RE-RE-GDA0003550986390000111
Including public commitments
Figure RE-RE-GDA0003550986390000112
And its ring signature, height hiAnd view vi. The advantage of using ring signatures is anonymity. Other nodes in the node set may commit anonymously
Figure RE-RE-GDA0003550986390000113
Verifying public promise
Figure RE-RE-GDA0003550986390000114
The effectiveness of (c). But does not know which consensus node in the set of nodes generated the anonymous and public commitments.
The target of the algorithm is node NiGenerating a set of identity-hidden anonymous master node sequences
Figure RE-RE-GDA0003550986390000115
Figure RE-RE-GDA0003550986390000116
Wherein i represents the number of the node, h represents the corresponding block height when the anonymous main node sequence is generated, and the corresponding anonymous main node sequences with different heights are different. Anonymous master node sequence
Figure RE-RE-GDA0003550986390000117
A set of hidden identity potential master nodes is included, ordered in ascending order of the value of the public commitment.
Figure RE-RE-GDA0003550986390000118
The subscript is denoted as an element of n (e.g.,
Figure RE-RE-GDA0003550986390000119
Figure RE-RE-GDA00035509863900001110
at the same time, the requirement of optional taking
Figure RE-RE-GDA00035509863900001111
The nodes become master nodes in turn and generate blocks in the order of the anonymous master node sequence.
Node NiAnonymous selection of master nodes according to period, i.e. each time a view is added by period piAnd executing a primary anonymous selection main node algorithm. Input parameters of algorithmNumber is height hiV view ofiPeriod p ofiThe output result is an ordered leader sequence of nodes.
As shown in fig. 1, the present embodiment provides an anonymous sorting method for a blockchain master node, including:
step 1: initializing a blockchain system, wherein all nodes in a node set in the blockchain system generate the same century creation block, the century creation block is a special block and comprises ID and IP information of the nodes in an initial state, and the nodes in the blockchain system sequentially become main nodes of the blockchain system according to the sequence of the nodes in the century creation block;
step 2: computing a public promise, including if the view added value of a node is equal to the period piThen an anonymous master node selection algorithm is initiated, node N in the blockchain systemiComputing certificates
Figure RE-RE-GDA0003550986390000121
The certificate
Figure RE-RE-GDA0003550986390000122
Representing a node NiDigital signature at block height h, the certificate
Figure RE-RE-GDA0003550986390000123
Is an important proof of node identity, each node only stores own certificate and cannot forge certificates of other common nodes, and node calculation is carried out to generate public commitment
Figure RE-RE-GDA0003550986390000124
Pairing said credentials by irreversibility of a Hash function
Figure RE-RE-GDA0003550986390000125
The information of (2) realizes anonymous hiding;
and step 3: sending an anonymous commitment, the node NiAnonymous commitment of
Figure RE-RE-GDA0003550986390000126
Figure RE-RE-GDA0003550986390000127
Including the public promise
Figure RE-RE-GDA0003550986390000128
And its ring signature, height hiAnd view viSaid node NiSending anonymous commitments to anonymous master node sequences
Figure RE-RE-GDA0003550986390000129
A corresponding node, wherein the initial value of n is 1 and n is greater than 0;
and 4, step 4: an ordered leader sequence is generated. Node NjReceiving anonymous commitment sent by other nodes
Figure RE-RE-GDA00035509863900001210
Then, first, the public acceptance is judged
Figure RE-RE-GDA00035509863900001211
Whether it is valid, including signing the ring
Figure RE-RE-GDA00035509863900001212
And the public promise
Figure RE-RE-GDA00035509863900001213
Verifying the public promise by a verification function as an input parameter
Figure RE-RE-GDA00035509863900001214
The effectiveness of (a); if the anonymous commitment
Figure RE-RE-GDA00035509863900001215
Validation of corresponding public commitments
Figure RE-RE-GDA00035509863900001216
Put into the ordered leader in ascending orderA sequence; if the anonymous commitment
Figure RE-RE-GDA00035509863900001217
Invalidating, discarding the corresponding public commitments
Figure RE-RE-GDA00035509863900001218
Wherein the node NjOnly the anonymous commitment can be determined
Figure RE-RE-GDA00035509863900001219
Is ring signed by a node in the node set, but cannot know which node specifically generated the anonymous commitment;
node NiMultiple different anonymous commitments may be generated due to network failure or malicious failure
Figure RE-RE-GDA00035509863900001220
And
Figure RE-RE-GDA00035509863900001221
these anonymous commitments are sent to node Nj. To prevent multiple anonymous commitments from being generated by the same node, the impact is to generate a correct generation ordered leader sequence. Node NjAfter receiving anonymous commitment
Figure RE-RE-GDA00035509863900001222
When this happens, verification is required. An anonymous commitment is considered if and only if the following constraints are met
Figure RE-RE-GDA00035509863900001223
The method has the advantages of high efficiency,
Figure RE-RE-GDA00035509863900001224
invalid and discarded:
Figure RE-RE-GDA0003550986390000131
Figure RE-RE-GDA0003550986390000132
constraint conditions are as follows:
(1)
Figure RE-RE-GDA0003550986390000133
(2)
Figure RE-RE-GDA0003550986390000134
(3)vi′≥vi
(4)hi′≥hi
constraint (1) indicates that node NiOnly a unique public commitment at altitude h can be made otherwise the node must be a byzantine failed node. Constraint (2) representation
Figure RE-RE-GDA0003550986390000135
And
Figure RE-RE-GDA0003550986390000136
is composed of the same consensus node NiDifferent anonymous commitments under the height h generated. Constraint (3) and constraint (4) indicate having a higher view vi' or height hiThe anonymous commitment of' is valid. If all the constraint conditions cannot be satisfied simultaneously, the node N is also considerediIs a byzantine fault node.
And 5: collecting votes, comprising: after the maximum waiting time is exceeded, node NjBroadcasting ordered leader sequences to other nodes in a node set
Figure RE-RE-GDA0003550986390000137
Node NiChecking its validity, i.e. determining its public commitment
Figure RE-RE-GDA0003550986390000138
Whether or not to be included in
Figure RE-RE-GDA0003550986390000139
Performing the following steps; if the verification is passed, the node NiTo node NjSending partial threshold signature votes representing node NiAgreeing to the validity of the ordered leader sequence;
step 6: broadcasting an ordered leader sequence comprising: if node NjReceiving more than 2f +1 ordered leader sequences
Figure RE-RE-GDA00035509863900001310
Partial threshold signature of messages, considering that most honest nodes vote to agree with the ordered leader sequence
Figure RE-RE-GDA00035509863900001311
Node synthesizing the ordered leader sequence
Figure RE-RE-GDA00035509863900001312
And broadcasting an ordered leader sequence
Figure RE-RE-GDA00035509863900001313
And corresponding complete threshold signature messages;
and 7: waiting for the sequence leader sequence to time out, comprising: if node NiNot receiving an ordered leader sequence at maximum latency
Figure RE-RE-GDA0003550986390000141
And the corresponding complete threshold signature message, skipping to step 3, and the node NiTo the leader node
Figure RE-RE-GDA0003550986390000142
And (4) the corresponding node sends an anonymous commitment, the steps 3 to 7 are repeated, and finally the algorithm returns an ordered leader sequence.
The present embodiment further provides an anonymous sorting system for a blockchain master node, including:
the system comprises an initialization module, a block chain system and a block chain management module, wherein the initialization module is used for initializing the block chain system, all nodes in a node set in the block chain system generate the same century creation block, the century creation block comprises ID and IP information of the nodes in an initial state, and the nodes in the block chain system sequentially become main nodes of the block chain system according to the sequence of the nodes in the century creation block;
a public promise calculating module for calculating a public promise;
an anonymous commitment sending module, which is used for sending anonymous commitments;
an ordered leader sequence generation module to generate an ordered leader sequence;
the voting collection module is used for collecting votes;
an ordered leader sequence broadcasting module for broadcasting an ordered leader sequence;
and the waiting module is used for waiting for the sequence overtime of the sequence leader.
As shown in fig. 2, the present embodiment further provides an electronic device, which includes a processor 301 and a communication circuit 302 connected to the processor 301, wherein a plurality of instructions are stored in the processor 301, and the instructions can be loaded and executed by the processor, so that the processor 301 can execute the method described above.
The present embodiments also provide a computer-readable storage medium storing a plurality of instructions for implementing the method as described above.
The system, the method and the electronic equipment provided by the embodiment have the following beneficial effects:
(1) the internal parallel flow design of the S-PBFT consensus protocol fully utilizes idle computing resources generated in the network communication process in a pipeline mode, and the idle time in the broadcast data waiting process is recycled in a transaction collection advance and data cache mode, so that the consensus flow is more efficient.
(2) The data throughput capacity of the alliance chain is improved by simplifying and parallelizing the flow of the mainstream PBFT consensus protocol. Since the preparation stage of the S-PBFT is reduced compared to the PBFT, the check of the consensus broadcast completion block is performed only once, and when the host node performs a block transaction, it is determined that it is bad, the PBFT protocol cannot correctly perform the next round of consensus. In this case, alternate master selection introduced by the SBFT circumvents error conditions caused by inconsistency of master node data. The alternate master selection process enables the signature data generated after the nodes perform block transaction to be checked in the next round of consensus, and the master nodes with inconsistent data are replaced due to the fact that the consensus cannot pass through, so that the Byzantine fault-tolerant characteristic and the availability of the S-PBFT are guaranteed.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention. It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (10)

1. A method for anonymous ordering of a blockchain master node, comprising:
step 1: initializing a blockchain system, wherein all nodes in a node set in the blockchain system generate the same century creation block, the century creation block is a special block and comprises ID and IP information of the nodes in an initial state, and the nodes in the blockchain system sequentially become main nodes of the blockchain system according to the sequence of the nodes in the century creation block;
step 2: calculating a public commitment;
and step 3: sending an anonymous commitment;
and 4, step 4: generating an ordered leader sequence;
and 5: collecting votes;
step 6: broadcasting an ordered leader sequence;
and 7: waiting for the sequence leader sequence to time out.
2. The anonymous ordering method of the blockchain master node according to claim 1, wherein the step 2 comprises: if the view increment value of the node is equal to the period piThen an anonymous master node selection algorithm is initiated, node N in the blockchain systemiComputing certificates
Figure FDA0003486781100000011
The certificate
Figure FDA0003486781100000012
Representing a node NiDigital signature at block height h, the certificate
Figure FDA0003486781100000013
Is an important proof of node identity, each node only stores own certificate and cannot forge certificates of other common nodes, and node calculation is carried out to generate public commitment
Figure FDA0003486781100000014
Pairing said credentials by irreversibility of a Hash function
Figure FDA0003486781100000015
To enable anonymous hiding.
3. The anonymous ordering method of the master node of the blockchain according to claim 1, wherein the step 3 comprises: the node NiAnonymous commitment of
Figure FDA0003486781100000016
Figure FDA0003486781100000017
Including the public promise
Figure FDA0003486781100000018
And its ring signatureHeight hiAnd view viSaid node NiSending anonymous commitments to anonymous master node sequences
Figure FDA0003486781100000019
Corresponding node, where n has an initial value of 1 and n>0。
4. The anonymous ordering method of the blockchain master node according to claim 1, wherein the step 4 comprises: node NjReceiving anonymous commitment sent by other nodes
Figure FDA0003486781100000021
Then, first, the public acceptance is judged
Figure FDA0003486781100000022
Whether it is valid, including signing the ring
Figure FDA0003486781100000023
And the public promise
Figure FDA0003486781100000024
Verifying the public promise by a verification function as an input parameter
Figure FDA0003486781100000025
The effectiveness of (a); if the anonymous commitment
Figure FDA0003486781100000026
Validation of corresponding public commitments
Figure FDA0003486781100000027
Putting into an ordered leader sequence in ascending order; if the anonymous commitment
Figure FDA0003486781100000028
Invalidating, discarding the correspondingOpen promise
Figure FDA0003486781100000029
Wherein the node NjOnly the anonymous commitment can be determined
Figure FDA00034867811000000210
Is ring signed by a node in the node set, but cannot know which node specifically generated the anonymous commitment;
node NiMultiple different anonymous commitments may be generated due to network failure or malicious failure
Figure FDA00034867811000000211
And
Figure FDA00034867811000000212
these anonymous commitments are sent to node Nj. To prevent multiple anonymous commitments from being generated by the same node, the impact is to generate a correct generation ordered leader sequence. Node NjAfter receiving anonymous commitment
Figure FDA00034867811000000213
When this happens, verification is required. An anonymous commitment is considered if and only if the following constraints are met
Figure FDA00034867811000000214
The method has the advantages of high efficiency,
Figure FDA00034867811000000215
invalid and discarded:
Figure FDA00034867811000000216
Figure FDA00034867811000000217
constraint conditions are as follows:
(1)
Figure FDA00034867811000000218
(2)
Figure FDA00034867811000000219
(3)vi'≥vi
(4)hi'≥hi
constraint (1) indicates that node NiOnly a unique public commitment at altitude h can be made otherwise the node must be a byzantine failed node. Constraint (2) representation
Figure FDA0003486781100000031
And
Figure FDA0003486781100000032
is composed of the same consensus node NiDifferent anonymous commitments under the height h generated. Constraint (3) and constraint (4) indicate having a higher view vi' or height hiThe anonymous commitment of' is valid. If all the constraint conditions cannot be satisfied simultaneously, the node N is also considerediIs a byzantine fault node.
5. The anonymous ordering method of the blockchain master node according to claim 1, wherein the step 5 comprises: after the maximum waiting time is exceeded, node NjBroadcasting ordered leader sequences to other nodes in a node set
Figure FDA0003486781100000033
Node NiChecking its validity, i.e. determining its public commitment
Figure FDA0003486781100000034
Whether or not to includeIn at least
Figure FDA0003486781100000035
Performing the following steps; if the verification is passed, the node NiTo node NjSending partial threshold signature votes representing node NiAgreeing on the validity of the ordered leader sequence.
6. The anonymous ordering method of the blockchain master node according to claim 1, wherein the step 6 comprises: if node NjReceiving more than 2f +1 ordered leader sequences
Figure FDA0003486781100000036
Partial threshold signature of messages, considering that most honest nodes vote to agree with the ordered leader sequence
Figure FDA0003486781100000037
Node synthesizing the ordered leader sequence
Figure FDA0003486781100000038
And broadcasting an ordered leader sequence
Figure FDA0003486781100000039
And a corresponding full threshold signature message.
7. The anonymous ordering method of the blockchain master node according to claim 1, wherein the step 7 comprises: if node NiNot receiving an ordered leader sequence at maximum latency
Figure FDA00034867811000000310
And the corresponding complete threshold signature message, skipping to step 3, and the node NiTo the leader node
Figure FDA00034867811000000311
And (4) the corresponding node sends an anonymous commitment, the steps 3 to 7 are repeated, and finally the algorithm returns an ordered leader sequence.
8. A system for anonymous ordering of blockchain master nodes implementing the method of any of claims 1 to 7, comprising:
the system comprises an initialization module, a block chain system and a block chain management module, wherein the initialization module is used for initializing the block chain system, all nodes in a node set in the block chain system generate the same century creation block, the century creation block comprises ID and IP information of the nodes in an initial state, and the nodes in the block chain system sequentially become main nodes of the block chain system according to the sequence of the nodes in the century creation block;
a public promise calculating module for calculating a public promise;
an anonymous commitment sending module, which is used for sending anonymous commitments;
an ordered leader sequence generation module to generate an ordered leader sequence;
the voting collection module is used for collecting votes;
an ordered leader sequence broadcasting module for broadcasting an ordered leader sequence;
and the waiting module is used for waiting for the sequence overtime of the sequence leader.
9. An electronic device comprising a processor and communication circuitry, the processor coupled to the communication circuitry, the processor configured to execute instructions to implement the method of any of claims 1-7.
10. A computer-readable storage medium storing a plurality of instructions readable by a processor and performing the method of any one of claims 1-7.
CN202210083287.3A 2022-01-25 2022-01-25 Method for anonymously sequencing main nodes of blockchain Active CN114422146B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210083287.3A CN114422146B (en) 2022-01-25 2022-01-25 Method for anonymously sequencing main nodes of blockchain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210083287.3A CN114422146B (en) 2022-01-25 2022-01-25 Method for anonymously sequencing main nodes of blockchain

Publications (2)

Publication Number Publication Date
CN114422146A true CN114422146A (en) 2022-04-29
CN114422146B CN114422146B (en) 2023-07-04

Family

ID=81277767

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210083287.3A Active CN114422146B (en) 2022-01-25 2022-01-25 Method for anonymously sequencing main nodes of blockchain

Country Status (1)

Country Link
CN (1) CN114422146B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115314352A (en) * 2022-07-27 2022-11-08 北京航空航天大学 Privacy-enhanced fair block chain leader election method and device
CN115664714A (en) * 2022-09-22 2023-01-31 中国人民解放军国防科技大学 TEE-based anonymous selection committee method, system and medium on block chain

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110289966A (en) * 2019-06-19 2019-09-27 西南交通大学 Anti-adaptive attack alliance's chain common recognition method based on Byzantine failure tolerance
CN112367174A (en) * 2020-11-06 2021-02-12 深圳前海微众银行股份有限公司 Block chain consensus method and device based on attribute values
CN112437049A (en) * 2020-11-06 2021-03-02 深圳前海微众银行股份有限公司 BFT-based block chain consensus method and device
US20210160223A1 (en) * 2019-11-25 2021-05-27 Electronics And Telecommunications Research Institute Anonymous credential authentication system and method thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110289966A (en) * 2019-06-19 2019-09-27 西南交通大学 Anti-adaptive attack alliance's chain common recognition method based on Byzantine failure tolerance
US20210160223A1 (en) * 2019-11-25 2021-05-27 Electronics And Telecommunications Research Institute Anonymous credential authentication system and method thereof
CN112367174A (en) * 2020-11-06 2021-02-12 深圳前海微众银行股份有限公司 Block chain consensus method and device based on attribute values
CN112437049A (en) * 2020-11-06 2021-03-02 深圳前海微众银行股份有限公司 BFT-based block chain consensus method and device

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115314352A (en) * 2022-07-27 2022-11-08 北京航空航天大学 Privacy-enhanced fair block chain leader election method and device
CN115314352B (en) * 2022-07-27 2023-12-12 北京航空航天大学 Privacy-enhanced fair blockchain leader election method and device
CN115664714A (en) * 2022-09-22 2023-01-31 中国人民解放军国防科技大学 TEE-based anonymous selection committee method, system and medium on block chain

Also Published As

Publication number Publication date
CN114422146B (en) 2023-07-04

Similar Documents

Publication Publication Date Title
CN109842606B (en) Block chain consensus algorithm and system based on consistent Hash algorithm
Wahab et al. Survey of consensus protocols
Cai et al. Towards private, robust, and verifiable crowdsensing systems via public blockchains
CN112073483B (en) Authority certification consensus method and system based on credit and committee endorsement mechanism
Zhan et al. DRBFT: Delegated randomization Byzantine fault tolerance consensus protocol for blockchains
Shu et al. Blockchain-based decentralized public auditing for cloud storage
CN110855432B (en) Asynchronous BFT & DPOS consensus mechanism for assigning verifier rewards based on verifiable random functions
CN114422146B (en) Method for anonymously sequencing main nodes of blockchain
CN112651830B (en) Block chain consensus method applied to power resource sharing network
CN110990790B (en) Data processing method and equipment
Lin et al. Blockchain-based complete self-tallying E-voting protocol
Aluko et al. Proof-of-reputation: an alternative consensus mechanism for blockchain systems
Zhu et al. New instant confirmation mechanism based on interactive incontestable signature in consortium blockchain
Zhang et al. An efficient and robust committee structure for sharding blockchain
Wan et al. AnonymousFox: An efficient and scalable blockchain consensus algorithm
Corman et al. A Secure Group Agreement (SGA) protocol for peer-to-peer applications
US20220278854A1 (en) Unity Protocol Consensus
Chen et al. Cipherchain: a secure and efficient ciphertext blockchain via mpeck
Wang et al. Consensus algorithm based on verifiable randomness
Mahmood et al. Survey of consensus protocols
Sadiah et al. An efficient anonymous reputation system for crowdsensing
Zhou et al. Fair cloud auditing based on blockchain for resource-constrained IoT devices
Lijuan et al. Electronic Voting Scheme Based on Blockchain and SM2 Cryptographic Algorithm Zero-Knowledge Proof
Lu et al. Self-tallying e-voting with public traceability based on blockchain
Dong et al. DAON: A decentralized autonomous oracle network to provide secure data for smart contracts

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant