CN114640466A - Layered architecture-oriented PBFT consensus node dynamic adjustment method - Google Patents

Layered architecture-oriented PBFT consensus node dynamic adjustment method Download PDF

Info

Publication number
CN114640466A
CN114640466A CN202210253255.3A CN202210253255A CN114640466A CN 114640466 A CN114640466 A CN 114640466A CN 202210253255 A CN202210253255 A CN 202210253255A CN 114640466 A CN114640466 A CN 114640466A
Authority
CN
China
Prior art keywords
consensus
node
cluster
nodes
group
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210253255.3A
Other languages
Chinese (zh)
Other versions
CN114640466B (en
Inventor
唐飞
徐婷鲜
彭金兰
黄永洪
黄东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing University of Post and Telecommunications
Original Assignee
Chongqing University of Post and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing University of Post and Telecommunications filed Critical Chongqing University of Post and Telecommunications
Priority to CN202210253255.3A priority Critical patent/CN114640466B/en
Publication of CN114640466A publication Critical patent/CN114640466A/en
Application granted granted Critical
Publication of CN114640466B publication Critical patent/CN114640466B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1044Group management mechanisms 
    • H04L67/1048Departure or maintenance mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1044Group management mechanisms 
    • H04L67/1051Group master selection mechanisms

Abstract

The invention relates to the field of consensus mechanism of block chains, in particular to a PBFT consensus node dynamic adjustment method for a hierarchical architecture, which comprises the steps of clustering terminal nodes by using a K-means clustering algorithm, taking the cluster center of each cluster of a clustering result as a first-layer consensus group, and taking other nodes in the cluster as a second-layer consensus group; the node serving as a cluster center in each cluster interacts with other nodes in the cluster to perform threshold proxy authorization; broadcasting the data abstract owned by the node in each cluster, enabling the node in the cluster as a cluster center to serve as a main node of a second-layer consensus group, and performing consensus on data in a period of time; nodes in the first layer of consensus combination are used as main nodes in turn, and the node which is currently used as the main node packs the consensus result completed in the cluster where the node is located and initiates consensus; the invention ensures that the consensus can successfully reach the consistency, and simultaneously the block chain technology ensures the safety of the data stored by the terminal node of the Internet of things to a certain extent.

Description

Layered architecture-oriented PBFT consensus node dynamic adjustment method
Technical Field
The invention relates to the field of consensus mechanisms of block chains, in particular to a PBFT consensus node dynamic adjustment method for a layered architecture.
Background
As the technology of the blockchain gradually matures, the application scenarios of the blockchain are also more and more extensive. The blockchain is essentially a distributed storage system, all nodes jointly maintain normal operation of the whole blockchain ecology, but the nodes cannot trust each other, and there may be operations which are performed by malicious nodes for the benefit of the malicious nodes and damage the overall benefit of the system. To protect against this potential threat, the blockchain system needs a consensus mechanism to make the nodes agree on each other to ensure the final consistency of the data. The research on the consensus mechanism of the block chain has important significance on the aspects of safety, transaction processing speed increase, expandability and the like of the block chain. The practical Byzantine fault-tolerant algorithm (PBFT) is the most commonly adopted classic consensus scheme in the current alliance chain and the private chain, and mainly utilizes a consistency protocol, a check point protocol and a view switching protocol to jointly maintain one state of the system, verify requests in the system and reach a conclusion of consistency.
In a conventional blockchain Byzantine (BFT) consensus algorithm, when the number of offline consensus nodes in the network exceeds 1/3 of the total number of consensus group nodes, the BFT consensus algorithm cannot be completed, so that the system is stuck in the current round and cannot continue, thereby causing the whole blockchain network to be broken down. However, in the application of the internet of things, this situation is very likely to happen, and the safety and stability of the block chain technology in the application of the internet of things are greatly limited. Since the internet of things devices are controlled by the terminal, the operation state of each internet of things device may be different. Some internet of things devices may only be turned on during hours and turned off at other times. The working time of each terminal is different, so the opening and closing time of the internet of things equipment is different. Meanwhile, as the internet of things devices operate on the public network, the network condition will also weaken, which will suddenly cause some internet of things devices to disconnect from the network. In addition to the situation where there is an end node going offline, there is also a need for new end nodes to join the consensus. In the face of joining and exiting of consensus nodes, the most straightforward way is to first shut down all consensus nodes, modify the configuration file, and then reload all consensus nodes, but this approach is inefficient and requires stopping the service of the entire blockchain network, which is not desirable.
Disclosure of Invention
In order to guarantee the safety of the data stored in the terminal node of the internet of things, the invention provides a PBFT consensus node dynamic adjustment method for a layered architecture, which is used for realizing dynamic adjustment of consensus nodes in the internet of things and guaranteeing successful completion of a consensus process, and specifically comprises the following steps:
s1, clustering the terminal nodes by using a K-media clustering algorithm, taking the cluster center of each cluster of the clustering result as a first-layer consensus group, and taking other nodes in the cluster as a second-layer consensus group;
s2, interacting the node as the cluster center in each cluster with other nodes in the cluster, and performing threshold proxy authorization;
s3, broadcasting the data summary owned by each cluster by the node in each cluster, enabling the cluster as the cluster center to serve as the main node of the second-layer consensus group, and performing consensus on the data in a period of time;
and S4, taking the nodes in the first-layer consensus as the main nodes in turn, packing the formula results completed in the cluster where the node currently serves as the main node, and initiating consensus in the round of consensus.
Further, clustering the terminal nodes by using a K-mediads clustering algorithm includes:
s11, selecting N nodes with higher reputation values as a clustering center by the terminal node according to a reputation mechanism;
s12, using a K-means clustering algorithm to perform primary clustering by taking the distance as a similarity judgment standard by other terminal nodes;
s13, after the preliminary clustering is finished, aggregating two cluster centers with the shortest distance each time by taking the distance between the cluster centers as a contraction factor, and contracting the cluster where the cluster centers are located;
and S14, repeating the step S13 until the cluster center in the contracted cluster reaches the number of the set representative points, and finishing clustering.
Further, the node in each cluster as the cluster center interacts with other nodes in the cluster, and the threshold proxy authorization comprises the following steps:
s21: taking the cluster center in each cluster as an original signer A, taking other nodes in the cluster as an agent group B, and taking the original signer A and the agent group
Figure BDA0003547763080000021
Generating and disclosing part of public parameters through information interaction;
s22: the original signer A and the agent group B carry out information interaction, and the original signer A generates authorization information according to the interaction information;
s23: agent team member BiAfter receiving the authorization message, the combined verification is carried out to determine that the authorization message comes from the original signer A and B after the verification is passediCalculating to obtain a threshold proxy key of the user, wherein i belongs to [1,22];
S24: agent team member BiGeneration of threshold proxy signatures s using threshold proxy keysiThen the signature is broadcast, BiReceiving at least t signatures sent by other members, and recovering the signature s of the original signer A by using the received signatures;
s25: the other members verify whether the aggregated signature is correct using the public key of a.
Further, each intra-cluster node packs data collected in a period of time and performs consensus in a cluster, and the method comprises the following steps:
s31: the intra-cluster nodes generate data abstracts by using the data collected by the intra-cluster nodes through a Hash algorithm, and broadcast the data abstracts in the clusters;
s32: the main node collects all data summaries in a period of time and initiates PBFT consensus;
s33: after consensus is achieved, all nodes in the cluster will store the consensus result in the local cache Buff.
Further, the process of consensus in the first layer consensus group comprises the following steps:
s41: all nodes of the first-layer consensus group select a main node in a polling mode;
s42: in [ ts ]1,ts2]In the period of time, the main node checks whether data exist in the buffer zone Buff of the main node, if so, the PBFT consensus algorithm is executed, the result of the second-layer consensus group consensus is used as the value which is required to be consistent in the current round, if not, the authority of the main node is handed to the next representative point, and the representative point which is the same cluster is skipped;
s43: after the consensus of the first layer is achieved, each representative point broadcasts the consensus result to the nodes in the cluster, and the nodes in the cluster receive the consensus result after receiving the broadcast message of more than half of the representative nodes in the cluster, so as to complete the consensus.
Further, the process of adding the new node into the consensus group comprises the following steps:
s51, judging the distance between the new node and each cluster center, and selecting the cluster with the shortest distance as the cluster expected to be added;
s52, sending a joining application to the cluster expected to join, wherein the joining application at least comprises the identity information and the public key information of the new node;
s53, judging whether the new node can be added according to the identity information and the public key information of the new node, and if the new node can be added, initializing the credit value of the new node;
and S54, when the number of the newly added nodes in a cluster is more than or equal to half of the total number of the agent groups, the cluster needs to carry out threshold agent right signature again.
Further, when one-time consensus is completed, if a certain total credit value is given to the nodes participating in the one-time consensus, the nodes participating in the one-time consensus are enabled to equally divide the total credit value; if the node state is on-line but not as the node state, deducting the consensus credit value at the time, wherein the deducted value is the credit value obtained by the node successfully participating in the consensus and is not used as the node participating in the consensus process but not forwarding the message; if the node state is offline, but other nodes in the cluster help the proxy signature to succeed, the node does not deduct the score, but does not participate in bisecting the total reputation value; if the node state is offline and other nodes in the cluster do not help the agents thereof, the nodes are not processed; wherein the node offline includes a temporary offline and a permanent offline.
Further, when a node in the second-layer consensus group is temporarily offline in the consensus process, the node can be treated as a down node, and the consensus fault tolerance of the cluster is f 21, the node is kicked out of the consensus group before the next round of consensus, and when the node returns to the network, the node is added into the consensus group again according to the new node adding process, but the credit value does not need to be initialized;
when a node in the first layer consensus group is temporarily off-line in the consensus process, the intra-cluster node generates a threshold proxy signature agent to complete the current round of consensus, the result of the threshold proxy signature is recovered by other representative points in the same cluster and is broadcasted to the first layer consensus, and when the off-line node returns to the consensus group again, the proxy signature of the agent group is invalid through one-time broadcast information of the off-line node;
wherein f is2Is the tolerable number of byzantine for a cluster.
Further, when a node in the second-layer consensus group is permanently offline in the consensus process, the node can be treated as a down node, and the consensus fault tolerance of the cluster is f 21, the node is kicked out of the consensus group before the next round of consensus and its reputation value and all its identity information are removed from the network;
when a node in the first-layer consensus group permanently exits in the consensus process, the signature authority of the node is proxied by the node in the cluster, whether other representative points in the same cluster are online needs to be detected, and if all the representative points in the same cluster are permanently offline, all the nodes are clustered and divided again;
wherein, f2Is the tolerable number of byzantine for a cluster.
The invention uses the technologies of threshold proxy signature, consensus mechanism, multi-center K-medoids clustering algorithm and the like to divide the terminal nodes in the scene of the Internet of things into two-layer structures, thereby improving the expandability of the consensus mechanism. In a conventional blockchain Byzantine (BFT) consensus algorithm, when the number of offline consensus nodes in the network exceeds 1/3 of the total number of consensus group nodes, the BFT consensus algorithm cannot be completed, so that the system is stuck in the current round and cannot continue, thereby causing the whole blockchain network to be broken down. However, in the application of the internet of things, the situation is very likely to happen, and the safety and the stability of the block chain technology in the application of the internet of things are greatly limited. Therefore, the threshold proxy signature algorithm is introduced, when the node is offline, other node proxy offline nodes finish signature, and consensus can be guaranteed to achieve consistency smoothly. Meanwhile, the safety of the data stored in the terminal node of the Internet of things is guaranteed to a certain extent due to the characteristics of distributed storage, traceability, tamper resistance and the like of the block chain technology.
Drawings
Fig. 1 is a general flowchart of a PBFT consensus node dynamic adjustment method for a hierarchical architecture according to an embodiment of the present invention;
fig. 2 is a hierarchical architecture of a PBFT consensus node dynamic adjustment method for the hierarchical architecture according to an embodiment of the present invention;
fig. 3 is a consensus flow chart of a hierarchical architecture-oriented PBFT consensus node dynamic adjustment method according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention provides a PBFT consensus node dynamic adjustment method for a layered architecture, which is used for realizing dynamic adjustment of consensus nodes in the Internet of things and ensuring that a consensus process is successfully completed, and specifically comprises the following steps:
s1, clustering the terminal nodes by using a K-means clustering algorithm, taking the cluster center of each cluster of the clustering result as a first-layer consensus group, and taking other nodes in the cluster as a second-layer consensus group;
s2, interacting the node as the cluster center in each cluster with other nodes in the cluster, and performing threshold proxy authorization;
s3, broadcasting the data summary owned by each cluster by the node in each cluster, enabling the cluster as the cluster center to serve as the main node of the second-layer consensus group, and performing consensus on the data in a period of time;
and S4, taking the nodes in the first-layer consensus as the main nodes in turn, packing the formula results completed in the cluster where the node currently serves as the main node, and initiating consensus in the round of consensus.
The embodiment provides a PBFT consensus node dynamic adjustment method for a layered architecture, and relates to a block chain, a consensus mechanism and a clustering algorithm, wherein the block chain (Blockchain) is a chain data structure formed by combining data block chains in a sequential connection mode according to a time sequence, and a distributed account book which is not falsifiable and counterfeitable of data is guaranteed in a cryptographic mode. The blockchain is essentially a distributed storage system, all nodes jointly maintain normal operation of the whole blockchain ecology, but the nodes cannot trust each other, and there may be operations which are performed by malicious nodes for the benefit of the malicious nodes and damage the overall benefit of the system. To protect against this potential threat, the blockchain system needs a consensus mechanism to make the nodes agree on each other to ensure the final consistency of the data. The scheme mainly comprises 6 steps: terminal node layering, threshold proxy authorization, second-layer consensus group consensus, first-layer consensus group consensus, node dynamic joining and node quitting.
Fig. 1 is a general flowchart of a solution provided in an embodiment of the present invention, and a specific flowchart includes:
s1: and the terminal nodes are clustered and divided by using a K-media clustering algorithm, the divided clustering center is a first-layer consensus group, and the nodes in the cluster are second-layer consensus groups. The total number of the nodes of the first layer of the consensus group is n1≥3f1+1,f1For which tolerable worship accountThe number of the courts. The total number of the nodes of the second layer consensus group is n2≥3f2+1,f2For which tolerable number of Byzantines (n of different clusters)2The values may be different);
s2: the cluster center node interacts with member nodes in a cluster where the cluster center node is located to complete threshold proxy authorization;
s3: the cluster nodes broadcast the owned data abstracts, and the cluster centers thereof act as main nodes of a second-layer consensus group to perform consensus on the data abstracts within a period of time;
s4: the consensus of the first layer consensus group is realized by packing the current cluster and the completed consensus result by the main node of the current consensus round, and initiating consensus in the current round of consensus;
s5: the method for the new node to join the consensus group comprises the following steps: and selecting clusters and authenticating identity by using a K-medoids clustering algorithm.
S6: the mode that the consensus node exits the consensus group comprises two modes: temporary offline and permanent exit.
Fig. 2 is a terminal node hierarchical structure diagram provided in the embodiment of the present invention, in step S1, the terminal nodes are divided into two layers by a K-medoids clustering algorithm, and the division rule includes:
s11: and the terminal node selects N nodes with higher reputation values as a clustering center (representative point) according to the reputation mechanism.
S12: and the other terminal nodes use a K-means clustering algorithm to perform preliminary clustering by taking the distance as a similarity evaluation criterion.
S13: after the preliminary clustering is completed, clustering is performed again between the cluster center nodes, a plurality of representative points in the cluster are realized to represent one cluster, and a plurality of representative points in the cluster can be adopted to represent one cluster by referring to a CURE algorithm. And shrinking the cluster center node to the center of the cluster according to a certain shrinkage factor in each agglomeration. By adjusting the shrinkage factor, clusters that have agglomerated can be efficiently separated. In each agglomeration, the algorithm is to agglomerate two clusters with the nearest distance and shrink the clusters; the above process is repeated until the number of representative points of the clusters is satisfactory, the number of representative points in each cluster may be manually set, and a person skilled in the art may set the number of representative points to a fixed value or set according to specific data such as the scale of the node, and the present embodiment studies the number. The final end node is divided into a plurality of clusters, and each cluster has a plurality of representative points to represent all the nodes in the cluster.
In step S2, the threshold of the threshold proxy signature is 2t, where 2t ═ f2+1, the process of threshold proxy key authorization includes four steps: proxy authorization, authorization verification and threshold proxy key generation, threshold proxy signature generation and signature verification. The detailed process is as follows:
s21: representative point A and agent team
Figure BDA0003547763080000081
Some public parameters are generated and disclosed through information interaction; disclosure of parameters including
Figure BDA0003547763080000082
Wherein p and q are both large prime numbers, E is defined in a finite field FpElliptic curve of (G ═ x)G,yG) Is the base point of order q above E; h:
Figure BDA0003547763080000083
the expression hash function H maps a bit string composed of 0 and 1 of an arbitrary length to a finite field
Figure BDA0003547763080000084
H denotes a hash function, {0,1}*A bit string of 0 and 1 representing an arbitrary length,
Figure BDA0003547763080000085
represents all integers from 1 to p-1; the representative point A is a public and private key pair (d)A,PA) In which P isA=dAG;IDAAs original signer A with length of entlenADiscernable identification of bits, ENTLAIs composed of an integer entlenA2 bytes converted; zAComprising an off-line sectionThe distinguishable identity of point A, the partial elliptic curve system parameters and the public key hash value of the original signer A, denoted as ZA=H256(ENTLA||IDA||a||b||xG||yG||xA||yA),H256() Representing a cryptographic hash function mapping a string to a 256-bit string, | | | representing a concatenation of strings or bit strings, a, b representing an elliptic curve y2=x3Coefficient of + ax + b, xGThe abscissa, y, of a base point G on the elliptic curveGRepresenting the ordinate of the base point G on the elliptic curve, the public key P of the original signer AA=dAG=(xA,yA) (ii) a M represents a signed message, denoted as
Figure BDA0003547763080000086
S22: and the representative point A and the agent group B carry out information interaction, and the representative point A generates authorization information according to the interaction information. It should be noted that, a person skilled in the art may complete the authorization of the representative point a to the members of the agent group according to the existing authorization algorithm, where the interaction information of the representative point a and the agent group B may be adaptively adjusted according to the actually adopted authorization algorithm, and only the authorization of the agent point a to the members of the agent group needs to be completed. This embodiment provides a method for authorization of members of an agent team on behalf of a point A, the detailed steps are as follows (B is an agent team member B)iA is the operation of representative point a, C is the operation of the signature verifier):
B1:Biselecting a t-1 degree polynomial fi(x)=ki+ai,1x+ai,2x2+...+ai,t-1xt-1modq,BiCalculating fi(IDj) To corresponding BjAnd obtains its secret share ki', wherein kiIs BiGenerated random numbers, the agent group generating common random numbers
Figure BDA0003547763080000091
B2:BiCalculating the point G on the elliptic curveB=KBG, and mixing GBTo representative point a.
G sent by at least t agent team members is received at ABThen, the following operation steps are carried out:
a1: generation of random number K using random number generatorAIn which K isA∈[1,q-1]。
A2: calculating the point G on the elliptic curveA=KAG。
A3: calculating another point G on the elliptic curveAB=(x1,y1)=KAGB
A4: calculating rAB=x1mod q, if rABIf 0, the process returns to step a 1.
A5: computing
Figure BDA0003547763080000092
If s isAIf 0, the process returns to step a 1. sAIs the proxy key for the agent group on behalf of point a.
A6: selecting a t-1 degree polynomial f for the representative point AA(x)=sA+a1x+a2x2+...+at-1xt-1modq, and calculate fA(IDi)=sA,imodq。
A7: represents point A will (G)A,GAB,sA,i) Sent to B as proxy authorization informationi
S23: agent team member BiAfter receiving the authorization message, the combined verification is carried out to determine that the authorization message really comes from the representative point A and B after the verification is passediThe threshold proxy key of the user is obtained through formula calculation, wherein i belongs to [1,22]. A person skilled in the art may select a method for verifying the authorization information according to actual needs, and this embodiment provides an embodiment mode for verifying the method for authorizing the members of the agent team by the representative point a in step S22, where the steps of verifying and generating the agent key are as follows:
B3:Bicalculating another point G on the elliptic curveAB=(x2,y2)=KBGA
B4:BiCalculating rA'B=x2mod q and sA,iGAAnd then s isA,iGAIs sent to Bj,BjReceive at least t pieces of sA,iGAThe message is processed by an interpolation formula to obtain sAGAIf and only if sAGA=rA'BPAThe proxy team accepts the delegation.
B5-Once BiReceiving the request, calculating
Figure BDA0003547763080000093
As its own proxy key, the proxy key of B is
Figure BDA0003547763080000101
S24: agent team member BiGeneration of threshold proxy signatures s using threshold proxy keysiThen the signature is broadcast, BiAnd after receiving the signatures sent by at least t other members, the signature s of the agent point A can be recovered through an interpolation formula. And generating an agent group B in the threshold agent signature, and performing the following steps:
b7: performing 2t-1 order Joint-ZSS, sharing a share of mui
B8:BiBy pair dB,iPerforming secret reverse sharing to obtain
Figure BDA0003547763080000102
Secret shared share c ofi=(dBβ)-1βimodq。
B9:BiGeneration of a random number share τ by distributed secret sharingiCalculating τiGABAnd sends it to Bj
B10:BjReceiving at least t pieces of TiGABThe message is a message that is sent to the user,obtaining tau G through an interpolation formulaAB=(x3,y3)。
B11:BiCalculating r ═ e + x3) modq if r is 0 or rGAB+τGAB=qGABThen return to B9.
B12:BiCalculating a partial signature si=cii+r)+μi-r。
B13 at least 2t participants BiBroadcasts its signature (r, s)i)。
B14:BiThe signature result (r, s) is obtained by an interpolation formula, and s is ((1+ d)B)-1(k-r)-r)modq。
S25: after the threshold proxy signature is generated, the final signature result (G) is obtained by other representative points in the same clusterABR ', s') are broadcast into the first layer consensus group, the members of which can verify their proxy signature using the public key representing point a. Verifying the threshold proxy signature includes:
c1, checking whether r' epsilon [1, q-1] is true, if not, the verification is not passed.
C2, checking whether s' epsilon [1, q-1] is true, and if not, verifying not to be passed.
C3 position
Figure BDA0003547763080000103
M' represents a message to be authenticated.
C4 calculation
Figure BDA0003547763080000104
And C5, calculating eta ═ (r '+ s') modq, and if eta is 0, the verification is failed.
C6 calculating the point X ═ X'3,y'3)=s'GAB+ηrABpkACalculating R ═ e '+ x'3) modq, accepting the signature if and only if R ═ R'; otherwise the signature cannot be verified, "refusing to accept the signature".
In step S3, the intra-cluster node packs the data collected over a period of time and performs a consensus in the cluster, where the consensus comprises the following steps:
s31: the intra-cluster nodes generate data abstracts by using the data collected by the intra-cluster nodes through a Hash algorithm, and then broadcast the data abstracts in the clusters;
s32: the main node (acted by the representative points in turn) collects all data summaries in a period of time and initiates a PBFT consensus;
s33: after the consensus is achieved, all nodes in the cluster store the consensus result in a local cache Buff;
in step S4, the main node in the current consensus round packs the consensus results that have been completed in the cluster where the main node is located, and initiates consensus in the current consensus round. The method comprises the following steps:
s41: in the first layer consensus group, selecting a main node between the representative points in a polling mode;
s42: in [ ts ]1,ts2]In the period of time, the master node checks whether data exist in the buffer Buff of the master node, if so, the master node executes a PBFT consensus algorithm, the result of the second-layer consensus group consensus is used as a value to be agreed in the current round, and if not, the authority of the master node is handed to the next representative point (skipping over the representative point which is the same cluster, namely, the nodes in the cluster are identified in the cluster, and other representative points in the same cluster certainly have no need to be used as the consensus master node);
s43: after the consensus of the first layer is achieved, each representative point broadcasts the consensus result to the nodes in the cluster, and the nodes in the cluster receive the consensus result when receiving the broadcast message of more than half of the representative nodes in the cluster.
In step S5, the method for the new node to join the consensus group includes:
s51: the addition of a new node will first select the cluster center closest to it based on distance.
S52: the new node will propose an adding application to the selected cluster, the adding application contains the identity, public key and other information of the adding node, and is used for judging whether the new node can add into the consensus group, applying for the selected cluster, and auditing all representative points in the cluster, if all the representative points pass, the adding will be successful; the cases where addition is not possible are: the public key of the node applying for joining cannot verify the ciphertext encrypted by the private key provided by the node, namely the public key and the private key disclosed by the node are not matched, or the identity information provided by the node is not real, for example, the IP address is invalid and virtual.
S53: and after the new node is successfully added, a credit initial value is given to the new node, and the initial value is set by a user according to actual application. When the number of the newly added nodes is more than or equal to half of the total number of the agent groups, the cluster performs threshold agent weight signature authorization again, for example, if ten nodes are initially arranged in one cluster, three representative points a, b and c are arranged, all three representative points can perform agent authorization, when one representative point is used as an original signer, the other nine nodes are used as the agent groups, and if the number of the newly added nodes exceeds 5, the cluster performs threshold agent weight signature authorization again.
When one-time consensus is completed, if a certain total credit value is given to the nodes participating in the consensus, the nodes participating in the consensus are divided into the total credit value; if the node state is online but not as online, the consensus credit value at the time is deducted, and the deducted value is the credit value obtained by the node successfully participating in the consensus and is not taken as the consensus process but does not forward the message (possibly because the network is too bad, the delay is too large, and the like); if the node state is offline, but other nodes in the cluster help the proxy signature to succeed, the node does not deduct the score, but does not participate in bisecting the total reputation value; if the node state is offline and other nodes in the cluster do not help the agent, the node is not treated as a treatment, but in practical application, the agent point completes agent authorization at the beginning, the condition that no node helps the agent signature is only that the original agent node is offline, most members in the agent group are offline (cannot reach the threshold of the agent), the agent cannot be completed, and the cluster needs to be subdivided in the condition.
In step S6, the exit of the consensus node from the consensus group includes two modes: a temporary offline and a permanent exit, the temporary offline comprising:
s611: when a node in the second layer consensus group is temporarily offline in the consensus process, the node can be treated as a downtime node, and the consensus fault tolerance of the cluster is f 21, the node is kicked out of the consensus group before the next round of consensus, and when the node returns to the network, the node is added into the consensus group again according to the adding process, but the credit value of the node is not cleared;
s612: when a node in the first layer consensus group is temporarily offline in the consensus process, the cluster node generates a threshold proxy signature agent to complete the current round of consensus by using the method of claim 3, the result of the threshold proxy signature is recovered from other representative points in the same cluster and is broadcasted to the first layer consensus, and when the node which is temporarily offline returns to the consensus group again, the agent signature of the agent group is invalidated through one-time broadcast of the node;
threshold proxy signatures need a node in a cluster to aggregate received threshold signatures, other representative points in the same cluster execute an interpolation algorithm to recover the signatures, and then the signatures are broadcasted to a first-layer consensus group.
The permanent exit comprises:
s621: when a node in the second-layer consensus group is permanently offline in the consensus process, the node can be treated as a downtime node, and the consensus fault tolerance of the cluster is f 21, the node is kicked out of the consensus group before the next round of consensus and its reputation value and all its identity information are removed from the network;
s622: when a node in the first-layer consensus group exits permanently in the consensus process, the signature authority of the node is replaced by the node in the cluster, whether other representative points in the same cluster are on line needs to be detected, and if all the representative points in the same cluster are off line permanently, the related processes of cluster division need to be carried out again.
In the process of the step S1-6, the reputation mechanism of the consensus node has the following rules:
1. if the node successfully completes the consensus process, adding a certain reward score;
2. if the node is online but not as such, the corresponding score is deducted;
3. if the node is offline, but the cluster nodes help the proxy signature to succeed and the consensus to be completed successfully, the offline node cannot deduct the point and cannot add the point, and the point added after the consensus is completed is averagely distributed to the nodes in the proxy group.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (9)

1. A PBFT consensus node dynamic adjustment method for a layered architecture is characterized in that the method is used for realizing dynamic adjustment of consensus nodes in the Internet of things and guaranteeing successful completion of consensus processes, and specifically comprises the following steps:
s1, clustering the terminal nodes by using a K-media clustering algorithm, taking the cluster center of each cluster of the clustering result as a first-layer consensus group, and taking other nodes in the cluster as a second-layer consensus group;
s2, interacting the node as the cluster center in each cluster with other nodes in the cluster, and performing threshold proxy authorization;
s3, broadcasting the data summary owned by each cluster by the node in each cluster, enabling the cluster as the cluster center to serve as the main node of the second-layer consensus group, and performing consensus on the data in a period of time;
and S4, taking the nodes in the first-layer consensus as the main nodes in turn, packing the formula results completed in the cluster where the node currently serves as the main node, and initiating consensus in the round of consensus.
2. The method for dynamically adjusting PBFT consensus node for a hierarchical architecture according to claim 1, wherein clustering the terminal nodes by using a K-mediads clustering algorithm comprises:
s11, selecting N nodes with higher reputation values as a clustering center by the terminal node according to a reputation mechanism;
s12, using a K-means clustering algorithm to perform preliminary clustering by taking the distance as a similarity judgment standard by other terminal nodes;
s13, after the preliminary clustering is finished, aggregating two cluster centers with the shortest distance each time by taking the distance between the cluster centers as a contraction factor, and contracting the cluster where the cluster centers are located;
and S14, repeating the step S13 until the cluster center in the contracted cluster reaches the number of the set representative points, and finishing clustering.
3. The method for dynamically adjusting PBFT consensus node for a hierarchical architecture according to claim 1, wherein the node in each cluster as a cluster center interacts with other nodes in the cluster, and performing threshold proxy authorization comprises the following steps:
s21: taking the cluster center in each cluster as an original signer A, taking other nodes in the cluster as an agent group B, and taking the original signer A and the agent group
Figure FDA0003547763070000011
Generating and disclosing part of public parameters through information interaction;
s22: the original signer A and the agent group B carry out information interaction, and the original signer A generates authorization information according to the interaction information;
s23: agent team member BiAfter receiving the authorization message, the combined verification is carried out to determine that the authorization message comes from the original signer A and B after the verification is passediCalculating to obtain a threshold proxy key of the user, wherein i belongs to [1,22];
S24: agent team member BiGeneration of threshold proxy signatures s using threshold proxy keysiThen the signature is broadcast, BiReceiving at least t signatures sent by other members, and recovering the signature s of the original signer A by using the received signatures;
s25: the other members verify whether the aggregated signature is correct using the public key of a.
4. The method for dynamically adjusting PBFT consensus nodes for hierarchical architecture according to claim 1, wherein each intra-cluster node packs data collected over a period of time and performs a consensus within a cluster, comprising the following steps:
s31: the intra-cluster nodes generate data abstracts by using the data collected by the intra-cluster nodes through a Hash algorithm, and broadcast the data abstracts in the clusters;
s32: the main node collects all data summaries in a period of time and initiates PBFT consensus;
s33: after consensus is achieved, all nodes in the cluster will store the consensus result in the local cache Buff.
5. The method for dynamically adjusting PBFT consensus node for hierarchical architecture according to claim 1, wherein the process of consensus of the first layer consensus group comprises the following steps:
s41: all nodes of the first-layer consensus group select a main node in a polling mode;
s42: in [ ts ]1,ts2]In the period of time, the main node checks whether data exist in the buffer zone Buff of the main node, if so, the PBFT consensus algorithm is executed, the result of the second-layer consensus group consensus is used as the value which is required to be consistent in the current round, if not, the authority of the main node is handed to the next representative point, and the representative point which is the same cluster is skipped;
s43: after the consensus of the first layer is achieved, each representative point broadcasts the consensus result to the nodes in the cluster, and the nodes in the cluster receive the consensus result after receiving the broadcast message of more than half of the representative nodes in the cluster, so as to complete the consensus.
6. The method for dynamically adjusting PBFT consensus node for hierarchical architecture according to claim 1, wherein the process of adding a new node to a consensus group comprises the following steps:
s51, judging the distance between the new node and each cluster center, and selecting the cluster with the shortest distance as the cluster expected to be added;
s52, sending a joining application to the cluster expected to join, wherein the joining application at least comprises the identity information and the public key information of the new node;
s53, judging whether the new node can be added according to the identity information and the public key information of the new node, and if the new node can be added, initializing the credit value of the new node;
and S54, when the number of the newly added nodes in a cluster is more than or equal to half of the total number of the agent groups, the cluster needs to carry out threshold agent right signature again.
7. The method according to claim 1, wherein when one consensus is completed, if a certain total reputation value is given to the nodes participating in the one consensus, the nodes participating in the one consensus are divided into two equal total reputation values; if the node state is online but not as online, deducting the consensus credit value at the time, wherein the deducted value is the credit value obtained by the node successfully participating in the consensus and is not taken as the node participating in the consensus process but not forwarding the message; if the node state is offline, but other nodes in the cluster help the proxy signature to succeed, the node does not deduct the score, but does not participate in bisecting the total reputation value; if the node state is offline and other nodes in the cluster do not help the agent, the node is not processed;
wherein the node offline includes a temporary offline and a permanent offline.
8. The method as claimed in claim 7, wherein when a node in the second-tier consensus group is temporarily offline in the consensus process, the node is treated as a down node, and the consensus fault tolerance of the cluster is f21, the node is kicked out of the consensus group before the next round of consensus, and when the node returns to the network, the node is added into the consensus group again according to the new node adding process, but the credit value does not need to be initialized;
when a node in the first layer consensus group is temporarily off-line in the consensus process, the intra-cluster node generates a threshold proxy signature agent to complete the current round of consensus, the result of the threshold proxy signature is recovered by other representative points in the same cluster and is broadcasted to the first layer consensus, and when the off-line node returns to the consensus group again, the proxy signature of the agent group is invalid through one-time broadcast information of the off-line node;
wherein f is2Is the tolerable number of byzantine for a cluster.
9. The method as claimed in claim 1, wherein when a node in the second-tier consensus group is permanently offline in the consensus process, the node is treated as a down node, and the consensus fault tolerance of the cluster is f21, the node is kicked out of the consensus group before the next round of consensus and its reputation value and all its identity information are removed from the network;
when a node in the first-layer consensus group permanently exits in the consensus process, the signature authority of the node is proxied by the node in the cluster, whether other representative points in the same cluster are online needs to be detected, and if all the representative points in the same cluster are permanently offline, all the nodes are clustered and divided again;
wherein f is2Is the tolerable number of byzantine for a cluster.
CN202210253255.3A 2022-03-15 2022-03-15 Layered architecture-oriented PBFT consensus node dynamic adjustment method Active CN114640466B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210253255.3A CN114640466B (en) 2022-03-15 2022-03-15 Layered architecture-oriented PBFT consensus node dynamic adjustment method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210253255.3A CN114640466B (en) 2022-03-15 2022-03-15 Layered architecture-oriented PBFT consensus node dynamic adjustment method

Publications (2)

Publication Number Publication Date
CN114640466A true CN114640466A (en) 2022-06-17
CN114640466B CN114640466B (en) 2023-10-20

Family

ID=81947505

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210253255.3A Active CN114640466B (en) 2022-03-15 2022-03-15 Layered architecture-oriented PBFT consensus node dynamic adjustment method

Country Status (1)

Country Link
CN (1) CN114640466B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114862397A (en) * 2022-07-06 2022-08-05 国网天津市电力公司培训中心 Double-decoupling block chain distributed method based on double-chain structure
CN115829597A (en) * 2023-02-21 2023-03-21 中国标准化研究院 Chain linking method of food traceability information and food traceability system
CN116128489A (en) * 2023-04-18 2023-05-16 河北中废通网络技术有限公司 Article recycling transaction processing method, device, terminal and medium based on blockchain

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109246194A (en) * 2018-08-13 2019-01-18 佛山市顺德区中山大学研究院 Practical Byzantine failure tolerance block chain common recognition method and system based on more leader nodes
CN110113388A (en) * 2019-04-17 2019-08-09 四川大学 A kind of method and apparatus of the block catenary system common recognition based on improved clustering algorithm
CN110752925A (en) * 2019-10-31 2020-02-04 电子科技大学 Improved PBFT consensus method suitable for Internet of things equipment management
US20210192520A1 (en) * 2019-12-17 2021-06-24 Synchrony Bank Distributed credit ecosystem

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109246194A (en) * 2018-08-13 2019-01-18 佛山市顺德区中山大学研究院 Practical Byzantine failure tolerance block chain common recognition method and system based on more leader nodes
CN110113388A (en) * 2019-04-17 2019-08-09 四川大学 A kind of method and apparatus of the block catenary system common recognition based on improved clustering algorithm
CN110752925A (en) * 2019-10-31 2020-02-04 电子科技大学 Improved PBFT consensus method suitable for Internet of things equipment management
US20210192520A1 (en) * 2019-12-17 2021-06-24 Synchrony Bank Distributed credit ecosystem

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
SHENCHEN ZHU: "A PBFT Consensus Scheme with Reputation Value Voting Based on Dynamic Clustering", 《INTERNATIONAL CONFERENCE ON SECURITY AND PRIVACY IN DIGITAL ECONOMY》 *
丁晟: "物联网中数据安全高效共享控制机制研究", 《博士电子期刊》 *
陈子豪;李强;: "基于K-medoids的改进PBFT共识机制", 计算机科学, no. 12 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114862397A (en) * 2022-07-06 2022-08-05 国网天津市电力公司培训中心 Double-decoupling block chain distributed method based on double-chain structure
CN114862397B (en) * 2022-07-06 2022-09-30 国网天津市电力公司培训中心 Double-decoupling block chain distributed method based on double-chain structure
CN115829597A (en) * 2023-02-21 2023-03-21 中国标准化研究院 Chain linking method of food traceability information and food traceability system
CN115829597B (en) * 2023-02-21 2023-08-08 中国标准化研究院 Food tracing information uplink method and food tracing system
CN116128489A (en) * 2023-04-18 2023-05-16 河北中废通网络技术有限公司 Article recycling transaction processing method, device, terminal and medium based on blockchain

Also Published As

Publication number Publication date
CN114640466B (en) 2023-10-20

Similar Documents

Publication Publication Date Title
CN114640466A (en) Layered architecture-oriented PBFT consensus node dynamic adjustment method
EP4152683B1 (en) Computer implemented method and system for transferring access to a digital asset
CN109964242B (en) Block chain consensus method based on trust relationship
US6701434B1 (en) Efficient hybrid public key signature scheme
Aspnes et al. Exposing computationally-challenged Byzantine impostors
CN114730420A (en) System and method for generating signatures
US6826687B1 (en) Commitments in signatures
CN114463009B (en) Method for improving transaction security of large-scale energy nodes
Watanabe et al. Reducing the round complexity of a sealed-bid auction protocol with an off-line TTP
CN113972981A (en) Efficient threshold signature method based on SM2 cryptographic algorithm
CN112039837B (en) Electronic evidence preservation method based on block chain and secret sharing
Deng et al. Designated-verifier anonymous credential for identity management in decentralized systems
CN110717760A (en) One-stop efficient PKI authentication service method based on block chain
Eslami et al. Provably Secure Group Key Exchange Protocol in the Presence of Dishonest Insiders.
CN111062029A (en) Multi-factor authentication protocol based on identification password
CN104935582B (en) Big data storage method
JPH11234263A (en) Method and device for mutual authentication
CN112926983A (en) Block chain-based deposit certificate transaction encryption system and method
CN107171807B (en) Signature authentication method and system based on elliptic curve
CN101370012A (en) Equity computation faith mechanism construction method based on proxy
Zhang et al. A provably secure general construction for key exchange protocols using smart card and password
Dang et al. Secure and Efficient Client-Side Data Deduplication with Public Auditing in Cloud Storage.
CN116455904B (en) Block chain consensus method and system based on asynchronous network decentralization
CN115580401B (en) Certificateless SM2 key generation method based on verifiable secret sharing
CN117714065A (en) Efficient alliance chain privacy protection method and system based on group signature and Bulletprofos

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant