TWI749583B - Chain structure data storage, verification, realization method, system, device and media - Google Patents

Abstract

A chain structure data storage method and device, a chain structure verification method and device, a chain structure system and an implementation method, a storage medium and a computer device. The implementation method of the chain structure includes: after the first chain system signs the ledger data, write the signed ledger data into the block data of the first chain; after the second chain system verifies the block data of the first chain , Write one or more consecutive block data of the first chain into the block data of the second chain; the data storage device uses part or all of the link information of the second chain as the first key to verify the first After the data associated with the key has no errors, save the data as input data or output data, and the input data and output data stored in the same data storage device are related according to the same connection information.

Description

Chain structure data storage, verification, realization method, system, device and media

This article relates to but is not limited to the field of computer data processing technology, in particular to a chain structure data storage method and device, a chain structure verification method and device, a chain structure system and implementation method, a storage medium and a computer device.

Current decentralized systems, such as public chain systems, have the characteristics of being open, transparent, traceable, and non-tamperable, so they can reduce the cost of trust between transaction participants and can be used as the basis for trust to achieve value transfer.

However, the current decentralized system has the following problem: the node needs to store all the data in order to verify the entire ledger data.

The following is an overview of the topics detailed in this article. This summary is not intended to limit the scope of protection of the patent application.

This article provides a data storage method, chain structure verification method, chain structure realization method and system.

In an exemplary embodiment, the present disclosure provides a data storage method for storing data in a chain structure. The method includes: using part or all of the connection information of the chain in the chain structure as a first key, and the first key The data in the chain structure associated with one key is used as the value, and the data is stored as input data or output data. The input data and output data stored in the same data storage device are related according to the same connection information.

In an exemplary embodiment, the present disclosure further provides a method for verifying a chain structure, the method comprising: using part or all of the connection information of the chain in the chain structure as a first key, and the chain structure associated with the first key The data in the structure is used as the value to verify whether the data associated with the first key has errors, and after verifying that the data associated with the first key has no errors, save the data as input data or output data.

In an exemplary embodiment, the present disclosure also provides a method for verifying a chain structure. The method includes: using part or all of the connection information of the chain in the chain structure as a second key, and obtaining the data storage device from the data storage device Based on the stored data associated with the second key, verify whether the data in the chain structure has errors based on the acquired data.

In an exemplary embodiment, the present disclosure also provides a method for implementing a chain structure. The chain structure system includes a first chain system, a second chain system, and a data storage device. The method includes: the first chain system reconciliation After this data is signed, the signed ledger data is written into the block data of the first chain; after the second chain system verifies the block data of the first chain, one or more consecutive areas of the first chain The block data is written into the block data of the second chain; The data storage device uses part or all of the link information of the second chain as the first key, and the data associated with the first key as the value. After verifying that the data associated with the first key is correct, the data is stored as input Data or output data, the input data and output data stored in the same data storage device are related according to the same connection information.

In an exemplary embodiment, the present disclosure also provides a chain structure data storage device, the data storage device includes a first storage module and a second storage module, wherein: the first storage module is set to Part or all of the link information of the chain in the chain structure is stored as the first key; the second storage module is set to store the data in the chain structure associated with the first key as input data or output data, the same The input data and output data stored in the data storage device are related according to the same connection information.

In an exemplary embodiment, the present disclosure also provides a chain structure data verification device. The data verification device includes a key value search module and a second verification module. The key value search module is set to search Part or all of the connection information of the chain in the chain structure is used as the second key; the second verification module is set to obtain the data stored in the data storage device and associated with the second key from the data storage device, and according to the obtained The data verifies whether there are errors in the data in the chain structure.

In an exemplary embodiment, the present disclosure also provides a chain structure system, including: a first chain system, a second chain system, and a data storage device, wherein: the first chain system is set to sign the account book data , Write the signed account book data into the block data of the first chain; The second chain system is set to write one or more consecutive block data of the first chain into the block data of the second chain after verifying the block data of the first chain; the data storage device is set to Use part or all of the link information of the second chain as the first key, and the data associated with the first key as the value, verify that the data associated with the first key is incorrect, and verify that the data associated with the first key has no errors After that, the data is stored as input data or output data, and the input data and output data stored in the same data storage device are related according to the same connection information.

In an exemplary embodiment, the present disclosure also provides a computer-readable storage medium that stores computer-executable instructions, and the computer-executable instructions are used to implement any of the above-mentioned methods.

In an exemplary embodiment, the present disclosure also provides a computer device, including a memory, a processor, and a computer program stored on the memory and capable of running on the processor. The processor implements any of the foregoing when the program is executed. Steps in the method.

Other features and advantages of the present invention will be described in the following description, and partly become obvious from the description, or understood by implementing the present invention. The purpose and other advantages of the present invention can be realized and obtained by the structures specifically pointed out in the specification, the scope of the patent application and the drawings.

After reading and understanding the drawings and detailed description, other aspects can be understood.

11-12, 31-33, 51-52, 71-73: steps

21: The first storage module

22: The second storage module

41: The third storage module

42: The first verification module

43: The fourth storage module

61: Key value search module

62: The second verification module

81: The first chain system

82: The second chain system

83: data storage device

91: processor

92: memory

93: Busbar system

94: Transceiver

The accompanying drawings are used to provide a further understanding of the technical solution of the present invention, and constitute a part of the specification. Together with the embodiments herein, they are used to explain the technical solution of the present invention, and do not constitute a limitation to the technical solution of the present invention.

Fig. 1 is a flowchart of an exemplary data storage method; Fig. 2 is a schematic diagram of an exemplary data storage device structure; Fig. 3 is a flowchart of an exemplary data verification method; Fig. 4 is a structure of an exemplary data storage device with verification function Schematic diagram; Fig. 5 is a flowchart of another exemplary data verification method; Fig. 6 is a schematic diagram of an exemplary data verification device structure; Fig. 7 is a flowchart of an exemplary chain structure realization method; Fig. 8 is an exemplary chain structure System schematic diagram; Fig. 9 is an exemplary connection storage diagram, and the connection information is Bd1; Fig. 10 is an exemplary three-layer two-chain system architecture diagram; Fig. 11 is a schematic structural diagram of an exemplary computer device.

A plurality of embodiments are described herein, but the description is exemplary rather than restrictive, and it is obvious to a person of ordinary skill in the art that there can be more within the scope of the embodiments described herein. Examples and implementation schemes. Although many possible feature combinations are shown in the drawings and discussed in the embodiments, many other combinations of the disclosed features are also possible. Unless specifically limited, any feature or element of any embodiment can be used in combination with any other feature or element in any other embodiment, or can replace any other feature or element in any other embodiment.

Combinations with features and elements known to those of ordinary skill in the art are included and contemplated herein. The embodiments, features, and elements already disclosed herein can also be combined with any conventional features or elements to form a unique invention solution defined by the scope of the patent application. Any feature or element of any embodiment can also be combined with features or elements from other invention solutions to form another unique invention solution defined by the scope of the patent application. Therefore, it should be understood that any of the features shown and/or discussed herein can be implemented individually or in any suitable combination. Therefore, the embodiments are not subject to other restrictions except for the restrictions made according to the scope of the attached patent application and equivalent substitutions thereof. In addition, various modifications and changes can be made within the protection scope of the attached patent application.

In addition, when describing representative embodiments, the description may have presented the method and/or process as a specific sequence of steps. However, to the extent that the method or process does not depend on the specific order of the steps herein, the method or process should not be limited to the specific order of steps described. As those of ordinary skill in the art will understand, other sequence of steps are also possible. Therefore, the specific sequence of steps set forth in the specification should not be construed as a limitation on the scope of the patent application. In addition, the scope of the patent application for the method and/or process should not be limited to the steps that are executed in the written order. Those skilled in the art can easily understand that these orders can be changed and still remain within the spirit and scope of the embodiments herein. Inside.

The steps shown in the flowchart of the drawings can be executed in a computer system such as a set of computer-executable instructions. And, although a logical sequence is shown in the flowchart, in some cases, the steps shown or described may be performed in a different order than here.

This article proposes a combination of private chain and public chain to solve the credibility problem of private chain data, and to solve part of the fairness problem, and each user only needs to store part of the book data to equivalently verify all the book data .

Let's first explain the concepts involved in this article.

Token refers to the token on the blockchain, also known as a certificate.

CA (Certificate Authority), certification and authorization.

eID (electronic Identity) refers to the electronic identity of citizens on the Internet, which is a credible real-name authentication method

SPV (Simplified Payment Verification): Simple payment verification, which verifies whether a transaction is included in a chain block and how many confirmations have passed through the Merkel tree verification path.

POA (Proof of Authority): Proof of Authority, a consensus algorithm based on identity and reputation.

Gossip network communication protocol: also called Epidemic Protocol (epidemic protocol), is an unstructured peer-to-peer network communication protocol, and is a network communication protocol used by Bitcoin and other systems.

DHT (Distributed Hash Table): Distributed Hash Table is a distributed storage method. Without the need for a server, each client is responsible for a small range of routing, and is responsible for storing a small part of the data, so as to realize the addressing and storage of the entire DHT network.

Kademlia network protocol: is a distributed hash table (DHT) network protocol, a structured peer-to-peer network protocol, and a network protocol used by systems such as IPFS.

Consistent hash algorithm: an implementation of DHT. It can satisfy balance, monotonicity, dispersion and load in a dynamically changing environment.

UTXO (Unspent Transaction Output), unspent transaction output, refers to one or more unspent transaction output to become spent, and creates one or more new unspent transaction output, and continues to loop back. According to its connection mode, a chain structure of DAG (Directed Acyclic Graph) is formed. This article is called UTXO chain.

The public chain refers to a blockchain that anyone can read, send transactions, and participate in consensus. It is a completely decentralized system. In the embodiment of this text, a public chain system that is the same as the public chain system except that anyone can send transactions is adopted to satisfy transaction centralization and decentralization of ledger data. In the public chain system described in this article, anyone can read and verify transactions and participate in consensus, which can be traced and cannot be tampered with.

Private chain refers to a data chain whose write permission is in the hands of an organization and belongs to a centralized system.

Consortium chain refers to the data chain whose write permission is in the hands of plural organizations, and belongs to a partially decentralized system.

An exemplary embodiment herein provides a data storage method for storing data in a chain structure, as shown in FIG. 1, including steps 11-12.

Step 11, use part or all of the link information of the chain in the chain structure as the first key; step 12, use the data in the chain structure associated with the first key as the value, and store the data as input data or output data , The input data and output data stored in the same data storage device are related according to the same connection information.

One or a group of data contains information from the previous one or a group of data, which is the link information of the chain, and the link information makes the aforementioned data logically form a chain structure.

The device set for data storage can be implemented using DHT technology. The device stores connection information in the chain structure as a first key (also called a key value or a key value). The connection information as the first key can be part or all of the chain structure connection information. The first key may be an address or a hash value of the address, for example.

For any one or a group of data in the chain structure, each or each group of data includes input information and output information, where the input information of the current data is the output information of the data M, and the data M is logically the current data The previous data (previous data), the input information of the current data or the output information of the data M belongs to the link information of the chain, the output information of the current data is the input information of the data N, and the data N is logically the back of the current data One data (next data), the output information of the current data or the input information of the data N also belong to the link information of the chain. The chain structure is, for example, a UTXO chain, and each transaction data includes the quoted unspent output as input information and the new unspent output as output information.

When the data storage device receives data that matches the first key value, it stores the data as input data or output data according to the meaning of the data in the chain structure. The input data and output data stored on the same data storage device are related according to the same key (that is, the connection information of the chain). This storage method can be called connection storage or data pair storage. One or more sets of input data and output data may be stored on the same data storage device. For any set of input data and output data, the input data and output data are related according to the same connection information. There can be one or more input data stored on the same device, and there can be zero (ie no output data), or one or more output data stored on the same device. The chain structure can be any chain with chain structure characteristics. The data storage device can be a user end node or a consensus group, or other devices that need to be connected for storage. The data to be stored can be transaction data or control data. For example, the token issuance data and consensus reward data in the control data can be stored as input data, and the token recovery data in the control data can be stored as output data. The corresponding keys are the preset address for token issuance, the preset address for consensus reward, and the preset address for token recovery.

Using this kind of connection storage can disperse and store huge chain structure data on multiple devices to reduce the pressure of data storage. This storage method is also convenient for verification.

In an exemplary embodiment, when the first key is used as part or all of the output information in the chain structure, the data associated with the first key is stored as input data; the first key is used as the input in the chain structure When part or all of the information, the data associated with the first key is stored as output data.

For example, if the first key is the output address in the chain structure, the data associated with the first key is stored as input data, and if the first key is the input address in the chain structure, it will be The data associated with the first key is stored as output data.

The data storage device in this embodiment can be used in combination with other systems, for example, with a decentralized system, or with a centralized system.

The above-mentioned data storage device may, for example, as shown in FIG. 2, include a first storage module 21 and a second storage module 22, wherein: the first storage module 21 is set to connect part or all of the chain in the chain structure Information is stored as the first key; the second storage module 22 is set to store the data in the chain structure associated with the first key as input data or output data. The input data and output data stored in the same data storage device are based on The same connection information is associated.

For example, when the first key is used as part or all of the output information in the chain structure, the second storage module 22 stores the data associated with the first key as input data, and when the first key is used as the chain structure When part or all of the input information in the structure, the second storage module 22 stores the data associated with the first key as output data.

With this storage method, the entire chain structure can be stored in sections by multiple data storage devices, which is convenient for retrieval and verification.

An exemplary embodiment of this document also provides a chain structure verification method, which is verified by a data storage device. As shown in FIG. 3, the method includes steps 31-33.

Step 31, use part or all of the link information of the chain in the chain structure as the first key; step 32, use the data in the chain structure associated with the first key as the value, and verify whether the data associated with the first key has Error; Step 33, after verifying that the data associated with the first key has no errors, save the data as input data or output data.

As described in the foregoing embodiment, the chain structure can be any chain having the characteristics of a chain structure. The data storage device can be a user end node or a consensus group, or other devices that need to be connected for storage. The data to be stored can be transaction data or control data. The connection information as the first key can be part or all of the chain structure connection information. In this embodiment, the data storage device (such as a user end node) performs chain structure verification. The data storage device stores the connection information in the chain structure as the first key. Therefore, when the data storage device receives data that matches the first key corresponding to the device, it verifies the data. After the error, connect and save again.

Taking the data as the book data as an example, after the data storage device verifies that the book data has no errors and determines that the output information of the book data matches the first key, the book data is stored as input data to determine the account When the input information of this data matches the first key, the ledger data is saved as output data, and the input data and output data stored on the same device are related according to the same connection information. There can be one or more input data stored on the same device, and there can be zero (ie no output data), or one or more output data stored on the same device.

In this embodiment, the verification is performed during connection storage. The verification of the entire chain structure can be converted into partial verification, which is performed separately by the plural data storage devices, which is equivalent to verifying the correctness of all data equivalently. This equivalent verification method is adopted. , Distribute the verification work to multiple devices to reduce the workload pressure of data verification.

In an exemplary embodiment, storing the data as input data or output data may be in the following manner: when the first key is used as part or all of the output information in the chain structure, the first key is associated with Data is stored as input data; when the first key is used as part or all of the input information in the chain structure, the data associated with the first key is stored as output data; the input data and output data stored on this device are based on the same Is associated with the connection information.

In an exemplary embodiment, the foregoing verification of whether the data associated with the first key has errors includes one or more of the following verifications: verification 110, verifying whether the data is the data on the chain structure; verifying 120, the When the first key is used as the input information in the chain structure, verify whether there is output information that has the same connection information as the input information; Verify 130, when the first key is used as the input information in the chain structure, verify whether the output information with the same connection information as the input information has been used; verify 140, the first key is used as the input in the chain structure When information, and the data associated with the first key contains the transaction amount, verify that the transaction amount is correct.

In the verification 150, when the first key is used as the input information in the chain structure, and the data associated with the first key includes signature information, it is verified whether the signature information is correct. The signature information is the unlocking signature of the user side that generated the transaction data. The verification of whether the signature information is correct or not is to verify whether the signature information is valid.

The above verification sequence number is only for convenience of illustration, and does not represent the verification sequence. For the above verification 110, if the data is in the chain structure, the verification is error-free; for the verification 120, if there is output information that has the same connection information as the input information, the verification is no error; for the verification 130, the If the output information with the same connection information as the input information has not been used, the verification is error-free; for verification 140, the transaction amount is correct, and the verification is error-free; for verification 150, the verification that the signature information is valid, then the verification is error-free.

An exemplary verification process: the data storage device synchronizes the block header data in the chain structure, the device searches whether the device stores the input data associated with the first key (you can also search from the chain structure ), if not, it is judged as a connection error, if so, judge whether the associated connection of the input data is quoted, if it has been quoted, it is judged as a connection error; judge whether the transaction amount of the ledger data is correct, if it is correct , Save the ledger data as output data, and mark the associated connection of the input data as being referenced, that is, the associated output information will be marked as used. If it is incorrect, it is judged as the data error. If it is correct, If the data contains signature information, verify that the signature information is correct. If it is incorrect, it is judged that the data is incorrect. The signature information is for example The unlocking signature of the user end of the raw transaction data. When the verification is successful, the output information associated with the input information will be marked as used.

In an exemplary embodiment, the following method can be used to verify whether the data is the data on the chain structure: synchronizing the block header data of the chain structure, according to the Merkel tree root hash value in the block header data and the The certification path of the data verifies whether the data is on the chain structure.

In an exemplary embodiment, the method further includes: according to a request of the data verification device, returning to the data verification device the data associated with the link information stored in the device, including but not limited to one of the following data or Various: input data, output data, Merkel tree certification path, additional verification data.

Among them, there may be one or more input data. There may be no output data (ie zero) or one or a plural number. No output data means that the connection of the input data is not used or spent. Under normal circumstances, only output data will be output if there is input data, but errors are not ruled out. Only output data, no input data. The Merkel tree certification path exists corresponding to the input data or the output data. Additional verification information may or may not be available. Additional verification data is used to verify whether the transaction amount is correct. For example, UTXO needs to accumulate all input amounts and all output amounts, so other transaction data may be required to complete the verification of the transaction amount. The additional verification information also has a corresponding Merkel tree certification path.

In order to strengthen the security of the data, set the verification mechanism of other devices, that is, use the non-data storage device as the data verification device to verify the data in the chain structure for errors, and the node selected as the data verification device obtains the relevant data from the storage device To complete verification.

The data storage device in this embodiment can be used in combination with other systems, for example, with a decentralized system, or with a centralized system.

The above-mentioned data storage device with verification function may, for example, as shown in FIG. Part or all of the link information of the chain in the chain structure is used as the first key; the first verification module 42 is configured to verify whether the data in the chain structure associated with the first key is incorrect; the fourth storage module 43. After the first verification module 42 verifies that there is no error, the data in the chain structure associated with the first key is stored as input data or output data.

For example, the storage method of the third storage module 41 may be the same as that of the first storage module 21 in FIG. 2, and the storage method of the fourth storage module 43 may be the same as that of the second storage module 22 in FIG. 2. The data storage device with verification function can add a first verification module 42 on the basis of the data storage device shown in FIG. 2. When the first key is used as part or all of the output information in the chain structure, the fourth storage module 43 stores the data associated with the first key as input data, and when the first key is used as the input data in the chain structure When inputting part or all of the information, the fourth storage module 43 stores the data associated with the first key as output data.

The first verification module 42 can perform any one or more of the foregoing verifications 110-150, which will not be repeated here.

In an exemplary embodiment, the data storage device may further include a sending module, which is configured to return to the data verification device the data stored in the device and the data verification device according to the request of the other data verification device. The data associated with the connection information of the chain includes one or more of the following data: input data, output data, Merkel tree certification path, and additional verification data.

With this storage and verification method, the entire chain structure can be stored in sections and equivalently verified by a plurality of data storage devices.

An exemplary embodiment herein also provides a chain structure verification method, which is implemented by a data verification device. As shown in FIG. 5, the method includes steps 51-52.

Step 51: Use part or all of the link information of the chain in the chain structure as the second key; Step 52: Obtain the data associated with the second key stored on the data storage device from the data storage device (that is, the value corresponding to the key) ) To verify whether the data in the chain structure has errors based on the acquired data.

In order to strengthen data security, other device verification mechanisms are set up, that is, the non-data storage device verifies whether the data in the chain structure has errors, and the node as the data verification device obtains relevant data from the data storage device to complete the verification. The second key may be an address or a hash value of the address, for example. For the description of the chain structure, the connection information, the input information and the output information in the chain structure, please refer to the description in the foregoing embodiment, and will not be repeated here.

In an exemplary embodiment, the data associated with the second key obtained from the data storage device includes, but is not limited to, one or more of the following: stored by the data storage device: data associated with the second key, Merkel Tree certification path and additional verification data, wherein the second key is used as part or all of the output information in the chain structure, or the second key is used as part or all of the input information in the chain structure. When the second key is used as part or all of the output information in the chain structure, the data associated with the second key is the input data stored in the data storage device; the second key is used as the input in the chain structure In the case of part or all of the information, the data associated with the second key is the output data stored in the data storage device.

The data verification device can synchronize the block header of the chain structure, the block header contains the cumulative book data volume, and the data verification device uses the cumulative book data volume in the block header to generate the number address (use the cumulative control data volume to generate Control data number address, use cumulative transaction data volume to generate transaction data number address), obtain part or all of the link information of the chain according to the number address as the second key, and obtain the data stored on the data storage device from the data storage device The data associated with this second key. The control data number address is used as the key to obtain the control data corresponding to the control data number address, and it can also include the Merkel tree certification path of the control data; the transaction data number address is used as the key to obtain the transaction data number address The corresponding transaction data may also include the Merkel tree certification path of the transaction data. For example, the default address of the token issuance data of the control data (referred to as the token issuance address), the default address of the token recovery data (referred to as the token recovery address), or the default address of the consensus reward data ( (Referred to as reward address) as the key, use the key to obtain the data associated with the key stored on it from the data storage device; you can use the transaction address of the transaction data as the key, and use the key to obtain the data stored on it from the data storage device The data associated with the key.

In an exemplary embodiment, verifying whether the data in the chain structure has errors based on the acquired data includes: synchronizing the block header data in the chain structure, combining the block header data with the data storage device The obtained data associated with the second key verifies whether the data in the chain structure has errors. For example, include one or more of the following verifications: Verification 210, verifying whether the value associated with the second key obtained from the data storage device is the data on the chain structure; verification 220, verifying whether the second key is used as the input information of the acquired data, verify whether there is a The input information has output information with the same connection information; verify 230, when the second key is used as the input information of the acquired data, verify whether the output information with the same connection information as the input information has been used; verify 240, the first When the second key is used as the input information of the acquired data, and the acquired data contains the transaction amount, verify whether the transaction amount is correct; verify 250, when the second key is used as the input information of the acquired data, and the acquired data When the data contains signature information, verify that the signature information is correct.

The above verification sequence number is only for convenience of illustration, and does not represent the verification sequence. For the above verification 210, if the value is the data on the chain structure, the verification is error-free; for the verification 220, if there is output information with the same connection information as the input information, the verification is no error; for the verification 230, If the output information with the same connection information as the input information has not been used, the verification is error-free; for verification 240, the transaction amount is correct, then the verification is no error; for verification 250, the verification signature information is valid, then the verification is no error .

An exemplary verification process: use the Merkel tree certification path to verify the input data stored on the data storage device, or as long as one of the input data and the output data is not the data on the chain, it is judged as a data error; judge if there is only output Data, it is judged to be a connection error; to judge that the associated connection of the input data has been cited, it is judged to be a connection error; to judge the connection of the output data If the easy amount is incorrect, it is judged as the data error; if the signature information (such as the unlocking signature of the user that generated the data) in the judgment data is incorrect, it is judged as the data error.

Non-storage device verification can improve the security of the system and avoid the risks caused by only fixed storage device verification.

The above-mentioned data verification device may, for example, as shown in FIG. 6, include a key value search module 61 and a second verification module 62, wherein: the key value search module 61 is set to search for part or all of the links in the chain structure The information is used as the second key; the second verification module 62 is configured to obtain the data associated with the second key (that is, the value corresponding to the key) stored in the data storage device from the data storage device, and verify the chain based on the obtained data Whether there are errors in the data in the formula structure.

The second verification module 62 can perform any one or more of the aforementioned verifications 210-250, which will not be repeated here.

With this verification mechanism, the security of the system is improved by adding data verification devices.

An exemplary embodiment of this document also provides a method for implementing a chain structure. The chain structure system includes a first chain system, a second chain system, and a data storage device. As shown in FIG. 7, the method includes steps 71-73.

Step 71, after the first chain system signs the ledger data, write the signed ledger data into the block data of the first chain; step 72, after the second chain system verifies the block data of the first chain , To write one or more consecutive block data of the first chain into the block data of the second chain; Step 73: The data storage device uses part or all of the link information of the second chain as the first key, and the data associated with the first key as the value. After verifying that the data associated with the first key is correct, the data It is stored as input data or output data, and the input data and output data stored in the same data storage device are related according to the same connection information.

The ledger data includes transaction data and/or control data.

The first chain is a private chain or a consortium chain, which is controlled by the management side. The second chain is similar to the public chain, except that not arbitrary data can be chained. When the first chain generates new block data, it will be synchronized to the chain generation node of the second chain. After the block data verification, the chain generation node of the second chain generates a new block based on the consensus algorithm of the second chain. Block data. The second chain sequentially records the block data submitted by the first chain. Each block data on the second chain contains the number of block data of the first chain. That is, each block on the second chain can Contains 1 to n block data of the first chain, and the number is determined by the consensus algorithm of the second chain. Therefore, each block data on the external second chain system is composed of one or more block data of the first chain system in sequence, so the first chain system and the second chain system are the same in logical state. This embodiment uses the method of first generating the chain and then verifying, that is, first generating the second chain, and then verifying by the third-tier data storage device. The actual ledger data is chained by the first layer, the first chain system, and the second layer, the second chain system, can verify the Merkel tree and the signature of the management end, and does not modify the ledger data. The third layer of data The storage device verifies whether there are errors in the ledger data. Realize transaction centralization and decentralization of ledger data. The third-tier data storage device uses connection storage to store and verify data. Each data storage device only needs to store and verify a small amount of data to achieve equivalent verification of the entire chain and reduce the burden on each device. In addition, the chain generating node of the second layer can only verify the signature of the management end of the first chain system and the Merkel tree, which reduces the calculation amount of the second chain system.

In an exemplary embodiment, the method further includes: the first chain system uses part or all of the link information of the first chain as a third key, the data associated with the third key as a value, and the third key The value associated with the key is assigned to the consensus group that has the same third key as the value; for example, the first chain system can perform the above assignment before signing the transaction data. The consensus group verifies the data associated with the third key, where: the data associated with the third key includes transaction data, and the verification includes one or more of the following: when the third key is used as the input information of the transaction data, verify whether There is output information with the same connection information as the input information; when the third key is used as the input information of the transaction data, verify whether the output information with the same connection information as the input information has been used; the third key is used as the transaction When inputting information, verify whether the transaction amount of the transaction data is correct; when the third key is used as the input information of the transaction data, verify whether the signature information of the transaction data (unlocking signature on the user side) is correct.

The order of the above verification is not limited.

An exemplary verification process: the consensus group searches for the input data connected to the transaction data, that is, when the third key is used as the input information of the transaction data, it searches whether there is output information with the same connection information as the input information. If it is found, it is judged as a connection error. If it is found, it is judged whether the associated connection of the input data is referenced, that is, when the third key is used as the input information of the transaction data, verify whether the output information with the same connection information as the input information is Used, if it has been quoted or used, it is judged as a connection error, if it has not been quoted, judge the transaction data Whether the transaction amount is correct, if not, it is judged as the data error, if it is correct, judge whether the signature information contained in the data (such as the unlocking signature of the user side that generated the transaction data) is correct, if not, it is judged as the data error, if it is correct , The transaction data is stored as output data (that is, the consensus group can also use the above-mentioned connection storage method to store data), and the associated connection of the input data is marked as being referenced, that is, the associated output information will be marked as use.

In an exemplary embodiment, after the consensus group verifies the data associated with the third key, when performing connection storage, the data associated with the third key is stored according to the meaning of the data in the first chain Is input data or output data, where, when the third key is used as part or all of the output information in the first chain, the data associated with the third key is stored as input data, and when the third key is used as the first link When part or all of the input information in a chain is stored, the data associated with the third key is stored as output data; the input data and output data stored on the same consensus group are related according to the same connection information.

For example, if the consensus group determines that the output information of the transaction data or control data matches the third key, then the transaction data or control data is stored as input data; if it is determined that the input information of the transaction data or control data matches the third key Three-key matching, save the transaction data or control data as output data.

The first chain system includes plural consensus groups. The nodes in the same consensus group have the same keys. If the received transaction data is verified, the transaction data and the key are connected and stored. If the received control data is Verify, then link to store the key value and control data. If the data is the output information in the chain structure, store the data as input data; if the data is the chain knot The input information in the structure is stored as output data. The input data and output data stored in the same consensus group have the same key to form data link storage.

In an exemplary embodiment, the storage of data by the data storage device is the same as the processing in the foregoing embodiment: when the first key is used as part or all of the output information in the second chain, the first key The associated data is stored as input data; when the first key is used as part or all of the input information in the second chain, the data associated with the first key is stored as output data; the input data stored on this data storage device and The output data is related according to the same connection information.

In an exemplary embodiment, the data storage device verifying whether the data associated with the first key has errors includes one or more of the following verifications: verification 310, verifying the integrity of the second chain; verification 320, verifying the data Whether it is the data on the second chain; verify 330, when the first key is used as the input information of the ledger data in the second chain, verify whether there is output information with the same connection information as the input information; verify 340, the When the first key is used as the input information of the ledger data in the second chain, verify whether the output information with the same connection information as the input information has been used; verify 350, the first key is used as the ledger data in the second chain When entering information for and the data associated with the first key contains the transaction amount, verify that the transaction amount is correct.

Verification 360, when the first key is used as the input information of the ledger data in the second chain, and the data associated with the first key contains signature information, verify whether the signature information is correct.

The verification 320-360 in this embodiment is similar to the verification 110-150 in the foregoing embodiment, except that the verification object in this embodiment is the second chain.

In an exemplary embodiment, the method further includes: the first chain system sequentially numbers the book data, and the block header of the block data corresponding to the book data contains the accumulated book data amount. The second chain system includes the accumulated book data amount in the block data in the block header of the block data of the second chain.

For example, when writing the ledger data into the block data of the first chain, the transaction data is numbered in the first order, the control data is numbered in the second order, and the last one is written in the block header of the block data The serial number of the transaction data and/or the serial number of the last control data makes the block header data include the cumulative transaction data volume and the cumulative control data volume. For example, after each consensus group receives the cumulative transaction data volume sent by the previous consensus group, on the basis of the cumulative transaction data volume, it will rank the transaction data of this consensus group to be chained, and recalculate the new cumulative transaction data volume. Send to the next consensus group; after the consensus group numbers the transaction data to be chained, the consensus group requests to sign the numbered transaction data, and writes the signed transaction data into the first chain. The transaction data The block header of the block where it is located contains the cumulative transaction data volume accumulating the transaction data. The cumulative ledger data volume of the first chain includes the first cumulative transaction data volume and/or the first cumulative control data volume, and the cumulative ledger data volume in the second chain includes the second cumulative transaction data volume and/or the second cumulative control data volume The amount of data. The second chain is asynchronous and homomorphic with the first chain. Since the block header of the first chain contains the cumulative transaction data volume and the cumulative control data volume, the block header of the second chain also contains the corresponding cumulative transaction data volume and Cumulative control data volume. By carrying the accumulated book data amount in the block header data, the data storage device can verify the integrity of the second chain based on the accumulated book data amount.

The data storage device can verify the integrity of the chain structure in the following ways: the data storage device synchronizes the block header of the second chain, and according to the accumulated book data volume (accumulated transaction amount) in the block header Easy data volume and cumulative control data volume) to verify the integrity of the second chain. When verifying the integrity, use the number address as the key to verify. For example, the device calculates all the transaction data number addresses of the current block based on the cumulative transaction data volume in the current block header data and the cumulative transaction data volume in the previous block header data, and the cumulative control data volume in the current block header data Calculate all the control data number addresses of the current block with the cumulative transaction data volume in the previous block header data, and determine if each transaction data number address matches the network identifier of the distributed hash table of this node, then search and For the transaction data corresponding to the transaction data number address, determine if each control data number address matches the network identifier of the node's distributed hash table, then search for the control data corresponding to the control data number address, and if found, The integrity verification is passed, if not found, the integrity verification fails.

Integrity verification is the verification performed by the data storage device storing the numbered address, which can be verified during storage. Because the characteristic of the distributed hash table is to store data on the node corresponding to the key in order to provide key retrieval, it itself needs to store the key and value. Here, because the numbered address is a sequence number, which is known, the key is known, and it is also known on which nodes the key should be stored. Therefore, the node only needs to synchronize the block header data to know which keys of the number address should be stored by itself. If the node determines that it needs to store the data of the key, but does not store the data, it will be in the third layer (user side) or The second layer (like public chain) retrieves the data, and then performs integrity verification, so that the node can verify the integrity of the data by itself. Because with the cumulative number of block headers, the node can know which numbered addresses are.

In addition to integrity verification, random verification can also be performed. Random verification can be any node, not just a node that stores numbered addresses, some numbered addresses can be randomly selected for verification, and it is not Need to store. During random verification, the transaction data corresponding to the number address is obtained according to the random number address, and the input address of the transaction data is used as a key for verification. In essence, it is similar to integrity verification.

In an exemplary embodiment, the data storage device verifies the block header data of the second chain according to the block header data of the first chain, including verifying whether the amount of accumulated ledger data is correct. The data storage device can verify whether the cumulative transaction number and cumulative control number of the first chain block head are equal to the cumulative transaction number and cumulative control number of the second chain block head. If they are equal, the number is correct and the first chain block head is the second The chain block header generates the last block header data in the time segment.

In an exemplary embodiment, the data storage device verifies whether the data is on-chain data by carrying the Merkel tree root hash value in the second chain block header data. The second chain system writes one or more continuous block data of the first chain into the block data of the second chain, including: the second chain system writes one or more continuous block data of the first chain The Merkel tree root hash value is generated by recombination according to the transaction data sequence number sequence and the control data sequence number sequence, and the Merkel tree root hash value is included in the block header of the generated second chain.

The data storage device verifies whether the data is data on the second chain, including: the data storage device synchronizes the block header of the second chain, according to the Merkel tree root hash value in the block header and the authentication corresponding to the data The path verifies whether the data is the data on the second chain.

In an exemplary embodiment, in addition to the data storage device that can implement data verification, in order to improve security, a data verification device is added to perform data verification, that is, the data verification device in the foregoing embodiment. The chain structure system further includes: a data verification device, and the method further includes: the data verification device uses part or all of the connection information of the chain in the chain structure as a second key, and obtains the data storage device from the data storage device The stored data associated with the second key, and verify the second key based on the acquired data Whether there are errors in the data in the second chain. For example, the data verification device can synchronize the block header of the second chain, and use the cumulative book data volume in the block header to generate the number address (use the cumulative control data volume to generate the control data number address, and the cumulative transaction data volume to generate the number address. Transaction data number address), according to the number address to obtain part or all of the connection information of the chain as the second key, and obtain the data associated with the second key stored on the data storage device from the data storage device. The control data number address is used as the key to obtain the control data corresponding to the control data number address, and it can also include the Merkel tree certification path of the control data; the transaction data number address is used as the key to obtain the transaction data number address The corresponding transaction data may also include the Merkel tree certification path of the transaction data. For example, the default address of the token issuance data of the control data (referred to as the token issuance address), the default address of the token recovery data (referred to as the token recovery address), or the default address of the consensus reward data ( (Referred to as reward address) as the key, use the key to obtain the data associated with the key stored on it from the data storage device; you can use the transaction address of the transaction data as the key, and use the key to obtain the data stored on it from the data storage device The data associated with the key.

For example, the data verification device obtains the data associated with the second key stored on the data storage device from the data storage device, including one or more of the following data: data associated with the second key, Merkel tree authentication path , Additional verification data, wherein the second key is used as part or all of the output information in the chain structure, or the second key is used as part or all of the input information in the chain structure; the data verification device synchronizes the second The block header in the chain, combining the block header and the data associated with the second key obtained from the data storage device, performs one or more of the following verifications: verifying that the data obtained from the data storage device is associated with the second key Whether the data of is the data on the second chain; When the second key is used as the input information of the acquired data, verify whether there is output information that has the same connection information as the input information; when the second key is used as the input information of the acquired data, verify that the input information has the same Whether the output information of the connection information has been used; when the second key is used as the input information of the acquired data, and the acquired data contains the transaction amount, verify whether the transaction amount is correct; the second key is used as the acquired data When entering information for and the acquired data contains signature information, verify that the signature information is correct.

For the description of the verification part here, refer to the description in the foregoing embodiment, which is not repeated here.

In an exemplary embodiment, the first chain is a private chain or a consortium chain, and the method further includes: the first chain system issues one or more of the following keys to the user: management address master key, transaction location Address master key, secret transaction master key, and symmetric encryption master key, where: the management address master key is used to generate the user’s next management address with the current first generation parameter, and all of the user’s The management address forms a logical chain; the transaction address master key is used to generate the user's next receiving transaction address with the current second generation parameter, and all receiving transaction addresses of the user form a logical chain; the The secret transaction master key is used to generate the working key of the current encryption and decryption ciphertext transaction amount with the current third generation parameter; the symmetric encryption master key is used to generate the user's next encryption and decryption management with the current fourth generation parameter The symmetric encryption working key of the data, the symmetric encryption master key can also be used to generate the symmetric encryption working key of other data.

For example, the first chain system uses the management address master key issued for the user and the generation parameters in the user's previous management data to generate the user's current management address, and then use the current management data Write in the generation parameters used to generate the user's next management address. The first chain system can use the symmetric encryption master key issued for the user and the generation parameters in the user's previous management data to generate a symmetric encryption working key to encrypt the user's current management data. The user can use the same key generation method to generate a symmetric encryption working key to decrypt the user's current management data.

In an exemplary embodiment, the method further includes: the first chain system includes the current consensus public key set mapping value in the block header of the first chain; the data storage device according to the consensus in the first chain block header The mapping value of the public key set uses Merkel tree proof or accumulator proof to verify whether the consensus public key in the second chain block header is valid. In addition to the data storage device that can perform the above verification, the data verification device can also use Merkel tree certification or accumulator certification based on the mapping value of the consensus public key set in the first chain block header to verify the data in the second chain block header. Whether the consensus public key is valid.

An exemplary embodiment herein also provides a chain structure system, as shown in FIG. 8, including: a first chain system 81, a second chain system 82 and a data storage device 83, wherein: the first chain system 81 is set After signing the account book data, write the signed account book data into the block data of the first chain; the second chain system 82 is set to verify the block data of the first chain and then the first chain One or more continuous block data of the second chain is written into the block data of the second chain; the data storage device 83 is configured to use part or all of the link information of the second chain as the first key, and the first key is associated with As the value, verify whether the data associated with the first key is wrong, and verify After verifying that the data associated with the first key has no errors, save the data as input data or output data, and the input data and output data stored in the same data storage device are related according to the same connection information.

In an exemplary embodiment, the first chain system further includes a consensus group; the first chain system is also set to use part or all of the link information of the first chain as a third key, and the third key is associated with As the value, assign the value associated with the third key to a consensus group that has the same third key as the value, and the data associated with the third key includes transaction data; the consensus group is set to the data associated with the third key Verification includes one or more of the following verifications: when the third key is used as the input information of the transaction data, verify whether there is output information with the same connection information as the input information; when the third key is used as the input information of the transaction data , Verify whether the output information with the same connection information as the input information has been used; when the third key is used as the input information of the transaction data, verify whether the transaction amount of the transaction data is correct; the third key is used as the transaction data When entering information, verify that the signature information of the transaction data is correct.

In an exemplary embodiment, the consensus group is further set to store the data associated with the third key as input data or output data after verifying the data associated with the third key, wherein, when the third key is used as When part or all of the output information in the first chain is stored, the data associated with the third key is stored as input data. When the third key is part or all of the input information in the first chain, the The data associated with the third key is stored as output data; the input data and output data stored on the same consensus group are related according to the same connection information.

In an exemplary embodiment, the first chain system is also set to sequentially number the book data, and the block header of the block data corresponding to the book data contains the cumulative book data amount; the second chain system It is also set to include the accumulated book data amount in the block data in the block header of the block data of the second chain.

In an exemplary embodiment, the data storage device 83 may be, for example, a data storage device as shown in FIG. 2. The data storage device stores the data as input data or output data, including: the first key serves as the first key When part or all of the output information in the second chain is stored, the data associated with the first key is stored as input data; when the first key is part or all of the input information in the second chain, the first key is associated The data of is stored as output data; the input data and output data stored on this data storage device are related according to the same connection information.

In an exemplary embodiment, the data storage device verifies whether the data associated with the first key is incorrect, including one or more of the following verifications: verifying the integrity of the second chain; verifying whether the data is the second Data on the chain; when the first key is used as the input information of the ledger data in the second chain, verify whether there is output information with the same connection information as the input information; the first key is used as the ledger in the second chain When inputting data, verify whether the output information with the same connection information as the input information has been used; When the first key is used as the input information of the ledger data in the second chain, and the data associated with the first key contains the transaction amount, verify whether the transaction amount is correct; the first key is used as the ledger in the second chain When inputting data, and the data associated with the first key contains signature information, verify that the signature information is correct.

In an exemplary embodiment, the data storage device verifies the integrity of the chain structure in the following manner: the data storage device synchronizes the block header of the second chain, and generates a serial number using the accumulated book data volume in the block header Address, verify the integrity of the second chain according to the numbered address.

In an exemplary embodiment, the data storage device is further configured to verify whether the accumulated book data amount in the second chain block header data is correct according to the first chain block header data.

In an exemplary embodiment, the first chain is a private chain or a consortium chain, and the first chain system is further configured to issue one or more of the following keys to the user: management address master key, transaction address Master key, secret transaction master key, and symmetric encryption master key.

In an exemplary embodiment, the system may further include a data verification device, and the data verification device may be, for example, a data verification device as shown in FIG. 6. The data verification device is configured to use part or all of the connection information of the chain in the chain structure as the second key, and obtain the data associated with the second key stored on the data storage device from the data storage device, and according to the obtained The data verifies whether there are errors in the data in the second chain.

In an exemplary embodiment, the first chain system is further configured to include the current consensus public key set mapping value in the block header of the first chain, so that the data storage device or the data verification device is based on the first chain area. The mapping value of the consensus public key set in the block header adopts Merkel tree proof or accumulator proof to verify whether the consensus public key in the second chain block header is valid.

In an exemplary embodiment, the first chain system is further configured to use the management address master key issued for the user and the generation parameters in the user's previous management data to generate the user's current management address , And write the generation parameters used to generate the user's next management address in the current management data.

For the functions and effects of the first chain system, the second chain system, the data storage device, and the data verification device in the chain structure system, please refer to the description in the method, which will not be repeated here.

The following describes the keys (key, or key value, key value) mentioned in this article: the first key value is the key value used when the data storage device is connected for storage, and the second key value is the data verification device The key value used when retrieving data from the data storage device, the third key value is the key value used when the consensus group is inquired in the first chain system and when the consensus group is connected and stored. The first key value, the second key value, and the third key value may be different according to the corresponding chain structure, but all use part or all of the connection information in the chain structure. For example, it can be one or more of the following types: the transaction address of the transaction data, the default address of the token issuance data of the control data (token issuance address), the default address of the token recovery data (token for short) Recycling address) and the default address of the consensus reward information (abbreviated as reward address). The data associated with the key value is the corresponding transaction data or control data, and may also include the Merkel tree certification path (referred to as the certification path) corresponding to the data. The key value can be stored in the management terminal or the user terminal. Take the chain structure system in the above embodiment as an example. The chain structure system includes a first chain system, a second chain system, and a plurality of user-side (or user-side) nodes. The user-side node may include data The user end node of the storage device may also include a user end node as a data verification device. For the user-side node, the data associated with the key value except for transaction data or control data In addition, it also contains the corresponding Merkel tree certification path, which is the Merkel tree certification path of the transaction data or control data in the second chain.

This disclosure also provides a type of key value (fourth key value), which can be used for the data storage device to verify the integrity of the ledger data, and can also be used for the data verification device to query the key value. The fourth key value includes one or more of the following information: the number address of the transaction data (generated based on the transaction data number) and the number address of the control data (generated based on the control data number). Can be stored on the user side. The data associated with the fourth key value is the corresponding transaction data or control data, and may also include the corresponding Merkel tree authentication path. In the example of the above chain structure system, the authentication path associated with the fourth key value is the Merkel tree authentication path of the transaction data or control data in the second chain.

In addition, this disclosure also provides a type of key value (the fifth key value) that can be used to query or retrieve the account data chain. The user’s account data chain includes the first account data chain composed of the user’s management data and the The second account data chain composed of the user's received transaction data. The management address used to store the management data is an implicit chain structure, which constitutes the first account data chain. The transaction address used to store and receive transaction data is also an implicit chain structure, thus forming a second account data chain. The fifth key value includes a management address used to query management data or a transaction address used to query transaction data.

The address used as the key value in this article can be an address or a hash value of the address.

The following describes the Merkel tree and blockchain structure. Merkel tree is a kind of hash binary tree, which is a data structure used to quickly summarize and verify the integrity of large-scale data. The leaf nodes of the Merkel tree store the hash value of the single metadata of the data set, and the hash value of the parent node is obtained through the hash operation between nodes. By calculating layer by layer, the hash value of the root node will eventually be formed. . Where leaves The node can verify whether the leaf node belongs to the element in the data set according to the root hash value and the corresponding authentication path.

It can be seen that if the number of leaf nodes (that is, the number of data collection elements) of the Merkel tree is known, and the sequence number (that is, the position) of the leaf node is also known, the height and direction of the authentication path corresponding to the leaf node Is fixed and known, where the direction refers to the left and right directions of the path. Therefore, it means that the element is orderly and cannot be replaced by different authentication paths, heights and directions, and the security of the data can also be strengthened.

The number of leaf nodes of a Merkel tree is at most 2^n of the tree depth. Even if it contains a large amount of data, a certain leaf node can be quickly verified through a fixed path. For example, if the tree depth is 30, it can contain up to 1073741824 leaf nodes. If one data block is generated in an average of 10 minutes, it can contain 1,789,569 transactions per second. But to verify the data of a certain leaf node, only 30 hash values are needed to complete the verification. If each hash value is 32 bytes, then 960 bytes are required. If each user side needs to save 10 pieces of data per block, and each user side needs to save about 525,600 pieces of data a year, and each block is calculated based on the tree depth of 30, the size of the authentication path that needs to be saved is 481MB, if the size of each piece of data is 1KB, the total data size that needs to be saved is 994MB. But there is no need to save so much data, and the user side can clear the previous data after a certain number of years, so that the amount of data that needs to be saved has been kept in a controllable range, even if it is acceptable for mobile devices.

The block chain is composed of block header data and block body data generated in consecutive time segments. The latter block header contains the hash value of the previous block header, thus forming a chain structure of reverse connection. And the block header also contains the hash value of the Merkel tree root corresponding to the block body data, so that the block body data can be uniquely mapped. The block body data contains the actual ledger data. And because of the district The block header uniquely maps the block body data, that is, the consistency of the block header can map the consistency of the block body data. Therefore, it is only necessary to synchronize the block header data to verify whether the ledger data is in the block of the chain and how many confirmations have been passed according to the ledger data and the corresponding authentication path, that is, SPV simple payment verification.

The following describes the underlying data structure. Ledger data is divided into two parts: transaction data set and control data set. Transaction data set includes actual transaction data; control data set includes but is not limited to one or more types of the following data: user management data, token issuance data , Token recycling materials, reward materials and announcement materials issued by the system. The transaction data is mainly generated by the user side, including the unlocking signature of the user side, and verified by the management side on the chain, and when it is on the chain, the management side assigns a unique serial number that is arranged in sequence (for example, ascending), and the serial number passes through together with the transaction data. The endorsement and signature of the management side. The control data is generated by the management terminal of the chain structure system (for example, the first chain system), and is assigned a unique serial number arranged in sequence (for example, ascending) when generated, and is signed by the management terminal. The root hash value of the Merkel tree generated by the transaction data set and the control data set are recorded in the block header. The block header will also contain the last transaction data number and the last control data number in the corresponding block body data, and the number is sequentially increasing, which is equivalent to the block header containing all the current cumulative transaction data volume and cumulative control The amount of data.

The third-tier client (including data storage devices) uses a structured peer-to-peer network, such as the Kademlia network protocol. Each user (node) only needs to synchronize the block header data, and the ledger data in the block body will be distributed and stored by the nodes on the entire network according to the distributed hash table (DHT), and each node stores part of the account. This information and the corresponding certification path. Since each transaction data and control data has an incrementally unique serial number, and the block header will contain the last serial number, which is equivalent to including the current cumulative transaction data volume and cumulative control data volume, it can quickly Find the block where each transaction data and control data are located, and then combine the authentication path to verify the data using the Merkel tree. And because the number of leaf nodes of the Merkel tree of the block and the serial number (ie location) corresponding to the data are known, the height and direction of the authentication path are fixed and known, and different authentication paths cannot be used And the height and direction to replace, strengthen the security of the data.

The user finds his own account information through the account information chain. Third-party users and supervisors can also obtain the user's account data through the account data chain after the authorized user's master key. The account data chain refers to obtaining an intermediate value K from the user's master key and the currently generated parameters, and then obtaining the address of the next data from K through other operations, thereby forming a logical chain structure of forward connection. The account data chain enables the user to retrieve it based on the user's master key in privacy. A user has two account data chains. One of the account data chains, the first account data chain, is composed of the user's management data, and the user is retrieved by the management address master key. The first chain system uses the management address master key issued for the user and the generation parameters in the user's previous management data to generate the user's current management address, and the current management address is included in the current management data In the current management data, the generation parameters used to generate the next management address of the user are written, so that all the management addresses of the user form a logical chain. The management address of the user management data in the control data can be used as the query key value of the first account data chain, and the data associated with the key value is the user management data corresponding to the management address.

The initial management address generation parameter can be a preset value, such as a user ID. The management address is one-time and unique, so that the purpose of protecting the privacy of the user's identity can be achieved. The first chain system uses the symmetric encryption master key issued for the user and the generation parameters in the user's previous management data to generate a symmetric encryption working key to encrypt the user's current management data. The user can use the same key generation method to generate a symmetric encryption working key to decrypt the user's current management data.

The other account data chain, the second account data chain, is composed of the user's received transaction data, and the user retrieves it by the transaction address master key. After the received transaction data is put on the chain, all the received transaction data of the same transaction receiving end will form a logical chain structure. This logical chain is implicit in the generated ledger data.

The transaction data is submitted by the user end to the management end of the first chain system, and the management end verifies the transaction data. The transaction data includes the transaction address of the transaction receiving end and the address generation parameters generated during this transaction. The transaction address is generated by using the address generation parameters generated during the last transaction received by the transaction receiving end. The address generation parameter is used to generate the transaction address of the transaction receiving end to receive the transaction next time. The verification of the transaction data by the management terminal mainly includes the verification of validity, such as verifying the validity of the user status, the validity of the unlocking script, the validity of the transaction amount, and whether the transaction address is a valid address, etc. After the transaction data is verified, the management terminal will endorse and sign the transaction data, and the transaction data after the endorsement and signature will be written into the block data of the first chain. After the transaction data is on the chain, all the received transaction data of the same transaction receiving end will form a logical chain structure. This logical chain is implicit in the generated ledger data.

When the user registers, the management terminal generates parameters (or nonce value) for the initial address, and generates the initial receiving transaction address. When the user acts as the transaction receiving terminal, all the user’s receiving transaction data Will form a logical chain that is the second account data chain. When the same user is issued a new key for generating the transaction address by the management terminal, the management terminal will regenerate an initial address generation parameter for the user, and generate a new one from the newly generated initial address generation parameter Initial reception Transaction address, the re-generated initial address generation parameters and the issued new key are matched or related. After that, when the user acts as the transaction receiving end to make a transaction, all the received transaction data of the user will form a new second account data chain. It can be seen that the receiving transaction data of the same transaction receiving end can have one or more logical chain structures. Each newly generated initial address generation parameter will be stored in the user's management data, and the user can search for the second account data link by himself according to the initial address generation parameter in the management data.

If there are multiple concurrent transactions for the same transaction receiving end, that is, there are multiple transaction data containing the same transaction address, then the transaction data containing the same transaction address are sibling nodes in the second account data chain.

The transaction address generated using the address generation parameter in the last receiving transaction and the address generation parameter used to generate the next transaction address included in the transaction data, so that the receiving transaction data of the same user terminal is formed or has brothers The logical chain of the node can quickly retrieve all received transaction data on the user side, and because the sent transaction data refers to the received transaction data, all transaction data can be quickly obtained. The transaction address is one-time and unique to different users, so that the purpose of protecting the privacy of the user's identity can be achieved.

Since the transaction address can be used as the first key value, the transaction address connection information of the second account data chain is hidden in the key value stored in the connection. The user can retrieve this by using the transaction address as the second key value. The user's second account data link. The transaction address used as the second key value can be the user’s current receiving transaction address, generated by the user’s transaction address master key and the user’s last received transaction data, and the use The signature of the author reveals that the key is generated.

There are two types of keys on the client side, one is the signature key on the client side, and the other is the user master key issued by the management side. The signature key can be generated and managed locally by the user, or it can be managed by a trusted third party. If real-name authentication is required, the reveal key of the signature key needs to be issued an identity certificate by a trusted CA or be authenticated by eID. The user master key issued by the management terminal includes the master key of the management address, the master key of the transaction address, the master key of confidential transactions, and the master key of symmetric encryption. The management address master key is used to generate the address of the first account data chain composed of the user's management data; the transaction address master key is used to generate the second account data chain composed of the user's received transaction data The address of the secret transaction; the secret transaction master key is used to generate the work key in the secret transaction, which can be used to protect the blinding factor, so that the user can decrypt the ciphertext transaction amount; the symmetric encryption master key is used to generate the symmetric encryption work key , Can be used to protect the user’s management data and other user data.

The user's master key and the current generation parameter are calculated by the first one-way irreversible function to obtain an intermediate value K. The management address master key and the first generation parameter generate the intermediate value K1, the transaction address master key and the first generation parameter generate an intermediate value K1. The second generation parameter generates the intermediate value K2, the secret transaction master key and the third generation parameter generate the intermediate value K3, and the symmetric encryption master key and the fourth generation parameter generate the intermediate value K4. The generation parameter in each transaction data can be different, and the initial generation parameter can be the user ID. The address of the user’s next management data can be obtained by K1 through the second one-way irreversible function calculation; a new disclosure key can be obtained by the calculation of K2 and the user’s signature disclosure key, such as using the elliptic curve Scalar multiplication operation, and then use the new disclosure key to obtain the user's next transaction receiving address through the third one-way irreversible function operation, and the private key corresponding to the new disclosure key can be shared by K2 and the user The signature private key operation of, such as finite field multiplication operation; K3 obtains the symmetric encryption work key of the next management data through the fourth one-way irreversible function operation; K4 obtains the fifth one-way irreversible function operation The working key in the current confidential transaction can be used to protect the blinding factor. The user’s master key and the current generation parameters can also be calculated by complex one-way irreversible functions to obtain complex intermediate values, and then the intermediate value is one-to-one with the complex signature disclosure key to obtain a complex new disclosure key, and then these The new disclosure key generates the multi-signature address of the next receiving transaction.

The one-way irreversible function mentioned above and in this article can be a hash function or a combination of hash functions, and the hash function is used in the following description.

Different addresses or keys can be obtained by the user's master key and different generation parameters, which can also enhance the security of the data. For example, the above-mentioned hash functions use hash functions that are resistant to quantum computing cracking. Even if quantum computing cracks the private key on the elliptic curve, since the disclosure key of the private key is obtained by the user's signature disclosure key and the intermediate value K, it is also necessary to crack the intermediate value K to get The key is associated with the user signature disclosure key, because any user signature disclosure key can find a K'value calculation to get the disclosure key, and it is impossible to find which user signature disclosure key is calculated by , And the signature private key is the same. Or quantum computing cracks the symmetric encryption work key, but because the symmetric encryption work key is also obtained by the intermediate value K, and the K value in each data is different, it is impossible to find the data between the data. Associated. Therefore, by using the user's master key and different generation parameters, combined with a hash function that is resistant to quantum computing cracking, the data or key cannot be found after the data or key is cracked, and the user cannot be found. The relationship between them can not leak the privacy of users. Therefore, in the future, the system will upgrade the cryptographic algorithm with security and anti-quantum computing, and will not leak the user's privacy due to the previously disclosed information being cracked.

The transaction data in this system uses the UTXO model, so each transaction data contains the reference of the unspent output as input and the new unspent output. The way of quoting can be unspent output Add the quoted transaction identification (ID) to the address of, where the transaction ID is the hash value of the quoted transaction data. However, in this system, each transaction data has a unique transaction data number, so the transaction data number can also be used to replace the quoted transaction ID. According to the output address plus the transaction data number, the quoted transaction data can be uniquely confirmed. Expense output. The following uses the transaction data number as an example. The new unspent output address is a new address generated based on the generation parameters of the last received transaction corresponding to the user, the user's transaction address master key, and the user's signature disclosure key. The transaction amount is protected by a confidential transaction realized by an additive homomorphic promise or a Pedersen promise, so that any user can verify that the sum of the transaction amount is equal to the sum of the output in ciphertext, combined with range proof verification The transaction amount is not less than zero and will not overflow, that is, to verify the validity of the transaction amount. The blinding factor in the confidential transaction is encrypted and protected by the working key generated by the current transaction data generation parameters and the user's confidential transaction master key, so the user can decrypt his ciphertext transaction amount.

The structured peer-to-peer network on the client side uses a distributed hash table (DHT), and the corresponding value (value) is scattered and stored in the nodes of the network according to the index key (key), and the index key can be used in the network Quickly retrieve the corresponding value in. In this embodiment, the transaction address, management address, and default address for token issuance or recycling in the system are clearly distinguished by the address prefix, and then the transaction data number and the control data number are also clearly distinguished. It is expanded by a similar address method (such as 0) and clearly distinguished by the first code (hereinafter referred to as the numbered address). For example, the first code of the control data number address is represented by E, the control data with serial number 1 uses E001 as the control data number address; the first code of the transaction data number address is represented by F, and the transaction data with serial number 1 uses F001 as the transaction data number. Address. The hash value of the above addresses can be used as the key of the index. For example, if a certain ledger data has one or more addresses, the hash value of each address will be used as the key of the index, the corresponding ledger data and authentication path Data is stored as value In a structured peer-to-peer network. Any user can retrieve the corresponding book data and authentication path by key (above address), then combine the block header data, find the block where the book data is located according to the number, and then use the Merkel tree to verify the data . For simple description, the following text uses the address as the index key, which is equivalent to using the hash value of the address as the index key. And different from the usual DHT key-value, this system allows multiple values to have the same key value, and specifies the storage and retrieval methods for different values of the same key, that is, the connection storage (or pair storage) method described below .

The following introduces a way to convert the chain structure into node verification by connecting the storage structure.

Taking the chain formed by the block header as an example, it is known that the block header is connected to (including) the hash value of the previous block header. Suppose the value contained in the first block header H1 is 0000, and the hash value of H1 is set to hash(00H1); then the hash value contained in the second block header H2 is hash(00H1), and the hash value of H2 is set to hash (00H2); then the hash value contained in the third block header H3 is hash (00H2), and the hash value of H3 is set to hash (00H3). The hash value of the block header is used as the index key, and the hash value of the previous block header included is also used as the index key. Then the node that stores hash (00H1) will store H1 and H2; the node that stores hash (00H2) will store H2 and H3; and so on, each node will store a pair of data on the chain, and the index key is this All or part of the information about the data pair connection. For example, if the connection is transaction ID and output index, if the transaction ID is used as the key, it is part of the information; if the block header is connected to the hash value of the previous block header, the hash value is used as the key, which is all the information. The following takes the hash value as the key as an example for description. The hash value of H1 is hash (00H1), and the hash value of H2 is hash (00H1), so the connection storage also needs to distinguish input data (hereinafter referred to as input) and output data (hereinafter referred to as output). For example, the input H1 corresponds to The key(hash(00H1)) is the hash value of the data (It can be regarded as the output address), and the key corresponding to the output H2 is the hash value of the data connection (it can be regarded as the input address). It can be summarized here that the key corresponds to the output address, which is the input data stored in the connection; the key corresponds to the input address, which is the output data stored in the connection. If the chain keeps growing, suppose the last data is Hn, so the node storing hash(00Hn) will only store the input data Hn, and the output data will be empty; when the chain newly adds H[n+1], this The node will only contain the output data H[n+1]; and the node storing hash(00H[n+1]) will only store the input data H[n+1], and the output data will be empty. The node storing 0000 will only store H1, and since 0000 is the input address connected to H1, H1 is the output data of the node, and the input data is empty. However, because 0000 is a special starting data, that is, it can be marked as the initial connection storage, so the initial connection storage can use a special 0000 data (or empty data) as input.

The block head chain has the possibility of forking and connecting the uncle block head, that is, the block head chain may have multiple inputs and multiple outputs. Because the hash value of the uncle block header is different from the hash value of the parent block header, the hash value is also stored on different nodes, so the connection storage of the block header chain will not have plural input data, but the fork will cause Related nodes have complex output data. According to the different key selected as the connection, if it is the hash value of the data, because the hash value is unique (without considering collision), the connection storage will only have one input data; if it is an address, according to the selected key as the key The address is different, there may be multiple numbers of the same address, then the connected storage may have multiple input data at this time.

If the node has only output data but no input data (except for the special initial connection storage), the link of the chain is wrong; if the node has only input data but no output data, the input data must be connected and stored in the previous node And is the output data. Connected storage refers to node storage Or plural input data and corresponding one or plural output data, and the node can verify whether the input and output data are correct; or there is no output data, which means that the connection of the input data is not used or cost, that is, the output data is zero . The verification of the correctness of the input and output data includes verifying whether the connection of one or plural input and the corresponding one or plural output is correct. If the output data contains the transaction amount, it is also necessary to verify whether the transaction amount of the output data is correct; if the output data contains signature information, it can also verify whether the signature information of the output data is valid. For example, in the UTXO structure, there is only the amount of output and the input is the referenced address. Therefore, the transaction amount of the output data is verified. The input amount can be derived from the output amount of the input data, which can reduce the acquisition of some data. Therefore, the chain structure is converted into node connection storage, and the node verifies whether the chain connection is correct. And the way of connection storage can also make the chain have the ability of two-way retrieval. For example, the above block header chain query hash (00H2), can obtain the hash value hash (00H1) of the previous block header contained in H2, and the hash value hash of H3 (00H3). And the person who retrieves the data can also use the retrieved key and the data returned by the node to determine whether it is input data or output data, thereby judging whether the chain connection is correct.

Combined with the blockchain, the node that is connected to the storage can also verify whether the data stored in the connection is the data on the chain. UTXO data has a Merkel tree certification path, and UTXO also belongs to a chain structure. The following takes UTXO as an example. Because the UTXO reference method used by this system is the address plus the transaction data number, and the address is the key of the index. Due to concurrent transactions, there may be multiple numbers with the same output address, but the transaction data numbers are different, so this system may have multiple input and multiple output according to the connection storage of the transaction address, but the same The address refers to different transaction data numbers, that is, between the plural input and the plural output data, it is a one-to-one quotation based on the address plus the transaction data number, so it is not a double spend. For example, transaction data T1, where the input address For Ad1 and Ad2, the output addresses are Bd1 and Bd2; for transaction data T2, the input addresses are Bd1 and Ed1, and the output addresses are Cd1 and Cd2. According to the above, for the node storing Bd1, as shown in Figure 9, T1 and T2 will be stored, where T1 is the input data stored in the connection (because Bd1 is the output address of T1), and T2 is the output data stored in the connection ( Because Bd1 is the input address of T2). For the nodes storing Ad1 and Ad2, T1 data is the output data of the connection storage; for the nodes storing Cd1 and Cd2, the T2 data is the input data of the connection storage. Each node will verify whether the input and output of its connection to the stored data is correct. For example, the node storing Bd1 will verify whether there is input data T1, whether the output data T2 has double spend, and whether the transaction amount of output data T2 is correct, but the input of T2 is still Need to rely on Ed1, so the node storing Bd1 also needs to obtain Ed1 as the output data to be able to verify, set Ed1 as the output data as T3, so the node storing Bd1 will store T3 and the corresponding certification path as additional verification data, and Verify whether the input amounts of Bd1 and Ed1 are equal to the output amounts of Cd1 and Cd2, that is, whether Bd1+Ed1 is equal to Cd1+Cd2. Similarly, the node storing Ed1 will store input data T3 and output data T2, as well as additional verification data T1, and verify whether the input and output data are correct.

The following describes the token issuance and recovery of this system, that is, the initial transaction data and the end transaction data are also stored in connection, and the relevant nodes can also verify whether the input and output of the connected storage data are correct. Therefore, the UTXO chain is transformed into the connection storage structure of the nodes, and each node verifies whether the connection storage is correct, such as whether there is only output but no input (the initial connection storage will also have special inputs), and whether the input data has multiple identical outputs (I.e. double spend), and whether the input and output of the connected storage data are correct, and each transaction data can be verified by the Merkel tree to verify whether it is on-chain data, so the entire UTXO ledger can be verified by distributed nodes Correctness. According to the above, users can also obtain the ability of two-way retrieval by retrieving the address in the network, and can also obtain the data returned by the node Whether it is input or output, it can be judged whether the link of the chain is correct, and it can also be judged whether it is unspent output based on the returned data. For example, if user C searches for Ed1 on the network, the node will return Ed1 related data T1, T2, and T3 and the corresponding authentication path to user C. User C according to Ed1 is the output address of T3, so T3 is the input data; according to Ed1 is the input address of T2, so T2 is the output data; Ed1 is not the address of T1, so T1 is additional authentication data. Verify that T1, T2, and T3 are all data on the chain according to the certification path of the relevant data, and can verify whether the input amount of Bd1 and Ed1 is equal to the output amount of Cd1 and Cd2, so that the correctness of the input and output data can be verified. If the node only returns T2 data, there is only output but no input, and it is judged as a link connection error; if the node only returns T3 data, it means that Ed1 of T3 is not spent.

The system token issuance or recovery uses the default address, and first needs to be published in the control data set in clear text. For example, the issued address is A001, and the recycled address is B001. Because the token issuance or recovery information published in the control data set contains the preset address information, the node that stores A001 in the network will store the information published in the control data set and A001 as the transaction data of the input reference address. That is, the initial transaction data; and the node that stores B001 in the network will store the information released in the control data set, and the transaction data with B001 as the output address, that is, the end transaction data. Therefore, the default address for the issuance or recovery of the system token is also in line with the characteristics of connected storage. It only uses the default input or output data. For example, it is not transaction data but the plaintext issuance or recovery information in the control data set. The node can also verify the input Whether the output data is correct.

The above example system uses a homogenized token. If a non-homogeneous token is used, it can also meet the characteristics of connected storage and achieve the purpose of verifying the UTXO chain.

The above-mentioned connection storage enables distributed nodes to verify whether the chain is connected correctly, and in addition, it can also verify whether the length of the chain is correct. In order to verify whether the length of the chain is correct, according to the cumulative transaction data volume and cumulative control data volume contained in the block header, the node can calculate all the numbered addresses contained in the block, and then the node can query according to each numbered address Whether your own network ID matches the key, if there is a corresponding number address key is stored by yourself, but you do not have the corresponding data, you can query the data of the key through the network (for example, first search on the user end node, If you do not use the numbered address as the key to search on the second-level chain), if it is not found, it means that the integrity of the chain is wrong. If the ledger data corresponding to the key is found, and the data is verified, it means that the data of the number address is correct. If the data is transaction data, according to the above knowledge, the transaction data is stored in connection with the transaction address. The node can query and verify the reference address based on the input of the transaction. In this way, the integrity of the chain can be verified by the numbered address, and the unspent output can be checked by the network.

Because the account book data of this system is composed of two parts: transaction data set and control data set. And each control data has a unique control data number, which is sequentially increasing. According to the above, the integrity of the control data can be verified by the number address. If an address is only verified by a specific node, that is, the node that verifies a certain transaction data or control data is fixed and known, this will bring a certain risk, so in an exemplary embodiment, the system can choose to increase The user randomly selects the verification method. Because the block header contains all the current cumulative transaction quantity and cumulative control quantity, each node can know the starting number and ending number of the transaction data and control data contained in the block. When the user-side node synchronizes the block header, it can randomly select and verify the ledger data in the block according to the number address. For example, it can randomly select and verify m1 control data, or randomly select and verify m2 transaction data. The control data only has the signature of the management end, so the user end node only needs To obtain the control data by the control data number address, verify the signature of the management end, and verify whether the data is on the chain according to the certification path. To verify the transaction data, you need to obtain the transaction data through the transaction data number address, and then query these addresses and verify them based on the input reference addresses in the transaction data. According to what is known above, the address node referenced by the query input returns the connected storage data with input and output data, that is, the input data and output data with the aforementioned association relationship, and can verify the correctness of the input data and output data, and Verify that the data is on the chain according to the certification path. Since the client uses a distributed hash table network for retrieval, and each node randomly selects the ledger data for verification, it does not know which nodes choose to verify a certain transaction data, and it can be avoided. The disadvantage that an address is only verified by a specific node increases security.

It can be seen from the above that the data on any chain can be transformed into a node’s connected storage structure, where the node stores one or plural input data and the corresponding zero, one or plural output data, and the node can verify whether the input and output data are correct , The special initial connection storage and end connection storage can also meet the connection storage characteristics by default input and output data. By linking storage to convert data on any chain into node storage, combined with proving that the stored data is on-chain data, it can be verified whether the chain connection is correct. And by verifying the integrity of the chain by the number address, each node can store part of the book data and the corresponding certification path, and verify whether the input and output data is correct, and the correctness of all the book data can be equivalently verified , Which is called equivalence verification. And you can also choose to increase the user's random selection of verification methods, to avoid the shortcomings of a certain address only being verified by a specific node, and to increase security.

Take the UTXO of the public chain as an example, such as the Bitcoin system. Bitcoin's UTXO input refers to the unspent transaction ID and output index, where the transaction ID is the hash value of the quoted transaction data. The issuance can be regarded as a CoinBase reward transaction created by miners (coin creation transaction, That is, the first transaction data in each block body data). Use the transaction ID as the key for retrieval, and the quoted transaction ID as the key for retrieval. For example, the transaction data ID is Tb, the input references are Ta[1] and Ta[2], and there are two outputs Tb[1] and Tb[2]; the transaction data ID is Tc, and the input reference is Tb[1] ; The transaction data ID is Td, and the input reference is Tb[2]; the digits in parentheses are the reference output index. The node that stores Tb will store the input data Tb, and the output data Tc and Td. Because the same transaction ID is not allowed, so based on the transaction ID as the key for retrieval, the connected storage will not have multiple input data, but there may be multiple output data. The input references of the two outputs here are not the same output index, so they are not double spend. Each transaction data contains the corresponding authentication path data, and the authentication path of the CoinBase reward transaction is the special first transaction data, that is, the initial connection storage. Without considering transaction fees, each node can easily verify the correctness of input and output data, and the initial connection storage can also easily verify the correctness of CoinBase reward transactions. However, considering that the actual Bitcoin transaction contains a handling fee, the CoinBase reward transaction includes two parts: the block reward and the transaction fee. Therefore, the initial connection storage requires all transaction fees of the CoinBase reward exchange in the block body to be verified. If the block The large number of transactions in the body will make verification very difficult. It is also very difficult for users who retrieve the initial connection storage to verify CoinBase reward transactions. If you can only rely on a limited number of transaction data to verify the correctness of input and output data, you can take advantage of the advantages of distributed node connection storage. By storing and verifying the correctness of part of the transaction data by each node, you can verify the entire UTXO chain. The purpose of correctness. And the integrity of the chain can be verified by adding a numbered address.

Because this system uses the UTXO model, user A’s unspent output may be known to other users B in the same transaction, and the transaction timestamp that refers to the unspent output may also be known to user B if the transaction is Other unspent output of user A is also quoted, or Can be known by user B. To ensure that no information is leaked as much as possible, users can choose the auxiliary obfuscation solution provided by the system. For example, the user transfers these unspent outputs to the obfuscated address provided by the system in turn. The obfuscated address is also a logical chain, so the obfuscated address transferred each time is different, and then another obfuscated address of the system Transfer the same amount to the user's new receiving transaction address, and the new receiving transaction address on the UTXO chain is not related to the user's previous unspent output, and no information will be leaked.

The user's management address is generated by the generation parameters in the previous management data and the management address master key, and the management data is generated by the symmetric encryption work fund generated by the generation parameters and the symmetric encryption master key in the previous management data Key encryption protection. The user's first management data, that is, the user's registration management data, uses the user's registration ID as the generation parameter. The user's registration management data includes the initial address generation parameters of the second account data chain composed of the received transaction data, and also includes the user's identity certificate hash value and the user's signature disclosure key, which can be used to confirm the user's identity. Except for user registration management data and user identity certificate update management data that contain user-related information to confirm the user's identity, the rest of the ledger data no longer contains user-related information. For example, transaction data can contain user additional information, which may contain user identity information, so user additional information is stored off-chain, and only the hash value of the additional information is recorded on the chain, and user additional information can use the transaction The timestamp is used as the salt value. In addition to user additional information, the transaction data can also contain additional contract information. The additional contract information is used to record the related information of the contract and does not contain the user's identity information. Therefore, the additional contract information can be stored on the chain. The user’s signature disclosure key is associated with the user identity certificate, so the user identity certificate update management data also includes Contains user signature to reveal key update information. The user's other management data can include user master key update information and general management information, none of which will involve the user's identity.

After registration, the user finds the registration management data by using the registration ID and the master key of the management address, and decrypts the data with the symmetric encryption working key generated by the registration ID and the master key of symmetric encryption, thereby obtaining the user's management data The first account data chain formed. Then, according to the initial generation parameters of the transaction data in the registration management data, the master key of the transaction address, and the user's signature disclosure key, the second account data chain composed of the user's received transaction data is obtained. According to the above, searching for the receiving transaction address on the user-side network, because of the use of connection storage, the transaction referenced by the receiving transaction address can be obtained as the input, that is, the user's sending transaction. Therefore, by obtaining the second account data chain that receives the transaction, all transaction data of the user can be obtained at the same time. Then decrypt the blinding factor from the generation parameters in the transaction data and the working key generated by the secret transaction master key to obtain the user's account information.

For example, user Alice registers an account with ID Alice on the management side by using the identity certificate, and the management side issues the management address master key, transaction address master key, confidential transaction master key, and symmetric encryption master key to account Alice. key. The account ID name is the default initial generation parameter of the management data. The user generates the registration management address with the account ID name Alice and the management address master key, and then searches the registration management address on the user-side network to find the registration management information of the account Alice, and uses the account ID name Alice Decrypt the data with the symmetric encryption working key generated by the symmetric encryption master key. The registration management information contains the hash value of the user identity certificate, which can prove the identity of the user, as well as the generation parameters used to generate the address of the next management data and the symmetric encryption working key, and include the initial generation of the receiving transaction address Parameter, used to generate the user's first receiving transaction address. After transferring money to the account Alice, the user can use the generation parameters of the last received transaction, the master key of the transaction address, and the user The signature reveals the key to generate the receiving transaction address, and then search the address on the user-side network to find the transaction information, and decrypt it with the working key generated by the generation parameters in the transaction data and the secret transaction master key The blinding factor is the amount of ciphertext transactions that can be decrypted. If Alice needs to transfer money to Bob, she needs to generate an unlocking script based on the generation parameters of the last received transaction, the master key of the transaction address, and the user's signature private key.

When the user needs to prove the asset of a certain address to a third-party user, he only needs to provide the intermediate value K, the user's identity certificate, and the blinding factor. The third-party user can verify the validity of the identity certificate to confirm the user's identity, and then use K and the user's signature disclosure key to do a scalar multiplication on the elliptic curve to obtain a new disclosure key, and verify the address generated by the new disclosure key Equal to this address. Because the scalar multiplication operation on the elliptic curve is one-way, it is impossible to find a K'and the user’s signature disclosure key operation to obtain the disclosure key address of other people (assuming it is before the quantum computing cracking occurs, it needs to be updated afterwards. Only algorithms that resist quantum computing cracking can provide valid proofs). Then check whether the address is an unspent address through the Internet, and finally use the blinding factor to decrypt the ciphertext amount. The information provided by the user does not contain relevant key information, and third-party users cannot obtain the privacy of other transaction data of the user based on the information provided. The above query does not cost the address, which is realized by the connection storage of the node. According to the above, if the address has been spent, the relevant node will return input data and output data; if it is not spent, only input data will be returned without output data. However, the query method depends on the relevant node. As will be known later, third-party users can also query the information of unspent addresses through the second chain system.

The announcement information released by the system is in plain text, such as announcement information on token issuance or recovery, key algorithm update information, new transaction rule announcement information, and system version update information. root According to the different types of announcements, each announcement has an announcement type and an incremental serial number. According to the announcement prefix + announcement type + announcement serial number, the address of the announcement is formed. Any user can search the Internet by the announcement address. And verify the announcement.

Therefore, the UTXO chain of the system based on the transaction address (including the special address of the initial transaction data and the special address of the end transaction data) is connected and stored, and it can verify whether the UTXO chain is correct; the addresses that increase sequentially such as the number address are not chained The relationship, so it is stored directly, can be used to verify the integrity of the chain and random selection verification; the management address is not an explicit chain relationship (only the user’s master key can obtain the user’s first account data chain, The management address forms an implicit chain relationship), and the announcement address, etc., are also stored directly. The value corresponding to the directly stored key is unique, and the retrieval returns the corresponding data; the key stored in the connection may correspond to the plural value data, that is, the input and output data stored in the connection, and the retrieval returns all relevant data, including additional verification data. And the client uses a structured peer-to-peer network to use distributed hash storage. Each client only needs to store part of the ledger data, and the corresponding ledger data can be retrieved by address, and can be used The Merkel tree verifies whether the ledger information is included in the block of the chain.

There can also be rewards for chain generation in the system. In order to meet the conditions of the public-like chain, anyone can participate in the generation of the chain, without registration or authorization in the system, only need to generate an asymmetric key as the key for receiving rewards, and expose the key in it. An address is generated in a certain way, and the address is identified by the first code as the receiving address to distinguish the addresses used inside the system. When a chain-generating object (such as a chain-generating node) participates in generating a new block header, the receiving address will be included. After n confirmations of the block header, the management terminal will publish the reward information in plaintext to the control data set. The reward information includes the reward preset address, the reward amount and the bound receiving address, and the reward preset URL category It is similar to the default address issued by the token, such as C001. When receiving rewards, you need to register in the system, and then generate a reward transaction data. The input of the transaction is referenced to the reward address C001, and the output is the user's receiving transaction address, so the transaction is in the user's second account It is on the data chain, and the unlocking script needs to be generated using the private key of the receiving address to unlock the reward. Therefore, the reward is divided into two steps: release first and then receive. Among them, release is similar to token issuance, and the reward address is also in line with the characteristics of the above connection storage, but the input is the clear text reward information in the control data set. Therefore, the participation chain does not need to be registered or authorized in the system, but to receive rewards, you need to register in the system. The chain-generated object can also authorize the key of the receiving address to other users, and the other users can receive rewards.

The public chain refers to a blockchain system in which anyone can read, send transactions, and participate in consensus. It is a completely decentralized system. The quasi-public chain refers to a system that does not include anyone who can send transactions, and the rest are the same as the public chain, which satisfies the centralization of transactions and the decentralization of ledger data. The following describes the system architecture of the class public chain with the public chain system.

Suppose there is a public chain system S, in which there is a user A. The transaction data sent by A needs to meet the rules of UTXO, that is, there must be a legal input reference, and no double spend can exist. If you don't consider the situation of multiple inputs and outputs, the transaction data of A on the S chain will form a UTXO chain with sequential single connections. Assume A is a private chain system (S can still regard A as a user), and replace A’s transaction data with block data generated by the private chain system, because the private chain can be regarded as the next block connection (Spent) the output of the previous block, the private chain can be regarded as a UTXO chain, so the block data generated by A is connected to a block data, and cannot be forked (no double spend), that is The UTXO chain of A on the S chain can be regarded as equivalent to the private chain of A. When the block data of A is on the chain, the S system needs to verify the legality of the block A data, and it needs to be connected in order If it is connected and cannot be forked, it is also necessary to verify the legality of the ledger data in the block. In the S system, anyone can participate in the consensus, read the ledger data and verify the ledger data, so anyone can also verify A's ledger data.

In addition to the block data of A, the S system can also have extended data, but the extended data does not affect the user's management data and transaction data, nor does it affect the user's account status, so the user side does not need Read and verify the extended data. The function of the extended data is to enable S to interact with A, so that S can partially affect the generation of A data, so the data can only be read by the objects participating in the S consensus. For example, A system needs to vote through S before releasing information about token issuance or recovery in the control data; or S generates a provably fair random number, and the random number affects the data generated by the A system to solve part of the A system Fairness issues. User C does not need to synchronize the block header data of the A private chain, but only the block header data of the S system, so the block header data of the A private chain can also be stored in the extended data. If there are illegal data generated in the system and it is necessary to be able to prove the data, the relevant data can also be stored in the extended data of the S system. If the system uses consensus algorithms such as POA (Proof Of Activity), the relevant verifier election and verifier list data can also be stored in the extended data.

The user terminal C of the A system needs to pass through A and then to S for the transaction data initiated, and C obtains the transaction data from S. The above-mentioned system S, system A (private chain or consortium chain system), and user end C of system A can be regarded as a kind of public chain application system. Anyone can read, verify transactions, and participate in consensus. This refers to reading the data of the S chain, and the user terminal C also synchronizes the block header data of the S chain. According to the above, the consistent performance of the block header guarantees the consistency of the system state, and the synchronization of all user-side S-chain block headers can ensure that the state of all user-side and system S is the same. Towards. And the user only needs to obtain the user's master key from the system A (the key does not belong to the chain data), and can retrieve the account data on its own in the structured peer-to-peer network (or S-chain) on the user side. Third-party users and regulators can also retrieve the keys by themselves after being authorized. This process does not rely on the A system or other centralized systems. Therefore, the public chain-like application system is verifiable, traceable, and non-tamperable. But because the user’s transaction data needs to go through A before it can be chained in S, the public chain-like application system does not solve the fairness of the transaction. However, for the usual payment systems, such as online music purchases, the order of purchase is different. It will not affect the results, as long as the compliant transactions can be normally connected to the chain. And there is a kind of fairness problem that can be delayed to choose priority, which can be solved by similar public chain application systems.

Delayable selection priority is different from time priority. It is a method of generating a provably fair random number and then determining the priority based on the random number. Because anyone can participate, it is fair. For example, in a lottery system, the buyer pays a certain amount and reserves a random number and a prize-receiving address. Then the system S uses the consensus object to generate a provably fair random number. For example, the scheme of submitting and then disclosing (Commit Reveal), and in order to avoid block retention attacks, you can terminate the submission and go through several block confirmations, and then delay the disclosure of related parameters to ensure that the random number generated is unknown in advance and cannot be tampered with. After the random number is announced, the award will be judged according to the degree of correlation between the random number reserved by each person and the random number, and then the reward will be received by the prize-receiving address. System A can call related contracts according to the announced random numbers to award rewards to users who have won the prize. The reward will be bound to the relevant contract information of the winning, including quoting the lottery information, quoting the random number reserved by the user and the prize receiving address, and the plaintext amount of the winning, and generating the corresponding ciphertext amount of the reward to the prize receiving address, and then The corresponding plaintext amount is subtracted from the real-name agency account that issued the lottery to ensure that the total amount of tokens in the system has not changed. So you can delay the selection priority, System S generates a provably fair random number and delays the disclosure of several blocks. System A uses the random number to determine the priority to solve the fairness of such problems.

The following describes the architecture of the system. The system is composed of a three-layer two-chain architecture, as shown in Figure 10.

The first layer is also the first chain system, which can be a private chain or a consortium chain. It belongs to a centralized system (such as the above system A). It can adopt a private network and PBFT (Practical Byzantine Fault Tolerance, practical Byzantine fault tolerance algorithm) and other consensus The algorithm to meet the needs of fast confirmation and high-frequency trading, is responsible for the main object with a real name, and is the administrator of the system. Including one or more of the following management: the management of users and institutions, the issuance or recovery of tokens, the issuance of user master keys and system announcements, etc. The system is managed mainly by issuing control data, and then written into the first chain . The transaction data on the user side is written into the first chain after verification by the management side, and the block data generated by the first chain will be broadcast to the second layer immediately, or it can be broadcast to the third layer immediately. Because the management terminal has all the user's master keys, the management terminal can generate the state tree of the system, and operations such as querying and modifying the user account status of the management terminal are realized by the state tree of the system, and then converted to the underlying UTXO transaction Data or control data. The management terminal will verify the transaction data on the client side, and will verify the relevant user identity information. Each transaction data or control data will be assigned a unique serial number that increases sequentially, and the transaction data or control data will be endorsed and signed by the management terminal together with the transaction data or control data. The block header data of the first chain will contain the current cumulative transaction quantity and cumulative control quantity, and the block header data will be signed by the management terminal.

The second layer is also a second chain system, which is similar to a public chain (system S mentioned above), and uses an unstructured peer-to-peer network. For example, gossip network communication protocol can be used, and algorithms with a longer consensus time can be used. The second layer will verify the block data of the first chain, but because the second layer does not have a user master key, it will only verify transaction data, not related user identity information, and will not produce The state tree of the health system. According to the above, the system adopts the UTXO model, and anyone can verify the correctness of the transaction amount in ciphertext. The block data of the second chain is composed of one or more block data sequences of the first chain. The state of any account on the first chain is consistent with the state of the account on the second chain, so the system is asynchronous and homomorphic. Because the block data of the second chain may be composed of plural block data of the first chain, the ledger data of the first chain block body needs to be re-ordered to form the ledger data of the second chain block body, including transaction data And control data, and then separately regenerate the root hash value of the Merkel tree and record it in the block header of the second chain. The block header of the second chain will also contain the current cumulative transaction quantity and cumulative control quantity. Because the ledger data of the second chain block body is re-composed in order, it also satisfies the number of leaf nodes and node serial numbers of the known Merkel tree, and the height and direction of the corresponding authentication path are fixed and known. The second chain can also contain extended data, which can be the state data of the second chain system itself, and will not modify the user's state, and the third layer will not synchronize and read the data. For example, the data can be the voting process of the second chain or the process of generating provably fair random numbers, etc., it can also be the process of the second chain voting to select the chain to generate nodes, or it can be the data used for evidence, the extended data It will only be read by the first and second layers, and may affect the subsequent blocks generated by the first chain or the second chain. The block header data of the first chain can also be recorded in the extended data of the second chain, which will not affect the user's status, but is used as evidence data. The block data generated by the second chain will be broadcast to the third layer. The broadcast data are the block header data, transaction data and control data of the second chain, and the corresponding authentication path data.

The third layer is the user-side system, which uses a structured peer-to-peer network. For example, the kademlia network protocol can be used to retrieve data through a distributed hash table (DHT). Each user-side node (hereinafter referred to as node) only Need to store part of the ledger data and the corresponding certification path. According to the above, the third layer uses equivalent verification, and each node verifies part of its own account data, which can be equivalently verified. Prove all the book data, and then combine each node to independently select the book data for verification, avoiding a certain address to be verified by a specific node, and increasing security. Each node of the third layer will synchronize the block header data of the second layer, so the third layer and the second layer system state are consistent. The read operations of the user, third-party users, and regulators can be on the second or third layer, and the write operations of transaction data on the user end are linked to the first layer by the management end, so the system It is separated from reading and writing. And the first chain can broadcast to the third layer immediately, so the transaction data on the user side can be obtained in time, but the transaction data at this time is not on the second chain, but on the first chain. If it is a small transaction, the user side can immediately trust the data released by the management side; but if the transaction amount is large, the user side can wait for a period of time to wait for the transaction data to be on the second chain and be confirmed by n blocks , It can be considered that the transaction information is irreversible and cannot be tampered with.

Since the state of the second-tier system and the third-tier system are consistent, and the third-tier verified all the ledger data by equivalent verification, the second-tier system can choose to verify only the block header of the first chain The data, the Merkel tree of the ledger data and the management end of the ledger data are signed, and then the data is uploaded to the chain to generate the block data of the second chain, and broadcast to the third layer, and the third layer verifies whether the connection of the UTXO chain is correct , And verify that the user-side unlocking signature in each transaction data and the transaction amount are correct. Because each node in the third layer only needs to verify a small amount of book data, even if the user side uses multi-signature and needs to verify whether the ciphertext transaction amount is correct, each node has less burden, even if it is a mobile device It can also be verified. The second layer verifies the signature of the management end, and can also use the optimized batch verification of the plural signatures generated by a single signer, which greatly reduces the amount of verification required to participate in the second layer consensus. And according to the characteristics of the Merkel tree, the chain generation nodes of the second layer can sequentially distribute the ledger data generated by the first layer to a plurality of physical devices, and transfer the accounts on these physical devices. This data is combined to generate the root hash value of the Merkel tree, that is, the generation and verification of a huge block data containing a lot of book data can be completed by multiple physical devices, and the storage can also be distributed to multiple physical devices. Different from the third layer using distributed hash table storage, this method is a linear partition storage, that is, a huge block of data, according to the characteristics of the Merkel tree, the number of leaf nodes corresponding to a parent node is 2. Power, so the data is linearly divided into a complex number of physical devices according to the power of 2 for storage, and then the corresponding Merkel tree root hash value can be jointly generated, and the authentication path corresponding to the ledger data can also be generated. Therefore, the chain generation node of the second layer only needs a plurality of ordinary physical equipment and storage devices, and the amount of verification calculation is also controllable. The equipment that actually participates in the consensus generation block header also needs ordinary equipment, which greatly reduces the participation in the first. The threshold of the second-tier consensus.

The above method uses the first generation and then verification method, that is, the second chain is generated first, and then the third layer is verified, because the actual ledger data is chained by the first layer system, and the second layer will verify The signature of the Merkel tree and the management side does not modify the ledger information. Therefore, if the third-level verification ledger data is wrong and it is signed by the management end (the second-level verification is needed to verify whether it is the data of the first chain), the person in charge is the first-level system, and the first-level is the management with real names At the end, the supervisor can deal with it accordingly. Because the first layer is a centralized system, if illegal account information is generated, the second and third layers cannot be prevented, but they can be verified immediately, and then corresponding measures can be taken. For example, the third layer writes illegal account data from the second layer into the certificate data of the extended data of the public chain, and the first layer system cannot modify the data of the second chain, and the information is exposed to anyone. If it can be accessed, the supervisor can handle it accordingly. Therefore, although the system cannot guarantee that the data in the time period of the upper chain segment must be correct (because the data is generated by the centralization), it can guarantee that the wrong data is not hidden (verified by the second or third layer) . On-chain by the second chain and confirmed by n blocks The information is correct and cannot be tampered with, so it is trustworthy. The first-tier system also uses private chains or alliance chains to reduce and prevent the possibility of data errors. And based on the above, the first chain is not allowed to fork, and the first chain can use consensus algorithms such as PBFT to prevent forks. If the first chain has a fork, the second-level system can detect it and write it into the certificate data of the extended data of the public chain, and the supervisor will deal with it accordingly.

The first-tier management system can also optimize the processing of massive amounts of data that need to be verified and stored by connecting to storage. For example, a consensus hash algorithm can be used to disperse transaction data into plural consensus groups based on transaction addresses and transaction IDs, and then use the attribute grouping PBFT (Practical Byzantine Fault Tolerance Algorithm) consensus algorithm to generate the first chain The header data of the block.

The PBFT algorithm is a state machine replica replication algorithm. Set the number of sets composed of all copies to N, assuming that the number of invalid copies is F, then N>3F is required. Each node has a copy of the state machine, so the PBFT algorithm can tolerate less than N/3 invalid or malicious nodes. But the disadvantage of PBFT is that it has O(N^2) message complexity, so usually N is not very large.

The attribute grouping PBFT consensus algorithm uses a consistent hash algorithm. According to the attributes of the data, the data is distributed to the plural consensus groups, and only a copy of the state machine is required in one of the groups. For example, divide N into M consensus groups, and each consensus group has n nodes, that is, N=M*n, and set these consensus groups as serial numbers from 1 to M.

Before generating the block, use the consistent hash algorithm to map each input address of the transaction data to one of 1 to M, and map the transaction ID, that is, the hash value of the transaction data, to one of 1 to M. Then store the transaction data in the mapped consensus group. According to the above, the input address corresponds to the output data stored in the connection. After the block is generated, that is, after the data is on the chain, use the same The method maps each output address of the transaction data to one of 1 to M, and includes the token issuance address and reward address in the control data of the chain, and then stores the corresponding chain data in the mapped In the consensus group. According to the above, the output address corresponds to the input data stored in the connection, so the input data stored in the connection storage in the consensus group is the data after the chain is on the chain, and the consensus group can verify the data through the Merkel tree.

If the consensus group storage corresponds to input data, just store it; if the consensus group storage corresponds to output data, you need to find the corresponding input data, and verify the correctness of the input and output, and then form a connection storage; if the consensus group stores Corresponding to the transaction ID, you need to initiate PBFT consensus verification to the consensus group corresponding to the address based on all the input reference addresses of the transaction data. It can be known that if the consensus group corresponding to these addresses passes the verification, it will form a connection storage and return the verification success. If the verification fails, the verification failure will be returned. According to the above, when the number of successful verifications returned by each address is greater than n*2/3, the transaction data is verified and can be uploaded to the chain. Therefore, the transaction data is verified and chained by the consensus group corresponding to the transaction ID, and because the transaction ID is unique, it will not be repeated on the chain. In order to optimize the additional verification data required to verify the transaction amount, the transaction amount can be verified by the consensus group corresponding to the transaction ID. Entering the consensus group corresponding to the reference address only needs to verify whether the connection is correct and whether the unlocking signature on the user side is valid. And return the transaction amount data, without additional verification data.

After a period of time, each consensus group independently initiates the PBFT consensus on the chain, and each consensus group independently agrees on its own set of transaction data and order on the chain. Then the consensus group No. 1 adds its own on-chain collection quantity to the cumulative quantity, and sends the cumulative quantity message to the consensus group No. 2; then, the consensus group No. 2 adds its own on-chain collection quantity to the cumulative quantity to 3 Consensus group No. sends an accumulated quantity message; until the last consensus group M, M sends an accumulated quantity message to consensus group No. 1; When consensus group No. 1 receives the cumulative quantity message, it completes a loop operation and combines the transaction data in the loop on the chain. Each consensus group calculates the starting sequence number based on the cumulative number, and then assigns the transaction data and the corresponding order of the on-chain collection to an increasing sequence number and requests a signature (for example, if there are n nodes, a request greater than n*2/3 is required to give a signature ), and finally combine the signed data to generate the root hash value of the Merkel tree. Because it is an independent consensus on the chain, each consensus group can receive the number of messages before proceeding to the consensus on the chain, and complete the loop operation through message transmission. The reason why the consensus group can independently agree on the chain is because the input data stored in the connection is the data after the chain, so in the same time segment, there will be no legal transactions quoted between the two.

Therefore, it can be seen that the message complexity of the attribute grouping PBFT consensus algorithm is O(n^2), which can tolerate less than n/3 invalid or malicious nodes. However, since there are M groups, the transaction data is also scattered into M groups, so the final amount of transaction data that can be processed can be greatly increased.

The control data of the system is not a UTXO chain. When it is generated, an incremental serial number can be assigned and signed, and then stored and verified linearly according to the serial number. The Merkel root hash value of the control data can also be jointly generated. Finally, the block header data of the first chain is generated according to the root hash value of the transaction data and the root hash value of the control data, and the corresponding cumulative quantity. Therefore, the management system of the first chain can optimally process massive amounts of data by connecting to storage.

According to the above, the data stored on the third-tier user terminal includes block header data, ledger data, and corresponding authentication path data. The ledger data is actually generated by the first-level management terminal, and the block header data is generated by the second-level consensus, and the block header data can also map the consistency of the block body data (ledger data), and the block header data is also The corresponding authentication path can be confirmed, so the correct synchronization of the block header data is very important to the correctness of the system. But the third-tier user terminal does not participate in the second-tier Consensus, if the second-tier public chain system adopts consensus algorithms such as POA (Proof of Authority), or a consensus algorithm for mortgage punishment, the third-tier user side needs to be able to correctly synchronize the consensus list, which will increase the user side burden. Because the second chain is generated on the basis of verifying the block header of the first chain, the third-tier user side can verify the block header of the second chain on the basis of trusting the block header of the first chain. Take the consensus algorithm using mortgage penalty as an example. Consensus objects on the second layer can be anonymous, and can participate in the consensus by using third-party public chains (third-party public chain systems other than the first chain system and the second chain system) to participate in the consensus. Data will be deducted from the mortgaged assets, which will be explained below.

First, the management side of the first layer needs to establish a smart contract on the third-party public chain. The function of the contract is that any user can upload the consensus public key (the consensus public key is an asymmetric key generated by the user and can be used to participate in the second-level consensus), and a consensus public key needs to be mortgaged A certain amount of tokens on the third-party public chain. The pledged tokens are associated with the uploaded consensus public key. The contract will map the consensus public key set consisting of all the currently uploaded consensus public keys to a value, and the consensus will be public. The key set and the mapping method are both exposed. It is easy to find the proof that the elements in the set exist in the set, but it is difficult to find a proof that the elements in the set do not exist in the set. For example, you can use Merkel tree proof or accumulator proof . One of the cryptographic accumulators is a one-way membership function, which can be used to identify whether a candidate is a member of a set without exposing the members of the set in the process. The block header generated by the first chain contains the value of the current consensus public key set mapping, and can also include the number of elements in the consensus public key set, and a key represents a fixed equity, that is, one key, one vote . The block header data generated by the second chain will be broadcast to the third layer along with the last block header data corresponding to the first chain. The second chain block header contains all the current The accumulated transaction quantity and accumulated control quantity, as well as the corresponding consensus public key, the second chain block header data are signed by the consensus private key. The user side of the third layer synchronizes the block header data of the second chain, and can verify the signature of the consensus private key according to the consensus public key, verify the signature of the management end of the first chain block head, and verify the accumulation of the first chain block head Whether the transaction quantity and cumulative control quantity are equal to the cumulative transaction quantity and cumulative control quantity of the second chain block header, if they are equal, the quantity is correct and the first chain block header is the last block header data in the second chain block header generation time segment , So the mapping value of the consensus public key set in the first chain block header is the latest in the time segment. The user can also use Merkel tree proof or accumulator proof according to the mapping value of the consensus public key set in the first chain block header to verify whether the consensus public key in the second chain block header is valid. It shows that the block header of the second chain is valid and can be added to the block header of the candidate main chain. In this way, the user can verify the block header of the second chain by trusting the block header of the first chain, without synchronizing the consensus list of the second chain, and can use the accumulated transactions of the block header of the first chain Quantity and cumulative control quantity verify whether the cumulative transaction quantity and cumulative control quantity of the second chain block header are correct to ensure that the block header data of the second chain can be correctly synchronized.

The second-tier public chain-like system can also use consensus algorithms such as POA, so that it does not rely on third-party public chains, but the participating consensus objects need to provide identity certification. The first chain block header can also include the mapping value of the validator list of the POA consensus algorithm and the number of validators, so that the user can correctly synchronize the block header data of the second chain.

If the block header of the first chain does not contain the correct mapping value of the consensus person's disclosure key set according to the rules, because the consensus person's disclosure key set's mapping value is in the third-party public chain contract or the second-level type of disclosure key The extended data stored in the chain are all exposed and cannot be tampered with. Second floor The system can write the non-compliant block header data of the first chain into the certificate data of the extended data of the public chain, and the supervisor will deal with it accordingly.

Therefore, this system uses the blockchain to realize the traceability and non-tampering of the ledger data. The UTXO chain realizes the correct connection of transaction data to ensure that the total amount of tokens in the system is fixed. The account data chain realizes the privacy retrieval of user account data. And through equivalent verification, the client can store and verify part of the book data through a structured peer-to-peer network, and the correctness of all the book data can be equivalently verified.

An exemplary embodiment of the present disclosure further provides a computer storage medium that stores a computer program; after the computer program is executed, the method provided by one or more of the foregoing exemplary embodiments can be implemented, for example, as shown in FIG. 1 , One or more of the methods shown in Figure 3, Figure 5 and Figure 7. The computer storage medium includes volatile and non-volatile, removable and non-removable media implemented in any method or technology configured to store information (such as computer readable instructions, data structures, program modules, or other data). Computer storage media include but are not limited to RAM, ROM, EEPROM, flash memory or other memory technologies, CD-ROM, digital versatile disc (DVD) or other optical disc storage devices, magnetic cartridges, magnetic tapes, magnetic disk storage devices or Other magnetic storage devices, or any other media that can be configured to store desired information and that can be accessed by a computer.

An exemplary embodiment of the present disclosure also provides a computer device (or computer equipment). The computer equipment may include a processor, a memory, and a computer program stored on the memory and running on the processor. When the processor executes the computer program, the execution of the data storage device or the data verification device in this disclosure is implemented Operation.

As shown in FIG. 11, in an example, a computer device (node) may include: a processor 91, a memory 92, a bus system 93, and a transceiver 94, where the processor 91, the memory 92 The transceiver 94 is connected through the bus system 93, the memory 92 is set to store instructions, and the processor 91 is set to execute the instructions stored in the memory 92 to control the transceiver 94 to send signals. For example, the operations of the second storage module in the aforementioned data storage device can be executed by the transceiver under the control of the processor, and the operations of the first verification module can be executed by the processor.

It should be understood that the processor 91 may be a central processing unit (Central Processing Unit, referred to as "CPU"), and the processor 91 may also be other general-purpose processors, digital signal processors (DSP), special integrated circuits (ASIC), Field programmable gate array (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. The general-purpose processor may be a microprocessor or the processor may also be any conventional processor or the like.

The memory 92 may include a read-only memory and a random access memory, and provides instructions and data to the processor 91. A part of the memory 92 may also include a non-volatile random access memory. For example, the memory 92 can also store device type information.

In addition to the data bus, the bus system 93 may also include a power bus, a control bus, and a status signal bus. However, for the sake of clarity, all the bus bars are marked as the bus bar system 93 in FIG. 11.

In the implementation process, the processing executed by the computer device can be completed by the integrated logic circuit of the hardware in the processor 91 or instructions in the form of software. That is, the steps of the method disclosed in the embodiments of the present disclosure may be embodied as being executed by a hardware processor, or executed by a combination of hardware and software modules in the processor. The software module can be located in storage media such as random memory, flash memory, read-only memory, programmable read-only memory, or electronically readable and writable programmable memory, register. The storage medium Located in the memory 92, the processor 91 reads the information in the memory 92, and completes the steps of the above method in combination with its hardware. In order to avoid repetition, it will not be described in detail here.

A person of ordinary skill in the art can understand that all or some of the steps in the methods, systems, and devices disclosed above can be implemented as software, firmware, hardware, and appropriate combinations thereof. In hardware implementations, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical elements; for example, a physical element may have plural functions, or a function or step may consist of several Cooperative implementation of physical components. Some or all of the components can be implemented as software executed by a processor, such as a digital signal processor or a microprocessor, or as hardware, or as an integrated circuit, such as a dedicated integrated circuit. Such software can be distributed on computer-readable media, and computer-readable media can include computer storage media (or non-transitory media) and communication media (or temporary media). As is well known by those of ordinary skill in the art, the term computer storage medium includes volatile and non-volatile implementations in any method or technology configured to store information (such as computer-readable instructions, data structures, program modules, or other data). , Removable and non-removable media. Computer storage media include but are not limited to RAM, ROM, EEPROM, flash memory or other memory technologies, CD-ROM, digital versatile disc (DVD) or other optical disc storage devices, magnetic cartridges, magnetic tapes, magnetic disk storage devices or Other magnetic storage devices, or any other media that can be configured to store desired information and that can be accessed by a computer. In addition, as is well known to those of ordinary skill in the art, communication media usually include computer-readable instructions, data structures, program modules, or other data in modulated data signals such as carrier waves or other transmission mechanisms, and may include any information delivery media.

Those of ordinary skill in the art should understand that the technical solutions of the embodiments herein can be modified or equivalently replaced without departing from the spirit and scope of the technical solutions herein, and should be covered by the scope of the patent application of this application.

81: The first chain system

82: The second chain system

83: data storage device

Claims (40)

A chain structure data storage method, including: Take part or all of the link information of the chain in the chain structure as a first key, and the data in the chain structure associated with the first key as the value, and store the data as input data or output data, and the same data storage device The stored input data and output data are related according to the same connection information. The data storage method according to claim 1, wherein the storage of the data as input data or output data includes: When the first key is part or all of the output information in the chain structure, the data associated with the first key is stored as input data; when the first key is part or all of the input information in the chain structure, the The data associated with the first key is stored as output data. A chain structure verification method, including: Use part or all of the link information of the chain in the chain structure as a first key, and the data in the chain structure associated with the first key as the value to verify whether the data associated with the first key is wrong, and to verify the first key. After the data associated with the one-click has no errors, save the data as input data or output data. The chain structure verification method according to claim 3, wherein the storing of the data as input data or output data includes: When the first key is used as part or all of the output information in the chain structure, the data associated with the first key is stored as input data; when the first key is used as part or all of the input information in the chain structure , The data associated with the first key is stored as output data; the input data and output data stored on this device are related according to the same connection information. The chain structure verification method according to claim 3, wherein the verification of whether the data associated with the first key has an error includes one or more of the following verifications: Verify whether the data is the data on the chain structure; When the first key is used as the input information in the chain structure, verify whether there is output information that has the same connection information as the input information; When the first key is used as the input information in the chain structure, verify whether the output information with the same connection information as the input information has been used; When the first key is used as input information in the chain structure, and the data associated with the first key includes a transaction amount, verify that the transaction amount is correct; When the first key is used as the input information in the chain structure, and the data associated with the first key includes signature information, it is verified whether the signature information is correct. According to the chain structure verification method described in claim 4, the method further includes: According to the request of a data verification device, return to the data verification device the data associated with the link information stored in this device, including one or more of the following data: input data, output data, Merkel tree certification path, additional Verify the information. A chain structure verification method, including: Use part or all of the link information of the chain in the chain structure as a second key, obtain a data stored in the data storage device and associated with the second key from a data storage device, and verify the chain according to the obtained data Whether there are errors in the data in the structure. The chain structure verification method according to claim 7, wherein the data associated with the second key obtained from the data storage device includes one or more of the following: data associated with the second key, Merkel tree authentication path , Additional verification data, wherein the second key is used as part or all of the output information in the chain structure, or the second key is used as part or all of the input information in the chain structure. The method for verifying the chain structure according to claim 7, wherein the verifying whether the data in the chain structure has errors according to the acquired data includes: Synchronize a block header data in the chain structure, combine the block header data with the data associated with the second key obtained from the data storage device, and perform one or more of the following verifications: Verifying whether the data associated with the second key obtained from the data storage device is the data on the chain structure; When the second key is used as the input information of the acquired data, verify whether there is output information that has the same connection information as the input information; When the second key is used as the input information of the acquired data, verify whether the output information with the same connection information as the input information has been used; When the second key is used as the input information of the acquired data, and the acquired data contains a transaction amount, verify whether the transaction amount is correct; When the second key is used as the input information of the acquired data, and the acquired data contains a signature information, verify whether the signature information is correct. A method for realizing a chain structure. The chain structure system includes a first chain system, a second chain system and a data storage device. The method includes: After the first chain system signs the ledger data, it writes the signed ledger data into the block data of the first chain; After verifying the block data of the first chain, the second chain system writes one or more consecutive block data of the first chain into the block data of the second chain; The data storage device uses part or all of the link information in the second chain as a first key, and the data associated with the first key as a value. After verifying that the data associated with the first key is correct, the data is stored as Input data or output data, the input data and output data stored in the same data storage device are related according to the same connection information. According to the chain structure realization method of claim 10, the method further includes: the first chain system uses part or all of the connection information of the chain in the first chain as a third key, and the data associated with the third key is used as Value, the value associated with the third key is assigned to a consensus group that has the same third key as the value; the consensus group verifies the data associated with the third key, where: The data associated with the third key includes a transaction data, and the verification includes one or more of the following: When the third key is used as the input information of the transaction data, verify whether there is output information that has the same connection information as the input information; When the third key is used as the input information of the transaction data, verify whether the output information with the same connection information as the input information has been used; When the third key is used as the input information of the transaction data, verify whether the transaction amount of the transaction data is correct; When the third key is used as the input information of the transaction data, it is verified whether the signature information of the transaction data is correct. For the chain structure implementation method described in claim 11, after the consensus group verifies the data associated with the third key, the method further includes: The consensus group stores the data associated with the third key as input data or output data, where, when the third key is part or all of the output information in the first chain, the data associated with the third key is used as Input data storage. When the third key is used as part or all of the input information in the first chain, the data associated with the third key is stored as output data; the input data and output data stored in the same consensus group are based on the same Is associated with the connection information. The method for implementing the chain structure according to claim 10, wherein the data storage device stores the data as input data or output data, including: When the first key is used as part or all of the output information in the second chain, the data associated with the first key is stored as input data; when the first key is used as part or all of the input information in the second chain , The data associated with the first key is stored as output data; the input data and output data stored on the data storage device are related according to the same connection information. The method for implementing the chain structure according to claim 10, wherein the data storage device verifies whether the data associated with the first key has an error, including one or more of the following verifications: Verify the integrity of the second chain; Verify whether the data is the data on the second chain; When the first key is used as the input information of the ledger data in the second chain, verify whether there is output information that has the same connection information as the input information; When the first key is used as the input information of the ledger data in the second chain, verify whether the output information with the same connection information as the input information has been used; When the first key is used as the input information of the ledger data in the second chain, and the data associated with the first key includes a transaction amount, verify that the transaction amount is correct; When the first key is used as the input information of the ledger data in the second chain, and the data associated with the first key includes signature information, it is verified whether the signature information is correct. For example, the chain structure implementation method of claim 10 or claim 14, the method further includes: the first chain system sequentially numbers a book data, and the block header of a block data corresponding to the book data Contains the accumulated book data amount; the second chain system includes the accumulated book data amount in the block data in the block header of the block data of the second chain. The method for implementing the chain structure according to claim 15, wherein the data storage device verifies the integrity of the chain structure includes: the data storage device synchronizes the block header of the second chain, and uses the accumulated data in the block header The data volume of the ledger generates a number address, and the integrity of the second chain is verified according to the number address. According to the chain structure realization method described in claim 15, the method further includes: The data storage device verifies whether the accumulated book data amount in the second chain block header data is correct according to the first chain block header data. According to the chain structure realization method described in claim 10, the method further includes: The first chain system includes the current consensus public key set mapping value in the block header of the first chain; The data storage device uses Merkel tree certification or accumulator certification according to the mapping value of the consensus public key set in the first chain block header to verify whether the consensus public key in the second chain block header is valid. The method for implementing the chain structure according to claim 10, wherein the second chain system writes one or more consecutive block data of the first chain into the block data of the second chain, including: the second chain The system recombines one or more consecutive block data of the first chain according to the sequence of transaction data and the sequence of control data to generate a Merkel tree root hash value, and includes this in the block header of the generated second chain Merkel root hash value. The chain structure realization method as described in claim 10, The system also includes: a data verification device; The method further includes: the data verification device uses part or all of the connection information of the chain in the chain structure as a second key, and obtains the data associated with the second key stored on the data storage device from the data storage device, Verify whether the data in the second chain has errors based on the acquired data. The method for implementing the chain structure according to claim 20, wherein the data verification device uses part or all of the connection information of the chain in the chain structure as a second key, and obtains the data stored on the data storage device from the data storage device The data associated with the second key includes: The data verification device synchronizes a block header of the second chain, uses the accumulated book data volume in the block header to generate a number address, and obtains part or all of the link information of the chain according to the number address as a second key, Obtain the data associated with the second key stored on the data storage device from the data storage device. The method for implementing the chain structure according to claim 20, wherein the data verification device obtains from the data storage device the data associated with the second key stored on the data storage device includes one or more of the following data: and Data associated with the second key, Merkel tree certification path, additional verification data, wherein the second key is used as part or all of the output information in the chain structure, or the second key is used as the input information in the chain structure Part or all of The data verification device verifies whether the data in the second chain has errors based on the acquired data, including: The data verification device synchronizes the block header in the second chain, and combines the block header and the data associated with the second key obtained from the data storage device to perform one or more of the following verifications: Verifying whether the data associated with the second key obtained from the data storage device is the data on the second chain; When the second key is used as the input information of the acquired data, verify whether there is output information that has the same connection information as the input information; When the second key is used as the input information of the acquired data, verify whether the output information with the same connection information as the input information has been used; When the second key is used as the input information of the acquired data, and the acquired data contains a transaction amount, verify whether the transaction amount is correct; When the second key is used as the input information of the acquired data, and the acquired data contains a signature information, verify whether the signature information is correct. According to the chain structure implementation method described in claim 20, the method further includes: The first chain system includes the mapping value of the current consensus public key set in the block header of the first chain; The data verification device uses Merkel tree certification or accumulator certification according to the mapping value of the consensus public key set in the first chain block header to verify whether the consensus public key in the second chain block header is valid. The chain structure realization method as described in claim 10, Among them, the first chain is a private chain or a consortium chain, The method also includes: the first chain system issues one or more of the following keys to a user: a management address master key, a transaction address master key, a confidential transaction master key, and a symmetric encryption master Key, where: The management address master key is used to generate the next management address of the user with the current first generation parameter, and all the management addresses of the user form a logical chain; The transaction address master key is used to generate the user's next receiving transaction address with the current second generation parameter, and all receiving transaction addresses of the user form a logical chain; The secret transaction master key is used to generate the working key for the current encryption and decryption ciphertext transaction amount with the current third generation parameter; The symmetric encryption master key is used to generate the symmetric encryption working key of the user's next encryption and decryption management data with the current fourth generation parameter. As described in claim 10 or claim 24, the method for implementing the chain structure further includes: The first chain system uses the management address master key issued for a user and the generation parameters in the user's previous management data to generate the user's current management address, and writes it in the current management data The generation parameter used to generate the user's next management address. A chain structure data storage device includes a first storage module and a second storage module, wherein: The first storage module is configured to store part or all of the connection information of the chain in the chain structure as a first key; The second storage module is configured to store the data in the chain structure associated with the first key as input data or output data, and the input data and output data stored in the same data storage device are related according to the same connection information. For the chain structure data storage device according to claim 26, the data storage device further includes a first verification module configured to verify whether the data in the chain structure associated with the first key is wrong. For the chain structure data storage device according to claim 27, the first verification module verifies whether a data associated with the first key has an error, including: The first verification module performs one or more of the following verification operations: Verify whether the data is the data on the chain structure; When the first key is used as the input information in the chain structure, verify whether there is output information that has the same connection information as the input information; When the first key is used as the input information in the chain structure, verify whether the output information with the same connection information as the input information has been used; When the first key is used as input information in the chain structure, and the data associated with the first key includes a transaction amount, verify that the transaction amount is correct; When the first key is used as the input information in the chain structure, and the data associated with the first key includes signature information, it is verified whether the signature information is correct. A chain structure data verification device includes a key value search module and a second verification module, wherein: The key value search module is set to search part or all of the link information in the chain structure as a second key; The second verification module is configured to obtain data associated with the second key stored in the data storage device from a data storage device, and verify whether the data in the chain structure has errors according to the obtained data. The chain structure data verification device according to claim 29, wherein the second verification module verifies whether the data in the chain structure has errors according to the acquired data, including: The data verification device synchronizes a block header data in the chain structure, and the second verification module combines the block header data with the data associated with the second key obtained from the data storage device to perform one of the following verifications Or multiple: Verifying whether the data associated with the second key obtained from the data storage device is the data on the chain structure; When the second key is used as the input information of the acquired data, verify whether there is output information that has the same connection information as the input information; When the second key is used as the input information of the acquired data, verify whether the output information with the same connection information as the input information has been used; When the second key is used as the input information of the acquired data, and the acquired data contains a transaction amount, verify whether the transaction amount is correct; When the second key is used as the input information of the acquired data, and the acquired data contains a signature information, verify whether the signature information is correct. A chain structure system includes: a first chain system, a second chain system and a data storage device, wherein: The first chain system is set to write the signed account data into the block data of a first chain after signing the account book data; The second chain system is configured to write one or more consecutive block data of the first chain into the block data of a second chain after verifying the block data of the first chain; The data storage device is configured to use part or all of the link information in the second chain as the first key, and the data associated with the first key as the value, verify whether the data associated with the first key is wrong, and verify the first key. After the one-click association data is correct, save the data as input data or output data, and the input data and output data stored in the same data storage device are related according to the same connection information. The chain structure system according to claim 31, wherein the first chain system further includes a consensus group; The first chain system is also set to use part or all of the link information in the first chain as a third key, the data associated with the third key as a value, and the value associated with the third key is assigned to the value Consensus groups with the same third key, the data associated with the third key includes a transaction data; The consensus group is set to verify the data associated with the third key, including one or more of the following verifications: When the third key is used as the input information of the transaction data, verify whether there is output information that has the same connection information as the input information; When the third key is used as the input information of the transaction data, verify whether the output information with the same connection information as the input information has been used; When the third key is used as the input information of the transaction data, verify whether the transaction amount of the transaction data is correct; When the third key is used as the input information of the transaction data, it is verified whether the signature information of the transaction data is correct. For example, in the chain structure system of claim 32, the consensus group is also set to store the data associated with the third key as input data or output data after verifying the data associated with the third key. When the third key is part or all of the output information in the first chain, the data associated with the third key is stored as input data. When the third key is part or all of the input information in the first chain , The data associated with the third key is stored as output data; the input data and output data stored on the same consensus group are related according to the same connection information. For the chain structure system described in claim 31, the first chain system is also set to sequentially number a book data, and the block header of the block data corresponding to the book data contains the cumulative book data amount; The second chain system is also set to include the accumulated book data amount in the block data in the block header of the block data of the second chain. For the chain structure system described in claim 31, the data storage device verifies whether the data associated with the first key has errors, including one or more of the following verifications: Verify the integrity of the second chain; Verify whether the data is the data on the second chain; When the first key is used as the input information of the ledger data in the second chain, verify whether there is output information that has the same connection information as the input information; When the first key is used as the input information of the ledger data in the second chain, verify whether the output information with the same connection information as the input information has been used; When the first key is used as the input information of the ledger data in the second chain, and the data associated with the first key contains the transaction amount, verify whether the transaction amount is correct; When the first key is used as the input information of the ledger data in the second chain, and the data associated with the first key contains signature information, it is verified whether the signature information is correct. According to the chain structure system of claim 31, the chain structure system further includes: a data verification device; the data verification device is set to use part or all of the connection information of the chain in the chain structure as a second key, Obtain the data associated with the second key stored on the data storage device from the data storage device, and verify whether the data in the second chain has errors according to the acquired data. For the chain structure system described in claim 31 or 36, the first chain system is also set to include the value of the current consensus public key set mapping in the block header of the first chain, so that the data storage device or The data verification device uses Merkel tree certification or accumulator certification according to the mapping value of the consensus public key set in the first chain block header to verify whether the consensus public key in the second chain block header is valid. For the chain structure system described in claim 31, the first chain system is also configured to generate the user using the management address master key issued for a user and the generation parameters in the user's previous management data The current management address of, and write the generation parameters for generating the user’s next management address in the current management data. A computer-readable storage medium storing a computer-executable instruction for executing request item 1 to request item 2 or request item 3 to request item 6 or request item 7 to request item 9 or request item 10 to The method described in any one of claim 25. A computer device includes a memory, a processor, and a computer program stored on the memory and capable of running on the processor. When the processor executes the program, it implements request item 1 to request item 2 or request item 3 To the steps of the method described in any one of Claim 6 or Patent Scope 7 to Claim 9 or Claim 10 to Claim 25.

Images