WO2021120253A1

WO2021120253A1 - Data storage method and verification method for blockchain structure, blockchain structure implementation method, blockchain-structured system, device, and medium

Info

Publication number: WO2021120253A1
Application number: PCT/CN2019/128379
Authority: WO
Inventors: 郑杰骞
Original assignee: 郑杰骞
Priority date: 2019-12-16
Filing date: 2019-12-25
Publication date: 2021-06-24
Also published as: CN111159288B; CN111159288A; TWI749583B; TW202125299A

Abstract

A data storage method and device for a blockchain structure, a verification method and device for a blockchain structure, a blockchain-structured system and a blockchain structure implementation method, a storage medium, and a computer device. The blockchain structure implementation method comprises: a first blockchain system signing ledger data, and then writing the signed ledger data into block data of a first blockchain; a second blockchain system verifying the block data of the first blockchain, and then writing one piece or multiple continuous pieces of the block data of the first blockchain into block data of a second blockchain; and a data storage device using part or all of connection information in the second blockchain as a first key, verifying that data associated with the first key is errorless, and then storing said data as input data or output data, wherein input data and output data stored in the same data storage device are associated with each other according to the same connection information.

Description

Chain structure data storage, verification, realization method, system, device and medium

Technical field

This article relates to, but is not limited to, the field of computer data processing technology, especially a chain structure data storage method and device, a chain structure verification method and device, a chain structure system and implementation method, a storage medium, and a computer device.

Background technique

Current decentralized systems such as public chain systems have the characteristics of openness, transparency, traceability, and non-tamperability, so they can reduce the cost of trust between transaction participants and can be used as the basis for trust to achieve value transfer.

However, the current decentralized system has the following problem: the node needs to store all the data in order to verify the entire ledger data.

Summary of the invention

The following is an overview of the topics detailed in this article. This summary is not intended to limit the scope of protection of the claims.

This article provides a data storage method, chain structure verification method, chain structure realization method and system.

In an exemplary embodiment, the present disclosure provides a data storage method for storing data in a chain structure, and the method includes:

Part or all of the connection information of the chain in the chain structure is used as the first key, and the data in the chain structure associated with the first key is used as the value, and the data is stored as input data or output data. The input data and output data stored in the data storage device are associated according to the same connection information.

In an exemplary embodiment, the present disclosure further provides a chain structure verification method, the method includes:

Use part or all of the connection information of the chain in the chain structure as the first key, and use the data in the chain structure associated with the first key as the value to verify whether the data associated with the first key has errors, After verifying that the data associated with the first key has no errors, the data is stored as input data or output data.

Taking part or all of the connection information of the chain in the chain structure as the second key, acquiring data stored in the data storage device and associated with the second key from the data storage device, and verifying the data according to the acquired data Whether there are errors in the data in the chain structure.

In an exemplary embodiment, the present disclosure also provides a method for implementing a chain structure. The chain structure system includes a first chain system, a second chain system, and a data storage device, and the method includes:

After the first chain system signs the ledger data, write the signed ledger data into the block data of the first chain;

After verifying the block data of the first chain, the second chain system writes one or more continuous block data of the first chain into the block data of the second chain;

The data storage device uses part or all of the connection information of the chain in the second chain as the first key, and the data associated with the first key as the value. After verifying that the data associated with the first key has no errors, it will The data is stored as input data or output data, and the input data and output data stored in the same data storage device are related according to the same connection information.

In an exemplary embodiment, the present disclosure also provides a chain structure data storage device, the data storage device includes a first storage module and a second storage module, wherein:

The first storage module is configured to store part or all of the connection information of the chain in the chain structure as a first key;

The second storage module is configured to store the data in the chain structure associated with the first key as input data or output data, and the input data and output data stored in the same data storage device are related according to the same connection information United.

In an exemplary embodiment, the present disclosure also provides a chain structure data verification device. The data verification device includes a key value search module and a second verification module, wherein:

The key value search module is configured to search for part or all of the connection information of the chain in the chain structure as the second key;

The second verification module is configured to obtain data associated with the second key stored by the data storage device from a data storage device, and verify whether the data in the chain structure has errors according to the obtained data.

In an exemplary embodiment, the present disclosure also provides a chain structure system, including: a first chain system, a second chain system, and a data storage device, wherein:

The first chain system is configured to, after signing the ledger data, write the signed ledger data into the block data of the first chain;

The second chain system is configured to write one or more continuous block data of the first chain into the block data of the second chain after verifying the block data of the first chain;

The data storage device is configured to use part or all of the connection information of the chain in the second chain as the first key, and the data associated with the first key as the value, to verify whether the data associated with the first key has errors After verifying that the data associated with the first key has no error, the data is stored as input data or output data, and the input data and output data stored in the same data storage device are associated according to the same connection information.

In an exemplary embodiment, the present disclosure also provides a computer-readable storage medium that stores computer-executable instructions, and the computer-executable instructions are used to implement any of the foregoing methods.

In an exemplary embodiment, the present disclosure also provides a computer device, including a memory, a processor, and a computer program stored on the memory and capable of running on the processor. The processor implements any of the foregoing when the program is executed. Steps in a method.

Other features and advantages of the present invention will be described in the following description, and partly become obvious from the description, or understood by implementing the present invention. The purpose and other advantages of the present invention can be realized and obtained through the structures specifically pointed out in the specification, claims and drawings.

After reading and understanding the drawings and detailed description, other aspects can be understood.

Brief description of the drawings

The accompanying drawings are used to provide a further understanding of the technical solutions of the present invention, and constitute a part of the specification. Together with the embodiments herein, they are used to explain the technical solutions of the present invention, and do not constitute a limitation to the technical solutions herein.

Fig. 1 is a flowchart of an exemplary data storage method;

Fig. 2 is a schematic structural diagram of an exemplary data storage device;

Figure 3 is a flowchart of an exemplary data verification method;

4 is a schematic diagram of an exemplary data storage device with verification function;

Figure 5 is a flowchart of another exemplary data verification method;

Figure 6 is a schematic structural diagram of an exemplary data verification device;

Fig. 7 is a flowchart of an exemplary chain structure realization method;

Figure 8 is a schematic diagram of an exemplary chain structure system;

Fig. 9 is an exemplary connection storage diagram, and the connection information is Bd1;

Figure 10 is an exemplary three-layer two-chain system architecture diagram;

Fig. 11 is a schematic structural diagram of an exemplary computer device.

Detail

A number of embodiments are described herein, but the description is exemplary rather than restrictive, and it is obvious to a person of ordinary skill in the art that there can be more within the scope of the embodiments described herein. Many embodiments and implementation schemes. Although many possible feature combinations are shown in the drawings and discussed in the embodiments, many other combinations of the disclosed features are also possible. Unless specifically limited, any feature or element of any embodiment can be used in combination with any other feature or element in any other embodiment, or can replace any other feature or element in any other embodiment.

Combinations with features and elements known to those of ordinary skill in the art are included and contemplated herein. The embodiments, features, and elements already disclosed herein can also be combined with any conventional features or elements to form a unique inventive solution defined by the claims. Any feature or element of any embodiment can also be combined with features or elements from other invention solutions to form another unique invention solution defined by the claims. Therefore, it should be understood that any of the features shown and/or discussed herein can be implemented individually or in any suitable combination. Therefore, the embodiments are not subject to other restrictions except for the restrictions made according to the appended claims and their equivalents. In addition, various modifications and changes can be made within the protection scope of the appended claims.

In addition, when describing representative embodiments, the specification may have presented the method and/or process as a specific sequence of steps. However, to the extent that the method or process does not depend on the specific order of the steps described herein, the method or process should not be limited to the steps in the specific order described. As those of ordinary skill in the art will understand, other sequence of steps are also possible. Therefore, the specific order of the steps set forth in the specification should not be construed as a limitation on the claims. In addition, the claims for the method and/or process should not be limited to performing their steps in the written order. Those skilled in the art can easily understand that these orders can be changed and still remain within the spirit and scope of the embodiments herein. .

The steps shown in the flowcharts of the drawings may be executed in a computer system such as a set of computer-executable instructions. Also, although a logical sequence is shown in the flowchart, in some cases, the steps shown or described may be performed in a different order than here.

This paper proposes a combination of private chain and public chain to solve the credibility problem of private chain data, and solve part of the fairness problem, and each user only needs to store part of the ledger data to equivalently verify all the ledger data.

Let's first explain the concepts involved in this article.

Token refers to the token on the blockchain, also known as a pass.

CA (Certificate Authority), authentication and authorization.

eID (electronic Identity) refers to the electronic identity of citizens on the Internet, which is a credible real-name authentication method

SPV (Simplified Payment Verification): Simple payment verification, which verifies whether a transaction is included in a chain block and how many confirmations have passed through the Merkel tree verification path.

POA (Proof of Authority): Proof of Authority, a consensus algorithm based on identity and reputation.

Gossip network protocol: also called Epidemic Protocol (epidemic protocol), is an unstructured peer-to-peer network protocol, and is a network protocol used by systems such as Bitcoin.

DHT (Distributed Hash Table): Distributed Hash Table is a distributed storage method. Without a server, each client is responsible for a small range of routing, and is responsible for storing a small part of data, so as to realize the addressing and storage of the entire DHT network.

Kademlia network protocol: is a distributed hash table (DHT) network protocol, a structured peer-to-peer network protocol, and a network protocol adopted by systems such as IPFS.

Consistent Hash Algorithm: An implementation of DHT. It can satisfy balance, monotonicity, dispersion and load in a dynamically changing environment.

UTXO (Unspent Transaction Output), unspent transaction output, refers to one or more unspent transaction outputs that become spent, and creates one or more new unspent transaction outputs, and continues to loop back. According to its connection method, a chain structure of DAG (Directed Acyclic Graph) is formed. This article is called UTXO chain.

The public chain refers to a blockchain that anyone can read, send transactions, and participate in consensus. It is a completely decentralized system. In this embodiment, a public chain system that is the same as the public chain system except that anyone can send transactions is adopted to satisfy transaction centralization and decentralization of ledger data. In the public chain system described in this article, anyone can read and verify transactions and participate in consensus, which can be traced and cannot be tampered with.

Private chain refers to a data chain whose write permission is in the hands of an organization, and belongs to a centralized system.

Consortium chain refers to a data chain whose write permission is in the hands of multiple organizations, and belongs to a partially decentralized system.

An exemplary embodiment of this document provides a data storage method for storing data in a chain structure, as shown in FIG. 1, including steps 11-12.

Step 11. Use part or all of the connection information of the chain in the chain structure as the first key;

Step 12: The data in the chain structure associated with the first key is used as a value, and the data is stored as input data or output data. The input data and output data stored in the same data storage device are related according to the same connection information. United.

One or a group of data contains the information in the previous one or a group of data, which is the connection information of the chain, and the connection information makes the aforementioned data logically form a chain structure.

The device set up for data storage can be implemented using DHT technology. The device stores connection information in the chain structure as a first key (also referred to as a key value or a key value). The connection information as the first key may be part or all of the chain structure connection information. The first key may be, for example, an address or a hash value of the address.

For any one or a group of data in the chain structure, each or each group of data includes input information and output information, wherein the input information of the current data is the output information of the data M, and the data M is logically the current data The previous data (previous data), the input information of the current data or the output information of the data M belongs to the connection information of the chain, the output information of the current data is the input information of the data N, and the data N is logically the current data The latter data (next data), the output information of the current data or the input information of the data N also belong to the connection information of the chain. The chain structure is, for example, a UTXO chain, and each transaction data includes the referenced unspent output as input information and the new unspent output as output information.

When receiving data that matches the first key value, the data storage device stores the data as input data or output data according to the meaning of the data in the chain structure. The input data and output data stored on the same data storage device are related according to the same key (that is, the connection information of the chain). This storage method can be called connection storage or data pair storage. One or more sets of input data and output data may be stored on the same data storage device. For any set of input data and output data, the input data and output data are related according to the same connection information. There can be one or more input data stored on the same device, and there can be zero (ie no output data), or one or more stored output data. The chain structure can be any chain with chain structure characteristics. The data storage device may be a user-end node or a consensus group, or other devices that need to be connected for storage. The data to be stored can be transaction data or control data. For example, the token issuance data and consensus reward data in the control data can be stored as input data, and the token recovery data in the control data can be stored as output data. The corresponding keys are the preset address for token issuance, the preset address for consensus reward, and the preset address for token recovery.

Using this kind of connected storage can disperse and store huge chain structure data on multiple devices to reduce the pressure of data storage. This storage method is also convenient for verification.

In an exemplary embodiment, when the first key is used as part or all of the output information in the chain structure, the data associated with the first key is stored as input data; the first key is used as the When part or all of the input information in the chain structure, the data associated with the first key is stored as output data.

For example, if the first key is the output address in the chain structure, the data associated with the first key is stored as input data, and if the first key is the input address in the chain structure, the The data associated with the first key is stored as output data.

The data storage device in this embodiment can be used in combination with other systems, for example, with a decentralized system, or with a centralized system.

The above-mentioned data storage device may, for example, as shown in FIG. 2, include a first storage module 21 and a second storage module 22, wherein:

The first storage module 21 is configured to store part or all of the connection information of the chain in the chain structure as a first key;

The second storage module 22 is configured to store the data in the chain structure associated with the first key as input data or output data, and the input data and output data stored in the same data storage device are associated according to the same connection information .

For example, when the first key is used as part or all of the output information in the chain structure, the second storage module 22 stores the data associated with the first key as input data, and when the first key As part or all of the input information in the chain structure, the second storage module 22 stores the data associated with the first key as output data.

With this storage method, the entire chain structure can be segmented by multiple data storage devices, which is convenient for retrieval and verification.

An exemplary embodiment herein also provides a chain structure verification method, which is verified by a data storage device. As shown in FIG. 3, the method includes steps 31-33.

Step 31, using part or all of the connection information of the chain in the chain structure as the first key;

Step 32: Use the data in the chain structure associated with the first key as a value, and verify whether the data associated with the first key has errors;

Step 33: After verifying that the data associated with the first key has no errors, store the data as input data or output data.

As described in the foregoing embodiment, the chain structure can be any chain with the characteristics of a chain structure. The data storage device may be a user-end node or a consensus group, or other devices that need to be connected for storage. The data to be stored can be transaction data or control data. The connection information as the first key can be part or all of the chain structure connection information. In this embodiment, the chain structure verification is performed by the device for data storage (for example, the user end node). The data storage device stores the connection information in the chain structure as the first key. Therefore, when the data storage device receives data matching the first key corresponding to the device, it verifies the data. After there is no error, connect to storage again.

Taking data as ledger data as an example, after the data storage device verifies that the ledger data has no errors, and when it determines that the output information of the ledger data matches the first key, it stores the ledger data as input data and determines that the When the input information of the ledger data matches the first key, the ledger data is stored as output data, and the input data and output data stored on the same device are associated according to the same connection information. There can be one or more input data stored on the same device, and there can be zero (ie no output data), or one or more stored output data.

In this embodiment, the verification is performed when the storage is connected, and the verification of the entire chain structure can be converted into partial verification, which is performed separately by multiple data storage devices, which is equivalent to verifying the correctness of all data. This equivalent verification is adopted. In this way, the verification work is distributed to multiple devices to reduce the workload pressure of data verification.

In an exemplary embodiment, storing the data as input data or output data may be in the following manner: when the first key is used as part or all of the output information in the chain structure, the first key is used as part or all of the output information in the chain structure. The data associated with one key is stored as input data; when the first key is used as part or all of the input information in the chain structure, the data associated with the first key is stored as output data; stored on this device The input data and the output data are related according to the same connection information.

In an exemplary embodiment, the foregoing verification of whether the data associated with the first key has errors includes one or more of the following verifications:

Verification 11, verifying whether the data is data on the chain structure;

Verification 12. When the first key is used as the input information in the chain structure, verify whether there is output information that has the same connection information as the input information;

Verification 13, when the first key is used as the input information in the chain structure, verify whether the output information that has the same connection information as the input information has been used;

Verification 14, when the first key is used as the input information in the chain structure, and the data associated with the first key includes the transaction amount, verify whether the transaction amount is correct.

Verification 15. When the first key is used as the input information in the chain structure, and the data associated with the first key includes signature information, verify whether the signature information is correct. The signature information is the unlocking signature of the user terminal that generates the transaction data. The verification of whether the signature information is correct is to verify whether the signature information is valid.

The above verification sequence number is only for convenience of explanation, and does not represent the verification sequence. For the above verification 11, if the data is data on a chain structure, the verification is error-free; for verification 12, if there is output information that has the same connection information as the input information, then the verification is error-free; for verification 13, If the output information that has the same connection information as the input information has not been used, the verification is error-free; for verification 14, the transaction amount is correct, then the verification is error-free; for verification 15, the verification that the signature information is valid, then the verification is no error.

An exemplary verification process: the data storage device synchronizes the block header data in the chain structure, and the device searches whether the device stores the input data associated with the first key (you can also download the data from the first key). Search in the chain structure), if not, it is judged as a connection error, if there is, it is judged whether the associated connection of the input data is quoted, if it has been quoted, it is judged as a connection error; judge the account data Whether the transaction amount is correct, if it is correct, store the ledger data as output data, and mark the associated connection of the input data as being referenced, that is, the associated output information will be marked as used. If it is not correct, judge It is a data error. If it is correct, if the data contains signature information, verify whether the signature information is correct, and if it is incorrect, it is judged as a data error. The signature information is, for example, the unlocking signature of the user terminal that generates the transaction data. When the verification is successful, the output information associated with the input information will be marked as used.

In an exemplary embodiment, the following methods may be used to verify whether the data is data on the chain structure:

Synchronize the block header data of the chain structure, and verify whether the data is data on the chain structure according to the Merkel tree root hash value in the block header data and the authentication path of the data.

In an exemplary embodiment, the method further includes: according to the request of the data verification device, returning to the data verification device the data associated with the connection information of the chain stored by the device, including but not limited to the following data One or more of: input data, output data, Merkel tree certification path, additional verification data.

Among them, there may be one or more input data. There may be no output data (ie zero) or one or more. No output data means that the connection of the input data is not used or spent. Under normal circumstances, output data is only when there is input data, but it does not rule out the case of errors, only output data, no input data. The Merkel tree certification path exists corresponding to the input data or the output data. Additional verification data may or may not be available. The additional verification data is used to verify whether the transaction amount is correct. For example, in UTXO, all input amounts and all output amounts need to be accumulated, so other transaction data may be required to complete the verification of the transaction amount. The additional verification data also has a corresponding Merkel tree verification path.

In order to strengthen data security, a verification mechanism for other devices is set up, that is, a non-data storage device is used as a data verification device to verify whether the data in the chain structure has errors, and the node selected as the data verification device obtains it from the storage device Relevant data to complete verification.

The above-mentioned data storage device with verification function may, for example, as shown in FIG. 4, includes a third storage module 41, a first verification module 42, and a fourth storage module 43, wherein:

The third storage module 41 is configured to store part or all of the connection information of the chain in the chain structure as the first key;

The first verification module 42 is configured to verify whether the data in the chain structure associated with the first key has errors;

The fourth storage module 43 is configured to store the data in the chain structure associated with the first key as input data or output data after the verification module 42 verifies that there is no error.

For example, the storage mode of the third storage module 41 may be the same as that of the first storage module 21 in FIG. 2, and the storage mode of the fourth storage module 43 may be the same as that of the second storage module 22 in FIG. The data storage device with the verification function can add a first verification module 42 on the basis of the data storage device shown in FIG. 2 described above. When the first key is used as part or all of the output information in the chain structure, the fourth storage module 43 stores the data associated with the first key as input data, and when the first key is used as the input data, When part or all of the input information in the chain structure, the fourth storage module 43 stores the data associated with the first key as output data.

The first verification module 42 can perform any one or more of the above-mentioned verifications 11-15, which will not be repeated here.

In an exemplary embodiment, the data storage device may further include a sending module, which is configured to return to the data verification device according to a request of another data verification device, the information associated with the connection information of the chain stored by the data verification device. Data includes one or more of the following data: input data, output data, Merkel tree certification path, additional verification data.

With this storage and verification method, the entire chain structure can be segmented and verified by multiple data storage devices.

An exemplary embodiment herein also provides a chain structure verification method, which is implemented by a data verification device. As shown in FIG. 5, the method includes steps 51-52.

Step 51: Use part or all of the connection information of the chain in the chain structure as a second bond;

Step 52: Obtain the data associated with the second key (that is, the value corresponding to the key) stored on the data storage device from the data storage device, and verify whether the data in the chain structure is available according to the acquired data. error.

In order to strengthen data security, other device verification mechanisms are set up, that is, the non-data storage device verifies whether the data in the chain structure has errors, and the node as the data verification device obtains relevant data from the data storage device to complete the verification. The second key may be, for example, an address or a hash value of the address. For the description of the chain structure, the connection information, the input information and the output information in the chain structure, please refer to the description in the foregoing embodiment, which will not be repeated here.

In an exemplary embodiment, the data associated with the second key obtained from the data storage device includes, but is not limited to, one or more of the following: stored by the data storage device: and the second key Associated data, Merkel tree certification path, additional verification data, wherein the second key is used as part or all of the output information in the chain structure, or the second key is used as the input in the chain structure Part or all of the information. When the second key is used as part or all of the output information in the chain structure, the data associated with the second key is the input data stored by the data storage device; the second key is used as the chain When inputting part or all of the information in the formula structure, the data associated with the second key is the output data stored by the data storage device.

The data verification device can synchronize the block header of the chain structure, and the block header contains the cumulative ledger data volume, and the data verification device uses the cumulative ledger data volume in the block header to generate a number address (using cumulative control data volume Generate the control data number address, use the accumulated transaction data volume to generate the transaction data number address), obtain part or all of the connection information of the chain according to the number address as the second key, and obtain the data stored on the data storage device from the data storage device The data associated with the second key. The control data number address is used as the key to obtain the control data corresponding to the control data number address, and it can also include the Merkel tree authentication path of the control data; the transaction data number address is used as the key to obtain the transaction corresponding to the transaction data number address. The data may also include the Merkel tree authentication path of the transaction data. For example, the preset address of the token issuance data of the control data (referred to as the token issuance address), the preset address of the token recovery data (referred to as the token recycling address) or the preset address of consensus reward data (referred to as the reward address) can be used as The key is used to obtain the data associated with the key stored thereon from the data storage device; the transaction address of the transaction data can be used as the key, and the key is used to obtain the data associated with the key stored on the data storage device.

In an exemplary embodiment, the foregoing verification of whether the data in the chain structure has errors based on the acquired data includes:

Synchronizing the block header data in the chain structure, combining the block header data and the data associated with the second key obtained from the data storage device, to verify whether the data in the chain structure has errors. For example, including one or more of the following verifications:

Verification 21, verifying whether the value associated with the second key obtained from the data storage device is data on the chain structure;

Verification 22, when the second key is used as the input information of the acquired data, verify whether there is output information that has the same connection information as the input information;

Verification 23, when the second key is used as the input information of the acquired data, verify whether the output information having the same connection information as the input information has been used;

Verification 24, when the second key is used as the input information of the acquired data, and when the acquired data includes the transaction amount, verify whether the transaction amount is correct;

Verification 25, when the second key is used as the input information of the acquired data, and when the acquired data includes signature information, verify whether the signature information is correct.

The above verification sequence number is only for convenience of explanation, and does not represent the verification sequence. For the above verification 21, if the value is data on a chain structure, the verification is error-free; for the verification 22, if there is output information that has the same connection information as the input information, the verification is error-free; for verification 23. If the output information with the same connection information as the input information has not been used, the verification is error-free; for verification 24, if the transaction amount is correct, then the verification is error-free; for verification 25, verify that the signature information is valid, then verify Is error-free.

An exemplary verification process: use the Merkel tree authentication path to verify the input data stored on the data storage device, or as long as one of the input data and output data is not data on the chain, it is judged as a data error; judge if If there is only output data, it is judged as a connection error; if it is judged that the associated connection of the input data has been quoted, it is judged as a connection error; if it is judged that the transaction amount of the output data is incorrect, it is judged as a data error; If the signature information in the data (for example, the unlocking signature of the user terminal that generates the data) is incorrect, it is judged as a data error.

Through non-storage device verification, the security of the system can be improved, and the risk caused by only fixed storage device verification can be avoided.

The above-mentioned data verification device may, for example, as shown in FIG. 6, include a key value search module 41 and a second verification module 62, where

The key value search module 61 is configured to search for part or all of the connection information of the chain in the chain structure as the second key;

The second verification module 62 is configured to obtain the data associated with the second key (that is, the value corresponding to the key) stored by the data storage device from the data storage device, and verify the data in the chain structure according to the obtained data Are there any errors in the data?

The second verification module 62 can perform any one or more of the foregoing verifications 21-25, which will not be repeated here.

By adopting this verification mechanism, the security of the system is improved by adding a data verification device.

An exemplary embodiment of this document also provides a method for implementing a chain structure. The chain structure system includes a first chain system, a second chain system, and a data storage device. As shown in FIG. 7, the method includes step 71 -73.

Step 71: After the first chain system signs the ledger data, it writes the signed ledger data into the block data of the first chain;

Step 72: After verifying the block data of the first chain, the second chain system writes one or more continuous block data of the first chain into the block data of the second chain;

Step 73: The data storage device uses part or all of the link information of the second chain as the first key, and the data associated with the first key as the value, and after verifying that the data associated with the first key has no errors , Storing the data as input data or output data, and the input data and output data stored in the same data storage device are associated according to the same connection information.

The ledger data includes transaction data and/or control data.

The first chain is a private chain or a consortium chain, and is a chain controlled by a management end. The second chain is similar to a public chain, except that not arbitrary data can be chained. When the first chain generates new block data, it will be synchronized to the chain generating node of the second chain. After the block data is verified, the chain generating node of the second chain will generate new block data according to the consensus algorithm of the second chain. . The second chain sequentially records the block data submitted by the first chain. Each block data on the second chain contains the number of block data of the first chain. That is, each block on the second chain can Contains 1 to n block data of the first chain, and the number is determined by the consensus algorithm of the second chain. Therefore, each block data on the external second chain system is composed of one or more block data of the first chain system. Therefore, the logical state of the first chain system and the second chain system are the same. . This embodiment uses the method of first generating the chain and then verifying, that is, the method of first generating the second chain, and then verifying by the third-tier data storage device. The actual ledger data is chained by the first layer, the first chain system, and the second layer, the second chain system, can verify the Merkel tree and the signature of the management end, and does not modify the ledger data, but is stored by the third layer data The device verifies whether there are errors in the ledger data. Realize transaction centralization and decentralization of ledger data. The data storage device on the third layer stores and verifies data in a connected storage manner. Each data storage device only needs to store and verify a small amount of data to achieve equivalent verification of the entire chain, reducing the burden on each device. In addition, the chain generation node of the second layer can only verify the signature of the management end of the first chain system and the Merkel tree, which reduces the calculation amount of the second chain system.

In an exemplary embodiment, the method further includes: the first chain system uses part or all of the connection information of the chain in the first chain as a third key, and data associated with the third key is used as a value, The value associated with the third key is assigned to a consensus group that has the same third key as the value; for example, the first chain system may perform the above assignment before signing the transaction data. The consensus group verifies the data associated with the third key, where:

The data associated with the third key includes transaction data, and the verification includes one or more of the following:

When the third key is used as the input information of the transaction data, verify whether there is output information that has the same connection information as the input information;

When the third key is used as the input information of the transaction data, verify whether the output information that has the same connection information as the input information has been used;

When the third key is used as the input information of the transaction data, verify whether the transaction amount of the transaction data is correct;

When the third key is used as the input information of the transaction data, it is verified whether the signature information of the transaction data (the unlocking signature of the user terminal) is correct.

The order of the above verification is not limited.

An exemplary verification process: the consensus group searches for input data connected to the transaction data, that is, when the third key is used as the input information of the transaction data, it searches whether there is an output with the same connection information as the input information If the information is not found, it is judged as a connection error. If it is found, it is judged whether the associated connection of the input data is referenced, that is, when the third key is used as the input information of the transaction data, the verification is the same as the input information Whether the output information of the connection information has been used, if it has been quoted or used, it is judged as a connection error, if it has not been quoted, it is judged whether the transaction amount of the transaction data is correct, if not, it is judged as data Error, if it is correct, determine whether the signature information contained in the data (such as the unlocking signature of the user terminal that generates the transaction data) is correct, if it is incorrect, it is determined as the data error, if it is correct, the transaction data is stored as output data (ie The consensus group may also use the above-mentioned connection storage method to store data), and mark the associated connection of the input data as being referenced, that is, the associated output information will be marked as used.

In an exemplary embodiment, after the consensus group verifies the data associated with the third key, when performing connection storage, according to the meaning of the data in the first chain, the third key The associated data is stored as input data or output data, where, when the third key is part or all of the output information in the first chain, the data associated with the third key is stored as input data, when When the third key is used as part or all of the input information in the first chain, the data associated with the third key is stored as output data; the input data and output data stored on the same consensus group are based on the same connection Information related.

For example, if the consensus group determines that the output information of the transaction data or control data matches the third key, the transaction data or control data is stored as input data; if the transaction data or control data is determined to be The input information matches the third key, and the transaction data or control data is stored as output data.

The first chain system includes multiple consensus groups. The nodes in the same consensus group have the same keys. If the received transaction data is verified, the transaction data and the key are connected and stored. When the control data is verified, the key value and the control data are connected and stored. If the data is output information in the chain structure, the data is stored as input data; if the data is input information in the chain structure, the data is stored as output data. The input data and output data stored on the same consensus group have the same key to form a data connection storage.

In an exemplary embodiment, the storage of data by the data storage device is the same as the processing in the foregoing embodiment: when the first key is part or all of the output information in the second chain, the The data associated with the first key is stored as input data; when the first key is part or all of the input information in the second chain, the data associated with the first key is stored as output data; this data storage The input data and output data stored on the device are related according to the same connection information.

In an exemplary embodiment, the verification by the data storage device whether the data associated with the first key has an error includes one or more of the following verifications:

Verification 31, verifying the integrity of the second chain;

Verification 32, verifying whether the data is data on the second chain;

Verification 33, when the first key is used as the input information of the ledger data in the second chain, it is verified whether there is output information that has the same connection information as the input information;

Verification 34, when the first key is used as the input information of the ledger data in the second chain, verify whether the output information that has the same connection information as the input information has been used;

Verification 35: When the first key is used as the input information of the ledger data in the second chain, and the data associated with the first key includes the transaction amount, verify whether the transaction amount is correct.

Verification 36: When the first key is used as the input information of the ledger data in the second chain, and the data associated with the first key includes signature information, verify whether the signature information is correct.

The verification 32-36 in this embodiment is similar to the verification 11-15 in the foregoing embodiment, except that the verification object in this embodiment is the second chain.

In an exemplary embodiment, the method further includes: the first chain system sequentially numbers the ledger data, and the block header of the block data corresponding to the ledger data contains the cumulative amount of the ledger data. The second chain system includes the accumulated book data amount in the block data in the block header of the block data of the second chain.

For example, when writing the ledger data into the block data of the first chain, the transaction data is numbered in the first order, the control data is numbered in the second order, and the last transaction is written in the block header of the block data The serial number of the data and/or the serial number of the last control data makes the block header data include the cumulative transaction data volume and the cumulative control data volume. For example, after each consensus group receives the cumulative transaction data volume sent by the previous consensus group, on the basis of the cumulative transaction data volume, it ranks the transaction data of this consensus group to be chained, and recalculates the new cumulative transaction data volume And send it to the next consensus group; after the consensus group numbers the transaction data to be chained, the consensus group requests to sign the numbered transaction data, and writes the signed transaction data into the first chain, The block header of the block in which the transaction data is located contains the accumulated transaction data amount accumulating the transaction data. The cumulative account data volume of the first chain includes the first cumulative transaction data volume and/or the first cumulative control data volume, and the cumulative account data volume in the second chain includes the second cumulative transaction data volume and/or the second cumulative control data volume . The second chain is asynchronous and homomorphic with the first chain. Since the block header of the first chain contains the accumulated transaction data amount and the accumulated control data amount, the block header of the second chain also contains the corresponding accumulated transaction data amount. And the amount of accumulated control data. By carrying the accumulated book data amount in the block header data, the data storage device can verify the integrity of the second chain according to the accumulated book data amount.

The data storage device can verify the integrity of the chain structure in the following manner: the data storage device synchronizes the block header of the second chain, and according to the cumulative ledger data volume (accumulated transaction data volume) in the block header And cumulative control data volume) to verify the integrity of the second chain. When verifying the integrity, the numbered address is used as the key to verify. For example, the device calculates all the transaction data number addresses of the current block according to the cumulative transaction data volume in the current block header data and the cumulative transaction data volume in the previous block header data, and according to the cumulative control data volume in the current block header data and the cumulative transaction data volume in the previous block header data. The cumulative transaction data volume in the previous block header data is calculated to obtain all the control data number addresses of the current block, and it is judged that if each transaction data number address matches the network identifier of the node's distributed hash table, then search for the transaction The transaction data corresponding to the data number address is judged if each control data number address matches the network identifier of the distributed hash table of the node, then the control data corresponding to the control data number address is searched, and if found, the integrity verification is performed Pass, if not found, integrity verification fails.

Integrity verification is verification performed by the data storage device storing the numbered address, and can be verified during storage. Because the characteristic of the distributed hash table is to store data on the node corresponding to the key to provide key retrieval, it itself needs to store the key and value. Here, because the numbered address is a sequence number and is known, the key is known, and it is also known on which nodes the key should be stored. Therefore, the node only needs to synchronize the block header data to know which keys of the numbered address should be stored by itself. If the node judges that it needs to store the data of the key, but does not store the data, it will be in the third layer (user side) or second layer. The layer (like public chain) retrieves the data, and then performs integrity verification, so that the integrity of the data can be verified through the node's own verification. Because through the cumulative number of block headers, the node can know which numbered addresses are available.

In addition to integrity verification, random verification can also be performed. Random verification can be any node, not just a node that stores numbered addresses, some numbered addresses can be randomly selected for verification, and no storage is required. During random verification, the transaction data corresponding to the number address is obtained according to the random number address, and the input address of the transaction data is used as the key for verification. In essence, it is similar to integrity verification.

In an exemplary embodiment, the data storage device verifies the second chain block header data according to the first chain block header data, including verifying whether the accumulated ledger data amount is correct. The data storage device can verify whether the cumulative transaction number and cumulative control number of the first chain block head are equal to the cumulative transaction number and cumulative control number of the second chain block head. If they are equal, the number is correct and the first chain block head is the second The chain block header generates the last block header data in the time segment.

In an exemplary embodiment, the data storage device verifies whether the data is on-chain data by carrying the Merkel tree root hash value in the second chain block header data. The second chain system writes one or more continuous block data of the first chain into the block data of the second chain, including: the second chain system writes one or more of the first chain Two consecutive blocks of data are recombined to generate the Merkel tree root hash value according to the transaction data sequence number sequence and the control data sequence number sequence, and the Merkel tree root hash value is included in the block header of the generated second chain value.

The verification by the data storage device whether the data is data on the second chain includes: the data storage device synchronizes the block header of the second chain, according to the Merkel tree root in the block header. The desired value and the authentication path corresponding to the data verify whether the data is data on the second chain.

In an exemplary embodiment, in addition to the data storage device that can implement data verification, in order to improve security, a data verification device is added to perform data verification, that is, the data verification device in the foregoing embodiment. The chain structure system further includes: a data verification device, and the method further includes: the data verification device uses part or all of the connection information of the chain in the chain structure as a second key to obtain from the data storage device The data associated with the second key stored on the data storage device verifies whether the data in the second chain has errors according to the acquired data. For example, the data verification device can synchronize the block header of the second chain, and use the cumulative ledger data volume in the block header to generate the number address (use the cumulative control data volume to generate the control data number address, and the cumulative transaction data volume to generate Transaction data number address), according to the number address to obtain part or all of the connection information of the chain as the second key, and obtain the data associated with the second key stored on the data storage device from the data storage device. The control data number address is used as the key to obtain the control data corresponding to the control data number address, and it can also include the Merkel tree authentication path of the control data; the transaction data number address is used as the key to obtain the transaction corresponding to the transaction data number address. The data may also include the Merkel tree authentication path of the transaction data. For example, the preset address of the token issuance data of the control data (referred to as the token issuance address), the preset address of the token recovery data (referred to as the token recycling address) or the preset address of consensus reward data (referred to as the reward address) can be used as The key is used to obtain the data associated with the key stored thereon from the data storage device; the transaction address of the transaction data can be used as the key, and the key is used to obtain the data associated with the key stored on the data storage device.

For example, the data verification device obtains data associated with the second key stored on the data storage device from the data storage device, including one or more of the following data: data associated with the second key , Merkel tree certification path, additional verification data, wherein the second key is used as part or all of the output information in the chain structure, or the second key is used as part of the input information in the chain structure Or all; the data verification device synchronizes the block header in the second chain, and combines the block header and the data associated with the second key obtained from the data storage device to perform one of the following verifications Or more:

Verifying whether the data associated with the second key obtained from the data storage device is data on the second chain;

When the second key is used as the input information of the acquired data, verify whether there is output information that has the same connection information as the input information;

When the second key is used as the input information of the acquired data, verify whether the output information having the same connection information as the input information has been used;

When the second key is used as the input information of the acquired data, and when the acquired data includes a transaction amount, verify whether the transaction amount is correct;

When the second key is used as the input information of the acquired data, and when the acquired data includes signature information, verify whether the signature information is correct.

For the description of the verification part here, refer to the description in the foregoing embodiment, which will not be repeated here.

In an exemplary embodiment, the first chain is a private chain or a consortium chain, and the method further includes: the first chain system issues one or more of the following keys to the user: management address master key, transaction address Master key, secret transaction master key, and symmetric encryption master key, where:

The management address master key is used to generate the next management address of the user with the current first generation parameter, and all the management addresses of the user form a logical chain;

The transaction address master key is used to generate the next receiving transaction address of the user with the current second generation parameter, and all receiving transaction addresses of the user form a logical chain;

The secret transaction master key is used to generate the working key of the current encryption and decryption ciphertext transaction amount with the current third generation parameter;

The symmetric encryption master key is used to generate the symmetric encryption work key of the user's next encryption and decryption management data with the current fourth generation parameter. The symmetric encryption master key can also be used to generate symmetric encryption work for other data. Key.

For example, the first chain system uses the management address master key issued for the user and the generation parameters in the user's previous management data to generate the user's current management address, and in the current management data Write the generation parameters used to generate the next management address of the user. The first chain system may use the symmetric encryption master key issued for the user and the generation parameters in the user's previous management data to generate a symmetric encryption work key to encrypt the user's current management data. The user can use the same key generation method to generate a symmetric encryption working key to decrypt the user's current management data.

In an exemplary embodiment, the method further includes: the first chain system includes the value of the current consensus public key set mapping in the block header of the first chain; the data storage device according to the first chain block header The mapping value of the consensus public key set adopts Merkel tree proof or accumulator proof to verify whether the consensus public key in the second chain block header is valid. In addition to the data storage device that can perform the above verification, the data verification device can also use Merkel tree certification or accumulator certification according to the mapping value of the consensus public key set in the first chain block header to verify that the second chain block header Is the consensus public key valid?

An exemplary embodiment herein also provides a chain structure system, as shown in FIG. 8, including: a first chain system 81, a second chain system 82, and a data storage device 83, wherein:

The first chain system 81 is configured to, after signing the ledger data, write the signed ledger data into the block data of the first chain;

The second chain system 82 is configured to write one or more continuous block data of the first chain into the block data of the second chain after verifying the block data of the first chain;

The data storage device 83 is configured to use part or all of the link information of the second chain as the first key, and the data associated with the first key as the value to verify whether the data associated with the first key has Error: After verifying that the data associated with the first key has no error, the data is stored as input data or output data, and the input data and output data stored in the same data storage device are associated according to the same connection information.

In an exemplary embodiment, the first chain system further includes a consensus group;

The first chain system is further configured to use part or all of the connection information of the chain in the first chain as a third key, data associated with the third key as a value, and assign the value associated with the third key to A consensus group with the same third key as the value, and the data associated with the third key includes transaction data;

The consensus group is set to verify the data associated with the third key, including one or more of the following verifications:

When the third key is used as the input information of the transaction data, it is verified whether the signature information of the transaction data is correct.

In an exemplary embodiment, the consensus group is further configured to store the data associated with the third key as input data or output data after verifying the data associated with the third key. When the third key is used as part or all of the output information in the first chain, the data associated with the third key is stored as input data, and when the third key is used as the input information in the first chain In the case of part or all, the data associated with the third key is stored as output data; the input data and output data stored on the same consensus group are associated according to the same connection information.

In an exemplary embodiment, the first chain system is further configured to sequentially number the ledger data, and the block header of the block data corresponding to the ledger data contains the cumulative amount of ledger data; the second chain system It is also set to include the cumulative ledger data amount in the block data in the block header of the block data of the second chain.

In an exemplary embodiment, the data storage device 83 may be, for example, a data storage device as shown in FIG. 2. The data storage device stores the data as input data or output data, including: the first When a key is used as part or all of the output information in the second chain, the data associated with the first key is stored as input data; the first key is used as part or all of the input information in the second chain At this time, the data associated with the first key is stored as output data; the input data and output data stored on the data storage device are associated according to the same connection information.

In an exemplary embodiment, the data storage device verifies whether the data associated with the first key has errors, including one or more of the following verifications:

Verify the integrity of the second chain;

Verifying whether the data is data on the second chain;

When the first key is used as the input information of the ledger data in the second chain, verify whether there is output information that has the same connection information as the input information;

When the first key is used as the input information of the ledger data in the second chain, verify whether the output information that has the same connection information as the input information has been used;

When the first key is used as the input information of the ledger data in the second chain, and the data associated with the first key includes the transaction amount, verifying whether the transaction amount is correct;

When the first key is used as the input information of the ledger data in the second chain, and the data associated with the first key includes signature information, it is verified whether the signature information is correct.

In an exemplary embodiment, the data storage device verifies the integrity of the chain structure in the following manner: the data storage device synchronizes the block header of the second chain, and uses the cumulative ledger in the block header A numbered address is generated from the amount of data, and the integrity of the second chain is verified according to the numbered address.

In an exemplary embodiment, the data storage device is further configured to verify whether the amount of accumulated ledger data in the second chain block header data is correct according to the first chain block header data.

In an exemplary embodiment, the first chain is a private chain or a consortium chain, and the first chain system is further configured to issue one or more of the following keys to the user: management address master key, transaction address master key Key, secret transaction master key, and symmetric encryption master key.

In an exemplary embodiment, the system may further include a data verification device, and the data verification device may be, for example, a data verification device as shown in FIG. 6. The data verification device is configured to use part or all of the connection information of the chain in the chain structure as a second key, and obtain data stored on the data storage device and associated with the second key from the data storage device , Verifying whether there is an error in the data in the second chain according to the acquired data.

In an exemplary embodiment, the first chain system is further configured to include the value of the current consensus public key set mapping in the block header of the first chain, so that the data storage device or the data verification device is based on the first chain The mapping value of the consensus public key set in the block header adopts Merkel tree proof or accumulator proof to verify whether the consensus public key in the second chain block header is valid.

In an exemplary embodiment, the first chain system is further configured to use the management address master key issued for the user and the generation parameters in the user's previous management data to generate the user's current management address, and Write the generation parameter used to generate the next management address of the user in the current management data.

For the functions and effects of the first chain system, the second chain system, the data storage device, and the data verification device in the chain structure system, please refer to the description in the method, which will not be repeated here.

The following describes the keys (key, or key value, key value) mentioned in this article:

The first key value is the key value used by the data storage device for connection storage, the second key value is the key value used by the data verification device when retrieving data from the data storage device, and the third key value is the first link The consensus group query in the system, and the key value used when the consensus group is connected and stored. The first key value, the second key value, and the third key value may be different according to the corresponding chain structure, but all use part or all of the connection information in the chain structure. For example, it can be one or more of the following types: transaction address of transaction data, preset address of token issuance data of control data (referred to as token issuance address), preset address of token recovery data (referred to as token recycling address) ) And the preset address of the consensus reward data (referred to as the reward address). The data associated with the key value is the corresponding transaction data or control data, and may also include the Merkel tree authentication path (referred to as the authentication path) corresponding to the data. The key value can be stored in the management terminal or the client. Taking the chain structure system in the above embodiment as an example, the chain structure system includes a first chain system, a second chain system, and multiple client (or client) nodes. The client node may include a data storage device. The user-end node of may also include a user-end node as a data verification device. For the user-side node, in addition to transaction data or control data, the data associated with the key value also includes the corresponding Merkel tree authentication path, which is the Merkel tree authentication of the transaction data or control data in the second chain path.

The present disclosure also provides a type of key value (fourth key value), which can be used for the data storage device to verify the integrity of the ledger data, and can also be used for the data verification device to query the key value. The fourth key value includes one or more of the following information: the number address of the transaction data (generated according to the transaction data number) and the number address of the control data (generated according to the control data number). Can be stored on the client. The data associated with the fourth key value is corresponding transaction data or control data, and may also include a corresponding Merkel tree authentication path. In the above example of the chain structure system, the authentication path associated with the fourth key value is the Merkel tree authentication path of the transaction data or control data in the second chain.

In addition, the present disclosure also provides a type of key value (the fifth key value), which can be used to query or retrieve the account data chain. The user’s account data chain includes the first account data chain composed of the user’s management data and the The second account data link formed by the user's received transaction data. The management address used to store the management data has an implicit chain structure, thereby forming the first account data link. The transaction address used to store and receive transaction data also has an implicit chain structure, thereby forming a second account data chain. The fifth key value includes a management address for querying management data or a transaction address for querying transaction data.

The address used as the key in this article can be an address or a hash value of the address.

The following describes the Merkel tree and blockchain structure. Merkel tree is a hash binary tree, a data structure used to quickly summarize and verify the integrity of large-scale data. The leaf nodes of the Merkel tree store the hash value of the unit data of the data set, and the hash value of the parent node is obtained through the hash operation between the nodes, and the hash value of the parent node is calculated through layer by layer to form the root node's hash value. Hope value. The leaf node can verify whether the leaf node belongs to the element in the data set according to the root hash value and the corresponding authentication path.

It can be seen that if the number of leaf nodes (that is, the number of data set elements) of the Merkel tree is known, and the sequence number (that is, position) of the leaf node is also known, then the height of the authentication path corresponding to the leaf node and The direction is fixed and known, where the direction refers to the left and right direction of the path. Therefore, it means that the element is orderly and cannot be replaced by different authentication paths, heights and directions, and data security can also be strengthened.

The number of leaf nodes of the Merkel tree is at most 2^n of the tree depth. Even if it contains a large amount of data, a certain leaf node can be quickly verified through a fixed path. For example, if the tree depth is 30, it can contain up to 1073741824 leaf nodes. If a data block is generated in an average of 10 minutes, it can contain 1,789,569 transactions per second. But to verify the data of a leaf node, only 30 hash values are needed to complete the verification. If each hash value is 32 bytes, 960 bytes are required. If each client needs to save 10 pieces of data per block, and each client needs to save approximately 525,600 pieces of data a year, and each block is calculated based on the tree depth of 30, the size of the authentication path that needs to be saved is 481MB. If the size of each piece of data is 1KB, the total data size that needs to be saved is 994MB. But in fact, there is no need to save so much data, and the client can clear the previous data after a certain number of years, so that the amount of data that needs to be saved has been kept in a controllable range, even if it is acceptable for mobile devices.

The blockchain is composed of block header data and block body data generated in time segments of consecutive shards. The latter block header contains the hash value of the previous block header, thus forming a chain structure of reverse connection. And the block header also contains the root hash value of the Merkel tree corresponding to the block body data, so that the block body data can be uniquely mapped. The block body data contains the actual ledger data. And because the block header uniquely maps the block body data, that is, the consistency of the block header can map the consistency of the block body data. So only need to synchronize the block header data, you can verify whether the ledger data is in the block of the chain and how many confirmations have passed according to the ledger data and the corresponding authentication path, that is, SPV simple payment verification.

The following describes the underlying data structure. Ledger data is divided into two parts: transaction data set and control data set. Transaction data set includes actual transaction data; control data set includes but is not limited to one or more types of the following data: user management data, token issuance data , Token recovery data, reward data and announcement data issued by the system. The transaction data is mainly generated by the client, including the unlocking signature of the client, and verified by the management terminal. When it is uploaded, the management terminal assigns a unique serial number that is arranged in sequence (for example, ascending). The serial number is passed through the management terminal together with the transaction data. Endorsement and signature. The control data is generated by the management end of the chain structure system (for example, the first chain system), and is assigned a unique serial number arranged in sequence (for example, ascending) when generated, and is signed by the management end. The transaction data set and the control data set respectively generate the root hash value of the Merkel tree and record it in the block header. The block header will also contain the last transaction data number and the last control data number in the corresponding block body data, and the number is sequentially increasing, which is equivalent to the block header containing all the current cumulative transaction data volume and cumulative control The amount of data.

The third layer of users (including data storage devices) uses a structured peer-to-peer network, such as the Kademlia network protocol. Each client (node) only needs to synchronize the block header data, and the ledger data in the block body will be distributed and stored by the nodes on the entire network according to the distributed hash table (DHT), and each node stores part of the ledger data And the corresponding certification path. Since each transaction data and control data has an increasing unique serial number, and the block header will contain the last serial number, which is equivalent to including the current cumulative transaction data volume and cumulative control data volume, each transaction data can be quickly found And the block where the control data is located, combined with the authentication path, the Merkel tree can be used to verify the data. And because the number of leaf nodes of the Merkel tree of the block and the serial number (ie position) corresponding to the data are known, the height and direction of the authentication path are fixed and known, and different authentications cannot be used. The path, height and direction are replaced, which strengthens the security of the data.

The user searches for his own account data through the account data link. Third-party users and supervisors can also obtain the user's account data through the account data link after the authorized user's master key. The account data chain refers to obtaining an intermediate value K through the user master key and the current generation parameters, and then obtaining the address of the next data from K through other operations, thereby forming a logical chain structure of forward connection. The account data chain enables users to search based on the user's master key in privacy. A user has two account data chains. One of the account data chains, the first account data chain, is composed of the user's management data, and the user retrieves it through the management address master key. The first chain system uses the management address master key issued for the user and the generation parameters in the user's previous management data to generate the current management address of the user, and the current management address is included in the current management data, And write the generation parameters for generating the next management address of the user in the current management data, so that all the management addresses of the user form a logical chain. The management address of the user management data in the control data can be used as the query key value of the first account data link, and the data associated with the key value is the user management data corresponding to the management address.

The initial management address generation parameter may be a preset value, such as a user ID. The management address is one-time and unique, so that the purpose of protecting the privacy of the user's identity can be achieved. The first chain system uses the symmetric encryption master key issued for the user and the generation parameters in the user's previous management data to generate a symmetric encryption work key to encrypt the user's current management data. The user can use the same key generation method to generate a symmetric encryption work key to decrypt the user's current management data.

The other account data chain, the second account data chain, consists of the user's received transaction data, and the user retrieves it through the transaction address master key. After the received transaction data is uploaded to the chain, all the received transaction data of the same transaction receiving end will form a logical chain structure. This logical chain is implicit in the generated ledger data.

The transaction data is submitted by the user terminal to the management terminal of the first chain system, and the management terminal verifies the transaction data. The transaction data includes the transaction address of the transaction receiving end and the address generation parameters generated during this transaction. The transaction address is generated using the address generation parameters generated by the transaction receiving end when the transaction was last received, and the address generated during this transaction The generation parameter is used to generate the transaction address of the transaction receiving end to receive the transaction next time. The verification of transaction data by the management terminal mainly includes verification of validity, such as verifying the validity of the user status, the validity of the unlocking script, the validity of the transaction amount, and whether the transaction address is a valid address, etc. After the transaction data is verified, the management terminal will endorse and sign the transaction data, and the transaction data after the endorsement and signature will be written into the block data of the first chain. After the transaction data is uploaded to the chain, all received transaction data of the same transaction receiving end will form a logical chain structure. This logical chain is implicit in the generated ledger data.

When the user registers, the management terminal generates the initial address generation parameter (or called the nonce value) for it, and generates the initial receiving transaction address. When the user acts as the transaction receiving terminal to make a transaction, all the received transaction data of the user will form a logic The chain is the second account data chain. When the same user is issued a new key for generating the transaction address by the management terminal, the management terminal will regenerate an initial address generation parameter for the user, and generate a new initial receiving transaction address from the regenerated initial address generation parameter , The regenerated initial address generation parameter is matched with the issued new key, or is related. After that, when the user acts as the transaction receiving end to make a transaction, all the transaction data received by the user will form a new second account data link. It can be seen that the receiving transaction data of the same transaction receiving end can have one or more logical chain structures. Each newly generated initial address generation parameter will be stored in the user's management data, and the user can search the second account data link by himself according to the initial address generation parameter in the management data.

If there are multiple concurrent transactions for the same transaction receiving end, that is, there are multiple transaction data containing the same transaction address, the transaction data containing the same transaction address are sibling nodes in the second account data chain.

Through the transaction address generated by the address generation parameters in the last received transaction and the address generation parameters used to generate the next transaction address contained in the transaction data, the transaction data received by the same user can form a logical chain of sibling nodes, thereby It can quickly retrieve all received transaction data on the client side, and because the sent transaction data refers to the received transaction data, all transaction data can be quickly obtained. The transaction address is one-time and unique to different users, so that the purpose of protecting the privacy of the user's identity can be achieved.

Since the transaction address can be used as the first key value, the transaction address connection information of the second account data chain is hidden in the key value stored in the connection. The user can retrieve the user’s second key value by using the transaction address as the second key value. Account data link. The transaction address as the second key value may be the user’s current receiving transaction address, which is composed of the user’s transaction address master key and the user’s last received transaction data generated parameters, and the user’s signature Public key generation.

There are two types of keys on the user side, one is the signature key on the user side, and the other is the user master key issued by the management side. The signature key can be locally generated and managed by the client, or it can be managed by a trusted third party. If real-name authentication is required, the public key of the signature key needs to be issued an identity certificate by a trusted CA or be authenticated by eID. The user master key issued by the management terminal includes the management address master key, the transaction address master key, the secret transaction master key, and the symmetric encryption master key. The management address master key is used to generate the address of the first account data chain composed of the user's management data; the transaction address master key is used to generate the address of the second account data chain composed of the user's received transaction data; confidential transactions The master key is used to generate the working key in confidential transactions, which can be used to protect the blinding factor, so that the user can decrypt the ciphertext transaction amount; the symmetric encryption master key is used to generate the symmetric encryption working key, which can be used to protect the management of users Data and other user data.

The user master key and the current generation parameter are calculated through the first one-way irreversible function to obtain an intermediate value K, where the management address master key and the first generation parameter generate the intermediate value K1, and the transaction address master key and the second generation parameter are generated The intermediate value K2, the secret transaction master key and the third generation parameter generate an intermediate value K3, and the symmetric encryption master key and the fourth generation parameter generate an intermediate value K4. The generation parameter in each transaction data can be different, and the initial generation parameter can be the user ID. The address of the user’s next management data can be obtained by K1 through the second one-way irreversible function operation; a new public key can be obtained by calculating K2 and the user’s signature public key, for example, a scalar multiplication operation on the elliptic curve can be used, and then The new public key is used to obtain the user's next transaction receiving address through the third one-way irreversible function operation, and the private key corresponding to the new public key can be calculated by K2 and the user’s signature private key, such as limited domain Multiplication operation; K3 obtains the symmetric encryption working key of the next management data through the fourth one-way irreversible function operation; K4 obtains the working key in the current confidential transaction through the fifth one-way irreversible function operation, which can be used to protect blinding factor. The user master key and the current generation parameters can also be calculated through multiple one-way irreversible functions to obtain multiple different intermediate values, and then the intermediate value is calculated one-to-one with multiple signature public keys to obtain multiple new public keys. The new public key generates the multi-signature address of the next receiving transaction.

The one-way irreversible functions mentioned above and in this article can all be hash functions or combinations of hash functions, which are explained below using hash functions.

Obtaining different addresses or keys through the user's master key and different generation parameters can also enhance the security of the data. For example, the above-mentioned hash functions all use hash functions that are resistant to quantum computing cracking. Even if quantum computing cracks the private key on the elliptic curve, since the public key of the private key is obtained by the user's signature public key and the intermediate value K, it is also necessary to crack the intermediate value K to make the key and the user signature public. In terms of key association, because any user's signature public key can find a K'value to get the public key, it is impossible to find which user's signature public key is calculated, and the signature private key is the same. Or quantum computing cracks the symmetric encryption work key, but because the symmetric encryption work key is also obtained through the intermediate value K operation, and the K value in each data is different, it is impossible to find the relationship between the data . Therefore, through the user's master key and different generation parameters, combined with the use of a hash function that can resist quantum computing cracking, the data or key can not be found after the data or key is cracked. Associated, it is possible not to leak user privacy. Therefore, in the future, the system will upgrade the cryptographic algorithm with security and anti-quantum computing, and will not leak the user's privacy due to the cracking of the previously disclosed data.

The transaction data in this system uses the UTXO model, so each transaction data contains the reference of the unspent output as input and the new unspent output. The way of quoting may be the unspent output address plus the referenced transaction identification (ID), where the transaction ID is the hash value of the quoted transaction data. But in this system, each transaction data has a unique transaction data number, so you can also use the transaction data number to replace the quoted transaction ID, and add the transaction data number according to the output address to uniquely confirm the quoted unspent Output. The following uses the transaction data number as an example. The new unspent output address is a new address generated based on the generation parameters of the corresponding user's last received transaction, the user's transaction address master key, and the user's signature public key. The transaction amount is protected by a confidential transaction realized by an additive homomorphic commitment or a Pedersen commitment, so that any user can verify that the sum of the transaction amount is equal to the sum of the output in ciphertext, and verify the transaction amount in combination with scope proof It is not less than zero and will not overflow, that is, to verify the validity of the transaction amount. The blinding factor in the confidential transaction is encrypted and protected by the working key generated by the current transaction data generation parameters and the user's secret transaction master key, so the user can decrypt his ciphertext transaction amount.

The structured peer-to-peer network on the user side uses a distributed hash table (DHT), and the corresponding value (value) is scattered and stored in the nodes of the network according to the index key (key), and the index key can be used to quickly retrieve the corresponding in the network The value. In this embodiment, the transaction address, management address, and the preset address for token issuance or recycling in the system are clearly distinguished by the address prefix, and then the transaction data number and control data number are also extended by similar address methods ( Such as padded 0) and clearly distinguished by prefix (hereinafter referred to as numbered address). For example, the address prefix of the control data number is represented by E, the control data with serial number 1 uses E001 as the control data number address; the prefix of the transaction data number address is represented by F, and the transaction data with serial number 1 uses F001 as the transaction data number address. The hash value of the above addresses can be used as the index key. For example, if a certain ledger data has one or more addresses, the hash value of each address will be used as the index key, and the corresponding ledger data and authentication path data will be used as the index key. value, stored in a structured peer-to-peer network. Any user can retrieve the corresponding ledger data and authentication path through the key (above address), combine with the block header data, find the block where the ledger data is located according to the number, and then use the Merkel tree to verify the data. For simple description, the following uses the address as the index key, which is equivalent to using the hash value of the address as the index key. And unlike the usual DHT key-value, this system allows multiple values with the same key value, and specifies the storage and retrieval methods for different values of the same key, which is the connected storage (or paired storage) described below the way.

The following introduces a way to convert the chain structure into node verification by connecting the storage structure.

Taking the chain formed by the block header as an example, it is known that the block header is connected to (including) the hash value of the previous block header. Suppose the value contained in the first block header H1 is 0000, and the hash value of H1 is set as hash(00H1); then the hash value contained in the second block header H2 is hash(00H1), and the hash value of H2 is set The value is hash(00H2); then the hash value contained in the third block header H3 is hash(00H2), and the hash value of H3 is set to hash(00H3). The hash value of the block header is used as the index key, and the hash value of the previous block header included is also used as the index key. Then the node that stores hash (00H1) will store H1 and H2; the node that stores hash (00H2) will store H2 and H3; and so on, each node will store a pair of data on the chain, and the index key is this All or part of the information of the data pair connection. For example, if the connection is the transaction ID and output index, if the transaction ID is used as the key, it is part of the information; if the block header is connected to the hash value of the previous block header, the hash value is used as the key, which is all the information. The following takes the hash value as the key as an example for description. The hash value of H1 is hash (00H1), and the hash value of H2 is hash (00H1), so the connection storage also needs to distinguish input data (hereinafter referred to as input) and output data (hereinafter referred to as output), such as the input here The key corresponding to H1 (hash(00H1)) is the hash value of the data (can be regarded as the output address), and the key corresponding to the output H2 is the hash value of the data connection (can be regarded as the input address). It can be summarized here that the key corresponds to the output address, which is the input data of the connection storage; the key corresponds to the input address, which is the output data of the connection storage. If the chain keeps growing, suppose the last data is Hn, so the node storing hash(00Hn) will only store the input data Hn, and the output data will be empty; when the chain newly adds H[n+1], this The node will only contain the output data H[n+1]; and the node storing hash(00H[n+1]) will only store the input data H[n+1], and the output data will be empty. The node storing 0000 will only store H1, and since 0000 is the input address connected to H1, H1 is the output data of the node, and the input data is empty. But because 0000 is a special starting data, that is, it can be identified as the starting connection storage, so the starting connection storage can use a special 0000 data (or empty data) as input.

The block head chain has the possibility of forking and connecting the uncle block head, that is, the block head chain may have multiple inputs and multiple outputs. Because the hash value of the uncle block header is different from the hash value of the parent block header, and the hash value storage is also on different nodes, the connection storage of the block header chain will not have multiple input data, but it is bifurcated But it will make related nodes have multiple output data. According to the different key selected as the connection, if it is the hash value of the data, because the hash value is unique (not considering collision), the connected storage will only have one input data; if it is an address, it will be the key according to the selection There may be multiple identical addresses depending on the address, then the connected storage may have multiple input data at this time.

If the node has only output data but no input data (except for the special initial connection storage), the connection of the chain is wrong; if the node only has input data but no output data, the input data must be connected and stored in the previous node And is the output data. Connected storage means that the node stores one or more input data and one or more corresponding output data, and the node can verify whether the input and output data is correct; there can also be no output data, which means that the connection of the input data is not used or not. Cost, that is, zero output data. The verification of the correctness of the input and output data includes verifying whether the connection of one or more inputs and the corresponding one or more outputs is correct. If the output data contains the transaction amount, it is also necessary to verify whether the transaction amount of the output data is correct; if the output data contains signature information, it can also verify whether the signature information of the output data is valid. For example, in the UTXO structure, there is only the amount of output and the input is the referenced address, so the transaction amount of the output data is verified. The part of the input amount can come from the output amount of the input data, which can reduce the acquisition of part of the data. Therefore, the chain structure is converted into the connection storage of the node, and the node verifies whether the chain connection is correct. And the way of connecting storage can also make the chain have the ability of two-way retrieval. For example, the above-mentioned block header chain query hash (00H2), can obtain the hash value hash (00H1) of the previous block header contained in H2, and the hash of H3 The value hash(00H3). And the person who retrieves the data can also judge whether it is input data or output data through the retrieved key and the data returned by the node, thereby judging whether the chain connection is correct.

Combined with the blockchain, the node that is connected to the storage can also verify whether the data stored in the connection is the data on the chain. UTXO data has a Merkel tree authentication path, and UTXO also belongs to a chain structure. The following uses UTXO as an example. Because the UTXO reference method used by this system is the address plus the transaction data number, and the address is the key of the index. Due to concurrent transactions, there may be multiple identical output addresses, but the transaction data numbers are different, so this system may have multiple inputs and multiple outputs according to the connection storage of the transaction address, but The same address refers to different transaction data numbers, that is, between multiple input and multiple output data, according to the address plus the transaction data number is a one-to-one reference, so it is not a double spend. For example, transaction data T1, the input addresses are Ad1 and Ad2, and the output addresses are Bd1 and Bd2; transaction data T2, the input addresses are Bd1 and Ed1, and the output addresses are Cd1 and Cd2. According to the above, for the node storing Bd1, as shown in Figure 9, T1 and T2 will be stored, where T1 is the input data of the connection storage (because Bd1 is the output address of T1), and T2 is the output data of the connection storage (because Bd1 is the input address of T2). For the nodes storing Ad1 and Ad2, T1 data is the output data of the connection storage; for the nodes storing Cd1 and Cd2, the T2 data is the input data of the connection storage. Each node will verify whether the input and output of its connected storage data is correct. For example, the node storing Bd1 will verify whether there is input data T1, output data T2, whether there is a double spend, and whether the transaction amount of output data T2 is correct, but the input of T2 It also needs to rely on Ed1, so the node storing Bd1 also needs to obtain Ed1 as the output data to be able to verify. Set Ed1 as the output data as T3, so the node storing Bd1 will store T3 and the corresponding authentication path as additional verification data. And verify whether the input amounts of Bd1 and Ed1 are equal to the output amounts of Cd1 and Cd2, that is, whether Bd1+Ed1 is equal to Cd1+Cd2. Similarly, the node storing Ed1 will store input data T3 and output data T2, as well as additional verification data T1, and verify whether the input and output data are correct.

The following introduces the token issuance and recovery of this system, that is, the initial transaction data and the end transaction data are also connected and stored, and the relevant nodes can also verify whether the input and output of the connected storage data are correct. Therefore, the UTXO chain is transformed into the connected storage structure of the nodes, and each node verifies whether the connected storage is correct, such as whether there is only output but no input (the initial connected storage will also have special inputs), and whether the input data is the same. Whether the output (ie double spend) and the input and output of the connected storage data are correct, and each transaction data can be verified by the Merkel tree to verify whether it is data on the chain, so the correctness of the entire UTXO ledger can be verified through decentralized nodes Sex. According to the above, the user can also obtain the two-way search ability by retrieving the address in the network, and can judge whether the chain connection is correct according to whether the data returned by the node is input or output, and can also judge whether the link is unavailable according to the returned data. Expenditure output. For example, if user C searches for Ed1 in the network, the node will return data T1, T2, and T3 related to Ed1 and the corresponding authentication path to user C. User C according to Ed1 is the output address of T3, so T3 is the input data; according to Ed1 is the input address of T2, so T2 is the output data; Ed1 is not the address of T1, so T1 is additional verification data. According to the authentication path of the relevant data, it is verified that T1, T2, and T3 are all data on the chain, and it can be verified whether the input amount of Bd1 and Ed1 is equal to the output amount of Cd1 and Cd2, so that the correctness of the input and output data can be verified. If the node only returns T2 data, there is only output but no input, and it is judged as a link connection error; if the node only returns T3 data, it means that Ed1 of T3 is not spent.

The system token issuance or recovery uses the preset address, and first needs to be published in the control data set in clear text. For example, the issued address is A001, and the recycled address is B001. Because the token issuance or recovery information published in the control data set contains the preset address information, the node that stores A001 in the network will store the information published in the control data set and A001 as the transaction data of the input reference address. Start transaction data; and the node that stores B001 in the network will store the information released in the control data set, and the transaction data with B001 as the output address, that is, the end transaction data. Therefore, the preset address for the issuance or recovery of the system token is also in line with the characteristics of connected storage. It only uses the preset input or output data. For example, it is not transaction data but the plaintext issuance or recovery information in the control data set. The node can also verify the input and output. Is the data correct?

The above example system uses a homogenized token. If a non-homogeneous token is used, it can also meet the characteristics of connected storage and achieve the purpose of verifying the UTXO chain.

The above connection storage enables distributed nodes to verify whether the chain is connected correctly, and in addition, it can also verify whether the length of the chain is correct. In order to verify that the length of the chain is correct, according to the cumulative transaction data volume and cumulative control data volume contained in the block header, the node can calculate all the numbered addresses contained in the block, and then the node can query its own according to each numbered address Whether the network ID matches the key, if there is a corresponding numbered address, the key is stored by yourself, but you don’t have the corresponding data, then you can query the data of the key through the network (for example, first search on the user end node, if not, then use the numbered address as The key is searched on the second-level chain), if it is not found, the integrity of the chain is wrong. If the ledger data corresponding to the key is found and the data is verified, it means that the data of the numbered address is correct. If the data is transaction data, according to the above knowledge, the transaction data is connected and stored by the transaction address, and the node can be based on The input of the transaction refers to the address query and verification. In this way, the integrity of the chain can be verified through the numbered address, and the unspent output can be inquired through the network.

Because the ledger data of this system is composed of two parts: transaction data set and control data set. And each control data has a unique control data number, which is sequentially increasing. According to the above, the integrity of the control data can be verified through the numbered address. If an address is only verified by a specific node, that is, the node that verifies a certain transaction data or control data is fixed and known, this will bring a certain risk, so in an exemplary embodiment, the system may choose to increase The user randomly selects the verification method. Because the block header contains all the current cumulative transaction quantity and cumulative control quantity, each node can know the starting number and ending number of the transaction data and control data contained in the block. When the client node synchronizes the block header, it can randomly select and verify the ledger data in the block according to the number address. For example, it can randomly select and verify m1 control data, or randomly select and verify m2 transaction data. The control data has only the signature of the management end, so the user end node only needs to obtain the control data through the control data number address, verify the management end signature, and verify whether the data is on the chain according to the authentication path. To verify the transaction data, you need to obtain the transaction data through the transaction data number address, and then query these addresses and verify them according to the input reference address in the transaction data. According to the above knowledge, the address node referenced by the query input returns the connected storage data with input and output data, that is, the input data and output data with the aforementioned association relationship, and can verify the correctness of the input data and output data, and according to The authentication path verifies that the data is on the chain. Since the user side uses a distributed hash table network for retrieval, and each node independently selects the ledger data for verification, it does not know which nodes choose to verify a certain transaction data, and it can avoid a certain transaction data. The disadvantage that the address is only verified by a specific node increases the security.

It can be seen from the above that the data on any chain can be converted into a node’s connected storage structure, where the node stores one or more input data and the corresponding zero, one or more output data, and the node can verify the input and output data Whether it is correct or not, the special initial connection storage and end connection storage can also meet the characteristics of the connection storage through the preset input and output data. Through the connection storage, the data on any chain is converted into node storage, and then combined with the proof that the stored data is the data on the chain, it can be verified whether the connection of the chain is correct. And by verifying the integrity of the chain through the numbered address, each node can store part of the ledger data and the corresponding authentication path, and verify whether the input and output data is correct, and the correctness of all the ledger data can be equivalently verified, which is called Equivalence verification. And you can also choose to increase the user's random selection verification method to avoid the shortcomings of a certain address only being verified by a specific node, and increase security.

Let's take the UTXO of the public chain as an example, such as the Bitcoin system. Bitcoin's UTXO input refers to the unspent transaction ID and output index, where the transaction ID is the hash value of the quoted transaction data. The issuance can be regarded as a CoinBase reward transaction created by miners (coin creation transaction, that is, the first transaction data in each block data). Use the transaction ID as the key for retrieval, and the quoted transaction ID as the key for retrieval. For example, the transaction data ID is Tb, the input references are Ta[1] and Ta[2], and there are two outputs Tb[1] and Tb[2]; the transaction data ID is Tc, and the input reference is Tb[1] ; The transaction data ID is Td, and the input reference is Tb[2]; the number in parentheses is the referenced output index. Then the node that stores Tb will store the input data Tb, and the output data Tc and Td. Because the same transaction ID is not allowed, based on the transaction ID as the key for retrieval, the connected storage will not have multiple input data, but there may be multiple output data. The input references of the two outputs here are not the same output index, so they are not double spend. Each transaction data contains the corresponding authentication path data, and the authentication path of the CoinBase reward transaction is the special first transaction data, that is, the initial connection storage. Without considering transaction fees, each node can easily verify the correctness of input and output data, and the initial connection storage can also easily verify the correctness of CoinBase reward transactions. However, considering that the actual Bitcoin transaction contains a handling fee, the CoinBase reward transaction includes two parts: the block reward and the transaction fee. Therefore, the initial connection storage requires all transaction fees of the CoinBase reward exchange in the block body to be verified. If the block The large number of transactions in the body makes verification very difficult, and it is also very difficult for users who retrieve the initial connection storage to verify CoinBase reward transactions. If you can only rely on a limited number of transaction data to verify the correctness of the input and output data, you can take advantage of the distributed node connection storage, and you can store and verify the correctness of part of the transaction data through each node to verify the correctness of the entire UTXO chain. Sexual purpose. And the integrity of the chain can be verified by adding a numbered address.

Because this system uses the UTXO model, the unspent output of user A may be known by other users B in the same transaction, and the transaction timestamp that quotes the unspent output may also be known by user B, if the transaction is also quoted User A's other unspent output may also be known to user B. To ensure that no information is disclosed as much as possible, users can choose the auxiliary obfuscation scheme provided by the system. For example, the user transfers these unspent outputs to the obfuscated address provided by the system in turn. The obfuscated address is also a logical chain, so the obfuscated address transferred in each time is different, and then another obfuscated address in the system transfers the same amount to The user's new receiving transaction address, and the new receiving transaction address on the UTXO chain has no relationship with the user's previous unspent output, and no information will be leaked.

The user's management address is generated by the generation parameters in the previous management data and the management address master key, and the management data is encrypted and protected by the symmetric encryption working key generated by the generation parameters in the previous management data and the symmetric encryption master key. The user's first management data, that is, the user's registration management data, uses the user's registration ID as a generation parameter. The user's registration management data includes the initial address generation parameters of the second account data chain composed of the received transaction data, and also includes the user's identity certificate hash value and the user's signature public key, which can be used to confirm the user's identity. Except for user registration management data and user identity certificate update management data that contain user-related information for confirming the user's identity, the remaining ledger data no longer contains user-related information. For example, transaction data can contain user additional information, which may contain user identity information, so user additional information is stored off-chain, and only the hash value of the additional information is recorded on the chain, and user additional information can use the transaction timestamp as Salt value. In addition to user additional information, transaction data can also contain additional contract information. The additional contract information is used to record the associated information of the contract and does not contain the user's identity information, so the additional contract information can be stored on the chain. The user's signature public key is associated with the user identity certificate, so the user identity certificate update management data also contains the user's signature public key update information. The user's other management data may include user master key update information and general management information, none of which will involve the user's identity.

After the user registers, he finds the registration management data through the registration ID and the management address master key, and decrypts the data with the symmetric encryption working key generated by the registration ID and the symmetric encryption master key, so as to obtain the user’s management data. Account data link. Then, according to the initial generation parameters of the transaction data in the registration management data, the transaction address master key, and the user's signature public key, the second account data chain composed of the user's received transaction data is obtained. According to the above, searching for the receiving transaction address on the user-side network, because of the use of connection storage, the transaction referenced by the receiving transaction address as an input can be obtained, that is, the user's sending transaction. Therefore, by obtaining the data link of the second account that receives the transaction, all transaction data of the user can be obtained at the same time. Then decrypt the blinding factor from the generation parameters in the transaction data and the working key generated by the secret transaction master key to obtain the user's account information.

For example, user Alice registers an account with ID Alice on the management terminal through the identity certificate, and the management terminal issues the management address master key, transaction address master key, secret transaction master key, and symmetric encryption master key to account Alice. The account ID name is the default initial generation parameter of the management data. The user generates the registration management address through the account ID name Alice and the management address master key, and then searches for the registration management address on the user-side network, that is, the registration management information of the account Alice can be found, and the account ID name Alice and the symmetric encryption master key are used The generated symmetric encryption working key decrypts the data. The registration management information contains the hash value of the user's identity certificate, which can prove the user's identity, as well as the generation parameters used to generate the address of the next management data and the symmetric encryption working key, and include the initial generation parameters of the receiving transaction address. To generate the user’s first receiving transaction address. After transferring money to the account Alice, the user can generate the receiving transaction address through the generation parameters of the last receiving transaction, the transaction address master key and the user’s signature public key, and then look up the address on the user’s network to find the transaction information. And through the generation parameters in the transaction data and the working key generated by the secret transaction master key to decrypt the blinding factor, the ciphertext transaction amount can be decrypted. If Alice needs to transfer money to Bob, she needs to generate the unlocking script through the generation parameters of the last received transaction, the transaction address master key, and the user's signature private key.

When a user needs to prove the assets of a certain address to a third-party user, he only needs to provide the intermediate value K, the user's identity certificate, and the blinding factor. The third-party user can verify the validity of the identity certificate to confirm the user's identity, and then use K and the user's signature public key to do a scalar multiplication on the elliptic curve to obtain a new public key, and verify that the address generated by the new public key is equal to the address. Because the scalar multiplication operation on the elliptic curve is one-way, it is impossible to find a K'and the user's signature public key operation to get the public key address of other people (assuming that before the quantum computing cracking occurs, it needs to be updated afterwards to resist the quantum computing cracking In order to provide a valid proof). Then check whether the address is an unspent address through the network, and finally use the blinding factor to decrypt the ciphertext amount. The information provided by the user does not contain the relevant key information, and the third-party user cannot obtain the privacy of the user's other transaction data based on the provided information. The above-mentioned query of unspent addresses is realized through the node's connected storage. According to the above, if the address has been spent, the relevant node will return input data and output data; if it is not spent, only input data will be returned without output data. However, the query method depends on the relevant node. As will be known later, third-party users can also query the information of unspent addresses through the second chain system.

The announcement data released by the system are all plain text, such as the announcement information of token issuance or recovery, key algorithm update information, new transaction rule announcement information, and system version update information. According to the different types of announcements, each announcement has an announcement type and an incremental serial number. According to the announcement prefix + announcement type + announcement serial number, the address of the announcement is composed. Any user can retrieve and verify the announcement on the network through the announcement address.

Therefore, the UTXO chain of the system according to the transaction address (including the special address of the initial transaction data and the special address of the end transaction data) is connected and stored, and it can verify whether the UTXO chain is correct; the sequentially increasing addresses such as the numbered address are not in a chain relationship, so it is Directly stored, it can be used to verify the integrity of the chain and random selection verification; the management address is not an explicit chain relationship (only the user's master key can obtain the user's first account data chain, and the management address forms an implicit chain Type relationship), as well as the announcement address, etc., are also stored directly. The value corresponding to the directly stored key is unique, and the retrieval returns the corresponding data; the key stored in the connection may correspond to multiple value data, that is, the input and output data of the connection storage, and the retrieval returns all relevant data, including additional verification data. And the user side uses distributed hash storage through a structured peer-to-peer network. Each user side only needs to store part of the ledger data, and the corresponding ledger data can be retrieved through the address, and the ledger can be verified using the Merkel tree Whether the data is contained in the block of the chain.

There can also be rewards for generating chains in the system. In order to meet the conditions of a public-like chain, anyone can participate in the generation of the chain, without registration or authorization in the system, but only needs to generate an asymmetric key as the key for receiving rewards, and press the public key in it. An address is generated in a certain way, and the address is identified by the prefix as the receiving address to distinguish the addresses used inside the system. When a chain generation object (for example, a chain generation node) participates in generating a new block header, the receiving address will be included. After n confirmations of the block header, the management end will publish the reward information in plaintext to the control data set. The reward information includes the reward preset address, the reward amount, and the bound receiving address. The reward preset address is similar to the token issued The preset address, such as C001. When receiving rewards, you need to register in the system, and then generate a reward transaction data. The input of the transaction is referenced to the reward address C001, and the output is the user's receiving transaction address, so the transaction is on the user's second account data chain. And it is necessary to use the private key of the receiving address to generate the unlocking script to unlock the receiving reward. Therefore, the rewards are divided into two steps: release first and then receive. Among them, release is similar to token issuance, and the reward address is also in line with the characteristics of the above connection storage, but the input is the clear text reward information in the control data set. Therefore, the generation of the participating chain does not need to be registered or authorized in the system, but to receive rewards, you need to register in the system. The chain generation object can also authorize the key of the receiving address to other users, and the other users can receive rewards.

The public chain refers to a blockchain system in which anyone can read, send transactions, and participate in consensus. It is a completely decentralized system. The quasi-public chain refers to a system that does not include anyone who can send transactions, and the rest are the same as the public chain, which satisfies the centralization of transactions and the decentralization of ledger data. The following describes the system architecture of the class public chain with the public chain system.

Suppose there is a public chain system S, in which there is a user A, and the transaction data sent by A needs to meet the UTXO rules, that is, there must be a legal input reference, and no double spend can exist. If multiple inputs and outputs are not considered, the transaction data of A on the S chain will form a UTXO chain with a sequential single connection. Assume A as a private chain system (S can still regard A as a user), and replace A's transaction data with block data generated by the private chain system, because the private chain can be regarded as the next block connection ( Expends) the output of the previous block, the private chain can be regarded as a UTXO chain, so the block data generated by A is connected to the block data, and cannot be forked (no double spend), that is, it can Consider the UTXO chain of A on the S chain and the private chain of A as equivalent. When the block data of A is on the chain, the S system needs to verify the legitimacy of the A block data, which needs to be connected sequentially and cannot be forked, and also needs to verify the legitimacy of the ledger data in the block. In the S system, anyone can participate in consensus, read ledger data and verify ledger data, so anyone can verify A's ledger data.

In addition to the block data of A, the S system can also have extended data, but the extended data does not affect the user's management data and transaction data, nor does it affect the user's account status, so the user does not need to read and Verify the extended data. The function of the extended data is to enable S to interact with A, so that S can partially affect the generation of A data, so the data can only be read by the objects participating in the S consensus and A. For example, before A system releases token issuance or recovery information in the control data, it needs to go through S to vote; or S generates a provable fair random number, and the random number affects the data generated by A system to solve the partial fairness of A system. Sexual issues. Client C does not need to synchronize the block header data of the A private chain, but only needs to synchronize the block header data of the S system, so the block header data of the A private chain can also be stored in the extended data. If there is illegal data generated in the system and the data needs to be able to prove, the relevant data can also be stored in the extended data of the S system. If the system uses consensus algorithms such as POA (Proof Of Activity), the relevant verifier election and verifier list data can also be stored in the extended data.

The user terminal C of the A system needs to pass the transaction data from A to S, and C obtains the transaction data from S. The above-mentioned system S, system A (private chain or consortium chain system), and the client C of system A can be regarded as a kind of public chain application system. Anyone can read, verify transactions, and participate in consensus. This refers to reading the data of the S chain, and the client C also synchronizes the block header data of the S chain. According to the above, the consistent performance of the block header guarantees the consistency of the system state, and the synchronization of the S-chain block header of all clients can ensure that the state of all clients and the system S are consistent. And the user only needs to obtain the user master key from the A system (the key does not belong to the chain data), and can retrieve the account data on its own in the structured peer-to-peer network (or S-chain) on the user side, and third-party users and supervisors The user can also retrieve the key after being authorized, and the process does not rely on the A system or other centralized systems. Therefore, the public chain-like application system is verifiable, traceable, and non-tamperable. However, because the user’s transaction data first needs to go through A before it can be chained in S, the public chain-like application system does not solve the fairness of the transaction. However, for the usual payment systems, such as online music purchases, the order of purchase is not It will affect the result, as long as the compliant transaction can be normally connected to the chain. And there is a kind of fairness problem that can delay the selection priority, which can also be solved by a public chain-like application system.

Delayable selection priority is different from time priority. It is a method of generating a provably fair random number and then determining the priority based on the random number. Because anyone can participate, it is fair. For example, in a lottery system, the purchaser pays a certain amount and reserves a random number and the prize-receiving address, and then the system S generates a provably fair random number through the consensus object. For example, the scheme of submitting and then disclosing can be used (Commit Reveal) , And to avoid block retention attacks, you can terminate the submission and go through several block confirmations, and then delay the disclosure of related parameters to ensure that the generated random number is unknown in advance and cannot be tampered with. After the random number is announced, the award will be judged according to the degree of correlation between the random number reserved by each person and the random number, and then the award can be received through the award address. System A can call related contracts based on the published random number to award rewards to the winning users. The reward will be bound to the relevant contract information of the winning, including quoting the lottery information, quoting the random number reserved by the user and the prize-collecting address, and the amount of the clear text of the prize, generating the corresponding ciphertext amount of the reward to the prize-collecting address, and then from issuing the lottery The corresponding plaintext amount is subtracted from the real-name institution account to ensure that the total amount of tokens in the system has not changed. Therefore, the delayable selection priority is that the system S generates a provably fair random number and delays the disclosure of several blocks, and the system A uses the random number to determine the priority to solve the fairness of such problems.

The following describes the architecture of the system. The system is composed of a three-layer two-chain architecture, as shown in Figure 10.

The first layer is also the first chain system. It can be a private chain or a consortium chain. It belongs to a centralized system (such as the above system A). It can use a private network and PBFT (Practical Byzantine Fault Tolerance) and other consensus algorithms. In order to meet the needs of fast confirmation and high-frequency trading, the main object with a real name is responsible for the system's administrator. Including one or more of the following management: management of users and institutions, issuance or recovery of tokens, issuance of user master keys and system announcements, etc. The system is managed mainly by issuing control data, and then written into the first chain. The transaction data on the user side is verified by the management side and written into the first chain. The block data generated by the first chain will be broadcast to the second layer or the third layer immediately. Because the management terminal has all the user master keys, the management terminal can generate the state tree of the system, and operations such as querying and modifying the user account status of the management terminal are realized through the state tree of the system, and then converted to the underlying UTXO transaction data or control data. The management terminal will verify the transaction data on the client side, and will verify the relevant user identity information. Each transaction data or control data will be assigned a unique serial number that increases sequentially, and the transaction data or control data will be endorsed and signed by the management terminal together with the transaction data or control data. The block header data of the first chain will contain the current cumulative transaction quantity and cumulative control quantity, and the block header data will be signed by the management terminal.

The second layer is also the second chain system, which is similar to the public chain (the above system S), and uses an unstructured peer-to-peer network, such as the gossip network protocol, and the algorithm with a longer consensus time. The second layer will verify the block data of the first chain, but because the second layer does not have a user master key, it will only verify transaction data, but will not verify related user identity information, and will not generate system information. State tree. According to the above, the system adopts the UTXO model, and anyone can verify the correctness of the transaction amount in ciphertext. The block data of the second chain is composed of one or more block data sequences of the first chain. The state of any account on the first chain is consistent with the state of the account on the second chain, so the system is asynchronous and homomorphic . Because the block data of the second chain may be composed of multiple block data sequences of the first chain, the ledger data of the first chain block body needs to be reordered to form the ledger data of the second chain block body, including transaction data and Control the data, and then regenerate the root hash value of the Merkel tree and record it in the block header of the second chain. The block header of the second chain will also contain the current cumulative transaction number and cumulative control number. Because the ledger data of the second chain block body is recomposed in order, it also satisfies the number of leaf nodes and node serial numbers of the known Merkel tree, and the height and direction of the corresponding authentication path are fixed and known. The second chain may also contain extended data, which may be the state data of the second chain system itself, and will not modify the user's state, and the third layer will not synchronize and read the data. For example, the data can be the voting process of the second chain or the process of generating provably fair random numbers, etc., it can also be the process of the second chain voting to select chain generation nodes, or it can be the data used for attestation. The extended data It will only be read by the first and second layers, and may affect the subsequent blocks generated by the first chain or the second chain. The block header data of the first chain can also be recorded in the extended data of the second chain, which will not affect the user status, but is used as evidence data. The block data generated by the second chain will be broadcast to the third layer. The broadcast data is the block header data, transaction data, control data, and corresponding authentication path data of the second chain.

The third layer is the user-side system, which uses a structured peer-to-peer network. For example, you can use the kademlia network protocol to retrieve data through a distributed hash table (DHT). Each user-side node (hereinafter referred to as node) only needs to store part of the ledger data And the corresponding certification path. According to the above, the third layer passes equivalent verification. Each node verifies part of its own book data, which can equivalently verify all the book data, and then combines each node to independently and randomly select the book data for verification, avoiding a certain address Only verified by specific nodes, which increases security. Each node in the third layer will synchronize the block header data of the second layer, so the third layer and the second layer system state are consistent. The read operations of the user, third-party users, and regulators can be in the second or third layer, and the write operations of transaction data on the user end are linked to the first layer through the management end, so the system is read and write separated of. And the first chain can broadcast to the third layer immediately, so the transaction data on the user side can be obtained in time, but the transaction data at this time is not on the second chain, but on the first chain. If it is a small transaction, the client can immediately trust the data released by the management terminal; but if the transaction amount is large, the client can wait for a period of time until the transaction data is on the second chain and confirmed by n blocks. It can be considered that the transaction data is irreversible and cannot be tampered with.

Since the state of the second layer system and the third layer system are consistent, and the third layer verifies all the ledger data through equivalent verification, the second layer system can choose to verify only the block header data of the first chain, The Merkel tree of the ledger data and the management end of the ledger data are signed, and then the data is uploaded to the chain to generate the block data of the second chain and broadcast to the third layer. The third layer verifies whether the UTXO chain is connected correctly and verifies it Whether the client unlocking signature and transaction amount in each transaction data are correct. Because each node in the third layer only needs to verify a small amount of ledger data, even if the client uses a multi-signature method and needs to verify whether the ciphertext transaction amount is correct, each node has less burden, even mobile devices can Complete verification. The second layer verifies the signature of the management end, and can also use optimized batch verification of multiple signatures generated by a single signer, which greatly reduces the amount of verification required to participate in the second layer consensus. And according to the characteristics of the Merkel tree, the chain generation node of the second layer can sequentially distribute the ledger data generated by the first layer to multiple physical devices, and combine the ledger data on these physical devices to generate the Merkel tree. The root hash value, that is, the generation and verification of a huge block data containing a lot of ledger data can be completed through multiple physical devices, and the storage can also be distributed to multiple physical devices. Different from the third layer using distributed hash table storage, this method belongs to linear partition storage, that is, to store a huge block of data, according to the characteristics of the Merkel tree, the number of leaf nodes corresponding to a parent node is Power of 2, so the data is linearly divided into multiple physical devices for storage according to the power of 2, and then the corresponding Merkel tree root hash value can be jointly generated, and the corresponding ledger data can also be generated Certification path. Therefore, the chain generation node of the second layer only needs multiple ordinary physical devices and storage devices, and the amount of verification calculation is also controllable. The devices that actually participate in the consensus generation block header also only need ordinary devices, which greatly reduces participation. The threshold of the second layer of consensus.

The above method uses the first generation and then verification method, that is, the second chain is generated first, and then the third layer is verified, because the actual ledger data is uploaded by the first layer system, and the second layer will verify the default The Kerr tree and the signature of the management terminal will not modify the ledger data. Therefore, if the third-level verification ledger data is wrong and it is signed by the management end (the second layer is required to verify whether it is the data of the first chain), the responsible person is the first-level system, and the first-level is the management end with a real name , Which can be dealt with by the supervisor. Because the first layer is a centralized system, if illegal ledger data is generated, the second and third layers cannot be prevented, but they can be verified immediately, and then corresponding measures can be taken. For example, the third layer writes illegal ledger data from the second layer into the certificate data of the extended data of the class public chain, and the first layer system cannot modify the data of the second chain, and anyone whose data is public can Access can be handled by the supervisor. Therefore, although the system cannot guarantee that the data in the time period of the upper chain segment must be correct (because the data is generated by the centralization), it can guarantee that the wrong data is not hidden (verified by the second or third layer) . The data on the second chain and confirmed by n blocks is correct and cannot be tampered with, so it is trustworthy. The first-tier system also uses private chains or alliance chains to reduce and prevent the possibility of data errors. And based on the above, the first chain is not allowed to fork, and the first chain can use consensus algorithms such as PBFT to prevent forks. If the first chain has a fork, the second layer system can detect and write it into the certificate data of the extended data of the public chain, and the supervisor will handle it accordingly.

The first-tier management system can also optimize the processing of massive data that needs to be verified and stored by connecting to storage. For example, a consistent hash algorithm can be used to disperse transaction data into multiple consensus groups based on transaction addresses and transaction IDs, and then use the attribute grouped PBFT (Practical Byzantine Fault Tolerance Algorithm) consensus algorithm to generate the block header of the first chain data.

The PBFT algorithm is a state machine copy replication algorithm. Set the number of sets composed of all copies to N, assuming that the number of invalid copies is F, then N>3F is required. Each node has a copy of the state machine, so the PBFT algorithm can tolerate less than N/3 invalid or malicious nodes. But the disadvantage of PBFT is that it has O(N^2) message complexity, so usually N is not very large.

The attribute grouping PBFT consensus algorithm uses a consistent hashing algorithm. According to the attributes of the data, the data is distributed to multiple consensus groups, and only a copy of the state machine is required in one of the groups. For example, divide N into M consensus groups, and each consensus group has n nodes, that is, N=M*n, and set these consensus groups as serial numbers from 1 to M.

Before generating the block, use the consistent hash algorithm to map each input address of the transaction data to one of 1 to M, and map the transaction ID, that is, the hash value of the transaction data, to one of 1 to M. Then the transaction data is stored in the mapped consensus group. According to the above, the input address corresponds to the output data stored in the connection. After the block is generated, that is, after the data is on the chain, each output address of the transaction data is mapped to one of 1 to M in the same way, and the token issuance address and the reward address in the control data on the chain are included. Then the corresponding on-chain data is stored in the mapped consensus group. According to the above, the output address corresponds to the input data stored in the connection, so the input data stored in the connection storage in the consensus group is the data after the chain, and the consensus group can verify the data through the Merkel tree.

If the consensus group storage corresponds to input data, then just store it; if the consensus group storage corresponds to output data, you need to find the corresponding input data, and verify the correctness of the input and output, and then form a connected storage; if the consensus group stores Corresponding to the transaction ID, it is necessary to initiate PBFT consensus verification to the consensus group corresponding to the address based on all the input reference addresses of the transaction data. It can be known that if the consensus group corresponding to these addresses passes the verification, it will form a connection storage and return the verification success, and if the verification fails, the verification failure will be returned. According to the above, when the number of successful verifications returned by each address is greater than n*2/3, the transaction data is verified and can be uploaded to the chain. Therefore, the transaction data is verified and chained by the consensus group corresponding to the transaction ID, and because the transaction ID is unique, it will not be repeated on the chain. In order to optimize the additional verification data required to verify the transaction amount, the transaction amount can be verified by the consensus group corresponding to the transaction ID. Entering the consensus group corresponding to the reference address only needs to verify whether the connection is correct and the unlocking signature of the client is valid, and the transaction amount is returned Data, no additional verification data is required.

After a period of time, each consensus group independently initiated the PBFT consensus on the chain, and each consensus group independently agreed on the transaction data and sequence of its own on-chain set. Then the consensus group No. 1 adds its own on-chain collection quantity to the cumulative quantity, and sends the cumulative quantity message to the consensus group No. 2; then, the consensus group No. 2 adds its own on-chain collection quantity to the cumulative quantity to 3 Consensus group No. sends out the accumulated quantity message; until the last consensus group M, M sends the accumulated quantity message to consensus group No. 1; when consensus group No. 1 receives the accumulated quantity message, it completes a cycle operation, and The transaction data in the loop is combined on the chain. Each consensus group calculates the starting sequence number based on the cumulative number, and then assigns the transaction data and the corresponding order of the on-chain collection to an increasing sequence number and requests a signature (for example, if there are n nodes, a request greater than n*2/3 is required to give a signature ), and finally combine the signed data to generate the root hash value of the Merkel tree. Because it is an independent consensus on the chain, each consensus group can receive a number of messages and then carry out the consensus on the chain, and complete the circular operation through message transmission. The reason why the consensus group can independently agree on the chain is because the input data stored in the connection is the data after the chain, so in the same time segment, there will be no legal transactions quoted between the two.

Therefore, it can be seen that the message complexity of the attribute grouping PBFT consensus algorithm is O(n^2), which can tolerate less than n/3 invalid or malicious nodes. However, since there are M groups, the transaction data is also dispersed into M groups, so the final amount of transaction data that can be processed can be greatly increased.

The control data of the system is not a UTXO chain. When it is generated, an incremental serial number can be assigned and signed, and then stored and verified linearly according to the serial number, or the Merkel tree root hash value of the control data can be jointly generated. Finally, the block header data of the first chain is generated according to the root hash value of the transaction data and the root hash value of the control data, and the corresponding cumulative number. Therefore, the management system of the first chain can optimize the processing of massive amounts of data by connecting storage.

According to the above, the data stored on the third-tier client terminal includes block header data, ledger data, and corresponding authentication path data. The ledger data is actually generated by the management end of the first layer, the block header data is generated by the second layer consensus, and the block header data can also map the consistency of the block body data (ledger data), and the block header data can also be confirmed Corresponding authentication path, so the correct synchronization of the block header data is very important to the correctness of the system. However, the third-tier client does not participate in the second-tier consensus. If the second-tier public chain system adopts consensus algorithms such as POA (Proof of Authority) or a consensus algorithm for mortgage punishment, the third-tier client needs to be correct Synchronize the list of consensus participants, which will increase the burden on the user side. Because the second chain is generated on the basis of verifying the block header of the first chain, the third-layer client can verify the block header of the second chain on the basis of trusting the block header of the first chain. Take the consensus algorithm using mortgage penalty as an example. The consensus object of the second layer can be anonymous, and can use the third-party public chain (a third-party public chain system other than the first chain system and the second chain system) to participate in the consensus. Data, the mortgaged assets will be deducted, as explained below.

First, the management side of the first layer needs to establish a smart contract on the third-party public chain. The function of the contract is that any user can upload the consensus public key (the consensus public key is an asymmetric key generated by the user and can be used to participate in the second-level consensus), and a consensus public key needs to be mortgaged on the third-party public chain A certain amount of token, the mortgaged token is associated with the uploaded consensus public key. The contract will map the consensus public key set composed of all the currently uploaded consensus public keys to a value. The consensus public key set and the mapping method are both public Yes, it is easy to find the proof that the elements in the set exist in the set, but it is difficult to find a proof that the elements in the set do not exist in the set. For example, you can use Merkel tree proof or accumulator proof. One of the cryptographic accumulators is a one-way membership function, which can be used to identify whether a candidate is a member of a set without exposing the members of the set in the process. The block header generated by the first chain contains the value of the current consensus public key set mapping, and can also contain the number of elements in the consensus public key set, and a key represents a fixed equity, that is, one key and one vote. The block header data generated by the second chain will be broadcast to the third layer along with the last block header data corresponding to the first chain. The second chain block header contains all the current cumulative transaction quantity and cumulative control quantity, and the corresponding consensus public key. The second chain block header data is signed by the consensus private key. The third-tier client side synchronizes the block header data of the second chain, can verify the signature of the consensus private key according to the consensus public key, verify the signature of the management end of the first chain block header, and verify the cumulative transaction number of the first chain block header. Whether the cumulative control quantity is equal to the cumulative transaction quantity and the cumulative control quantity of the second chain block header, if they are equal, the quantity is correct and the first chain block header is the last block header data in the second chain block header generation time segment, so the first The mapping value of the consensus public key set in the block header of a chain is the latest in the time segment. The user side can also use Merkel tree proof or accumulator proof according to the mapping value of the consensus public key set in the first chain block header to verify whether the consensus public key in the second chain block header is valid. If the verification is passed, it means the second The chain block header is valid and can be added to the block header of the candidate main chain. In this way, the user end can verify the block header of the second chain by trusting the block header of the first chain, without synchronizing the consensus list of the second chain, and can pass the cumulative number of transactions and accumulation of the block header of the first chain The control quantity verifies whether the cumulative transaction quantity and the cumulative control quantity of the second chain block header are correct, so as to ensure that the block header data of the second chain can be synchronized correctly.

The second-level public chain-like system can also use consensus algorithms such as POA, so that it does not rely on third-party public chains, but the participating consensus objects need to provide identity certification. The first chain block header may also include the mapping value of the validator list of the POA consensus algorithm and the number of validators, so that the user terminal can correctly synchronize the block header data of the second chain.

If the first chain block header does not contain the correct mapping value of the consensus public key set according to the rules, because the mapping value of the consensus public key set is in the contract of the third-party public chain or the extension of the second-level public key chain What is stored in the data is public and cannot be tampered with. The second layer system can write the non-compliant block header data of the first chain into the certificate data of the extended data of the similar public chain, and the supervisor will handle it accordingly.

Therefore, the system uses the blockchain to realize the traceability and non-tampering of the ledger data. The UTXO chain realizes the correct connection of transaction data to ensure that the total number of tokens in the system is certain. The account data chain realizes the privacy retrieval of user account data. And through equivalence verification, the user terminal can store and verify part of the ledger data through a structured peer-to-peer network, and the correctness of all ledger data can be equivalently verified.

An exemplary embodiment of the present disclosure further provides a computer storage medium that stores a computer program; after the computer program is executed, the method provided by one or more of the foregoing exemplary embodiments can be implemented, for example, Perform one or more of the methods shown in Figure 1, Figure 3, Figure 5, and Figure 7. The computer storage medium includes volatile and nonvolatile, removable and non-removable implemented in any method or technology configured to store information (such as computer-readable instructions, data structures, program modules, or other data) In addition to the medium. Computer storage media include but are not limited to RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disk (DVD) or other optical disk storage, magnetic cassette, tape, magnetic disk storage or other magnetic storage device, or Set up as any other medium that stores the desired information and can be accessed by the computer.

An exemplary embodiment of the present disclosure also provides a computer device (or computer equipment). The computer device may include a processor, a memory, and a computer program stored on the memory and capable of running on the processor. The processor implements the data storage device or data verification in the present disclosure when the computer program is executed. The operation performed by the device.

As shown in FIG. 11, in an example, a computer device (node) may include: a processor 91, a memory 92, a bus system 93, and a transceiver 94, where the processor 91, the memory 92, and the transceiver 94 pass through The bus system 93 is connected, the memory 92 is configured to store instructions, and the processor 91 is configured to execute the instructions stored in the memory 92 to control the transceiver 94 to send signals. For example, the operation of the second storage module in the aforementioned data storage device may be executed by the transceiver under the control of the processor, and the operation of the first verification module may be executed by the processor.

It should be understood that the processor 91 may be a central processing unit (Central Processing Unit, referred to as “CPU” for short), and the processor 91 may also be other general-purpose processors, digital signal processors (DSP), application specific integrated circuits (ASIC), or off-the-shelf processors. Programmable gate array (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. The general-purpose processor may be a microprocessor or the processor may also be any conventional processor or the like.

The memory 92 may include a read-only memory and a random access memory, and provides instructions and data to the processor 91. A part of the memory 92 may also include a non-volatile random access memory. For example, the memory 92 may also store device type information.

In addition to the data bus, the bus system 93 may also include a power bus, a control bus, a status signal bus, and the like. However, for clear description, all buses are marked as the bus system 93 in FIG. 11.

In the implementation process, the processing performed by the computer device may be completed by an integrated logic circuit of hardware in the processor 91 or instructions in the form of software. That is, the steps of the method disclosed in the embodiments of the present disclosure may be embodied as being executed and completed by a hardware processor, or executed and completed by a combination of hardware and software modules in the processor. The software module can be located in storage media such as random access memory, flash memory, read-only memory, programmable read-only memory, or electrically erasable programmable memory, registers, etc. The storage medium is located in the memory 92, and the processor 91 reads the information in the memory 92 and completes the steps of the above method in combination with its hardware. To avoid repetition, it will not be described in detail here.

A person of ordinary skill in the art can understand that all or some of the steps, functional modules/units in the system, and apparatus in the methods disclosed above can be implemented as software, firmware, hardware, and appropriate combinations thereof. In the hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, a physical component may have multiple functions, or a function or step may consist of several physical components. The components are executed cooperatively. Some or all of the components may be implemented as software executed by a processor, such as a digital signal processor or a microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on a computer-readable medium, and the computer-readable medium may include a computer storage medium (or a non-transitory medium) and a communication medium (or a transitory medium). As is well known by those of ordinary skill in the art, the term computer storage medium includes volatile and nonvolatile implementations in any method or technology configured to store information (such as computer-readable instructions, data structures, program modules, or other data). Sexual, removable and non-removable media. Computer storage media include but are not limited to RAM, ROM, EEPROM, flash memory or other memory technologies, CD-ROM, digital versatile disk (DVD) or other optical disk storage, magnetic cassettes, magnetic tapes, magnetic disk storage or other magnetic storage devices, or Set up as any other medium that stores the desired information and can be accessed by the computer. In addition, as is well known to those of ordinary skill in the art, communication media usually contain computer-readable instructions, data structures, program modules, or other data in a modulated data signal such as carrier waves or other transmission mechanisms, and may include any information delivery media. .

Those of ordinary skill in the art should understand that the technical solutions of the embodiments herein can be modified or equivalently replaced without departing from the spirit and scope of the technical solutions herein, and should be covered by the scope of the claims of this application.

Claims

A chain structure data storage method, including:

Part or all of the connection information of the chain in the chain structure is used as the first key, and the data in the chain structure associated with the first key is used as the value, and the data is stored as input data or output data. The input data and output data stored in the data storage device are associated according to the same connection information.
The data storage method according to claim 1, wherein the storing the data as input data or output data comprises:

When the first key is used as part or all of the output information in the chain structure, the data associated with the first key is stored as input data; the first key is used as the part of the information input in the chain structure Or all, the data associated with the first key is stored as output data.
A chain structure verification method, including:

Use part or all of the connection information of the chain in the chain structure as the first key, and use the data in the chain structure associated with the first key as the value to verify whether the data associated with the first key has errors, After verifying that the data associated with the first key has no errors, the data is stored as input data or output data.
The chain structure verification method according to claim 3, wherein said storing the data as input data or output data comprises:

When the first key is used as part or all of the output information in the chain structure, the data associated with the first key is stored as input data; the first key is used as the input information in the chain structure Part or all of the data associated with the first key is stored as output data; the input data and output data stored on the device are associated according to the same connection information.
The chain structure verification method according to claim 3, wherein said verifying whether the data associated with the first key has errors includes one or more of the following verifications:

Verifying whether the data is data on the chain structure;

When the first key is used as the input information in the chain structure, verify whether there is output information that has the same connection information as the input information;

When the first key is used as the input information in the chain structure, verify whether the output information that has the same connection information as the input information has been used;

When the first key is used as the input information in the chain structure, and the data associated with the first key includes a transaction amount, verifying whether the transaction amount is correct;

When the first key is used as the input information in the chain structure, and the data associated with the first key includes signature information, it is verified whether the signature information is correct.
The chain structure verification method according to claim 4, the method further comprising:

According to the request of the data verification device, the data associated with the connection information of the chain stored by the device is returned to the data verification device, including one or more of the following data: input data, output data, Merkel tree Authentication path, additional authentication data.
A chain structure verification method, including:

Taking part or all of the connection information of the chain in the chain structure as the second key, acquiring data stored in the data storage device and associated with the second key from the data storage device, and verifying the data according to the acquired data Whether there are errors in the data in the chain structure.
The chain structure verification method according to claim 7, wherein the data associated with the second key obtained from the data storage device includes one or more of the following: data associated with the second key, Merkel tree authentication path and additional verification data, wherein the second key is used as part or all of the output information in the chain structure, or the second key is used as part or part of the input information in the chain structure All.
8. The chain structure verification method according to claim 7, wherein the verifying whether the data in the chain structure has errors according to the acquired data comprises:

Synchronize the block header data in the chain structure, combine the block header data with the data associated with the second key obtained from the data storage device, and perform one or more of the following verifications:

Verifying whether the data associated with the second key obtained from the data storage device is data on the chain structure;

When the second key is used as the input information of the acquired data, verify whether there is output information that has the same connection information as the input information;

When the second key is used as the input information of the acquired data, verify whether the output information that has the same connection information as the input information has been used;

When the second key is used as the input information of the acquired data, and when the acquired data includes a transaction amount, verify whether the transaction amount is correct;

When the second key is used as the input information of the acquired data, and when the acquired data includes signature information, verify whether the signature information is correct.
A method for realizing a chain structure. The chain structure system includes a first chain system, a second chain system, and a data storage device. The method includes:

After the first chain system signs the ledger data, write the signed ledger data into the block data of the first chain;

After verifying the block data of the first chain, the second chain system writes one or more continuous block data of the first chain into the block data of the second chain;

The data storage device uses part or all of the connection information of the chain in the second chain as the first key, and the data associated with the first key as the value. After verifying that the data associated with the first key has no errors, it will The data is stored as input data or output data, and the input data and output data stored in the same data storage device are related according to the same connection information.
The method for implementing a chain structure according to claim 10, the method further comprising: the first chain system uses part or all of the connection information of the chain in the first chain as a third key, and the third key is associated As the value, assign the value associated with the third key to a consensus group that has the same third key as the value; the consensus group verifies the data associated with the third key, where:

The data associated with the third key includes transaction data, and the verification includes one or more of the following:

When the third key is used as the input information of the transaction data, verify whether there is output information that has the same connection information as the input information;

When the third key is used as the input information of the transaction data, verify whether the output information that has the same connection information as the input information has been used;

When the third key is used as the input information of the transaction data, verify whether the transaction amount of the transaction data is correct;

When the third key is used as the input information of the transaction data, it is verified whether the signature information of the transaction data is correct.
According to the chain structure realization method of claim 11, after the consensus group verifies the data associated with the third key, the method further comprises:

The consensus group stores the data associated with the third key as input data or output data, wherein when the third key is part or all of the output information in the first chain, the third The data associated with the key is stored as input data. When the third key is part or all of the input information in the first chain, the data associated with the third key is stored as output data; stored on the same consensus group The input data and output data are related according to the same connection information.
The method for implementing a chain structure according to claim 10, wherein the storing of the data as input data or output data by the data storage device comprises:

When the first key is used as part or all of the output information in the second chain, the data associated with the first key is stored as input data; the first key is used as the input information in the second chain Part or all of the data associated with the first key is stored as output data; the input data and output data stored on the data storage device are associated according to the same connection information.
The method for implementing the chain structure according to claim 10, wherein the data storage device verifies whether the data associated with the first key has errors, including one or more of the following verifications:

Verify the integrity of the second chain;

Verifying whether the data is data on the second chain;

When the first key is used as the input information of the ledger data in the second chain, verify whether there is output information that has the same connection information as the input information;

When the first key is used as the input information of the ledger data in the second chain, verify whether the output information that has the same connection information as the input information has been used;

When the first key is used as the input information of the ledger data in the second chain, and the data associated with the first key includes the transaction amount, verifying whether the transaction amount is correct;

When the first key is used as the input information of the ledger data in the second chain, and the data associated with the first key includes signature information, it is verified whether the signature information is correct.
The method for implementing the chain structure according to claim 10 or 14, the method further comprising: the first chain system sequentially numbers the ledger data, and the block header of the block data corresponding to the ledger data contains cumulative Amount of ledger data; the second chain system includes the cumulative amount of ledger data in the block data in the block header of the block data of the second chain.
The method for implementing a chain structure according to claim 15, wherein the verification of the integrity of the chain structure by the data storage device comprises: the data storage device synchronizes the block header of the second chain, and uses the The cumulative ledger data volume in the block header generates a numbered address, and the integrity of the second chain is verified according to the numbered address.
The method for implementing the chain structure according to claim 15, the method further comprising:

The data storage device verifies whether the accumulated book data amount in the second chain block header data is correct according to the first chain block header data.
The method for implementing the chain structure according to claim 10, the method further comprising:

The first chain system includes the current consensus public key set mapping value in the block header of the first chain;

According to the mapping value of the consensus public key set in the first chain block header, the data storage device verifies whether the consensus public key in the second chain block header is valid by using Merkel tree certification or accumulator certification.
The method for implementing a chain structure according to claim 10, wherein the second chain system writes one or more continuous block data of the first chain into the block data of the second chain, including: The second chain system recombines one or more consecutive block data of the first chain in the order of transaction data serial number and control data serial number to generate a Merkel tree root hash value, and generates a Merkel tree root hash value. The block header of the chain contains the root hash value of the Merkel tree.
According to the chain structure realization method of claim 10,

The system also includes: a data verification device;

The method further includes: the data verification device uses part or all of the connection information of the chain in the chain structure as a second key, and obtains the data stored on the data storage device from the data storage device and the second key. According to the data associated with the key, verify whether the data in the second chain has errors according to the acquired data.
The method for implementing a chain structure according to claim 20, wherein the data verification device uses part or all of the connection information of the chain in the chain structure as the second key to obtain the data storage device from the data storage device. The data associated with the second key stored on the device includes:

The data verification device synchronizes the block header of the second chain, uses the cumulative ledger data volume in the block header to generate a numbered address, and obtains part or all of the chain connection information according to the numbered address as the second key. The data storage device obtains data associated with the second key stored on the data storage device.
The method for implementing the chain structure according to claim 20, wherein the data that the data verification device obtains from the data storage device and the data associated with the second key stored on the data storage device includes one of the following data One or more types: data associated with the second key, Merkel tree certification path, additional verification data, wherein the second key is part or all of the output information in the chain structure, or the The second key serves as part or all of the input information in the chain structure;

The data verification device verifies whether there is an error in the data in the second chain according to the acquired data, including:

The data verification device synchronizes the block header in the second chain, and combines the block header and the data associated with the second key obtained from the data storage device to perform one or more of the following verifications :

Verifying whether the data associated with the second key obtained from the data storage device is data on the second chain;

When the second key is used as the input information of the acquired data, verify whether there is output information that has the same connection information as the input information;

When the second key is used as the input information of the acquired data, verify whether the output information having the same connection information as the input information has been used;

When the second key is used as the input information of the acquired data, and when the acquired data includes a transaction amount, verify whether the transaction amount is correct;

When the second key is used as the input information of the acquired data, and when the acquired data includes signature information, verify whether the signature information is correct.
The method for implementing the chain structure according to claim 20, the method further comprising:

The first chain system includes the mapping value of the current consensus public key set in the block header of the first chain;

The data verification device uses Merkel tree certification or accumulator certification according to the mapping value of the consensus public key set in the first chain block header to verify whether the consensus public key in the second chain block header is valid.
According to the chain structure realization method of claim 10,

Wherein, the first chain is a private chain or a consortium chain,

The method further includes: the first chain system issues one or more of the following keys to the user: a management address master key, a transaction address master key, a confidential transaction master key, and a symmetric encryption master key, wherein:

The management address master key is used to generate the next management address of the user with the current first generation parameter, and all the management addresses of the user form a logical chain;

The transaction address master key is used to generate the next receiving transaction address of the user with the current second generation parameter, and all receiving transaction addresses of the user form a logical chain;

The secret transaction master key is used to generate the working key of the current encryption and decryption ciphertext transaction amount with the current third generation parameter;

The symmetric encryption master key is used to generate the symmetric encryption work key of the user's next encryption and decryption management data with the current fourth generation parameter.
The method for implementing the chain structure according to claim 10 or 24, the method further comprising:

The first chain system uses the management address master key issued for the user and the generation parameters in the user's previous management data to generate the user's current management address, and writes the user's current management address in the current management data Generate the generation parameters of the next management address of the user.
A chain structure data storage device includes a first storage module and a second storage module, wherein:

The first storage module is configured to store part or all of the connection information of the chain in the chain structure as a first key;

The second storage module is configured to store the data in the chain structure associated with the first key as input data or output data, and the input data and output data stored in the same data storage device are related according to the same connection information United.
The chain structure data storage device according to claim 26, the data storage device further comprising a first verification module configured to verify the data in the chain structure associated with the first key Is there an error.
The chain structure data storage device according to claim 27, wherein the first verification module verifies whether the data associated with the first key has errors, comprising:

The first verification module performs one or more of the following verification operations:

Verifying whether the data is data on the chain structure;

When the first key is used as the input information in the chain structure, verify whether there is output information that has the same connection information as the input information;

When the first key is used as the input information in the chain structure, verify whether the output information that has the same connection information as the input information has been used;

When the first key is used as input information in the chain structure, and the data associated with the first key includes a transaction amount, verifying whether the transaction amount is correct;

When the first key is used as the input information in the chain structure, and the data associated with the first key includes signature information, it is verified whether the signature information is correct.
A chain structure data verification device includes a key value search module and a second verification module, wherein:

The key value search module is configured to search for part or all of the connection information of the chain in the chain structure as the second key;

The second verification module is configured to obtain data associated with the second key stored by the data storage device from a data storage device, and verify whether the data in the chain structure has errors according to the obtained data.
The chain structure data verification device according to claim 29, wherein the second verification module verifies whether there is an error in the data in the chain structure according to the acquired data, comprising:

The data verification device synchronizes the block header data in the chain structure, and the second verification module combines the block header data with the data associated with the second key acquired from the data storage device to perform the following One or more of verification:

Verifying whether the data associated with the second key obtained from the data storage device is data on the chain structure;

When the second key is used as the input information of the acquired data, verify whether there is output information that has the same connection information as the input information;

When the second key is used as the input information of the acquired data, verify whether the output information having the same connection information as the input information has been used;

When the second key is used as the input information of the acquired data, and when the acquired data includes a transaction amount, verify whether the transaction amount is correct;

When the second key is used as the input information of the acquired data, and when the acquired data includes signature information, verify whether the signature information is correct.
A chain structure system includes: a first chain system, a second chain system and a data storage device, wherein:

The first chain system is configured to, after signing the ledger data, write the signed ledger data into the block data of the first chain;

The second chain system is configured to write one or more continuous block data of the first chain into the block data of the second chain after verifying the block data of the first chain;

The data storage device is configured to use part or all of the connection information of the chain in the second chain as the first key, and the data associated with the first key as the value, to verify whether the data associated with the first key has errors After verifying that the data associated with the first key has no error, the data is stored as input data or output data, and the input data and output data stored in the same data storage device are associated according to the same connection information.
The chain structure system according to claim 31, wherein the first chain system further comprises a consensus group;

The first chain system is further configured to use part or all of the connection information of the chain in the first chain as a third key, data associated with the third key as a value, and assign the value associated with the third key to A consensus group with the same third key as the value, and the data associated with the third key includes transaction data;

The consensus group is set to verify the data associated with the third key, including one or more of the following verifications:

When the third key is used as the input information of the transaction data, verify whether there is output information that has the same connection information as the input information;

When the third key is used as the input information of the transaction data, verify whether the output information that has the same connection information as the input information has been used;

When the third key is used as the input information of the transaction data, verify whether the transaction amount of the transaction data is correct;

When the third key is used as the input information of the transaction data, it is verified whether the signature information of the transaction data is correct.
According to the chain structure system of claim 32, the consensus group is further configured to store the data associated with the third key as input data or output data after verifying the data associated with the third key, wherein When the third key is used as part or all of the output information in the first chain, the data associated with the third key is stored as input data, and when the third key is used as the first chain When part or all of the input information is stored, the data associated with the third key is stored as output data; the input data and output data stored on the same consensus group are related according to the same connection information.
The chain structure system according to claim 31, the first chain system is further configured to sequentially number the ledger data, and the block header of the block data corresponding to the ledger data contains the cumulative amount of ledger data; The second chain system is also configured to include the cumulative ledger data amount in the block data in the block header of the block data of the second chain.
The chain structure system according to claim 31, wherein the data storage device verifies whether the data associated with the first key has errors, including one or more of the following verifications:

Verify the integrity of the second chain;

Verifying whether the data is data on the second chain;

When the first key is used as the input information of the ledger data in the second chain, verify whether there is output information that has the same connection information as the input information;

When the first key is used as the input information of the ledger data in the second chain, verify whether the output information that has the same connection information as the input information has been used;

When the first key is used as the input information of the ledger data in the second chain, and the data associated with the first key includes the transaction amount, verifying whether the transaction amount is correct;

When the first key is used as the input information of the ledger data in the second chain, and the data associated with the first key includes signature information, it is verified whether the signature information is correct.
The chain structure system according to claim 31, the chain structure system further comprising: a data verification device; the data verification device is configured to use part or all of the connection information of the chain in the chain structure as the second key , Obtaining data associated with the second key stored on the data storage device from the data storage device, and verifying whether the data in the second chain has errors according to the obtained data.
The chain structure system according to claim 31 or 36, the first chain system is also set to include the value of the current consensus public key set mapping in the block header of the first chain, so that the data storage device or data The verification device uses Merkel tree certification or accumulator certification according to the mapping value of the consensus public key set in the first chain block header to verify whether the consensus public key in the second chain block header is valid.
The chain structure system according to claim 31, the first chain system is further configured to use the management address master key issued for the user and the generation parameters in the user's previous management data to generate the user's current Management address, and write the generation parameter used to generate the next management address of the user in the current management data.
A computer-readable storage medium storing computer-executable instructions for executing any of claims 1-2 or 3-6 or claims 7-9 or 10-25 The method described in the item.
A computer device, comprising a memory, a processor, and a computer program stored on the memory and running on the processor. The processor executes the program as claimed in claim 1-2 or claim 3-6 or right The steps of the method of any one of claims 7-9 or claims 10-25.