WO2021239072A1 - Method for creating node group in alliance chain network, and transaction method based on node group - Google Patents

Method for creating node group in alliance chain network, and transaction method based on node group Download PDF

Info

Publication number
WO2021239072A1
WO2021239072A1 PCT/CN2021/096519 CN2021096519W WO2021239072A1 WO 2021239072 A1 WO2021239072 A1 WO 2021239072A1 CN 2021096519 W CN2021096519 W CN 2021096519W WO 2021239072 A1 WO2021239072 A1 WO 2021239072A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
node
group
sub
anonymous
Prior art date
Application number
PCT/CN2021/096519
Other languages
French (fr)
Chinese (zh)
Inventor
杨文龙
夏凝
Original Assignee
支付宝(杭州)信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 支付宝(杭州)信息技术有限公司 filed Critical 支付宝(杭州)信息技术有限公司
Publication of WO2021239072A1 publication Critical patent/WO2021239072A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/389Keeping log of transactions for guaranteeing non-repudiation of a transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)

Definitions

  • the embodiments of this specification relate to the field of information technology, and in particular to a method for creating node groups in a consortium chain network based on node groups.
  • the alliance chain network also known as the alliance type blockchain network, generally consists of multiple institutions as alliance members, and the nodes controlled by multiple institutions form the alliance chain network.
  • users of the institution’s docking can encapsulate the business data of the initiated business into a transaction (data structure specified by the blockchain protocol) and submit it to the corresponding node of the institution, and then the institution corresponds
  • the nodes broadcast the transaction to the consortium chain network, and then each node in the consortium chain network writes the transaction into the local blockchain after a consensus on the transaction. In this way, it can be ensured that the business data written in the blockchain is difficult to be tampered with.
  • the existing operating mechanism of the alliance chain network causes the service data of any node to be disclosed to the entire network.
  • an embodiment of this specification provides a method for creating a node group in a consortium chain network and a transaction method based on the node group. The solution is as follows:
  • a method for creating a node group in a consortium chain network includes: a first node receives a first manager account Group creation transaction; the group creation transaction includes a group creation sub-transaction, the group creation sub-transaction includes a group public key; the first manager account is the manager of the first node registered in the alliance chain network The group public key is designated by the manager of the first node; the first node broadcasts the group creation transaction to the alliance chain network; the first node executes the group creation transaction, Including: creating a private chain locally, writing the creation sub-transaction into the local private chain, and using the group public key to encrypt the first node identifier; every other node except the first node is not In the case of creating a private chain, executing the group creation transaction includes: using the group public key to encrypt the first node identification; each node in the consortium chain network writes the group creation transaction and
  • an anonymous registration method based on the node group created in the first aspect, including: the first node receives an anonymous registration transaction constructed by a corresponding user account; the anonymous registration transaction Contains an anonymous registration sub-transaction, the anonymous registration sub-transaction includes an anonymous public key and a signature generated by using the group private key corresponding to the group public key; wherein, the user account is the user connected to the first node in the consortium chain
  • the anonymous public key is specified by the user who is docking with the first node; the first node uses the set of public keys to pair the anonymous registration sub-transactions corresponding to the set of private keys
  • the signature is verified, and if the verification is passed, the anonymous registration transaction is processed, including: reconstructing the anonymous registration transaction including the anonymous registration sub-transaction through the account of the first management party;
  • the consortium chain network broadcasts the reconstructed anonymous registration transaction; the execution of the anonymous registration transaction by the first node includes: writing the anonymous registration sub-trans
  • a transaction method based on the anonymous registration method described in the second aspect including: the first node receives a business transaction constructed by a corresponding user account; the business transaction includes a business A sub-transaction, the business sub-transaction includes business data, a signature generated using the set of private keys, and a signature generated using the anonymous private key corresponding to the anonymous public key; the first node uses the set of public keys to The signature corresponding to the group private key in the business subtransaction is verified, and the anonymous public key corresponding to the user account is used to verify the signature corresponding to the anonymous private key in the business subtransaction.
  • processing the business transaction includes: reconstructing a business transaction containing the hash value of the business sub-transaction through the account of the first management party; The constructed business transaction; the execution of the business transaction by the first node includes: writing the business sub-transaction into a local private chain; other nodes other than the first node have not created a private chain, Perform the reconstructed business transaction; each node in the alliance chain network writes the business transaction into the local alliance chain.
  • the manager of the first node in the alliance chain network can initiate a group creation transaction through its own alliance chain account, and the group creation transaction includes group creation sub-transactions.
  • the group creation transaction is broadcast to the consortium chain network
  • the first node executes the group creation transaction, it creates a sub-transaction according to the group and creates a private chain locally, which is equivalent to creating a node group containing the first node.
  • other nodes execute the group creation transaction, they will not create a private chain locally.
  • the first node and other nodes will write the set of created transactions into the local consortium chain.
  • the first management party initiates a business transaction to the first node through its own consortium chain account
  • the first node determines that the business sub-transaction contained in the business transaction carries the signature of the group private key, it is determined that the business sub-transaction specifies For the node group corresponding to the group private key, the content of the business sub-transaction cannot be disclosed to the alliance chain. Therefore, the first node will replace the business sub-transaction in the business transaction with a hash value before broadcasting to the alliance chain network.
  • a node When a node executes a business transaction, it will write the business sub-transaction into the local private chain, and when other nodes in the alliance chain network except the first node execute business transactions, there is no business sub-transaction content in the business transaction ( It is a hash value), and there is no private chain locally, so it will not execute like the first node. Finally, each node in the alliance chain network will write the business transaction containing the hash value of the business sub-transaction into the local alliance chain.
  • the plaintext of the service data of the first node docking will only be stored in the private chain of the node group where the first node is located, which protects the privacy of the first node's business data; on the other hand, on the one hand, the hash value of the business data corresponding to the first node will be stored in the alliance chain again, which has the effect of storing evidence (not tampering).
  • the first node identifier in the execution result corresponding to the group creation transaction is encrypted, each node in the consortium chain network does not locally store the actual identity information of the first node that creates the node group.
  • Figure 1 is a schematic diagram of the structure of an existing blockchain system
  • FIG. 2 is a schematic diagram of the structure of a blockchain system provided by an embodiment of this specification.
  • FIG. 3 is a schematic flowchart of a method for creating a node group in a consortium chain network provided by an embodiment of this specification;
  • FIG. 4 is a schematic diagram of a first node locally maintaining an alliance chain and a private chain provided by an embodiment of this specification;
  • FIG. 5 is a schematic flowchart of a method for anonymous registration based on node groups according to an embodiment of this specification
  • FIG. 6 is a schematic flowchart of a transaction method based on an anonymous registration method provided by an embodiment of this specification
  • FIG. 7 is a schematic flowchart of a method for joining a node group according to an embodiment of the present specification
  • FIG. 8 is a schematic diagram of a second node locally maintaining an alliance chain and a private chain according to an embodiment of this specification
  • FIG. 9 is a schematic flowchart of a node group-based anonymous registration method provided by an embodiment of this specification.
  • FIG. 10 is a schematic flowchart of a transaction method based on an anonymous registration method provided by an embodiment of this specification.
  • Fig. 11 is a schematic structural diagram of a device for configuring the method of the embodiment of this specification.
  • FIG 1 is a schematic diagram of the structure of an existing blockchain system.
  • the alliance chain account can send transactions through any node, the transaction contains business data, and the transaction will be broadcast to the entire network, so that each node will cache the transaction locally.
  • nodes A to D generate blocks based on the consensus algorithm. There are several transactions in the block. Each node executes the transactions in the block generated by the consensus and writes the block to the local consortium chain (Equivalent to writing each transaction in the block to the local consortium chain), realizing transaction execution and transaction storage on the chain.
  • the blockchain system described in Figure 1 will open the business data of each node's docking in the consortium chain in plaintext, and all nodes in the consortium chain network can view each other's business data, which cannot realize the protection of business data privacy.
  • This solution is used to achieve data isolation between nodes in a consortium chain network (data isolation between node groups, or data isolation between nodes and node groups), so as to protect the business data connected to nodes privacy.
  • the blockchain system includes a consortium chain network.
  • the consortium chain network is composed of multiple nodes. Each node is deployed with a block chain maintained by the consortium chain network.
  • the chain is called the alliance chain).
  • each node in the consortium chain network can also maintain at least one local private blockchain (for the convenience of description, it is called a private chain).
  • the so-called "private” in this article means that the node group is private, not that the node is private.
  • the nodes that maintain the same private chain constitute a node group, and a node can create or join one or more than one node group. If a node group includes only one node, then the local private chain of this node is also the private chain maintained by this node group; if a node group includes more than one node, then each node in this node group has the local private chain The chains are the same, and the same private chain is the private chain maintained by this node group.
  • any node can create or join a node group, the nodes in the same node group maintain the same private chain, and the plaintext of the business data of the nodes in the same node group can only be written into the private chain of the node group to realize the node Data isolation inside and outside the group.
  • FIG 2 is a schematic structural diagram of a blockchain system provided by an embodiment of this specification.
  • the alliance chain network includes node A, node B, node C, and node D. Nodes A to D all maintain the same alliance chain locally. The same alliance chain is maintained by the alliance chain network. Blockchain.
  • node A and node D belong to the same node group, maintain the same private chain 1, and share business data with each other.
  • Node C creates a node group by itself, which includes only node C, and node C maintains private chain 2 (of course , It is also possible to allow nodes A, B, and D to subsequently join the node group), node B has not created or joined any node group, and the service data of node B docking will be shared with the entire network.
  • the business data of node A and node D will not be shared with node B and node C, and the data isolation between node group and node and node group is realized.
  • the business data of node C will not be shared with other nodes, and data isolation between nodes is realized.
  • the architecture of the blockchain system in this scheme is actually a two-layer network nesting structure.
  • the outer layer is a consortium chain network, and inside the consortium chain network, several private chain networks can be formed (a private chain network is one Node group).
  • the initiated transaction refers to the account registered on the alliance chain network (such as the manager account registered in the alliance chain network by the manager of a node, and the user account registered in the alliance network by the ordinary users served by the manager)
  • the initiated transaction is a concept at the level of the alliance chain network. After the transaction is broadcast to each node in the alliance chain network, it will be further written into the alliance chain. For example, group creation transaction, group joining transaction, business transaction.
  • Sub-transaction refers to the data structure nested within the transaction, which is a concept on the private chain network level.
  • the sub-transaction will specify the private chain to be written into, and all nodes maintaining the private chain will write the sub-transaction into the private chain. For example, group creation sub-transaction, group joining sub-transaction, business sub-transaction.
  • transactions are divided into execution-type transactions and deposit-type transactions.
  • execution-type transactions nodes not only need to write the execution-type transaction into the blockchain, but also need to be based on some data parameters in the execution-type transaction. Perform the operation and get the execution result; for the deposit type transaction, the node does not need to execute, only the deposit type transaction will be written into the blockchain for deposit.
  • the transactions at the alliance chain level mentioned in this solution usually refer to execution transactions, while the sub-transactions at the private chain level are either deposit-certified transactions or execution transactions.
  • First node For the convenience of description, a certain node that creates a node group in the alliance chain network is called the first node.
  • Second node For the convenience of description, some other node in the alliance chain network that joins the node group created by the first node is called the second node.
  • Fig. 3 is a schematic flowchart of a method for creating a node group in a consortium chain network provided by an embodiment of the present specification, including the following steps: S300: the first node receives the group creation transaction constructed by the first manager account.
  • the first manager account is an account registered by the manager of the first node in the alliance chain network.
  • the management party of a node is an organization (such as a bank) that provides business services to users.
  • the centralized server of the node's manager will dock with several users.
  • the node manager provides a centralized service.
  • the user initiates a business to the centralized server of the node manager, and the centralized server encapsulates the corresponding business data into the business transaction through the account of the first manager. Submit to the first node so that the alliance chain network can process and store business transactions.
  • the node group creation operation and the node group joining operation it is usually initiated by the node's manager, not by the user who is docked by the node's manager.
  • the group creation transaction includes the creation sub-transaction (of course, it usually contains other parameters), and the creation sub-transaction includes the group public key.
  • the group public key is designated by the manager of the first node and is used as the creation The public key corresponding to the node group. It is understandable that since the administrator of the first node has designated the group public key, of course, it will also designate the group private key.
  • the transaction is a well-known data structure in the field of blockchain technology.
  • the transaction usually also contains other parameters (such as the account address, the hash value of the transaction, and the account pair that initiated the transaction.
  • the signature of the transaction, etc.) among which, other parameters in the transaction are not the focus of this solution. The following text will not emphasize other parameters, and only focus on the data contained in the transaction.
  • S302 The first node broadcasts the group creation transaction to the alliance chain network.
  • S304 The first node executes the group creation transaction.
  • Every other node except the first node executes the group creation transaction without creating a private chain.
  • Each node in the alliance chain network writes the group creation transaction and the corresponding execution result into the local alliance chain.
  • the first node will broadcast the group creation transaction to the entire network after accepting the group creation transaction initiated by the first manager account.
  • each node in the alliance chain network will package the group creation transaction into a block (understandably, there will be other transactions in the block, and other transactions may not be other group creation transactions, but may also be group join transactions or Business transactions).
  • each node needs to execute each transaction in the block and write the block to the local consortium chain. It should be noted here that nodes usually execute transactions based on locally deployed smart contracts or firmware.
  • the first node Since the first node is the subject of creating the node group this time, only the first node can create a private chain locally, and other nodes cannot create a private chain locally. This means that the first node performs the group creation transaction in a different way than other nodes.
  • the first node executes the group creation transaction, it creates a private chain locally, extracts the group creation sub-transactions embedded in the group creation transaction, and writes it to the local private chain, and uses the group public key to pair the first
  • the node ID is encrypted.
  • Every other node except the first node will not create a private chain when executing a group creation transaction.
  • the group creation transaction is executed without creating a private chain, and the group public key pair is used.
  • the first node ID is encrypted.
  • Other nodes can perform the group creation transaction "symbolicly" (in addition, as long as the group public key is used to encrypt the first node identification), in order to realize the group creation transaction between the first node and other nodes
  • Different execution methods can be implemented as follows: Two group creation transaction execution logics can be deployed on each node, corresponding to two different logic trigger conditions.
  • the group creation transaction execution logic 1 is to create a private chain locally, write the group creation sub-transaction into the local private chain, and use the group public key to encrypt the first node ID, and the corresponding trigger condition is that the execution node is The node that accepts and broadcasts the group creation transaction; the group creation transaction execution logic 2 does not actually execute any execution logic of the group creation transaction, as long as the group public key is used to encrypt the first node ID, and its corresponding trigger condition The execution node is not the node that accepts and broadcasts group creation transactions. It is worth emphasizing here that this manual does not specifically limit the group creation transaction execution logic 2, as long as it satisfies the “symbolic” execution of the group creation transaction without creating a private chain.
  • the execution result of the group creation transaction will of course be written into the alliance chain, and the execution result of each node written into the alliance chain is of course the same.
  • the group creation transaction execution logic 1 and the group creation transaction execution logic 2 can be set to generate a certain execution result logic, and the execution result corresponding to the group creation transaction can be set to include the group public key and encryption After the first node identification, in order to deposit the public key corresponding to the node group created by the exchange of the certificate group creation exchange and the encrypted identity of the node that created the node group.
  • writing the execution result into the consortium chain (or private chain) in this article does not necessarily mean storing the execution result in the consortium chain (or private chain) in plaintext, but it may also mean storing the execution result in the local plaintext, and The hash value of the plaintext of the execution result is anchored to the consortium chain (private chain).
  • the group public key of the node group can be used as a unique identifier to distinguish different node groups, or a separate group can be set for the node group Logo.
  • the group creation sub-transaction may also include a group identifier, and accordingly, the execution result corresponding to the group creation transaction may also include the group identifier.
  • the group creation sub-transaction may also include a signature generated using the group private key.
  • the first node can verify this signature before broadcasting the group creation transaction to the entire network. If the verification passes , It means that the group creation transaction is authorized and initiated by the holder of the group private key, and the node group can be created based on the group creation transaction.
  • the first node writes the group creation sub-transaction into the locally created private chain.
  • the first node will package the private chain creation block (wherein usually It also includes several groups of sub-transactions or business transactions accepted after the creation of the private chain and written into the locally created private chain.
  • the group creation transaction is packaged into a certain alliance chain block and written into the alliance chain, and the group creation sub-transaction is packaged into the local private chain of the first node. Genesis block.
  • the first node can write in the private chain block (specifically in the block header) that encapsulates the group creation sub-transaction
  • the input pointer object is used to point to the consortium chain block encapsulating the group creation transaction.
  • Fig. 4 is a schematic diagram of a first node locally maintaining an alliance chain and a private chain provided by an embodiment of this specification.
  • the consortium chain area A group creation transaction is packaged in the block.
  • the node group in this solution can include only one node, and this node can write the business data of its own docking into the local private chain in plain text.
  • FIG. 5 is a schematic flowchart of a node group-based anonymous registration method provided by an embodiment of this specification, including the following steps: S500: the first node receives the anonymous registration transaction constructed by the corresponding user account.
  • the anonymous registration transaction includes an anonymous registration sub-transaction, the anonymous registration sub-transaction includes an anonymous public key and a signature generated using the group private key corresponding to the group public key; wherein, the user account is the first node docking The account of the user registered in the consortium chain network, and the anonymous public key is specified by the user who is docked with the first node.
  • the first node uses the group public key to verify the signature corresponding to the group private key in the anonymous registration sub-transaction, and if the verification is passed, the anonymous registration transaction is processed.
  • the processing includes: reconstructing an anonymous registration transaction including the anonymous registration sub-transaction through the first management party account.
  • the effect of this processing is that the first node reconstructs the anonymous registration transaction with its own identity, so that the identity information of the user account can be stripped off.
  • S504 The first node broadcasts the reconstructed anonymous registration transaction to the alliance chain network.
  • the first node Since the identity information of the user account has been stripped from the anonymous registration transaction, the first node broadcasts the anonymous registration transaction to the entire network, and the identity information of the user account will not be leaked.
  • S506 The first node executes the anonymous registration transaction.
  • the first node writes the anonymous registration sub-transaction into the local private chain. In this way, it is equivalent to anonymously registering users at the private chain network level.
  • the user can use the signature generated by the anonymous private key to initiate business sub-transactions.
  • Every other node except the first node executes the reconstructed anonymous registration transaction without creating a private chain.
  • Every other node except the first node symbolically executes the reconstructed anonymous registration transaction without creating a private chain.
  • the anonymous registration sub-transaction may also include a signature generated using the anonymous private key corresponding to the anonymous public key to prove that the initiator of the anonymous registration sub-transaction holds the anonymous private key.
  • the first node can use the anonymous public key to verify the signature corresponding to the anonymous private key in the anonymous registration subtransaction, and if the first node verifies the signature corresponding to the anonymous private key If the signature verification is passed, the anonymous registration sub-transaction is processed.
  • the first node can establish and store the correspondence between the anonymous public key and the user account locally, so that only the first node The node can grasp the real identity of the user corresponding to the registered anonymous public key.
  • the first node may write a pointer object in the private chain block encapsulating the anonymous registration sub-transaction for pointing to the consortium chain block encapsulating the reconstructed anonymous registration transaction.
  • FIG. 6 is a schematic flowchart of a transaction method based on an anonymous registration method provided by an embodiment of the present specification, including the following steps: S600: the first node receives a business transaction constructed by a corresponding user account.
  • the business transaction includes a business sub-transaction, and the business sub-transaction includes business data, a signature generated using the set of private keys, and a signature generated using an anonymous private key corresponding to the anonymous public key.
  • Business sub-transactions can be either a certificate-based transaction or an execution-type transaction.
  • the business data is the result of the data obtained by the manager after performing the operation according to the business request;
  • the business sub-transaction is an execution transaction, the business data is the business request itself, and the nodes in the node group need Business sub-transactions are executed at the private chain network level, and the execution results are obtained. Both the business sub-transactions and the execution results will be written into the private chain.
  • the function of including the signature corresponding to the group private key in the business sub-transaction is to prove that the business sub-transaction has the right to call the nodes in the node group to process the transaction.
  • the business sub-transaction may also include a group identifier, which is used to indicate the node group to be called by the business sub-transaction.
  • the first node uses the group public key corresponding to the group identifier to verify the signature in the service sub-transaction.
  • the function of including the signature corresponding to the anonymous private key in the business sub-transaction is to prove that the business sub-transaction is authorized and initiated by the user account corresponding to the anonymous public key.
  • the first node uses the group public key to verify the signature corresponding to the group private key in the service sub-transaction, and uses the anonymous public key corresponding to the user account to verify the signature corresponding to the group private key in the service sub-transaction.
  • the signature of the anonymous private key is verified, and if all verifications are passed, the business transaction is processed.
  • the processing includes: reconstructing a business transaction including a hash value of the business sub-transaction through the account of the first management party.
  • business data involves data privacy and cannot be shared outside the node group.
  • business transactions that include business sub-transactions need to be written into the alliance chain.
  • the first node can obtain To the plaintext of the business sub-transaction, other nodes can only obtain the hash value of the business sub-transaction.
  • the user account information that initiates the business transaction will not be leaked to other nodes other than the first node.
  • the first node may perform the above-mentioned processing on the business transaction after judging that there is a corresponding relationship between the anonymous public key and the user account according to the correspondence between the anonymous public key stored locally and the user account .
  • S604 The first node broadcasts the processed business transaction to the alliance chain network.
  • S606 The first node executes the business transaction.
  • the first node executes the business transaction, if it finds that the business sub-transaction is a certificated transaction, it will write the business sub-transaction into the local private chain, and if it finds that the business sub-transaction is an execution-type transaction, it will execute the business Sub-transactions and get the corresponding execution sub-results, and write the business sub-transactions and the corresponding execution sub-results into the local private chain.
  • the first node may write a pointer object in the private chain block encapsulating the business subtransaction for pointing to the consortium chain block encapsulating the processed business transaction.
  • Fig. 7 is a schematic flowchart of a method for joining a node group provided by an embodiment of the present specification, including the following steps:
  • S700 The second node receives the group join transaction constructed by the account of the second management party.
  • the group joining transaction includes a group joining sub-transaction that includes a signature generated using a group private key corresponding to the group public key; the second manager account is the manager of the second node The account registered in the alliance chain network.
  • the manager of the second node may allow the second node to also join the node group to share service data with the first node.
  • the manager of the first node can provide the group private key to the manager of the second node offline.
  • the second node uses the group public key to verify the signature of the group addition sub-transaction, and if the verification is passed, broadcast the group addition transaction to the consortium chain network.
  • S704 The second node executes the group joining transaction.
  • the second node creates a private chain locally, uses the group public key to encrypt the second node identification, and obtains data from other nodes that store the same private chain (such as the first node and other nodes that have joined the same node group). ) Synchronize historical data of the private chain, and write the group addition sub-transaction into the local private chain.
  • nodes storing the same private chain use the group public key to encrypt the second node identifier, and write the group addition sub-transaction into the local private chain.
  • S708 Other nodes in the consortium chain network that do not store the same private chain perform the group joining transaction without creating a private chain.
  • the other nodes that do not store the same private chain in the consortium chain network refer to other nodes that join the node group, and use the group public key to encrypt the second node identifier.
  • Each node in the alliance chain network writes the group joining transaction and the corresponding execution result into the local alliance chain.
  • the execution result corresponding to the group joining transaction may include the encrypted second node identifier.
  • the group joining transaction further includes a group identification
  • the second node uses the group public key corresponding to the group identification to verify the signature of the group joining sub-transaction.
  • the second node and other nodes storing the same private chain write a pointer object in the private chain block encapsulating the group joining sub-transaction for pointing to the alliance chain area encapsulating the group joining transaction Piece.
  • Fig. 8 is a schematic diagram of a second node locally maintaining an alliance chain and a private chain provided by an embodiment of this specification.
  • the second node requests to join the node group after the first node has maintained the private chain for a period of time.
  • the private chain maintained by the first node stores two private chain blocks, and the group joins the sub-transaction. It is packaged into the third private chain block, and at the same time, the third private chain block is also related to a certain consortium chain block that is packaged to join the transaction.
  • the node group in this solution can include more than one node, and each node in the same node group can share its own docking service data.
  • This is a description of how to trade when the node group includes more than one node. It should be noted that you can refer to the previous description of the principle description of how to trade when only one node is included in the node group to understand the latter, and the parts of the same principle will not be repeated.
  • FIG. 9 is a schematic flowchart of a method for anonymous registration based on a node group provided by an embodiment of the present specification, including the following steps: S900: the second node receives an anonymous registration transaction constructed by a corresponding user account.
  • the anonymous registration transaction includes an anonymous registration sub-transaction, the anonymous registration sub-transaction includes an anonymous public key and a signature generated using the set of private keys; wherein, the user account is a user connected to the second node in the alliance chain For the account registered in the network, the anonymous public key is designated by the user corresponding to the second node.
  • S902 The second node uses the group public key to verify the signature corresponding to the group private key in the anonymous registration sub-transaction, and if the verification is passed, the anonymous registration transaction is processed.
  • the processing includes: reconstructing an anonymous registration transaction including the anonymous registration sub-transaction through the second management party account.
  • S904 The second node broadcasts the processed anonymous registration transaction to the alliance chain network.
  • S906 The second node executes the anonymous registration transaction with other nodes storing the same private chain.
  • the second node and other nodes storing the same private chain write the anonymous registration sub-transaction into the local private chain.
  • the anonymous registration sub-transaction may also include a signature generated using the anonymous private key corresponding to the anonymous public key.
  • the second node may use the anonymous public key to pair the anonymous registration sub-transaction corresponding to The signature of the anonymous private key is verified.
  • the second node passes the verification of the signature corresponding to the anonymous private key, the anonymous registration transaction is processed.
  • the second node may establish and store the correspondence between the anonymous public key and the user account locally.
  • Fig. 10 is a schematic flowchart of a transaction method based on an anonymous registration method provided by an embodiment of the present specification, including: S1000: a second node receives a business transaction constructed by a corresponding user account.
  • the business transaction includes a business sub-transaction, and the business sub-transaction includes business data, a signature generated using the set of private keys, and a signature generated using an anonymous private key corresponding to the anonymous public key.
  • the second node uses the group public key to verify the signature corresponding to the group private key in the business sub-transaction, and uses the anonymous public key to verify the signature corresponding to the anonymous private key in the business sub-transaction.
  • the signature of the key is verified, and if the verifications are all passed, the business sub-transaction is sent to other nodes in the same node group, and the business transaction is processed.
  • the node group includes not only the second node, but also at least the first node (there may be more nodes), therefore, the second node needs to send the business sub-transactions in the accepted business transactions to the private chain network level Other nodes in the same node group.
  • the second node also needs to reconstruct the business transaction including the hash value of the business sub-transaction through the second manager account. In this way, the user account information that initiates the business transaction will not be leaked to nodes other than the first node.
  • the second node may perform the above-mentioned processing on the business transaction after judging that there is a corresponding relationship between the anonymous public key and the user account according to the correspondence between the anonymous public key stored locally and the user account .
  • S1004 The second node broadcasts the processed business transaction to the alliance chain network.
  • S1006 The second node executes the business transaction with other nodes storing the same private chain.
  • S1008 Other nodes that do not store the same private chain in the consortium chain network perform the processed business transaction without creating a private chain.
  • the second node and other nodes storing the same private chain write the business sub-transaction into the local private chain.
  • the business sub-transaction is an execution type transaction
  • the second node executes the business sub-transaction with other nodes storing the same private chain, and writes the business sub-transaction and the corresponding execution sub-result into the local private chain.
  • the business sub-transaction further includes a group identification
  • the second node may use the group public key corresponding to the group identification to verify the signature in the business sub-transaction.
  • the second node and other nodes storing the same private chain write a pointer object in the private chain block encapsulating the business sub-transaction for pointing to the alliance chain area encapsulating the processed business transaction Piece.
  • the other node determines to receive the business sub-transaction, it returns a signature to the second node. In this way, if the second node determines that the number of received signatures of other nodes meets the preset distributed fault tolerance condition, then the business transaction is processed.
  • the embodiment of the present specification also provides a blockchain system, including a consortium chain network, the consortium chain network includes a plurality of nodes; a first node, which receives a group creation transaction constructed by an account of a first manager; and the group creation The transaction includes a group creation sub-transaction, the group creation sub-transaction includes a group public key; the first manager account is an account registered in the alliance chain network by the manager of the first node; the group public key Is designated by the manager of the first node; broadcasting the group creation transaction to the alliance chain network; executing the group creation transaction includes: creating a private chain locally, and writing the creation sub-transaction to the local Private chain, and use the group public key to encrypt the first node identification; every other node except the first node executes the group creation transaction without creating a private chain, including: using all The group public key encrypts the first node identification; each node in the alliance chain network writes the group creation transaction and the corresponding execution result into the local alliance chain; the execution result corresponding
  • the first node receives an anonymous registration transaction constructed by a corresponding user account; the anonymous registration transaction includes an anonymous registration sub-transaction, the anonymous registration sub-transaction includes an anonymous public key and uses the group private key corresponding to the group public key
  • the generated signature wherein the user account is an account registered in the consortium chain network of the user docking with the first node, and the anonymous public key is specified by the user docking with the first node; using the group public
  • the key verifies the signature corresponding to the set of private keys in the anonymous registration sub-transaction, and if the verification is passed, the anonymous registration transaction is processed, including: reconstructing the signature that contains all the private keys through the account of the first management party.
  • the anonymous registration transaction of the anonymous registration sub-transaction; broadcasting the reconstructed anonymous registration transaction to the alliance chain network; executing the anonymous registration transaction includes: writing the anonymous registration sub-transaction into a local private chain; Every other node except a node, without creating a private chain, executes the reconstructed anonymous registration transaction; each node in the consortium chain network writes the anonymous registration transaction into the local consortium chain.
  • the first node receives a business transaction constructed by a corresponding user account; the business transaction includes a business sub-transaction, the business sub-transaction includes business data, a signature generated using the set of private keys, and the anonymous public key The signature generated by the corresponding anonymous private key; using the group public key to verify the signature corresponding to the group private key in the business subtransaction, and using the anonymous public key corresponding to the user account to verify the business subtransaction The signature corresponding to the anonymous private key in is verified, and if the verifications are all passed, then the business transaction is processed, including: reconstructing a hash value containing the business sub-transaction through the first manager account Broadcasting the reconstructed business transaction to the alliance chain network; executing the business transaction includes: writing the business sub-transaction into the local private chain; nodes other than the first node, in The reconstructed business transaction is executed without creating a private chain; each node in the consortium chain network writes the business transaction into the local consortium chain.
  • the second node receives the group joining transaction constructed by the account of the second manager; the group joining transaction includes a group joining sub-transaction, and the group joining sub-transaction includes a signature generated using the group private key corresponding to the group public key;
  • the second manager account is an account registered by the manager of the second node in the alliance chain network; the group public key is used to verify the signature of the group joining the sub-transaction, and if the verification passes, then Broadcasting the group joining transaction to the alliance chain network; executing the group joining transaction includes: creating a private chain locally, using the group public key to encrypt the second node identifier, and downloading from other nodes that store the same private chain
  • the node synchronizes the historical data of the private chain, and writes the group addition sub-transaction into the local private chain; other nodes that store the same private chain, execute the group addition transaction, including: using the group public key to pair the second node
  • the identification is encrypted, and the group joining sub-transaction is written into the local private chain; other no
  • the second node receives an anonymous registration transaction constructed by a corresponding user account; the anonymous registration transaction includes an anonymous registration sub-transaction, and the anonymous registration sub-transaction includes an anonymous public key and a signature generated using the set of private keys; wherein ,
  • the user account is an account registered in the consortium chain network of the user docking with the second node, and the anonymous public key is specified by the user corresponding to the second node; and the group public key is used to pair the anonymous
  • the signature corresponding to the set of private keys in the registration sub-transaction is verified, and if the verification is passed, the anonymous registration transaction is processed, including: reconstructing the anonymous registration sub-transaction containing the anonymous registration through the account of the second management party The anonymous registration transaction; broadcast the reconstructed anonymous registration transaction to the alliance chain network; the second node and other nodes that store the same private chain, execute the anonymous registration transaction, including: register the anonymous sub-transaction Write to the local private chain; other nodes of the same private chain are not stored in the consortium chain network, and the reconstructed
  • the second node receives a business transaction constructed by a corresponding user account; the business transaction includes a business sub-transaction, the business sub-transaction includes business data, a signature generated using the set of private keys, and the anonymous public key The signature generated by the corresponding anonymous private key; using the group public key to verify the signature corresponding to the group private key in the business sub-transaction, and using the anonymous public key to verify the signature corresponding to the group private key in the business sub-transaction The signature of the anonymous private key is verified, and if the verifications are all passed, the business sub-transaction is sent to other nodes in the same node group, and the business transaction is processed, including: passing the second management party Account reconstruction includes the business transaction of the hash value of the business sub-transaction; broadcasts the reconstructed business transaction to the alliance chain network; the second node executes the business transaction with other nodes storing the same private chain , Including: writing the business sub-transaction into a local private chain; other nodes of the same private chain are not stored in the consortium
  • the embodiment of the present specification also provides a computer device, which at least includes a memory, a processor, and a computer program stored in the memory and capable of running on the processor, wherein the processor implements the node in the embodiment of the present specification when the program is executed. Function.
  • FIG. 11 shows a more specific hardware structure diagram of a computing device provided by an embodiment of this specification.
  • the device may include a processor 1110, a memory 1120, an input/output interface 1130, a communication interface 1140, and a bus 1150.
  • the processor 1110, the memory 1120, the input/output interface 1130, and the communication interface 1040 realize the communication connection between each other in the device through the bus 1050.
  • the processor 1110 can be implemented by a general CPU (Central Processing Unit, central processing unit), microprocessor, application specific integrated circuit (Application Specific Integrated Circuit, ASIC), one or more integrated circuits, etc., for executing related programs, In order to realize the technical solutions provided in the embodiments of this specification.
  • CPU Central Processing Unit
  • ASIC Application Specific Integrated Circuit
  • the memory 1120 may be implemented in the form of ROM (Read Only Memory), RAM (Random Access Memory, random access memory), static storage device, dynamic storage device, etc.
  • the memory 1120 can store an operating system and other application programs.
  • the technical solutions provided in the embodiments of the present specification are implemented by software or firmware, the related program codes are stored in the memory 1120 and called and executed by the processor 1110.
  • the input/output interface 1130 is used to connect an input/output module to realize information input and output.
  • the input/output/module can be configured in the device as a component (not shown in the figure), or can be connected to the device to provide corresponding functions.
  • the input device may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and an output device may include a display, a speaker, a vibrator, an indicator light, and the like.
  • the communication interface 1140 is used to connect a communication module (not shown in the figure) to realize the communication interaction between the device and other devices.
  • the communication module can realize communication through wired means (such as USB, network cable, etc.), or through wireless means (such as mobile network, WIFI, Bluetooth, etc.).
  • the bus 1150 includes a path to transmit information between various components of the device (for example, the processor 1110, the memory 1120, the input/output interface 1130, and the communication interface 1140).
  • the above device only shows the processor 1110, the memory 1120, the input/output interface 1130, the communication interface 1140, and the bus 1150, in the specific implementation process, the device may also include the necessary equipment for normal operation. Other components.
  • the above-mentioned device may also include only the components necessary to implement the solutions of the embodiments of the present specification, and not necessarily include all the components shown in the figures.
  • the embodiment of this specification also provides a computer-readable storage medium on which a computer program is stored, and when the program is executed by a processor, the function of the node in the embodiment of this specification is realized.
  • Computer-readable media includes permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology.
  • Information can be computer-readable instructions, data structures, program modules, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, magnetic tape disk storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
  • a typical implementation device is a computer.
  • the specific form of the computer can be a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email receiving and sending device, and a game console. , Tablet computers, wearable devices, or a combination of any of these devices.
  • the various embodiments in this specification are described in a progressive manner, and the same or similar parts between the various embodiments can be referred to each other, and each embodiment focuses on the differences from other embodiments.
  • the description is relatively simple, and for related parts, please refer to the part of the description of the method embodiment.
  • the device embodiments described above are only illustrative, and the modules described as separate components may or may not be physically separated.
  • the functions of the modules can be the same or Implemented in multiple software and/or hardware. Some or all of the modules can also be selected according to actual needs to achieve the objectives of the solutions of the embodiments. Those of ordinary skill in the art can understand and implement it without creative work.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Economics (AREA)
  • Technology Law (AREA)
  • Marketing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Development Economics (AREA)
  • Data Mining & Analysis (AREA)
  • General Engineering & Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A method for creating a node group in an alliance chain network, and a transaction method based on a node group. A manager of a first node in an alliance chain network can initiate a group creation transaction by means of an alliance chain account thereof, wherein the group creation transaction includes group creation sub-transactions. After the group creation transaction is broadcast to the alliance chain network, the first node creates a private chain locally according to the group creation sub-transactions when executing the group creation transaction, which is equivalent to creating a node group that includes the first node. Moreover, other nodes do not create a private chain locally when executing the group creation transaction. Finally, both the first node and the other nodes write the group creation transaction into a local alliance chain. By means of the method, the privacy of service data connected to a node can be protected.

Description

在联盟链网络中创建节点组、基于节点组的交易方法Create node group in alliance chain network, transaction method based on node group 技术领域Technical field
本说明书实施例涉及信息技术领域,尤其涉及一种在联盟链网络中创建节点组、基于节点组的交易方法。The embodiments of this specification relate to the field of information technology, and in particular to a method for creating node groups in a consortium chain network based on node groups.
背景技术Background technique
联盟链网络,又称联盟式的区块链网络,一般由多个机构作为联盟成员,将多个机构分别控制的节点组成联盟链网络。The alliance chain network, also known as the alliance type blockchain network, generally consists of multiple institutions as alliance members, and the nodes controlled by multiple institutions form the alliance chain network.
对于作为联盟成员的每个机构而言,该机构对接的用户可将发起的业务的业务数据封装成交易(区块链协议规定的数据结构)提交给该机构对应的节点,进而由该机构对应的节点将该交易广播到联盟链网络,进而由联盟链网络中各节点对该交易进行共识后写入本地的区块链。如此,可确保写入区块链中的业务数据难以被篡改。For each institution that is a member of the alliance, users of the institution’s docking can encapsulate the business data of the initiated business into a transaction (data structure specified by the blockchain protocol) and submit it to the corresponding node of the institution, and then the institution corresponds The nodes broadcast the transaction to the consortium chain network, and then each node in the consortium chain network writes the transaction into the local blockchain after a consensus on the transaction. In this way, it can be ensured that the business data written in the blockchain is difficult to be tampered with.
现有的联盟链网络的运行机制为了追求业务数据的不可篡改,导致任一节点对接的业务数据都会公开给全网。In order to pursue the non-tampering of service data, the existing operating mechanism of the alliance chain network causes the service data of any node to be disclosed to the entire network.
发明内容Summary of the invention
为了解决现有技术中无法保护节点对接的业务数据隐私的问题,本说明书实施例提供一种在联盟链网络中创建节点组、基于节点组的交易方法,方案如下:In order to solve the problem of the inability to protect the privacy of the business data of the node docking in the prior art, an embodiment of this specification provides a method for creating a node group in a consortium chain network and a transaction method based on the node group. The solution is as follows:
根据本说明书实施例的第1方面,提供一种在联盟链网络中创建节点组的方法,所述联盟链网络包括多个节点,所述方法包括:第一节点接收第一管理方账户构建的组创建交易;所述组创建交易包括组创建子交易,所述组创建子交易包含组公钥;所述第一管理方账户是所述第一节点的管理方在所述联盟链网络中注册的账户;所述组公钥是所述第一节点的管理方指定的;所述第一节点向所述联盟链网络广播所述组创建交易;所述第一节点执行所述组创建交易,包括:在本地创建私有链,将所述创建子交易写入本地的私有链,以及使用所述组公钥对第一节点标识进行加密;所述第一节点之外的每个其他节点在未创建私有链的情况下执行所述组创建交易,包括:使用所述组公钥对第一节点标识进行加密;所述联盟链网络中每个节点将所述组创建交易与对应的执行结果写入本地的联盟链;所述组创建交易对应的执行结果包含加密后的所述第一节点标识。According to the first aspect of the embodiments of the present specification, there is provided a method for creating a node group in a consortium chain network, the consortium chain network including a plurality of nodes, and the method includes: a first node receives a first manager account Group creation transaction; the group creation transaction includes a group creation sub-transaction, the group creation sub-transaction includes a group public key; the first manager account is the manager of the first node registered in the alliance chain network The group public key is designated by the manager of the first node; the first node broadcasts the group creation transaction to the alliance chain network; the first node executes the group creation transaction, Including: creating a private chain locally, writing the creation sub-transaction into the local private chain, and using the group public key to encrypt the first node identifier; every other node except the first node is not In the case of creating a private chain, executing the group creation transaction includes: using the group public key to encrypt the first node identification; each node in the consortium chain network writes the group creation transaction and the corresponding execution result Enter the local consortium chain; the execution result corresponding to the group creation transaction includes the encrypted first node identifier.
根据本说明书实施例的第2方面,提供一种基于第1方面所创建的节点组的匿名注册方法,包括:所述第一节点接收对应的用户账户构建的匿名注册交易;所述匿名注册交易包含匿名注册子交易,所述匿名注册子交易包含匿名公钥、使用所述组公钥对应的组私钥生成的签名;其中,所述用户账户是所述第一节点对接的用户在联盟链网络中注册的账户,所述匿名公钥是所述第一节点对接的用户指定的;所述第一节点使用所述组公钥对所述匿名注册子交易中对应于所述组私钥的签名进行验证,若验证通过,则对所述匿名注册交易进行处理,包括:通过所述第一管理方账户,重新构建包含所述匿名注册子交易的匿名注册交易;所述第一节点向所述联盟链网络广播重新构建的匿名注册交易;所述第一节点执行所述匿名注册交易,包括:将所述匿名注册子交易写入本地的私有链;所述第一节点之外的每个其他节点在未创建私有链的情况下,执行重新构建的所述匿名注册交易;所述联盟链网络中每个节点将所述匿名注册交易写入本地的联盟链。According to a second aspect of the embodiments of the present specification, there is provided an anonymous registration method based on the node group created in the first aspect, including: the first node receives an anonymous registration transaction constructed by a corresponding user account; the anonymous registration transaction Contains an anonymous registration sub-transaction, the anonymous registration sub-transaction includes an anonymous public key and a signature generated by using the group private key corresponding to the group public key; wherein, the user account is the user connected to the first node in the consortium chain For an account registered in the network, the anonymous public key is specified by the user who is docking with the first node; the first node uses the set of public keys to pair the anonymous registration sub-transactions corresponding to the set of private keys The signature is verified, and if the verification is passed, the anonymous registration transaction is processed, including: reconstructing the anonymous registration transaction including the anonymous registration sub-transaction through the account of the first management party; The consortium chain network broadcasts the reconstructed anonymous registration transaction; the execution of the anonymous registration transaction by the first node includes: writing the anonymous registration sub-transaction into a local private chain; each node other than the first node Other nodes execute the reconstructed anonymous registration transaction without creating a private chain; each node in the consortium chain network writes the anonymous registration transaction into the local consortium chain.
根据本说明书实施例的第3方面,提供一种基于第2方面所述的匿名注册方法的交易方法,包括:所述第一节点接收对应的用户账户构建的业务交易;所述业务交易包含 业务子交易,所述业务子交易包含业务数据、使用所述组私钥生成的签名、使用所述匿名公钥对应的匿名私钥生成的签名;所述第一节点使用所述组公钥对所述业务子交易中对应于组私钥的签名进行验证,以及,使用所述用户账户对应的匿名公钥对所述业务子交易中的对应于所述匿名私钥的签名进行验证,若验证皆通过,则对所述业务交易进行处理,包括:通过所述第一管理方账户重新构建包含所述业务子交易的哈希值的业务交易;所述第一节点向所述联盟链网络广播重新构建的业务交易;所述第一节点执行所述业务交易,包括:将所述业务子交易写入本地的私有链;所述第一节点之外的其他节点在未创建私有链的情况下,执行重新构建的所述业务交易;所述联盟链网络中每个节点将所述业务交易写入本地的联盟链。According to a third aspect of the embodiments of the present specification, there is provided a transaction method based on the anonymous registration method described in the second aspect, including: the first node receives a business transaction constructed by a corresponding user account; the business transaction includes a business A sub-transaction, the business sub-transaction includes business data, a signature generated using the set of private keys, and a signature generated using the anonymous private key corresponding to the anonymous public key; the first node uses the set of public keys to The signature corresponding to the group private key in the business subtransaction is verified, and the anonymous public key corresponding to the user account is used to verify the signature corresponding to the anonymous private key in the business subtransaction. If passed, processing the business transaction includes: reconstructing a business transaction containing the hash value of the business sub-transaction through the account of the first management party; The constructed business transaction; the execution of the business transaction by the first node includes: writing the business sub-transaction into a local private chain; other nodes other than the first node have not created a private chain, Perform the reconstructed business transaction; each node in the alliance chain network writes the business transaction into the local alliance chain.
本说明书实施例所提供的技术方案,联盟链网络中的第一节点的管理方可通过自己的联盟链账户发起组创建交易,组创建交易包含组创建子交易。组创建交易被广播到联盟链网络之后,第一节点在执行该组创建交易时,根据组创建子交易,在本地创建私有链,相当于创建包含第一节点的节点组。而其他节点在执行该组创建交易时,并不会在本地创建私有链。最终第一节点与其他节点都会将该组创建交易写入本地的联盟链。In the technical solution provided by the embodiment of this specification, the manager of the first node in the alliance chain network can initiate a group creation transaction through its own alliance chain account, and the group creation transaction includes group creation sub-transactions. After the group creation transaction is broadcast to the consortium chain network, when the first node executes the group creation transaction, it creates a sub-transaction according to the group and creates a private chain locally, which is equivalent to creating a node group containing the first node. When other nodes execute the group creation transaction, they will not create a private chain locally. Eventually, the first node and other nodes will write the set of created transactions into the local consortium chain.
如此,第一管理方通过自己的联盟链账户发起向第一节点发起业务交易时,第一节点如果确定业务交易包含的业务子交易中携带有组私钥的签名,则认定业务子交易指定了组私钥对应的节点组,业务子交易的内容并不能公开到联盟链中,因此,第一节点会将业务交易中的业务子交易替换成哈希值后才会广播给联盟链网络,第一节点执行业务交易时,会将业务子交易写入本地的私有链,而联盟链网络中除了第一节点以外的其他节点在执行业务交易时,由于业务交易中并没有业务子交易的内容(而是哈希值),且本地也没有私有链,因此并不会如第一节点那样进行执行。最终,联盟链网络中每个节点会将包含业务子交易的哈希值的业务交易写入本地的联盟链。In this way, when the first management party initiates a business transaction to the first node through its own consortium chain account, if the first node determines that the business sub-transaction contained in the business transaction carries the signature of the group private key, it is determined that the business sub-transaction specifies For the node group corresponding to the group private key, the content of the business sub-transaction cannot be disclosed to the alliance chain. Therefore, the first node will replace the business sub-transaction in the business transaction with a hash value before broadcasting to the alliance chain network. When a node executes a business transaction, it will write the business sub-transaction into the local private chain, and when other nodes in the alliance chain network except the first node execute business transactions, there is no business sub-transaction content in the business transaction ( It is a hash value), and there is no private chain locally, so it will not execute like the first node. Finally, each node in the alliance chain network will write the business transaction containing the hash value of the business sub-transaction into the local alliance chain.
通过本说明书实施例提供的技术方案,一方面,第一节点对接的业务数据明文只会存储于第一节点所在的节点组的私有链中,这保护了第一节点的业务数据隐私;另一方面,第一节点对应的业务数据的哈希值又会存储于联盟链中,起到了存证的效果(不可篡改)。此外,由于组创建交易对应的执行结果中的第一节点标识经过加密,因此,联盟链网络中每个节点本地也不会存储创建节点组的第一节点的实际身份信息。Through the technical solutions provided by the embodiments of this specification, on the one hand, the plaintext of the service data of the first node docking will only be stored in the private chain of the node group where the first node is located, which protects the privacy of the first node's business data; on the other hand, On the one hand, the hash value of the business data corresponding to the first node will be stored in the alliance chain again, which has the effect of storing evidence (not tampering). In addition, since the first node identifier in the execution result corresponding to the group creation transaction is encrypted, each node in the consortium chain network does not locally store the actual identity information of the first node that creates the node group.
以上的一般描述和后文的细节描述仅是示例性和解释性的,并不能限制本说明书实施例。此外,本说明书实施例中的任一实施例并不需要达到上述的全部效果。The above general description and the following detailed description are only exemplary and explanatory, and cannot limit the embodiments of this specification. In addition, any one of the embodiments of the present specification does not need to achieve all the above-mentioned effects.
附图说明Description of the drawings
图1是一种现有的区块链系统的结构示意图;Figure 1 is a schematic diagram of the structure of an existing blockchain system;
图2是本说明书实施例提供一种区块链系统的结构示意图;2 is a schematic diagram of the structure of a blockchain system provided by an embodiment of this specification;
图3是本说明书实施例提供的一种在联盟链网络中创建节点组的方法的流程示意图;3 is a schematic flowchart of a method for creating a node group in a consortium chain network provided by an embodiment of this specification;
图4是本说明书实施例提供的第一节点本地维护联盟链与私有链的示意图;FIG. 4 is a schematic diagram of a first node locally maintaining an alliance chain and a private chain provided by an embodiment of this specification;
图5是本说明书实施例提供的一种基于节点组的匿名注册方法的流程示意图;FIG. 5 is a schematic flowchart of a method for anonymous registration based on node groups according to an embodiment of this specification;
图6是本说明书实施例提供的一种基于匿名注册方法的交易方法的流程示意图;FIG. 6 is a schematic flowchart of a transaction method based on an anonymous registration method provided by an embodiment of this specification;
图7是本说明书实施例提供的一种加入节点组的方法的流程示意图;FIG. 7 is a schematic flowchart of a method for joining a node group according to an embodiment of the present specification;
图8是本说明书实施例提供的第二节点本地维护联盟链与私有链的示意图;FIG. 8 is a schematic diagram of a second node locally maintaining an alliance chain and a private chain according to an embodiment of this specification;
图9是本说明书实施例提供的一种基于节点组的匿名注册方法的流程示意图;FIG. 9 is a schematic flowchart of a node group-based anonymous registration method provided by an embodiment of this specification;
图10是本说明书实施例提供的一种基于匿名注册方法的交易方法的流程示意图;FIG. 10 is a schematic flowchart of a transaction method based on an anonymous registration method provided by an embodiment of this specification;
图11用于配置本说明书实施例方法的一种设备的结构示意图。Fig. 11 is a schematic structural diagram of a device for configuring the method of the embodiment of this specification.
具体实施方式Detailed ways
图1是一种现有的区块链系统的结构示意图。如图1所示,在现有技术中,联盟链账户可通过任一节点发送交易,交易包含业务数据,交易会被广播到全网,如此每个节点都会将交易缓存在本地。在共识阶段,节点A~节点D基于共识算法,生成区块,区块中打包有若干交易,每个节点对共识生成的区块中的交易进行执行,并将区块写入本地的联盟链(相当于将区块中每个交易都写入本地的联盟链),实现交易执行与交易的上链存储。Figure 1 is a schematic diagram of the structure of an existing blockchain system. As shown in Figure 1, in the prior art, the alliance chain account can send transactions through any node, the transaction contains business data, and the transaction will be broadcast to the entire network, so that each node will cache the transaction locally. In the consensus phase, nodes A to D generate blocks based on the consensus algorithm. There are several transactions in the block. Each node executes the transactions in the block generated by the consensus and writes the block to the local consortium chain (Equivalent to writing each transaction in the block to the local consortium chain), realizing transaction execution and transaction storage on the chain.
图1所述的区块链系统会将每个节点对接的业务数据明文公开在联盟链中,联盟链网络中的所有节点都可互相查看彼此的业务数据,无法实现业务数据隐私的保护。The blockchain system described in Figure 1 will open the business data of each node's docking in the consortium chain in plaintext, and all nodes in the consortium chain network can view each other's business data, which cannot realize the protection of business data privacy.
而本方案用于在一个联盟链网络中实现节点之间的数据隔离(也可节点组之间的数据隔离,还可是节点与节点组之间的数据隔离),从而保护节点所对接的业务数据隐私。This solution is used to achieve data isolation between nodes in a consortium chain network (data isolation between node groups, or data isolation between nodes and node groups), so as to protect the business data connected to nodes privacy.
此处先对本方案所应用的区块链系统的架构进行说明。区块链系统包括一个联盟链网络,联盟链网络由多个节点组成,每个节点上部署有联盟链网络所维护的区块链(为了描述的方便,本文将联盟链网络所维护的区块链称为联盟链)。联盟链网络中每个节点除了维护本地的联盟链之外,还可维护本地的至少一条私有的区块链(为了描述的方便,称为私有链)。Here, the architecture of the blockchain system applied by this solution will be explained first. The blockchain system includes a consortium chain network. The consortium chain network is composed of multiple nodes. Each node is deployed with a block chain maintained by the consortium chain network. The chain is called the alliance chain). In addition to maintaining the local alliance chain, each node in the consortium chain network can also maintain at least one local private blockchain (for the convenience of description, it is called a private chain).
需要说明的是,本文所谓的“私有”,是指节点组私有,并不是指节点私有。维护有相同私有链的节点构成一个节点组,而一个节点可创建或加入一个或不止一个节点组。如果某个节点组只包括一个节点,那么,这个节点本地的私有链也就是这个节点组维护的私有链;如果某个节点组包括不止一个节点,那么,这个节点组内每个节点本地的私有链是相同的,该相同私有链就是这个节点组维护的私有链。It should be noted that the so-called "private" in this article means that the node group is private, not that the node is private. The nodes that maintain the same private chain constitute a node group, and a node can create or join one or more than one node group. If a node group includes only one node, then the local private chain of this node is also the private chain maintained by this node group; if a node group includes more than one node, then each node in this node group has the local private chain The chains are the same, and the same private chain is the private chain maintained by this node group.
在本方案中,任一节点可创建或者加入节点组,同一节点组内的节点维护相同私有链,同一节点组内的节点对接的业务数据明文可仅写入节点组的私有链中,实现节点组内外的数据隔离。In this solution, any node can create or join a node group, the nodes in the same node group maintain the same private chain, and the plaintext of the business data of the nodes in the same node group can only be written into the private chain of the node group to realize the node Data isolation inside and outside the group.
图2是本说明书实施例提供一种区块链系统的结构示意图。如图2所示,联盟链网络包括节点A、节点B、节点C与节点D,其中,节点A~节点D都在本地维护有相同的联盟链,该相同联盟链就是联盟链网络所维护的区块链。此外,节点A与节点D属于同一节点组,维护相同的私有链1,彼此共享业务数据,节点C自己创建了一个节点组,该节点组只包括节点C,节点C独自维护私有链2(当然,也可允许节点A、B、D后续加入该节点组),节点B并未创建或加入任何节点组,节点B对接的业务数据会共享给全网。Figure 2 is a schematic structural diagram of a blockchain system provided by an embodiment of this specification. As shown in Figure 2, the alliance chain network includes node A, node B, node C, and node D. Nodes A to D all maintain the same alliance chain locally. The same alliance chain is maintained by the alliance chain network. Blockchain. In addition, node A and node D belong to the same node group, maintain the same private chain 1, and share business data with each other. Node C creates a node group by itself, which includes only node C, and node C maintains private chain 2 (of course , It is also possible to allow nodes A, B, and D to subsequently join the node group), node B has not created or joined any node group, and the service data of node B docking will be shared with the entire network.
节点A与节点D的业务数据不会共享给节点B和节点C,实现了节点组与节点、节点组之间的数据隔离。节点C的业务数据不会共享给其他节点,实现了节点间数据隔离。The business data of node A and node D will not be shared with node B and node C, and the data isolation between node group and node and node group is realized. The business data of node C will not be shared with other nodes, and data isolation between nodes is realized.
可看出,本方案中区块链系统的架构实际上是两层网络嵌套结构,外层是联盟链网络,而联盟链网络内部,又可形成若干私有链网络(一个私有链网络就是一个节点组)。It can be seen that the architecture of the blockchain system in this scheme is actually a two-layer network nesting structure. The outer layer is a consortium chain network, and inside the consortium chain network, several private chain networks can be formed (a private chain network is one Node group).
另外,还需要对本方案的描述中会出现的若干概念进行解释。In addition, some concepts that will appear in the description of this solution need to be explained.
交易:是指由在联盟链网络上注册的账户(如某个节点的管理方在联盟链网络中注册的管理方账户,以及,管理方所服务的普通用户在联盟网络中注册的用户账户)发起的交易,其是联盟链网络层面上的概念,交易被广播到联盟链网络中每个节点之后,会被进一步写入联盟链中。例如,组创建交易、组加入交易、业务交易。Transaction: refers to the account registered on the alliance chain network (such as the manager account registered in the alliance chain network by the manager of a node, and the user account registered in the alliance network by the ordinary users served by the manager) The initiated transaction is a concept at the level of the alliance chain network. After the transaction is broadcast to each node in the alliance chain network, it will be further written into the alliance chain. For example, group creation transaction, group joining transaction, business transaction.
子交易:是指交易内嵌套的数据结构,其是私有链网络层面上的概念。子交易会指定其所要写入的私有链,维护该私有链的所有节点会将该子交易写入该私有链。例如,组创建子交易、组加入子交易、业务子交易。Sub-transaction: refers to the data structure nested within the transaction, which is a concept on the private chain network level. The sub-transaction will specify the private chain to be written into, and all nodes maintaining the private chain will write the sub-transaction into the private chain. For example, group creation sub-transaction, group joining sub-transaction, business sub-transaction.
众所周知,在区块链领域,交易有执行型交易与存证型交易之分,对于执行型交易,节点不仅需要将执行型交易写入区块链,还需要基于执行型交易中的一些数据参数执行操作,得到执行结果;对于存证型交易,节点不需要执行,仅会将存证型交易写入区块链进行存证。As we all know, in the blockchain field, transactions are divided into execution-type transactions and deposit-type transactions. For execution-type transactions, nodes not only need to write the execution-type transaction into the blockchain, but also need to be based on some data parameters in the execution-type transaction. Perform the operation and get the execution result; for the deposit type transaction, the node does not need to execute, only the deposit type transaction will be written into the blockchain for deposit.
而本方案中所述的联盟链层面上的交易,通常是指执行型交易,而私有链层面上的子交易,可是存证型交易,也可是执行型交易。The transactions at the alliance chain level mentioned in this solution usually refer to execution transactions, while the sub-transactions at the private chain level are either deposit-certified transactions or execution transactions.
第一节点:为了描述的方便,将联盟链网络中创建节点组的某个节点称为第一节点。First node: For the convenience of description, a certain node that creates a node group in the alliance chain network is called the first node.
第二节点:为了描述的方便,将联盟链网络中加入第一节点创建的节点组的某个其他节点称为第二节点。Second node: For the convenience of description, some other node in the alliance chain network that joins the node group created by the first node is called the second node.
为了使本领域技术人员更好地理解本说明书实施例中的技术方案,下面将结合本说明书实施例中的附图,对本说明书实施例中的技术方案进行详细地描述,显然,所描述的实施例仅仅是本说明书的一部分实施例,而不是全部的实施例。基于本说明书中的实施例,本领域普通技术人员所获得的所有其他实施例,都应当属于保护的范围。In order to enable those skilled in the art to better understand the technical solutions in the embodiments of this specification, the technical solutions in the embodiments of this specification will be described in detail below in conjunction with the drawings in the embodiments of this specification. Obviously, the described implementation The examples are only a part of the embodiments in this specification, not all the embodiments. Based on the embodiments in this specification, all other embodiments obtained by a person of ordinary skill in the art should fall within the scope of protection.
以下结合附图,详细说明本说明书各实施例提供的技术方案。The technical solutions provided by the embodiments of this specification will be described in detail below with reference to the accompanying drawings.
图3是本说明书实施例提供的一种在联盟链网络中创建节点组的方法的流程示意图,包括以下步骤:S300:第一节点接收第一管理方账户构建的组创建交易。Fig. 3 is a schematic flowchart of a method for creating a node group in a consortium chain network provided by an embodiment of the present specification, including the following steps: S300: the first node receives the group creation transaction constructed by the first manager account.
第一管理方账户是第一节点的管理方在联盟链网络中注册的账户。一般而言,节点的管理方是向用户提供业务服务的机构(如银行)。通常,节点的管理方的中心化服务器会对接若干用户。对于用户而言,节点的管理方提供的是中心化服务,用户向节点的管理方的中心化服务器发起业务,中心化服务器会通过第一管理方账户将相应的业务数据封装到业务交易中,提交给第一节点,以便联盟链网络对业务交易进行处理与存储。The first manager account is an account registered by the manager of the first node in the alliance chain network. Generally speaking, the management party of a node is an organization (such as a bank) that provides business services to users. Usually, the centralized server of the node's manager will dock with several users. For users, the node manager provides a centralized service. The user initiates a business to the centralized server of the node manager, and the centralized server encapsulates the corresponding business data into the business transaction through the account of the first manager. Submit to the first node so that the alliance chain network can process and store business transactions.
而对于节点组创建操作以及节点组加入操作,其通常是节点的管理方发起的,并不是节点的管理方对接的用户发起的。As for the node group creation operation and the node group joining operation, it is usually initiated by the node's manager, not by the user who is docked by the node's manager.
在本说明书实施例中,组创建交易中包含创建子交易(当然,通常还包含其他参数),创建子交易包含组公钥,组公钥是第一节点的管理方指定的,用于作为创建的节点组对应的公钥。可理解,第一节点的管理方既然指定了组公钥,当然也会一并指定组私钥。In the embodiment of this specification, the group creation transaction includes the creation sub-transaction (of course, it usually contains other parameters), and the creation sub-transaction includes the group public key. The group public key is designated by the manager of the first node and is used as the creation The public key corresponding to the node group. It is understandable that since the administrator of the first node has designated the group public key, of course, it will also designate the group private key.
此处需要说明,交易是区块链技术领域公知的数据结构,交易中除了包含待处理数据(data)以外,通常还包含其他参数(如账户地址、交易的哈希值、发起交易的账户对交易的签名等等),其中,交易中的其他参数并不是本方案关注的重点,后文对其他参数不再强调,只重点关注交易中包含的data。It should be noted here that the transaction is a well-known data structure in the field of blockchain technology. In addition to the data to be processed, the transaction usually also contains other parameters (such as the account address, the hash value of the transaction, and the account pair that initiated the transaction. The signature of the transaction, etc.), among which, other parameters in the transaction are not the focus of this solution. The following text will not emphasize other parameters, and only focus on the data contained in the transaction.
S302:所述第一节点向所述联盟链网络广播所述组创建交易。S302: The first node broadcasts the group creation transaction to the alliance chain network.
S304:所述第一节点执行所述组创建交易。S304: The first node executes the group creation transaction.
S306:所述第一节点之外的每个其他节点在未创建私有链的情况下执行所述组创建交易。S306: Every other node except the first node executes the group creation transaction without creating a private chain.
S308:所述联盟链网络中每个节点将所述组创建交易与对应的执行结果写入本地的联盟链。S308: Each node in the alliance chain network writes the group creation transaction and the corresponding execution result into the local alliance chain.
从联盟链网络层面来看,第一节点在受理第一管理方账户发起的组创建交易之后, 会将组创建交易广播到全网。联盟链网络中各节点会基于共识算法,将组创建交易打包进区块(可理解,区块中还会有其他交易,其他交易不一定是其他的组创建交易,也可能是组加入交易或者业务交易)。本次共识产生区块后,每个节点都需要对区块中的每个交易进行执行,并且将区块写入本地的联盟链。此处需要说明的是,节点通常会基于本地部署的智能合约或固件来执行交易。From the perspective of the alliance chain network, the first node will broadcast the group creation transaction to the entire network after accepting the group creation transaction initiated by the first manager account. Based on the consensus algorithm, each node in the alliance chain network will package the group creation transaction into a block (understandably, there will be other transactions in the block, and other transactions may not be other group creation transactions, but may also be group join transactions or Business transactions). After this consensus generates a block, each node needs to execute each transaction in the block and write the block to the local consortium chain. It should be noted here that nodes usually execute transactions based on locally deployed smart contracts or firmware.
由于第一节点是本次创建节点组的主体,因此,只有第一节点本地才能创建私有链,而其他节点本地不能创建私有链。这意味着第一节点执行所述组创建交易的方式与其他节点不同。Since the first node is the subject of creating the node group this time, only the first node can create a private chain locally, and other nodes cannot create a private chain locally. This means that the first node performs the group creation transaction in a different way than other nodes.
第一节点执行组创建交易时,会在本地创建私有链,并将所述组创建交易中内嵌的组创建子交易提取出来写入本地的私有链,及使用所述组公钥对第一节点标识进行加密。When the first node executes the group creation transaction, it creates a private chain locally, extracts the group creation sub-transactions embedded in the group creation transaction, and writes it to the local private chain, and uses the group public key to pair the first The node ID is encrypted.
而第一节点之外的每个其他节点,在执行组创建交易时,不会创建私有链,实际是在未创建私有链的情况下执行所述组创建交易,以及使用所述组公钥对第一节点标识进行加密。其他节点可“象征性”执行所述组创建交易(此外,只要确保使用所述组公钥对第一节点标识进行加密即可),为了实现第一节点与其他节点对所述组创建交易的不同执行方式,可具体采用如下实现:每个节点上可部署两种组创建交易执行逻辑,分别对应两种不同的逻辑触发条件。组创建交易执行逻辑1可是在本地创建私有链,并且将组创建子交易写入本地的私有链,以及使用所述组公钥对第一节点标识进行加密,其对应的触发条件是执行节点是受理并广播组创建交易的节点;组创建交易执行逻辑2可是不实际执行组创建交易的任何执行逻辑,只要确保使用所述组公钥对第一节点标识进行加密即可,其对应的触发条件是执行节点不是受理并广播组创建交易的节点。此处值得强调,本说明书并不对组创建交易执行逻辑2进行具体限定,只要满足在未创建私有链的情况下对组创建交易进行“象征性”执行即可。Every other node except the first node will not create a private chain when executing a group creation transaction. In fact, the group creation transaction is executed without creating a private chain, and the group public key pair is used. The first node ID is encrypted. Other nodes can perform the group creation transaction "symbolicly" (in addition, as long as the group public key is used to encrypt the first node identification), in order to realize the group creation transaction between the first node and other nodes Different execution methods can be implemented as follows: Two group creation transaction execution logics can be deployed on each node, corresponding to two different logic trigger conditions. The group creation transaction execution logic 1 is to create a private chain locally, write the group creation sub-transaction into the local private chain, and use the group public key to encrypt the first node ID, and the corresponding trigger condition is that the execution node is The node that accepts and broadcasts the group creation transaction; the group creation transaction execution logic 2 does not actually execute any execution logic of the group creation transaction, as long as the group public key is used to encrypt the first node ID, and its corresponding trigger condition The execution node is not the node that accepts and broadcasts group creation transactions. It is worth emphasizing here that this manual does not specifically limit the group creation transaction execution logic 2, as long as it satisfies the “symbolic” execution of the group creation transaction without creating a private chain.
可理解,组创建交易的执行结果当然也会被写入联盟链,每个节点写入联盟链中的执行结果当然也一致的。在具体实现上,可将上述组创建交易执行逻辑1与组创建交易执行逻辑2设置为生成某个相同执行结果的逻辑,将所述组创建交易对应的执行结果设置为包含组公钥与加密后的第一节点标识,以便存证组创建交易所创建的节点组对应的公钥以及创建节点组的节点的加密身份。It is understandable that the execution result of the group creation transaction will of course be written into the alliance chain, and the execution result of each node written into the alliance chain is of course the same. In terms of specific implementation, the group creation transaction execution logic 1 and the group creation transaction execution logic 2 can be set to generate a certain execution result logic, and the execution result corresponding to the group creation transaction can be set to include the group public key and encryption After the first node identification, in order to deposit the public key corresponding to the node group created by the exchange of the certificate group creation exchange and the encrypted identity of the node that created the node group.
可理解,本文中所谓的将执行结果写入联盟链(或私有链),不一定是指将执行结果明文存储到联盟链(或私有链),也可能是将执行结果明文存储到本地,并将执行结果明文的哈希值锚定到联盟链上(私有链)。It is understandable that the so-called writing the execution result into the consortium chain (or private chain) in this article does not necessarily mean storing the execution result in the consortium chain (or private chain) in plaintext, but it may also mean storing the execution result in the local plaintext, and The hash value of the plaintext of the execution result is anchored to the consortium chain (private chain).
上述有关“象征性”执行组创建交易的说明同样也适应于“象征性”执行其他交易的情况,后文在提及“象征性”执行时,对具体原理不再赘述。值得强调,在象征性执行匿名注册交易与业务交易时,并不需要对节点标识进行加密。The above description of the transaction created by the "symbolic" execution group is also applicable to the situation of "symbolic" execution of other transactions. When referring to the "symbolic" execution in the following text, the specific principles will not be repeated. It is worth emphasizing that when performing anonymous registration transactions and business transactions symbolically, the node ID does not need to be encrypted.
此外,在实际应用中,联盟链网络中可能创建有不止一个节点组,这种情况下,可使用节点组的组公钥作为唯一标识来区别不同的节点组,也可另行为节点组设置组标识。In addition, in practical applications, more than one node group may be created in the consortium chain network. In this case, the group public key of the node group can be used as a unique identifier to distinguish different node groups, or a separate group can be set for the node group Logo.
具体而言,所述组创建子交易还可包括组标识,相应地,组创建交易对应的执行结果也可包含组标识。Specifically, the group creation sub-transaction may also include a group identifier, and accordingly, the execution result corresponding to the group creation transaction may also include the group identifier.
在本说明书实施例中,所述组创建子交易还可包括使用组私钥生成的签名,如此,第一节点在向全网广播所述组创建交易之前,可先验证此签名,如果验证通过,则说明组创建交易是组私钥的持有者授权发起的,可基于组创建交易创建节点组。In the embodiment of this specification, the group creation sub-transaction may also include a signature generated using the group private key. In this way, the first node can verify this signature before broadcasting the group creation transaction to the entire network. If the verification passes , It means that the group creation transaction is authorized and initiated by the holder of the group private key, and the node group can be created based on the group creation transaction.
在本说明书实施例中,可理解,第一节点将组创建子交易写入本地创建的私有链,实际是第一节点将打包有所述组创建子交易的私有链创世区块(其中通常还包含私有链 创建后受理的若干组加入子交易或业务交易)并写入本地创建的私有链。In the embodiment of this specification, it can be understood that the first node writes the group creation sub-transaction into the locally created private chain. Actually, the first node will package the private chain creation block (wherein usually It also includes several groups of sub-transactions or business transactions accepted after the creation of the private chain and written into the locally created private chain.
可见,对于组创建交易与其内嵌的组创建子交易而言,组创建交易被打包进某个联盟链区块并写入联盟链,组创建子交易被打包进第一节点本地的私有链的创世区块。为了明确此联盟链区块与此私有链区块之间的关联关系,方便查阅记录,第一节点可在封装有所述组创建子交易的私有链区块(具体可是区块头中)中写入指针对象,用于指向封装有所述组创建交易的联盟链区块。It can be seen that for the group creation transaction and its embedded group creation sub-transaction, the group creation transaction is packaged into a certain alliance chain block and written into the alliance chain, and the group creation sub-transaction is packaged into the local private chain of the first node. Genesis block. In order to clarify the association relationship between this alliance chain block and this private chain block, and to facilitate access to records, the first node can write in the private chain block (specifically in the block header) that encapsulates the group creation sub-transaction The input pointer object is used to point to the consortium chain block encapsulating the group creation transaction.
图4是本说明书实施例提供的第一节点本地维护联盟链与私有链的示意图。如图4所示,第一节点本地的私有链的私有链创世区块(打包有组创建子交易)通过指针对象指向本地维护的联盟链中的某个联盟链区块,该联盟链区块中打包有组创建交易。Fig. 4 is a schematic diagram of a first node locally maintaining an alliance chain and a private chain provided by an embodiment of this specification. As shown in Figure 4, the private chain creation block (packaged with group creation sub-transactions) of the first node’s local private chain points to a certain consortium chain block in the locally maintained consortium chain through the pointer object. The consortium chain area A group creation transaction is packaged in the block.
本方案中的节点组可仅包括一个节点,而这个节点可将自身对接的业务数据明文写入本地的私有链。为此,先对节点组中仅包括一个节点的情况下如何对用户进行匿名注册以及如何交易进行描述。The node group in this solution can include only one node, and this node can write the business data of its own docking into the local private chain in plain text. To this end, firstly, how to perform anonymous registration of users and how to conduct transactions when there is only one node in the node group is described.
在实际应用中,第一节点对接的用户可不委托第一节点代理发起业务交易,而是用户自己在联盟链网络中注册账户,通过自己的联盟链网络发起业务交易。这种情况下,用户有匿名的需求,不希望将自己的身份公开在联盟链网络中。为此,图5是本说明书实施例提供的一种基于节点组的匿名注册方法的流程示意图,包括如下步骤:S500:第一节点接收对应的用户账户构建的匿名注册交易。In practical applications, the user connecting with the first node may not entrust the first node to initiate business transactions as an agent, but the user himself registers an account in the alliance chain network and initiates business transactions through his own alliance chain network. In this case, users have a need for anonymity and do not want to disclose their identity in the consortium chain network. To this end, FIG. 5 is a schematic flowchart of a node group-based anonymous registration method provided by an embodiment of this specification, including the following steps: S500: the first node receives the anonymous registration transaction constructed by the corresponding user account.
所述匿名注册交易包含匿名注册子交易,所述匿名注册子交易包含匿名公钥、使用所述组公钥对应的组私钥生成的签名;其中,所述用户账户是所述第一节点对接的用户在联盟链网络中注册的账户,所述匿名公钥是所述第一节点对接的用户指定的。The anonymous registration transaction includes an anonymous registration sub-transaction, the anonymous registration sub-transaction includes an anonymous public key and a signature generated using the group private key corresponding to the group public key; wherein, the user account is the first node docking The account of the user registered in the consortium chain network, and the anonymous public key is specified by the user who is docked with the first node.
可理解,在联盟链网络层面,由于匿名注册交易是用户账户发起的,因此匿名注册交易事实上包含用户账户的身份信息。It is understandable that at the level of the alliance chain network, since anonymous registration transactions are initiated by user accounts, anonymous registration transactions actually contain the identity information of the user account.
S502:第一节点使用所述组公钥对所述匿名注册子交易中对应于所述组私钥的签名进行验证,若验证通过,则对所述匿名注册交易进行处理。S502: The first node uses the group public key to verify the signature corresponding to the group private key in the anonymous registration sub-transaction, and if the verification is passed, the anonymous registration transaction is processed.
所述处理包括:通过所述第一管理方账户,重新构建包含所述匿名注册子交易的匿名注册交易。进行此处理的作用在于,第一节点以自身的身份重新构建匿名注册交易,如此,可将用户账户的身份信息剥离。The processing includes: reconstructing an anonymous registration transaction including the anonymous registration sub-transaction through the first management party account. The effect of this processing is that the first node reconstructs the anonymous registration transaction with its own identity, so that the identity information of the user account can be stripped off.
S504:第一节点向所述联盟链网络广播重新构建的匿名注册交易。S504: The first node broadcasts the reconstructed anonymous registration transaction to the alliance chain network.
由于用户账户的身份信息已经从匿名注册交易中剥离,因此,第一节点将匿名注册交易广播到全网,不会造成用户账户的身份信息泄露。Since the identity information of the user account has been stripped from the anonymous registration transaction, the first node broadcasts the anonymous registration transaction to the entire network, and the identity information of the user account will not be leaked.
S506:第一节点执行所述匿名注册交易。S506: The first node executes the anonymous registration transaction.
具体而言,第一节点将所述匿名注册子交易写入本地的私有链。如此,相当于在私有链网络层面,将用户进行匿名注册。用户后续在私有链网络层面,可使用匿名私钥生成的签名来发起业务子交易。Specifically, the first node writes the anonymous registration sub-transaction into the local private chain. In this way, it is equivalent to anonymously registering users at the private chain network level. At the level of the private chain network, the user can use the signature generated by the anonymous private key to initiate business sub-transactions.
S508:第一节点之外的每个其他节点在未创建私有链的情况下,执行重新构建的所述匿名注册交易。S508: Every other node except the first node executes the reconstructed anonymous registration transaction without creating a private chain.
第一节点之外的每个其他节点在未创建私有链的情况下,象征性执行重新构建的匿名注册交易。Every other node except the first node symbolically executes the reconstructed anonymous registration transaction without creating a private chain.
S510:联盟链网络中每个节点将重新构建的匿名注册交易写入本地的联盟链。S510: Each node in the consortium chain network writes the reconstructed anonymous registration transaction into the local consortium chain.
此外,所述匿名注册子交易还可包含使用所述匿名公钥对应的匿名私钥生成的签名, 用于证明匿名注册子交易的发起者持有匿名私钥。In addition, the anonymous registration sub-transaction may also include a signature generated using the anonymous private key corresponding to the anonymous public key to prove that the initiator of the anonymous registration sub-transaction holds the anonymous private key.
相应地,所述第一节点可使用所述匿名公钥对所述匿名注册子交易中对应于所述匿名私钥的签名进行验证,所述第一节点若对对应于所述匿名私钥的签名验证通过,则对所述匿名注册子交易进行处理。Correspondingly, the first node can use the anonymous public key to verify the signature corresponding to the anonymous private key in the anonymous registration subtransaction, and if the first node verifies the signature corresponding to the anonymous private key If the signature verification is passed, the anonymous registration sub-transaction is processed.
另外,用户虽然是匿名注册,但是为了后续审计用户以匿名身份发起的业务交易,第一节点可在本地建立并存储所述匿名公钥与所述用户账户之间的对应关系,从而只有第一节点可掌握注册的匿名公钥对应的用户真实身份。In addition, although the user is registered anonymously, in order to subsequently audit the business transaction initiated by the user with an anonymous identity, the first node can establish and store the correspondence between the anonymous public key and the user account locally, so that only the first node The node can grasp the real identity of the user corresponding to the registered anonymous public key.
此外,第一节点可在封装有所述匿名注册子交易的私有链区块中写入指针对象,用于指向封装有重新构建的匿名注册交易的联盟链区块。In addition, the first node may write a pointer object in the private chain block encapsulating the anonymous registration sub-transaction for pointing to the consortium chain block encapsulating the reconstructed anonymous registration transaction.
图6是本说明书实施例提供的一种基于匿名注册方法的交易方法的流程示意图,包括如下步骤:S600:第一节点接收对应的用户账户构建的业务交易。FIG. 6 is a schematic flowchart of a transaction method based on an anonymous registration method provided by an embodiment of the present specification, including the following steps: S600: the first node receives a business transaction constructed by a corresponding user account.
所述业务交易包含业务子交易,所述业务子交易包含业务数据、使用所述组私钥生成的签名、使用所述匿名公钥对应的匿名私钥生成的签名。The business transaction includes a business sub-transaction, and the business sub-transaction includes business data, a signature generated using the set of private keys, and a signature generated using an anonymous private key corresponding to the anonymous public key.
业务子交易可是存证型交易,也可是执行型交易。当业务子交易是存证型交易时,业务数据可是管理方根据业务请求执行操作后得到的数据结果;当业务子交易是执行型交易时,业务数据可是业务请求本身,节点组内的节点需要在私有链网络层面上执行业务子交易,得到执行结果,业务子交易与执行结果都会被写入私有链。Business sub-transactions can be either a certificate-based transaction or an execution-type transaction. When the business sub-transaction is a certificated transaction, the business data is the result of the data obtained by the manager after performing the operation according to the business request; when the business sub-transaction is an execution transaction, the business data is the business request itself, and the nodes in the node group need Business sub-transactions are executed at the private chain network level, and the execution results are obtained. Both the business sub-transactions and the execution results will be written into the private chain.
业务子交易中包含组私钥对应的签名的作用是,证明业务子交易有权调用节点组内的节点来对交易进行处理。此外,当联盟链网络中存在不止一个节点组时,业务子交易还可包含组标识,用于表明业务子交易所要调用的节点组。所述第一节点使用所述组标识对应的所述组公钥对所述业务子交易中的签名进行验证。The function of including the signature corresponding to the group private key in the business sub-transaction is to prove that the business sub-transaction has the right to call the nodes in the node group to process the transaction. In addition, when there is more than one node group in the alliance chain network, the business sub-transaction may also include a group identifier, which is used to indicate the node group to be called by the business sub-transaction. The first node uses the group public key corresponding to the group identifier to verify the signature in the service sub-transaction.
业务子交易中包含匿名私钥对应的签名的作用是,证明业务子交易是匿名公钥对应的用户账户授权发起的。The function of including the signature corresponding to the anonymous private key in the business sub-transaction is to prove that the business sub-transaction is authorized and initiated by the user account corresponding to the anonymous public key.
S602:第一节点使用所述组公钥对所述业务子交易中对应于组私钥的签名进行验证,以及,使用所述用户账户对应的匿名公钥对所述业务子交易中的对应于所述匿名私钥的签名进行验证,若验证皆通过,则对所述业务交易进行处理。S602: The first node uses the group public key to verify the signature corresponding to the group private key in the service sub-transaction, and uses the anonymous public key corresponding to the user account to verify the signature corresponding to the group private key in the service sub-transaction. The signature of the anonymous private key is verified, and if all verifications are passed, the business transaction is processed.
所述处理包括:通过所述第一管理方账户重新构建包含所述业务子交易的哈希值的业务交易。一方面业务数据涉及数据隐私,不能够共享给节点组之外,另一方面,在联盟链网络层面上,包含业务子交易的业务交易需要写入联盟链,通过上述处理,第一节点可获取到业务子交易的明文,而其他节点只能获取到业务子交易的哈希值。同时,发起业务交易的用户账户信息也不会泄露给第一节点之外的其他节点。The processing includes: reconstructing a business transaction including a hash value of the business sub-transaction through the account of the first management party. On the one hand, business data involves data privacy and cannot be shared outside the node group. On the other hand, at the alliance chain network level, business transactions that include business sub-transactions need to be written into the alliance chain. Through the above processing, the first node can obtain To the plaintext of the business sub-transaction, other nodes can only obtain the hash value of the business sub-transaction. At the same time, the user account information that initiates the business transaction will not be leaked to other nodes other than the first node.
所述第一节点可根据本地存储的匿名公钥与用户账户之间的对应关系,在判断出所述匿名公钥与所述用户账户之间具有对应关系之后,对所述业务交易进行上述处理。The first node may perform the above-mentioned processing on the business transaction after judging that there is a corresponding relationship between the anonymous public key and the user account according to the correspondence between the anonymous public key stored locally and the user account .
S604:第一节点向所述联盟链网络广播处理后的业务交易。S604: The first node broadcasts the processed business transaction to the alliance chain network.
S606:所述第一节点执行所述业务交易。S606: The first node executes the business transaction.
所述第一节点执行所述业务交易时,如果发现业务子交易是存证型交易,则会将业务子交易写入本地的私有链,如果发现业务子交易是执行型交易,则会执行业务子交易,并得到相应的执行子结果,将业务子交易与相应的执行子结果写入本地的私有链。When the first node executes the business transaction, if it finds that the business sub-transaction is a certificated transaction, it will write the business sub-transaction into the local private chain, and if it finds that the business sub-transaction is an execution-type transaction, it will execute the business Sub-transactions and get the corresponding execution sub-results, and write the business sub-transactions and the corresponding execution sub-results into the local private chain.
S608:所述联盟链网络中其他节点在未创建私有链的情况下执行所述业务交易。S608: Other nodes in the alliance chain network execute the business transaction without creating a private chain.
此处,其他节点实际上“象征性”执行所述业务交易。Here, other nodes actually "symbolic" perform the business transaction.
S610:所述联盟链网络中每个节点将所述业务交易写入本地的联盟链。S610: Each node in the consortium chain network writes the business transaction into the local consortium chain.
此外,所述第一节点可在封装有所述业务子交易的私有链区块中写入指针对象,用于指向封装有处理后的业务交易的联盟链区块。In addition, the first node may write a pointer object in the private chain block encapsulating the business subtransaction for pointing to the consortium chain block encapsulating the processed business transaction.
以下对加入节点组的方法进行描述。需要说明的是,可参考前文对创建节点组的原理描述来理解后文,原理相通的地方不再赘述。The following describes how to join a node group. It should be noted that you can refer to the previous description of the principle of creating a node group to understand the latter, and the parts of the same principle will not be repeated.
图7是本说明书实施例提供的一种加入节点组的方法的流程示意图,包括如下步骤:Fig. 7 is a schematic flowchart of a method for joining a node group provided by an embodiment of the present specification, including the following steps:
S700:第二节点接收第二管理方账户构建的组加入交易。S700: The second node receives the group join transaction constructed by the account of the second management party.
所述组加入交易包括组加入子交易,所述组加入子交易包含使用所述组公钥对应的组私钥生成的签名;所述第二管理方账户是所述第二节点的管理方在所述联盟链网络中注册的账户。The group joining transaction includes a group joining sub-transaction that includes a signature generated using a group private key corresponding to the group public key; the second manager account is the manager of the second node The account registered in the alliance chain network.
第一节点在创建节点组之后,第二节点的管理方可使第二节点也加入该节点组,与第一节点共享业务数据。第一节点的管理方可在线下将组私钥提供给第二节点的管理方。After the first node creates the node group, the manager of the second node may allow the second node to also join the node group to share service data with the first node. The manager of the first node can provide the group private key to the manager of the second node offline.
S702:所述第二节点使用所述组公钥对所述组加入子交易中的签名进行验证,若验证通过,则向所述联盟链网络广播所述组加入交易。S702: The second node uses the group public key to verify the signature of the group addition sub-transaction, and if the verification is passed, broadcast the group addition transaction to the consortium chain network.
S704:所述第二节点执行所述组加入交易。S704: The second node executes the group joining transaction.
具体而言,第二节点在本地创建私有链,使用所述组公钥对第二节点标识进行加密,从存储有相同私有链的其他节点(如第一节点以及已经加入同一节点组的其他节点)同步私有链历史数据,以及将所述组加入子交易写入本地的私有链。Specifically, the second node creates a private chain locally, uses the group public key to encrypt the second node identification, and obtains data from other nodes that store the same private chain (such as the first node and other nodes that have joined the same node group). ) Synchronize historical data of the private chain, and write the group addition sub-transaction into the local private chain.
S706:存储有相同私有链的其他节点执行所述组加入交易。S706: Other nodes storing the same private chain execute the group joining transaction.
具体而言,存储有相同私有链的其他节点使用所述组公钥对第二节点标识进行加密,将所述组加入子交易写入本地的私有链。Specifically, other nodes storing the same private chain use the group public key to encrypt the second node identifier, and write the group addition sub-transaction into the local private chain.
S708:所述联盟链网络中未存储有所述相同私有链的其他节点在未创建私有链的情况下执行所述组加入交易。S708: Other nodes in the consortium chain network that do not store the same private chain perform the group joining transaction without creating a private chain.
所述联盟链网络中未存储有所述相同私有链的其他节点是指为加入此节点组的其他节点,其使用所述组公钥对第二节点标识进行加密。The other nodes that do not store the same private chain in the consortium chain network refer to other nodes that join the node group, and use the group public key to encrypt the second node identifier.
S710:所述联盟链网络中每个节点将所述组加入交易与对应的执行结果写入本地的联盟链。S710: Each node in the alliance chain network writes the group joining transaction and the corresponding execution result into the local alliance chain.
所述组加入交易对应的执行结果可包含加密后的第二节点标识。The execution result corresponding to the group joining transaction may include the encrypted second node identifier.
进一步地,所述组加入交易还包括组标识,所述第二节点使用所述组标识对应的所述组公钥对所述组加入子交易中的签名进行验证。Further, the group joining transaction further includes a group identification, and the second node uses the group public key corresponding to the group identification to verify the signature of the group joining sub-transaction.
此外,所述第二节点与存储有相同私有链的其他节点在封装有所述组加入子交易的私有链区块中写入指针对象,用于指向封装有所述组加入交易的联盟链区块。In addition, the second node and other nodes storing the same private chain write a pointer object in the private chain block encapsulating the group joining sub-transaction for pointing to the alliance chain area encapsulating the group joining transaction Piece.
图8是本说明书实施例提供的第二节点本地维护联盟链与私有链的示意图。如图8所示,第二节点在第一节点维护私有链已经有一段时间之后请求加入节点组,在此之前,第一节点维护的私有链存储有两个私有链区块,组加入子交易被打包进第三个私有链区块,同时,第三个私有链区块也与打包有组加入交易的某个联盟链区块有关联。Fig. 8 is a schematic diagram of a second node locally maintaining an alliance chain and a private chain provided by an embodiment of this specification. As shown in Figure 8, the second node requests to join the node group after the first node has maintained the private chain for a period of time. Before that, the private chain maintained by the first node stores two private chain blocks, and the group joins the sub-transaction. It is packaged into the third private chain block, and at the same time, the third private chain block is also related to a certain consortium chain block that is packaged to join the transaction.
本方案中的节点组可包括不止一个节点,同一节点组中各节点可共享自身对接的业务数据。此处对节点组中包括不止一个节点的情况下如何交易进行描述。需要说明 的是,可参考前文对节点组中仅包括一个节点情况下如何交易的原理描述来理解后文,原理相通的地方不再赘述。The node group in this solution can include more than one node, and each node in the same node group can share its own docking service data. Here is a description of how to trade when the node group includes more than one node. It should be noted that you can refer to the previous description of the principle description of how to trade when only one node is included in the node group to understand the latter, and the parts of the same principle will not be repeated.
图9是本说明书实施例提供的一种基于节点组的匿名注册方法的流程示意图,包括如下步骤:S900:第二节点接收对应的用户账户构建的匿名注册交易。FIG. 9 is a schematic flowchart of a method for anonymous registration based on a node group provided by an embodiment of the present specification, including the following steps: S900: the second node receives an anonymous registration transaction constructed by a corresponding user account.
所述匿名注册交易包含匿名注册子交易,所述匿名注册子交易包含匿名公钥、使用所述组私钥生成的签名;其中,所述用户账户是所述第二节点对接的用户在联盟链网络中注册的账户,所述匿名公钥是所述第二节点对应的用户指定的。The anonymous registration transaction includes an anonymous registration sub-transaction, the anonymous registration sub-transaction includes an anonymous public key and a signature generated using the set of private keys; wherein, the user account is a user connected to the second node in the alliance chain For the account registered in the network, the anonymous public key is designated by the user corresponding to the second node.
S902:第二节点使用所述组公钥对所述匿名注册子交易中对应于所述组私钥的签名进行验证,若验证通过,则对所述匿名注册交易进行处理。S902: The second node uses the group public key to verify the signature corresponding to the group private key in the anonymous registration sub-transaction, and if the verification is passed, the anonymous registration transaction is processed.
所述处理包括:通过所述第二管理方账户,重新构建包含所述匿名注册子交易的匿名注册交易。The processing includes: reconstructing an anonymous registration transaction including the anonymous registration sub-transaction through the second management party account.
S904:第二节点向所述联盟链网络广播处理后的匿名注册交易。S904: The second node broadcasts the processed anonymous registration transaction to the alliance chain network.
S906:第二节点与存储有相同私有链的其他节点执行所述匿名注册交易。S906: The second node executes the anonymous registration transaction with other nodes storing the same private chain.
具体而言,第二节点与存储有相同私有链的其他节点将所述匿名注册子交易写入本地的私有链。Specifically, the second node and other nodes storing the same private chain write the anonymous registration sub-transaction into the local private chain.
S908:联盟链网络中未存储有所述相同私有链的其他节点在未创建私有链的情况下,执行重新构建的所述匿名注册交易。S908: In the consortium chain network, other nodes that do not store the same private chain perform the reconstructed anonymous registration transaction without creating a private chain.
S910:联盟链网络中每个节点将所述匿名注册交易写入本地的联盟链。S910: Each node in the consortium chain network writes the anonymous registration transaction into the local consortium chain.
此外,所述匿名注册子交易还可包含使用所述匿名公钥对应的匿名私钥生成的签名,如此,所述第二节点可使用所述匿名公钥对所述匿名注册子交易中对应于所述匿名私钥的签名进行验证。相应地,所述第二节点若对对应于所述匿名私钥的签名验证通过,则对所述匿名注册交易进行处理。In addition, the anonymous registration sub-transaction may also include a signature generated using the anonymous private key corresponding to the anonymous public key. In this way, the second node may use the anonymous public key to pair the anonymous registration sub-transaction corresponding to The signature of the anonymous private key is verified. Correspondingly, if the second node passes the verification of the signature corresponding to the anonymous private key, the anonymous registration transaction is processed.
所述第二节点可在本地建立并存储匿名公钥与用户账户之间的对应关系。The second node may establish and store the correspondence between the anonymous public key and the user account locally.
图10是本说明书实施例提供的一种基于匿名注册方法的交易方法的流程示意图,包括:S1000:第二节点接收对应的用户账户构建的业务交易。Fig. 10 is a schematic flowchart of a transaction method based on an anonymous registration method provided by an embodiment of the present specification, including: S1000: a second node receives a business transaction constructed by a corresponding user account.
所述业务交易包含业务子交易,所述业务子交易包含业务数据、使用所述组私钥生成的签名、使用所述匿名公钥对应的匿名私钥生成的签名。The business transaction includes a business sub-transaction, and the business sub-transaction includes business data, a signature generated using the set of private keys, and a signature generated using an anonymous private key corresponding to the anonymous public key.
S1002:第二节点使用组公钥对所述业务子交易中对应于所述组私钥的签名进行验证,以及,使用所述匿名公钥对所述业务子交易中的对应于所述匿名私钥的签名进行验证,若验证皆通过,则将所述业务子交易发送给同一节点组内的其他节点,并对所述业务交易进行处理。S1002: The second node uses the group public key to verify the signature corresponding to the group private key in the business sub-transaction, and uses the anonymous public key to verify the signature corresponding to the anonymous private key in the business sub-transaction. The signature of the key is verified, and if the verifications are all passed, the business sub-transaction is sent to other nodes in the same node group, and the business transaction is processed.
由于节点组中不仅包括第二节点,还至少包括第一节点(还可能有更多节点),因此,第二节点需要在私有链网络层面上,将受理的业务交易中的业务子交易发送给同一节点组内的其他节点。Since the node group includes not only the second node, but also at least the first node (there may be more nodes), therefore, the second node needs to send the business sub-transactions in the accepted business transactions to the private chain network level Other nodes in the same node group.
此外,第二节点还需要通过所述第二管理方账户重新构建包含所述业务子交易的哈希值的业务交易。如此,发起业务交易的用户账户信息也不会泄露给第一节点之外的其他节点。In addition, the second node also needs to reconstruct the business transaction including the hash value of the business sub-transaction through the second manager account. In this way, the user account information that initiates the business transaction will not be leaked to nodes other than the first node.
所述第二节点可根据本地存储的匿名公钥与用户账户之间的对应关系,在判断出所述匿名公钥与所述用户账户之间具有对应关系之后,对所述业务交易进行上述处理。The second node may perform the above-mentioned processing on the business transaction after judging that there is a corresponding relationship between the anonymous public key and the user account according to the correspondence between the anonymous public key stored locally and the user account .
S1004:第二节点向所述联盟链网络广播处理后的所述业务交易。S1004: The second node broadcasts the processed business transaction to the alliance chain network.
S1006:第二节点与存储有相同私有链的其他节点执行所述业务交易。S1006: The second node executes the business transaction with other nodes storing the same private chain.
S1008:联盟链网络中未存储有所述相同私有链的其他节点在未创建私有链的情况下,执行处理后的所述业务交易。S1008: Other nodes that do not store the same private chain in the consortium chain network perform the processed business transaction without creating a private chain.
S1010:联盟链网络中每个节点将处理后的所述业务交易写入本地的联盟链。S1010: Each node in the consortium chain network writes the processed business transaction into the local consortium chain.
具体而言,如果业务子交易是存证型交易,则第二节点与存储有相同私有链的其他节点将所述业务子交易写入本地的私有链。如果业务子交易是执行型交易,则第二节点与存储有相同私有链的其他节点执行业务子交易,并且将业务子交易与相应的执行子结果写入本地的私有链。Specifically, if the business sub-transaction is a certificate-deposit type transaction, the second node and other nodes storing the same private chain write the business sub-transaction into the local private chain. If the business sub-transaction is an execution type transaction, the second node executes the business sub-transaction with other nodes storing the same private chain, and writes the business sub-transaction and the corresponding execution sub-result into the local private chain.
进一步地,所述业务子交易还包括组标识,所述第二节点可使用所述组标识对应的所述组公钥对所述业务子交易中的签名进行验证。Further, the business sub-transaction further includes a group identification, and the second node may use the group public key corresponding to the group identification to verify the signature in the business sub-transaction.
进一步地,所述第二节点与存储有相同私有链的其他节点在封装有所述业务子交易的私有链区块中写入指针对象,用于指向封装有处理后的业务交易的联盟链区块。Further, the second node and other nodes storing the same private chain write a pointer object in the private chain block encapsulating the business sub-transaction for pointing to the alliance chain area encapsulating the processed business transaction Piece.
此外,针对存储有相同私有链的每个其他节点,该其他节点若确定接收到所述业务子交易,则向所述第二节点返回签名。如此,所述第二节点若确定接收到的其他节点的签名的数量满足预设的分布式容错条件,则对所述业务交易进行处理。In addition, for each other node storing the same private chain, if the other node determines to receive the business sub-transaction, it returns a signature to the second node. In this way, if the second node determines that the number of received signatures of other nodes meets the preset distributed fault tolerance condition, then the business transaction is processed.
分布式容错条件可是接收到的签名数量达到指定数量。例如,如果同一节点组内的节点数量不少于4个,则指定数量可是2f+1,其中,f=(N-1)/3,N为该节点组内的节点数量。The condition of distributed fault tolerance is that the number of signatures received reaches the specified number. For example, if the number of nodes in the same node group is not less than 4, the specified number can be 2f+1, where f=(N-1)/3, and N is the number of nodes in the node group.
此外,本说明书实施例还提供一种区块链系统,包括联盟链网络,所述联盟链网络包括多个节点;第一节点,接收第一管理方账户构建的组创建交易;所述组创建交易包括组创建子交易,所述组创建子交易包含组公钥;所述第一管理方账户是所述第一节点的管理方在所述联盟链网络中注册的账户;所述组公钥是所述第一节点的管理方指定的;向所述联盟链网络广播所述组创建交易;执行所述组创建交易,包括:在本地创建私有链,将所述创建子交易写入本地的私有链,以及使用所述组公钥对第一节点标识进行加密;所述第一节点之外的每个其他节点,在未创建私有链的情况下执行所述组创建交易,包括:使用所述组公钥对第一节点标识进行加密;所述联盟链网络中每个节点,将所述组创建交易与对应的执行结果写入本地的联盟链;所述组创建交易对应的执行结果包含加密后的所述第一节点标识。In addition, the embodiment of the present specification also provides a blockchain system, including a consortium chain network, the consortium chain network includes a plurality of nodes; a first node, which receives a group creation transaction constructed by an account of a first manager; and the group creation The transaction includes a group creation sub-transaction, the group creation sub-transaction includes a group public key; the first manager account is an account registered in the alliance chain network by the manager of the first node; the group public key Is designated by the manager of the first node; broadcasting the group creation transaction to the alliance chain network; executing the group creation transaction includes: creating a private chain locally, and writing the creation sub-transaction to the local Private chain, and use the group public key to encrypt the first node identification; every other node except the first node executes the group creation transaction without creating a private chain, including: using all The group public key encrypts the first node identification; each node in the alliance chain network writes the group creation transaction and the corresponding execution result into the local alliance chain; the execution result corresponding to the group creation transaction includes The encrypted first node identifier.
所述第一节点,接收对应的用户账户构建的匿名注册交易;所述匿名注册交易包含匿名注册子交易,所述匿名注册子交易包含匿名公钥、使用所述组公钥对应的组私钥生成的签名;其中,所述用户账户是所述第一节点对接的用户在联盟链网络中注册的账户,所述匿名公钥是所述第一节点对接的用户指定的;使用所述组公钥对所述匿名注册子交易中对应于所述组私钥的签名进行验证,若验证通过,则对所述匿名注册交易进行处理,包括:通过所述第一管理方账户,重新构建包含所述匿名注册子交易的匿名注册交易;向所述联盟链网络广播重新构建的匿名注册交易;执行所述匿名注册交易,包括:将所述匿名注册子交易写入本地的私有链;所述第一节点之外的每个其他节点,在未创建私有链的情况下,执行重新构建的所述匿名注册交易;所述联盟链网络中每个节点,将所述匿名注册交易写入本地的联盟链。The first node receives an anonymous registration transaction constructed by a corresponding user account; the anonymous registration transaction includes an anonymous registration sub-transaction, the anonymous registration sub-transaction includes an anonymous public key and uses the group private key corresponding to the group public key The generated signature; wherein the user account is an account registered in the consortium chain network of the user docking with the first node, and the anonymous public key is specified by the user docking with the first node; using the group public The key verifies the signature corresponding to the set of private keys in the anonymous registration sub-transaction, and if the verification is passed, the anonymous registration transaction is processed, including: reconstructing the signature that contains all the private keys through the account of the first management party. The anonymous registration transaction of the anonymous registration sub-transaction; broadcasting the reconstructed anonymous registration transaction to the alliance chain network; executing the anonymous registration transaction includes: writing the anonymous registration sub-transaction into a local private chain; Every other node except a node, without creating a private chain, executes the reconstructed anonymous registration transaction; each node in the consortium chain network writes the anonymous registration transaction into the local consortium chain.
所述第一节点,接收对应的用户账户构建的业务交易;所述业务交易包含业务子交易,所述业务子交易包含业务数据、使用所述组私钥生成的签名、使用所述匿名公钥对应的匿名私钥生成的签名;使用所述组公钥对所述业务子交易中对应于组私钥的签 名进行验证,以及,使用所述用户账户对应的匿名公钥对所述业务子交易中的对应于所述匿名私钥的签名进行验证,若验证皆通过,则对所述业务交易进行处理,包括:通过所述第一管理方账户重新构建包含所述业务子交易的哈希值的业务交易;向所述联盟链网络广播重新构建的业务交易;执行所述业务交易,包括:将所述业务子交易写入本地的私有链;所述第一节点之外的其他节点,在未创建私有链的情况下执行重新构建的所述业务交易;所述联盟链网络中每个节点,将所述业务交易写入本地的联盟链。The first node receives a business transaction constructed by a corresponding user account; the business transaction includes a business sub-transaction, the business sub-transaction includes business data, a signature generated using the set of private keys, and the anonymous public key The signature generated by the corresponding anonymous private key; using the group public key to verify the signature corresponding to the group private key in the business subtransaction, and using the anonymous public key corresponding to the user account to verify the business subtransaction The signature corresponding to the anonymous private key in is verified, and if the verifications are all passed, then the business transaction is processed, including: reconstructing a hash value containing the business sub-transaction through the first manager account Broadcasting the reconstructed business transaction to the alliance chain network; executing the business transaction includes: writing the business sub-transaction into the local private chain; nodes other than the first node, in The reconstructed business transaction is executed without creating a private chain; each node in the consortium chain network writes the business transaction into the local consortium chain.
第二节点,接收第二管理方账户构建的组加入交易;所述组加入交易包括组加入子交易,所述组加入子交易包含使用所述组公钥对应的组私钥生成的签名;所述第二管理方账户是所述第二节点的管理方在所述联盟链网络中注册的账户;使用所述组公钥对所述组加入子交易中的签名进行验证,若验证通过,则向所述联盟链网络广播所述组加入交易;执行所述组加入交易,包括:在本地创建私有链,使用所述组公钥对第二节点标识进行加密,从存储有相同私有链的其他节点同步私有链历史数据,以及将所述组加入子交易写入本地的私有链;存储有相同私有链的其他节点,执行所述组加入交易,包括:使用所述组公钥对第二节点标识进行加密,将所述组加入子交易写入本地的私有链;所述联盟链网络中未存储有所述相同私有链的其他节点,在未创建私有链的情况下执行所述组加入交易,包括:使用所述组公钥对第二节点标识进行加密;所述联盟链网络中每个节点,将所述组加入交易与对应的执行结果写入本地的联盟链;所述组加入交易对应的执行结果包含加密后的所述第二节点标识。The second node receives the group joining transaction constructed by the account of the second manager; the group joining transaction includes a group joining sub-transaction, and the group joining sub-transaction includes a signature generated using the group private key corresponding to the group public key; The second manager account is an account registered by the manager of the second node in the alliance chain network; the group public key is used to verify the signature of the group joining the sub-transaction, and if the verification passes, then Broadcasting the group joining transaction to the alliance chain network; executing the group joining transaction includes: creating a private chain locally, using the group public key to encrypt the second node identifier, and downloading from other nodes that store the same private chain The node synchronizes the historical data of the private chain, and writes the group addition sub-transaction into the local private chain; other nodes that store the same private chain, execute the group addition transaction, including: using the group public key to pair the second node The identification is encrypted, and the group joining sub-transaction is written into the local private chain; other nodes of the same private chain are not stored in the consortium chain network, and the group joining transaction is executed without creating a private chain , Including: using the group public key to encrypt the second node identifier; each node in the consortium chain network writes the group joining transaction and the corresponding execution result into the local consortium chain; the group joining transaction The corresponding execution result includes the encrypted second node identifier.
所述第二节点,接收对应的用户账户构建的匿名注册交易;所述匿名注册交易包含匿名注册子交易,所述匿名注册子交易包含匿名公钥、使用所述组私钥生成的签名;其中,所述用户账户是所述第二节点对接的用户在联盟链网络中注册的账户,所述匿名公钥是所述第二节点对应的用户指定的;使用所述组公钥对所述匿名注册子交易中对应于所述组私钥的签名进行验证,若验证通过,则对所述匿名注册交易进行处理,包括:通过所述第二管理方账户,重新构建包含所述匿名注册子交易的匿名注册交易;向所述联盟链网络广播重新构建的匿名注册交易;所述第二节点与存储有相同私有链的其他节点,执行所述匿名注册交易,包括:将所述匿名注册子交易写入本地的私有链;所述联盟链网络中未存储有所述相同私有链的其他节点,在未创建私有链的情况下,执行重新构建的所述匿名注册交易;所述联盟链网络中每个节点,将所述匿名注册交易写入本地的联盟链。The second node receives an anonymous registration transaction constructed by a corresponding user account; the anonymous registration transaction includes an anonymous registration sub-transaction, and the anonymous registration sub-transaction includes an anonymous public key and a signature generated using the set of private keys; wherein , The user account is an account registered in the consortium chain network of the user docking with the second node, and the anonymous public key is specified by the user corresponding to the second node; and the group public key is used to pair the anonymous The signature corresponding to the set of private keys in the registration sub-transaction is verified, and if the verification is passed, the anonymous registration transaction is processed, including: reconstructing the anonymous registration sub-transaction containing the anonymous registration through the account of the second management party The anonymous registration transaction; broadcast the reconstructed anonymous registration transaction to the alliance chain network; the second node and other nodes that store the same private chain, execute the anonymous registration transaction, including: register the anonymous sub-transaction Write to the local private chain; other nodes of the same private chain are not stored in the consortium chain network, and the reconstructed anonymous registration transaction is executed if the private chain is not created; in the consortium chain network Each node writes the anonymous registration transaction into the local consortium chain.
所述第二节点,接收对应的用户账户构建的业务交易;所述业务交易包含业务子交易,所述业务子交易包含业务数据、使用所述组私钥生成的签名、使用所述匿名公钥对应的匿名私钥生成的签名;使用组公钥对所述业务子交易中对应于所述组私钥的签名进行验证,以及,使用所述匿名公钥对所述业务子交易中的对应于所述匿名私钥的签名进行验证,若验证皆通过,则将所述业务子交易发送给同一节点组内的其他节点,并对所述业务交易进行处理,包括:通过所述第二管理方账户重新构建包含所述业务子交易的哈希值的业务交易;向所述联盟链网络广播重新构建的业务交易;所述第二节点与存储有相同私有链的其他节点,执行所述业务交易,包括:将所述业务子交易写入本地的私有链;所述联盟链网络中未存储有所述相同私有链的其他节点,在未创建私有链的情况下执行重新构建的业务交易;所述联盟链网络中每个节点,将重新构建的业务交易写入本地的联盟链。The second node receives a business transaction constructed by a corresponding user account; the business transaction includes a business sub-transaction, the business sub-transaction includes business data, a signature generated using the set of private keys, and the anonymous public key The signature generated by the corresponding anonymous private key; using the group public key to verify the signature corresponding to the group private key in the business sub-transaction, and using the anonymous public key to verify the signature corresponding to the group private key in the business sub-transaction The signature of the anonymous private key is verified, and if the verifications are all passed, the business sub-transaction is sent to other nodes in the same node group, and the business transaction is processed, including: passing the second management party Account reconstruction includes the business transaction of the hash value of the business sub-transaction; broadcasts the reconstructed business transaction to the alliance chain network; the second node executes the business transaction with other nodes storing the same private chain , Including: writing the business sub-transaction into a local private chain; other nodes of the same private chain are not stored in the consortium chain network, and executing the reconstructed business transaction without creating a private chain; so Each node in the consortium chain network writes the reconstructed business transaction into the local consortium chain.
本说明书实施例还提供一种计算机设备,其至少包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,其中,处理器执行所述程序时实现本说明书实施例中节点的功能。The embodiment of the present specification also provides a computer device, which at least includes a memory, a processor, and a computer program stored in the memory and capable of running on the processor, wherein the processor implements the node in the embodiment of the present specification when the program is executed. Function.
图11示出了本说明书实施例所提供的一种更为具体的计算设备硬件结构示意图, 该设备可包括:处理器1110、存储器1120、输入/输出接口1130、通信接口1140和总线1150。其中处理器1110、存储器1120、输入/输出接口1130和通信接口1040通过总线1050实现彼此之间在设备内部的通信连接。FIG. 11 shows a more specific hardware structure diagram of a computing device provided by an embodiment of this specification. The device may include a processor 1110, a memory 1120, an input/output interface 1130, a communication interface 1140, and a bus 1150. The processor 1110, the memory 1120, the input/output interface 1130, and the communication interface 1040 realize the communication connection between each other in the device through the bus 1050.
处理器1110可采用通用的CPU(Central Processing Unit,中央处理器)、微处理器、应用专用集成电路(Application Specific Integrated Circuit,ASIC)、一个或多个集成电路等实现,用于执行相关程序,以实现本说明书实施例所提供的技术方案。The processor 1110 can be implemented by a general CPU (Central Processing Unit, central processing unit), microprocessor, application specific integrated circuit (Application Specific Integrated Circuit, ASIC), one or more integrated circuits, etc., for executing related programs, In order to realize the technical solutions provided in the embodiments of this specification.
存储器1120可采用ROM(Read Only Memory,只读存储器)、RAM(Random Access Memory,随机存取存储器)、静态存储设备,动态存储设备等形式实现。存储器1120可存储操作系统和其他应用程序,在通过软件或者固件实现本说明书实施例所提供技术方案时,相关程序代码保存在存储器1120中,并由处理器1110来调用执行。The memory 1120 may be implemented in the form of ROM (Read Only Memory), RAM (Random Access Memory, random access memory), static storage device, dynamic storage device, etc. The memory 1120 can store an operating system and other application programs. When the technical solutions provided in the embodiments of the present specification are implemented by software or firmware, the related program codes are stored in the memory 1120 and called and executed by the processor 1110.
输入/输出接口1130用于连接输入/输出模块,以实现信息输入及输出。输入输出/模块可作为组件配置在设备中(图中未示出),也可外接于设备以提供相应功能。其中输入设备可包括键盘、鼠标、触摸屏、麦克风、各类传感器等,输出设备可包括显示器、扬声器、振动器、指示灯等。The input/output interface 1130 is used to connect an input/output module to realize information input and output. The input/output/module can be configured in the device as a component (not shown in the figure), or can be connected to the device to provide corresponding functions. The input device may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and an output device may include a display, a speaker, a vibrator, an indicator light, and the like.
通信接口1140用于连接通信模块(图中未示出),以实现本设备与其他设备的通信交互。其中通信模块可通过有线方式(例如USB、网线等)实现通信,也可通过无线方式(例如移动网络、WIFI、蓝牙等)实现通信。The communication interface 1140 is used to connect a communication module (not shown in the figure) to realize the communication interaction between the device and other devices. The communication module can realize communication through wired means (such as USB, network cable, etc.), or through wireless means (such as mobile network, WIFI, Bluetooth, etc.).
总线1150包括一通路,在设备的各个组件(例如处理器1110、存储器1120、输入/输出接口1130和通信接口1140)之间传输信息。The bus 1150 includes a path to transmit information between various components of the device (for example, the processor 1110, the memory 1120, the input/output interface 1130, and the communication interface 1140).
需要说明的是,尽管上述设备仅示出了处理器1110、存储器1120、输入/输出接口1130、通信接口1140以及总线1150,但是在具体实施过程中,该设备还可包括实现正常运行所必需的其他组件。此外,本领域的技术人员可理解的是,上述设备中也可仅包含实现本说明书实施例方案所必需的组件,而不必包含图中所示的全部组件。It should be noted that although the above device only shows the processor 1110, the memory 1120, the input/output interface 1130, the communication interface 1140, and the bus 1150, in the specific implementation process, the device may also include the necessary equipment for normal operation. Other components. In addition, those skilled in the art can understand that the above-mentioned device may also include only the components necessary to implement the solutions of the embodiments of the present specification, and not necessarily include all the components shown in the figures.
本说明书实施例还提供一种计算机可读存储介质,其上存储有计算机程序,该程序被处理器执行时实现本说明书实施例中节点的功能。The embodiment of this specification also provides a computer-readable storage medium on which a computer program is stored, and when the program is executed by a processor, the function of the node in the embodiment of this specification is realized.
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可由任何方法或技术来实现信息存储。信息可是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁盘存储或其他磁性存储设备或任何其他非传输介质,可用于存储可被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。Computer-readable media includes permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology. Information can be computer-readable instructions, data structures, program modules, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, magnetic tape disk storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
通过以上的实施方式的描述可知,本领域的技术人员可清楚地了解到本说明书实施例可借助软件加必需的通用硬件平台的方式来实现。基于这样的理解,本说明书实施例的技术方案本质上或者说对现有技术做出贡献的部分可以软件产品的形式体现出来,该计算机软件产品可存储在存储介质中,如ROM/RAM、磁碟、光盘等,包括若干指令用以使得一台计算机设备(可是个人计算机,服务设备,或者网络设备等)执行本说明书实施例各个实施例或者实施例的某些部分所述的方法。From the description of the foregoing implementation manners, it can be known that those skilled in the art can clearly understand that the embodiments of this specification can be implemented by means of software plus a necessary general hardware platform. Based on this understanding, the technical solutions of the embodiments of this specification essentially or the part that contributes to the existing technology can be embodied in the form of a software product, and the computer software product can be stored in a storage medium, such as ROM/RAM, magnetic Disks, optical discs, etc., include a number of instructions to make a computer device (maybe a personal computer, service device, or network device, etc.) execute the methods described in the various embodiments or some parts of the embodiments of this specification.
上述实施例阐明的系统、方法、模块或单元,具体可由计算机芯片或实体实现,或者由具有某种功能的产品来实现。一种典型的实现设备为计算机,计算机的具体形式 可是个人计算机、膝上型计算机、蜂窝电话、相机电话、智能电话、个人数字助理、媒体播放器、导航设备、电子邮件收发设备、游戏控制台、平板计算机、可穿戴设备或者这些设备中的任意几种设备的组合。The systems, methods, modules, or units explained in the foregoing embodiments may be specifically implemented by computer chips or entities, or implemented by products with certain functions. A typical implementation device is a computer. The specific form of the computer can be a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email receiving and sending device, and a game console. , Tablet computers, wearable devices, or a combination of any of these devices.
本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于装置实施例而言,由于其基本相似于方法实施例,所以描述得比较简单,相关之处参见方法实施例的部分说明即可。以上所描述的装置实施例仅仅是示意性的,其中所述作为分离部件说明的模块可是或者也可不是物理上分开的,在实施本说明书实施例方案时可把各模块的功能在同一个或多个软件和/或硬件中实现。也可根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。本领域普通技术人员在不付出创造性劳动的情况下,即可理解并实施。The various embodiments in this specification are described in a progressive manner, and the same or similar parts between the various embodiments can be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, as for the device embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for related parts, please refer to the part of the description of the method embodiment. The device embodiments described above are only illustrative, and the modules described as separate components may or may not be physically separated. When implementing the embodiments of this specification, the functions of the modules can be the same or Implemented in multiple software and/or hardware. Some or all of the modules can also be selected according to actual needs to achieve the objectives of the solutions of the embodiments. Those of ordinary skill in the art can understand and implement it without creative work.
以上所述仅是本说明书实施例的具体实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本说明书实施例原理的前提下,还可做出若干改进和润饰,这些改进和润饰也应视为本说明书实施例的保护范围。The above are only specific implementations of the embodiments of this specification. It should be pointed out that for those of ordinary skill in the art, without departing from the principle of the embodiments of this specification, several improvements and modifications can be made. These Improvements and retouching should also be regarded as the protection scope of the embodiments of this specification.

Claims (30)

  1. 一种在联盟链网络中创建节点组的方法,所述联盟链网络包括多个节点,所述方法包括:A method for creating a node group in a consortium chain network, the consortium chain network including a plurality of nodes, and the method includes:
    第一节点接收第一管理方账户构建的组创建交易;所述组创建交易包括组创建子交易,所述组创建子交易包含组公钥;所述第一管理方账户是所述第一节点的管理方在所述联盟链网络中注册的账户;所述组公钥是所述第一节点的管理方指定的;The first node receives a group creation transaction constructed by a first manager account; the group creation transaction includes a group creation sub-transaction, and the group creation sub-transaction includes a group public key; the first manager account is the first node The account registered by the administrator of the consortium chain network; the group public key is designated by the administrator of the first node;
    所述第一节点向所述联盟链网络广播所述组创建交易;The first node broadcasts the group creation transaction to the alliance chain network;
    所述第一节点执行所述组创建交易,包括:在本地创建私有链,将所述创建子交易写入本地的私有链,以及使用所述组公钥对第一节点标识进行加密;The execution of the group creation transaction by the first node includes: creating a private chain locally, writing the creation sub-transaction into the local private chain, and encrypting the first node identifier using the group public key;
    所述第一节点之外的每个其他节点在未创建私有链的情况下执行所述组创建交易,包括:使用所述组公钥对第一节点标识进行加密;The execution of the group creation transaction by every other node except the first node without creating a private chain includes: encrypting the first node identifier by using the group public key;
    所述联盟链网络中每个节点将所述组创建交易与对应的执行结果写入本地的联盟链;所述组创建交易对应的执行结果包含加密后的所述第一节点标识。Each node in the alliance chain network writes the group creation transaction and the corresponding execution result into the local alliance chain; the execution result corresponding to the group creation transaction includes the encrypted first node identifier.
  2. 如权利要求1所述的方法,所述组创建子交易还包括组标识;The method according to claim 1, wherein the group creation sub-transaction further includes a group identification;
    所述组创建交易对应的执行结果还包含所述组标识。The execution result corresponding to the group creation transaction also includes the group identifier.
  3. 如权利要求1所述的方法,所述组创建子标识还包括使用所述组公钥对应的组私钥生成的签名;The method according to claim 1, wherein the group creation sub-identifier further comprises a signature generated using the group private key corresponding to the group public key;
    所述第一节点向所述联盟链网络广播所述组创建交易,包括:The broadcasting of the group creation transaction to the alliance chain network by the first node includes:
    所述第一节点使用所述组公钥对所述组创建子交易中的签名进行验证,若验证通过,则向所述联盟链网络广播所述组创建交易。The first node uses the group public key to verify the signature in the group creation sub-transaction, and if the verification passes, broadcasts the group creation transaction to the consortium chain network.
  4. 如权利要求1所述的方法,所述方法还包括:The method of claim 1, further comprising:
    所述第一节点在封装有所述组创建子交易的私有链区块中写入指针对象,用于指向封装有所述组创建交易的联盟链区块。The first node writes a pointer object in the private chain block encapsulating the group creation sub-transaction for pointing to the consortium chain block encapsulating the group creation transaction.
  5. 一种基于权利要求1~4任一项所述创建的节点组的匿名注册方法,包括:An anonymous registration method based on the node group created according to any one of claims 1 to 4, comprising:
    所述第一节点接收对应的用户账户构建的匿名注册交易;所述匿名注册交易包含匿名注册子交易,所述匿名注册子交易包含匿名公钥、使用所述组公钥对应的组私钥生成的签名;其中,所述用户账户是所述第一节点对接的用户在联盟链网络中注册的账户,所述匿名公钥是所述第一节点对接的用户指定的;The first node receives an anonymous registration transaction constructed by a corresponding user account; the anonymous registration transaction includes an anonymous registration sub-transaction, the anonymous registration sub-transaction includes an anonymous public key, and is generated using the group private key corresponding to the group public key The signature of; wherein, the user account is an account registered in the alliance chain network of the user docking with the first node, and the anonymous public key is specified by the user docking with the first node;
    所述第一节点使用所述组公钥对所述匿名注册子交易中对应于所述组私钥的签名进行验证,若验证通过,则对所述匿名注册交易进行处理,包括:通过所述第一管理方账户,重新构建包含所述匿名注册子交易的匿名注册交易;The first node uses the group public key to verify the signature corresponding to the group private key in the anonymous registration sub-transaction, and if the verification is passed, then the anonymous registration transaction is processed, including: passing the The account of the first management party reconstructs the anonymous registration transaction including the anonymous registration sub-transaction;
    所述第一节点向所述联盟链网络广播重新构建的匿名注册交易;The first node broadcasts the reconstructed anonymous registration transaction to the consortium chain network;
    所述第一节点执行所述匿名注册交易,包括:将所述匿名注册子交易写入本地的私有链;The execution of the anonymous registration transaction by the first node includes: writing the anonymous registration sub-transaction into a local private chain;
    所述第一节点之外的每个其他节点在未创建私有链的情况下,执行重新构建的所述匿名注册交易;Each other node except the first node executes the reconstructed anonymous registration transaction without creating a private chain;
    所述联盟链网络中每个节点将所述匿名注册交易写入本地的联盟链。Each node in the consortium chain network writes the anonymous registration transaction into the local consortium chain.
  6. 如权利要求5所述的方法,所述匿名注册子交易还包含使用所述匿名公钥对应的匿名私钥生成的签名;The method according to claim 5, wherein the anonymous registration sub-transaction further comprises a signature generated using an anonymous private key corresponding to the anonymous public key;
    所述方法还包括:The method also includes:
    所述第一节点使用所述匿名公钥对所述匿名注册子交易中对应于所述匿名私钥的签名进行验证;The first node uses the anonymous public key to verify the signature corresponding to the anonymous private key in the anonymous registration sub-transaction;
    所述第一节点对所述匿名注册子交易进行处理,包括:The processing of the anonymous registration sub-transaction by the first node includes:
    所述第一节点若对对应于所述匿名私钥的签名验证通过,则对所述匿名注册子交易进行处理。If the first node passes the verification of the signature corresponding to the anonymous private key, then the anonymous registration sub-transaction is processed.
  7. 如权利要求5所述的方法,所述方法还包括:The method of claim 5, further comprising:
    所述第一节点在本地建立并存储所述匿名公钥与所述用户账户之间的对应关系。The first node establishes and stores the correspondence between the anonymous public key and the user account locally.
  8. 如权利要求5所述的方法,所述方法还包括:The method of claim 5, further comprising:
    所述第一节点在封装有所述匿名注册子交易的私有链区块中写入指针对象,用于指向封装有重新构建的匿名注册交易的联盟链区块。The first node writes a pointer object in the private chain block encapsulating the anonymous registration sub-transaction for pointing to the consortium chain block encapsulating the reconstructed anonymous registration transaction.
  9. 一种基于权利要求5-8任一项所述的匿名注册方法的交易方法,包括:A transaction method based on the anonymous registration method of any one of claims 5-8, comprising:
    所述第一节点接收对应的用户账户构建的业务交易;所述业务交易包含业务子交易,所述业务子交易包含业务数据、使用所述组私钥生成的签名、使用所述匿名公钥对应的匿名私钥生成的签名;The first node receives a business transaction constructed by a corresponding user account; the business transaction includes a business sub-transaction, the business sub-transaction includes business data, a signature generated using the set of private keys, and a corresponding anonymous public key The signature generated by the anonymous private key;
    所述第一节点使用所述组公钥对所述业务子交易中对应于组私钥的签名进行验证,以及,使用所述用户账户对应的匿名公钥对所述业务子交易中的对应于所述匿名私钥的签名进行验证,若验证皆通过,则对所述业务交易进行处理,包括:通过所述第一管理方账户重新构建包含所述业务子交易的哈希值的业务交易;The first node uses the group public key to verify the signature corresponding to the group private key in the service sub-transaction, and uses the anonymous public key corresponding to the user account to verify the signature corresponding to the group private key in the service sub-transaction Verifying the signature of the anonymous private key, and if the verifications are all passed, processing the business transaction includes: reconstructing a business transaction containing the hash value of the business sub-transaction through the account of the first management party;
    所述第一节点向所述联盟链网络广播重新构建的业务交易;The first node broadcasts the reconstructed business transaction to the alliance chain network;
    所述第一节点执行所述业务交易,包括:将所述业务子交易写入本地的私有链;The execution of the business transaction by the first node includes: writing the business sub-transaction into a local private chain;
    所述第一节点之外的其他节点在未创建私有链的情况下,执行重新构建的所述业务交易;Other nodes other than the first node execute the reconstructed business transaction without creating a private chain;
    所述联盟链网络中每个节点将所述业务交易写入本地的联盟链。Each node in the alliance chain network writes the business transaction into the local alliance chain.
  10. 如权利要求9所述的方法,所述业务子交易还包括组标识;The method according to claim 9, wherein the business sub-transaction further includes a group identification;
    所述第一节点使用所述组公钥对所述业务子交易中对应于组私钥的签名进行验证,包括:The first node using the group public key to verify the signature corresponding to the group private key in the service sub-transaction includes:
    所述第一节点使用所述组标识对应的所述组公钥对所述业务子交易中对应于组私钥的签名进行验证。The first node uses the group public key corresponding to the group identification to verify the signature corresponding to the group private key in the service sub-transaction.
  11. 如权利要求9所述的方法,对所述业务交易进行处理,包括:The method of claim 9, processing the business transaction, comprising:
    所述第一节点在判断出所述匿名公钥与所述用户账户之间具有对应关系之后,对所述业务交易进行处理。The first node processes the business transaction after judging that there is a correspondence between the anonymous public key and the user account.
  12. 如权利要求9所述的方法,所述方法还包括:The method according to claim 9, further comprising:
    所述第一节点在封装有所述业务子交易的私有链区块中写入指针对象,用于指向封装有重新构建的业务交易的联盟链区块。The first node writes a pointer object in the private chain block encapsulating the business sub-transaction for pointing to the consortium chain block encapsulating the reconstructed business transaction.
  13. 一种加入基于权利要求1~4任一项所创建的节点组的方法,包括:A method for joining a node group created based on any one of claims 1 to 4, comprising:
    第二节点接收第二管理方账户构建的组加入交易;所述组加入交易包括组加入子交易,所述组加入子交易包含使用所述组公钥对应的组私钥生成的签名;所述第二管理方账户是所述第二节点的管理方在所述联盟链网络中注册的账户;The second node receives the group joining transaction constructed by the account of the second managing party; the group joining transaction includes a group joining sub-transaction, and the group joining sub-transaction includes a signature generated using the group private key corresponding to the group public key; The second manager account is an account registered by the manager of the second node in the alliance chain network;
    所述第二节点使用所述组公钥对所述组加入子交易中的签名进行验证,若验证通过,则向所述联盟链网络广播所述组加入交易;The second node uses the group public key to verify the signature of the group addition subtransaction, and if the verification passes, broadcasts the group addition transaction to the consortium chain network;
    所述第二节点执行所述组加入交易,包括:在本地创建私有链,使用所述组公钥对第二节点标识进行加密,从存储有相同私有链的其他节点同步私有链历史数据,以及将所述组加入子交易写入本地的私有链;The second node executing the group joining transaction includes: creating a private chain locally, using the group public key to encrypt the second node identification, synchronizing private chain historical data from other nodes that store the same private chain, and Write the group addition sub-transaction into the local private chain;
    存储有相同私有链的其他节点执行所述组加入交易,包括:使用所述组公钥对第二节点标识进行加密,将所述组加入子交易写入本地的私有链;Executing the group joining transaction by other nodes storing the same private chain includes: using the group public key to encrypt the second node identifier, and writing the group joining sub-transaction into the local private chain;
    所述联盟链网络中未存储有所述相同私有链的其他节点在未创建私有链的情况下执行所述组加入交易,包括:使用所述组公钥对第二节点标识进行加密;The execution of the group joining transaction by other nodes that do not store the same private chain in the consortium chain network without creating a private chain includes: encrypting a second node identifier by using the group public key;
    所述联盟链网络中每个节点将所述组加入交易与对应的执行结果写入本地的联盟链;所述组加入交易对应的执行结果包含加密后的所述第二节点标识。Each node in the alliance chain network writes the group joining transaction and the corresponding execution result into the local alliance chain; the execution result corresponding to the group joining transaction includes the encrypted second node identifier.
  14. 如权利要求13所述的方法,所述组加入交易还包括组标识;The method according to claim 13, wherein the group joining transaction further includes a group identification;
    所述第二节点使用所述组公钥对所述组加入交易中的签名进行验证,包括:The second node using the group public key to verify the signature of the group joining transaction includes:
    使用所述组标识对应的所述组公钥对所述组加入交易中的签名进行验证。The group public key corresponding to the group identifier is used to verify the signature of the group joining transaction.
  15. 如权利要求13所述的方法,所述方法还包括:The method of claim 13, further comprising:
    所述第二节点与存储有相同私有链的其他节点在封装有所述组加入字交易的私有链区块中写入指针对象,用于指向封装有所述组加入交易的联盟链区块。The second node and other nodes storing the same private chain write a pointer object in the private chain block encapsulating the group joining transaction, for pointing to the consortium chain block encapsulating the group joining transaction.
  16. 一种基于权利要求13~15任一项所述的节点组的匿名注册方法,包括:An anonymous registration method based on the node group according to any one of claims 13-15, comprising:
    所述第二节点接收对应的用户账户构建的匿名注册交易;所述匿名注册交易包含匿名注册子交易,所述匿名注册子交易包含匿名公钥、使用所述组私钥生成的签名;其中,所述用户账户是所述第二节点对接的用户在联盟链网络中注册的账户,所述匿名公钥是所述第二节点对应的用户指定的;The second node receives an anonymous registration transaction constructed by a corresponding user account; the anonymous registration transaction includes an anonymous registration sub-transaction, and the anonymous registration sub-transaction includes an anonymous public key and a signature generated using the set of private keys; wherein, The user account is an account registered in the alliance chain network of the user who is docked with the second node, and the anonymous public key is designated by the user corresponding to the second node;
    所述第二节点使用所述组公钥对所述匿名注册子交易中对应于所述组私钥的签名进行验证,若验证通过,则对所述匿名注册交易进行处理,包括:通过所述第二管理方账户,重新构建包含所述匿名注册子交易的匿名注册交易;The second node uses the group public key to verify the signature corresponding to the group private key in the anonymous registration sub-transaction, and if the verification is passed, then the anonymous registration transaction is processed, including: passing the The account of the second management party reconstructs the anonymous registration transaction including the anonymous registration sub-transaction;
    所述第二节点向所述联盟链网络广播重新构建的匿名注册交易;The second node broadcasts the reconstructed anonymous registration transaction to the alliance chain network;
    所述第二节点与存储有相同私有链的其他节点执行所述匿名注册交易,包括:将所述匿名注册子交易写入本地的私有链;The second node executing the anonymous registration transaction with other nodes storing the same private chain includes: writing the anonymous registration sub-transaction into a local private chain;
    所述联盟链网络中未存储有所述相同私有链的其他节点在未创建私有链的情况下,执行重新构建的所述匿名注册交易;Other nodes that do not store the same private chain in the consortium chain network perform the reconstructed anonymous registration transaction without creating a private chain;
    所述联盟链网络中每个节点将所述匿名注册交易写入本地的联盟链。Each node in the consortium chain network writes the anonymous registration transaction into the local consortium chain.
  17. 如权利要求16所述的方法,所述匿名注册子交易还包含使用所述匿名公钥对应的匿名私钥生成的签名;The method of claim 16, wherein the anonymous registration sub-transaction further comprises a signature generated using an anonymous private key corresponding to the anonymous public key;
    所述方法还包括:The method also includes:
    所述第二节点使用所述匿名公钥对所述匿名注册子交易中对应于所述匿名私钥的签名进行验证;The second node uses the anonymous public key to verify the signature corresponding to the anonymous private key in the anonymous registration sub-transaction;
    所述第二节点对所述匿名注册交易进行处理,包括:The processing of the anonymous registration transaction by the second node includes:
    若对对应于所述匿名私钥的签名验证通过,则对所述匿名注册交易进行处理。If the signature verification corresponding to the anonymous private key is passed, the anonymous registration transaction is processed.
  18. 如权利要求16所述的方法,所述方法还包括:The method of claim 16, further comprising:
    所述第二节点在本地建立并存储所述匿名公钥与所述用户账户之间的对应关系。The second node establishes and stores the correspondence between the anonymous public key and the user account locally.
  19. 一种基于权利要求16-18任一项所述的匿名注册方法的交易方法,包括:A transaction method based on the anonymous registration method of any one of claims 16-18, comprising:
    所述第二节点接收对应的用户账户构建的业务交易;所述业务交易包含业务子交易,所述业务子交易包含业务数据、使用所述组私钥生成的签名、使用所述匿名公钥对应的匿名私钥生成的签名;The second node receives a business transaction constructed by a corresponding user account; the business transaction includes a business sub-transaction, the business sub-transaction includes business data, a signature generated using the set of private keys, and a corresponding anonymous public key The signature generated by the anonymous private key;
    所述第二节点使用组公钥对所述业务子交易中对应于所述组私钥的签名进行验证,以及,使用所述匿名公钥对所述业务子交易中的对应于所述匿名私钥的签名进行验证,若验证皆通过,则将所述业务子交易发送给同一节点组内的其他节点,并对所述业务交易进行处理,包括:通过所述第二管理方账户重新构建包含所述业务子交易的哈希值的业务交易;The second node uses the group public key to verify the signature corresponding to the group private key in the service sub-transaction, and uses the anonymous public key to verify the signature corresponding to the anonymous private key in the service sub-transaction. The signature of the key is verified. If the verifications are passed, the business sub-transaction is sent to other nodes in the same node group, and the business transaction is processed, including: reconstructing the business transaction through the second manager account. The business transaction of the hash value of the business sub-transaction;
    所述第二节点向所述联盟链网络广播重新构建的业务交易;The second node broadcasts the reconstructed business transaction to the alliance chain network;
    所述第二节点与存储有相同私有链的其他节点执行所述业务交易,包括:将所述业务子交易写入本地的私有链;The second node executing the business transaction with other nodes storing the same private chain includes: writing the business sub-transaction into a local private chain;
    所述联盟链网络中未存储有所述相同私有链的其他节点在未创建私有链的情况下,执行重新构建的业务交易;Other nodes that do not store the same private chain in the consortium chain network perform the reconstructed business transaction without creating a private chain;
    所述联盟链网络中每个节点将重新构建的业务交易写入本地的联盟链。Each node in the alliance chain network writes the reconstructed business transaction into the local alliance chain.
  20. 如权利要求19所述的方法,所述业务子交易还包括组标识;The method of claim 19, wherein the business sub-transaction further includes a group identification;
    所述第二节点使用所述组公钥对所述业务子交易中对应于所述组私钥的签名进行验证,包括:The second node using the group public key to verify the signature corresponding to the group private key in the service sub-transaction includes:
    所述第二节点使用所述组标识对应的所述组公钥对所述业务子交易中对应于所述组私钥的签名进行验证。The second node uses the group public key corresponding to the group identifier to verify the signature corresponding to the group private key in the service sub-transaction.
  21. 如权利要求19所述的方法,对所述业务交易进行处理,包括:The method of claim 19, processing the business transaction, comprising:
    所述第二节点在判断出所述匿名公钥与所述用户账户之间具有对应关系之后,对所述业务交易进行处理。The second node processes the business transaction after judging that there is a correspondence between the anonymous public key and the user account.
  22. 如权利要求19所述的方法,所述方法还包括:The method of claim 19, further comprising:
    所述第二节点与存储有相同私有链的其他节点在封装有所述业务子交易的私有链区块中写入指针对象,用于指向封装有处理后的所述业务交易的联盟链区块。The second node and other nodes storing the same private chain write a pointer object in the private chain block encapsulating the business sub-transaction for pointing to the alliance chain block encapsulating the processed business transaction .
  23. 如权利要求19所述的方法,所述方法还包括:The method of claim 19, further comprising:
    针对存储有所述相同私有链的每个其他节点,该其他节点若接收到所述业务子交易,则向所述第二节点返回签名;For each other node storing the same private chain, if the other node receives the business sub-transaction, return a signature to the second node;
    所述第二节点对所述业务交易进行处理,包括:The processing of the business transaction by the second node includes:
    所述第二节点若确定接收到的其他节点的签名的数量满足预设的分布式容错条件,则对所述业务交易进行处理。If the second node determines that the number of received signatures of other nodes meets a preset distributed fault tolerance condition, then the business transaction is processed.
  24. 一种区块链系统,包括联盟链网络,所述联盟链网络包括多个节点;A blockchain system includes a consortium chain network, and the consortium chain network includes a plurality of nodes;
    第一节点,接收第一管理方账户构建的组创建交易;所述组创建交易包括组创建子交易,所述组创建子交易包含组公钥;所述第一管理方账户是所述第一节点的管理方在所述联盟链网络中注册的账户;所述组公钥是所述第一节点的管理方指定的;向所述联盟链网络广播所述组创建交易;执行所述组创建交易,包括:在本地创建私有链,将所述创建子交易写入本地的私有链,以及使用所述组公钥对第一节点标识进行加密;The first node receives a group creation transaction constructed by a first manager account; the group creation transaction includes a group creation sub-transaction, and the group creation sub-transaction includes a group public key; the first manager account is the first The account registered by the node's manager in the alliance chain network; the group public key is designated by the manager of the first node; broadcast the group creation transaction to the alliance chain network; execute the group creation The transaction includes: creating a private chain locally, writing the creation sub-transaction into the local private chain, and encrypting the first node identifier using the set of public keys;
    所述第一节点之外的每个其他节点,在未创建私有链的情况下执行所述组创建交易,包括:使用所述组公钥对第一节点标识进行加密;For every other node except the first node, executing the group creation transaction without creating a private chain includes: encrypting the first node identifier by using the group public key;
    所述联盟链网络中每个节点,将所述组创建交易与对应的执行结果写入本地的联盟链;所述组创建交易对应的执行结果包含加密后的所述第一节点标识。Each node in the alliance chain network writes the group creation transaction and the corresponding execution result into the local alliance chain; the execution result corresponding to the group creation transaction includes the encrypted first node identifier.
  25. 如权利要求24所述的系统,所述第一节点,接收对应的用户账户构建的匿名注册交易;所述匿名注册交易包含匿名注册子交易,所述匿名注册子交易包含匿名公钥、使用所述组公钥对应的组私钥生成的签名;其中,所述用户账户是所述第一节点对接的用户在联盟链网络中注册的账户,所述匿名公钥是所述第一节点对接的用户指定的;使用所述组公钥对所述匿名注册子交易中对应于所述组私钥的签名进行验证,若验证通过,则对所述匿名注册交易进行处理,包括:通过所述第一管理方账户,重新构建包含所述匿名注册子交易的匿名注册交易;向所述联盟链网络广播重新构建的匿名注册交易;执行所述匿名注册交易,包括:将所述匿名注册子交易写入本地的私有链;The system according to claim 24, wherein the first node receives an anonymous registration transaction constructed by a corresponding user account; the anonymous registration transaction includes an anonymous registration sub-transaction, and the anonymous registration sub-transaction includes an anonymous public key and a user account. The signature generated by the group private key corresponding to the group public key; wherein, the user account is an account registered in the consortium chain network of the user docked by the first node, and the anonymous public key is docked by the first node Specified by the user; using the group public key to verify the signature corresponding to the group private key in the anonymous registration sub-transaction, and if the verification is passed, the anonymous registration transaction is processed, including: passing the first An administrator account, reconstructing an anonymous registration transaction including the anonymous registration sub-transaction; broadcasting the reconstructed anonymous registration transaction to the alliance chain network; executing the anonymous registration transaction, including: writing the anonymous registration sub-transaction Enter the local private chain;
    所述第一节点之外的每个其他节点,在未创建私有链的情况下,执行重新构建的所述匿名注册交易;Every other node except the first node executes the reconstructed anonymous registration transaction without creating a private chain;
    所述联盟链网络中每个节点,将所述匿名注册交易写入本地的联盟链。Each node in the consortium chain network writes the anonymous registration transaction into the local consortium chain.
  26. 如权利要求25所述的系统,所述第一节点,接收对应的用户账户构建的业务交易;所述业务交易包含业务子交易,所述业务子交易包含业务数据、使用所述组私钥生成的签名、使用所述匿名公钥对应的匿名私钥生成的签名;使用所述组公钥对所述业务子交易中对应于组私钥的签名进行验证,以及,使用所述用户账户对应的匿名公钥对所述业务子交易中的对应于所述匿名私钥的签名进行验证,若验证皆通过,则对所述业务交易进行处理,包括:通过所述第一管理方账户重新构建包含所述业务子交易的哈希值的业务交易;向所述联盟链网络广播重新构建的业务交易;执行所述业务交易,包括:将所述业务子交易写入本地的私有链;The system according to claim 25, wherein the first node receives a business transaction constructed by a corresponding user account; the business transaction includes a business sub-transaction, the business sub-transaction includes business data, and is generated using the set of private keys The signature of the anonymous public key, the signature generated using the anonymous private key corresponding to the anonymous public key; the use of the group public key to verify the signature corresponding to the group private key in the business sub-transaction, and the use of the signature corresponding to the user account The anonymous public key verifies the signature corresponding to the anonymous private key in the business sub-transaction, and if the verifications are all passed, the business transaction is processed, including: reconstructing the signature through the first manager account The business transaction of the hash value of the business sub-transaction; broadcasting the reconstructed business transaction to the alliance chain network; executing the business transaction includes: writing the business sub-transaction into a local private chain;
    所述第一节点之外的其他节点,在未创建私有链的情况下执行重新构建的所述业务交易;Nodes other than the first node execute the reconstructed business transaction without creating a private chain;
    所述联盟链网络中每个节点,将所述业务交易写入本地的联盟链。Each node in the alliance chain network writes the business transaction into the local alliance chain.
  27. 如权利要求24所述的系统,第二节点,接收第二管理方账户构建的组加入交易;所述组加入交易包括组加入子交易,所述组加入子交易包含使用所述组公钥对应的 组私钥生成的签名;所述第二管理方账户是所述第二节点的管理方在所述联盟链网络中注册的账户;使用所述组公钥对所述组加入子交易中的签名进行验证,若验证通过,则向所述联盟链网络广播所述组加入交易;执行所述组加入交易,包括:在本地创建私有链,使用所述组公钥对第二节点标识进行加密,从存储有相同私有链的其他节点同步私有链历史数据,以及将所述组加入子交易写入本地的私有链;The system according to claim 24, wherein the second node receives the group joining transaction constructed by the account of the second manager; the group joining transaction includes a group joining sub-transaction, and the group joining sub-transaction includes using the group public key to correspond to The signature generated by the group private key of the group; the second manager account is the account registered by the manager of the second node in the consortium chain network; the group public key is used to add the group to the sub-transaction The signature is verified, and if the verification is passed, the group joining transaction is broadcast to the alliance chain network; executing the group joining transaction includes: creating a private chain locally, and encrypting the second node identification using the group public key , Synchronizing the historical data of the private chain from other nodes storing the same private chain, and writing the group addition sub-transaction into the local private chain;
    存储有相同私有链的其他节点,执行所述组加入交易,包括:使用所述组公钥对第二节点标识进行加密,将所述组加入子交易写入本地的私有链;For other nodes storing the same private chain, executing the group joining transaction includes: using the group public key to encrypt the second node identifier, and writing the group joining sub-transaction into the local private chain;
    所述联盟链网络中未存储有所述相同私有链的其他节点,在未创建私有链的情况下执行所述组加入交易,包括:使用所述组公钥对第二节点标识进行加密;If other nodes of the same private chain are not stored in the consortium chain network, executing the group joining transaction without creating a private chain includes: using the group public key to encrypt a second node identifier;
    所述联盟链网络中每个节点,将所述组加入交易与对应的执行结果写入本地的联盟链;所述组加入交易对应的执行结果包含加密后的所述第二节点标识。Each node in the alliance chain network writes the group joining transaction and the corresponding execution result into the local alliance chain; the execution result corresponding to the group joining transaction includes the encrypted second node identifier.
  28. 如权利要求27所述的系统,所述第二节点,接收对应的用户账户构建的匿名注册交易;所述匿名注册交易包含匿名注册子交易,所述匿名注册子交易包含匿名公钥、使用所述组私钥生成的签名;其中,所述用户账户是所述第二节点对接的用户在联盟链网络中注册的账户,所述匿名公钥是所述第二节点对应的用户指定的;使用所述组公钥对所述匿名注册子交易中对应于所述组私钥的签名进行验证,若验证通过,则对所述匿名注册交易进行处理,包括:通过所述第二管理方账户,重新构建包含所述匿名注册子交易的匿名注册交易;向所述联盟链网络广播重新构建的匿名注册交易;The system according to claim 27, wherein the second node receives an anonymous registration transaction constructed by a corresponding user account; the anonymous registration transaction includes an anonymous registration sub-transaction, and the anonymous registration sub-transaction includes an anonymous public key and a user account. The signature generated by the set of private keys; wherein, the user account is an account registered in the alliance chain network of the user docking with the second node, and the anonymous public key is specified by the user corresponding to the second node; use The group public key verifies the signature corresponding to the group private key in the anonymous registration sub-transaction, and if the verification is passed, the anonymous registration transaction is processed, including: through the second management party account, Reconstruct an anonymous registration transaction including the anonymous registration sub-transaction; broadcast the reconstructed anonymous registration transaction to the alliance chain network;
    所述第二节点与存储有相同私有链的其他节点,执行所述匿名注册交易,包括:将所述匿名注册子交易写入本地的私有链;The execution of the anonymous registration transaction by the second node and other nodes storing the same private chain includes: writing the anonymous registration sub-transaction into a local private chain;
    所述联盟链网络中未存储有所述相同私有链的其他节点,在未创建私有链的情况下,执行重新构建的所述匿名注册交易;If other nodes of the same private chain are not stored in the consortium chain network, if the private chain has not been created, execute the reconstructed anonymous registration transaction;
    所述联盟链网络中每个节点,将所述匿名注册交易写入本地的联盟链。Each node in the consortium chain network writes the anonymous registration transaction into the local consortium chain.
  29. 如权利要求28所述的系统,所述第二节点,接收对应的用户账户构建的业务交易;所述业务交易包含业务子交易,所述业务子交易包含业务数据、使用所述组私钥生成的签名、使用所述匿名公钥对应的匿名私钥生成的签名;使用组公钥对所述业务子交易中对应于所述组私钥的签名进行验证,以及,使用所述匿名公钥对所述业务子交易中的对应于所述匿名私钥的签名进行验证,若验证皆通过,则将所述业务子交易发送给同一节点组内的其他节点,并对所述业务交易进行处理,包括:通过所述第二管理方账户重新构建包含所述业务子交易的哈希值的业务交易;向所述联盟链网络广播重新构建的业务交易;The system according to claim 28, wherein the second node receives a business transaction constructed by a corresponding user account; the business transaction includes a business sub-transaction, the business sub-transaction includes business data, and the set of private keys is used to generate The signature of the anonymous public key, the signature generated using the anonymous private key corresponding to the anonymous public key; the use of the group public key to verify the signature corresponding to the group of private keys in the business sub-transaction, and the use of the anonymous public key pair The signature corresponding to the anonymous private key in the business sub-transaction is verified, and if the verifications are all passed, the business sub-transaction is sent to other nodes in the same node group, and the business transaction is processed, It includes: reconstructing a business transaction including the hash value of the business sub-transaction through the account of the second management party; broadcasting the reconstructed business transaction to the alliance chain network;
    所述第二节点与存储有相同私有链的其他节点,执行所述业务交易,包括:将所述业务子交易写入本地的私有链;The execution of the business transaction by the second node and other nodes storing the same private chain includes: writing the business sub-transaction into a local private chain;
    所述联盟链网络中未存储有所述相同私有链的其他节点,在未创建私有链的情况下执行重新构建的业务交易;If other nodes of the same private chain are not stored in the consortium chain network, the reconstructed business transaction is executed without creating a private chain;
    所述联盟链网络中每个节点,将重新构建的业务交易写入本地的联盟链。Each node in the alliance chain network writes the reconstructed business transaction into the local alliance chain.
  30. 一种计算机设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,其中,所述处理器执行所述程序时实现权利要求1-23中节点的功能。A computer device comprising a memory, a processor, and a computer program stored on the memory and running on the processor, wherein the processor implements the function of the node in claims 1-23 when the program is executed.
PCT/CN2021/096519 2020-05-28 2021-05-27 Method for creating node group in alliance chain network, and transaction method based on node group WO2021239072A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010470181.XA CN111383018B (en) 2020-05-28 2020-05-28 Node group creating method and node group-based transaction method in alliance chain network
CN202010470181.X 2020-05-28

Publications (1)

Publication Number Publication Date
WO2021239072A1 true WO2021239072A1 (en) 2021-12-02

Family

ID=71220408

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/096519 WO2021239072A1 (en) 2020-05-28 2021-05-27 Method for creating node group in alliance chain network, and transaction method based on node group

Country Status (2)

Country Link
CN (2) CN111383018B (en)
WO (1) WO2021239072A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114285861A (en) * 2021-12-21 2022-04-05 西安交通大学 Decentralized credible identity authentication method based on alliance chain
CN116743512A (en) * 2023-08-15 2023-09-12 中移(苏州)软件技术有限公司 Network autonomy and isolation method and device, electronic equipment and readable storage medium

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111383018B (en) * 2020-05-28 2020-09-25 支付宝(杭州)信息技术有限公司 Node group creating method and node group-based transaction method in alliance chain network
CN111932239B (en) * 2020-09-18 2021-02-05 腾讯科技(深圳)有限公司 Service processing method, device, node equipment and storage medium
CN113127908B (en) * 2021-04-29 2024-04-26 郑杰骞 Chained address generation and transaction data processing method and device and storage medium
CN113449322A (en) * 2021-07-16 2021-09-28 建信金融科技有限责任公司 Data sharing method and device based on block chain, electronic equipment and readable medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109409884A (en) * 2018-10-25 2019-03-01 北京安如山文化科技有限公司 A kind of block chain secret protection scheme and system based on SM9 algorithm
WO2019080933A1 (en) * 2017-10-26 2019-05-02 云图有限公司 Block chain transaction privacy protection method and system
WO2020022599A1 (en) * 2018-07-27 2020-01-30 박기업 Node group managing device and computing device for configuring group key-based dual signature transaction structure in blockchain network
CN110852748A (en) * 2019-11-06 2020-02-28 杭州复杂美科技有限公司 Group transaction method, device and storage medium
CN111383018A (en) * 2020-05-28 2020-07-07 支付宝(杭州)信息技术有限公司 Node group creating method and node group-based transaction method in alliance chain network

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107438002B (en) * 2016-05-27 2022-02-11 索尼公司 Block chain based system and electronic device and method in system
CN107423978A (en) * 2017-06-16 2017-12-01 郑州大学 A kind of distributed energy business confirmation method based on alliance's block chain
CN108012582B (en) * 2017-08-18 2019-08-23 达闼科技成都有限公司 block chain system and authority management method thereof
JP6715231B2 (en) * 2017-12-11 2020-07-01 三菱Ufj信託銀行株式会社 Virtual currency preservation system
CN109064325B (en) * 2018-06-25 2020-07-24 浙江超脑时空科技有限公司 Intelligent contract implementation method and device based on block chain
KR102107082B1 (en) * 2018-06-25 2020-05-06 한신대학교 산학협력단 A Method For Detecting Counterfeit application in Mobile Device Based On Blockchain
CN109246179B (en) * 2018-06-30 2021-06-01 华为技术有限公司 Method and apparatus for maintaining blockchain, server, and computer-readable storage medium
CN109214883A (en) * 2018-07-27 2019-01-15 阿里巴巴集团控股有限公司 Service lease method, apparatus, system and electronic equipment based on block chain
CN109472596B (en) * 2018-10-16 2019-11-22 中国传媒大学 Alliance's chain common recognition method and system based on transaction assessment
CN109347955B (en) * 2018-10-19 2021-03-02 北京奇艺世纪科技有限公司 Block chain network system and information processing method
CN109995850B (en) * 2019-03-05 2022-04-26 深圳前海微众银行股份有限公司 Block chain system and transaction processing method thereof
CN110035059B (en) * 2019-03-05 2021-09-28 深圳前海微众银行股份有限公司 Block chain construction method and device
CN110008739B (en) * 2019-03-05 2023-10-03 深圳前海微众银行股份有限公司 Block chain system based on group, group management method and device
CN110572267B (en) * 2019-09-09 2022-01-28 北京工业大学 Anonymous electronic voting method based on block chain of alliances

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019080933A1 (en) * 2017-10-26 2019-05-02 云图有限公司 Block chain transaction privacy protection method and system
WO2020022599A1 (en) * 2018-07-27 2020-01-30 박기업 Node group managing device and computing device for configuring group key-based dual signature transaction structure in blockchain network
CN109409884A (en) * 2018-10-25 2019-03-01 北京安如山文化科技有限公司 A kind of block chain secret protection scheme and system based on SM9 algorithm
CN110852748A (en) * 2019-11-06 2020-02-28 杭州复杂美科技有限公司 Group transaction method, device and storage medium
CN111383018A (en) * 2020-05-28 2020-07-07 支付宝(杭州)信息技术有限公司 Node group creating method and node group-based transaction method in alliance chain network

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114285861A (en) * 2021-12-21 2022-04-05 西安交通大学 Decentralized credible identity authentication method based on alliance chain
CN116743512A (en) * 2023-08-15 2023-09-12 中移(苏州)软件技术有限公司 Network autonomy and isolation method and device, electronic equipment and readable storage medium
CN116743512B (en) * 2023-08-15 2024-01-26 中移(苏州)软件技术有限公司 Network autonomy and isolation method and device, electronic equipment and readable storage medium

Also Published As

Publication number Publication date
CN111383018A (en) 2020-07-07
CN112200575A (en) 2021-01-08
CN111383018B (en) 2020-09-25
CN112200575B (en) 2022-05-31

Similar Documents

Publication Publication Date Title
WO2021239072A1 (en) Method for creating node group in alliance chain network, and transaction method based on node group
WO2021239070A1 (en) Method for creating node group in consortium blockchain network, and node group-based transaction method
CN110457875B (en) Data authorization method and device based on block chain
CN110473094B (en) Data authorization method and device based on block chain
US11057189B2 (en) Providing data authorization based on blockchain
US10819696B2 (en) Key attestation statement generation providing device anonymity
TW202107458A (en) Data authorization method and device based on smart contract
CN110061829A (en) Multi-party computations method, apparatus and storage medium based on block chain network
CN109615378A (en) Multi-party computations method, apparatus and readable storage medium storing program for executing based on block chain
TW202029044A (en) Block chain transaction generation method and device
CN111475827A (en) Private data query method and device based on down-link authorization
CN111047443B (en) User scoring method and device, electronic equipment and computer readable storage medium
TWI706663B (en) Data storage method and system based on multiple blockchain networks
CN110580412A (en) Permission query configuration method and device based on chain codes
CN112202554B (en) Information processing method, device and equipment for generating key based on attribute of information
TW202101325A (en) Account transfer method and system for smart contract based on block chain
CN110245518A (en) A kind of date storage method, device and equipment
WO2020108052A1 (en) Data reading method based on a plurality of block chain networks and system
WO2021228230A1 (en) Data verification method and apparatus based on secure execution environment
WO2020108054A1 (en) Data storage and attestation method and system based on multiple blockchain networks
WO2022237558A1 (en) Blockchain-based user element authentication method and apparatus
WO2020108056A1 (en) Service execution method and apparatus
CN115131029A (en) Block chain-based digital file signing method and device
JP2019068327A (en) User management device, user management system
CN114422263B (en) Data acquisition method, device, system, computer equipment and machine-readable storage medium based on blockchain network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21812700

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21812700

Country of ref document: EP

Kind code of ref document: A1