WO2022095779A1 - Pow-based blockchain consensus method and apparatus - Google Patents

Pow-based blockchain consensus method and apparatus Download PDF

Info

Publication number
WO2022095779A1
WO2022095779A1 PCT/CN2021/126991 CN2021126991W WO2022095779A1 WO 2022095779 A1 WO2022095779 A1 WO 2022095779A1 CN 2021126991 W CN2021126991 W CN 2021126991W WO 2022095779 A1 WO2022095779 A1 WO 2022095779A1
Authority
WO
WIPO (PCT)
Prior art keywords
anonymous
block
consensus
node
attribute value
Prior art date
Application number
PCT/CN2021/126991
Other languages
French (fr)
Chinese (zh)
Other versions
WO2022095779A9 (en
Inventor
黄晨宇
张俊麒
胡朝新
苏小康
张开翔
范瑞彬
张黔
Original Assignee
深圳前海微众银行股份有限公司
香港科技大学
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳前海微众银行股份有限公司, 香港科技大学 filed Critical 深圳前海微众银行股份有限公司
Publication of WO2022095779A1 publication Critical patent/WO2022095779A1/en
Publication of WO2022095779A9 publication Critical patent/WO2022095779A9/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • H04L9/3221Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Definitions

  • the present invention relates to the field of blockchain (blockchain) in the field of financial technology (Fintech), in particular to a method and device for consensus on a blockchain based on POW.
  • the blockchain based on the Proof-of-Work (PoW) consensus algorithm is a relatively common blockchain.
  • PoW consensus process of the blockchain based on the PoW consensus algorithm the consensus block is disclosed to the users of the blockchain.
  • the present invention provides a blockchain consensus method and device based on POW, which solves the problem in the prior art that the blockchain nodes that often produce blocks are vulnerable to malicious attacks.
  • the present invention provides a blockchain consensus method based on POW, including: if a first anonymous node determines that the first anonymous node satisfies a preset condition, generating a first consensus zero-knowledge proof; the first The consensus zero-knowledge proof is at least used to verify the correctness of the following information: consensus verification information, first attribute value commitment and first anonymous identity information; the first attribute value commitment is the hidden information obtained at least according to the first actual attribute value; The first anonymous identity information is obtained at least according to the first actual identity information of the first anonymous node; the preset condition is set according to the characteristics of the PoW consensus algorithm; the first anonymous node is at least based on the The first consensus zero-knowledge proof, the consensus verification information, the content of the block to be produced, the first anonymous identity information, and the first attribute value commitment, generate the first block, and assign the first block to the first block.
  • the block is used as a consensus block; the first anonymous node sends the first block to each second anonymous node.
  • the first block is based on at least the first consensus zero-knowledge proof, the consensus verification information, the content of the block to be produced, the first anonymous identity information and the first attribute value Promise generated, through the first consensus zero-knowledge proof, the first block can be verified without revealing the actual identity information and the actual attribute value, so that the block consensus can be performed without revealing the actual identity information , then nodes with higher attribute values are not vulnerable to targeted malicious attacks.
  • the first anonymous node determines that the first anonymous node satisfies a preset condition in the following manner: the first anonymous node determines the first mining value of the first anonymous node according to the first actual attribute value. Mining difficulty value; the first anonymous node continuously updates the mining factor within a preset number field, and determines whether the first anonymous node satisfies the preset condition according to the first mining difficulty value and the mining factor; The preset condition is set based on the first mining difficulty value; the probability that the mining factor satisfies the preset condition is positively correlated with the first actual attribute value.
  • the preset conditions are set on the basis of following the POW consensus algorithm, and the node that produces the block is adaptively selected in the blockchain, which improves the efficiency of selecting the node that produces the block.
  • the determining whether the first anonymous node satisfies a preset condition according to the first mining difficulty value and the mining factor includes: the first anonymous node according to the mining factor and the mining factor. Describe the content of the block to be produced, and generate a first hash value; if the first anonymous node determines that the first hash value is less than the first mining difficulty value, then determine that the first anonymous node satisfies the preset condition .
  • the first anonymous node continuously updates the mining factor within the preset number range, during the period when the generated mining factor does not make the first anonymous node meet the preset condition, if the The first anonymous node receives the second block of any second anonymous node among the second anonymous nodes, and the first anonymous node verifies the second block; if the verification passes, the first anonymous node verifies the second block.
  • the anonymous node regards the second block as a consensus block.
  • the first block is the block to be agreed upon between the third block and the fourth block in the i-th period of the blockchain;
  • the third block is the blockchain The first block to be consensus in the ith period of the blockchain;
  • the fourth block is the last block to be consensus in the ith period of the blockchain;
  • the first anonymous identity information is the Anonymous identity information of an anonymous node in the ith period of the blockchain;
  • the first attribute value commitment is the attribute value commitment of the first anonymous node in the ith period of the blockchain.
  • the anonymous identity information and attribute value commitments are bound by setting different periods, and are generated in a specific way between the first block, the third block and the fourth block, thereby further increasing the easy access.
  • the method further includes: the first anonymous node generates second anonymous identity information as the first anonymous node in the i+th period of the blockchain.
  • Anonymous identity information of period 1 the first anonymous node generates a second attribute value commitment as the attribute value commitment of the first anonymous node in the i+1th period of the blockchain.
  • the third block is generated by the first anonymous node, and the first anonymous node generates the third block in the following manner: the first anonymous node according to the first consensus zero-knowledge Proof, the consensus verification information, the first anonymous identity information, and the first attribute value commitment to generate a third block.
  • the fourth block is generated by the first anonymous node, and the first anonymous node generates the fourth block in the following manner: the first anonymous node according to the first consensus zero-knowledge Proof, the consensus verification information, the content of the block to be produced, the first anonymous identity information, the first attribute value commitment, the third anonymous identity information and the third attribute value commitment to generate the fourth block ;
  • the third anonymous identity information is the anonymous identity information of the anonymous node to be added in the i+1th period of the blockchain;
  • the third attribute value commitment is at least according to the anonymous node to be added in the The hidden information obtained from the actual attribute value in the i+1th epoch of the blockchain.
  • the consensus is directly completed in the last block of the i period to declare the legitimacy of the participating blocks in the i+1 period, thereby increasing the number of blocks. chain efficiency.
  • the present invention provides a blockchain consensus device based on POW, including: a consensus module for generating a first consensus zero-knowledge proof if it is determined that the first anonymous node satisfies a preset condition; the first consensus The zero-knowledge proof is at least used to verify the correctness of the following information: consensus verification information, first attribute value commitment and first anonymous identity information; the first attribute value commitment is the hidden information obtained at least according to the first actual attribute value; so The first anonymous identity information is obtained at least according to the first actual identity information of the first anonymous node; the preset condition is set according to the characteristics of the PoW consensus algorithm; and at least according to the first consensus zero-knowledge proof, The consensus verification information, the content of the block to be produced, the first anonymous identity information and the first attribute value commitment, generate a first block, and use the first block as a consensus block; data transmission module. for sending the first block to each second anonymous node.
  • a consensus module for generating a first consensus zero-knowledge proof if it is determined that the first anonymous no
  • the consensus module is specifically configured to: determine the first mining difficulty value of the first anonymous node according to the first actual attribute value; continuously update the mining factor within a preset number field, and The first mining difficulty value and the mining factor determine whether the first anonymous node satisfies a preset condition; the preset condition is set based on the first mining difficulty value; the mining factor satisfies The probability of the preset condition is positively correlated with the first actual attribute value.
  • the consensus module is specifically configured to: generate a first hash value according to the mining factor and the content of the block to be produced; if it is determined that the first hash value is less than the first mining difficulty value, it is determined that the first anonymous node satisfies the preset condition.
  • the consensus module is further configured to: in the process of continuously updating the mining factor in the preset number field, during the period when the generated mining factor does not make the first anonymous node meet the preset condition, if The data transmission module receives the second block of any second anonymous node among the second anonymous nodes, and then verifies the second block; if the verification is passed, the second block is used as a consensus block.
  • the first block is the block to be agreed upon between the third block and the fourth block in the i-th period of the blockchain;
  • the third block is the blockchain The first block to be consensus in the ith period of the blockchain;
  • the fourth block is the last block to be consensus in the ith period of the blockchain;
  • the first anonymous identity information is the Anonymous identity information of an anonymous node in the ith period of the blockchain;
  • the first attribute value commitment is the attribute value commitment of the first anonymous node in the ith period of the blockchain.
  • the consensus module is further configured to: generate second anonymous identity information as the first anonymous node in the i+1-th period of the blockchain. Anonymous identity information of the period; generating a second attribute value commitment as the attribute value commitment of the first anonymous node in the i+1th period of the blockchain.
  • the third block is generated by the first anonymous node, and the consensus module is further configured to: generate the third block in the following manner: according to the first consensus zero-knowledge proof, the Consensus verification information, the first anonymous identity information, and the first attribute value promise to generate a third block.
  • the fourth block is generated by the first anonymous node
  • the consensus module is further configured to: generate the fourth block in the following manner: according to the first consensus zero-knowledge proof, the Consensus verification information, the content of the block to be produced, the first anonymous identity information, the first attribute value commitment, the third anonymous identity information and the third attribute value commitment to generate the fourth block;
  • the third anonymous identity information is the anonymous identity information of the anonymous node to be added in the i+1th period of the blockchain;
  • the third attribute value commitment is at least according to the anonymous node to be added in the blockchain.
  • the hidden information obtained from the actual attribute value in the i+1th period.
  • the present invention provides a computer device, including a program or an instruction, which, when the program or instruction is executed, is used to execute the above-mentioned first aspect and each optional method of the first aspect.
  • the present invention provides a storage medium, including a program or an instruction, which, when the program or instruction is executed, is used to execute the above-mentioned first aspect and each optional method of the first aspect.
  • FIG. 1 is a schematic flowchart corresponding to a POW-based blockchain consensus method provided by an embodiment of the present invention
  • FIG. 2 is a schematic diagram of the system architecture of a POW-based blockchain consensus system provided by an embodiment of the present invention
  • FIG. 3 is a schematic diagram of a specific flow corresponding to a POW-based blockchain consensus method provided by an embodiment of the present invention
  • FIG. 4 is a schematic structural diagram of a POW-based blockchain consensus device provided by an embodiment of the present invention.
  • ZKP Zero-Knowledge Proof, zero-knowledge proof
  • zk-SNARK zero-knowledge succinct non-interactive argument of knowledge, concise non-interactive computing reliable zero-knowledge proof: is an implementation of zero-knowledge proof, which allows users to provide proofs in a non-interactive manner , and the proof can be verified in a short time. Applied to anonymous electronic currencies such as Zcash.
  • Pedersen Commitment A Cryptographic Commitment. It consists of two stages: in the commitment stage, it allows the promiser to send the message positive integer m in the form of ciphertext to a random positive integer through the promise function COMM(m,r), which can ensure that the promiser will not modify the message at the same time The message itself is hidden from others; in the open phase, the committer can disclose the message, and the receiver uses this to verify whether the message is consistent with the commitment phase.
  • Validator A node that performs transaction verification and packages the authenticated transaction into the blockchain.
  • ID (Identity, ID number): represents the identification number of the verifier.
  • PoW Proof-of-Work, Proof of Work
  • It is an economic countermeasure against abuse of services and resources, or denial of service attacks.
  • users are required to perform some complex operations that are time-consuming and appropriate, and the answers can be quickly checked by the service provider.
  • the time, equipment and energy consumed are used as guarantee costs to ensure that services and resources are used by real needs.
  • Financial institutions are closely related to the blockchain field in the process of conducting business (such as bank loan business, deposit business, etc.).
  • the consensus block is disclosed to the users of the blockchain.
  • some information is relatively sensitive information, and if it is leaked, it may cause the attacker to lock the target with high attribute value. This brings certain privacy risks to the blockchain. This situation does not meet the needs of financial institutions such as banks, and cannot guarantee the efficient operation of various businesses of financial institutions.
  • the present application provides a POW-based blockchain consensus method.
  • Step 101 If the first anonymous node determines that the first anonymous node satisfies the preset condition, a first consensus zero-knowledge proof is generated.
  • Step 102 The first anonymous node generates a value based on at least the first consensus zero-knowledge proof, the consensus verification information, the content of the block to be produced, the first anonymous identity information and the first attribute value commitment. the first block, and use the first block as a consensus block.
  • Step 103 The first anonymous node sends the first block to each second anonymous node.
  • the first consensus zero-knowledge proof is at least used to verify the correctness of the following information: consensus verification information, first attribute value commitment and first anonymous identity information; the first attribute value commitment is at least The hidden information obtained according to the first actual attribute value; the first anonymous identity information is obtained according to at least the first actual identity information of the first anonymous node; the preset condition is set according to the characteristics of the PoW consensus algorithm of.
  • a period can be introduced, and the first block is the block between the third block and the fourth block in the i-th period of the blockchain.
  • the first anonymous identity information is the anonymous identity information of the first anonymous node in the i-th period of the blockchain; the first attribute value promises to be the first anonymous node in the blockchain.
  • the anonymous identity information and attribute value commitment are bound by setting different periods, and in the first block between the first block, the third block, and the last block, the fourth block, use It is generated in a specific way, thereby further increasing the difficulty of cracking the easy-to-block node.
  • the system architecture shown in Figure 2 includes three modules: a privacy-protected attribute value commitment and value operation module, a privacy-protected attribute-based consensus module, and a privacy-protected identity and attribute value commitment replacement module.
  • the specific workflow is shown in FIG. 2 , and a period can be introduced in the method of steps 101 to 103 through the system architecture shown in FIG. 2 .
  • each period (such as the ith period, which is a certain period) only allows authenticated anonymous nodes (in this application, also called verifiers) to join the blockchain.
  • verifiers authenticated anonymous nodes
  • the time is divided into different periods, and each period (such as the ith period, which is a certain period) only allows authenticated anonymous nodes (in this application, also called verifiers) to join the blockchain.
  • verifiers authenticated anonymous nodes
  • a validator joins the blockchain, it will have anonymous identity information and attribute value commitments through privacy-preserving identity and attribute value commitment replacement modules (eg, attribute value commitments are Pedersen commitments).
  • Anonymous nodes will mutually confirm the anonymous identity information and attribute value commitments of all validators participating in this period.
  • each verifier observes the behavior of other verifiers and updates each verifier's attribute value commitment through privacy-preserving attribute value commitment and value manipulation modules.
  • the consensus module verifies and confirms the correct block and adds the consensus block to the final blockchain.
  • the verifier can choose to replace his anonymous identity information and attribute value commitment through the privacy-protected identity and attribute value commitment replacement module, after which the verifier can enter the next period to verify the blockchain and maintenance; validators can also opt out of the blockchain.
  • the third block can be generated as follows:
  • the first anonymous node generates a third block according to the first consensus zero-knowledge proof, the consensus verification information, the first anonymous identity information and the first attribute value commitment.
  • the fourth block can be generated as follows:
  • the first anonymous node is based on the first consensus zero-knowledge proof, the consensus verification information, the content of the block to be produced, the first anonymous identity information, the first attribute value commitment, and the third anonymous The identity information and the third attribute value promise to generate a fourth block; the third anonymous identity information is the anonymous identity information of the anonymous node to be added in the i+1th period of the blockchain.
  • the third attribute value commitment is hidden information obtained at least according to the actual attribute value of the anonymous node to be added in the i+1th period of the blockchain.
  • the consensus is directly completed in the last block of the i period to declare the legitimacy of the participating blocks in the i+1 period, thereby increasing the number of blocks. chain efficiency.
  • the first anonymous node generates second anonymous identity information as the anonymous identity information of the first anonymous node in the i+1th period of the blockchain; the first anonymous node generates a second attribute value commitment, As the attribute value commitment of the first anonymous node in the i+1th period of the blockchain.
  • the behavior of the verifier can be defined as a vote for transaction authentication, and the commitment value it obtains from each transaction authentication is S*V where V is the transaction amount (positive integer), and S is the reward coefficient (integer).
  • the reward coefficient is 1.
  • the authentication result is inconsistent, it is a negative number -10, which means that the verifier did not perform his responsibilities correctly or did evil to the system, so a certain score is deducted.
  • This scheme mainly focuses on privacy protection, not how to calculate the commitment value through behavior, so it does not limit the method of commitment value calculation and can be applied to protect the privacy of various commitment value schemes.
  • the validator's score in two blocks is the integer ⁇ R, and other validators can add COMM( ⁇ R,0) to Come up to get the correct commitment value commitment. Homomorphism promised by Pedersen is available Therefore, the addition of commitments can correctly add the obtained score to the unrevealed commitment value R.
  • step 101 it may be determined in the following manner (hereinafter referred to as the implementation of the mining factor) that the first anonymous node satisfies the preset condition:
  • the first anonymous node determines the first mining difficulty value of the first anonymous node according to the first actual attribute value; the first anonymous node continuously updates the mining factor within a preset number field, and according to the The first mining difficulty value and the mining factor determine whether the first anonymous node satisfies a preset condition.
  • the preset condition is set based on the first mining difficulty value; the probability that the mining factor satisfies the preset condition is positively correlated with the first actual attribute value.
  • the mining factor is nonce
  • the preset number field is [1, 10000]
  • the nonce is randomly selected in the preset number field
  • the value range of the preset number field mapped according to the preset mapping relationship is [1, 200]
  • the preset mapping The relationship can be set as a non-monotonic functional relationship to prevent the first anonymous node from taking random values.
  • the preset condition is that the value obtained by the nonce mapping is within the interval [1,2*D]. Obviously, the larger the R is and the larger the D is, the greater the probability that the mining factor satisfies the preset condition is.
  • the specific process of determining whether the first anonymous node meets the preset conditions according to the first mining difficulty value and the mining factor may be as follows:
  • the first anonymous node generates a first hash value according to the mining factor and the content of the block to be produced; if the first anonymous node determines that the first hash value is less than the first mining difficulty value, it is determined that the first anonymous node satisfies the preset condition.
  • the above-mentioned embodiments can be implemented through a privacy-preserving consensus module, which allows anonymous nodes (verifiers) to mine the difficulty in consensus and attribute values. Verifiers can prove their legitimacy through zk-SNARK without revealing their attribute values to other verifiers. Other verifiers can quickly verify the proof without knowing the verifier's attribute values.
  • the verifier determines the positive integer D of the difficulty of mining by himself through his own attribute value. For example, when its own attribute is between the positive integer Li and the positive integer Hi , the hash value of the block it mines needs to be smaller than the positive integer Di ;
  • the verifier will increase the positive integer count value N(nonce) from 0, and each time it is added, it will judge whether the hash value of the block containing N satisfies the mining difficulty D, that is, H(B
  • the first anonymous node continuously updates the mining factor within the preset number range, during the period when the generated mining factor does not make the first anonymous node meet the preset condition, if the first anonymous node After receiving the second block of any second anonymous node among the second anonymous nodes, the first anonymous node verifies the second block; if the verification is passed, the first anonymous node will The second block is used as the consensus block.
  • Z1 contains proof of the following information: 1) The ID is generated according to the correct formula. 2) The difficulty D corresponding to the attribute value R is correct. 3) H(B
  • the verifier If the verifier has not found the correct N, it will verify ⁇ 1 after receiving the block sent by other verifiers, and if it is correct, add the block to the blockchain. If it is not correct, continue to find N.
  • the present invention provides a POW-based blockchain consensus device, including: a consensus module 401 for generating a first consensus zero-knowledge proof if it is determined that the first anonymous node satisfies a preset condition; the The first consensus zero-knowledge proof is at least used to verify the correctness of the following information: consensus verification information, first attribute value commitment, and first anonymous identity information; the first attribute value commitment is a concealment obtained at least according to the first actual attribute value information; the first anonymous identity information is obtained at least according to the first actual identity information of the first anonymous node; the preset condition is set according to the characteristics of the PoW consensus algorithm; and at least according to the first consensus zero Knowledge proof, the consensus verification information, the content of the block to be produced, the first anonymous identity information and the first attribute value commitment, generate the first block, and use the first block as a consensus block ; Data transmission module 402. For sending the first block to each second anonymous node.
  • the consensus module 401 is specifically configured to: determine the first mining difficulty value of the first anonymous node according to the first actual attribute value; continuously update the mining factor within the preset number range, The first mining difficulty value and the mining factor determine whether the first anonymous node satisfies a preset condition; the preset condition is set based on the first mining difficulty value; the mining factor The probability of satisfying the preset condition is positively correlated with the first actual attribute value.
  • the consensus module 401 is specifically configured to: generate a first hash value according to the mining factor and the content of the block to be produced; if it is determined that the first hash value is smaller than the first mining value difficulty value, it is determined that the first anonymous node satisfies the preset condition.
  • the consensus module 401 is further configured to: in the process of continuously updating the mining factor in the preset number field, during the period when the generated mining factor does not make the first anonymous node meet the preset condition, If the data transmission module 402 receives the second block of any second anonymous node among the second anonymous nodes, the second block is verified; if the verification is passed, the second block is as a consensus block.
  • the first block is the block to be agreed upon between the third block and the fourth block in the i-th period of the blockchain;
  • the third block is the blockchain The first block to be consensus in the ith period of the blockchain;
  • the fourth block is the last block to be consensus in the ith period of the blockchain;
  • the first anonymous identity information is the Anonymous identity information of an anonymous node in the ith period of the blockchain;
  • the first attribute value commitment is the attribute value commitment of the first anonymous node in the ith period of the blockchain.
  • the consensus module 401 is further configured to: generate second anonymous identity information as the first anonymous node in the i+th period of the blockchain Anonymous identity information of period 1; generate a second attribute value commitment as the attribute value commitment of the first anonymous node in the i+1th period of the blockchain.
  • the third block is generated by the first anonymous node, and the consensus module 401 is further configured to: generate the third block in the following manner: according to the first consensus zero-knowledge proof, all The consensus verification information, the first anonymous identity information and the first attribute value commitment are generated to generate a third block.
  • the fourth block is generated by the first anonymous node
  • the consensus module 401 is further configured to: generate the fourth block in the following manner: according to the first consensus zero-knowledge proof, all The consensus verification information, the content of the block to be produced, the first anonymous identity information, the first attribute value commitment, the third anonymous identity information and the third attribute value commitment are used to generate the fourth block;
  • the third anonymous identity information is the anonymous identity information of the anonymous node to be added in the i+1th period of the blockchain;
  • the third attribute value commitment is at least according to the anonymous node to be added in the blockchain The hidden information obtained from the actual attribute values in the i+1th epoch.
  • an embodiment of the present invention also provides a computer device, including a program or an instruction, when the program or instruction is executed, such as the POW-based blockchain consensus method provided by the embodiment of the present invention and any Optional methods are executed.
  • embodiments of the present invention also provide a computer-readable storage medium, including programs or instructions, when the programs or instructions are executed, the POW-based blockchain consensus method provided by the embodiments of the present invention and any optional methods are executed.

Abstract

Disclosed are a POW-based blockchain consensus method and apparatus. The method comprises: if it is determined that a first anonymous node meets a preset condition, the first anonymous node generates a first consensus zero-knowledge proof; the first anonymous node generates a first block at least according to the first consensus zero-knowledge proof, consensus verification information, content of a block to be outputted, first anonymous identity information and a first attribute value commitment, and takes the first block as a consensus block; and the first anonymous node sends the first block to each second anonymous node. When the described method is applied to financial technology (Fintech), block consensus can be carried out without disclosing actual identity information, so the nodes that have higher attribute values are not vulnerable to targeted malicious attacks.

Description

一种基于POW的区块链共识方法及装置A POW-based blockchain consensus method and device
相关申请的交叉引用CROSS-REFERENCE TO RELATED APPLICATIONS
本申请要求在2020年11月06日提交中国专利局、申请号为202011231832.6、申请名称为“一种基于POW的区块链共识方法及装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application with the application number 202011231832.6 and the application name "A POW-based blockchain consensus method and device" filed with the Chinese Patent Office on November 06, 2020, the entire contents of which are by reference Incorporated in this application.
技术领域technical field
本发明涉及金融科技(Fintech)领域中的区块链(blockchain)领域,尤其涉及一种基于POW的区块链共识方法及装置。The present invention relates to the field of blockchain (blockchain) in the field of financial technology (Fintech), in particular to a method and device for consensus on a blockchain based on POW.
背景技术Background technique
随着计算机技术的发展,越来越多的技术应用在金融领域,传统金融业正在逐步向金融科技(Fintech)转变,但由于金融行业的安全性、实时性要求,也对技术提出的更高的要求。目前金融科技领域和区块链(blockchain)领域联系较为紧密。基于工作量证明(Proof-of-Work,PoW)共识算法的区块链是一种较为常见的区块链。基于PoW共识算法的区块链的共识过程中,共识区块是面向区块链的用户公开的。With the development of computer technology, more and more technologies are applied in the financial field, and the traditional financial industry is gradually transforming into financial technology (Fintech). requirements. At present, the field of financial technology and the field of blockchain are closely related. The blockchain based on the Proof-of-Work (PoW) consensus algorithm is a relatively common blockchain. In the consensus process of the blockchain based on the PoW consensus algorithm, the consensus block is disclosed to the users of the blockchain.
但一些信息是较为敏感的信息,如共识区块由哪个区块链节点出块,常表征了区块链节点的属性值,如果泄露可能导致被攻击者锁定高属性值的目标。这就给区块链带来了一定的隐私风险,这样以来,常出块的区块链节点容易受到恶意攻击,从而拖垮整个区块链的性能,这是一个亟待解决的问题。However, some information is relatively sensitive information, such as which blockchain node produced the consensus block, which often represents the attribute value of the blockchain node. If it is leaked, it may cause the attacker to lock the target with high attribute value. This brings a certain privacy risk to the blockchain. Since then, the blockchain nodes that often produce blocks are vulnerable to malicious attacks, thereby dragging down the performance of the entire blockchain. This is an urgent problem to be solved.
发明内容SUMMARY OF THE INVENTION
本发明提供一种基于POW的区块链共识方法及装置,解决了现有技术中常出块的区块链节点容易受到恶意攻击的问题。The present invention provides a blockchain consensus method and device based on POW, which solves the problem in the prior art that the blockchain nodes that often produce blocks are vulnerable to malicious attacks.
第一方面,本发明提供一种基于POW的区块链共识方法,包括:第一匿 名节点若确定所述第一匿名节点满足预设条件,则生成第一共识零知识证明;所述第一共识零知识证明至少用于验证以下信息的正确性:共识验证信息、第一属性值承诺和第一匿名身份信息;所述第一属性值承诺是至少根据第一实际属性值得到的隐匿信息;所述第一匿名身份信息是至少根据所述第一匿名节点的第一实际身份信息得到的;所述预设条件是根据PoW共识算法的特性设定的;所述第一匿名节点至少根据所述第一共识零知识证明、所述共识验证信息、待出块区块内容、所述第一匿名身份信息和所述第一属性值承诺,生成第一区块,并将所述第一区块作为共识区块;所述第一匿名节点将所述第一区块发送至各第二匿名节点。In a first aspect, the present invention provides a blockchain consensus method based on POW, including: if a first anonymous node determines that the first anonymous node satisfies a preset condition, generating a first consensus zero-knowledge proof; the first The consensus zero-knowledge proof is at least used to verify the correctness of the following information: consensus verification information, first attribute value commitment and first anonymous identity information; the first attribute value commitment is the hidden information obtained at least according to the first actual attribute value; The first anonymous identity information is obtained at least according to the first actual identity information of the first anonymous node; the preset condition is set according to the characteristics of the PoW consensus algorithm; the first anonymous node is at least based on the The first consensus zero-knowledge proof, the consensus verification information, the content of the block to be produced, the first anonymous identity information, and the first attribute value commitment, generate the first block, and assign the first block to the first block. The block is used as a consensus block; the first anonymous node sends the first block to each second anonymous node.
上述方式下,由于所述第一区块是至少根据所述第一共识零知识证明、所述共识验证信息、待出块区块内容、所述第一匿名身份信息和所述第一属性值承诺生成的,通过第一共识零知识证明可以在不泄露实际身份信息和实际属性值的基础上,对所述第一区块进行验证,从而可以在不泄露实际身份信息情况下进行区块共识,那么较高属性值的节点不容易受到针对性的恶意攻击。In the above manner, since the first block is based on at least the first consensus zero-knowledge proof, the consensus verification information, the content of the block to be produced, the first anonymous identity information and the first attribute value Promise generated, through the first consensus zero-knowledge proof, the first block can be verified without revealing the actual identity information and the actual attribute value, so that the block consensus can be performed without revealing the actual identity information , then nodes with higher attribute values are not vulnerable to targeted malicious attacks.
可选的,所述第一匿名节点按照以下方式确定所述第一匿名节点满足预设条件:所述第一匿名节点根据所述第一实际属性值确定所述第一匿名节点的第一挖矿难度值;所述第一匿名节点在预设数域内持续更新挖矿因子,并根据所述第一挖矿难度值和所述挖矿因子确定所述第一匿名节点是否满足预设条件;所述预设条件是基于所述第一挖矿难度值设定的;所述挖矿因子满足所述预设条件的概率和所述第一实际属性值呈正相关。Optionally, the first anonymous node determines that the first anonymous node satisfies a preset condition in the following manner: the first anonymous node determines the first mining value of the first anonymous node according to the first actual attribute value. Mining difficulty value; the first anonymous node continuously updates the mining factor within a preset number field, and determines whether the first anonymous node satisfies the preset condition according to the first mining difficulty value and the mining factor; The preset condition is set based on the first mining difficulty value; the probability that the mining factor satisfies the preset condition is positively correlated with the first actual attribute value.
上述方法中,上述方法中,从而在遵循POW共识算法基础上设置所述预设条件,自适应地在区块链中选择出块的节点,提升了选择出块节点的效率。In the above method, in the above method, the preset conditions are set on the basis of following the POW consensus algorithm, and the node that produces the block is adaptively selected in the blockchain, which improves the efficiency of selecting the node that produces the block.
可选的,所述根据所述第一挖矿难度值和所述挖矿因子确定所述第一匿名节点是否满足预设条件,包括:所述第一匿名节点根据所述挖矿因子和所述待出块区块内容,生成第一哈希值;若所述第一匿名节点确定所述第一哈希值小于第一挖矿难度值,则确定所述第一匿名节点满足预设条件。Optionally, the determining whether the first anonymous node satisfies a preset condition according to the first mining difficulty value and the mining factor includes: the first anonymous node according to the mining factor and the mining factor. Describe the content of the block to be produced, and generate a first hash value; if the first anonymous node determines that the first hash value is less than the first mining difficulty value, then determine that the first anonymous node satisfies the preset condition .
上述方法中,通过在每个区块中设置第一挖矿难度值,且通过第一挖矿难度值自适应地选择出共识区块,提升了选择出块节点的效率。In the above method, by setting a first mining difficulty value in each block, and adaptively selecting a consensus block based on the first mining difficulty value, the efficiency of selecting a block producing node is improved.
可选的,所述第一匿名节点在预设数域内持续更新挖矿因子的过程中,在生成的挖矿因子未使得所述第一匿名节点满足所述预设条件的期间,若所述第一匿名节点收到了所述各第二匿名节点中任一第二匿名节点的第二区块,则所述第一匿名节点验证所述第二区块;若验证通过,则所述第一匿名节点将所述第二区块作为共识区块。Optionally, in the process that the first anonymous node continuously updates the mining factor within the preset number range, during the period when the generated mining factor does not make the first anonymous node meet the preset condition, if the The first anonymous node receives the second block of any second anonymous node among the second anonymous nodes, and the first anonymous node verifies the second block; if the verification passes, the first anonymous node verifies the second block. The anonymous node regards the second block as a consensus block.
上述方法中,在生成的挖矿因子未使得所述第一匿名节点满足所述预设条件的期间,通过所述第二区块的验证,确定其是否为共识区块,从而可以独立地一直更新挖矿因子,如果有通过验证的第二区块则不必生成第一区块,从而提升了共识区块的共识效率。In the above method, during the period when the generated mining factor does not make the first anonymous node meet the preset conditions, it is determined whether it is a consensus block through the verification of the second block, so that it can be independently maintained. Update the mining factor. If there is a second block that passes the verification, it is not necessary to generate the first block, thus improving the consensus efficiency of the consensus block.
可选的,所述第一区块为所述区块链的第i时期中第三区块与第四区块之间的待共识区块;所述第三区块为所述区块链的第i时期中的第一个待共识区块;所述第四区块为所述区块链的第i时期中的最后一个待共识区块;所述第一匿名身份信息为所述第一匿名节点在所述区块链的第i时期的匿名身份信息;所述第一属性值承诺为所述第一匿名节点在所述区块链的第i时期的属性值承诺。Optionally, the first block is the block to be agreed upon between the third block and the fourth block in the i-th period of the blockchain; the third block is the blockchain The first block to be consensus in the ith period of the blockchain; the fourth block is the last block to be consensus in the ith period of the blockchain; the first anonymous identity information is the Anonymous identity information of an anonymous node in the ith period of the blockchain; the first attribute value commitment is the attribute value commitment of the first anonymous node in the ith period of the blockchain.
上述方式下,通过设置不同时期来绑定匿名身份信息和属性值承诺,而且在第一个区块和第三区块与第四区块之间采用特定的方式生成,从而进一步地增加易出块节点的破解的难度。In the above method, the anonymous identity information and attribute value commitments are bound by setting different periods, and are generated in a specific way between the first block, the third block and the fourth block, thereby further increasing the easy access. The difficulty of cracking the block node.
可选的,在所述区块链的第i时期结束后,还包括:所述第一匿名节点生成第二匿名身份信息,作为所述第一匿名节点在所述区块链的第i+1时期的匿名身份信息;所述第一匿名节点生成第二属性值承诺,作为所述第一匿名节点在所述区块链的第i+1时期的属性值承诺。Optionally, after the end of the i-th period of the blockchain, the method further includes: the first anonymous node generates second anonymous identity information as the first anonymous node in the i+th period of the blockchain. Anonymous identity information of period 1; the first anonymous node generates a second attribute value commitment as the attribute value commitment of the first anonymous node in the i+1th period of the blockchain.
上述方式下,在所述区块链的第i时期结束后,生成第i+1时期的新的匿名身份信息和属性值承诺,从而进一步地增加易出块节点的破解的难度。In the above manner, after the i-th period of the blockchain is over, new anonymous identity information and attribute value commitments in the i+1-th period are generated, thereby further increasing the difficulty of cracking the easy-to-block node.
可选的,所述第三区块是由所述第一匿名节点生成的,所述第一匿名节 点按照以下方式生成第三区块:所述第一匿名节点根据所述第一共识零知识证明、所述共识验证信息、所述第一匿名身份信息和所述第一属性值承诺,生成第三区块。Optionally, the third block is generated by the first anonymous node, and the first anonymous node generates the third block in the following manner: the first anonymous node according to the first consensus zero-knowledge Proof, the consensus verification information, the first anonymous identity information, and the first attribute value commitment to generate a third block.
上述方式下,第一个区块中,只填入所述第一共识零知识证明等必要的身份验证信息,从而节约了第三区块的空间。In the above manner, in the first block, only the necessary identity verification information such as the first consensus zero-knowledge proof is filled, thereby saving the space of the third block.
可选的,所述第四区块是由所述第一匿名节点生成的,所述第一匿名节点按照以下方式生成第四区块:所述第一匿名节点根据所述第一共识零知识证明、所述共识验证信息、所述待出块区块内容、所述第一匿名身份信息、所述第一属性值承诺、第三匿名身份信息和第三属性值承诺,生成第四区块;所述第三匿名身份信息为在所述区块链的第i+1时期中待加入匿名节点的匿名身份信息;所述第三属性值承诺是至少根据所述待加入匿名节点在所述区块链的第i+1时期中的实际属性值得到的隐匿信息。Optionally, the fourth block is generated by the first anonymous node, and the first anonymous node generates the fourth block in the following manner: the first anonymous node according to the first consensus zero-knowledge Proof, the consensus verification information, the content of the block to be produced, the first anonymous identity information, the first attribute value commitment, the third anonymous identity information and the third attribute value commitment to generate the fourth block ; the third anonymous identity information is the anonymous identity information of the anonymous node to be added in the i+1th period of the blockchain; the third attribute value commitment is at least according to the anonymous node to be added in the The hidden information obtained from the actual attribute value in the i+1th epoch of the blockchain.
上述方式下,对于第i+1时期中待加入匿名节点,直接在第i时期的最后一个区块中完成共识,以声明第i+1时期中参与区块的合法性,从而增加了区块链的工作效率。In the above method, for the anonymous nodes to be added in the i+1 period, the consensus is directly completed in the last block of the i period to declare the legitimacy of the participating blocks in the i+1 period, thereby increasing the number of blocks. chain efficiency.
第二方面,本发明提供一种基于POW的区块链共识装置,包括:共识模块,用于若确定第一匿名节点满足预设条件,则生成第一共识零知识证明;所述第一共识零知识证明至少用于验证以下信息的正确性:共识验证信息、第一属性值承诺和第一匿名身份信息;所述第一属性值承诺是至少根据第一实际属性值得到的隐匿信息;所述第一匿名身份信息是至少根据第一匿名节点的第一实际身份信息得到的;所述预设条件是根据PoW共识算法的特性设定的;以及至少根据所述第一共识零知识证明、所述共识验证信息、待出块区块内容、所述第一匿名身份信息和所述第一属性值承诺,生成第一区块,并将所述第一区块作为共识区块;数据传输模块。用于将所述第一区块发送至各第二匿名节点。In a second aspect, the present invention provides a blockchain consensus device based on POW, including: a consensus module for generating a first consensus zero-knowledge proof if it is determined that the first anonymous node satisfies a preset condition; the first consensus The zero-knowledge proof is at least used to verify the correctness of the following information: consensus verification information, first attribute value commitment and first anonymous identity information; the first attribute value commitment is the hidden information obtained at least according to the first actual attribute value; so The first anonymous identity information is obtained at least according to the first actual identity information of the first anonymous node; the preset condition is set according to the characteristics of the PoW consensus algorithm; and at least according to the first consensus zero-knowledge proof, The consensus verification information, the content of the block to be produced, the first anonymous identity information and the first attribute value commitment, generate a first block, and use the first block as a consensus block; data transmission module. for sending the first block to each second anonymous node.
可选的,所述共识模块具体用于:根据所述第一实际属性值确定所述第一匿名节点的第一挖矿难度值;在预设数域内持续更新挖矿因子,并根据所 述第一挖矿难度值和所述挖矿因子确定所述第一匿名节点是否满足预设条件;所述预设条件是基于所述第一挖矿难度值设定的;所述挖矿因子满足所述预设条件的概率和所述第一实际属性值呈正相关。Optionally, the consensus module is specifically configured to: determine the first mining difficulty value of the first anonymous node according to the first actual attribute value; continuously update the mining factor within a preset number field, and The first mining difficulty value and the mining factor determine whether the first anonymous node satisfies a preset condition; the preset condition is set based on the first mining difficulty value; the mining factor satisfies The probability of the preset condition is positively correlated with the first actual attribute value.
可选的,所述共识模块具体用于:根据所述挖矿因子和所述待出块区块内容,生成第一哈希值;若确定所述第一哈希值小于第一挖矿难度值,则确定所述第一匿名节点满足预设条件。Optionally, the consensus module is specifically configured to: generate a first hash value according to the mining factor and the content of the block to be produced; if it is determined that the first hash value is less than the first mining difficulty value, it is determined that the first anonymous node satisfies the preset condition.
可选的,所述共识模块还用于:在预设数域内持续更新挖矿因子的过程中,在生成的挖矿因子未使得所述第一匿名节点满足所述预设条件的期间,若所述数据传输模块收到了所述各第二匿名节点中任一第二匿名节点的第二区块,则验证所述第二区块;若验证通过,则将所述第二区块作为共识区块。Optionally, the consensus module is further configured to: in the process of continuously updating the mining factor in the preset number field, during the period when the generated mining factor does not make the first anonymous node meet the preset condition, if The data transmission module receives the second block of any second anonymous node among the second anonymous nodes, and then verifies the second block; if the verification is passed, the second block is used as a consensus block.
可选的,所述第一区块为所述区块链的第i时期中第三区块与第四区块之间的待共识区块;所述第三区块为所述区块链的第i时期中的第一个待共识区块;所述第四区块为所述区块链的第i时期中的最后一个待共识区块;所述第一匿名身份信息为所述第一匿名节点在所述区块链的第i时期的匿名身份信息;所述第一属性值承诺为所述第一匿名节点在所述区块链的第i时期的属性值承诺。Optionally, the first block is the block to be agreed upon between the third block and the fourth block in the i-th period of the blockchain; the third block is the blockchain The first block to be consensus in the ith period of the blockchain; the fourth block is the last block to be consensus in the ith period of the blockchain; the first anonymous identity information is the Anonymous identity information of an anonymous node in the ith period of the blockchain; the first attribute value commitment is the attribute value commitment of the first anonymous node in the ith period of the blockchain.
可选的,在所述区块链的第i时期结束后,所述共识模块还用于:生成第二匿名身份信息,作为所述第一匿名节点在所述区块链的第i+1时期的匿名身份信息;生成第二属性值承诺,作为所述第一匿名节点在所述区块链的第i+1时期的属性值承诺。Optionally, after the i-th period of the blockchain ends, the consensus module is further configured to: generate second anonymous identity information as the first anonymous node in the i+1-th period of the blockchain. Anonymous identity information of the period; generating a second attribute value commitment as the attribute value commitment of the first anonymous node in the i+1th period of the blockchain.
可选的,所述第三区块是由所述第一匿名节点生成的,所述共识模块还用于:按照以下方式生成第三区块:根据所述第一共识零知识证明、所述共识验证信息、所述第一匿名身份信息和所述第一属性值承诺,生成第三区块。Optionally, the third block is generated by the first anonymous node, and the consensus module is further configured to: generate the third block in the following manner: according to the first consensus zero-knowledge proof, the Consensus verification information, the first anonymous identity information, and the first attribute value promise to generate a third block.
可选的,所述第四区块是由所述第一匿名节点生成的,所述共识模块还用于:按照以下方式生成第四区块:根据所述第一共识零知识证明、所述共识验证信息、所述待出块区块内容、所述第一匿名身份信息、所述第一属性值承诺、第三匿名身份信息和第三属性值承诺,生成第四区块;所述第三匿 名身份信息为在所述区块链的第i+1时期中待加入匿名节点的匿名身份信息;所述第三属性值承诺是至少根据所述待加入匿名节点在所述区块链的第i+1时期中的实际属性值得到的隐匿信息。Optionally, the fourth block is generated by the first anonymous node, and the consensus module is further configured to: generate the fourth block in the following manner: according to the first consensus zero-knowledge proof, the Consensus verification information, the content of the block to be produced, the first anonymous identity information, the first attribute value commitment, the third anonymous identity information and the third attribute value commitment to generate the fourth block; The third anonymous identity information is the anonymous identity information of the anonymous node to be added in the i+1th period of the blockchain; the third attribute value commitment is at least according to the anonymous node to be added in the blockchain. The hidden information obtained from the actual attribute value in the i+1th period.
上述第二方面及第二方面各个可选装置的有益效果,可以参考上述第一方面及第一方面各个可选方法的有益效果,这里不再赘述。For the beneficial effects of the foregoing second aspect and each optional device in the second aspect, reference may be made to the foregoing first aspect and the beneficial effects of each optional method in the first aspect, which will not be repeated here.
第三方面,本发明提供一种计算机设备,包括程序或指令,当所述程序或指令被执行时,用以执行上述第一方面及第一方面各个可选的方法。In a third aspect, the present invention provides a computer device, including a program or an instruction, which, when the program or instruction is executed, is used to execute the above-mentioned first aspect and each optional method of the first aspect.
第四方面,本发明提供一种存储介质,包括程序或指令,当所述程序或指令被执行时,用以执行上述第一方面及第一方面各个可选的方法。In a fourth aspect, the present invention provides a storage medium, including a program or an instruction, which, when the program or instruction is executed, is used to execute the above-mentioned first aspect and each optional method of the first aspect.
本发明的这些方面或其他方面在以下实施例的描述中会更加简明易懂。These and other aspects of the invention will be more clearly understood from the description of the following embodiments.
附图说明Description of drawings
为了更清楚地说明本发明实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简要介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域的普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to illustrate the technical solutions in the embodiments of the present invention more clearly, the following briefly introduces the accompanying drawings used in the description of the embodiments. Obviously, the drawings in the following description are only some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained from these drawings without any creative effort.
图1为本发明实施例提供的一种基于POW的区块链共识方法对应的流程示意图;FIG. 1 is a schematic flowchart corresponding to a POW-based blockchain consensus method provided by an embodiment of the present invention;
图2为本发明实施例提供的一种基于POW的区块链共识系统的系统架构示意图;2 is a schematic diagram of the system architecture of a POW-based blockchain consensus system provided by an embodiment of the present invention;
图3为本发明实施例提供的一种基于POW的区块链共识方法对应的具体流程示意图;FIG. 3 is a schematic diagram of a specific flow corresponding to a POW-based blockchain consensus method provided by an embodiment of the present invention;
图4为本发明实施例提供的一种基于POW的区块链共识装置的结构示意图。FIG. 4 is a schematic structural diagram of a POW-based blockchain consensus device provided by an embodiment of the present invention.
具体实施方式Detailed ways
为了使本发明的目的、技术方案和优点更加清楚,下面将结合附图对本 发明作进一步地详细描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其它实施例,都属于本发明保护的范围。In order to make the objectives, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail below with reference to the accompanying drawings. Obviously, the described embodiments are only a part of the embodiments of the present invention, rather than all the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.
下面首先给出本申请中出现的名词及释义。First, the terms and definitions appearing in this application are given below.
ZKP(Zero-Knowledge Proof,零知识证明):证明者能够在不向验证者提供任何有用的信息的情况下,使验证者相信某个论断是正确的。ZKP (Zero-Knowledge Proof, zero-knowledge proof): The prover can convince the verifier that an assertion is correct without providing any useful information to the verifier.
zk-SNARK(zero-knowledge succinct non-interactive argument of knowledge,简洁化的非交互式计算可靠的零知识证明):是零知识证明的一种实现方式,它允许用户以非交互式的方式提供证明,且该证明可以用很短的时间验证。应用于Zcash等匿名电子货币。zk-SNARK (zero-knowledge succinct non-interactive argument of knowledge, concise non-interactive computing reliable zero-knowledge proof): is an implementation of zero-knowledge proof, which allows users to provide proofs in a non-interactive manner , and the proof can be verified in a short time. Applied to anonymous electronic currencies such as Zcash.
(佩德森)Pedersen承诺:一种密码学承诺。包含两个阶段:在承诺阶段,它允许承诺方通过承诺函数COMM(m,r)将消息正整数m通过密文的形式发送r为随机正整数,它可以保证承诺方不会修改消息的同时对他人隐藏消息本身;在打开阶段,承诺方可以公开消息,接收端以此来验证消息是否和承诺阶段一致。Pedersen承诺满足隐藏性(Hiding),绑定性(Binding)和同态性(homomorphic)。我们主要会利用其中的同态性即COMM(a,b)+COMM(c,d)=COMM(a+c,b+d)。(Pedersen) Pedersen Commitment: A Cryptographic Commitment. It consists of two stages: in the commitment stage, it allows the promiser to send the message positive integer m in the form of ciphertext to a random positive integer through the promise function COMM(m,r), which can ensure that the promiser will not modify the message at the same time The message itself is hidden from others; in the open phase, the committer can disclose the message, and the receiver uses this to verify whether the message is consistent with the commitment phase. Pedersen promises to satisfy Hiding, Binding and homomorphic. We will mainly use the homomorphism among them, namely COMM(a,b)+COMM(c,d)=COMM(a+c,b+d).
客户:使用区块链进行记账的用户。Customers: Users who use the blockchain for bookkeeping.
验证者:进行交易验证,将认证后的交易打包进区块链的节点。Validator: A node that performs transaction verification and packages the authenticated transaction into the blockchain.
ID(Identity,身份证标识号):代表验证者的标识号。ID (Identity, ID number): represents the identification number of the verifier.
PoW(Proof-of-Work,工作量证明):是一种对应服务与资源滥用、或是拒绝服务攻击的经济对策。一般是要求用户进行一些耗时适当的复杂运算,并且答案能被服务方快速验算,以此耗用的时间、设备与能源做为担保成本,以确保服务与资源是被真正的需求所使用。常用于区块链中的公有链。PoW (Proof-of-Work, Proof of Work): It is an economic countermeasure against abuse of services and resources, or denial of service attacks. Generally, users are required to perform some complex operations that are time-consuming and appropriate, and the answers can be quickly checked by the service provider. The time, equipment and energy consumed are used as guarantee costs to ensure that services and resources are used by real needs. Commonly used in public chains in blockchains.
在金融机构(银行机构、保险机构或证券机构)在进行业务(如银行的贷款业务、存款业务等)运转过程中,和区块链(blockchain)领域联系较为 紧密。在PoW共识算法的区块链中,共识区块是面向区块链的用户公开的。但一些信息是较为敏感的信息,如果泄露可能导致被攻击者锁定高属性值的目标。这就给区块链带来了一定的隐私风险,这种情况不符合银行等金融机构的需求,无法保证金融机构各项业务的高效运转。为此,如图1所示,本申请提供一种基于POW的区块链共识方法。Financial institutions (banking institutions, insurance institutions or securities institutions) are closely related to the blockchain field in the process of conducting business (such as bank loan business, deposit business, etc.). In the blockchain of the PoW consensus algorithm, the consensus block is disclosed to the users of the blockchain. However, some information is relatively sensitive information, and if it is leaked, it may cause the attacker to lock the target with high attribute value. This brings certain privacy risks to the blockchain. This situation does not meet the needs of financial institutions such as banks, and cannot guarantee the efficient operation of various businesses of financial institutions. To this end, as shown in Figure 1, the present application provides a POW-based blockchain consensus method.
步骤101:第一匿名节点若确定所述第一匿名节点满足预设条件,则生成第一共识零知识证明。Step 101: If the first anonymous node determines that the first anonymous node satisfies the preset condition, a first consensus zero-knowledge proof is generated.
步骤102:所述第一匿名节点至少根据所述第一共识零知识证明、所述共识验证信息、待出块区块内容、所述第一匿名身份信息和所述第一属性值承诺,生成第一区块,并将所述第一区块作为共识区块。Step 102 : The first anonymous node generates a value based on at least the first consensus zero-knowledge proof, the consensus verification information, the content of the block to be produced, the first anonymous identity information and the first attribute value commitment. the first block, and use the first block as a consensus block.
步骤103:所述第一匿名节点将所述第一区块发送至各第二匿名节点。Step 103: The first anonymous node sends the first block to each second anonymous node.
步骤101~步骤103中,所述第一共识零知识证明至少用于验证以下信息的正确性:共识验证信息、第一属性值承诺和第一匿名身份信息;所述第一属性值承诺是至少根据第一实际属性值得到的隐匿信息;所述第一匿名身份信息是至少根据所述第一匿名节点的第一实际身份信息得到的;所述预设条件是根据PoW共识算法的特性设定的。In steps 101 to 103, the first consensus zero-knowledge proof is at least used to verify the correctness of the following information: consensus verification information, first attribute value commitment and first anonymous identity information; the first attribute value commitment is at least The hidden information obtained according to the first actual attribute value; the first anonymous identity information is obtained according to at least the first actual identity information of the first anonymous node; the preset condition is set according to the characteristics of the PoW consensus algorithm of.
一种可选实施方式(以下称为时期的实施方式)中,可以引入时期,所述第一区块为所述区块链的第i时期中第三区块与第四区块之间的待共识区块;所述第三区块为所述区块链的第i时期中的第一个待共识区块;所述第四区块为所述区块链的第i时期中的最后一个待共识区块。In an optional implementation (hereinafter referred to as the implementation of the period), a period can be introduced, and the first block is the block between the third block and the fourth block in the i-th period of the blockchain. The block to be consensus; the third block is the first block to be consensus in the i-th period of the blockchain; the fourth block is the last block in the i-th period of the blockchain A block to be agreed upon.
所述第一匿名身份信息为所述第一匿名节点在所述区块链的第i时期的匿名身份信息;所述第一属性值承诺为所述第一匿名节点在所述区块链的第i时期的属性值承诺。The first anonymous identity information is the anonymous identity information of the first anonymous node in the i-th period of the blockchain; the first attribute value promises to be the first anonymous node in the blockchain. The attribute value promise for the ith period.
上述方式下,通过设置不同时期来绑定匿名身份信息和属性值承诺,而且在第一个区块即第三区块与最后一个区块即第四区块之间的第一区块,采用特定的方式生成,从而进一步地增加易出块节点的破解的难度。In the above method, the anonymous identity information and attribute value commitment are bound by setting different periods, and in the first block between the first block, the third block, and the last block, the fourth block, use It is generated in a specific way, thereby further increasing the difficulty of cracking the easy-to-block node.
需要说明的是,图1示出的方法引入时期后,可以通过图2示出的系统 架构具体实现。图2示出的系统架构包含三个模块:隐私保护的属性值承诺和数值操作模块,隐私保护的基于属性的共识模块,隐私保护的身份和属性值承诺更换模块。具体工作流程如图2所示,通过图2示出的系统架构可以在步骤101~步骤103的方法中引入时期。It should be noted that, after the method shown in Fig. 1 is introduced into the period, it can be specifically implemented through the system architecture shown in Fig. 2 . The system architecture shown in Figure 2 includes three modules: a privacy-protected attribute value commitment and value operation module, a privacy-protected attribute-based consensus module, and a privacy-protected identity and attribute value commitment replacement module. The specific workflow is shown in FIG. 2 , and a period can be introduced in the method of steps 101 to 103 through the system architecture shown in FIG. 2 .
具体来说,将时间分为不同的时期,每个时期(如第i时期,是某一个时期)仅允许经过认证的匿名节点(本申请中,也可以称为验证者)加入区块链。在每个时期开始前,当验证者加入区块链后,它将会通过隐私保护的身份和属性值承诺更换模块拥有匿名身份信息和属性值承诺(如属性值承诺为Pedersen承诺)。Specifically, the time is divided into different periods, and each period (such as the ith period, which is a certain period) only allows authenticated anonymous nodes (in this application, also called verifiers) to join the blockchain. Before the start of each epoch, when a validator joins the blockchain, it will have anonymous identity information and attribute value commitments through privacy-preserving identity and attribute value commitment replacement modules (eg, attribute value commitments are Pedersen commitments).
匿名节点(验证者)之间会互相确认在这个时期参与的所有验证者的匿名身份信息和属性值承诺。在时期开始后,每个验证者都会观察其他验证者的行为并通过隐私保护的属性值承诺和数值操作模块来对每一个验证者进行属性值承诺的更新。Anonymous nodes (validators) will mutually confirm the anonymous identity information and attribute value commitments of all validators participating in this period. After the epoch starts, each verifier observes the behavior of other verifiers and updates each verifier's attribute value commitment through privacy-preserving attribute value commitment and value manipulation modules.
每经过一段时间(如每次新增的共识区块后),验证者若为领导节点,便将交易和所有验证者更新的属性值承诺打包进入区块中并发布,所有验证者通过隐私保护的共识模块来验证并确认正确的区块并将达成共识的区块加入最终的区块链中。After a period of time (for example, after each new consensus block is added), if the verifier is the leader node, the transaction and the attribute value commitments updated by all verifiers will be packaged into the block and released, and all verifiers will pass the privacy protection. The consensus module verifies and confirms the correct block and adds the consensus block to the final blockchain.
当到了该时期的结束时,验证者可以选择通过隐私保护的身份和属性值承诺更换模块来更换自己的匿名身份信息和属性值承诺,此后验证者可以进入到下一个时期进行区块链的验证和维护;验证者也可以选择退出区块链。When the period ends, the verifier can choose to replace his anonymous identity information and attribute value commitment through the privacy-protected identity and attribute value commitment replacement module, after which the verifier can enter the next period to verify the blockchain and maintenance; validators can also opt out of the blockchain.
基于时期的实施方式,第三区块可以按照以下方式生成:Based on the epoch implementation, the third block can be generated as follows:
所述第一匿名节点根据所述第一共识零知识证明、所述共识验证信息、所述第一匿名身份信息和所述第一属性值承诺,生成第三区块。The first anonymous node generates a third block according to the first consensus zero-knowledge proof, the consensus verification information, the first anonymous identity information and the first attribute value commitment.
上述方式下,第一个区块中,只填入所述第一共识零知识证明等必要的身份验证信息,从而节约了第三区块的空间。In the above manner, in the first block, only the necessary identity verification information such as the first consensus zero-knowledge proof is filled, thereby saving the space of the third block.
基于时期的实施方式,第四区块可以按照以下方式生成:Based on the epoch implementation, the fourth block can be generated as follows:
所述第一匿名节点根据所述第一共识零知识证明、所述共识验证信息、 所述待出块区块内容、所述第一匿名身份信息、所述第一属性值承诺、第三匿名身份信息和第三属性值承诺,生成第四区块;所述第三匿名身份信息为在所述区块链的第i+1时期中待加入匿名节点的匿名身份信息。The first anonymous node is based on the first consensus zero-knowledge proof, the consensus verification information, the content of the block to be produced, the first anonymous identity information, the first attribute value commitment, and the third anonymous The identity information and the third attribute value promise to generate a fourth block; the third anonymous identity information is the anonymous identity information of the anonymous node to be added in the i+1th period of the blockchain.
所述第三属性值承诺是至少根据所述待加入匿名节点在所述区块链的第i+1时期中的实际属性值得到的隐匿信息。The third attribute value commitment is hidden information obtained at least according to the actual attribute value of the anonymous node to be added in the i+1th period of the blockchain.
上述方式下,对于第i+1时期中待加入匿名节点,直接在第i时期的最后一个区块中完成共识,以声明第i+1时期中参与区块的合法性,从而增加了区块链的工作效率。In the above method, for the anonymous nodes to be added in the i+1 period, the consensus is directly completed in the last block of the i period to declare the legitimacy of the participating blocks in the i+1 period, thereby increasing the number of blocks. chain efficiency.
基于时期的实施方式,还可以执行如下步骤:Based on the implementation of the period, the following steps can also be performed:
所述第一匿名节点生成第二匿名身份信息,作为所述第一匿名节点在所述区块链的第i+1时期的匿名身份信息;所述第一匿名节点生成第二属性值承诺,作为所述第一匿名节点在所述区块链的第i+1时期的属性值承诺。The first anonymous node generates second anonymous identity information as the anonymous identity information of the first anonymous node in the i+1th period of the blockchain; the first anonymous node generates a second attribute value commitment, As the attribute value commitment of the first anonymous node in the i+1th period of the blockchain.
具体来说,在匿名节点(验证者)工作过程中,它会观察验证者的行为并依此为其他验证者打分,其他验证者亦会对该验证者的行为进行监督并进行打分。在基于承诺的BFT共识中,验证者的行为可以定义为对于交易认证的投票,它从每一笔交易认证中获得的承诺值为S*V其中V是交易金额(正整数),S是奖励系数(整数)。Specifically, in the working process of the anonymous node (validator), it will observe the behavior of the validator and score other validators accordingly, and other validators will also supervise and score the behavior of the validator. In the commitment-based BFT consensus, the behavior of the verifier can be defined as a vote for transaction authentication, and the commitment value it obtains from each transaction authentication is S*V where V is the transaction amount (positive integer), and S is the reward coefficient (integer).
当验证者和最终区块上的该笔交易认证结果交易一致则奖励系数为1。而当认证结果不一致则为负数-10,意味着验证者没有正确履行自己的责任或对系统作恶,因此扣除一定分数。本方案主要着重在隐私保护,并不是在如何通过行为进行承诺值计算,因此不会限定承诺值计算的方法且可以适用于保护各种不同的承诺值方案的隐私。When the verifier and the transaction verification result on the final block are consistent, the reward coefficient is 1. When the authentication result is inconsistent, it is a negative number -10, which means that the verifier did not perform his responsibilities correctly or did evil to the system, so a certain score is deducted. This scheme mainly focuses on privacy protection, not how to calculate the commitment value through behavior, so it does not limit the method of commitment value calculation and can be applied to protect the privacy of various commitment value schemes.
举例来说,在两个区块中该验证者获得的分数为整数ΔR,其他验证者可以通过将COMM(ΔR,0)加到
Figure PCTCN2021126991-appb-000001
上来得到正确的承诺值承诺。由Pedersen承诺的同态性可得
Figure PCTCN2021126991-appb-000002
Figure PCTCN2021126991-appb-000003
因此对承诺的加法操作可以将获得的分数正确的加到未被揭示的承诺值R上。 For example, the validator's score in two blocks is the integer ΔR, and other validators can add COMM(ΔR,0) to
Figure PCTCN2021126991-appb-000001
Come up to get the correct commitment value commitment. Homomorphism promised by Pedersen is available
Figure PCTCN2021126991-appb-000002
Figure PCTCN2021126991-appb-000003
Therefore, the addition of commitments can correctly add the obtained score to the unrevealed commitment value R.
一种可选实施方式下,步骤101中可以按照以下方式(下面称为挖矿因子的实施方式)确定所述第一匿名节点满足预设条件:In an optional implementation manner, in step 101, it may be determined in the following manner (hereinafter referred to as the implementation of the mining factor) that the first anonymous node satisfies the preset condition:
所述第一匿名节点根据所述第一实际属性值确定所述第一匿名节点的第一挖矿难度值;所述第一匿名节点在预设数域内持续更新挖矿因子,并根据所述第一挖矿难度值和所述挖矿因子确定所述第一匿名节点是否满足预设条件。The first anonymous node determines the first mining difficulty value of the first anonymous node according to the first actual attribute value; the first anonymous node continuously updates the mining factor within a preset number field, and according to the The first mining difficulty value and the mining factor determine whether the first anonymous node satisfies a preset condition.
所述预设条件是基于所述第一挖矿难度值设定的;所述挖矿因子满足所述预设条件的概率和所述第一实际属性值呈正相关。The preset condition is set based on the first mining difficulty value; the probability that the mining factor satisfies the preset condition is positively correlated with the first actual attribute value.
举例来说,根据所述第一实际属性值R确定所述第一匿名节点的第一挖矿难度值D的关系为R=10*R-1,第一实际属性值R为10,那么第一挖矿难度值D便为99。挖矿因子为nonce,预设数域为[1,10000],nonce在预设数域内随机取值,预设数域按照预设映射关系映射的值域为[1,200],预设映射关系可以设置为非单调的函数关系,以免第一匿名节点随机取值。预设条件为,nonce映射得到的数值在区间[1,2*D]内,显然,R越大,D越大,所述挖矿因子满足所述预设条件的概率就越大。For example, according to the first actual attribute value R, the relationship between the first mining difficulty value D of the first anonymous node is determined as R=10*R-1, and the first actual attribute value R is 10, then the first A mining difficulty value D is 99. The mining factor is nonce, the preset number field is [1, 10000], the nonce is randomly selected in the preset number field, and the value range of the preset number field mapped according to the preset mapping relationship is [1, 200], the preset mapping The relationship can be set as a non-monotonic functional relationship to prevent the first anonymous node from taking random values. The preset condition is that the value obtained by the nonce mapping is within the interval [1,2*D]. Obviously, the larger the R is and the larger the D is, the greater the probability that the mining factor satisfies the preset condition is.
挖矿因子的实施方式中,具体来说,根据所述第一挖矿难度值和所述挖矿因子确定所述第一匿名节点是否满足预设条件的具体过程可以如下:In the implementation of the mining factor, specifically, the specific process of determining whether the first anonymous node meets the preset conditions according to the first mining difficulty value and the mining factor may be as follows:
所述第一匿名节点根据所述挖矿因子和所述待出块区块内容,生成第一哈希值;若所述第一匿名节点确定所述第一哈希值小于第一挖矿难度值,则确定所述第一匿名节点满足预设条件。The first anonymous node generates a first hash value according to the mining factor and the content of the block to be produced; if the first anonymous node determines that the first hash value is less than the first mining difficulty value, it is determined that the first anonymous node satisfies the preset condition.
上述实施方式可以通过隐私保护的共识模块实现,本模块可以让匿名节点(验证者)在共识中挖矿的难度和属性值相关。验证者可以通过zk-SNARK证明自己的合法性,同时不需要透露自己的属性值给其他验证者,其他验证者可以快速地验证这一证明而不需要知道该验证者的属性值。The above-mentioned embodiments can be implemented through a privacy-preserving consensus module, which allows anonymous nodes (verifiers) to mine the difficulty in consensus and attribute values. Verifiers can prove their legitimacy through zk-SNARK without revealing their attribute values to other verifiers. Other verifiers can quickly verify the proof without knowing the verifier's attribute values.
该模块的流程如下图3所示。The flow of this module is shown in Figure 3 below.
(1)验证者通过自己的属性值决定自己挖掘的难度正整数D。例如,当自己的属性在正整数L i和正整数H i之间的时候,它挖掘出的区块的哈希值需要小于 正整数D i(1) The verifier determines the positive integer D of the difficulty of mining by himself through his own attribute value. For example, when its own attribute is between the positive integer Li and the positive integer Hi , the hash value of the block it mines needs to be smaller than the positive integer Di ;
(2)验证者会将正整数计数值N(nonce)从0开始增加,每加一次会判断包含N的区块的哈希值是否满足挖掘难度D,即H(B||N)<D,其中B为除了共识证明域的区块内容。(2) The verifier will increase the positive integer count value N(nonce) from 0, and each time it is added, it will judge whether the hash value of the block containing N satisfies the mining difficulty D, that is, H(B||N)<D , where B is the block content except the consensus proof domain.
挖矿因子的实施方式中,具体来说,还可能出现如下情形:In the implementation of the mining factor, specifically, the following situations may also occur:
所述第一匿名节点在预设数域内持续更新挖矿因子的过程中,在生成的挖矿因子未使得所述第一匿名节点满足所述预设条件的期间,若所述第一匿名节点收到了所述各第二匿名节点中任一第二匿名节点的第二区块,则所述第一匿名节点验证所述第二区块;若验证通过,则所述第一匿名节点将所述第二区块作为共识区块。In the process that the first anonymous node continuously updates the mining factor within the preset number range, during the period when the generated mining factor does not make the first anonymous node meet the preset condition, if the first anonymous node After receiving the second block of any second anonymous node among the second anonymous nodes, the first anonymous node verifies the second block; if the verification is passed, the first anonymous node will The second block is used as the consensus block.
上述实施方式在图3中的步骤如下:The steps of the above-described embodiment in FIG. 3 are as follows:
(3)若找到正确的N,则验证者用zk-SNARK生成Z1,并将其放在区块的共识证明域上。Z1包含了以下信息的证明:1)
Figure PCTCN2021126991-appb-000004
ID是按照正确的公式生成。2)属性值R对应的难度D是正确的。3)H(B||N)<D,其中B为除了公式证明域的区块内容。验证者将正确的区块发送给其他验证者并进行下一轮区块的挖掘。 (3) If the correct N is found, the verifier generates Z1 with zk-SNARK and puts it on the consensus proof field of the block. Z1 contains proof of the following information: 1)
Figure PCTCN2021126991-appb-000004
The ID is generated according to the correct formula. 2) The difficulty D corresponding to the attribute value R is correct. 3) H(B||N)<D, where B is the block content except the formula proof field. The validator sends the correct block to other validators and mines the next round of blocks.
(4)若验证者还未找到正确的N时,当其在收到其他验证者发送的区块后验证π1,若正确则将该区块加入到区块链中。若不正确则继续寻找N。(4) If the verifier has not found the correct N, it will verify π1 after receiving the block sent by other verifiers, and if it is correct, add the block to the blockchain. If it is not correct, continue to find N.
如图4所示,本发明提供一种基于POW的区块链共识装置,包括:共识模块401,用于若确定第一匿名节点满足预设条件,则生成第一共识零知识证明;所述第一共识零知识证明至少用于验证以下信息的正确性:共识验证信息、第一属性值承诺和第一匿名身份信息;所述第一属性值承诺是至少根据第一实际属性值得到的隐匿信息;所述第一匿名身份信息是至少根据第一匿名节点的第一实际身份信息得到的;所述预设条件是根据PoW共识算法的特性设定的;以及至少根据所述第一共识零知识证明、所述共识验证信息、待出块区块内容、所述第一匿名身份信息和所述第一属性值承诺,生成第一区块,并将所述第一区块作为共识区块;数据传输模块402。用于将所述第一区 块发送至各第二匿名节点。As shown in FIG. 4 , the present invention provides a POW-based blockchain consensus device, including: a consensus module 401 for generating a first consensus zero-knowledge proof if it is determined that the first anonymous node satisfies a preset condition; the The first consensus zero-knowledge proof is at least used to verify the correctness of the following information: consensus verification information, first attribute value commitment, and first anonymous identity information; the first attribute value commitment is a concealment obtained at least according to the first actual attribute value information; the first anonymous identity information is obtained at least according to the first actual identity information of the first anonymous node; the preset condition is set according to the characteristics of the PoW consensus algorithm; and at least according to the first consensus zero Knowledge proof, the consensus verification information, the content of the block to be produced, the first anonymous identity information and the first attribute value commitment, generate the first block, and use the first block as a consensus block ; Data transmission module 402. For sending the first block to each second anonymous node.
可选的,所述共识模块401具体用于:根据所述第一实际属性值确定所述第一匿名节点的第一挖矿难度值;在预设数域内持续更新挖矿因子,并根据所述第一挖矿难度值和所述挖矿因子确定所述第一匿名节点是否满足预设条件;所述预设条件是基于所述第一挖矿难度值设定的;所述挖矿因子满足所述预设条件的概率和所述第一实际属性值呈正相关。Optionally, the consensus module 401 is specifically configured to: determine the first mining difficulty value of the first anonymous node according to the first actual attribute value; continuously update the mining factor within the preset number range, The first mining difficulty value and the mining factor determine whether the first anonymous node satisfies a preset condition; the preset condition is set based on the first mining difficulty value; the mining factor The probability of satisfying the preset condition is positively correlated with the first actual attribute value.
可选的,所述共识模块401具体用于:根据所述挖矿因子和所述待出块区块内容,生成第一哈希值;若确定所述第一哈希值小于第一挖矿难度值,则确定所述第一匿名节点满足预设条件。Optionally, the consensus module 401 is specifically configured to: generate a first hash value according to the mining factor and the content of the block to be produced; if it is determined that the first hash value is smaller than the first mining value difficulty value, it is determined that the first anonymous node satisfies the preset condition.
可选的,所述共识模块401还用于:在预设数域内持续更新挖矿因子的过程中,在生成的挖矿因子未使得所述第一匿名节点满足所述预设条件的期间,若所述数据传输模块402收到了所述各第二匿名节点中任一第二匿名节点的第二区块,则验证所述第二区块;若验证通过,则将所述第二区块作为共识区块。Optionally, the consensus module 401 is further configured to: in the process of continuously updating the mining factor in the preset number field, during the period when the generated mining factor does not make the first anonymous node meet the preset condition, If the data transmission module 402 receives the second block of any second anonymous node among the second anonymous nodes, the second block is verified; if the verification is passed, the second block is as a consensus block.
可选的,所述第一区块为所述区块链的第i时期中第三区块与第四区块之间的待共识区块;所述第三区块为所述区块链的第i时期中的第一个待共识区块;所述第四区块为所述区块链的第i时期中的最后一个待共识区块;所述第一匿名身份信息为所述第一匿名节点在所述区块链的第i时期的匿名身份信息;所述第一属性值承诺为所述第一匿名节点在所述区块链的第i时期的属性值承诺。Optionally, the first block is the block to be agreed upon between the third block and the fourth block in the i-th period of the blockchain; the third block is the blockchain The first block to be consensus in the ith period of the blockchain; the fourth block is the last block to be consensus in the ith period of the blockchain; the first anonymous identity information is the Anonymous identity information of an anonymous node in the ith period of the blockchain; the first attribute value commitment is the attribute value commitment of the first anonymous node in the ith period of the blockchain.
可选的,在所述区块链的第i时期结束后,所述共识模块401还用于:生成第二匿名身份信息,作为所述第一匿名节点在所述区块链的第i+1时期的匿名身份信息;生成第二属性值承诺,作为所述第一匿名节点在所述区块链的第i+1时期的属性值承诺。Optionally, after the i-th period of the blockchain ends, the consensus module 401 is further configured to: generate second anonymous identity information as the first anonymous node in the i+th period of the blockchain Anonymous identity information of period 1; generate a second attribute value commitment as the attribute value commitment of the first anonymous node in the i+1th period of the blockchain.
可选的,所述第三区块是由所述第一匿名节点生成的,所述共识模块401还用于:按照以下方式生成第三区块:根据所述第一共识零知识证明、所述共识验证信息、所述第一匿名身份信息和所述第一属性值承诺,生成第三区 块。Optionally, the third block is generated by the first anonymous node, and the consensus module 401 is further configured to: generate the third block in the following manner: according to the first consensus zero-knowledge proof, all The consensus verification information, the first anonymous identity information and the first attribute value commitment are generated to generate a third block.
可选的,所述第四区块是由所述第一匿名节点生成的,所述共识模块401还用于:按照以下方式生成第四区块:根据所述第一共识零知识证明、所述共识验证信息、所述待出块区块内容、所述第一匿名身份信息、所述第一属性值承诺、第三匿名身份信息和第三属性值承诺,生成第四区块;所述第三匿名身份信息为在所述区块链的第i+1时期中待加入匿名节点的匿名身份信息;所述第三属性值承诺是至少根据所述待加入匿名节点在所述区块链的第i+1时期中的实际属性值得到的隐匿信息。Optionally, the fourth block is generated by the first anonymous node, and the consensus module 401 is further configured to: generate the fourth block in the following manner: according to the first consensus zero-knowledge proof, all The consensus verification information, the content of the block to be produced, the first anonymous identity information, the first attribute value commitment, the third anonymous identity information and the third attribute value commitment are used to generate the fourth block; the The third anonymous identity information is the anonymous identity information of the anonymous node to be added in the i+1th period of the blockchain; the third attribute value commitment is at least according to the anonymous node to be added in the blockchain The hidden information obtained from the actual attribute values in the i+1th epoch.
基于同一发明构思,本发明实施例还提供了一种计算机设备,包括程序或指令,当所述程序或指令被执行时,如本发明实施例提供的基于POW的区块链共识方法及任一可选方法被执行。Based on the same inventive concept, an embodiment of the present invention also provides a computer device, including a program or an instruction, when the program or instruction is executed, such as the POW-based blockchain consensus method provided by the embodiment of the present invention and any Optional methods are executed.
基于同一发明构思,本发明实施例还提供了一种计算机可读存储介质,包括程序或指令,当所述程序或指令被执行时,如本发明实施例提供的基于POW的区块链共识方法及任一可选方法被执行。Based on the same inventive concept, embodiments of the present invention also provide a computer-readable storage medium, including programs or instructions, when the programs or instructions are executed, the POW-based blockchain consensus method provided by the embodiments of the present invention and any optional methods are executed.
尽管已描述了本发明的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例作出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本发明范围的所有变更和修改。Although preferred embodiments of the present invention have been described, additional changes and modifications to these embodiments may occur to those skilled in the art once the basic inventive concepts are known. Therefore, the appended claims are intended to be construed to include the preferred embodiment and all changes and modifications that fall within the scope of the present invention.
显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit and scope of the invention. Thus, provided that these modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include these modifications and variations.

Claims (10)

  1. 一种基于POW的区块链共识方法,其特征在于,包括:A POW-based blockchain consensus method, characterized in that it includes:
    第一匿名节点若确定所述第一匿名节点满足预设条件,则生成第一共识零知识证明;所述第一共识零知识证明至少用于验证以下信息的正确性:共识验证信息、第一属性值承诺和第一匿名身份信息;所述第一属性值承诺是至少根据第一实际属性值得到的隐匿信息;所述第一匿名身份信息是至少根据所述第一匿名节点的第一实际身份信息得到的;所述预设条件是根据PoW共识算法的特性设定的;If the first anonymous node determines that the first anonymous node satisfies the preset conditions, it generates a first consensus zero-knowledge proof; the first consensus zero-knowledge proof is at least used to verify the correctness of the following information: consensus verification information, first consensus zero-knowledge proof attribute value commitment and first anonymous identity information; the first attribute value commitment is concealed information obtained at least according to the first actual attribute value; the first anonymous identity information is at least based on the first actual attribute value of the first anonymous node The identity information is obtained; the preset conditions are set according to the characteristics of the PoW consensus algorithm;
    所述第一匿名节点至少根据所述第一共识零知识证明、所述共识验证信息、待出块区块内容、所述第一匿名身份信息和所述第一属性值承诺,生成第一区块,并将所述第一区块作为共识区块;The first anonymous node generates a first zone according to at least the first consensus zero-knowledge proof, the consensus verification information, the content of the block to be produced, the first anonymous identity information and the first attribute value commitment. block, and use the first block as a consensus block;
    所述第一匿名节点将所述第一区块发送至各第二匿名节点。The first anonymous node sends the first block to each second anonymous node.
  2. 如权利要求1所述的方法,其特征在于,所述第一匿名节点按照以下方式确定所述第一匿名节点满足预设条件:The method of claim 1, wherein the first anonymous node determines that the first anonymous node satisfies a preset condition in the following manner:
    所述第一匿名节点根据所述第一实际属性值确定所述第一匿名节点的第一挖矿难度值;The first anonymous node determines the first mining difficulty value of the first anonymous node according to the first actual attribute value;
    所述第一匿名节点在预设数域内持续更新挖矿因子,并根据所述第一挖矿难度值和所述挖矿因子确定所述第一匿名节点是否满足预设条件;所述预设条件是基于所述第一挖矿难度值设定的;所述挖矿因子满足所述预设条件的概率和所述第一实际属性值呈正相关。The first anonymous node continuously updates the mining factor within a preset number range, and determines whether the first anonymous node satisfies the preset condition according to the first mining difficulty value and the mining factor; the preset The condition is set based on the first mining difficulty value; the probability that the mining factor satisfies the preset condition is positively correlated with the first actual attribute value.
  3. 如权利要求2所述的方法,其特征在于,所述根据所述第一挖矿难度值和所述挖矿因子确定所述第一匿名节点是否满足预设条件,包括:The method according to claim 2, wherein the determining whether the first anonymous node satisfies a preset condition according to the first mining difficulty value and the mining factor comprises:
    所述第一匿名节点根据所述挖矿因子和所述待出块区块内容,生成第一哈希值;The first anonymous node generates a first hash value according to the mining factor and the content of the block to be produced;
    若所述第一匿名节点确定所述第一哈希值小于第一挖矿难度值,则确定所述第一匿名节点满足预设条件。If the first anonymous node determines that the first hash value is smaller than the first mining difficulty value, it is determined that the first anonymous node satisfies the preset condition.
  4. 如权利要求2所述的方法,其特征在于,还包括:The method of claim 2, further comprising:
    所述第一匿名节点在预设数域内持续更新挖矿因子的过程中,在生成的挖矿因子未使得所述第一匿名节点满足所述预设条件的期间,若所述第一匿名节点收到了所述各第二匿名节点中任一第二匿名节点的第二区块,则所述第一匿名节点验证所述第二区块;In the process that the first anonymous node continuously updates the mining factor within the preset number range, during the period when the generated mining factor does not make the first anonymous node meet the preset condition, if the first anonymous node After receiving the second block of any second anonymous node among the second anonymous nodes, the first anonymous node verifies the second block;
    若验证通过,则所述第一匿名节点将所述第二区块作为共识区块。If the verification is passed, the first anonymous node regards the second block as a consensus block.
  5. 如权利要求1至4任一项所述的方法,其特征在于,所述第一区块为所述区块链的第i时期中第三区块与第四区块之间的待共识区块;所述第三区块为所述区块链的第i时期中的第一个待共识区块;所述第四区块为所述区块链的第i时期中的最后一个待共识区块;所述第一匿名身份信息为所述第一匿名节点在所述区块链的第i时期的匿名身份信息;所述第一属性值承诺为所述第一匿名节点在所述区块链的第i时期的属性值承诺。The method according to any one of claims 1 to 4, wherein the first block is a consensus area between the third block and the fourth block in the i-th period of the blockchain block; the third block is the first block to be consensus in the ith period of the blockchain; the fourth block is the last block to be consensus in the ith period of the blockchain block; the first anonymous identity information is the anonymous identity information of the first anonymous node in the i-th period of the blockchain; the first attribute value promises that the first anonymous node is in the block Attribute value commitment for the ith epoch of the blockchain.
  6. 如权利要求5所述的方法,其特征在于,在所述区块链的第i时期结束后,还包括:The method of claim 5, further comprising: after the i-th period of the blockchain ends:
    所述第一匿名节点生成第二匿名身份信息,作为所述第一匿名节点在所述区块链的第i+1时期的匿名身份信息;The first anonymous node generates second anonymous identity information as the anonymous identity information of the first anonymous node in the i+1th period of the blockchain;
    所述第一匿名节点生成第二属性值承诺,作为所述第一匿名节点在所述区块链的第i+1时期的属性值承诺。The first anonymous node generates a second attribute value commitment as the attribute value commitment of the first anonymous node in the i+1th period of the blockchain.
  7. 如权利要求5所述的方法,其特征在于,所述第三区块是由所述第一匿名节点生成的,所述第一匿名节点按照以下方式生成第三区块:The method of claim 5, wherein the third block is generated by the first anonymous node, and the first anonymous node generates the third block in the following manner:
    所述第一匿名节点根据所述第一共识零知识证明、所述共识验证信息、所述第一匿名身份信息和所述第一属性值承诺,生成第三区块。The first anonymous node generates a third block according to the first consensus zero-knowledge proof, the consensus verification information, the first anonymous identity information and the first attribute value commitment.
  8. 如权利要求5所述的方法,其特征在于,所述第四区块是由所述第一匿名节点生成的,所述第一匿名节点按照以下方式生成第四区块:The method of claim 5, wherein the fourth block is generated by the first anonymous node, and the first anonymous node generates the fourth block in the following manner:
    所述第一匿名节点根据所述第一共识零知识证明、所述共识验证信息、所述待出块区块内容、所述第一匿名身份信息、所述第一属性值承诺、第三匿名身份信息和第三属性值承诺,生成第四区块;The first anonymous node is based on the first consensus zero-knowledge proof, the consensus verification information, the content of the block to be produced, the first anonymous identity information, the first attribute value commitment, and the third anonymous Identity information and the third attribute value commitment to generate the fourth block;
    所述第三匿名身份信息为在所述区块链的第i+1时期中待加入匿名节点的匿名身份信息;所述第三属性值承诺是至少根据所述待加入匿名节点在所述区块链的第i+1时期中的实际属性值得到的隐匿信息。The third anonymous identity information is the anonymous identity information of the anonymous node to be added in the i+1th period of the blockchain; the third attribute value commitment is at least according to the anonymous node to be added in the area. The hidden information obtained from the actual attribute value in the i+1th epoch of the blockchain.
  9. 一种基于POW的区块链共识装置,其特征在于,包括:A POW-based blockchain consensus device, characterized in that it includes:
    共识模块,用于若确定第一匿名节点满足预设条件,则生成第一共识零知识证明;所述第一共识零知识证明至少用于验证以下信息的正确性:共识验证信息、第一属性值承诺和第一匿名身份信息;所述第一属性值承诺是至少根据第一实际属性值得到的隐匿信息;所述第一匿名身份信息是至少根据所述第一匿名节点的第一实际身份信息得到的;所述预设条件是根据PoW共识算法的特性设定的;以及The consensus module is used to generate a first consensus zero-knowledge proof if it is determined that the first anonymous node satisfies the preset conditions; the first consensus zero-knowledge proof is at least used to verify the correctness of the following information: consensus verification information, first attribute value commitment and first anonymous identity information; the first attribute value commitment is concealed information obtained at least according to the first actual attribute value; the first anonymous identity information is at least based on the first actual identity of the first anonymous node information; the preset conditions are set according to the characteristics of the PoW consensus algorithm; and
    至少根据所述第一共识零知识证明、所述共识验证信息、待出块区块内容、所述第一匿名身份信息和所述第一属性值承诺,生成第一区块,并将所述第一区块作为共识区块;Generate a first block based on at least the first consensus zero-knowledge proof, the consensus verification information, the content of the block to be produced, the first anonymous identity information and the first attribute value commitment, and the The first block is used as a consensus block;
    数据传输模块,用于将所述第一区块发送至各第二匿名节点。A data transmission module, configured to send the first block to each second anonymous node.
  10. 一种计算机设备,其特征在于,包括程序或指令,当所述程序或指令被执行时,如权利要求1至8中任意一项所述的方法被执行。A computer device, characterized by comprising a program or an instruction, when the program or the instruction is executed, the method according to any one of claims 1 to 8 is performed.
PCT/CN2021/126991 2020-11-06 2021-10-28 Pow-based blockchain consensus method and apparatus WO2022095779A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202011231832.6 2020-11-06
CN202011231832.6A CN112436944B (en) 2020-11-06 2020-11-06 POW-based block chain consensus method and device

Publications (2)

Publication Number Publication Date
WO2022095779A1 true WO2022095779A1 (en) 2022-05-12
WO2022095779A9 WO2022095779A9 (en) 2022-09-15

Family

ID=74699367

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/126991 WO2022095779A1 (en) 2020-11-06 2021-10-28 Pow-based blockchain consensus method and apparatus

Country Status (2)

Country Link
CN (1) CN112436944B (en)
WO (1) WO2022095779A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112436944B (en) * 2020-11-06 2023-04-07 深圳前海微众银行股份有限公司 POW-based block chain consensus method and device
CN113487400B (en) * 2021-06-04 2022-10-11 长春工业大学 Financial credit consensus method based on honesty bidirectional selection

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107124403A (en) * 2017-04-14 2017-09-01 朱清明 The generation method and computing device of common recognition block in block chain
US20190251553A1 (en) * 2018-11-07 2019-08-15 Alibaba Group Holding Limited Blockchain data protection based on account note model with zero-knowledge proof
US20190370793A1 (en) * 2018-06-04 2019-12-05 Decentralized Finance Labs, Inc. Hybrid consensus for blockchain using proof of work and proof of stake
CN110933088A (en) * 2019-12-02 2020-03-27 深圳启元信息服务有限公司 Decentralization verifiable hiding representing method and system based on block chain and storage medium
CN112436944A (en) * 2020-11-06 2021-03-02 深圳前海微众银行股份有限公司 POW-based block chain consensus method and device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109035029A (en) * 2018-07-27 2018-12-18 阿里巴巴集团控股有限公司 Based on the assets transfer method and device of block chain, electronic equipment
CN109858281B (en) * 2019-02-01 2020-09-18 杭州云象网络技术有限公司 Block chain account model privacy protection method based on zero knowledge proof
US20200311695A1 (en) * 2019-03-27 2020-10-01 International Business Machines Corporation Privacy-preserving gridlock resolution
CN110602077B (en) * 2019-09-03 2020-10-27 成都信息工程大学 Quantum block chain network anonymous election method based on trust evaluation and storage medium
CN111428249B (en) * 2020-01-20 2022-06-28 中国科学院信息工程研究所 Anonymous registration method and system for protecting user privacy based on block chain

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107124403A (en) * 2017-04-14 2017-09-01 朱清明 The generation method and computing device of common recognition block in block chain
US20190370793A1 (en) * 2018-06-04 2019-12-05 Decentralized Finance Labs, Inc. Hybrid consensus for blockchain using proof of work and proof of stake
US20190251553A1 (en) * 2018-11-07 2019-08-15 Alibaba Group Holding Limited Blockchain data protection based on account note model with zero-knowledge proof
CN110933088A (en) * 2019-12-02 2020-03-27 深圳启元信息服务有限公司 Decentralization verifiable hiding representing method and system based on block chain and storage medium
CN112436944A (en) * 2020-11-06 2021-03-02 深圳前海微众银行股份有限公司 POW-based block chain consensus method and device

Also Published As

Publication number Publication date
CN112436944B (en) 2023-04-07
WO2022095779A9 (en) 2022-09-15
CN112436944A (en) 2021-03-02

Similar Documents

Publication Publication Date Title
Li et al. Traceable monero: Anonymous cryptocurrency with enhanced accountability
US20230245131A1 (en) Method, System, and Computer Program Product for Determining Solvency of a Digital Asset Exchange
WO2022095778A1 (en) Attribute value-based blockchain consensus method and device
US11212081B2 (en) Method for signing a new block in a decentralized blockchain consensus network
CN111680324B (en) Credential verification method, management method and issuing method for blockchain
WO2022095780A1 (en) Bft-based blockchain consensus method and device
WO2022095779A1 (en) Pow-based blockchain consensus method and apparatus
Huang et al. Scalable and redactable blockchain with update and anonymity
TW201944757A (en) Computer-implemented system and method suitable for increasing the security of instant off-line blockchain transactions
CN109413078B (en) Anonymous authentication method based on group signature under standard model
Wu et al. Certificateless aggregate signature scheme secure against fully chosen-key attacks
CN112488682B (en) Three-party transfer method and device for block chain
Tsai et al. An improved non-interactive zero-knowledge range proof for decentralized applications
Wang et al. Privacy-preserving energy storage sharing with blockchain
Lin et al. An efficient privacy-preserving credit score system based on noninteractive zero-knowledge proof
Huang et al. zkChain: A privacy‐preserving model based on zk‐SNARKs and hash chain for efficient transfer of assets
CN112287040B (en) Rights and interests combination method, device, equipment and medium based on block chain
Li et al. A regulatable data privacy protection scheme for energy transactions based on consortium blockchain
Hu et al. Towards verifiable and privacy-preserving account model on a consortium blockchain based on zk-SNARKs
CN111539719B (en) Audit coin-mixing service method and system model based on blind signature
Luo et al. Fast computation of multi-scalar multiplication for pairing-based zkSNARK applications
CN111245869B (en) Cross-domain anonymous authentication method in information physical system
Hasanaj Blockchain and its security issues and challenges
Bai et al. RZcash: a privacy protection scheme for the account-based blockchain
CN114971842A (en) Privacy protection confidential transaction method based on block chain

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21888476

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 09/08/2023)

122 Ep: pct application non-entry in european phase

Ref document number: 21888476

Country of ref document: EP

Kind code of ref document: A1