WO2023056964A1 - Consensus method, blockchain system, and consensus node - Google Patents

Consensus method, blockchain system, and consensus node Download PDF

Info

Publication number
WO2023056964A1
WO2023056964A1 PCT/CN2022/124047 CN2022124047W WO2023056964A1 WO 2023056964 A1 WO2023056964 A1 WO 2023056964A1 CN 2022124047 W CN2022124047 W CN 2022124047W WO 2023056964 A1 WO2023056964 A1 WO 2023056964A1
Authority
WO
WIPO (PCT)
Prior art keywords
message
consensus
node
data block
nodes
Prior art date
Application number
PCT/CN2022/124047
Other languages
French (fr)
Chinese (zh)
Inventor
刘盛云
邓福喜
闫莺
徐文博
Original Assignee
支付宝(杭州)信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 支付宝(杭州)信息技术有限公司 filed Critical 支付宝(杭州)信息技术有限公司
Publication of WO2023056964A1 publication Critical patent/WO2023056964A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • G06F16/2246Trees, e.g. B+trees
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • G06F16/2255Hash tables
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/46Secure multiparty computation, e.g. millionaire problem
    • H04L2209/463Electronic voting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Definitions

  • the embodiments of this specification belong to the field of blockchain technology, and in particular relate to a consensus method, a blockchain system, and consensus nodes.
  • Blockchain is a new application model of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithm.
  • the data blocks are combined into a chained data structure in a sequentially connected manner in chronological order, and a non-tamperable and unforgeable distributed ledger is cryptographically guaranteed. Due to the characteristics of decentralization, non-tamperable information, and autonomy, the blockchain has also received more and more attention and application.
  • the purpose of the present invention is to provide a consensus method, blockchain system and consensus nodes, including: a consensus method in the blockchain system, including: the first round: the first consensus node uses the transaction set proposed by the consensus to correct Code deletion generates multiple data blocks; the first consensus node retains a copy of the data block, and sends the first message to other consensus nodes, and the first message sent to different consensus nodes includes different data blocks and the first consensus node
  • the second round the consensus node that received the first message broadcasts the second message, the second message includes the vote and signature on the transaction set; the vote includes the summary value of the transaction set;
  • the second Three rounds After the consensus node receiving the second message collects at least Quorum unanimous votes from different consensus nodes, it broadcasts the third message, which includes the data block, the digest value and the collected signature set;
  • the data blocks broadcast by the first consensus node include the reserved data blocks, and the remaining consensus nodes broadcast the data blocks received in the first round;
  • the erasure code restores the transaction set, and after collecting
  • a blockchain system including consensus nodes, wherein: the first consensus node uses erasure codes to generate multiple data blocks from the transaction set proposed by the consensus; the first consensus node retains a copy of the data block, and sends the first message to other Consensus nodes, the first message sent to different consensus nodes includes different data blocks and the signature of the first consensus node; the consensus node that receives the first message broadcasts a second message, and the second message includes the signature for all The voting and signature of the transaction set; the vote includes the summary value of the transaction set; after the consensus node receiving the second message collects at least Quorum unanimous votes from different consensus nodes, it broadcasts the third message, and the second The third message includes the data block, the digest value and the collected signature set; wherein the data block broadcast by the first consensus node includes the reserved data block, and the remaining consensus nodes broadcast the data block received in the first round; the At the end of the third round, the consensus node uses the erasure code to restore the transaction set based on the received data block, and after collecting
  • a consensus node in a blockchain system comprising: a data block generation unit, used to generate multiple data blocks using erasure codes for a transaction set proposed by the consensus, and retain a copy of the data blocks; a first message broadcast unit, using When broadcasting the first message to other consensus nodes, the first messages sent to different consensus nodes include different data blocks and the signature of the first consensus node; the second message receiving unit is used to receive the second message, and the second The message includes a vote and a signature on the transaction set; the vote includes a summary value of the transaction set; the third message broadcast unit, when the second message receiving unit collects at least Quorum consistent Broadcast a third message after voting, the third message includes the reserved data block, the digest value and the collected signature set; the third message collection unit is used to collect the third message from different consensus nodes; the output unit After the third message collection unit collects at least Quorum third messages from different nodes, output the transaction set corresponding to the summary value as at least a part of the consensus result.
  • a consensus node in a blockchain system comprising: a first message receiving unit, configured to receive a first message broadcast by the first consensus node, the first message including a data block of a proposed transaction set and the first consensus node signature; the second message broadcasting unit is configured to broadcast a second message after the first message receiving unit receives the first message, and the second message includes a vote and a signature on the transaction set; the vote includes all The summary value of the transaction set; the second message receiving unit is used to receive the second message, and the second message includes the vote and signature on the transaction set; the vote includes the summary value of the transaction set; the third message
  • the broadcasting unit when the second message receiving unit collects at least Quorum unanimous votes from different consensus nodes, broadcasts the third message, the third message includes the digest value and the collected signature set; the third message collecting unit , to collect third messages from different consensus nodes; the recovery unit, based on the data block received by the third message collection unit, restores the transaction set using the erasure code; the output unit, when the third message collection
  • the erasure code is used to generate several data blocks for the transaction proposed by the consensus, and the proposed consensus node does not need to transmit larger data packets to other Instead, different data blocks of the data packet are transmitted to different consensus nodes, which can reduce the amount of data transmitted by the network. Forwarding the data blocks sent by the proposed consensus nodes in the second round can make full use of the bandwidth resources between nodes in the network, thereby improving the performance of the consensus protocol as a whole.
  • Fig. 1 is a schematic diagram of a conventional stage of a practical Byzantine fault-tolerant algorithm in an embodiment
  • Fig. 2 is a schematic diagram of the view switching stage of the practical Byzantine fault-tolerant algorithm in an embodiment
  • Fig. 3 is a schematic diagram of the honey badger Byzantine fault-tolerant algorithm in an embodiment
  • Fig. 4 is a flowchart of the consensus algorithm in an embodiment of this specification.
  • Fig. 5 is a schematic diagram of a consensus algorithm in an embodiment of this specification.
  • Fig. 6 is a schematic diagram of a consensus algorithm in an embodiment of this specification.
  • Fig. 7 is a schematic diagram of a consensus algorithm in an embodiment of this specification.
  • Fig. 8 is a schematic diagram of a consensus algorithm in an embodiment of this specification.
  • Fig. 9 is a schematic diagram of a consensus algorithm in an embodiment of this specification.
  • FIG. 10 is an architecture diagram of a consensus node in an embodiment of this specification.
  • Fig. 11 is an architecture diagram of a consensus node in an embodiment of this specification.
  • Fig. 12 is a schematic diagram of an erasure code in an embodiment of this specification.
  • Fig. 13 is a schematic diagram of Merkle Tree in an embodiment of this specification.
  • Fig. 14 is a schematic diagram of Merkle Tree in an embodiment of this specification.
  • nodes In the blockchain system, different participants can establish a distributed blockchain network through the deployed nodes (Nodes).
  • Nodes A decentralized (or multi-centered) distributed ledger constructed using a chained block structure is stored on each node (or most nodes, such as consensus nodes) in the distributed blockchain network.
  • Such a blockchain system needs to solve the problem of the consistency and correctness of the respective ledger data on multiple decentralized (or multi-centered) nodes.
  • Each node runs a blockchain program. Under the design of certain fault-tolerant requirements, the consensus mechanism is used to ensure that all loyal nodes have the same transaction, so as to ensure that all loyal nodes have the same execution results for the same transaction, and will Transactions and execution results are packaged to generate blocks.
  • the current mainstream consensus mechanisms include: Proof of Work (POW), Proof of Stake (POS), Delegated Proof of Stake (DPOS), Practical Byzantine Fault Tolerance (PBFT) algorithm , Honey Badger Byzantine Fault Tolerance (HoneyBadgerBFT) algorithm, etc.
  • POW Proof of Work
  • POS Proof of Stake
  • DPOS Delegated Proof of Stake
  • PBFT Practical Byzantine Fault Tolerance
  • HoneyBadgerBFT Honey Badger Byzantine Fault Tolerance
  • the algorithm assumes that when at most f replicas (ie, nodes) fail, if there are at least 3f+1 replicas in total, security and liveness can be guaranteed to be provided in an asynchronous system.
  • a set of a certain number of copies required to ensure the data consistency and fault tolerance requirements of all copies is generally a collection of most nodes in a distributed system, forming a majority (Quorum).
  • the Quorum is 2f+1. In this way, for a distributed system containing four nodes, any three nodes can form a Quorum.
  • PBFT includes two processes, Normal Case Phase and View Change Phase.
  • Figure 1 is a flow chart of the Normal Case Phase (normal phase) process.
  • the Normal Case Phase mainly includes three phases: PRE-PREPARE (pre-preparation), PREPARE (preparation) and COMMIT (commitment).
  • node 3 can represent a downtime node (indicated by ⁇ in Figure 1), for example.
  • FIG. 2 is a schematic diagram of View Change Phase (view switching). If the master node goes offline or does evil and does not broadcast the client's request, etc., the client can set a timeout mechanism. If it times out, the client can broadcast the request message to all replica nodes.
  • the replica node After the replica node detects that the master node is malicious or goes offline, it can also initiate the View Change protocol phase to replace the master node (often referred to as "master change").
  • master change the three-stage consensus process of PRE-PREPARE, PREPARE and COMMIT may fail due to the wrong proposal initiated by the master node, or the PREPARE and COMMIT stages may not reach the number of Quorum (such as 2f+1 of 3f+1 nodes, Also known as the quorum), the consensus cannot be completed. In these cases it is also possible to initiate the View Change protocol phase to replace the master node.
  • the PBFT protocol is a partial synchronous protocol, which is characterized by assuming that the network is asynchronous at the beginning, but it can be synchronized from a certain moment. To allow different nodes to reach a consensus on the same proposal in the network, the easiest way is to set up a master node, and the master node will unify the opinions of each node. By setting the timer, you can prevent the master node from making mistakes. In PBFT, if the Normal Case Phase is not completed within a limited time, Backups will be triggered to initiate the View Change Phase to replace the primary node. PBFT fixes the master node in one position, and all requests can be sent to the master node first, and then broadcast to other consensus nodes by the master node.
  • the HoneyBadgerBFT also often abbreviated as HBBFT
  • HBBFT asynchronous (asynchronous) protocol.
  • Asynchronous protocols are suitable for asynchronous networks, that is, messages between nodes in this network can be delayed arbitrarily, but will eventually arrive. The timer is removed from HoneyBadgerBFT, and the execution of the protocol is driven by messages.
  • all nodes in the HoneyBadgerBFT algorithm are equal, there is no distinction between master nodes and backup nodes, and there is no process of changing masters.
  • Asynchronous network consensus protocols such as HBBFT have no concept of master nodes. Each node can propose a request and try to construct a block. Therefore, asynchronous network protocols alleviate the problems of fairness and single-node bottlenecks to a certain extent.
  • FIG 3 is a flow chart of the single node angle of the HoneyBadgerBFT algorithm.
  • all nodes in the HoneyBadgerBFT algorithm are peers, that is, all nodes can execute the process shown in Figure 3.
  • HoneyBadgerBFT mainly includes two stages, namely Reliable Broadcast (RBC) and Asynchronous Binary Agreement (ABA, asynchronous binary agreement, also known as "01 Asynchronous consensus").
  • RBC Reliable Broadcast
  • ABA Asynchronous Binary Agreement
  • the RBC phase includes at least three rounds of message interaction of Rval, Echo, and Ready
  • the ABA phase includes at least three rounds of message interaction of Bval, Aux, and Coin.
  • RBC uses three rounds of message exchanges to ensure reliable proposal broadcasting.
  • ABA first conducts two rounds of voting (Bval and AUX messages), and then uses Coin toss (Coin) to unify the proposals of each node, thereby bypassing the network synchronization requirements of the semi-synchronous protocol.
  • a HoneyBadgerBFT consensus must go through the RBC phase and at least one ABA phase. In the best case, there is a probability of 1/2 that the HoneyBadgerBFT consensus process can be ended. In this way, it takes 6 rounds to complete a consensus. In addition, there is a 1/4 probability that it will enter the ABA process again, as shown in Figure 3 for the second ABA process (the ABA process represented by rounds 7, 8, and 9), and there is a 1/4 probability that it will end in the second round.
  • HoneyBadgerBFT includes at least one RBC (three rounds) and one ABA (three rounds). If the ABA voting result is inconsistent with the coin toss result, the protocol enters a new round of ABA (at least three additional rounds). Tossing coins brings uncertainty to the rounds of consensus and may increase delays.
  • This application provides an embodiment of a consensus algorithm, as shown in Figure 4, which specifically includes: S41: [First round]
  • the first consensus node uses erasure codes to generate multiple data blocks from the transaction set proposed by the consensus; the first consensus node A copy of the data block is reserved, and a first message is sent to other consensus nodes.
  • the first messages sent to different consensus nodes include different data blocks and signatures of the first consensus node.
  • a consensus algorithm in this application may include 3 rounds of interaction. Similar to HBBFT, the consensus algorithm of the embodiment shown in Figure 5 is also an asynchronous protocol, that is, it is assumed that messages between nodes in the network can be delayed arbitrarily, but will eventually arrive. Similarly, the timer is also removed in the embodiment in Figure 5, and the execution of the protocol is driven by messages; at the same time, all nodes can be peer-to-peer, there is no distinction between the master node and the backup node, and any consensus node can initiate consensus Proposals, each consensus node can also participate in the consensus process where other nodes propose consensus proposals. The result of a consensus can include the sum of the transaction sets in the consensus proposal proposed by all nodes in this consensus and obtained at least the same number of Quorum votes.
  • Node 0 can initiate a consensus proposal, which can include a packaged transaction set, for example, marked as m 0 , m 0 can include a series of transaction sets ⁇ tx 01 , tx 02 , .. .,tx 0n ⁇ . Furthermore, Node 0 can generate multiple data blocks by adopting erasure coding (Erasure Coding) for the transaction set m 0 proposed by the consensus. Generally, the number n of data blocks generated using erasure codes can be equal to the total number of consensus nodes.
  • Erasure Coding Erasure Coding
  • Node 0 uses erasure codes on m 0 to generate 4 data blocks (data blocks), namely m 00 , m 01 , m 02 , and m 03 .
  • data blocks data blocks
  • they can have corresponding hash values respectively, for example, the hash value corresponding to m 00 is hash 000
  • the corresponding hash value of m 01 is hash 001
  • the corresponding hash value of m 02 is hash 002
  • the corresponding hash value is hash 003 , as shown in Figure 12.
  • Erasure code is a coding error-tolerant technology, which was first used for data recovery in data transmission in the communication industry.
  • each split data is associated. In the case of a certain range of data errors, it can be recovered through erasure code technology.
  • Data m can be generated into N data blocks through EC.
  • the N data blocks generally include p data blocks after data m is split, and q data blocks for storing erasure codes are also added. In this way, the original data m can be restored through any p pieces of data in the p+q pieces.
  • Node 0 can also build a Merkle Tree (Merkle tree, usually also called a Hash Tree) for the generated data block.
  • Merkle tree Merkle tree, usually also called a Hash Tree
  • the hash values of the four data blocks m 00 , m 01 , m 02 , and m 03 are respectively hash 000 , hash 001 , hash 002 , and hash 003 .
  • To construct the hash values in pairs hash 00 , hash 01 can be obtained . .
  • hash 00 can be obtained by sequentially splicing hash 000 and hash 001 and calculating hash
  • hash 01 can be obtained by sequentially splicing hash 002 and hash 003 and calculating hash.
  • hash 00 and hash 01 can be sequentially concatenated to calculate hash, thereby obtaining hash 0 .
  • Node 0 can generate a corresponding merkle proof (Merkle proof).
  • Merkle proof For example, for m 01 , the generated Merkle proof includes hash 000 , hash 01 , hash 0 ; for m 02 , the generated Merkle proof includes hash 003 , hash 00 , hash 0 ; for m 03 , the generated Merkle proof The proof includes hash 002 , hash 00 , and hash 0 . It can be seen that the Merkle proof is an ordered set of hash values. Through such an ordered set, the hash value of the root node of the Merkle tree can be calculated.
  • the first consensus node sends a first message to other consensus nodes, and the first messages sent to different consensus nodes include different data blocks and corresponding Merkle certificates.
  • the first consensus node Node 0 can send the first message Val message to Node 1 , the Val message can include the data block m 01 , and include the Merkel proof hash 000 , hash 01 , and hash 0 corresponding to the data block.
  • Node 0 can send the first message Val message to The Val message may include the data block m 02 , and include the Merkel proofs hash 003 , hash 00 , and hash 0 corresponding to the data block.
  • Node 0 may send a first Val message to Node 3 , and the Val message may include a data block m 03 , and include the Merkle certificates hash 002 , hash 00 , and hash 0 corresponding to the data block. As shown in Figure 5.
  • the first consensus node may reserve a copy of the data block, for example, the above-mentioned data block m 00 .
  • Val message sent by Node 0 to Node 1 may also include the signature of Node 0 , for example, marked as sig 00 .
  • Node 0 can use its own private key to sign the payload (payload) part of the message.
  • sign m 01 and its corresponding Merkle certificate to obtain sig 00 .
  • Node 0 may firstly perform hash calculation on the payload (payload) part of the message to obtain a hash value (that is, a digest value), and then sign the hash value with its own private key to obtain sig 00 .
  • the Val message sent by Node 0 to other Nodes is similar and will not be repeated here.
  • the format of the Val message can be such as ⁇ r, m 01 , the Merkel proof corresponding to m 01 , sig 00 >, where r can represent the rth consensus.
  • the consensus proposal for m 0 here is the rth consensus
  • the transaction set m 1 of the next consensus proposal can correspond to the r+1th consensus.
  • the sig 00 may also be a signature of the data including r and m 01 and their corresponding Merkle certificates using its own private key.
  • the consensus nodes that received the first message can verify the correctness of the received first message.
  • Node 1 may use the public key of Node 0 to verify the signature of Node 0 in the first message.
  • the first message may further include a Merkle certificate corresponding to the received data block.
  • the consensus node that received the first message can also verify the data block in the received first message and the corresponding Merkle proof.
  • the consensus node that receives the Val message can calculate the hash value of the consensus-proposed data block in the Val message.
  • Node 1 receives the first consensus node After the Val message is sent, the hash value of the data block m 01 included in the Val message can be calculated, for example, hash 001 .
  • the received Val message also includes the merkle proof corresponding to the contained data block.
  • Node 1 receives the Val message sent by the first consensus node Node 0 , which also includes the Merkel proof hash 000 , hash 01 , and hash 0 corresponding to data block m 01 .
  • the consensus node that receives the Val message can verify the correctness of the data through the Merkle proof contained in the Val message.
  • Node 1 After Node 1 obtains the hash value hash 001 of m 01 in the Val message through the aforementioned calculation, it further calculates together with the Merkel proof in the Val message, including calculating hash 000 and hash 001 to obtain hash′ 00 , and then by Hash′ 00 and hash 01 are calculated to obtain hash′ 0 , so whether m 01 is correct is determined by comparing whether hash′ 0 and hash 0 are consistent. This is because, generally speaking, the probability of a hash collision is extremely low, and it is difficult for the initiator of the message to forge a series of hash values while maintaining the corresponding relationship between these hash values and data blocks. Therefore, if comparing hash' 0 and hash 0 are consistent, the subsequent processing can be entered; if not, the received Val message is not approved, that is, the data block contained therein is not approved.
  • the consensus node that has received the first message may broadcast the second message.
  • Node 1 , Node 2 , and Node 3 respectively broadcast the second message to other consensus nodes. This broadcasted second message may be denoted as Bval.
  • Node 1 , Node 2 , and Node 3 can tell other consensus nodes to vote on the consensus proposal initiated by Node 0 by broadcasting the second message, and the vote can be to express approval or disapproval of the consensus proposal. If the consensus node approves the transaction set proposed by Node 0 in this consensus, it can broadcast the hash value of the transaction set in the second round of message interaction, such as hash 0 above. On the contrary, if the consensus node does not approve the transaction set proposed by Node 0 in this consensus, it can broadcast 0 in the second round of message interaction.
  • Node 0 does not need to participate in the broadcast, because Node 0 initiates a consensus proposal in the first round, which itself can represent Node 0 ’s approval of the message set in the consensus proposal, so that in the second round Node 1 , Node 2 , and Node 3 may respectively broadcast the second message to other consensus nodes.
  • the second message broadcast by the consensus node may also include the Merkle proof corresponding to the data block broadcast in the third round.
  • the consensus node that received the first message can receive the data block and the Merkle proof corresponding to the data block.
  • the second message broadcast by the consensus node may also include the Merkle proof corresponding to the data block.
  • the second message may also include a signature on the set of transactions.
  • the consensus node that receives the first message at the end of the first round can verify the correctness of the received first message, for example, Node 1 verifies whether the signature of Node 0 is correct.
  • the format of the Bval message can be ⁇ r, hash 0 , sig 10 >, where r can represent the rth consensus, and hash 0 is the hash value of m 0 , indicating that the voting point of view on m 0 is agreed.
  • the sig 10 may also be the signature of the data including r and hash 0 using its own private key.
  • Node 2 After receiving the Val message from Node 0 , Node 2 can similarly verify whether the signature of Node 0 is correct. If the verification is correct, Node 2 can use its own private key to sign hash 0 in the first message it receives, or use its own private key to sign data including r and hash 0 , thereby obtaining sig 20 , and then It is also possible to broadcast Bval messages.
  • the Bval message can include r, hash 0 and signature sig 20 .
  • Node 3 After receiving the Val message from Node 0 , Node 3 can similarly verify whether the signature of Node 0 is correct. If the verification is correct, Node 3 can use its own private key to sign hash 0 in the first message it receives, or use its own private key to sign data including r and hash 0 , thereby obtaining sig 30 , and then It is also possible to broadcast Bval messages.
  • the Bval message can include r, hash 0 and signature sig 30 .
  • S45 [Third round] After the consensus node receiving the second message collects at least Quorum consistent digest values from different consensus nodes, it broadcasts the third message.
  • the third message includes the data block, the digest value and the collected Arrived signature.
  • the consensus nodes in the second round broadcast the second message Bval message, so that at the end of the second round, the consensus nodes that received the second message can collect the votes for the consensus proposal in the second message.
  • Node 1 can collect the votes in the Bval message at the end of the second round, assuming that the votes collected by Node 1 in the second message broadcast by Node 2 and Node 3 are the hash value hash 0 of the transaction set m 0 , and if the vote in the second message broadcast by Node 1 in the second round is also the hash value hash 0 of the transaction set m 0 (also means the approval of the transaction set), and received in the first round
  • Node 2 and Node 3 are similar to Node 1 and will not be repeated here.
  • the consensus node can also collect the signatures of different nodes at the end of the second round, as mentioned earlier.
  • the number of votes collected up to the second round can be counted by signing. For example, if Node 1 collects sig 10 (the Bval message broadcast by Node 1 in the second round contains the vote of Node 1 and is also collected and signed), sig 20 and sig 30 respectively include the same hash value, then it means There are 3 votes for approval of the hash (in addition, it can also include the signature sig 00 of the same hash value received in the Val message sent by Node 0 at the end of the first round, and a total of 4 signatures are collected for the same hash value) .
  • the third message is broadcast.
  • the third message can be recorded as a Prom message, which means that it promises not to change its opinion on the proposal m 0 .
  • the hash value of m 0 can indicate approval, and 0 can indicate disapproval.
  • Node 2 and Node 3 are also similar.
  • the third broadcast message may include the collected votes for m 0 , such as the hash values and signatures collected in the first and second rounds above.
  • data blocks may be included in the broadcasted third message.
  • the data blocks broadcast by the first consensus node may include the data blocks reserved in the first round, and the remaining consensus nodes may broadcast the data blocks received in the first round.
  • Node 0 may include the data block m 00 reserved in the first round in the broadcasted Prom message. In this way, for each consensus node other than Node 0 , the data block can be collected at the end of the third round.
  • Node 1 receives a data block m 01 of the transaction set m 0 sent by Node 0 from the first round of Val messages, then Node 1 can also include this data block in the Prom message broadcast in the third round m 01 ;
  • Node 2 a data block m 02 of the transaction set m 0 sent by Node 0 is received from the first round of Val message, then Node 2 can also include this data block in the Prom message broadcast in the third round m 02 ;
  • Node 3 a data block m 03 of the transaction set m 0 sent by Node 0 is received from the first round of Val message, then Node 3 can also include this data block in the Prom message broadcast in the third round m 03 .
  • the third message may also include a Merkle certificate corresponding to the broadcast data block.
  • the broadcast data block may be broadcast in the third message.
  • the format of the Prom message can be such as ⁇ r, m 01 , Merkel proof corresponding to m 01 , hash 0 , ⁇ signature set>>.
  • Node 0 collects Node 1 in the second round
  • the votes in the Bval messages broadcast by Node 2 and Node 3 are all hash values of the transaction set m 0 , so that Node 1 , Node 2 and Node 3 are also collected.
  • the signatures for m 0 are votes of sig 10 , sig 20 , and sig 30 respectively
  • the Val message broadcast by Node 0 in the first round also includes its own signature on m 0 (or m 0
  • the hash value of 0 is signed as the hash value of sig 00 .
  • the Prom message broadcast by Node 0 in the third round may include the hash value and the collected hash value and signature set that different nodes express approval for the proposed transaction set m 0 .
  • the signature set is, for example, sig 00 , sig 10 , sig 20 , sig 30 .
  • Node 1 collects in the second round that the votes in the Bval messages broadcast by Node 2 and Node 3 are all the hash values of the transaction set m 0
  • Node 2 and Node 3 respectively collect
  • the signature of m 0 (or the hash value of m 0 ) is the vote of sig 20 and sig 30
  • the Val message broadcast by Node 0 in the first round also includes its signature on m 0 (or the hash value of m 0 ) is a vote of sig 00
  • the Bval message broadcast by Node 1 in the second round also includes the vote that its signature on m 0 (or the hash value of m 0 ) is sig 10 .
  • the Prom message broadcast by Node 1 in the third round may include the hash value and the collected hash value and signature set that different nodes approve of the proposed transaction set m 0
  • the signature set includes, for example, sig 00 , sig 10 , sig 20 , sig 30 .
  • Node 2 and Node 3 are also similar to Node 1 .
  • the above signature set can also be replaced by an aggregate signature or a threshold signature.
  • the consensus node uses the erasure code to restore the transaction set based on the received data block, and after collecting at least Quorum third messages from different nodes, the summary The transaction set corresponding to the value is output as at least part of the consensus result.
  • the consensus nodes that receive the Prom message can collect the data blocks in the Prom message.
  • Node 1 For Node 1 , a data block m 00 of transaction set m 0 sent by Node 0 is received from the third round of Prom messages, and a data block of transaction set m 0 sent by Node 2 is received from the third round of Prom messages Block m 02 , a data block m 03 of the transaction set m 0 sent by Node 3 is received from the third round of Prom messages. Node 1 also receives m 01 from Node 0 through the first round of Val messages.
  • Node 1 According to the settings of p and q in the erasure code as mentioned above (generally q is at least 1, and by the end of the third round, Node 1 should receive at least p different data blocks), Node 1 has relatively With a high probability, m 0 can be decoded from m 00 , m 01 , m 02 , and m 03 , so that the complete proposed transaction set of Node 0 can be recovered.
  • a data block m 00 of the transaction set m 0 sent by Node 0 is received from the third round of Prom messages
  • the transaction set m 0 sent by Node 1 is received from the third round of Prom messages
  • Node 1 also receives m 01 from Node 0 through the first round of Val messages.
  • Node 2 has a high probability of being able to decode m 0 from m 00 , m 01 , m 02 , and m 03 , so that the complete Node 0 can be recovered
  • the set of proposed transactions The set of proposed transactions.
  • Node 3 a data block m 00 of the transaction set m 0 sent by Node 0 is received from the third round of Prom messages, and the transaction set m 0 sent by Node 1 is received from the third round of Prom messages Receive a data block m 01 of the transaction set m 01 sent by Node 2 from the third round of Prom messages.
  • Node 3 also receives the m 03 sent by Node 0 .
  • Node 3 has a high probability of being able to decode m 0 from m 00 , m 01 , m 02 , and m 03 , so that the complete Node 0 can be recovered
  • the set of proposed transactions The set of proposed transactions.
  • the consensus node can use the erasure code to restore the transaction set based on the received data block.
  • the second message or the third message broadcast by the consensus node may include the Merkle proof corresponding to the data block.
  • the consensus node that received the data block can also combine the corresponding Merkle proof for verification.
  • the original data can be recovered after passing the verification, that is, m 0 can be obtained from the aforementioned decoding, and the complete proposed transaction set of Node 0 can be recovered from it.
  • the consensus node that receives the Prom message can calculate the hash value of the data block in the Prom message.
  • Node 1 After Node 1 receives the Prom message sent by the first consensus node Node 0 , it can calculate the hash value of the data block m 00 included in the Prom message, for example, hash 000 .
  • the Prom message sent by Node 0 may also include the merkle proof corresponding to the contained data block m 00 , for example including hash 001 , hash 01 , and hash 0 .
  • Node 1 After Node 1 obtains the hash value hash 000 of m 00 in the Prom message through the aforementioned calculation, it further calculates together with the Merkle proof, including calculating hash 000 and hash 001 to obtain hash′ 00 , and then combining hash′ 00 and Hash 01 is calculated to get hash′ 0 , so whether m 00 is correct is determined by comparing whether hash′ 0 is consistent with hash 0 .
  • Node 1 when Node 1 receives the Val message sent by the first consensus node Node 0 , it may include the data block m 01 and the corresponding Merkel proof hash 000 , hash 01 , and hash 0 .
  • the consensus node that receives the Val message can verify the correctness of the data through the Merkle proof contained in the Val message.
  • Node 1 After Node 1 obtains the hash value hash 001 of m 01 in the Val message through the aforementioned calculation, it further calculates together with the Merkel proof in the Val message, including calculating hash 000 and hash 001 to obtain hash′ 00 , and then by Hash′ 00 and hash 01 are calculated to obtain hash′ 0 , so whether m 01 is correct is determined by comparing whether hash′ 0 and hash 0 are consistent.
  • the Prom message broadcast by Node 1 in the third round may include the data block m 01 .
  • Node 1 may include the Merkel proof hash 000 , hash 01 , and hash 0 corresponding to the data block m 01 in the Bval message broadcast in the second round or the Prom message broadcast in the third round.
  • Node 0 , Node 2 , and Node 3 may all receive the data block m 01 and the corresponding Merkle certificate from Node 1 .
  • Each of Node 0 , Node 2 , and Node 3 can perform the above-mentioned verification process to verify the correctness of the data, and after passing the verification, enter the process of restoring the transaction set using erasure codes.
  • consensus nodes that have received Prom messages can count the number of collected Prom messages.
  • the condition for the consensus node to send the Prom message in the third round is that at least Quorum unanimous votes from different consensus nodes have been collected in the second round, and it has not broadcast different votes for the proposal, which is equivalent to the second round
  • the consensus node confirms that a total of at least Quorum number of consensus nodes (including itself) votes for the proposal m 0 .
  • the Prom message broadcast by Node 0 in the third round can include the hash value and the collected transactions of different nodes for the proposal
  • the set m 0 represents an approved hash value and signature set
  • the signature set includes, for example, sig 00 , sig 10 , sig 20 , and sig 30 .
  • Node 1 collects at least Quorum consistent digest values in the first round and the second round, and then, the Prom message broadcast by Node 1 in the third round may include the hash value and the collected different nodes for the
  • the proposed transaction set m 0 represents the approved hash value and signature set, and the signature set includes, for example, sig 00 , sig 10 , sig 20 , and sig 30 .
  • Node 2 and Node 3 are also similar to Node 1 .
  • Node 0 can collect at least Quorum Prom messages. Through Quorum Prom messages, Node 0 can confirm that each of at least Quorum consensus nodes has collected at least Quorum number of votes to approve the proposed transaction set m 0 , and each consensus node that sends Prom messages commits to The point of view of voting will not be changed, so that Node 0 can further complete this consensus, that is, output the transaction set m 0 corresponding to the summary value as at least a part of the consensus result. Node 1 , Node 2 and Node 3 are also similar. Similarly, other consensus nodes such as Node 1 , Node 2 , and Node 3 can further complete this consensus, that is, output the transaction set m 0 corresponding to the digest value as at least a part of the consensus result.
  • the third round of Prom messages can add signatures.
  • the Prom message broadcast by Node 1 in the third round may include Node 1 's signature of ⁇ r, hash, ⁇ signature set>> in the Prom message.
  • the number of bottom leaf nodes is 2n .
  • the number of data blocks generated by using erasure coding is not necessarily 2 n .
  • the hash of the last data block can be repeated several times to complete the 2 n leaf nodes of the Merkle Tree.
  • Node 0 uses the erasure code to generate 5 data blocks m 00 , m from the transaction set m 0 proposed by the consensus 01 , m 02 , m 03 , m 04 , and the constructed Merkle Tree can be shown in Figure 14.
  • the hash value corresponding to m 00 is hash 0000
  • the corresponding hash value to m 01 is hash 0001
  • the corresponding hash value to m 02 is hash 0002
  • the hash value corresponding to m 03 is hash 0003
  • the corresponding hash value to m 04 is hash 0004 .
  • the extra 3 leaf nodes of the Merkle Tree can take the hash value corresponding to the last data block.
  • hash 000s , hash 0006 and hash 0007 may all take the hash value of m 04 . In this way, Merkle Tree and Merkle proof can also be constructed.
  • FIG. 5 can be executed by Node 0 in the figure, and can also be extended to be executed by Node 0 , Node 1 , Node 2 and Node 3 .
  • every consensus node that collects at least Quorum third messages from different nodes can output the transaction set corresponding to the summary value as the entire consensus result, except for Figure 5
  • any one of Figs. 6, 7, 8, and 9 may be used.
  • Figure 5 is from the perspective of Node 0 , which initiates a consensus proposal.
  • Node 1 , Node 2 , and Node 3 Any one can also initiate a proposal, and other consensus nodes cooperate to complete the above-mentioned similar process, so that the whole is the superposition of Figures 5, 6, 7, 8, and 9.
  • the transaction set of Node 0 initiating the consensus proposal is m 0
  • the transaction set of Node 1 initiating the consensus proposal is m 1
  • the transaction set of Node 2 initiating the consensus proposal is m 2
  • the transaction set of Node 3 initiating the consensus proposal The set is m 3 , so m 0 can correspond to hash 0
  • m 1 can correspond to hash 1
  • m 2 can correspond to hash 2
  • m 3 can correspond to hash 3 .
  • the consensus output of each consensus node is ⁇ m 0 , m 1 , m 2 , m 3 ⁇ with high probability.
  • the order of m 0 , m 1 , m 2 , m 3 in the output results It can be sorted according to certain rules, for example, sorted according to the size order of the corresponding hash values.
  • the delay caused by the consensus process is greatly reduced.
  • it is equivalent to combining the last two rounds of the RBC process and the first two rounds of the ABA process in the HBBFT by using the forward-looking voting and digital signature technology, thereby shortening the required rounds.
  • the forward-looking voting refers to voting in the second round of Bval in the above embodiment, while HBBFT needs to vote in the fifth round of Bval in the ABA process.
  • the digital signature refers to the digital signature used in the first round and the second round in the above embodiment.
  • the proposed consensus node does not need to transmit a larger data packet to each of the remaining consensus nodes, but transmits different data blocks of the data packet to different consensus nodes. nodes, which can reduce the amount of data transmitted by the network. Forwarding the data blocks sent by the proposed consensus nodes in the second round can make full use of the bandwidth resources between nodes in the network, thereby improving the performance of the consensus protocol as a whole.
  • the present application also provides an embodiment of a blockchain system, including consensus nodes, wherein: the first consensus node uses erasure codes to generate multiple data blocks from the transaction set proposed by the consensus; the first consensus node retains a copy of the data block, and Send the first message to other consensus nodes, and the first messages sent to different consensus nodes include different data blocks and the signature of the first consensus node; the consensus node that receives the first message broadcasts the second message, and the second consensus node receives the first message
  • the second message includes the received data block, and includes votes and signatures on the transaction set; the vote includes the summary value of the transaction set; the consensus node that receives the second message collects at least Quorum from After unanimous voting by different consensus nodes, broadcast a third message, the third message includes the data block, the digest value and the collected signature set; wherein the data block broadcast by the first consensus node includes the reserved data block,
  • the remaining consensus nodes broadcast the data blocks received in the first round; at the end of the third round, the consensus nodes use the
  • the first consensus node uses the erasure code to generate n data blocks from the transaction set proposed by the consensus, and the n is equal to the total number of consensus nodes.
  • the first consensus node generates a corresponding Merkel certificate for each data block, and the first message sent also includes the Merkel certificate; correspondingly, at the end of the first round, receiving The consensus node that received the first message also verifies the received data block and the Merkle proof; after passing the verification, it enters the second round.
  • the broadcasted second message or the third message further includes the Merkle certificate corresponding to the broadcasted data block.
  • the third message broadcast by the first consensus node also includes the data blocks reserved in the first round.
  • the consensus node that received the third message also verifies the received data block and the corresponding Merkle certificate; after the verification is passed, it enters the process of restoring the transaction set using erasure codes.
  • each of at least Quorum number of consensus nodes in the blockchain system serves as the first consensus node.
  • the present application also provides an embodiment of a consensus node in a blockchain system.
  • the consensus node is the first consensus node.
  • This embodiment can also be shown in FIG.
  • the proposed transaction set uses erasure codes to generate multiple data blocks, and retains a copy of the data blocks; the first message broadcast unit 102 is used to broadcast the first message to other consensus nodes, which are distinguished in the blockchain system.
  • the first messages sent to different consensus nodes include different data blocks and the signature of the first consensus node;
  • the second message receiving unit 103 is configured to receive the second message,
  • the second message includes votes and signatures on the transaction set;
  • the vote includes the summary value of the transaction set;
  • the third message broadcast unit 104 when the second message receiving unit collects at least Quorum from different consensus nodes
  • the third message is broadcast after the unanimous vote of the , the third message includes the reserved data block, the digest value and the collected signature set;
  • the third message collection unit 105 is used to collect the third message from different consensus nodes Message;
  • the output unit 106 after the third message collection unit collects at least Quorum third messages from different nodes, outputs the transaction set corresponding to the summary value as at least a part of the consensus result.
  • the data block generation unit 101 generates n data blocks using erasure codes for the transaction set proposed by the consensus, where n is equal to the total number of consensus nodes.
  • the data block generating unit 101 also generates a corresponding Merkel certificate for each data block, and the first message sent by the first message broadcasting unit may also include the Merkel certificate.
  • the third broadcast message may also include the Merkle certificate corresponding to the reserved data block.
  • a verification unit may also be included, configured to verify the data block in the third message and the corresponding Merkle certificate after the third message receiving unit receives the third message.
  • the third message broadcast by the third message broadcasting unit may further include the data block reserved by the data block generating unit.
  • the present application also provides an embodiment of a consensus node in a blockchain system, as shown in Figure 11, including: a first message receiving unit 111, configured to receive the first message broadcast by the first consensus node, in the first message Including a data block of the proposed transaction set and the signature of the first consensus node; the second message broadcast unit 112, used to broadcast the second message after the first message receiving unit 111 receives the first message, in the second message Including votes and signatures on the transaction set; the vote includes a summary value of the transaction set; the second message receiving unit 113 is configured to receive a second message, the second message includes the vote on the transaction set and signature; the vote includes the summary value of the transaction set; the third message broadcast unit 114, when the second message receiving unit 112 collects at least Quorum unanimous votes from different consensus nodes, broadcasts the third message, the first The three messages include the digest value and the collected signature set; the third message collection unit 115 collects the third messages from different consensus nodes; the recovery unit 116 uses the data block received by the third message collection unit
  • the first message received by the first message receiving unit 111 also includes the Merkle certificate; correspondingly, the first message receiving unit 111 also verifies the received data block and the Merkle certificate.
  • the second message or the third message further includes the Merkel certificate corresponding to the broadcast data block
  • the third message receiving unit 113 also verifies the received data block and the corresponding Merkel certificate.
  • a Programmable Logic Device such as a Field Programmable Gate Array (FPGA)
  • FPGA Field Programmable Gate Array
  • HDL Hardware Description Language
  • the controller may be implemented in any suitable way, for example the controller may take the form of a microprocessor or processor and a computer readable medium storing computer readable program code (such as software or firmware) executable by the (micro)processor , logic gates, switches, application specific integrated circuits (Application Specific Integrated Circuit, ASIC), programmable logic controllers and embedded microcontrollers, examples of controllers include but are not limited to the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicone Labs C8051F320, the memory controller can also be implemented as part of the control logic of the memory.
  • controller in addition to realizing the controller in a purely computer-readable program code mode, it is entirely possible to make the controller use logic gates, switches, application-specific integrated circuits, programmable logic controllers, and embedded The same function can be realized in the form of a microcontroller or the like. Therefore, such a controller can be regarded as a hardware component, and the devices included in it for realizing various functions can also be regarded as structures within the hardware component. Or even, means for realizing various functions can be regarded as a structure within both a software module realizing a method and a hardware component.
  • the systems, devices, modules, or units described in the above embodiments can be specifically implemented by computer chips or entities, or by products with certain functions.
  • a typical implementation device is a server system.
  • the computer that realizes the functions of the above embodiments can be, for example, a personal computer, a laptop computer, a vehicle-mounted human-computer interaction device, a cellular phone, a camera phone, a smart phone, a personal digital assistant , media players, navigation devices, email devices, game consoles, tablet computers, wearable devices, or any combination of these devices.
  • one or more embodiments of the present specification provide the operation steps of the method described in the embodiment or the flowchart, more or fewer operation steps may be included based on conventional or non-inventive means.
  • the sequence of steps enumerated in the embodiments is only one of the execution sequences of many steps, and does not represent the only execution sequence.
  • the methods shown in the embodiments or drawings can be executed sequentially or in parallel (such as a parallel processor or multi-thread processing environment, or even a distributed data processing environment).
  • These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions
  • the device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.
  • a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
  • processors CPUs
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • Memory may include non-permanent storage in computer-readable media, in the form of random access memory (RAM) and/or nonvolatile memory such as read-only memory (ROM) or flash RAM. Memory is an example of computer readable media.
  • RAM random access memory
  • ROM read-only memory
  • flash RAM flash random access memory
  • Computer-readable media including both permanent and non-permanent, removable and non-removable media, can be implemented by any method or technology for storage of information.
  • Information may be computer readable instructions, data structures, modules of a program, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read only memory (ROM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Flash memory or other memory technology, Compact Disc Read-Only Memory (CD-ROM), Digital Versatile Disc (DVD) or other optical storage, Magnetic cassettes, magnetic tape magnetic disk storage, graphene storage or other magnetic storage devices or any other non-transmission medium that can be used to store information that can be accessed by computing devices.
  • computer-readable media excludes transitory computer-readable media, such as modulated data signals and carrier waves.
  • one or more embodiments of this specification may be provided as a method, system or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, one or more embodiments of the present description may employ a computer program embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein. The form of the product.
  • program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types.
  • program modules may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network.
  • program modules may be located in both local and remote computer storage media including storage devices.

Abstract

A consensus method, a blockchain system, and a consensus node. The consensus method comprises: a first consensus node generates, by using an erasure code, multiple data blocks from a transaction set proposed by a consensus; the first consensus node sends a first message to other consensus nodes; a consensus node receiving the first message broadcasts a second message, the second message comprising a received data block and a vote and a signature for the transaction set, and the vote comprising an abstract value of the transaction set; a consensus node receiving the second message broadcasts a third message after acquiring Quorum consistent votes from different consensus nodes, the third message comprising the abstract value and the acquired signature set; and the consensus node recovers the transaction set by using the erasure code at the end of a second round or a third round on the basis of the received data block, and after at least Quorum third messages from different nodes are acquired, uses the transaction set corresponding to the abstract value as at least part of a consensus result for output.

Description

共识方法、区块链系统和共识节点Consensus methods, blockchain systems and consensus nodes 技术领域technical field
本说明书实施例属于区块链技术领域,尤其涉及一种共识方法、区块链系统和共识节点。The embodiments of this specification belong to the field of blockchain technology, and in particular relate to a consensus method, a blockchain system, and consensus nodes.
背景技术Background technique
区块链(Blockchain)是分布式数据存储、点对点传输、共识机制、加密算法等计算机技术的新型应用模式。区块链系统中按照时间顺序将数据区块以顺序相连的方式组合成链式数据结构,并以密码学方式保证的不可篡改和不可伪造的分布式账本。由于区块链具有去中心化、信息不可篡改、自治性等特性,区块链也受到人们越来越多的重视和应用。Blockchain is a new application model of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithm. In the blockchain system, the data blocks are combined into a chained data structure in a sequentially connected manner in chronological order, and a non-tamperable and unforgeable distributed ledger is cryptographically guaranteed. Due to the characteristics of decentralization, non-tamperable information, and autonomy, the blockchain has also received more and more attention and application.
发明内容Contents of the invention
本发明的目的在于提供一种共识方法、区块链系统和共识节点,包括:一种区块链系统中的共识方法,包括:第一轮:第一共识节点将共识提议的交易集合采用纠删码生成多个数据块;第一共识节点保留一份数据块,并发送第一消息至其它共识节点,发送至不同共识节点的第一消息中包括不同的所述数据块以及第一共识节点的签名;第二轮:接收到所述第一消息的共识节点广播第二消息,第二消息中包括对所述交易集合的投票和签名;所述投票包括所述交易集合的摘要值;第三轮:接收到第二消息的共识节点收集到至少Quorum个来自于不同共识节点的一致的投票后,广播第三消息,第三消息包括数据块、所述摘要值以及收集到的签名集合;其中第一共识节点广播的数据块包括所述保留的数据块,其余共识节点广播第一轮中收到的数据块;所述其余共识节点在第三轮的末尾基于接收到的数据块采用所述纠删码恢复出所述交易集合,并在收集到至少Quorum个来自于不同节点的第三消息后,将所述摘要值对应的交易集合作为共识结果的至少一部分输出。The purpose of the present invention is to provide a consensus method, blockchain system and consensus nodes, including: a consensus method in the blockchain system, including: the first round: the first consensus node uses the transaction set proposed by the consensus to correct Code deletion generates multiple data blocks; the first consensus node retains a copy of the data block, and sends the first message to other consensus nodes, and the first message sent to different consensus nodes includes different data blocks and the first consensus node The second round: the consensus node that received the first message broadcasts the second message, the second message includes the vote and signature on the transaction set; the vote includes the summary value of the transaction set; the second Three rounds: After the consensus node receiving the second message collects at least Quorum unanimous votes from different consensus nodes, it broadcasts the third message, which includes the data block, the digest value and the collected signature set; The data blocks broadcast by the first consensus node include the reserved data blocks, and the remaining consensus nodes broadcast the data blocks received in the first round; The erasure code restores the transaction set, and after collecting at least Quorum third messages from different nodes, outputs the transaction set corresponding to the digest value as at least a part of the consensus result.
一种区块链系统,包括共识节点,其中:第一共识节点将共识提议的交易集合采用纠删码生成多个数据块;第一共识节点保留一份数据块,并发送第一消息至其它共识节点,发送至不同共识节点的第一消息中包括不同的所述数据块以及第一共识节点的签名;接收到所述第一消息的共识节点广播第二消息,第二消息中包括对所述交易集合的投票和签名;所述投票包括所述交易集合的摘要值;接收到第二消息的共识节点收集到至少Quorum个来自于不同共识节点的一致的投票后,广播第三消息,第三消息包括数据块、所述摘要值以及收集到的签名集合;其中第一共识节点广播的数据块包括所述保留的数据块,其余共识节点广播第一轮中收到的数据块;所述共识节点在第三轮的末尾基于接收到的数据块采用所述纠删码恢复出所述交易集合,并在收集到至少Quorum个来自于不同节点的第三消息后,将所述摘要值对应的交易集合作为共识结果的至少一部分输出。A blockchain system, including consensus nodes, wherein: the first consensus node uses erasure codes to generate multiple data blocks from the transaction set proposed by the consensus; the first consensus node retains a copy of the data block, and sends the first message to other Consensus nodes, the first message sent to different consensus nodes includes different data blocks and the signature of the first consensus node; the consensus node that receives the first message broadcasts a second message, and the second message includes the signature for all The voting and signature of the transaction set; the vote includes the summary value of the transaction set; after the consensus node receiving the second message collects at least Quorum unanimous votes from different consensus nodes, it broadcasts the third message, and the second The third message includes the data block, the digest value and the collected signature set; wherein the data block broadcast by the first consensus node includes the reserved data block, and the remaining consensus nodes broadcast the data block received in the first round; the At the end of the third round, the consensus node uses the erasure code to restore the transaction set based on the received data block, and after collecting at least Quorum third messages from different nodes, the summary value corresponds to The set of transactions is output as at least part of the consensus result.
一种区块链系统中的共识节点,包括:数据块生成单元,用于将共识提议的交易集合采用纠删码生成多个数据块,并保留一份数据块;第一消息广播单元,用于广播第一消息至其它共识节点,发送至不同共识节点的第一消息中包括不同的所述数据块以及第一共识节点的签名;第二消息接收单元,用于接收第二消息,第二消息中包括对所述交 易集合的投票和签名;所述投票包括所述交易集合的摘要值;第三消息广播单元,当第二消息接收单元收集到至少Quorum个来自于不同共识节点的一致的投票后广播第三消息,第三消息包括所述保留的数据块,所述摘要值以及收集到的签名集合;第三消息收集单元,用于收集来自于不同共识节点的第三消息;输出单元,在第三消息收集单元收集到至少Quorum个来自于不同节点的第三消息后,将所述摘要值对应的交易集合作为共识结果的至少一部分输出。A consensus node in a blockchain system, comprising: a data block generation unit, used to generate multiple data blocks using erasure codes for a transaction set proposed by the consensus, and retain a copy of the data blocks; a first message broadcast unit, using When broadcasting the first message to other consensus nodes, the first messages sent to different consensus nodes include different data blocks and the signature of the first consensus node; the second message receiving unit is used to receive the second message, and the second The message includes a vote and a signature on the transaction set; the vote includes a summary value of the transaction set; the third message broadcast unit, when the second message receiving unit collects at least Quorum consistent Broadcast a third message after voting, the third message includes the reserved data block, the digest value and the collected signature set; the third message collection unit is used to collect the third message from different consensus nodes; the output unit After the third message collection unit collects at least Quorum third messages from different nodes, output the transaction set corresponding to the summary value as at least a part of the consensus result.
一种区块链系统中的共识节点,包括:第一消息接收单元,用于接收第一共识节点广播的第一消息,第一消息中包括提议的交易集合的一个数据块和第一共识节点的签名;第二消息广播单元,用于当第一消息接收单元接收到所述第一消息后广播第二消息,第二消息中包括对所述交易集合的投票和签名;所述投票包括所述交易集合的摘要值;第二消息接收单元,用于接收第二消息,第二消息中包括对所述交易集合的投票和签名;所述投票包括所述交易集合的摘要值;第三消息广播单元,当第二消息接收单元收集到至少Quorum个来自于不同共识节点的一致的投票,则广播第三消息,第三消息包括所述摘要值以及收集到的签名集合;第三消息收集单元,收集来自于不同共识节点的第三消息;恢复单元,基于第三消息收集单元接收到的数据块采用所述纠删码恢复出所述交易集合;输出单元,当第三消息收集单元收集到至少Quorum个来自于不同节点的第三消息后,将所述摘要值对应的交易集合作为共识结果的至少一部分输出。A consensus node in a blockchain system, comprising: a first message receiving unit, configured to receive a first message broadcast by the first consensus node, the first message including a data block of a proposed transaction set and the first consensus node signature; the second message broadcasting unit is configured to broadcast a second message after the first message receiving unit receives the first message, and the second message includes a vote and a signature on the transaction set; the vote includes all The summary value of the transaction set; the second message receiving unit is used to receive the second message, and the second message includes the vote and signature on the transaction set; the vote includes the summary value of the transaction set; the third message The broadcasting unit, when the second message receiving unit collects at least Quorum unanimous votes from different consensus nodes, broadcasts the third message, the third message includes the digest value and the collected signature set; the third message collecting unit , to collect third messages from different consensus nodes; the recovery unit, based on the data block received by the third message collection unit, restores the transaction set using the erasure code; the output unit, when the third message collection unit collects After at least Quorum third messages from different nodes, the transaction set corresponding to the summary value is output as at least a part of the consensus result.
上述实施例中,在一定前提下缩短至3个轮次完成一次共识的基础上,采用纠删码对共识提议的交易生成若干个数据块,提议的共识节点不必传输较大的数据包至其余的每一共识节点,而是将数据包的不同数据块传输至不同的共识节点,从而可以降低网络传输的数据量。在第二轮中转发提议的共识节点发来的数据块,可以充分利用网络中节点之间的带宽资源,从而整体上提升共识协议的性能。In the above-mentioned embodiment, on the basis of shortening to 3 rounds to complete a consensus under a certain premise, the erasure code is used to generate several data blocks for the transaction proposed by the consensus, and the proposed consensus node does not need to transmit larger data packets to other Instead, different data blocks of the data packet are transmitted to different consensus nodes, which can reduce the amount of data transmitted by the network. Forwarding the data blocks sent by the proposed consensus nodes in the second round can make full use of the bandwidth resources between nodes in the network, thereby improving the performance of the consensus protocol as a whole.
附图说明Description of drawings
为了更清楚地说明本说明书实施例的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本说明书中记载的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions of the embodiments of this specification, the following will briefly introduce the drawings that need to be used in the description of the embodiments. Obviously, the drawings in the following description are only some embodiments recorded in this specification. , for those skilled in the art, other drawings can also be obtained according to these drawings without paying creative labor.
图1是一实施例中实用拜占庭容错算法常规阶段的示意图;Fig. 1 is a schematic diagram of a conventional stage of a practical Byzantine fault-tolerant algorithm in an embodiment;
图2是一实施例中实用拜占庭容错算法视图切换阶段的示意图;Fig. 2 is a schematic diagram of the view switching stage of the practical Byzantine fault-tolerant algorithm in an embodiment;
图3是一实施例中蜜獾拜占庭容错算法的示意图;Fig. 3 is a schematic diagram of the honey badger Byzantine fault-tolerant algorithm in an embodiment;
图4是本说明书一实施例中共识算法的流程图;Fig. 4 is a flowchart of the consensus algorithm in an embodiment of this specification;
图5是本说明书一实施例中共识算法的示意图;Fig. 5 is a schematic diagram of a consensus algorithm in an embodiment of this specification;
图6是本说明书一实施例中共识算法的示意图;Fig. 6 is a schematic diagram of a consensus algorithm in an embodiment of this specification;
图7是本说明书一实施例中共识算法的示意图;Fig. 7 is a schematic diagram of a consensus algorithm in an embodiment of this specification;
图8是本说明书一实施例中共识算法的示意图;Fig. 8 is a schematic diagram of a consensus algorithm in an embodiment of this specification;
图9是本说明书一实施例中共识算法的示意图;Fig. 9 is a schematic diagram of a consensus algorithm in an embodiment of this specification;
图10是本说明书一实施例中共识节点的架构图;FIG. 10 is an architecture diagram of a consensus node in an embodiment of this specification;
图11是本说明书一实施例中共识节点的架构图;Fig. 11 is an architecture diagram of a consensus node in an embodiment of this specification;
图12是本说明书一实施例中纠删码的原理图;Fig. 12 is a schematic diagram of an erasure code in an embodiment of this specification;
图13是本说明书一实施例中Merkle Tree的原理图;Fig. 13 is a schematic diagram of Merkle Tree in an embodiment of this specification;
图14是本说明书一实施例中Merkle Tree的原理图。Fig. 14 is a schematic diagram of Merkle Tree in an embodiment of this specification.
具体实施方式Detailed ways
为了使本技术领域的人员更好地理解本说明书中的技术方案,下面将结合本说明书实施例中的附图,对本说明书实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本说明书一部分实施例,而不是全部的实施例。基于本说明书中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都应当属于本说明书保护的范围。In order to enable those skilled in the art to better understand the technical solutions in this specification, the technical solutions in the embodiments of this specification will be clearly and completely described below in conjunction with the drawings in the embodiments of this specification. Obviously, the described The embodiments are only some of the embodiments in this specification, not all of them. Based on the embodiments in this specification, all other embodiments obtained by persons of ordinary skill in the art without creative efforts shall fall within the protection scope of this specification.
区块链系统中,不同参与方通过部署的节点(Node)可以建立一个分布式的区块链网络。利用链式区块结构构造的去中心化(或称为多中心化)的分布式账本,保存于分布式的区块链网络中的每个节点(或大多节点上,如共识节点)上。这样的区块链系统需要解决去中心化(或多中心化)的多个节点上各自的账本数据的一致性和正确性的问题。每个节点上都运行着区块链程序,在一定容错需求的设计下,通过共识(consensus)机制保证所有忠诚节点具有相同的交易,从而保证所有忠诚节点对相同交易的执行结果一致,并将交易及执行结果打包生成区块。当前主流的共识机制包括:工作量证明(Proof of Work,POW)、股权证明(ProofofStake,POS)、委任权益证明(Delegated Proof of Stake,DPOS)、实用拜占庭容错(Practical Byzantine Fault Tolerance,PBFT)算法,蜜獾拜占庭容错(HoneyBadgerBFT)算法等。In the blockchain system, different participants can establish a distributed blockchain network through the deployed nodes (Nodes). A decentralized (or multi-centered) distributed ledger constructed using a chained block structure is stored on each node (or most nodes, such as consensus nodes) in the distributed blockchain network. Such a blockchain system needs to solve the problem of the consistency and correctness of the respective ledger data on multiple decentralized (or multi-centered) nodes. Each node runs a blockchain program. Under the design of certain fault-tolerant requirements, the consensus mechanism is used to ensure that all loyal nodes have the same transaction, so as to ensure that all loyal nodes have the same execution results for the same transaction, and will Transactions and execution results are packaged to generate blocks. The current mainstream consensus mechanisms include: Proof of Work (POW), Proof of Stake (POS), Delegated Proof of Stake (DPOS), Practical Byzantine Fault Tolerance (PBFT) algorithm , Honey Badger Byzantine Fault Tolerance (HoneyBadgerBFT) algorithm, etc.
以PBFT为例,该算法是Miguel Castro(卡斯特罗)和Barbara Liskov(利斯科夫)在1999年提出来的,解决了原始拜占庭容错算法效率不高的问题,将算法复杂度由指数级降低到多项式级,使得拜占庭容错算法在实际系统应用中变得可行。该论文发表在1999年的操作系统设计与实现国际会议上(OSDI99)。PBFT算法中,所有的副本(replica)在一个被称为视图(View)的轮换过程(succession of configuration)中运行。在某个视图中,一个副本作为主节点(primary),其他的副本作为备份节点(backups)。视图是连续编号的整数。主节点由公式p=v mod|R|计算得到,这里v是视图编号,p是副本编号,|R|是副本集合的个数。该算法中假设,当最多存在f个副本(即节点)失效时,如果存在总数为至少3f+1个副本,就能保证在异步系统中提供安全性和活性。为了能够确保所有副本的数据一致性要求和容错要求而需要的一定数量副本的集合,一般是分布式系统中的大多数节点构成的集合,构成大多数(Quorum)。例如在总节点数n为3f+1(n=3f+2或n=3f的情况一般不会对容错效果带来提升)的情况下,Quorum为2f+1。这样,对于包含四个节点的分布式系统,任意三个节点可以构成一个Quorum。Taking PBFT as an example, this algorithm was proposed by Miguel Castro (Castro) and Barbara Liskov (Liskov) in 1999. It solved the problem of low efficiency of the original Byzantine fault-tolerant algorithm, and the complexity of the algorithm was changed from exponential to The level is reduced to the polynomial level, making the Byzantine fault-tolerant algorithm feasible in practical system applications. The paper was presented at the International Conference on Operating System Design and Implementation (OSDI99) in 1999. In the PBFT algorithm, all replicas run in a rotation process (succession of configuration) called View. In a certain view, one copy acts as the primary node (primary), and the other copies act as backup nodes (backups). Views are consecutively numbered integers. The primary node is calculated by the formula p=v mod|R|, where v is the view number, p is the replica number, and |R| is the number of replica sets. The algorithm assumes that when at most f replicas (ie, nodes) fail, if there are at least 3f+1 replicas in total, security and liveness can be guaranteed to be provided in an asynchronous system. A set of a certain number of copies required to ensure the data consistency and fault tolerance requirements of all copies is generally a collection of most nodes in a distributed system, forming a majority (Quorum). For example, when the total number of nodes n is 3f+1 (the case of n=3f+2 or n=3f generally does not improve the fault tolerance effect), the Quorum is 2f+1. In this way, for a distributed system containing four nodes, any three nodes can form a Quorum.
PBFT包括Normal Case Phase和View Change Phase两个过程,图1为Normal Case Phase(常规阶段)过程的流程图。Normal Case Phase中主要包括PRE-PREPARE(预准备)、PREPARE(准备)和COMMIT(提交)三个阶段,其中3号节点例如可以表示宕机的节点(图1中以×表示)。当主节点失效的时候(图2中以×表示,如更换视图 前主节点Primary也就是Replica 0(副本0)失效)就需要启动视图更换(view change)过程,从而在系统存在故障时进行状态调整,更换新的主节点(如更换视图后Replica 1为主节点Primary)。图2为View Change Phase(视图切换)的示意图。如果主节点掉线或者作恶而不广播客户端的请求等,客户端可以设置超时机制。如果超时的话,客户端可以向所有副本节点广播请求消息。副本节点检测出主节点作恶或者下线后,也可以发起View Change协议阶段,以更换主节点(经常简称为“换主”)。此外,也可能由于主节点发起错误的提议导致PRE-PREPARE、PREPARE和COMMIT三阶段共识过程失败,或者,PREPARE、COMMIT阶段可能达不成Quorum数量(如3f+1个节点中的2f+1个,也称为法定数量)的一致,也都无法完成共识。这些情况下也可能发起View Change协议阶段,以更换主节点。PBFT includes two processes, Normal Case Phase and View Change Phase. Figure 1 is a flow chart of the Normal Case Phase (normal phase) process. The Normal Case Phase mainly includes three phases: PRE-PREPARE (pre-preparation), PREPARE (preparation) and COMMIT (commitment). Among them, node 3 can represent a downtime node (indicated by × in Figure 1), for example. When the primary node fails (indicated by × in Figure 2, if the primary node Primary, that is, Replica 0 (copy 0) fails before changing the view), it is necessary to start the view change process, so as to adjust the state when the system is faulty , replace the new primary node (for example, Replica 1 is the primary node Primary after changing the view). Figure 2 is a schematic diagram of View Change Phase (view switching). If the master node goes offline or does evil and does not broadcast the client's request, etc., the client can set a timeout mechanism. If it times out, the client can broadcast the request message to all replica nodes. After the replica node detects that the master node is malicious or goes offline, it can also initiate the View Change protocol phase to replace the master node (often referred to as "master change"). In addition, the three-stage consensus process of PRE-PREPARE, PREPARE and COMMIT may fail due to the wrong proposal initiated by the master node, or the PREPARE and COMMIT stages may not reach the number of Quorum (such as 2f+1 of 3f+1 nodes, Also known as the quorum), the consensus cannot be completed. In these cases it is also possible to initiate the View Change protocol phase to replace the master node.
PBFT协议属于半同步(partial synchronous)协议,其特点是假设网络一开始是异步的,但是能够从某一时刻开始同步。要在网络中让不同节点对同一提议达成共识,最简便的方式是设置主节点,由主节点来统一各个节点的意见。通过设置定时器,可以防止主节点出错。PBFT中,如果在有限时间内没有完成Normal Case Phase,会触发Backups发起View Change Phase,以更换主节点。PBFT将主节点固定在一个位置,所有请求都可以先发送到主节点,再由主节点广播到其他共识节点。除了引入额外的、将请求发送到主节点的延迟之外,主节点的出入口带宽也可能成为性能瓶颈。与此相对的,HoneyBadgerBFT(也常简称为HBBFT)算法属于一种异步(asynchronous)协议。异步协议适用于异步网络,也就是这个网络中节点间的消息可以被任意延迟,但最终会到达。HoneyBadgerBFT中去掉了定时器,而是通过消息来驱动协议的执行。同时,HoneyBadgerBFT算法中所有节点都是对等的,没有主节点和备份节点之分,也就没有换主的过程。HBBFT等异步网络共识协议无主节点的概念,各节点都可提议请求,尝试构造区块,因此异步网络协议在一定程度上缓解了公平性和单节点瓶颈的问题。The PBFT protocol is a partial synchronous protocol, which is characterized by assuming that the network is asynchronous at the beginning, but it can be synchronized from a certain moment. To allow different nodes to reach a consensus on the same proposal in the network, the easiest way is to set up a master node, and the master node will unify the opinions of each node. By setting the timer, you can prevent the master node from making mistakes. In PBFT, if the Normal Case Phase is not completed within a limited time, Backups will be triggered to initiate the View Change Phase to replace the primary node. PBFT fixes the master node in one position, and all requests can be sent to the master node first, and then broadcast to other consensus nodes by the master node. In addition to introducing additional latency in sending requests to the master node, the ingress and egress bandwidth of the master node can also become a performance bottleneck. In contrast, the HoneyBadgerBFT (also often abbreviated as HBBFT) algorithm belongs to an asynchronous (asynchronous) protocol. Asynchronous protocols are suitable for asynchronous networks, that is, messages between nodes in this network can be delayed arbitrarily, but will eventually arrive. The timer is removed from HoneyBadgerBFT, and the execution of the protocol is driven by messages. At the same time, all nodes in the HoneyBadgerBFT algorithm are equal, there is no distinction between master nodes and backup nodes, and there is no process of changing masters. Asynchronous network consensus protocols such as HBBFT have no concept of master nodes. Each node can propose a request and try to construct a block. Therefore, asynchronous network protocols alleviate the problems of fairness and single-node bottlenecks to a certain extent.
图3为HoneyBadgerBFT算法单节点角度的流程图。实际上,如前所述,HoneyBadgerBFT算法中所有节点都是对等的,也就是说,所有节点都可以执行图3所示的流程。如图3所示,从单节点的视角来看,HoneyBadgerBFT主要包括两个阶段,分别为可靠广播(Reliable BroadCast,RBC)和异步共识(Asynchronous Binary Agreement,ABA,异步二进制协议,也称为“01异步共识”)。RBC阶段至少包括Rval、Echo、Ready三轮消息交互,ABA阶段至少包括Bval、Aux和Coin三轮消息交互。RBC使用三轮消息交互保证可靠的提议广播。ABA首先进行两轮投票(Bval和AUX消息),然后借助抛硬币(Coin)对各节点的提议统一认识,从而绕开半同步协议对网络同步的要求。一次HoneyBadgerBFT共识,要经过RBC阶段和至少一次ABA阶段。最好的情况下,存在1/2的概率可以结束本次HoneyBadgerBFT共识过程,这样,需要经过6个轮次完成一次共识。此外,有1/4概率会进入再一次的ABA过程,如图3中第二次ABA过程(7、8、9轮次表示的ABA过程),有1/4概率会在第二轮结束,且存在至少1/4的概率可以结束本次HoneyBadgerBFT共识过程,这样,需要经过9个轮次完成一次共识。在第二次ABA过程后,整体上有1/8的概率会进入再一次的ABA过程......以此类推。Figure 3 is a flow chart of the single node angle of the HoneyBadgerBFT algorithm. In fact, as mentioned earlier, all nodes in the HoneyBadgerBFT algorithm are peers, that is, all nodes can execute the process shown in Figure 3. As shown in Figure 3, from the perspective of a single node, HoneyBadgerBFT mainly includes two stages, namely Reliable Broadcast (RBC) and Asynchronous Binary Agreement (ABA, asynchronous binary agreement, also known as "01 Asynchronous consensus"). The RBC phase includes at least three rounds of message interaction of Rval, Echo, and Ready, and the ABA phase includes at least three rounds of message interaction of Bval, Aux, and Coin. RBC uses three rounds of message exchanges to ensure reliable proposal broadcasting. ABA first conducts two rounds of voting (Bval and AUX messages), and then uses Coin toss (Coin) to unify the proposals of each node, thereby bypassing the network synchronization requirements of the semi-synchronous protocol. A HoneyBadgerBFT consensus must go through the RBC phase and at least one ABA phase. In the best case, there is a probability of 1/2 that the HoneyBadgerBFT consensus process can be ended. In this way, it takes 6 rounds to complete a consensus. In addition, there is a 1/4 probability that it will enter the ABA process again, as shown in Figure 3 for the second ABA process (the ABA process represented by rounds 7, 8, and 9), and there is a 1/4 probability that it will end in the second round. And there is a probability of at least 1/4 that the HoneyBadgerBFT consensus process can be ended. In this way, it takes 9 rounds to complete a consensus. After the second ABA process, there is a 1/8 probability that the overall will enter the ABA process again...and so on.
综上所述,HoneyBadgerBFT至少包括一次RBC(三轮)和一次ABA(三轮),如果ABA的投票结果与抛币结果不一致,协议进入新一轮的ABA(至少额外三轮)。抛币给共识的轮次带来不确定性,可能增加延迟。To sum up, HoneyBadgerBFT includes at least one RBC (three rounds) and one ABA (three rounds). If the ABA voting result is inconsistent with the coin toss result, the protocol enters a new round of ABA (at least three additional rounds). Tossing coins brings uncertainty to the rounds of consensus and may increase delays.
本申请提供一种共识算法实施例,如图4所示,具体包括:S41:【第一轮】第一共识节点将共识提议的交易集合采用纠删码生成多个数据块;第一共识节点保留一份数据块,并发送第一消息至其它共识节点,发送至不同共识节点的第一消息中包括不同的所述数据块以及第一共识节点的签名。This application provides an embodiment of a consensus algorithm, as shown in Figure 4, which specifically includes: S41: [First round] The first consensus node uses erasure codes to generate multiple data blocks from the transaction set proposed by the consensus; the first consensus node A copy of the data block is reserved, and a first message is sent to other consensus nodes. The first messages sent to different consensus nodes include different data blocks and signatures of the first consensus node.
本申请一种共识算法实施例中,可以包括3轮的交互。与HBBFT类似的,图5所示实施例的共识算法,也属于一种异步协议,即假设网络中节点间的消息可以被任意延迟,但最终会到达。类似的,图5实施例中也去掉了定时器,通过消息来驱动协议的执行;同时,所有节点可以都是对等的,没有主节点和备份节点之分,任一共识节点都可以发起共识提议,每一个共识节点也都可以参与其他节点提起共识提议的共识过程。一次共识的结果,可以包括本次共识中所有节点提起且获得至少Quorum数量投票一致的共识提议中的交易集合的总和。In an embodiment of a consensus algorithm in this application, it may include 3 rounds of interaction. Similar to HBBFT, the consensus algorithm of the embodiment shown in Figure 5 is also an asynchronous protocol, that is, it is assumed that messages between nodes in the network can be delayed arbitrarily, but will eventually arrive. Similarly, the timer is also removed in the embodiment in Figure 5, and the execution of the protocol is driven by messages; at the same time, all nodes can be peer-to-peer, there is no distinction between the master node and the backup node, and any consensus node can initiate consensus Proposals, each consensus node can also participate in the consensus process where other nodes propose consensus proposals. The result of a consensus can include the sum of the transaction sets in the consensus proposal proposed by all nodes in this consensus and obtained at least the same number of Quorum votes.
以一个节点的视角来看,例如以Node 0发起共识提议的视角来看,交互过程如图5所示。在一次共识中,Node 0可以发起共识提议,这个共识提议中可以包括打包的交易集合,例如标记为m 0,m 0中可以包括一系列的交易构成的集合{tx 01,tx 02,...,tx 0n}。进而,Node 0可以将共识提议的交易集合m 0采用纠删码(Erasure Coding)生成多个数据块。一般的,采用纠删码生成的数据块的数量n可以等于共识节点的总数。例如在包括4个共识节点的区块链系统中,Node 0将m 0采用纠删码生成4个数据块(data blocks),分别是m 00、m 01、m 02、m 03。对于这4个生成的数据块,可以分别具有对应的hash值,例如m 00对应的hash值为hash 000、m 01对应的hash值为hash 001、m 02对应的hash值为hash 002、m 03对应的hash值为hash 003,如图12所示。纠删码是一种编码容错技术,最早用于通信行业中数据传输中的数据恢复。通过在原始数据中加入校验数据,使拆分后的各个数据产生关联。在一定范围的数据出错情况下,通过纠删码技术可以进行恢复。可以将数据m通过EC生成N个data blocks。在一种常用的设计中,这N个data blocks中一般包括将数据m拆分后的p个data blocks,此外还增加了用来存储erasure编码的q个data blocks。这样,能通过p+q份中的任意p份数据,还原出原始数据m。 From the perspective of a node, for example, from the perspective of Node 0 initiating a consensus proposal, the interaction process is shown in Figure 5. In a consensus, Node 0 can initiate a consensus proposal, which can include a packaged transaction set, for example, marked as m 0 , m 0 can include a series of transaction sets {tx 01 , tx 02 , .. .,tx 0n }. Furthermore, Node 0 can generate multiple data blocks by adopting erasure coding (Erasure Coding) for the transaction set m 0 proposed by the consensus. Generally, the number n of data blocks generated using erasure codes can be equal to the total number of consensus nodes. For example, in a blockchain system including 4 consensus nodes, Node 0 uses erasure codes on m 0 to generate 4 data blocks (data blocks), namely m 00 , m 01 , m 02 , and m 03 . For these four generated data blocks, they can have corresponding hash values respectively, for example, the hash value corresponding to m 00 is hash 000 , the corresponding hash value of m 01 is hash 001 , and the corresponding hash value of m 02 is hash 002 , m 03 The corresponding hash value is hash 003 , as shown in Figure 12. Erasure code is a coding error-tolerant technology, which was first used for data recovery in data transmission in the communication industry. By adding verification data to the original data, each split data is associated. In the case of a certain range of data errors, it can be recovered through erasure code technology. Data m can be generated into N data blocks through EC. In a commonly used design, the N data blocks generally include p data blocks after data m is split, and q data blocks for storing erasure codes are also added. In this way, the original data m can be restored through any p pieces of data in the p+q pieces.
Node 0还可以为生成的数据块构建Merkle Tree(默克尔树,通常也被称作Hash Tree)。如前所述,4个数据块m 00、m 01、m 02、m 03的hash值分别是hash 000、hash 001、hash 002、hash 003,两两构建hash值,可以得到hash 00、hash 01。其中,hash 00可以是通过对hash 000和hash 001顺序拼接后计算hash得到,hash 01可以是通过对hash 002和hash 003顺序拼接后计算hash得到。进一步,可以将hash 00和hash 01顺序拼接后计算hash,从而得到hash 0。如图13所示。 Node 0 can also build a Merkle Tree (Merkle tree, usually also called a Hash Tree) for the generated data block. As mentioned above, the hash values of the four data blocks m 00 , m 01 , m 02 , and m 03 are respectively hash 000 , hash 001 , hash 002 , and hash 003 . To construct the hash values in pairs, hash 00 , hash 01 can be obtained . . Among them, hash 00 can be obtained by sequentially splicing hash 000 and hash 001 and calculating hash, and hash 01 can be obtained by sequentially splicing hash 002 and hash 003 and calculating hash. Further, hash 00 and hash 01 can be sequentially concatenated to calculate hash, thereby obtaining hash 0 . As shown in Figure 13.
进而,针对每个数据块,Node 0可以生成对应的merkle proof(默克尔证明)。例如,对于m 01,生成的默克尔证明包括hash 000、hash 01、hash 0;对于m 02,生成的默克尔证明包括hash 003、hash 00、hash 0;对于m 03,生成的默克尔证明包括hash 002、hash 00、hash 0。可见,默尔克证明是一个hash值的有序集合,通过这样的有序集合,可以计算得到默尔克树的根节点的hash值。 Furthermore, for each data block, Node 0 can generate a corresponding merkle proof (Merkle proof). For example, for m 01 , the generated Merkle proof includes hash 000 , hash 01 , hash 0 ; for m 02 , the generated Merkle proof includes hash 003 , hash 00 , hash 0 ; for m 03 , the generated Merkle proof The proof includes hash 002 , hash 00 , and hash 0 . It can be seen that the Merkle proof is an ordered set of hash values. Through such an ordered set, the hash value of the root node of the Merkle tree can be calculated.
第一共识节点发送第一消息至其它共识节点,发送至不同共识节点的第一消息中包括不同的所述数据块、对应的默克尔证明。第一共识节点Node 0可以发送第一消息Val消息至Node 1,该Val消息中可以包括数据块m 01,并包括该数据块对应的默克尔证明hash 000、hash 01、hash 0。Node 0可以发送第一消息Val消息至
Figure PCTCN2022124047-appb-000001
该Val消息中 可以包括数据块m 02,并包括该数据块对应的默克尔证明hash 003、hash 00、hash 0。Node 0可以发送第一消息Val消息至Node 3,该Val消息中可以包括数据块m 03,并包括该数据块对应的默克尔证明hash 002、hash 00、hash 0。如图5中所示。第一共识节点可以保留一份数据块,例如保留上述的数据块m 00The first consensus node sends a first message to other consensus nodes, and the first messages sent to different consensus nodes include different data blocks and corresponding Merkle certificates. The first consensus node Node 0 can send the first message Val message to Node 1 , the Val message can include the data block m 01 , and include the Merkel proof hash 000 , hash 01 , and hash 0 corresponding to the data block. Node 0 can send the first message Val message to
Figure PCTCN2022124047-appb-000001
The Val message may include the data block m 02 , and include the Merkel proofs hash 003 , hash 00 , and hash 0 corresponding to the data block. Node 0 may send a first Val message to Node 3 , and the Val message may include a data block m 03 , and include the Merkle certificates hash 002 , hash 00 , and hash 0 corresponding to the data block. As shown in Figure 5. The first consensus node may reserve a copy of the data block, for example, the above-mentioned data block m 00 .
此外,Node 0发送至Node 1的Val消息中还可以包括Node 0的签名,例如记为sig 00。一般地,Node 0可以用自身的私钥对消息的payload(净荷)部分签名,这里例如对包括m 01及其对应的默克尔证明签名,得到sig 00。此外,Node 0也可以是先对消息的净荷(payload)部分进行hash计算,得到hash值(即摘要值),进而再用自身的私钥对该hash值签名,从而得到sig 00。Node 0发送至其它Node的Val消息与此类似,不再赘述。 In addition, the Val message sent by Node 0 to Node 1 may also include the signature of Node 0 , for example, marked as sig 00 . Generally, Node 0 can use its own private key to sign the payload (payload) part of the message. Here, for example, sign m 01 and its corresponding Merkle certificate to obtain sig 00 . In addition, Node 0 may firstly perform hash calculation on the payload (payload) part of the message to obtain a hash value (that is, a digest value), and then sign the hash value with its own private key to obtain sig 00 . The Val message sent by Node 0 to other Nodes is similar and will not be repeated here.
Val消息的格式可以如<r,m 01,m 01对应的默克尔证明,sig 00>,其中r可以表示第r次共识。例如这里对m 0的共识提议是第r次共识,则下一个共识提议的交易集合m 1可以对应第r+1次共识。所述sig 00,也可以是采用自身私钥对包括r和m 01及其对应的默克尔证明在内的数据的签名。类似的,也可以是先对m 01及对应的默克尔证明进行hash计算,得到hash值,进而再用自身的私钥对该hash值和r在内的数据进行签名,从而得到sig 00The format of the Val message can be such as <r, m 01 , the Merkel proof corresponding to m 01 , sig 00 >, where r can represent the rth consensus. For example, the consensus proposal for m 0 here is the rth consensus, then the transaction set m 1 of the next consensus proposal can correspond to the r+1th consensus. The sig 00 may also be a signature of the data including r and m 01 and their corresponding Merkle certificates using its own private key. Similarly, it is also possible to perform hash calculation on m 01 and the corresponding Merkle certificate to obtain the hash value, and then use its own private key to sign the hash value and the data including r to obtain sig 00 .
S43:【第二轮】接收到所述第一消息的共识节点广播第二消息,第二消息中包括交易集合的投票和签名;所述投票包括所述交易集合m 0的摘要值。 S43: [Second round] The consensus node that received the first message broadcasts a second message, the second message includes the vote and signature of the transaction set; the vote includes the digest value of the transaction set m 0 .
在第一轮的末尾,接收到第一消息的共识节点可以验证接收到的第一消息的正确性。例如,Node 1可以采用Node 0的公钥对第一消息中的Node 0的签名进行验证。此外,第一消息中还可以包括所述接收到的数据块对应的默克尔证明。这样,在第一轮的末尾,接收到第一消息的共识节点还可以对接收到的第一消息中的数据块和对应的默克尔证明进行验证。具体的,在第一轮的末尾,收到Val消息的共识节点,可以计算Val消息中共识提议的数据块的hash值。例如,Node 1接收到第一共识节点
Figure PCTCN2022124047-appb-000002
发送的Val消息后,可以计算该Val消息中包括的数据块m 01的hash值,例如是hash 001。收到的Val消息,如前所述,还包括所包含的数据块对应的merkle proof。例如,Node 1接收到第一共识节点Node 0发送的Val消息中,还包括数据块m 01对应的默克尔证明hash 000、hash 01、hash 0。接收到Val消息的共识节点,可以通过Val消息中包含的默克尔证明来验证数据的正确性。例如,Node 1在前述计算得到Val消息中m 01的hash值hash 001后,进一步与该Val消息中的默克尔证明一并计算,包括将hash 000与hash 001计算得到hash′ 00,再由hash′ 00与hash 01计算得到hash′ 0,从而通过比较hash′ 0与hash 0是否一致来确定m 01是否正确。这是因为,一般来说发生哈希碰撞的概率是极低的,消息的发起方很难伪造一连串hash值,同时保持这些hash值与数据块存在对应关系。因此,如果比较hash′ 0与hash 0是一致的,则可以进入后续处理;如果不一致,则不认可接收到的Val消息,即不认可其中的包含的数据块。 At the end of the first round, the consensus nodes that received the first message can verify the correctness of the received first message. For example, Node 1 may use the public key of Node 0 to verify the signature of Node 0 in the first message. In addition, the first message may further include a Merkle certificate corresponding to the received data block. In this way, at the end of the first round, the consensus node that received the first message can also verify the data block in the received first message and the corresponding Merkle proof. Specifically, at the end of the first round, the consensus node that receives the Val message can calculate the hash value of the consensus-proposed data block in the Val message. For example, Node 1 receives the first consensus node
Figure PCTCN2022124047-appb-000002
After the Val message is sent, the hash value of the data block m 01 included in the Val message can be calculated, for example, hash 001 . The received Val message, as mentioned above, also includes the merkle proof corresponding to the contained data block. For example, Node 1 receives the Val message sent by the first consensus node Node 0 , which also includes the Merkel proof hash 000 , hash 01 , and hash 0 corresponding to data block m 01 . The consensus node that receives the Val message can verify the correctness of the data through the Merkle proof contained in the Val message. For example, after Node 1 obtains the hash value hash 001 of m 01 in the Val message through the aforementioned calculation, it further calculates together with the Merkel proof in the Val message, including calculating hash 000 and hash 001 to obtain hash′ 00 , and then by Hash′ 00 and hash 01 are calculated to obtain hash′ 0 , so whether m 01 is correct is determined by comparing whether hash′ 0 and hash 0 are consistent. This is because, generally speaking, the probability of a hash collision is extremely low, and it is difficult for the initiator of the message to forge a series of hash values while maintaining the corresponding relationship between these hash values and data blocks. Therefore, if comparing hash' 0 and hash 0 are consistent, the subsequent processing can be entered; if not, the received Val message is not approved, that is, the data block contained therein is not approved.
如果通过验证,则进入S43。S43,具体如图5中,接收到第一消息的共识节点可以广播第二消息。第二轮次的消息交互中,Node 1、Node 2、Node 3各自分别广播第二消息至其它共识节点。这个广播的第二消息可以记为Bval。 If the verification is passed, go to S43. S43, as specifically shown in FIG. 5 , the consensus node that has received the first message may broadcast the second message. In the second round of message interaction, Node 1 , Node 2 , and Node 3 respectively broadcast the second message to other consensus nodes. This broadcasted second message may be denoted as Bval.
Node 1、Node 2、Node 3可以通过广播第二消息来告诉其他共识节点自身对Node 0发起的共识提议的投票,投票可以是对共识提议表示认可或者不认可。如果共识节点认可该次共识中Node 0提议的交易集合,可以在第2轮次的消息交互中广播该交易集合的 hash值,如上述的hash 0。相反的,如果共识节点不认可该次共识中Node 0提议的交易集合,可以在第2轮次的消息交互中广播0。 Node 1 , Node 2 , and Node 3 can tell other consensus nodes to vote on the consensus proposal initiated by Node 0 by broadcasting the second message, and the vote can be to express approval or disapproval of the consensus proposal. If the consensus node approves the transaction set proposed by Node 0 in this consensus, it can broadcast the hash value of the transaction set in the second round of message interaction, such as hash 0 above. On the contrary, if the consensus node does not approve the transaction set proposed by Node 0 in this consensus, it can broadcast 0 in the second round of message interaction.
本轮次中,Node 0可以不参与广播,这是因为Node 0在第一轮次中发起共识提议,本身即可以代表Node 0对共识提议中的消息集合是认可的,从而第二轮次中可以由Node 1、Node 2、Node 3分别广播第二消息至其它共识节点。 In this round, Node 0 does not need to participate in the broadcast, because Node 0 initiates a consensus proposal in the first round, which itself can represent Node 0 ’s approval of the message set in the consensus proposal, so that in the second round Node 1 , Node 2 , and Node 3 may respectively broadcast the second message to other consensus nodes.
共识节点广播的第二消息中还可以包括第三轮中广播的数据块对应的默克尔证明。例如,在第一轮中第一共识节点针对每个数据块生成对应的默克尔证明,并在第一消息中将所述默克尔证明与数据块一并发送的情况,在第一轮的末尾,接收到第一消息的共识节点可以接收到数据块及该数据块对应的默克尔证明。这样,在第二轮中,共识节点广播的第二消息中,还可以包括该数据块对应的默克尔证明。此外,第二消息中还可以包括对所述交易集合的签名。前述提到,在第一轮的末尾接收到第一消息的共识节点可以验证接收到的第一消息的正确性,例如Node 1验证Node 0的签名是否正确。 The second message broadcast by the consensus node may also include the Merkle proof corresponding to the data block broadcast in the third round. For example, in the first round, if the first consensus node generates a corresponding Merkel proof for each data block, and sends the Merkle proof together with the data block in the first message, in the first round At the end of , the consensus node that received the first message can receive the data block and the Merkle proof corresponding to the data block. In this way, in the second round, the second message broadcast by the consensus node may also include the Merkle proof corresponding to the data block. In addition, the second message may also include a signature on the set of transactions. As mentioned above, the consensus node that receives the first message at the end of the first round can verify the correctness of the received first message, for example, Node 1 verifies whether the signature of Node 0 is correct.
类似的,Bval消息的格式可以如<r,hash 0,sig 10>,其中r可以表示第r次共识,hash 0为m 0的hash值,表示对m 0的投票观点是认同。则所述sig 10,也可以是采用自身私钥对包括r、hash 0在内的数据的签名。类似的,也可以是先对r、hash 0在内的数据进行hash计算,得到hash值,进而再用自身的私钥对该hash值进行签名,从而得到sig 10Similarly, the format of the Bval message can be <r, hash 0 , sig 10 >, where r can represent the rth consensus, and hash 0 is the hash value of m 0 , indicating that the voting point of view on m 0 is agreed. Then the sig 10 may also be the signature of the data including r and hash 0 using its own private key. Similarly, it is also possible to perform hash calculation on the data including r and hash 0 first to obtain a hash value, and then sign the hash value with its own private key to obtain sig 10 .
Node 2收到Node 0发来的Val消息后,类似的,也可以验证Node 0的签名是否正确。如果验证正确,Node 2可以用自己的私钥对自身接收到的第一消息中的hash 0进行签名,或者采用自身私钥对包括r、hash 0在内的数据签名,从而得到sig 20,进而也可以广播Bval消息。Bval消息中可以包括r、hash 0以及签名sig 20After receiving the Val message from Node 0 , Node 2 can similarly verify whether the signature of Node 0 is correct. If the verification is correct, Node 2 can use its own private key to sign hash 0 in the first message it receives, or use its own private key to sign data including r and hash 0 , thereby obtaining sig 20 , and then It is also possible to broadcast Bval messages. The Bval message can include r, hash 0 and signature sig 20 .
Node 3收到Node 0发来的Val消息后,类似的,也可以验证Node 0的签名是否正确。如果验证正确,Node 3可以用自己的私钥对自身接收到的第一消息中的hash 0进行签名,或者采用自身私钥对包括r、hash 0在内的数据签名,从而得到sig 30,进而也可以广播Bval消息。Bval消息中可以包括r、hash 0以及签名sig 30After receiving the Val message from Node 0 , Node 3 can similarly verify whether the signature of Node 0 is correct. If the verification is correct, Node 3 can use its own private key to sign hash 0 in the first message it receives, or use its own private key to sign data including r and hash 0 , thereby obtaining sig 30 , and then It is also possible to broadcast Bval messages. The Bval message can include r, hash 0 and signature sig 30 .
S45:【第三轮】接收到第二消息的共识节点收集到至少Quorum个来自于不同共识节点的一致的摘要值后,广播第三消息,第三消息包括数据块、所述摘要值以及收集到的签名。S45: [Third round] After the consensus node receiving the second message collects at least Quorum consistent digest values from different consensus nodes, it broadcasts the third message. The third message includes the data block, the digest value and the collected Arrived signature.
第二轮中的共识节点广播第二消息Bval消息,这样,在第二轮的末尾,接收到第二消息的共识节点可以收集第二消息中对该共识提议的投票。The consensus nodes in the second round broadcast the second message Bval message, so that at the end of the second round, the consensus nodes that received the second message can collect the votes for the consensus proposal in the second message.
例如Node 0,在第二轮的末尾可以收集Bval消息中的投票。假设Node 0收集到Node 1,Node 2、Node 3分别广播的Bval消息中的投票都是所述交易集合m 0的hash值,即hash 0,且Node 0在第一轮中广播的Val消息中也包括hash 0,则Node 0在本轮次中收集到至少Quorum个一致的摘要值(例如此时f=1,Quorum=3,实际收集到4)。 For example Node 0 , at the end of the second round can collect votes in Bval messages. Assume that Node 0 collects the votes in the Bval messages broadcast by Node 1 , Node 2 , and Node 3 respectively, all of which are the hash values of the transaction set m 0 , that is, hash 0 , and Node 0 broadcasts in the Val message in the first round If hash 0 is also included, then Node 0 has collected at least Quorum consistent digest values in this round (for example, at this time f=1, Quorum=3, and actually collected 4).
例如Node 1,在第二轮的末尾可以收集Bval消息中的投票,假设Node 1收集到Node 2、Node 3分别广播的第二消息中的投票都是所述交易集合m 0的hash值hash 0,且Node 1在第二轮中广播的第二消息中的投票如果也是所述交易集合m 0的hash值hash 0(也表示对所述交易集合的认可),且在第一轮中接收到的Node 0发出的Val消息中也包括同样的hash值hash 0,则Node 1在本轮次中收集到至少Quorum个一致的摘要值(例如此时f=1,Quorum=3,实际收集到4)。 For example, Node 1 can collect the votes in the Bval message at the end of the second round, assuming that the votes collected by Node 1 in the second message broadcast by Node 2 and Node 3 are the hash value hash 0 of the transaction set m 0 , and if the vote in the second message broadcast by Node 1 in the second round is also the hash value hash 0 of the transaction set m 0 (also means the approval of the transaction set), and received in the first round The Val message sent by Node 0 also includes the same hash value hash 0 , then Node 1 has collected at least Quorum consistent summary values in this round (for example, at this time f=1, Quorum=3, actually collected 4 ).
Node 2和Node 3与Node 1类似,不再赘述。 Node 2 and Node 3 are similar to Node 1 and will not be repeated here.
此外,共识节点还可以在第二轮末尾收集到不同节点的签名,如前所述。通过签名可以统计截止到第二轮所收集到的投票的数量。例如Node 1收集到分别有sig 10(第二轮中Node 1广播的Bval消息中包含了Node 1的投票,也被收集签名)、sig 20、sig 30签名的内容中包括同一hash值,则说明对该hash共有3个表示认可的投票(此外还可以包括在第一轮末尾接收到Node 0发送的Val消息中对同一hash值的签名sig 00,则对同一hash值一共收集到4个签名)。 In addition, the consensus node can also collect the signatures of different nodes at the end of the second round, as mentioned earlier. The number of votes collected up to the second round can be counted by signing. For example, if Node 1 collects sig 10 (the Bval message broadcast by Node 1 in the second round contains the vote of Node 1 and is also collected and signed), sig 20 and sig 30 respectively include the same hash value, then it means There are 3 votes for approval of the hash (in addition, it can also include the signature sig 00 of the same hash value received in the Val message sent by Node 0 at the end of the first round, and a total of 4 signatures are collected for the same hash value) .
对于Node 1,如果收集到至少Quorum个来自于不同共识节点的一致的hash值,则广播第三消息。第三消息可以记为Prom消息,意思是承诺不会对提议m 0更改观点。如前所述,m 0的hash值可以表示认可,0可以表示不认可。Node 2和Node 3也是类似的。 For Node 1 , if at least Quorum consistent hash values from different consensus nodes are collected, the third message is broadcast. The third message can be recorded as a Prom message, which means that it promises not to change its opinion on the proposal m 0 . As mentioned above, the hash value of m 0 can indicate approval, and 0 can indicate disapproval. Node 2 and Node 3 are also similar.
广播的第三消息中,可以包括收集到的对m 0的投票,例如上述第一轮和第二轮中收集到的hash值和签名。 The third broadcast message may include the collected votes for m 0 , such as the hash values and signatures collected in the first and second rounds above.
此外,广播的第三消息中可以包括数据块。其中,其中第一共识节点广播的数据块可以包括第一轮中保留的数据块,其余共识节点可以广播第一轮中收到的数据块。例如,在第三轮中,Node 0在广播的Prom消息中可以包括在第一轮中保留的数据块m 00。这样,对于Node 0以外的各共识节点,可以在第三轮的末尾收集到该数据块。再例如,对于Node 1,从第一轮Val消息中接收到Node 0发来的交易集合m 0的一个数据块m 01,则Node 1在第三轮广播的Prom消息中还可以包括该数据块m 01;对于Node 2,从第一轮Val消息中接收到Node 0发来的交易集合m 0的一个数据块m 02,则Node 2在第三轮广播的Prom消息中还可以包括该数据块m 02;对于Node 3,从第一轮Val消息中接收到Node 0发来的交易集合m 0的一个数据块m 03,则Node 3在第三轮广播的Prom消息中还可以包括该数据块m 03Additionally, data blocks may be included in the broadcasted third message. Wherein, the data blocks broadcast by the first consensus node may include the data blocks reserved in the first round, and the remaining consensus nodes may broadcast the data blocks received in the first round. For example, in the third round, Node 0 may include the data block m 00 reserved in the first round in the broadcasted Prom message. In this way, for each consensus node other than Node 0 , the data block can be collected at the end of the third round. For another example, if Node 1 receives a data block m 01 of the transaction set m 0 sent by Node 0 from the first round of Val messages, then Node 1 can also include this data block in the Prom message broadcast in the third round m 01 ; For Node 2 , a data block m 02 of the transaction set m 0 sent by Node 0 is received from the first round of Val message, then Node 2 can also include this data block in the Prom message broadcast in the third round m 02 ; For Node 3 , a data block m 03 of the transaction set m 0 sent by Node 0 is received from the first round of Val message, then Node 3 can also include this data block in the Prom message broadcast in the third round m 03 .
此外,第三消息中还可以包括广播的数据块对应的默克尔证明。广播的数据块,可以是在第三消息中广播。这样,Prom消息的格式可以如<r,m 01,m 01对应的默克尔证明,hash 0,<签名集合>>。 In addition, the third message may also include a Merkle certificate corresponding to the broadcast data block. The broadcast data block may be broadcast in the third message. In this way, the format of the Prom message can be such as <r, m 01 , Merkel proof corresponding to m 01 , hash 0 , <signature set>>.
例如
Figure PCTCN2022124047-appb-000003
假设Node 0在第二轮中收集到Node 1,Node 2、Node 3分别广播的Bval消息中的投票都是所述交易集合m 0的hash值,这样也就收集到Node 1、Node 2和Node 3各自分别对m 0(或m 0的hash值)的签名是sig 10、sig 20、sig 30的投票,且Node 0在第一轮中广播的Val消息中也包括自身对m 0(或m 0的hash值)的签名为sig 00的hash值。这样,Node 0在本轮次中收集到至少Quorum个一致的摘要值(例如此时Quorum=3)。进而,Node 0在第三轮中广播的Prom消息中,可以包括该hash值以及收集到的不同节点针对该提议的交易集合m 0表示认可的hash值及签名集合,签名集合例如为sig 00、sig 10、sig 20、sig 30For example
Figure PCTCN2022124047-appb-000003
Assume that Node 0 collects Node 1 in the second round, and the votes in the Bval messages broadcast by Node 2 and Node 3 are all hash values of the transaction set m 0 , so that Node 1 , Node 2 and Node 3 are also collected. 3 The signatures for m 0 (or the hash value of m 0 ) are votes of sig 10 , sig 20 , and sig 30 respectively, and the Val message broadcast by Node 0 in the first round also includes its own signature on m 0 (or m 0 The hash value of 0 ) is signed as the hash value of sig 00 . In this way, Node 0 collects at least Quorum consistent digest values in this round (for example, Quorum=3 at this time). Furthermore, the Prom message broadcast by Node 0 in the third round may include the hash value and the collected hash value and signature set that different nodes express approval for the proposed transaction set m 0 . The signature set is, for example, sig 00 , sig 10 , sig 20 , sig 30 .
例如,假设Node 1在第二轮中收集到Node 2、Node 3分别广播的Bval消息中的投票都是所述交易集合m 0的hash值,这样也就收集到Node 2和Node 3各自分别对m 0(或m 0的hash值)的签名是sig 20、sig 30的投票,且Node 0在第一轮中广播的Val消息中也包括其对m 0(或m 0的hash值)的签名是sig 00的投票,且Node 1在第二轮中广播的Bval消息中也包括其对m 0(或m 0的hash值)的签名是sig 10的投票。这样,Node 1在第一轮和第二轮中收集到至少Quorum个一致的摘要值(例如此时Quorum=3)和不同节点的签名。 进而,Node 1在第三轮中广播的Prom消息中,可以包括该hash值以及收集到的不同节点针对该提议的交易集合m 0表示认可的hash值及签名集合,签名集合例如包括sig 00、sig 10、sig 20、sig 30For example, assuming that Node 1 collects in the second round that the votes in the Bval messages broadcast by Node 2 and Node 3 are all the hash values of the transaction set m 0 , so that Node 2 and Node 3 respectively collect The signature of m 0 (or the hash value of m 0 ) is the vote of sig 20 and sig 30 , and the Val message broadcast by Node 0 in the first round also includes its signature on m 0 (or the hash value of m 0 ) is a vote of sig 00 , and the Bval message broadcast by Node 1 in the second round also includes the vote that its signature on m 0 (or the hash value of m 0 ) is sig 10 . In this way, Node 1 collects at least Quorum consistent digest values (for example, Quorum=3 at this time) and signatures of different nodes in the first round and the second round. Furthermore, the Prom message broadcast by Node 1 in the third round may include the hash value and the collected hash value and signature set that different nodes approve of the proposed transaction set m 0 , the signature set includes, for example, sig 00 , sig 10 , sig 20 , sig 30 .
Node 2和Node 3也类似于Node 1Node 2 and Node 3 are also similar to Node 1 .
需要说明的是,上述签名集合,也可以用聚合签名或门限签名替代。It should be noted that the above signature set can also be replaced by an aggregate signature or a threshold signature.
S47:共识节点在第三轮的末尾基于接收到的数据块采用所述纠删码恢复出所述交易集合,并在收集到至少Quorum个来自于不同节点的第三消息后,将所述摘要值对应的交易集合作为共识结果的至少一部分输出。S47: At the end of the third round, the consensus node uses the erasure code to restore the transaction set based on the received data block, and after collecting at least Quorum third messages from different nodes, the summary The transaction set corresponding to the value is output as at least part of the consensus result.
第三轮执行后,接收到Prom消息的共识节点可以收集Prom消息中的数据块。After the third round of execution, the consensus nodes that receive the Prom message can collect the data blocks in the Prom message.
对于Node 1,从第三轮Prom消息中接收到Node 0发来的交易集合m 0的一个数据块m 00,从第三轮Prom消息中接收到Node 2发来的交易集合m 0的一个数据块m 02,从第三轮的Prom消息中接收到Node 3发来的交易集合m 0的一个数据块m 03。通过第一轮的Val消息,Node 1还接收到Node 0发来的m 01。根据如前所述的纠删码中的p、q的设置(一般q至少为1,而截止到第三轮的末尾,Node 1至少应收到p个不同的数据块),Node 1有较大概率可以从m 00、m 01、m 02、m 03中解码出m 0,从而能够恢复得到完整的Node 0的提议的交易集合。 For Node 1 , a data block m 00 of transaction set m 0 sent by Node 0 is received from the third round of Prom messages, and a data block of transaction set m 0 sent by Node 2 is received from the third round of Prom messages Block m 02 , a data block m 03 of the transaction set m 0 sent by Node 3 is received from the third round of Prom messages. Node 1 also receives m 01 from Node 0 through the first round of Val messages. According to the settings of p and q in the erasure code as mentioned above (generally q is at least 1, and by the end of the third round, Node 1 should receive at least p different data blocks), Node 1 has relatively With a high probability, m 0 can be decoded from m 00 , m 01 , m 02 , and m 03 , so that the complete proposed transaction set of Node 0 can be recovered.
类似的,对于Node 2,从第三轮Prom消息中接收到Node 0发来的交易集合m 0的一个数据块m 00,从第三轮Prom消息中接收到Node 1发来的交易集合m 0的一个数据块m 01,从第三轮的Prom消息中接收到Node 3发来的交易集合m 0的一个数据块m 03。通过第一轮的Val消息,Node 1还接收到Node 0发来的m 01。根据如前所述的纠删码中的p、q的设置,Node 2有较大概率可以从m 00、m 01、m 02、m 03中解码出m 0,从而能够恢复得到完整的Node 0的提议的交易集合。 Similarly, for Node 2 , a data block m 00 of the transaction set m 0 sent by Node 0 is received from the third round of Prom messages, and the transaction set m 0 sent by Node 1 is received from the third round of Prom messages Receive a data block m 01 of the transaction set m 03 sent by Node 3 from the third round of Prom messages. Node 1 also receives m 01 from Node 0 through the first round of Val messages. According to the settings of p and q in the erasure code as mentioned above, Node 2 has a high probability of being able to decode m 0 from m 00 , m 01 , m 02 , and m 03 , so that the complete Node 0 can be recovered The set of proposed transactions.
类似的,对于Node 3,从第三轮Prom消息中接收到Node 0发来的交易集合m 0的一个数据块m 00,从第三轮Prom消息中接收到Node 1发来的交易集合m 0的一个数据块m 01,从第三轮的Prom消息中接收到Node 2发来的交易集合m 0的一个数据块m 02。通过第一轮的Val消息,Node 3还接收到对于Node 0发来的m 03。根据如前所述的纠删码中的p、q的设置,Node 3有较大概率可以从m 00、m 01、m 02、m 03中解码出m 0,从而能够恢复得到完整的Node 0的提议的交易集合。 Similarly, for Node 3 , a data block m 00 of the transaction set m 0 sent by Node 0 is received from the third round of Prom messages, and the transaction set m 0 sent by Node 1 is received from the third round of Prom messages Receive a data block m 01 of the transaction set m 01 sent by Node 2 from the third round of Prom messages. Through the first round of Val messages, Node 3 also receives the m 03 sent by Node 0 . According to the settings of p and q in the erasure code as mentioned above, Node 3 has a high probability of being able to decode m 0 from m 00 , m 01 , m 02 , and m 03 , so that the complete Node 0 can be recovered The set of proposed transactions.
这样,共识节点在第三轮的末尾可以基于接收到的数据块采用所述纠删码恢复出所述交易集合。In this way, at the end of the third round, the consensus node can use the erasure code to restore the transaction set based on the received data block.
如前所述,共识节点广播的第二消息或第三消息中可以包括数据块对应的默克尔证明。这样,在第三轮的末尾,接收到数据块的共识节点还可以结合对应的默克尔证明进行验证。可以在通过验证之后再恢复原始数据,即前述解码得到m 0,并从中恢复得到完整的Node 0的提议的交易集合。具体的,在第三轮的末尾,收到Prom消息的共识节点,可以计算Prom消息中的数据块的hash值。例如,Node 1接收到第一共识节点Node 0发送的Prom消息后,可以计算该Prom消息中包括的数据块m 00的hash值,例如是hash 000。如前所述,Node 0发送的Prom消息中还可以包括所包含的数据块m 00对应的merkle proof,例如包括hash 001、hash 01、hash 0。这样,Node 1在前述计算得到Prom消息中m 00的hash值hash 000后,进一步与该默克尔证明一并计算,包括将hash 000与hash 001计算得到 hash′ 00,再由hash′ 00与hash 01计算得到hash′ 0,从而通过比较hash′ 0与hash 0是否一致来确定m 00是否正确。这是因为,一般来说发生哈希碰撞的概率是极低的,消息的发起方很难伪造一连串hash值,同时保持这些hash值与数据块存在对应关系。因此,如果比较hash′ 0与hash 0是一致的,则可以进入后续处理;如果不一致,则不认可接收到的Prom消息,即不认可其中的包含的数据块。 As mentioned above, the second message or the third message broadcast by the consensus node may include the Merkle proof corresponding to the data block. In this way, at the end of the third round, the consensus node that received the data block can also combine the corresponding Merkle proof for verification. The original data can be recovered after passing the verification, that is, m 0 can be obtained from the aforementioned decoding, and the complete proposed transaction set of Node 0 can be recovered from it. Specifically, at the end of the third round, the consensus node that receives the Prom message can calculate the hash value of the data block in the Prom message. For example, after Node 1 receives the Prom message sent by the first consensus node Node 0 , it can calculate the hash value of the data block m 00 included in the Prom message, for example, hash 000 . As mentioned above, the Prom message sent by Node 0 may also include the merkle proof corresponding to the contained data block m 00 , for example including hash 001 , hash 01 , and hash 0 . In this way, after Node 1 obtains the hash value hash 000 of m 00 in the Prom message through the aforementioned calculation, it further calculates together with the Merkle proof, including calculating hash 000 and hash 001 to obtain hash′ 00 , and then combining hash′ 00 and Hash 01 is calculated to get hash′ 0 , so whether m 00 is correct is determined by comparing whether hash′ 0 is consistent with hash 0 . This is because, generally speaking, the probability of a hash collision is extremely low, and it is difficult for the initiator of the message to forge a series of hash values while maintaining the corresponding relationship between these hash values and data blocks. Therefore, if comparing hash' 0 and hash 0 are consistent, you can enter subsequent processing; if they are not consistent, the received Prom message is not approved, that is, the data block contained therein is not approved.
再例如,Node 1接收到第一共识节点Node 0发送的Val消息中,可以包括数据块m 01及对应的默克尔证明hash 000、hash 01、hash 0。接收到Val消息的共识节点,可以通过Val消息中包含的默克尔证明来验证数据的正确性。例如,Node 1在前述计算得到Val消息中m 01的hash值hash 001后,进一步与该Val消息中的默克尔证明一并计算,包括将hash 000与hash 001计算得到hash′ 00,再由hash′ 00与hash 01计算得到hash′ 0,从而通过比较hash′ 0与hash 0是否一致来确定m 01是否正确。Node 1在第三轮广播的Prom消息中,可以包括数据块m 01。此外,Node 1在第二轮广播的Bval消息或第三轮广播的Prom消息中,可以包括数据块m 01对应的默克尔证明hash 000、hash 01、hash 0。第三轮的末尾,Node 0、Node 2和Node 3都可能收到Node 1发来的数据块m 01及对应的默克尔证明。Node 0、Node 2和Node 3中的每一个都可以执行上述的验证过程,以验证数据的正确性,验证通过后进入采用纠删码恢复交易集合的处理。 For another example, when Node 1 receives the Val message sent by the first consensus node Node 0 , it may include the data block m 01 and the corresponding Merkel proof hash 000 , hash 01 , and hash 0 . The consensus node that receives the Val message can verify the correctness of the data through the Merkle proof contained in the Val message. For example, after Node 1 obtains the hash value hash 001 of m 01 in the Val message through the aforementioned calculation, it further calculates together with the Merkel proof in the Val message, including calculating hash 000 and hash 001 to obtain hash′ 00 , and then by Hash′ 00 and hash 01 are calculated to obtain hash′ 0 , so whether m 01 is correct is determined by comparing whether hash′ 0 and hash 0 are consistent. The Prom message broadcast by Node 1 in the third round may include the data block m 01 . In addition, Node 1 may include the Merkel proof hash 000 , hash 01 , and hash 0 corresponding to the data block m 01 in the Bval message broadcast in the second round or the Prom message broadcast in the third round. At the end of the third round, Node 0 , Node 2 , and Node 3 may all receive the data block m 01 and the corresponding Merkle certificate from Node 1 . Each of Node 0 , Node 2 , and Node 3 can perform the above-mentioned verification process to verify the correctness of the data, and after passing the verification, enter the process of restoring the transaction set using erasure codes.
第三轮执行后,接收到Prom消息的共识节点可以统计收集的Prom消息的数量。共识节点在第三轮中发出Prom消息的条件是第二轮中收集到至少Quorum个来自于不同共识节点的一致的投票,且自身针对该提议没有广播过不同的投票,即相当于第二轮末尾该共识节点确认总计至少Quorum数量的共识节点(包括自身)对该提议m 0的投票都是认同的。但是,第二轮结束之后还不能马上输出共识结果,而是还需要观察其他节点是否也是在第二轮末尾收集到至少Quorum数量的对提议m 0的表示认同的投票,因此需要通过第三轮的Prom消息来确认,并且通过该Prom消息承诺自身不会再针对同一提议m 0的表示不同的观点。 After the third round of execution, consensus nodes that have received Prom messages can count the number of collected Prom messages. The condition for the consensus node to send the Prom message in the third round is that at least Quorum unanimous votes from different consensus nodes have been collected in the second round, and it has not broadcast different votes for the proposal, which is equivalent to the second round At the end, the consensus node confirms that a total of at least Quorum number of consensus nodes (including itself) votes for the proposal m 0 . However, after the end of the second round, the consensus result cannot be output immediately, but it is necessary to observe whether other nodes have also collected at least Quorum number of votes for the proposal m 0 at the end of the second round, so it is necessary to pass the third round Prom message to confirm, and through the Prom message promise that it will not express different views on the same proposal m 0 .
例如
Figure PCTCN2022124047-appb-000004
在第一轮和第二轮中收集到至少Quorum个一致的摘要值,进而,Node 0在第三轮中广播的Prom消息中,可以包括该hash值以及收集到的不同节点针对该提议的交易集合m 0表示认可的hash值及签名集合,签名集合例如包括sig 00、sig 10、sig 20、sig 30For example
Figure PCTCN2022124047-appb-000004
Collect at least Quorum consistent digest values in the first and second rounds, and then, the Prom message broadcast by Node 0 in the third round can include the hash value and the collected transactions of different nodes for the proposal The set m 0 represents an approved hash value and signature set, and the signature set includes, for example, sig 00 , sig 10 , sig 20 , and sig 30 .
例如Node 1在第一轮和第二轮中收集到至少Quorum个一致的摘要值,进而,Node 1在第三轮中广播的Prom消息中,可以包括该hash值以及收集到的不同节点针对该提议的交易集合m 0表示认可的hash值及签名集合,签名集合例如包括sig 00、sig 10、sig 20、sig 30For example, Node 1 collects at least Quorum consistent digest values in the first round and the second round, and then, the Prom message broadcast by Node 1 in the third round may include the hash value and the collected different nodes for the The proposed transaction set m 0 represents the approved hash value and signature set, and the signature set includes, for example, sig 00 , sig 10 , sig 20 , and sig 30 .
Node 2和Node 3也类似于Node 1Node 2 and Node 3 are also similar to Node 1 .
这样,通过第三轮,例如Node 0可以收集到至少Quorum个Prom消息。通过Quorum个Prom消息,Node 0可以确认至少Quorum个共识节点中的每一个都收集到了对该提议的交易集合m 0表示认可的至少Quorum数量的投票,且发出Prom消息的每一个共识节点都承诺不再会更改投票的观点,这样,Node 0可以进一步完成本次共识,即将所述摘要值对应的交易集合m 0作为共识结果的至少一部分输出。Node 1、Node 2和Node 3也类似。类似的,其它共识节点如Node 1、Node 2和Node 3也可以进一步完成本次共识,即将所述摘要值对应的交易集合m 0作为共识结果的至少一部分输出。 In this way, through the third round, for example, Node 0 can collect at least Quorum Prom messages. Through Quorum Prom messages, Node 0 can confirm that each of at least Quorum consensus nodes has collected at least Quorum number of votes to approve the proposed transaction set m 0 , and each consensus node that sends Prom messages commits to The point of view of voting will not be changed, so that Node 0 can further complete this consensus, that is, output the transaction set m 0 corresponding to the summary value as at least a part of the consensus result. Node 1 , Node 2 and Node 3 are also similar. Similarly, other consensus nodes such as Node 1 , Node 2 , and Node 3 can further complete this consensus, that is, output the transaction set m 0 corresponding to the digest value as at least a part of the consensus result.
第三轮的Prom消息可以增加签名。例如Node 1在第三轮中广播的Prom消息中可以 包括Node 1对Prom消息中<r,hash,<签名集合>>的签名。 The third round of Prom messages can add signatures. For example, the Prom message broadcast by Node 1 in the third round may include Node 1 's signature of <r, hash, <signature set>> in the Prom message.
前述提到的附图13中生成Merkle Tree的方式,一般对于二叉的Merkle Tree来说,底层叶子节点的数量是2 n个。而采用纠删码(Erasure Coding)生成的数据块的数量并不一定是2 n个。这种情况下,可以采用最后一个数据块的hash重复若干次的方式,补齐Merkle Tree的2 n叶子节点。例如,在总计有5个共识节点Node 0、Node 1、Node 2、Node 3、Node 4的情况下,Node 0将共识提议的交易集合m 0采用纠删码生成5个数据块m 00、m 01、m 02、m 03、m 04,而构建的Merkle Tree可以如图14所示,m 00对应的hash值为hash 0000,m 01对应的hash值为hash 0001,m 02对应的hash值为hash 0002,m 03对应的hash值为hash 0003,m 04对应的hash值为hash 0004。最底层的叶子节点的数量一般是大于数据块数量的最小的2 n,这里数据块数量是5,2 n=2 3=8。多出的3个Merkle Tree的叶子节点,可以取最后一个数据块对应的hash值。如图所示,hash 000s、hash 0006和hash 0007,可以都是取m 04的hash值。这样,同样可以构建Merkle Tree及默克尔证明。 The above-mentioned way of generating Merkle Tree in Figure 13, generally for a binary Merkle Tree, the number of bottom leaf nodes is 2n . However, the number of data blocks generated by using erasure coding (Erasure Coding) is not necessarily 2 n . In this case, the hash of the last data block can be repeated several times to complete the 2 n leaf nodes of the Merkle Tree. For example, when there are 5 consensus nodes Node 0 , Node 1 , Node 2 , Node 3 , and Node 4 in total, Node 0 uses the erasure code to generate 5 data blocks m 00 , m from the transaction set m 0 proposed by the consensus 01 , m 02 , m 03 , m 04 , and the constructed Merkle Tree can be shown in Figure 14. The hash value corresponding to m 00 is hash 0000 , the corresponding hash value to m 01 is hash 0001 , and the corresponding hash value to m 02 is hash 0002 , the hash value corresponding to m 03 is hash 0003 , and the corresponding hash value to m 04 is hash 0004 . The number of leaf nodes at the bottom layer is generally the smallest 2 n that is greater than the number of data blocks, where the number of data blocks is 5, 2 n =2 3 =8. The extra 3 leaf nodes of the Merkle Tree can take the hash value corresponding to the last data block. As shown in the figure, hash 000s , hash 0006 and hash 0007 may all take the hash value of m 04 . In this way, Merkle Tree and Merkle proof can also be constructed.
上述图5的实施例,可以由如图中的Node 0来执行,也可以扩展到由Node 0、Node 1、Node 2和Node 3均执行。前者的情况,实际上,每一收集到至少Quorum个来自于不同节点的第三消息后的共识节点,各自均可以将所述摘要值对应的交易集合作为共识结果的全部来输出,除了图5以外,也可以是图6、7、8、9中的任一。 The above embodiment in FIG. 5 can be executed by Node 0 in the figure, and can also be extended to be executed by Node 0 , Node 1 , Node 2 and Node 3 . In the case of the former, in fact, every consensus node that collects at least Quorum third messages from different nodes can output the transaction set corresponding to the summary value as the entire consensus result, except for Figure 5 Alternatively, any one of Figs. 6, 7, 8, and 9 may be used.
对于后者,即由Node 0、Node 1、Node 2和Node 3均执行的情况,图5是以Node 0这一个节点的发起共识提议的视角,实际上Node 1、Node 2和Node 3中的任一也可以发起提议而其它共识节点配合完成上述类似的过程,这样整体上是图5、6、7、8、9的叠加。 For the latter, that is, the case where Node 0 , Node 1 , Node 2 , and Node 3 are all executed, Figure 5 is from the perspective of Node 0 , which initiates a consensus proposal. In fact, Node 1 , Node 2 , and Node 3 Any one can also initiate a proposal, and other consensus nodes cooperate to complete the above-mentioned similar process, so that the whole is the superposition of Figures 5, 6, 7, 8, and 9.
对于后者的情况,例如Node 0发起共识提议的交易集合为m 0,Node 1发起共识提议的交易集合为m 1、Node 2发起共识提议的交易集合为m 2,Node 3发起共识提议的交易集合为m 3,这样,m 0可以对应hash 0,m 1可以对应hash 1,m 2可以对应hash 2,m 3可以对应hash 3。如果正常执行,大概率上每个共识节点本次共识的输出结果为{m 0,m 1,m 2,m 3},至于输出结果中m 0,m 1,m 2,m 3的顺序,可以按照一定规则来排序,例如按照对应hash值的大小顺序来排序。 For the latter case, for example, the transaction set of Node 0 initiating the consensus proposal is m 0 , the transaction set of Node 1 initiating the consensus proposal is m 1 , the transaction set of Node 2 initiating the consensus proposal is m 2 , and the transaction set of Node 3 initiating the consensus proposal The set is m 3 , so m 0 can correspond to hash 0 , m 1 can correspond to hash 1 , m 2 can correspond to hash 2 , and m 3 can correspond to hash 3 . If executed normally, the consensus output of each consensus node is {m 0 , m 1 , m 2 , m 3 } with high probability. As for the order of m 0 , m 1 , m 2 , m 3 in the output results, It can be sorted according to certain rules, for example, sorted according to the size order of the corresponding hash values.
上述实施例中,可以在一定前提下缩短至3个轮次完成一次共识,相对于HBBFT中的至少6轮,大大降低了共识过程带来的延迟。实际上,本申请实施例中,相当于采用前瞻投票和数字签名技术将HBBFT中RBC过程的后两轮和ABA过程的前两轮进行了合并,从而缩短了所需的轮次。所述前瞻投票,是指上述实施例中第二轮次的Bval中进行投票,而HBBFT在ABA过程中需要在第五轮次的Bval中才投票。所述数字签名,指上述实施例中第一轮次和第二轮次中采用的数字签名。In the above embodiment, under certain conditions, it can be shortened to 3 rounds to complete a consensus. Compared with at least 6 rounds in HBBFT, the delay caused by the consensus process is greatly reduced. In fact, in the embodiment of this application, it is equivalent to combining the last two rounds of the RBC process and the first two rounds of the ABA process in the HBBFT by using the forward-looking voting and digital signature technology, thereby shortening the required rounds. The forward-looking voting refers to voting in the second round of Bval in the above embodiment, while HBBFT needs to vote in the fifth round of Bval in the ABA process. The digital signature refers to the digital signature used in the first round and the second round in the above embodiment.
而且,采用纠删码对共识提议的交易生成若干个数据块,提议的共识节点不必传输较大的数据包至其余的每一共识节点,而是将数据包的不同数据块传输至不同的共识节点,从而可以降低网络传输的数据量。在第二轮中转发提议的共识节点发来的数据块,可以充分利用网络中节点之间的带宽资源,从而整体上提升共识协议的性能。Moreover, using erasure codes to generate several data blocks for the transaction proposed by the consensus, the proposed consensus node does not need to transmit a larger data packet to each of the remaining consensus nodes, but transmits different data blocks of the data packet to different consensus nodes. nodes, which can reduce the amount of data transmitted by the network. Forwarding the data blocks sent by the proposed consensus nodes in the second round can make full use of the bandwidth resources between nodes in the network, thereby improving the performance of the consensus protocol as a whole.
本申请还提供一种区块链系统实施例,包括共识节点,其中:第一共识节点将共识提议的交易集合采用纠删码生成多个数据块;第一共识节点保留一份数据块,并发送第一消息至其它共识节点,发送至不同共识节点的第一消息中包括不同的所述数据块以及第一共识节点的签名;接收到所述第一消息的共识节点广播第二消息,第二消息中包括所述接收到的数据块,并包括对所述交易集合的投票和签名;所述投票包括所述交易集 合的摘要值;接收到第二消息的共识节点收集到至少Quorum个来自于不同共识节点的一致的投票后,广播第三消息,第三消息包括数据块、所述摘要值以及收集到的签名集合;其中第一共识节点广播的数据块包括所述保留的数据块,其余共识节点广播第一轮中收到的数据块;所述共识节点在第三轮的末尾基于接收到的数据块采用所述纠删码恢复出所述交易集合,并在收集到至少Quorum个来自于不同节点的第三消息后,将所述摘要值对应的交易集合作为共识结果的至少一部分输出。The present application also provides an embodiment of a blockchain system, including consensus nodes, wherein: the first consensus node uses erasure codes to generate multiple data blocks from the transaction set proposed by the consensus; the first consensus node retains a copy of the data block, and Send the first message to other consensus nodes, and the first messages sent to different consensus nodes include different data blocks and the signature of the first consensus node; the consensus node that receives the first message broadcasts the second message, and the second consensus node receives the first message The second message includes the received data block, and includes votes and signatures on the transaction set; the vote includes the summary value of the transaction set; the consensus node that receives the second message collects at least Quorum from After unanimous voting by different consensus nodes, broadcast a third message, the third message includes the data block, the digest value and the collected signature set; wherein the data block broadcast by the first consensus node includes the reserved data block, The remaining consensus nodes broadcast the data blocks received in the first round; at the end of the third round, the consensus nodes use the erasure code to recover the transaction set based on the received data blocks, and collect at least Quorum After the third message from a different node, the transaction set corresponding to the summary value is output as at least a part of the consensus result.
其中,第一共识节点将共识提议的交易集合采用纠删码生成n个数据块,所述n等于共识节点的总数。Wherein, the first consensus node uses the erasure code to generate n data blocks from the transaction set proposed by the consensus, and the n is equal to the total number of consensus nodes.
其中,第一轮中第一共识节点针对每个数据块生成对应的默克尔证明,所述发送的第一消息中还包括所述默克尔证明;相应的,在第一轮的末尾接收到所述第一消息的共识节点还对所述接收到的数据块和默尔克证明进行验证;验证通过后进入第二轮。Wherein, in the first round, the first consensus node generates a corresponding Merkel certificate for each data block, and the first message sent also includes the Merkel certificate; correspondingly, at the end of the first round, receiving The consensus node that received the first message also verifies the received data block and the Merkle proof; after passing the verification, it enters the second round.
其中,广播的第二消息或第三消息中还包括广播的数据块对应的默克尔证明。Wherein, the broadcasted second message or the third message further includes the Merkle certificate corresponding to the broadcasted data block.
其中,在第三轮中,第一共识节点在广播的第三消息中还包括在第一轮中保留的数据块。Wherein, in the third round, the third message broadcast by the first consensus node also includes the data blocks reserved in the first round.
其中,在第三轮的末尾,接收到第三消息的共识节点还对所述接收到的数据块和对应的默克尔证明进行验证;验证通过后进入采用纠删码恢复交易集合的处理。Wherein, at the end of the third round, the consensus node that received the third message also verifies the received data block and the corresponding Merkle certificate; after the verification is passed, it enters the process of restoring the transaction set using erasure codes.
其中,在同一次共识过程中,所述区块链系统中的至少Quorum数量的共识节点中的每一个作为第一共识节点。Wherein, in the same consensus process, each of at least Quorum number of consensus nodes in the blockchain system serves as the first consensus node.
本申请还提供一种区块链系统中的共识节点实施例,譬如该共识节点为第一共识节点,该实施例也可以如图10所示,包括:数据块生成单元101,用于将共识提议的交易集合采用纠删码生成多个数据块,并保留一份数据块;第一消息广播单元102,用于广播第一消息至其它共识节点,该其他共识节点为区块链系统中区别于上述第一共识节点的剩余共识节点,发送至不同共识节点的第一消息中包括不同的所述数据块以及第一共识节点的签名;第二消息接收单元103,用于接收第二消息,第二消息中包括对所述交易集合的投票和签名;所述投票包括所述交易集合的摘要值;第三消息广播单元104,当第二消息接收单元收集到至少Quorum个来自于不同共识节点的一致的投票后广播第三消息,第三消息包括所述保留的数据块,所述摘要值以及收集到的签名集合;第三消息收集单元105,用于收集来自于不同共识节点的第三消息;输出单元106,在第三消息收集单元收集到至少Quorum个来自于不同节点的第三消息后,将所述摘要值对应的交易集合作为共识结果的至少一部分输出。The present application also provides an embodiment of a consensus node in a blockchain system. For example, the consensus node is the first consensus node. This embodiment can also be shown in FIG. The proposed transaction set uses erasure codes to generate multiple data blocks, and retains a copy of the data blocks; the first message broadcast unit 102 is used to broadcast the first message to other consensus nodes, which are distinguished in the blockchain system. For the remaining consensus nodes of the first consensus node, the first messages sent to different consensus nodes include different data blocks and the signature of the first consensus node; the second message receiving unit 103 is configured to receive the second message, The second message includes votes and signatures on the transaction set; the vote includes the summary value of the transaction set; the third message broadcast unit 104, when the second message receiving unit collects at least Quorum from different consensus nodes The third message is broadcast after the unanimous vote of the , the third message includes the reserved data block, the digest value and the collected signature set; the third message collection unit 105 is used to collect the third message from different consensus nodes Message; the output unit 106, after the third message collection unit collects at least Quorum third messages from different nodes, outputs the transaction set corresponding to the summary value as at least a part of the consensus result.
其中,所述数据块生成单元101将共识提议的交易集合采用纠删码生成n个数据块,所述n等于共识节点的总数。Wherein, the data block generation unit 101 generates n data blocks using erasure codes for the transaction set proposed by the consensus, where n is equal to the total number of consensus nodes.
所述数据块生成单元101还针对每个数据块生成对应的默克尔证明,第一消息广播单元发送的第一消息中还可以包括所述默克尔证明。The data block generating unit 101 also generates a corresponding Merkel certificate for each data block, and the first message sent by the first message broadcasting unit may also include the Merkel certificate.
广播的第三消息中还可以包括所述保留的数据块对应的默克尔证明。The third broadcast message may also include the Merkle certificate corresponding to the reserved data block.
其中,还可以包括验证单元,用于在第三消息接收单元接收到第三消息后,对第三消息中的数据块和对应的默克尔证明进行验证。Wherein, a verification unit may also be included, configured to verify the data block in the third message and the corresponding Merkle certificate after the third message receiving unit receives the third message.
其中,第三消息广播单元广播的第三消息中可以还包括在数据块生成单元保留的数 据块。Wherein, the third message broadcast by the third message broadcasting unit may further include the data block reserved by the data block generating unit.
本申请还提供一种区块链系统中的共识节点实施例,可以如图11所示,包括:第一消息接收单元111,用于接收第一共识节点广播的第一消息,第一消息中包括提议的交易集合的一个数据块和第一共识节点的签名;第二消息广播单元112,用于当第一消息接收单元111接收到所述第一消息后广播第二消息,第二消息中包括对所述交易集合的投票和签名;所述投票包括所述交易集合的摘要值;第二消息接收单元113,用于接收第二消息,第二消息中包括对所述交易集合的投票和签名;所述投票包括所述交易集合的摘要值;第三消息广播单元114,当第二消息接收单元112收集到至少Quorum个来自于不同共识节点的一致的投票,则广播第三消息,第三消息包括所述摘要值以及收集到的签名集合;第三消息收集单元115,收集来自于不同共识节点的第三消息;恢复单元116,基于第三消息收集单元115接收到的数据块采用所述纠删码恢复出所述交易集合;输出单元117,当第三消息收集单元115收集到至少Quorum个来自于不同节点的第三消息后,将所述摘要值对应的交易集合作为共识结果的至少一部分输出。The present application also provides an embodiment of a consensus node in a blockchain system, as shown in Figure 11, including: a first message receiving unit 111, configured to receive the first message broadcast by the first consensus node, in the first message Including a data block of the proposed transaction set and the signature of the first consensus node; the second message broadcast unit 112, used to broadcast the second message after the first message receiving unit 111 receives the first message, in the second message Including votes and signatures on the transaction set; the vote includes a summary value of the transaction set; the second message receiving unit 113 is configured to receive a second message, the second message includes the vote on the transaction set and signature; the vote includes the summary value of the transaction set; the third message broadcast unit 114, when the second message receiving unit 112 collects at least Quorum unanimous votes from different consensus nodes, broadcasts the third message, the first The three messages include the digest value and the collected signature set; the third message collection unit 115 collects the third messages from different consensus nodes; the recovery unit 116 uses the data block received by the third message collection unit 115 based on the The erasure code restores the transaction set; the output unit 117, when the third message collection unit 115 collects at least Quorum third messages from different nodes, uses the transaction set corresponding to the digest value as the consensus result at least part of the output.
其中,第一消息接收单元111接收的第一消息中还包括所述默克尔证明;相应的,第一消息接收单元111还对所述接收到的数据块和默尔克证明进行验证。Wherein, the first message received by the first message receiving unit 111 also includes the Merkle certificate; correspondingly, the first message receiving unit 111 also verifies the received data block and the Merkle certificate.
其中,第二消息或第三消息中还包括所述广播的数据块对应的默克尔证明,第三消息接收单元113还对接收到的数据块和对应的默克尔证明进行验证。Wherein, the second message or the third message further includes the Merkel certificate corresponding to the broadcast data block, and the third message receiving unit 113 also verifies the received data block and the corresponding Merkel certificate.
在20世纪90年代,对于一个技术的改进可以很明显地区分是硬件上的改进(例如,对二极管、晶体管、开关等电路结构的改进)还是软件上的改进(对于方法流程的改进)。然而,随着技术的发展,当今的很多方法流程的改进已经可以视为硬件电路结构的直接改进。设计人员几乎都通过将改进的方法流程编程到硬件电路中来得到相应的硬件电路结构。因此,不能说一个方法流程的改进就不能用硬件实体模块来实现。例如,可编程逻辑器件(Programmable Logic Device,PLD)(例如现场可编程门阵列(Field Programmable Gate Array,FPGA))就是这样一种集成电路,其逻辑功能由用户对器件编程来确定。由设计人员自行编程来把一个数字系统“集成”在一片PLD上,而不需要请芯片制造厂商来设计和制作专用的集成电路芯片。而且,如今,取代手工地制作集成电路芯片,这种编程也多半改用“逻辑编译器(logic compiler)”软件来实现,它与程序开发撰写时所用的软件编译器相类似,而要编译之前的原始代码也得用特定的编程语言来撰写,此称之为硬件描述语言(Hardware Description Language,HDL),而HDL也并非仅有一种,而是有许多种,如ABEL(Advanced Boolean Expression Language)、AHDL(Altera Hardware Description Language)、Confluence、CUPL(Comell University Programming Language)、HDCal、JHDL(Java Hardware Description Language)、Lava、Lola、MyHDL、PALASM、RHDL(Ruby Hardware Description Language)等,目前最普遍使用的是VHDL(Very-High-Speed Integrated Circuit Hardware Description Language)与Verilog。本领域技术人员也应该清楚,只需要将方法流程用上述几种硬件描述语言稍作逻辑编程并编程到集成电路中,就可以很容易得到实现该逻辑方法流程的硬件电路。In the 1990s, the improvement of a technology can be clearly distinguished as an improvement in hardware (for example, improvements in circuit structures such as diodes, transistors, and switches) or improvements in software (improvement in method flow). However, with the development of technology, the improvement of many current method flows can be regarded as the direct improvement of the hardware circuit structure. Designers almost always get the corresponding hardware circuit structure by programming the improved method flow into the hardware circuit. Therefore, it cannot be said that the improvement of a method flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose logic function is determined by programming the device by the user. It is programmed by the designer to "integrate" a digital system on a PLD, instead of asking a chip manufacturer to design and make a dedicated integrated circuit chip. Moreover, nowadays, instead of making integrated circuit chips by hand, this kind of programming is mostly realized by "logic compiler (logic compiler)" software, which is similar to the software compiler used when program development and writing, but before compiling The original code of the computer must also be written in a specific programming language, which is called a hardware description language (Hardware Description Language, HDL), and there is not only one kind of HDL, but many kinds, such as ABEL (Advanced Boolean Expression Language) , AHDL (Altera Hardware Description Language), Confluence, CUPL (Comell University Programming Language), HDCal, JHDL (Java Hardware Description Language), Lava, Lola, MyHDL, PALASM, RHDL (Ruby Hardware Description Language), etc., are currently the most commonly used The most popular are VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) and Verilog. It should also be clear to those skilled in the art that only a little logical programming of the method flow in the above-mentioned hardware description languages and programming into an integrated circuit can easily obtain a hardware circuit for realizing the logic method flow.
控制器可以按任何适当的方式实现,例如,控制器可以采取例如微处理器或处理器以及存储可由该(微)处理器执行的计算机可读程序代码(例如软件或固件)的计算机可读介质、逻辑门、开关、专用集成电路(Application Specific Integrated Circuit,ASIC)、可编程逻辑控制器和嵌入微控制器的形式,控制器的例子包括但不限于以下微控制器: ARC 625D、Atmel AT91SAM、Microchip PIC18F26K20以及Silicone Labs C8051F320,存储器控制器还可以被实现为存储器的控制逻辑的一部分。本领域技术人员也知道,除了以纯计算机可读程序代码方式实现控制器以外,完全可以通过将方法步骤进行逻辑编程来使得控制器以逻辑门、开关、专用集成电路、可编程逻辑控制器和嵌入微控制器等的形式来实现相同功能。因此这种控制器可以被认为是一种硬件部件,而对其内包括的用于实现各种功能的装置也可以视为硬件部件内的结构。或者甚至,可以将用于实现各种功能的装置视为既可以是实现方法的软件模块又可以是硬件部件内的结构。The controller may be implemented in any suitable way, for example the controller may take the form of a microprocessor or processor and a computer readable medium storing computer readable program code (such as software or firmware) executable by the (micro)processor , logic gates, switches, application specific integrated circuits (Application Specific Integrated Circuit, ASIC), programmable logic controllers and embedded microcontrollers, examples of controllers include but are not limited to the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicone Labs C8051F320, the memory controller can also be implemented as part of the control logic of the memory. Those skilled in the art also know that, in addition to realizing the controller in a purely computer-readable program code mode, it is entirely possible to make the controller use logic gates, switches, application-specific integrated circuits, programmable logic controllers, and embedded The same function can be realized in the form of a microcontroller or the like. Therefore, such a controller can be regarded as a hardware component, and the devices included in it for realizing various functions can also be regarded as structures within the hardware component. Or even, means for realizing various functions can be regarded as a structure within both a software module realizing a method and a hardware component.
上述实施例阐明的系统、装置、模块或单元,具体可以由计算机芯片或实体实现,或者由具有某种功能的产品来实现。一种典型的实现设备为服务器系统。当然,本申请不排除随着未来计算机技术的发展,实现上述实施例功能的计算机例如可以为个人计算机、膝上型计算机、车载人机交互设备、蜂窝电话、相机电话、智能电话、个人数字助理、媒体播放器、导航设备、电子邮件设备、游戏控制台、平板计算机、可穿戴设备或者这些设备中的任何设备的组合。The systems, devices, modules, or units described in the above embodiments can be specifically implemented by computer chips or entities, or by products with certain functions. A typical implementation device is a server system. Of course, the present application does not exclude that with the development of future computer technology, the computer that realizes the functions of the above embodiments can be, for example, a personal computer, a laptop computer, a vehicle-mounted human-computer interaction device, a cellular phone, a camera phone, a smart phone, a personal digital assistant , media players, navigation devices, email devices, game consoles, tablet computers, wearable devices, or any combination of these devices.
虽然本说明书一个或多个实施例提供了如实施例或流程图所述的方法操作步骤,但基于常规或者无创造性的手段可以包括更多或者更少的操作步骤。实施例中列举的步骤顺序仅仅为众多步骤执行顺序中的一种方式,不代表唯一的执行顺序。在实际中的装置或终端产品执行时,可以按照实施例或者附图所示的方法顺序执行或者并行执行(例如并行处理器或者多线程处理的环境,甚至为分布式数据处理环境)。术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、产品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、产品或者设备所固有的要素。在没有更多限制的情况下,并不排除在包括所述要素的过程、方法、产品或者设备中还存在另外的相同或等同要素。例如若使用到第一,第二等词语用来表示名称,而并不表示任何特定的顺序。Although one or more embodiments of the present specification provide the operation steps of the method described in the embodiment or the flowchart, more or fewer operation steps may be included based on conventional or non-inventive means. The sequence of steps enumerated in the embodiments is only one of the execution sequences of many steps, and does not represent the only execution sequence. When an actual device or terminal product is executed, the methods shown in the embodiments or drawings can be executed sequentially or in parallel (such as a parallel processor or multi-thread processing environment, or even a distributed data processing environment). The term "comprising", "comprising" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, product, or apparatus comprising a set of elements includes not only those elements, but also other elements not expressly listed elements, or also elements inherent in such a process, method, product, or apparatus. Without further limitations, it is not excluded that there are additional identical or equivalent elements in a process, method, product or device comprising said elements. For example, if the words first, second, etc. are used, they are used to indicate names and do not indicate any specific order.
为了描述的方便,描述以上装置时以功能分为各种模块分别描述。当然,在实施本说明书一个或多个时可以把各模块的功能在同一个或多个软件和/或硬件中实现,也可以将实现同一功能的模块由多个子模块或子单元的组合实现等。以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。For the convenience of description, when describing the above devices, functions are divided into various modules and described separately. Of course, when implementing one or more of this specification, the functions of each module can be realized in the same or more software and/or hardware, and the modules that realize the same function can also be realized by a combination of multiple submodules or subunits, etc. . The device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components can be combined or integrated. to another system, or some features may be ignored, or not implemented. In another point, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be in electrical, mechanical or other forms.
本发明是参照根据本发明实施例的方法、装置(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or processor of other programmable data processing equipment to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing equipment produce a An apparatus for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指 令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions The device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process, thereby The instructions provide steps for implementing the functions specified in the flow chart or blocks of the flowchart and/or the block or blocks of the block diagrams.
在一个典型的配置中,计算设备包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。内存是计算机可读介质的示例。Memory may include non-permanent storage in computer-readable media, in the form of random access memory (RAM) and/or nonvolatile memory such as read-only memory (ROM) or flash RAM. Memory is an example of computer readable media.
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁磁盘存储、石墨烯存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。Computer-readable media, including both permanent and non-permanent, removable and non-removable media, can be implemented by any method or technology for storage of information. Information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read only memory (ROM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Flash memory or other memory technology, Compact Disc Read-Only Memory (CD-ROM), Digital Versatile Disc (DVD) or other optical storage, Magnetic cassettes, magnetic tape magnetic disk storage, graphene storage or other magnetic storage devices or any other non-transmission medium that can be used to store information that can be accessed by computing devices. As defined herein, computer-readable media excludes transitory computer-readable media, such as modulated data signals and carrier waves.
本领域技术人员应明白,本说明书一个或多个实施例可提供为方法、系统或计算机程序产品。因此,本说明书一个或多个实施例可采用完全硬件实施例、完全软件实施例或结合软件和硬件方面的实施例的形式。而且,本说明书一个或多个实施例可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that one or more embodiments of this specification may be provided as a method, system or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, one or more embodiments of the present description may employ a computer program embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein. The form of the product.
本说明书一个或多个实施例可以在由计算机执行的计算机可执行指令的一般上下文中描述,例如程序模块。一般地,程序模块包括执行特定任务或实现特定抽象数据类型的例程、程序、对象、组件、数据结构等等。也可以在分布式计算环境中实践本说明书一个或多个实施例,在这些分布式计算环境中,由通过通信网络而被连接的远程处理设备来执行任务。在分布式计算环境中,程序模块可以位于包括存储设备在内的本地和远程计算机存储介质中。One or more embodiments of this specification may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. One or more embodiments of the present description may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including storage devices.
本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于系统实施例而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。在本说明书的描述中,参考术语“一个实施例”、“一些实施例”、“示例”、“具体示例”、或“一些示例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或者特点包含于本说明书的至少一个实施例或示例中。在本说明书中,对上述术语的示意性表述不必须针对的是相同的实施例或示例。而且,描述的具体特征、结构、材料或者特点可以在任一个或多个实施例或示例中以合适的方式结合。此外,在不相互矛盾的情况下,本领域的技术人员可以将本说明书中描述的不同实 施例或示例以及不同实施例或示例的特征进行结合和组合。Each embodiment in this specification is described in a progressive manner, the same and similar parts of each embodiment can be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, for the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for relevant parts, refer to part of the description of the method embodiment. In the description of this specification, descriptions referring to the terms "one embodiment", "some embodiments", "example", "specific examples", or "some examples" mean that specific features described in connection with the embodiment or example , structures, materials or features are included in at least one embodiment or example of this specification. In this specification, the schematic representations of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the described specific features, structures, materials or characteristics may be combined in any suitable manner in any one or more embodiments or examples. In addition, those skilled in the art can combine and combine different embodiments or examples and features of different embodiments or examples described in this specification without conflicting with each other.
以上所述仅为本说明书一个或多个实施例的实施例而已,并不用于限制本说明书一个或多个实施例。对于本领域技术人员来说,本说明书一个或多个实施例可以有各种更改和变化。凡在本说明书的精神和原理之内所作的任何修改、等同替换、改进等,均应包含在权利要求范围之内。The above description is only an example of one or more embodiments of this specification, and is not intended to limit one or more embodiments of this specification. For those skilled in the art, various modifications and changes may occur in one or more embodiments of this description. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of this specification shall be included in the scope of the claims.

Claims (19)

  1. 一种区块链系统中的共识方法,包括:A consensus method in a blockchain system, comprising:
    第一轮:第一共识节点将共识提议的交易集合采用纠删码生成多个数据块;第一共识节点保留一份数据块,并发送第一消息至其它共识节点,发送至不同共识节点的第一消息中包括不同的所述数据块以及第一共识节点的签名;The first round: the first consensus node uses the erasure code to generate multiple data blocks from the transaction set proposed by the consensus; the first consensus node retains a data block, and sends the first message to other consensus nodes, and sends it to The first message includes the different data blocks and the signature of the first consensus node;
    第二轮:接收到所述第一消息的共识节点广播第二消息,第二消息中包括对所述交易集合的投票和签名;所述投票包括所述交易集合的摘要值;Second round: The consensus node that received the first message broadcasts a second message, the second message includes votes and signatures on the transaction set; the vote includes the summary value of the transaction set;
    第三轮:接收到第二消息的共识节点收集到至少Quorum个来自于不同共识节点的一致的投票后,广播第三消息,第三消息包括数据块、所述摘要值以及收集到的签名集合;其中第一共识节点广播的数据块包括所述保留的数据块,其余共识节点广播第一轮中收到的数据块;The third round: After the consensus node receiving the second message collects at least Quorum unanimous votes from different consensus nodes, it broadcasts the third message, which includes the data block, the digest value and the collected signature set ; Wherein the data blocks broadcast by the first consensus node include the reserved data blocks, and the remaining consensus nodes broadcast the data blocks received in the first round;
    所述其余共识节点在第三轮的末尾基于接收到的数据块采用所述纠删码恢复出所述交易集合,并在收集到至少Quorum个来自于不同节点的第三消息后,将所述摘要值对应的交易集合作为共识结果的至少一部分输出。At the end of the third round, the remaining consensus nodes use the erasure code to restore the transaction set based on the received data block, and after collecting at least Quorum third messages from different nodes, the The transaction set corresponding to the summary value is output as at least part of the consensus result.
  2. 如权利要求1所述的方法,第一共识节点将共识提议的交易集合采用纠删码生成n个数据块,所述n等于共识节点的总数。The method according to claim 1, wherein the first consensus node uses an erasure code to generate n data blocks from the transaction set proposed by the consensus, and said n is equal to the total number of consensus nodes.
  3. 如权利要求1所述的方法,第一轮中第一共识节点针对每个数据块生成对应的默克尔证明,所述发送的第一消息中还包括所述默克尔证明;The method according to claim 1, in the first round, the first consensus node generates a corresponding Merkel certificate for each data block, and the first message sent also includes the Merkel certificate;
    相应的,在第一轮的末尾接收到所述第一消息的共识节点还对所述接收到的数据块和默尔克证明进行验证;验证通过后进入第二轮。Correspondingly, at the end of the first round, the consensus node that receives the first message also verifies the received data block and the Merkle proof; after passing the verification, it enters the second round.
  4. 如权利要求3所述的方法,广播的第二消息或第三消息中还包括广播的数据块对应的默克尔证明。The method according to claim 3, wherein the broadcasted second message or the third message further includes a Merkle certificate corresponding to the broadcasted data block.
  5. 如权利要求4所述的方法,在第三轮的末尾,接收到第三消息的共识节点还对所述接收到的数据块和对应的默克尔证明进行验证;验证通过后进入采用纠删码恢复交易集合的处理。The method according to claim 4, at the end of the third round, the consensus node receiving the third message also verifies the received data block and the corresponding Merkel proof; The code resumes the processing of transaction collections.
  6. 如权利要求1所述的方法,在第三轮的末尾还验证第三消息的正确性,包括验证第三消息的签名集合中包括至少Quorum个签名。The method according to claim 1, further verifying the correctness of the third message at the end of the third round, comprising verifying that the signature set of the third message includes at least Quorum signatures.
  7. 如权利要求1所述的方法,广播第三消息的共识节点不再更改针对同一提议的交易集合的投票观点。The method of claim 1, the consensus nodes broadcasting the third message no longer change their voting views for the same proposed set of transactions.
  8. 如权利要求1-7中任一项所述的方法,所述签名集合用聚合签名或门限签名替代。The method according to any one of claims 1-7, wherein the signature set is replaced by an aggregate signature or a threshold signature.
  9. 如权利要求1所述的方法,在同一次共识过程中,所述区块链系统中的至少Quorum数量的共识节点中的每一个作为第一共识节点执行权利要求1的方法。The method according to claim 1, in the same consensus process, each of at least Quorum number of consensus nodes in the blockchain system executes the method of claim 1 as the first consensus node.
  10. 一种区块链系统,包括共识节点,其中:A blockchain system comprising consensus nodes, wherein:
    第一共识节点将共识提议的交易集合采用纠删码生成多个数据块;第一共识节点保留一份数据块,并发送第一消息至其它共识节点,发送至不同共识节点的第一消息中包括不同的所述数据块以及第一共识节点的签名;The first consensus node uses the erasure code to generate multiple data blocks from the transaction set proposed by the consensus; the first consensus node retains a copy of the data block, and sends the first message to other consensus nodes, and sends it to the first message of different consensus nodes Including different said data blocks and the signature of the first consensus node;
    接收到所述第一消息的共识节点广播第二消息,第二消息中包括对所述交易集合的投票和签名;所述投票包括所述交易集合的摘要值;The consensus node receiving the first message broadcasts a second message, the second message includes a vote and a signature on the transaction set; the vote includes a summary value of the transaction set;
    接收到第二消息的共识节点收集到至少Quorum个来自于不同共识节点的一致的投票后,广播第三消息,第三消息包括数据块、所述摘要值以及收集到的签名集合;其中第一共识节点广播的数据块包括所述保留的数据块,其余共识节点广播第一轮中收到的 数据块;After the consensus node receiving the second message collects at least Quorum unanimous votes from different consensus nodes, it broadcasts the third message, which includes the data block, the digest value and the collected signature set; where the first The data block broadcast by the consensus node includes the reserved data block, and the other consensus nodes broadcast the data block received in the first round;
    所述共识节点在第三轮的末尾基于接收到的数据块采用所述纠删码恢复出所述交易集合,并在收集到至少Quorum个来自于不同节点的第三消息后,将所述摘要值对应的交易集合作为共识结果的至少一部分输出。At the end of the third round, the consensus node uses the erasure code to restore the transaction set based on the received data block, and after collecting at least Quorum third messages from different nodes, the summary The transaction set corresponding to the value is output as at least part of the consensus result.
  11. 一种区块链系统中的共识节点,包括:A consensus node in a blockchain system, comprising:
    数据块生成单元,用于将共识提议的交易集合采用纠删码生成多个数据块,并保留一份数据块;The data block generation unit is used to generate multiple data blocks using erasure codes for the transaction set proposed by the consensus, and retain a copy of the data block;
    第一消息广播单元,用于广播第一消息至其它共识节点,发送至不同共识节点的第一消息中包括不同的所述数据块以及第一共识节点的签名;The first message broadcasting unit is configured to broadcast the first message to other consensus nodes, and the first messages sent to different consensus nodes include different data blocks and signatures of the first consensus node;
    第二消息接收单元,用于接收第二消息,第二消息中包括对所述交易集合的投票和签名;所述投票包括所述交易集合的摘要值;The second message receiving unit is configured to receive a second message, the second message includes a vote and a signature on the transaction set; the vote includes a summary value of the transaction set;
    第三消息广播单元,当第二消息接收单元收集到至少Quorum个来自于不同共识节点的一致的投票后广播第三消息,第三消息包括所述保留的数据块,所述摘要值以及收集到的签名集合;The third message broadcasting unit broadcasts a third message when the second message receiving unit collects at least Quorum unanimous votes from different consensus nodes, the third message includes the reserved data block, the digest value and the collected collection of signatures;
    第三消息收集单元,用于收集来自于不同共识节点的第三消息;A third message collection unit, configured to collect third messages from different consensus nodes;
    输出单元,在第三消息收集单元收集到至少Quorum个来自于不同节点的第三消息后,将所述摘要值对应的交易集合作为共识结果的至少一部分输出。The output unit, after the third message collection unit collects at least Quorum third messages from different nodes, outputs the transaction set corresponding to the summary value as at least a part of the consensus result.
  12. 如权利要求11所述的共识节点,所述数据块生成单元将共识提议的交易集合采用纠删码生成n个数据块,所述n等于共识节点的总数。The consensus node according to claim 11, wherein the data block generation unit generates n data blocks from the transaction set proposed by the consensus using an erasure code, and the n is equal to the total number of consensus nodes.
  13. 如权利要求11所述的共识节点,所述数据块生成单元还针对每个数据块生成对应的默克尔证明,第一消息广播单元发送的第一消息中还包括所述默克尔证明。The consensus node according to claim 11, wherein the data block generating unit further generates a corresponding Merkel certificate for each data block, and the first message sent by the first message broadcasting unit further includes the Merkel certificate.
  14. 如权利要求11所述的共识节点,广播的第三消息中还包括所述保留的数据块对应的默克尔证明。The consensus node according to claim 11, the broadcasted third message further includes the Merkle certificate corresponding to the reserved data block.
  15. 如权利要求14所述的共识节点,还包括验证单元,用于在第三消息接收单元接收到第三消息后,对第三消息中的数据块和对应的默克尔证明进行验证。The consensus node according to claim 14, further comprising a verification unit, configured to verify the data block in the third message and the corresponding Merkle certificate after the third message receiving unit receives the third message.
  16. 如权利要求11所述的共识节点,第三消息广播单元广播的第三消息中还包括在数据块生成单元保留的数据块。The consensus node according to claim 11, the third message broadcast by the third message broadcasting unit further includes the data block reserved by the data block generating unit.
  17. 一种区块链系统中的共识节点,包括:A consensus node in a blockchain system, comprising:
    第一消息接收单元,用于接收第一共识节点广播的第一消息,第一消息中包括提议的交易集合的一个数据块和第一共识节点的签名;The first message receiving unit is configured to receive the first message broadcast by the first consensus node, the first message includes a data block of the proposed transaction set and the signature of the first consensus node;
    第二消息广播单元,用于当第一消息接收单元接收到所述第一消息后广播第二消息,第二消息中包括对所述交易集合的投票和签名;所述投票包括所述交易集合的摘要值;The second message broadcasting unit is configured to broadcast a second message after the first message receiving unit receives the first message, the second message includes a vote and a signature on the transaction set; the vote includes the transaction set the digest value of
    第二消息接收单元,用于接收第二消息,第二消息中包括对所述交易集合的投票和签名;所述投票包括所述交易集合的摘要值;The second message receiving unit is configured to receive a second message, the second message includes a vote and a signature on the transaction set; the vote includes a summary value of the transaction set;
    第三消息广播单元,当第二消息接收单元收集到至少Quorum个来自于不同共识节点的一致的投票,则广播第三消息,第三消息包括所述摘要值以及收集到的签名集合;The third message broadcasting unit, when the second message receiving unit collects at least Quorum unanimous votes from different consensus nodes, broadcasts a third message, the third message includes the summary value and the collected signature set;
    第三消息收集单元,收集来自于不同共识节点的第三消息;The third message collection unit collects third messages from different consensus nodes;
    恢复单元,基于第三消息收集单元接收到的数据块采用纠删码恢复出所述交易集合;A recovery unit, based on the data block received by the third message collection unit, recovers the transaction set by using an erasure code;
    输出单元,当第三消息收集单元收集到至少Quorum个来自于不同节点的第三消息后,将所述摘要值对应的交易集合作为共识结果的至少一部分输出。The output unit outputs the transaction set corresponding to the summary value as at least a part of the consensus result after the third message collection unit collects at least Quorum third messages from different nodes.
  18. 如权利要求17所述的共识节点,第一消息接收单元接收的第一消息中还包括默克尔证明;The consensus node according to claim 17, the first message received by the first message receiving unit further includes a Merkel certificate;
    相应的,第一消息接收单元还对所述接收到的数据块和默尔克证明进行验证。Correspondingly, the first message receiving unit also verifies the received data block and the Merkle proof.
  19. 如权利要求17所述的共识节点,第二消息或第三消息中还包括广播的数据块对应的默克尔证明,第三消息收集单元还对接收到的数据块和对应的默克尔证明进行验证。The consensus node according to claim 17, the second message or the third message also includes the Merkel certificate corresponding to the broadcast data block, and the third message collection unit also checks the received data block and the corresponding Merkel certificate authenticating.
PCT/CN2022/124047 2021-10-09 2022-10-09 Consensus method, blockchain system, and consensus node WO2023056964A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202111178745.3 2021-10-09
CN202111178745.3A CN113630258B (en) 2021-10-09 2021-10-09 Consensus method, block chain system and consensus node

Publications (1)

Publication Number Publication Date
WO2023056964A1 true WO2023056964A1 (en) 2023-04-13

Family

ID=78390902

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/124047 WO2023056964A1 (en) 2021-10-09 2022-10-09 Consensus method, blockchain system, and consensus node

Country Status (2)

Country Link
CN (1) CN113630258B (en)
WO (1) WO2023056964A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113630258B (en) * 2021-10-09 2022-01-11 支付宝(杭州)信息技术有限公司 Consensus method, block chain system and consensus node
CN114338040B (en) * 2021-12-29 2024-03-08 大连理工江苏研究院有限公司 Block chain node grouping multi-chain three-time consensus method
CN114782047B (en) * 2021-12-29 2023-06-30 张海滨 Data consensus method and distributed system
CN115174574A (en) * 2022-06-30 2022-10-11 蚂蚁区块链科技(上海)有限公司 Data broadcasting method in block chain system, node and block chain system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111526217A (en) * 2020-07-03 2020-08-11 支付宝(杭州)信息技术有限公司 Consensus method and system in block chain
CN111526219A (en) * 2020-07-03 2020-08-11 支付宝(杭州)信息技术有限公司 Alliance chain consensus method and alliance chain system
CN112416905A (en) * 2020-07-03 2021-02-26 支付宝(杭州)信息技术有限公司 Block chain consensus method, node and system of badger Byzantine fault-tolerant consensus mechanism
US20210109825A1 (en) * 2018-08-31 2021-04-15 Advanced New Technologies Co., Ltd. Transaction consensus processing method and apparatus for blockchain and electronic device
CN113630258A (en) * 2021-10-09 2021-11-09 支付宝(杭州)信息技术有限公司 Consensus method, block chain system and consensus node

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019072294A2 (en) * 2018-12-13 2019-04-18 Alibaba Group Holding Limited Achieving consensus among network nodes in a distributed system
RU2718411C1 (en) * 2018-12-13 2020-04-02 Алибаба Груп Холдинг Лимитед Performing a recovery process for a network node in a distributed system
CN110246038A (en) * 2019-04-26 2019-09-17 众安信息技术服务有限公司 A kind of block chain transaction rapid acknowledgment method and system
CN112532396A (en) * 2020-12-04 2021-03-19 广东工业大学 Optimized Byzantine fault-tolerant method based on aggregated signature and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210109825A1 (en) * 2018-08-31 2021-04-15 Advanced New Technologies Co., Ltd. Transaction consensus processing method and apparatus for blockchain and electronic device
CN111526217A (en) * 2020-07-03 2020-08-11 支付宝(杭州)信息技术有限公司 Consensus method and system in block chain
CN111526219A (en) * 2020-07-03 2020-08-11 支付宝(杭州)信息技术有限公司 Alliance chain consensus method and alliance chain system
CN112416905A (en) * 2020-07-03 2021-02-26 支付宝(杭州)信息技术有限公司 Block chain consensus method, node and system of badger Byzantine fault-tolerant consensus mechanism
CN113630258A (en) * 2021-10-09 2021-11-09 支付宝(杭州)信息技术有限公司 Consensus method, block chain system and consensus node

Also Published As

Publication number Publication date
CN113630258A (en) 2021-11-09
CN113630258B (en) 2022-01-11

Similar Documents

Publication Publication Date Title
WO2023056974A1 (en) Consensus method, blockchain system and consensus nodes
WO2023056964A1 (en) Consensus method, blockchain system, and consensus node
WO2023056967A1 (en) Consensus method, blockchain system and consensus nodes
WO2023056958A1 (en) Consensus method, blockchain system, and consensus node
CN114401150B (en) Method for adding node in blockchain network and blockchain system
WO2023056966A1 (en) Consensus method, blockchain system, and consensus node
WO2023056976A1 (en) Consensus method, blockchain system and consensus node
Yin et al. HotStuff: BFT consensus in the lens of blockchain
WO2023056975A1 (en) Consensus method and blockchain system
WO2023185045A1 (en) Method and system for generating random seed on blockchain, and consensus node
WO2023185051A1 (en) Method for generating random number seeds on blockchain, and system and consensus node
CN114640451A (en) Method, system and consensus node for realizing distributed key generation on block chain
CN115865341A (en) Method, system and node for realizing distributed key generation on block chain
KR102652737B1 (en) An efficient dual-mode consensus protocol for blockchain networks
CN114650132A (en) Method, system and consensus node for realizing distributed key generation on block chain
CN116846912A (en) View switching method, consensus node and block chain system in PBFT algorithm
CN116527694A (en) Consensus method in block chain system, consensus node and block chain system
CN115174572B (en) Data multicasting method in blockchain, blockchain node and storage medium
CN116846906A (en) Consensus method and block chain link point
CN116032461A (en) Method and node for realizing distributed key generation on blockchain
CN116846907A (en) Consensus method and block chain link point
CN116484417A (en) Transaction proposal method in blockchain system, consensus node and blockchain system
CN116015621A (en) Method, system and node for realizing distributed key generation on blockchain
Bashir Early Protocols
CN116823463A (en) Transaction proposal method in blockchain system, consensus node and blockchain system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22877978

Country of ref document: EP

Kind code of ref document: A1