WO2023056974A1 - 共识方法、区块链系统和共识节点 - Google Patents

共识方法、区块链系统和共识节点 Download PDF

Info

Publication number
WO2023056974A1
WO2023056974A1 PCT/CN2022/124115 CN2022124115W WO2023056974A1 WO 2023056974 A1 WO2023056974 A1 WO 2023056974A1 CN 2022124115 W CN2022124115 W CN 2022124115W WO 2023056974 A1 WO2023056974 A1 WO 2023056974A1
Authority
WO
WIPO (PCT)
Prior art keywords
message
consensus
node
nodes
data block
Prior art date
Application number
PCT/CN2022/124115
Other languages
English (en)
French (fr)
Inventor
刘盛云
邓福喜
闫莺
徐文博
Original Assignee
支付宝(杭州)信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 支付宝(杭州)信息技术有限公司 filed Critical 支付宝(杭州)信息技术有限公司
Publication of WO2023056974A1 publication Critical patent/WO2023056974A1/zh

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/004Arrangements for detecting or preventing errors in the information received by using forward error control
    • H04L1/0041Arrangements at the transmitter end
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • H04L12/1854Arrangements for providing special services to substations for broadcast or conference, e.g. multicast with non-centralised forwarding system, e.g. chaincast
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/46Secure multiparty computation, e.g. millionaire problem
    • H04L2209/463Electronic voting

Definitions

  • the embodiments of this specification belong to the field of blockchain technology, and in particular relate to a consensus method, a blockchain system, and consensus nodes.
  • Blockchain is a new application model of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithm.
  • the data blocks are combined into a chained data structure in a sequentially connected manner in chronological order, and a non-tamperable and unforgeable distributed ledger is cryptographically guaranteed. Due to the characteristics of decentralization, non-tamperable information, and autonomy, the blockchain has also received more and more attention and application.
  • the purpose of the present invention is to provide a consensus method, blockchain system and consensus nodes, including: a consensus method in the blockchain system, including: the first round: the first consensus node uses the transaction set proposed by the consensus to correct Delete code to generate multiple data blocks; the first consensus node sends the first message to other consensus nodes, and the first message sent to different consensus nodes includes different data blocks and the signature of the first consensus node; the second round: The consensus node that received the first message broadcasts a second message, the second message includes the received data block, and includes votes and signatures on the transaction set; the vote includes a summary of the transaction set value; third round: after the consensus node receiving the second message collects at least Quorum unanimous votes from different consensus nodes, it broadcasts the third message, which includes the digest value and the collected signature set; At the end of the second round or the third round, the consensus node uses the erasure code to recover the transaction set based on the received data block, and after collecting at least Quorum third messages from different nodes, Outputting the transaction set
  • a blockchain system including consensus nodes, wherein: the first consensus node uses erasure codes to generate multiple data blocks from the transaction set proposed by the consensus; the first consensus node sends the first message to other consensus nodes, and sends it to different consensus nodes
  • the first message of the node includes the different data blocks and the signature of the first consensus node
  • the consensus node that receives the first message broadcasts a second message, the second message includes the received data block, and Including votes and signatures on the transaction set
  • the vote includes the summary value of the transaction set
  • the consensus node collects at least Quorum unanimous votes from different consensus nodes, and broadcasts the third message, the third message includes the digest value and the collected signature set
  • the consensus node restores the transaction set based on the received data block at the end of the second round or the third round using the erasure code, And after collecting at least Quorum third messages from different nodes, output the transaction set corresponding to the summary value as at least a part of the consensus result.
  • a consensus node in a blockchain system comprising: a data block generation unit, configured to generate multiple data blocks using an erasure code for a transaction set proposed by the consensus; a first message broadcast unit, configured to broadcast the first message to other The consensus node, the first message sent to different consensus nodes includes different data blocks and the signature of the first consensus node; the second message receiving unit is used to receive the second message, the second message includes the data block, and Including votes and signatures on the transaction set; the vote includes the summary value of the transaction set; the third message broadcast unit, when the second message receiving unit collects at least Quorum unanimous votes from different consensus nodes broadcast a third message, the third message includes the summary value and the collected signature set; the third message collection unit is used to collect the third message from different consensus nodes; the output unit is collected in the third message collection unit After at least Quorum third messages from different nodes, the transaction set corresponding to the summary value is output as at least a part of the consensus result.
  • a consensus node in a blockchain system comprising: a first message receiving unit, configured to receive a first message broadcast by the first consensus node, the first message including a data block of a proposed transaction set and the first consensus node signature; the second message broadcasting unit is used to broadcast a second message when the first message receiving unit receives the first message, and the second message includes the data block, the vote and the signature on the transaction set; The vote includes a summary value of the transaction set; a second message receiving unit is configured to receive a second message, and the second message includes a vote and a signature on the transaction set; the vote includes a summary of the transaction set Value; the third message broadcasting unit, when the second message receiving unit collects at least Quorum unanimous votes from different consensus nodes, then broadcast the third message, the third message includes the abstract value and the collected signature set; The third message collection unit collects third messages from different consensus nodes; the recovery unit uses the erasure code to restore the transaction set based on the data blocks received by the second message receiving unit or the third message collection unit; The
  • the erasure code is used to generate several data blocks for the transaction proposed by the consensus, and the proposed consensus node does not need to transmit larger data packets to other Instead, different data blocks of the data packet are transmitted to different consensus nodes, which can reduce the amount of data transmitted by the network. Forwarding the data blocks sent by the proposed consensus nodes in the second round can make full use of the bandwidth resources between nodes in the network, thereby improving the performance of the consensus protocol as a whole.
  • Fig. 1 is a schematic diagram of a conventional stage of a practical Byzantine fault-tolerant algorithm in an embodiment
  • Fig. 2 is a schematic diagram of the view switching stage of the practical Byzantine fault-tolerant algorithm in an embodiment
  • Fig. 3 is a schematic diagram of the honey badger Byzantine fault-tolerant algorithm in an embodiment
  • Fig. 4 is a flowchart of the consensus algorithm in an embodiment of this specification.
  • Fig. 5 is a schematic diagram of a consensus algorithm in an embodiment of this specification.
  • Fig. 6 is a schematic diagram of a consensus algorithm in an embodiment of this specification.
  • Fig. 7 is a schematic diagram of a consensus algorithm in an embodiment of this specification.
  • Fig. 8 is a schematic diagram of a consensus algorithm in an embodiment of this specification.
  • Fig. 9 is a schematic diagram of a consensus algorithm in an embodiment of this specification.
  • FIG. 10 is an architecture diagram of a consensus node in an embodiment of this specification.
  • Fig. 11 is an architecture diagram of a consensus node in an embodiment of this specification.
  • Fig. 12 is a schematic diagram of an erasure code in an embodiment of this specification.
  • Fig. 13 is a schematic diagram of Merkle Tree in an embodiment of this specification.
  • nodes In the blockchain system, different participants can establish a distributed blockchain network through the deployed nodes (Nodes).
  • Nodes A decentralized (or multi-centered) distributed ledger constructed using a chained block structure is stored on each node (or most nodes, such as consensus nodes) in the distributed blockchain network.
  • Such a blockchain system needs to solve the problem of the consistency and correctness of the respective ledger data on multiple decentralized (or multi-centered) nodes.
  • Each node runs a blockchain program. Under the design of certain fault-tolerant requirements, the consensus mechanism is used to ensure that all loyal nodes have the same transaction, so as to ensure that all loyal nodes have the same execution results for the same transaction, and will Transactions and execution results are packaged to generate blocks.
  • the current mainstream consensus mechanisms include: Proof of Work (POW), Proof of Stake (POS), Delegated Proof of Stake (DPOS), Practical Byzantine Fault Tolerance (PBFT) ) algorithm, Honey Badger Byzantine Fault Tolerance (HoneyBadgerBFT) algorithm, etc.
  • POW Proof of Work
  • POS Proof of Stake
  • DPOS Delegated Proof of Stake
  • PBFT Practical Byzantine Fault Tolerance
  • HoneyBadgerBFT Honey Badger Byzantine Fault Tolerance
  • the algorithm assumes that when at most f replicas (ie, nodes) fail, if there are at least 3f+1 replicas in total, security and liveness can be guaranteed to be provided in an asynchronous system.
  • a set of a certain number of copies required to ensure the data consistency and fault tolerance requirements of all copies is generally a collection of most nodes in a distributed system, forming a majority (Quorum).
  • the Quorum is 2f+1. In this way, for a distributed system containing four nodes, any three nodes can form a Quorum.
  • PBFT includes two processes, Normal Case Phase and View Change Phase.
  • Figure 1 is a flow chart of the Normal Case Phase (normal phase) process.
  • the Normal Case Phase mainly includes three phases: PRE-PREPARE (pre-preparation), PREPARE (preparation) and COMMIT (commitment).
  • node 3 can represent a downtime node (indicated by ⁇ in Figure 1), for example.
  • FIG. 2 is a schematic diagram of View Change Phase (view switching). If the master node goes offline or does evil and does not broadcast the client's request, etc., the client can set a timeout mechanism. If it times out, the client can broadcast the request message to all replica nodes.
  • the replica node After the replica node detects that the master node is malicious or goes offline, it can also initiate the View Change protocol phase to replace the master node (often referred to as "master change").
  • master change the three-stage consensus process of PRE-PREPARE, PREPARE and COMMIT may fail due to the wrong proposal initiated by the master node, or the PREPARE and COMMIT stages may not reach the number of Quorum (such as 2f+1 of 3f+1 nodes, Also known as the quorum), the consensus cannot be completed. In these cases it is also possible to initiate the View Change protocol phase to replace the master node.
  • the PBFT protocol is a partial synchronous protocol, which is characterized by assuming that the network is asynchronous at the beginning, but it can be synchronized from a certain moment. To allow different nodes to reach a consensus on the same proposal in the network, the easiest way is to set up a master node, and the master node will unify the opinions of each node. By setting the timer, you can prevent the master node from making mistakes. In PBFT, if the Normal Case Phase is not completed within a limited time, Backups will be triggered to initiate the View Change Phase to replace the primary node. PBFT fixes the master node in one position, and all requests can be sent to the master node first, and then broadcast to other consensus nodes by the master node.
  • the HoneyBadgerBFT also often abbreviated as HBBFT
  • HBBFT asynchronous (asynchronous) protocol.
  • Asynchronous protocols are suitable for asynchronous networks, that is, messages between nodes in this network can be delayed arbitrarily, but will eventually arrive. The timer is removed from HoneyBadgerBFT, and the execution of the protocol is driven by messages.
  • all nodes in the HoneyBadgerBFT algorithm are equal, there is no distinction between master nodes and backup nodes, and there is no process of changing masters.
  • Asynchronous network consensus protocols such as HBBFT have no concept of master nodes. Each node can propose a request and try to construct a block. Therefore, asynchronous network protocols alleviate the problems of fairness and single-node bottlenecks to a certain extent.
  • FIG 3 is a flow chart of the single node angle of the HoneyBadgerBFT algorithm.
  • all nodes in the HoneyBadgerBFT algorithm are peers, that is, all nodes can execute the process shown in Figure 3.
  • HoneyBadgerBFT mainly includes two stages, namely Reliable Broadcast (RBC) and Asynchronous Binary Agreement (ABA, asynchronous binary agreement, also known as "01 Asynchronous consensus").
  • RBC Reliable Broadcast
  • ABA Asynchronous Binary Agreement
  • the RBC phase includes at least three rounds of message interaction of Rval, Echo, and Ready
  • the ABA phase includes at least three rounds of message interaction of Bval, Aux, and Coin.
  • RBC uses three rounds of message exchanges to ensure reliable proposal broadcasting.
  • ABA first conducts two rounds of voting (Bval and AUX messages), and then uses Coin toss (Coin) to unify the proposals of each node, thereby bypassing the network synchronization requirements of the semi-synchronous protocol.
  • a HoneyBadgerBFT consensus must go through the RBC phase and at least one ABA phase. In the best case, there is a probability of 1/2 that the HoneyBadgerBFT consensus process can be ended. In this way, it takes 6 rounds to complete a consensus. In addition, there is a 1/4 probability that it will enter the ABA process again, as shown in Figure 3 for the second ABA process (the ABA process represented by rounds 7, 8, and 9), and there is a 1/4 probability that it will end in the second round.
  • HoneyBadgerBFT includes at least one RBC (three rounds) and one ABA (three rounds). If the ABA voting result is inconsistent with the coin toss result, the protocol enters a new round of ABA (at least three additional rounds). Tossing coins brings uncertainty to the rounds of consensus and may increase delays.
  • This application provides an embodiment of a consensus algorithm, as shown in Figure 4, which specifically includes: S41: [First round]
  • the first consensus node uses erasure codes to generate multiple data blocks from the transaction set proposed by the consensus; the first consensus node
  • the first message is sent to other consensus nodes, and the first messages sent to different consensus nodes include different data blocks and signatures of the first consensus node.
  • a consensus algorithm in this application may include 3 rounds of interaction. Similar to HBBFT, the consensus algorithm of the embodiment shown in Figure 5 is also an asynchronous protocol, that is, it is assumed that messages between nodes in the network can be delayed arbitrarily, but will eventually arrive. Similarly, the timer is also removed in the embodiment in Figure 5, and the execution of the protocol is driven by messages; at the same time, all nodes can be peer-to-peer, there is no distinction between the master node and the backup node, and any consensus node can initiate consensus Proposals, each consensus node can also participate in the consensus process where other nodes propose consensus proposals. The result of a consensus can include the sum of the transaction sets in the consensus proposal proposed by all nodes in this consensus and obtained at least the same number of Quorum votes.
  • Node 0 can initiate a consensus proposal, which can include a packaged transaction set, for example, marked as m 0 , m 0 can include a series of transaction sets ⁇ tx 01 , tx 02 , .. .,tx 0n ⁇ . Furthermore, Node 0 can generate multiple data blocks by adopting erasure coding (Erasure Coding) for the transaction set m 0 proposed by the consensus. Generally, the number n of data blocks generated using erasure codes can be (the total number of consensus nodes-1).
  • Erasure Coding erasure Coding
  • Node 0 uses erasure codes on m 0 to generate 3 data blocks (data blocks), namely m 00 , m 01 , and m 02 .
  • data blocks data blocks
  • they can have corresponding hash values respectively.
  • the hash value corresponding to m 00 is hash 000
  • the corresponding hash value of m 01 is hash 001
  • the corresponding hash value of m 02 is hash 002 , as shown in the figure 12 shown.
  • Erasure code is a coding error-tolerant technology, which was first used for data recovery in data transmission in the communication industry. By adding verification data to the original data, each split data is associated.
  • Data m can be generated into N data blocks through EC.
  • the N data blocks generally include p data blocks after data m is split, and q data blocks for storing erasure codes are also added. In this way, the original data m can be restored through any p pieces of data in the p+q pieces.
  • Node 0 can also build a Merkle Tree (Merkle tree, usually also called a Hash Tree) for the generated data block.
  • Merkle tree Merkle tree, usually also called a Hash Tree
  • the hash values of the three data blocks m 00 , m 01 , and m 02 are hash 000 , hash 001 , and hash 002 , respectively.
  • the number of bottom leaf nodes is 2n .
  • the number of data blocks generated by using erasure coding (Erasure Coding) is not necessarily 2 n .
  • the hash of the last data block can be repeated several times to complete the 2 n leaf nodes of the Merkle Tree.
  • Node 0 constructs the consensus-proposed transaction set m 0 using erasure codes to generate 3 data blocks m 00 , m 01 , and m 02
  • the Merkle Tree can be shown in Figure 13.
  • the hash value corresponding to m 00 is hash 0000
  • the corresponding hash value to m 01 is hash 0001
  • the corresponding hash value to m 02 is hash 0002 .
  • the extra leaf node of the Merkle Tree can take the hash value corresponding to the last data block.
  • hash 003 may be the hash value of m 02 .
  • Merkle Tree and Merkle proof can also be constructed. Construct the hash value in pairs, and you can get hash 00 and hash 01 .
  • hash 00 can be obtained by sequentially splicing hash 000 and hash 001 and calculating hash
  • hash 01 can be obtained by sequentially splicing hash 002 and hash 003 and calculating hash.
  • hash 00 and hash 01 can be sequentially concatenated to calculate hash, thereby obtaining hash 0 .
  • Node 0 can generate a corresponding merkle proof (Merkle proof).
  • Merkle proof For example, for m 01 , the generated Merkle proof includes hash 000 , hash 01 , and hash 0 ; for m 02 , the generated Merkle proof includes hash 003 , hash 00 , and hash 0 . It can be seen that the Merkle proof is an ordered set of hash values. Through such an ordered set, the hash value of the root node of the Merkle tree can be calculated.
  • the first consensus node sends the first message to other consensus nodes.
  • the other consensus nodes are the remaining consensus nodes in the blockchain system that are different from the first consensus node.
  • the first messages sent to different consensus nodes may include different Data block, corresponding Merkle proof.
  • the first consensus node Node 0 may send the first message Val message to Node 1 , the Val message may include the data block m 00 , and include the Merkel proof hash 001 , hash 01 , and hash 0 corresponding to the data block.
  • Node 0 may send a first message Val message to Node 2 , the Val message may include data block m 01 , and include Merkle certificates hash 000 , hash 01 , and hash 0 corresponding to the data block.
  • Node 0 may send a first message Val message to Node 3 , the Val message may include data block m 02 , and include Merkle certificates hash 003 , hash 00 , and hash 0 corresponding to the data block. As shown in Figure 5.
  • Val message sent by Node 0 to Node 1 may also include the signature of Node 0 , for example, marked as sig 00 .
  • Node 0 can use its own private key to sign the payload (payload) part of the message. Here, for example, it signs m 00 and its corresponding Merkle proof to obtain sig 00 .
  • Node 0 may firstly perform hash calculation on the payload (payload) part of the message to obtain a hash value (that is, a digest value), and then sign the hash value with its own private key to obtain sig 00 .
  • the Val message sent by Node 0 to other Nodes is similar and will not be repeated here.
  • the format of the Val message can be such as ⁇ r, m 00 , the Merkel proof corresponding to m 00 , sig 00 >, where r can represent the rth consensus.
  • the consensus proposal for m 0 here is the rth consensus
  • the transaction set m 1 of the next consensus proposal can correspond to the r+1th consensus.
  • the sig 00 may also be a signature of the data including r and m 00 and their corresponding Merkle certificates using its own private key.
  • it is also possible to perform hash calculation on m 00 and the corresponding Merkle certificate first to obtain the hash value, and then use its own private key to sign the hash value and the data including r to obtain sig 00 .
  • S43 [Second round] The consensus node that received the first message broadcasts a second message, the second message includes the received data block, and includes the vote and signature of the transaction set; the vote includes the The digest value of transaction set m0 .
  • the consensus nodes that received the first message can verify the correctness of the received first message.
  • Node 1 may use the public key of Node 0 to verify the signature of Node 0 in the first message.
  • the first message may further include a Merkle certificate corresponding to the received data block.
  • the consensus node that received the first message can also verify the data block in the received first message and the corresponding Merkle proof.
  • the consensus node that receives the Val message can calculate the hash value of the consensus-proposed data block in the Val message.
  • Node 1 after Node 1 receives the Val message sent by the first consensus node Node 0 , it can calculate the hash value of the data block m 00 included in the Val message, for example, hash 000 .
  • the received Val message also includes the merkle proof corresponding to the contained data block.
  • Node 1 receives the Val message sent by the first consensus node Node 0 , which also includes the Merkel proof hash 001 , hash 01 , and hash 0 corresponding to data block m 00 .
  • the consensus node that receives the Val message can verify the correctness of the data through the Merkle proof contained in the Val message.
  • Node 1 After Node 1 obtains the hash value hash 000 of m 00 in the Val message through the aforementioned calculation, it further calculates together with the Merkel proof in the Val message, including calculating hash 000 and hash 001 to obtain hash ′ 00 , and then by Hash ′ 00 and hash 01 are calculated to obtain hash ′ 0 , so as to determine whether m 00 is correct by comparing whether hash ′ 0 and hash 0 are consistent.
  • the consensus node that has received the first message may broadcast the second message.
  • Node 1 , Node 2 , and Node 3 respectively broadcast the second message to other consensus nodes.
  • the second message broadcast by the consensus node may include the received data block in the first message. This broadcasted second message may be denoted as Bval.
  • Node 1 , Node 2 , and Node 3 can broadcast the second message to tell other consensus nodes to vote on the consensus proposal initiated by Node 0 , and the vote can be to approve or disapprove the consensus proposal. If the consensus node approves the transaction set proposed by Node 0 in this consensus, it can broadcast the hash value of the transaction set in the second round of message interaction, such as hash 0 above. On the contrary, if the consensus node does not approve the transaction set proposed by Node 0 in this consensus, it can broadcast 0 in the second round of message interaction.
  • Node 0 does not need to participate in the broadcast, because Node 0 initiates a consensus proposal in the first round, which itself can represent Node 0 ’s approval of the message set in the consensus proposal, so that in the second round Node 1 , Node 2 , and Node 3 may respectively broadcast the second message to other consensus nodes.
  • the second message broadcast by the consensus node may also include the Merkle certificate corresponding to the received data block.
  • the consensus node that received the first message can receive the data block and the Merkle proof corresponding to the data block.
  • the second message broadcast by the consensus node can also include the Merkle proof corresponding to the data block.
  • the consensus nodes that received the second message can also verify the data block in the second message and the corresponding Merkle proof.
  • the second message may also include a signature on the set of transactions.
  • the consensus node that receives the first message at the end of the first round can verify the correctness of the received first message, for example, Node 1 verifies whether the signature of Node 0 is correct, and the received data block and corresponding The Merkle proof is verified. If the verification is correct, the consensus node receiving the first message can use its own private key to sign the data block in the first message it receives. For example, Node 1 signs the data block m 00 of the transaction set m 0 in the first message to obtain sig 10 ; or Node 1 signs the hash value hash 0 of m 0 with its own private key to obtain sig 10 .
  • the format of the Bval message can be such as ⁇ r, m 00 , the Merkel proof corresponding to m 00 , hash 0 , sig 10 >, where r can represent the rth consensus, and hash 0 is the hash value of m 0 , which means Voting opinion for m 0 is yes.
  • the sig 10 may also be the signature of data including r, m 01 , the Merkel certificate corresponding to m 01 and hash 0 by using its own private key.
  • sig 10 is obtained.
  • Node 2 After receiving the Val message from Node 0 , Node 2 can similarly verify whether the signature of Node 0 is correct, and verify the received data block m 01 and the corresponding Merkle certificate. If the verification is correct, Node 2 can use its own private key to sign the data block m 01 in the first message received by itself, or use its own private key to pair the Merkle certificate corresponding to r, m 01 , m 01 and The data signature including hash 0 , so as to get sig 20 , and then the Bval message can also be broadcast.
  • the Bval message can include m 01 , the Merkle proof corresponding to m 01 , hash 0 and signature sig 20 .
  • Node 3 After receiving the Val message from Node 0 , Node 3 can similarly verify whether the signature of Node 0 is correct, and verify the received data block m 02 and the corresponding Merkle certificate. If the verification is correct, Node 3 can use its own private key to sign the data block m 02 in the first message received by itself, or use its own private key to pair the Merkel certificate corresponding to r, m 02 , m 02 and The data signature including hash 0 , so as to get sig 30 , and then the Bval message can also be broadcast.
  • the Bval message can include m 02 , the Merkle proof corresponding to m 02 , hash 0 and signature sig 30 .
  • the consensus nodes in the second round broadcast the second message Bval message, so that at the end of the second round, the consensus nodes that received the second message can collect the data blocks in the second message and votes on the consensus proposal.
  • Node 1 can collect the votes in the Bval message at the end of the second round, assuming that the votes collected by Node 1 in the second message broadcast by Node 2 and Node 3 are the hash value hash 0 of the transaction set m 0 , and if the vote in the second message broadcast by Node 1 in the second round is also the hash value hash 0 of the transaction set m 0 (also means the approval of the transaction set), and received in the first round
  • Node 2 and Node 3 are similar to Node 1 and will not be repeated here.
  • a data block m 00 of the transaction set m 0 sent by Node 0 is received from the first round of Val messages, and a data block m 00 of the transaction set m 0 sent by Node 2 is received from the second round of Bval messages
  • Data block m 01 , a data block m 02 of transaction set m 0 sent by Node 3 is received from the second round of Bval messages.
  • Node 1 According to the settings of p and q in the erasure code as mentioned above (generally q is at least 1, and Node 1 should receive at least p different data blocks in the second round), Node 1 has a high probability of being able to get from m 0 is decoded from m 00 , m 01 , and m 02 , so that the complete proposed transaction set of Node 0 can be recovered.
  • a data block m 01 of the transaction set m 0 sent by Node 0 is received from the first round of Val messages
  • the transaction set m sent by Nod 1 is received from the second round of Bval messages 0
  • a data block m 00 of the transaction set m 0 sent by Node 3 is received from the second round of Bval messages.
  • Node 2 According to the settings of p and q in the erasure code as mentioned above (generally q is at least 1, and Ndde 1 should receive at least p different data blocks in the second round), Node 2 has a high probability of being able to start from m 0 is decoded from m 00 , m 01 , and m 02 , so that the complete proposed transaction set of Node 0 can be recovered.
  • a data block m 02 of the transaction set m 0 sent by Node 0 is received from the first round of Val messages
  • the transaction set m sent by Node 1 is received from the second round of Bval messages 0
  • a data block m 01 of the transaction set m 0 sent by Node 2 is received from the second round of Bval messages.
  • Node 1 According to the settings of p and q in the erasure code as mentioned above (generally q is at least 1, and Node 1 should receive at least p different data blocks in the second round), Node 1 has a high probability of being able to get from m 0 is decoded from m 00 , m 01 , and m 02 , so that the complete proposed transaction set of Node 0 can be recovered.
  • the consensus node can use the erasure code to restore the transaction set based on the received data block.
  • the second message broadcast by the consensus node may include the data block and its corresponding Merkle proof.
  • the consensus node receiving the second message can also verify the data block in the second message and the corresponding Merkle proof.
  • the original data can be recovered after passing the verification, that is, m 0 can be obtained from the aforementioned decoding, and the complete proposed transaction set of Node 0 can be recovered from it.
  • the consensus node can also collect the signatures of different nodes at the end of the second round, as mentioned earlier.
  • the number of votes collected up to the second round can be counted by signing. For example, if Node 1 collects sig 10 (the Bval message broadcast by Node 1 in the second round contains the vote of Node 1 and is also collected and signed), sig 20 and sig 30 respectively include the same hash value, then it means There are 3 votes for approval of the hash (in addition, it can also include the signature sig 00 of the same hash value received in the Val message sent by Node 0 at the end of the first round, and a total of 4 signatures are collected for the same hash value) .
  • the third message is broadcast.
  • the third message can be recorded as a Prom message, which means that it promises not to change its opinion on the proposal m 0 .
  • the hash value of m 0 can indicate approval, and 0 can indicate disapproval.
  • Node 2 and Node 3 are also similar.
  • the third broadcast message may include the collected votes for m 0 , such as the hash values and signatures collected in the first and second rounds above.
  • the format of the Prom message can be such as ⁇ r, hash, ⁇ signature set>>.
  • Node 0 assuming that Node 0 collects Node 1 in the second round, and the votes in the Bval messages broadcast by Node 2 and Node 3 respectively are all hash values of the transaction set m 0 , so that Node 1 .
  • the signatures of Node 2 and Node 3 on m 0 are votes of sig 10 , sig 20 , and sig 30 respectively, and the Val message broadcast by Node 0 in the first round also includes its own vote for m 0
  • the signature of 0 (or the hash value of m 0 ) is the hash value of sig 00 .
  • the Prom message broadcast by Node 0 in the third round may include the hash value and the collected hash value and signature set that different nodes express approval for the proposed transaction set m 0 .
  • the signature set is, for example, sig 00 , sig 10 , sig 20 , sig 30 .
  • Node 1 collects in the second round that the votes in the Bval messages broadcast by Node 2 and Node 3 are all the hash values of the transaction set m 0
  • Node 2 and Node 3 respectively collect
  • the signature of m 0 (or the hash value of m 0 ) is the vote of sig 20 and sig 30
  • the Val message broadcast by Node 0 in the first round also includes its signature on m 0 (or the hash value of m 0 ) is a vote of sig 00
  • the Bval message broadcast by Node 1 in the second round also includes the vote that its signature on m 0 (or the hash value of m 0 ) is sig 10 .
  • the Prom message broadcast by Node 1 in the third round may include the hash value and the collected hash value and signature set that different nodes approve of the proposed transaction set m 0
  • the signature set includes, for example, sig 00 , sig 10 , sig 20 , sig 30 .
  • Node 2 and Node 3 are also similar to Node 1 .
  • the above signature set can also be replaced by an aggregate signature or a threshold signature.
  • the consensus node uses the erasure code to recover the transaction set based on the received data block, and after collecting at least Quorum third messages from different nodes, Outputting the transaction set corresponding to the summary value as at least a part of the consensus result.
  • consensus nodes that have received Prom messages can count the number of collected Prom messages.
  • the condition for the consensus node to send the Prom message in the third round is that at least Quorum unanimous votes from different consensus nodes have been collected in the second round, and it has not broadcast different votes for the proposal, which is equivalent to the second round
  • the consensus node confirms that a total of at least Quorum number of consensus nodes (including itself) votes for the proposal m 0 .
  • Node 0 collects at least Quorum consistent digest values in the first round and the second round, and then, the Prom message broadcast by Node 0 in the third round may include the hash value and the collected different nodes for the
  • the proposed transaction set m 0 represents the approved hash value and signature set, and the signature set includes, for example, sig 00 , sig 10 , sig 20 , and sig 30 .
  • Node 1 collects at least Quorum consistent digest values in the first round and the second round, and then, the Prom message broadcast by Node 1 in the third round may include the hash value and the collected different nodes for the
  • the proposed transaction set m 0 represents the approved hash value and signature set, and the signature set includes, for example, sig 00 , sig 10 , sig 20 , and sig 30 .
  • Node 2 and Node 3 are also similar to Node 1 .
  • Node 0 can collect at least Quorum Prom messages. Through Quorum Prom messages, Node 0 can confirm that each of at least Quorum consensus nodes has collected at least Quorum number of votes to approve the proposed transaction set m 0 , and each consensus node that sends Prom messages commits to The point of view of voting will not be changed, so that Node 0 can further complete this consensus, that is, output the transaction set m 0 corresponding to the summary value as at least a part of the consensus result. Node 1 , Node 2 and Node 3 are also similar. Similarly, other consensus nodes such as Node 1 , Node 2 , and Node 3 can further complete this consensus, that is, output the transaction set m 0 corresponding to the digest value as at least a part of the consensus result.
  • the consensus node Since multiple data blocks can be received at the end of the second round, the consensus node has a high probability of recovering the transaction set based on the received data blocks at the end of the second round using the erasure code.
  • the third round of Prom messages can add signatures.
  • the Prom message broadcast by Node 1 in the third round may include Node 1's signature of ⁇ r, hash, ⁇ signature set>> in the Prom message.
  • FIG. 5 can be executed by Node 0 in the figure, and can also be extended to be executed by Node 0 , Node 1 , Node 2 and Node 3 .
  • every consensus node that collects at least Quorum third messages from different nodes can output the transaction set corresponding to the summary value as the entire consensus result, except for Figure 5
  • any one of Figs. 6, 7, 8, and 9 may be used.
  • Figure 5 is from the perspective of Node 0 , which initiates a consensus proposal.
  • Node 1 , Node 2 , and Node 3 Any one can also initiate a proposal, and other consensus nodes cooperate to complete the above-mentioned similar process, so that the whole is the superposition of Figures 5, 6, 7, 8, and 9.
  • the transaction set of Node 0 initiating the consensus proposal is m 0
  • the transaction set of Node 1 initiating the consensus proposal is m 1
  • the transaction set of Node 2 initiating the consensus proposal is m 2
  • the transaction set of Node 3 initiating the consensus proposal The set is m 3 , so m 0 can correspond to hash 0
  • m 1 can correspond to hash 1
  • m 2 can correspond to hash 2
  • m 3 can correspond to hash 3 .
  • the consensus output of each consensus node is ⁇ m 0 , m 1 , m 2 , m 3 ⁇ with high probability.
  • the order of m 0 , m 1 , m 2 , m 3 in the output results It can be sorted according to certain rules, for example, sorted according to the size order of the corresponding hash values.
  • the delay caused by the consensus process is greatly reduced.
  • it is equivalent to combining the last two rounds of the RBC process and the first two rounds of the ABA process in the HBBFT by using the forward-looking voting and digital signature technology, thereby shortening the required rounds.
  • the forward-looking voting refers to voting in the second round of Bval in the above embodiment, while HBBFT needs to vote in the fifth round of Bval in the ABA process.
  • the digital signature refers to the digital signature used in the first round and the second round in the above embodiment.
  • the proposed consensus node does not need to transmit a larger data packet to each of the remaining consensus nodes, but transmits different data blocks of the data packet to different consensus nodes. nodes, which can reduce the amount of data transmitted by the network. Forwarding the data blocks sent by the proposed consensus nodes in the second round can make full use of the bandwidth resources between nodes in the network, thereby improving the performance of the consensus protocol as a whole.
  • the present application also provides an embodiment of a blockchain system, including consensus nodes, wherein: the first consensus node uses erasure codes to generate multiple data blocks from the transaction set proposed by the consensus; the first consensus node sends the first message to other consensus nodes Nodes, the first message sent to different consensus nodes includes different data blocks and the signature of the first consensus node; the consensus node that receives the first message broadcasts a second message, and the second message includes the received The received data block, and includes votes and signatures on the transaction set; the vote includes the digest value of the transaction set; the consensus node that received the second message has collected at least Quorum consistent After voting, broadcast a third message, the third message includes the digest value and the collected signature set; the consensus node uses the erasure code to recover at the end of the second or third round based on the received data block Output the transaction set, and after collecting at least Quorum third messages from different nodes, output the transaction set corresponding to the summary value as at least a part of the consensus result.
  • the first consensus node uses the erasure code to generate n-1 data blocks from the transaction set proposed by the consensus, and the n is equal to the total number of consensus nodes.
  • the first consensus node generates a corresponding Merkel certificate for each data block, and the first message sent also includes the Merkel certificate; correspondingly, at the end of the first round, receiving The consensus node that received the first message also verifies the received data block and the Merkle proof; after passing the verification, it enters the second round.
  • the first consensus node In the first round, the first consensus node generates a corresponding Merkel certificate for each data block, and the first message sent also includes the Merkel certificate; correspondingly, at the end of the first round, all The consensus node of the above-mentioned first message also verifies the received data block and the Merkle proof; after passing the verification, it enters the second round.
  • the second message further includes the Merkle certificate corresponding to the received data block.
  • the consensus node receiving the second message also verifies the data block in the second message and the corresponding Merkle proof.
  • the correctness of the third message is also verified, including verifying that the signature set of the third message includes at least Quorum signatures.
  • the consensus node broadcasting the third message no longer changes the voting views for the same proposed transaction set.
  • the signature set is replaced by an aggregate signature or a threshold signature.
  • each of at least Quorum number of consensus nodes in the blockchain system performs the above method as the first consensus node.
  • the present application also provides an embodiment of a consensus node in a blockchain system, which may also be shown in Figure 10, including: a data block generation unit 101, which is used to generate multiple data blocks using an erasure code for the transaction set proposed by the consensus ;
  • the first message broadcast unit 102 is used to broadcast the first message to other consensus nodes, and the first message sent to different consensus nodes includes different signatures of the data block and the first consensus node;
  • the second message receiving unit 103 used to receive a second message, the second message includes a data block, and includes votes and signatures on the transaction set; the vote includes the digest value of the transaction set;
  • the third message broadcast unit 104 when the second The message receiving unit broadcasts a third message after collecting at least Quorum unanimous votes from different consensus nodes, the third message includes the summary value and the collected signature set;
  • the third message collecting unit 105 is used to collect The third message from different consensus nodes;
  • the output unit 106 after the third message collection unit collects at least Quorum third messages from different nodes
  • the data block generating unit 101 generates n-1 data blocks using erasure codes for the transaction set proposed by the consensus, where n is equal to the total number of consensus nodes.
  • the data block generating unit 101 also generates a corresponding Merkel certificate for each data block, and the first message sent by the first message broadcasting unit also includes the Merkel certificate.
  • the second message also includes the Merkle certificate corresponding to the received data block.
  • a verification unit is further included, configured to verify the data block in the second message and the corresponding Merkle certificate after the second message receiving unit receives the second message.
  • the present application also provides an embodiment of a consensus node in a blockchain system, as shown in Figure 11, including: a first message receiving unit 111, configured to receive the first message broadcast by the first consensus node, in the first message Including a data block of the proposed transaction set and the signature of the first consensus node; the second message broadcast unit 112, used to broadcast the second message after the first message receiving unit 111 receives the first message, in the second message Including the data block, a vote and a signature on the transaction set; the vote includes a digest value of the transaction set; the second message receiving unit 113 is configured to receive a second message, the second message includes a data block, And include votes and signatures on the transaction set; the vote includes the digest value of the transaction set; the third message broadcast unit 114, when the second message receiving unit 113 collects at least Quorum consensus from different consensus nodes vote, broadcast a third message, the third message includes the summary value and the collected signature set; the third message collection unit 115, collects the third message from different consensus nodes; the recovery unit
  • the first message received by the first message receiving unit 111 also includes the Merkle certificate; correspondingly, the first message receiving unit 111 also verifies the received data block and the Merkle certificate.
  • the second message further includes the Merkel certificate corresponding to the received data block
  • the second message receiving unit 113 also verifies the data block in the second message and the corresponding Merkel certificate.
  • the improvement of a technology can be clearly distinguished as an improvement in hardware (for example, improvements in circuit structures such as diodes, transistors, and switches) or improvements in software (improvement in method flow).
  • improvements in circuit structures such as diodes, transistors, and switches
  • improvements in software improvement in method flow
  • the improvement of many current method flows can be regarded as the direct improvement of the hardware circuit structure.
  • Designers almost always get the corresponding hardware circuit structure by programming the improved method flow into the hardware circuit. Therefore, it cannot be said that the improvement of a method flow cannot be realized by hardware physical modules.
  • a programmable logic device Programmable Logic Device, PLD
  • PLD Programmable Logic Device
  • FPGA Field Programmable Gate Array
  • HDL Hardware Description Language
  • ABEL Advanced Boolean Expression Language
  • AHDL Altera Hardware Description Language
  • HDCal JHDL
  • Lava Lava
  • Lola MyHDL
  • PALASM RHDL
  • VHDL Very-High-Speed Integrated Circuit Hardware Description Language
  • Verilog Verilog
  • the controller may be implemented in any suitable way, for example the controller may take the form of a microprocessor or processor and a computer readable medium storing computer readable program code (such as software or firmware) executable by the (micro)processor , logic gates, switches, application specific integrated circuits (Application Specific Integrated Circuit, ASIC), programmable logic controllers and embedded microcontrollers, examples of controllers include but are not limited to the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicone Labs C8051F320, the memory controller can also be implemented as part of the control logic of the memory.
  • controller in addition to realizing the controller in a purely computer-readable program code mode, it is entirely possible to make the controller use logic gates, switches, application-specific integrated circuits, programmable logic controllers, and embedded The same function can be realized in the form of a microcontroller or the like. Therefore, such a controller can be regarded as a hardware component, and the devices included in it for realizing various functions can also be regarded as structures within the hardware component. Or even, means for realizing various functions can be regarded as a structure within both a software module realizing a method and a hardware component.
  • the systems, devices, modules, or units described in the above embodiments can be specifically implemented by computer chips or entities, or by products with certain functions.
  • a typical implementation device is a server system.
  • the computer that realizes the functions of the above embodiments can be, for example, a personal computer, a laptop computer, a vehicle-mounted human-computer interaction device, a cellular phone, a camera phone, a smart phone, a personal digital assistant , media players, navigation devices, email devices, game consoles, tablet computers, wearable devices, or any combination of these devices.
  • one or more embodiments of the present specification provide the operation steps of the method described in the embodiment or the flowchart, more or fewer operation steps may be included based on conventional or non-inventive means.
  • the sequence of steps enumerated in the embodiments is only one of the execution sequences of many steps, and does not represent the only execution sequence.
  • the methods shown in the embodiments or drawings can be executed sequentially or in parallel (such as a parallel processor or multi-thread processing environment, or even a distributed data processing environment).
  • These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions
  • the device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.
  • a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
  • processors CPUs
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • Memory may include non-permanent storage in computer-readable media, in the form of random access memory (RAM) and/or nonvolatile memory such as read-only memory (ROM) or flash RAM. Memory is an example of computer readable media.
  • RAM random access memory
  • ROM read-only memory
  • flash RAM flash random access memory
  • Computer-readable media including both permanent and non-permanent, removable and non-removable media, can be implemented by any method or technology for storage of information.
  • Information may be computer readable instructions, data structures, modules of a program, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read only memory (ROM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Flash memory or other memory technology, Compact Disc Read-Only Memory (CD-ROM), Digital Versatile Disc (DVD) or other optical storage, Magnetic cassettes, magnetic tape magnetic disk storage, graphene storage or other magnetic storage devices or any other non-transmission medium that can be used to store information that can be accessed by computing devices.
  • computer-readable media excludes transitory computer-readable media, such as modulated data signals and carrier waves.
  • one or more embodiments of this specification may be provided as a method, system or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, one or more embodiments of the present description may employ a computer program embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein. The form of the product.
  • program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types.
  • program modules may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network.
  • program modules may be located in both local and remote computer storage media including storage devices.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

一种共识方法、区块链系统和共识节点。其中,该共识方法包括:第一共识节点将共识提议的交易集合采用纠删码生成多个数据块;第一共识节点发送第一消息至其它共识节点;接收到第一消息的共识节点广播第二消息,第二消息中包括接收到的数据块,并包括对交易集合的投票和签名;投票包括交易集合的摘要值;接收到第二消息的共识节点收集到至少Quorum个来自于不同共识节点的一致的投票后,广播第三消息,第三消息包括摘要值以及收集到的签名集合;共识节点在第二轮或第三轮的末尾基于接收到的数据块采用纠删码恢复出交易集合,并在收集到至少Quorum个来自于不同节点的第三消息后,将摘要值对应的交易集合作为共识结果的至少一部分输出。

Description

共识方法、区块链系统和共识节点 技术领域
本说明书实施例属于区块链技术领域,尤其涉及一种共识方法、区块链系统和共识节点。
背景技术
区块链(Blockchain)是分布式数据存储、点对点传输、共识机制、加密算法等计算机技术的新型应用模式。区块链系统中按照时间顺序将数据区块以顺序相连的方式组合成链式数据结构,并以密码学方式保证的不可篡改和不可伪造的分布式账本。由于区块链具有去中心化、信息不可篡改、自治性等特性,区块链也受到人们越来越多的重视和应用。
发明内容
本发明的目的在于提供一种共识方法、区块链系统和共识节点,包括:一种区块链系统中的共识方法,包括:第一轮:第一共识节点将共识提议的交易集合采用纠删码生成多个数据块;第一共识节点发送第一消息至其它共识节点,发送至不同共识节点的第一消息中包括不同的所述数据块以及第一共识节点的签名;第二轮:接收到所述第一消息的共识节点广播第二消息,第二消息中包括所述接收到的数据块,并包括对所述交易集合的投票和签名;所述投票包括所述交易集合的摘要值;第三轮:接收到第二消息的共识节点收集到至少Quorum个来自于不同共识节点的一致的投票后,广播第三消息,第三消息包括所述摘要值以及收集到的签名集合;所述共识节点在第二轮或第三轮的末尾基于接收到的数据块采用所述纠删码恢复出所述交易集合,并在收集到至少Quorum个来自于不同节点的第三消息后,将所述摘要值对应的交易集合作为共识结果的至少一部分输出。
一种区块链系统,包括共识节点,其中:第一共识节点将共识提议的交易集合采用纠删码生成多个数据块;第一共识节点发送第一消息至其它共识节点,发送至不同共识节点的第一消息中包括不同的所述数据块以及第一共识节点的签名;接收到所述第一消息的共识节点广播第二消息,第二消息中包括所述接收到的数据块,并包括对所述交易集合的投票和签名;所述投票包括所述交易集合的摘要值;接收到第二消息的共识节点收集到至少Quorum个来自于不同共识节点的一致的投票后,广播第三消息,第三消息包括所述摘要值以及收集到的签名集合;所述共识节点在第二轮或第三轮的末尾基于接收到的数据块采用所述纠删码恢复出所述交易集合,并在收集到至少Quorum个来自于不同节点的第三消息后,将所述摘要值对应的交易集合作为共识结果的至少一部分输出。
一种区块链系统中的共识节点,包括:数据块生成单元,用于将共识提议的交易集合采用纠删码生成多个数据块;第一消息广播单元,用于广播第一消息至其它共识节点,发送至不同共识节点的第一消息中包括不同的所述数据块以及第一共识节点的签名;第 二消息接收单元,用于接收第二消息,第二消息中包括数据块,并包括对所述交易集合的投票和签名;所述投票包括所述交易集合的摘要值;第三消息广播单元,当第二消息接收单元收集到至少Quorum个来自于不同共识节点的一致的投票后广播第三消息,第三消息包括所述摘要值以及收集到的签名集合;第三消息收集单元,用于收集来自于不同共识节点的第三消息;输出单元,在第三消息收集单元收集到至少Quorum个来自于不同节点的第三消息后,将所述摘要值对应的交易集合作为共识结果的至少一部分输出。
一种区块链系统中的共识节点,包括:第一消息接收单元,用于接收第一共识节点广播的第一消息,第一消息中包括提议的交易集合的一个数据块和第一共识节点的签名;第二消息广播单元,用于当第一消息接收单元接收到所述第一消息后广播第二消息,第二消息中包括所述数据块、对所述交易集合的投票和签名;所述投票包括所述交易集合的摘要值;第二消息接收单元,用于接收第二消息,第二消息中包括对所述交易集合的投票和签名;所述投票包括所述交易集合的摘要值;第三消息广播单元,当第二消息接收单元收集到至少Quorum个来自于不同共识节点的一致的投票,则广播第三消息,第三消息包括所述摘要值以及收集到的签名集合;第三消息收集单元,收集来自于不同共识节点的第三消息;恢复单元,基于第二消息接收单元或第三消息收集单元接收到的数据块采用所述纠删码恢复出所述交易集合;输出单元,当第三消息收集单元收集到至少Quorum个来自于不同节点的第三消息后,将所述摘要值对应的交易集合作为共识结果的至少一部分输出。
上述实施例中,在一定前提下缩短至3个轮次完成一次共识的基础上,采用纠删码对共识提议的交易生成若干个数据块,提议的共识节点不必传输较大的数据包至其余的每一共识节点,而是将数据包的不同数据块传输至不同的共识节点,从而可以降低网络传输的数据量。在第二轮中转发提议的共识节点发来的数据块,可以充分利用网络中节点之间的带宽资源,从而整体上提升共识协议的性能。
附图说明
为了更清楚地说明本说明书实施例的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本说明书中记载的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。
图1是一实施例中实用拜占庭容错算法常规阶段的示意图;
图2是一实施例中实用拜占庭容错算法视图切换阶段的示意图;
图3是一实施例中蜜獾拜占庭容错算法的示意图;
图4是本说明书一实施例中共识算法的流程图;
图5是本说明书一实施例中共识算法的示意图;
图6是本说明书一实施例中共识算法的示意图;
图7是本说明书一实施例中共识算法的示意图;
图8是本说明书一实施例中共识算法的示意图;
图9是本说明书一实施例中共识算法的示意图;
图10是本说明书一实施例中共识节点的架构图;
图11是本说明书一实施例中共识节点的架构图;
图12是本说明书一实施例中纠删码的原理图;
图13是本说明书一实施例中Merkle Tree的原理图。
具体实施方式
为了使本技术领域的人员更好地理解本说明书中的技术方案,下面将结合本说明书实施例中的附图,对本说明书实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本说明书一部分实施例,而不是全部的实施例。基于本说明书中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都应当属于本说明书保护的范围。
区块链系统中,不同参与方通过部署的节点(Node)可以建立一个分布式的区块链网络。利用链式区块结构构造的去中心化(或称为多中心化)的分布式账本,保存于分布式的区块链网络中的每个节点(或大多节点上,如共识节点)上。这样的区块链系统需要解决去中心化(或多中心化)的多个节点上各自的账本数据的一致性和正确性的问题。每个节点上都运行着区块链程序,在一定容错需求的设计下,通过共识(consensus)机制保证所有忠诚节点具有相同的交易,从而保证所有忠诚节点对相同交易的执行结果一致,并将交易及执行结果打包生成区块。当前主流的共识机制包括:工作量证明(Proof of Work,POW)、股权证明(Proof of Stake,POS)、委任权益证明(Delegated Proof of Stake,DPOS)、实用拜占庭容错(Practical Byzantine Fault Tolerance,PBFT)算法,蜜獾拜占庭容错(HoneyBadgerBFT)算法等。
以PBFT为例,该算法是Miguel Castro(卡斯特罗)和Barbara Liskov(利斯科夫)在1999年提出来的,解决了原始拜占庭容错算法效率不高的问题,将算法复杂度由指数级降低到多项式级,使得拜占庭容错算法在实际系统应用中变得可行。该论文发表在1999年的操作系统设计与实现国际会议上(OSDI99)。PBFT算法中,所有的副本(replica)在一个被称为视图(View)的轮换过程(succession of configuration)中运行。在某个视图中,一个副本作为主节点(primary),其他的副本作为备份节点(backups)。视图是连续编号的整数。主节点由公式p=v mod|R|计算得到,这里v是视图编号,p是副本编号,|R|是副本集合的个数。该算法中假设,当最多存在f个副本(即节点)失效时,如果存在总数为至少3f+1个副本,就能保证在异步系统中提供安全性和活性。为了能够确保所有副本的数据一致性要求和容错要求而需要的一定数量副本的集合,一般是分布式系统中的大多数节点构成的集合,构成大多数(Quorum)。例如在总节点数n为3f+1(n=3f+2或n=3f的情况一般不会对容错效果带来提升)的情况下,Quorum为2f+1。 这样,对于包含四个节点的分布式系统,任意三个节点可以构成一个Quorum。
PBFT包括Normal Case Phase和View Change Phase两个过程,图1为Normal Case Phase(常规阶段)过程的流程图。Normal Case Phase中主要包括PRE-PREPARE(预准备)、PREPARE(准备)和COMMIT(提交)三个阶段,其中3号节点例如可以表示宕机的节点(图1中以×表示)。当主节点失效的时候(图2中以×表示,如更换视图前主节点Primary也就是Replica 0(副本0)失效)就需要启动视图更换(view change)过程,从而在系统存在故障时进行状态调整,更换新的主节点(如更换视图后Replica 1为主节点Primary)。图2为View Change Phase(视图切换)的示意图。如果主节点掉线或者作恶而不广播客户端的请求等,客户端可以设置超时机制。如果超时的话,客户端可以向所有副本节点广播请求消息。副本节点检测出主节点作恶或者下线后,也可以发起View Change协议阶段,以更换主节点(经常简称为“换主”)。此外,也可能由于主节点发起错误的提议导致PRE-PREPARE、PREPARE和COMMIT三阶段共识过程失败,或者,PREPARE、COMMIT阶段可能达不成Quorum数量(如3f+1个节点中的2f+1个,也称为法定数量)的一致,也都无法完成共识。这些情况下也可能发起View Change协议阶段,以更换主节点。
PBFT协议属于半同步(partial synchronous)协议,其特点是假设网络一开始是异步的,但是能够从某一时刻开始同步。要在网络中让不同节点对同一提议达成共识,最简便的方式是设置主节点,由主节点来统一各个节点的意见。通过设置定时器,可以防止主节点出错。PBFT中,如果在有限时间内没有完成Normal Case Phase,会触发Backups发起View Change Phase,以更换主节点。PBFT将主节点固定在一个位置,所有请求都可以先发送到主节点,再由主节点广播到其他共识节点。除了引入额外的、将请求发送到主节点的延迟之外,主节点的出入口带宽也可能成为性能瓶颈。与此相对的,HoneyBadgerBFT(也常简称为HBBFT)算法属于一种异步(asynchronous)协议。异步协议适用于异步网络,也就是这个网络中节点间的消息可以被任意延迟,但最终会到达。HoneyBadgerBFT中去掉了定时器,而是通过消息来驱动协议的执行。同时,HoneyBadgerBFT算法中所有节点都是对等的,没有主节点和备份节点之分,也就没有换主的过程。HBBFT等异步网络共识协议无主节点的概念,各节点都可提议请求,尝试构造区块,因此异步网络协议在一定程度上缓解了公平性和单节点瓶颈的问题。
图3为HoneyBadgerBFT算法单节点角度的流程图。实际上,如前所述,HoneyBadgerBFT算法中所有节点都是对等的,也就是说,所有节点都可以执行图3所示的流程。如图3所示,从单节点的视角来看,HoneyBadgerBFT主要包括两个阶段,分别为可靠广播(Reliable BroadCast,RBC)和异步共识(Asynchronous Binary Agreement,ABA,异步二进制协议,也称为“01异步共识”)。RBC阶段至少包括Rval、Echo、Ready三轮消息交互,ABA阶段至少包括Bval、Aux和Coin三轮消息交互。RBC使用三轮消息交互保证可靠的提议广播。ABA首先进行两轮投票(Bval和AUX消息),然后借助抛硬币(Coin)对各节点的提议统一认识,从而绕开半同步协议对网络同步的要求。一次HoneyBadgerBFT共识,要经过RBC阶段和至少一次ABA阶段。最好的情况下,存在1/2的概率可以结束本次HoneyBadgerBFT共识过程,这样,需要经过6个轮 次完成一次共识。此外,有1/4概率会进入再一次的ABA过程,如图3中第二次ABA过程(7、8、9轮次表示的ABA过程),有1/4概率会在第二轮结束,且存在至少1/4的概率可以结束本次HoneyBadgerBFT共识过程,这样,需要经过9个轮次完成一次共识。在第二次ABA过程后,整体上有1/8的概率会进入再一次的ABA过程……以此类推。
综上所述,HoneyBadgerBFT至少包括一次RBC(三轮)和一次ABA(三轮),如果ABA的投票结果与抛币结果不一致,协议进入新一轮的ABA(至少额外三轮)。抛币给共识的轮次带来不确定性,可能增加延迟。
本申请提供一种共识算法实施例,如图4所示,具体包括:S41:【第一轮】第一共识节点将共识提议的交易集合采用纠删码生成多个数据块;第一共识节点发送第一消息至其它共识节点,发送至不同共识节点的第一消息中包括不同的所述数据块以及第一共识节点的签名。
本申请一种共识算法实施例中,可以包括3轮的交互。与HBBFT类似的,图5所示实施例的共识算法,也属于一种异步协议,即假设网络中节点间的消息可以被任意延迟,但最终会到达。类似的,图5实施例中也去掉了定时器,通过消息来驱动协议的执行;同时,所有节点可以都是对等的,没有主节点和备份节点之分,任一共识节点都可以发起共识提议,每一个共识节点也都可以参与其他节点提起共识提议的共识过程。一次共识的结果,可以包括本次共识中所有节点提起且获得至少Quorum数量投票一致的共识提议中的交易集合的总和。
以一个节点的视角来看,例如以Node 0发起共识提议的视角来看,交互过程如图5所示。在一次共识中,Node 0可以发起共识提议,这个共识提议中可以包括打包的交易集合,例如标记为m 0,m 0中可以包括一系列的交易构成的集合{tx 01,tx 02,...,tx 0n}。进而,Node 0可以将共识提议的交易集合m 0采用纠删码(Erasure Coding)生成多个数据块。一般的,采用纠删码生成的数据块的数量n可以是(共识节点的总数-1)。例如在包括4个共识节点的区块链系统中,Node 0将m 0采用纠删码生成3个数据块(data blocks),分别是m 00、m 01、m 02。对于这3个生成的数据块,可以分别具有对应的hash值,例如m 00对应的hash值为hash 000、m 01对应的hash值为hash 001、m 02对应的hash值为hash 002,如图12所示。纠删码是一种编码容错技术,最早用于通信行业中数据传输中的数据恢复。通过在原始数据中加入校验数据,使拆分后的各个数据产生关联。在一定范围的数据出错情况下,通过纠删码技术可以进行恢复。可以将数据m通过EC生成N个data blocks。在一种常用的设计中,这N个data blocks中一般包括将数据m拆分后的p个data blocks,此外还增加了用来存储erasure编码的q个data blocks。这样,能通过p+q份中的任意p份数据,还原出原始数据m。
Node 0还可以为生成的数据块构建Merkle Tree(默克尔树,通常也被称作Hash Tree)。如前所述,3个数据块m 00、m 01、m 02的hash值分别是hash 000、hash 001、hash 002。一般对于二叉的Merkle Tree来说,底层叶子节点的数量是2 n个。而采用纠删码(Erasure Coding)生成的数据块的数量并不一定是2 n个。这种情况下,可以采用最后一个数据块 的hash重复若干次的方式,补齐Merkle Tree的2 n叶子节点。例如,在总计有3个共识节点Node 0、Node 1、Node 2的情况下,Node 0将共识提议的交易集合m 0采用纠删码生成3个数据块m 00、m 01、m 02而构建的Merkle Tree可以如图13所示,m 00对应的hash值为hash 0000,m 01对应的hash值为hash 0001,m 02对应的hash值为hash 0002。最底层的叶子节点的数量一般是大于数据块数量的最小的2 n,这里数据块数量是3,2 n=2 2=4。多出的1个Merkle Tree的叶子节点,可以取最后一个数据块对应的hash值。如图所示,hash 003可以是取m 02的hash值。这样,同样可以构建Merkle Tree及默克尔证明。两两构建hash值,可以得到hash 00、hash 01。其中,hash 00可以是通过对hash 000和hash 001顺序拼接后计算hash得到,hash 01可以是通过对hash 002和hash 003顺序拼接后计算hash得到。进一步,可以将hash 00和hash 01顺序拼接后计算hash,从而得到hash 0
进而,针对每个数据块,Node 0可以生成对应的merkle proof(默克尔证明)。例如,对于m 01,生成的默克尔证明包括hash 000、hash 01、hash 0;对于m 02,生成的默克尔证明包括hash 003、hash 00、hash 0。可见,默尔克证明是一个hash值的有序集合,通过这样的有序集合,可以计算得到默尔克树的根节点的hash值。
第一共识节点发送第一消息至其它共识节点,该其他共识节点为区块链系统中区别于第一共识节点的剩余共识节点,发送至不同共识节点的第一消息中可以包括不同的所述数据块、对应的默克尔证明。第一共识节点Node 0可以发送第一消息Val消息至Node 1,该Val消息中可以包括数据块m 00,并包括该数据块对应的默克尔证明hash 001、hash 01、hash 0。Node 0可以发送第一消息Val消息至Node 2,该Val消息中可以包括数据块m 01,并包括该数据块对应的默克尔证明hash 000、hash 01、hash 0。Node 0可以发送第一消息Val消息至Node 3,该Val消息中可以包括数据块m 02,并包括该数据块对应的默克尔证明hash 003、hash 00、hash 0。如图5中所示。
此外,Node 0发送至Node 1的Val消息中还可以包括Node 0的签名,例如记为sig 00。一般地,Node 0可以用自身的私钥对消息的payload(净荷)部分签名,这里例如对包括m 00及其对应的默克尔证明签名,得到sig 00。此外,Node 0也可以是先对消息的净荷(payload)部分进行hash计算,得到hash值(即摘要值),进而再用自身的私钥对该hash值签名,从而得到sig 00。Node 0发送至其它Node的Val消息与此类似,不再赘述。
Val消息的格式可以如<r,m 00,m 00对应的默克尔证明,sig 00>,其中r可以表示第r次共识。例如这里对m 0的共识提议是第r次共识,则下一个共识提议的交易集合m 1可以对应第r+1次共识。所述sig 00,也可以是采用自身私钥对包括r和m 00及其对应的默克尔证明在内的数据的签名。类似的,也可以是先对m 00及对应的默克尔证明进行hash计算,得到hash值,进而再用自身的私钥对该hash值和r在内的数据进行签名,从而得到sig 00
S43:【第二轮】接收到所述第一消息的共识节点广播第二消息,第二消息中包括所述接收到的数据块,并包括交易集合的投票和签名;所述投票包括所述交易集合m 0的摘要值。
在第一轮的末尾,接收到第一消息的共识节点可以验证接收到的第一消息的正确性。 例如,Node 1可以采用Node 0的公钥对第一消息中的Node 0的签名进行验证。此外,第一消息中还可以包括所述接收到的数据块对应的默克尔证明。这样,在第一轮的末尾,接收到第一消息的共识节点还可以对接收到的第一消息中的数据块和对应的默克尔证明进行验证。具体的,在第一轮的末尾,收到Val消息的共识节点,可以计算Val消息中共识提议的数据块的hash值。例如,Node 1接收到第一共识节点Node 0发送的Val消息后,可以计算该Val消息中包括的数据块m 00的hash值,例如是hash 000。收到的Val消息,如前所述,还包括所包含的数据块对应的merkle proof。例如,Node 1接收到第一共识节点Node 0发送的Val消息中,还包括数据块m 00对应的默克尔证明hash 001、hash 01、hash 0。接收到Val消息的共识节点,可以通过Val消息中包含的默克尔证明来验证数据的正确性。例如,Node 1在前述计算得到Val消息中m 00的hash值hash 000后,进一步与该Val消息中的默克尔证明一并计算,包括将hash 000与hash 001计算得到hash 00,再由hash 00与hash 01计算得到hash 0,从而通过比较hash 0与hash 0是否一致来确定m 00是否正确。这是因为,一般来说发生哈希碰撞的概率是极低的,消息的发起方很难伪造一连串hash值,同时保持这些hash值与数据块存在对应关系。因此,如果比较hash 0与hash 0是一致的,则可以进入后续处理;如果不一致,则不认可接收到的Val消息,即不认可其中的包含的数据块。
如果通过验证,则进入S43。S43,具体如图5中,接收到第一消息的共识节点可以广播第二消息。第二轮次的消息交互中,Node 1、Node 2、Node 3各自分别广播第二消息至其它共识节点。如图5中所示的例子,由于Node 1、Node 2、Node 3各自分别只接收到Node 0共识提议的交易集合中的一部分数据块,并不能恢复完整的共识提议的交易集合。因此,共识节点广播的第二消息中,可以包括接收到的第一消息中的数据块。这个广播的第二消息可以记为Bval。
此外,Node 1、Node 2、Node 3可以通过广播第二消息来告诉其他共识节点自身对Node 0发起的共识提议的投票,投票可以是对共识提议表示认可或者不认可。如果共识节点认可该次共识中Node 0提议的交易集合,可以在第2轮次的消息交互中广播该交易集合的hash值,如上述的hash 0。相反的,如果共识节点不认可该次共识中Node 0提议的交易集合,可以在第2轮次的消息交互中广播0。
本轮次中,Node 0可以不参与广播,这是因为Node 0在第一轮次中发起共识提议,本身即可以代表Node 0对共识提议中的消息集合是认可的,从而第二轮次中可以由Node 1、Node 2、Node 3分别广播第二消息至其它共识节点。
共识节点广播的第二消息中还可以包括所述接收到的数据块对应的默克尔证明。例如,在第一轮中第一共识节点针对每个数据块生成对应的默克尔证明,并在第一消息中将所述默克尔证明与数据块一并发送的情况,在第一轮的末尾,接收到第一消息的共识节点可以接收到数据块及该数据块对应的默克尔证明。这样,在第二轮中,共识节点广播的第二消息中,除了包括在第一轮中接收的数据块之外,还可以包括该数据块对应的默克尔证明。在第二轮的末尾,接收到第二消息的共识节点还可以对第二消息中的数据块和对应的默克尔证明进行验证。
此外,第二消息中还可以包括对所述交易集合的签名。前述提到,在第一轮的末尾接收到第一消息的共识节点可以验证接收到的第一消息的正确性,例如Node 1验证Node 0的签名是否正确,以及对接收到的数据块和对应的默克尔证明进行验证。如果验证正确,接收到第一消息的共识节点,可以用自己的私钥对自身接收到的第一消息中的数据块进行签名。例如Node 1对第一消息中的交易集合m 0的数据块m 00进行签名,得到sig 10;也可以是Node 1用自身的私钥对m 0的hash值hash 0签名,从而得到sig 10
类似的,Bval消息的格式可以如<r,m 00,m 00对应的默克尔证明,hash 0,sig 10>,其中r可以表示第r次共识,hash 0为m 0的hash值,表示对m 0的投票观点是认同。则所述sig 10,也可以是采用自身私钥对包括r、m 01,m 01对应的默克尔证明以及hash 0在内的数据的签名。类似的,也可以是先对r、m 01,m 01对应的默克尔证明以及hash 0在内的数据进行hash计算,得到hash值,进而再用自身的私钥对该hash值进行签名,从而得到sig 10
Node 2收到Node 0发来的Val消息后,类似的,也可以验证Node 0的签名是否正确,以及对接收到的数据块m 01和对应的默克尔证明进行验证。如果验证正确,Node 2可以用自己的私钥对自身接收到的第一消息中的数据块m 01进行签名,或者采用自身私钥对包括r、m 01,m 01对应的默克尔证明以及hash 0在内的数据签名,从而得到sig 20,进而也可以广播Bval消息。Bval消息中可以包括m 01,m 01对应的默克尔证明、hash 0以及签名sig 20
Node 3收到Node 0发来的Val消息后,类似的,也可以验证Node 0的签名是否正确,以及对接收到的数据块m 02和对应的默克尔证明进行验证。如果验证正确,Node 3可以用自己的私钥对自身接收到的第一消息中的数据块m 02进行签名,或者采用自身私钥对包括r、m 02,m 02对应的默克尔证明以及hash 0在内的数据签名,从而得到sig 30,进而也可以广播Bval消息。Bval消息中可以包括m 02,m 02对应的默克尔证明、hash 0以及签名sig 30
S45:【第三轮】接收到第二消息的共识节点收集到至少Quorum个来自于不同共识节点的一致的摘要值后,广播第三消息,第三消息包括所述摘要值以及收集到的签名。
第二轮中的共识节点广播第二消息Bval消息,这样,在第二轮的末尾,接收到第二消息的共识节点可以收集第二消息中的数据块和对该共识提议的投票。
例如Node 0,在第二轮的末尾可以收集Bval消息中的投票。假设Node 0收集到Node 1,Node 2、Node 3分别广播的Bval消息中的投票都是所述交易集合m 0的hash值,即hash 0,且Node 0在第一轮中广播的Val消息中也包括hash 0,则Node 0在本轮次中收集到至少Quorum个一致的摘要值(例如此时f=1,Quorum=3,实际收集到4)。
例如Node 1,在第二轮的末尾可以收集Bval消息中的投票,假设Node 1收集到Node 2、Node 3分别广播的第二消息中的投票都是所述交易集合m 0的hash值hash 0,且Node 1在第二轮中广播的第二消息中的投票如果也是所述交易集合m 0的hash值hash 0(也表示对所述交易集合的认可),且在第一轮中接收到的Node 0发出的Val消息中也包括同样的 hash值hash 0,则Node 1在本轮次中收集到至少Quorum个一致的摘要值(例如此时f=1,Quorum=3,实际收集到4)。
Node 2和Node 3与Node 1类似,不再赘述。
对于Node 1,从第一轮Val消息中接收到Node 0发来的交易集合m 0的一个数据块m 00,从第二轮的Bval消息中接收到Node 2发来的交易集合m 0的一个数据块m 01,从第二轮的Bval消息中接收到Node 3发来的交易集合m 0的一个数据块m 02。根据如前所述的纠删码中的p、q的设置(一般q至少为1,而第二轮中Node 1至少应收到p个不同的数据块),Node 1有较大概率可以从m 00、m 01、m 02中解码出m 0,从而能够恢复得到完整的Node 0的提议的交易集合。
类似的,对于Node 2,从第一轮Val消息中接收到Node 0发来的交易集合m 0的一个数据块m 01,从第二轮的Bval消息中接收到Nod  1发来的交易集合m 0的一个数据块m 00,从第二轮的Bval消息中接收到Node 3发来的交易集合m 0的一个数据块m 02。根据如前所述的纠删码中的p、q的设置(一般q至少为1,而第二轮中Ndde 1至少应收到p个不同的数据块),Node 2有较大概率可以从m 00、m 01、m 02中解码出m 0,从而能够恢复得到完整的Node 0的提议的交易集合。
类似的,对于Node 3,从第一轮Val消息中接收到Node 0发来的交易集合m 0的一个数据块m 02,从第二轮的Bval消息中接收到Node 1发来的交易集合m 0的一个数据块m 00,从第二轮的Bval消息中接收到Node 2发来的交易集合m 0的一个数据块m 01。根据如前所述的纠删码中的p、q的设置(一般q至少为1,而第二轮中Node 1至少应收到p个不同的数据块),Node 1有较大概率可以从m 00、m 01、m 02中解码出m 0,从而能够恢复得到完整的Node 0的提议的交易集合。
这样,共识节点在第二轮的末尾可以基于接收到的数据块采用所述纠删码恢复出所述交易集合。
如前所述,共识节点广播的第二消息中可以包括数据块及其对应的默克尔证明。这样,在第二轮的末尾,接收到第二消息的共识节点还可以对第二消息中的数据块和对应的默克尔证明进行验证。可以在通过验证之后再恢复原始数据,即前述解码得到m 0,并从中恢复得到完整的Node 0的提议的交易集合。
此外,共识节点还可以在第二轮末尾收集到不同节点的签名,如前所述。通过签名可以统计截止到第二轮所收集到的投票的数量。例如Node 1收集到分别有sig 10(第二轮中Node 1广播的Bval消息中包含了Node 1的投票,也被收集签名)、sig 20、sig 30签名的内容中包括同一hash值,则说明对该hash共有3个表示认可的投票(此外还可以包括在第一轮末尾接收到Node 0发送的Val消息中对同一hash值的签名sig 00,则对同一hash值一共收集到4个签名)。
对于Node 1,如果收集到至少Quorum个来自于不同共识节点的一致的hash值,则广播第三消息。第三消息可以记为Prom消息,意思是承诺不会对提议m 0更改观点。如前所述,m 0的hash值可以表示认可,0可以表示不认可。Node 2和Node 3也是类似的。
广播的第三消息中,可以包括收集到的对m 0的投票,例如上述第一轮和第二轮中收集到的hash值和签名。
这样,Prom消息的格式可以如<r,hash,<签名集合>>。
例如Node 0,假设Node 0在第二轮中收集到Node 1,Node 2、Node 3分别广播的Bval消息中的投票都是所述交易集合m 0的hash值,这样也就收集到Node 1、Node 2和Node 3各自分别对m 0(或m 0的hash值)的签名是sig 10、sig 20、sig 30的投票,且Node 0在第一轮中广播的Val消息中也包括自身对m 0(或m 0的hash值)的签名为sig 00的hash值。这样,Node 0在本轮次中收集到至少Quorum个一致的摘要值(例如此时Quorum=3)。进而,Node 0在第三轮中广播的Prom消息中,可以包括该hash值以及收集到的不同节点针对该提议的交易集合m 0表示认可的hash值及签名集合,签名集合例如为sig 00、sig 10、sig 20、sig 30
例如,假设Node 1在第二轮中收集到Node 2、Node 3分别广播的Bval消息中的投票都是所述交易集合m 0的hash值,这样也就收集到Node 2和Node 3各自分别对m 0(或m 0的hash值)的签名是sig 20、sig 30的投票,且Node 0在第一轮中广播的Val消息中也包括其对m 0(或m 0的hash值)的签名是sig 00的投票,且Node 1在第二轮中广播的Bval消息中也包括其对m 0(或m 0的hash值)的签名是sig 10的投票。这样,Node 1在第一轮和第二轮中收集到至少Quorum个一致的摘要值(例如此时Quorum=3)和不同节点的签名。进而,Node 1在第三轮中广播的Prom消息中,可以包括该hash值以及收集到的不同节点针对该提议的交易集合m 0表示认可的hash值及签名集合,签名集合例如包括sig 00、sig 10、sig 20、sig 30
Node 2和Node 3也类似于Node 1
需要说明的是,上述签名集合,也可以用聚合签名或门限签名替代。
S47:共识节点在第二轮或第三轮的末尾基于接收到的数据块采用所述纠删码恢复出所述交易集合,并在收集到至少Quorum个来自于不同节点的第三消息后,将所述摘要值对应的交易集合作为共识结果的至少一部分输出。
第三轮执行后,接收到Prom消息的共识节点可以统计收集的Prom消息的数量。共识节点在第三轮中发出Prom消息的条件是第二轮中收集到至少Quorum个来自于不同共识节点的一致的投票,且自身针对该提议没有广播过不同的投票,即相当于第二轮末尾该共识节点确认总计至少Quorum数量的共识节点(包括自身)对该提议m 0的投票都是认同的。但是,第二轮结束之后还不能马上输出共识结果,而是还需要观察其他节点是否也是在第二轮末尾收集到至少Quorum数量的对提议m 0的表示认同的投票,因此需要通过第三轮的Prom消息来确认,并且通过该Prom消息承诺自身不会再针对同一提议m 0的表示不同的观点。
例如Node 0在第一轮和第二轮中收集到至少Quorum个一致的摘要值,进而,Node 0在第三轮中广播的Prom消息中,可以包括该hash值以及收集到的不同节点针对该提议的交易集合m 0表示认可的hash值及签名集合,签名集合例如包括sig 00、sig 10、sig 20、sig 30
例如Node 1在第一轮和第二轮中收集到至少Quorum个一致的摘要值,进而,Node 1在第三轮中广播的Prom消息中,可以包括该hash值以及收集到的不同节点针对该提议的交易集合m 0表示认可的hash值及签名集合,签名集合例如包括sig 00、sig 10、sig 20、sig 30
Node 2和Node 3也类似于Node 1
这样,通过第三轮,例如Node 0可以收集到至少Quorum个Prom消息。通过Quorum个Prom消息,Node 0可以确认至少Quorum个共识节点中的每一个都收集到了对该提议的交易集合m 0表示认可的至少Quorum数量的投票,且发出Prom消息的每一个共识节点都承诺不再会更改投票的观点,这样,Node 0可以进一步完成本次共识,即将所述摘要值对应的交易集合m 0作为共识结果的至少一部分输出。Node 1、Node 2和Node 3也类似。类似的,其它共识节点如Node 1、Node 2和Node 3也可以进一步完成本次共识,即将所述摘要值对应的交易集合m 0作为共识结果的至少一部分输出。
由于在第二轮的末尾可以接收到多个数据块,因此所述共识节点有较大概率可以在第二轮的末尾基于接收到的数据块采用所述纠删码恢复出所述交易集合。
第三轮的Prom消息可以增加签名。例如Node 1在第三轮中广播的Prom消息中可以包括Node 1对Prom消息中<r,hash,<签名集合>>的签名。
上述图5的实施例,可以由如图中的Node 0来执行,也可以扩展到由Node 0、Node 1、Node 2和Node 3均执行。前者的情况,实际上,每一收集到至少Quorum个来自于不同节点的第三消息后的共识节点,各自均可以将所述摘要值对应的交易集合作为共识结果的全部来输出,除了图5以外,也可以是图6、7、8、9中的任一。
对于后者,即由Node 0、Node 1、Node 2和Node 3均执行的情况,图5是以Node 0这一个节点的发起共识提议的视角,实际上Node 1、Node 2和Node 3中的任一也可以发起提议而其它共识节点配合完成上述类似的过程,这样整体上是图5、6、7、8、9的叠加。
对于后者的情况,例如Node 0发起共识提议的交易集合为m 0,Node 1发起共识提议的交易集合为m 1、Node 2发起共识提议的交易集合为m 2,Node 3发起共识提议的交易集合为m 3,这样,m 0可以对应hash 0,m 1可以对应hash 1,m 2可以对应hash 2,m 3可以对应hash 3。如果正常执行,大概率上每个共识节点本次共识的输出结果为{m 0,m 1,m 2,m 3},至于输出结果中m 0,m 1,m 2,m 3的顺序,可以按照一定规则来排序,例如按照对应hash值的大小顺序来排序。
上述实施例中,可以在一定前提下缩短至3个轮次完成一次共识,相对于HBBFT中的至少6轮,大大降低了共识过程带来的延迟。实际上,本申请实施例中,相当于采用前瞻投票和数字签名技术将HBBFT中RBC过程的后两轮和ABA过程的前两轮进行了合并,从而缩短了所需的轮次。所述前瞻投票,是指上述实施例中第二轮次的Bval中进行投票,而HBBFT在ABA过程中需要在第五轮次的Bval中才投票。所述数字签名,指上述实施例中第一轮次和第二轮次中采用的数字签名。
而且,采用纠删码对共识提议的交易生成若干个数据块,提议的共识节点不必传输较大的数据包至其余的每一共识节点,而是将数据包的不同数据块传输至不同的共识节 点,从而可以降低网络传输的数据量。在第二轮中转发提议的共识节点发来的数据块,可以充分利用网络中节点之间的带宽资源,从而整体上提升共识协议的性能。
本申请还提供一种区块链系统实施例,包括共识节点,其中:第一共识节点将共识提议的交易集合采用纠删码生成多个数据块;第一共识节点发送第一消息至其它共识节点,发送至不同共识节点的第一消息中包括不同的所述数据块以及第一共识节点的签名;接收到所述第一消息的共识节点广播第二消息,第二消息中包括所述接收到的数据块,并包括对所述交易集合的投票和签名;所述投票包括所述交易集合的摘要值;接收到第二消息的共识节点收集到至少Quorum个来自于不同共识节点的一致的投票后,广播第三消息,第三消息包括所述摘要值以及收集到的签名集合;所述共识节点在第二轮或第三轮的末尾基于接收到的数据块采用所述纠删码恢复出所述交易集合,并在收集到至少Quorum个来自于不同节点的第三消息后,将所述摘要值对应的交易集合作为共识结果的至少一部分输出。
其中,第一共识节点将共识提议的交易集合采用纠删码生成n-1个数据块,所述n等于共识节点的总数。
其中,第一轮中第一共识节点针对每个数据块生成对应的默克尔证明,所述发送的第一消息中还包括所述默克尔证明;相应的,在第一轮的末尾接收到所述第一消息的共识节点还对所述接收到的数据块和默尔克证明进行验证;验证通过后进入第二轮。
第一轮中第一共识节点针对每个数据块生成对应的默克尔证明,所述发送的第一消息中还包括所述默克尔证明;相应的,在第一轮的末尾接收到所述第一消息的共识节点还对所述接收到的数据块和默尔克证明进行验证;验证通过后进入第二轮。
其中,第二消息中还包括所述接收到的数据块对应的默克尔证明。
其中,第二轮的末尾,接收到第二消息的共识节点还对第二消息中的数据块和对应的默克尔证明进行验证。
其中,在第三轮的末尾还验证第三消息的正确性,包括验证第三消息的签名集合中包括至少Quorum个签名。
其中,广播第三消息的共识节点不再更改针对同一提议的交易集合的投票观点。
其中,所述签名集合用聚合签名或门限签名替代。
其中,在同一次共识过程中,所述区块链系统中的至少Quorum数量的共识节点中的每一个作为第一共识节点执行上述方法。
本申请还提供一种区块链系统中的共识节点实施例,也可以如图10所示,包括:数据块生成单元101,用于将共识提议的交易集合采用纠删码生成多个数据块;第一消息广播单元102,用于广播第一消息至其它共识节点,发送至不同共识节点的第一消息中包括不同的所述数据块以及第一共识节点的签名;第二消息接收单元103,用于接收第二消息,第二消息中包括数据块,并包括对所述交易集合的投票和签名;所述投票包括所述交易集合的摘要值;第三消息广播单元104,当第二消息接收单元收集到至少 Quorum个来自于不同共识节点的一致的投票后广播第三消息,第三消息包括所述摘要值以及收集到的签名集合;第三消息收集单元105,用于收集来自于不同共识节点的第三消息;输出单元106,在第三消息收集单元收集到至少Quorum个来自于不同节点的第三消息后,将所述摘要值对应的交易集合作为共识结果的至少一部分输出。
其中,所述数据块生成单元101将共识提议的交易集合采用纠删码生成n-1个数据块,所述n等于共识节点的总数。
所述数据块生成单元101还针对每个数据块生成对应的默克尔证明,第一消息广播单元发送的第一消息中还包括所述默克尔证明。
第二消息中还包括所述接收到的数据块对应的默克尔证明。
其中,还包括验证单元,用于在第二消息接收单元接收到第二消息后,对第二消息中的数据块和对应的默克尔证明进行验证。
本申请还提供一种区块链系统中的共识节点实施例,可以如图11所示,包括:第一消息接收单元111,用于接收第一共识节点广播的第一消息,第一消息中包括提议的交易集合的一个数据块和第一共识节点的签名;第二消息广播单元112,用于当第一消息接收单元111接收到所述第一消息后广播第二消息,第二消息中包括所述数据块、对所述交易集合的投票和签名;所述投票包括所述交易集合的摘要值;第二消息接收单元113,用于接收第二消息,第二消息中包括数据块,并包括对所述交易集合的投票和签名;所述投票包括所述交易集合的摘要值;第三消息广播单元114,当第二消息接收单元113收集到至少Quorum个来自于不同共识节点的一致的投票,则广播第三消息,第三消息包括所述摘要值以及收集到的签名集合;第三消息收集单元115,收集来自于不同共识节点的第三消息;恢复单元116,基于第二消息接收单元113或还包括第三消息收集单元115接收到的数据块采用所述纠删码恢复出所述交易集合;输出单元117,当第三消息收集单元115收集到至少Quorum个来自于不同节点的第三消息后,将所述摘要值对应的交易集合作为共识结果的至少一部分输出。
其中,第一消息接收单元111接收的第一消息中还包括所述默克尔证明;相应的,第一消息接收单元111还对所述接收到的数据块和默尔克证明进行验证。
其中,第二消息中还包括所述接收到的数据块对应的默克尔证明,第二消息接收单元113还对第二消息中的数据块和对应的默克尔证明进行验证。
在20世纪90年代,对于一个技术的改进可以很明显地区分是硬件上的改进(例如,对二极管、晶体管、开关等电路结构的改进)还是软件上的改进(对于方法流程的改进)。然而,随着技术的发展,当今的很多方法流程的改进已经可以视为硬件电路结构的直接改进。设计人员几乎都通过将改进的方法流程编程到硬件电路中来得到相应的硬件电路结构。因此,不能说一个方法流程的改进就不能用硬件实体模块来实现。例如,可编程逻辑器件(Programmable Logic Device,PLD)(例如现场可编程门阵列(Field Programmable Gate Array,FPGA))就是这样一种集成电路,其逻辑功能由用户对器件编程来确定。由设计人员自行编程来把一个数字系统“集成”在一片PLD上,而不需 要请芯片制造厂商来设计和制作专用的集成电路芯片。而且,如今,取代手工地制作集成电路芯片,这种编程也多半改用“逻辑编译器(logic compiler)”软件来实现,它与程序开发撰写时所用的软件编译器相类似,而要编译之前的原始代码也得用特定的编程语言来撰写,此称之为硬件描述语言(Hardware Description Language,HDL),而HDL也并非仅有一种,而是有许多种,如ABEL(Advanced Boolean Expression Language)、AHDL(Altera Hardware Description Language)、Confluence、CUPL(Cornell University Programming Language)、HDCal、JHDL(Java Hardware Description Language)、Lava、Lola、MyHDL、PALASM、RHDL(Ruby Hardware Description Language)等,目前最普遍使用的是VHDL(Very-High-Speed Integrated Circuit Hardware Description Language)与Verilog。本领域技术人员也应该清楚,只需要将方法流程用上述几种硬件描述语言稍作逻辑编程并编程到集成电路中,就可以很容易得到实现该逻辑方法流程的硬件电路。
控制器可以按任何适当的方式实现,例如,控制器可以采取例如微处理器或处理器以及存储可由该(微)处理器执行的计算机可读程序代码(例如软件或固件)的计算机可读介质、逻辑门、开关、专用集成电路(Application Specific Integrated Circuit,ASIC)、可编程逻辑控制器和嵌入微控制器的形式,控制器的例子包括但不限于以下微控制器:ARC 625D、Atmel AT91SAM、Microchip PIC18F26K20以及Silicone Labs C8051F320,存储器控制器还可以被实现为存储器的控制逻辑的一部分。本领域技术人员也知道,除了以纯计算机可读程序代码方式实现控制器以外,完全可以通过将方法步骤进行逻辑编程来使得控制器以逻辑门、开关、专用集成电路、可编程逻辑控制器和嵌入微控制器等的形式来实现相同功能。因此这种控制器可以被认为是一种硬件部件,而对其内包括的用于实现各种功能的装置也可以视为硬件部件内的结构。或者甚至,可以将用于实现各种功能的装置视为既可以是实现方法的软件模块又可以是硬件部件内的结构。
上述实施例阐明的系统、装置、模块或单元,具体可以由计算机芯片或实体实现,或者由具有某种功能的产品来实现。一种典型的实现设备为服务器系统。当然,本申请不排除随着未来计算机技术的发展,实现上述实施例功能的计算机例如可以为个人计算机、膝上型计算机、车载人机交互设备、蜂窝电话、相机电话、智能电话、个人数字助理、媒体播放器、导航设备、电子邮件设备、游戏控制台、平板计算机、可穿戴设备或者这些设备中的任何设备的组合。
虽然本说明书一个或多个实施例提供了如实施例或流程图所述的方法操作步骤,但基于常规或者无创造性的手段可以包括更多或者更少的操作步骤。实施例中列举的步骤顺序仅仅为众多步骤执行顺序中的一种方式,不代表唯一的执行顺序。在实际中的装置或终端产品执行时,可以按照实施例或者附图所示的方法顺序执行或者并行执行(例如并行处理器或者多线程处理的环境,甚至为分布式数据处理环境)。术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、产品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、产品或者设备所固有的要素。在没有更多限制的情况下,并不排除在包括所述要素的过程、方法、产品或者设备中还存在另外的相同或等同要素。例如若使用到第一,第二等词语用来表示名称,而并不表示任何特定的顺序。
为了描述的方便,描述以上装置时以功能分为各种模块分别描述。当然,在实施本说明书一个或多个时可以把各模块的功能在同一个或多个软件和/或硬件中实现,也可以将实现同一功能的模块由多个子模块或子单元的组合实现等。以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。
本发明是参照根据本发明实施例的方法、装置(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。
在一个典型的配置中,计算设备包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。
内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。内存是计算机可读介质的示例。
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁磁盘存储、石墨烯存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。
本领域技术人员应明白,本说明书一个或多个实施例可提供为方法、系统或计算机程序产品。因此,本说明书一个或多个实施例可采用完全硬件实施例、完全软件实施例或结合软件和硬件方面的实施例的形式。而且,本说明书一个或多个实施例可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。
本说明书一个或多个实施例可以在由计算机执行的计算机可执行指令的一般上下文中描述,例如程序模块。一般地,程序模块包括执行特定任务或实现特定抽象数据类型的例程、程序、对象、组件、数据结构等等。也可以在分布式计算环境中实践本说明书一个或多个实施例,在这些分布式计算环境中,由通过通信网络而被连接的远程处理设备来执行任务。在分布式计算环境中,程序模块可以位于包括存储设备在内的本地和远程计算机存储介质中。
本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于系统实施例而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。在本说明书的描述中,参考术语“一个实施例”、“一些实施例”、“示例”、“具体示例”、或“一些示例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或者特点包含于本说明书的至少一个实施例或示例中。在本说明书中,对上述术语的示意性表述不必须针对的是相同的实施例或示例。而且,描述的具体特征、结构、材料或者特点可以在任一个或多个实施例或示例中以合适的方式结合。此外,在不相互矛盾的情况下,本领域的技术人员可以将本说明书中描述的不同实施例或示例以及不同实施例或示例的特征进行结合和组合。
以上所述仅为本说明书一个或多个实施例的实施例而已,并不用于限制本说明书一个或多个实施例。对于本领域技术人员来说,本说明书一个或多个实施例可以有各种更改和变化。凡在本说明书的精神和原理之内所作的任何修改、等同替换、改进等,均应包含在权利要求范围之内。

Claims (18)

  1. 一种区块链系统中的共识方法,包括:
    第一轮:第一共识节点将共识提议的交易集合采用纠删码生成多个数据块;第一共识节点发送第一消息至其它共识节点,发送至不同共识节点的第一消息中包括不同的所述数据块以及第一共识节点的签名;
    第二轮:接收到所述第一消息的共识节点广播第二消息,第二消息中包括所述接收到的数据块,并包括对所述交易集合的投票和签名;所述投票包括所述交易集合的摘要值;
    第三轮:接收到第二消息的共识节点收集到至少Quorum个来自于不同共识节点的一致的投票后,广播第三消息,第三消息包括所述摘要值以及收集到的签名集合;
    所述共识节点在第二轮或第三轮的末尾基于接收到的数据块采用所述纠删码恢复出所述交易集合,并在收集到至少Quorum个来自于不同节点的第三消息后,将所述摘要值对应的交易集合作为共识结果的至少一部分输出。
  2. 如权利要求1所述的方法,第一共识节点将共识提议的交易集合采用纠删码生成n-1个数据块,所述n等于共识节点的总数。
  3. 如权利要求1所述的方法,第一轮中第一共识节点针对每个数据块生成对应的默克尔证明,所述发送的第一消息中还包括所述默克尔证明;
    相应的,在第一轮的末尾接收到所述第一消息的共识节点还对所述接收到的数据块和默尔克证明进行验证;验证通过后进入第二轮。
  4. 如权利要求3所述的方法,第二消息中还包括所述接收到的数据块对应的默克尔证明。
  5. 如权利要求4所述的方法,第二轮的末尾,接收到第二消息的共识节点还对第二消息中的数据块和对应的默克尔证明进行验证。
  6. 如权利要求1所述的方法,在第三轮的末尾还验证第三消息的正确性,包括验证第三消息的签名集合中包括至少Quorum个签名。
  7. 如权利要求1所述的方法,广播第三消息的共识节点不再更改针对同一提议的交易集合的投票观点。
  8. 如权利要求1-7中任一项所述的方法,所述签名集合用聚合签名或门限签名替代。
  9. 如权利要求1所述的方法,在同一次共识过程中,所述区块链系统中的至少Quorum数量的共识节点中的每一个作为第一共识节点执行权利要求1的方法。
  10. 一种区块链系统,包括共识节点,其中:
    第一共识节点将共识提议的交易集合采用纠删码生成多个数据块;第一共识节点发送第一消息至其它共识节点,发送至不同共识节点的第一消息中包括不同的所述数据块以及第一共识节点的签名;
    接收到所述第一消息的共识节点广播第二消息,第二消息中包括所述接收到的数据块,并包括对所述交易集合的投票和签名;所述投票包括所述交易集合的摘要值;
    接收到第二消息的共识节点收集到至少Quorum个来自于不同共识节点的一致的投票后,广播第三消息,第三消息包括所述摘要值以及收集到的签名集合;
    所述共识节点在第二轮或第三轮的末尾基于接收到的数据块采用所述纠删码恢复出所述交易集合,并在收集到至少Quorum个来自于不同节点的第三消息后,将所述摘要值对应的交易集合作为共识结果的至少一部分输出。
  11. 一种区块链系统中的共识节点,包括:
    数据块生成单元,用于将共识提议的交易集合采用纠删码生成多个数据块;
    第一消息广播单元,用于广播第一消息至其它共识节点,发送至不同共识节点的第一消息中包括不同的所述数据块以及第一共识节点的签名;
    第二消息接收单元,用于接收第二消息,第二消息中包括数据块,并包括对所述交易集合的投票和签名;所述投票包括所述交易集合的摘要值;
    第三消息广播单元,当第二消息接收单元收集到至少Quorum个来自于不同共识节点的一致的投票后广播第三消息,第三消息包括所述摘要值以及收集到的签名集合;
    第三消息收集单元,用于收集来自于不同共识节点的第三消息;
    输出单元,在第三消息收集单元收集到至少Quorum个来自于不同节点的第三消息后,将所述摘要值对应的交易集合作为共识结果的至少一部分输出。
  12. 如权利要求11所述的共识节点,所述数据块生成单元将共识提议的交易集合采用纠删码生成n-1个数据块,所述n等于共识节点的总数。
  13. 如权利要求11所述的共识节点,所述数据块生成单元还针对每个数据块生成对应的默克尔证明,第一消息广播单元发送的第一消息中还包括所述默克尔证明。
  14. 如权利要求11所述的共识节点,第二消息中还包括所述接收到的数据块对应的默克尔证明。
  15. 如权利要求14所述的共识节点,还包括验证单元,用于在第二消息接收单元接收到第二消息后,对第二消息中的数据块和对应的默克尔证明进行验证。
  16. 一种区块链系统中的共识节点,包括:
    第一消息接收单元,用于接收第一共识节点广播的第一消息,第一消息中包括提议的交易集合的一个数据块和第一共识节点的签名;
    第二消息广播单元,用于当第一消息接收单元接收到所述第一消息后广播第二消息,第二消息中包括所述数据块、对所述交易集合的投票和签名;所述投票包括所述交易集合的摘要值;
    第二消息接收单元,用于接收第二消息,第二消息中包括对所述交易集合的投票和签名;所述投票包括所述交易集合的摘要值;
    第三消息广播单元,当第二消息接收单元收集到至少Quorum个来自于不同共识节点的一致的投票,则广播第三消息,第三消息包括所述摘要值以及收集到的签名集合;
    第三消息收集单元,收集来自于不同共识节点的第三消息;
    恢复单元,基于第二消息接收单元或第三消息收集单元接收到的数据块采用纠删码恢复出所述交易集合;
    输出单元,当第三消息收集单元收集到至少Quorum个来自于不同节点的第三 消息后,将所述摘要值对应的交易集合作为共识结果的至少一部分输出。
  17. 如权利要求16所述的共识节点,第一消息接收单元接收的第一消息中还包括默克尔证明;
    相应的,第一消息接收单元还对所述接收到的数据块和默尔克证明进行验证。
  18. 如权利要求17所述的共识节点,第二消息中还包括所述接收到的数据块对应的默克尔证明,第二消息接收单元还对第二消息中的数据块和对应的默克尔证明进行验证。
PCT/CN2022/124115 2021-10-09 2022-10-09 共识方法、区块链系统和共识节点 WO2023056974A1 (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202111178754.2A CN113645044B (zh) 2021-10-09 2021-10-09 一种共识方法、区块链系统和共识节点
CN202111178754.2 2021-10-09

Publications (1)

Publication Number Publication Date
WO2023056974A1 true WO2023056974A1 (zh) 2023-04-13

Family

ID=78426336

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/124115 WO2023056974A1 (zh) 2021-10-09 2022-10-09 共识方法、区块链系统和共识节点

Country Status (2)

Country Link
CN (2) CN114584312B (zh)
WO (1) WO2023056974A1 (zh)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114584312B (zh) * 2021-10-09 2024-03-29 支付宝(杭州)信息技术有限公司 一种共识方法、区块链系统和共识节点
CN114205092B (zh) * 2021-12-01 2023-11-21 浙江大学 一种乐观的不需要回退的拜占庭容错共识方法
CN114782047B (zh) * 2021-12-29 2023-06-30 张海滨 数据共识方法及分布式系统
CN114374704B (zh) * 2021-12-29 2023-07-07 张海滨 可靠广播方法、装置、系统及介质
CN115174573B (zh) * 2022-06-30 2024-02-02 蚂蚁区块链科技(上海)有限公司 区块链系统中的数据广播方法、节点和区块链系统

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111526219A (zh) * 2020-07-03 2020-08-11 支付宝(杭州)信息技术有限公司 一种联盟链的共识方法及联盟链系统
CN111526217A (zh) * 2020-07-03 2020-08-11 支付宝(杭州)信息技术有限公司 一种区块链中的共识方法和系统
US20210034455A1 (en) * 2018-08-31 2021-02-04 Advanced New Technologies Co., Ltd. Method, apparatus and electronic device for blockchain-based transaction consensus processing
CN113645044A (zh) * 2021-10-09 2021-11-12 支付宝(杭州)信息技术有限公司 一种共识方法、区块链系统和共识节点

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10360191B2 (en) * 2016-10-07 2019-07-23 International Business Machines Corporation Establishing overlay trust consensus for blockchain trust validation system
CN106529951A (zh) * 2016-12-30 2017-03-22 杭州云象网络技术有限公司 一种联盟链网络下采用异步方式的节点共识验证方法
CN107395557B (zh) * 2017-03-28 2020-05-15 创新先进技术有限公司 一种业务请求的处理方法及装置
WO2019213867A1 (zh) * 2018-05-09 2019-11-14 合肥达朴汇联科技有限公司 区块链共识达成方法和装置
CN109964446B (zh) * 2018-06-08 2022-03-25 北京大学深圳研究生院 一种基于投票的共识方法
CN109379397B (zh) * 2018-08-31 2019-12-06 阿里巴巴集团控股有限公司 基于区块链的交易共识处理方法及装置、电子设备
CN109359223A (zh) * 2018-09-17 2019-02-19 重庆邮电大学 基于纠删码实现的区块链账本分布式存储技术
EP3560142B1 (en) * 2018-12-13 2020-09-09 Alibaba Group Holding Limited Performing a recovery process for a network node in a distributed system
CN110246038A (zh) * 2019-04-26 2019-09-17 众安信息技术服务有限公司 一种区块链交易快速确认方法及系统
CN111416708B (zh) * 2020-03-16 2023-01-31 麦希科技(北京)有限公司 一种区块链拜占庭容错共识方法及系统
CN111682942B (zh) * 2020-05-18 2022-06-10 哈尔滨工业大学 一种应用于许可链的二元加权拜占庭容错共识方法
CN111526218B (zh) * 2020-07-03 2020-09-22 支付宝(杭州)信息技术有限公司 联盟链中的共识方法和系统
CN112862490B (zh) * 2021-04-26 2022-05-24 北京连琪科技有限公司 一种异步网络下的输出共识方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210034455A1 (en) * 2018-08-31 2021-02-04 Advanced New Technologies Co., Ltd. Method, apparatus and electronic device for blockchain-based transaction consensus processing
CN111526219A (zh) * 2020-07-03 2020-08-11 支付宝(杭州)信息技术有限公司 一种联盟链的共识方法及联盟链系统
CN111526217A (zh) * 2020-07-03 2020-08-11 支付宝(杭州)信息技术有限公司 一种区块链中的共识方法和系统
CN113645044A (zh) * 2021-10-09 2021-11-12 支付宝(杭州)信息技术有限公司 一种共识方法、区块链系统和共识节点

Also Published As

Publication number Publication date
CN114584312A (zh) 2022-06-03
CN113645044B (zh) 2022-01-11
CN114584312B (zh) 2024-03-29
CN113645044A (zh) 2021-11-12

Similar Documents

Publication Publication Date Title
WO2023056974A1 (zh) 共识方法、区块链系统和共识节点
WO2023056964A1 (zh) 共识方法、区块链系统和共识节点
WO2023056967A1 (zh) 共识方法、区块链系统和共识节点
WO2023056958A1 (zh) 共识方法、区块链系统和共识节点
WO2023056966A1 (zh) 共识方法、区块链系统和共识节点
WO2023056976A1 (zh) 共识方法、区块链系统和共识节点
WO2023056975A1 (zh) 共识方法和区块链系统
WO2023185051A1 (zh) 一种区块链上产生随机数种子的方法、系统和共识节点
CN118473659A (zh) 区块链上实现分布式密钥生成的方法、系统和共识节点
CN114726517A (zh) 一种区块链上产生随机数种子的方法、系统和共识节点
CN115174048A (zh) 一种共识方法、系统和共识节点
CN118473658A (zh) 区块链上实现分布式密钥生成的方法、系统和共识节点
WO2024207765A1 (zh) 区块链系统中的交易提议方法、共识节点和区块链系统
WO2024092936A1 (zh) 一种区块链上实现分布式密钥生成的方法、系统和节点
CN114640450B (zh) 区块链上实现重传秘密份额与确定失败节点的方法、系统
CN114640452B (zh) 启动区块链上分布式密钥生成过程的方法和系统
CN116032461A (zh) 一种区块链上实现分布式密钥生成的方法和节点
CN115865341A (zh) 一种区块链上实现分布式密钥生成的方法、系统和节点
KR102652737B1 (ko) 블록체인 네트워크를 위한 효율적인 듀얼모드 합의 프로토콜
CN116846912A (zh) Pbft算法中的视图切换方法、共识节点和区块链系统
CN116846906A (zh) 一种共识方法、区块链节点
CN116527694A (zh) 一种区块链系统中的共识方法和共识节点、区块链系统
CN116015621A (zh) 一种区块链上实现分布式密钥生成的方法、系统和节点
CN116846907A (zh) 一种共识方法、区块链节点
CN115174573A (zh) 区块链系统中的数据广播方法、节点和区块链系统

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22877988

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 22877988

Country of ref document: EP

Kind code of ref document: A1