WO2024001035A1

WO2024001035A1 - Message transmission method and apparatus based on blockchain relay communication network system

Info

Publication number: WO2024001035A1
Application number: PCT/CN2022/135553
Authority: WO
Inventors: 魏长征; 闫莺
Original assignee: 蚂蚁区块链科技(上海)有限公司
Priority date: 2022-06-29
Filing date: 2022-11-30
Publication date: 2024-01-04
Also published as: CN115174061A

Abstract

The present description provides a message transmission method and apparatus based on a blockchain relay communication network system. The blockchain relay communication network system is separately connected to a source blockchain node and a destination blockchain node, blockchain nodes in a blockchain node group to which the source blockchain node and the destination blockchain node belong all maintain a same shared key, and relay nodes in the blockchain relay communication network system do not maintain the shared key. The method comprises: a source blockchain node encrypts plaintext information on the basis of a shared key to obtain encrypted information, encapsulates an IP header for the encrypted information to generate an encrypted message, and sends the encrypted message to a blockchain relay communication network system; the blockchain relay communication network system forwards the encrypted message to a destination blockchain node on the basis of the IP header; and the destination blockchain node decrypts the encrypted message on the basis of the shared key to obtain the plaintext information.

Description

Message transmission method and device based on blockchain relay communication network system

This application requires the priority of the Chinese patent application submitted to the China Patent Office on June 29, 2022, with the application number 202210760932.0 and the invention title "Message transmission method and device based on blockchain relay communication network system", all of which The contents are incorporated into this application by reference.

Technical field

The embodiments of this specification belong to the field of blockchain technology, and particularly relate to a message transmission method and device based on a blockchain relay communication network system.

Background technique

Blockchain is a new application model of computer technology such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithm. In the blockchain system, data blocks are combined into a chained data structure in a chronological manner and are cryptographically guaranteed to be an untamperable and unforgeable distributed ledger. Due to the characteristics of blockchain, such as decentralization, non-tamperable information, and autonomy, blockchain has also received more and more attention and applications. In traditional blockchain technology, P2P (Peer to Peer, point-to-point) technology is used directly to communicate between various blockchain nodes to transmit transactions, blocks, etc. However, due to various network factors, communication delays are high and Poor stability and unable to meet application requirements.

Therefore, blockchain communication technology based on a blockchain relay communication network system has been proposed in related technologies. Blockchain nodes can be respectively connected to the blockchain relay communication network system, so that communication between blockchain nodes can be achieved through the blockchain relay communication network system. Since the blockchain relay communication network system is a backbone relay communication network system for real-time transmission of blockchain, the various relay nodes it contains can communicate with each other through high-quality bandwidth guaranteed by high QoS (Quality of Service, Quality of Service). Communication interaction, so the blockchain relay communication network system takes over the middle mile of communication between blockchain nodes, which can reduce communication delays and improve stability, thereby significantly improving the communication between blockchain nodes. Communication quality.

Contents of the invention

The purpose of this specification is to provide a message transmission method and device based on a blockchain relay communication network system.

According to the first aspect of one or more embodiments of this specification, a message transmission method based on a blockchain relay communication network system is proposed. The blockchain relay communication network system is connected to the source blockchain node and The destination blockchain nodes are connected, each blockchain node in the blockchain node group to which the source blockchain node and the destination blockchain node belong maintains the same shared key, and the blockchain The relay node in the relay communication network system does not maintain the shared key; the method includes:

The source blockchain node encrypts plaintext information based on the shared key to obtain encrypted information, encapsulates an IP header for the encrypted information to generate an encrypted message, and sends the encrypted message to the blockchain relay communication network system;

The blockchain relay communication network system forwards the encrypted message to the destination blockchain node based on the IP header;

The destination blockchain node decrypts the encrypted message based on the shared key to obtain the plaintext information.

According to the second aspect of one or more embodiments of this specification, a message transmission method based on a blockchain relay communication network system is proposed, applied to the source blockchain node, the blockchain relay communication network system are respectively connected to the source blockchain node and the destination blockchain node. Each blockchain node in the blockchain node group to which the source blockchain node and the destination blockchain node belong maintains the same The shared key is shared, and the relay node in the blockchain relay communication network system does not maintain the shared key; the method includes:

Encrypt plaintext information based on the shared key to obtain encrypted information;

encapsulating an IP header for the encrypted information to generate an encrypted message;

Send the encrypted message to the blockchain relay communication network system, which is used to forward the encrypted message to the destination blockchain node based on the IP header. .

According to the third aspect of one or more embodiments of this specification, a message transmission method based on a blockchain relay communication network system is proposed, which is applied to the destination blockchain node. The blockchain relay communication network system Connected to the source blockchain node and the destination blockchain node respectively. Each blockchain node in the blockchain node group to which the source blockchain node and the destination blockchain node belong maintains the same The shared key is shared, and the relay node in the blockchain relay communication network system does not maintain the shared key; the method includes:

Receive the encrypted message forwarded to the destination blockchain node based on the IP header of the encrypted message by the blockchain relay communication network system, and the encrypted message is forwarded by the source blockchain node based on the shared The encrypted information obtained by encrypting the plaintext information with the key encapsulates the IP header to generate;

The encrypted message is decrypted based on the shared key to obtain the plaintext information.

According to the fourth aspect of one or more embodiments of this specification, a message transmission method based on a blockchain relay communication network system is proposed, which is applied to the blockchain relay communication network system. The blockchain The relay communication network system is connected to the source blockchain node and the destination blockchain node respectively. Each blockchain node in the blockchain node group to which the source blockchain node and the destination blockchain node belong maintains have the same shared key, and the relay node in the blockchain relay communication network system does not maintain the shared key; the method includes:

Receive the encrypted message generated by the source blockchain node encapsulating the IP header with the encrypted information obtained by encrypting the plaintext information based on the shared key;

The encrypted message is forwarded to the destination blockchain node based on the IP header.

According to the fifth aspect of one or more embodiments of this specification, a message transmission system based on a blockchain relay communication network system is proposed. The blockchain relay communication network system is respectively connected with the source blockchain node and The destination blockchain nodes are connected, each blockchain node in the blockchain node group to which the source blockchain node and the destination blockchain node belong maintains the same shared key, and the blockchain The relay node in the relay communication network system does not maintain the shared key; the system includes:

The source blockchain node is used to encrypt plain text information based on the shared key to obtain encrypted information, encapsulate an IP header for the encrypted information to generate an encrypted message, and send the encrypted message to the zone. Blockchain relay communication network system;

The blockchain relay communication network system is used to forward the encrypted message to the destination blockchain node based on the IP header;

The destination blockchain node is used to decrypt the encrypted message based on the shared key to obtain the plaintext information.

According to the sixth aspect of one or more embodiments of this specification, a message transmission device based on a blockchain relay communication network system is proposed, which is applied to the source blockchain node. The blockchain relay communication network system are respectively connected to the source blockchain node and the destination blockchain node. Each blockchain node in the blockchain node group to which the source blockchain node and the destination blockchain node belong maintains the same The shared key is shared, and the relay node in the blockchain relay communication network system does not maintain the shared key; the device includes:

A plaintext information encryption unit, configured to encrypt plaintext information based on the shared key to obtain encrypted information;

An encrypted message generating unit, configured to encapsulate an IP header for the encrypted information to generate an encrypted message;

An encrypted message sending unit, configured to send the encrypted message to the blockchain relay communication network system, and the blockchain relay communication network system is configured to forward the encrypted message to the The destination blockchain node.

According to the seventh aspect of one or more embodiments of this specification, a message transmission device based on a blockchain relay communication network system is proposed, which is applied to a destination blockchain node. The blockchain relay communication network system Connected to the source blockchain node and the destination blockchain node respectively. Each blockchain node in the blockchain node group to which the source blockchain node and the destination blockchain node belong maintains the same A shared key is shared, and the relay node in the blockchain relay communication network system does not maintain the shared key; the device includes:

The first encrypted message receiving unit is configured to receive the encrypted message forwarded by the blockchain relay communication network system to the destination blockchain node based on the IP header of the encrypted message. The encrypted message is forwarded by the source The blockchain node encapsulates the IP header to generate the encrypted information obtained by encrypting the plaintext information based on the shared key;

An encrypted message decryption unit, configured to decrypt the encrypted message based on the shared key to obtain the plaintext information.

According to the eighth aspect of one or more embodiments of this specification, a message transmission device based on a blockchain relay communication network system is proposed, which is applied to the blockchain relay communication network system. The blockchain The relay communication network system is connected to the source blockchain node and the destination blockchain node respectively. Each blockchain node in the blockchain node group to which the source blockchain node and the destination blockchain node belong maintains have the same shared key, and the relay node in the blockchain relay communication network system does not maintain the shared key; the device includes:

The second encrypted message receiving unit is configured to receive an encrypted message generated by the source blockchain node by encapsulating the IP header of the encrypted information obtained by encrypting the plaintext information based on the shared key;

An encrypted message forwarding unit, configured to forward the encrypted message to the destination blockchain node based on the IP header.

According to a ninth aspect of one or more embodiments of this specification, an electronic device is provided, including:

processor;

Memory used to store instructions executable by the processor;

Wherein, the processor implements the method described in any one of the first to fourth aspects by running the executable instructions.

According to a tenth aspect of one or more embodiments of this specification, a computer-readable storage medium is proposed, on which computer instructions are stored, and when the instructions are executed by a processor, any one of the first to fourth aspects is implemented. The steps of the method.

In the embodiment of this specification, the source blockchain node and the destination blockchain node are connected through the blockchain relay communication network system. The source blockchain node and the destination blockchain node belong to the same blockchain node group. The same shared key is maintained, which allows the source blockchain node to use the shared key for encryption when it needs to send plaintext information to the destination blockchain node, ensuring the confidentiality of the system, and due to the blockchain relay communication All relay nodes in the network do not maintain this shared key, which makes it impossible for relay nodes in the relay network system to directly obtain plaintext information through decryption, thereby preventing the plaintext information from being transmitted through the blockchain relay communication network system. The process is exposed, which enhances the security of communication between blockchain nodes. In addition, the blockchain relay communication network system does not need to perform complex decapsulation or parsing processes after obtaining the encrypted message. Instead, it can directly forward the encrypted message based on the IP header at the network layer, and the entire source blockchain node The data transfer process to the destination blockchain node does not add additional computing overhead, achieving efficient data transfer.

Description of drawings

In order to explain the technical solutions of the embodiments of this specification more clearly, the drawings needed to be used in the description of the embodiments will be briefly introduced below. Obviously, the drawings in the following description are only some of the embodiments recorded in this specification. , for those of ordinary skill in the art, other drawings can also be obtained based on these drawings without exerting creative labor.

Figure 1 is a schematic diagram of a scenario in which blockchain nodes interact through a blockchain relay communication network system provided by an exemplary embodiment.

Figure 2 is a flow chart of a message transmission method based on a blockchain relay communication network system provided by an exemplary embodiment.

Figure 3 is a flow chart of another message transmission method based on a blockchain relay communication network system provided by an exemplary embodiment.

Figure 4 is a flow chart of yet another message transmission method based on a blockchain relay communication network system provided by an exemplary embodiment.

Figure 5 is a flow chart of yet another message transmission method based on a blockchain relay communication network system provided by an exemplary embodiment.

Figure 6 is an interactive flow chart of a message transmission method based on a blockchain relay communication network system provided by an exemplary embodiment.

Figure 7 is a schematic architectural diagram of a message transmission system based on a blockchain relay communication network system provided by an exemplary embodiment.

Figure 8 is a schematic structural diagram of a device provided by an exemplary embodiment.

Figure 9 is a block diagram of a message transmission device based on a blockchain relay communication network system provided by an exemplary embodiment.

Figure 10 is a block diagram of another message transmission device based on a blockchain relay communication network system provided by an exemplary embodiment.

Figure 11 is a block diagram of yet another message transmission device based on a blockchain relay communication network system provided by an exemplary embodiment.

Detailed ways

In order to enable those skilled in the art to better understand the technical solutions in this specification, the technical solutions in the embodiments of this specification will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of this specification. Obviously, the described The embodiments are only some of the embodiments of this specification, but not all of the embodiments. Based on the embodiments in this specification, all other embodiments obtained by those of ordinary skill in the art without creative efforts should fall within the scope of protection of this specification.

The blockchain relay communication network system involved in the embodiments of this specification refers to the backbone relay communication network system oriented to real-time transmission of the blockchain, which may also be called a blockchain relay communication network or a blockchain relay communication network. The external docking terminal is the blockchain node in the blockchain network. The types of the above-mentioned blockchain network can include public chains, private chains, alliance chains, etc. For example, the blockchain relay communication network used in the public chain mainly includes Falcon, Fast Bitcoin Relay Network (FBRN), Fast Internet Bitcoin Relay Engine (FIBRE), etc., while the blockchain relay communication network used in the alliance chain mainly includes Including BloXRoute, Blockchain Transmission Network (BTN), etc. This manual does not limit the blockchain relay communication network used.

When blockchain nodes are directly connected end-to-end based on P2P technology, TLS (Transport Layer Security, Transport Layer Security Protocol) can be used to implement encrypted communication. For example, when blockchain node Node 1 needs to send a blockchain message to blockchain node Node 2, Node 1 serves as the source blockchain node, and Node 2 serves as the destination blockchain node. Node 1 and Node 2 can perform key negotiation based on the TLS protocol, thereby establishing a TLS link between Node 1 and Node 2 based on the negotiated transmission key. Then, the blockchain messages are in ciphertext state (encrypted by the above-mentioned transmission key) when transmitted within the TLS link, and only Node 1 and Node 2 holding the transmission key can decrypt the corresponding message plaintext. .

However, the situation is different when blockchain nodes communicate with each other through a blockchain relay communication network. Assume that Node A is connected to relay node 1 in the blockchain relay communication network. Although a TLS link can be established between Node 1 and relay node 1, so that the blockchain messages are in a ciphertext state when transmitted within the TLS link, but since the transmission key is between Node 1 and relay node 1, so the relay node 1 can decrypt the received message ciphertext through the transmission key, so that the message plaintext is exposed to the blockchain relay communication network.

Taking Figure 1 as an example, Figure 1 is a schematic diagram of a scenario in which blockchain nodes interact through a blockchain relay communication network system according to an exemplary embodiment. As shown in Figure 1, the blockchain relay communication network system contains three relay nodes, namely relay node a, relay node b and relay node c. Assume that relay node a and blockchain node Node A is connected through TLS link 1, relay node b is connected to blockchain node Node B through TLS link 2, relay node b is also connected to blockchain node Node D through TLS link 3, relay node Node c is connected to the blockchain node Node C through TLS link 4. Within the blockchain relay system network system, relay node a, relay node b, and relay node c are connected to each other through high-speed links (large-bandwidth, low-latency non-encrypted links). Since a TLS link is established between the relay node inside the blockchain relay communication network and the blockchain node as the external terminal of the blockchain relay communication network, during the transmission process of the TLS link, even if the message Intercepted by the attacker. Since the attacker did not participate in the key negotiation process for the corresponding key of the encrypted link, the attacker cannot decrypt the message before encryption. However, for the relay node, since it participates in the key negotiation process, it can decrypt to obtain the message of the blockchain node before it is encrypted by the key corresponding to the encryption link. Then, there is a direct connection between the blockchain nodes. When plaintext information is transmitted and the blockchain relay communication network system is controlled by an attacker, it will lead to large-scale data leakage and bring great security risks. In addition, the nature of the TLS link requires the relay node to perform multi-layer decapsulation, decryption and further encapsulation of the encrypted message received from the blockchain node before it can be used for forwarding, which is not conducive to efficient data transmission.

In order to eliminate the above security risks, a common approach is to use asymmetric encryption to protect messages at the application layer of the source blockchain node and the destination blockchain node. However, this method adds additional computing overhead and does not Conducive to efficient data transmission, it violates the original intention of the blockchain relay communication network to accelerate the data transmission process.

Therefore, in order to eliminate security risks while achieving efficient data transmission, this specification proposes a message transmission scheme based on the blockchain relay communication network system, which uses a shared key shared only within the blockchain node group to The information is encrypted so that the source blockchain node and the destination blockchain node can avoid exposing plaintext information to the blockchain relay communication network system when transmitting data, thereby enhancing the security of communication between blockchain nodes. At the same time, The entire data transfer process does not add additional computing overhead, achieving efficient data transfer.

The message transmission method based on the blockchain relay communication network system involved in this specification will be described in detail below with reference to Figure 2. Figure 2 is a flow chart of a message transmission method based on a blockchain relay communication network system provided by an exemplary embodiment, wherein the blockchain relay communication network system communicates with the source blockchain node and destination respectively. Blockchain nodes are connected, each block chain node in the block chain node group to which the source block chain node and the destination block chain node belong maintain the same shared key, and in the block chain The relay node in the relay communication network system does not maintain the shared key; the method includes:

S202: The source blockchain node encrypts plaintext information based on the shared key to obtain encrypted information, encapsulates an IP header for the encrypted information to generate an encrypted message, and sends the encrypted message to the block Chain relay communication network system.

In the embodiment of this specification, the operations of the source blockchain node to encrypt the plaintext information and encapsulate the IP header are all implemented based on the network layer protocol, that is, the plaintext information specifically refers to the network layer IP packet containing the IP header. message or network layer IP message with the IP header removed. This plain text information can be directly forwarded at the network layer if it contains the IP header. Regardless of whether the plaintext information contains an IP header, the encrypted information obtained by encrypting it does not have an IP header. Therefore, in order to enable the encrypted information to be correctly forwarded to the destination blockchain node at the network layer, it is necessary to encapsulate the IP for the encrypted information. header to generate an encrypted message.

In the case where the plaintext information includes the original IP header corresponding to the original message, the IP header is created based on the network information of the blockchain relay communication network system. The original message involved in the embodiment of this specification belongs to the above-mentioned network layer IP message containing an IP header. The source IP address contained in the original IP header corresponding to the original message is the IP address of the source blockchain node, and the original The destination IP address contained in the IP header is the IP address corresponding to the destination blockchain node. In the embodiment of this specification, if the original message containing the original IP header is encrypted as plain text information as encrypted information, then the IP header re-encapsulated by the source blockchain node for the encrypted information needs to refer to the blockchain relay network System network information. For example, when the blockchain relay communication network system includes a source relay node connected to the source blockchain node and a destination relay node connected to the destination blockchain node, the re-encapsulated IP header can be The source IP address is set to the IP address of the source relay node, and the destination IP address in the re-encapsulated IP header is set to the IP address of the destination blockchain node, so that the encrypted message can be used in the blockchain relay communication network system When forwarding, the IP address of the source blockchain node is hidden from the blockchain relay communication network system, which plays a certain role in information protection.

In the case where the plaintext information contains the original IP header corresponding to the original message, the IPsec ESP (Internet Protocol Security, Encapsulation Security Protocol) protocol in tunnel mode can be implemented. Under IPsec ESP in tunnel mode, the source blockchain node first determines the blockchain node group to which the destination blockchain node belongs, obtains the shared key corresponding to the blockchain node group, and pairs the original The message is encrypted to obtain the encrypted information, and the encrypted information is encapsulated with an ESP header and an ESP tail. The ESP header carries the SPI (security parameters index) corresponding to the blockchain node group. , the ESP tail includes some padding data and the padding length corresponding to the padding data. The structure obtained at this time consisting of the ESP header, encryption information and ESP tail is called enchilada (authentication area structure). The source blockchain node further calculates a hash digest for the authentication zone structure, and encapsulates the hash digest at the end of the authentication zone structure. Finally, based on this, a new authentication zone structure containing the hash digest is encapsulated. IP header to generate an encrypted message. The destination IP address and source IP address in the new IP header can be the same as or different from the destination IP address and source IP address in the original IP header. The protocol type contained in the new IP header is 50, indicating that it contains is an IPsec message.

When the plaintext information is the original message with the original IP header removed, the IP header is the original IP header. In the embodiment of this specification, if the original message is encrypted as plaintext information after removing the original IP header, then the IP header re-encapsulated by the source blockchain node for the encrypted information can be set as the original IP header. . Specifically, the IPsec ESP protocol in transport mode can be used to implement the embodiments of this specification. Under the IPsec ESP protocol in transport mode, the source blockchain node first determines the blockchain node group to which the destination blockchain node belongs, obtains the shared key corresponding to the blockchain node group, and pairs it based on the shared key The original message with the original IP header removed is encrypted to obtain the encrypted information. Similar to the IPsec ESP protocol in tunnel mode, the encrypted information is encapsulated with an ESP header and an ESP trailer to generate an authentication zone structure. The authentication zone is The hash digest corresponding to the structure is encapsulated at the tail of the authentication zone structure, and the original IP header is encapsulated at the head of the authentication zone structure to generate an encrypted message.

As mentioned above, the encrypted messages involved in the embodiments of this specification can be generated based on the IPsec ESP protocol, specifically including the IPsec ESP protocol in transport mode or the IPsec ESP protocol in tunnel mode, thereby taking into account data integrity during the data transfer process. properties, and anti-replay attacks.

After the source blockchain node generates an encrypted message containing an IP header, it can send the encrypted message to the blockchain relay communication network system, so that the relay communication network system can communicate based on the IP header. The encrypted message is forwarded and ultimately routed to the destination blockchain node.

In the embodiment of this specification, the blockchain nodes as external terminals of the blockchain relay communication network system can be managed according to the group management method of the blockchain node group, so that all nodes in the same blockchain node group Each blockchain node maintains the same shared key. For example, several blockchain nodes can maintain a common shared key through group key negotiation in advance, and thus be organized into a blockchain node group based on online negotiation; or, several blockchain nodes can be organized offline The same key is manually entered as a shared key, and is organized into a blockchain node group based on offline entry; or, the node devices where several blockchain nodes are located are bound to the same key. , then these several blockchain nodes will read the same key from the node device where they are located and use it as a shared key, and then they will be jointly organized into a blockchain node group based on device binding. During the process of mutual communication between the blockchain nodes in the blockchain node group, they will first encrypt the plaintext information according to the jointly maintained shared key to obtain the encrypted information, and then encapsulate the IP header for the encrypted information to generate Encrypt the message, and finally transmit the encrypted message. From this point on, no matter whether the encrypted message undergoes any processing during the transmission process or is stolen by an attacker, since the shared key is only used by the blockchain within the same blockchain node group, It is maintained by the node, so the possibility of plain text information being exposed during the data transfer process is theoretically eliminated. The shared key involved in the embodiments of this specification is a symmetric key. Therefore, when a blockchain node receives encrypted messages from other blockchain nodes belonging to the same blockchain node group, it can directly use the shared key based on the shared key. Decrypt the key to obtain the plain text information.

In the embodiment of this specification, the same blockchain node can belong to multiple different blockchain node groups at the same time. Therefore, for any blockchain node, it can locally maintain multiple nodes that it belongs to. List of members of the blockchain node group and their corresponding shared keys. When the source blockchain node needs to transmit data to the destination blockchain node, the source blockchain node first searches for at least one pre-maintained blockchain node group locally and determines the relationship between itself and the destination blockchain node. The blockchain node group to which they belong together (there may be multiple), and then the plaintext information is encrypted based on the shared key corresponding to the blockchain node group that is maintained locally to obtain the encrypted information, and then the IP header is further encapsulated To generate an encrypted message, so that after receiving the encrypted message, the destination blockchain node can decrypt it and obtain the plaintext information based on the shared key of the blockchain node group.

S204: The blockchain relay communication network system forwards the encrypted message to the destination blockchain node based on the IP header.

In the embodiment of this specification, the blockchain relay communication network system is connected to the source blockchain node and the destination blockchain node through non-encrypted links respectively, which means that the relay in the blockchain relay communication network system The node does not need to undertake the work of decrypting the encrypted message, but only needs to decapsulate it to the network layer and forward the encrypted message based on the destination IP address in the IP header (that is, the IP address of the destination blockchain node), thereby making the encryption Messages achieve efficient data transmission within the blockchain relay network system.

In the embodiment of this specification, the blockchain relay communication network system is a relay node; or,

The blockchain relay communication network system includes a source relay node and a destination relay node. The source relay node is connected to the source blockchain node, and the destination relay node is connected to the destination blockchain node. The blockchain relay communication network system forwards the encrypted message to the destination blockchain node based on the IP header, including:

The source relay node sends the encrypted message received from the source blockchain node to the destination relay node;

The destination relay node sends the encrypted message to the destination blockchain node.

In the embodiment of this specification, the blockchain relay communication network system may include at least one relay node, and in the case of only one relay node, the relay node communicates with the source blockchain node and the destination blockchain at the same time. The nodes have established connections respectively; and in the case where the blockchain relay communication network system includes at least two relay nodes including an active relay node and a destination relay node, the source relay node and the source relay node The blockchain nodes are connected, the destination relay node is connected to the destination blockchain node, and the relay nodes within the blockchain relay communication network system will also be connected through high-speed links (large bandwidth, Low-latency non-encrypted links), therefore, encrypted messages can be routed and forwarded through high-speed links in the blockchain relay communication network system, during which each relay node does not involve other than forwarding and routing of encrypted messages. The calculation process enables the encrypted message to be efficiently forwarded to the destination relay node.

S206: The destination blockchain node decrypts the encrypted message based on the shared key to obtain the plaintext information.

As mentioned before, since the destination blockchain node and the source blockchain node are in the same blockchain node group and maintain the same shared key, the blockchain relay communication is received at the destination blockchain node In the case of encrypted messages sent by the network system, the encrypted message can be decrypted based on the shared key to finally obtain the plaintext information. At this point, the entire process of the message transmission solution based on the blockchain relay communication network system is realized.

When the source blockchain node generates encrypted messages based on the IPsec ESP protocol, the destination blockchain node also needs to process the encrypted messages based on the IPsec ESP protocol. For example, under IPsec ESP in tunnel mode, after receiving the encrypted message, the destination blockchain node checks that the protocol type in the IP header is 50, so it knows that this is an IPsec packet. Therefore, the destination blockchain node first performs a hash operation on the authentication area structure contained in the encrypted information to obtain a hash digest, compares it with the hash digest at the end of the encrypted message, and confirms if the comparison is consistent. The authentication zone structure in the encrypted message has not been tampered with. Then, the destination blockchain node further checks the ESP header in the authentication zone structure, and determines the next need to use SA (security assist, security association strategy) through the SPI contained in the ESP header, because the SPI corresponds to the source block The chain node and the destination blockchain node jointly belong to the blockchain node group. Therefore, the destination blockchain node retrieves the local pre-stored SA corresponding to the blockchain node group and obtains the corresponding blockchain node group from it. The shared key and corresponding decryption method. After removing the ESP header and ESP trailer from the authentication area structure, the encrypted information is obtained. The encrypted information is decrypted according to the decryption method and shared key in the retrieved SA to obtain the plaintext information. The plaintext information still contains an original IP header. The destination blockchain node can further forward the plaintext information based on the obtained original IP header.

Under IPsec ESP in transport mode, after receiving the encrypted message, the destination blockchain node checks that the protocol type in its IP header is 50, so it knows that this is an IPsec packet. Therefore, similar to IPsec ESP in tunnel mode, the destination blockchain node first performs a hash operation on the authentication zone structure contained in the encrypted information to obtain a hash digest, and compares it with the hash digest at the end of the encrypted message. If the comparison is consistent, it is confirmed that the authentication area structure in the encrypted message has not been tampered with. Then, the destination blockchain node further checks the ESP header in the authentication zone structure, and retrieves the corresponding shared key and corresponding decryption method locally through the SPI contained in the ESP header. The encrypted information obtained by removing the ESP header and ESP trailer from the authentication area structure is decrypted according to the corresponding decryption method and shared key to obtain plaintext information. The plaintext information does not contain other IP headers.

Optionally, the shared key is maintained at each blockchain node through group key negotiation by each blockchain node in the blockchain node group. In the embodiment of this specification, each blockchain node belonging to the same blockchain node group realizes joint maintenance of a shared key by performing group key negotiation in advance. Group key agreement is different from the end-to-end key agreement between two peers, but refers to the key agreement between at least three peers. The purpose is to enable at least three peers to communicate through online interaction. The peers jointly maintain the same shared key, while preventing the shared key from being leaked to third parties other than the at least three peers. The protocols corresponding to the end-to-end key negotiation involved in the embodiments of this specification may include TLS protocol, IKE (Internet key exchange, network key exchange protocol) protocol, DH (Diffie-Hellman) key exchange protocol, etc. This specification will This is not a limitation.

Optionally, each blockchain node in the blockchain node group performs group key negotiation, including: the master node in the blockchain node group communicates with each node in the blockchain node group except the master node. Other blockchain nodes other than the node jointly maintain the shared key through key negotiation. In the embodiment of this specification, a method for group key negotiation is provided. In this method, it is first necessary to determine a master node in the blockchain node group as the host of the group key negotiation. Then, the master node will Conduct end-to-end key negotiation with other blockchain nodes (slave nodes) in the blockchain node group except the master node. For example, in the scenario shown in Figure 1, assuming Node A serves as the master node and wants to form a blockchain node group including Node A, Node B and Node C, then Node A can interact with Node B and Node C respectively or simultaneously. Key negotiation, and the shared key maintained by Node B after key negotiation is the same as the shared key maintained by Node C after key negotiation. At the same time, Node A itself will also maintain the shared key, so that ultimately This allows Node A, Node B and Node C to maintain the same shared key, thereby jointly participating in forming a new blockchain node group.

Optionally, the master node conducts key negotiation with any blockchain node (slave node) among the other blockchain nodes, including: the master node and any blockchain node communicate through DH The key exchange protocol generates and maintains the shared key; or, the master node and any blockchain node jointly maintain the session key through the DH key exchange protocol, and transfers the session key generated by the master node to The shared key is encrypted based on the session key and sent to any blockchain node, and the any blockchain node is used to decrypt the encrypted shared key based on the session key to Get the shared secret key. In the embodiment of this specification, when the master node performs key negotiation with any slave node, it can jointly maintain the same shared key directly or indirectly based on the DH key exchange protocol. The DH key exchange protocol is a type of A scheme for generating symmetric keys in an insecure network, which mainly uses the method of two key negotiation parties to disclose generators and publicly computable values to each other, so that each key negotiation party can calculate only the key negotiation Only the other party can learn the same key seed, thereby further generating and maintaining the same symmetric key based on the same key seed.

In one embodiment, the master node and the slave node can use the keys directly generated by each other through the DH key exchange protocol as a shared key, so that the master node and the slave node maintain the same shared key. , but since the shared key obtained through the DH key exchange protocol each time is uncertain, in order to ensure that the master node and all other slave nodes maintain the same shared key, this is done directly through the DH key agreement protocol. The method of directly generating a shared key is usually only used when the master node performs key negotiation with the first slave node during the group key negotiation process. Subsequently, other methods need to be used to ensure that all slave nodes can maintain the same key. Shared key.

In another embodiment, the master node and the slave node can first use the key directly generated by the DH key exchange protocol as the session key for subsequent encrypted communication. At this time, the master node can use the randomly generated key. The symmetric key is used as a shared key (or a shared key generated through key negotiation with the first slave node) and is encrypted by the session key and sent to the slave node, so that the slave node decrypts it according to the session key maintained by itself. Shared key, and since the session key generated directly by the DH key exchange protocol is not directly used as a shared key, but as a basis for building encrypted communication, this allows each slave node in the blockchain node group to pass This method maintains the same shared key, ultimately achieving group key agreement.

Optionally, the shared key and/or the session key are recorded in the security association policy maintained by the master node and any blockchain node. In order to distinguish different encryption strategies and effectively arrange the key negotiation process, different security association strategies need to be applied to different types of messages so that they can be encrypted in a prescribed manner. The security involved in the embodiments of this specification The association policy specifically refers to the SA (security assist) in the IKE protocol. Different SAs can be indexed through the SPI (security parameters index) field on the message to be processed. For example, messages used for key negotiation (such as messages sent during the DH key negotiation process) can be set to be encrypted with the session key, so the SPI field on the corresponding message will point to the session key. Security association strategy for encryption and decryption using the key; messages used for ordinary communication can be set to be encrypted through the shared key, so the SPI field on the message corresponding to such a message will point to the corresponding blockchain node. Security association policy for encryption and decryption using the shared key corresponding to the group.

Optionally, the master node conducts key negotiation with any blockchain node (slave node) among the other blockchain nodes, including: the master node generates the shared key and transfers the The ciphertext key obtained by encrypting the shared key based on the public key of any blockchain node is sent to the any blockchain node; the any blockchain node encrypts the ciphertext key based on the Decrypt the private key of any blockchain node to obtain the shared key. In the embodiment of this specification, the key negotiation between the master node and the slave node is realized through the asymmetric encryption feature, while avoiding leaking the shared key to other third parties during the key negotiation process, so as to further realize the group operation. Key agreement.

Optionally, it also includes: any other blockchain node encrypts the shared key based on the public key of the master node and returns it to the master node; the master node encrypts the shared key based on the private key of the master node. When the encrypted shared key obtained from any other blockchain node is decrypted to obtain the shared key, it is determined that the key negotiation with any other blockchain node has been completed. . After the slave node decrypts and obtains the shared key, although objectively both the master node and the slave node have maintained the same shared key at this time, the master node cannot actually determine that the slave node has maintained the shared key without receiving the relevant certificate. key, so in order for the master node to be able to determine that the slave node participating in a certain key negotiation has indeed obtained the shared key, the slave node can further use the master node's public key to encrypt and return after decrypting the shared key. to the master node, and after the master node decrypts and obtains the shared key, it can be determined that the slave node has successfully obtained the shared key, which facilitates the arrangement of subsequent key negotiation tasks, or determines that the group key negotiation has been completed (in the determination area When all slave nodes in the blockchain node group maintain shared keys).

Optionally, it also includes: the master node generates a digital signature for the ciphertext key based on the private key of the master node, and sends the digital signature to any blockchain node; A blockchain node verifies the digital signature based on the public key of the master node, and determines that the ciphertext key originates from the master node if the signature verification is successful. In the embodiment of this specification, in order to enable the slave node to verify the identity of the master node and prevent other third parties from impersonating the master node and performing key verification with the slave node, digital signature technology can be used to enable the master node to digitally sign the ciphertext key , and then the slave node verifies the digital signature, and determines the legitimacy of the source of the ciphertext key if the verification is successful. It also ensures that the ciphertext key has not been tampered with during the transmission process.

Optionally, each of the blockchain nodes is respectively connected to at least one relay node in the blockchain relay communication network system, and each blockchain node needs to interact with at least part of the negotiation when performing group key negotiation. Messages are forwarded via the blockchain relay communication network system. In the embodiment of this specification, before the blockchain nodes in the blockchain node group perform encrypted message transmission through shared keys, they also need to send some negotiation messages to each other when performing group key negotiation, such as The generators and publicly computed values in the DH key agreement protocol, or the key ciphertext in the asymmetric encryption method, and at least some of these negotiation messages can be forwarded through the blockchain relay communication network system. Due to the block Chain relay communication network systems usually have high message transmission efficiency, thus speeding up the efficiency of group key negotiation. Of course, the negotiation messages that the above-mentioned blockchain nodes need to interact when performing group key negotiation can also directly go through other dedicated lines or public networks outside the blockchain relay communication network system; or, part of these negotiation messages can be sent through the blockchain The chain relay communication network system is used for forwarding, and the other part is forwarded through other dedicated lines or public networks.

In the embodiment of this specification, the source blockchain node and the destination blockchain node are in the same blockchain network or different blockchain networks. It should be pointed out that blockchain node groups and blockchain networks are not the same concept, which means that blockchain node members belonging to the same blockchain node group are not necessarily in the same blockchain network. Each blockchain node in the same blockchain network is not necessarily in the same blockchain node group. The original intention of the blockchain node group involved in the embodiments of this specification is to realize secure communication among members of the blockchain node group. This can not only adapt to the intra-chain interaction needs of each blockchain node within the blockchain network for transaction consensus and block synchronization (by unifying all blockchain nodes in the same blockchain network into the same blockchain node group) , and can also adapt to the cross-chain interaction needs between blockchain nodes in different blockchain networks (by setting blockchain nodes in different blockchain networks to the same blockchain node group). In the case where the source blockchain node and the destination blockchain node are in different blockchain networks, the source blockchain network where the source blockchain node is located and the destination blockchain node Whether the intended blockchain network is homogeneous or heterogeneous, the blockchain nodes in the blockchain node group are not required to have the same blockchain architecture, that is, each blockchain node in a blockchain node group The multiple blockchain networks involved do not necessarily need to be isomorphic and have the same blockchain protocol, consensus protocol, etc. The multiple blockchain networks involved can also be heterogeneous.

It should be noted that heterogeneous blockchains in a narrow sense usually refer to obvious differences in the values circulating on the blockchain; that is, between two blockchains with obvious differences in the values circulating, it is usually possible to Call it a heterogeneous blockchain. For example, the Bitcoin network and Ethereum are heterogeneous blockchains in a narrow sense.

Heterogeneous blockchain in a broad sense means that there are obvious differences in the types of blockchains and/or the blockchain protocols adopted; that is, there are obvious differences in the types of blockchains and/or the blockchain protocols adopted. Between two blockchains, it can usually be called a heterogeneous blockchain. For example, ANT CHAIN and hyperledger fabric blockchain are heterogeneous blockchains in a broad sense.

The message transmission method based on the blockchain relay communication network system involved in the embodiments of this specification can be implemented based on the network layer protocol. For example, the network layer protocol can be IPsec (Internet Protocol Security, Internet Security Protocol), specifically the IPsec ESP protocol. . Since the encryption and decryption process based on the shared key and the encapsulation process of the IP header all occur at the network layer, compared with the application layer protocol, transport layer protocol or TLS protocol, the blockchain relay communication network in the embodiment of this specification The system does not need to deeply decapsulate and parse forwarded messages (i.e. encrypted messages), but only needs to decapsulate them to the network layer and forward them directly based on the IP header, which has a small performance loss on forwarding efficiency. At the same time, since the encrypted objects in the network layer are IP messages, and the encrypted objects in the application layer protocol are data structures defined by the application, the encryption scope of the network layer protocol (including application layer encapsulation, transport layer encapsulation, etc.) are larger and have stronger data protection capabilities.

Figure 3 is a flow chart of another message transmission method based on a blockchain relay communication network system provided by an exemplary embodiment. As shown in Figure 3, this method is applied to the source blockchain node. The blockchain relay communication network system is connected to the source blockchain node and the destination blockchain node respectively. The source blockchain node Each blockchain node in the blockchain node group to which the destination blockchain node belongs maintains the same shared key, and the relay node in the blockchain relay communication network system does not maintain any the shared key; the method includes:

S302: Encrypt plaintext information based on the shared key to obtain encrypted information.

S304: Encapsulate the IP header for the encrypted information to generate an encrypted message.

S306: Send the encrypted message to the blockchain relay communication network system, which is used to forward the encrypted message to the destination block based on the IP header. chain node.

Figure 4 is a flow chart of yet another message transmission method based on a blockchain relay communication network system provided by an exemplary embodiment. As shown in Figure 4, this method is applied to the destination blockchain node. The blockchain relay communication network system is connected to the source blockchain node and the destination blockchain node respectively. The source blockchain node Each blockchain node in the blockchain node group to which the destination blockchain node belongs maintains the same shared key, and the relay node in the blockchain relay communication network system does not maintain any the shared key; the method includes:

S402: Receive the encrypted message forwarded to the destination blockchain node by the blockchain relay communication network system based on the IP header of the encrypted message. The encrypted message is forwarded by the source blockchain node based on the IP header of the encrypted message. The encrypted information obtained by encrypting the plain text information with the shared key is encapsulated in the IP header to generate.

S404: Decrypt the encrypted message based on the shared key to obtain the plaintext information.

Figure 5 is a flow chart of yet another message transmission method based on a blockchain relay communication network system provided by an exemplary embodiment. As shown in Figure 5, this method is applied to the blockchain relay communication network system. The blockchain relay communication network system is connected to the source blockchain node and the destination blockchain node respectively. The source area The blockchain node and each blockchain node in the blockchain node group to which the destination blockchain node belongs maintain the same shared key, and the relay node in the blockchain relay communication network system has not The shared key is maintained; the method includes:

S502: Receive the encrypted message generated by the source blockchain node by encapsulating the IP header with the encrypted information obtained by encrypting the plaintext information based on the shared key.

S504: Forward the encrypted message to the destination blockchain node based on the IP header.

Figure 6 is an interactive flow chart of a message transmission method based on a blockchain relay communication network system provided by an exemplary embodiment. Figure 6 is based on the mutual cooperation between Node A, relay node a, relay node b and Node B in the scenario shown in Figure 1. It is assumed that Node A is the source blockchain node, and Node A locally maintains a Members also include the shared key key_1 corresponding to the blockchain node groups of Node A and Node B. Assume that Node B is the destination blockchain node, and Node B also maintains the shared key key_1 locally. In addition, in the blockchain Relay node a as the source relay node in the relay communication network system is connected to Node A, relay node b as the destination relay node in the blockchain relay communication network system is connected to Node B, and the relay node A and relay node b are connected through a high-speed link. Taking Node A in Figure 1 as an example to send plaintext information to Node B via relay node a and relay node b in the blockchain relay communication network system, this description is based on the message transmission of the blockchain relay communication network system. The plan is explained in detail. Referring to Figure 6, the method includes the following steps:

S601: Node A locally searches for the blockchain node group that belongs to the same blockchain node group as Node B, and determines the shared key key_1 corresponding to the same blockchain node group, and encrypts the original information original_msg based on the shared key key_1 and encapsulates the new IP. The header gets the encrypted message encrypted_msg, in which the source IP address in the newly encapsulated IP header is the IP address of relay node a, and the destination IP address is the IP address of Node B.

S602: Node A sends encrypted_msg to relay node a.

S603: After relay node a receives encrypted_msg, it searches the local routing table based on the destination IP address in its IP header (Node B's IP address) and finds that the next hop is relay node b, so it passes encrypted_msg directly to each other. The connected high-speed link is sent to relay node b. Of course, encrypted_msg can also be forwarded to relay node b via relay node c according to other routing strategies (for example, supporting load balancing).

S604: After receiving the encapsulated encrypted_msg, relay node b determines through its IP header that the destination it needs to send is Node B, and relay node b itself also has routing information leading to Node B, so the relay node b Node B further forwards encrypted_msg to Node B.

S605: After Node B receives encrypted_msg, it finds that the destination of the encrypted message is itself through its IP header, so it decapsulates the IP header and further obtains the blockchain corresponding to the encrypted_msg used to encrypt and decrypt the encrypted message. The index field of the node group (such as SPI), Node B indexes to the corresponding blockchain node group, and uses the shared key key_1 corresponding to the blockchain node group to decrypt encrypted_msg to obtain original_msg.

Figure 7 is a schematic architectural diagram of a message transmission system based on a blockchain relay communication network system provided by an exemplary embodiment. As shown in Figure 7, the blockchain relay communication network system 702 is connected to the source blockchain node 701 and the destination blockchain node 703 respectively. The source blockchain node 701 and the destination blockchain node Each blockchain node in the blockchain node group to which 703 belongs maintains the same shared key, and the relay node in the blockchain relay communication network system 702 does not maintain the shared key; so The systems described include:

The source blockchain node 701 is configured to encrypt plaintext information based on the shared key to obtain encrypted information, encapsulate an IP header for the encrypted information to generate an encrypted message, and send the encrypted message to the Blockchain relay communication network system 702.

The blockchain relay communication network system 702 is used to forward the encrypted message to the destination blockchain node 703 based on the IP header.

The destination blockchain node 703 is configured to decrypt the encrypted message based on the shared key to obtain the plaintext information.

Optionally, the blockchain relay communication network system 702 is a relay node; or,

The blockchain relay communication network system 702 includes a source relay node 7021 and a destination relay node 7022. The source relay node 7021 is connected to the source blockchain node 701, and the destination relay node 7022 is connected to the destination area. The blockchain node 703 is connected, and the blockchain relay communication network system 702 forwards the encrypted message to the destination blockchain node 703 based on the IP header, including:

The source relay node 7021 sends the encrypted message received from the source blockchain node 701 to the destination relay node 7022;

The destination relay node 7022 sends the encrypted message to the destination blockchain node 703.

Optionally, the shared key is maintained at each blockchain node through group key negotiation by each blockchain node in the blockchain node group.

Optionally, each of the blockchain nodes is connected to at least one relay node in the blockchain relay communication network system 702, and at least part of the interaction required by each of the blockchain nodes during group key negotiation is The negotiation message is forwarded via the blockchain relay communication network system 702.

Optionally, each blockchain node in the blockchain node group conducts group key negotiation, including:

The master node in the blockchain node group jointly maintains the shared key through key negotiation with other blockchain nodes in the blockchain node group except the master node.

Optionally, the master node conducts key negotiation with any of the other blockchain nodes, including:

The master node and any blockchain node generate and maintain the shared key through a DH key exchange protocol; or,

The master node and any blockchain node jointly maintain a session key through the DH key exchange protocol, and encrypt the shared key generated by the master node based on the session key and send it to the Any blockchain node, the any blockchain node is configured to decrypt the encrypted shared key based on the session key to obtain the shared key.

Optionally, the shared key and/or the session key are recorded in the security association policy maintained by the master node and any blockchain node.

The master node generates the shared key and sends the ciphertext key obtained by encrypting the shared key based on the public key of any blockchain node to the any blockchain node;

The any blockchain node decrypts the ciphertext key based on the private key of any blockchain node to obtain the shared key.

Optional, also includes:

The master node generates a digital signature for the ciphertext key based on the private key of the master node, and sends the digital signature to any blockchain node;

The any blockchain node verifies the digital signature based on the public key of the master node, and determines that the ciphertext key originates from the master node if the signature verification is successful.

Optionally, the source blockchain node 701 and the destination blockchain node 703 are in the same blockchain network or different blockchain networks.

Optionally, in the case where the source blockchain node 701 and the destination blockchain node 703 are in different blockchain networks, the source blockchain network where the source blockchain node 701 is located is the same as the source blockchain node 703. The destination blockchain network where the destination blockchain node 703 is located may be homogeneous or heterogeneous.

optional,

In the case where the plaintext information contains the original IP header corresponding to the original message, the IP header is created based on the network information of the blockchain relay communication network system 702;

When the plaintext information is the original message with the original IP header removed, the IP header is the original IP header.

Optionally, the encrypted message is generated based on IPsec ESP protocol.

Figure 8 is a schematic structural diagram of a device provided by an exemplary embodiment. Please refer to Figure 8. At the hardware level, the device includes a processor 802, an internal bus 804, a network interface 806, a memory 808 and a non-volatile memory 810. Of course, it may also include hardware required for other functions. One or more embodiments of this specification may be implemented based on software. For example, the processor 802 reads the corresponding computer program from the non-volatile memory 810 into the memory 808 and then runs it. Of course, in addition to software implementation, one or more embodiments of this specification do not exclude other implementations, such as logic devices or a combination of software and hardware, etc. That is to say, the execution subject of the following processing flow is not limited to each A logic unit can also be a hardware or logic device.

As shown in Figure 9, Figure 9 is a block diagram of a message transmission device based on a blockchain relay communication network system provided by an exemplary embodiment. This device can be applied to the equipment shown in Figure 8 to implement The technical solution of this specification; the device is applied to a source blockchain node, the blockchain relay communication network system is connected to the source blockchain node and the destination blockchain node respectively, and the source blockchain Each blockchain node in the blockchain node group to which the node and the destination blockchain node belong maintains the same shared key, and the relay node in the blockchain relay communication network system does not maintain a shared key. The shared key; the device includes:

The plaintext information encryption unit 901 is configured to encrypt plaintext information based on the shared key to obtain encrypted information.

The encrypted message generating unit 902 is configured to encapsulate an IP header for the encrypted information to generate an encrypted message.

The encrypted message sending unit 903 is used to send the encrypted message to the blockchain relay communication network system, and the blockchain relay communication network system is used to forward the encrypted message based on the IP header. to the destination blockchain node.

As shown in Figure 10, Figure 10 is a block diagram of another message transmission device based on the blockchain relay communication network system provided by an exemplary embodiment. This device can be applied to the equipment shown in Figure 8, to Implement the technical solution of this specification; the device is applied to a destination blockchain node, the blockchain relay communication network system is connected to the source blockchain node and the destination blockchain node respectively, and the source block Each blockchain node in the blockchain node group to which the chain node and the destination blockchain node belong maintains the same shared key, and the relay node in the blockchain relay communication network system is not maintained. There is the shared key; the device includes:

The first encrypted message receiving unit 1001 is configured to receive the encrypted message forwarded by the blockchain relay communication network system to the destination blockchain node based on the IP header of the encrypted message, where the encrypted message is forwarded by the The source blockchain node encapsulates the IP header to generate the encrypted information obtained by encrypting the plaintext information based on the shared key.

The encrypted message decryption unit 1002 is configured to decrypt the encrypted message based on the shared key to obtain the plaintext information.

As shown in Figure 11, Figure 11 is a block diagram of yet another message transmission device based on a blockchain relay communication network system provided by an exemplary embodiment. This device can be applied to the equipment shown in Figure 8, to Implement the technical solution of this specification; the device is applied to the blockchain relay communication network system, and the blockchain relay communication network system is connected to the source blockchain node and the destination blockchain node respectively, and the Each blockchain node in the blockchain node group to which the source blockchain node and the destination blockchain node belong maintains the same shared key, and the relay in the blockchain relay communication network system The node does not maintain the shared key; the device includes:

The second encrypted message receiving unit 1101 is configured to receive an encrypted message generated by the source blockchain node by encapsulating the IP header of the encrypted information obtained by encrypting the plaintext information based on the shared key.

The encrypted message forwarding unit 1102 is configured to forward the encrypted message to the destination blockchain node based on the IP header.

In the 1990s, improvements in a technology could be clearly distinguished as hardware improvements (for example, improvements in circuit structures such as diodes, transistors, switches, etc.) or software improvements (improvements in method processes). However, with the development of technology, many improvements in today's method processes can be regarded as direct improvements in hardware circuit structures. Designers almost always obtain the corresponding hardware circuit structure by programming the improved method flow into the hardware circuit. Therefore, it cannot be said that an improvement of a method flow cannot be implemented using hardware entity modules. For example, a Programmable Logic Device (PLD) (such as a Field Programmable Gate Array (FPGA)) is such an integrated circuit whose logic functions are determined by the user programming the device. Designers can program themselves to "integrate" a digital system on a PLD, instead of asking chip manufacturers to design and produce dedicated integrated circuit chips. Moreover, nowadays, instead of manually making integrated circuit chips, this kind of programming is mostly implemented using "logic compiler" software, which is similar to the software compiler used in program development and writing, and before compilation The original code must also be written in a specific programming language, which is called Hardware Description Language (HDL), and HDL is not just one kind, but there are many, such as ABEL (Advanced Boolean Expression Language) , AHDL (Altera Hardware Description Language), Confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), Lava, Lola, MyHDL, PALASM, RHDL (Ruby Hardware Description Language), etc., are currently the most commonly used The two are VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) and Verilog. Those skilled in the art should also know that by simply logically programming the method flow using the above-mentioned hardware description languages and programming it into the integrated circuit, the hardware circuit that implements the logical method flow can be easily obtained.

The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer readable medium storing computer readable program code (eg, software or firmware) executable by the (micro)processor. , logic gates, switches, Application Specific Integrated Circuit (ASIC), programmable logic controllers and embedded microcontrollers. Examples of controllers include but are not limited to the following microcontrollers: ARC 625D, Atmel AT91SAM, For Microchip PIC18F26K20 and Silicone Labs C8051F320, the memory controller can also be implemented as part of the memory's control logic. Those skilled in the art also know that in addition to implementing the controller in the form of pure computer-readable program code, the controller can be completely programmed with logic gates, switches, application-specific integrated circuits, programmable logic controllers and embedded logic by logically programming the method steps. Microcontroller, etc. to achieve the same function. Therefore, this controller can be considered as a hardware component, and the devices included therein for implementing various functions can also be considered as structures within the hardware component. Or even, the means for implementing various functions can be considered as structures within hardware components as well as software modules implementing methods.

The systems, devices, modules or units described in the above embodiments may be implemented by computer chips or entities, or by products with certain functions. A typical implementation device is a server system. Of course, the present invention does not exclude that with the development of computer technology in the future, the computer that implements the functions of the above embodiments may be, for example, a personal computer, a laptop computer, a vehicle-mounted human-computer interaction device, a cellular phone, a camera phone, a smart phone, or a personal digital assistant. , media player, navigation device, email device, game console, tablet, wearable device, or a combination of any of these devices.

Although one or more embodiments of this specification provide method operation steps as described in the embodiments or flow charts, more or fewer operation steps may be included based on conventional or non-inventive means. The sequence of steps listed in the embodiment is only one way of executing the sequence of many steps, and does not represent the only execution sequence. When the actual device or terminal product is executed, it may be executed sequentially or in parallel according to the methods shown in the embodiments or figures (for example, a parallel processor or a multi-thread processing environment, or even a distributed data processing environment). The terms "comprises," "comprises," or any other variation thereof are intended to cover a non-exclusive inclusion such that a process, method, product, or apparatus that includes a list of elements includes not only those elements, but also others not expressly listed elements, or elements inherent to the process, method, product or equipment. Without further limitation, it does not exclude the presence of additional identical or equivalent elements in a process, method, product or apparatus including the stated elements. For example, if the words "first" and "second" are used to express names, they do not indicate any specific order.

For the convenience of description, when describing the above device, the functions are divided into various modules and described separately. Of course, when implementing one or more of this specification, the functions of each module can be implemented in the same or multiple software and/or hardware, or the modules that implement the same function can be implemented by a combination of multiple sub-modules or sub-units, etc. . The device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated. to another system, or some features can be ignored, or not implemented. On the other hand, the coupling or direct coupling or communication connection between each other shown or discussed may be through some interfaces, and the indirect coupling or communication connection of the devices or units may be in electrical, mechanical or other forms.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each process and/or block in the flowchart illustrations and/or block diagrams, and combinations of processes and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine, such that the instructions executed by the processor of the computer or other programmable data processing device produce a use A device for realizing the functions specified in one process or multiple processes of the flowchart and/or one block or multiple blocks of the block diagram.

These computer program instructions may also be stored in a computer-readable memory that causes a computer or other programmable data processing apparatus to operate in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction means, the instructions The device implements the functions specified in a process or processes of the flowchart and/or a block or blocks of the block diagram.

These computer program instructions may also be loaded onto a computer or other programmable data processing device, causing a series of operating steps to be performed on the computer or other programmable device to produce computer-implemented processing, thereby executing on the computer or other programmable device. Instructions provide steps for implementing the functions specified in a process or processes of a flowchart diagram and/or a block or blocks of a block diagram.

In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

Memory may include non-permanent storage in computer-readable media, random access memory (RAM) and/or non-volatile memory in the form of read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.

Computer-readable media includes both persistent and non-volatile, removable and non-removable media that can be implemented by any method or technology for storage of information. Information may be computer-readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), and read-only memory. (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, compact disc read-only memory (CD-ROM), digital versatile disc (DVD) or other optical storage, Magnetic tape, magnetic tape storage, graphene storage or other magnetic storage devices or any other non-transmission medium can be used to store information that can be accessed by a computing device. As defined in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.

It should be understood by those skilled in the art that one or more embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment that combines software and hardware aspects. Furthermore, one or more embodiments of the present description may employ a computer program implemented on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein. Product form.

One or more embodiments of this specification may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform specific tasks or implement specific abstract data types. One or more embodiments of the present description may also be practiced in distributed computing environments where tasks are performed by remote processing devices connected through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including storage devices.

Each embodiment in this specification is described in a progressive manner. The same and similar parts between the various embodiments can be referred to each other. Each embodiment focuses on its differences from other embodiments. In particular, for the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple. For relevant details, please refer to the partial description of the method embodiment. In the description of this specification, reference to the terms "one embodiment," "some embodiments," "an example," "specific examples," or "some examples" or the like means that specific features are described in connection with the embodiment or example. , structures, materials or features are included in at least one embodiment or example of this specification. In this specification, the schematic expressions of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the specific features, structures, materials or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, those skilled in the art may combine and combine different embodiments or examples and features of different embodiments or examples described in this specification unless they are inconsistent with each other.

The above descriptions are only examples of one or more embodiments of this specification, and are not intended to limit one or more embodiments of this specification. To those skilled in the art, various modifications and changes may be made to one or more embodiments of this specification. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and principles of this specification shall be included in the scope of the claims.

Claims

A message transmission method based on a blockchain relay communication network system. The blockchain relay communication network system is respectively connected to a source blockchain node and a destination blockchain node. The source blockchain node and the destination blockchain node are connected to each other. Each blockchain node in the blockchain node group to which the destination blockchain node belongs maintains the same shared key, and the relay node in the blockchain relay communication network system does not maintain the shared key. Key; the method includes:

The source blockchain node encrypts plaintext information based on the shared key to obtain encrypted information, encapsulates an IP header for the encrypted information to generate an encrypted message, and sends the encrypted message to the blockchain relay communication network system;

The blockchain relay communication network system forwards the encrypted message to the destination blockchain node based on the IP header;

The destination blockchain node decrypts the encrypted message based on the shared key to obtain the plaintext information.
According to the method of claim 1, the blockchain relay communication network system is a relay node; or,

The blockchain relay communication network system includes a source relay node and a destination relay node. The source relay node is connected to the source blockchain node, and the destination relay node is connected to the destination blockchain node. The blockchain relay communication network system forwards the encrypted message to the destination blockchain node based on the IP header, including:

The source relay node sends the encrypted message received from the source blockchain node to the destination relay node;

The destination relay node sends the encrypted message to the destination blockchain node.
According to the method of claim 1, the shared key is maintained at each blockchain node through group key negotiation by each blockchain node in the blockchain node group.
According to the method of claim 3, each of the blockchain nodes is connected to at least one relay node in the blockchain relay communication network system, and each blockchain node needs to perform group key negotiation. At least part of the interactive negotiation messages are forwarded via the blockchain relay communication network system.
According to the method of claim 3, each blockchain node in the blockchain node group performs group key negotiation, including:

The master node in the blockchain node group jointly maintains the shared key through key negotiation with other blockchain nodes in the blockchain node group except the master node.
According to the method of claim 5, the master node performs key negotiation with any one of the other blockchain nodes, including:

The master node and any blockchain node generate and maintain the shared key through a DH key exchange protocol; or,

The master node and any blockchain node jointly maintain a session key through the DH key exchange protocol, and encrypt the shared key generated by the master node based on the session key and send it to the Any blockchain node, the any blockchain node is configured to decrypt the encrypted shared key based on the session key to obtain the shared key.
According to the method of claim 6, the shared key and/or the session key are recorded in a security association policy maintained by the master node and any blockchain node.
According to the method of claim 5, the master node performs key negotiation with any one of the other blockchain nodes, including:

The master node generates the shared key and sends the ciphertext key obtained by encrypting the shared key based on the public key of any blockchain node to the any blockchain node;

The any blockchain node decrypts the ciphertext key based on the private key of any blockchain node to obtain the shared key.
The method of claim 8, further comprising:

The master node generates a digital signature for the ciphertext key based on the private key of the master node, and sends the digital signature to any blockchain node;

The any blockchain node verifies the digital signature based on the public key of the master node, and determines that the ciphertext key originates from the master node if the signature verification is successful.
According to the method of claim 1, the source blockchain node and the destination blockchain node are in the same blockchain network or different blockchain networks.
According to the method of claim 10, when the source blockchain node and the destination blockchain node are in different blockchain networks, the source blockchain node where the source blockchain node is located The network is homogeneous or heterogeneous with the destination blockchain network where the destination blockchain node is located.
The method of claim 1,

In the case where the plaintext information contains the original IP header corresponding to the original message, the IP header is created based on the network information of the blockchain relay communication network system;

When the plaintext information is the original message with the original IP header removed, the IP header is the original IP header.
According to the method of claim 1, the encrypted message is generated based on IPsec ESP protocol.
A message transmission method based on a blockchain relay communication network system, applied to a source blockchain node, and the blockchain relay communication network system is connected to the source blockchain node and the destination blockchain node respectively. , each blockchain node in the blockchain node group to which the source blockchain node and the destination blockchain node belong maintains the same shared key, and the blockchain relay communication network system The relay node does not maintain the shared key; the method includes:

Encrypt plaintext information based on the shared key to obtain encrypted information;

encapsulating an IP header for the encrypted information to generate an encrypted message;

Send the encrypted message to the blockchain relay communication network system, which is used to forward the encrypted message to the destination blockchain node based on the IP header. .
A message transmission method based on a blockchain relay communication network system, applied to a destination blockchain node, and the blockchain relay communication network system is connected to the source blockchain node and the destination blockchain node respectively. , each blockchain node in the blockchain node group to which the source blockchain node and the destination blockchain node belong maintains the same shared key, and the blockchain relay communication network system The relay node does not maintain the shared key; the method includes:

Receive the encrypted message forwarded to the destination blockchain node based on the IP header of the encrypted message by the blockchain relay communication network system, and the encrypted message is forwarded by the source blockchain node based on the shared The encrypted information obtained by encrypting the plaintext information with the key encapsulates the IP header to generate;

The encrypted message is decrypted based on the shared key to obtain the plaintext information.
A message transmission method based on the blockchain relay communication network system, applied to the blockchain relay communication network system, the blockchain relay communication network system is connected to the source blockchain node and the destination block respectively Chain nodes are connected, each blockchain node in the blockchain node group to which the source blockchain node and the destination blockchain node belong maintains the same shared key, and the blockchain relay communication The relay node in the network system does not maintain the shared key; the method includes:

Receive the encrypted message generated by the source blockchain node encapsulating the IP header with the encrypted information obtained by encrypting the plaintext information based on the shared key;

The encrypted message is forwarded to the destination blockchain node based on the IP header.
A message transmission system based on a blockchain relay communication network system. The blockchain relay communication network system is respectively connected to a source blockchain node and a destination blockchain node. The source blockchain node and the destination blockchain node are connected to each other. Each blockchain node in the blockchain node group to which the destination blockchain node belongs maintains the same shared key, and the relay node in the blockchain relay communication network system does not maintain the shared key. Key; the system includes:

The source blockchain node is used to encrypt plain text information based on the shared key to obtain encrypted information, encapsulate an IP header for the encrypted information to generate an encrypted message, and send the encrypted message to the zone. Blockchain relay communication network system;

The blockchain relay communication network system is used to forward the encrypted message to the destination blockchain node based on the IP header;

The destination blockchain node is used to decrypt the encrypted message based on the shared key to obtain the plaintext information.
A message transmission device based on a blockchain relay communication network system, applied to a source blockchain node, and the blockchain relay communication network system is connected to the source blockchain node and the destination blockchain node respectively. , each blockchain node in the blockchain node group to which the source blockchain node and the destination blockchain node belong maintains the same shared key, and the blockchain relay communication network system The relay node does not maintain the shared key; the device includes:

A plaintext information encryption unit, configured to encrypt plaintext information based on the shared key to obtain encrypted information;

An encrypted message generating unit, configured to encapsulate an IP header for the encrypted information to generate an encrypted message;

An encrypted message sending unit, configured to send the encrypted message to the blockchain relay communication network system, and the blockchain relay communication network system is configured to forward the encrypted message to the The destination blockchain node.
A message transmission device based on a blockchain relay communication network system, applied to a destination blockchain node. The blockchain relay communication network system is connected to the source blockchain node and the destination blockchain node respectively. , each blockchain node in the blockchain node group to which the source blockchain node and the destination blockchain node belong maintains the same shared key, and the blockchain relay communication network system The relay node does not maintain the shared key; the device includes:

The first encrypted message receiving unit is configured to receive the encrypted message forwarded by the blockchain relay communication network system to the destination blockchain node based on the IP header of the encrypted message. The encrypted message is forwarded by the source The blockchain node encapsulates the IP header to generate the encrypted information obtained by encrypting the plaintext information based on the shared key;

An encrypted message decryption unit, configured to decrypt the encrypted message based on the shared key to obtain the plaintext information.
A message transmission device based on the blockchain relay communication network system, applied to the blockchain relay communication network system, the blockchain relay communication network system is connected to the source blockchain node and the destination block respectively. Chain nodes are connected, each blockchain node in the blockchain node group to which the source blockchain node and the destination blockchain node belong maintains the same shared key, and the blockchain relay communication The relay node in the network system does not maintain the shared key; the device includes:

The second encrypted message receiving unit is configured to receive an encrypted message generated by the source blockchain node by encapsulating the IP header of the encrypted information obtained by encrypting the plaintext information based on the shared key;

An encrypted message forwarding unit, configured to forward the encrypted message to the destination blockchain node based on the IP header.
An electronic device including:

processor;

Memory used to store instructions executable by the processor;

Wherein, the processor implements the method according to any one of claims 1-16 by running the executable instructions.
A computer-readable storage medium having computer instructions stored thereon, which when executed by a processor, implements the steps of the method according to any one of claims 1-16.