[go: up one dir, main page]

CN115314352A - Privacy-enhanced fair blockchain leader election method and apparatus - Google Patents

Privacy-enhanced fair blockchain leader election method and apparatus Download PDF

Info

Publication number
CN115314352A
CN115314352A CN202210891614.8A CN202210891614A CN115314352A CN 115314352 A CN115314352 A CN 115314352A CN 202210891614 A CN202210891614 A CN 202210891614A CN 115314352 A CN115314352 A CN 115314352A
Authority
CN
China
Prior art keywords
node
election
public key
leader
time
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210891614.8A
Other languages
Chinese (zh)
Other versions
CN115314352B (en
Inventor
伍前红
翟明哲
金子一
张宇鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Priority to CN202210891614.8A priority Critical patent/CN115314352B/en
Publication of CN115314352A publication Critical patent/CN115314352A/en
Application granted granted Critical
Publication of CN115314352B publication Critical patent/CN115314352B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/30Decision processes by autonomous network management units using voting and bidding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application discloses a privacy-enhanced fair block chain leader election method and device, wherein the method comprises the following steps: generating a corresponding number of disposable public and private key pairs according to the maximum election ticket number of the election node and establishing a disposable public key set of the node; signing the disposable public keys in the disposable public key set one by one through a meta-private key of the election node to generate an election node commitment result, and establishing a disposable public key list according to the disposable public keys corresponding to the verified election node commitment result; calculating a linkable ring signature according to the one-time private key of the election node and the public key ring of the one-time public key list, and generating a vote of the election node according to the linkable ring signature; and calculating the votes passing the verification by using a preset random number to obtain vote sequencing, and selecting a leader node in the vote sequencing according to a preset node selection rule. Therefore, the contradiction problem between identity hiding of a leader before block output of the block chain and non-branching of block output of block chain determinacy is solved.

Description

隐私增强的公平区块链领导者选举方法及装置Privacy-enhanced fair blockchain leader election method and device

技术领域technical field

本申请涉及信息安全技术领域,特别涉及一种隐私增强的公平区块链领导者选举方法及装置。This application relates to the technical field of information security, and in particular to a privacy-enhanced fair blockchain leader election method and device.

背景技术Background technique

区块链可以理解为记录交易的去中心化和分布式的分类账本,近年来区块链已经广泛应用于金融应用,甚至扩展到工业应用。由于区块链得去中心化特性,形成了区块链的去中心化-安全性-扩展性不可能三角。而共识机制是解决不可能三角的核心所在。Blockchain can be understood as a decentralized and distributed ledger for recording transactions. In recent years, blockchain has been widely used in financial applications and even extended to industrial applications. Due to the decentralized nature of the blockchain, an impossible triangle of decentralization-security-scalability is formed. The consensus mechanism is the core of solving the impossible triangle.

共识机制是区块链的核心技术,共识协议可以确保所有节点都同意区块中附加记录的唯一顺序。共识协议确保了在区块链中,即使节点故障或为恶意节点,网络中的节点也可以达成协议。为了提升共识效率,大部分共识协议都会在委员会中选出一个具有出块权利的节点,称之为领导者,而领导者的出现使得区块链各个节点间的直接通信量大大减少,由领导者出块,委员会中其他节点投票已成为较为主流的委员会配置模式。The consensus mechanism is the core technology of the blockchain, and the consensus protocol can ensure that all nodes agree on the unique order of additional records in the block. The consensus protocol ensures that in the blockchain, even if a node fails or is a malicious node, the nodes in the network can reach an agreement. In order to improve consensus efficiency, most consensus protocols will select a node in the committee that has the right to generate blocks, called the leader, and the emergence of the leader greatly reduces the direct communication between nodes in the blockchain. It has become a more mainstream committee configuration mode that other nodes in the committee vote.

由于领导者所拥有的权利和承担较大的责任,恶意节点对领导者的攻击相较于普通节点收益更大,由于区块链的工作环境为节点间互相不信任,如何公平且隐蔽地选择领导者成为重点,同时领导者的选择还需具有唯一性,以满足区块链不可分叉的性质。Due to the rights and responsibilities of the leader, malicious nodes can gain more from attacking the leader than ordinary nodes. Since the working environment of the blockchain is mutual distrust between nodes, how to choose a fair and covert The leader becomes the key point, and the choice of the leader also needs to be unique to satisfy the non-forkable nature of the blockchain.

现有的共识机制中,领导者选举的方法通常有以下几种:In the existing consensus mechanism, there are usually the following methods for leader election:

(1)按照约定编号顺序替换(1) Replace in accordance with the agreed numbering order

在经典的PBFT共识机制中,主节点起到领导者的作用,主节点工作的时期被称为当前视图,如果主节点出现问题,则按给定的节点编号跳到下一个视图,由下一个节点担任主节点,同时保存当前视图的状态。In the classic PBFT consensus mechanism, the master node plays the role of the leader, and the working period of the master node is called the current view. If there is a problem with the master node, it will jump to the next view according to the given node number, and the next The node acts as the master node, while saving the state of the current view.

这种方案的缺点是:The disadvantages of this scheme are:

a、未来主节点的选择对所有节点都是可预知的,恶意节点可以对未来的领导者不断攻击引起不断视图转换,使系统无法工作。a. The selection of the future master node is predictable for all nodes. Malicious nodes can continuously attack the future leader and cause continuous view conversion, making the system unable to work.

b、预知领导者之后,可以进行贿赂攻击,即通过贿赂领导者来使出块的结果有利于自己,破坏系统的公平性。b. After the leader is predicted, a bribery attack can be carried out, that is, by bribing the leader to make the result of the block beneficial to oneself and destroy the fairness of the system.

HotStuff共识协议中,共识以流水线方式运行。但是这种方式依然会有领导者的身份可预测带来的拒绝服务攻击和贿赂攻击问题。In the HotStuff consensus protocol, the consensus runs in a pipelined manner. However, this method still has the problems of denial of service attacks and bribery attacks brought about by the predictable identity of the leader.

(2)PoX领导者选举(2) PoX leader election

PoX领导者选举表示的是一种利用相应证明的领导者选举,如PoW,PoS等,PoW采用算力对领导者身份进行证明,PoS采用权益数量对领导者身份进行证明。这些方案的缺点如下:PoX leader election refers to a leader election that uses corresponding proofs, such as PoW, PoS, etc. PoW uses computing power to prove the leader's identity, and PoS uses the number of rights and interests to prove the leader's identity. The disadvantages of these schemes are as follows:

a、会造成资源的浪费,PoW会造成大量的算力浪费。a. It will cause a waste of resources, and PoW will cause a lot of waste of computing power.

b、领导者不唯一,区块链可能会分叉。b. The leader is not unique, and the blockchain may fork.

c、依然有领导者身份可预测带来的拒绝服务攻击和贿赂攻击问题。c. There are still denial of service attacks and bribery attacks caused by predictable leader status.

d、赢家通吃,资源多的节点一直成为领导者,损害了去中心化属性。d. Winner takes all, the node with more resources has always become the leader, which damages the decentralization property.

(3)利用分布式伪随机数对领导者选举(3) Use distributed pseudo-random numbers for leader election

目前的区块链项目不少采用分布式伪随机数加PoX机制进行领导者选举,生成分布式伪随机数的方法如VRF,PVSS,VDF等。这些方案如Algorand,Ouroboros praos保证了领导者身份不可提前预知,但由于采用阈值判断的方法需花费大量资源以保证区块链不分叉,使得系统的稳定性下降,同时身份不可预知引入了新的安全问题,如获得出块权的节点恶意离线等。Many current blockchain projects use distributed pseudo-random numbers plus PoX mechanism for leader election, methods for generating distributed pseudo-random numbers such as VRF, PVSS, VDF, etc. These schemes, such as Algorand and Ouroboros praos, ensure that the identity of the leader cannot be predicted in advance, but because the method of threshold judgment needs to spend a lot of resources to ensure that the blockchain does not fork, the stability of the system decreases, and at the same time, the unpredictability of the identity introduces new security issues, such as malicious offline nodes that have obtained the right to generate blocks.

发明内容Contents of the invention

本申请提供一种隐私增强的公平区块链领导者选举方法及装置,以解决区块链在出块之前领导者的身份隐藏和区块链确定性出块不分叉之间的矛盾问题。The present application provides a privacy-enhanced fair blockchain leader election method and device to solve the contradiction between the identity hiding of the leader before the block generation and the deterministic block generation of the blockchain without bifurcation.

本申请第一方面实施例提供一种隐私增强的公平区块链领导者选举方法,包括以下步骤:根据选举节点的抵押金额计算所述选举节点的最大选举票数,根据所述选举节点的最大选举票数生成相应数量的一次性公私钥对并建立所述选举节点一次性公钥集合;通过所述选举节点的元私钥对所述一次性公钥集合中的一次性公钥逐一进行签名生成所述选举节点承诺结果,对所述选举节点承诺结果进行验证,根据验证通过的所述选举节点承诺结果对应的一次性公钥建立一次性公钥列表;根据所述一次性公钥列表生成所述选举节点的公钥环,根据所述选举节点的一次性私钥和所述公钥环计算可链接环签名,根据所述可链接环签名生成所述选举节点的选票,验证所述选票的有效性;利用预设随机数对验证通过的选票进行计算,得到选票排序,根据预设节点选取规则在所述选票排序中选择领导节点。The embodiment of the first aspect of the present application provides a privacy-enhanced fair blockchain leader election method, including the following steps: calculating the maximum number of election votes of the election node according to the mortgage amount of the election node, and calculating the maximum election votes of the election node according to the maximum election Generate a corresponding number of one-time public-private key pairs according to the number of votes and establish the one-time public key set of the election node; use the meta-private key of the election node to sign one by one the one-time public keys in the one-time public key set to generate all The election node commitment result, the election node commitment result is verified, and the one-time public key list is established according to the one-time public key corresponding to the election node commitment result that has passed the verification; the one-time public key list is generated according to the one-time public key list. The public key ring of the election node, calculate the linkable ring signature according to the one-time private key of the election node and the public key ring, generate the ballot of the election node according to the linkable ring signature, and verify the validity of the ballot performance; use the preset random number to calculate the votes that pass the verification to obtain the ranking of the votes, and select the leader node in the ranking of the votes according to the preset node selection rules.

可选地,在本申请的一个实施例中,所述对所述选举节点承诺结果进行验证,包括:验证所述选举节点承诺结果是否满足预设签名规则,且所述选举节点的所述选举节点承诺结果小于所述选举节点的最大选票数。Optionally, in an embodiment of the present application, the verifying the election node commitment result includes: verifying whether the election node commitment result satisfies a preset signature rule, and the election of the election node The node commitment result is less than the maximum number of votes of the election node.

可选地,在本申请的一个实施例中,所述验证所述选票的有效性证,包括:验证所述可链接环签名中的公钥映像是否存在于当前选举阶段,若是,则所述选票无效,反之,验证所述可链接环签名中公钥环中是否存在非所述一次性公钥列表中的公钥,若是,所述选票无效,反之,验证所述可链接环签名中的签名对否有效,若签名无效,则所述选票无效,反之,所述选票有效。Optionally, in an embodiment of the present application, the verifying the validity certificate of the ballot includes: verifying whether the public key image in the linkable ring signature exists in the current election stage, and if so, the The ballot is invalid, otherwise, verify whether there is a public key in the public key ring in the linkable ring signature that is not in the one-time public key list, if so, the ballot is invalid, otherwise, verify the public key in the linkable ring signature Whether the signature is valid, if the signature is invalid, the ballot is invalid, otherwise, the ballot is valid.

可选地,在本申请的一个实施例中,还包括:利用哈希函数、随机数生成器,序列密码算法、可验证随机函数中的至少一种生成所述预设随机数。Optionally, in an embodiment of the present application, further comprising: generating the preset random number by using at least one of a hash function, a random number generator, a sequence cipher algorithm, and a verifiable random function.

可选地,在本申请的一个实施例中,所述根据预设节点选取规则在所述选票排序中选择领导节点,包括:存在位置j使得所述选票排序的第j个位置为所述请求节点i的选票,则所述请求节点i为第j个时隙的领导节点。Optionally, in an embodiment of the present application, the selecting a leader node in the ballot ranking according to a preset node selection rule includes: there is a position j such that the jth position in the ballot ranking is the request The vote of node i, then the requesting node i is the leader node of the jth time slot.

可选地,在本申请的一个实施例中,所述根据预设节点选取规则在所述选票排序中选择领导节点之后还包括:计算所述领导节点的一次性私钥对应的公钥,验证所述领导节点的一次性私钥和计算出的公钥映像是否与选票排序中的所述领导节点位置的可链接环签名中的公钥映像相等,若相等,则所述领导节点身份合法,反之,所述领导节点身份不合法。Optionally, in one embodiment of the present application, after selecting the leader node in the ballot sorting according to the preset node selection rules, it further includes: calculating the public key corresponding to the one-time private key of the leader node, verifying Whether the one-time private key of the leader node and the calculated public key image are equal to the public key image in the linkable ring signature of the leader node position in the ballot sorting, if they are equal, the identity of the leader node is legal, On the contrary, the identity of the leader node is illegal.

本申请第二方面实施例提供一种隐私增强的公平区块链领导者选举装置,包括:抵押模块,用于根据选举节点的抵押金额计算所述选举节点的最大选举票数,根据所述选举节点的最大选举票数生成相应数量的一次性公私钥对并建立所述选举节点一次性公钥集合;一次性公钥列表建立模块,用于通过所述选举节点的元私钥对所述一次性公钥集合中的一次性公钥逐一进行签名生成所述选举节点承诺结果,对所述选举节点承诺结果进行验证,根据验证通过的所述选举节点承诺结果对应的一次性公钥建立一次性公钥列表;选票生成模块,用于根据所述一次性公钥列表生成所述选举节点的公钥环,根据所述选举节点的一次性私钥和所述公钥环计算可链接环签名,根据所述可链接环签名生成所述选举节点的选票,验证所述选票的有效性;区块生成模块,用于利用预设随机数对验证通过的选票进行计算,得到选票排序,根据预设节点选取规则在所述选票排序中选择领导节点。The embodiment of the second aspect of the present application provides a privacy-enhanced fair blockchain leader election device, including: a mortgage module, which is used to calculate the maximum number of election votes of the election node according to the mortgage amount of the election node, and according to the election node The maximum number of election votes generates a corresponding number of one-time public-private key pairs and establishes the one-time public key set of the election node; the one-time public key list establishment module is used to pair the one-time public key with the meta-private key of the election node. The one-time public key in the key set is signed one by one to generate the election node commitment result, the election node commitment result is verified, and the one-time public key is established according to the one-time public key corresponding to the election node commitment result that has passed the verification list; a ballot generating module, configured to generate the public key ring of the election node according to the one-time public key list, calculate the linkable ring signature according to the one-time private key of the election node and the public key ring, and calculate the linkable ring signature according to the one-time public key list The linkable ring signature generates the ballots of the election nodes, and verifies the validity of the ballots; the block generation module is used to calculate the ballots that pass the verification by using the preset random numbers, and obtain the sorting of the ballots, and select the ballots according to the preset nodes A rule selects a leader node in the order of votes.

可选地,在本申请的一个实施例中,还包括:随机数生成模块,用于利用哈希函数、随机数生成器,序列密码算法、可验证随机函数中的至少一种生成所述预设随机数。Optionally, in one embodiment of the present application, it also includes: a random number generation module, configured to use at least one of a hash function, a random number generator, a sequence cipher algorithm, and a verifiable random function to generate the predetermined Set a random number.

可选地,在本申请的一个实施例中,所述根据预设节点选取规则在所述选票排序中选择领导节点,包括:存在位置j使得所述选票排序的第j个位置为所述请求节点i的选票,则所述请求节点i为第j个时隙的领导节点。Optionally, in an embodiment of the present application, the selecting a leader node in the ballot ranking according to a preset node selection rule includes: there is a position j such that the jth position in the ballot ranking is the request The vote of node i, then the requesting node i is the leader node of the jth time slot.

可选地,在本申请的一个实施例中,所述根据预设节点选取规则在所述选票排序中选择领导节点之后,还包括:领导者验证模块,用于计算所述领导节点的一次性私钥对应的公钥,验证所述领导节点的一次性私钥和计算出的公钥映像是否与选票排序中的所述领导节点位置的可链接环签名中的公钥映像相等,若相等,则所述领导节点身份合法,反之,所述领导节点身份不合法。Optionally, in an embodiment of the present application, after the leader node is selected in the ballot sorting according to the preset node selection rules, it further includes: a leader verification module, configured to calculate the one-time The public key corresponding to the private key, verify whether the one-time private key of the leader node and the calculated public key image are equal to the public key image in the linkable ring signature of the leader node position in the ballot sorting, if they are equal, Then the identity of the leader node is legal; otherwise, the identity of the leader node is not legal.

本申请实施例的隐私增强的公平区块链领导者选举方法及装置,节点根据抵押金额的数量决定可参与竞选领导者的票数,抵押金额越多的节点在参与领导者选举中可投出的票数越多,成为领导者的概率越大,该方案继承了PoS的思想,保证了系统选举的公平性,使得付出代价越多的节点所得到的收益越高,同时避免占有资源多的节点一直成为领导者,鼓励诚实节点投入资金以促进系统的发展,提高各个诚实节点工作的积极性。该选举方案一并满足领导者身份的隐蔽性和唯一性,保证不会出现由于领导者不唯一导致区块链分叉的情况。在领导者出块之前,其他节点无法确定领导者的身份,恶意节点无法提前攻击或腐蚀领导者,节点在投票时采用了一次性公私钥进行投票,相当于多票是由多个身份各投出一票,使得恶意节点的攻击变得更为困难,进一步增强了隐私。同时选举方案可以保证领导者的身份的唯一性,不会在同一轮中出现2个或以上的领导者,从而保证不会出现由于领导者不唯一导致区块链分叉的情况。In the privacy-enhanced fair blockchain leader election method and device of the embodiment of the present application, the nodes determine the number of votes that can participate in the election for the leader according to the amount of mortgage amount, and the nodes with more mortgage amount can vote in the leader election. The more votes, the greater the probability of becoming a leader. This scheme inherits the idea of PoS and ensures the fairness of the system election, so that the nodes that pay more will get higher returns, and at the same time avoid nodes that occupy more resources all the time. Become a leader, encourage honest nodes to invest funds to promote the development of the system, and increase the enthusiasm of each honest node to work. This election scheme also satisfies the concealment and uniqueness of the leader's identity, ensuring that there will be no forks in the blockchain due to the non-unique leader. Before the leader produces a block, other nodes cannot determine the identity of the leader, and malicious nodes cannot attack or corrupt the leader in advance. Nodes use one-time public and private keys to vote when voting, which is equivalent to multiple votes by multiple identities. One vote makes it more difficult for malicious nodes to attack and further enhances privacy. At the same time, the election scheme can guarantee the uniqueness of the leader's identity, and no two or more leaders will appear in the same round, so as to ensure that the blockchain will not fork due to the leader being not unique.

本申请附加的方面和优点将在下面的描述中部分给出,部分将从下面的描述中变得明显,或通过本申请的实践了解到。Additional aspects and advantages of the application will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the application.

附图说明Description of drawings

本申请上述的和/或附加的方面和优点从下面结合附图对实施例的描述中将变得明显和容易理解,其中:The above and/or additional aspects and advantages of the present application will become apparent and easy to understand from the following description of the embodiments in conjunction with the accompanying drawings, wherein:

图1为根据本申请实施例提供的一种隐私增强的公平区块链领导者选举方法的流程图;FIG. 1 is a flow chart of a privacy-enhanced fair blockchain leader election method provided according to an embodiment of the present application;

图2为根据本申请实施例提供的一种隐私增强的公平区块链领导者选举方法的工作过程示意图;2 is a schematic diagram of the working process of a privacy-enhanced fair blockchain leader election method provided according to an embodiment of the present application;

图3为根据本申请实施例提供的隐私增强的公平区块链领导者选举方法的架构图;FIG. 3 is an architecture diagram of a privacy-enhanced fair blockchain leader election method provided according to an embodiment of the present application;

图4为根据本申请实施例隐私增强的公平区块链领导者选举装置的示例图。FIG. 4 is an example diagram of a privacy-enhanced fair blockchain leader election device according to an embodiment of the present application.

具体实施方式Detailed ways

下面详细描述本申请的实施例,所述实施例的示例在附图中示出,其中自始至终相同或类似的标号表示相同或类似的元件或具有相同或类似功能的元件。下面通过参考附图描述的实施例是示例性的,旨在用于解释本申请,而不能理解为对本申请的限制。Embodiments of the present application are described in detail below, examples of which are shown in the drawings, wherein the same or similar reference numerals denote the same or similar elements or elements having the same or similar functions throughout. The embodiments described below by referring to the figures are exemplary, and are intended to explain the present application, and should not be construed as limiting the present application.

本申请主要解决以下问题:This application mainly solves the following problems:

(1)区块链出块之前领导者身份暴露导致的拒绝服务攻击问题。如果在区块链一轮的领导者在出块之前身份就已经被其他人所了解到的话,就可能会出现拒绝服务攻击,即攻击者对领导者发起大量的连接请求,消耗领导者的网络资源或者计算资源,迫使领导者暂时离线,使领导者无法出块,影响区块链系统活性。(1) The denial of service attack problem caused by the exposure of the leader's identity before the block chain is produced. If the identity of the leader of the blockchain round has been known by others before the block is produced, a denial of service attack may occur, that is, the attacker initiates a large number of connection requests to the leader, consuming the leader's network Resources or computing resources force the leader to go offline temporarily, making the leader unable to generate blocks and affecting the activity of the blockchain system.

(2)区块链出块之前领导者身份暴露导致的贿赂攻击问题。领导者的身份在出块之前暴露,恶意节点可能通过贿赂领导者来使得区块的内容对自己有利,破坏区块链网络的公平性。(2) The problem of bribery attacks caused by the exposure of the leader's identity before the block chain is produced. The identity of the leader is exposed before the block is produced. Malicious nodes may bribe the leader to make the content of the block beneficial to themselves and destroy the fairness of the blockchain network.

贿赂可以从两个方面破坏区块链网络的安全性:Bribery can undermine the security of blockchain networks in two ways:

a、改变交易的顺序,区块链中交易的顺序对于交易运行的结果是有影响的,例如在一个拍卖的智能合约中,假设仅有2个参与者,参与者A和参与者B都出价1数字货币,A通过贿赂出块人将自己的出价放在B的出价的前面,从而A竞拍到拍品;a. Change the order of transactions. The order of transactions in the blockchain has an impact on the results of transaction operations. For example, in an auction smart contract, assuming there are only 2 participants, participant A and participant B both bid 1 digital currency, A puts his bid ahead of B's bid by bribing the block producer, so that A bids for the lot;

b、使区块链中不包含某些交易,例如在一个拍卖的智能合约中,假设仅有2个参与者,参与者A出价1数字货币,参与者B出价2数字货币,A通过贿赂出块人使得区块中不包含B的出价,从而A以较低的价格竞拍到拍品。b. Make certain transactions not included in the blockchain. For example, in an auction smart contract, assuming that there are only 2 participants, participant A bids 1 digital currency, participant B bids 2 digital currency, and A bids for 2 digital currencies through bribery. The blocker prevents B's bid from being included in the block, so that A bids for the lot at a lower price.

(3)区块带有的领导者身份证明的共识机制所产生的能源消耗以及分叉问题。PoW类的共识机制会导致巨大的能源消耗。而且概率性产生的领导者可能会出现同一轮中存在多个领导者的问题。这导致区块的内容需要等待一定的时间的才可以被确认,导致区块链系统的高延迟。(3) The energy consumption and bifurcation problems generated by the consensus mechanism of the leader identity certificate with the block. The consensus mechanism of PoW type will cause huge energy consumption. Moreover, probabilistically generated leaders may have the problem of multiple leaders in the same round. This causes the content of the block to wait for a certain period of time before it can be confirmed, resulting in high latency in the blockchain system.

(4)采用VRF或PVSS等密码学方案用于PoS共识机制选择领导者缺乏唯一性的问题。在PoS链中如Ouroboros,Ouroboros praos,Algorand中,委员会成员成为领导者的概率与所拥有的金额成正比,但由VRF或PVSS选举产生的领导者,节点之间需要再次运行复杂的共识协议对领导者身份达成共识,降低了系统的稳定性,使区块链出块的时延波动性较大。(4) Using cryptography schemes such as VRF or PVSS for the PoS consensus mechanism to select the leader lacks uniqueness. In PoS chains such as Ouroboros, Ouroboros praos, and Algorand, the probability of committee members becoming leaders is proportional to the amount they own, but the leaders elected by VRF or PVSS need to run complex consensus protocols again between nodes. The identity of the leader reaches a consensus, which reduces the stability of the system and makes the delay of block chain generation fluctuate greatly.

下面参考附图描述本申请实施例的隐私增强的公平区块链领导者选举方法及装置。针对上述背景技术中心提到的问题,本申请提供了一种隐私增强的公平区块链领导者选举方法,在该方法中,可以解决区块链在出块之前领导者的身份隐藏和区块链确定性出块不分叉之间的矛盾,利用代币抵押解决了区块链中的女巫攻击问题,利用一次性公钥的承诺和可链接性环签名的结合避免了恶意节点大量投递假票导致的拒绝服务攻击。应用于区块链系统中,可以增强领导者的隐私性并维护的区块链系统的公平性。其隐私性体现在每次出块的节点都需要产生一次性身份,出块时仅仅需要一次性身份作为领导者的身份证明;其公平性体现在根据抵押金额的多少决定一次性身份产生的数量,抵押金额越高的节点的被选中概率越大。The privacy-enhanced fair blockchain leader election method and device of the embodiments of the present application are described below with reference to the accompanying drawings. Aiming at the problems mentioned above in the Background Technology Center, this application provides a privacy-enhanced fair blockchain leader election method, in which the identity hiding of the leader and the block The contradiction between chain deterministic block generation and non-forking, the use of token mortgages to solve the problem of sybil attacks in the blockchain, and the combination of one-time public key commitments and linkable ring signatures to avoid a large number of false deliveries by malicious nodes Denial of service attacks caused by tickets. Applied to the blockchain system, it can enhance the privacy of the leader and maintain the fairness of the blockchain system. Its privacy is reflected in the fact that every node that produces a block needs to generate a one-time identity, and only needs a one-time identity as the identity proof of the leader when producing a block; its fairness is reflected in determining the number of one-time identities generated according to the mortgage amount , a node with a higher mortgage amount has a greater probability of being selected.

具体而言,图1为根据本申请实施例提供的一种隐私增强的公平区块链领导者选举方法的流程图。Specifically, FIG. 1 is a flow chart of a privacy-enhanced fair blockchain leader election method provided according to an embodiment of the present application.

首先,本申请的系统为单链构成,运行分时代(epoch)进行,epoch具有从0开始的唯一的编号,使用ei表示第i个epoch。一个时代中存在s个时隙(slot),每个时隙中存在一个领导者,领导者负责打包该时隙的交易并产生区块,系统使用SKi,PKi分别表示第i个节点的元私钥和元公钥,ski,pki分别表示第i个节点在当前时代的一次性私钥和公钥,在本区块链中假设使用元公钥来标识节点。First of all, the system of this application is composed of a single chain, and the operation is carried out in epochs. The epoch has a unique number starting from 0, and e i is used to represent the i-th epoch. There are s time slots (slots) in an era, and there is a leader in each time slot. The leader is responsible for packaging the transactions of this time slot and generating blocks. The system uses SK i and PK i to represent the i-th node’s Meta-private key and meta-public key, sk i , pk i represent the one-time private key and public key of the i-th node in the current era, respectively. In this blockchain, it is assumed that the meta-public key is used to identify the node.

进一步地,系统假设每个slot中存在一个领导者,出一个块。Further, the system assumes that there is a leader in each slot, and a block is produced.

在本申请的实施例中,以对于em+1中的各个slot的领导者进行选取的过程进行说明。In the embodiment of the present application, the process of selecting the leader of each slot in em +1 is used for illustration.

如图1所示,该隐私增强的公平区块链领导者选举方法包括以下步骤:As shown in Figure 1, this privacy-enhanced fair blockchain leader election method includes the following steps:

在步骤S101中,根据选举节点的抵押金额计算选举节点的最大选举票数,根据选举节点的最大选举票数生成相应数量的一次性公私钥对并建立选举节点一次性公钥集合。In step S101, calculate the maximum number of election votes of the election node according to the mortgage amount of the election node, generate a corresponding number of one-time public-private key pairs according to the maximum number of election votes of the election node, and establish a one-time public key set of the election node.

具体地,如图2所示,首先进行抵押与资格确认,在时代em-2之前,节点为了争夺出块权,需要抵押一定金额的代币,抵押代币的数量将决定选票的数量,将em-2之前进行了抵押且没有赎回的节点集合表示为STAKEm-2。在之后的抵押模块中对抵押成功节点建立抵押金额表,以确定参与选举的节点所可产生的最大票数。Specifically, as shown in Figure 2, the mortgage and qualification confirmation are first carried out. Before the era e m-2 , nodes need to mortgage a certain amount of tokens in order to compete for the right to generate blocks. The number of mortgage tokens will determine the number of votes. Denote the set of nodes that have staked e m-2 before and have not redeemed them as STAKE m-2 . In the subsequent mortgage module, a mortgage amount table is established for successful nodes to determine the maximum number of votes that nodes participating in the election can generate.

在步骤S102中,通过选举节点的元私钥对一次性公钥集合中的一次性公钥逐一进行签名生成选举节点承诺结果

Figure BDA0003767772540000061
对选举节点承诺结果进行验证,根据验证通过的选举节点承诺结果对应的一次性公钥建立一次性公钥列表。In step S102, use the meta-private key of the election node to sign the one-time public keys in the one-time public key set one by one to generate the election node commitment result
Figure BDA0003767772540000061
The result of the election node commitment is verified, and a one-time public key list is established according to the one-time public key corresponding to the election node commitment result that has passed the verification.

具体地,在时代em-2中,成功参与抵押的节点首先计算可生成的最大选票数,设节点i的抵押金额为stakei,抵押模块中可抵押成功的阈值为T则该节点可提交的选票数最大为:Specifically, in era e m-2 , the node that successfully participates in the mortgage first calculates the maximum number of votes that can be generated. Let the mortgage amount of node i be stake i , and the threshold for successful mortgage in the mortgage module is T, then the node can submit The maximum number of votes for is:

Figure BDA0003767772540000062
Figure BDA0003767772540000062

节点i依照实现给定的算法由元公私钥生成当前时代的一次性公钥集合

Figure BDA0003767772540000063
一次性公私钥对的数量不超过节点所能提交的最大选票数,之后的
Figure BDA0003767772540000064
均代表时代em-2节点i的一次性公私钥,节点i对一次性公钥做出承诺,用元私钥签名后将
Figure BDA0003767772540000065
发出,发出承诺的数量等于节点预计投出的选票数,由当前slot领导者附加到区块中并上链。Node i generates a one-time public key set of the current era from the public and private keys according to the given algorithm
Figure BDA0003767772540000063
The number of one-time public-private key pairs does not exceed the maximum number of votes that the node can submit.
Figure BDA0003767772540000064
Both represent the one-time public and private key of node i in era e m-2 , and node i makes a commitment to the one-time public key, and after signing with the meta-private key, it will
Figure BDA0003767772540000065
Issued, the number of issued commitments is equal to the number of votes expected to be cast by the node, which is appended to the block by the current slot leader and uploaded to the chain.

领导者收集当前slot上链的所有

Figure BDA0003767772540000066
和上一个区块已收集到的一次性公钥,em-2中最后一个slot的领导者建立了参与领导者竞选的节点一次性公钥列表Apk。The leader collects all the current slots on the chain
Figure BDA0003767772540000066
Based on the one-time public key collected in the previous block, the leader of the last slot in em -2 establishes the node one-time public key list Apk participating in the leader election.

可选地,在本申请的一个实施例中,对选举节点承诺结果进行验证,包括:验证选举节点承诺结果是否满足预设签名规则,且选举节点的选举节点承诺结果小于选举节点的最大选票数。Optionally, in one embodiment of the present application, verifying the election node commitment result includes: verifying whether the election node commitment result meets the preset signature rules, and the election node commitment result of the election node is less than the maximum number of votes of the election node .

在步骤S103中,根据一次性公钥列表生成选举节点的公钥环,根据选举节点的一次性私钥和公钥环计算可链接环签名,根据可链接环签名生成选举节点的选票,验证选票的有效性。In step S103, the public key ring of the election node is generated according to the one-time public key list, the linkable ring signature is calculated according to the one-time private key and public key ring of the election node, the ballot of the election node is generated according to the linkable ring signature, and the ballot is verified effectiveness.

具体地,时代em-1中节点自行选择公钥列表

Figure BDA0003767772540000071
不同的公钥列表对应于不同的安全性和计算复杂度,之后由公钥列表计算可链接环签名:Specifically, nodes in era e m-1 choose their own public key list
Figure BDA0003767772540000071
Different public key lists correspond to different security and computational complexity, and then the linkable ring signature is calculated from the public key list:

Figure BDA0003767772540000072
Figure BDA0003767772540000072

Figure BDA0003767772540000073
中至少应该包括签名
Figure BDA0003767772540000074
公钥映像
Figure BDA0003767772540000075
以及环签名使用的环
Figure BDA0003767772540000076
由Apk中多于阈值数量的一次性公钥所组成,节点匿名公布选票
Figure BDA0003767772540000077
发送给当前slot的领导者,由领导者进行验证。
Figure BDA0003767772540000073
should include at least the signature
Figure BDA0003767772540000074
public key image
Figure BDA0003767772540000075
and the ring used by the ring signature
Figure BDA0003767772540000076
Consisting of more than a threshold number of one-time public keys in the Apk, nodes publish votes anonymously
Figure BDA0003767772540000077
Sent to the leader of the current slot for verification by the leader.

进一步地,RingSig不一定是CryptoNote中的可链接环签名算法,可以是任意一种可链接环签名算法。Further, RingSig is not necessarily a linkable ring signature algorithm in CryptoNote, but can be any linkable ring signature algorithm.

可选地,在本申请的一个实施例中,验证选票的有效性证,包括:验证可链接环签名中的公钥映像是否存在于当前选举阶段,若是,则选票无效,反之,验证可链接环签名中公钥环中是否存在非一次性公钥列表中的公钥,若是,选票无效,反之,验证可链接环签名中的签名对否有效,若签名无效,则选票无效,反之,选票有效。Optionally, in one embodiment of the present application, verifying the validity certificate of the ballot includes: verifying whether the public key image in the linkable ring signature exists in the current election stage, if so, the ballot is invalid; otherwise, verifying the linkable ring signature Whether there is a public key in the non-disposable public key list in the public key ring in the ring signature, if so, the vote is invalid, otherwise, verify whether the signature pair in the linkable ring signature is valid, if the signature is invalid, the vote is invalid, otherwise, the vote efficient.

具体地,验证条件包括:1)

Figure BDA0003767772540000078
是对于m-1的有效的签名;2)
Figure BDA0003767772540000079
中的
Figure BDA00037677725400000710
每一个都在Apk中;3)
Figure BDA00037677725400000711
之前没有被上链过。若以上三点均满足则选票为真,验证通过,将选票以特殊交易的形式上链,若验证不通过,上链后标记为无效。领导者收集当前slot经过验证的选票和上一区块中已经收集到的选票集合。em-1中最后一个slot的领导者收集到完整的选票列表。Specifically, the verification conditions include: 1)
Figure BDA0003767772540000078
is a valid signature for m-1; 2)
Figure BDA0003767772540000079
middle
Figure BDA00037677725400000710
Each one is in the Apk; 3)
Figure BDA00037677725400000711
It has not been chained before. If the above three points are met, the ballot is true, the verification is passed, and the ballot will be uploaded to the chain in the form of a special transaction. If the verification is not passed, it will be marked as invalid after being uploaded to the chain. The leader collects the verified votes for the current slot and the set of votes already collected in the previous block. The leader of the last slot in e m-1 collects the full list of votes.

S104,利用预设随机数对验证通过的选票进行计算,得到选票排序,根据预设节点选取规则在选票排序中选择领导节点。S104. Use the preset random number to calculate the votes that pass the verification to obtain the ranking of the votes, and select the leader node in the ranking of the votes according to the preset node selection rule.

时代em的随机数rm定义为rm=H(m,rm-1,ρ),ρ由上一时代各个slot出块时附带的随机数聚合生成,时代em中第一个slot的领导者利用时代em的时代随机数rm和所有的选票计算用于排序的最终选票

Figure BDA00037677725400000712
其中H是哈希函数,并按照各个节点产生的最终选票order,将排序的结果上链,此处排序的结果的前s项(s为一个epoch中的slot的个数)就是em+1中的s个领导者。参与领导者选举的节点也可在本地验证排序结果是否正确。The random number r m of era e m is defined as r m = H(m, rm -1 , ρ), ρ is generated by aggregation of random numbers attached to each slot in the previous era, and the first slot in era e m The leader uses the random number r m of the era e m and all the votes to calculate the final vote for sorting
Figure BDA00037677725400000712
Where H is a hash function, and according to the final vote order generated by each node, the sorted results are uploaded to the chain. The first s items of the sorted results here (s is the number of slots in an epoch) is em +1 s leaders in . Nodes participating in leader election can also locally verify that the sorting results are correct.

对于order的排序不一定是从小到大,也可以是从大到小或者任何一种确定性的排序方法。The sorting of order is not necessarily from small to large, but also from large to small or any deterministic sorting method.

可选地,在本申请的一个实施例中,还包括:利用哈希函数、随机数生成器,序列密码算法、可验证随机函数中的至少一种生成预设随机数。Optionally, in an embodiment of the present application, it also includes: generating a preset random number by using at least one of a hash function, a random number generator, a sequence cipher algorithm, and a verifiable random function.

时代随机数rm中的ρ由em-1中各个区块附带的随机数聚合产生,这些附带的随机数可以使用VRF,Hash生成,也可以使用随机数生成器,序列密码算法或者可验证随机函数等可验证的随机数生成方法。The ρ in the era random number r m is generated by the aggregation of random numbers attached to each block in em -1 . These attached random numbers can be generated using VRF, Hash, or random number generators, sequence cipher algorithms or verifiable Verifiable random number generation methods such as random functions.

可选地,在本申请的一个实施例中,根据预设节点选取规则在选票排序中选择领导节点,包括:存在位置j使得选票排序的第j个位置为请求节点i的选票,则请求节点i为第j个时隙的领导节点。Optionally, in one embodiment of the present application, selecting the leader node in the ballot ranking according to the preset node selection rules includes: there is a position j such that the jth position in the ballot ranking is the vote of the requesting node i, then the requesting node i is the leader node of the jth time slot.

领导者出块与身份证明:在时代em+1中,对于节点i来说,如果存在一个位置j使得排序结果的第j个位置是自己产生的选票

Figure BDA0003767772540000081
说明自己被选为第j个slot的领导者。此时,节点i在em+1的第j个slot中可以生成一个区块Bm+1,j,并在其中包含自己使用的对应该选票的一次性私钥
Figure BDA0003767772540000082
以供其他节点进行验证。Leader block generation and identity proof: In era e m+1 , for node i, if there is a position j such that the jth position of the sorting result is the vote generated by itself
Figure BDA0003767772540000081
Explain that you have been selected as the leader of the jth slot. At this time, node i can generate a block B m+1, j in the jth slot of e m+1 , and include the one-time private key used by itself corresponding to the vote
Figure BDA0003767772540000082
for other nodes to verify.

可选地,在本申请的一个实施例中,根据预设节点选取规则在选票排序中选择领导节点之后还包括:计算领导节点的一次性私钥对应的公钥,验证领导节点的一次性私钥和计算出的公钥映像是否与选票排序中的领导节点位置的可链接环签名中的公钥映像相等,若相等,则领导节点身份合法,反之,领导节点身份不合法。Optionally, in one embodiment of the present application, after selecting the leader node in the ballot sorting according to the preset node selection rules, it also includes: calculating the public key corresponding to the one-time private key of the leader node, and verifying the one-time private key of the leader node. Whether the key and the calculated public key image are equal to the public key image in the linkable ring signature of the leader node position in the ballot ranking, if they are equal, the identity of the leader node is legal, otherwise, the identity of the leader node is not legal.

对出块人身份合法性的验证,其他节点收到区块Bm+1,j后,从区块中提取一次性私钥

Figure BDA0003767772540000083
并计算对应的
Figure BDA0003767772540000084
并验证
Figure BDA0003767772540000085
Figure BDA0003767772540000086
所生成的公钥映像
Figure BDA0003767772540000087
是否与排序结果中的第j个位置的可链接环签名σ中的公钥映像I相等,如果相等,说明领导者身份合法,否则说明领导者身份不合法,丢弃区块。To verify the legitimacy of the identity of the block producer, other nodes extract the one-time private key from the block after receiving the block B m+1,j
Figure BDA0003767772540000083
and calculate the corresponding
Figure BDA0003767772540000084
and verify
Figure BDA0003767772540000085
and
Figure BDA0003767772540000086
The generated public key image
Figure BDA0003767772540000087
Whether it is equal to the public key image I in the linkable ring signature σ of the jth position in the sorting result, if they are equal, it means that the identity of the leader is legal, otherwise it means that the identity of the leader is illegal, and the block is discarded.

结合图3所示,对本申请实施例的隐私增强的公平区块链领导者选举方法的实现装置进行介绍,主要包含有6个模块,分别是抵押模块、一次性公钥列表建立模块、选票生成模块、选票验证模块、区块生成模块和领导者验证模块。As shown in Figure 3, the implementation device of the privacy-enhanced fair blockchain leader election method in the embodiment of this application is introduced. It mainly includes 6 modules, which are mortgage module, one-time public key list establishment module, and vote generation module, vote verification module, block generation module and leader verification module.

抵押模块处理节点的抵押请求:The mortgage module handles the mortgage request of the node:

1)对于还在抵押中未申请赎回的节点,不作处理。1) No processing will be done for nodes that have not applied for redemption during the mortgage.

2)对于当前时代新申请抵押的节点,抵押模块首先验证抵押金额是否不大于当前节点余额,若不满足,拒绝抵押请求。2) For nodes newly applying for mortgage in the current era, the mortgage module first verifies whether the mortgage amount is not greater than the current node balance, and if not, rejects the mortgage request.

3)抵押模块接下来验证抵押金额是否不小于抵押阈值,若不满足,拒绝抵押请求,抵押阈值应为抵押模块事先给定的参数。3) Next, the mortgage module verifies whether the mortgage amount is not less than the mortgage threshold. If not, the mortgage request is rejected. The mortgage threshold should be a parameter given in advance by the mortgage module.

4)对于满足条件的抵押请求,抵押模块在节点余额中扣除相应的抵押金额,并在抵押表中记下抵押金额和对应的公钥。4) For mortgage requests that meet the conditions, the mortgage module deducts the corresponding mortgage amount from the node balance, and records the mortgage amount and the corresponding public key in the mortgage table.

当节点申请赎回自己的抵押金额,抵押模块依照以下步骤进行:When a node applies to redeem its mortgage amount, the mortgage module follows the following steps:

1)如节点没有进行过抵押中,拒绝请求。1) If the node has not been mortgaged, reject the request.

2)如该节点参与竞选所对应的出块时隙尚未到达或所出区块未得到确认,将请求标记为失败。2) If the time slot corresponding to the node participating in the election has not yet arrived or the block produced has not been confirmed, the request will be marked as failed.

3)如该节点对应的出块时隙的区块已完成确认或竞选失败,将抵押金额加到节点的余额上,将请求标记为成功。3) If the block corresponding to the block generation time slot of the node has been confirmed or the election fails, the mortgage amount will be added to the balance of the node, and the request will be marked as successful.

一次性公钥建立模块具体的工作流程如下:The specific workflow of the one-time public key establishment module is as follows:

1)验证本节点是否在进行过抵押中,如没有,则说明不能进行竞选,流程结束。1) Verify whether this node is in the process of staking, if not, it means that the election cannot be carried out, and the process ends.

2)当前slot的领导者采用PKi验证

Figure BDA0003767772540000091
承诺是否满足签名规则,且已知的该节点承诺数量小于抵押表中可算得的最大参选票数,若满足上述条件,领导者将一次性公钥打包进区块中,区块也包含上一个slot的一次性公钥承诺,否则丢弃上链请求。2) The leader of the current slot adopts PK i verification
Figure BDA0003767772540000091
Whether the commitment meets the signature rules, and the known number of commitments of the node is less than the maximum number of votes that can be calculated in the mortgage table. If the above conditions are met, the leader packs the one-time public key into the block, and the block also contains the previous The one-time public key commitment of the slot, otherwise the uplink request is discarded.

3)如果该slot是最后一个时隙,领导者将收集到的所有一次性公钥承诺组成列表Apk并附加到区块中。3) If the slot is the last time slot, the leader will collect all the one-time public key commitments to form a list Apk and append it to the block.

选票生成模块主要完成选票生成工作,工作流程如下:The ballot generation module mainly completes the ballot generation work, and the workflow is as follows:

1)节点根据Apk可验证是否在竞选名单中,若否,流程结束。若在,计算自己的最大选票数量ticketi1) According to the Apk, the node can verify whether it is in the election list, if not, the process ends. If so, calculate your own maximum number of votes ticket i .

2)节点选择公钥列表

Figure BDA0003767772540000092
组成环,环中的公钥可为大于最低阈值的任意值,最低阈值由选票生成模块给定,节点由选好的
Figure BDA0003767772540000093
和一次性私钥生成:2) Node selection public key list
Figure BDA0003767772540000092
To form a ring, the public key in the ring can be any value greater than the minimum threshold, the minimum threshold is given by the vote generation module, and the nodes are selected by
Figure BDA0003767772540000093
and one-time private key generation:

Figure BDA0003767772540000094
Figure BDA0003767772540000094

RingSig表示CryptoNote里采用的可链接性环签名算法,

Figure BDA0003767772540000095
中包含了签名,公钥映像
Figure BDA0003767772540000096
以及
Figure BDA0003767772540000097
RingSig represents the linkability ring signature algorithm used in CryptoNote,
Figure BDA0003767772540000095
Contains the signature, public key image in
Figure BDA0003767772540000096
as well as
Figure BDA0003767772540000097

3)广播

Figure BDA0003767772540000098
3) broadcast
Figure BDA0003767772540000098

选票验证模块对于选票进行以下验证:The ballot verification module performs the following verifications on ballots:

1)取出签名σ中的公钥映像I,判断公钥映像I是否在当前epoch已经出现过,若出现过,返回无效。1) Take out the public key image I in the signature σ, and judge whether the public key image I has appeared in the current epoch, and return invalid if it has appeared.

2)取出签名σ中的公钥环ring,判断是否其中的每一个公钥都在Apk中,若不是,返回无效。2) Take out the public key ring ring in the signature σ, and judge whether each public key in it is in the Apk, if not, return invalid.

3)验证签名σ中的签名部分是否正确,若不正确,返回无效。3) Verify whether the signature part in the signature σ is correct, if not, return invalid.

4)通过以上验证的选票为有效选票。4) Ballots that pass the above verification are valid ballots.

区块生成模块包含交易打包,一次性公钥收集,选票收集,选票排序,领导者身份揭示功能:The block generation module includes transaction packaging, one-time public key collection, ballot collection, ballot sorting, and leader identity revealing functions:

1)交易打包与普通区块链的出块无差异。1) There is no difference between transaction packaging and block generation of ordinary blockchains.

2)区块应包含对应slot上链的一次性公钥,包含上一个时隙区块中的一次性公钥,该epoch最后一个区块建立对应epoch的一次性公钥列表Apk。2) The block should contain the one-time public key corresponding to the chain on the slot, including the one-time public key in the block of the previous time slot, and the last block of the epoch establishes the one-time public key list Apk corresponding to the epoch.

3)区块应包含对应slot上链的选票,包含上一个时隙区块中的选票,验证不通过的选票也上链但标记为无效,该epoch最后一个区块建立对应epoch的选票集合。3) The block should contain the votes for the corresponding slot on the chain, including the votes in the previous slot block. The votes that fail the verification are also on the chain but marked as invalid. The last block of the epoch establishes a set of votes corresponding to the epoch.

4)每个epoch对应的第一个区块应包含对应epoch选票的顺序,按照上述实施例的排序方法进行排序,并将排序结果上链。4) The first block corresponding to each epoch should contain the order of the corresponding epoch votes, sort according to the sorting method of the above embodiment, and upload the sorting results to the chain.

5)每个slot对应的区块应包含领导者自身的一次性私钥ski用于身份揭示以便其他节点验证。5) The block corresponding to each slot should contain the leader's own one-time private key ski for identity disclosure so that other nodes can verify.

区块验证模块的工作流程如下:The workflow of the block verification module is as follows:

对于epoch em中收到第j个区块Bm,j For the jth block B m received in epoch e m , j

1)从区块中取出ski,根据epoch em-1中的第一个区块中的排序结果的第j位中的ID,,验证选票计算结果是否对应,若不等,说明出块人不是该slot的领导者,抛弃区块。1) Take out sk i from the block, according to the ID in the jth position of the sorting result in the first block in epoch e m-1 , verify whether the vote calculation result corresponds to it, if not, it means that the block is produced If the person is not the leader of the slot, the block is discarded.

2)对于区块中的选票,验证领导者对选票所进行的验证是否正确,以及选票是否包含上一个区块中的所有选票,若不满足上述条件,则丢弃区块。2) For the ballots in the block, verify whether the verification of the ballot by the leader is correct, and whether the ballot contains all the ballots in the previous block. If the above conditions are not met, the block is discarded.

3)如果此区块是em中的第一个区块,若其中不包含对于em-1中的选票的排序,则抛弃区块。否则取出排序结果,对H(σ,m,rm)进行验算,验证排序结果是否正确,若不正确,丢弃区块。3) If this block is the first block in e m , if it does not contain the sorting of the votes in e m-1 , then discard the block. Otherwise, take out the sorting result and check H(σ, m, r m ) to verify whether the sorting result is correct. If not, discard the block.

4)若区块在上述检查过程中无差错发生,则执行区块内容。4) If no error occurs in the block during the above checking process, execute the block content.

根据本申请实施例提出的隐私增强的公平区块链领导者选举方法,可以解决区块链在出块之前领导者的身份隐藏和区块链确定性出块不分叉之间的矛盾,利用代币抵押解决了区块链中的女巫攻击问题,利用一次性公钥的承诺和可链接性环签名的结合避免了恶意节点大量投递假票导致的拒绝服务攻击。应用于区块链系统中,可以增强领导者的隐私性并维护的区块链系统的公平性。其隐私性体现在每次出块的节点都需要产生一次性身份,出块时仅仅需要一次性身份作为领导者的身份证明;其公平性体现在根据抵押金额的多少决定一次性身份产生的数量,抵押金额越高的节点的被选中概率越大。According to the privacy-enhanced fair blockchain leader election method proposed in the embodiment of this application, it can solve the contradiction between the identity concealment of the leader before the blockchain and the deterministic block generation of the blockchain without bifurcation. Token mortgage solves the problem of sybil attack in the blockchain, and the combination of one-time public key commitment and linkability ring signature avoids denial of service attacks caused by malicious nodes delivering a large number of fake tickets. Applied to the blockchain system, it can enhance the privacy of the leader and maintain the fairness of the blockchain system. Its privacy is reflected in the fact that every node that produces a block needs to generate a one-time identity, and only needs a one-time identity as the identity proof of the leader when producing a block; its fairness is reflected in determining the number of one-time identities generated according to the mortgage amount , a node with a higher mortgage amount has a greater probability of being selected.

其次参照附图描述根据本申请实施例提出的隐私增强的公平区块链领导者选举装置。Next, the privacy-enhanced fair blockchain leader election device proposed according to the embodiment of the present application will be described with reference to the accompanying drawings.

图4为根据本申请实施例的隐私增强的公平区块链领导者选举装置的方框示意图。Fig. 4 is a schematic block diagram of a privacy-enhanced fair blockchain leader election device according to an embodiment of the present application.

如图4所示,该隐私增强的公平区块链领导者选举装置10包括:抵押模块100、一次性公钥列表建立模块200、选票生成模块300和区块生成模块400。As shown in FIG. 4 , the privacy-enhanced fair blockchain leader election device 10 includes: a mortgage module 100 , a one-time public key list establishment module 200 , a ballot generation module 300 and a block generation module 400 .

其中,抵押模块100,用于根据选举节点的抵押金额计算选举节点的最大选举票数,根据选举节点的最大选举票数生成相应数量的一次性公私钥对并建立选举节点一次性公钥集合。一次性公钥列表建立模块200,用于通过选举节点的元私钥对一次性公钥集合中的一次性公钥逐一进行签名生成选举节点承诺结果,对选举节点承诺结果进行验证,根据验证通过的选举节点承诺结果对应的一次性公钥建立一次性公钥列表。选票生成模块300,用于根据一次性公钥列表生成选举节点的公钥环,根据选举节点的一次性私钥和公钥环计算可链接环签名,根据可链接环签名生成选举节点的选票,验证选票的有效性。区块生成模块400,用于利用预设随机数对验证通过的选票进行计算,得到选票排序,根据预设节点选取规则在选票排序中选择领导节点。Among them, the mortgage module 100 is used to calculate the maximum number of election votes of the election node according to the mortgage amount of the election node, generate a corresponding number of one-time public-private key pairs according to the maximum number of election votes of the election node, and establish a one-time public key set of the election node. The one-time public key list building module 200 is used to sign the one-time public keys in the one-time public key set one by one through the meta-private key of the election node to generate an election node commitment result, verify the election node commitment result, and pass the verification according to Create a one-time public key list with the one-time public key corresponding to the election node commitment result. The ballot generation module 300 is used to generate the public key ring of the election node according to the one-time public key list, calculate the linkable ring signature according to the one-time private key and the public key ring of the election node, and generate the ballot of the election node according to the linkable ring signature, Verify the validity of the ballot. The block generation module 400 is configured to use preset random numbers to calculate the votes that have passed the verification to obtain a ranking of votes, and select a leader node in the ranking of votes according to preset node selection rules.

可选地,在本申请的实施例中,还包括:随机数生成模块,用于利用哈希函数、随机数生成器,序列密码算法、可验证随机函数中的至少一种生成预设随机数。Optionally, in the embodiment of the present application, it also includes: a random number generation module, which is used to generate a preset random number by using at least one of a hash function, a random number generator, a sequence cipher algorithm, and a verifiable random function .

可选地,在本申请的实施例中,根据预设节点选取规则在选票排序中选择领导节点,包括:存在位置j使得选票排序的第j个位置为请求节点i的选票,则请求节点i为第j个时隙的领导节点。Optionally, in the embodiment of the present application, selecting the leader node in the ballot ranking according to the preset node selection rules includes: there is a position j such that the jth position in the ballot ranking is the vote of the requesting node i, then the requesting node i is the leader node of the jth time slot.

可选地,在本申请的实施例中,根据预设节点选取规则在选票排序中选择领导节点之后,还包括:领导者验证模块,用于计算领导节点的一次性私钥对应的公钥,验证领导节点的一次性私钥和计算出的公钥映像是否与选票排序中的领导节点位置的可链接环签名中的公钥映像相等,若相等,则领导节点身份合法,反之,领导节点身份不合法。Optionally, in the embodiment of the present application, after the leader node is selected in the ballot sorting according to the preset node selection rules, it also includes: a leader verification module, which is used to calculate the public key corresponding to the one-time private key of the leader node, Verify whether the one-time private key of the leader node and the calculated public key image are equal to the public key image in the linkable ring signature of the leader node position in the ballot ranking. If they are equal, the identity of the leader node is legal. Otherwise, the identity of the leader node illegal.

可选地,在本申请的实施例中,对选举节点承诺结果进行验证,包括:验证选举节点承诺结果是否满足预设签名规则,且选举节点的选举节点承诺结果小于选举节点的最大选票数。Optionally, in the embodiment of the present application, verifying the election node commitment result includes: verifying whether the election node commitment result meets the preset signature rules, and the election node commitment result of the election node is less than the maximum number of votes of the election node.

可选地,在本申请的实施例中,验证选票的有效性证,包括:验证可链接环签名中的公钥映像是否存在于当前选举阶段,若是,则选票无效,反之,验证可链接环签名中公钥环中是否存在非一次性公钥列表中的公钥,若是,选票无效,反之,验证可链接环签名中的签名对否有效,若签名无效,则选票无效,反之,选票有效。Optionally, in the embodiment of this application, verifying the validity certificate of the ballot includes: verifying whether the public key image in the linkable ring signature exists in the current election stage, if so, the ballot is invalid; otherwise, verifying that the linkable ring signature Whether there is a public key in the non-disposable public key list in the public key ring in the signature, if so, the vote is invalid, otherwise, verify whether the signature pair in the linkable ring signature is valid, if the signature is invalid, the vote is invalid, otherwise, the vote is valid .

在本申请的实施例中,选票生成模块可以包括上述实施例的选票验证模块的功能。In the embodiments of the present application, the ballot generation module may include the functions of the ballot verification module in the above embodiments.

需要说明的是,前述对隐私增强的公平区块链领导者选举方法实施例的解释说明也适用于该实施例的隐私增强的公平区块链领导者选举装置,此处不再赘述。It should be noted that the aforementioned explanations for the embodiment of the privacy-enhanced fair blockchain leader election method are also applicable to the privacy-enhanced fair blockchain leader election device of this embodiment, and will not be repeated here.

根据本申请实施例提出的隐私增强的公平区块链领导者选举装置,可以解决区块链在出块之前领导者的身份隐藏和区块链确定性出块不分叉之间的矛盾,利用代币抵押解决了区块链中的女巫攻击问题,利用一次性公钥的承诺和可链接性环签名的结合避免了恶意节点大量投递假票导致的拒绝服务攻击。应用于区块链系统中,可以增强领导者的隐私性并维护的区块链系统的公平性。其隐私性体现在每次出块的节点都需要产生一次性身份,出块时仅仅需要一次性身份作为领导者的身份证明;其公平性体现在根据抵押金额的多少决定一次性身份产生的数量,抵押金额越高的节点的被选中概率越大。According to the privacy-enhanced fair blockchain leader election device proposed in the embodiment of the present application, it can solve the contradiction between the identity hiding of the leader before the block generation and the deterministic block generation of the blockchain without bifurcation. Token mortgage solves the problem of sybil attack in the blockchain, and the combination of one-time public key commitment and linkability ring signature avoids denial of service attacks caused by malicious nodes delivering a large number of fake tickets. Applied to the blockchain system, it can enhance the privacy of the leader and maintain the fairness of the blockchain system. Its privacy is reflected in the fact that every node that produces a block needs to generate a one-time identity, and only needs a one-time identity as the identity proof of the leader when producing a block; its fairness is reflected in determining the number of one-time identities generated according to the mortgage amount , a node with a higher mortgage amount has a greater probability of being selected.

在本说明书的描述中,参考术语“一个实施例”、“一些实施例”、“示例”、“具体示例”、或“一些示例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或者特点包含于本申请的至少一个实施例或示例中。在本说明书中,对上述术语的示意性表述不必须针对的是相同的实施例或示例。而且,描述的具体特征、结构、材料或者特点可以在任一个或N个实施例或示例中以合适的方式结合。此外,在不相互矛盾的情况下,本领域的技术人员可以将本说明书中描述的不同实施例或示例以及不同实施例或示例的特征进行结合和组合。In the description of this specification, descriptions referring to the terms "one embodiment", "some embodiments", "example", "specific examples", or "some examples" mean that specific features described in connection with the embodiment or example , structure, material or characteristic is included in at least one embodiment or example of the present application. In this specification, the schematic representations of the above terms are not necessarily directed to the same embodiment or example. Moreover, the described specific features, structures, materials or characteristics may be combined in any one or N embodiments or examples in an appropriate manner. In addition, those skilled in the art can combine and combine different embodiments or examples and features of different embodiments or examples described in this specification without conflicting with each other.

此外,术语“第一”、“第二”仅用于描述目的,而不能理解为指示或暗示相对重要性或者隐含指明所指示的技术特征的数量。由此,限定有“第一”、“第二”的特征可以明示或者隐含地包括至少一个该特征。在本申请的描述中,“N个”的含义是至少两个,例如两个,三个等,除非另有明确具体的限定。In addition, the terms "first" and "second" are used for descriptive purposes only, and cannot be interpreted as indicating or implying relative importance or implicitly specifying the quantity of indicated technical features. Thus, the features defined as "first" and "second" may explicitly or implicitly include at least one of these features. In the description of the present application, "N" means at least two, such as two, three, etc., unless otherwise specifically defined.

流程图中或在此以其他方式描述的任何过程或方法描述可以被理解为,表示包括一个或更N个用于实现定制逻辑功能或过程的步骤的可执行指令的代码的模块、片段或部分,并且本申请的优选实施方式的范围包括另外的实现,其中可以不按所示出或讨论的顺序,包括根据所涉及的功能按基本同时的方式或按相反的顺序,来执行功能,这应被本申请的实施例所属技术领域的技术人员所理解。Any process or method description in a flowchart or otherwise described herein may be understood to represent a module, segment or portion of code comprising one or more executable instructions for implementing a custom logical function or step of a process , and the scope of preferred embodiments of the present application includes additional implementations in which functions may be performed out of the order shown or discussed, including in substantially simultaneous fashion or in reverse order depending on the functions involved, which shall It should be understood by those skilled in the art to which the embodiments of the present application belong.

应当理解,本申请的各部分可以用硬件、软件、固件或它们的组合来实现。在上述实施方式中,N个步骤或方法可以用存储在存储器中且由合适的指令执行系统执行的软件或固件来实现。如,如果用硬件来实现和在另一实施方式中一样,可用本领域公知的下列技术中的任一项或他们的组合来实现:具有用于对数据信号实现逻辑功能的逻辑门电路的离散逻辑电路,具有合适的组合逻辑门电路的专用集成电路,可编程门阵列(PGA),现场可编程门阵列(FPGA)等。It should be understood that each part of the present application may be realized by hardware, software, firmware or a combination thereof. In the above embodiments, the N steps or methods may be implemented by software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware as in another embodiment, it can be implemented by any one or a combination of the following techniques known in the art: a discrete Logic circuits, ASICs with suitable combinational logic gates, Programmable Gate Arrays (PGA), Field Programmable Gate Arrays (FPGA), etc.

本技术领域的普通技术人员可以理解实现上述实施例方法携带的全部或部分步骤是可以通过程序来指令相关的硬件完成,所述的程序可以存储于一种计算机可读存储介质中,该程序在执行时,包括方法实施例的步骤之一或其组合。Those of ordinary skill in the art can understand that all or part of the steps carried by the methods of the above embodiments can be completed by instructing related hardware through a program, and the program can be stored in a computer-readable storage medium. During execution, one or a combination of the steps of the method embodiments is included.

Claims (10)

1.一种隐私增强的公平区块链领导者选举方法,其特征在于,包括以下步骤:1. A privacy-enhanced fair blockchain leader election method, characterized in that it comprises the following steps: 根据选举节点的抵押金额计算所述选举节点的最大选举票数,根据所述选举节点的最大选举票数生成相应数量的一次性公私钥对并建立所述选举节点一次性公钥集合;Calculate the maximum number of election votes of the election node according to the mortgage amount of the election node, generate a corresponding number of one-time public-private key pairs according to the maximum number of election votes of the election node, and establish the one-time public key set of the election node; 通过所述选举节点的元私钥对所述一次性公钥集合中的一次性公钥逐一进行签名生成所述选举节点承诺结果,对所述选举节点承诺结果进行验证,根据验证通过的所述选举节点承诺结果对应的一次性公钥建立一次性公钥列表;Use the meta-private key of the election node to sign the one-time public keys in the one-time public key set one by one to generate the election node commitment result, verify the election node commitment result, and The one-time public key corresponding to the promise result of the election node establishes a one-time public key list; 根据所述一次性公钥列表生成所述选举节点的公钥环,根据所述选举节点的一次性私钥和所述公钥环计算可链接环签名,根据所述可链接环签名生成所述选举节点的选票,验证所述选票的有效性;Generate the public key ring of the election node according to the one-time public key list, calculate a linkable ring signature according to the one-time private key of the election node and the public key ring, and generate the linkable ring signature according to the linkable ring signature votes for election nodes, verifying the validity of said votes; 利用预设随机数对验证通过的选票进行计算,得到选票排序,根据预设节点选取规则在所述选票排序中选择领导节点。The ballots that pass the verification are calculated by using preset random numbers to obtain a ranking of votes, and a leader node is selected in the ranking of votes according to preset node selection rules. 2.根据权利要求1所述的方法,其特征在于,所述对所述选举节点承诺结果进行验证,包括:2. The method according to claim 1, wherein the verifying the result of the election node commitment comprises: 验证所述选举节点承诺结果是否满足预设签名规则,且所述选举节点的所述选举节点承诺结果小于所述选举节点的最大选票数。Verifying whether the election node commitment result satisfies the preset signature rule, and the election node commitment result of the election node is less than the maximum number of votes of the election node. 3.根据权利要求1所述的方法,其特征在于,所述验证所述选票的有效性证,包括:3. The method according to claim 1, wherein the verification of the validity certificate of the ballot comprises: 验证所述可链接环签名中的公钥映像是否存在于当前选举阶段,若是,则所述选票无效,反之,验证所述可链接环签名中公钥环中是否存在非所述一次性公钥列表中的公钥,若是,所述选票无效,反之,验证所述可链接环签名中的签名对否有效,若签名无效,则所述选票无效,反之,所述选票有效。Verify whether the public key image in the linkable ring signature exists in the current election stage, if so, the ballot is invalid, otherwise, verify whether there is a non-disposable public key in the public key ring in the linkable ring signature The public key in the list, if yes, the vote is invalid, otherwise, verify whether the signature pair in the linkable ring signature is valid, if the signature is invalid, the vote is invalid, otherwise, the vote is valid. 4.根据权利要求1所述的方法,其特征在于,还包括:4. The method according to claim 1, further comprising: 利用哈希函数、随机数生成器,序列密码算法、可验证随机函数中的至少一种生成所述预设随机数。Using at least one of a hash function, a random number generator, a sequence cipher algorithm, and a verifiable random function to generate the preset random number. 5.根据权利要求1所述的方法,其特征在于,所述根据预设节点选取规则在所述选票排序中选择领导节点,包括:5. The method according to claim 1, wherein said selecting a leader node in said ballot ranking according to preset node selection rules comprises: 存在位置j使得所述选票排序的第j个位置为所述请求节点i的选票,则所述请求节点i为第j个时隙的领导节点。There is a position j such that the jth position of the vote ranking is the vote of the requesting node i, then the requesting node i is the leader node of the jth time slot. 6.根据权利要求1所述的方法,其特征在于,所述根据预设节点选取规则在所述选票排序中选择领导节点之后还包括:6. The method according to claim 1, characterized in that, after selecting a leader node in the ballot sorting according to preset node selection rules, the method further comprises: 计算所述领导节点的一次性私钥对应的公钥,验证所述领导节点的一次性私钥和计算出的公钥映像是否与选票排序中的所述领导节点位置的可链接环签名中的公钥映像相等,若相等,则所述领导节点身份合法,反之,所述领导节点身份不合法。Calculate the public key corresponding to the one-time private key of the leader node, verify whether the one-time private key of the leader node and the calculated public key image are consistent with the linkable ring signature of the leader node position in the ballot ranking The public key images are equal, and if they are equal, the identity of the leader node is legal; otherwise, the identity of the leader node is not legal. 7.一种隐私增强的公平区块链领导者选举装置,其特征在于,包括:7. A privacy-enhanced fair blockchain leader election device, characterized in that it includes: 抵押模块,用于根据选举节点的抵押金额计算所述选举节点的最大选举票数,根据所述选举节点的最大选举票数生成相应数量的一次性公私钥对并建立所述选举节点一次性公钥集合;The mortgage module is used to calculate the maximum number of election votes of the election node according to the mortgage amount of the election node, generate a corresponding number of one-time public-private key pairs according to the maximum number of election votes of the election node, and establish the one-time public key set of the election node ; 一次性公钥列表建立模块,用于通过所述选举节点的元私钥对所述一次性公钥集合中的一次性公钥逐一进行签名生成所述选举节点承诺结果,对所述选举节点承诺结果进行验证,根据验证通过的所述选举节点承诺结果对应的一次性公钥建立一次性公钥列表;The one-time public key list building module is used to sign the one-time public keys in the one-time public key set one by one through the meta-private key of the election node to generate the election node commitment result, and promise the election node The result is verified, and a one-time public key list is established according to the one-time public key corresponding to the result of the election node commitment that has passed the verification; 选票生成模块,用于根据所述一次性公钥列表生成所述选举节点的公钥环,根据所述选举节点的一次性私钥和所述公钥环计算可链接环签名,根据所述可链接环签名生成所述选举节点的选票,验证所述选票的有效性;A ballot generating module, configured to generate a public key ring of the election node according to the one-time public key list, calculate a linkable ring signature according to the one-time private key of the election node and the public key ring, and calculate a linkable ring signature according to the The link ring signature generates the ballot of the election node, and verifies the validity of the ballot; 区块生成模块,用于利用预设随机数对验证通过的选票进行计算,得到选票排序,根据预设节点选取规则在所述选票排序中选择领导节点。The block generation module is used to calculate the verified ballots by using preset random numbers to obtain a ranking of votes, and select a leader node in the ranking of votes according to preset node selection rules. 8.根据权利要求7所述的装置,其特征在于,还包括:8. The device according to claim 7, further comprising: 随机数生成模块,用于利用哈希函数、随机数生成器,序列密码算法、可验证随机函数中的至少一种生成所述预设随机数。The random number generation module is used to generate the preset random number by using at least one of a hash function, a random number generator, a sequence cipher algorithm, and a verifiable random function. 9.根据权利要求7所述的装置,其特征在于,所述根据预设节点选取规则在所述选票排序中选择领导节点,包括:9. The device according to claim 7, wherein the selecting a leader node in the ballot sorting according to preset node selection rules comprises: 存在位置j使得所述选票排序的第j个位置为所述请求节点i的选票,则所述请求节点i为第j个时隙的领导节点。There is a position j such that the jth position of the vote ranking is the vote of the requesting node i, then the requesting node i is the leader node of the jth time slot. 10.根据权利要求7所述的装置,其特征在于,所述根据预设节点选取规则在所述选票排序中选择领导节点之后,还包括:10. The device according to claim 7, wherein after selecting the leader node in the ballot sorting according to the preset node selection rules, further comprising: 领导者验证模块,用于计算所述领导节点的一次性私钥对应的公钥,验证所述领导节点的一次性私钥和计算出的公钥映像是否与选票排序中的所述领导节点位置的可链接环签名中的公钥映像相等,若相等,则所述领导节点身份合法,反之,所述领导节点身份不合法。The leader verification module is used to calculate the public key corresponding to the one-time private key of the leader node, and verify whether the one-time private key of the leader node and the calculated public key image are consistent with the position of the leader node in the ballot sorting The public key images in the linkable ring signatures of are equal, if they are equal, the identity of the leader node is legal, otherwise, the identity of the leader node is not legal.
CN202210891614.8A 2022-07-27 2022-07-27 Privacy-enhanced fair blockchain leader election method and device Active CN115314352B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210891614.8A CN115314352B (en) 2022-07-27 2022-07-27 Privacy-enhanced fair blockchain leader election method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210891614.8A CN115314352B (en) 2022-07-27 2022-07-27 Privacy-enhanced fair blockchain leader election method and device

Publications (2)

Publication Number Publication Date
CN115314352A true CN115314352A (en) 2022-11-08
CN115314352B CN115314352B (en) 2023-12-12

Family

ID=83859365

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210891614.8A Active CN115314352B (en) 2022-07-27 2022-07-27 Privacy-enhanced fair blockchain leader election method and device

Country Status (1)

Country Link
CN (1) CN115314352B (en)

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107682308A (en) * 2017-08-16 2018-02-09 北京航空航天大学 The electronic evidence preservation system for Channel Technology of being dived based on block chain
CN109964446A (en) * 2018-06-08 2019-07-02 北京大学深圳研究生院 A voting-based consensus method
US20190213821A1 (en) * 2018-01-11 2019-07-11 Mastercard International Incorporated Method and system for public elections on a moderated blockchain
CN110659901A (en) * 2019-09-03 2020-01-07 北京航空航天大学 Game model-based block chain complex transaction verification method and device
WO2020133326A1 (en) * 2018-12-29 2020-07-02 北京建极练科技有限公司 Blockchain generation method and system, and computer storage medium and electronic device
WO2021046668A1 (en) * 2019-09-09 2021-03-18 深圳市网心科技有限公司 Blockchain system, information transmission method, system and apparatus, and computer medium
CN113285799A (en) * 2021-04-19 2021-08-20 江苏大学 Election method based on block chain
US20220012731A1 (en) * 2020-04-22 2022-01-13 Atrium Separate IP Holdings Number 1, LLC Blockchain architecture, system, method and device including a hybrid public-private iteration for facilitating secure data collection and controlled distribution using a decentralized transaction information platform and token ecosystem
CN114255034A (en) * 2021-11-09 2022-03-29 重庆邮电大学 A blockchain-based electronic voting method with verifiable fairness
CN114362987A (en) * 2021-08-02 2022-04-15 北京航空航天大学 Distributed voting system and method based on block chain and intelligent contract
CN114422146A (en) * 2022-01-25 2022-04-29 北京航空航天大学 Anonymous sorting method for block chain main nodes
CN114519198A (en) * 2022-01-27 2022-05-20 青岛海尔电冰箱有限公司 Block chain consensus method and computer-readable storage medium

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107682308A (en) * 2017-08-16 2018-02-09 北京航空航天大学 The electronic evidence preservation system for Channel Technology of being dived based on block chain
US20190213821A1 (en) * 2018-01-11 2019-07-11 Mastercard International Incorporated Method and system for public elections on a moderated blockchain
CN109964446A (en) * 2018-06-08 2019-07-02 北京大学深圳研究生院 A voting-based consensus method
WO2020133326A1 (en) * 2018-12-29 2020-07-02 北京建极练科技有限公司 Blockchain generation method and system, and computer storage medium and electronic device
CN110659901A (en) * 2019-09-03 2020-01-07 北京航空航天大学 Game model-based block chain complex transaction verification method and device
WO2021046668A1 (en) * 2019-09-09 2021-03-18 深圳市网心科技有限公司 Blockchain system, information transmission method, system and apparatus, and computer medium
US20220012731A1 (en) * 2020-04-22 2022-01-13 Atrium Separate IP Holdings Number 1, LLC Blockchain architecture, system, method and device including a hybrid public-private iteration for facilitating secure data collection and controlled distribution using a decentralized transaction information platform and token ecosystem
CN113285799A (en) * 2021-04-19 2021-08-20 江苏大学 Election method based on block chain
CN114362987A (en) * 2021-08-02 2022-04-15 北京航空航天大学 Distributed voting system and method based on block chain and intelligent contract
CN114255034A (en) * 2021-11-09 2022-03-29 重庆邮电大学 A blockchain-based electronic voting method with verifiable fairness
CN114422146A (en) * 2022-01-25 2022-04-29 北京航空航天大学 Anonymous sorting method for block chain main nodes
CN114519198A (en) * 2022-01-27 2022-05-20 青岛海尔电冰箱有限公司 Block chain consensus method and computer-readable storage medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
付婉婷: "基于区块链的分布式通信研究", 《中国信息安全》 *
李大伟;刘建伟;关振宇;秦煜瑶;伍前红;: "基于区块链的密钥更新和可信定位系统", 密码学报, no. 01 *

Also Published As

Publication number Publication date
CN115314352B (en) 2023-12-12

Similar Documents

Publication Publication Date Title
CN109639837A (en) Block chain DPoS common recognition method based on faith mechanism
Saad et al. Comparative analysis of the blockchain consensus algorithm between proof of stake and delegated proof of stake
Zhang et al. Cycledger: A scalable and secure parallel protocol for distributed ledger via sharding
CN109842606A (en) Block chain common recognition algorithm and system based on consistency hash algorithm
Sun et al. Rtchain: A reputation system with transaction and consensus incentives for e-commerce blockchain
JP2019519137A (en) Distributed Transaction Propagation and Verification System
Nguyen et al. An online public auction protocol protecting bidder privacy
CN110855432A (en) Asynchronous BFT&DPOS Consensus Mechanism Based on Verifiable Random Function to Distribute Validator Rewards
CN114598477B (en) A consensus system and method based on device-independent quantum random numbers
CN116527684B (en) Multi-chain information interaction method based on 1+1+N relay consensus committee
Xu et al. Microchain: A hybrid consensus mechanism for lightweight distributed ledger for IoT
EP4004853A1 (en) Unity protocol consensus
CN111131298A (en) A POC Efficient Consensus Mechanism and Implementation Method Based on Credit Decentralization
Abidha et al. Gas-efficient decentralized random beacons
CN116996521B (en) Relay committee cross-chain interaction system and method based on trust evaluation model
WO2022079431A1 (en) Block reward management in blockchain
Verma et al. LVCA: An efficient voting-based consensus algorithm in private Blockchain for enhancing data security
CN116471041A (en) Blockchain consensus method, system, equipment and medium based on consortium chain
CN115660836A (en) Double-pipeline secure high-throughput sharding blockchain implementation method and device
CN115378598A (en) Multi-chain scalable secret election method based on one-time linkable ring signature
CN111522884B (en) Threat information transaction alliance chain transaction promotion method based on benefit distribution
CN115314352A (en) Privacy-enhanced fair blockchain leader election method and apparatus
Ghasaei et al. Blockchain-based, privacy-preserving, first price sealed bid auction (fpsba) verifiable by participants
CN115828311B (en) A blockchain-based incentive mechanism method for group intelligence privacy protection
CN118469564A (en) Privacy auditable distributed power transaction method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
OL01 Intention to license declared
OL01 Intention to license declared