CN118202622A - Method and system for distributed blockchain functionality - Google Patents

Abstract

The present disclosure provides methods and systems for distributing and/or concurrently processing data records, particularly mining blockchain transactions in blockchain blocks, and further provides methods and systems for generating a proof of work (PoW) for a blockchain block. Advantageously, embodiments allow the PoW computation to be separated from other blockchain mining/verification tasks. Preferably, the PoW requester sends to the professional PoW provider one or more of the following: i) Merck root of merck tree representing a set of transactions; ii) a control transaction (TX ₀); and iii) confirm that TX ₀ includes the merck proof in the set of transactions. TX ₀ may provide or include control data that the PoW provider may use to determine whether to perform or complete the PoW calculations.

Description

Method and system for distributed blockchain functionality

Technical Field

The present disclosure relates generally to improved methods and systems for processing correlated or associated data records and/or implementing a distributed network. The present disclosure is particularly suited, but not limited, to transmissions for implementation on or using a blockchain network, such as pre-and/or post-mining verification of blockchain transactions, SPV checking, and the like. Advantages include, but are not limited to, increased security, resilience, and efficiency, reduced speed and resource requirements, and implementation of novel verification methods not possible with prior art arrangements, thereby enabling arrangements of blockchain implementations not previously possible.

Background

While bitcoin protocols and networks may be mentioned herein for the purpose of providing an illustrative context for implementation, the present disclosure is not limited to use with bitcoin blockchains, and alternative protocols and implementations (including account-based protocols and implementations and those including proof of rights consensus) are also within the scope of the present disclosure. Hereinafter, purely for convenience, the term "UTXO" may be used to refer to transaction output and should not be construed to mean that embodiments of the present disclosure are limited to use with UTXO-based blockchain models only.

Blockchains are point-to-point electronic ledgers that are implemented as computer-based decentralized distributed systems consisting of blocks, which in turn consist of transactions. Each transaction is a data structure that encodes transfer of digital asset control rights between blockchain system participants and includes at least one input and at least one output. Each chunk contains a hash of the last chunk, so the chunks are linked together to create a permanent and unchangeable record of all transactions written to it since the blockchain was created.

To write a transaction (Tx) to the blockchain, the transaction must be verified. The network node (mineworker) works to ensure that every transaction is valid, while invalid transactions are rejected by the network. In some protocols, software clients installed on these nodes perform this validation work on Unexpired Transactions (UTXOs) by executing their lock scripts and unlock scripts. If execution of the lock script and the unlock script evaluates to true, the transaction is valid and the transaction is written to the blockchain. Thus, in order to write a transaction to the blockchain, the transaction must: i) Verifying by the first node receiving the transaction, if the transaction passes verification, the node relaying it to other nodes in the network, i.e. the transaction is propagated; ii) to new blocks built by miners; iii) Is mined, i.e., added to the public ledger of past transactions. Once the transaction is stored in the blockchain as a UTXO, the user may transfer control of the associated cryptocurrency to another address associated with an input in another transaction that is subsequently written to the blockchain. This is typically done using a digital wallet that stores public and private key pairs associated with the user's cryptocurrency. Known cryptocurrency wallets come in a variety of forms including SPV wallets (simple payment verification). SPV techniques allow users and merchant nodes to perform local authentication based only on portions of information related to a particular transfer. The SPV will be discussed in more detail below.

However, it is known that while verification is critical to ensuring security, conforming to the relevant protocols of a given blockchain, and preventing dual spending utilization, it should be appreciated that such verification tasks may require a significant amount of resources and time due to the need to download and store blocks, maintain a large pool of UTXOs, and perform the necessary processing tasks for verification. Many users either fail to meet such requirements or are reluctant to meet such requirements because they may not need to meet such requirements. Thus, there is a need for a faster, more efficient verification model that can at least address these challenges (and others) without compromising security or requiring adaptation to existing protocols.

Such improved solutions have now been devised.

Disclosure of Invention

Embodiments of the present disclosure provide improved blockchain correlation methods, devices, and systems. According to one form of wording, the embodiments provide a solution for verifying or mining a blockchain transaction and/or a part or the entire blockchain block. According to additional or alternative forms of wording, these embodiments provide a secure solution for controlling, managing and/or improving the efficiency, resource requirements, speed and/or resilience of known processing methods of blockchain transactions. Embodiments also enable scalability of blockchain implemented solutions, providing improved methods and technical architecture for electronically transmitting digital resources. Embodiments may also include methods of implementing and/or controlling the computation/generation of work evidence for blockchain blocks in a distributed and/or parallel manner.

Embodiments of the present disclosure may be implemented in part or in whole by various means. These devices may be hardware and/or software based devices including, but not limited to, one or more virtual machines, servers, GPU-based computing resources, or multiprocessor systems. Additionally or alternatively, embodiments may include one or more digital wallets. Importantly, however, the embodiments provide mechanisms for distributed processing of blockchain-related verification tasks. Coordination, management and control of known distributed processes is technical in nature, as this requires a comprehensive understanding of the interactions between the hardware and software components involved, and the implementation of such distributed solutions is beyond the trivial scope of technology.

Embodiments may include schemes that enable or facilitate distributing mining tasks across multiple processing resources.

Embodiments of the present disclosure may include methods and systems described, illustrated, and claimed herein with respect to the section entitled "distributed mining". Such embodiments may include a request to authorize, control, establish authorization, or otherwise formulate a Proof of Work (PoW) for generating a blockchain block that includes a particular plurality of transactions (transaction set). Preferably, the set includes transactions that contain at least a portion of the control data that the proof of work provider can use to determine whether the requested PoW work should be initiated, performed, and/or completed. This may be referred to as a "control transaction" (TX ₀). The request may also include data that the PoW provider may use to determine that TX ₀ includes in the plurality of transactions. In a preferred embodiment, this may include one or more of the following: merck proof, the control transaction (TX ₀), and/or the root of the merck tree representing the set of transactions. The PoW provider may process the request to ensure that: a) The control transaction is included in the group and/or b) includes a portion of control data that may be used in conjunction with at least one pre-specified rule, criteria or requirement to determine whether the requested PoW operation should be initiated, performed and/or completed.

In combination, the PoW requestor and the PoW provider can provide distributed blockchain mining nodes. Embodiments provide the ability to separate, distribute, and concurrently process the various functions and tasks involved in verifying and/or mining blockchain transactions.

Drawings

To facilitate an understanding of the embodiments of the present disclosure and to show how such embodiments may be implemented, reference will now be made, by way of example only, to the accompanying drawings in which:

FIG. 1 is a schematic block diagram of a system for implementing a blockchain;

FIG. 2 schematically illustrates some examples of transactions that may be recorded in a blockchain;

FIG. 3 provides an illustration of a generic merck tree structure known in the art;

FIG. 4 illustrates how the merck root may be derived from a blockchain transaction set as known in the art;

FIG. 5 provides an example of how a merck tree may be divided into subsets (or "segments") that may then be assigned to respective verification resources in accordance with an embodiment of the present disclosure;

FIG. 6 shows an alternative example of FIG. 5 of how the merck tree may be divided into logical segments;

FIG. 7 illustrates a system level distributed verification node in accordance with an illustrative embodiment of the present disclosure;

FIG. 8 shows a simplified flowchart of steps involved in an illustrative method of the present disclosure;

FIG. 9 shows a diagram of the exemplary system of FIG. 7 in greater detail;

FIG. 10 provides a brief overview of a preferred embodiment of the present disclosure;

FIG. 11 provides an illustration of a conventional method of verification and mining activities performed by nodes on a blockchain network as known in the art;

FIG. 12 shows a diagram of how the traditional tasks of profile 2 are distributed across different entities in accordance with a preferred embodiment of the present disclosure;

FIG. 13 illustrates an example of typical tasks performed by a PoW requester in accordance with a preferred embodiment of the present disclosure;

FIG. 14 illustrates an example of typical tasks performed by a PoW provider in accordance with a preferred embodiment of the present disclosure;

Fig. 15 shows a distributed mining node in accordance with an illustrative embodiment of the present disclosure.

Detailed Description

For purposes of illustration (and not limitation) and with reference to the figures, exemplary embodiments of the present disclosure are described below.

Traditionally, nodes in a blockchain network maintain a global ledger for all transactions on the blockchain. The global ledger is a distributed ledger and each node may store a complete or partial copy of the global ledger. Transactions of nodes affecting the global ledger are validated by other nodes, maintaining the validity and integrity of the global ledger. Those of ordinary skill in the art will understand the details of implementing and operating a blockchain network (e.g., a network using a bitcoin protocol).

Each transaction typically has one or more inputs and one or more outputs. Scripts embedded in the inputs and outputs specify how and by whom the output of a transaction can be accessed. The output of a transaction may be the address to which control of the value is transferred due to the transaction. This value is then associated with the output address as an unexpired transaction output (UTXO). Subsequent transactions may then reference the address as input to gain control or ownership of the value.

As described above, taking the bitcoin network and protocol as an example, the mining node race creates the next chunk in the blockchain. To assemble a block, miners construct the block as a set of transactions from an unacknowledged transaction pool ("memory pool"). The mineworker then attempts to complete a proof of work (PoW) puzzle with respect to the blocks that they have assembled. If the mineworker tries to complete a PoW before receiving notification that any other mineworker has successfully generated its own tile and completed its PoW, the mineworker propagates its tile by sending it to peer nodes on the network. The nodes verify the block and then send it further to other nodes in the network. If the mineworker receives notification that another block has been completed before completing his own PoW, the mineworker gives up effort and begins trying to build the next block.

Thus, the fast propagation block helps avoid wasting effort (and associated energy) on behalf of miners and verification nodes. By providing a solution that enables faster verification and thus propagation of blocks, the present invention provides enhanced network performance. This solution reduces the computational time and effort required, thereby reducing the energy required by the network. The solution provides a more resource and time efficient network. The solution ultimately provides an improved (blockchain) network.

In the current implementation of a blockchain (e.g., a bitcoin network), each node that receives a block first verifies the block and then sends the block to other nodes. The time required to verify a block slows down the propagation speed of the block in the network. It should be noted that some implementations of blockchains (including evolution of existing protocols) may perform blockcheck only with a subset of nodes, not with each node in the network; however, block verification at most nodes may still be a feature of any blockchain implementation to prevent invalid blocks from propagating through the network.

Verifying a block involves verifying that the block meets the specified criteria set by the applicable blockchain protocol. Exemplary criteria applicable to the bitcoin protocol may include functions CheckBlock and CheckBlockHeader, among others. In addition to confirming that the block itself meets the specified criteria, it may be evaluated whether each transaction within the block meets the transaction level criteria. For example, transaction level criteria applied in the bitcoin protocol may include AcceptToMemoryPool, checkTransaction and CheckInputs functions.

Specific examples of tile level criteria based on the bitcoin protocol may include:

● The tile data structure is syntactically valid.

● The block header hash is less than the target difficulty (enforcing proof of work).

● The block timestamp is less than two hours in the future (taking into account the time error).

● The block size is within an acceptable range.

● The first transaction (and only the first transaction) is Coinbase a generate transaction.

● All transactions within a block are valid.

Specific examples of transaction level criteria based on bitcoin protocol may include:

● The syntax and data structure of the transaction must be correct.

● Neither the input list nor the output list is empty.

● Each output value x and the sum of all outputs must be in the range 0< x <21·10 ⁶.

● All inputs do not have a null hash.

● NLockTime is less than or equal to INT_MAX.

● The transaction size in bytes is greater than or equal to the minimum value and less than the maximum value.

● The number of signature operations is less than the signature operation limit.

● The unlock script SCRIPTSIG can only push numbers onto the stack, while the lock script scriptPubkey must be form-matched to ISSTANDARD.

● For each input, if the referenced output is present in any other transaction in the pool, the transaction must be rejected.

● For each input, if the referenced output transaction is Coinbase outputs, then the output transaction must have at least COINBASE _ MATURITY (100) acknowledgements.

● For each input, the referenced output must exist and cannot already be spent.

● The referenced output transactions are used to obtain the input values, and it is checked whether each input value and the sum are within the allowed range of the value x, i.e. 0< x < 21.10 ⁶.

● There must be matching transactions in the pool or in the blocks in the main branch.

● The sum of the input values must be equal to or greater than the sum of the output values.

● The transaction cost must be sufficient to obtain input for the empty block.

● Each entered unlock script must be verified against the corresponding output lock script.

These exemplary criteria are illustrative and should not be construed as sufficient or necessary for all embodiments, as the prescribed criteria may differ among different protocols and, if a change is made to a given protocol, may change over time for that protocol. In general, transaction level verification criteria refer to prescribed features that a transaction must be considered valid in accordance with the applicable blockchain protocol. Similarly, the block level verification criteria refers to specified features that a block must be considered valid according to the applicable blockchain protocol.

In accordance with the present application, methods and apparatus are described that accelerate block verification in order to facilitate faster propagation of blocks in a network.

In one aspect, the present application describes a node configured to verify a chunk by performing at least transaction-level verification of individual transactions in parallel and/or in a distributed manner. However, certain transaction level criteria may not be evaluated in parallel. For example, the uniqueness of the UTXO may be assessed on a serial basis. In this case, the distributed verification node of the present disclosure may be structured or arranged to confirm the uniqueness of the referenced input (UTXO) of the transaction before distributing the plurality of transaction sets among the set of two or more parallel processors for verifying the remaining transaction level criteria.

In particular, embodiments of the present disclosure provide improved verification and security solutions for processing related or associated data records stored in a tree structure. The tree may be a binary tree or a mesh (mesh) structure. As is known in the art, a tree structure may be broken down into smaller trees (which may be referred to herein as tree "segments," "subsets," or "portions"), where each segment includes a subset of the data records in the entire tree and has its own root. Advantageously, embodiments of the present disclosure take advantage of this feature to provide methods and systems for distributing and parallelizing the processing of related data records across multiple processing resources.

In an exemplary embodiment of the present disclosure, the plurality of data records includes blockchain transactions that are related by forming nodes within the merck tree. The merck tree has a root that has been or may be included in the block header of a block of transactions according to the blockchain protocol such that the root provides a path that can follow to each leaf within the tree, i.e., the transaction ID (TxID). Although in some examples of the present disclosure the blockchain protocol is, or is derived from, the bitcoin protocol, other protocols are within the scope of the present disclosure.

In this disclosed example, processing the plurality of transactions includes verifying at least a portion of a blockchain chunk that includes the plurality of blockchain transactions and a root of a merck tree for the chunk. These examples are non-limiting and the techniques disclosed herein may be used for non-blockchain related data and/or other processes other than verification. For example, embodiments may be used to store, construct, search, and/or maintain any type of data record that may be represented in a merck tree. Databases and other known storage resources may be utilized in place of or in addition to blockchain ledgers.

In another exemplary embodiment, processing the plurality of transactions includes downloading at least a portion of a blockchain chunk including the plurality of blockchain transactions and a root of a merck tree for the chunk.

For completeness, and with reference to fig. 3 and 4, the merck tree and its use in blocks representing blockchain transactions is discussed below.

Merck tree

Referring to fig. 3, the merck tree is a hierarchical data structure that enables security verification of a data set. In the merck tree, each node in the tree is provided with an index pair (i, j), and is denoted as N (i, j). The indices i, j are simply the number labels associated with a particular location in the tree.

One feature of the merck tree is that the construction of each of its nodes is controlled by the following equation:

Where H is a cryptographic hash function.

An example of a binary merck tree constructed from these equations is shown in fig. 3. As can be seen from the figure, the i=j case corresponds to a leaf node, which is simply a hash of the corresponding i-th packet of data D _i. The i+.j case corresponds to an internal node or parent node, which is generated by recursively hashing and concatenating child nodes until one parent node (merck root) is found.

For example, node N (0, 3) is constructed from four data packets D ₀,…,D₃

N(0,3)＝H(N(0,1)||N(2,3))

＝[H(N(0,0)||N(1,1))||H(N(2,2)||N(3,3))]

＝[H(H(D₀)||H(D₁))||H(H(d₂)||H(D₃))]。

The depth M of the tree is defined as the lowest level of nodes in the tree, the depth M of a node being the level at which the node is located. For example, M _root =0 and M _leaf =m, where m=3 in fig. 3.

For the merck tree in bitcoin and some other blockchain, the hash function is a double SHA256, i.e., the standard hash function SHA-256 is applied twice: h (x) =sha256 (sha256 (x)).

The main function of the merck tree is to verify that a certain data packet D _i is a member of a list or set of N data packets D e { D ₀,…,D_N-1 }. This verification mechanism, known as merck proof, involves obtaining a set of hashes, known as merck paths, for a given data packet D _i and merck root R. The merck proof of a data packet is simply the minimum hash list required to reconstruct the root R by way of repeated hashing and concatenation, commonly referred to as "authentication proof".

If the prover knows all packets D ₀,…,D_N-1 and their order, presence proving can be performed simply. However, this does require a much greater memory overhead than merck proving, and requires the entire data set to be available to the prover.

A comparison using merck proof and using the entire list is shown in the following table, where a binary merck tree is used and the number of data blocks N is assumed to be exactly equal to an integer power of 2.

The following table shows the relationship between the number of leaf nodes in the merck tree and the number of hashes required for merck certification (merck certification).

In this simplified scenario (where the number of data packets is equal to the number of leaf nodes), it has been found that the number of hash values required to calculate the merck proof scales logarithmically. Obviously, computing the merck proof involving log ₂ N hashes is much more efficient and practical than storing N data hashes and computing the display proof.

Given the merck root R, it is desirable to prove that data block D ₀ belongs to the ordered list represented by RMerck proving can be performed as follows:

i. the merck root R is obtained from a trusted source.

Obtaining a merck proof Γ from the source. In this case Γ is the set of hashes:

Γ＝{N(1,1),N(2,3),N(4,7)}。

Merck proof was calculated as follows using D ₁ and Γ:

a. hashing the data block to obtain:

N(0,0)＝H(D₀)。

b. concatenating with N (1, 1) and hashing to obtain:

N(0,1)＝H(N(0,0)||N(1,1))。

c. Concatenating with N (2, 3) and hashing to obtain:

N(0,3)＝H(N(0,1)||N(2,3))。

d. concatenates with N (4, 7) and hashes to obtain the root:

N(0,7)＝H(N(0,3)||N(4,7))，

R′＝N(0,7)。

e. comparing the calculated root R' with the root R obtained in (i):

1. if R' =r, then D ₀ is present in the validation tree, thereby validating the dataset

2. If R' +.R, the proof fails, and D ₀ cannot be confirmed asIs a member of the group (a).

This is an efficient mechanism that can provide proof of existence for certain data that is part of the dataset represented by the merck tree and its root. For example, if data D ₀ corresponds to a blockchain transaction and root R is publicly available as part of the block header, then the transaction can be quickly proven to be contained in the block.

SPV

Simple Pay Verification (SPV) exploits these features of the merck tree, such as white book "bitcoin" in the middle book, 2008: the first time in section 8 of a point-to-point electronic cash system ". In the SPV-based cryptocurrency exchange between alice and bob, both parties use the same type of SPV wallet. The SPV wallet stores the user's private and public keys, unexpired transactions, and chunk headers that uniquely identify the chunks so that they can be located on the blockchain. As explained, the chunk header includes a data field that provides a unique digest or fingerprint of the content of the entire chunk, and a field that provides the merck root for the chunk. The merck root is generated by repeatedly hashing pairs of transaction IDs (txids) in a block together until a single hash is ultimately generated. The merck root provides an efficient and secure mechanism to verify whether a transaction is part of a chunk, as it allows users such as wallets and merchant nodes to verify a particular transaction locally without downloading the entire blockchain. This is advantageous for users (e.g., merchants and customers who wish to perform transfers between them) who do not need or wish to run a full node, but need only perform a localization check to determine whether a particular transaction is in a particular block. In summary, SPV enables such users to search the merck tree with a given root to check (i.e., verify) whether a particular transaction is included in a particular blockchain chunk without having to download and store the entire blockchain.

Thus, the SPV wallet has at least the advantage that power and storage limited devices such as cell phones and notebook computers can operate in the bitcoin ecosystem because it only needs to confirm whether the transaction has been authenticated (hence the term "simple payment authentication") rather than fully checking the blockchain in accordance with other forms of wallets. This significantly reduces the storage space, power and processing resources required for authentication, since the SPV wallet only downloads the block header and does not include any transactions. For reasons explained below, SPV wallets are particularly suitable for use with embodiments of the present disclosure, and the term "authentication" is used herein to include SPV checking.

Blocks of transactions

Fig. 4 schematically illustrates an example of a blockchain block. Each block contains a block header and a transaction set. The block header includes the hash of the previous block header, i.e., the hash of the block header of the block on which the current block is constructed. The tile header also includes the merck root of the merck tree constructed using the transaction set. Each transaction is first hashed (e.g., double hashed) to generate a transaction identifier (TxID) for the transaction. The transaction identifier is then used as a leaf node of the merck tree. The paired transaction identifiers are then concatenated and hashed to form respective internal nodes of the first internal hierarchy of the merck tree. The pairs of internal nodes of the first internal hierarchy are then concatenated and hashed to form corresponding internal nodes of the second internal hierarchy of the merck tree. The process of concatenating and hashing pairs of internal nodes is repeated until only a single hash is retained: merck root. This merck root is sometimes referred to as the block merck root.

Turning now to embodiments of the present disclosure, specific reference is made to fig. 5, 6 and 7.

Segment of merck tree identifying blocks

Suppose a particular party (e.g., alice) wishes to verify some transactions. According to an embodiment of the present disclosure, at least one subset of transactions is identified, wherein the subset forms a segment of an entire merck tree for a chunk and/or is represented by a segment of an entire merck tree for a chunk. Thus, a transaction block may be logically partitioned into multiple segments based on the merck tree of the block, each segment comprising a subset of the transactions of the block, and each segment having its own root node (or "root hash"). This public root hash is sometimes referred to hereinafter as "Duan Haxi" to distinguish it from the root hash of the entire block. Transactions on the same level (i.e., the lowest level, sometimes referred to as the "leaf level" or "leaf level") within the tree segment are peers (siblings). All transactions in a given segment share a common root node for that segment. The common root node may belong to an adjacent level of the merck tree, i.e. a level immediately above the lowest level. Or the common root node may belong to a higher hierarchy. In general, the common root node may belong to any hierarchy between the lowest hierarchy of the merck tree and the merck root.

Decomposing a chunk into smaller parts based on the merck tree provides significant technical advantages, including being able to quickly and efficiently distribute transactions among multiple verifiers. For example, because the bitcoin protocol uses a binary tree, binary assignments can be implemented across multiple machines. By using a small binary marker as an indexing system for segments, the position of each segment in the entire merck tree can be quickly calculated so that the segments can be reassembled after verification has been completed, thereby reconstructing the complete merck tree for the block. This binary indexing method will be discussed in more detail below.

The segments may be identified using various techniques, but according to one approach, the number of segments may be determined by the number of verifiers available in the system. For example, in a system with four verifiers, the merck tree may be partitioned into four segments; if there are eight verifiers, the merck tree can be broken down into eight segments, and so on. As shown by the controller 702 of fig. 7, the identification of segments of a given merck tree may be performed or affected by a control entity.

The gist explained above is further illustrated with reference to fig. 5 and 6, wherein fig. 5 shows an example of how the merck tree may be divided into separate parts 502 to be assigned to the verifier. In the example of fig. 5, each arrow represents a respective transaction hashed to form a respective transaction identifier, which is used at a respective leaf node of the merck tree. At the top of the merck tree is the block merck root. In this example, the transaction block represented by the merck tree contains 32 transactions. However, it should be understood that this is merely an illustrative example, and that the merck tree may contain any number of transactions, generally depending on the number of transactions in a block. As shown, the merck tree is divided into four portions 502a through 502d indicated by dashed boxes. Each portion 502 is linked by a respective common internal node (internal hash) 504 of the merck tree, which is represented by a solid circle. Each section 502 represents eight transactions. In this example, the common internal node 504 belongs to the fourth level of the merck tree. According to embodiments described herein, each respective portion 502 (or, more precisely, transactions forming and/or representing a portion) is assigned to a respective verifier for processing, e.g., for verifying transactions belonging to the respective portion 502.

Fig. 6 shows another example of how the merck tree may be divided into portions 602. The merck tree in fig. 6 is the same as the merck tree in fig. 5. Now, in this example, the merck tree is divided into eight parts 602a through 602h, each part 602 representing four transactions. In this example, the common internal node 604 belongs to the third level of the merck tree. Instead, the merck tree of fig. 5 and 6 may be divided into more (e.g., 16) or fewer (e.g., 2) portions 502, 602. In general, the merck tree formed by the transaction set of a chunk can be divided into any number of portions 502, 602, where each portion includes at least two transactions.

Assigning segments to corresponding verification resources

After identification, the transaction subset is distributed across multiple validation resources, which may also be referred to as a "validator" for ease of reference. In fig. 7 and 9, multiple verifiers are shown as resources a through D (704 a through 704D). The allocation process may be directed or effected by a dedicated element such as the component 904 shown in fig. 9, but is not limited thereto.

Each verifier (704 a-704 d) may include one or more processing resources. Thus, at least one of the plurality of verifiers (704 a-704 d) may be or include at least one of: one or more virtual machines, one or more servers, one or more GPU-based computing resources, one or more threads, and/or one or more multiprocessor systems, etc. Essentially, any one of a plurality of verifiers may be comprised of any one or more types or combinations of processing resources, each capable of verifying one or more transactions associated with each other through segments of the merck tree of blocks. The plurality of verifiers (704 a-704 d) and other system components form a collective resource or entity 700, which will be referred to as a "(distributed) verification node.

Preferably, the distributing includes assigning each segment to a respective verifier of the plurality of verifiers. The verifier may be set at least to:

operate on one or more transactions that constitute one or more segments that have been allocated to the one or more transactions;

verifying one or more transactions to verify whether the one or more transactions conform to the blockchain protocol; and/or

Verify whether they can be identified in existing stores such as blockchain ledgers or databases of known, registered or spent transactions.

The activity of the verifiers and the assignment of subsets to different verifiers may be directed by the controller. Fig. 7 shows that controller 702 assigns subsets of transactions a through D of corresponding tree segments to verifiers 704a through 704D, respectively. The system level controller 702 coordinates the activities of the systems or devices 704 a-704 d within the distributed verification nodes and may control or affect tasks such as identifying tree segments using the merck tree of the block, assigning the identified segments to respective verifiers, reordering the verified tree segments into a complete merck tree for the block, and/or ordering transactions within the reconstructed block.

One or more of the verifiers may include at least one coordinating entity configured to act as a verifier-level controller. Thus, any or all of verifiers 704a through 704d may include at least one controller component of their own. The lower level controller may affect or direct operations such as assigning tasks or sub-tasks to one or more processing resources within the verifier, reconstructing the merck tree for a given segment, or interacting with other system components (e.g., other verifiers or higher level controllers, UTXO pools, wallets, etc.). In turn, the processing resources themselves may be further broken down into smaller systems, where one or more of the smaller systems may include the controller and its own processing resource or resources. In this manner, the system may include a hierarchical architecture in which segment verification is performed by verification entities that include one or more processing resources for performing verification tasks, and one or more controllers for coordinating processor activities and performing inter-component communications.

In embodiments where the verifier includes multiple processing resources, the verifier may divide its allocated segments into smaller segments. The controller of the verifier may then distribute the subsections among the processors under its control. In this way, the verification process may be implemented in a hierarchical and distributed manner.

This hierarchical decomposition may also be extended to the transaction level so that verification may be further decomposed into sub-processes or tasks for each transaction, rather than at the tree-segment level. In this way, verification of one or more individual transactions is broken down into sub-tasks that are distributed across different machines, or different threads that run on the same or different machines. These processes may be queued such that when one thread becomes available, another transaction or task is assigned to that thread.

Thus, the present disclosure enables many transactions to be processed simultaneously, the only limitation being the amount of hardware available to form the distributed verification node, rather than the amount of processing speed available that becomes a bottleneck as in conventional techniques. This enables the blockchain processing system to be horizontally extended without requiring changes to the underlying protocol of the blockchain network.

Accordingly, the present disclosure has significant deviation from the conventional verification method, which is described in more detail below in the section entitled "exemplary technical environment for implementing the illustrative embodiments of the present disclosure" and with reference to fig. 1 and 2. As explained, the conventional approach involves verifying one tile as an entire entity, while the conventional view of the verification node (see 104 of fig. 1) is taken as a single computing unit. Instead, embodiments of the present disclosure decompose the merck tree into a plurality of segments that are provided to different verifiers (704 a through 704d in fig. 7 and 9), each segment and verifier being able to be further decomposed to increase the degree of distribution involved.

Further, by decomposing each chunk into segments based on its merck tree, embodiments of the present disclosure enable verifiers to access, download, and process small portions of chunks instead of entire chunks. It should be remembered that the transactions in each segment are hashed (in pairs) to a single root value. This means that only the necessary related transactions can be used to verify the segment, not the entire block that is downloaded, stored and processed in its entirety. Since protocols such as bitcoin SV allow for expanding the block size and including larger blocks in the ledger, the traditional model of downloading the entire block becomes a bottleneck. Embodiments of the present disclosure overcome this challenge of blockchain scalability by enabling individual verifiers to receive and process only the (smaller) portions associated therewith. This results in faster overall verification times, improved blockchain networks, and improved applications running on the blockchain.

Furthermore, embodiments support and facilitate the use of SPV processes and resources, as such SPVs involve only local verification of the portion of the merck tree that is of interest to a given party. Thus, the tree pruning nature of SPV techniques is well suited for use in connection with embodiments of the present disclosure. In the SPV context, only the portion of the chunk data that it needs, i.e., the chunk header or segment root node and related transactions, may be provided to the verifier.

When each verifier has performed its check and confirmed the validity of the segment it has processed, it can be guaranteed that the block is valid due to the hash mechanism used for the spanning tree.

Load balancing across multiple verifiers

Load balancing techniques and systems are known in the art, the purpose of which is to distribute tasks evenly across multiple resources in order to increase efficiency. The purpose of this is to minimize the risk that some processing resources are in idle state while others are overloaded, resulting in reduced performance and even failure. Load balancing therefore becomes critical in ensuring the flexibility of the overall system, as well as its performance and efficiency. Embodiments of the present disclosure may utilize any known load balancing technique, such as static or dynamic load balancing. Additionally or alternatively, the load balancing methods disclosed herein may be advantageously used.

As described above, embodiments of the present disclosure may use an indexing system in assigning block segments to respective verifiers. Preferably, the indexing system is a binary indexing system. In the preferred system, each verifier is designated as a binary tag or identifier. Assuming that each identifier is 4 bits in length, the first verifier is identified as 0000, the next verifier is identified as 0001, the next verifier is identified as 0010, and so on. Obviously, a 4-bit identifier allows 256 verifier IDs, the last verifier being identified as 1111 (i.e., verifier number 255 in decimal).

When a tree segment needs to be assigned to a verifier, the first 4 bits of its double hash (i.e., duan Haxi of the tree segment) can be used to determine which verifier will process the segment. It should be remembered that the merck root is generated by hashing pairs of transaction IDs (txids) together in a chunk to generate corresponding internal nodes (or internal hashes) of the merck tree, and then hashing adjacent internal hashes repeatedly until a single hash is ultimately generated. The merck root subjected to double hash processing provides an efficient, quick and safe verification mechanism. In the context of the present disclosure, this also has the advantage of double hashing to generate random binary numbers. Each internal hash (including each segment hash) is itself a double hash. Thus, the first x leading bits of Duan Haxi may be used as the allocation index. A hash with four leading zeros will result in a tree segment being assigned to a verifier with ID 0000, while a hash with leading bits 0001 will result in a verifier with ID 0001, and so on. The random generation of the double hash ensures that the tree segments are randomly distributed to the verifier.

Although double hashing is typically used when generating the merck tree, double hashing is not necessarily used in all examples, but only a single hash may be used. In fact, any number of hash operations will produce random binary numbers. The load balancing tasks may be performed by dedicated system components, as shown at 905 in fig. 9, or may be provided elsewhere within the system 700, or associated with and in communication with the system 700.

Distributed download block

According to some embodiments, assigning segments of a block merck tree to different verifiers may be used to provide a faster, more efficient process for downloading part or all of a transaction block.

Each verifier is assigned a segment of the merck tree, e.g., based on the assignment index described above. Any given verifier is then used to download the transaction set that forms the assigned tree segment. This may involve downloading the transaction set from the blockchain itself (e.g., from a blockchain node) or from a different resource or entity (e.g., a third party service provider). The transaction set may be downloaded to the internal memory of the verifier or to a shared storage location, such as a shared driver in the cloud.

A distributed node may need a complete block, i.e., an entire transaction set forming a block. In this case, each verifier assigned a tree segment downloads a subset of transactions forming the segment. In other cases, the distributed node may only need some portion of the block. In this case, only some verifiers may need to download their respective transaction subsets in order to obtain the desired transaction.

Downloading a chunk (or a portion of a chunk) in this manner increases the overall download speed, as each verifier only processes a subset of the transactions that form the entire transaction set for that chunk. This is in contrast to conventional block downloads in which a given entity (e.g., a full node) must download an entire block, for example, by downloading each transaction in the order in which it occurs in the block. The block is now downloaded in parallel by multiple verifiers. A block may contain thousands of transactions, perhaps orders of magnitude more. Downloading this number of transactions by a single entity would consume a significant amount of resources and take a significant amount of time. The computational burden is now distributed among the verifiers such that each individual verifier consumes a small portion of the processing resources. Similarly, this reduces the total time to download the block.

As discussed, each verifier may download a subset of transactions. These subsets may then be combined to reconstruct the block in a single storage location. ("single storage location" refers to a storage resource that is an independent entity or a plurality of associated storage resources that form a collective entity). To this end, each verifier may transmit its respective subset to a central controller of the distributed node, which is configured to arrange the transactions in the correct order. Duan Haxi (i.e., a hash of the linked tree segment) may be used for this purpose. For example, a mapping of the segment hash to its location in the merck tree may be maintained, e.g., from left to right (when Duan Haxi appears in the merck tree). The subsets of transactions may then be placed in order (e.g., from first to last) based on the corresponding segment hashes.

In some embodiments, each verifier (or distributed node as a whole) can confirm that the correct transaction has been downloaded (or that the transaction has been downloaded correctly) by reconstructing the merck tree. After downloading the subset of transactions, the verifier may generate a candidate segment hash based on the transactions. The candidate segment hash is constructed by hashing the pair of txids to generate a corresponding internal hash, and repeating the hashing of the pair of internal hashes until a candidate segment hash is generated. The level of the merck tree to which the candidate segment hash belongs will depend on the number of tree segments into which the merck tree is divided. The verifier may verify that the candidate segment hash is a hash of the merck tree. If the hashes do not match, an error occurs during the download process. In some examples, each verifier may generate a candidate segment hash and send it to the controller to perform the verification. As another example, candidate block merck roots may be generated based on the entire transaction set downloaded. Likewise, if a chunk has been downloaded correctly, the candidate merck root should match the actual chunk merck root (i.e., the merck root stored in the chunk).

In some cases, the verifier may verify the downloaded transaction using the techniques described above. That is, each verifier is assigned a tree segment, downloads a corresponding subset of transactions, and verifies the transactions. In other cases, the verifier may not necessarily verify the transaction, and may simply download the transaction for later use, e.g., for transmission to a third party.

Distributed UTXO pool

Preferably, each verifier 704 forming part of a distributed verification node has its own repository (pool) for generating, storing and/or maintaining unexpired transaction output (UTXO). The repository (pool) acts as a UTXO pool that provides a record of the unconsumed (i.e., unconsumed) output associated with the blockchain transaction. Thus, the UTXO pool of each verifier is based on the transactions that the controller assigns to it with respect to the merck tree segment, and is built from these transactions. In one embodiment, this may be a (graph) database that includes data related to the unused UTXOs that have been assigned to transactions for processing by a given verifier. When a new merck tree segment is assigned to the verifier, a record is created in the database for each UTXO that the verifier is aware of. Thus, from the perspective of a distributed verification node, the UTXO pool is not a single pool, but is made up of a plurality of different UTXO pools, each provided at or on a different verifier and comprising a different set of UTXOs. Thus, the UTXO pool for that node is distributed in terms of both data and the resources that store and/or process the data.

This is in contrast to the traditional UTXO model, where each complete node in the network has a copy of the UTXO pool that tracks all UTXOs on the blockchain. In contrast, the present disclosure distributes UTXO pools across multiple validation resources, each validation resource having a UTXO pool that is a subset of the entire set of UTXOs of the blockchain. The UTXO pool of each verifier includes UTXOs of transactions that make up the merck tree sub-part responsible for verification.

According to this approach, each time a new chunk needs to be verified, the new chunk can be implemented in a manner similar to an SQL transaction log, in that every command, event, and item associated with the database is recorded in the log. The term "database log" will be used herein to avoid confusion due to the use of the term "transaction", as is known with respect to blockchains, but is used to include terms such as "transaction log", and the like. Essentially, a database log can be interpreted as a history of actions performed by a database management system, providing a record of all changes that have occurred to the database state, as is known in the computer-based database art (see https:// en. Wikipedia. Org/wiki/transaction_log).

Using an ordered historian database log means that the entire UTXO pool can be constructed by executing the historian of the log in the original order of the log. Advantageously, this ensures that copies of the database can always be (re) generated when needed, and that no separate copy of the data need be stored. This ensures data integrity and requires less memory resources. Each UTXO pool may be stored, maintained, and processed separately. Also advantageously, if the SPV technique operates on a pruned portion of the merck tree, the SPV technique may facilitate creating a separate UTXO database for each verifier.

Transactions (TX) within a database may be structured in various ways, although a particularly advantageous approach is to construct transactions from identifiers comprising a concatenation of a block ID and a transaction ID (block_id ll TxID). Both the block ID and the transaction ID are 256-bit hashes, resulting in a secure and collision-free 512-bit concatenated field structure.

Constructing transactions in this manner provides a fast, efficient lookup mechanism. Transactions may be ordered by block_id such that all transactions with the same block_id are located together in the database. Thus, when a verifier needs a transaction (e.g., to check if the UTXO for the transaction has already spent), the verifier may locate the transaction in the database by first searching for the corresponding block_id and then searching for the corresponding TxID. The effect of this is that the search is limited to relevant parts of the database. Such efficiency reduces the time, processing resources, and energy required for the search operation, thereby achieving significant improvements over the prior art.

A flag or marker is associated with each UTXO in the pool of verifiers and indicates whether the UTXO is locked or unlocked. For convenience, this flag or marker may be referred to as a "lock flag". When a UTXO is marked as "locked," this indicates to the verifiers in the group (i.e., elsewhere in the distributed verification node) that the UTXO is not available for spending. Conversely, when the UTXO is marked as "unlocked," this indicates to the verifier that the UTO may cost. Thus, its role is to enable a verifier that has been assigned to validate the transaction spending UTXO to signal to its peer that the transaction spending UTXO, assuming that the transaction has proven valid, has been redeemed and is therefore no longer expendable. The "locked" state means the allowable costs, and the "unlocked" state means the forbidden costs.

The lock/unlock flag may be a simple small binary flag, e.g., 0 indicates "lock" and "1" indicates unlock. The tagging mechanism is used internally by a verifier in the distributed node system to remove tags from transactions prior to interacting with the blockchain so that the transactions conform to protocol rules.

In use, the verifier examines the output of each new transaction that the controller assigns to it. Any unexpired output (UTXO) is added to the UTXO pool of the verifier, i.e. recorded as an entry in the UTXO database. In the associated database record for each new UTXO, the lock flag is set to "unlock".

When a verifier finds that a newly allocated transaction is spending a UTXO, the verifier sends a message to each other of the plurality of verifiers informing them that the UTXO should also be locked in its respective pool. Essentially, the verifier sends a communication to its peer indicating that the verifier has found a cost related to a transaction with a particular hash ID at a particular time. Other verifiers need not receive complete data for the entire transaction because the transaction hash and its list of spent UTXOs are sufficient for them to identify the relevant transaction and mark it as locked in their own database. Upon receipt of the message, each receive verifier checks whether the associated UTXO is in its UTXO pool. If so, the state of the lock flag is changed to "locked". Thus, the lock prevention verifier allows the same UTXO to be spent in subsequent transactions. In the event that the new transaction does attempt to spend the same UTXO, checking the lock flag will indicate that the second spending attempt is ignored. If the verifier sending the message determines that verification failed and therefore the UTXO has not yet spent, another message may be sent to the verifier peer to this effect indicating that the lock flag of the UTXO should be changed to the "unlocked" state. Once the cost of validity has been completed, a message may be sent to this effect and the locked UTXOs may be deleted from the associated UTXO pool.

In the above embodiment, each verifier has a single UTXO pool that includes UTXOs that have been assigned to all transactions in all of its tree segments. However, by alternative methods, the UTXO pool maintained by each verifier may be divided/partitioned/divided into/made up of multiple sub-pools, one for each block. In this way, a single UTXO pool may be organized into a logical hierarchy. By another approach, one or more verifiers may be provided in association with a respective plurality of UTXO pools, each of the plurality of UTXO pools being associated with a UTXO for a set of one or more tree segments. Thus, in some embodiments, one or more verifiers may organize the UTXOs into separate UTXO pools for different individual tree segments or according to some predefined criteria, such as tree segment type or tree segments within a given range. In such embodiments, the identifier may include a tile ID that may be used to narrow the search to a pool of related UTXOs, and the search may then be conducted within the pool to (attempt) identify related transactions by their txids. It will be appreciated by those skilled in the art that in some embodiments a mix of these methods may be used, i.e., one or more verifiers within a distributed node may use a single UTXO pool method, while the other one or more verifiers are configured to use multiple separate UTXO pools and/or UTXO pools organized into sub-pools, or any combination thereof.

This may prevent a "double spending" situation, i.e., one party tries to spend the same UTXO twice. This provides a simple and secure locking mechanism that can operate efficiently, quickly, and maintain the security and integrity of transmissions implemented on the blockchain, regardless of the number or location of verifiers in the system.

Distributed excavation

A detailed description of one aspect of the present disclosure is now provided in which mining tasks and functions are separated from other operations that are typically associated with or performed by "full-volume nodes" on a blockchain network. This enables mining tasks to be distributed across different resources and processed in parallel. This provides a different technical architecture and system arrangement compared to the prior art and allows for greater flexibility in terms of placement or provision of resources. For example, the excavation resources may be provided in a geographic area with renewable energy supplies, thereby reducing the reliance of the network on expensive or high environmental cost energy sources.

As is well known in the art, and as shown in fig. 11, a transaction must be verified before it can be written to the blockchain. The network node (mineworker) performs work to ensure that every transaction is valid, while invalid transactions are rejected by the network. The software client installed on the node performs this validation on the Unexpired Transaction (UTXO) by executing its locking and unlocking scripts. If execution of the lock and unlock scripts evaluates to TRUE, the transaction is valid and the transaction is written to the blockchain. Thus, in order to add a transaction to the blockchain ledger, the transaction must: i) Validating by a first node receiving a transaction-if the transaction is validated, this node relaying it to other nodes in the network; ii) has been added to new blocks constructed by miners; iii) Has been excavated.

Conventionally, to mine a block, the mining node selects unacknowledged transactions from a pool of memory, generates Coinbase transactions for the block, and forms candidate blocks by hashing all transactions in pairs to form a merck tree structure with a merck (hash) root. The merck tree represents all transactions in the candidate block. The mineworker also determines the version number and the current cycle time and obtains a hash of the latest chunk on the ledger longest chain. The merck root is concatenated with other values to form the block message BM.

The mineworker then attempts to solve the PoW challenge by looking up an integer value (nonce), which when appended to the block message to produce a complete block header, produces a hash with a specified number of leading zeros. If the attempt fails to produce a satisfactory hash, the mineworker repeats the calculation using other random numbers. If the mineworker finds that the required number of leading zeros of random numbers were successfully generated, it would send the candidate block (including its complete block header) to the blockchain network for verification by other nodes. Thus, the random number provides evidence that miners spent energy, effort, and time searching for a solution to the challenge.

Thus, in the conventional approach, miners select a transaction, generate candidate blocks and generate PoW and complete block headers. In contrast to conventional approaches where these functions are performed by the same entity, in the methods disclosed herein, these functions are distributed and processed in parallel across different processing entities. This allows for verification and enforcement of pre-specified authorization criteria prior to performing and/or completing POW calculations.

In a preferred embodiment, the merck structure of the tile allows the functions in the verification and mining process to be separated and handled independently by different computing resources. These resources may be located anywhere in the world and may operate alone or in combination with each other. In general, they may form "distributed nodes" in which different node components are responsible exclusively for one or more functions related to blockchain transactions and verification and/or mining of blocks.

The methods disclosed herein relate to separating proof of work (PoW) computation from verification work, transactions, and other tasks typically associated with mining of traditional full-scale nodes. This means that the PoW provider does not need to perform any validation work, instead the validation node can delegate PoW computation to a professional, dedicated resource that can be located anywhere in the world.

Accordingly, the present disclosure represents a significant deviation from the traditional verification method, which is described in more detail herein in the section entitled "exemplary technical environment for implementing the illustrative embodiments of the present disclosure" and with reference to fig. 1 and 2.

Turning now to fig. 10 and 12-15, an embodiment of this aspect is shown. In this method, a distributed mining node 1000 shown in fig. 15 is provided. Or this may be referred to as a "PoW provider". The PoW provider 1000 includes at least one dedicated PoW calculator, which may also be referred to as a "Ha Xiji HASH MACHINE" or ASIC. The PoW calculator includes one or more integrated circuit chips (shown as 1100a, 1100b, 1100c in the figures) configured to mine crypto-currency according to an associated protocol. The calculators 1100 a-1100 c may be configured to mine the bitcoin using the SHA-256 algorithm. Other algorithms may be used for other crypto currencies, such as ETHASH for mining ethernet currencies.

As shown in fig. 10 and 15, the PoW provider 1000 communicates with a PoW request resource 1300 that is configured to send a request to the PoW provider to request that a valid random number (or preferably a complete block header) be generated for a given plurality of transactions. The term "request" as used herein is intended to include "indication" and/or "initiation". Thus, the request may include or may be an instruction or initiation of PoW generation. For simplicity, the term "request" will be used.

In other words, the PoW request resource 1300 may be referred to as a validation and/or mining resource or node, or simply "PoW requester". In a preferred embodiment, the request resource 1300 may be a distributed resource and facilitate parallel processing of verification and/or mining operations. Requester 1300 may be substantially as described herein and illustrated in fig. 7 with reference to verification node 700. However, in other embodiments, the requesting entity may take any suitable alternative form and may be any entity that needs to generate a PoW (random number or block header).

To request a PoW, the PoW requester 1300 sends at least some of the information needed to construct the block header of the transaction candidate block to the PoW provider 1000. The information sent from the PoW requestor may be referred to as a "chunk template" or "chunk message" and may include at least the root of the merck tree that represents all transactions in the chunk. The chunk template may also include other information, such as a version number, last chunk hash, difficulty target, and/or timestamp, of the chunk header used by the PoW provider to generate the transaction, or one or more of these data items may be calculated or obtained by the PoW provider. For example, the PoW provider may obtain, retrieve, or select a version number, or may obtain a last chunk hash from the network. It should be noted that the PoW provider need not receive the entire block from the PoW requester; it requires only enough, minimal information specified by the protocol to combine with the selected random number and attempt to solve the PoW challenge. However, it must receive the merck root of the transaction that the PoW requester wishes to include in the chunk, as this cannot be determined by the PoW provider 1000.

In some embodiments, the PoW provider may include a controller 1200 configured to coordinate activities of the PoW calculator. In some embodiments, the functions of the PoW provider 1000 and/or the controller 1200 may be implemented in an ASIC or a hash machine 1100. Fig. 15 shows the controller as part of the same entity as the PoW calculator, but this should not be construed to necessarily mean that the controller and ASIC are implemented in the same hardware or device. They may be provided as physically separate devices, but are logically or electronically associated with each other and/or communicate with each other to form the PoW provider 1000.

The controller 1200 may perform operations such as selecting a random number or range of random numbers for a given calculator (1100 a-1100 c) to operate, obtaining any necessary information not provided by the requester for PoW calculation and/or checking authorization criteria as described below. Calculator 1100a, calculator 1100b, and calculator 1100c may be configured to operate on different random number ranges for the same candidate block. However, in some embodiments, the PoW request resources may allocate a range of random numbers and the functions of the PoW provider 1000 and/or the controller 1200 may be implemented in the ASIC 1100. In still other embodiments, the PoW requester may assign a range of random numbers.

In addition to the tile template, the PoW requestor can provide further data to the PoW provider. This may be any type of data that is required by the PoW provider in order to confirm the fulfillment of at least one prerequisite rule or criterion or other. For ease of reference, the at least one pre-specified rule or criteria will be referred to hereinafter as a control criteria. The control criteria must be met before the PoW provider starts, continues and/or completes its PoW computing job. If the (control) data provided to the PoW provider meets the control criteria, the PoW provider may consider the PoW generation request to be an authorized, legal and/or allowed request. The control criteria may be predetermined at, by, or on behalf of the PoW provider. The PoW requester and PoW provider or their respective associated entities may agree on them.

In a preferred implementation, the control data is included in a transaction that forms part of the block for which the PoW is to be calculated. The PoW provider may evaluate or check the control data against control criteria to ensure pre-authorization or agreement between the parties, or legitimacy of the request from the authorization requester. For example, the PoW provider may require that the block include a transaction (TX ₀) that transfers a portion of the crypto-currency to a particular address. If the criteria is not met, the PoW request will not be considered an allowed request and will not attempt to calculate the required PoW. To assist in the inspection process, the PoW requester may provide an SPV type of credential as part of the data it sends to the PoW provider, which may use to confirm that transmission to a pre-specified address is to be made if the chunk was successfully mined and added to the blockchain.

In another example, the prerequisite may be that TX ₀ is signed by an authorized party.

In other examples, the control criteria may be that TX ₀ contains metadata that the PoW provider can check and confirm. For example, the metadata may include a secret (e.g., an encryption key), or a password/code, or some other data that the PoW provider may use to confirm that it is authorized or allowed to generate PoW for or on behalf of the requestor.

In some implementations, TX ₀ may also include instructions regarding where to send the PoW. For example, by default, it may be sent back to the PoW requester, or may be sent to another entity specified in the metadata or some other portion of the transaction. The metadata may include a flag or other identifier to indicate to which destination the PoW should be sent, or which party is authorizing the PoW request. The flag or identifier or password, etc. may be known only to the PoW provider and/or the requester. This may be advantageous in case the PoW provider may receive requests from multiple unrelated requesters.

In some cases, the check of TX ₀ may trigger an event for the PoW provider. For example, data in a transaction may cause a balance or account to be updated, for example, because the PoW provider is able to identify the request as received from a particular authorized requester having an account with the PoW provider. Additionally or alternatively, a PoW provider may not wish to provide more than a specified number of pows (possibly within a given period of time) to a given requester, and may use TX ₀ to determine whether a threshold has been met. Additionally or alternatively, the PoW provider may initiate an alarm, alert, or other communication based on the data provided in TX ₀.

In still other examples, the control criteria may be that TX ₀ spends a sufficient amount of crypto-currency (possibly to a pre-specified address), and the PoW may check the output of TX ₀ to ensure that the control criteria are met.

In still other examples, the input of TX ₀ may be checked to ensure that funds from an illegal or unauthorized source are not transferred and received. For example, if the PoW provider does not wish to receive requests from certain parties, e.g., because they are known or suspected to be associated with illegal activities, the PoW may refuse to generate the requested PoW. Accordingly, the present disclosure may provide a solution for ensuring compliance with legal or regulatory requirements, and may provide measures to prevent fraud/criminal activity.

Essentially, the present invention provides an authorization mechanism for parallel processing and distributing PoW computations in an efficient and non-requiring trust between the participants. The control criteria may be checked separately from the PoW calculation, and possibly in parallel therewith. In other words, when a request is received from a PoW requester, the PoW provider may begin PoW calculation substantially at the same time that it begins to check the received data against the control standard. If the received data does not meet the control criteria, the PoW provider may stop PoW computing operations; or if the criteria are met, the operation may be allowed to proceed. This has the following advantages: assuming the request is legitimate and an authorized request, the PoW can be returned to the requestor/specified destination as soon as possible. This may provide a time critical advantage as blockchain mining involves competing for the first active blocks to be provided to the network.

In the use example:

With specific reference to fig. 13 and 14, a description will now be given of how the present disclosure may be practiced in accordance with one illustrative embodiment.

From the PoW requester perspective in fig. 13:

Step S1300: the PoW requester 1300 selects unacknowledged Transactions (TX) from its memory pool and generates Coinbase transactions (if required or allowed by the relevant protocol). In other cases, it may receive the set of transactions from another source that provides the transactions to the PoW requestor.

The PoW requester may also generate or obtain at least one transaction TX ₀ arranged to meet authorization requirements specified by the PoW provider or an associated entity that authorizes and/or directs the activity of the PoW provider. In the illustrative example, the requirement is that TX ₀ include at least one output that transfers the asset to at least one specified address.

Step S1320: the PoW requestor (or related resource) hashes all transactions in pairs to produce the merck tree for the set of transactions. The merck tree has a root R.

Step S1330: in some embodiments, the PoW requester may generate the block message BM by concatenating the root R with other information (e.g., version number, last block hash, difficulty target, and/or timestamp) needed to generate the block header. In another embodiment, at least one, some, or all of these values may be obtained, retrieved, or generated by the PoW provider, rather than being provided by the PoW requester.

Step 1340: the PoW requester sends the root R (possibly as part of the block message BM) to the PoW provider. The verifier also sends a merck proof that the PoW can use to prove that TX ₀ is included in the chunk of the transaction represented by the tree with root R. The merck proof includes portions of a tree that when hashed in pairs with TX ₀ allows the prover to return to the root. In this way, the PoW requester need only send the root R, the grant transaction TX ₀, and the minimum set of transactions available to generate a path from TX ₀ to R to the PoW provider. The PoW provider may perform (in fig. 15) SPV type verification to check if the PoW requester meets the authorization criteria.

From the PoW provider perspective in fig. 14:

● Step S1400: the PoW provider 1000 receives the merck root of a set of transactions from PoW requesters. These transactions will form a block body, which is the block body that the PoW generates on behalf of the PoW requestor. As described above, the set of transactions may include one or more transactions selected from the memory pool, at least one grant transaction TX ₀, and Coinbase transactions (if related). The merck root R may be received from the PoW requester as part of a complete or incomplete block message. The PoW provider also receives at least one transaction TX ₀ that is set to meet at least one authorization requirement, and a portion of the set of transactions that is used as a merck proof that confirms that TX ₀ is included in the set of transactions.

● Step S1410: the PoW provider performs SPV type local verification using merck proof to confirm that TX ₀ is in the group and check if the PoW requester has met the authorization requirements.

● Step S1420: if the verification fails, the PoW is not authorized to proceed with PoW calculation. It terminates the process by either not instructing the PoW calculator to start the valid random numbers or (if the PoW calculator has started to perform the operation) instructing them to stop. No block header is sent to the PoW requester. However, an alert, signal, or message may be sent to the PoW requester or another destination to indicate that the authorization generated for the PoW has failed.

Or if the verification is successful, the authorized PoW generation proceeds.

● Step S1430: to generate a PoW, a calculator (1100 a, 1100b, or 1100 c) selects or receives a random number. This may be randomly generated or may be selected from a range of allowed random numbers that controller 1200 assigns to the calculator

● Step S1440: the calculator concatenates the block message with the selected random number. It should be noted that if the PoW requester does not provide a complete block message as described above, the PoW provider may retrieve, acquire, or generate any additional data needed to generate the block header according to the associated blockchain protocol. Concatenation of a block message and a random number provides a block header BH.

● Step S1450: then, double hash processing is performed on the block header BH.

● Step S1460: then, the result of step S1450 is compared with the difficulty target set by the protocol; if the required number of leading zeros is not provided, the block cannot be added to the ledger, so another random number is selected, and the process returns to step S1430.

● Step S1470: however, if the selected random number does produce the required number of zeros, then the block can be efficiently mined and thus a block including a valid random number is sent to the PoW requester or another designated destination.

Although not shown in the figures, the PoW requestor or another entity may then submit the block to the network for inclusion on the chain. Importantly, since PoW generation has been outsourced to professional, specialized PoW providers, poW requesters can handle, delegate, or coordinate other tasks, such as verification operations in parallel with PoW computing. This provides technical improvements in transaction throughput and resource efficiency.

The advantages are that:

aspects of the present disclosure have many advantages, including but not limited to:

1. The effort and cost of performing PoW calculations can be delegated and outsourced by PoW requesters to any PoW they choose to provide services.

2. These may even be providers that have no existing relationship with the verifier. Instead, the relationship between the PoW requester and the PoW provider is managed by satisfying at least one pre-specified criterion that serves as a pre-authorization to perform PoW work.

In some implementations, the PoW requestor sends a merck proof that the PoW provider can use to ensure that the necessary criteria have been met before starting the PoW computing job.

3. This allows an additional pre-authorization layer to be built into the PoW process, as both the PoW requester and PoW provider can prove that the candidate block contains transactions that meet pre-specified or agreed conditions. If the chunk was successfully mined and the transaction is included in the blockchain, the transaction and its asset transfer will be recorded immutably. In the event that the authorization criteria requires a transfer to a specified address, the PoW provider can be confident that the required transfer will be made if the block is written to the ledger.

4. Thus, satisfaction of the pre-specified criteria may be provably embedded in the data processed by the PoW provider. It is not sent separately from the PoW requester to the PoW provider. This provides a more efficient solution than the approach involving separate communication.

5. Since this scheme allows allocation of mining and verification tasks, the transaction function is separated from the processing of the block header. Thus, the hash machine/ASIC component may be located in one or more locations, while transactions may be performed in other locations. The location of the different functions may be selected according to different requirements of the energy resource or the network infrastructure. For example, since the PoW provider only needs to return a small (80 bytes) block header to the PoW requester, it can be located in an isolated location that can use renewable energy sources even if access to the internet is limited. The block header may be transmitted using a mobile phone having a low bandwidth. On the other hand, transactions may be performed in a location where internet access is good (e.g., metropolitan). In summary, this may enable more versatile, efficient task allocation, including the use of sustainable, environmentally friendly energy supplies.

6. Additional security may be provided because TX ₀ may be compared to control criteria to ensure that only requests from legitimate requesters are acted upon. This may prevent unauthorized parties, malicious parties (e.g., attackers), from utilizing and/or providing PoW work for parties that may be associated with undesirable or illegal activities and thus participating in criminal activities.

7. Authorization and control techniques for blockchain mining are improved because requesters can identify themselves in various ways through control data provided by TX ₀.

Illustrative System of possible embodiments

Fig. 7 and 9 illustrate an exemplary system 700 for implementing at least some of the described embodiments. Fig. 8 shows a flowchart of exemplary steps that may be taken in (a brief view of) the methods of the present disclosure.

The system 700 may be a closed system in that it may be associated with an organization and form part of a larger proprietary system. In this case, its data (e.g., transactions) may be received from other components within the organization's broader system and its results and output sent to an internal destination. Additionally or alternatively, the system 700 may be configured to interface with various entities, some or all of which may be located outside of an organization. In this case, the system 700 may be configured to provide verification functionality as a service. For example, system 700 may be configured to interact with a blockchain network to obtain the data it needs. Additionally or alternatively, the system may interact with an entity desiring to use its verification services. Thus, the activities of system 700 may be internal activities only with respect to a particular organization or entity, or may open interactions with external entities to provide verification services to other parties, or a combination of both. Communications between other internal or external entities may be coordinated by one or more interfaces or communication components, as shown at 902 in fig. 9.

As shown in fig. 7 and 9, the system 700 includes a control entity 702 (or simply "controller") and a plurality of verification resources 704 (also referred to herein simply as "verifiers"). Fig. 7 shows only four verifiers 701a through 701d, but system 700 may generally include any number of verifiers. Further, the controller 702 is shown in fig. 7 and 9 as being different from the verifiers 704, but it is not excluded that the controller 702 may include or consist of one of the verifiers 704. As described above, each verifier may include one or more processing resources and may include its own controller for coordinating its own internal activities. The hierarchical level that can be implemented in this way has no technical or logical limitations. However, for simplicity, while for ease of understanding, fig. 7 shows only one (top-level) level of such a hierarchy.

As shown in fig. 7, the controller 702 obtains a transaction set. The transaction may be received from a sending resource over an electronic channel or network. The sender may be any entity that wishes to perform some sort of verification check, either inside or outside the system organization as described above. This may be, for example, a complete node on a blockchain network, such as node 104 in FIG. 1, or a digital wallet, or a merchant/SPV node that wishes to perform local checks related to blockchain-implemented transfers between parties. One or more interfaces 902 may facilitate data transfer between the system 700 and sources external to the system.

Transaction formation or may form a transaction block. Transactions may be obtained from a single resource (e.g., from a block of a blockchain), or from different resources (e.g., one or more users, one or more blockchain nodes, etc.). Transactions may be obtained before they have been published on the blockchain (i.e., before being recorded in the block). Or the transaction may be obtained after it has been recorded on the blockchain.

The controller 702 assigns each verifier 704 a respective subset of transactions, as described herein. Each subset of transactions forms at least a portion of a respective portion of a merck tree generated based on the entire set of transactions and is linked by a respective common internal node of the merck tree. In the example of fig. 7, transaction subset a is assigned to verifier a, transaction subset B is assigned to verifier B, transaction subset C is assigned to verifier C, and transaction subset D is assigned to verifier D. After the transaction subsets have been allocated, verifier 704 then processes its respective subset. In some embodiments, this involves each verifier 704 verifying its respective subset of transactions. To this end, the controller 702 may transmit the relevant transaction to the respective verifier 704. The verifier 704 may communicate back to the controller 704 to indicate that each transaction in its respective subset of transactions is valid, or that at least one transaction is invalid.

At least one of verifiers 704a through 704d, but preferably some or all of the verifiers may have access to their own UTXO pools, shown as 901a through 901d in fig. 9. The pool includes the storage facilities such as the database described above and may have an advantageous indexing structure comprising a concatenation of a block ID and a transaction ID. In fig. 9, these pools are shown as being included within the respective verifiers, but those skilled in the art will readily understand that these pools may also/alternatively be provided by being external to, but in communication with, the verifiers.

In one or more embodiments, the disclosed process may include a block level verification stage during which incoming new blocks are tested against a block level standard. Exemplary block level standards are described above and generally relate to prescribed format requirements and features or limitations applicable to the block itself (rather than to transactions within the block). Examples include tile size, tile header structure or content, and similar criteria. Such operations may be performed by the controller or a component of the controller, or by another system component.

In some embodiments, the method may further include a UTXO uniqueness validation module for evaluating whether each input to a transaction in the new block (i.e., each UTXO) is unique. If the same UTXO appears multiple times as input in a new block, this represents a potential double cost problem and violates the UTXO uniqueness criteria. If the UTXO uniqueness validation module identifies a UTXO that is referenced multiple times in the transaction input in a new block, it may output an error signal or other interrupt to indicate that the block is to be rejected.

Assuming that the new blocks are not rejected, i.e., all UTXO inputs are unique, the merck tree segments may be identified and the associated transactions for these merck tree segments are centrally allocated in the verifier. The identification process may be performed by a component such as the segment identification unit 903 shown in fig. 9. The allocation process may be performed by a segment allocation unit (shown as 904 in fig. 9). The allocation unit 904 may employ any of a number of possible allocation schemes to distribute the block segments among the verifiers, but in an advantageous approach the allocation scheme may be targeted for load balancing as described above. The distribution unit 904 may include (or be in communication with) a load balancing unit 905. Although this is shown in fig. 9 as a separate associated component of the system, in other embodiments the load balancing unit may be part of the distribution unit 904 or separate with respect to the controller 702. Any combination of components may be readily employed.

Each verifier verifies transactions associated with one or more segments they receive against transaction-level verification criteria. The synchronous paradigm is not required between verifiers because they each independently verify whether the transactions assigned to them are valid. Each verifier outputs a result that confirms the validity of its assigned transaction. The results are added or accumulated to confirm that all transactions in the segment are valid. If one of the verifiers identifies an invalid transaction, the verifier may issue an output, such as an interrupt or other signal, to indicate that an invalid transaction exists. The interrupt or signal may be sent to other verifiers or controllers or another system component so that they may immediately stop testing their respective transactions and not waste more resources when verifying transactions within a block that are to be rejected.

In some examples, the system may be set to check block level criteria. This may be performed prior to assigning the segments to the verifier, although it should be appreciated that the block-level verification phase may occur after, or in some cases in parallel with, the transaction-level verification test of the verifier.

Reference will now be made to fig. 8, which illustrates in flow chart form one example of a method of verifying a block. The block contains a plurality of transactions, each referencing one or more inputs, and each input is UXTO (except where Coinbase generated the transaction). The method is implemented using appropriate hardware and processor-executable instructions within nodes on a blockchain network.

In operation, the distributed verification node 700 receives new block data in step S801. This may be the entire block or, in the case of SPV-related verification, it may include only part of the data required to perform the SPV check. For convenience, this data is referred to as a "block". The new chunk to be verified may be received from a mining node on the blockchain network that generates the new chunk and completes the proof of work, from a merchant node that wishes to perform (SPV) checks, or from a wallet such as an SPV wallet. The new block may be received from another (non-mining) node in the network. In some examples, distributed verification node 700 verifies a chunk before forwarding the chunk to any other node in the network. As described above, verifying a new tile may include confirming that the tile meets certain protocol-based criteria, and/or other criteria that may be specified and required within a given implementation.

In step S802, the system 700 identifies a block of the merck tree of blocks. In S803, the segments are distributed to a plurality of verifiers; and in S804 the verifiers process their respective transaction subsets substantially in parallel and independently of each other. In S805, the verifier signals the controller whether verification succeeded or failed.

It should be noted that the term "processor" when used in connection with the description of parallel processors herein does not necessarily refer to physically distinct microprocessors, and may include any hardware or software implementation that enables parallel processing resources to perform processor functions independently and in parallel. The parallel processor may include a processor having a plurality of cores. In some cases, the parallel processor may include a plurality of separate processing units. Parallel processors may or may not share physical memory. Regardless of how implemented, each parallel processor has a software or hardware mechanism for signaling to output a signal in response to identifying an invalid transaction. Implementations of parallel processors also include providing the necessary data transfer mechanisms in software and/or hardware to route the allocated transaction data to the various processors for local processing.

Enumerating clauses

For purposes of illustration and not limitation, embodiments of the present disclosure are provided in the following enumerated clauses.

The features mentioned below in relation to a set of enumerated clauses or aspects of the present disclosure are not intended to be limited in this regard, and any one or more features mentioned in relation to a set of clauses may be incorporated into one or more of the other sets of clauses.

Clause set 1:

Clause 1.1. A computer-implemented method for processing (e.g., verifying) at least a portion of a blockchain chunk, the blockchain chunk including a plurality of blockchain transactions and a root of a merck tree for the chunk.

The method may include:

Allocating respective subsets of the blockchain transactions to a plurality of processing (e.g., verifying) resources, wherein each respective subset provides a respective portion of the merck tree and is represented by a respective internal node of the merck tree; and/or

The plurality of processing (e.g., validation) resources are used to process (e.g., validate) their respective subsets of blockchain transactions.

Additionally or alternatively, the method may comprise:

At least a portion of a blockchain block is sent or received, the blockchain block including a plurality of blockchain transactions and a root of a merck tree for the block. The portion of the blockchain block may be transmitted from a transmit resource to a receive resource. The portion of the blockchain block may be transmitted over a network (e.g., the internet). The method may comprise the steps of: the portion of the blockchain block is processed at the receive resource. The receiving resource may be referred to as a processing or verification resource. The portion of the blockchain block may be transmitted using IPv6 multicast transmissions. At least one, some or all of the plurality of processing resources may be members of an IPv6 multicast group. The transmission resources may include network devices. The network device may be configured to send IPv6 multicast communications to a multicast address. MLD snooping may be enabled at the network device. This provides efficiency in terms of traffic on the network, as the transmit resources can selectively transmit portions of the blockchain blocks to particular receive resources (e.g., resources within the plurality of processing resources). By sending data packets to all resources on the network, including those resources that do not need or desire to receive data, network traffic can be reduced and energy and processing resources are not wasted. This also improves security, as it avoids the possibility of denial of service (DOS) attacks, and it also facilitates scalability of the blockchain network by allowing faster transaction throughput due to lower network congestion levels.

The term "verifier" may be used interchangeably with "verifying resources". For convenience, a "verifier/validation" may be used herein in place of a "processor/process". The plurality of verification resources may form a distributed verification node. At least one verification resource of the plurality of verification resources may include one or more processing resources. Additionally or alternatively, one or more of the plurality of verification resources may comprise a verifier controller component substantially as described herein. At least one or some of the verification resources within the distributed verification node may share (i.e., subscribe to) a public IPv6 multicast address.

The respective internal node may be a segment root. In other words, an "internal node" is a node in the merck tree that is neither the root nor leaf node of the entire tree. The transactions in each subset may share a respective common internal node.

In an alternative wording, each subset may comprise at least two transactions associated with a common node in the merck tree, such that the subset provides and/or is represented by a (sub) portion of the merck tree. The common (internal) node may be a segment node or root substantially as described herein. The portion of the merck tree may be a "segment" substantially as described herein.

Clause 1.2 the method of clause 1.1, wherein verifying the blockchain blocks and/or the subset of blockchain transactions comprises:

i) Validating and/or validating at least one blockchain transaction; and/or

Ii) performing a Simple Payment Verification (SPV) procedure; and/or

Iii) Determining whether a given blockchain transaction (Tx) is contained within the blockchain block; and/or

Iii) Generating a hash of at least one of the blockchain transactions, constructing a merck path using the hash, and/or checking whether the hash matches a transaction identifier (TxID) in a header of the blockchain block.

Clause 1.3 the method of clause 1.1 or 1.2, wherein:

At least one subset of the subsets of blockchain transactions includes an identifier associated with, identifying, and/or representing the subset.

Clause 1.4 the method of clause 1.3, wherein:

the identifier facilitates computing a location of the at least one subset within the merck tree.

Clause 1.5 the method of clause 1.3 or 1.4, wherein:

The identifier includes a portion of a hash of a blockchain transaction within the at least one subset of blockchain transactions.

Clause 1.6. The method of any of the preceding clauses, wherein:

the step of assigning the respective subset of blockchain transactions to the plurality of verified resources includes: the respective subset is matched with respective verification resources based on respective identifiers associated with the subset of transactions.

Clause 1.7. The method according to any of the preceding clauses, the method further comprising the steps of:

i) Downloading at least one subset of blockchain transactions to at least one validation resource of the plurality of validation resources; and/or

Ii) sending at least one subset of blockchain transactions to at least one validation resource of the plurality of validation resources.

Clause 1.8. The method of any of the preceding clauses, wherein:

The merck tree includes a binary tree or mesh (mesh) of hashes of the plurality of blockchain transactions.

Clause 1.9. The method according to any of the preceding clauses, the method further comprising the steps of:

the subset of blockchain transactions within the plurality of blockchain transactions is identified and/or determined.

Clause 1.10. The method of any of the preceding clauses, wherein:

At least one of the plurality of verified resources verifies that the resource is or includes one or more of:

virtual machines, servers, GPU-based computing resources, processing threads, and/or multiprocessor systems.

Clause 1.11. The method of any of the preceding clauses, wherein:

i) The at least two transactions are peers in the merck tree; and/or

Ii) the common node is a parent or ancestor of the at least two transactions.

Clause 1.12. A blockchain verification system for verifying at least a portion of a blockchain block, the blockchain block including a plurality of blockchain transactions and a root of a merck tree for the block;

Wherein the system comprises a plurality of verification resources, each verification resource comprising:

A processor; and

A memory comprising executable instructions that, when executed by the processor, cause the system to perform the computer-implemented method according to any of the preceding clauses.

Clause 1.13 is a non-transitory computer-readable storage medium having stored thereon executable instructions that, when executed by a processor of a computer system, cause the computer system to perform the computer-implemented method of any of clauses 1.1 to 1.11.

According to another aspect of the present disclosure, there is provided a computer-implemented system for performing any method step or combination of method steps described or claimed herein.

Further, there is provided a blockchain system (network) comprising a plurality of computer-implemented nodes, wherein each node in the blockchain network comprises:

A processor; and

A memory comprising executable instructions that, when executed by the processor, cause the system to perform any variant of the computer-implemented methods claimed or described herein.

The network may be used to operate using a blockchain protocol as described herein.

Additionally or alternatively, the present disclosure may include a computer-implemented method of downloading at least a portion of a blockchain block. The chunk may include a plurality of blockchain transactions and a root of a merck tree for the chunk. The method may comprise the steps described in one or more of the following clauses:

Clause set 2:

Clause 2.1. A computer-implemented method for receiving (e.g., downloading) at least a portion of a blockchain chunk, the blockchain chunk including a plurality of blockchain transactions and a root of a merck tree for the chunk; the method comprises the following steps:

Allocating respective subsets of the blockchain transactions to a plurality of processing resources, wherein each respective subset provides a respective portion of the merck tree and is represented by a respective internal node of the merck tree; and

One, some, or all of the plurality of processing resources are used to receive (e.g., download) their respective subsets of blockchain transactions.

In accordance with one or more embodiments, the one, some, or all of the processing resources may receive their respective subsets of blockchain transactions from a providing (sending) resource. The portion of the blockchain block may be transmitted over a network (e.g., the internet). The respective subset of blockchain transactions may be sent using IPv6 multicast transmissions. At least one, some or all of the plurality of processing resources may be members of an IPv6 multicast group. The transmission resources may include network devices. The network device may be configured to send IPv6 multicast communications to a multicast address. MLD snooping may be enabled at the network device. This provides efficiency in terms of traffic on the network, as the transmit resources may selectively transmit one or more subsets of blockchain transactions to particular receive resources (e.g., resources within the plurality of processing resources). By sending data packets to all resources on the network, including those resources that do not need or desire to receive data, network traffic can be reduced and energy and processing resources are not wasted. This also improves security, as it avoids the possibility of denial of service (DOS) attacks, and it also facilitates scalability of the blockchain network by allowing faster transaction throughput due to lower network congestion levels.

Each respective subset may be represented by the respective internal node, in the sense that the respective internal node may encode the respective subset. That is, the respective internal nodes may be generated based on (i.e., according to) the respective subsets. Each transaction in the respective subset may be linked to the respective internal node by one or more hash operations.

Clause 2.2 the method of clause 2.1, the method comprising:

one, some, or all of the plurality of processing resources send their respective subsets of blockchain transactions to the central storage.

Clause 2.3 the method of clause 2.2, wherein:

the respective internal nodes of the merck tree have respective locations in the merck tree, and wherein the method comprises:

The respective subset of blockchain transactions is arranged based on the respective location of the respective internal node of the merck tree.

Clause 2.4. The method according to any of the preceding clauses, the method comprising:

One, some, or all of the processing resources generate respective candidate internal nodes of the merck tree based on the downloaded respective subset of blockchain transactions; and the method further comprises at least one of:

Verifying that the respective candidate internal node matches the respective internal node of the merck tree; and/or

Verifying that the respective candidate internal node is a node of the merck tree by performing merck certification based on the root of the merck tree; and/or

The respective candidate internal nodes of the merck tree are sent to one or more other processing resources.

Clause 2.5 the method of any of the preceding clauses, the method comprising:

One, some, or all of the plurality of processing resources are used to validate their respective subsets of blockchain transactions.

Clause 2.6 the method of clause 2.1, wherein:

verifying the respective blockchain transaction subset includes:

i) Validating and/or validating at least one blockchain transaction; and/or

Ii) performing a simple payment verification process; and/or

Iii) Determining whether a given blockchain transaction is contained within the blockchain block; and/or

Iii) Generating a hash of at least one of the blockchain transactions, constructing a merck path using the hash, and/or checking whether the hash matches a transaction identifier in a blockhead of the blockchain block.

Clause 2.7. The method of any of the preceding clauses, wherein:

At least one respective subset of the respective blockchain transaction subsets includes a respective identifier associated with, identifying, and/or representing the respective subset.

Clause 2.8 the method of clause 2.7, wherein:

the respective identifiers facilitate computing respective locations of the at least one respective subset within the merck tree.

Clause 2.9. The method of clause 2.7 or 2.8, wherein:

the respective identifiers are based on the respective internal nodes of the merck tree.

10. The method of clause 9, wherein:

The respective identifiers include a portion of the respective internal nodes of the merck tree.

Clause 2.11. The method of any of the preceding clauses, wherein:

The step of allocating the respective blockchain transaction subset to the plurality of respective processing resources includes: the respective subset of transactions is matched with respective processing resources based on respective identifiers associated with the respective subset of transactions.

Clause 2.12. The method of any of the preceding clauses, wherein:

the merck tree includes a binary tree or mesh structure of hashes of the plurality of blockchain transactions.

Clause 2.13 the method of any of the preceding clauses, the method comprising:

the subset of blockchain transactions within the plurality of blockchain transactions is identified and/or determined.

Clause 2.14. The method of any of the preceding clauses, wherein:

at least one of the plurality of processing resources is or includes: virtual machines, servers, GPU-based computing resources, or multiprocessor systems.

Clause 2.15. A blockchain processing system for downloading at least a portion of a blockchain block, the blockchain block including a plurality of blockchain transactions and a root of a merck tree for the block; wherein the system comprises a plurality of processing resources, each processing resource comprising:

A processor; and

A memory comprising executable instructions that when executed by the processor cause the system to perform, or enable the system to perform, a computer-implemented method according to any of the preceding clauses.

Clause 2.16 is a non-transitory computer readable storage medium having stored thereon executable instructions that, when executed by a processor of a computer system, cause the computer system to perform, or enable the computer system to perform, the computer-implemented method according to any of clauses 2.1 to 2.14.

According to another aspect, there is provided a non-transitory computer-readable storage medium having stored thereon executable instructions that, when executed by a processor of a computer system, cause the computer system to perform any version of the computer-implemented method claimed or described herein.

Clause set 3:

clause 3.1. A computer-implemented method, the method comprising the steps of:

Generating, storing, and/or maintaining a first output store for recording, searching, and/or processing a plurality of unexpired transaction outputs (e.g., UTXOs), each unexpired transaction output associated with a transaction (Tx) of a plurality of blockchain Transactions (TXs) of a blockchain block;

Wherein:

The plurality of blockchain transactions provides and/or is represented by a portion of a merck tree for the blockchain block.

Clause 3.2 the method of clause 3.1, the method comprising:

at least one other output repository is generated, stored, and/or maintained.

Clause 3.3 the method of clause 3.1 or 3.2, further comprising:

a database log is created and/or maintained that includes a history of actions, changes, and events associated with the output repository.

Clause 3.4. The method of any of the preceding clauses, wherein:

The first output repository and/or the other output repository includes at least one record associated with:

i) Non-spent transaction output; and/or

Ii) an identifier associated with a) an unexpired transaction output and/or b) a transaction (Tx) of the plurality of blockchain transactions.

Clause 3.5 the method of clause 3.4, wherein:

The at least one record includes a record identifier having:

i) A block identifier (block_id), the block identifier being associated with a block chain block; and/or

Ii) a transaction identifier (TxID) associated with a transaction (Tx) of the plurality of blockchain transactions.

Clause 3.6 the method of clause 3.5, wherein:

i) The record identifier comprises a function of the block identifier (block_id) and the transaction identifier (TxID); and/or

Ii) concatenation of the block identifier (block_id) and the transaction identifier (TxID); and/or

Iii) The transaction of the plurality of blockchain transactions is associated with an unexpired transaction output.

Clause 3.7 the method of clause 3.5 or 3.6, further comprising the steps of:

at least one record in the output repository is searched, identified, accessed, or inserted using the record identifier.

Clause 3.8. The method of any of the preceding clauses, wherein:

at least one of the plurality of unexpired transaction outputs (UTXO) is associated in the output store with a lock flag that:

i) Indicating whether the unexpired transaction output is available for spending; and/or

Ii) configurable between a first state indicating that the unexpired transaction output is allowed to be spent and a second state indicating that the unexpired transaction output is prohibited from being spent.

Clause 3.9 the method of clause 3.8, comprising the steps of:

i) Associating the unexpired transaction output with the lock flag; and/or

Ii) changing the state of the lock flag from the first state to the second state or from the second state to the first state.

Clause 3.10 the method of clause 3.8 or 3.9, comprising the steps of:

A communication is sent from a first processing resource to at least one other processing resource to cause the at least one other processing resource to change the state of the lock flag associated with the unexpired transaction output from the first state to the second state or from the second state to the first state.

Clause 3.11 the method of clause 3.10, wherein the communicating comprises:

i) Transaction (TX), transaction identifier (TxID), and/or hash of Transaction (TX); and

Ii) a list of one or more unexpired transaction outputs.

Clause 3.12 the method of clause 3.10 or 3.11, comprising the steps of:

receiving the communication at the at least one other processing resource;

The state of the lock flag is changed from the first state to the second state or from the second state to the first state.

Clause 3.13. The method of any of the preceding clauses, wherein:

i) The portion of the merck tree is a sub-portion or segment of the merck tree for the blockchain chunk; and/or

Ii) the plurality of blockchain transactions are represented by internal nodes of the merck tree.

Clause 3.14. A system of blockchain implementation, the system comprising a plurality of processing resources, each processing resource comprising:

A processor; and

A memory comprising executable instructions that when executed by the processor cause the system to perform, or enable the system to perform, a computer-implemented method according to any of the preceding clauses.

15. A non-transitory computer-readable storage medium having stored thereon executable instructions that, when executed by a processor of a computer system, cause the system to perform, or enable the system to perform, the computer-implemented method of any one of clauses 3.1 to 3.13.

Clause set 4:

any of the embodiments defined in any of the clauses or combinations of clauses in clause set 4 may be used to implement any one or more of clauses set 1-3, or in combination with any one or more of clauses set 1-3.

Clause 4.1. A system for verifying at least a portion of a blockchain block, the blockchain block including a plurality of blockchain transactions and a root of a merck tree for the block, the system comprising:

a plurality of processing (e.g., verifying) resources, each processing (e.g., verifying) resource comprising:

at least one processor associated with at least a portion of a memory storing executable instructions that, when executed by the at least one processor, cause or enable the verification resource to:

At least a subset of the plurality of blockchain transactions is processed (e.g., verified), wherein the at least a subset provides a portion of the merck tree and is represented by internal nodes of the merck tree.

Clause 4.2 the system of clause 4.1, wherein the system further comprises:

i) A load balancing component for facilitating balancing distribution of a plurality of subsets of the plurality of blockchain transactions among the plurality of verified resources; and/or

Ii) a segment identification component for facilitating identification of the at least a subset of the plurality of blockchain transactions; and/or

Iii) A distribution unit; and/or

Iv) one or more interfaces for sending or receiving communications between the system and one or more data sources or destinations.

Clause 4.3 the system of clause 4.1 or 4.2, wherein:

The system includes at least one controller component for affecting and/or controlling operation of at least one of:

at least one verification resource;

at least one processor of the at least one verified resource;

One or more interfaces;

One or more load balancing components; and/or

One or more segment identification components for facilitating identification of the at least a subset of the plurality of blockchain transactions.

Clause 4.4. The system of any of the preceding clauses, wherein:

i) At least two transactions of the plurality of blockchain transactions are peers in the merck tree; and/or

Ii) the internal node is a parent or ancestor of the subset of blockchain transactions.

Clause 4.5 the system of any of the preceding clauses, further comprising:

A plurality of output repositories, each of the plurality of repositories being associated with a respective verification resource and being operable to facilitate recording, searching and/or processing a plurality of unexpired transaction outputs (e.g., UTXOs); preferably, wherein each of the plurality of unexpired transaction outputs is associated with at least one transaction (Tx) of the plurality of blockchain transactions.

Clause 4.6 the system of clause 4.5, wherein the system is used to:

Creating and/or maintaining a database log including a history of actions, changes, and events associated with at least one of the plurality of output repositories.

Clause 4.7 the system of any of the preceding clauses, wherein:

At least one output repository of the plurality of output repositories includes at least one record associated with:

i) Non-spent transaction output; and/or

Ii) an identifier associated with a) an unexpired transaction output and/or b) a transaction (Tx) of the plurality of blockchain transactions.

Clause 4.8 the system of clause 4.7, wherein:

The at least one record includes a record identifier having:

i) A block identifier (block_id), the block identifier being associated with the blockchain block; and/or

Ii) a transaction identifier (TxID) associated with a transaction (Tx) of the plurality of blockchain transactions.

Clause 4.9 the system of clause 4.7 or 4.8, wherein the record identifier comprises:

i) A function of the block identifier (block_id) and the transaction identifier (TxID); and/or

Ii) concatenation of the block identifier (block_id) and the transaction identifier (TxID).

10. The system of clauses 8 or 9, wherein the system is for:

the record identifier is used to search, identify, access, or insert the at least one record in at least one of the plurality of output repositories.

The system of any of clauses 4.11-4.5 to 4.10, wherein:

At least one unexpired transaction output (UTXO) of the plurality of transaction outputs (UTXOs) is associated with a lock flag, the lock flag:

i) Indicating whether the unexpired transaction output (UTXO) is available for spending; and/or

Ii) configurable between a first state indicating that the unexpired transaction output is allowed to be spent and a second state indicating that the unexpired transaction output is prohibited from being spent.

Clause 4.12 the system of clause 4.11, the system being used to:

the state of the lock flag is changed from the first state to the second state or from the second state to the first state.

Clause 4.13 the system of any of the preceding clauses, wherein the system is used to:

i) Assigning respective subsets of the blockchain transactions to the plurality of verified resources; and

Ii) using one, some or all of the plurality of validation resources to download and/or receive a respective subset of blockchain transactions.

Clause 4.14 the system of any of the preceding clauses, the system being for:

generating respective candidate internal nodes of the merck tree based on the downloaded respective subset of blockchain transactions using one, some, or all of the validation resources; and the system is further configured to perform at least one of:

verifying that the respective candidate internal node matches the respective internal node of the merck tree; and/or

Verifying that the respective candidate internal node is a node of the merck tree by performing a merck proof based on the root of the merck tree; and/or

The respective candidate internal nodes of the merck tree are sent to one or more other processing resources.

Clause 4.15 the system of any of the preceding clauses, wherein the system is used to:

i) Validating and/or validating at least one blockchain transaction; and/or

Ii) performing a simple payment verification process; and/or

Iii) Determining whether a given blockchain transaction is contained within the blockchain block; and/or

Iii) Generating a hash of at least one of the blockchain transactions, constructing a merck path using the hash, and/or checking whether the hash matches a transaction identifier in a blockhead of the blockchain block.

Clause 4.16 the system of any of the preceding clauses, wherein:

At least one of the plurality of verified resources is or includes at least one of: virtual machines, servers, GPU-based computing resources, threads, and/or multiprocessor systems.

Clause set 5:

Various embodiments of the presently claimed disclosure may be presented in the following enumerated clauses. Any feature provided in the following sets of terms may be combined with one or more features in any one or more of the previously enumerated sets of terms.

The present disclosure may provide methods and systems for distributing and/or parallel processing data records. The present disclosure may provide such methods/systems for mining blockchain transactions in blockchain blocks and/or for generating Proof of Work (PoW) or Proof of equity (PoS) for blockchain blocks. Advantageously, embodiments may allow the PoW or proof of equity calculation to be separated from other blockchain mining/verification tasks. Herein, for convenience only work proofs are mentioned, but this should not be construed as excluding rights proofs. The present disclosure may be described as providing authorization and/or control mechanisms for improved blockchain mining techniques and/or improved PoW generation techniques. It can also be described as an improved security technique.

Preferably, the PoW requester (first party/entity) may send to the professional PoW provider (second party/entity) one or more of the following: i) Merck root of merck tree representing a collection of transactions; ii) a control transaction (TX ₀); and iii) confirm that TX ₀ includes the merck proof in the transaction set. TX ₀ may provide or include control data that the PoW provider may use to determine whether to perform or complete PoW calculations.

One preferred embodiment can be described as:

clause 5.1. A computer-implemented method, the method comprising:

Transmitting a request from a first resource to a second resource to generate a proof of work (PoW) of a blockchain chunk containing a plurality of transactions, the request including a merck proof for verifying that a control transaction (TX ₀) is included in the plurality of transactions; and/or receiving, at the second resource, a request from the first resource to generate a proof of work (PoW) of a blockchain chunk including a plurality of transactions, the request including a merck proof for verifying that a control transaction (TX ₀) is included in the plurality of transactions.

The first resource may be a PoW requester and the second resource may be a PoW provider. The PoW may be any PoW specified by a blockchain protocol. The merck proof may include sufficient data to prove that a given blockchain transaction is included in a particular set of transactions and conversely refute its inclusion in that set of transactions. The set of transactions may be represented by a merck tree T with a merck root R.

Clause 5.2 the method of clause 5.1, wherein:

The control transaction (TX ₀) comprises control data for controlling, enabling and/or disabling the execution of the generation of the proof of work; preferably, wherein the control data comprises:

i) At least one output specifying a predetermined address of a destination of the blockchain transmission; preferably, wherein the address is associated with the second resource, or with a party associated with or authorized by the second resource; and/or

Ii) at least one predetermined signature; and/or

Iii) At least one secret value or secret portion of the data.

Clause 5.3 the method of clause 5.1 or 5.2, wherein:

the first resource is a PoW request resource, a blockchain verification resource or a blockchain mining resource; and/or

The second resource is a work proof provider; and/or

The second resource comprises at least one ASIC or hash machine or dedicated cryptocurrency mining resource.

Clause 5.4 the method of any of the preceding clauses, further comprising:

i) Receiving, at the first resource, from the second resource, a proof of work of the blockchain block; and/or

Ii) sending a proof of work of the blockchain block from the second resource to the first resource.

Clause 5.5. The method of any of the preceding clauses, wherein the proof of work comprises:

a value (random number nonce) set to provide an output that satisfies one or more of: a target, rule, or criteria specified by a blockchain protocol; and/or

A block header of the blockchain block; and/or

A puzzle or challenge solution specified according to the blockchain protocol.

Clause 5.6. The method of any of the preceding clauses, wherein generating the proof of work comprises:

i) Generating or selecting a value (nonce) that is set to provide an output that meets a target, challenge, rule, or criteria specified by the blockchain protocol;

ii) concatenating the blockmessage of the blockchain block with a random number nonce; and/or

Iii) And performing double hash processing on the block head of the block chain block.

Clause 5.7. The method according to any of the preceding clauses, the method comprising:

-processing or comparing at least a part of the control transaction (TX ₀) for a predefined control criterion, and-generating or not generating the proof of work based on an output of the processing or comparing;

Preferably, wherein the control criteria comprises at least one of a threshold, a rule or a criterion for allowing initiation, execution or completion of the proof of work generation.

Clause 5.8 the method of clause 5.7, further comprising:

enabling or disabling the generation of the proof of work based on:

i) -successfully or unsuccessfully acknowledging that the control transaction (TX ₀) is included in the plurality of transactions; and/or

Ii) determining that the control transaction includes or does not include a portion of data meeting a predetermined rule or criteria; and/or

Iii) It is determined that the control transaction or at least a portion of the control transaction meets the control criteria.

Clause 5.9. The method according to any of the preceding clauses, the method comprising the steps of:

at the first resource or the second resource, determining a portion of data required by a blockchain protocol for generating a proof of work of a block, the portion of data including one or more of:

a protocol version identifier;

Block hashing;

a proof of job difficulty target specified by the protocol; and/or

A time stamp.

Clause 5.10. The method of any of the preceding clauses, wherein:

i) The merck proof includes data configured to enable SPV verification to be performed to determine whether the control transaction is included in the plurality of transactions;

ii) the request includes the control transaction.

Clause 5.11. The method according to any of the preceding clauses, the method comprising the steps of:

processing the plurality of transactions to provide a merck tree;

preferably, wherein the processing involves a hash function.

Clause 5.12. The method of any of the preceding clauses, wherein:

The control transaction (TX ₀) includes an identifier that enables the second resource to identify the first resource; preferably, wherein the identifier is provided in an input, output, script or metadata portion of the control transaction.

Clause 5.13. A system operable to control or affect the generation of a proof of work for a blockchain block containing a plurality of transactions, and/or operable to implement the method of any of the preceding clauses.

Clause 5.14 the system of clause 5.13, comprising at least one of:

at least one proof of work providing resource (1000);

Preferably, wherein the at least one proof of work providing resource comprises at least one ASIC or hash machine (1100 a to 1100 c);

At least one proof of work request resource (1300);

Preferably, wherein the at least one proof of work request resource comprises a distributed verification node (700) substantially as disclosed herein.

Clause 5.15. A non-transitory computer readable storage medium having stored thereon executable instructions that, when executed by a processor of a computer system, cause the computer system to perform or enable the computer system to perform the computer-implemented method according to any of clauses 5.1 to 5.13.

Exemplary technical Environment for implementing illustrative embodiments of the disclosure

An overview of a computing environment in which one or more embodiments of the present disclosure may be practiced is now described. However, as noted above, this context is not intended to be limiting, and embodiments may be used to handle data records and structures that are not implemented via a blockchain. For example, a database may be used instead of a distributed ledger to design non-blockchain embodiments.

FIG. 1 illustrates an exemplary system 100 for implementing a blockchain 150. The system 100 may include a packet switched network 101, typically a wide area internet such as the internet. The packet switched network 101 includes a plurality of blockchain nodes 104 that may be configured to form a peer-to-peer (P2P) network 106 within the packet switched network 101. Although not shown, blockchain node 104 may be set to a near-complete graph. Thus, each blockchain node 104 is highly connected to other blockchain nodes 104.

Each blockchain node 104 includes a peer's computer device, with different nodes 104 belonging to different peers. Each blockchain node 104 includes a processing device including one or more processors, such as one or more Central Processing Units (CPUs), accelerator processors, special purpose processors, and/or Field Programmable Gate Arrays (FPGAs), among other devices, such as Application Specific Integrated Circuits (ASICs). Each node also includes memory, i.e., computer-readable memory in the form of a non-transitory computer-readable medium. The memory may include one or more memory units employing one or more memory media, e.g., magnetic media such as hard disks, electronic media such as Solid State Disks (SSDs), flash memory or electrically erasable programmable read-only memory (EEPROMs), and/or optical media such as optical drives.

The blockchain 150 includes a series of data blocks 151 with a respective copy of the blockchain 150 maintained at each of a plurality of blockchain nodes 104 in the distributed or blockchain network 106. As described above, maintaining a copy of the blockchain 150 does not necessarily mean completely storing the blockchain 150. Instead, the blockchain 150 may perform data pruning as long as each blockchain node 150 stores a block header (discussed below) for each block 151. Each block 151 in the blockchain includes one or more transactions 152, where a transaction in this context refers to a data structure. The nature of the data structure will depend on the type of transaction protocol used as part of the transaction model or plan. A given blockchain uses a particular transaction protocol throughout. In one common transaction protocol, the data structure of each transaction 152 includes at least one input and at least one output. Each output specifies a quantity representing a digital asset as an amount of property, an example of which is the output being cryptographically locked to the user 103 (requiring the user's signature or other solution to be unlocked for redemption or spending). Each input points to the output of a previous transaction 152, linking the transactions.

Each block 151 also includes a block pointer 155 that points to previously created blocks 151 in the blockchain to define the order of the blocks 151. Each transaction 152 (in addition to coinbase transactions) includes a pointer to the previous transaction to define the order of the sequence of transactions (note: the sequence of transactions 152 may branch). The blockchain of the blockchain 151 dates back to the start block (Gb) 153, which is the first blockin the blockchain. Early one or more original transactions 152 in the blockchain 150 point to the start block 153 instead of the previous transaction.

Each blockchain node 104 is configured to forward the transaction 152 to other blockchain nodes 104 such that the transaction 152 propagates throughout the network 106. Each blockchain node 104 is configured to create a block 151 and store a respective copy of the same blockchain 150 in its respective memory. Each blockchain node 104 also maintains an ordered set (or "pool") 154 of transactions 152 waiting to be incorporated into the block 151. Ordered pool 154 is commonly referred to as a "memory pool". In this document, the term is not intended to be limited to any particular blockchain, protocol, or model. The term refers to an ordered set of transactions that node 104 has accepted as valid, and for which node 104 is forced to not accept any other transactions that attempt to expend the same output.

In a given current transaction 152j, the input (or each input) includes a pointer that references the output of the previous transaction 152i in the transaction sequence, specifying that the output is to be redeemed or "spent" in the current transaction 152 j. In general, the previous transaction may be any transaction in ordered set 154 or any block 151. Although in order to ensure that the current transaction is valid, there will be a need to have the previous transaction 152i and verify that it is valid, there is no need to have the previous transaction 152i when creating the current transaction 152j and even sending the current transaction 152j to the network 106. Thus, in this context, "prior" refers to predecessors in the logical sequence linked by pointers, not necessarily creation times or transmission times in the time sequence, and thus the case of out-of-order creation or transmission transactions 152i, 152j is not necessarily precluded (see discussion below regarding isolated transactions). The previous transaction 152i may also be referred to as a look-ahead transaction or a look-ahead transaction.

The input of the current transaction 152j also includes an input authorization, such as a signature of the user 103a to which the output of the previous transaction 152i was locked. In turn, the output of the current transaction 152j may be cryptographically locked to the new user or entity 103b. Thus, the current transaction 152j may transfer the amount defined in the input of the previous transaction 152i to the new user or entity 103b defined in the output of the current transaction 152 j. In some cases, transaction 152 may have multiple outputs to split the input amount among multiple users or entities (one of which may be original user or entity 103a for alteration). In some cases, a transaction may also have multiple inputs, summarizing the amounts in multiple outputs of one or more previous transactions, and reassigning to one or more outputs of the current transaction.

According to an output-based transaction protocol, such as bitcoin, when a party 103, such as an individual user or organization, wishes to issue a new transaction 152j (either by an automated program employed by the party or manually), the issuer sends the new transaction from its computer terminal 102 to the recipient. The issuer or recipient will eventually send the transaction to one or more blockchain nodes 104 of the network 106 (now typically a server or data center, but in principle other user terminals are possible as well). It is also not precluded that the party 103 issuing the new transaction 152j may send the transaction directly to one or more blockchain nodes 104, and in some examples, may not send the transaction to the recipient. The blockchain nodes 104 that receive the transaction check whether the transaction is valid according to the blockchain point protocol applied at each blockchain node 104. The blockchain point protocol typically requires the blockchain node 104 to check whether the encrypted signature in the new transaction 152j matches the expected signature, depending on the previous transaction 152i in the ordered sequence of transactions 152. In such an output-based transaction protocol, this may include checking whether the cryptographic signature or other authorization of party 103 included in the input of new transaction 152j matches a condition defined in the output of the previous transaction 152i assigned by the new transaction, where the condition typically includes checking at least whether the cryptographic signature or other authorization in the input of new transaction 152j unlocks the output of the previous transaction 152i to which the input of the new transaction is linked. The condition may be defined, at least in part, by a script included in the output of the previous transaction 152i. Or this may be determined solely by the block link point protocol, or may be determined by a combination thereof. Either way, if the new transaction 152j is valid, the blockchain node 104 forwards it to one or more other blockchain nodes 104 in the blockchain network 106. These other blockchain nodes 104 apply the same tests according to the same blockchain point protocol and thus forward the new transaction 152j to one or more other nodes 104, and so on. In this way, new transactions propagate throughout the network of blockchain nodes 104.

In the output-based model, the definition of whether a given output (e.g., UTXO) is allocated (e.g., spent) is whether it is effectively redeemed by the input of another subsequent transaction 152j according to the blockchain point protocol. Another condition that the transaction is valid is that the output of its previous transaction 152i attempting to be redeemed has not yet been redeemed by another transaction. Also, if invalid, the transaction 152j will not propagate (unless marked invalid and propagated for reminder) or record in the blockchain 150. This prevents the duplication of costs, i.e. the transaction processor's output allocation to the same transaction more than once. On the other hand, account-based models prevent recurring costs by maintaining account balances. Because there is also a defined transaction order, the account balance has a single defined state at any time.

In addition to verifying that a transaction is valid, blockchain node 104 also contends to be the first node to create a block of transactions in a process commonly referred to as mining, which is supported by "proof of work". At the blockchain node 104, the new transaction is added to an ordered pool 154 of valid transactions that have not yet occurred in the blocks 151 recorded on the blockchain 150. The blockchain node then contends to assemble a new valid transaction block 151 of transactions 152 in the ordered transaction set 154 by attempting to solve the encryption challenge. Typically, this involves searching for a "random number" value such that when the random number is juxtaposed with a representation of the ordered pool of pending transactions 154 and hashed, the output of the hash value satisfies a predetermined condition. For example, the predetermined condition may be that the output of the hash value has some predefined number of leading zeros. Note that this is just one particular type of proof of work challenge and does not exclude other types. The hash function is characterized by having an unpredictable output relative to its input. Thus, the search can only be performed with brute force, consuming a significant amount of processing resources at each blockchain node 104 that is attempting to solve the puzzle.

The first blockchain node 104 to solve the problem declares the problem solution on the network 106, providing the solution as proof, and then other blockchain nodes 104 in the network can easily check the solution (once a solution for a hash value is given, can directly check if the solution has the output of the hash value meet the condition). The first blockchain node 104 propagates a block to other nodes that accept the block to achieve a threshold consensus, thereby enforcing the protocol rules. Ordered transaction set 154 is then recorded by each blockchain node 104 as a new chunk 151 in blockchain 150. The block pointer 155 is also assigned to a new block 151n that points to a previously created block 151n-1 in the blockchain. The significant amount of work (e.g., in the form of a hash) required to create the proof of work solution signals the intent of the first node 104 to follow the blockchain protocol. These rules include accepting no transaction as valid if it allocates the same output as the transaction previously verified to be valid, otherwise referred to as a repeat cost. Once created, the block 151 cannot be modified because it is identified and maintained at each blockchain node 104 in the blockchain network 106. The block pointer 155 also applies an order to the block 151. Since the transactions 152 are recorded in ordered blocks at each blockchain node 104 in the network 106, an unchangeable common ledger for transactions is provided.

It should be noted that different block chain nodes 104 that contend to solve a puzzle at any given time may do so based on different snapshots of pool 154 of transactions that have not yet been issued at any given time, depending on the order in which they begin searching for or receiving transactions. The person who solves the corresponding puzzle first defines the transactions 152 and their order included in the new block 151n and updates the current unpublished transaction pool 154. The blockchain node 104 then proceeds to contend to create a block from the newly defined unpublished transaction ordered pool 154, and so on. In addition, there are protocols that address any "bifurcation" that may occur, where two blockchain nodes 104 solve a problem within a short time of each other, propagating conflicting views of the blockchain between nodes 104. Briefly, the bifurcation direction is longest and becomes the final blockchain 150. It should be noted that this does not affect the users or agents of the network, as the same transaction will occur in both forks.

Based on the bitcoin blockchain (and most other blockchains), the node that successfully constructs the new block 104 is granted the ability to newly allocate additional, accepted amounts of digital assets in a new special type of transaction that allocates an additional defined amount of digital assets (as opposed to inter-agent or inter-user transactions that transfer a certain amount of digital assets from one agent or user to another). This particular type of transaction is commonly referred to as a "coinbase transaction," but may also be referred to as a "start transaction" or a "produce transaction. It typically forms the first transaction for the new block 151 n. The proof of work signals the intent of the node constructing the new block to follow the protocol rules, allowing the particular transaction to be redeemed at a later time. The blockchain protocol rules may require a maturity period, for example 100 blocks, before the special transaction can be redeemed. Typically, a regular (non-generating) transaction 152 will also specify an additional transaction cost in one of its outputs to further reward blockchain nodes 104 that create the block 151n in which the transaction was issued. This cost is commonly referred to as the "transaction cost" and is discussed below.

Because of the resources involved in transaction verification and distribution, typically at least each blockchain node 104 takes the form of a server including one or more physical server units, or even an entire data center. In principle, however, any given blockchain node 104 may take the form of one user terminal or a group of user terminals networked together.

The memory of each blockchain node 104 stores software configured to run on the processing devices of the blockchain nodes 104 to perform their respective roles and process the transactions 152 in accordance with the blockchain point protocol. It should be appreciated that any actions attributed herein to blockchain node 104 may be performed by software running on the processing means of the respective computer device. The node software may be implemented in an application layer or in one or more applications at a lower layer, such as an operating system layer or a protocol layer, or any combination of these layers.

Computer devices 102 of each of the parties 103 playing the role of a consuming user are also connected to the network 101. These users may interact with the blockchain network 106 but not participate in verifying transactions or constructing blocks. Some of the users or agents 103 may act as senders and receivers in transactions. Other users may interact with blockchain 150 without having to act as a sender or receiver. For example, some parties may act as storage entities that store copies of blockchain 150 (e.g., have obtained copies of blockchains from blockchain nodes 104).

Some or all of the parties 103 may connect as part of a different network, such as a network overlaid on top of the blockchain network 106. Users of the blockchain network (often referred to as "clients") may be referred to as being part of a system that includes the blockchain network 106; however, these users are not blockchain nodes 104 because they do not perform the roles required by blockchain nodes. Instead, each party 103 may interact with the blockchain network 106 to utilize the blockchain 150 by connecting to the blockchain node 106 (i.e., communicating with the blockchain node 106). For illustration purposes, both parties 103 and their respective devices 102 are shown: a first party 103a and its corresponding computer device 102a, and a second party 103b and its corresponding computer device 102b. It should be understood that more such parties 103 and their corresponding computer devices 102 may exist and participate in the system 100, but are not illustrated for convenience. Each party 103 may be an individual or an organization. For illustrative purposes only, the first party 103a is referred to herein as alice and the second party 103b is referred to as bob, but it should be understood that this is not limited to alice or bob, and any references herein to alice or bob may be replaced with "first party" and "second party", respectively.

The computer device 102 of each party 103 includes a respective processing means comprising one or more processors, such as one or more CPUs, graphics Processing Units (GPUs), other accelerator processors, application-specific processors, and/or FPGAs. The computer device 102 of each party 103 also includes memory, i.e., computer readable memory in the form of a non-transitory computer readable medium. The memory may include one or more memory units employing one or more memory media, e.g., magnetic media such as hard disks, electronic media such as SSDs, flash memory, or EEPROMs, and/or optical media such as optical drives. Memory on the computer device 102 of each party 103 stores software including a respective instance of at least one client application 105 arranged to run on a processing means. It should be understood that any actions attributed herein to a given party 103 may be performed by software running on the processing means of the corresponding computer device 102. The computer device 102 of each party 103 comprises at least one user terminal, for example a desktop or laptop computer, a tablet computer, a smart phone or a wearable device such as a smart watch. The computer device 102 of the given party 103 may also include one or more other network resources, such as cloud computing resources accessed through the user terminal.

Client application 105 may initially be provided to computer device 102 of any given party 103 by, for example, an appropriate computer readable storage medium downloaded from a server, or by a removable storage device such as a removable SSD, a flash memory key, a removable EEPROM, a removable magnetic disk drive, a floppy disk or magnetic tape, an optical disk such as a CD or DVD ROM, or a removable optical drive, etc.

Client application 105 includes at least a "wallet" function. This has two main functions. One of which is to enable the corresponding party 103 to create, authorize (e.g., sign) and send a transaction 152 to one or more bitcoin nodes 104 and then propagate through the network of blockchain nodes 104 for inclusion in the blockchain 150. Another function is to report to the corresponding party the amount of digital asset it currently owns. In an output-based system, this second function includes sorting out the amounts defined in the output of the various transactions 152 that are dispersed in the blockchain 150 that belong to the interested party.

Note that: while various client functions may be described as being integrated into a given client application 105, this is not necessarily limiting, and instead any of the client functions described herein may be implemented in a suite of two or more different applications, such as interfacing via an API or as a plug-in to one application as another. More colloquially, client functionality may be implemented at the application layer or at a lower layer such as the operating system or any combination of these layers. The description will be described below in terms of client application 105, but it should be understood that this is not limiting.

An instance of a client application or software 105 on each computer device 102 is operatively coupled to at least one of the blockchain nodes 104 of the network 106. This may enable the wallet functionality of the client 105 to send the transaction 152 to the network 106. The client 105 may also contact the blockchain node 104 to query the blockchain 150 for any transactions that the corresponding party 103 is a recipient (or indeed check the blockchain 150 for transactions of other parties, because in an embodiment the blockchain 150 is a public facility that provides transaction trust to some extent through its public visibility). The wallet functionality on each computer device 102 is configured to formulate and send transactions 152 according to a transaction protocol. As described above, each blockchain node 104 runs software configured to verify the transaction 152 and forward the transaction 152 for propagation in the blockchain network 106 according to the blockchain point protocol. The transaction protocol and the node protocol correspond to each other, and the given transaction protocol and the given node protocol together implement a given transaction model. The same transaction protocol is used for all transactions 152 in the blockchain 150. All nodes 104 in the network 106 use the same node protocol.

When a given party 103 (say alice) wishes to send a new transaction 152j to be included in the blockchain 150, she will formulate the new transaction according to the relevant transaction protocol (using the wallet functionality in her client application 105). She then sends transaction 152 from client application 105 to the blockchain node or nodes 104 to which she is connected. For example, this may be the blockchain node 104 that best connects with alice's computer 102. When any given blockchain node 104 receives a new transaction 152j, it will process according to the blockchain node protocol and its corresponding role. This includes first checking whether the newly received transaction 152j satisfies a particular condition to become "valid", a specific example of which will be discussed in detail later. In some transaction protocols, validity conditions may be configured on a per transaction basis by scripts contained in the transaction 152. Or the condition may be merely a built-in function of the node protocol or defined by combining a script and the node protocol.

If the newly received transaction 152j passes the validity test (i.e., in the "valid" condition), any blockchain node 104 that receives the transaction 152j will add a new validation valid transaction 152 to the ordered set of transactions 154 maintained at the blockchain node 104. Further, any blockchain node 104 that receives transaction 152j will then verify that the valid transaction 152 propagates to one or more other blockchain nodes 104 in the network 106. Since each blockchain node 104 applies the same protocol, it is assumed that transaction 152j is valid, meaning that the transaction will propagate soon throughout the network 106.

Upon entering the pending ordered pool of transactions 154 maintained at a given blockchain node 104, that blockchain node 104 will begin to contend for solving a proof-of-job puzzle on the latest version of its respective pool 154 containing new transactions 152 (bearing in mind that other blockchain nodes 104 may attempt to solve the puzzle based on different transaction pools 154. But the person that first solved the puzzle will define the set of transactions included in the latest block 151. Eventually, blockchain node 104 will solve a portion of the puzzle of ordered pool 154, including alice's transaction 152 j). Once pool 154, including new transaction 152j, completes the proof of work, it will invariably become part of one of blocks 151 in blockchain 150. Each transaction 152 includes a pointer to an earlier transaction, so the order of the transactions is also recorded unchanged.

Different blockchain nodes 104 may first receive different instances of a given transaction and thus have a conflicting view of which instance is "valid" before one instance is published into new block 151, at which point all blockchain nodes 104 agree that the published instance is the only valid instance. If the blockchain node 104 accepts one instance as a valid instance and then finds that a second instance has been recorded in the blockchain 150, the blockchain node 104 must accept this and discard (i.e., consider invalid) its originally accepted instance (i.e., an instance that has not yet been published in block 151).

As part of the account-based transaction model, another type of transaction protocol operated by some blockchain networks may be referred to as an "account-based" protocol. In the account-based case, each transaction is defined not by reference to the UTXO of the previous transaction in the past transaction sequence, but by reference to the absolute account balance. The current state of all accounts is stored separately by the nodes of the network into the blockchain and is updated continuously. In such systems, transactions are ordered using running transaction records (also referred to as "positions") of accounts. This value is signed by the sender as part of its cryptographic signature and hashed as part of the transaction reference calculation. In addition, optional data fields may also be signed in the transaction. For example, if the data field contains the ID of the previous transaction, the data field may point to the previous transaction.

UTXO-based model

Fig. 2 illustrates an exemplary transaction protocol. This is an example of a UTXO-based protocol. Transaction 152 (simply "Tx") is the basic data structure of blockchain 150 (each block 151 includes one or more transactions 152). The description will be made below by referring to an output-based or "UTXO" -based protocol. But this is not limited to all possible embodiments. It should be noted that while the exemplary UTXO-based protocol is described with reference to bitcoin, it may be implemented on other exemplary blockchain networks as well.

In the UTXO-based model, each transaction ("Tx") 152 includes a data structure that includes one or more inputs 202 and one or more outputs 203. Each output 203 may comprise an unexpired transaction output (UTXO) that may be used as a source of input 202 for another new transaction (if the UTXO has not yet been redeemed). The UTXO includes a value specifying a digital asset amount. This represents a set of pass on a distributed ledger. The UTXO may also contain the transaction ID of its source transaction, as well as other information. The transaction data structure may also include a header 201, which may include size indicators for the input field 202 and the output field 203. The header 201 may also include the ID of the transaction. In an embodiment, the transaction ID is a hash value of the transaction data (without the transaction ID itself) and is stored in the header 201 of the original transaction 152 submitted to the node 104.

Say alice 103a wishes to create a transaction 152j that transfers the amount of the associated digital asset to bob 103 b. In fig. 2, alice's new transaction 152j is labeled "Tx ₁". The new transaction obtains the digital asset amount locked to alice in the output 203 of the previous transaction 152i in the sequence and transfers at least a portion of such amount to bob. In fig. 2, the previous transaction 152i is labeled "Tx ₀".Tx₀ and Tx ₁ are just arbitrary labels, which does not necessarily mean that Tx ₀ refers to the first transaction in the blockchain 151 and Tx ₁ refers to the subsequent transaction in the pool 154. Tx ₁ may point to any previous (i.e., look ahead) transaction that still has the spent output 203 locked to alice.

When alice creates her new transaction Tx ₁, or at least when she sends the new transaction to the network 106, the previous transaction Tx ₀ may already be valid and included in the block 151 of the blockchain 150. The transaction may already be included in one of the blocks 151 at this time, or may still wait in the ordered set 154, in which case the transaction will soon be included in the new block 151. Or Tx ₀ and Tx ₁ may be created and sent together to network 106; or Tx ₀ may even be sent after Tx ₁ if the node protocol allows buffering "orphaned" transactions. The terms "prior" and "subsequent" as used herein in the context of a transaction sequence refer to the order of the transactions in the sequence defined by the transaction pointers specified in the transactions (which transaction points to which other transaction, etc.). They may also be replaced with "predecessors" and "successors", "antecedents" and "offspring" or "parents" and "children", etc. This does not necessarily refer to the order in which it was created, sent to the network 106, or arrived at any given blockchain node 104. However, subsequent transactions (descendant transactions or "child transactions") that point to a previous transaction (look ahead transaction or "parent transaction") will not be valid unless the parent transaction is valid. Child transactions that arrive at blockchain node 104 before a parent transaction are considered orphaned transactions. Depending on the node protocol and/or node behavior, it may be discarded or buffered for a period of time to wait for the parent transaction.

One of the one or more outputs 203 of the previous transaction Tx ₀ includes a particular UTXO, labeled UTXO ₀. Each UTXO includes a value specifying the digital asset amount represented by the UTXO and a locking script defining the conditions that must be met by the unlocking script in the input 202 of the subsequent transaction to validate the subsequent transaction to successfully redeem the UTXO. Typically, a locking script locks an amount to a particular party (beneficiary of the transaction of that amount). That is, the locking script defines an unlocking condition, which generally includes the following conditions: the unlock script in the input of the subsequent transaction includes an encrypted signature of the party to which the previous transaction was locked.

A lock script (also known as scriptPubKey) is a piece of code written in a domain-specific language identified by a node protocol. A specific example of such a language is called "Script" (S uppercase), which may be used by blockchain networks. The lock script specifies information required to spend the transaction output 203, such as alice signed requirements. An unlock script appears in the output of the transaction. An unlock script (also known as SCRIPTSIG) is a piece of code written in a domain-specific language that provides the information required to meet the lock script standard. For example, it may contain bob's signature. An unlock script appears in the input 202 of the transaction.

Thus in the example shown, the UTXO ₀ in the output 203 of Tx ₀ includes a locking script CHECKSIG P _A that requires alice's signature Sig P _A to redeem the UTXO ₀ (strictly speaking, to validate subsequent transactions attempting to redeem the UTXO ₀). [ CHECKSIG P _A ] contains a representation (i.e., hash) of public key P _A of Alice's public-private key pair. The input 202 of Tx ₁ includes a pointer to Tx ₁ (e.g., by its transaction ID (TxID ₀), which in an embodiment is a hash of the entire transaction Tx ₀). The input 202 to Tx ₁ includes an index identifying UTXO ₀ in Tx ₀ to identify it among any other possible outputs to Tx ₀. The input 202 of Tx ₁ further includes an unlock script < Sig P _A >, which includes alice's encrypted signature created by applying alice's private key in its key pair to predetermined partial data (sometimes referred to as a "message" in cryptography). Data (or "messages") that alice needs to sign to provide a valid signature may be defined by a lock script, a node protocol, or a combination thereof.

When a new transaction Tx ₁ arrives at the blockchain node 104, the node applies the node protocol. This includes running the locking script and the unlocking script together to check whether the unlocking script satisfies a condition defined in the locking script (where the condition may include one or more criteria). In an embodiment, this involves juxtaposing two scripts:

<Sig PA><PA>||[Checksig PA]

Where "||" denotes juxtaposition "< … >" denotes placing data on the stack, "[ … ]" denotes a function consisting of a locking script (in this example, a stack-based language). Also, rather than concatenating scripts, scripts may run one after another using a common stack. Either way, when run together, the script uses alice's public key P _A (included in the locked script of the output of Tx ₀) to authenticate whether the unlocked script in the input of Tx ₁ contains the signature when alice signed the data of the intended portion. It is also necessary to include the expected portion of the data itself ("message") in order to perform this authentication. In an embodiment, the signed data includes the entire Tx ₁ (and thus need not include a separate element to explicitly specify the signed portion of the data, as it already exists itself).

Those skilled in the art will be familiar with the details of authentication by public and private passwords. Basically, if alice has encrypted a signed message using his private key, then given alice's public key and the message in plain text, other entities such as node 104 can verify that the message must have been signed by alice. Signing typically involves hashing the message, signing the hash value and signing this to the message as a signature, thereby enabling any holder of the public key to verify the signature. Thus, it should be noted that in an embodiment, any reference herein to signing a particular data segment or transaction portion, etc., may mean signing the hash value of that data segment or transaction portion.

If the unlock script in Tx ₁ satisfies one or more conditions specified in the lock script of Tx ₀ (and thus, in the example shown, if Alice's signature is provided and verified in Tx ₁), then the blockchain node 104 considers Tx ₁ valid. This means that the blockchain node 104 will add Tx ₁ to the pending transaction ordered pool 154. The blockchain node 104 may also forward the transaction Tx ₁ to one or more other blockchain nodes 104 in the network 106 so that it may propagate throughout the network 106. Once Tx ₁ is valid and included in the blockchain 150, this will define UTXO ₀ as spent from Tx ₀. It should be noted that Tx ₁ is only active when it spends the unused transaction output 203. If it tries to spend the output that another transaction 152 has spent, tx ₁ will be inactive even if all other conditions are met. Thus, the blockchain node 104 also needs to check whether the UTXO referenced in the previous transaction Tx ₀ has already spent (i.e., whether it has already formed a valid input for another valid transaction). This is one of the reasons why it is important that the blockchain 150 impose a defined order on the transactions 152. In practice, a given blockchain node 104 may maintain a separate database marking the UTXOs 203 of spent transactions 152, but ultimately defining whether a UTXO has spent depends on whether a valid input for another valid transaction is formed in the blockchain 150.

If the total number specified in all outputs 203 of a given transaction 152 is greater than the total number pointed to by all of its inputs 202, this is another basis for failure in most transaction models. Thus, such transactions are not propagated or included in block 151.

Note that in the UTXO-based transaction model, a given UTXO needs to be used as a whole. A portion of the amount defined as spent in the UTXO cannot be "left behind" while another portion is spent. The amount of UTXOs may be split between multiple outputs of subsequent transactions. For example, the amount defined in UTXOs ₀ of Tx ₀ may be split among multiple UTXOs in Tx ₁. Thus, if alice does not want to give bob all the amounts defined in UTXO ₀, she can use the remainder to make his own change in the second output of Tx ₁ or pay the other party.

In practice alice typically also needs to include a fee for the bitcoin node 104, which bitcoin node 104 successfully contains alice's transaction 104 in block 151. If alice does not include such fees, tx ₀ may be rejected by blockchain node 104 and thus, while technically effective, may not propagate and be included in blockchain 150 (if blockchain node 104 does not wish to accept transaction 152, the node protocol does not force blockchain node 104 to accept). In some protocols, the transaction cost does not require its own separate output 203 (i.e., a separate UTXO is not required). Instead, any difference between the total pointed to by the input 202 and the total pointed to by the output 203 of a given transaction 152 will be automatically provided to the blockchain node 104 that issued the transaction. For example, assume that the pointer to UTXO ₀ is the only input to Tx ₁ and that Tx ₁ has only one output UTXO ₁. If the digital asset amount specified in UTXO ₀ is greater than the amount specified in UTXO ₁, the difference may be assigned by node 104 that wins the proof of work contest to create a block containing UTXO ₁. Alternatively or additionally, this does not necessarily preclude that the transaction cost may be explicitly specified in one of the UTXOs 203 of its own transaction 152.

Alice and bob's digital assets consist of UTXOs locked to them in any transaction 152 anywhere in the blockchain 150. Thus, typically, the assets of a given party 103 are scattered throughout the UTXOs of the various transactions 152 of the blockchain 150. No location in blockchain 150 stores a number defining the total balance of a given party 103. The purpose of the wallet function of the client application 105 is to put together the various UTXO values that are locked to the respective party and that have not yet been spent in other subsequent transactions. To achieve this, it may query the copy of the blockchain 150 stored at any of the bitcoin nodes 104.

It should be noted that script code is typically represented schematically (i.e., in a non-precise language). For example, an operation code (opcode) may be used to represent a particular function. "op_," refers to a specific opcode of the scripting language. For example, op_return is a scripting language opcode that, when op_false is added before the opcode at the beginning of the locking script, creates an inexpensible output of the transaction that can store data within the transaction, thereby immutably recording the data in the blockchain 150. For example, the data may include files that need to be stored in a blockchain.

Typically, the input of the transaction contains a digital signature corresponding to the public key PA. In an embodiment, this is based on ECDSA using an elliptic curve secp k 1. Digital signatures sign specific data segments. In an embodiment, for a given transaction, the signature will sign part of the transaction input as well as part or all of the transaction output. Signing a particular portion of the output depends on the SIGHASH flag. The SIGHASH flag is typically 4-byte code contained at the end of the signature to select the output of the signature (and thus fixed at the time of signing).

The locking script is sometimes referred to as "scriptPubKey" meaning that it typically includes the public key of the party to which the corresponding transaction is locked. The unlock script is sometimes referred to as "SCRIPTSIG" meaning that it typically provides a corresponding signature. But more colloquially, the UTXO redemption conditions do not necessarily include verification of the signature in all applications of the blockchain 150. More colloquially, a scripting language may be used to define any one or more conditions. Thus, the more general terms "locking script" and "unlocking script" may be preferred.

Side channel

As shown in FIG. 1, the client application on each of the computer devices 102a, 120b of Alice and Bob may include additional communication functionality. This additional functionality may enable alice 103a to establish a separate side channel 107 with bob 103b (under the initiative of either party or a third party). The side channel 107 enables exchange of data off the blockchain network. Such communications are sometimes referred to as "under-chain" communications. For example, this may be used to exchange transaction 152 between alice and bob without registering the transaction (not yet) on the blockchain network 106 or publishing it on the chain 150 until one of the parties chooses to broadcast it on the network 106. Sharing transactions in this manner is sometimes referred to as sharing a "transaction template". The transaction template may lack one or more inputs and/or outputs required to form a complete transaction. Alternatively or additionally, the side channel 107 may be used to exchange any other transaction related data, such as keys, bargained amounts or terms, data content, etc.

The side channel 107 may be established through the same packet switched network 101 as the blockchain network 106. Alternatively or additionally, the side channel 301 may be established via a different network, such as a mobile cellular network, or a local area network, such as a wireless local area network, or even via a direct wired or wireless link between alice and bob's devices 102a, 102 b. In general, the side channels 107 referred to anywhere herein may comprise any one or more links for "under-chain" exchange of data, i.e., exchange of data off of the blockchain network 106, via one or more networking technologies or communication mediums. Where multiple links are used, the bundle or set of links may be referred to as a side channel 107 as a whole. It should therefore be noted that if alice and bob are said to exchange some information or data etc. via the side channel 107, this does not necessarily mean that all of these data must be sent over exactly the same link or even the same type of network.

Further comment on

Other variations or use cases of the disclosed techniques may become apparent to those skilled in the art once the disclosure herein is given. The scope of the present disclosure is not limited by the described embodiments, but only by the appended claims. For example, some of the embodiments above have been described in terms of bitcoin network 106, bitcoin blockchain 150, and bitcoin node 104. However, it should be appreciated that a bitcoin blockchain is one specific example of a blockchain 150, and that the above description is generally applicable to any blockchain. That is, the present invention is in no way limited to a bitcoin blockchain. More generally, any of the references above to the bitcoin network 106, bitcoin blockchain 150, and bitcoin node 104 may be replaced with reference to the blockchain network 106, blockchain 150, and blockchain node 104, respectively. The blockchain, blockchain network, and/or blockchain nodes may share some or all of the characteristics of the bitcoin blockchain 150, bitcoin network 106, and bitcoin node 104 as described above.

In a preferred embodiment of the present disclosure, the blockchain network 106 is a bitcoin network, and the bitcoin node 104 performs at least some or all of the functions described for creating, publishing, propagating and storing the blocks 151 of the blockchain 150. It is not excluded that there may be other network entities (or network elements) performing only one or some, but not all of these functions. That is, network entities may perform the function of propagating and/or storing blocks without creating and publishing blocks (keeping in mind that these entities are not considered nodes of the preferred bitcoin network 106).

In other embodiments of the present disclosure, the blockchain network 106 may not be a bitcoin network. In these embodiments, it is not excluded that a node may perform at least one, but not all, of the functions of creating, publishing, propagating and storing the blocks 151 of the blockchain 150. For example, on these other blockchain networks, "node" may be used to refer to a network entity configured to create and publish blocks 151, but not store and/or propagate these blocks 151 to other nodes.

Even more colloquially, any reference to the term "bitcoin node" 104 above may be replaced with the term "network entity" or "network element" wherein such entities/elements are configured to perform some or all of the roles of creating, publishing, propagating, and storing a chunk. The functionality of such network entities/elements may be implemented in hardware in the same manner as described above with reference to blockchain node 104.

The term "user" as used herein may include both human and machine-based entities.

The above-described embodiments illustrate rather than limit the disclosure, and those skilled in the art will be capable of designing many alternative embodiments without departing from the scope of the disclosure as defined by the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" and "comprises", and the like, does not exclude the presence of elements or steps other than those listed in any claim or the specification as a whole. In this specification, "comprising" means "including" or "consisting of. The use of the terms "comprises" or "comprising," such as "comprises" or "comprising," throughout this specification, will be understood to mean the inclusion of a stated element, integer, step, or group of elements, integers or steps, but not the exclusion of any other element, integer, or step, or group of elements, integers or steps. The singular reference of an element does not exclude the plural reference of such elements and vice-versa. The disclosure may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In a device claim enumerating several means, several of these means may be embodied by one and the same item of hardware. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.

Claims (15)

1.A computer-implemented method, the method comprising:

Sending, from a first resource to a second resource, a request to generate a proof of work (PoW) of a blockchain block, the blockchain block containing a plurality of transactions, the request including a merck proof for verifying that a control transaction (TX ₀) is included in the plurality of transactions; and/or

A request is received at the second resource from the first resource to generate a proof of work (PoW) of a blockchain block, the blockchain block including a plurality of transactions, the request including a merck proof for verifying that a control transaction (TX ₀) is included in the plurality of transactions.

2. The method according to claim 1, wherein:

The control transaction (TX ₀) comprises control data for controlling, enabling and/or disabling the execution of the proof of work generation; preferably, wherein the control data comprises:

i) At least one output specifying a predetermined address of a destination of the blockchain transmission; preferably, wherein the address is associated with the second resource, or with a party associated with or authorized by the second resource; and/or

Ii) at least one predetermined signature; and/or

Iii) At least one secret value or secret portion of the data.

3. The method according to claim 1 or 2, wherein:

the first resource is a PoW request resource, a blockchain verification resource or a blockchain mining resource; and/or

The second resource is a work proof provider; and/or

The second resource comprises at least one ASIC or hash machine or dedicated cryptocurrency mining resource.

4. The method of any preceding claim, further comprising:

i) Receiving, at the first resource, from the second resource, a proof of work of the blockchain block; and/or

Ii) sending a proof of work of the blockchain block from the second resource to the first resource.

5. The method of any preceding claim, wherein the proof of work comprises:

a value (random number nonce) set to provide an output that satisfies one or more of: a target, rule, or criteria specified by a blockchain protocol; and/or

A block header of the blockchain block; and/or

A puzzle or challenge solution specified according to the blockchain protocol.

6. The method of any preceding claim, wherein generating the proof of work comprises:

i) Generating or selecting a value (nonce) that is set to provide an output that meets a target, challenge, rule, or criteria specified by the blockchain protocol;

ii) concatenating the blockmessage of the blockchain block with a random number nonce; and/or

Iii) And performing double hash processing on the block head of the block chain block.

7. A method according to any preceding claim, the method comprising:

-processing or comparing at least a part of the control transaction (TX ₀) for a predefined control criterion, and-generating or not generating the proof of work based on an output of the processing or comparing;

Preferably, wherein the control criteria comprises at least one of a threshold, a rule or a criterion for allowing initiation, execution or completion of the proof of work generation.

8. The method of claim 7, the method further comprising:

enabling or disabling the generation of the proof of work based on:

i) -successfully or unsuccessfully acknowledging that the control transaction (TX ₀) is included in the plurality of transactions; and/or

Ii) determining that the control transaction includes or does not include a portion of data meeting a predetermined rule or criteria; and/or

Iii) It is determined that the control transaction or at least a portion of the control transaction meets the control criteria.

9. A method according to any of the preceding claims, comprising the steps of:

at the first resource or the second resource, determining a portion of data required by a blockchain protocol for generating a proof of work of a block, the portion of data including one or more of:

a protocol version identifier;

Block hashing;

a proof of job difficulty target specified by the protocol; and/or

A time stamp.

10. The method of any preceding claim, wherein:

i) The merck proof includes data arranged to enable SPV verification to be performed to determine whether the control transaction is included in the plurality of transactions;

ii) the request includes the control transaction.

11. A method according to any of the preceding claims, comprising the steps of:

processing the plurality of transactions to provide a merck tree;

preferably, wherein the processing involves a hash function.

12. The method of any preceding claim, wherein:

The control transaction (TX ₀) includes an identifier that enables the second resource to identify the first resource; preferably, wherein the identifier is provided in an input, output, script or metadata portion of the control transaction.

13. A system operable to control or influence the generation of a proof of work for a blockchain block containing a plurality of transactions and/or operable to implement the method of any preceding claim.

14. The system of claim 13, the system comprising at least one of:

at least one proof of work providing resource (1000);

Preferably, wherein the at least one proof of work providing resource comprises at least one ASIC or hash machine (1100 a to 1100 c);

At least one proof of work request resource (1300);

Preferably, wherein the at least one proof of work request resource comprises a distributed verification node (700) substantially as disclosed herein.

15. A non-transitory computer-readable storage medium having stored thereon executable instructions that, when executed by a processor of a computer system, cause the computer system to perform or enable the computer system to perform the computer-implemented method of any one of claims 1 to 13.