Summary of the invention
The embodiment of the present invention is intended to provide the method for secret protection and block catenary system of a kind of block chain transaction data, passes through
The technical issues of mode for hiding transaction amount, which solve the secret protection of current block chain dependence third party's trust authorities,
Protect customer transaction data-privacy.
In order to solve the above technical problems, the embodiment of the present invention the following technical schemes are provided:
In a first aspect, the embodiment of the present invention provides a kind of method for secret protection of block chain transaction data, it is applied to block
Catenary system, the block catenary system include ordinary node, miner's node and verifying node, which comprises
Step S1 generates attached key pair (PAh, SAh) according to the private key SA of the sender A of transaction association respectively, and
Attached key pair (PBh, SBh) is generated according to the private key SB of recipient B association;
Step S2, sender A send intention of transferring accounts to recipient B, and the intention of transferring accounts includes: A account balance, trade gold
Volume, sender A are using private key SA to the signature for the intention of transferring accounts and the attached public key PAh of sender A;
Step S3, recipient B transfer accounts intention described in receiving, and send Transaction Information, the Transaction Information to miner's node
It include: the signature and recipient B of the intention of transferring accounts, B account balance, recipient B of sender A transmission using private key SB to transaction
Attached public key PBh;
Step S4 after miner's node receives the Transaction Information, is distinguished by the attached public key PAh of the sender A
A account balance and transaction amount are encrypted, and, by the attached public key PBh of the recipient B respectively to more than B account
Volume and transaction amount are encrypted, and after verifying to the Transaction Information, the Transaction Information is added in block;
Step S5, verifying node verify the block, and block chain is written in the Transaction Information after being proved to be successful;
Step S6, ordinary node receive the block, and update the State Tree of itself.
In some embodiments, the step S1 is generated according to the private key SA of the sender A of transaction association attached close respectively
Key generates attached key pair (PBh, SBh) to (PAh, SAh), and according to the private key SB of recipient B association, specifically includes:
The attached with additive homomorphism cryptographic attributes of the sender A is generated to the private key SA association of the sender A
Key pair (PAh, SAh), and adding with additive homomorphism for the recipient B, is generated to the private key SB association of the recipient B
The attached key pair (PBh, SBh) of close attribute.
In some embodiments, sender A described in the step S2 sends intention of transferring accounts to recipient B, further includes:
An account C is created in State Tree;
The account C is sent by the transaction amount in the intention of transferring accounts for needing to be sent to recipient B by sender A, and
Its whole remaining sum is sent to by account C the account of recipient B.
In some embodiments, the Transaction Information is verified described in the step S4, is specifically included:
Judge that the attached public key PAh of sender A carries out A account in encrypted ciphertext and State Tree to A account balance
Whether remaining sum ciphertext consistent and the attached public key PBh of recipient B carries out encrypted ciphertext and State Tree to B account balance
Whether the remaining sum ciphertext of middle B account is consistent;
Judge whether transaction amount is positive, and whether transaction amount is not more than A account balance;
Sender A is verified using private key SA to the signature for the intention of transferring accounts by the public key PA of sender A, and, by connecing
The public key PB verifying recipient B of receipts person B is using private key SB to the signature of transaction.
In some embodiments, the Transaction Information is added in block described in the step S4, is specifically included:
The attached public key PAh of sender A is subjected to encrypted ciphertext and the attached public key of recipient B to transaction amount
PBh carries out encrypted ciphertext to transaction amount, is added in block as Transaction Information.
In some embodiments, verifying node described in the step S5 verifies the block, specifically includes:
The legitimacy of the All Activity in the block is verified, and,
The proof of work of miner's node is verified.
In some embodiments, before ordinary node described in the step S5 receives the block, the method is also
Include:
According to Byzantine failure tolerance agreement, verifies and verify whether the number of signatures of node is more than threshold value in the block, if so,
Then receive the block.
In some embodiments, ordinary node described in the step S6 receives the block, and updates the shape of itself
State tree, specifically includes:
Encrypted ciphertext is carried out to transaction amount by the attached public key PAh of sender A, A account balance is carried out same
State addition updates A account balance;
Encrypted ciphertext is carried out to transaction amount by the attached public key PBh of recipient B, B account balance is carried out same
State addition updates B account balance.
In some embodiments, unique mark of the user in the block catenary system by the public key of itself as identity
Know, also, the block catenary system is the attached key pair of private key association generation of each user, each attached key pair is equal
Including attached public key and attached private key, the attached private key is for decrypting the ciphertext after its corresponding attached public key encryption.
Second aspect, the embodiment of the present invention provide a kind of block catenary system, using the hidden of above-mentioned block chain transaction data
Private guard method, the block catenary system include: ordinary node, miner's node and verifying node, wherein the block linkwork
System is that the private key association of each node generates attached key pair.
The beneficial effect of the embodiment of the present invention is: being in contrast to the prior art down, provided in an embodiment of the present invention one
The method for secret protection of kind block chain transaction data, is applied to block catenary system, the block catenary system includes ordinary node, mine
Work node and verifying node, which comprises step S1 is associated with according to the private key SA of the sender A of transaction generates respectively
Attached key pair (PAh, SAh), and attached key pair (PBh, SBh) is generated according to the private key SB of recipient B association;Step
S2, sender A transfer accounts intention to recipient B transmission, and the intention of transferring accounts includes: that A account balance, transaction amount, sender A make
With private key SA to the signature for the intention of transferring accounts and the attached public key PAh of sender A;Step S3, recipient B transfer accounts meaning described in receiving
To, and to miner's node send Transaction Information, the Transaction Information include: sender A send intention of transferring accounts, B account balance,
Recipient B is using private key SB to the signature of transaction and the attached public key PBh of recipient B;Step S4, miner's node receive institute
After stating Transaction Information, A account balance and transaction amount are encrypted respectively by the attached public key PAh of the sender A, with
And B account balance and transaction amount are encrypted respectively by the attached public key PBh of the recipient B, and to the transaction
After information is verified, the Transaction Information is added in block;Step S5, verifying node verify the block,
Block chain is written into the Transaction Information after being proved to be successful;Step S6, ordinary node receive the block, and update the shape of itself
State tree.By the above-mentioned means, the secret protection that the embodiment of the present invention is able to solve current block chain relies on third party's trust authority
The technical issues of, protect customer transaction data-privacy.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
Every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
In addition, as long as technical characteristic involved in the various embodiments of the present invention described below is each other not
Constituting conflict can be combined with each other.
Block catenary system has the characteristics that decentralization, is different from conventional center server, since block catenary system does not have
There is centralization node, the mechanism that needs to know together maintains normal operation, for example, common recognition mechanism includes proof of work algorithm (Proof
Of Work, POW), i.e. POW algorithm is based on POW algorithm, and block catenary system can be realized the common recognition verifying of block.
POW algorithm is a kind of strategy of a kind of reply Denial of Service attack and other service abuses, a proof of work
Refer to that a data for meeting specified conditions calculate, it is relatively difficult to generate correct result, but it is simpler to verify correct result
It is single.The generation of correct result can only carry out verifying trial and error by constantly enumerating random number, to eventually find correct option.
Wherein, which realized using Hash (hash) algorithm.Hash algorithm is a kind of one-way Hash algorithm, calculates Kazakhstan
The process of uncommon value is fairly simple, but to obtain satisfactory cryptographic Hash, then can only be carried out by enumerating trial and error.
In some virtual encryption money-systems, when carrying out random hash operation, POW algorithm is introduced to some spy
The scanning work of definite value, for example, at SHA-256, random hash value with one or more 0 start, with 0 quantity gradually
Increase, traversing out workload required for solution corresponding with the random hash value in the case of this will be exponentially increased, and to result
It tests, only needs a random hash operation.
A random number (Nonce) is augmented in the block of some virtual encryption money-systems, which needs to meet
So that there is the condition of required specified quantity 0 in the cryptographic Hash of given block.It, can only due to the irreversible property of Hash operation
The random number of the condition of satisfaction is traversed out by making repeated attempts.
As long as block chain node traverses go out to meet the random number of condition, which just completes the card of workload
It is bright, to obtain the packing book keeping operation power of block.
In the world of block chain, nodes all over the world take part in the book keeping operation of block chain network jointly.Such as bit
For coin by proof of work mechanism, miner solves Hash puzzle to the block generated is packaged, and result is committed to network, waits
Other node verifications simultaneously confirm block.Nodes indicate their identity by public key, and exercise oneself by private key and transfer accounts
Right.
No matter in bit coin or ether mill, and in the various public chains that occur later, all transaction data
It is all to be disclosed in clear-text way on block chain.Although can not judge a person's identity only by public key, transaction
The disclosure of data, so that account tracking is provided with certain feasibility, to can not also protect the trading activity privacy of account.
In the design of ChainStack block chain, using the common recognition mechanism of the certainty POW of original creation, in this common recognition
In mechanism, there are two kinds of roles of miner and verifier.Miner needs to carry out Hash calculation and solves difficult math question, and verifiers then pass through
Practical Byzantine failure tolerance common recognition algorithm verifies the block of miner, and is finally committed in network.Other nodes connect
A block can be received by only being needed to verify the signature of verifier by block, and such receiving be it is deterministic,
Rather than probabilistic confirmation as bit coin.
In ChainStack block chain, invention introduces a kind of secret protection methods of block chain transaction data, make
Obtain the transaction data for saving user in a manner of ciphertext on block chain.
Referring to Fig. 1, Fig. 1 is a kind of configuration diagram of block catenary system provided in an embodiment of the present invention;Such as Fig. 1 institute
Show, which includes: ordinary node 11, miner's node 12 and verifying 13 3 kinds of block chain nodes of node.Wherein,
Whole block chain nodes in the block catenary system all have the function of ordinary node, i.e., whole block chain nodes can be with
As the sender of transaction, the recipient of transaction can also be become.
Point-to- point communication is supported between any two node in ordinary node 11, miner's node 12 and verifying node 13
(Point to point communication, P2P), also, ordinary node 11, miner's node 12 and verifying node 13 all may be used
To undertake different responsibilities in each leisure block catenary system, safeguard block jointly as the block chain node in block catenary system
Work, stabilization and the safety of catenary system.
Ordinary node 11 holds the electronic money of circulation, and the right of vote by ballot is possessed in block catenary system.Common section
Point 11 can carry out relationship trading operation, but the not packing book keeping operation power of block.Ordinary node 11 can only be packaged note from possessing
Synchronous recording block data at the interdependent node of account power.The ordinary node 11 can be the sender of transaction, be also possible to hand over
Easy recipient.
Miner's node 12 is responsible for calculating Hash problem, finds out block.Wherein, which is based on meeting preset condition
The block of generating random number.In some embodiments, block uses proof of work algorithm (Proof of by miner's node 12
Work, POW) generate, also target cryptographic Hash is less than namely based on the calculated cryptographic Hash to be verified of the random number of block.
Wherein, miner's node 12 opens digging mine mode by ordinary node 11 and is transformed.
Node 13 is verified for verifying block of knowing together, and the block being verified is recorded on block chain.Wherein, described
It verifies node 13 and application for registration is submitted by ordinary node 11, and generated after being elected to by ballot.
It is understood that above-mentioned ordinary node 11, miner's node 12 and verifying node 13 can be a physical services
A logical server made of device or multiple physical servers are virtual.Server be also possible to it is multiple can interconnected communication clothes
The server zone of business device composition, and each functional module can be respectively distributed on each server in server zone.
Referring to Fig. 2, Fig. 2 is a kind of stream of the method for secret protection of block chain transaction data provided in an embodiment of the present invention
Journey schematic diagram;
As shown in Fig. 2, the method for secret protection of the block chain transaction data, is applied to block catenary system, the block chain
System includes ordinary node, miner's node and verifying node, which comprises
Step S1: generating attached key pair (PAh, SAh) according to the private key SA of the sender A of transaction association respectively, and
Attached key pair (PBh, SBh) is generated according to the private key SB of recipient B association;
Specifically, whole block chain nodes in the block catenary system generate key by elliptic curve encryption algorithm
Right, the key pair includes public key and private key, wherein whole nodes or whole users in the block catenary system pass through itself
Unique identification of the public key as identity, and signed by the private key of itself to transaction, and other in block catenary system
Node or user, which then sign to it by using the public key of user, to be verified.
In embodiments of the present invention, the block catenary system is whole block chain nodes (packet in the block catenary system
Include ordinary node, miner's node and verifying node) private key association generate attached key pair, each attached key pair is equal
Including attached public key and attached private key, the attached public key is for encrypting account balance and transaction amount, the attached private key
For decrypting the ciphertext after its corresponding attached public key encryption, to generate the corresponding plaintext of ciphertext.
It is a kind of schematic diagram for generating attached key pair provided in an embodiment of the present invention referring again to Fig. 3, Fig. 3;
As shown in figure 3, the private key of all block chain nodes in block catenary system is attached by the generation of additive homomorphism algorithm
Key pair, and private key signs to the intention of transferring accounts for a certain node or user, remaining node or use in block catenary system
The signature is verified by the node or user's corresponding public key at family.
Specifically, the step S1, generates attached key pair according to the private key SA of the sender A of transaction association respectively
(PAh, SAh), and attached key pair (PBh, SBh) is generated according to the private key SB of recipient B association, it specifically includes:
The attached with additive homomorphism cryptographic attributes of the sender A is generated to the private key SA association of the sender A
Key pair (PAh, SAh), and adding with additive homomorphism for the recipient B, is generated to the private key SB association of the recipient B
The attached key pair (PBh, SBh) of close attribute, so that the attached key pair (PAh, SAh) of the sender A and recipient B
Attached key pair (PBh, SBh) meets additive homomorphism characteristic, that is, meets PAh (X+Y)=PAh (X)+PAh (Y) and PBh (X+Y)
=PBh (X)+PBh (Y).In embodiments of the present invention, Pailliers key pair is generated by Pailliers algorithm, it is described
Pailliers key pair has additive homomorphism, that is, meets for any plaintext X1 and X2, and PAh (X1+X2)=PAh (X1)+
PAh (X2) and PBh (X1+X2)=PBh (X1)+PBh (X2).Wherein, the attached public key PAh of the sender A is used for miner
Node encrypts A account balance and transaction amount;The attached public key PBh of the recipient B is for miner's node to B account
Remaining sum and transaction amount are encrypted.
Specifically, described be based on additive homomorphism algorithm, the sender A is generated to the private key SA association of the sender A
Attached key pair (PAh, SAh) and the attached key pair of the recipient B is generated to the private key SB of recipient B association
(PBh, SBh), specifically includes:
Hash is carried out to the private key SA of the sender A, to generate the first seed, by described in first seed generation
The attached key pair (PAh, SAh) of sender A;Hash is carried out to the private key SA of the recipient B, to generate second seed, is led to
Cross the attached key pair (PBh, SBh) that the second seed generates the recipient B.Due to the generation of Pailliers key pair
Dependent on Big prime, unique Big prime is generated by seed, attached key pair is generated at random to realize, due to randomness
In the presence of, attached key pair is generated by way of seed, any information of private key can't be revealed, thus ensure that sender and
The personal secrets of recipient.
Step S2: sender A sends intention of transferring accounts to recipient B, and the intention of transferring accounts includes: A account balance, trade gold
Volume, sender A are using private key SA to the signature for the intention of transferring accounts and the attached public key PAh of sender A;
Specifically, due to including A account balance and trade gold into the intention of transferring accounts that recipient B is sent in sender A
Volume, when sender A is not intended to recipient B to know its account balance, in order to further ensure the personal secrets of sender A, because
Sender A described in this described step S2 sends intention of transferring accounts to recipient B, specifically includes:
An account C is created in State Tree, by sender A by the friendship in the intention of transferring accounts for needing to be sent to recipient B
The easy amount of money is sent to the account C, and sends its whole remaining sum to by account C the account of recipient B.Wherein, the account C
For holding account, the account C is the account temporarily generated in State Tree, and the account C is for the transaction in the intention that will transfer accounts
The amount of money is forwarded to recipient B, and due to the forwarding by holding account C, recipient B not will recognize that the account balance of sender A,
To ensure that the privacy information of sender A is not leaked.Wherein, the account C is receiving turning for the sender A transmission
After transaction amount in account intention, the account balance of the account C will become transaction amount from 0, it is to be understood that trade
After the completion, the account C will be cleared, also, the account C can be deleted from State Tree at this time, to remove State Tree
Redundant data.
Wherein, unique identification of the sender A by the public key PA of itself as identity, and by the private key SA of itself to institute
The intention of transferring accounts is stated to sign.
Step S3: recipient B receive described in transfer accounts intention, and send Transaction Information, the Transaction Information to miner's node
It include: the signature and recipient B of the intention of transferring accounts, B account balance, recipient B of sender A transmission using private key SB to transaction
Attached public key PBh;
Specifically, the recipient B receives the intention of transferring accounts that sender A is sent, alternatively, the recipient B is received temporarily
The intention of transferring accounts that account C is sent, and Transaction Information is sent to miner's node, wherein miner's node is entered by ordinary node
It is generated after digging mine mode, miner's node is used to receive the Transaction Information that the recipient B is sent.
It is a kind of flow diagram of transaction provided in an embodiment of the present invention referring again to Fig. 4, Fig. 4;
As shown in figure 4, sender A sends intention of transferring accounts to recipient B, the intention of transferring accounts includes: A account balance, hands over
The easy amount of money, sender A using private key SA to the signature for the intention of transferring accounts and the attached public key PAh of sender A, such as: the account of A
Remaining sum is 20 yuan, A wants to transfer accounts to B 5 yuan, this be the signature of A, A attached public key be X;
Wherein, after the recipient B receives the intention of transferring accounts that the sender A is sent, the sender A is sent
Intention of transferring accounts and the information package of itself are sent to miner's node at Transaction Information, wherein the Transaction Information includes: hair
Intention of transferring accounts that the person of sending A is sent, B account balance, recipient B are using private key SB to the attached of the signature of transaction and recipient B
Public key PBh, such as: the intention of transferring accounts that the sender A is sent are as follows: the account balance of A is 20 yuan, A wants to transfer accounts to B 5 yuan, this be
The signature of A, the attached public key of A are X, the B account information are as follows: the account balance of B is 8 yuan, this is the attached public affairs of the signature of B, B
Key is Y.
Step S4: after miner's node receives the Transaction Information, distinguished by the attached public key PAh of the sender A
A account balance and transaction amount are encrypted, and, by the attached public key PBh of the recipient B respectively to more than B account
Volume and transaction amount are encrypted, and after verifying to the Transaction Information, the Transaction Information is added in block;
Wherein, the chain structure that block chain is made of block one by one, and each block is then by block head and block
Body two parts composition.The most important component of block body is exactly to trade, and miner's node can will be various in network
Transaction is packaged and is written in block body, is then written to the transaction of block body by the cryptographic Hash that certain mode is composed in series
In block head.
Specifically, passing through the sender A's in the Transaction Information after miner's node receives the Transaction Information
Attached public key PAh encrypts A account balance and transaction amount, generates the ciphertext and transaction amount of A account balance respectively
Ciphertext, and, B account amount of money and transaction amount are carried out by the attached public key PBh of the recipient B in the Transaction Information
Encryption, respectively generate B account balance ciphertext and transaction amount ciphertext, it should be noted that the A account balance and
B account balance is respectively the current balance of A account and B account, that is, the account balance traded before not yet completing, the sender
The transaction amount in intention of transferring accounts that A is sent is then respectively by the attached public key PAh of sender A and the attached public key of recipient B
PBh is encrypted.
Specifically, the Transaction Information is added in block described in the step S4, specifically include:
The attached public key PAh of sender A is subjected to encrypted ciphertext and the attached public key of recipient B to transaction amount
PBh carries out encrypted ciphertext to transaction amount, is added in the block body of block as Transaction Information.Specifically, the mine
After work node encrypts transaction amount by the attached public key PAh of the sender A, it is corresponding close to generate transaction amount
Text, also, after miner's node encrypts transaction amount by the attached public key PBh of the recipient B, generate transaction
The corresponding ciphertext of the amount of money is equivalent to the transaction amount and has been encrypted twice, and the difference of the two is, is to pass through sender respectively
The attached public key PBh of the attached public key PAh and recipient B of A are encrypted, and reason is: account balance of the State Tree to A
It needs to carry out homomorphism addition using the encrypted ciphertext of attached public key PAh by A when variation, and State Tree is to B
Account balance need when changed to carry out homomorphism addition using the encrypted ciphertext of attached public key PBh by B.
Specifically, miner's node verifies the Transaction Information, specifically include:
Judge that the attached public key PAh of sender A carries out A account in encrypted ciphertext and State Tree to A account balance
Whether remaining sum ciphertext consistent and the attached public key PBh of recipient B carries out encrypted ciphertext and State Tree to B account balance
Whether the remaining sum ciphertext of middle B account is consistent;
Judge whether transaction amount is positive, and whether transaction amount is not more than A account balance;
Sender A is verified using private key SA to the signature for the intention of transferring accounts by the public key PA of sender A, and, by connecing
The public key PB verifying recipient B of receipts person B is using private key SB to the signature of transaction.
Specifically, by judging that the attached public key PAh of sender A carries out encrypted ciphertext and state to A account balance
Whether the remaining sum ciphertext of A account is consistent in tree, since the account balance of A account in State Tree is saved in the form of ciphertext,
Its cipher mode is encrypted again by the attached public key of sender A, therefore the attached public key by judging sender A
Whether PAh carries out encrypted ciphertext to A account balance consistent with the remaining sum ciphertext of A account in State Tree, is able to verify that A account
Current balance, if inconsistent, miner is to the authentication failed of the transaction, then the transaction is not written in block by miner;
Similarly, by judging that the attached public key PBh of recipient B carries out encrypted ciphertext and State Tree to B account balance
Whether the remaining sum ciphertext of middle B account is consistent, since the account balance of B account in State Tree is saved in the form of ciphertext,
Cipher mode is encrypted again by the attached public key of recipient B, therefore the attached public key PBh by judging recipient B
It is whether consistent with the remaining sum ciphertext of B account in State Tree that encrypted ciphertext carried out to B account balance, is able to verify that B account
Current balance, if inconsistent, miner is to the authentication failed of the transaction, then the transaction is not written in block by miner;
By judging whether transaction amount is positive, and whether transaction amount is not more than A account balance, determines the transaction
It whether is rationally to trade, if the transaction amount is not positive, alternatively, the transaction amount is greater than the A account balance, it is determined that
The transaction is queasy transaction, then authentication failed, and miner's node the transaction is not written on block;
Sender A is verified using private key SA to the signature for the intention of transferring accounts by the public key PA of sender A, and, by connecing
The public key PB verifying recipient B of receipts person B, to the signature of transaction, is by sender's A sheet so as to determining transaction using private key SB
Human hair goes out, and, determine that transaction is received by recipient B, if verifying sender A by the public key PA of sender A uses private key
SA fails to the signature for the intention of transferring accounts, alternatively, verifying recipient B using private key SB to transaction by the public key PB of recipient B
Signature failure, it is determined that object exception of transferring accounts, authentication failed, miner's node the transaction are not written on the block at this time.
Miner's node is after receiving transaction, by multiple-authentication, such as: judge the attached public key PAh of sender A to A
Account balance carries out whether encrypted ciphertext consistent with the remaining sum ciphertext of A account in State Tree and the attached public affairs of recipient B
Whether key PBh carries out encrypted ciphertext to B account balance consistent with the remaining sum ciphertext of B account in State Tree;Judge trade gold
Whether volume is positive, and whether transaction amount is not more than A account balance;Sender A is verified by the public key PA of sender A to use
Private key SA to the signature of the intention of transferring accounts, and, recipient B is verified using private key SB to transaction by the public key PB of recipient B
Signature, if there is any one verification step there is a situation where authentication failed, miner's node is abandoned writing the transaction
Enter on block, if whole verification steps is correct, which is added on block, to guarantee the validity of transaction.
In embodiments of the present invention, described that the transaction is added in block, specifically include: miner's node will be described
Transaction is added in the block body of the block, and is packaged together with the transaction qualified with other verifyings, specifically, the miner saves
The transaction and other more transaction are also packaged jointly into the same block by point after receiving transaction, and to the area
The Hash that block executes proof of work proves that miner's node, which sends the block to after solving Hash puzzle, to be tested
Card node is verified.Wherein, the transaction that miner's node is added in the block body does not include the sender A and connects
The attached public key of receipts person B, but by the attached public key PAh of the sender A to transaction amount carry out encrypted ciphertext and
The attached public key PBh of recipient B carries out encrypted ciphertext storage into the block body to transaction amount, to guarantee block
The All Activity amount of money in chain is ciphertext form, guarantees node or the information security of user.
It is understood that the attached public key PAh of the sender A to A account balance carry out encrypted ciphertext and
The attached public key PBh of recipient B, which carries out encrypted ciphertext to B account balance, to be saved within a block, and is stored in area
It in the State Tree of block chain node, and is constantly updated according to the continuous cumulative of the transaction in block, to guarantee block catenary system
Stable operation.
Step S5: verifying node verifies the block, and block chain is written in the Transaction Information after being proved to be successful;
Specifically, the block is submitted to verifying node and is tested after transaction is written to block by miner's node
Card, the verifying node common recognition verifying block, and the block being proved to be successful is recorded on block chain.
Specifically, the verifying node verifies the block, specifically include:
The legitimacy of the All Activity in the block is verified, and, the proof of work that miner's node is submitted
It is verified.
Specifically, the legitimacy of the All Activity in the verifying block, comprising:
Check the signature of All Activity, the signature includes: the signature of sender and the signature of recipient, also, is examined
The legitimacy of the block is looked into, whether Merkel's root is correct.
Specifically, the proof of work submitted to miner's node is verified, comprising: according to Byzantine failure tolerance
Algorithm, common recognition verifying block.
Wherein, the verifying node passes through certainty proof of work algorithm (Deterministic Proof of
Work, DPoW) block of miner's node generation is verified, DPoW is by proof of work algorithm (Proof of
Work, POW) and two ranks of practical Byzantine failure tolerance algorithm (Practical Byzantine Fault Tolerance, PBFT)
Duan Zucheng combines the safety of the two.POW ensure that miner can pay computing capability and just generate legal block,
PBFT then ensure that the consistency of network processes result, and the block that miner's node generates finally will be by verifying node PBFT common recognition
Inspection could be received by block chain network.
Wherein, practical Byzantine failure tolerance algorithm (Practical Byzantine Fault Tolerance, PBFT) is one
Kind of state machine copy replication algorithm, i.e. service are modeled as state machine, state machine distributed system different nodes into
Row copy replication.The copy of each state machine saves the state of service, while also achieving the operation of service.It will be all
The set of copy composition is indicated using capital R, is arrived using 0 | R | each copy of -1 integer representation.For the side of description
Just, it is assumed that | R |=3f+1, f is possible to the maximum number of the copy of failure here.Although there may be secondary more than 3f+1
This, but additional copy cannot improve reliability other than reducing performance.
All copies are referred to as rotation process (the succession of of view (View) at one
Configuration running in).In some view, a copy is as host node (primary), other copy conducts
It backs up (backups).The integer that view is continuously numbered for.Host node is by formula p=v mod | R | it is calculated, v is view here
Figure number, p are copy numbers, | R | it is the number of copy set.Just need to start view replacement when host node failure
(view change) process.
Based on Byzantium's general's problem, PBFT consistency ensures to be broadly divided into these three stages: pre-preparation (pre-
Prepare), prepare (prepare) and confirmation (commit).
In the following, combination of embodiment of the present invention Fig. 5 elaborates PBFT main working process:
In Fig. 5, C is to send request end, and 0123 is server-side, and 3 be the server-side of delay machine, the specific steps are as follows:
1.Request: it sends request end C and transmit a request to any one node, be 0 here.
2.Pre-Prepare: server-side 0 is broadcasted after receiving the request of C, diffuses to server-side 1,2 and 3.
3.Prepare: server-side 1,2 and 3 receive after record and broadcast again, 1- > 023,2- > 013,3 because delay machine and
It can not broadcast.
4.Commit: 0123 node of server-side is in the Prepare stage, if receiving more than a certain number of same requests,
Into the Commit stage, Commit request is broadcasted.
5.Reply: 0123 node of server-side is in the Commit stage, if receiving more than a certain number of same requests, to C
It is fed back.
When the number of nodes of server-side is greater than 100, network bandwidth pressure can be increasing, therefore, simple PBFT common recognition
It is to be unable to satisfy many publicly-owned chain networks of number of nodes.
In embodiments of the present invention, before the verifying node verifies the block, the method also includes:
Several verifying nodes are chosen, the block that each verifying node is used to generate miner's node is verified.
After the block that each verifying node generates miner's node is verified, then the verifying node is to described
Block is signed, if verifying does not pass through, the verifying node will not sign to the block.
When the verifying node to the block be proved to be successful by after, the verifying node is by the Transaction Information
Block chain is written, such as: block chain is written into A account balance and B account balance.Wherein, more than the A account balance and B account
Volume is stored on block chain with ciphertext form, and the ciphertext of the A account balance is the attached public key that miner's node passes through A account
PAh carries out encrypted ciphertext to A account balance, and the ciphertext of the B account balance is the attached public affairs that miner's node passes through B account
Key PBh carries out encrypted ciphertext to B account balance.By way of ciphertext, the user on block chain can not know other use
The account balance at family, protects the privacy of user, also, since can to decrypt its corresponding attached for the attached private key of attached key pair
Ciphertext after belonging to public key encryption therefore, can be on block chain when user forgets or want the account balance of inquiry itself
The account balance for knowing itself is capable of the demand of further satisfaction user under the premise of guaranteeing privacy.
Step S6: ordinary node receives the block, and updates the State Tree of itself.
Specifically, then new transaction generates after block chain increases block newly, whole block chain nodes in block catenary system
The State Tree for needing to update itself will be performed the following operations when ordinary node receives new block:
(1), according to Byzantine failure tolerance agreement, whether the number of signatures for verifying the verifying node of the block has reached described
The 2/3 of the verifying node total number of block catenary system, receives the block if reaching.Specifically, being assisted according to Byzantine failure tolerance
View is verified and verifies whether the number of signatures of node is more than threshold value in the block, if so, receiving the block, wherein described
Threshold value is the 2/3 of the quantity of the verifying node, if the block is by the verifying of verifying node, the verifying node will be right
The block is signed, ordinary node judge number of signatures that the verifying node signs to the block whether be more than
2/3rds of the quantity of node are all verified in the block catenary system, if so, receiving the block.
(2), according to the transaction in block, using additive homomorphism, the remaining of the relevant account of transaction described in State Tree is updated
Volume ciphertext, the remaining sum ciphertext of remaining sum ciphertext and recipient including sender.Such as: if B account balance is in State Tree
X1, the amount of money ciphertext that receives of B account is X2 in the transaction of block chain, then the remaining sum ciphertext of B account is updated to X1+X2.
In embodiments of the present invention, the ordinary node receives the block, and updates the State Tree of itself, specific to wrap
It includes:
Encrypted ciphertext is carried out to transaction amount by the attached public key PAh of sender A, A account balance is carried out same
State addition updates A account balance;
Encrypted ciphertext is carried out to transaction amount by the attached public key PBh of recipient B, B account balance is carried out same
State addition updates B account balance.
Specifically, the account balance of all block chain nodes saves in the form of remaining sum ciphertext, example in State Tree
Such as: the account balance of sender A and recipient B pass through remaining sum ciphertext and save, and the account balance of sender A is corresponding
Remaining sum ciphertext is A remaining sum ciphertext, and the corresponding remaining sum ciphertext of the account balance of the account balance B of recipient B is B remaining sum ciphertext.By
The remaining sum ciphertext of all block chain nodes in State Tree passes through additive homomorphism algorithm and generates, with additive homomorphism
Property, therefore homomorphism addition can be carried out to remaining sum ciphertext, the remaining sum ciphertext is updated, that is, updating the account balance.
Specifically, referring to Fig. 6, Fig. 6 is the update flow diagram of State Tree provided in an embodiment of the present invention;
As shown in fig. 6, after block chain node receives block, according to the sender and recipients of the transaction in block,
And transaction amount, wherein the transaction amount is encrypted by attached public key, is stored on block in the form of ciphertext,
Wherein, there are two the transaction amount can save, the attached public key PAh of respectively sender A encrypts transaction amount
The attached public key PBh of ciphertext and recipient B afterwards carries out encrypted ciphertext to transaction amount.Specifically, working as ordinary node
After receiving block, by according to the ciphertext of the both sides of transaction and transaction amount, it is based on additive homomorphism, updates the state of itself
Tree.After transaction is published on block chain, all block chain nodes on block catenary system can each self refresh itself shape
State tree, by additive homomorphism, if a certain block chain node does not update the State Tree of itself, State Tree and other nodes
State Tree data are inconsistent, may result in the error in data of block chain node sending, to not recognized by the whole network.
As shown in fig. 6, the Transaction Information for including in the block are as follows: the transaction amount that A is transmitted to B is MIWEN, when block chain
After node receives the block, the State Tree of itself will be updated according to the Transaction Information, such as: the State Tree is more
Before new are as follows: A account balance is MIWENA, and B account balance is MIWENB, after receiving the block, is believed according to the transaction
Breath: the transaction amount that A is transmitted to B is MIWEN, and the A account balance is updated to MIWENA-MIWEN, and by B account balance
It is updated to MIWENB+MIWEN, to maintain the real-time of State Tree, guarantees that block chain node can legally participate in business.
It is understood that the transaction in block provided in an embodiment of the present invention is only one, it is in practical situations, described
Transaction in block can be it is multiple, when the transaction in the block is multiple, mode of operation is same as above, equally also in this hair
Within bright protection scope.
It is understood that although the data in data and State Tree on block chain carry out all by way of ciphertext
It saves, but miner's node and verifying node still can verify the legitimacy of transaction, to will not influence common recognition agreement just
Often operation.
In embodiments of the present invention, block chain node includes one or more processing and memory.Wherein, processor and
Memory can be connected by bus or other modes.
Memory as a kind of non-volatile computer readable storage medium storing program for executing, can be used for storing non-volatile software program,
Non-volatile computer executable program and module.Processor is by running non-volatile software journey stored in memory
Sequence, instruction and module, thereby executing various function application and data processing.
Memory may include high-speed random access memory, can also include nonvolatile memory, for example, at least one
A disk memory, flush memory device or other non-volatile solid state memory parts.In some embodiments, memory is optional
Including the memory remotely located relative to processor, these remote memories can pass through network connection to processor.It is above-mentioned
The example of network includes but is not limited to internet, intranet, local area network, mobile radio communication and combinations thereof.
The block chain node of the embodiment of the present invention exists in a variety of forms, including but not limited to:
(1) tower server
General tower server cabinet and our common PC machine casees are similar, and large-scale tower case will be coarse
Very much, generally speaking outer dimension does not have fixed standard.
(2) rack-mount server
Rack-mount server is the dense deployment due to meeting enterprise, formation using 19 inch racks as normal width
Type of server, height is then from 1U to several U.Server is placed into rack, daily maintenance and pipe are not merely conducive to
Reason, it is also possible to avoid unexpected failure.Firstly, placing server is not take up excessive space.Rack server is fitly arranged
It is placed in rack, it will not wasting space.Secondly, connecting line etc. also can be in fitly folding and unfolding to rack.Power supply line and LAN line etc.
All can in cabinet the good line of cloth, it is possible to reduce connecting line on the ground is accumulated, to prevent foot from kicking the accidents such as electric wire off
Occur.Defined size is the width (48.26cm=19 inches) and height (multiple of 4.445cm) of server.Since width is 19 English
It is very little, so will also meet this defined rack sometimes is known as " 19 inch rack ".
(3) blade server
Blade server is a kind of the low of HAHD (High Availability High Density, High Availabitity high density)
Cost service device platform is to design exclusively for special applications industry and high density computer environment, wherein each piece " blade "
An actually block system motherboard is similar to independent server one by one.In such a mode, each motherboard is run certainly
Oneself system, serves different specified user groups, and is not associated between each other.System software but can be used by these mothers
Plate assembles a server cluster.Under cluster mode, all motherboards can connect the network environment of offer high speed,
It can be serve the same user group with shared resource.
(4) Cloud Server
Cloud Server (Elastic Compute Service, ECS) be one kind be simple and efficient, securely and reliably, processing capacity
Can elastic telescopic calculating service.Its way to manage is more simple and efficient than physical server, and user is without purchasing hardware in advance, i.e.,
Any more Cloud Servers can be created or discharged rapidly.The distributed storage of Cloud Server is used to a large amount of Server Consolidations be one
Platform supercomputer provides a large amount of data storage and processing service.Distributed file system, distributed data base allow to access
Common storage resource is realized shared using the IO of data file.Virtual machine can break through the limitation of single physical machine, dynamic to provide
Source adjustment eliminates server with distribution and stores the Single Point of Faliure of equipment, realizes high availability.
The embodiment of the invention also provides a kind of nonvolatile computer storage media, the computer storage medium storage
There are computer executable instructions, which is executed by one or more processors.
In embodiments of the present invention, by a kind of method for secret protection of block chain transaction data of offer, it is applied to area
Block catenary system, the block catenary system include ordinary node, miner's node and verifying node, which comprises step S1,
Attached key pair (PAh, SAh), and the private according to recipient B are generated according to the private key SA of the sender A of transaction association respectively
Key SB association generates attached key pair (PBh, SBh);Step S2, sender A send intention of transferring accounts to recipient B, described to transfer accounts
Intention include: A account balance, transaction amount, sender A using private key SA to the attached of the signature of the intention of transferring accounts and sender A
Belong to public key PAh;Step S3, recipient B transfer accounts intention described in receiving, and send Transaction Information to miner's node, and the transaction is believed
Breath include: sender A send intention of transferring accounts, B account balance, recipient B is using signature and reception of the private key SB to transaction
The attached public key PBh of person B;Step S4 after miner's node receives the Transaction Information, passes through the attached public affairs of the sender A
Key PAh respectively encrypts A account balance and transaction amount, and, distinguished by the attached public key PBh of the recipient B
B account balance and transaction amount are encrypted, and after being verified to the Transaction Information, the Transaction Information is added to
In block;Step S5, verifying node verify the block, and block chain is written in the Transaction Information after being proved to be successful;
Step S6, ordinary node receive the block, and update the State Tree of itself.Due to the transaction amount and state on block chain
Account balance in tree is ciphertext storage, ensure that safety and the privacy of transaction, and the privacy for solving current block chain is protected
Shield relies on the technical issues of third party's trust authority, protects customer transaction data-privacy.
Device or apparatus embodiments described above is only schematical, wherein it is described as illustrated by the separation member
Unit module may or may not be physically separated, and the component shown as modular unit can be or can also
Not to be physical unit, it can it is in one place, or may be distributed on multiple network module units.It can basis
It is actual to need that some or all of the modules therein is selected to achieve the purpose of the solution of this embodiment.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can
It is realized by the mode of software plus general hardware platform, naturally it is also possible to pass through hardware.Based on this understanding, above-mentioned technology
Scheme substantially in other words can be embodied in the form of software products the part that the relevant technologies contribute, the computer
Software product may be stored in a computer readable storage medium, such as ROM/RAM, magnetic disk, CD, including some instructions are with directly
To computer equipment (can be personal computer, server or the network equipment etc.) execute each embodiment or
Method described in certain parts of embodiment.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;At this
It under the thinking of invention, can also be combined between the technical characteristic in above embodiments or different embodiment, step can be with
It is realized with random order, and there are many other variations of different aspect present invention as described above, for simplicity, they do not have
Have and is provided in details;Although the present invention is described in detail referring to the foregoing embodiments, the ordinary skill people of this field
Member is it is understood that it is still possible to modify the technical solutions described in the foregoing embodiments, or to part of skill
Art feature is equivalently replaced;And these are modified or replaceed, each reality of the application that it does not separate the essence of the corresponding technical solution
Apply the range of a technical solution.