CN115118429A - Verifiable and fully editable block chain system, method, equipment and terminal - Google Patents
Verifiable and fully editable block chain system, method, equipment and terminal Download PDFInfo
- Publication number
- CN115118429A CN115118429A CN202210281106.8A CN202210281106A CN115118429A CN 115118429 A CN115118429 A CN 115118429A CN 202210281106 A CN202210281106 A CN 202210281106A CN 115118429 A CN115118429 A CN 115118429A
- Authority
- CN
- China
- Prior art keywords
- block
- block chain
- supervisor
- verifiable
- trapdoor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 241000122205 Chamaeleonidae Species 0.000 claims abstract description 73
- 238000012217 deletion Methods 0.000 claims abstract description 33
- 230000037430 deletion Effects 0.000 claims abstract description 33
- 238000003780 insertion Methods 0.000 claims abstract description 28
- 230000037431 insertion Effects 0.000 claims abstract description 28
- 238000012986 modification Methods 0.000 claims abstract description 15
- 230000004048 modification Effects 0.000 claims abstract description 15
- 230000002452 interceptive effect Effects 0.000 claims abstract description 14
- 238000007792 addition Methods 0.000 claims abstract description 11
- 238000012795 verification Methods 0.000 claims description 73
- 238000004422 calculation algorithm Methods 0.000 claims description 69
- 238000004364 calculation method Methods 0.000 claims description 21
- 238000004458 analytical method Methods 0.000 claims description 19
- 230000006870 function Effects 0.000 claims description 10
- 230000008569 process Effects 0.000 claims description 8
- 238000004590 computer program Methods 0.000 claims description 5
- 125000004122 cyclic group Chemical group 0.000 claims description 4
- 239000000203 mixture Substances 0.000 claims description 3
- 101150050759 outI gene Proteins 0.000 claims description 3
- 238000012545 processing Methods 0.000 claims description 2
- 238000007670 refining Methods 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 13
- 238000005516 engineering process Methods 0.000 description 6
- 230000000694 effects Effects 0.000 description 3
- 238000011160 research Methods 0.000 description 3
- 238000012360 testing method Methods 0.000 description 3
- 238000003491 array Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000008092 positive effect Effects 0.000 description 2
- 230000001737 promoting effect Effects 0.000 description 2
- 238000012827 research and development Methods 0.000 description 2
- 230000003044 adaptive effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 230000002349 favourable effect Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000004575 stone Substances 0.000 description 1
- 230000002194 synthesizing effect Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
- H04L2209/603—Digital right managament [DRM]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention belongs to the technical field of block chain safety, and discloses a verifiable and completely editable block chain system, method, equipment and terminal.A supervisor generates a supervision key pair after generating system parameters; the block creator adopts a double-trapdoor chameleon Hash cluster and a trapdoor-free general accumulator, performs block addition, insertion, modification and deletion with the assistance of a supervisor, updates the block chain state, and generates a corresponding non-interactive verifiable certificate; verifying the validity of the proof by the block chain user, adopting various operations according to the maximum serial number consensus rule, and realizing distributed block chain state updating; and when a new user joins the block chain system, verifying the connectivity of the whole block chain and the validity of the block chain state.
Description
Technical Field
The invention belongs to the technical field of block chain security, and particularly relates to a verifiable and completely editable block chain system, method, equipment and terminal.
Background
At present, a block chain technology is an organic integration of a plurality of technologies such as distributed consensus, intelligent contracts and cryptography, is essentially a distributed block chain type data structure, and has the excellent characteristics of decentralization, distrust, public transparency, no tampering and the like. In recent years, the block chain technology has attracted wide attention of all social circles, has led to the research enthusiasm of academic circles and industrial circles, and has received high attention from governments of all countries in the world. The non-tamper property is one of the most important features of the block chain technology and is also an important reason for its pursuit. The characteristic eliminates the dependence of entities which are not trusted with each other in an untrusted environment on third-party intermediaries, lays an important foundation stone for the safety and the transparency of various applications of the block chain, and promotes the block chain to play a continuous positive role in the economic society.
However, persistent data storage is not applicable to all application scenarios of blockchains. For example, the transaction field of the blockchain can be inserted with contents in any format, some malicious users can insert some pornography, illegal websites and other illegal or even illegal data opportunistically, and the contents are all stored in the blockchain system permanently. In the face of this situation, a large number of users worry about some illegal contents left on the computer after downloading the blockchain, and are reluctant to add the blockchain system, which seriously damages the blockchain ecosystem. It can be seen that when data that cannot be tampered with becomes a burden, it is highly desirable that the blockchain have editable functionality. At the same time, some official organizations have promulgated various data protection policies and laws and regulations requiring block chaining to have editable properties. For example, the european union 'universal data protection regulation' uses "forgotten rights" as a key right of a data body, and specifies that the data body has a right to require a data controller to delete personal data, and that the controller is responsible for deleting personal data in a timely manner under specific circumstances. Therefore, the method has important practical significance for editable block chain expansion research.
As is known, the hash value of the previous block in the chain of blocks is the prev _ hash field of the next block, thus forming a so-called "chain", the non-tamperptability of which is due to the collision resistance of the hash function. Inspired by the above, the Atenies et al first proposed a method for modifying and deleting a block, and the core idea thereof is to replace a common hash function with a chameleon hash function, so that a chameleon hash trapdoor holder can modify the contents of the block by searching for a collision of a hash value without affecting other blocks in a block chain. Following this breakthrough work, more and more experts have developed more intensive research into editable blockchains.
Most existing editable block chains only support two operations of modification and deletion, and the insertion operation is omitted. The block insertion is different from the conventional addition operation in that the operation position thereof is an arbitrary position in the block chain except for the chain head. As is well known, smart contracts are a series of automatically executing computer programs running on a blockchain. In 2016, 6 months, the DAO contract was hacked because of the code vulnerability, losing 3641694 ETH. If the time zone block chain supports the insertion operation, the patch code can be quickly inserted and the loss can be stopped in time. In addition, since the editable block chain supports the deletion operation, it is difficult to avoid the occurrence of the false deletion, and the insertion operation needs to be performed for timely correction. Dousti et al attempts to propose a signature-based editable blockchain that supports full operations. However, the proposed method is not compatible with delete operations and it is difficult to maintain a consistent blockchain state due to its imperfect verification policy.
Existing editable block chains lack verifiability of the block chain state. However, verifiable editable blockchains are necessary in real world applications. In the conventional block chain verification process, it is mainly checked whether the prev-hash of the next block is the hash value of the previous block, i.e. the connectivity of the chain, regardless of the content version of the block. An editable blockchain based on chameleon hash passes verification even if it does not update the blockchain to the latest state as required. Thus, if the state of the blockchain does not support verifiability, the editable blockchain is not valid and feasible. Therefore, it is of great significance to study a block chain that is verifiable and fully editable.
In addition, the verified and completely editable block chain is provided, so that not only is complete editability realized, but also verifiability of the state of the block chain is realized, all editing operations are ensured to be updated on the local block chain of a user in a distributed manner, and the problems of sluggish updating, historical replay and the like are solved.
Through the above analysis, the problems and defects of the prior art are as follows:
(1) the existing editable block chain can not realize complete editability, and is difficult to be compatible with block adding, inserting, modifying and deleting operations at the same time.
(2) The existing editable block chain lacks the verifiability of the state of the block chain, and can be attacked by sluggish updating, historical replay and the like.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a verifiable and fully editable block chain system, a method, equipment and a terminal.
The invention is realized by a verifiable and fully editable block chain system control method, which comprises the following steps: the method comprises four processes of system establishment, full editing operation of the blocks, full editing verification of the blocks and block chain verification.
After generating system parameters, a supervisor generates a supervisory key pair of the supervisor; the block creator adopts a double-trapdoor chameleon Hash cluster and a trapdoor-free general accumulator, performs block addition, insertion, modification and deletion with the assistance of a supervisor, updates the block chain state, and generates a corresponding non-interactive verifiable certificate;
verifying the validity of the proof by the block chain user, adopting various operations according to the maximum serial number consensus rule, and realizing distributed block chain state updating; when a new user joins the block chain system, the connectivity of the whole block chain and the validity of the block chain state are verified.
Further, the verifiable and fully editable block chain system control method comprises the following steps:
step one, system establishment: generating system parameters and generating a key pair for a supervisor;
step two, block full editing operation: the block creator adopts a double-trapdoor chameleon Hash cluster and a trapdoor-free general accumulator, performs block addition, insertion, modification and deletion with the assistance of a supervisor, updates the block chain state, and generates a corresponding non-interactive verifiable certificate;
step three, block full editing verification: verifying the validity of the proof by the block chain user, adopting various operations according to the maximum serial number consensus rule, and realizing distributed block chain state updating;
step four, verifying the block chain: and verifying the connectivity of the whole block chain and the validity of the block chain state, so that a new user is added into the block chain system.
Further, the system establishment in the first step includes:
(1)SysGen(1 λ ) The → (pp) algorithm, inputs the security parameter λ, performs as follows:
selecting a cyclic group with a large prime number qAnd an unknown order groupSelecting two generatorsAndinitialization A 0 And c, refining the mixture to obtain two Hash functions H 1 :{0,1} * →{0,1} λ And H prime :{0,1} * → Primes (. lamda.), output System parameters
(2) The KeyGen (pp) → (sk, pk) algorithm, entering the system parameters pp, performs the following:
Further, the full editing operation of the block in the second step includes:
(1)algorithm, input length ofBlock chain ofChameleon hash key pair (tk) i ,hk)=((sk,t i ) Pk) of, whereinThe supervisor is B i Selected specific trapdoors, B i The Merkle root of the transaction and the solution ctr of the workload certification are executed as follows:
ParsecomputingAndto obtain B i Is/are as followsFind outGet the serial number i ← s m + 1; calculating eta i ←H prime (m | | i) to get the accumulator stateComputingTo obtain a i Corresponding evidence w i ←Q i (ii) a Supervisor calculation and B i Chameleon hash verification string corresponding to each field in the databaseTo obtain finallyWherein B is i :=<p i ,ctr,m,i,ξ i ,A i ,w i >。
(2)Algorithm, input length ofBlock chain of (2) B i Corresponding chameleon hash key pair (tk) i ,hk)=((sk,t i ),pk),Corresponding chameleon hash key pairB i The values of m and ctr contained in the table areAt position l of the insertion, the following is performed:
Parsefind outTo obtain B i Serial number i ← s m + 1; calculating eta i ←H prime (m | | i), resulting in the accumulator stateCalculating outTo obtain A i Evidence w of (A) i ←Q i (ii) a Supervisor calculationsVerification string for obtaining chameleon hash by using chameleon hash trapdoor held by chameleon hash trapdoorThereby the device is provided with
Due to the insertion of B i Prev _ hash of the last original block is changed, so calculationSupervisor calculationsTo obtainAt this time, the original first block becomesOutput block chain
(3)Algorithm, input length ofBlock chain of (2)The first block in the chainThe modified target value m' of (a),chameleon key pairThe following is performed:
Parsefind outObtaining new serial number i' ← s m + 1; initializationComputingAndobtaining evidence of data deletion of old versionCalculating eta i′ ←H prime (m '| i') to get updated accumulator stateAnd evidence to add new version dataInitializationIf it is notThen theBy extended Euclidean algorithm computationCalculating mu i′ ←h α And v i′ ←A i′ β To obtainNon-member proof of all historical version data (z) i′ ,d i′ ,Q i′ , 3 )←NI-PoKE.Prove(β , A i′ ,ν i′ ) And Q i′,4 ←NI-PoE.Synthesizing the above results to obtain evidence of the current accumulator stateSupervisor calculates cont i′ ←p i ||m′||i′||A i′ ||w i′ And obtaining the chameleon Hash verification string corresponding to the updated data by using the chameleon Hash trapdoor held by the chameleon Hash trapdoorOutput ofWherein B is i′ :=<p i ,ctr i ,m′,i′,ξ i′ ,A i′ ,w i′ >。
(4)Algorithm, input length ofBlock chain ofContinuous set of block locationsThe smallest of them is recorded asMaximum notationTo (L) max +1) blocks in a positionCorresponding chameleon hash key pairB comprising m and ctr i Corresponding chameleon hash (tk) i ,hk)=((sk,t i ) Pk), the block is used to record the deletion event, the following is performed:
Find outGet the serial number i ← s m + 1; to obtainComputingInitializationAndfor all L ∈ L, calculateAnd determine whether there isIf so, thenGet the evidence that the block indicated by the delete L is deletedCalculating eta i ←H prime (m | | i) to get a new accumulator stateAnd newly added B i Evidence of (1)InitializationAndcomputingμ i ←h α 、ν i ←A i β Evidence of historical version failure of all deleted blocks is obtained (z) i ,d i ,Q i,3 )←NI-PoKE.Prove(β,A i ,ν i ) Andto sum up, obtain the evidence of the accumulatorThe supervisor calculates through the trapdoorOutput ofWherein B is i :=<p i ,ctr,m,i,ξ i ,A i ,w i >。
Further, the full edit verification of the block in step three comprises:
(1)algorithm, input additional Block B i Length ofIs local to the verifierThe following is performed:
analysis B i :=<p i ,ctr i ,m i ,i,ξ i ,A i ,w i >Wherein w is i :=Q i Find outIn (1)Resolve the sequence number as s m Block ofCalculating cont i ←p i ||m i ||i||A i ||w i Andif i is equal to s m +1、H 1 (ctr i ||h i ) If both < D are true, then η is calculated i ←H prime (m i I) and returns the verification result
(2)Algorithm, input block B inserted in position l i Updated version of the block originally at that locationHas a length ofIs proved byLocal block chain of a personThe following is performed:
analysis B i :=<p i ,ctr i ,m i ,i,ξ i ,A i ,w i >Wherein w is i :=Q i Analysis ofAndonFind outAnd analyzeBy passingComputingIf i is equal to s m +1、H 1 (ctr i ||h i ) If < D is both true, then calculateAnd η i ←H prime (m i | i), returning a verification result
(3)Algorithm, inputting modified block B at I position i Length ofIs local to the verifierThe following is performed:
parsing block B i :=<p i ,ctr i ,m i ,i,ξ i ,A i ,w i >In whichResolving blockchainsOnFind outIs/are as followsAnd analyzeCalculating cont i ←p i ||m i ||i||A i |w i And recover toIf H is present 1 (ctr i ||h i ) < D and i ═ s m +1, then calculate η i ←H prime (m i I) andreturn authenticationAs a result, the&&NI-PoKE.Verify(A i ,ν i ,z i ,d i ,Q i,3 )&
(4)Algorithm, input block B recording deletion event i Deleted set of block locationsHas a length ofVerifier's local blockchainThe following is performed:
analysis B i :=<p i ,ctr i ,m i ,i,ξ i ,A i ,w i >WhereinParseIn (1)Find outIn (1)And analyzeBy usingComputingIf H is present 1 (ctr i ||h i )<D、 i==s m +1、All are true, then η is calculated i ←H prime (m i I) andreturning verification results& &NI-PoKE.Verify(A i ,ν i ,z i ,d i ,Q i,3 )&
Further, the block chain verification in step four comprises:
for all j e [ n ∈ [ ]]CalculatingAndif presentOrThen go back to 0 directly; otherwise calculateFind outIn (1)And analyzeReturning verification results
Another object of the present invention is to provide a verifiable and fully editable block-chain system applying the verifiable and fully editable block-chain system control method, which comprises:
the system establishing module is used for generating system parameters and generating a key pair for a supervisor;
the block creator adopts a double-trapdoor chameleon Hash cluster and a trapdoor-free general accumulator, adds, inserts, modifies and deletes blocks with the assistance of a supervisor, updates the state of a block chain, and generates a corresponding non-interactive verifiable certificate;
the full-editing verification module is used for adopting various operations according to the maximum serial number consensus rule by utilizing the validity of the block chain user verification certificate to realize distributed block chain state updating;
and the block chain verification module is used for verifying the connectivity of the whole block chain and the validity of the block chain state, so that a new user is added into the block chain system.
It is a further object of the invention to provide a computer device comprising a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to perform the steps of:
after generating system parameters, a supervisor generates a supervisory key pair of the supervisor; the block creator adopts a double-trapdoor chameleon Hash cluster and a trapdoor-free general accumulator, performs block addition, insertion, modification and deletion with the assistance of a supervisor, updates the block chain state, and generates a corresponding non-interactive verifiable certificate;
verifying the validity of the proof by the block chain user, adopting various operations according to the maximum serial number consensus rule, and realizing distributed block chain state updating; and when a new user joins the block chain system, verifying the connectivity of the whole block chain and the validity of the block chain state.
It is another object of the present invention to provide a computer-readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of:
after generating system parameters, the supervisor generates a supervisory key pair of the supervisor; the block creator adopts a double-trapdoor chameleon Hash cluster and a trapdoor-free general accumulator, performs block addition, insertion, modification and deletion with the assistance of a supervisor, updates the block chain state, and generates a corresponding non-interactive verifiable certificate;
verifying the validity of the proof by the block chain user, adopting various operations according to the maximum serial number consensus rule, and realizing distributed block chain state updating; and when a new user joins the block chain system, verifying the connectivity of the whole block chain and the validity of the block chain state.
Another object of the present invention is to provide an information data processing terminal for implementing the verifiable and fully editable block-chaining system.
In combination with the technical solutions and the technical problems to be solved, please analyze the advantages and positive effects of the technical solutions to be protected in the present invention from the following aspects:
first, aiming at the technical problems existing in the prior art and the difficulty in solving the problems, the technical problems to be solved by the technical scheme of the present invention are closely combined with results, data and the like in the research and development process, and some creative technical effects are brought after the problems are solved. The specific description is as follows:
according to the method, the key pair of the supervisor is generated through the system establishing step, so that the supervisor can conveniently generate the chameleon hash which can be edited only by the supervisor for each block, and finally a fully editable block chain is constructed.
Aiming at the problems that the existing editable block chain is difficult to be compatible with block addition, insertion, modification and deletion operations at the same time, lacks the verifiability of the state of the block chain, is easy to suffer from sluggish updating, historical replay attack and the like, the invention provides the verifiable and completely editable block chain, can simultaneously realize the complete editability of the content of the block and the verifiability of the state of the block chain, has important significance for improving the feasibility and the practicability of the editable block chain, and is favorable for further promoting the development and the wide application of the block chain.
Secondly, considering the technical scheme as a whole or from the perspective of products, the technical effect and advantages of the technical scheme to be protected by the invention are specifically described as follows:
the invention can simultaneously realize the complete editability of the block chain and the verifiability of the state of the block chain, and solves the problems of sluggish updating, historical replay and the like of the editable block chain. The invention can realize the complete editability and verifiability of the block chain at the same time, has important significance for improving the feasibility and the practicability of the editable block chain, and is beneficial to further promoting the development and the wide application of the block chain.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required to be used in the embodiments of the present invention will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flow chart of a method for verifying and fully-editable block chain control according to an embodiment of the invention;
FIG. 2 is a block diagram of a verifiable and fully editable block chain system architecture provided by an embodiment of the present invention; in the figure: 1. a system establishing module; 2. a full editing operation module; 3. a full-editing verification module; 4. a block chain verification module.
FIG. 3 is a block chain architecture diagram that is verifiable and fully editable as provided by embodiments of the present invention;
FIG. 4 is a schematic diagram illustrating the time overhead for generating a block according to an embodiment of the present invention;
FIG. 5 is a block header size diagram according to an embodiment of the present invention;
FIG. 6 is a block size diagram according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of the time overhead of modifying a block according to an embodiment of the present invention;
FIG. 8 is a schematic diagram illustrating the time overhead for deleting consecutive blocks according to an embodiment of the present invention;
FIG. 9 is a schematic diagram of the time overhead for deleting discontinuous blocks according to an embodiment of the present invention;
FIG. 10 is a schematic diagram of the time overhead of a verify append operation provided by an embodiment of the present invention;
FIG. 11 is a schematic diagram illustrating the time overhead of verifying a delete operation according to an embodiment of the present invention;
FIG. 12 is a schematic diagram illustrating the time overhead for verifying deletion of consecutive blocks according to an embodiment of the present invention;
FIG. 13 is a schematic diagram illustrating the time overhead for verifying deletion of non-contiguous blocks according to an embodiment of the present invention;
FIG. 14 is a schematic diagram illustrating the time overhead for verifying the entire blockchain according to an embodiment of the present invention;
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In view of the problems in the prior art, the present invention provides a verifiable and fully editable block chain system, method, device and terminal, and the present invention is described in detail below with reference to the accompanying drawings.
First, an embodiment is explained. This section is an explanatory embodiment expanding on the claims so as to fully understand how the present invention is embodied by those skilled in the art.
As shown in fig. 1, the method for controlling a block chain system that is verifiable and fully editable according to an embodiment of the present invention includes the following steps:
s101, system establishment: generating system parameters and generating a key pair for a supervisor;
s102, full editing operation of the blocks: the block creator adopts a double-trapdoor chameleon Hash cluster and a trapdoor-free general accumulator, performs block addition, insertion, modification and deletion with the assistance of a supervisor, updates the block chain state, and generates a corresponding non-interactive verifiable certificate;
s103, block full-editing verification: verifying the validity of the proof by the block chain user, adopting various operations according to the maximum serial number consensus rule, and realizing distributed block chain state updating;
s104, block chain verification: and verifying the connectivity of the whole block chain and the validity of the block chain state, so that a new user is added into the block chain system.
Further, the system establishment in step S101 includes:
(1)SysGen(1 λ ) The → (pp) algorithm, inputs the security parameter λ, performs as follows:
selecting a cyclic group with order of large prime number qAnd an unknown order groupSelecting two generatorsAndinitialization A 0 And c, mixing the obtained mixture to obtain two Hash functions H 1 :{0,1} * →{0,1} λ And H prime :{0,1} * → Primes (lambda), output system parameters
(2) The KeyGen (pp) → (sk, pk) algorithm, entering the system parameters pp, performs the following:
Further, the full editing operation of the tile in step S102 includes:
(1)algorithm, input length ofBlock chain ofChameleon hash key pair (tk) i ,hk)=((sk,t i ) Pk) of, whereinThe supervisor is B i Selected specific trapdoors, B i The Merkle root m of the transaction contained in and the solution ctr of the workload proof are executed as follows:
ParsecomputingAndto obtain B i IsFind outGet the serial number i ← s m + 1; calculating eta i ←H prime (m | | i) to get the accumulator stateComputingTo obtain a i Corresponding evidence w i ←Q i (ii) a Supervisor calculation and B i Chameleon hash verification string corresponding to each field in the databaseTo finally obtainWherein B is i :=<p i ,ctr,m,i,ξ i ,A i ,w i >。
(2)Algorithm, input length ofBlock chain of B i Corresponding chameleon hash key pair (tk) i ,hk)=((sk,t i ),pk),Corresponding chameleon hash key pairB i The m and ctr values contained in the table areAt position l of the insertion, the following is performed:
Parsefind outTo obtain B i Step (ii) serial number i ← s m + 1; calculating eta i ←H prime (m | | i) to get the accumulator stateComputingTo obtain A i Evidence w of (A) i ←Q i (ii) a Supervisor calculationsVerification string for obtaining chameleon hash by using chameleon hash trapdoor held by chameleon hash trapdoorThereby the device is provided with
Due to the insertion of B i Prev _ hash of the last previous block is changed, so the calculationSupervisor calculationsTo obtainAt this time, the original first block becomesOutput block chain
(3)Algorithm, input length ofBlock chain ofThe first block in the chainThe modified target value m' of (a),chameleon key pairThe following is performed:
Parsefind outObtaining new serial number i' ← s m + 1; initializationComputingAndobtaining evidence of data deletion of old versionCalculating eta i′ ←H prime (m '| i') to get updated accumulator stateAnd evidence to add new version dataInitializationIf it is notThenBy extended Euclidean algorithm computationCalculating mu i′ ←h α And v i′ ←A i′ β To obtainNon-member proof of all historical version data (z) i′ ,d i′ ,Q i′,3 )←NI-PoKE.Prove(β,A i′ ,v i′ ) Andsynthesizing the above results to obtain evidence of current accumulator stateSupervisor calculates cont i′ ←p i ||m′||i′||A i′ ||w i′ And obtaining the chameleon Hash verification string corresponding to the updated data by using the chameleon Hash trapdoor held by the chameleon Hash trapdoorOutput the outputWherein B is i′ :=<p i ,ctr i ,m′,i′,ξ i′ ,A i′ ,w i′ >。
(4)Algorithm, input length ofBlock chain ofContinuous set of block locationsThe smallest of them is recorded asMaximum notationTo (L) max +1) blocks in a positionCorresponding chameleon hash key pairB comprising Sichuan and ctr i Corresponding chameleon hash (tk) i ,hk)=((sk,t i ) Pk), the block is used to record the deletion event, the following is performed:
updatingPrev _ hash field ofSupervisor calculation through chameleon Hash trapdoorIs updatedRecord as
Find outGet the serial number i ← s m + 1; to obtainComputing InitializationAndfor all L ∈ L, calculateAnd judge whether there isIf so, thenGet the evidence that the block indicated by the delete L is deletedCalculating eta i ←H prime (m | | i) to get a new accumulator stateAnd newly added B i Evidence of (1)InitializationAndcomputingμ i ←h α 、v i ←A i β Evidence of historical version failure of all deleted blocks is obtained (z) i ,d i ,Q i,3 )←NI-PoKE.Prove(β,A i ,v i ) Andto sum up, obtain the evidence of the accumulatorThe supervisor calculates through the trapdoorOutput ofWherein B is i :=<p i ,ctr,m,i,ξ i ,A i ,w i >。
Further, the full edit verification of the block in step S103 includes:
(1)algorithm, input additional Block B i Length ofIs local to the verifierThe following is performed:
analysis B i :=<p i ,ctr i ,m i ,i,ξ i ,A i ,w i >Wherein w is i :=Q i Find outIn (1)Resolution orderColumn number is s m Block ofCalculating cont i ←p i ||m i ||i||A i ||w i Andif i is equal to s m +1、H 1 (ctr i ||h i ) If both < D are true, then η is calculated i ←H prime (m i I) and returns the verification result
(2)Algorithm, input block B inserted in position l i Updated version of the block originally located at that locationHas a length ofVerifier local block chainThe following is performed:
analysis B i :=<p i ,ctr i ,m i ,i,ξ i ,A i ,w i >Wherein w is i :=Q i Analysis ofAndonFind outAnd analyzeBy passingCalculating outIf i is equal to s m +1、H 1 (ctr i ||h i ) If < D is both true, then calculateAnd η i ←H prime (m i | i), returning a verification result
(3)Algorithm, inputting modified block B at I position i Length ofIs local to the verifierThe following is performed:
parsing block B i :=<p i ,ctr i ,m i ,i,ξ i ,A i ,w i >In whichResolving block chainsOnFind outIs/are as followsAnd analyzeCalculating cont i ←p i ||m i ||i||A i ||w i And recover toIf H is present 1 (ctr i ||h i ) < D and i ═ s m +1, then calculate η i ←H prime (m i I) andreturning verification results&&NI-PoKE.Verify(A i ,ν i ,z i ,d i ,Q i,3 )&
(4)Algorithm, input Block B which records deletion events i Deleted set of block locationsHas a length ofVerifier's local blockchainThe following is performed:
analysis B i :=<p i ,ctr i ,m i ,i,ξ i ,A i ,w i >WhereinParseIn (1)Find outIn (1)And analyzeBy usingComputingIf H is present 1 (ctr i ||h i )<D、 i==s m +1、All are true, then η is calculated i ←H prime (m i Ii) andreturning verification results& &NI-PoKE.Verify(A i ,ν i ,z i ,d i ,Q i,3 )&
Further, the block chain verification in step S104 includes:
for all j e [ n ∈ [ ]]CalculatingAndif presentOrThen go back to 0 directly; otherwise calculateFind outIn (1)And analyzeReturning verification results
As shown in fig. 2, the verifiable and fully editable block chain system provided by the embodiment of the present invention includes:
the system establishing module 1 is used for generating system parameters and generating a key pair for a supervisor;
the block creator adopts a double-trapdoor chameleon Hash cluster and a trapdoor-free general accumulator, adds, inserts, modifies and deletes blocks with the assistance of a supervisor, updates the state of a block chain, and generates a corresponding non-interactive verifiable certificate;
the full-editing verification module 3 is used for adopting various operations according to the maximum serial number consensus rule by utilizing the validity of the block chain user verification certificate to realize distributed block chain state updating;
and the block chain verification module 4 is used for verifying the connectivity of the whole block chain and the validity of the block chain state, so that a new user is added into the block chain system.
And II, application embodiment. In order to prove the creativity and the technical value of the technical scheme of the invention, the part is the application example of the technical scheme of the claims on specific products or related technologies.
The block chain technology is praised due to its non-tamper-resistance, which has attracted a great deal of attention from various industries such as academia and industry. However, the permanent storage of data is easy to cause problems such as copyright dispute, and some official organizations have issued various data protection policies and laws and regulations, and require block chains to have editable characteristics. An editable blockchain is a good variant of a blockchain, and the contents of a block can be edited without affecting other blocks in the blockchain. Most of the studies on editable blockchains only consider modification and deletion of blocks, and ignore insertion operations. This operation is different from block addition in that a block is inserted at an arbitrary position of a predetermined block chain. When the intelligent contract has code bugs, patches need to be added, and block deletion errors occur, block insertion is quite necessary. Furthermore, none of the existing studies consider the verifiability of editable blockchains. However, the failure of the block chain state to verify can lead to sluggish updating, historical replay and other attacks, and seriously damage the feasibility and usability of the editable block chain. Therefore, how to design an editable blockchain supporting complete editability of blocks and verifiable state of the blockchain is a problem to be solved.
The invention provides a verifiable and completely editable block chain aiming at the requirements of safety, effectiveness, functionality, feasibility, availability and the like of the editable block chain in a real scene, and simultaneously meets the verifiability of the complete editable and block chain state of the block. The editable block chain is constructed based on the double trapdoor chameleon Hash cluster, and block adding, inserting, modifying and deleting operations with high calculation efficiency and key leakage resistance are realized. On the basis, the verifiability of the block chain state is realized by combining the trapdoor-free general accumulator and the maximum serial number consensus rule, and the problems of sluggish updating, historical replay and the like are effectively solved.
1. System architecture
As shown in fig. 3, in a verifiable and fully editable block chain system, a block is defined as B ═ in an embodiment of the present invention<p,m,i,A,w,ctr,ξ>. Note H 1 :{0,1} * →{0,1} λ Is a cryptographic anti-collision hash function,is a chameleon hash function. A block is valid if and only if it satisfies the following equation:
where cont | | | m | | | i | | | a | | | | w, p is the hash of the previous block, m is the Merkle tree root of the transaction contained in B, i is a globally unique serial number, a is the accumulator state where the block chain ends to block B, w is the evidence corresponding to a, ctr is the nonce value of the workload certification, ξ is the verification string of the chameleon hash matching with cont, and D is the difficulty value of the workload certification.
Block chainThe expansion mode is that the block is added at the rightmost position. The rightmost block is called the head of the chain and is denoted asIf it isIf the chain head is B, thenIs extended toWhen, B': is equal to<p′,m′,i′,A′,w′,ctr′,ξ′>The prev _ hash field in (2)
In addition to this, the present invention is,representThe number of blocks contained in one block chain. Suppose thatThen for any 0. ltoreq. k. ltoreq.n,representThe result of cutting out the left-most k blocks,it is the result of cutting off the rightmost k blocks. In this way,is represented inIs inserted into the block B at the k-th position * ;Is to modifyThe kth block of (1);is to deleteThe k-th block of (1).
2. Preliminary knowledge
(1) Chameleon hash function
Chen et al propose a chameleon hash cluster with double trapdoors, which satisfies computational effectiveness and collision resistance, and is written as a set of algorithmsDETAILED DESCRIPTIONSThe following:
algorithm, input security parameter λ, output trapdoor key tk ═ (x, t) and hash key hk ═ Y, whereY is xP, and P is a groupA generator of (2).
And (3) an algorithm for inputting tk and a message m and calculating h-tP as a hash value. Random selectionCalculating a validation string ξ ═ (r, K), where K ═ kP and r ═ t-H 0 (m,K)·(k+x)。
Algorithm passing verification formulaAnd verifying the matching of the hash value and the message and the verification string.
The algorithm looks for the collision xi ' ═ (r ', K ') for the new message m ', where r ' ═ t-H 0 (m′,K′)·(k′+x),K′=k′P,
(2) Compact non-interactive proof
1) the NI-poe. cave (x, u, w) → (Q) algorithm gives evidence that: calculate l ← H prime (x,u,w)、And r ← x mod l, giving proof Q ← u q 。
2) Verification of the NI-poe. verify (x, u, w, Q) → ({0, 1}) algorithm proves that: calculate l ← H prime (x, u, w) and r ← x mod l, validating equationAnd outputs the result.
Extension of NI-PoKE to NI-PoE, to discrete logarithmic relationshipsThe following is performed, as is demonstrated by the compact knowledge of (1):
1) the NI-poke. pro (x, u, w) → (z, r, Q) algorithm gives evidence that: computingz←u ′x 、 l←H prime (u, w, z), a ← H (u, w, z, l) andgive proof (z, Q ← (uu) ′a ) q ,r←x mod l)。
2) Verification of the NI-poke. verify (u, w, z, r, Q) → ({0, 1}) algorithm proves that: calculating out l←H prime (u, w, z) and a ← H (u, w, z, l), by verifying equation Q l (uu ′a ) r =wz a And giving a verification result.
(3) Universal accumulator without trapdoor
The trapdoor-free universal accumulator is an extension of a classical RSA accumulator oriented to a distributed scene, does not need the participation of a trusted manager, and simultaneously supports member certification and non-member certification. The accumulator is constructed in an unknown order groupIn the above, the invention performs some adaptive fine tuning on the algorithmAnd (4) forming.
Algorithm, input security parameter λ, output element setAnd an initial accumulator state A (S) ← h, in which
The purpose of the algorithm is to add an element to the accumulator and update its state. If x belongs to S, the state of the accumulator is kept unchanged, and A (S') ← A (S) is directly output; otherwise, outputting the updated accumulator state A (S') ← A (S) x 。
The purpose of the algorithm is to delete the accumulatorAnd updates its state. If it is notThe state of the accumulator is kept unchanged, and A (S') ← A (S) is directly output; otherwise, executing S' ← S \ x } and calculatingOutputting updated accumulator states
The algorithm is to prove that x is in the accumulator set. ComputingAndevidence is given as ← NI-PoE.Prove (x, w, A (S)).
Algorithm to proveComputingUsing the extended Euclidean algorithm Exgcd (x, x) * ) To obtainComputing d ← h α and v ← A (S) β Giving proof of pi ═ pi (pi) d ,π h )←(NI-PoKE.Prove(A(S),v,β),NI-PoE(x,d,hv -1 ))。
In order to verify the validity of member certification, the verification result is determined by NI-PoE.
Algorithm to validate the validity of the non-member proof if and only if NI-PoKE d ) → 1 and NI-PoE.Verify (x, d, hv) -1 ,π h ) → 1 at the same time, the verification succeeds.
3. Overview of the method
The block chain in the invention adopts the maximum serial number consensus rule to replace the longest chain rule so as to encourage users to compete for the block writing right (i.e. profit) based on the latest block chain version, thereby solving the problem of delayed editing and updating. In addition, in order to invalidate the historical version of the revised block, the trapdoor-free general accumulator is adopted to commit all blocks in the block chain, and the verifiability of the state of the block chain is realized.
Specifically, when there are block addition and insertion operations, the block creator usesUpdate accumulator state and runA membership certificate for the accumulator is generated for the block. Wherein, due to different operation positions, the insertion block will destroy the connectivity of the block chain, so that the block behind the insertion block needs to be operated once more
When the block needs to be modified, the block creator usesDelete historical versions and runThe new version content is added to the accumulator. Then, runAndaccumulator non-member and member proofs are provided for invalid and valid versions, respectively.
When block deletion occurs, the intuitive solution is to callThe accumulator state is updated. However, such a simple operation causes a problem of delaying the edit update since the latest tile on the blockchain remains unchanged before and after the operation. Therefore, we add a new block to record the deletion event, called record block, whose sequence number is the updated maximum sequence number. Then executeAdding a record block to an accumulator and runningAndnon-member and member certificates are generated for the deleted and added blocks, respectively.
4. Concrete structure
The invention is composed of 11 algorithms, and the specific construction method is explained as follows:
SysGen(1 λ ) The → (pp) algorithm, inputs the security parameter λ, performs as follows:
1) selecting a cyclic group with a large prime number qAnd one isUnknown order groupSelecting two generatorsAndinitialization A 0 ←h。
2) Selecting two hash functions H 1 :{0,1} * →{0,1} λ And H prime :{0,1} * →Primes(λ)。
The KeyGen (pp) → (sk, pk) algorithm, entering the system parameters pp, performs the following:
2) The output key pair (sk, pk) is (x, Y).
Algorithm, input length ofBlock chain ofChameleon hash key pair (tk) i ,hk)=((sk,t i ) Pk) of, whereinThe supervisor is B i Selected specific trapdoors, B i Merkle root m and workload of transactions contained thereinThe proven solution ctr, is performed as follows:
2) Find outGet the serial number i ← s m + 1; calculating eta i ←H prime (m | | i) to get the accumulator stateCalculating outTo obtain a i Corresponding evidence w i ←Q i 。
3) Supervisor calculation and B i Chameleon hash verification string corresponding to each field in the database
Algorithm, input LengthIs composed ofBlock chain ofB i Corresponding chameleon hash key pair (tk) i ,hk)=((sk,t i ),p k ),Corresponding chameleon hash key pairB i The values of m and ctr contained in the table areAt position l of the insertion, the following is performed:
1) solution (II)Find outTo obtain B i Serial number i ← s m + 1; calculating eta i ←H prime (m | | i) to get the accumulator stateComputingTo obtain A i Evidence w of (A) i ←Q i 。
2) Supervisor calculationsVerification string for obtaining chameleon hash by using chameleon hash trapdoor held by chameleon hash trapdoorThereby the device is provided with
3) Due to the insertion of B i Prev _ hash of the last original block is changed, so calculationSupervisor calculationsTo obtainAt this time, the original first block becomes
Algorithm, input length ofBlock chain ofThe first block in the chainThe modified target value m' of (a),chameleon key pairThe following is performed:
3) Calculating eta i′ ←H prime (m '| i') to get updated accumulator stateAnd evidence to add new version data
4) InitializationIf it is notThenCalculated by expanding Euclidean algorithmCalculating mu i′ ←h α V and v i′ ←A i′ β To obtainNon-member proof of all historical version data (z) i′ ,d i′ ,Q i′,3 )←NI-PoKE.Prove(β,A i′ ,ν i′ ) And
6) Supervisor calculates cont i′ ←p i ||m′||i′||A i′ ||w i′ And obtaining the chameleon Hash verification string corresponding to the updated data by using the chameleon Hash trapdoor held by the chameleon Hash trapdoor
Algorithm, input length ofBlock chain ofContinuous set of block locationsThe smallest of them is recorded asMaximum notationTo (L) max +1) blocks in a positionCorresponding chameleon hash key pairB comprising m and ctr i Corresponding chameleon hash (tk) i ,hk)=((sk,t i ) Pk), the block is used to record the deletion event, the following is performed:
1) updatingIs/are as followsSupervisor calculation through chameleon Hash trapdoorIs updatedRecord as
2) Find outGet the serial number i ← s m + 1; to obtainCalculating outInitializationAndfor all L ∈ L, calculateAnd determine whether there isIf so, thenGet the evidence that the block indicated by the delete L is deleted
3) Calculating eta i ←H prime (m | | i) to get a new accumulator stateAnd newly added B i Evidence of (1)
4) InitializationAndcomputingμ i ←h α 、v i ←A i β Obtaining the evidence that the historical versions of all the deleted blocks are invalid (z) i ,d i ,Q i,3 )←NI-PoKE.Prove(β,A i ,ν i ) And
1) analysis B i :=<p i ,ctr i ,m i ,i,ξ i ,A i ,w i >Wherein w is i :=Q i 。
4) if i is equal to s m +1、H 1 (ctr i ||h i ) If < D both holds, then η is calculated i ←H prime (m i ||i)。
Algorithm, input block B inserted in position l i Updated version of the block originally at that locationHas a length ofVerifier local block chainThe following is performed:
4) If i is equal to s m +1、H 1 (ctr i ||h i ) If < D is both true, then calculateAnd η i ←H prime (m i ||i)。
Algorithm, inputting modified block B at I position i Length ofIs local to the verifierThe following is performed:
Algorithm, input Block B which records deletion events i Deleted set of block locationsHas a length ofVerifier's local blockchainThe following is performed:
3) If H is present 1 (ctr i ||h i )<D、i==s m +1、All are true, then η is calculated i ←H prime (m i Ii) and
It should be noted that the embodiments of the present invention can be realized by hardware, software, or a combination of software and hardware. The hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory and executed by a suitable instruction execution system, such as a microprocessor or specially designed hardware. Those skilled in the art will appreciate that the apparatus and methods described above may be implemented using computer executable instructions and/or embodied in processor control code, such code being provided on a carrier medium such as a disk, CD-or DVD-ROM, programmable memory such as read only memory (firmware), or a data carrier such as an optical or electronic signal carrier, for example. The apparatus and its modules of the present invention may be implemented by hardware circuits such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., or by software executed by various types of processors, or by a combination of hardware circuits and software, e.g., firmware.
And thirdly, evidence of relevant effects of the embodiment. The embodiment of the invention has some positive effects in the process of research and development or use, and indeed has great advantages compared with the prior art, and the following contents are described by combining data, charts and the like in the test process.
To test the present invention, the blockchain implementing the present invention is programmed. Meanwhile, the scheme of the invention is compared with a non-editable common block chain and an Atenise scheme [ reproducible block chain-or-rewriting history in bits and friends ].
The invention is realized by Python 3.8.10 on Ubuntu 20.04.4LTS (2GB memory) running on VMware 12.5.2, and experimental equipment is provided with Intel (R) core (TM) i5-7500 CPU @3.40GHz and 8GB memory. The collected experimental data were plotted graphically using MATLAB R2019a V9.
We demonstrate the utility of the blockchain of the present invention from three aspects:
when the editing operation is not involved, the overhead of generating one block is what compared with the ordinary block chain and the Atenise scheme which are not editable;
second, the time required to edit (modify/delete) an existing block, compared to the Ateniese scheme;
and thirdly, verifying the cost of various editing operations and the whole block chain.
First, comparing the overhead of generating a block, we tested the cost of generating a block in the block as shown in FIGS. 4-6. As can be seen from fig. 4, since the general block chain has no editability, the time required to generate one block is minimal. In addition, since the present invention achieves verifiability of the block chaining state, additional operations are requiredAndthe algorithm generates a verifiable accumulator state so its run time to generate the block is slightly higher than the Ateniese scheme. The sizes of the block headers of the three block chains are compared in fig. 5. In the invention, the member evidence that the current version of the block belongs to the accumulator and the non-member evidence of the historical version of the block need to be recorded, so the size of the block head is slightly larger than that of the other two schemes. However, even so, as shown in fig. 6, the size difference of the block header is negligible for the entire block. In sum, the overhead in the block generation process does not affect the availability of verifiable and fully editable block chains in the present invention.
Second, the overhead of editing a block is compared, and FIGS. 7-9 show the run time of modifying and deleting a block in the present invention compared to the Atenise scheme. As can be seen from fig. 7, the computation cost of modifying a block in the Ateniese scheme is constant, whereas in the present invention, it increases as the block chain length increases. This is because the present invention callsThe algorithm disables the historical version of the modified block, thereby resisting replay attacks and enhancing the security and usability of the blockchain. Fig. 8-9 show the comparison result of the deleting operation, we test the position set L of the deleted block into two categories: one type is a set of consecutive locations; the other type is a set of non-contiguous locations, which can be viewed as a union of multiple sets containing contiguous locations. In the Ateniese scheme, after each continuous subset is deleted, a chameleon hash collision needs to be found, so that the running time does not change with the number of continuous blocks in the set, but increases with the increase of the number of subsets. In the block chain of the present invention, except that the implementation is the same as the Atenise schemeIn addition, H needs to be calculated for all the deleted blocks prime (. and) perform multiplications. The run time for the delete operation is increased in both cases. However, since the additional computational cost in the present invention is to achieve verifiability of blockchain status, these additional small amounts of overhead are acceptable in real-world scenarios.
Finally, the verification edit operation and the verification blockchain are tested for overhead, and since the editable blockchain in the present invention is verifiable, the overhead of each operation in verification and the overhead of verifying the entire blockchain are tested in fig. 10-14. As can be seen from fig. 10-11, the verification time for tile creation and modification does not vary with the length of the tile chain, and the overall process is user friendly with a time cost of only about tens of milliseconds. In fig. 12-13, the run time of the delete operation is verified for both cases of whether the divided blocks are contiguous or not. H for all deleted blocks needs to be calculated prime (. cndot.) multiplies, so runtime increases with the number of subsets and the size of L. Even so, the runtime to verify the deletion is only in milliseconds. Fig. 14 is a comparison of the blockchain of the present invention with the normal blockchain, Ateniese scheme, in terms of the time required to verify a blockchain of between 100 and 1100 in length. Although the verification time of these three blockchains increases with the length of the blockchain, in the blockchain of the present invention, the verification time is several seconds longer than the other two. This is because the accumulator state of the current blockchain needs to be recovered and compared with the latest state recorded on the chain to check the state of the blockchain.
In summary, the verifiability of the blockchain in the invention can not affect the feasibility of the blockchain, and the computational burden on the user is acceptable.
The above description is only for the purpose of illustrating the present invention and the appended claims are not to be construed as limiting the scope of the invention, which is intended to cover all modifications, equivalents and improvements that are within the spirit and scope of the invention as defined by the appended claims.
Claims (10)
1. A verifiable and fully editable blockchain system control method, characterized in that the verifiable and fully editable blockchain system control method comprises: the method comprises four processes of system establishment, block full-editing operation, block full-editing verification and block chain verification;
after generating system parameters, the supervisor generates a supervisory key pair of the supervisor; the block creator adopts a double-trapdoor chameleon Hash cluster and a trapdoor-free general accumulator, performs block addition, insertion, modification and deletion with the assistance of a supervisor, updates the block chain state, and generates a corresponding non-interactive verifiable certificate;
verifying the validity of the proof by the block chain user, adopting various operations according to the maximum serial number consensus rule, and realizing distributed block chain state updating; when a new user joins the block chain system, the connectivity of the whole block chain and the validity of the block chain state are verified.
2. The verifiable and fully editable blockchain system control method of claim 1, comprising the steps of:
step one, system establishment: generating system parameters and generating a key pair for a supervisor;
step two, the full editing operation of the block: the block creator adopts a double-trapdoor chameleon Hash cluster and a trapdoor-free general accumulator, performs block addition, insertion, modification and deletion with the assistance of a supervisor, updates the block chain state, and generates a corresponding non-interactive verifiable certificate;
step three, block full editing verification: verifying the validity of the proof by the block chain user, adopting various operations according to the maximum serial number consensus rule, and realizing distributed block chain state updating;
step four, verifying the block chain: and verifying the connectivity of the whole block chain and the validity of the block chain state, so that a new user is added into the block chain system.
3. The verifiable and fully editable block-chain system control method according to claim 2, wherein the system setup in the first step comprises:
(1)SysGen(I λ ) The → (pp) algorithm, inputs the security parameter λ, performs as follows:
selecting a cyclic group with a large prime number qAnd an unknown order groupSelecting two generatorsAndinitialization A 0 And c, refining the mixture to obtain two Hash functions H 1 :{0,1} * →{0,1} λ And H prime :(0,1} * → Primes (lambda), output system parameters
(2) The KeyGen (pp) → (sk, pk) algorithm, entering the system parameters pp, performs the following:
4. The verifiable and fully editable block-chain system control method according to claim 2, wherein the full editing operation of the block in the second step comprises:
(1)algorithm, input length ofBlock chain ofChameleon hash key pair (tk) i ,hk)=((sk,t i ) Pk) in whichThe supervisor is B i Selected specific trapdoors, B i Merkle root m of the involved transaction and the solution ctr of the workload proof are performed as follows:
ParsecomputingAndto obtain B i Is/are as followsFind outGet the serial number i ← s m + 1; calculating eta i ←H prime (m | | i) to get the accumulator stateComputingTo obtain a i Corresponding evidence w i Axle 300, Qi; supervisor calculation and B i Chameleon hash verification string corresponding to each field in the databaseTo obtain finallyWherein B is i :=<p i ,ctr,m,i,ξ i ,A i ,w i >;
(2)Algorithm, input length ofBlock chain ofB i Corresponding chameleon hash key pair (tk) i ,hk)=((sk,t i ),pk),Corresponding chameleon hash key pairB i The m and ctr values contained in the table areAt position l of the insertion, the following is performed:
Parsefind outTo obtain B i Serial number i ← s m + 1; calculating eta i ←H prime (m | | i) to get the accumulator stateComputingTo obtain A i Evidence w of (A) i ←Q i (ii) a Supervisor calculationsObtaining chameleon Hash verification string by using held chameleon Hash trapdoorThereby the device is provided with
Due to the insertion of B i Prev _ hash of the last original block is changed, so calculation is performedSupervisor calculationsTo obtainThe original first block becomesOutput block chain
(3)Algorithm, input length ofBlock chain ofThe first block in the chainThe modified target value m' of (a),chameleon key pairThe following is performed:
Parsefind outObtaining new serial number i' ← s m + 1; initializationComputingAndobtaining evidence of data deletion of old versionCalculating eta i′ ←H prime (m '| | i') to obtainTo updated accumulator stateAnd evidence to add new version dataInitializationIf it is notThenBy extended Euclidean algorithm computationCalculating mu i′ ←h α V and v i′ ←A i′ β To obtainNon-member proof of all historical version data (z) i′ ,d i′ ,Q i′,3 )←NI-PoKE.Prove(β,A i′ ,ν i′ ) Andsynthesizing the above results to obtain evidence of current accumulator stateSupervisor calculation, using cont held by him i′ ←p i ||m′||i′||A i′ ||w i′ Chameleon Hash verification string corresponding to updated data obtained by chameleon Hash trap doorOutput the outputWherein B is i′ :=<p i ,ctr i ,m′,i′,ξ i′ ,A i′ ,w i′ >;
(4)Algorithm, input length ofBlock chain ofContinuous set of block locationsThe smallest of them is recorded asMaximum notationTo (L) max +1) blocks in a positionCorresponding chameleon hash key pairB comprising m and ctr i Corresponding chameleon hash (tk) i ,hk)=((sk,t i ) Pk), the block is used to record the deletion event, the following is performed:
Find outGet the serial number i ← s m + 1; to obtainComputingInitializationAndfor all L ∈ L, calculateAnd determine whether there isIf so, thenGet the evidence that the block shown by the delete L is deletedCalculating eta i ←H prime (m | | i) to get a new accumulator stateAnd newly added B i Evidence of (1)InitializationAndcalculating outGet evidence of historical version failure of all deleted blocks (z) i ,d i ,Q i,3 )←NI-PoKE.Prove(β,A i ,ν i ) Andto sum up, obtain the evidence of the accumulatorThe supervisor calculates through the trapdoorFinally outputWherein B is i :=<p i ctr,m,i,ξ i ,A i ,w i >。
5. The verifiable and fully editable block-chain system control method of claim 2, wherein the full-edit verification of the block in step three comprises:
(1)algorithm, input additional block B i Length ofIs local to the verifierThe following is performed:
analysis B i :=<p i ,ctr i ,m i ,i,ξ i ,A i ,w i >Wherein w is i :=Q i To find outIn (1)Resolve the sequence number toBlock ofComputingAndif i is equal to s m +1、All are true, then η is calculated i ←H prime (m i I) and returns the verification result
(2)Algorithm, input block B inserted in position l i Updated version of the block originally located at that locationHas a length ofVerifier local block chainThe following is performed:
analysis B i :=<p i ,ctr i ,m i ,i,ξ i ,A i ,w i >Wherein w is i :=Q i Analysis ofAndonFind outAnd analyzeBy passingComputingIf i is equal to s m +1、H 1 (ctr i ||h i ) If < D is both true, then calculateAnd η i ←H prime (m i | i), returning a verification result
(3)Algorithm, inputting modified block B at I position i Length ofIs local to the verifierThe following is performed:
parsing blocksWhereinResolving blockchainsOnFind outIs/are as followsAnd analyzeCalculating outAnd recover toIf H is present 1 (ctr i ||h i ) < D and i ═ s m +1, then calculate η i ←H prime (m i I) andreturning verification results
(4)Algorithm, input Block B which records deletion events i Deleted set of block locationsHas a length ofVerifier's local blockchainThe following is performed:
6. The verifiable and fully editable block-chain system control method of claim 2, wherein the block-chain verification in step four comprises:
7. A verifiable and fully editable blockchain system applying the verifiable and fully editable blockchain system control method according to claims 1 to 6, wherein the verifiable and fully editable blockchain system comprises:
the system establishing module is used for generating system parameters and generating a key pair for a supervisor;
the block creator adopts a double-trapdoor chameleon Hash cluster and a trapdoor-free general accumulator, adds, inserts, modifies and deletes blocks with the assistance of a supervisor, updates the state of a block chain, and generates a corresponding non-interactive verifiable certificate;
the full-editing verification module is used for adopting various operations according to the maximum serial number consensus rule by utilizing the validity of the block chain user verification certificate to realize distributed block chain state updating;
and the block chain verification module is used for verifying the connectivity of the whole block chain and the validity of the block chain state so as to enable a new user to join the block chain system.
8. A computer device, characterized in that the computer device comprises a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to carry out the steps of:
after generating system parameters, a supervisor generates a supervisory key pair of the supervisor; the block creator adopts a double-trapdoor chameleon Hash cluster and a trapdoor-free general accumulator, performs block addition, insertion, modification and deletion with the assistance of a supervisor, updates the block chain state, and generates a corresponding non-interactive verifiable certificate;
verifying the validity of the proof by the block chain user, adopting various operations according to the maximum serial number consensus rule, and realizing distributed block chain state updating; when a new user joins the block chain system, the connectivity of the whole block chain and the validity of the block chain state are verified.
9. A computer-readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of:
after generating system parameters, a supervisor generates a supervisory key pair of the supervisor; the block creator adopts a double-trapdoor chameleon Hash cluster and a trapdoor-free general accumulator, performs block addition, insertion, modification and deletion with the assistance of a supervisor, updates the block chain state, and generates a corresponding non-interactive verifiable certificate;
verifying the validity of the proof by the block chain user, adopting various operations according to the maximum serial number consensus rule, and realizing distributed block chain state updating; and when a new user joins the block chain system, verifying the connectivity of the whole block chain and the validity of the block chain state.
10. An information data processing terminal characterized in that it is adapted to implement a verifiable and fully editable block-chain system according to claim 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210281106.8A CN115118429A (en) | 2022-03-22 | 2022-03-22 | Verifiable and fully editable block chain system, method, equipment and terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210281106.8A CN115118429A (en) | 2022-03-22 | 2022-03-22 | Verifiable and fully editable block chain system, method, equipment and terminal |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115118429A true CN115118429A (en) | 2022-09-27 |
Family
ID=83325358
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210281106.8A Pending CN115118429A (en) | 2022-03-22 | 2022-03-22 | Verifiable and fully editable block chain system, method, equipment and terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115118429A (en) |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107113179A (en) * | 2014-11-12 | 2017-08-29 | 亚伦.吉利 | Multiple encoding for authentication |
CN109274481A (en) * | 2018-08-01 | 2019-01-25 | 中国科学院数据与通信保护研究教育中心 | A kind of traceable method of data of block chain |
CN110061850A (en) * | 2019-04-24 | 2019-07-26 | 电子科技大学 | The collision calculation method and editable block chain building method of chameleon hash function |
CN111639935A (en) * | 2020-04-30 | 2020-09-08 | 南京理工大学 | Account book modification method applicable to editable block chain |
CN111884815A (en) * | 2020-08-07 | 2020-11-03 | 上海格尔安全科技有限公司 | Block chain-based distributed digital certificate authentication system |
CN112468302A (en) * | 2020-10-23 | 2021-03-09 | 湖南天河国云科技有限公司 | Editable blockchain based on verifiable multiparty secret sharing |
CN112541195A (en) * | 2020-12-21 | 2021-03-23 | 清华大学 | Method and device for constructing editable block chain |
CN112887078A (en) * | 2021-02-02 | 2021-06-01 | ***股份有限公司 | Method and device for editing blocks in block chain |
CN113536389A (en) * | 2021-06-15 | 2021-10-22 | 复旦大学 | Fine-grained controllable decentralized editable block chain construction method and system |
-
2022
- 2022-03-22 CN CN202210281106.8A patent/CN115118429A/en active Pending
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107113179A (en) * | 2014-11-12 | 2017-08-29 | 亚伦.吉利 | Multiple encoding for authentication |
CN109274481A (en) * | 2018-08-01 | 2019-01-25 | 中国科学院数据与通信保护研究教育中心 | A kind of traceable method of data of block chain |
CN110061850A (en) * | 2019-04-24 | 2019-07-26 | 电子科技大学 | The collision calculation method and editable block chain building method of chameleon hash function |
CN111639935A (en) * | 2020-04-30 | 2020-09-08 | 南京理工大学 | Account book modification method applicable to editable block chain |
CN111884815A (en) * | 2020-08-07 | 2020-11-03 | 上海格尔安全科技有限公司 | Block chain-based distributed digital certificate authentication system |
CN112468302A (en) * | 2020-10-23 | 2021-03-09 | 湖南天河国云科技有限公司 | Editable blockchain based on verifiable multiparty secret sharing |
CN112541195A (en) * | 2020-12-21 | 2021-03-23 | 清华大学 | Method and device for constructing editable block chain |
CN112887078A (en) * | 2021-02-02 | 2021-06-01 | ***股份有限公司 | Method and device for editing blocks in block chain |
CN113536389A (en) * | 2021-06-15 | 2021-10-22 | 复旦大学 | Fine-grained controllable decentralized editable block chain construction method and system |
Non-Patent Citations (3)
Title |
---|
Y. YUAN: "Editable Blockchain: Models, Techniques and Methods", ACTA AUTOMATICA SINICA, 1 May 2020 (2020-05-01) * |
李佩丽;徐海霞;马添军;穆永恒;: "可更改区块链技术研究", 密码学报, no. 05, 15 October 2018 (2018-10-15) * |
袁勇;王飞跃;: "可编辑区块链:模型、技术与方法", 自动化学报, no. 05, 15 May 2020 (2020-05-15) * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20200159697A1 (en) | Immutable ledger with efficient and secure data destruction, system and method | |
CN110008720B (en) | Dynamic data tracing method and device for Internet of things based on alliance chain | |
KR20230165886A (en) | Securing blockchain transaction based on undetermined data | |
KR20200013680A (en) | Script-based Blockchain Interaction | |
Zheng et al. | Efficient query integrity for outsourced dynamic databases | |
CN115048652A (en) | End-to-end security for hardware running verified software | |
Kundu et al. | How to authenticate graphs without leaking | |
Chang et al. | A blind dynamic fingerprinting technique for sequential circuit intellectual property protection | |
CN111641496B (en) | Block chain data updating method, device, equipment, system and readable storage medium | |
Van Dijk et al. | Offline untrusted storage with immediate detection of forking and replay attacks | |
Mahony et al. | A systematic review of blockchain hardware acceleration architectures | |
Weng et al. | Proof of unlearning: Definitions and instantiation | |
Chen et al. | Towards Reliable Utilization of AIGC: Blockchain-Empowered Ownership Verification Mechanism | |
CN113051624A (en) | Intelligent contract information flow integrity verification method and system based on type detection | |
US10565391B2 (en) | Expression evaluation of database statements for restricted data | |
Parisi | Securing Blockchain Networks like Ethereum and Hyperledger Fabric: Learn advanced security configurations and design principles to safeguard Blockchain networks | |
CN114500347B (en) | Method and system for formalized verification of security interconnection protocol | |
CN115118429A (en) | Verifiable and fully editable block chain system, method, equipment and terminal | |
WO2023082340A1 (en) | Method for designing secure boot solution for embedded device on basis of formal verification | |
Tang et al. | Zero-knowledge proof vulnerability analysis and security auditing | |
CN110795661B (en) | Web application system and method for providing end-to-end integrity protection | |
Selvamani et al. | A Novel Approach for Prevention of SQL Injection Attacks Using Cryptography and Access Control Policies | |
Wagner et al. | Faulting Winternitz One-Time Signatures to Forge LMS, XMSS, or Signatures | |
Li et al. | Backdoor-Resistant Public Data Integrity Verification Scheme Based on Smart Contracts | |
CN112733126A (en) | Product license authentication method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |