CN111767569A

CN111767569A - Blockchain access authorization method and node

Info

Publication number: CN111767569A
Application number: CN202010579598.XA
Authority: CN
Inventors: 罗强; 苏恒; 黄大光; 吴业骏
Original assignee: Industrial and Commercial Bank of China Ltd ICBC
Current assignee: Industrial and Commercial Bank of China Ltd ICBC
Priority date: 2020-06-23
Filing date: 2020-06-23
Publication date: 2020-10-13

Abstract

The access authorization method and the node of the block chain, which are provided by the invention, utilize the consensus accounting node to obtain the attribute information of the access node, generating an attribute key according to the attribute information, and simultaneously generating the same attribute key by the access node requesting access according to the attribute information of the access node, and further, the security problem that the data owner can share the transaction information in a limited way can be effectively solved by using the attribute key generated by the data owner to decrypt the transaction information encrypted by the common identification accounting node, the invention takes the data provider as the provider of the CA certificate and the authorization subject to design a ciphertext strategy, namely, the attribute encryption is carried out by providing an attribute strategy based on a ciphertext strategy, an information access user applies for the access right through a block chain network, the method gets rid of the bottleneck of dependence on the CA of the authentication center, and improves the reliability and efficiency of privacy protection of transaction data.

Description

Blockchain access authorization method and node

技术领域technical field

本发明属于区块链技术领域，具体地讲，设计一种区块链的访问授权方法及节点。The invention belongs to the technical field of block chain, and specifically, designs an access authorization method and node of block chain.

背景技术Background technique

随着互联网从信息互联向价值互联，再到秩序互联的跨越，区块链技术应运而生，区块链技术是一种去中心化的共识记账技术，具有去中心化，不可篡改，公开透明等特点。为了降低大规模计算资源控制网络，引起共谋风险，区块链网络采用群体共识的方法保证交易的一致性。群体共识是一种采用多节点共同记账和表决的机制。具体地说，区块链网络由若干共识记账节点构成，每个记账节点存储全量账本并自主表决，形成群体决策，因此少数节点对全量账本的修改，无法影响群体表决的结果，具有不可篡改、安全可靠的特性。With the leap of the Internet from information interconnection to value interconnection, and then to order interconnection, blockchain technology emerged as the times require. Blockchain technology is a decentralized consensus bookkeeping technology that is decentralized, non-tamperable, and open. Transparency and so on. In order to reduce the large-scale computing resource control network and cause the risk of collusion, the blockchain network adopts the method of group consensus to ensure the consistency of transactions. Group consensus is a mechanism that adopts multi-node common accounting and voting. Specifically, the blockchain network consists of several consensus accounting nodes. Each accounting node stores the full account book and votes independently to form a group decision. Therefore, the modification of the full account book by a few nodes cannot affect the result of the group voting. Tamper-proof, safe and reliable features.

虽然区块链网络大量参与记帐的共识节点，但大多数情况下交易只在有限的交易方之间发生，例如：私人物品交易、信息分享、数据转移等，均发生在有限范围，有限的交易方产生的交易信息却要传递到全网，既增加了隐私数据泄露的风险，又降低了交易并发的效率。为解决上述问题，前期专利(《一种松散耦合的区块链自主交易系统和方法》)提出了松散耦合交易圈的概念，即通过自主选择合作伙伴，形成的临时性的共识交易圈。松散耦合交易圈具有临时性、不确定性、一致性的特点，交易方可以自主选择加入或退出时机，在规模、生存周期、交易类型等存在不确定性，却需要在有限范围内保证群体共识的一致性。随着松散耦合交易圈的建立，参与方的交易数据具有隐私性和保密性，交易数据拥有者允许授权给有权人访问，用户需要通过加密属性及加密策略的验证方可访问数据，同时还要防止合谋，信息泄露，外部攻击等风险，存在诸多不足。Although the blockchain network participates in a large number of consensus nodes for bookkeeping, in most cases transactions only occur between limited transaction parties, such as: private item transactions, information sharing, data transfer, etc., all occur in a limited range, limited The transaction information generated by the transaction parties has to be transmitted to the entire network, which not only increases the risk of privacy data leakage, but also reduces the efficiency of transaction concurrency. In order to solve the above problems, the previous patent ("A Loosely Coupled Blockchain Autonomous Transaction System and Method") proposed the concept of a loosely coupled transaction circle, that is, a temporary consensus transaction circle formed by independently selecting partners. The loosely coupled trading circle has the characteristics of temporality, uncertainty and consistency. The trading parties can choose the timing of joining or withdrawing independently. There are uncertainties in the scale, life cycle, transaction type, etc., but it is necessary to ensure group consensus within a limited range. consistency. With the establishment of a loosely coupled transaction circle, the transaction data of the participants is private and confidential. The transaction data owner is allowed to authorize access to the authorized person. Users need to verify the encryption attributes and encryption policies before they can access the data. There are many deficiencies in preventing risks such as collusion, information leakage, and external attacks.

发明内容SUMMARY OF THE INVENTION

本发明提供了一种区块链的访问授权方法及节点，以至少解决上述问题的至少一个。The present invention provides a block chain access authorization method and node to solve at least one of the above problems.

本发明一方面提供一种区块链的访问授权方法，包括：One aspect of the present invention provides an access authorization method for a blockchain, including:

共识记账节点接收交易信息访问请求；所述交易信息访问请求包括访问节点的属性信息；The consensus accounting node receives the transaction information access request; the transaction information access request includes attribute information of the access node;

所述共识记账节点根据所述属性信息生成属性密钥，并利用所述属性密钥对访问的交易信息进行加密，生成交易信息密文；其中所述访问节点基于自身的属性信息生成所述属性密钥；The consensus accounting node generates an attribute key according to the attribute information, and uses the attribute key to encrypt the accessed transaction information to generate transaction information ciphertext; wherein the access node generates the transaction information based on its own attribute information. property key;

广播所述交易信息密文，以使所述访问节点利用所述访问节点的属性密钥解密所述交易信息密文，进而得到所述交易信息；其中所述访问节点的属性密钥生成方式与所述共识记账节点的属性密钥生成方式相同。Broadcast the transaction information ciphertext, so that the access node decrypts the transaction information ciphertext by using the attribute key of the access node, and then obtains the transaction information; wherein the attribute key generation method of the access node is the same as that of the access node. The attribute keys of the consensus accounting nodes are generated in the same manner.

在优选的实施例中，所述交易信息访问请求还包括安全认证信息；In a preferred embodiment, the transaction information access request further includes security authentication information;

在根据所述属性信息生成属性密钥之前，所述访问授权方法还包括：Before generating the attribute key according to the attribute information, the access authorization method further includes:

验证交易信息访问请求中的安全认证信息，若验证通过，根据所述属性信息生成属性密钥。The security authentication information in the transaction information access request is verified, and if the verification is passed, an attribute key is generated according to the attribute information.

在优选的实施例中，还包括：In a preferred embodiment, it also includes:

建立多个松散耦合交易圈，并用版本号唯一标识每个松散耦合交易圈。Establish multiple loosely coupled trading circles, and uniquely identify each loosely coupled trading circle with a version number.

在优选的实施例中，建立每个松散耦合交易圈，并用版本号唯一标识对应的松散耦合交易圈，包括：In a preferred embodiment, each loosely coupled trading circle is established, and the corresponding loosely coupled trading circle is uniquely identified with a version number, including:

广播松散耦合交易请求，以使各交易节点根据收到的松散耦合交易请求判断自身是否为松散耦合交易圈内的节点；所述松散耦合交易请求包括一唯一版本号；Broadcasting a loosely coupled transaction request, so that each transaction node determines whether it is a node in the loosely coupled transaction circle according to the received loosely coupled transaction request; the loosely coupled transaction request includes a unique version number;

连同其他判断自身属于所述松散耦合交易圈内的节点，接收非自身交易节点发送的达成松散耦合的通知回应消息；Together with other nodes that determine that they belong to the loosely coupled trading circle, receive a notification response message of loose coupling sent by non-self-trading nodes;

连同其他判断自身属于所述松散耦合交易圈内的节点，发送版本号申请成功确认信息并广播所述版本号，以告知所述松散耦合交易圈内的非自身节点。Together with other nodes that determine that they belong to the loosely coupled trading circle, send the version number application success confirmation message and broadcast the version number to inform non-self nodes in the loosely coupled trading circle.

在优选的实施例中，所述松散耦合交易请求还包括交易节点地址信息；各交易节点根据收到的松散耦合交易请求判断自身是否为松散耦合交易圈内的节点，包括：In a preferred embodiment, the loosely coupled transaction request further includes transaction node address information; each transaction node determines whether it is a node in the loosely coupled transaction circle according to the received loosely coupled transaction request, including:

各交易节点判断自身地址信息是否包括于松散耦合交易请求中的地址信息中，若包括则确定自身为松散耦合交易圈内的节点。Each transaction node determines whether its own address information is included in the address information in the loosely coupled transaction request, and if so, determines that it is a node in the loosely coupled transaction circle.

在优选的实施例中，每个共识记账节点对应一节点唯一标识；所述根据所述属性信息生成属性密钥，包括：In a preferred embodiment, each consensus accounting node corresponds to a unique node identifier; the generating an attribute key according to the attribute information includes:

根据所述属性信息、对应的所述节点唯一标识以及所述安全认证信息生成所述属性密钥。The attribute key is generated according to the attribute information, the corresponding unique identifier of the node, and the security authentication information.

本发明另一方面提供一种区块链的访问授权方法，包括：Another aspect of the present invention provides a block chain access authorization method, including:

访问节点向区块链中的共识记账节点发送交易信息访问请求；所述交易信息访问请求包括访问节点的属性信息；The access node sends a transaction information access request to the consensus accounting node in the blockchain; the transaction information access request includes attribute information of the access node;

接收所述共识记账节点发送的交易信息密文；其中所述交易信息密文是所述共识记账节点根据所述属性信息生成属性密钥，并利用所述属性密钥对访问的交易信息进行加密得到；Receive the transaction information ciphertext sent by the consensus accounting node; wherein the transaction information ciphertext is the transaction information that the consensus accounting node generates an attribute key according to the attribute information, and uses the attribute key to access the transaction information encrypted;

利用所述访问节点的属性密钥解密所述交易信息密文，进而得到所述交易信息；其中所述访问节点的属性密钥生成方式与所述共识记账节点的属性密钥生成方式相同。Decrypt the ciphertext of the transaction information by using the attribute key of the access node, and then obtain the transaction information; wherein the generation method of the attribute key of the access node is the same as the generation method of the attribute key of the consensus accounting node.

本发明又一方面提供一种区块链的授权访问系统方法，包括：Another aspect of the present invention provides a method for an authorized access system for a blockchain, including:

共识记账节点记录所述交易节点产生的交易信息；The consensus accounting node records the transaction information generated by the transaction node;

访问节点向所述共识记账节点发送交易信息访问请求；所述交易信息访问请求包括访问节点的属性信息；The access node sends a transaction information access request to the consensus accounting node; the transaction information access request includes attribute information of the access node;

所述共识记账节点根据所述属性信息生成属性密钥，并利用所述属性密钥对访问的交易信息进行加密，生成交易信息密文，并广播所述交易信息密文；The consensus accounting node generates an attribute key according to the attribute information, and uses the attribute key to encrypt the accessed transaction information, generates a transaction information ciphertext, and broadcasts the transaction information ciphertext;

所述访问节点接收所述共识记账节点发送的交易信息密文，并利用自身的属性密钥解密所述交易信息密文，进而得到所述交易信息；其中所述访问节点的属性密钥生成方式与所述共识记账节点的属性密钥生成方式相同。The access node receives the ciphertext of the transaction information sent by the consensus accounting node, and uses its own attribute key to decrypt the ciphertext of the transaction information, and then obtains the transaction information; wherein the attribute key of the access node is generated The method is the same as the method of generating the attribute key of the consensus accounting node.

本发明又一方面提供一种区块链的共识记账节点，包括：Another aspect of the present invention provides a consensus accounting node of a blockchain, including:

访问请求接收模块，共识记账节点接收交易信息访问请求；所述交易信息访问请求包括访问节点的属性信息；an access request receiving module, the consensus accounting node receives a transaction information access request; the transaction information access request includes attribute information of the access node;

属性密钥生成模块，所述共识记账节点根据所述属性信息生成属性密钥，并利用所述属性密钥对访问的交易信息进行加密，生成交易信息密文；其中所述访问节点基于自身的属性信息生成所述属性密钥；an attribute key generation module, wherein the consensus accounting node generates an attribute key according to the attribute information, and uses the attribute key to encrypt the accessed transaction information to generate transaction information ciphertext; wherein the access node is based on its own to generate the attribute key from the attribute information;

交易信息密文广播模块，广播所述交易信息密文，以使所述访问节点利用所述访问节点的属性密钥解密所述交易信息密文，进而得到所述交易信息；其中所述访问节点的属性密钥生成方式与所述共识记账节点的属性密钥生成方式相同。The transaction information ciphertext broadcasting module broadcasts the transaction information ciphertext, so that the access node decrypts the transaction information ciphertext by using the attribute key of the access node, and then obtains the transaction information; wherein the access node The generation method of the attribute key is the same as the generation method of the attribute key of the consensus accounting node.

本发明又一方面提供一种区块链的访问节点，包括：Another aspect of the present invention provides a block chain access node, including:

访问请求发送模块，访问节点向区块链中的共识记账节点发送交易信息访问请求；所述交易信息访问请求包括访问节点的属性信息；an access request sending module, where the access node sends a transaction information access request to the consensus accounting node in the blockchain; the transaction information access request includes attribute information of the access node;

交易信息密文接收模块，接收所述共识记账节点发送的交易信息密文；其中所述交易信息密文是所述共识记账节点根据所述属性信息生成属性密钥，并利用所述属性密钥对访问的交易信息进行加密得到；The transaction information ciphertext receiving module receives the transaction information ciphertext sent by the consensus accounting node; wherein the transaction information ciphertext is that the consensus accounting node generates an attribute key according to the attribute information, and uses the attribute The key pair is obtained by encrypting the accessed transaction information;

解密模块，利用所述访问节点的属性密钥解密所述交易信息密文，进而得到所述交易信息；其中所述访问节点的属性密钥生成方式与所述共识记账节点的属性密钥生成方式相同。A decryption module, which uses the attribute key of the access node to decrypt the ciphertext of the transaction information, and then obtains the transaction information; wherein the attribute key generation method of the access node and the attribute key generation method of the consensus accounting node the same way.

本发明又一方面提供一种区块链的授权访问系统，包括：交易节点、共识记账节点以及访问节点；Another aspect of the present invention provides an authorized access system for a blockchain, including: a transaction node, a consensus accounting node, and an access node;

所述共识记账节点记录所述交易节点产生的交易信息；The consensus accounting node records the transaction information generated by the transaction node;

所述访问节点向所述共识记账节点发送交易信息访问请求；所述交易信息访问请求包括访问节点的属性信息；The access node sends a transaction information access request to the consensus accounting node; the transaction information access request includes attribute information of the access node;

根据本发明的另一个方面，一种电子设备，包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序，所述处理器执行所述程序时实现上述所述区块链的访问授权方法。According to another aspect of the present invention, an electronic device includes a memory, a processor, and a computer program stored in the memory and executable on the processor, the processor implements the above-mentioned blockchain when executing the program access authorization method.

根据本发明的另一个方面，一种计算机可读存储介质，其上存储有计算机程序，该计算机程序被处理器执行时实现上述所述区块链的访问授权方法。According to another aspect of the present invention, a computer-readable storage medium is provided with a computer program stored thereon, and when the computer program is executed by a processor, the access authorization method of the above-mentioned blockchain is implemented.

本发明提出的区块链的访问授权方法及节点，通过利用共识记账节点在获得访问节点的属性信息后，根据属性信息生成属性密钥，同时请求访问的访问节点根据自身的属性信息同样可以生成相同的属性密钥，进而通过用自身生成的属性密钥解密共识记账节点加密的交易信息，能够有效解决了数据拥有者有限分享交易信息的安全问题，本发明将数据提供方作为CA证书的提供者，同时作为授权主体设计密文策略，即通过提供基于密文策略的属性策略进行属性加密，信息访问用户通过区块链网络申请访问权,该方法摆脱了对认证中心CA的依赖瓶颈，提高了交易数据的隐私保护的可靠性和效率。The access authorization method and node of the blockchain proposed by the present invention generate an attribute key according to the attribute information after obtaining the attribute information of the access node by using the consensus accounting node, and the access node requesting access can also be based on its own attribute information The same attribute key is generated, and then the transaction information encrypted by the consensus accounting node is decrypted with the attribute key generated by itself, which can effectively solve the security problem of the limited sharing of transaction information by the data owner. The present invention uses the data provider as the CA certificate. At the same time, it designs ciphertext strategy as an authorized subject, that is, by providing attribute strategy based on ciphertext strategy for attribute encryption, information access users apply for access rights through the blockchain network, this method gets rid of the bottleneck of relying on the certification center CA , which improves the reliability and efficiency of privacy protection of transaction data.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案，下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍，显而易见地，下面描述中的附图仅仅是本发明的一些实施例，对于本领域普通技术人员来讲，在不付出创造性劳动的前提下，还可以根据这些附图获得其他的附图。In order to explain the embodiments of the present invention or the technical solutions in the prior art more clearly, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained according to these drawings without creative efforts.

图1：一种基于松散共识的区块链多中心交易隐私保护系统示意图；Figure 1: A schematic diagram of a blockchain multi-center transaction privacy protection system based on loose consensus;

图2：一种基于松散共识的区块链多中心交易隐私保护示意图；Figure 2: A schematic diagram of a blockchain multi-center transaction privacy protection based on loose consensus;

图3：一种请求报文格式示意图；Figure 3: A schematic diagram of a request message format;

图4：一种区块链的访问授权方法的流程图；Figure 4: A flowchart of a blockchain access authorization method;

图5：一种区块链的共识记账节点的结构示意图。Figure 5: A schematic diagram of the structure of a consensus accounting node in a blockchain.

图6：适用于本发明实施例的计算机设备结构示意图。FIG. 6 is a schematic structural diagram of a computer device suitable for an embodiment of the present invention.

具体实施方式Detailed ways

下面将结合本发明实施例中的附图，对本发明实施例中的技术方案进行清楚、完整地描述，显然，所描述的实施例仅仅是本发明一部分实施例，而不是全部的实施例。基于本发明中的实施例，本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例，都属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

区块链网络中的共识记账节点要在共识完成后增加区块以确保网络中个节点的信息完备性。然而，在实际交易发生时，并不是所有交易都需要进行全网共识，而是交易只需要在有限的范围内发生共识，因此，为了解决传统的区块链需要进行全网共识的问题，本发明提供了一种松散耦合交易圈，其构建在传统的区块链网络上，与传统的区块链交易相比，松散耦合交易圈无需事先锚定联盟成员以组成相对稳固的网络。本发明提出的方法引入了松散耦合共识智能合约和应用级智能合约的概念，其中，松散耦合共识智能合约执行松散耦合协议，根据松散耦合交易圈的范围，锚定交易的参与方所属的节点，实现在有限范围内的共识记帐，应用级智能合约负责在执行业务交易时调用松散耦合共识智能合约。松散耦合协议支持任意数量的交易方自主加入和撤出交易联盟，构建灵活生态。The consensus bookkeeping nodes in the blockchain network should add blocks after the consensus is completed to ensure the completeness of the information of each node in the network. However, when an actual transaction occurs, not all transactions require consensus on the entire network, but only within a limited range. Therefore, in order to solve the problem that the traditional blockchain requires consensus on the entire network, this The invention provides a loosely coupled trading circle, which is built on a traditional blockchain network. Compared with the traditional blockchain trading, the loosely coupled trading circle does not need to anchor alliance members in advance to form a relatively stable network. The method proposed by the present invention introduces the concept of a loosely coupled consensus smart contract and an application-level smart contract, wherein the loosely coupled consensus smart contract executes a loosely coupled protocol, and according to the scope of the loosely coupled transaction circle, anchors the nodes to which the transaction participants belong, To achieve consensus accounting within a limited range, application-level smart contracts are responsible for calling loosely coupled consensus smart contracts when executing business transactions. The loosely coupled protocol supports any number of trading parties to join and withdraw from the trading alliance independently, building a flexible ecosystem.

区块链经过一系列交易后，达到最终的交易状态，其中，状态用σ表示，包括区块链交易的账户余额、顺序号、时间戳、交易对手等数据；区块链交易用T表示，是连接前后两个状态的合法规则，状态在形式上的表示如下：After a series of transactions, the blockchain reaches the final transaction state, where the state is represented by σ, including the account balance, sequence number, timestamp, counterparty and other data of the blockchain transaction; the blockchain transaction is represented by T, is a legal rule to connect the two states before and after. The state is formally represented as follows:

σ_t+1＝γ(σ_t,T)σ _t+1 =γ(σ _t ,T)

其中，γ表示状态转移函数。为了区别于传统的区块链交易，在状态转移函数中引入版本号v，即γ_v，且v∈N,v≥0，当v＝0时，γ_v表示传统区块链交易；当v＞0时，γ_v表示执行松散耦合交易。需要指出的是，版本号v在全网唯一，使用的版本号v在全网共识记帐节点存证，用于区分不同松散耦合交易圈的智能合约状态转移函数。具体如下：where γ represents the state transition function. In order to distinguish it from the traditional blockchain transaction, the version number v is introduced into the state transition function, namely γ _v , and v∈N, v≥0, when v=0, γ _v represents the traditional blockchain transaction; when v When > 0, γ _v represents the execution of loosely coupled transactions. It should be pointed out that the version number v is unique in the whole network, and the version number v used is stored in the consensus accounting node of the whole network, which is used to distinguish the smart contract state transfer function of different loosely coupled trading circles. details as follows:

σ_t+1＝γ_v(σ_t,T)σ _t+1 = γ _v (σ _t ,T)

上述关系形式化表现为：The above relationship is formalized as:

执行松散耦合智能合约状态转移函数γ_v后，交易信息只物理存储在交易方所属节点。After the loosely coupled smart contract state transition function _γv is executed, the transaction information is only physically stored in the node to which the transaction party belongs.

本发明中，所述的交易节点，即为交易方的验证节点，例如对于参与方A是一银行机构，则其对应的验证节点是参与方A的处于区块链网络中的客户终端。In the present invention, the transaction node is the verification node of the transaction party. For example, if the participant A is a banking institution, the corresponding verification node is the client terminal of the participant A in the blockchain network.

如图1所示，一种松散耦合的区块链自主交易系统和方法示意图包括：区块链基础设施云(BaaS)1、区块链共识记账节点2、松散耦合交易圈3、松散耦合交易圈4、交易方5。其中，松散耦合交易圈3和4的本质都一样，只是具有不同的交易方数量。As shown in Figure 1, a schematic diagram of a loosely coupled blockchain autonomous transaction system and method includes: blockchain infrastructure cloud (BaaS) 1, blockchain consensus accounting node 2, loosely coupled transaction circle 3, loosely coupled Trading circle 4, trading party 5. Among them, the essence of loosely coupled trading circles 3 and 4 is the same, but with different number of trading parties.

区块链基础设施云(BaaS)1：负责根据用户的组网资源请求，提供分配网络资源、计算资源和存储资源，创建区块链组网服务，支持根据用户的区块链产品标准，选择区块链产品镜像，创建虚拟节点。Blockchain Infrastructure Cloud (BaaS) 1: Responsible for providing and assigning network resources, computing resources and storage resources according to the user's request for networking resources, creating blockchain networking services, and supporting selection based on the user's blockchain product standards Mirroring of blockchain products, creating virtual nodes.

区块链共识记账节点2：区块链网络具有若干个区块链共识记账节点，作为区块链计算节点，主要负责区块链交易接入和处理，提供智能合约执行、交易共识和交易记账。在区块链基础设施云(BaaS)1中，区块链共识记账节点均为虚拟计算节点。Blockchain consensus accounting node 2: The blockchain network has several blockchain consensus accounting nodes. As a blockchain computing node, it is mainly responsible for blockchain transaction access and processing, providing smart contract execution, transaction consensus and Transaction accounting. In the blockchain infrastructure cloud (BaaS)1, the blockchain consensus accounting nodes are all virtual computing nodes.

松散耦合交易圈3：在区块链基础设施云1中，由交易方临时组成的交易圈。进一步的，交易方根据交易需要，任意选择其它交易方组建的临时交易圈，为达成交易，执行局部共识协议，交易数据只存储在交易方所在节点，并不像传统区块链网络那样扩散到全网节点。本松散耦合圈由3个交易方构成：参与人A、参与人B、参与人C。Loosely coupled transaction circle 3: In the blockchain infrastructure cloud 1, a transaction circle temporarily composed of transaction parties. Further, the transaction party arbitrarily selects the temporary trading circle formed by other transaction parties according to the transaction needs. In order to reach a transaction, a local consensus agreement is executed. The transaction data is only stored in the node where the transaction party is located, and does not spread to the traditional blockchain network. Network nodes. This loosely coupled circle consists of three transaction parties: Participant A, Participant B, and Participant C.

松散耦合交易圈4：在区块链基础设施云1中，由交易方临时组成的交易圈。进一步的，交易方根据业务需要，任意选择其它交易方组建的临时交易圈，为达成交易，执行局部共识协议，交易数据只存储在交易方所在节点，并不像传统区块链网络那样扩散到全网节点。本松散耦合圈由3个交易方构成：参与人D、参与人E。Loosely coupled transaction circle 4: In the blockchain infrastructure cloud 1, a transaction circle temporarily composed of transaction parties. Further, according to business needs, the transaction party arbitrarily selects a temporary trading circle formed by other transaction parties. In order to reach a transaction, a partial consensus agreement is executed. The transaction data is only stored in the node where the transaction party is located, and does not spread to the traditional blockchain network. Network nodes. This loosely coupled circle consists of three transaction parties: participant D and participant E.

交易方5：执行区块链共识交易的交易参与方。Transaction party 5: The transaction participant who executes the blockchain consensus transaction.

与传统区块链交易相比，松散耦合交易圈构建在传统区块链网络基础上，无须事先锚定联盟成员以组成相对稳固的网络，且只有交易方所属共识记帐节点存储交易账本，提高了数据存储效率；松散耦合交易还具有交易方式灵活、执行效率高等特点。Compared with traditional blockchain transactions, the loosely coupled transaction circle is built on the basis of the traditional blockchain network, and there is no need to anchor alliance members in advance to form a relatively stable network, and only the consensus accounting node to which the transaction party belongs to store the transaction ledger, improving The data storage efficiency is improved; the loosely coupled transaction also has the characteristics of flexible transaction mode and high execution efficiency.

松散耦合交易圈具有临时性、不确定性、一致性的特点，交易方可以自主选择加入或退出时机，在规模、生存周期、交易类型等存在不确定性，却需要在有限范围内保证群体共识的一致性。随着松散耦合交易圈的建立，参与方的交易数据具有隐私性和保密性，交易数据拥有者允许授权给有权人访问，用户需要通过加密属性及加密策略的验证方可访问数据，同时还要防止合谋，信息泄露，外部攻击等风险。The loosely coupled trading circle has the characteristics of temporality, uncertainty and consistency. The trading parties can choose the timing of joining or withdrawing independently. There are uncertainties in the scale, life cycle, transaction type, etc., but it is necessary to ensure group consensus within a limited range. consistency. With the establishment of a loosely coupled transaction circle, the transaction data of the participants is private and confidential. The transaction data owner is allowed to authorize access to the authorized person. Users need to verify the encryption attributes and encryption policies before they can access the data. To prevent collusion, information leakage, external attacks and other risks.

为此，本发明的核心构思在于通过在松散耦合交易圈的多授权主体中引入CA认证方法，实现证书发放和属性加密(Multi-authority CP-ABE)，实现了松散耦合交易圈中和圈外的多交易方的信息授权和保护，提升了松散耦合交易圈内外的交易数据隐私保护的可靠性和效率。To this end, the core idea of the present invention is to implement certificate issuance and attribute encryption (Multi-authority CP-ABE) by introducing the CA authentication method into the multi-authority subjects of the loosely coupled transaction circle, and to realize the loosely coupled transaction circle in and out of the circle. The information authorization and protection of multiple transaction parties improves the reliability and efficiency of transaction data privacy protection inside and outside the loosely coupled transaction circle.

具体而言，本发明以属性信息作为生成密钥的条件，通过访问节点和共识记账节点生成同一密钥，从而共识记账节点可以自身作为认证中心，来将交易信息分享给访问者，避免其他无权访问的节点访问。Specifically, the present invention uses attribute information as a condition for generating keys, and generates the same key through the access node and the consensus accounting node, so that the consensus accounting node can act as an authentication center to share transaction information with visitors, avoiding the need for Access by other nodes that do not have access.

如图2所示，一种基于松散共识的区块链多中心交易隐私保护示意图包括：交易信息访问者20、松散耦合交易圈21、记帐节点/属性授权中心22、交易参与方23。As shown in FIG. 2 , a schematic diagram of a blockchain multi-center transaction privacy protection based on loose consensus includes: transaction information visitor 20 , loosely coupled transaction circle 21 , accounting node/attribute authorization center 22 , and transaction participants 23 .

交易信息访问者20：执行区块链共识交易的交易参与方，同时也是交易信息的发布者。交易信息访问者20提供属性访问策略Γ所需的属性证明。本例参与方透过区块链共识记账节点/属性授权中心22接入松散耦合交易圈，执行交易，加密、授权交易信息。Transaction information visitor 20: The transaction participant who executes the blockchain consensus transaction and is also the publisher of transaction information. The transaction information visitor 20 provides the attribute proof required by the attribute access policy Γ. In this example, the participants access the loosely coupled transaction circle through the blockchain consensus accounting node/attribute authorization center 22, execute transactions, and encrypt and authorize transaction information.

在一些实施例中，属性信息包括但不限于单位地址、单位名称、单位机构、工作群组以及岗位层级。In some embodiments, the attribute information includes, but is not limited to, unit address, unit name, unit organization, work group, and position level.

属性访问策略Γ可以形式化表示为：The attribute access policy Γ can be formally expressed as:

其中，S₁,S₂,...,S_N表示Γ中数量为N的属性集合，算法对j＝1,2,...,N个属性集合进行遍历，产生N个属性集合的并集。Among them, S ₁ , S ₂ ,...,S _N represent the attribute sets of N in Γ. The algorithm traverses j=1, 2,..., N attribute sets to generate a union of N attribute sets. set.

松散耦合交易圈21：在区块链基础设施云1中，由交易方临时组成的交易圈。交易方根据业务需要，任意选择其它交易方组建的临时交易圈，为达成交易，执行局部共识协议，交易数据只存储在交易方所在节点，并不像传统区块链网络那样扩散到全网节点。Loosely coupled transaction circle 21: In the blockchain infrastructure cloud 1, a transaction circle temporarily composed of transaction parties. The transaction party arbitrarily selects a temporary trading circle formed by other transaction parties according to business needs. In order to achieve a transaction, a local consensus agreement is executed. The transaction data is only stored in the node where the transaction party is located, and does not spread to the entire network like a traditional blockchain network. .

记帐节点/属性授权中心22：负责提供区块链网络区块链共识记帐节点的安全认证，为交易信息提供全局参数GP。执行GlobalSetup()，CreateUser()，CreateAuthority()算法，分别表示初始化，创建用户，创建属性授权中心操作：Accounting node/attribute authorization center 22: Responsible for providing security authentication of blockchain network blockchain consensus accounting nodes, and providing global parameters GP for transaction information. Execute the GlobalSetup(), CreateUser(), CreateAuthority() algorithms, respectively indicating initialization, user creation, and attribute authorization center operations:

Global Setup()算法：用于产生中心CA的公钥和密钥。设e:G₁×G₁→G_T为一个双射关系，G₁表示n阶加法群，G_T表示n阶乘法群。设g∈G为G生成元，随机选取G群的两个元素P,Q∈G，认证中心CA的公钥表示为M_CA＝{G,G_T,e,g,P,e(g,Q)}，密钥表示为S_CA＝Q。Global Setup() algorithm: used to generate the public key and key of the central CA. Let e: G ₁ ×G ₁ →G _T be a bijective relation, G ₁ represents the additive group of order n, and G _T represents the multiplicative group of order n. Let g∈G be the generator of G, randomly select two elements P, Q∈G of the G group, and the public key of the certification center CA is expressed as M _CA ={G,G _T ,e,g,P,e(g, Q)}, the key is denoted as S _CA =Q.

CreateUser()：用于为参与方用户u创建公钥和密钥。设mk_u∈Z_p为加法群Z_p的元素，参与方用户u的公钥

密钥表示为

CreateUser(): Used to create a public key and a secret key for the participant user u. Let mk _u ∈ Z _p be an element of the additive group Z _p , the public key of the participant user u

The key is represented as

CreateAuthority()：用于为属性授权中心提供标准的随机哈希函数H_x:{0,1}^*→Z_p，其返回的值x_a作为属性授权中心的密钥S_a:＝x_a CreateAuthority(): It is used to provide a standard random hash function H _x :{0,1} ^* →Z _p for the attribute authority, and the returned value x _a is used as the key S _a :=x _a of the attribute authority

交易参与方23：执行区块链共识交易的交易参与方，参与方透过区块链共识记账节点/属性授权中心22接入松散耦合交易圈，执行交易，加密、授权交易信息等处理。Transaction participant 23: The transaction participant who executes the blockchain consensus transaction. The participant accesses the loosely coupled transaction circle through the blockchain consensus accounting node/attribute authorization center 22 to execute transactions, encrypt, authorize transaction information and other processing.

下面对本发明的应用进行说明，图4示出了本发明实施例中的区块链的访问授权方法，如图4所示，包括：The application of the present invention is described below. FIG. 4 shows the access authorization method of the blockchain in the embodiment of the present invention, as shown in FIG. 4 , including:

S11：共识记账节点接收交易信息访问请求；所述交易信息访问请求包括访问节点的属性信息；S11: The consensus accounting node receives a transaction information access request; the transaction information access request includes attribute information of the access node;

S12：所述共识记账节点根据所述属性信息生成属性密钥，并利用所述属性密钥对访问的交易信息进行加密，生成交易信息密文；其中所述访问节点基于自身的属性信息生成所述属性密钥；S12: The consensus accounting node generates an attribute key according to the attribute information, and uses the attribute key to encrypt the accessed transaction information to generate transaction information ciphertext; wherein the access node generates an attribute key based on its own attribute information the attribute key;

S13：广播所述交易信息密文，以使所述访问节点利用所述访问节点的属性密钥解密所述交易信息密文，进而得到所述交易信息；其中所述访问节点的属性密钥生成方式与所述共识记账节点的属性密钥生成方式相同。S13: Broadcast the ciphertext of the transaction information, so that the access node decrypts the ciphertext of the transaction information by using the attribute key of the access node to obtain the transaction information; wherein the attribute key of the access node is generated The method is the same as the method of generating the attribute key of the consensus accounting node.

本发明提出的区块链的访问授权方法，通过利用共识记账节点在获得访问节点的属性信息后，根据属性信息生成属性密钥，同时请求访问的访问节点根据自身的属性信息同样可以生成相同的属性密钥，进而通过用自身生成的属性密钥解密共识记账节点加密的交易信息，能够有效解决了数据拥有者有限分享交易信息的安全问题，本发明将数据提供方作为CA证书的提供者，同时作为授权主体设计密文策略，即通过提供基于密文策略的属性策略进行属性加密，信息访问用户通过区块链网络申请访问权,该方法摆脱了对认证中心CA的依赖瓶颈，提高了交易数据的隐私保护的可靠性和效率。The access authorization method of the blockchain proposed by the present invention generates an attribute key according to the attribute information after obtaining the attribute information of the access node by using the consensus accounting node, and the access node requesting access can also generate the same attribute information according to its own attribute information. Then, by decrypting the transaction information encrypted by the consensus accounting node with the attribute key generated by itself, the security problem of limited sharing of transaction information by the data owner can be effectively solved. The present invention uses the data provider as the CA certificate provider. At the same time, as an authorized subject, design a ciphertext strategy, that is, by providing an attribute strategy based on the ciphertext strategy for attribute encryption, information access users apply for access rights through the blockchain network. This method gets rid of the bottleneck of relying on the certification center CA and improves the It improves the reliability and efficiency of privacy protection of transaction data.

可以理解，本发明中的交易信息访问请求包括交易信息的标识，例如交易信息的地址等，即可以通过读取交易信息访问请求来调取对应区块上的交易信息。It can be understood that the transaction information access request in the present invention includes the identifier of the transaction information, such as the address of the transaction information, that is, the transaction information on the corresponding block can be retrieved by reading the transaction information access request.

本发明中，图3示出了一种请求报文格式示意图。In the present invention, FIG. 3 shows a schematic diagram of a request message format.

下面结合具体场景对本发明进行详细说明。The present invention will be described in detail below with reference to specific scenarios.

形成松散耦合交易圈Form a loosely coupled trading circle

一种基于松散共识的区块链多中心交易隐私保护流程图包括步骤如下：A flow chart of blockchain multi-center transaction privacy protection based on loose consensus includes the following steps:

步骤S40：属性授权中心启动初始化程序GlobalSetup()，设G表示一个秩为N的双射群，N＝p₁p₂p₃，其中，p₁,p₂,p₃为3个质数。全局参数GP表示N和

的生成元g₁。同是，引入标准的随机哈希函数H:{0,1}^*→G，实现从全局唯一标识GID到G的影射。形式上有：Step S40: The attribute authorization center starts the initialization procedure GlobalSetup(), and let G represent a bijective group of rank N, N=p ₁ p ₂ p ₃ , where p ₁ , p ₂ , and p ₃ are three prime numbers. The global parameter GP represents N and

The generator g ₁ of . At the same time, the standard random hash function H:{0,1} ^* →G is introduced to realize the mapping from the global unique identifier GID to G. In the form of:

GlobalSetup(λ)→GPGlobalSetup(λ)→GP

其中，λ表示安全参数。GP通过区块链网络分享到其它记账节点。Among them, λ represents the security parameter. GP is shared with other accounting nodes through the blockchain network.

步骤S41：交易数据拥有节点申请成为属性授权中心，执行CreateAuthority()算法，形式化表示为：Step S41: The transaction data owner node applies to become an attribute authorization center, executes the CreateAuthority() algorithm, and is formally expressed as:

CreateAuthority(GID,GP)→PK_GID,SK_GID CreateAuthority(GID,GP)→PK _GID ,SK _GID

该公式输入全局属性GP，输出属性授权中心公钥和私钥对(PK_GID,SK_GID)。对每一个属于授权中心的属性i，随机选择两个数α_i,β_i∈Z作为指数，将公钥PK表示如下：The formula inputs the global attribute GP, and outputs the public and private key pair (PK _GID , SK _GID ) of the attribute authority center. For each attribute i belonging to the authorization center, randomly select two numbers α _i , β _i ∈ Z as exponents, and express the public key PK as follows:

将私钥SK表示如下：The private key SK is represented as follows:

步骤S42：用户u向属性授权中心a申请密钥K_i,GID，执行CreateUser()算法，接受输入(GID，GP，i，SK)，产生用户u关于属性i的密钥K_i,GID，其中GID为用户所属记账节点的全局ID。形式上表示为：Step S42: the user u applies to the attribute authorization center a for the key K _i,GID , executes the CreateUser() algorithm, accepts the input (GID, GP, i, SK), and generates the user u's key K _i,GID about the attribute i, The GID is the global ID of the accounting node to which the user belongs. Formally expressed as:

CreateUser(GID,GP,i,SK)→K_i,GID CreateUser(GID,GP,i,SK)→K _i,GID

属性授权中心为GID的属性i创建密钥，形式上表示为：The attribute authorization center creates a key for the attribute i of the GID, which is expressed in the form:

步骤S43：属性授权中心向用户u提供属性权限验证，数据加密和解密服务：(1)属性权限验证。交易信息访问用户u_g向属性授权中心提交信息访问请求，属性授权中心执行RequestAttribute()算法，验证交易信息请求方是否具备访问权限。若检测失败，返回false。否则向交易信息请求方返回属性密钥S_u，形式上表示为：Step S43: The attribute authorization center provides attribute authority verification, data encryption and decryption services to user u: (1) Attribute authority verification. The transaction information access user _ug submits an information access request to the attribute authorization center, and the attribute authorization center executes the RequestAttribute() algorithm to verify whether the transaction information requester has access rights. Returns false if the detection fails. Otherwise, return the attribute key S _u to the transaction information requester, which is formally expressed as:

(2)数据加密。属性授权中心执行Encrypt(T,Γ,GP,PK_1,GID,PK_2,GID,...,M_n,GID),对交易信息T进行属性加密。所产生的密文T_c形式化表示如下：(2) Data encryption. The attribute authorization center executes Encrypt(T,Γ,GP,PK1 _,GID ,PK2 _,GID ,...,Mn _,GID ) to encrypt the attributes of the transaction information T. The resulting ciphertext T _c is formally expressed as follows:

(3)数据解密。属性授权中心执行Decrypt()解密算法，接收全局参数GP，密文T_C，和属性密钥簇{K_i,GID}(1≤i≤N)，全局标识GID，当属性簇满足属性策略，输出明文T，否则解密失败。(3) Data decryption. The attribute authorization center executes the Decrypt() decryption algorithm, receives the global parameter GP, the ciphertext T _C , and the attribute key cluster {K _i,GID }(1≤i≤N), and the global identifier GID, when the attribute cluster satisfies the attribute policy, Output plaintext T, otherwise decryption fails.

Decrypt(T_c,GP,{K_i,GID})→TDecrypt(T _c ,GP,{K _i,GID })→T

一种松散耦合的区块链多方交易系统解密流程图具体步骤如下：The specific steps of the decryption flow chart of a loosely coupled blockchain multi-party transaction system are as follows:

步骤S50：交易信息访问用户u向所属区块链节点b(同时也是u的属性授权中心)提交访问交易信息T申请，b将访问请求发送给交易信息T所在的属性授权中心a，同时将u的属性信息(u₁,u₂,...,u_n)一起发送给属性授权中心a。Step S50: The transaction information access user u submits an application for accessing the transaction information T to the blockchain node b to which he belongs (which is also the attribute authorization center of u), and b sends the access request to the attribute authorization center a where the transaction information T is located, and at the same time u The attribute information (u ₁ , u ₂ , ..., u _n ) is sent to the attribute authorization center a together.

步骤S51：属性授权中心a执行RequestAttribute()算法，验证交易信息请求方是否具备访问权限(采用AccessTree()访问树算法，不在本发明说明)。若检测失败，返回false。否则产生u的属性密钥SK(a)，SK(a)形式上表示为：Step S51: The attribute authorization center a executes the RequestAttribute() algorithm to verify whether the transaction information requester has the access authority (using the AccessTree() access tree algorithm, which is not described in the present invention). Returns false if the detection fails. Otherwise, the attribute key SK(a) of u is generated, and SK(a) is formally expressed as:

若S_u(a)含有N个属性值，则表示为SK_u(a)＝(SK_u1，SK_u2，...，SK_un)，返回结果通过区块链网络返传给区块链节点b。If S _u (a) contains N attribute values, it is expressed as SK _u (a)=(SK _u1 , SK _u2 , ..., SK _un ), and the returned result is returned to the blockchain node through the blockchain network b.

步骤S52：区块链节点b(同时也是u_g的属性授权中心)执行解密算法Decrypt()，输入参数如下：Decrypt(PK_A,T_C,Γ,SK_u(a))，其中T_C表示密文，S_u(a)为u的属性密钥，形式上为SK_u(a)＝(SK_u1，SK_u2，...，SK_un)，满足AccessTree()访问树算法(不在本发明说明)。则明文T可以表示为如下公式：Step S52: The blockchain node b (which is also the attribute authorization center of _ug ) executes the decryption algorithm Decrypt(), and the input parameters are as follows: Decrypt(PK _A , T _C , Γ, SK _u (a)), where T _C represents Ciphertext, Su (a) is the attribute key of _{u, in the form of SK u} ₍ a)=(SK _u1 , SK _u2 , ..., SK _un ), which satisfies the AccessTree() access tree algorithm (not in the present invention) illustrate). Then the plaintext T can be expressed as the following formula:

其中，

R_j∈Z_p为每个属性策略群组的随机常数。in,

R _j ∈ Z _p is a random constant for each attribute policy group.

一种基于松散共识的区块链多中心交易隐私保护系统交易信息保护流程图，具体步骤如下(假设区块链网络包含4个交易方：A、B、C、D，D不参与松散耦合交易)：A transaction information protection flow chart of a blockchain multi-center transaction privacy protection system based on loose consensus, the specific steps are as follows (assuming that the blockchain network contains 4 transaction parties: A, B, C, D, D does not participate in loosely coupled transactions ):

步骤S600：获取全网最新的版本号v；Step S600: obtain the latest version number v of the entire network;

步骤S601：交易方A通过所在验证节点向交易方B、C发送局部共识请求，因交易方D未松散耦合交易圈，故交易方A所在验证节点不再向交易方D发送松散耦合请求；请求广播消息报文包含目标交易方的地址信息，本例的交易方包括交易方B、C。设P_T表示交易T的松散耦合交易报文，形式上：Step S601: Transaction party A sends a partial consensus request to transaction parties B and C through the verification node where it is located. Since transaction party D is not loosely coupled to the transaction circle, the verification node where transaction party A is located will no longer send loose coupling requests to transaction party D; request The broadcast message contains the address information of the target transaction party, and the transaction parties in this example include transaction parties B and C. Let P _T denote the loosely coupled transaction message of transaction T, in the form:

P_T＝(v,n,(ρ₁,ρ₂,...,ρ_n),...,chksum)P _T =(v,n,(ρ ₁ ,ρ ₂ ,...,ρ _n ),...,chksum)

其中，v是版本号，n是交易方数量，ρ₁,ρ₂,...,ρ_n表示1到n个交易方的id号和IP地址，chksum是校验位。Among them, v is the version number, n is the number of transaction parties, ρ ₁ , ρ ₂ ,...,ρ _n represents the id numbers and IP addresses of 1 to n transaction parties, and chksum is the check digit.

松散耦合交易报文格式如下图所示。The format of the loosely coupled transaction message is shown in the following figure.

步骤S602：交易方A所在验证节点侦听并接收来自交易方A的松散耦合消息请求，并进行消息安全性校验；Step S602: the verification node where the transaction party A is located listens to and receives the loosely coupled message request from the transaction party A, and performs message security verification;

步骤S603：交易方A所在的验证节点解析并提取局部共识交易的消息请求报文，获取松散耦合交易圈的交易方，本例为A、B、C；采用PBFT(拜占庭容错)算法，在A、B、C所在的验证节点中进行交易共识。Step S603: The verification node where the transaction party A is located parses and extracts the message request message of the local consensus transaction, and obtains the transaction parties in the loosely coupled transaction circle, which are A, B, and C in this example; using the PBFT (Byzantine Fault Tolerance) algorithm, in A , B, and C are located in the verification node for transaction consensus.

步骤S604：交易方B所在验证节点侦听并接收来自交易方A的松散耦合消息请求，并进行消息安全性校验；Step S604: The verification node where the transaction party B is located listens to and receives the loosely coupled message request from the transaction party A, and performs message security verification;

步骤S605：交易方B所在的验证节点解析并提取局部共识交易的消息请求报文，获取松散耦合交易圈的交易方，本例为A、B、C；采用PBFT(拜占庭容错)算法，在A、B、C所在的验证节点中进行交易共识。Step S605: The verification node where the transaction party B is located parses and extracts the message request message of the local consensus transaction, and obtains the transaction parties in the loosely coupled transaction circle, which are A, B, and C in this example; using the PBFT (Byzantine Fault Tolerance) algorithm, in A , B, and C are located in the verification node for transaction consensus.

步骤S606：交易方C所在的验证节点侦听并接收来自交易方A的松散耦合消息请求，并进行消息安全性校验；Step S606: the verification node where the transaction party C is located listens to and receives the loosely coupled message request from the transaction party A, and performs message security verification;

步骤S607：交易方C所在的验证节点解析并提取局部共识交易的消息请求报文，获取松散耦合交易圈的交易方，本例为A、B、C；采用PBFT(拜占庭容错)算法，在A、B、C所在的验证节点中进行交易共识。Step S607: The verification node where the transaction party C is located parses and extracts the message request message of the local consensus transaction, and obtains the transaction parties in the loosely coupled transaction circle, which are A, B, and C in this example; using the PBFT (Byzantine Fault Tolerance) algorithm, in A , B, and C are located in the verification node for transaction consensus.

步骤S608：在交易方A所在的验证节点，接收来自其他节点的交易信息，并根据版本号v，对存量的交易进行校验。为了验证交易的正确性，须满足以下关系式：Step S608: At the verification node where the transaction party A is located, the transaction information from other nodes is received, and the existing transaction is verified according to the version number v. In order to verify the correctness of the transaction, the following relationship must be satisfied:

H_v＝TRIE(L_S(Π(σ,β)))H _v =TRIE(L _S (Π(σ,β)))

设T_p表示应用级智能合约交易，T_s表示系统级智能合约交易，扩展得到以下式子：Let T _p represent the application-level smart contract transaction, and T _s represent the system-level smart contract transaction, and the following formula can be obtained by extension:

σ_t+1＝Π(σ_t,B)σ _t+1 =Π(σ _t ,B)

其中，in,

B＝(...,(T_p,1,T_s,1),(T_p,0,T_s,0),...)B=(...,(T _p,1 ,T _s,1 ),(T _p,0 ,T _s,0 ),...)

∏(σ,B)≡Ω(B,γ(γ(σ,(T_p,0,T_s,0)),(T_p,1,T_s,1))...)∏(σ,B)≡Ω(B,γ(γ(σ,(T _p,0 ,T _s,0 )),(T _p,1 ,T _s,1 ))...)

Ω表示最终状态，B表示交易序列，T_p,0,T_p,1分别表示第0，1个应用级智能合约交易序列，T_s,0,T_s,1分别表示第0，1个系统级智能合约交易序列，(T_p,0,T_s,0)表示一个由应用级和系统级智能合约交易构成的组合。Ω represents the final state, B represents the transaction sequence, T _p,0 , T _p,1 represent the 0th and 1st application-level smart contract transaction sequence respectively, T _s,0 ,T _s,1 represent the 0th and 1st system respectively level smart contract transaction sequence, (T _p,0 ,T _s,0 ) represents a combination of application-level and system-level smart contract transactions.

步骤S609：若智能合约认证成功，发送通知广播。Step S609: If the smart contract authentication is successful, send a notification broadcast.

步骤S610：在交易方B所在的验证节点，接收来自其他节点的交易信息，并根据版本号V，对存量的交易进行校验。具体参考步骤S708。Step S610: At the verification node where the transaction party B is located, the transaction information from other nodes is received, and the existing transaction is verified according to the version number V. For details, refer to step S708.

步骤S611：若智能合约认证成功，发送通知广播。Step S611: If the smart contract authentication is successful, send a notification broadcast.

步骤S612：在交易方B所在的验证节点，接收来自其他节点的交易信息，并根据版本号V，对存量的交易进行校验。具体参考步骤S708。Step S612: At the verification node where the transaction party B is located, the transaction information from other nodes is received, and the existing transaction is verified according to the version number V. For details, refer to step S708.

步骤S613：若智能合约认证成功，发送通知广播。Step S613: If the smart contract authentication is successful, send a notification broadcast.

步骤S614：执行GlobalSetup()智能合约，产生全局参数GP，将用户提供公钥、前项区块Hash、当前交易Hash共同形成Hash，同时，检查局部共识消息,在本地存储交易信息。形式上表示为：Step S614: Execute the GlobalSetup() smart contract, generate the global parameter GP, and form a Hash with the public key provided by the user, the previous block Hash, and the current transaction Hash, and at the same time, check the local consensus message and store the transaction information locally. Formally expressed as:

H_V＝kec(PH_V,TH_V,O_u)H _V =kec(PH _V ,TH _V ,O _u )

其中，H_V表示为当前交易的Hash值，kec表示采用keccak-256算法计算的Hash函数，PH_V表示前项区块Hash，TH_V当前交易群组Hash，O_u表示用户公钥(u＝B1)。Among them, H _V represents the Hash value of the current transaction, kec represents the Hash function calculated by the keccak-256 algorithm, PH _V represents the previous block Hash, TH _V represents the current transaction group Hash, and O _u represents the user’s public key (u= B1).

步骤S615：执行GlobalSetup()智能合约，产生全局参数GP，将用户提供公钥、前项区块Hash、当前交易Hash共同形成Hash，同时，检查局部共识消息,在本地存储交易信息。具体参考步骤S614。Step S615: Execute the GlobalSetup() smart contract, generate a global parameter GP, and form a Hash with the public key provided by the user, the previous block Hash, and the current transaction Hash, and at the same time, check the local consensus message and store the transaction information locally. For details, refer to step S614.

步骤S616：执行GlobalSetup()智能合约，产生全局参数GP，将用户提供公钥、前项区块Hash、当前交易Hash共同形成Hash，同时，检查局部共识消息,在本地存储交易信息。具体参考步骤S614。Step S616: Execute the GlobalSetup() smart contract, generate a global parameter GP, form a Hash with the public key provided by the user, the previous block Hash, and the current transaction Hash, and at the same time, check the local consensus message and store the transaction information locally. For details, refer to step S614.

步骤S617：参与方所在的节点，即属性授权中心，负责对参与方的交易信息进行加密处理。具体是执行Encrypt(T,Γ,GP,PK_1,GID,PK_2,GID,...,M_n,GID),对交易信息T进行属性加密。所产生的密文T_c形式化表示如下：Step S617: The node where the participant is located, that is, the attribute authorization center, is responsible for encrypting the transaction information of the participant. Specifically, Encrypt(T,Γ,GP,PK _1,GID ,PK _2,GID ,...,Mn _,GID ) is executed to encrypt the attributes of the transaction information T. The resulting ciphertext T _c is formally expressed as follows:

在本地存储GP及交易信息。Store GP and transaction information locally.

步骤S618：参与方所在的节点，即属性授权中心，负责对参与方的交易信息进行加密处理。具体是执行Encrypt(T,Γ,GP,PK_1,GID,PK_2,GID,...,M_n,GID),对交易信息T进行属性加密。所产生的密文T_c形式化表示如下：Step S618: The node where the participant is located, that is, the attribute authorization center, is responsible for encrypting the transaction information of the participant. Specifically, Encrypt(T,Γ,GP,PK _1,GID ,PK _2,GID ,...,Mn _,GID ) is executed to encrypt the attributes of the transaction information T. The resulting ciphertext T _c is formally expressed as follows:

步骤S619：参与方所在的节点，即属性授权中心，负责对参与方的交易信息进行加密处理。具体是执行Encrypt(T,Γ,GP,PK_1,GID,PK_2,GID,...,M_n,GID),对交易信息T进行属性加密。所产生的密文T_c形式化表示如下：Step S619: The node where the participant is located, that is, the attribute authorization center, is responsible for encrypting the transaction information of the participant. Specifically, Encrypt(T,Γ,GP,PK _1,GID ,PK _2,GID ,...,Mn _,GID ) is executed to encrypt the attributes of the transaction information T. The resulting ciphertext T _c is formally expressed as follows:

在一些实施例中，一种基于松散共识的区块链多中心交易隐私保护系统信息访问授权方法，负责向访问用户提供解密交易信息服务。In some embodiments, a loose consensus-based information access authorization method for a blockchain multi-center transaction privacy protection system is responsible for providing access users with decryption transaction information services.

具体步骤如下：Specific steps are as follows:

步骤S700：访问用户向所属区块链节点提交交易信息访问申请。Step S700: The visiting user submits a transaction information access application to the affiliated blockchain node.

步骤S701：属性授权中心执行算法RequestAttribute()，对访问用户进行权限检查。验证交易信息请求方是否具备访问权限。Step S701: The attribute authorization center executes the algorithm RequestAttribute() to check the authority of the access user. Verify that the transaction information requester has access.

步骤S702：判断算法RequestAttribute()执行情况，若检测失败，返回Null值。否则向交易信息请求方返回属性密钥SK_u，形式上表示为Step S702: Judging the execution of the algorithm RequestAttribute(), and returning a Null value if the detection fails. Otherwise, return the attribute key SK _u to the transaction information requester, which is expressed as

步骤S703：若算法RequestAttribute()返回false，则表明访问用户不具备交易信息访问权限，从而结束本流程。Step S703: If the algorithm RequestAttribute() returns false, it means that the accessing user does not have the transaction information access authority, and the process ends.

步骤S704：若算法RequestAttribute()返回属性密钥S_u，则属性授权中心进一步向交易信息所属的记账节点申请访问交易信息。Step S704: If the algorithm _{RequestAttribute} () returns the attribute key Su, the attribute authorization center further applies to the accounting node to which the transaction information belongs to access the transaction information.

步骤S705：记账节点向属性授权中心返传密文格式的交易信息。Step S705: The accounting node returns the transaction information in ciphertext format to the attribute authorization center.

步骤S706：属性授权中心接收密文格式的交易信息，执行解密算法Decrypt()，生成明文T。输入参数如下：Decrypt(PK_A,T_C,Γ,SK_u(a))，其中T_C表示密文，S_u(a)为u的属性密钥，形式上为SK_u(a)＝(SK_u1，SK_u2，...，SK_un)，满足AccessTree()访问树算法(不在本发明说明)。则明文T可以表示为如下公式：Step S706: The attribute authorization center receives the transaction information in ciphertext format, executes the decryption algorithm Decrypt(), and generates plaintext T. The input parameters are as follows: Decrypt(PK _A ,T _C ,Γ,SK _u (a)), where T _C represents the ciphertext, _Su (a) is the attribute key of u, in the form of SK _u (a)=( SK _u1 , SK _u2 , ..., SK _un ), which satisfy the AccessTree() access tree algorithm (not described in the present invention). Then the plaintext T can be expressed as the following formula:

其中，

R_j∈Z_p为每个属性策略群组的随机常数。in,

R _j ∈ Z _p is a random constant for each attribute policy group.

步骤S707：访问用户接收明文信息T。Step S707: The visiting user receives the plaintext information T.

从上述场景描述可以知晓，本发明通过增强区块中的松散耦合Hash索引，支持交易方所属节点对多个松散耦合交易圈所产生的多重交易进行认证，促进交易的安全性和效率提升。本发明有以下优点：As can be seen from the above scenario description, the present invention supports the nodes belonging to the transaction party to authenticate multiple transactions generated by multiple loosely coupled transaction circles by enhancing the loosely coupled Hash index in the block, thereby promoting the security and efficiency of transactions. The present invention has the following advantages:

1、通过系统级智能合约和应用级智能合约的相互作用，实现交易方在执行基于区块链的交易共识过程中自主锚定任意数量的交易方，形成松散耦合交易圈，提高了交易方自主加入、退出交易的自主性；1. Through the interaction of system-level smart contracts and application-level smart contracts, the transaction parties can independently anchor any number of transaction parties in the process of executing blockchain-based transaction consensus, forming a loosely coupled transaction circle and improving the autonomy of transaction parties. The autonomy to enter and exit transactions;

2、通过引入公共属性参数GP和GID，实现去区块链认证中心CA的中心化认证，实现属性授权中心单级安全认证架构，确保松散耦合交易圈中各参与方物理存储交易信息的同时，摆脱了对认证中心CA的依赖，在提供较高的隐私保护能力的同时，提高了交易信息灵活分享的效率；2. By introducing the public attribute parameters GP and GID, the centralized authentication of the de-blockchain certification center CA is realized, and the single-level security authentication structure of the attribute authorization center is realized to ensure that each participant in the loosely coupled transaction circle physically stores transaction information. Get rid of the dependence on the certification center CA, and improve the efficiency of flexible sharing of transaction information while providing higher privacy protection capabilities;

3、提供了基于松散耦合交易圈的密文策略隐私保护，允许松散耦合交易方根据自身定制安排访问策略，促进交易信息可以在交易圈外分享。同时，通过提供基于版本号的交易群组，使区块链交易网络形成多个并发执行的交易圈，提高了系统灵活性和并发执行效率，有利于高效联盟生态的发展；3. Provides ciphertext policy privacy protection based on loosely coupled trading circles, allowing loosely coupled trading parties to customize access strategies according to their own, and promote transaction information to be shared outside the trading circle. At the same time, by providing transaction groups based on version numbers, the blockchain transaction network can form multiple concurrently executed transaction circles, which improves system flexibility and concurrent execution efficiency, and is conducive to the development of an efficient alliance ecosystem;

4、由于基于版本号的交易群组物理隔离，有效地防范了交易隐私和信息泄露，具有较高的安全性。4. Due to the physical isolation of transaction groups based on version numbers, transaction privacy and information leakage are effectively prevented, and it has high security.

基于相同的发明构思，本发明另一方面提供一种区块链的访问授权方法，包括：Based on the same inventive concept, another aspect of the present invention provides a block chain access authorization method, including:

本发明又一方面提供一种区块链的共识记账节点，如图5所示，包括：Another aspect of the present invention provides a consensus accounting node of a blockchain, as shown in FIG. 5 , including:

访问请求接收模块11，共识记账节点接收交易信息访问请求；所述交易信息访问请求包括访问节点的属性信息；The access request receiving module 11, the consensus accounting node receives the transaction information access request; the transaction information access request includes the attribute information of the access node;

属性密钥生成模块12，所述共识记账节点根据所述属性信息生成属性密钥，并利用所述属性密钥对访问的交易信息进行加密，生成交易信息密文；其中所述访问节点基于自身的属性信息生成所述属性密钥；Attribute key generation module 12, the consensus accounting node generates an attribute key according to the attribute information, and uses the attribute key to encrypt the accessed transaction information to generate a transaction information ciphertext; wherein the access node is based on own attribute information to generate the attribute key;

交易信息密文广播模块13，广播所述交易信息密文，以使所述访问节点利用所述访问节点的属性密钥解密所述交易信息密文，进而得到所述交易信息；其中所述访问节点的属性密钥生成方式与所述共识记账节点的属性密钥生成方式相同。The transaction information ciphertext broadcasting module 13 broadcasts the transaction information ciphertext, so that the access node decrypts the transaction information ciphertext by using the attribute key of the access node, and then obtains the transaction information; wherein the access node The method of generating the attribute key of the node is the same as the method of generating the attribute key of the consensus accounting node.

从硬件层面来说，为了解决合约容器间缓存数据的一致性问题，本发明提供一种用于实现所述区块链交易处理方法中的全部或部分内容的电子设备的实施例，所述电子设备具体包含有如下内容：From a hardware perspective, in order to solve the problem of consistency of cached data between contract containers, the present invention provides an embodiment of an electronic device for implementing all or part of the content in the blockchain transaction processing method. The equipment specifically includes the following:

处理器(processor)、存储器(memory)、通信接口(Communications Interface)和总线；其中，所述处理器、存储器、通信接口通过所述总线完成相互间的通信；所述通信接口用于实现服务器、装置、分布式消息中间件集群装置、各类数据库以及用户终端等相关设备之间的信息传输；该电子设备可以是台式计算机、平板电脑及移动终端等，本实施例不限于此。在本实施例中，该电子设备可以参照实施例中的区块链交易处理方法的实施例，以及，区块链交易处理装置的实施例进行实施，其内容被合并于此，重复之处不再赘述。A processor, a memory, a Communications Interface and a bus; wherein, the processor, the memory, and the communication interface communicate with each other through the bus; the communication interface is used to implement a server, Information transmission between devices, distributed message middleware cluster devices, various databases, user terminals and other related devices; the electronic device may be a desktop computer, a tablet computer, a mobile terminal, etc., and this embodiment is not limited thereto. In this embodiment, the electronic device can be implemented with reference to the embodiment of the blockchain transaction processing method and the embodiment of the blockchain transaction processing apparatus, the contents of which are incorporated herein, and the repetition is not repeated. Repeat.

图6为本发明实施例的电子设备9600的系统构成的示意框图。如图6所示，该电子设备9600可以包括中央处理器9100和存储器9140；存储器9140耦合到中央处理器9100。值得注意的是，该图6是示例性的；还可以使用其他类型的结构，来补充或代替该结构，以实现电信功能或其他功能。FIG. 6 is a schematic block diagram of a system configuration of an electronic device 9600 according to an embodiment of the present invention. As shown in FIG. 6 , the electronic device 9600 may include a central processing unit 9100 and a memory 9140 ; the memory 9140 is coupled to the central processing unit 9100 . Notably, this FIG. 6 is exemplary; other types of structures may be used in addition to or in place of this structure to implement telecommunication functions or other functions.

一实施例中，区块链交易处理功能可以被集成到中央处理器9100中。例如，中央处理器9100可以被配置为进行如下控制：In one embodiment, the blockchain transaction processing functionality may be integrated into the central processing unit 9100. For example, the central processing unit 9100 may be configured to control the following:

S1：获取当前交易请求报文对应的最新版本号，每个版本号与一松散耦合交易圈一一对应，所述松散耦合交易圈，所述松散耦合交易圈包括多个交易节点，每个交易节点对应的容器内部署有应用级智能合约和松散耦合共识智能合约，所述松散耦合共识智能合约用于通过共识确定所述松散耦合交易圈；S1: Obtain the latest version number corresponding to the current transaction request message, each version number corresponds one-to-one with a loosely coupled transaction circle, the loosely coupled transaction circle includes a plurality of transaction nodes, each transaction An application-level smart contract and a loosely coupled consensus smart contract are deployed in the container corresponding to the node, and the loosely coupled consensus smart contract is used to determine the loosely coupled trading circle through consensus;

S2：若自身属于所述最新版本号对应的松散耦合交易圈内的节点，与处于所述松散耦合交易圈内的其他交易节点共同对当前交易执行共识；S2: If it belongs to the node in the loosely coupled trading circle corresponding to the latest version number, execute consensus on the current transaction with other trading nodes in the loosely coupled trading circle;

S3：若共识通过，调用所述应用级智能合约执行所述当前交易；并将交易数据写入对应区块的交易数据集，所述区块还包括：hash索引集以及交易hash集，所述hash索引集包括上一区块中每个版本号对应的交易群组hash值，所述交易hash集包括当前区块中每个版本号对应的交易群组hash值；S3: If the consensus is passed, call the application-level smart contract to execute the current transaction; and write the transaction data into the transaction data set of the corresponding block, the block further includes: a hash index set and a transaction hash set, the The hash index set includes the transaction group hash value corresponding to each version number in the previous block, and the transaction hash set includes the transaction group hash value corresponding to each version number in the current block;

S4：根据当前交易的hash值和hash索引集中上一区块对应最新版本的交易群组hash值，计算得到当前区块所述交易hash集中对应最新版本号的交易群组hash值。S4: According to the hash value of the current transaction and the hash value of the transaction group corresponding to the latest version of the previous block in the hash index set, calculate the hash value of the transaction group corresponding to the latest version number in the transaction hash set of the current block.

从上述描述可知，本发明的实施例提供的电子设备，支持交易方在交易的过程中自主锚定任意数量的参与者，形成松散耦合交易圈，并通过松散耦合智能合约和应用级智能合约的相互作用确保交易共识限制在松散耦合交易圈的范围内执行。本方法提高了交易方的自主性和共识效率，并且通过增强区块中的松散耦合Hash索引，支持交易方所属节点对多个松散耦合交易圈所产生的多重交易进行认证，促进交易的安全性和效率提升。It can be seen from the above description that the electronic device provided by the embodiment of the present invention supports the transaction party to anchor any number of participants autonomously in the transaction process, forming a loosely coupled transaction circle, and through the loosely coupled smart contract and the application-level smart contract. Interactions ensure that transaction consensus limits are enforced within the confines of loosely coupled transaction circles. This method improves the autonomy and consensus efficiency of the transaction party, and supports the nodes belonging to the transaction party to authenticate multiple transactions generated by multiple loosely coupled transaction circles by enhancing the loosely coupled Hash index in the block, thereby promoting transaction security. and efficiency improvements.

在另一个实施方式中，区块链交易处理装置可以与中央处理器9100分开配置，例如可以将区块链交易处理配置为与中央处理器9100连接的芯片，通过中央处理器的控制来实现区块链交易处理功能。In another embodiment, the blockchain transaction processing device can be configured separately from the central processing unit 9100. For example, the blockchain transaction processing device can be configured as a chip connected to the central processing unit 9100, and the region can be realized through the control of the central processing unit. Blockchain transaction processing capabilities.

如图6所示，该电子设备9600还可以包括：通信模块9110、输入单元9120、音频处理器9130、显示器9160、电源9170。值得注意的是，电子设备9600也并不是必须要包括图6中所示的所有部件；此外，电子设备9600还可以包括图6中没有示出的部件，可以参考现有技术。As shown in FIG. 6 , the electronic device 9600 may further include: a communication module 9110 , an input unit 9120 , an audio processor 9130 , a display 9160 , and a power supply 9170 . It is worth noting that the electronic device 9600 does not necessarily include all the components shown in FIG. 6 ; in addition, the electronic device 9600 may also include components not shown in FIG. 6 , and reference may be made to the prior art.

如图6所示，中央处理器9100有时也称为控制器或操作控件，可以包括微处理器或其他处理器装置和/或逻辑装置，该中央处理器9100接收输入并控制电子设备9600的各个部件的操作。As shown in FIG. 6, the central processing unit 9100, also sometimes referred to as a controller or operational control, may include a microprocessor or other processor device and/or logic device, the central processing unit 9100 receives input and controls various aspects of the electronic device 9600 component operation.

其中，存储器9140，例如可以是缓存器、闪存、硬驱、可移动介质、易失性存储器、非易失性存储器或其它合适装置中的一种或更多种。可储存上述与失败有关的信息，此外还可存储执行有关信息的程序。并且中央处理器9100可执行该存储器9140存储的该程序，以实现信息存储或处理等。The memory 9140, for example, may be one or more of a cache, a flash memory, a hard drive, a removable medium, a volatile memory, a non-volatile memory or other suitable devices. The above-mentioned information related to the failure can be stored, and a program executing the related information can also be stored. And the central processing unit 9100 can execute the program stored in the memory 9140 to realize information storage or processing.

输入单元9120向中央处理器9100提供输入。该输入单元9120例如为按键或触摸输入装置。电源9170用于向电子设备9600提供电力。显示器9160用于进行图像和文字等显示对象的显示。该显示器例如可为LCD显示器，但并不限于此。The input unit 9120 provides input to the central processing unit 9100 . The input unit 9120 is, for example, a key or a touch input device. The power supply 9170 is used to provide power to the electronic device 9600 . The display 9160 is used for displaying display objects such as images and characters. The display can be, for example, but not limited to, an LCD display.

该存储器9140可以是固态存储器，例如，只读存储器(ROM)、随机存取存储器(RAM)、SIM卡等。还可以是这样的存储器，其即使在断电时也保存信息，可被选择性地擦除且设有更多数据，该存储器的示例有时被称为EPROM等。存储器9140还可以是某种其它类型的装置。存储器9140包括缓冲存储器9141(有时被称为缓冲器)。存储器9140可以包括应用/功能存储部9142，该应用/功能存储部9142用于存储应用程序和功能程序或用于通过中央处理器9100执行电子设备9600的操作的流程。The memory 9140 may be solid state memory such as read only memory (ROM), random access memory (RAM), SIM card, and the like. There may also be memories that retain information even when powered off, selectively erased and provided with more data, examples of which are sometimes referred to as EPROMs or the like. Memory 9140 may also be some other type of device. Memory 9140 includes buffer memory 9141 (sometimes referred to as a buffer). The memory 9140 may include an application/function storage part 9142 for storing application programs and function programs or for performing operations of the electronic device 9600 through the central processing unit 9100 .

存储器9140还可以包括数据存储部9143，该数据存储部9143用于存储数据，例如联系人、数字数据、图片、声音和/或任何其他由电子设备使用的数据。存储器9140的驱动程序存储部9144可以包括电子设备的用于通信功能和/或用于执行电子设备的其他功能(如消息传送应用、通讯录应用等)的各种驱动程序。The memory 9140 may also include data storage 9143 for storing data such as contacts, digital data, pictures, sounds and/or any other data used by the electronic device. The driver storage section 9144 of the memory 9140 may include various drivers of the electronic device for communication functions and/or for executing other functions of the electronic device (eg, a messaging application, a contact book application, etc.).

通信模块9110即为经由天线9111发送和接收信号的发送机/接收机9110。通信模块(发送机/接收机)9110耦合到中央处理器9100，以提供输入信号和接收输出信号，这可以和常规移动通信终端的情况相同。The communication module 9110 is the transmitter/receiver 9110 that transmits and receives signals via the antenna 9111 . A communication module (transmitter/receiver) 9110 is coupled to the central processing unit 9100 to provide input signals and receive output signals, as may be the case with conventional mobile communication terminals.

基于不同的通信技术，在同一电子设备中，可以设置有多个通信模块9110，如蜂窝网络模块、蓝牙模块和/或无线局域网模块等。通信模块(发送机/接收机)9110还经由音频处理器9130耦合到扬声器9131和麦克风9132，以经由扬声器9131提供音频输出，并接收来自麦克风9132的音频输入，从而实现通常的电信功能。音频处理器9130可以包括任何合适的缓冲器、解码器、放大器等。另外，音频处理器9130还耦合到中央处理器9100，从而使得可以通过麦克风9132能够在本机上录音，且使得可以通过扬声器9131来播放本机上存储的声音。Based on different communication technologies, multiple communication modules 9110 may be provided in the same electronic device, such as a cellular network module, a Bluetooth module, and/or a wireless local area network module. The communication module (transmitter/receiver) 9110 is also coupled to the speaker 9131 and the microphone 9132 via the audio processor 9130 to provide audio output via the speaker 9131 and to receive audio input from the microphone 9132 for general telecommunication functions. Audio processor 9130 may include any suitable buffers, decoders, amplifiers, and the like. In addition, the audio processor 9130 is also coupled to the central processing unit 9100, thereby enabling recording on the local unit through the microphone 9132, and enabling playback of the sound stored on the local unit through the speaker 9131.

本发明的实施例还提供能够实现上述实施例中的区块链交易处理方法中全部步骤的一种计算机可读存储介质，所述计算机可读存储介质上存储有计算机程序，该计算机程序被处理器执行时实现上述实施例中区块链交易处理方法的全部步骤。Embodiments of the present invention also provide a computer-readable storage medium capable of implementing all the steps in the blockchain transaction processing method in the above-mentioned embodiments, where a computer program is stored on the computer-readable storage medium, and the computer program is processed When the server is executed, all steps of the blockchain transaction processing method in the above embodiment are implemented.

从上述描述可知，本发明的实施例提供的计算机可读存储介质，支持交易方在交易的过程中自主锚定任意数量的参与者，形成松散耦合交易圈，并通过松散耦合智能合约和应用级智能合约的相互作用确保交易共识限制在松散耦合交易圈的范围内执行。本方法提高了交易方的自主性和共识效率，并且通过增强区块中的松散耦合Hash索引，支持交易方所属节点对多个松散耦合交易圈所产生的多重交易进行认证，促进交易的安全性和效率提升。It can be seen from the above description that the computer-readable storage medium provided by the embodiments of the present invention supports the transaction party to independently anchor any number of participants in the transaction process, so as to form a loosely coupled transaction circle, and through loosely coupled smart contracts and application-level The interaction of smart contracts ensures that transaction consensus is restricted to execute within the confines of loosely coupled transaction circles. This method improves the autonomy and consensus efficiency of the transaction party, and supports the nodes belonging to the transaction party to authenticate multiple transactions generated by multiple loosely coupled transaction circles by enhancing the loosely coupled Hash index in the block, thereby promoting transaction security. and efficiency improvements.

本领域内的技术人员应明白，本发明的实施例可提供为方法、装置、或计算机程序产品。因此，本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且，本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

本发明是参照根据本发明实施例的方法、设备(装置)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器，使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (apparatus), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block in the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to the processor of a general purpose computer, special purpose computer, embedded processor or other programmable data processing device to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing device produce Means for implementing the functions specified in a flow or flow of a flowchart and/or a block or blocks of a block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中，使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品，该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory result in an article of manufacture comprising instruction means, the instructions The apparatus implements the functions specified in the flow or flow of the flowcharts and/or the block or blocks of the block diagrams.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上，使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理，从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded on a computer or other programmable data processing device to cause a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process such that The instructions provide steps for implementing the functions specified in the flow or blocks of the flowcharts and/or the block or blocks of the block diagrams.

本发明中应用了具体实施例对本发明的原理及实施方式进行了阐述，以上实施例的说明只是用于帮助理解本发明的方法及其核心思想；同时，对于本领域的一般技术人员，依据本发明的思想，在具体实施方式及应用范围上均会有改变之处，综上所述，本说明书内容不应理解为对本发明的限制。In the present invention, the principles and implementations of the present invention are described by using specific embodiments, and the descriptions of the above embodiments are only used to help understand the method and the core idea of the present invention; The idea of the invention will have changes in the specific implementation and application scope. To sum up, the content of this specification should not be construed as a limitation to the present invention.

Claims

1. A method for access authorization of a blockchain, comprising:

the consensus accounting node receives a transaction information access request; the transaction information access request comprises attribute information of an access node;

the consensus accounting node generates an attribute key according to the attribute information, encrypts accessed transaction information by using the attribute key and generates a transaction information ciphertext; wherein the access node generates the attribute key based on its own attribute information;

broadcasting the transaction information ciphertext to enable the access node to decrypt the transaction information ciphertext by using the attribute key of the access node, so as to obtain the transaction information; and generating the attribute key of the access node in the same way as the attribute key of the consensus accounting node.

2. The access authorization method according to claim 1, characterized in that the transaction information access request further comprises security authentication information;

before generating an attribute key according to the attribute information, the access authorization method further includes:

and verifying the security authentication information in the transaction information access request, and if the transaction information access request passes the verification, generating an attribute key according to the attribute information.

3. The access authorization method according to claim 1, further comprising:

a plurality of loosely coupled trading circles are established and each loosely coupled trading circle is uniquely identified with a version number.

4. The access authorization method according to claim 3, characterized in that establishing a loosely coupled transaction circle and uniquely identifying the corresponding loosely coupled transaction circle with a version number comprises:

broadcasting the loosely coupled transaction request so that each transaction node judges whether the transaction node is a node in a loosely coupled transaction circle according to the received loosely coupled transaction request; the loosely coupled transaction request includes a unique version number;

receiving a notification response message which is sent by a non-self transaction node and achieves loose coupling together with other nodes which judge that the self belongs to the loose coupling transaction circle;

and sending version number application success confirmation information and broadcasting the version number together with other nodes which judge that the nodes belong to the loose coupling trading circle so as to inform non-self nodes in the loose coupling trading circle.

5. The access authorization method according to claim 4, characterized in that the loosely coupled transaction request further comprises transaction node address information; each transaction node judges whether the transaction node is a node in a loose coupling transaction circle according to the received loose coupling transaction request, and the method comprises the following steps:

each transaction node judges whether the address information of the transaction node is included in the address information in the loosely coupled transaction request, and if the address information is included in the address information, the transaction node is determined to be a node in a loosely coupled transaction circle.

6. The access authorization method according to claim 2, characterized in that each consensus node corresponds to a node unique identifier; the generating an attribute key according to the attribute information includes:

and generating the attribute key according to the attribute information, the corresponding node unique identifier and the safety authentication information.

7. A method for access authorization of a blockchain, comprising:

the access node sends a transaction information access request to a consensus accounting node in the block chain; the transaction information access request comprises attribute information of an access node;

receiving a transaction information ciphertext sent by the consensus accounting node; the transaction information ciphertext is obtained by the consensus accounting node generating an attribute key according to the attribute information and encrypting accessed transaction information by using the attribute key;

decrypting the transaction information ciphertext by using the attribute key of the access node to obtain the transaction information; and generating the attribute key of the access node in the same way as the attribute key of the consensus accounting node.

8. A method for granting access to a blockchain, comprising:

the access node sends a transaction information access request to the consensus accounting node; the transaction information access request comprises attribute information of an access node;

the consensus accounting node generates an attribute key according to the attribute information, encrypts accessed transaction information by using the attribute key to generate a transaction information ciphertext and broadcasts the transaction information ciphertext;

the access node receives the transaction information ciphertext sent by the consensus accounting node, decrypts the transaction information ciphertext by using the attribute key of the access node, and further obtains the transaction information; and generating the attribute key of the access node in the same way as the attribute key of the consensus accounting node.

9. A block chain common-identity accounting node, comprising:

the access request receiving module is used for receiving the transaction information access request by the consensus accounting node; the transaction information access request comprises attribute information of an access node;

the attribute key generation module is used for generating an attribute key by the consensus accounting node according to the attribute information, encrypting the accessed transaction information by using the attribute key and generating a transaction information ciphertext; wherein the access node generates the attribute key based on its own attribute information;

the transaction information ciphertext broadcasting module is used for broadcasting the transaction information ciphertext to enable the access node to decrypt the transaction information ciphertext by using the attribute key of the access node so as to obtain the transaction information; and generating the attribute key of the access node in the same way as the attribute key of the consensus accounting node.

10. An access node of a blockchain, comprising:

the access request sending module is used for sending a transaction information access request to the consensus accounting node in the block chain by the access node; the transaction information access request comprises attribute information of an access node;

the transaction information ciphertext receiving module is used for receiving the transaction information ciphertext transmitted by the consensus accounting node; the transaction information ciphertext is obtained by the consensus accounting node generating an attribute key according to the attribute information and encrypting accessed transaction information by using the attribute key;

the decryption module is used for decrypting the transaction information ciphertext by using the attribute key of the access node so as to obtain the transaction information; and generating the attribute key of the access node in the same way as the attribute key of the consensus accounting node.

11. A system for granting access to a blockchain, comprising: the method comprises the steps of identifying a bookkeeping node and an access node;

12. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method for access authorization of a block chain according to any of claims 1 to 8 when executing the program.

13. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out a method for access authorization of a block chain according to any one of claims 1 to 8.