CN112801778A - Federated bad asset blockchain - Google Patents

Abstract

The invention discloses a alliance type poor-quality resource block chain and a storage, privacy protection and consensus method based on the block chain. The method comprises the following steps: (1) a storage method for storing a hash value of the picture data on the link; (2) the privacy protection method for controlling access authority and data hiding comprises a privacy protection model for controlling organization to access authority of each database and a privacy data protection method based on CES, and the hidden privacy data which is selectively signed and can be verified is extracted through content; (3) the method comprises the following steps of controlling Leader election by setting Listener based on a VRF Fabric consensus optimization scheme; the invention has the advantages that: the method solves the problems of information asymmetry and efficiency of the market of the poor assets, ensures the privacy and safety of the transaction of the poor assets, improves the Fabric consensus, and can improve the safety and the resource utilization rate of the Fabric consensus.

Description

Federated bad asset blockchain

Technical Field

The invention relates to a block chain, in particular to a alliance type poor resource block chain and a storage, privacy protection and consensus method based on the block chain, and belongs to the field of block chains.

Background

The poor assets mainly refer to financial assets which are generated in the process of credit business development of a financial institution and cannot bring normal interest income or even recover principal money. Most of the bad assets in China come from banking financial institutions and national enterprises, are transferred to nationally owned Asset Management Companies (AMC) such as Hua-Tu, Changchun and the like, and are handled by the AMC. In a first-class market of bad asset trading, a bank sells bad assets as bad asset owners, and AMC purchases bad assets as bad asset disposers, and the financial trading is often realized based on an Internet platform. Under the financial mode of 'internet +', a bank carries out due diligence investigation on network information collected by the poor assets, estimates the value of the poor assets based on investigation results and determines auction prices of the poor assets; AMC needs to perform secondary exhaustive tuning on the bad assets in order to determine their true value, and finally proposes an auction price.

Because the internet has the problems of easy data leakage, easy outdating and easy malicious tampering, an information sharer is reluctant to share the core data of bad assets, and an information collector cannot acquire time-efficient perfect information. On an internet platform, the AMC and a bank have a serious information asymmetry problem, the AMC must perform sufficient secondary dispatching on the poor assets, and therefore the efficiency of market transaction is greatly reduced, capital circulation of the poor asset market is slow, and the transaction period is long. In recent years, the market scale of the poor assets is continuously improved, the national financial safety is affected, the traditional inefficient trading method cannot meet the market demand, and a safe and efficient poor asset trading method must be provided to ensure that the capability of the market for digesting the poor assets is greater than the capability of the market for generating the poor assets.

Disclosure of Invention

The invention aims to design a alliance type bad asset block chain and a storage, privacy protection and consensus method based on the block chain so as to solve the problems of information asymmetry and efficiency in bad asset transaction. On one hand, the invention ensures safe and credible transaction and evidence storage of the bad assets by the property of the block chain; on the other hand, the lightweight storage of the alliance chain is ensured through the data storage in a chain uplink and downlink mode, and the privacy safety is ensured through the design of a private information protection model and a privacy data protection method based on CES; while an improved blockchain consensus is designed for the characteristics of the bad asset transaction.

The technical scheme of the invention is as follows:

a federated undesirable asset blockchain system, the transaction flow of which is as follows:

s1, data processing

Large file data such as pictures of bad asset packs are firstly stored in a distributed database and are stored on a block chain after hash processing; the due diligence professional organization signs the due diligence information of the undesirable asset by using a content extraction signature algorithm, then sends the signature to a bank, the bank can hide the sensitive full-call information and generate an effective extraction signature, and finally sends the desensitized full-call information to the AMC requesting access;

s2, constructing bad asset pack block

In the present invention, the block stores bad asset pack information, which comprises the following data structures:

public information: recording basic information such as asset package names and asset lists and large file data subjected to hash processing;

private information: storing desensitized due diligence information and bidding information of each organization;

auction information: storing information such as the lowest bargaining price, auction ending time, auction state and the like, updating auction information after the auction state of the asset pack is confirmed, storing the updated auction information as public information in a new block, and providing data evidence;

s3, participating in bidding

Each AMC may participate in the auction before the end time of the portfolio auction, after submitting bids, the bid information will restrict access as private information; the bank can inquire the bidding of all organizations, and the AMC cannot inquire the bidding information of other organizations; the protection mechanism of the private information ensures privacy security in the transaction of the bad assets;

s4, inquiring the bad asset package information

The bank as the publisher of the bad asset pack has the highest authority to the asset pack; each AMC has the authority of accessing the public information of the bad asset pack, and when inquiring the private information of the asset pack, an application needs to be sent to a bank, and the private information of the asset pack can be accessed after the authorization of the bank is obtained;

s5, auction information uplink

When the auction of the asset pack is finished, the maximum bidding needs to be obtained so as to confirm the final transaction state; if the maximum bid price is lower than the minimum bargaining price, the transaction is regarded as failed, otherwise, the transaction is regarded as successful, and the bidders and the bargaining price of the asset package are updated; at this time, a new block is generated, and the updated bad asset pack is recorded;

the block chain of the alliance type poor assets unites organizations with the purchase qualification of the poor assets, and joint credit investigation and auditable poor asset transaction recording are provided through the block chain technology; in the invention, the bank can self-define the public information and the private information, thereby avoiding the situation that the information of the bad assets is excessively leaked; AMC can obtain the due diligence report provided by the bank, thus greatly reducing the resource waste of secondary exhaustion; in addition, the bidding information of the AMC can not be stolen by other AMCs, the privacy and the safety of transaction are ensured, and the bad asset package information stored in the block chain forms an audit evidence after shooting, so that the data counterfeiting risk is greatly improved.

The S1 is a privacy data protection method based on CES, the invention designs a privacy data protection method based on CES, privacy data protection in bad asset transaction is creatively realized through CES, protection of data is considered while an access control mechanism is realized, and the privacy data protection method based on CES comprises the following steps:

step 1: generating a key of the Client node; in a framework of privacy data protection, all Client nodes are divided into three roles of a data Provider, a data owner Bank and a data user AMC, and all Client nodes need to generate public keys and private keys, and the specific process is as follows:

(1) the certificate authority selects a large prime number p, in Z_pSelecting an original root g of a prime number p in the range (if i is not equal to j, and p is a prime number, g isⁱ(mod p)≠g^j(mod p)), a hash function H: {0,1} → Z is defined_p；

(2) The Client node selects a random number sk belonging to Z_pAs private key, calculate w = g^sk(mod p), public key pk = { p, g, w };

step 2: the Provider signs the information; the Provider signs the message as the basis for other nodes to verify the accuracy of the message, and the signing and encrypting processes are as follows:

(1) splitting information M to be signed into a plurality of pieces of sub information, namely M = M₁,m₂,…m_nDividing into debtor information, debtor right information, deposit information and complaint information in bad asset transaction, setting CEAS for defining content extraction attribute of each sub-information, if CEAS is used_i=0, indicating that the bank can hide the sub information;

(2) selecting a random number t ∈ Z_p-1Calculate r = g^t(mod p), for any m_iE.g. M, calculate V_i=H(m_i,CEAS_i,r) Calculating σ_i=(V_i-sk*r)*k^-1(mod p-1), and finally, the signature σ is generated_full=<CEAS,r,Conc_i∈[1,n]=σ_i>，Conc_i∈[1,n]=σ_iMeans that all σ is sequentially applied from 1 to n_iConnecting;

(3) uploading each sub-message to a kv database, and setting key as Provider + V_iValue is m_i；

(4) Finally, executing encryption operation, and using symmetric key KP pair by Provider<σ_full, Conc_i∈[1,n]=V_i>Symmetric encryption is carried out, and then the public key pkB of the Bank is utilized to carry out K pair_PEncryption to ensure that only the corresponding bank can solveAnd encrypting the information, and finally sending two encrypted information to a Bank by the Provider: info = { Ekp (σ)_full, Conc_i∈[1,n]=V_i),E_pkB(KP)}；

Step 3: bank extraction signature

The Bank firstly decrypts the received information, then verifies the signature of the Provider, ensures the correctness of the signature, finally generates an extracted signature, and realizes the selective hiding of the private information; the specific process is as follows:

(1) bank uses its own private key to decrypt E_pkB(K_P) To obtain K_PBy using K_PDecryption E_kp(σ_full, Conc_i∈[1,n]=V_i) To obtain<σ_full, Conc_i∈[1,n]=V_i >；

(2) By judging w^r*r^σi = g^Vi(mod p) is satisfied, and σ is judged_fullEach sigma of_iWhether or not it is correct, thereby determining σ_fullWhere { p, g, w } is the public key of Provider, and w^r*r^σi = g^sk*r*g^t*σi = g^sk*r+t*σi = g^Vi；

(3) Bank self-defining extractable message set ANS based on CEAS content, if CEAS_i=1,ANS_i=1 if CEAS_i=0,ANS_i=0 or 1, an extractable set of messages M' is obtained from the kv database according to ANS;

(4) generating an extraction signature σ_Ext=<ANS,σ_full>Finally, encryption is carried out, and a symmetric key K is used by a Bank_BTo pair<σ_Ext, M′>Symmetric encryption is performed, and then the KB is encrypted by using the public key pkA of the AMC, so that only the corresponding AMC can decrypt the information, and finally the Bank sends two encrypted information to the AMC: info = { E =_kB(σ_Ext, M′),E_pkA(K_B)}。

Step 4: AMC verification signature

AMC, after obtaining the encrypted information of Bank, it will decrypt it and verify the extracted signature, if the extracted signature is correct, it will be considered that the correct message M' is received, the specific process is as follows:

(1) AMC decrypts E using its own private key_pkA(K_B) To obtain K_BBy using K_BDecryption E_kB(σ_ExtM') obtaining<σ_Ext, M′>；

(2) Firstly, the correctness of ANS is verified if CEAS_i=1，ANS_iIf not, the ANS is illegal and refuses to receive the message;

(3) second, for any m_jE.g. M', calculate V_j=H(m_j,CEAS_j,r) And judge w^r*r^σj = g^Vj(mod p) is true;

(4) if σ_fullThe AMC considers that the valid information M 'without tampering is received, and M' is the result after the Bank selectively hides the privacy data from the original information M in the scope allowed by the Provider.

The privacy data protection method based on CES of S1 ensures that due diligence professional organization, bank and AMC three parties can transmit due diligence information under mutual verification; in the information transmission process, the bank can verify the signature of the due diligence professional organization and can selectively hide part of private data within the range allowed by the due diligence professional organization; the AMC can verify the extracted signature of the bank, so as to receive the legitimate due diligence investigation information without tampering.

S2 is a storage method based on the block chain, and light weight storage of the block chain is achieved by storing large files on and off the chain aiming at the characteristic that bad assets contain large files.

A bad data package often contains a plurality of GB picture information, if pictures are directly stored in blocks without being processed, the endorsement confirmation time can be prolonged, and the maximum transaction number which can be contained by the blocks can be greatly reduced; in the invention, a bank stores picture source data into a file storage service, the service supports file access through hash and provides service for an external network by adopting an HTTP protocol, and the hash value of a large file is stored on a block chain; AMC obtains the asset packet data through the block chain network, obtains the image hash value of the asset packet at the business logic layer and obtains the source file from the file storage service of the bank, on one hand, the safe transmission of the large file is ensured, and the pressure of the block chain network is reduced; on the other hand, pictures can be kept in the block chain for forensics.

The S3 is a privacy protection model, and the invention further ensures privacy security in bad asset transaction by controlling the access authority of the blockchain network nodes.

The principle of the private information protection model is that different access rights are divided for different data structures, and a bank controls the access rights of private information; the transaction related to the private information stores the original transaction text in a side database, the key and the value of the private information are processed by using a hash function, the private information is not sent to other unorthodox points, the bids of AMCs on an asset package are concealed mutually, a bank can see all the bidding data, and the private information is protected.

The privacy protection comprises two parts, namely a 'CES-based privacy data protection method' and a 'privacy protection model'.

Compared with Bitcoin and Ethereum technologies, the alliance chain is realized based on the Fabric, the Fabric has an admission qualification authorization mechanism, a token mechanism is cancelled, an intelligent contract can be written by almost any high-level language, and the alliance chain is more suitable for realizing financial services. In addition, based on the Fabric application improved Raft consensus protocol, the method supports that less than half of nodes in the network can still work normally when being crashed, and meanwhile, each Peer node in the network is deployed with an intelligent contract, so that higher degree of crash fault tolerance is ensured.

Verifiable random functions are a type of pseudo-random function having a verification function by which a verifier can verify whether a random number was generated by a publisher without having knowledge of the publisher's private key.

The Fabric consensus process comprises transaction content validity verification and transaction sequence consistency guarantee, aiming at two aspects of a consensus mechanism, the invention provides a VRF-based Fabric consensus optimization scheme, the VRF-based Fabric consensus scheme is a method for randomizing endorsement nodes, and the method for randomizing endorsement nodes comprises the following steps:

step 1: dividing endorsement node candidate groups in all endorsement nodes, wherein one committee comprises 1 club head and 2-3 members, each member is from different organizations, and numbers from 1 to 10 are used as identifiers to distinguish different committees;

step 2: the endorsement node in the candidate set generates a public key and a private key based on the elliptic curve, and specifically comprises the following steps:

(1) selecting a base point P of the elliptic curve, wherein the order is n;

(2) selecting a random number sk belongs to [1, n-1 ];

(3) generating a pair of elliptic curve keys, wherein the private key is sk and the public key is PK = sk^*P. The known private key sk and the base point P can simply obtain the public key PK, and on the contrary, the process of solving the sk is extremely difficult when the PK and the P are known;

step 3: the Client node generates a transaction proposal, namely, tx, r, and sends the transaction proposal to the joint leaders of all committees, wherein tx is transaction data comprising the name of the chain code function to be called and parameters thereof, and r is a random number selected by the Client node;

step 4: after receiving the prosal, the captain node generates a random number value and a zero-knowledge proof according to r and a private key sk of the node through an identity extraction algorithm, wherein the value determines whether the committee is an endorsement node, and the endorsement node identity extraction algorithm is as follows:

(1) by a hash function h₁Mapping tx to a point H on the elliptic curve, H = H₁(tx)；

(2) By a hash function h₂Encoding the input as an integer s, with s = h₂(r*H,r*P)；

(3) Calculating t = (r-s sk) mod n, V = sk H;

(4) by a hash function h₃Encoding a point on an elliptic curve as an integer to obtain a random number value = h₃(V) and generating a proof of zero knowledge proof of proof =<V,t,s>；

(5) If hash (value)> λ*2^hashlenThen the committee is chosen to endorse, where hash () is the cryptographic hash algorithm, hashlen is the output length of the hash function, λ is an artificially set threshold, and if the number of committees is 10, λ =0.2, then a transaction has no committee for its endorsementThe probability of a book is (0.2)¹⁰= 1.0240000000 e-7, namely, there may be one transaction not endorsed in ten million transactions, and the transaction can be resubmitted by setting a timer;

step 5: if the committee is determined to be selected to endorse, the long node synchronizes data < pro sale, value and proof > to other member nodes, each node executes proposal and generates an endorsement signature sig reading and writing set rw _ set, and then proposal response information response < sig, rw _ set, tx, PK, P, < value, proof > > and PK are public keys of endorsement nodes;

step 6: in the message receiving time, the Client continuously collects response < sig, < rw _ set, < tx ', PK, P, < value, proof' >, and verifies the endorsement signature for each response and the endorsement node identity according to < PK, tx ', proof' >; finally, if more than half of the read-write sets are consistent, the client generates transaction information tx < rw _ set, < sig > k >, and sends the transaction information tx < rw _ set, < sig > k > to the Order cluster for consensus of the next stage after signature; the endorsement node identity authentication algorithm is as follows:

(1) tx ' is mapped to a point H ' on the elliptic curve by a hash function H1, H ' = H₁(tx′)；

Calculating M₁=t′^*H′+s′^*V′，M₂=t′^*P+s^′*PK；

By a hash function h₂Will M₁、M₂Coded as an integer res, i.e. res = h₂(M₁,M₂)；

If res = s', it indicates that the random number value is valid, the verification is valid, otherwise, it is regarded as invalid.

The consensus method is an improved Raft consensus method for randomly selecting a Leader and a Listener, and comprises the following steps:

step 1: defining a Leader node in a cluster formed by Order nodes, and taking charge of ordering transaction information and synchronizing to other Order nodes, defining a Listener node and monitoring Heartbeat of the Leader, thereby determining whether to start a new round of election; in each round of election, confirming new Leader and Listener, if the Listener does not receive Heartbeat signal on time or election is not carried out within 5s, opening and taking charge of a new round of election;

step 2: when a new election starts, Listener generates an election proposal (pro 'r') and sends the election proposal to all Order nodes except the Listener, wherein r is a random number selected by Listener;

step 3: after the Order node receives the proxy, a random number value and a zero knowledge proof are generated according to r and the private key sk of the node through the identity extraction algorithm, and then proposal response information response < sig, PK, r, < value, proof > > is generated, and PK is the public key of the Order node;

step 4: during the message receiving time, Listener continuously collects responses, sigs are verified for each response, and meanwhile, order node identity verification is carried out through an identity verification algorithm according to < r ', PK, proof' >. Finally, the identity is confirmed by comparing the value values of the responses, wherein the value with the maximum value is confirmed as a new Leader, and the value with the minimum value is confirmed as a new Listener.

The verifiable random function algorithm needs to satisfy randomness, verifiability and uniqueness. The method has the advantages that the randomness of the algorithm is guaranteed because the private key of the endorsement node or the Order node and the random number generated by the Client node or the Order node serving as Listener are used in the calculation process; as the same data can obtain consistent results after consistent calculation, the uniqueness of the algorithm is ensured; the verifiability of the algorithm will be analyzed as follows:

if proof is not tampered with and tx = tx ″, then

H′ = H , t′ = t , V′ = V , s′ = s

M₁ = t′^*H′+s′^*V′ = t^*H+s^*V = t^*H+sk^*H = (t+sk)^*H = r^*H

M₂ = t′^*P+s′^*PK = t^*P+s^*(sk^*P)= (t+s^*sk)^*P = r^*P

Res = h₂(M₁,M₂₎ = h₂(r^*H,r^*P) = s′。If res ≠ s ', proof ' = proof and tx ' = tx is not true at the same time, proof or tx has been maliciously altered, thus guaranteeing the verifiability of the algorithm.

According to the invention, the bad asset package information and the transaction information thereof are recorded through the blockchain, the blockchain has the characteristics of decentralization, non-falsification, safety, credibility and the like, and the bad asset transaction with the blockchain enabled can be realized with high efficiency and safety and credibility.

When data is stored, since the bad asset contains several GB of picture information, a large amount of storage space and synchronization time are wasted if all pictures are stored on the blockchain. The invention carries out hash processing on the picture data, stores the hash value of the picture data in a block chain, and uses an additional file storage system to store a source file.

Because the data privacy safety of the user needs to be ensured in the transaction of the bad assets, the invention distinguishes the data into public information, private information and auction information, designs a privacy protection model of the bad assets on the basis, and essentially controls the access authority of each organization in the network to different databases. In the model, the private information of the node is concealed from the outside, and the private information access can be realized only through bank authorization. In order to further enhance privacy protection, the invention provides privacy protection for the data layer of a bad-quality asset package, and realizes that a bank selectively hides part of non-public data in due-employment survey information by designing a privacy data protection method based on CES, so that illegal behaviors of any malicious tampering of the original data can be verified and discovered.

The union chain is realized based on Fabric, and is innovated on the basis that:

high fault tolerance of a network is guaranteed by applying a Raft consensus mechanism and deploying an intelligent contract at multiple nodes, and the Raft consensus-based high fault tolerance is applied to the field of poor assets for the first time by a alliance chain;

by designing a method for randomizing endorsement nodes, the endorsement nodes are randomly selected in a non-interactive mode, on one hand, the centralization degree of the endorsement nodes is reduced, the attack resistance of a block chain network is increased, on the other hand, the randomness of a VRF algorithm is used for ensuring that all transaction requests in the block chain network are uniformly distributed to all endorsement nodes, the resource utilization rate is improved, and the transaction processing speed can be improved in a parallel processing mode;

the random and reliable Raft consensus is realized by designing an improved Raft consensus method for randomly selecting the Leader and the Listener. In the improved method for recognizing the Raft consensus, when election does not occur within a short fixed time or the Listener does not receive a Heartbeat signal (Leader crash) on time, the Leader and the corresponding Listener are randomly reselected through VRF, so that the randomness of the Leader and the safety of the block chain network are ensured.

The invention has the beneficial effects that: the problem of information asymmetry and efficiency between the bank and the AMC is solved. AMC can carry out secondary dispatching based on due diligence data in bad asset package information, thereby greatly reducing resource waste, and reducing examination cost due to verification of bidding information and asset circulation information on a block chain. The advantages and innovations of the invention are realized in the following aspects: firstly, the invention provides a VRF-based Fabric consensus optimization scheme, which improves the resource utilization rate, and avoids huge resource waste caused by PoW consensus and possible Order attack in the traditional Raft consensus mechanism; secondly, the invention reduces the waste of storage space and synchronization time by using a mode of storing a large file hash on a chain; in addition, the invention provides a privacy protection model of the bad assets and a privacy data protection method based on CES, and the safe access to the private information of the bad assets is ensured. And finally, performing pressure test on the query and invoke interfaces of the alliance chain network, wherein the results show that the throughputs of the query and invoke interfaces are 168RPS and 22RPS respectively, and the application requirements are met.

The invention is further illustrated by the following figures and examples.

Drawings

FIG. 1 is a main flow diagram of a federated bad asset block chain in accordance with an embodiment of the present invention;

FIG. 2 is a schematic diagram of large file storage according to an embodiment of the present invention;

fig. 3 is a model diagram of private information protection (a part of a privacy protection method, and another part is a CES-based privacy data protection method) according to an embodiment of the present invention;

fig. 4 is a network structure diagram of the VRF-based Fabric consensus optimization according to an embodiment of the present invention.

Detailed Description

The following description of the preferred embodiments of the present invention is provided for the purpose of illustration and description, and is in no way intended to limit the invention.

Example 1

As shown in fig. 1, a federated bad asset blockchain system has the following transaction flow:

s1, data processing

Large file data such as pictures of bad asset packs are firstly stored in a distributed database and are stored on a block chain after hash processing; the due diligence professional organization signs the due diligence information of the bad asset by using a Content Extraction Signature (CES) algorithm, then sends the signature to a bank, the bank can hide (but not tamper) the sensitive exhausted information and generate an effective extraction signature, and finally sends the desensitized exhausted information to the AMC requesting access;

s2, constructing bad asset pack block

In the present invention, the block stores bad asset pack information, which comprises the following data structures:

public information: recording basic information such as asset package names and asset lists and large file data subjected to hash processing;

private information: storing desensitized due diligence information and bidding information of each organization;

auction information: storing information such as the lowest bargaining price, auction ending time, auction state and the like, updating auction information after the auction state of the asset pack is confirmed, storing the updated auction information as public information in a new block, and providing data evidence;

s3, participating in bidding

Each AMC may participate in the auction before the end time of the portfolio auction, after submitting bids, the bid information will restrict access as private information; the bank can inquire the bidding of all organizations, and the AMC cannot inquire the bidding information of other organizations; the protection mechanism of the private information ensures privacy security in the transaction of the bad assets;

s4, inquiring the bad asset package information

The bank as the publisher of the bad asset pack has the highest authority to the asset pack; each AMC has the authority of accessing the public information of the bad asset pack, and when inquiring the private information of the asset pack, an application needs to be sent to a bank, and the private information of the asset pack can be accessed after the authorization of the bank is obtained;

s5, auction information uplink

When the auction of the asset pack is finished, the maximum bidding needs to be obtained so as to confirm the final transaction state; if the maximum bid price is lower than the minimum bargaining price, the transaction is regarded as failed, otherwise, the transaction is regarded as successful, and the bidders and the bargaining price of the asset package are updated; at this time, a new block is generated, and the updated bad asset pack is recorded;

the alliance chain unites organizations with bad asset purchase qualification, and provides united credit investigation and records auditable bad asset transactions through a block chain technology; in the invention, the bank can self-define the public information and the private information, thereby avoiding the situation that the information of the bad assets is excessively leaked; AMC can obtain the due diligence report (part of public information) provided by the bank, thereby greatly reducing the resource waste of secondary exhaustion; in addition, the bidding information of the AMC can not be stolen by other AMCs, the privacy and the safety of transaction are ensured, and the bad asset package information stored in the block chain forms an audit evidence after shooting, so that the data counterfeiting risk is greatly improved.

The S1 is a CES-based privacy data protection method, and the invention designs a CES-based privacy data protection method (one of privacy protection methods), which creatively implements privacy data protection in poor asset transactions through CES, and considers protection of data itself while implementing an access control mechanism, the CES-based privacy data protection method including:

step 1: generating a key of the Client node; in a framework of privacy data protection, all Client nodes are divided into three roles of a data Provider (professor), a data owner Bank (Bank) and a data user AMC (AMC), and all Client nodes need to generate public keys and private keys, and the specific process is as follows:

(1) the certificate authority selects a large prime number p, in Z_pSelecting an original root g of a prime number p in the range (if i is not equal to j, and p is a prime number, g isⁱ(mod p)≠g^j(mod p)), a hash function H: {0,1} → Z is defined_p；

(2) The Client node selects a random number sk belonging to Z_pAs private key, calculate w = g^sk(mod p), public key pk = { p, g, w };

step 2: the Provider signs the information; the Provider signs the message as the basis for other nodes to verify the accuracy of the message, and the signing and encrypting processes are as follows:

(1) splitting information M to be signed into a plurality of pieces of sub information, namely M = M₁,m₂,…m_nIn the bad asset transaction, it can be divided into (debtor information, debt right information, deposit information, and complaint information), and CEAS is set for defining the content extraction attribute of each sub-information, if CEAS is used_i=0, indicating that the bank can hide the sub information;

(2) selecting a random number t ∈ Z_p-1Calculate r = g^t(mod p), for any m_iE.g. M, calculate V_i=H(m_i,CEAS_i,r) Calculating σ_i=(V_i-sk*r)*k^-1(mod p-1), and finally, the signature σ is generated_full=<CEAS,r,Conc_i∈[1,n]=σ_i>，Conc_i∈[1,n]=σ_iMeans that all σ is sequentially applied from 1 to n_iConnecting;

(3) uploading each sub-message to a kv database, and setting key as Provider + V_iValue is m_i；

(4) Finally, executing encryption operation, and using symmetric key KP pair by Provider<σ_full, Conc_i∈[1,n]=V_i>Symmetric encryption is carried out, and then the public key pkB of the Bank is utilized to carry out K pair_PEncryption, ensuring that only the corresponding Bank can decrypt the information, and finally the Provider sends two encrypted information to the Bank: info = { Ekp (σ)_full, Conc_i∈[1,n]=V_i),E_pkB(KP)}；

Step 3: bank extraction signature

The Bank firstly decrypts the received information, then verifies the signature of the Provider, ensures the correctness of the signature, finally generates an extracted signature, and realizes the selective hiding of the private information; the specific process is as follows:

(1) bank uses its own private key to decrypt E_pkB(K_P) To obtain K_PBy using K_PDecryption E_kp(σ_full, Conc_i∈[1,n]=V_i) To obtain<σ_full, Conc_i∈[1,n]=V_i >；

(2) By judging w^r*r^σi = g^Vi(mod p) is satisfied, and σ is judged_fullEach sigma of_iWhether or not it is correct, thereby determining σ_fullWhere { p, g, w } is the public key of Provider, and w^r*r^σi = g^sk*r*g^t*σi = g^sk*r+t*σi = g^Vi；

(3) Bank self-defining extractable message set ANS based on CEAS content, if CEAS_i=1,ANS_i=1 if CEAS_i=0,ANS_i=0 or 1, an extractable set of messages M' is obtained from the kv database according to ANS;

(4) generating an extraction signature σ_Ext=<ANS,σ_full>Finally, encryption is carried out, and a symmetric key K is used by a Bank_BTo pair<σ_Ext, M′>Symmetric encryption is performed, and then the KB is encrypted by using the public key pkA of the AMC, so that only the corresponding AMC can decrypt the information, and finally the Bank sends two encrypted information to the AMC: info = { E =_kB(σ_Ext, M′),E_pkA(K_B)}。

Step 4: AMC verification signature

AMC, after obtaining the encrypted information of Bank, it will decrypt it and verify the extracted signature, if the extracted signature is correct, it will be considered that the correct message M' is received, the specific process is as follows:

(1) AMC decrypts E using its own private key_pkA(K_B) To obtain K_BBy using K_BDecryption E_kB(σ_ExtM') obtaining<σ_Ext, M′>；

(2) Firstly, the correctness of ANS is verified if CEAS_i=1，ANS_iIf not, the ANS is illegal and refuses to receive the message;

(3) second, for any m_jE.g. M', calculate V_j=H(m_j,CEAS_j,r) And judge w^r*r^σj = g^Vj(mod p) is true;

(4) if σ_fullThe AMC considers that the valid information M 'without tampering is received, and M' is the result after the Bank selectively hides the privacy data from the original information M in the scope allowed by the Provider.

The privacy data protection method based on CES of S1 ensures that due diligence professional organization, bank and AMC three parties can transmit due diligence information under mutual verification; in the information transmission process, the bank can verify the signature of the due diligence professional organization and can selectively hide part of private data within the range allowed by the due diligence professional organization; the AMC can verify the extracted signature of the bank, so as to receive the legitimate due diligence investigation information without tampering.

S2 is a storage method based on the block chain, and light weight storage of the block chain is achieved by storing large files on and off the chain aiming at the characteristic that bad assets contain large files.

A bad data package often contains a plurality of GB picture information, if pictures are directly stored in blocks without being processed, the endorsement confirmation time can be prolonged, and the maximum transaction number which can be contained by the blocks can be greatly reduced; in the present invention, as shown in fig. 2, which is a schematic diagram of large file storage, a bank stores picture source data in a file storage service, the service supports accessing files by hash and providing services to an external network by using an HTTP protocol, and the hash value of a large file is stored in a block chain; AMC obtains the asset packet data through the block chain network, obtains the image hash value of the asset packet at the business logic layer and obtains the source file from the file storage service of the bank, on one hand, the safe transmission of the large file is ensured, and the pressure of the block chain network is reduced; on the other hand, pictures can be kept in the block chain for forensics.

The S3 is a privacy protection model, and the invention further ensures privacy security in bad asset transaction by controlling the access authority of the blockchain network nodes.

FIG. 3 is a diagram of a private information protection model (second method of privacy protection) based on the principle that different access rights are divided for different data structures, and a bank controls the access rights of private information; the transaction related to the private information stores the original transaction text in a side database, the key and the value of the private information are processed by using a hash function, the private information is not sent to other unorthodox points, the bids of AMCs on an asset package are concealed mutually, a bank can see all the bidding data, and the private information is protected.

The privacy protection comprises two parts, namely a 'CES-based privacy data protection method' (one of privacy protection methods) and a 'privacy protection model' (the second of privacy protection methods).

Compared with Bitcoin and Ethereum technologies, the alliance chain is realized based on the Fabric, the Fabric has an admission qualification authorization mechanism, a token mechanism is cancelled, an intelligent contract can be written by almost any high-level language, and the alliance chain is more suitable for realizing financial services. In addition, based on the Fabric application improved Raft consensus protocol, the method supports that less than half of nodes in the network can still work normally when being crashed, and meanwhile, each Peer node in the network is deployed with an intelligent contract, so that higher degree of crash fault tolerance is ensured.

Verifiable Random Functions (VRFs) are a type of pseudo-random function with a verification function by which a verifier can verify whether a random number was generated by a publisher without having knowledge of the publisher's private key.

The Fabric consensus process comprises transaction content validity verification and transaction sequence consistency guarantee, aiming at two aspects of a consensus mechanism, the invention provides a VRF-based Fabric consensus optimization scheme (the Fabric consensus mechanism comprises two aspects (steps). the invention, aiming at consensus of the two aspects, respectively provides optimization schemes based on VRF, respectively a method for randomizing endorsement nodes (Peer nodes), an improved method for randomly selecting Leader and Lister, and collectively referred to as a VRF-based Fabric consensus optimization scheme, the VRF-based Fabric consensus scheme is a method for randomizing endorsement nodes (Peer nodes), and the method for randomizing endorsement nodes comprises the following steps:

step 1: dividing endorsement node candidate groups (committees) in all endorsement nodes (candidate sets), wherein one committee comprises 1 club head and 2-3 members, each member is from different organizations, and numbers from 1-10 are used as identifiers to distinguish different committees;

step 2: the endorsement node in the candidate set generates a public key and a private key based on the elliptic curve, and specifically comprises the following steps:

(1) selecting a base point P of the elliptic curve, wherein the order is n;

(2) selecting a random number sk belongs to [1, n-1 ];

(3) generating a pair of elliptic curve keys, wherein the private key is sk and the public key is PK = sk^*P. The known private key sk and the base point P can simply obtain the public key PK, and on the contrary, the process of solving the sk is extremely difficult when the PK and the P are known;

step 3: the Client node generates a transaction proposal, namely, tx, r, and sends the transaction proposal to the joint leaders of all committees, wherein tx is transaction data comprising the name of the chain code function to be called and parameters thereof, and r is a random number selected by the Client node;

step 4: after receiving the prosal, the captain node generates a random number value and a zero-knowledge proof according to r and a private key sk of the node through an identity extraction algorithm, wherein the value determines whether the committee is an endorsement node, and the endorsement node identity extraction algorithm is as follows:

(1) by a hash function h₁Mapping tx to a point H on the elliptic curve, H = H₁(tx)；

(2) By a hash function h₂Encoding the input as an integer s, with s = h₂(r*H,r*P)；

(3) Calculating t = (r-s sk) mod n, V = sk H;

(4) by a hash function h₃Encoding a point on an elliptic curve as an integer to obtain a random number value = h₃(V) and generating a proof of zero knowledge proof of proof =<V,t,s>；

(5) If hash (value)> λ*2^hashlenThen the committee is chosen to endorse, where hash () is the cryptographic hash algorithm, hashlen is the output length of the hash function, λ is an artificially set threshold, and if the number of committees is 10, λ =0.2, then the probability that a transaction will not have any committee endorsed it is (0.2)¹⁰= 1.0240000000 e-7, namely, there may be one transaction not endorsed in ten million transactions, and the transaction can be resubmitted by setting a timer;

step 5: if the committee is determined to be selected to endorse, the long node synchronizes data < pro sale, value and proof > to other member nodes, each node executes proposal and generates an endorsement signature sig reading and writing set rw _ set, and then proposal response information response < sig, rw _ set, tx, PK, P, < value, proof > > and PK are public keys of endorsement nodes;

step 6: in the message receiving time, the Client continuously collects response < sig, < rw _ set, < tx ', PK, P, < value, proof' >, and verifies the endorsement signature for each response and the endorsement node identity according to < PK, tx ', proof' >; finally, if more than half of the read-write sets are consistent, the client generates transaction information tx < rw _ set, < sig > k >, and sends the transaction information tx < rw _ set, < sig > k > to the Order cluster for consensus of the next stage after signature; the endorsement node identity authentication algorithm is as follows:

(1) tx ' is mapped to a point H ' on the elliptic curve by a hash function H1, H ' = H₁(tx′)；

Calculating M₁=t′^*H′+s′^*V′，M₂=t′^*P+s^′*PK；

By a hash function h₂Will M₁、M₂Coded as an integer res, i.e. res = h₂(M₁,M₂)；

If res = s', it indicates that the random number value is valid, the verification is valid, otherwise, it is regarded as invalid.

The consensus method is an improved Raft consensus method for randomly selecting a Leader and a Listener, and comprises the following steps:

step 1: defining a Leader node in a cluster formed by Order nodes, and taking charge of ordering transaction information and synchronizing to other Order nodes, defining a Listener node and monitoring Heartbeat of the Leader, thereby determining whether to start a new round of election; in each round of election, confirming new Leader and Listener, if the Listener does not receive Heartbeat signal on time or election is not carried out within 5s, opening and taking charge of a new round of election;

step 2: when a new election starts, Listener generates an election proposal (pro 'r') and sends the election proposal to all Order nodes except the Listener, wherein r is a random number selected by Listener;

step 3: after the Order node receives the proxy, a random number value and a zero knowledge proof are generated according to r and the private key sk of the node through the identity extraction algorithm, and then proposal response information response < sig, PK, r, < value, proof > > is generated, and PK is the public key of the Order node;

step 4: during the message receiving time, Listener continuously collects responses, sigs are verified for each response, and meanwhile, order node identity verification is carried out through an identity verification algorithm according to < r ', PK, proof' >. Finally, the identity is confirmed by comparing the value values of the responses, wherein the value with the maximum value is confirmed as a new Leader, and the value with the minimum value is confirmed as a new Listener.

The verifiable random function algorithm needs to satisfy randomness, verifiability and uniqueness. The method has the advantages that the randomness of the algorithm is guaranteed because the private key of the endorsement node (or Order node) and the random number generated by the Client node (or Order node serving as Lister) are used in the calculation process; as the same data can obtain consistent results after consistent calculation, the uniqueness of the algorithm is ensured; the verifiability of the algorithm will be analyzed as follows:

if proof is not tampered with and tx = tx ″, then

H′ = H , t′ = t , V′ = V , s′ = s

M₁ = t′^*H′+s′^*V′ = t^*H+s^*V = t^*H+sk^*H = (t+sk)^*H = r^*H

M₂ = t′^*P+s′^*PK = t^*P+s^*(sk^*P)= (t+s^*sk)^*P = r^*P

Res = h₂(M₁,M₂₎ = h₂(r^*H,r^*P) = s'. If res ≠ s ', proof ' = proof and tx ' = tx is not true at the same time, proof or tx has been maliciously altered, thus guaranteeing the verifiability of the algorithm.

FIG. 4 is a network structure diagram of the VRF-based Fabric consensus optimization scheme of the present invention. The network consists of M due diligence research professional institutions, N Client nodes, N Order nodes organized by the Client nodes and 3N Peer nodes, wherein the Order nodes form a cluster through a Raft consensus protocol. Wherein, part of Order nodes take the roles of Leader and Listener, part of Peer takes the role of club Leader when playing the function of endorsement, and the members in the committee come from different organizations.

Claims (6)

1. A federated bad asset block chain, characterized in that: the transaction flow of the block chain system of the alliance type poor assets is as follows:

s1, data processing

Large file data such as pictures of bad asset packs are firstly stored in a distributed database and are stored on a block chain after hash processing; the due diligence professional organization signs the due diligence information of the undesirable asset by using a content extraction signature algorithm, then sends the signature to a bank, the bank can hide the sensitive full-call information and generate an effective extraction signature, and finally sends the desensitized full-call information to the AMC requesting access;

s2, constructing bad asset pack block

In the present invention, the block stores bad asset pack information, which comprises the following data structures:

public information: recording basic information such as asset package names and asset lists and large file data subjected to hash processing;

private information: storing desensitized due diligence information and bidding information of each organization;

auction information: storing information such as the lowest bargaining price, auction ending time, auction state and the like, updating auction information after the auction state of the asset pack is confirmed, storing the updated auction information as public information in a new block, and providing data evidence;

s3, participating in bidding

Each AMC may participate in the auction before the end time of the portfolio auction, after submitting bids, the bid information will restrict access as private information; the bank can inquire the bidding of all organizations, and the AMC cannot inquire the bidding information of other organizations; the protection mechanism of the private information ensures privacy security in the transaction of the bad assets;

s4, inquiring the bad asset package information

The bank as the publisher of the bad asset pack has the highest authority to the asset pack; each AMC has the authority of accessing the public information of the bad asset pack, and when inquiring the private information of the asset pack, an application needs to be sent to a bank, and the private information of the asset pack can be accessed after the authorization of the bank is obtained;

s5, auction information uplink

When the auction of the asset pack is finished, the maximum bidding needs to be obtained so as to confirm the final transaction state; if the maximum bid price is lower than the minimum bargaining price, the transaction is regarded as failed, otherwise, the transaction is regarded as successful, and the bidders and the bargaining price of the asset package are updated; at this time, a new block is generated, and the updated bad asset pack is recorded;

the alliance chain unites organizations that qualify for purchase of undesirable assets and provides for joint credit reporting and recording of auditable transactions for undesirable assets through blockchain techniques.

2. A federated bad asset block chain according to claim 1, characterized in that: the S1 is a CES-based private data protection method, where the CES-based private data protection method includes:

step 1: generating a key of the Client node; in a framework of privacy data protection, all Client nodes are divided into three roles of a data Provider, a data owner Bank and a data user AMC, and all Client nodes need to generate public keys and private keys, and the specific process is as follows:

(1) the certificate authority selects a large prime number p, in Z_pSelecting an original root g of a prime number p in the range (if i is not equal to j, and p is a prime number, g isⁱ(mod p)≠g^j(mod p)), a hash function H: {0,1} → Z is defined_p；

(2) The Client node selects a random number sk belonging to Z_pAs private key, calculate w = g^sk(mod p), public key pk = { p, g, w };

step 2: the Provider signs the information; the Provider signs the message as the basis for other nodes to verify the accuracy of the message, and the signing and encrypting processes are as follows:

(1) splitting information M to be signed into a plurality of pieces of sub information, namely M = M₁,m₂,…m_nDividing into debtor information, debtor right information, deposit information and complaint information in bad asset transaction, setting CEAS for defining content extraction attribute of each sub-information, if CEAS is used_i=0, indicating that the bank can hide the sub information;

(2) selecting a random number t ∈ Z_p-1Calculate r = g^t(mod p), for any m_iE.g. M, calculate V_i=H(m_i,CEAS_i,r) Calculating σ_i=(V_i-sk*r)*k^-1(mod p-1), and finally, the signature σ is generated_full=<CEAS,r,Conc_i∈[1,n]=σ_i>，Conc_i∈[1,n]=σ_iMeans that all σ is sequentially applied from 1 to n_iConnecting;

(3) uploading each sub-message to a kv database, and setting key as Provider + V_iValue is m_i；

(4) Finally, executing encryption operation, and using symmetric key KP pair by Provider<σ_full, Conc_i∈[1,n]=V_i>Symmetric encryption is carried out, and then the public key pkB of the Bank is utilized to carry out K pair_PEncryption, ensuring that only the corresponding Bank can decrypt the information, and finally the Provider sends two encrypted information to the Bank: info = { Ekp (σ)_full, Conc_i∈[1,n]=V_i),E_pkB(KP)}；

Step 3: bank extraction signature

The Bank firstly decrypts the received information, then verifies the signature of the Provider, ensures the correctness of the signature, finally generates an extracted signature, and realizes the selective hiding of the private information; the specific process is as follows:

(1) bank uses its own private key to decrypt E_pkB(K_P) To obtain K_PBy using K_PDecryption E_kp(σ_full, Conc_i∈[1,n]=V_i) To obtain<σ_full, Conc_i∈[1,n]=V_i >；

(2) By judging w^r*r^σi = g^Vi(mod p) is satisfied, and σ is judged_fullEach sigma of_iWhether or not it is correct, thereby determining σ_fullWhere { p, g, w } is the public key of Provider, and w^r*r^σi = g^sk*r*g^t*σi = g^sk*r+t*σi = g^Vi；

(3) Bank self-defining extractable message set ANS based on CEAS content, if CEAS_i=1,ANS_i=1 if CEAS_i=0,ANS_i=0 or 1, an extractable set of messages M' is obtained from the kv database according to ANS;

(4) generating an extraction signature σ_Ext=<ANS,σ_full>Finally, encryption is carried out, and a symmetric key K is used by a Bank_BTo pair<σ_Ext, M′>Symmetric encryption is performed, and then the KB is encrypted by using the public key pkA of the AMC, so that only the corresponding AMC can decrypt the information, and finally the Bank sends two encrypted information to the AMC: info = { E =_kB(σ_Ext, M′),E_pkA(K_B)}；

Step 4: AMC verification signature

AMC, after obtaining the encrypted information of Bank, it will decrypt it and verify the extracted signature, if the extracted signature is correct, it will be considered that the correct message M' is received, the specific process is as follows:

(1) AMC decrypts E using its own private key_pkA(K_B) To obtain K_BBy using K_BDecryption E_kB(σ_ExtM') obtaining<σ_Ext, M′>；

(2) Firstly, the correctness of ANS is verified if CEAS_i=1，ANS_iIf not, the ANS is illegal and refuses to receive the message;

(3) second, for any m_jE.g. M', calculate V_j=H(m_j,CEAS_j,r) And judge w^r*r^σj = g^Vj(mod p) is true;

(4) if σ_fullThe AMC considers that the valid information M 'without tampering is received, and M' is the result after the Bank selectively hides the privacy data from the original information M in the scope allowed by the Provider.

3. A federated bad asset block chain according to claim 1, characterized in that: the S2 is a storage method based on the block chain;

the bank stores the picture source data into a file storage service, the service supports the file access through hash and provides service for an external network by adopting an HTTP (hyper text transport protocol), and the hash value of a large file is stored on a block chain; AMC obtains the asset package data through the block chain network, obtains the image hash value of the asset package at the service logic layer and obtains the source file from the file storage service of the bank.

4. A federated bad asset block chain according to claim 1, characterized in that: the S3 is a privacy protection model; the private information protection model divides different access rights for different data structures, and the bank controls the access rights of the private information; the transaction related to the private information stores the original transaction text in a side database, the key and the value of the private information are processed by using a hash function, the private information is not sent to other unorthodox points, the bids of AMCs on an asset package are concealed mutually, a bank can see all the bidding data, and the private information is protected.

5. A federated bad asset block chain according to claim 1, characterized in that: the federated bad asset blockchain system comprises a VRF-based Fabric consensus scheme, and is a method for randomizing endorsement nodes, and the method for randomizing endorsement nodes comprises the following steps:

step 1: dividing endorsement node candidate groups in all endorsement nodes, wherein one committee comprises 1 club head and 2-3 members, each member is from different organizations, and numbers from 1 to 10 are used as identifiers to distinguish different committees;

step 2: the endorsement node in the candidate set generates a public key and a private key based on the elliptic curve, and specifically comprises the following steps:

(1) selecting a base point P of the elliptic curve, wherein the order is n;

(2) selecting a random number sk belongs to [1, n-1 ];

(3) generating a pair of elliptic curve keys, wherein the private key is sk and the public key is PK = sk^*P；

The known private key sk and the base point P can simply obtain the public key PK, and on the contrary, the process of solving the sk is extremely difficult when the PK and the P are known;

step 3: the Client node generates a transaction proposal, namely, tx, r, and sends the transaction proposal to the joint leaders of all committees, wherein tx is transaction data comprising the name of the chain code function to be called and parameters thereof, and r is a random number selected by the Client node;

step 4: after receiving the prosal, the captain node generates a random number value and a zero-knowledge proof according to r and a private key sk of the node through an identity extraction algorithm, wherein the value determines whether the committee is an endorsement node, and the endorsement node identity extraction algorithm is as follows:

(1) by a hash function h₁Mapping tx to a point H on the elliptic curve, H = H₁(tx)；

(2) By a hash function h₂Encoding the input as an integer s, with s = h₂(r*H,r*P)；

(3) Calculating t = (r-s sk) mod n, V = sk H;

(4) by a hash function h₃Encoding a point on an elliptic curve as an integer to obtain a random number value = h₃(V) and generating a proof of zero knowledge proof of proof =<V,t,s>；

(5) If hash (value)> λ*2^hashlenThen the committee is chosen to endorse, where hash () is the cryptographic hash algorithm, hashlen is the output length of the hash function, λ is an artificially set threshold, and if the number of committees is 10, λ =0.2, then the probability that a transaction will not have any committee endorsed it is (0.2)¹⁰= 1.0240000000 e-7, namely, there may be one transaction not endorsed in ten million transactions, and the transaction can be resubmitted by setting a timer;

step 5: if the committee is determined to be selected to endorse, the long node synchronizes data < pro sale, value and proof > to other member nodes, each node executes proposal and generates an endorsement signature sig reading and writing set rw _ set, and then proposal response information response < sig, rw _ set, tx, PK, P, < value, proof > > and PK are public keys of endorsement nodes;

step 6: in the message receiving time, the Client continuously collects response < sig, < rw _ set, < tx ', PK, P, < value, proof' >, and verifies the endorsement signature for each response and the endorsement node identity according to < PK, tx ', proof' >; finally, if more than half of the read-write sets are consistent, the client generates transaction information tx < rw _ set, < sig > k >, and sends the transaction information tx < rw _ set, < sig > k > to the Order cluster for consensus of the next stage after signature; the endorsement node identity authentication algorithm is as follows:

(1) tx ' is mapped to a point H ' on the elliptic curve by a hash function H1, H ' = H₁(tx′)；

Calculating M₁=t′^*H′+s′^*V′，M₂=t′^*P+s^′*PK；

By a hash function h₂Will M₁、M₂Coded as an integer res, i.e. res = h₂(M₁,M₂)；

If res = s', it indicates that the random number value is valid, the verification is valid, otherwise, it is regarded as invalid.

6. A federated bad asset block chain according to claim 1, characterized in that: the consensus method for the alliance type poor resource block chain is an improved Raft consensus method for randomly selecting a Leader and a Listener, and comprises the following steps of:

step 1: defining a Leader node in a cluster formed by Order nodes, and taking charge of ordering transaction information and synchronizing to other Order nodes, defining a Listener node and monitoring Heartbeat of the Leader, thereby determining whether to start a new round of election; in each round of election, confirming new Leader and Listener, if the Listener does not receive Heartbeat signal on time or election is not carried out within 5s, opening and taking charge of a new round of election;

step 2: when a new election starts, Listener generates an election proposal (pro 'r') and sends the election proposal to all Order nodes except the Listener, wherein r is a random number selected by Listener;

step 3: after the Order node receives the proxy, a random number value and a zero knowledge proof are generated according to r and the private key sk of the node through the identity extraction algorithm, and then proposal response information response < sig, PK, r, < value, proof > > is generated, and PK is the public key of the Order node;

step 4: in the message receiving time, Listener continuously collects responses, sigs are verified for each response, and meanwhile, the order node identity verification is carried out through an identity verification algorithm according to < r ', PK, proof' >;

finally, the identity is confirmed by comparing the value values of the responses, wherein the value with the maximum value is confirmed as a new Leader, and the value with the minimum value is confirmed as a new Listener.

Images