Disclosure of Invention
The disclosure provides a digital signature interactive verification method, a system, a device and a medium, which can solve the problems that the realization of a digital signature mentioned in the background technology needs to be realized by the validity consensus of each node server, certain system resources are consumed in the verification process of the validity consensus, for example, when a lead node is determined by using Raft consensus algorithm, the lead node is subjected to fault or disconnection due to the occurrence of the situation of brain fracture or the like, and the problem that the consumption of the system resources such as election and the like is carried out again and the waiting time of the digital signature is increased. In order to solve the technical problems, the present disclosure provides the following technical solutions:
As an aspect of the embodiments of the present disclosure, there is provided a digital signature interactive verification method applied to a master node server, the node server including the master node server and a plurality of other node servers, including the steps of:
s10, acquiring the identity identification information of the user sent by the signature proxy server;
S20, acquiring a public and private key file uniquely corresponding to the identity identification information according to the identity identification information, wherein the public and private key file is prestored by a main node server and a plurality of other node servers according to the identity information of a user;
S30, carrying out asymmetric encryption on the identity identification information according to a public and private key file to obtain ciphertext data and a digital signature corresponding to the ciphertext data;
s40, writing the digital signature into a log queue in the master node server;
S50, if the determined leader node is a master node server, sending and executing heartbeats of the leader node, and inserting the log queue into the tail of the log queue of the leader node by the master node server and synchronizing the log queue to a plurality of other node servers; if the heartbeat of the leader node is monitored, converting the master node server into a following node, and sending a request for inserting the log queue into the tail of the log queue of the leader node, so that the leader node is synchronized to a plurality of other node servers, and executing S70 after the log queue is synchronized to the plurality of other node servers;
S60, if the master node server is not the leader node and the heartbeat of the leader node is not monitored within the time of overtime of election, initiating an election process, converting the master node server into a candidate state and casting a vote, then sending RequestVote RPC information to request other node servers to participate in voting, receiving voting information of the other node servers and counting the number of votes of each node server, determining the leader node according to the number of votes and credit coefficients corresponding to each node server in a chain credit scoring unit, and then executing step S50; the on-chain credit scoring unit is arranged on each node server and shares a unified credit evaluation rule, and credit coefficients of each node server are calculated by using the credit evaluation rule based on historical behaviors of each node server;
S70, receiving a consensus result initiated by a plurality of other node servers, wherein the consensus result is that the plurality of other node servers judge whether the digital signature in the log queue is consistent with the user identity information in the public and private key files of the other node servers; if it is in agreement with the present one, the consensus result is consensus; if the two types of the data are inconsistent, the consensus result is that the consensus is not achieved;
S80, if the received consensus results of the plurality of other node servers are consensus, transmitting the digital signature and the ciphertext data back to the signature proxy server; if the received consensus result of the plurality of other node servers does not reach consensus, the signature verification failure information is returned to the signature proxy server.
Optionally, the credit rating rules include one or more of the following:
Digital signature invalidation ratio: the number of the digital signature invalid proportion initiated by the node server discovered in the signature tracing process is the number, the fewer the digital signature invalid proportion is, the higher the credit coefficient is;
log consistency ratio: counting the log consistency in each node server, wherein the log consistency is the proportion consistent with other node servers, and the higher the log consistency proportion is, the higher the credit coefficient is;
digital signature speed: the faster the node server completes the digital signature, the higher the credit coefficient;
outage probability: the lower the probability of a node server becoming disconnected or down, the higher the credit factor.
Optionally, determining the leader node according to the ticket number and the credit coefficient corresponding to each node server in the on-chain reputation scoring unit includes: and obtaining a credit voting value according to the product of the credit coefficient and the ticket number, and determining a node server with the highest credit voting value as a leading node.
Optionally, the credit evaluation rule includes a digital signature invalidation proportion, a log consistency proportion, a digital signature speed and a outage probability, wherein a credit coefficient ratio corresponding to the digital signature invalidation proportion and the log consistency proportion is higher than a credit coefficient ratio corresponding to the digital signature speed and the outage probability.
Optionally, the credit evaluation rule is expressed by the following formula:
F=A*Inv+B*Uni+C*Speed+D*Downtime,
Wherein F is a credit coefficient, inv is a digital signature invalidation proportion, uni is a log consistency proportion, speed is a digital signature Speed, downtime is a outage probability, A, B, C, D is a proportionality constant, wherein A is 30-50%, B is 30-50%, C is 5-15%, and D is 5-15%.
Optionally, the credit evaluation rule is expressed by the following formula:
F=40%*Inv+40%*Uni+10%*Speed+10%*Downtime。
as another aspect of an embodiment of the present disclosure, there is provided a digital signature interactive verification system including:
The identity identification information receiving module is used for acquiring the identity identification information of the user sent by the signature proxy server;
The public and private key matching module is used for acquiring a public and private key file uniquely corresponding to the identity identification information according to the identity identification information, wherein the public and private key file is prestored by a main node server and a plurality of other node servers according to the identity information of a user;
The asymmetric encryption module performs asymmetric encryption on the identity identification information according to a public and private key file to obtain ciphertext data and a digital signature corresponding to the ciphertext data;
the log queue updating module writes the digital signature into a log queue in the master node server;
the log queue insertion module is used for sending and executing the heartbeat of the leader node if the determined leader node is the master node server, and the master node server is used for inserting the log queue into the tail of the log queue of the leader node and synchronizing the log queue to a plurality of other node servers; if the heartbeat of the leader node is monitored, converting the master node server into a following node, and sending a request for inserting the log queue into the tail of the log queue of the leader node, so that the leader node is synchronized to a plurality of other node servers, and executing S70 after the log queue is synchronized to the plurality of other node servers;
The leader node election module initiates an election process if the master node server is not the leader node and the heartbeat of the leader node is not monitored within the time of the election timeout, converts the master node server into a candidate state and casts a vote, then sends RequestVoteRPC information to request other node servers to participate in the voting, receives the voting information of the other node servers and counts the votes of each node server, determines the leader node according to the votes and the credit coefficients corresponding to each node server in the on-chain credit scoring unit, and then executes step S50; the on-chain credit scoring unit is arranged on each node server and shares a unified credit evaluation rule, and credit coefficients of each node server are calculated by using the credit evaluation rule based on historical behaviors of each node server;
The consensus result receiving module receives consensus results initiated by a plurality of other node servers, wherein the consensus results are that the plurality of other node servers judge whether the digital signature in the log queue is consistent with the user identity information in the public and private key files of the other node servers; if it is in agreement with the present one, the consensus result is consensus; if the two types of the data are inconsistent, the consensus result is that the consensus is not achieved;
The signature feedback module is used for transmitting the digital signature and the ciphertext data back to the signature proxy server if the received consensus results of the plurality of other node servers are consensus; if the received consensus result of the plurality of other node servers does not reach consensus, the signature verification failure information is returned to the signature proxy server.
Optionally, the leader node election module further comprises a credit evaluation module, wherein the credit evaluation module is used for obtaining a credit voting value according to the product of the credit coefficient and the ticket number, and a node server with the highest credit voting value is determined to be the leader node; wherein the credit factor depends on one or more of the following parameters:
Digital signature invalidation ratio: the number of the digital signature invalid proportion initiated by the node server discovered in the signature tracing process is the number, the fewer the digital signature invalid proportion is, the higher the credit coefficient is;
log consistency ratio: counting the log consistency in each node server, wherein the log consistency is the proportion consistent with other node servers, and the higher the log consistency proportion is, the higher the credit coefficient is;
digital signature speed: the faster the node server completes the digital signature, the higher the credit coefficient;
outage probability: the lower the probability of a node server becoming disconnected or down, the higher the credit factor.
The method and the system can combine intelligent contracts in a blockchain to define credit evaluation rules in a credit system, introduce the validity and log consistency in signature tracing of a digital signature, and reflect the system running speed and efficiency of a node server, and the probability of network disconnection and downtime, so that a leader node determined during digital signature interactive verification is good in the credit system, the probability of failure or disconnection of the leader node is reduced, and the occurrence of reelect is further reduced; meanwhile, a credit evaluation rule and ticket number combination mechanism is introduced, so that the problem that the number of node servers must adopt odd nodes can be avoided, the occurrence of brain fracture can be prevented, and the waste of calculation resources is avoided.
Detailed Description
Various exemplary embodiments, features and aspects of the disclosure will be described in detail below with reference to the drawings. In the drawings, like reference numbers indicate identical or functionally similar elements. Although various aspects of the embodiments are illustrated in the accompanying drawings, the drawings are not necessarily drawn to scale unless specifically indicated.
The word "exemplary" is used herein to mean "serving as an example, embodiment, or illustration. Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments.
The term "and/or" is herein merely an association relationship describing an associated object, meaning that there may be three relationships, e.g., a and/or B, may represent: a exists alone, A and B exist together, and B exists alone. In addition, the term "at least one" herein means any one of a plurality or any combination of at least two of a plurality, for example, including at least one of A, B, C, may mean including any one or more elements selected from the group consisting of A, B and C.
Furthermore, numerous specific details are set forth in the following detailed description in order to provide a better understanding of the present disclosure. It will be understood by those skilled in the art that the present disclosure may be practiced without some of these specific details. In some instances, methods, means, elements, and circuits well known to those skilled in the art have not been described in detail in order not to obscure the present disclosure.
It will be appreciated that the above-mentioned method embodiments of the present disclosure may be combined with each other to form a combined embodiment without departing from the principle logic, and are limited to the description of the present disclosure.
In addition, the disclosure further provides a digital signature interactive verification method, a system, a device and a medium, and the above can be used for implementing any one of the digital signature interactive verification methods provided in the disclosure, and the corresponding technical scheme, description and corresponding description referring to the method section are not repeated.
The digital signature interactive verification method may be implemented by a computer or other digital signature based interactive verification system, for example, the method may be performed by a terminal device or a server or other processing device, where the terminal device may be a User Equipment (UE), a mobile device, a User terminal, a cellular phone, a cordless phone, a Personal digital assistant (Personal DIGITAL ASSISTANT, PDA), a handheld device, a computing device, a vehicle-mounted device, a wearable device, etc. In some possible implementations, the digital signature interactive verification method may be implemented by way of a processor invoking computer readable instructions stored in a memory.
Example 1
As an aspect of the embodiments of the present disclosure, a digital signature interactive verification method, as shown in fig. 1, includes the steps of:
s10, acquiring the identity identification information of the user sent by the signature proxy server;
S20, acquiring a public and private key file uniquely corresponding to the identity identification information according to the identity identification information, wherein the public and private key file is prestored by a main node server and a plurality of other node servers according to the identity information of a user;
S30, carrying out asymmetric encryption on the identity identification information according to a public and private key file to obtain ciphertext data and a digital signature corresponding to the ciphertext data;
s40, writing the digital signature into a log queue in the master node server;
S50, if the determined leader node is a master node server, sending and executing heartbeats of the leader node, and inserting the log queue into the tail of the log queue of the leader node by the master node server and synchronizing the log queue to a plurality of other node servers; if the heartbeat of the leader node is monitored, converting the master node server into a following node, and sending a request for inserting the log queue into the tail of the log queue of the leader node, so that the leader node is synchronized to a plurality of other node servers, and executing S70 after the log queue is synchronized to the plurality of other node servers;
S60, if the master node server is not the leader node and the heartbeat of the leader node is not monitored within the time of overtime of election, initiating an election process, converting the master node server into a candidate state and casting a vote, then sending RequestVoteRPC information to request other node servers to participate in voting, receiving voting information of the other node servers and counting the number of votes of each node server, determining the leader node according to the number of votes and credit coefficients corresponding to each node server in a chain credit scoring unit, and then executing step S50; the on-chain credit scoring unit is arranged on each node server and shares a unified credit evaluation rule, and credit coefficients of each node server are calculated by using the credit evaluation rule based on historical behaviors of each node server;
S70, receiving a consensus result initiated by a plurality of other node servers, wherein the consensus result is that the plurality of other node servers judge whether the digital signature in the log queue is consistent with the user identity information in the public and private key files of the other node servers; if it is in agreement with the present one, the consensus result is consensus; if the two types of the data are inconsistent, the consensus result is that the consensus is not achieved;
S80, if the received consensus results of the plurality of other node servers are consensus, transmitting the digital signature and the ciphertext data back to the signature proxy server; if the received consensus result of the plurality of other node servers does not reach consensus, the signature verification failure information is returned to the signature proxy server.
The embodiment of the disclosure can combine intelligent contracts in a blockchain to define credit evaluation rules in a credit system, introduce the validity and log consistency in signature tracing of a digital signature, and reflect the signature speed and outage and downtime probability of the system running speed and efficiency of a node server, so that a determined leader node is good in the credit system during digital signature interactive verification, thereby reducing the probability of failure or disconnection of the leader node and further reducing the occurrence of reelect conditions; meanwhile, a credit evaluation rule and ticket number combination mechanism is introduced, so that the problem that the number of node servers must adopt odd nodes can be avoided, the occurrence of brain fracture can be prevented, and the waste of calculation resources is avoided. The following describes the above steps in detail:
S10, acquiring the identity identification information of the user sent by the signature proxy server.
Wherein, the user initiates a signature request to the signature proxy server, and the request content comprises the data of the request signature, namely the identification information of the user. The identity identification information of the users is uniformly generated by a signature system in the signature proxy server through submitting information, and each user identity is unique and non-repudiated.
S20, acquiring a public and private key file uniquely corresponding to the identity identification information according to the identity identification information, wherein the public and private key file is prestored by a main node server and a plurality of other node servers according to the identity information of a user;
The signature proxy server has the functions of user identity registration and identification, identity verification and identity routing. The data is sent and routed through the network route, and the data of the user can be delivered to the node server corresponding to the identity of the user through the matching of the identity route and the network route. Thereby ensuring the integrity and security of the data transfer.
S30, carrying out asymmetric encryption on the identity identification information according to a public and private key file to obtain ciphertext data and a digital signature corresponding to the ciphertext data;
The node server acquires a public and private key file which is embedded in the node server in advance according to the identity identification information, the node server performs access identity authentication based on a PKI certificate system, and the public and private key file is embedded and stored in the node server of a user. The user can independently use the public and private keys and the node server to encrypt data, sign the identity of the data, and ensure the safety and the uniqueness.
By providing an encryption algorithm plug-in mode, asymmetric encryption and decryption of the data by the node server are realized. Such as encryption algorithm (SM 2/4, RSA), hash algorithm (SM 3, SHA 256), etc.
S40, writing the digital signature into a log queue in the master node server;
The digital signature is written into the log queue in the main node server, so that the digital signature can be conveniently communicated with the consensus modules in other node servers in the subsequent consensus operation, and the log of each node is ensured to be the same.
S50, if the determined leader node is a master node server, sending and executing heartbeats of the leader node, and inserting the log queue into the tail of the log queue of the leader node by the master node server and synchronizing the log queue to a plurality of other node servers; if the heartbeat of the leader node is monitored, converting the master node server into a following node, and sending a request for inserting the log queue into the tail of the log queue of the leader node, so that the leader node is synchronized to a plurality of other node servers, and executing S70 after the log queue is synchronized to the plurality of other node servers;
Any node server can only be in one of three states of a leader (leader node), a follower (node) and a candidate (candidate node) at the same time, and the leader node is responsible for managing replication logs, namely receiving requests from the node server, replicating the requests to the follower node, and telling the follower node when the log queue insertion requests can be processed. If the leader node fails or disconnects, the election is re-conducted.
In this embodiment, if no leader node is found after a certain time, the candidate state is switched to, and election is initiated. The candidate for the majority of tickets becomes the leader node. If the candidate node or the current leader node finds the updated leader, the following state is actively returned. I.e. as described in S60.
S60, if the master node server is not the leader node and the heartbeat of the leader node is not monitored within the time of overtime of election, initiating an election process, converting the master node server into a candidate state and casting a vote, then sending RequestVote RPC information to request other node servers to participate in voting, receiving voting information of the other node servers and counting the number of votes of each node server, determining the leader node according to the number of votes and credit coefficients corresponding to each node server in a chain credit scoring unit, and then executing step S50; the on-chain credit scoring unit is arranged on each node server and shares a unified credit evaluation rule, and credit coefficients of each node server are calculated by using the credit evaluation rule based on historical behaviors of each node server;
As a preferred embodiment, the credit rating rules include one or more of the following:
Digital signature invalidation ratio: the number of the digital signature invalid proportion initiated by the node server discovered in the signature tracing process is the number, the fewer the digital signature invalid proportion is, the higher the credit coefficient is;
log consistency ratio: counting the log consistency in each node server, wherein the log consistency is the proportion consistent with other node servers, and the higher the log consistency proportion is, the higher the credit coefficient is;
digital signature speed: the faster the node server completes the digital signature, the higher the credit coefficient;
outage probability: the lower the probability of a node server becoming disconnected or down, the higher the credit factor.
Preferably, determining the leader node according to the ticket number and the credit coefficient corresponding to each node server in the on-chain reputation scoring unit includes: and obtaining a credit voting value according to the product of the credit coefficient and the ticket number, and determining a node server with the highest credit voting value as a leading node. Therefore, the leader node determined during digital signature interactive verification is enabled to perform well in a credit system, so that the probability of faults or disconnection of the leader node is reduced, the occurrence of reelect conditions is further reduced, the problem that the number of node servers is required to adopt odd nodes due to the fact that a credit evaluation rule and a ticket number combining mechanism are introduced, the occurrence of brain fracture conditions can be prevented, and the waste of calculation resources is also avoided.
Preferably, the credit evaluation rule includes a digital signature invalidation proportion, a log consistency proportion, a digital signature speed and a outage probability, wherein the credit coefficient ratio corresponding to the digital signature invalidation proportion and the log consistency proportion is higher than the credit coefficient ratio corresponding to the digital signature speed and the outage probability. Since the application field of digital signatures is generally industries with high security requirements, such as banks, insurance and the like, and the security guarantee is to be optimized to the system performance, the security performance evaluation indexes, such as the invalid proportion of the digital signatures and the consistency proportion of the logs, are required to be weighted higher than the digital signature speed and the outage probability.
Preferably, the credit evaluation rule is expressed by the following formula:
F=A*Inv+B*Uni+C*Speed+D*Downtime,
wherein F is a credit coefficient, inv is a digital signature invalidation proportion, uni is a log consistency proportion, speed is a digital signature Speed, downtime is a outage probability, A, B, C, D is a proportionality constant, wherein A is 30-50%, B is 30-50%, C is 5-15%, and D is 5-15%. The following table shows:
| credit factor ratio | Preference value |
| Digital signature invalidation scale | 30-50% | 40% |
| Journal consistency ratio | 30-50% | 40% |
| Digital signature speed | 5-15% | 10% |
| Probability of network outage | 5-15% | 10% |
The numerical values and the preferred values in the table are verified preferred ranges or specific values, and of course, the values can be taken as other ratios, the example is not strictly limited, and as a preferred implementation, the credit evaluation rule is expressed by the following formula:
F=40%*Inv+40%*Uni+10%*Speed+10%*Downtime。
According to the embodiment, by combining intelligent contracts in a blockchain, credit evaluation rules in a credit system are regulated, validity and log consistency in signature tracing of a digital signature are introduced, signature speed reflecting system running speed and efficiency of a node server and outage and downtime probability are further realized, and therefore a leader node determined during digital signature interactive verification is good in the credit system, fault or disconnection probability of the leader node is reduced, and further occurrence of reelect conditions is reduced.
S70, receiving a consensus result initiated by a plurality of other node servers, wherein the consensus result is that the plurality of other node servers judge whether the digital signature in the log queue is consistent with the user identity information in the public and private key files of the other node servers; if it is in agreement with the present one, the consensus result is consensus; if the two types of the data are inconsistent, the consensus result is that the consensus is not achieved;
S80, if the received consensus results of the plurality of other node servers are consensus, transmitting the digital signature and the ciphertext data back to the signature proxy server; if the received consensus result of the plurality of other node servers does not reach consensus, the signature verification failure information is returned to the signature proxy server.
The validity of the digital signature can be confirmed when the consensus results are consensus according to the requirements on the security performance, but misjudgment is easy to be caused in the process, and the achievement proportion of the consensus results can be reasonably adjusted according to the situation.
Example 2
As another aspect of the embodiments of the present disclosure, there is also provided a digital signature interactive verification system 100, as shown in fig. 2, including:
The identity identification information receiving module 1 acquires the identity identification information of the user sent by the signature proxy server;
the public and private key matching module 2 is used for acquiring a public and private key file uniquely corresponding to the identity identification information according to the identity identification information, wherein the public and private key file is prestored by a main node server and a plurality of other node servers according to the identity information of a user;
the asymmetric encryption module 3 performs asymmetric encryption on the identity identification information according to a public and private key file to obtain ciphertext data and a digital signature corresponding to the ciphertext data;
the log queue updating module 4 writes the digital signature into a log queue in the master node server;
The log queue inserting module 5 is used for sending and executing the heartbeat of the leader node if the determined leader node is the master node server, and the master node server is used for inserting the log queue into the tail of the log queue of the leader node and synchronizing the log queue to a plurality of other node servers; if the heartbeat of the leader node is monitored, converting the master node server into a following node, and sending a request for inserting the log queue into the tail of the log queue of the leader node, so that the leader node is synchronized to a plurality of other node servers, and executing S70 after the log queue is synchronized to the plurality of other node servers;
The leader node election module 6, if the master node server is not the leader node and the heartbeat of the leader node is not monitored within the time of the election timeout, initiating an election process, converting the master node server into a candidate state and casting a vote, then sending RequestVote RPC information to request other node servers to participate in voting, receiving the voting information of the other node servers and counting the number of votes of each node server, determining the leader node according to the number of votes and the credit coefficient corresponding to each node server in the on-chain credit scoring unit, and executing step S50; the on-chain credit scoring unit is arranged on each node server and shares a unified credit evaluation rule, and credit coefficients of each node server are calculated by using the credit evaluation rule based on historical behaviors of each node server;
The consensus result receiving module 7 receives consensus results initiated by a plurality of other node servers, wherein the consensus results are that the plurality of other node servers judge whether the digital signature in the log queue is consistent with the identity information of the user in the public and private key files of the other node servers; if it is in agreement with the present one, the consensus result is consensus; if the two types of the data are inconsistent, the consensus result is that the consensus is not achieved;
The signature feedback module 8 is used for transmitting the digital signature and the ciphertext data back to the signature proxy server if the received consensus results of the plurality of other node servers are consensus; if the received consensus result of the plurality of other node servers does not reach consensus, the signature verification failure information is returned to the signature proxy server.
The embodiment of the disclosure can combine intelligent contracts in a blockchain to define credit evaluation rules in a credit system, introduce the validity and log consistency in signature tracing of a digital signature, and reflect the signature speed and outage and downtime probability of the system running speed and efficiency of a node server, so that a determined leader node is good in the credit system during digital signature interactive verification, thereby reducing the probability of failure or disconnection of the leader node and further reducing the occurrence of reelect conditions; meanwhile, a credit evaluation rule and ticket number combination mechanism is introduced, so that the problem that the number of node servers must adopt odd nodes can be avoided, the occurrence of brain fracture can be prevented, and the waste of calculation resources is avoided. The following describes the above steps in detail:
In the identification information receiving module 1, a user initiates a signature request to a signature proxy server, and the requested content includes data of the requested signature, that is, identification information of the user. The identity identification information of the users is uniformly generated by a signature system in the signature proxy server through submitting information, and each user identity is unique and non-repudiated.
In the matching public and private key module 2, the signature proxy server has the functions of user identity registration and identification, identity verification and identity routing. The data is sent and routed through the network route, and the data of the user can be delivered to the node server corresponding to the identity of the user through the matching of the identity route and the network route. Thereby ensuring the integrity and security of the data transfer.
In the asymmetric encryption module 3, the node server obtains a public and private key file embedded in advance by the node server according to the identity identification information, the node server performs access identity authentication based on a PKI certificate system, and the public and private key file is embedded and stored on the node server of the user. The user can independently use the public and private keys and the node server to encrypt data, sign the identity of the data, and ensure the safety and the uniqueness.
By providing an encryption algorithm plug-in mode, asymmetric encryption and decryption of the data by the node server are realized. Such as encryption algorithm (SM 2/4, RSA), hash algorithm (SM 3, SHA 256), etc.
In the log queue updating module 4, the digital signature is written into the log queue in the master node server, so that the digital signature can be conveniently communicated with the consensus modules in other node servers in the subsequent consensus operation, and the log of each node is ensured to be the same.
In the log queue insertion module 5, any node server can only be in one of three states of a leader (leader node), a follower (node) and a candidate (candidate node) at the same time, and the leader node is responsible for managing the replication log, that is, receiving a request from the node server, replicating the request to the follower node, and telling the follower node when the log queue insertion requests can be processed. If the leader node fails or disconnects, the election is re-conducted.
In this embodiment, if no leader node is found after a certain time, the candidate state is switched to, and election is initiated. The candidate for the majority of tickets becomes the leader node. If the candidate node or the current leader node finds the updated leader, the following state is actively returned.
As a preferred embodiment, the credit rating rules include one or more of the following:
Digital signature invalidation ratio: the number of the digital signature invalid proportion initiated by the node server discovered in the signature tracing process is the number, the fewer the digital signature invalid proportion is, the higher the credit coefficient is;
log consistency ratio: counting the log consistency in each node server, wherein the log consistency is the proportion consistent with other node servers, and the higher the log consistency proportion is, the higher the credit coefficient is;
digital signature speed: the faster the node server completes the digital signature, the higher the credit coefficient;
outage probability: the lower the probability of a node server becoming disconnected or down, the higher the credit factor.
Preferably, determining the leader node according to the ticket number and the credit coefficient corresponding to each node server in the on-chain reputation scoring unit includes: and obtaining a credit voting value according to the product of the credit coefficient and the ticket number, and determining a node server with the highest credit voting value as a leading node. Therefore, the leader node determined during digital signature interactive verification is enabled to perform well in a credit system, so that the probability of faults or disconnection of the leader node is reduced, the occurrence of reelect conditions is further reduced, the problem that the number of node servers is required to adopt odd nodes due to the fact that a credit evaluation rule and a ticket number combining mechanism are introduced, the occurrence of brain fracture conditions can be prevented, and the waste of calculation resources is also avoided.
Preferably, the credit evaluation rule includes a digital signature invalidation proportion, a log consistency proportion, a digital signature speed and a outage probability, wherein the credit coefficient ratio corresponding to the digital signature invalidation proportion and the log consistency proportion is higher than the credit coefficient ratio corresponding to the digital signature speed and the outage probability. Since the application field of digital signatures is generally industries with high security requirements, such as banks, insurance and the like, and the security guarantee is to be optimized to the system performance, the security performance evaluation indexes, such as the invalid proportion of the digital signatures and the consistency proportion of the logs, are required to be weighted higher than the digital signature speed and the outage probability.
Preferably, the credit evaluation rule is expressed by the following formula:
F=A*Inv+B*Uni+C*Speed+D*Downtime,
wherein F is a credit coefficient, inv is a digital signature invalidation proportion, uni is a log consistency proportion, speed is a digital signature Speed, downtime is a outage probability, A, B, C, D is a proportionality constant, wherein A is 30-50%, B is 30-50%, C is 5-15%, and D is 5-15%. The following table shows:
| credit factor ratio | Preference value |
| Digital signature invalidation scale | 30-50% | 40% |
| Journal consistency ratio | 30-50% | 40% |
| Digital signature speed | 5-15% | 10% |
| Probability of network outage | 5-15% | 10% |
The numerical values and the preferred values in the table are verified preferred ranges or specific values, and of course, the values can be taken as other ratios, the example is not strictly limited, and as a preferred implementation, the credit evaluation rule is expressed by the following formula:
F=40%*Inv+40%*Uni+10%*Speed+10%*Downtime。
According to the embodiment, by combining intelligent contracts in a blockchain, credit evaluation rules in a credit system are regulated, validity and log consistency in signature tracing of a digital signature are introduced, signature speed reflecting system running speed and efficiency of a node server and outage and downtime probability are further realized, and therefore a leader node determined during digital signature interactive verification is good in the credit system, fault or disconnection probability of the leader node is reduced, and further occurrence of reelect conditions is reduced.
The validity of the digital signature can be confirmed when the consensus results are consensus according to the requirements on the security performance, but misjudgment is easy to be caused in the process, and the achievement proportion of the consensus results can be reasonably adjusted according to the situation.
Example 3
The present embodiment provides an electronic device including a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the digital signature interactive verification method in embodiment 1 when executing the computer program.
Embodiment 3 of the present disclosure is merely an example, and should not be construed as limiting the functionality and scope of use of the embodiments of the present disclosure.
The electronic device may be in the form of a general purpose computing device, which may be a server device, for example. Components of an electronic device may include, but are not limited to: at least one processor, at least one memory, a bus connecting different system components, including the memory and the processor.
The buses include a data bus, an address bus, and a control bus.
The memory may include volatile memory such as Random Access Memory (RAM) and/or cache memory, and may further include Read Only Memory (ROM).
The memory may also include program means having a set (at least one) of program modules including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.
The processor executes various functional applications and data processing by running computer programs stored in the memory.
The electronic device may also communicate with one or more external devices (e.g., keyboard, pointing device, etc.). Such communication may be through an input/output (I/O) interface. And, the electronic device may also communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet, through a network adapter. The network adapter communicates with other modules of the electronic device via a bus. It should be appreciated that other hardware and/or software modules may be used in connection with an electronic device, including but not limited to: microcode, device drivers, redundant processors, external disk drive arrays, RAID (disk array) systems, tape drives, data backup storage systems, and the like.
It should be noted that although several units/modules or sub-units/modules of an electronic device are mentioned in the above detailed description, such a division is merely exemplary and not mandatory. Indeed, the features and functionality of two or more units/modules described above may be embodied in one unit/module in accordance with embodiments of the present application. Conversely, the features and functions of one unit/module described above may be further divided into ones that are embodied by a plurality of units/modules.
Example 4
A computer-readable storage medium storing a computer program which, when executed by a processor, implements the steps of the digital signature interactive verification method in embodiment 1.
More specifically, among others, readable storage media may be employed including, but not limited to: portable disk, hard disk, random access memory, read only memory, erasable programmable read only memory, optical storage device, magnetic storage device, or any suitable combination of the foregoing.
In a possible implementation, the disclosure may also be implemented in the form of a program product comprising program code for causing a terminal device to carry out the steps of implementing the digital signature interactive verification method as described in embodiment 1, when said program product is run on the terminal device.
Wherein the program code for carrying out the present disclosure may be written in any combination of one or more programming languages, which program code may execute entirely on the user device, partly on the user device, as a stand-alone software package, partly on the user device, partly on the remote device or entirely on the remote device.
Although embodiments of the present disclosure have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the principles and spirit of the disclosure, the scope of which is defined in the appended claims and their equivalents.