PUBLIC RANDOM NUMBER GENERATION METHOD AND DEVICE BASED ON BLOCKCHAIN

Abstract

Disclosed is a public random number generation method based on a blockchain, including: selecting a node group G containing N trusted nodes; determining a first time point t.sub.m and a second time point t.sub.n respectively for generating an m-th/n-th block, wherein the former is earlier, and the m-th block is fixed and cannot be tampered at t.sub.n; at the first time point t.sub.m, enabling each of the N trusted nodes to separately generate a sub-random number r.sub.j as a component forming a random number X, wherein j=1, 2, . . . , N, on which delayed encryption is performed, with corresponding results placed in the m-th block; and at the second time point t.sub.n, decrypting the delayed encryption results to obtain decrypted data of them all that are all of sub-random number r.sub.j, on which operation is performed to obtain the random number X as a final available public random number.

Claims

1. A public random number generation method based on a blockchain, comprising the following steps: S101, selecting a node group G, wherein the node group G contains N trusted nodes; S102, determining a first time point t.sub.m and a second time point t.sub.n, wherein the first time point t.sub.m is earlier than the second time point t.sub.n, the first time point t.sub.m is a generation time point of an m-th block, the second time point t.sub.n is a generation time point of an n-th block, and the m-th block is fixed and cannot be tampered at the second time point t.sub.n; S103, at the first time point t.sub.m, enabling each of the N trusted nodes to separately generate a sub-random number r.sub.j, wherein j=1, 2, . . . , N, performing delayed encryption on the sub-random number r.sub.j, and placing delayed encryption results in the m-th block, wherein the sub-random number r.sub.j is a component forming a random number X, and the delayed encryption determines that the encrypted sub-random numbers r.sub.j can only be obtained by means of a decryption operation after delay for a period of time; and S104, at the second time point t.sub.n, decrypting the delayed encryption results to obtain decrypted data of all the delayed encryption results, the decrypted data being for all of the sub-random number r.sub.j, and performing operation on all of the sub-random number r.sub.j to obtain the random number X, wherein the random number X is a final available public random number.

2. The method of claim 1, wherein the S103 further comprises storing a digital fingerprint of the sub-random number r.sub.j on the blockchain.

3. The method of claim 1, wherein the operation in the S104 is an operation solvable in polynomial time.

4. The method of claim 1, wherein the S104 further comprises publishing all of the sub-random number r.sub.j at the second time point t.sub.n such that the N trusted nodes check all of the sub-random number r.sub.j.

5. The method of claim 1, wherein the S104 further comprises decrypting all of the delayed encryption results in the m-th block in response to occurrence of a specific event, and performing operation on all of the resulting sub-random number r.sub.j to obtain the random number X, wherein the specific event comprises at least one of: when a certain transaction occurs and when a certain specific time arrives.

6. The method of claim 1, wherein the S104 further comprises publicly releasing all of the sub-random number r.sub.j by the N trusted nodes in a timely and accurate manner without decrypting the delayed encryption results at the second time point t.sub.n, thereby reducing an excessive requirement by decryption after delayed encryption on a processing power of a processor.

7. The method of claim 1, wherein the method further comprises testing block generating behavior by all nodes within the node group G so that a trustworthy degree of the nodes can be identified prior to implementation of the method, thereby ensuring a trustworthy degree of the generated random number X.

8. The method of claim 1, wherein the generation process of the random number X can be reversely verified when necessary based on a correspondence between a numerical value of the random number X and the N trusted nodes generating the random number X.

9. A public random number generation device based on a blockchain, comprising a blockchain and a processor, wherein the blockchain ensures that information published thereon is tamper-proof, and the processor is configured to: select a node group G, wherein the node group G contains N trusted nodes; determine a first time point t.sub.m and a second time point t.sub.n, wherein the first time point t.sub.m is earlier than the second time point t.sub.n, the first time point t.sub.m is a generation time point of an m-th block, the second time point t.sub.n is a generation time point of an n-th block, and the m-th block is fixed and cannot be tampered at the second time point t.sub.n; at the first time point t.sub.m, enable each of the N trusted nodes to separately generate a sub-random number r.sub.j, wherein j=1, 2, . . . , N, perform delayed encryption on the sub-random number r.sub.j, and place delayed encryption results in the m-th block, wherein the sub-random number r.sub.j is a component forming a random number X, and the delayed encryption determines that the encrypted sub-random numbers r.sub.j can only be obtained by means of a decryption operation after delay for a period of time; and at the second time point t.sub.n, decrypt the delayed encryption results to obtain decrypted data of all the delayed encryption results, the decrypted data being for all of the sub-random number r.sub.j, and perform operation on all of the sub-random number r.sub.j to obtain the random number X, wherein the random number X is a final available public random number.

10. The device of claim 9, wherein the processor is further configured to store a digital fingerprint of the sub-random number r.sub.j on the blockchain.

11. The device of claim 9, wherein the operation is an operation solvable in polynomial time.

12. The device of claim 9, wherein the processor is further configured to publish all of the sub-random number r.sub.j at the second time point t.sub.n such that the N trusted nodes check all of the sub-random number r.sub.j.

13. The device of claim 9, wherein the processor is further configured to decrypt all of the delayed encryption results in the m-th block in response to occurrence of a specific event, and perform operation on all of the resulting sub-random number r.sub.j to obtain the random number X, wherein the specific event comprises at least one of: when a certain transaction occurs and when a certain specific time arrives.

14. The device of claim 9, wherein the processor is further configured to publicly release of all the sub-random number r.sub.j by the N trusted nodes in a timely and accurate manner without decrypting the delayed encryption results at the second time point t.sub.n, thereby reducing an excessive requirement by decryption after delayed encryption on a processing power of the processor.

15. The device of claim 9, wherein the processor is further configured to test block generating behavior by all nodes within the node group G so that a trustworthy degree of the nodes can be identified prior to operation of the device, thereby ensuring a trustworthy degree of the generated random number X.

16. The device of claim 9, wherein the generation process of the random number X can be reversely verified when necessary based on a correspondence between a numerical value of the random number X and the N trusted nodes generating the random number X.

17. A machine-readable storage medium having stored a computer program thereon, wherein the computer program, when executed by a processor, implements the method of any one of claims 1 to 8.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0024] The novel features of the present invention are set forth in detail in the appended claims. A better understanding of the features and advantages of the present invention will be obtained by reference to the following detailed description and accompanying drawings in which illustrative embodiments utilizing the principles of the present invention are set forth. The drawings are only for the purpose of illustrating the embodiments and should not be considered as limiting the invention. And throughout the drawings, like reference numerals denote like elements, in which:

[0025] FIG. 1 illustrates a flowchart of a public random number generation method based on a blockchain according to an exemplary embodiment of the present disclosure;

[0026] FIG. 2 illustrates a timing logic diagram of one example of a public random number generation method based on a blockchain according to an exemplary embodiment of the present disclosure;

[0027] FIG. 3 illustrates a variation of a timing logic diagram of one example of the public random number generation method based on a blockchain according to the exemplary embodiment of FIG. 2 of the present disclosure; and

[0028] FIG. 4 illustrates a schematic structural diagram of a public random number generation device based on a blockchain according to an exemplary embodiment of the present disclosure.

DETAILED DESCRIPTION OF THE INVENTION

[0029] Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the accompanying drawings, it should be understood that the present disclosure may be implemented in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided to enable a more thorough understanding of the disclosure and to convey the scope of the present disclosure to those skilled in the art in its entirety. Nothing in the following detailed description is intended to indicate that any particular component, feature, or step is essential to the invention. Those skilled in the art will appreciate that various features or steps may be substituted for or combined with each other without departing from the present disclosure.

[0030] A blockchain applied in this embodiment is composed of a series of blocks at any time. In other words, the format of a public chain is composed of a series of numerical blocks. Those skilled in the art will appreciate that the number of blocks may be defined using the number of blocks in any manner known in the art or known in the future, such as several millions or even more, and the present invention is not limited in this respect.

[0031] FIG. 1 illustrates a public random number generation method based on a blockchain according to an exemplary embodiment of the present disclosure. As shown in FIG. 1, a flowchart of the method includes: S101, selecting a node group G, wherein the node group G contains N trusted nodes. According to the law of large numbers and the assumption of the basic architecture of blockchain, when the number of nodes in the node group G is large enough, there must be some trusted nodes; S102, determining a first time point t.sub.m and a second time point t.sub.n, wherein the first time point t.sub.m is earlier than the second time point t.sub.n, the first time point t.sub.m is a generation time point of an m-th block, the second time point t.sub.n is a generation time point of an n-th block, and the m-th block is fixed and cannot be tampered at the second time point t.sub.n; S103, at the first time point t.sub.m, enabling each of the N trusted nodes to separately generate a sub-random number r.sub.j, wherein j=1, 2, . . . , N, performing delayed encryption on the sub-random number r.sub.j, and placing delayed encryption results in the m-th block, wherein the sub-random number r.sub.j is a component forming a random number X, and the delayed encryption determines that the encrypted sub-random numbers r.sub.j can only be obtained by means of a decryption operation after delay for a period of time. The delayed encryption technology does not limit on the qualification of the decrypting party, but according to the design of the delayed encryption technology, the decryption result can be obtained only at this time point. The decryption result cannot be obtained in advance, and no further time delay can occur; and S104, at the second time point t.sub.n, decrypting the delayed encryption results to obtain decrypted data of all the delayed encryption results, the decrypted data being for all of the sub-random number r.sub.j, and performing operation on all of the sub-random number r.sub.j to obtain the random number X, wherein the random number X is a final available public random number. According to the numerical value of the random number X, the generator and the generation method of subsequent blocks in the blockchain can be determined.

[0032] FIG. 2 illustrates a timing logic diagram of one example of a public random number generation method based on a blockchain according to an exemplary embodiment of the present disclosure. As shown in FIG. 2, there are an m-th block 201 generated at the first time point t.sub.m and an n-th block 202 generated at the second time point t.sub.n in the blockchain growing direction, and the m-th block 201 is fixed and cannot be tampered at the second time point t.sub.n. As shown in FIG. 2, at the first time point t.sub.m, each of the N trusted nodes separately generates a sub-random number r.sub.j, where j=1, 2 . . . N, delayed encryption is performed on the sub-random number r.sub.j and a delayed encryption result is placed in the m-th block 201. At the second time point t.sub.n after delay for a period of time, the delayed encryption result is decrypted to obtain decrypted data of all the delayed encryption result, the decrypted data being for all of the sub-random number r.sub.j, and operation is performed on all of the sub-random number r.sub.j to obtain the random number X, where the random number X is a final available public random number.

[0033] Of course, in some embodiments, S103 also includes storing a digital fingerprint of the sub-random number r.sub.j on the blockchain. In one exemplary embodiment, the sub-random number r.sub.j may publish the hash operation value of the sub-random number r.sub.j as a digital fingerprint at a time prior to the second time point t.sub.n in the blockchain. Those skilled in the art should be aware that there are other forms of digital fingerprints that can be used for publication on the blockchain.

[0034] In some embodiments, the operation of S104 is an exclusive or operation. Of course, all forms of operation solvable in polynomial time capable of determining the final available public random numbers are within the protection scope of the present invention as long as they can be known and used by those skilled in the art.

[0035] In some embodiments, the S104 further includes publishing all of the sub-random number r.sub.j at the second point in time t.sub.n such that the N trusted nodes check all of the sub-random number r.sub.j. This check is usually performed by a sub-random number generated by the trusted node generating sub-random numbers for itself. However, it is not certainly necessary to adopt this method, and it is also possible to enable each trusted node to check the sub-random numbers generated by other trusted nodes by means of network-wide broadcasting, and increase the accuracy of check by means of voting.

[0036] In some embodiments, the block generating behavior by all nodes within the node group G may be tested so that a trustworthy degree of the nodes can be identified before the method is implemented, thereby ensuring a trustworthy degree of the generated random number X.

[0037] In some embodiments, the S104 further includes decrypting all of the delayed encryption results in the m-th block in response to occurrence of a specific event, and performing operation on all of the resulting sub-random number r.sub.j to obtain the random number X, wherein the specific event comprises at least one of: when a certain transaction occurs and when a certain specific time arrives. A person skilled in the art can define the specific event in any reasonable way according to an actual application scenario.

[0038] FIG. 3 illustrates a variation of a timing logic diagram of one example of the public random number generation method based on a blockchain according to the exemplary embodiment of FIG. 2 of the present disclosure. In some embodiments, S104 is changed as shown in FIG. 3. Similar to the above description of FIG. 2, there are an m-th block 301 generated at the first time point t.sub.m and an n-th block 302 generated at the second time point to in the blockchain growing direction, and the m-th block 301 is fixed and cannot be tampered at the second time point t.sub.n. As shown in FIG. 3, at the first time point t.sub.m, each of the N trusted nodes separately generates a sub-random number r.sub.j, where j=1, 2 . . . N, delayed encryption is performed on the sub-random number r.sub.j and a delayed encryption result is placed in the m-th block 301. However, unlike FIG. 2, as shown in FIG. 3, all of the sub-random number r.sub.j is publicly released by the N trusted nodes in a timely and accurate manner without decrypting the delayed encryption results at the second time point t.sub.n, thereby reducing an excessive requirement by decryption after delayed encryption on a processing power of a processor. Then, operation is performed on all of the public sub-random number r.sub.j to obtain a random number X, where the random number X is the final available public random number. In addition, a manner of publication may include active publication and passive publication, wherein active publication is a behavior that is well known in the art and can be automatically published by a trusted node according to a schedule, and passive publication refers to publication by other nodes “delegated” by trusted nodes or publication in the form of bulletin boards under the occasion that the network is delayed or blocked, etc.

[0039] The advantage of the variation shown in FIG. 3 is that, cracking a delayed encryption requires multiple asymmetric decryptions (the number of which is related to the number or proportion of the asymmetric encryption), which requires relatively expensive computing resources. Therefore, if possible, the operator highly desires to avoid the decryption operation described above. However, if a node A that creates the delayed encryption of the random number X publicly tells the world X (for example, by make publication in a known space), other nodes can read X directly without the need for decryption. But this cannot be allowed in terms of security. At the same time, this also means that there are two options for obtaining X by a second node B. That is, the node B may obtain X directly from A (if the node A has released the random number X), or obtain X by cracking the delayed encryption (if the node A has not released the random number X). Importantly, A cannot select the actual value seen by B at the last moment because this can compromise security. Therefore, the most efficient check is that A must commit an X hash to the blockchain at the same time of delaying encryption or at an earlier time. Then, regardless of how B obtains value X, A will perform hash on X and compares it to a commitment.

[0040] From a security perspective, the only way B can obtain X is to obtain X by cracking the delayed encryption (which must have a limitation in the blockchain so that it can be immutable early enough, just like in multi-stage protocols), but it appears to be much less efficient.

[0041] In some implementations, the method allows for testing block generating behavior by nodes so that the trustworthy degree of the nodes can be identified prior to implementation of the method, thereby ensuring the trustworthy degree after generation of the public random number X. The testing method includes: 1) transfers, which are made to single/multi-signature addresses, and to scripts; 2) double spend attack tests, which are necessary if there are modifications to the mechanism of the digital currency (e.g., Bitcoin); 3) tests on function and safety of smart contracts; and 4) packing and transaction confirmation efficiency. The tests on nodes include: 1) pressure tests; 2) chain forking tests; 3) checks on files dropped to disk; and 4) block generation time statistics. Of course, those skilled in the art may perform other well-defined tests on whether a node is trustworthy or not depending on the type of blockchain.

[0042] In some embodiments, the generation process of the random number X can be reversely verified when necessary based on a correspondence between a numerical value of the random number X and the N trusted nodes generating the random number X. This correspondence can be designed for subsequent blockchain traceability and other applications, so that the generation process of the random number X can be reversely verified when necessary. This is a design for hidden verification, which is a relatively practical solution for some applications with high security requirements. A correspondence exists between the numerical value and the generation process of the random number X and the N trusted nodes, so that a reverse verification can be performed when necessary. This property is referred to as the public verifiability of the random number X. For each independent random number X generation process, the numerical value and generation process of the random number can be explicitly confirmed and reversely verified.

[0043] In some blockchains, it is expected that the blocks will appear in strict accordance with the schedule, so that when the blocks will appear can be known in advance. For example, this can basically be ensured by a hash clock. Any occurring blocks are marked with a time, e.g. time T1, T2, T3, T4, etc., and typically each block has such a time representation. The time representation is very close to the time when the block actually occurs, so that a schedule for the random oracle machine to generate the random number X can be arranged to release a random number shortly before the time representation or at a time point corresponding to the time representation. These random numbers X are explicitly or implicitly marked as the same time series as the time representation. Therefore, it is possible to associate the block and its timestamp with the numerical value of the random number and its publication time. If one or more time representations T.sub.i are lost for some reason, such as a discarded branch, then the random numbers corresponding to the time representations T.sub.i will also be discarded.

[0044] In fact, in a blockchain in which strict block generation scheduling is expected, there is a clear correspondence between the numerical value of the random number X generated by the random oracle machine and the block. This is because in a blockchain with a dead fork, it will be problematic in attempting to align a block index with a specific number.

[0045] The implementation principle of the method is as follows: (1) if a segment is random, the whole is independently random, that is, if the node group G is guaranteed to be random, since the trusted nodes participating in the blockchain predominate and the number of nodes in the node group G is large, it will be guaranteed that at least one r.sub.j is randomly generated and submitted by the trusted node, so as to ensure that the final generated X is random; and (2) any node may affect the final value, but cannot affect the distribution of the final X, because the contributions of other nodes are not visible to the node when the contribution of the node itself is fixed. By assumption, one of these other nodes will randomize the value. It should be understood that this assumption is based on the premise that the node group G is selected to be large enough.

[0046] FIG. 4 illustrates a schematic structural diagram of a public random number generation device based on a blockchain according to an exemplary embodiment of the present disclosure. As shown in FIG. 4, the public random number generation device based on a blockchain includes a blockchain 401 and a processor 402, wherein the blockchain 401 is capable of ensuring that information published thereon is tamper-proof. It is well known that the blockchain is a chained data structure formed by connecting data in chronological order in a series of blocks, and is also a tamper-proof and unforgeable distributed ledger that cryptographically guarantees data. Blockchain uses cryptography such as hash and signature and consensus algorithm to build trust mechanism, which makes the cost of repudiation, tampering and fraud huge and ensures data to be tamper-proof and unforgeable. It may be realized that the blockchain may be implemented in any manner known in the art or known in the future, such as Bitcoin, Ethereum, etc. The processor 402 may be configured to: select a sufficiently large node group G, wherein the node group G contains N trusted nodes. According to the law of large numbers and the assumption of the basic architecture of blockchain, when the number of node groups G is large enough, there must be some trusted nodes. In the present exemplary embodiment, the node group G is a set composed of trusted nodes, the set of nodes has j nodes, and the sub-random number r.sub.j is a component forming the random number X; determine a first time point t.sub.m and a second time point t.sub.n, wherein the first time point t.sub.m is earlier than the second time point t.sub.n, the first time point t.sub.m is a generation time point of an m-th block, the second time point t.sub.n is a generation time point of an n-th block, and the m-th block is fixed and cannot be tampered at the second time point t.sub.n; at the first time point t.sub.m, enable each of the N trusted nodes to separately generate a sub-random number r.sub.j, wherein j=1, 2, . . . , N, perform delayed encryption on the sub-random number r.sub.j, and place delayed encryption results in the m-th block, wherein the sub-random number r.sub.j is a component forming a random number X, and the delayed encryption determines that the encrypted sub-random numbers r.sub.j can only be obtained by means of a decryption operation after delay for a period of time. The delayed encryption technology does not limit on the qualification of the decrypting party, but according to the design of the delayed encryption technology, the decryption result can be obtained only at this time point. The decryption result cannot be obtained in advance, and no further time delay can occur; and at the second time point t.sub.n, decrypt the delayed encryption result to obtain all of the sub-random number r.sub.j, and perform operation on all of the sub-random number r.sub.j to obtain the random number X, wherein the random number X is a final available public random number.

[0047] In yet another aspect of the present disclosure, there is further provided a machine-readable storage medium on which a computer program is stored, wherein the computer program, when executed by a processor, implements the public random number generation method based on a blockchain as described above. In some embodiments, the machine-readable storage medium is a tangible component of a digital processing device. In other embodiments, the machine-readable storage medium is optionally removable from a digital processing device. In some embodiments, by way of non-limiting example, the machine-readable storage medium may include a USB disk, a removable hard disk, a read-only memory (ROM), a random access memory (RAM), a flash memory, a programmable read-only memory (PROM), an erasable programmable read-only memory (EPROM), a solid state memory, a magnetic disk, an optical disk, a cloud computing system or a service, or the like.

[0048] It should be understood that the steps described in the method embodiment of the present disclosure may be performed in a different order and/or in parallel. Further, the method embodiment may include additional steps and/or omit the steps shown in implementation. The scope of the invention is not limited in this respect.

[0049] A number of specific details are described in the specification provided herein. However, it should be understood that embodiments of the present disclosure may be practiced without these specific details. In some embodiments, well-known methods, structures, and techniques are not shown in detail so as not to obscure the understanding of this specification.

[0050] Although exemplary embodiments of the present invention have been shown and described herein, it will be readily understood by those skilled in the art that such embodiments are provided by way of example only. Many modifications, changes and alternatives will now occur to those skilled in the art without departing from the invention. It should be understood that various alternatives to the embodiments of the invention described herein may be employed in the practice of the invention. The following claims are intended to limit the scope of the invention and thus cover the methods and structures within the scope of these claims and their equivalents.