Ekuqaleni kuka-2017, saqala ukudala isithunywa ku-blockchain [igama nesixhumanisi kuphrofayela] ngokuxoxa ngezinzuzo ngaphezu kwezithunywa ze-P2P zakudala.
Kuphasisiwe 2.5 ngonyaka, futhi sakwazi ukuqinisekisa umqondo wethu: izinhlelo zokusebenza ze-messenger manje seziyatholakala ku-iOS, Web PWA, Windows, GNU/Linux, Mac OS kanye ne-Android.
Namuhla sizokutshela ukuthi isithunywa se-blockchain sisebenza kanjani nokuthi izinhlelo zokusebenza zamaklayenti zingasebenza kanjani ne-API yayo.
Besifuna ukuthi i-blockchain ixazulule izinkinga zokuphepha nezobumfihlo zezithunywa ze-P2P zakudala:
- Ukuchofoza kanye ukuze udale i-akhawunti - awekho amafoni noma ama-imeyili, akukho ukufinyelela ezincwadini zamakheli noma izindawo.
- Abaxhumanisi abalokothi basungule ukuxhumana okuqondile; konke ukuxhumana kwenzeka ngohlelo olusabalalisiwe lwama-node. Amakheli e-IP wabasebenzisi awafinyeleleki komunye nomunye.
- Yonke imilayezo ibhalwe ngekhodi End-to-End curve25519xsalsa20poly1305. Kubonakala sengathi lokhu ngeke kumangaze muntu, kodwa ikhodi yethu yomthombo ivuliwe.
- Ukuhlasela kwe-MITM akufakiwe - umlayezo ngamunye uwumsebenzi futhi usayinwe ngu-Ed25519 EdDSA.
- Umlayezo ugcina kubhlokhi yawo. Ukuvumelana kanye
timestampAwukwazi ukulungisa amabhlogo, ngakho-ke ukuhleleka kwemiyalezo. - "Angishongo lokho" ngeke isebenze nemiyalezo ku-blockchain.
- Asikho isakhiwo esimaphakathi esihlola “ubuqiniso” bomlayezo. Lokhu kwenziwa ngohlelo olusabalalisiwe lwamanodi olusekelwe ekuvumelaneni, futhi luphethwe ngabasebenzisi.
- Ukungenzeki kokucwaninga - ama-akhawunti awakwazi ukuvinjelwa futhi imilayezo ayikwazi ukususwa.
- I-Blockchain 2FA ingenye ye-2FA yesihogo nge-SMS,
- Ikhono lokuthola zonke izingxoxo zakho kunoma iyiphi idivayisi noma kunini lisho ukuthi awudingi ukugcina izingxoxo endaweni nhlobo.
- Ukuqinisekisa ukuthunyelwa komlayezo. Hhayi kudivayisi yomsebenzisi, kodwa kunethiwekhi. Empeleni, lesi isiqinisekiso sekhono lomamukeli lokufunda umlayezo wakho. Lesi isici esiwusizo sokuthumela izaziso ezibucayi.
Izinzuzo zeBlockchain futhi zihlanganisa ukuhlanganiswa okuseduze ne-cryptocurrencies Ethereum, Dogecoin, Lisk, Dash, Bitcoin (lena isasaqhubeka) kanye nekhono lokuthumela amathokheni ezingxoxweni. Senze ngisho ne-crypto exchanger eyakhelwe ngaphakathi.
Futhi-ke - ukuthi konke kusebenza kanjani.
Umlayezo uwumsebenzi
Wonke umuntu usevele ejwayele ukuthi ukuthengiselana kumathokheni wokudlulisa vimba (izinhlamvu zemali) kusuka komunye umsebenzisi kuya komunye. Njenge-Bitcoin. Sidale uhlobo olukhethekile lomsebenzi wokudlulisa imilayezo.
Ukuze uthumele umlayezo kusithunywa ku-blockchain, udinga ukudlula izinyathelo ezimbalwa:
- Bethela umbhalo womlayezo
- Faka i-ciphertext kumsebenzi
- Sayina okwenziwayo
- Thumela okwenziwayo kunoma iyiphi inodi yenethiwekhi
- Isistimu esabalalisiwe yamanodi inquma “ubuqiniso” bomlayezo
- Uma konke KULUNGILE, ukuthengiselana ngomlayezo kufakwe kubhulokhi elandelayo
- Umamukeli ubuyisela okwenziwayo komlayezo futhi asuse ukubethela
Izinyathelo 1–3 no-7 zenziwa endaweni kuklayenti, futhi izinyathelo 5–6 zenziwa kubasingathi.
Ukubethelwa komlayezo
Umlayezo ubethelwe ngokhiye oyimfihlo womthumeli kanye nokhiye osesidlangalaleni womamukeli. Sizothatha ukhiye osesidlangalaleni kunethiwekhi, kodwa kulokhu, i-akhawunti yomamukeli kufanele iqaliswe, okungukuthi, okungenani ibe nomsebenzi owodwa. Ungasebenzisa isicelo se-REST GET /api/accounts/getPublicKey?address={ADAMANT address}, futhi lapho kulayishwa izingxoxo, okhiye basesidlangalaleni babaxhumanisi sebezotholakala kakade.
Isithunywa sibethela imilayezo sisebenzisa i-algorithm ye-curve25519xsalsa20poly1305 (). Njengoba i-akhawunti iqukethe okhiye be-Ed25519, ukuze wenze ibhokisi, okhiye kufanele baqale baguqulelwe ku-Curve25519 Diffie-Hellman.
Nasi isibonelo ku-JavaScript:
/**
* Encodes a text message for sending to ADM
* @param {string} msg message to encode
* @param {*} recipientPublicKey recipient's public key
* @param {*} privateKey our private key
* @returns {{message: string, nonce: string}}
*/
adamant.encodeMessage = function (msg, recipientPublicKey, privateKey) {
const nonce = Buffer.allocUnsafe(24)
sodium.randombytes(nonce)
if (typeof recipientPublicKey === 'string') {
recipientPublicKey = hexToBytes(recipientPublicKey)
}
const plainText = Buffer.from(msg)
const DHPublicKey = ed2curve.convertPublicKey(recipientPublicKey)
const DHSecretKey = ed2curve.convertSecretKey(privateKey)
const encrypted = nacl.box(plainText, nonce, DHPublicKey, DHSecretKey)
return {
message: bytesToHex(encrypted),
nonce: bytesToHex(nonce)
}
}Ukwakha umsebenzi ngomlayezo
Okwenziwayo kunokwakheka okujwayelekile okulandelayo:
{
"id": "15161295239237781653",
"height": 7585271,
"blockId": "16391508373936326027",
"type": 8,
"block_timestamp": 45182260,
"timestamp": 45182254,
"senderPublicKey": "bd39cc708499ae91b937083463fce5e0668c2b37e78df28f69d132fce51d49ed",
"senderId": "U16023712506749300952",
"recipientId": "U17653312780572073341",
"recipientPublicKey": "23d27f616e304ef2046a60b762683b8dabebe0d8fc26e5ecdb1d5f3d291dbe21",
"amount": 204921300000000,
"fee": 50000000,
"signature": "3c8e551f60fedb81e52835c69e8b158eb1b8b3c89a04d3df5adc0d99017ffbcb06a7b16ad76d519f80df019c930960317a67e8d18ab1e85e575c9470000cf607",
"signatures": [],
"confirmations": 3660548,
"asset": {}
}
Ngokwenziwa komlayezo, into ebaluleke kakhulu asset - udinga ukubeka umlayezo entweni chat ngesakhiwo:
message- gcina umlayezo obethelweown_message- nakanyetype— uhlobo lomlayezo
Imilayezo iphinde ihlukaniswe ngezinhlobo. Eqinisweni, ipharamitha type ikutshela ukuthi uqonde kanjani message. Ungathumela umbhalo nje, noma ungathumela into enezinto ezithakazelisayo ngaphakathi - isibonelo, lena yindlela isithunywa esenza ngayo ukudluliselwa kwe-cryptocurrency ezingxoxweni.
Ngenxa yalokho, sidala umsebenzi:
{
"transaction": {
"type": 8,
"amount": 0,
"senderId": "U12499126640447739963",
"senderPublicKey": "e9cafb1e7b403c4cf247c94f73ee4cada367fcc130cb3888219a0ba0633230b6",
"asset": {
"chat": {
"message": "cb682accceef92d7cddaaddb787d1184ab5428",
"own_message": "e7d8f90ddf7d70efe359c3e4ecfb5ed3802297b248eacbd6",
"type": 1
}
},
"recipientId": "U15677078342684640219",
"timestamp": 63228087,
"signature": "тут будет подпись"
}
}Isiginesha yokwenziwe
Ukuqinisekisa ukuthi wonke umuntu uyazethemba ngobuqiniso bomthumeli nomamukeli, isikhathi sokuthumela nokuqukethwe komlayezo, ukuthengiselana kuyasayinwa. Isiginesha yedijithali ikuvumela ukuthi uqinisekise ubuqiniso bomsebenzi usebenzisa ukhiye osesidlangalaleni - ukhiye oyimfihlo awudingeki kulokhu.
Kodwa isignesha ngokwayo yenziwa kusetshenziswa ukhiye oyimfihlo:
Umdwebo ubonisa ukuthi siqala ngokusheshisa ukuthengiselana nge-SHA-256 bese sikusayina futhi uthole isignesha signature, futhi i-ID yomsebenzi iyingxenye ye-SHA-256 hash.
Ukuqaliswa kwesibonelo:
1 — Yakha ibhulokhi yedatha, kuhlanganise nomyalezo
/**
* Calls `getBytes` based on transaction type
* @see privateTypes
* @implements {ByteBuffer}
* @param {transaction} trs
* @param {boolean} skipSignature
* @param {boolean} skipSecondSignature
* @return {!Array} Contents as an ArrayBuffer.
* @throws {error} If buffer fails.
*/
adamant.getBytes = function (transaction) {
...
switch (transaction.type) {
case constants.Transactions.SEND:
break
case constants.Transactions.CHAT_MESSAGE:
assetBytes = this.chatGetBytes(transaction)
assetSize = assetBytes.length
break
…
default:
alert('Not supported yet')
}
var bb = new ByteBuffer(1 + 4 + 32 + 8 + 8 + 64 + 64 + assetSize, true)
bb.writeByte(transaction.type)
bb.writeInt(transaction.timestamp)
...
bb.flip()
var arrayBuffer = new Uint8Array(bb.toArrayBuffer())
var buffer = []
for (var i = 0; i < arrayBuffer.length; i++) {
buffer[i] = arrayBuffer[i]
}
return Buffer.from(buffer)
}
2 - Bala i-SHA-256 kusuka kubhulokhi yedatha
/**
* Creates hash based on transaction bytes.
* @implements {getBytes}
* @implements {crypto.createHash}
* @param {transaction} trs
* @return {hash} sha256 crypto hash
*/
adamant.getHash = function (trs) {
return crypto.createHash('sha256').update(this.getBytes(trs)).digest()
}3 — Sayina okwenziwayo
adamant.transactionSign = function (trs, keypair) {
var hash = this.getHash(trs)
return this.sign(hash, keypair).toString('hex')
}
/**
* Creates a signature based on a hash and a keypair.
* @implements {sodium}
* @param {hash} hash
* @param {keypair} keypair
* @return {signature} signature
*/
adamant.sign = function (hash, keypair) {
return sodium.crypto_sign_detached(hash, Buffer.from(keypair.privateKey, 'hex'))
}Ukuthumela okwenziwayo ngomlayezo endaweni yenethiwekhi
Njengoba inethiwekhi ihlukaniswe, noma yimaphi amanodi ane-API evulekile azokwenza. Ukwenza isicelo OKUTHUNYELWE ekugcineni api/transactions:
curl 'api/transactions' -X POST
-d 'TX_DATA'Ngempendulo sizothola i-ID yokwenziwe yohlobo
{
"success": true,
"nodeTimestamp": 63228852,
"transactionId": "6146865104403680934"
}Ukuqinisekisa Okwenziwayo
Isistimu esabalalisiwe yamanodi, ngokusekelwe ekuvumelaneni, inquma “ubuqiniso” bomlayezo wokwenziwayo. Kusuka kubani futhi kubani, nini, noma ngabe umlayezo ushintshiwe ngomunye, nokuthi isikhathi sokuthumela sikhonjiswe ngendlela efanele yini. Lokhu kuyinzuzo ebaluleke kakhulu ye-blockchain - asikho isakhiwo esimaphakathi esinesibopho sokuqinisekisa, futhi ukulandelana kwemilayezo nokuqukethwe kwayo akukwazi ukukhohlisa.
Okokuqala, i-node eyodwa ihlola ukunemba, bese ithumela kwabanye - uma iningi lithi konke kulungile, ukuthengiselana kuzofakwa ku-block elandelayo yeketanga - lokhu kuvumelana.
Ingxenye yekhodi ye-node enesibopho sokuhlola ingabukwa ku-GitHub - и . Yebo, i-node isebenza ku-Node.js.
Kubandakanya okwenziwayo onomlayezo osebhlokini
Uma kufinyelelwa ukuvumelana, okwenziwayo nomlayezo wethu kuzofakwa kubhulokhi elandelayo kanye nokunye okwenziwe okuvumelekile.
Amabhulokhi anokulandelana okuqinile, futhi ibhulokhi ngayinye elandelayo yakhiwa ngokusekelwe kuma-hashes amabhlogo adlule.
Iphuzu liwukuthi umlayezo wethu nawo ufakiwe kulolu chungechunge futhi awukwazi "ukuhlelwa kabusha". Uma imilayezo embalwa iwela kubhulokhi, ukuhleleka kwayo kuzonqunywa ngu timestamp imiyalezo.
Ukufunda imiyalezo
Uhlelo lokusebenza lwe-messenger lubuyisa ukuthengiselana okuvela ku-blockchain okuthunyelwa kumamukeli. Ngalokhu senze isiphetho api/chatrooms.
Konke ukuthenga kuyatholakala kuwo wonke umuntu - ungathola imilayezo ebethelwe. Kodwa umemukeli kuphela ongasusa ukubhala ngemfihlo esebenzisa ukhiye wakhe oyimfihlo kanye nokhiye osesidlangalaleni womthumeli:
**
* Decodes the incoming message
* @param {any} msg encoded message
* @param {string} senderPublicKey sender public key
* @param {string} privateKey our private key
* @param {any} nonce nonce
* @returns {string}
*/
adamant.decodeMessage = function (msg, senderPublicKey, privateKey, nonce) {
if (typeof msg === 'string') {
msg = hexToBytes(msg)
}
if (typeof nonce === 'string') {
nonce = hexToBytes(nonce)
}
if (typeof senderPublicKey === 'string') {
senderPublicKey = hexToBytes(senderPublicKey)
}
if (typeof privateKey === 'string') {
privateKey = hexToBytes(privateKey)
}
const DHPublicKey = ed2curve.convertPublicKey(senderPublicKey)
const DHSecretKey = ed2curve.convertSecretKey(privateKey)
const decrypted = nacl.box.open(msg, nonce, DHPublicKey, DHSecretKey)
return decrypted ? decode(decrypted) : ''
}Futhi yini enye?
Njengoba imilayezo ilethwa ngale ndlela cishe emizuzwaneni emi-5 - lesi yisikhathi lapho kuvela ibhulokhi yenethiwekhi entsha - siqhamuke noxhumano lwesokhethi yeklayenti-kuya-nodi kanye ne-node-to-node. Uma i-node ithola okwenziwayo okusha, ihlola ukufaneleka kwayo bese ikudlulisela kwamanye ama-node. Okwenziwayo kuyatholakala kumakhasimende ezithunywa ngisho nangaphambi kokuba kuvele ukuvumelana nokufakwa kubhulokhi. Ngale ndlela sizoletha imilayezo ngokushesha, njengezithunywa ezisheshayo ezivamile.
Ukugcina incwadi yamakheli, senze i-KVS - Key-Value Storage - lolu olunye uhlobo lomsebenzi lapho asset akulona ibhokisi le-NaCl elibethelwe, kodwa . Lena yindlela isigijimi esigcina ngayo enye idatha.
Ukudluliswa kwefayela/isithombe nezingxoxo zeqembu kusadinga umsebenzi omningi. Yebo, ngefomethi ye-blunder-and-blunder lokhu "kungafinyezwa" ngokushesha, kodwa sifuna ukugcina izinga elifanayo lobumfihlo.
Yebo, kusenomsebenzi okufanele wenziwe - ngokufanelekile, ubumfihlo bangempela buthatha ukuthi abasebenzisi ngeke baxhume kumanodi enethiwekhi yomphakathi, kodwa bazophakamisa awabo. Imaphi amaphesenti abasebenzisi ocabanga ukuthi enza lokhu? Kunjalo, 0. Sikwazile ukuxazulula le nkinga kancane ngenguqulo ye-Tor yesithunywa.
Sifakazele ukuthi isithunywa ku-blockchain singaba khona. Ngaphambilini, bekunomzamo owodwa kuphela ngo-2012 - , ehlulekile ngenxa yezikhathi ezinde zokulethwa kwemilayezo, ukulayishwa kwe-CPU, nokuntuleka kwezinhlelo zokusebenza zeselula.
Futhi ukungabaza kubangelwa ukuthi izithunywa ku-blockchain zingaphambi kwesikhathi sazo - abantu abakulungele ukuthatha umthwalo wemfanelo nge-akhawunti yabo, ukuba nolwazi lomuntu siqu akukabi umkhuba, futhi ubuchwepheshe abuvumeli isivinini esiphezulu ku-blockchain. Izifaniso ezengeziwe zobuchwepheshe zephrojekthi yethu zizovela ngokulandelayo. Uzobona.
Source: www.habr.com