DB43/T 1838-2020 区块链共识安全技术测评标准

ICS35.240

L70

DB43

湖南省地方标准

DB43/T1838—2020

信息安全技术

区块链共识安全技术测评要求

Informationsecuritytechnology-Evaluationrequirements

forblockchainconsensussecuritytechnology

2020-09-30发布2020-12-30实施

湖南省市场监督管理局发布

DB43/T1838—2020

目次

前言························································································································································Ⅲ

1范围····················································································································································1

2规范性引用文件·································································································································1

3术语和定义········································································································································1

4缩略语················································································································································2

5等级测评概述·····································································································································2

5.1等级测评方法·····························································································································2

5.2单项测评·····································································································································2

6第一级测评要求·································································································································2

6.1共识可靠性测评要求··················································································································2

6.2共识终局性测评要求··················································································································3

6.3共识容错性测评要求··················································································································4

6.4共识可审计性测评要求··············································································································4

6.5共识可扩展性测评要求··············································································································5

7第二级测评要求·································································································································6

7.1共识可靠性测评要求··················································································································6

7.2共识终局性测评要求··················································································································6

7.3共识容错性测评要求··················································································································7

7.4共识可审计性测评要求··············································································································8

7.5共识可扩展性测评要求··············································································································9

8第三级测评要求·································································································································9

8.1共识可靠性测评要求··················································································································9

8.2共识终局性测评要求················································································································10

8.3共识容错性测评要求················································································································11

8.4共识可审计性测评要求············································································································12

8.5共识可扩展性测评要求············································································································13

9第四级测评要求·······························································································································13

9.1共识可靠性测评要求················································································································13

9.2共识终局性测评要求················································································································15

9.3共识容错性测评要求················································································································15

9.4共识可审计性测评要求············································································································16

9.5共识可扩展性测评要求············································································································17

10测评结论········································································································································18

I

DB43/T1838—2020

10.1风险分析和评价·····················································································································18

10.2等级测评结论·························································································································18

参考文献················································································································································19

II

DB43/T1838—2020

前言

本文件按照GB/T1.1—2020给出的规则起草。

本文件由中共湖南省委网络安全和信息化委员会办公室提出。

本文件由湖南省区块链和分布式记账技术标准化技术委员会（筹）归口。

本文件起草单位：湖南链信安科技有限公司、湖南天河国云科技有限公司、湖南省东方区块链安全

技术检测中心、湖南省人民政府发展研究中心、湖南天河云链科技有限公司。

本文件主要起草人：谭林、陈昕、杨征、梁亮、汪武、聂璐璐、梁琪、李财、聂朗、尹海波、黄帅、

柳兴、郭慧、殷新文、丁雅琪、沈浪、张祥、宋姝、姜载乐、刘齐平、郑婷婷、胡钦、邹曼瑜等。

III

DB43/T1838—2020

IV

DB43/T1838—2020

信息安全技术区块链共识安全技术测评要求

1范围

本文件规定了区块链共识安全技术测评指标要求。包括第一级、第二级、第三级和第四级区块链共

识安全技术测评要求。

本文件适用于测评机构对区块链共识安全进行的测评工作，也适用于区块链技术开发者参考使用。

2规范性引用文件

下列文件中的内容通过文中的规范性引用而构成本文件必不可少的条款。其中，注日期的引用文件，仅

该日期对应的版本适用于本文件；不注日期的引用文件，其最新版本（包括所有的修改单）适用于本文件。

GB/T25069—2010信息安全技术术语

3术语和定义

GB/T25069—2010界定的下列术语和定义适用于本文件。

3.1

区块链blockchain

一种在对等网络环境下，通过透明和可信规则，构建不可伪造、不可篡改和可追溯的块链式数据结

构，实现和管理事务处理的模式。

注：事务处理包括但不限于可信数据的产生、存取和使用等。

3.2

节点node

由区块链网络的参与者操作的分类账本的副本。

3.3

共识机制consensusmechanism

指确保系统记账一致性的算法、措施和规则，旨在解决不同节点之间信任的问题。

3.4

重放攻击replayattack

一种主动攻击方法，攻击者通过记录通信会话，并在以后某个时刻重放整个会话或者会话的一部分。

[GB/T25069—2010]

3.5

终局性consistency

共识一旦确认，就不会被回滚或撤销。

3.6

自私挖矿selfishmining

通过扣留区块、拖延公布区块的时间等方式，攻击区块链系统一种攻击方法，其目的是获取额外奖

励，并让诚实矿工进行无效计算。

1

DB43/T1838—2020

4缩略语

下列缩略语适用于本文件

PoW：工作量证明（Proof-of-Work）

PoS：权益证明（Proof-of-Stake）

DPoS：股份授权证明（Delegated-Proof-of-Stake）

5等级测评概述

5.1等级测评方法

等级测评实施的基本方法是针对待定的测评对象，采用相关的测评手段，遵从一定的测评规程，获

取需要的证据数据，给出是否达到特定级别安全保护能力的评判。

本标准中针对每一个要求项的测评就构成一个单项测评，针对某个要求项的所有具体测评内容构成

测评实施。根据调研结果，分析等级保护对象的业务流程和数据流，确定测评工作范围。结合等级保护

对象的安全级别进行综合分析，测评对象可以根据类别加以描述，包括共识攻击防范、共识记录以及共

识算法等内容。

本标准中每个级别测评要求都包括共识可靠性测评要求、共识终局性测评要求、共识容错性测评要

求、共识可审计性测评要求以及共识可扩展性测评要求五部分内容。

5.2单项测评

单项测评是针对各安全要求项的测评，支持测评结果的可重复性和可再现性。本标准中单项测评包

括测评指标、测评对象、测评实施和测评判定结果构成。

6第一级测评要求

6.1共识可靠性测评要求

6.1.1共识正确性

该测评单元包括以下要求：

a）测评指标：应保证共识正确且一致性。

b）测评对象：共识过程。

c）测评实施包括以下内容：

1）系统正常运行节点的请求是否能在系统性能所要求的规定时间达成一致的共识；

2）系统正常运行节点