CN110263543A - Object level receipt storage method and node based on code mark - Google Patents
Object level receipt storage method and node based on code mark Download PDFInfo
- Publication number
- CN110263543A CN110263543A CN201910419755.8A CN201910419755A CN110263543A CN 110263543 A CN110263543 A CN 110263543A CN 201910419755 A CN201910419755 A CN 201910419755A CN 110263543 A CN110263543 A CN 110263543A
- Authority
- CN
- China
- Prior art keywords
- intelligent contract
- block chain
- code
- transaction
- chain node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3827—Use of message hashing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
Abstract
This specification one or more embodiment provides a kind of object level receipt storage method and node based on code mark, this method may include: that the first block chain node receives the transaction for corresponding to intelligent contract for passing through encryption, include the object indicated by exposing identifier in the code of the intelligence contract;First block chain node decrypts the transaction in credible performing environment, to obtain the code of the intelligent contract;First block chain node executes the code of the intelligent contract in the credible performing environment, obtains receipt data;First block chain node stores the receipt data, and the corresponding receipt contents of object for indicating the exposed identifier are stored with plaintext version, remaining receipt contents is stored with ciphertext form.
Description
Technical field
This specification one or more embodiment be related to block chain technical field more particularly to it is a kind of based on code mark
Object level receipt storage method and node.
Background technique
Block chain technology constructs on transmission network (such as point to point network).Network node in transmission network utilizes
Linked data structure is verified and storing data, and knows together algorithm using distributed node to generate and more new data.
Technically maximum two challenges are exactly privacy and performance to the block platform chain of enterprise-level at present, and often the two are chosen
War is difficult to solve simultaneously.Most solutions are all to exchange privacy for by losing performance, or less consider that privacy goes the property pursued
Energy.The encryption technology of common solution privacy concern, as homomorphic cryptography (Homomorphic encryption) and Zero Knowledge are demonstrate,proved
Complexities such as bright (Zero-knowledge proof) are high, poor universality, but also may bring serious performance loss.
Credible performing environment (Trusted Execution Environment, TEE) is another solution privacy concern
Mode.TEE can play the role of the black box in hardware, and the code and data operating system layer executed in TEE can not all be peeped,
Interface predetermined can just operate on it only in code.In terms of efficiency, due to the black box property of TEE, in TEE
Carry out operation is clear data, rather than the complicated cryptography arithmetic in homomorphic cryptography, calculating process efficiency are not lost, because
This combines safety and the privacy that block chain can be largely promoted under the premise of performance loss is lesser with TEE.
Industry very pays close attention to the scheme of TEE at present, and the chip and software league of nearly all mainstream have the TEE solution party of oneself
Case, TPM's (Trusted Platform Module, reliable platform module) and hardware aspect including software aspects
Intel SGX (Software Guard Extensions, software protection extension), ARM Trustzone (trusted domain) and AMD
PSP (Platform Security Processor, platform safety processor).
Summary of the invention
In view of this, this specification one or more embodiment provides a kind of object level receipt storage based on code mark
Method and node.
To achieve the above object, it is as follows to provide technical solution for this specification one or more embodiment:
According to this specification one or more embodiment in a first aspect, proposing a kind of object level based on code mark
Receipt storage method, comprising:
First block chain node receives the transaction for corresponding to intelligent contract by encryption, in the code of the intelligence contract
Including the object indicated by exposure identifier;
First block chain node decrypts the transaction in credible performing environment, to obtain the code of the intelligent contract;
First block chain node executes the code of the intelligent contract in the credible performing environment, obtains receipt number
According to;
First block chain node stores the receipt data, in the corresponding receipt of object for indicating the exposed identifier
Hold and is stored with plaintext version storage, remaining receipt contents with ciphertext form.
According to the second aspect of this specification one or more embodiment, a kind of object level based on code mark is proposed
Receipt memory node, comprising:
Receiving unit receives the transaction for corresponding to intelligent contract by encryption, includes in the code of the intelligence contract
The object indicated by exposure identifier;
Decryption unit decrypts the transaction in credible performing environment, to obtain the code of the intelligent contract;
Execution unit executes the code of the intelligent contract in the credible performing environment, obtains receipt data;
Storage unit stores the receipt data, the corresponding receipt contents of object for indicating the exposed identifier with
Plaintext version storage, remaining receipt contents are stored with ciphertext form.
According to the third aspect of this specification one or more embodiment, a kind of electronic equipment is proposed, comprising:
Processor;
Memory for storage processor executable instruction;
Wherein, the processor is by running the executable instruction to realize method as described in relation to the first aspect.
According to the fourth aspect of this specification one or more embodiment, a kind of computer readable storage medium is proposed,
The step of being stored thereon with computer instruction, method as described in relation to the first aspect realized when which is executed by processor.
Detailed description of the invention
Fig. 1 is a kind of schematic diagram for creation intelligence contract that an exemplary embodiment provides.
Fig. 2 is a kind of schematic diagram for calling intelligence contract that an exemplary embodiment provides.
Fig. 3 is a kind of process for object level receipt storage method based on code mark that an exemplary embodiment provides
Figure.
Fig. 4 is a kind of schematic diagram that secret protection is realized on block chain node that an exemplary embodiment provides.
Fig. 5 is a kind of block diagram for object level receipt memory node based on code mark that an exemplary embodiment provides.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to
When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment
Described in embodiment do not represent all embodiments consistent with this specification one or more embodiment.Phase
Instead, they are only some aspects phases with the one or more embodiments of as detailed in the attached claim, this specification
The example of consistent device and method.
It should be understood that the sequence that might not show and describe according to this specification in other embodiments executes
The step of correlation method.In some other embodiments, step included by method can than described in this specification more
It is more or less.In addition, single step described in this specification, may be broken down into other embodiments multiple steps into
Row description;And multiple steps described in this specification, it may also be merged into single step progress in other embodiments
Description.
Block chain is normally divided into three types: publicly-owned chain (Public Blockchain), privately owned chain (Private
) and alliance's chain (Consortium Blockchain) Blockchain.In addition, there are also a plurality of types of combinations, such as privately owned chain
The different combinations such as+alliance chain, alliance's chain+publicly-owned chain.It is publicly-owned chain that wherein decentralization degree is highest.Publicly-owned chain with than
Special coin, ether mill are representative, and the participant that publicly-owned chain is added can read data record on chain, participate in business and compete newly
Book keeping operation power of block etc..Moreover, each participant's (i.e. node) freely can be added and exit network, and carry out relevant operation.It is private
There is chain then on the contrary, the write-in permission of the network is by some tissue or mechanism controls, reading data permission is by organization prescribed.Simply
For, privately owned chain can be weak center's system, and participating in node has stringent limitation and less.Such block chain is more
It is suitable for using inside particular organization.Alliance's chain is then block chain between publicly-owned chain and privately owned chain, it can be achieved that " part
Decentralization ".Each node usually has corresponding physical mechanism or tissue in alliance's chain;Participant is added by authorization
Enter network and composition interests correlation alliance, it is common to safeguard the operation of block chain.
Whether publicly-owned chain, privately owned chain or alliance's chain may all provide the function of intelligent contract.Intelligence on block chain
Contract is the contract that can be executed by transaction triggering on block catenary system.Intelligent contract can pass through the formal definition of code.
By taking ether mill as an example, user is supported to create in the network of ether mill and call the logic of some complexity, this is ether
Mill is different from the ultimate challenge of bit coin block chain technology.Ether mill is ether mill void as the core of a programmable block chain
Quasi- machine (EVM), each ether mill node can run EVM.EVM is the complete virtual machine of figure spirit, it means that can be with
The logic of various complexity is realized by it.It is exactly to run on EVM that user, which issues in ether mill and call intelligent contract,.It is real
On border, what virtual machine was directly run is virtual machine code (Virtual Machine bytecodes, lower abbreviation " bytecode ").It is deployed on block chain
Intelligent contract can be the form of bytecode.
Such as shown in Fig. 1, after a transaction comprising the intelligent contract information of creation is sent ether mill network by Bob, section
The EVM of point 1 can execute this and trade and generate corresponding contract example." 0x6f8ae93 ... " in 1 in figure represents this
The address of contract, what the data field of transaction saved can be bytecode, and the to field of transaction is sky.Pass through common recognition machine between node
After system is reached an agreement, this contract is successfully created, and can be called in the follow-up process.After contract creation, on block chain
There is a contract account corresponding with the intelligence contract, and possess a specific address, contract code will be stored in the conjunction
About in account.The behavior of intelligent contract is controlled by contract code.In other words, intelligent contract to generate on block chain comprising closing
The about virtual account of code and account storage (Storage).
As shown in Fig. 2, one is used to call the transaction of intelligent contract to be sent to ether mill by Bob still by taking ether mill as an example
After network, the EVM of a certain node can execute this and trade and generate corresponding contract example.The from word traded in 2 in figure
Section is the address of the account of transaction initiator (i.e. Bob), and " 0x6f8ae93 ... " in field represents called intelligence and close
Address about, value field are the value of ether coin, the side of the intelligent contract of the calling that the data field of transaction saves in ether mill
Method and parameter.Intelligent contract in a prescribed manner in block chain network each node disjoint execution, all execution record and
Data are all stored on block chain, so just saving the transaction that can not be distorted, will not lose on block chain after the completion of transaction
Voucher.
Node in block chain network can generate corresponding receipt (receipt) number after executing the transaction that Bob is initiated
According to for recording the relevant receipt information of the transaction.By taking ether mill as an example, node executes the resulting receipt data of trading can be with
Including following content:
Result field indicates the implementing result of transaction;
Gas used field indicates the gas value of transaction consumption;
Logs field indicates that the log that transaction generates, log may further include From field, To field, Topic word
Section and Log data field etc., wherein From field indicates that the account address of the initiator called, To field indicate called pair
As the account address of (such as intelligent contract), Topic field indicate that the theme of log, Log data field indicate daily record data;
Output field indicates the output of transaction.
In general, the receipt data that transaction generates after executing is stored with plaintext version, anyone is it can be seen that receive
According to the content of above-mentioned each receipt field contained by data, the setting and ability of no secret protection.And in some block chains and TEE
In the solution combined, in order to realize secret protection, the full content of receipt data, which is taken as, needs secret protection
Data are stored on block chain.The block chain is stored in data set made of certain logic tissue in the database of node
It closes.The database, as described later, physical support can store medium, such as persistent storage medium.In fact, receipt
May there was only partial content in data is sensitive, and other contents and insensitive, it is only necessary to be carried out for sensitive content hidden
Private protection, other content can disclose, or even may need to implement partial content retrieval in some cases to drive correlation
The implementation of operation, then implementing secret protection for this partial content will affect the implementation of search operaqtion.
Below in conjunction with the embodiment of the object level receipt storage method that illustrates the application one shown in Fig. 3 and marked based on code
Realization process:
Step 302, the first block chain node receives the transaction for corresponding to intelligent contract by encryption, the intelligence contract
Code in include by the object indicated of exposure identifier.
In one embodiment, user, can be by adding exposure mark when writing the code of intelligent contract in code
Symbol enables the receipt contents for corresponding to this partial objects in receipt data using depositing in plain text to indicate one or more objects
Storage needs to store using ciphertext then residue does not mark receipt contents corresponding to the object of exposed identifier, corresponding to realize
Secret protection.
As described above, in the transaction for creating intelligent contract, what data field saved can be the intelligence contract
Bytecode.Bytecode is made of a series of byte, and each byte can identify an operation.Based on development efficiency, readable
Property etc. it is many-sided consider, developer can not directly write bytecode, but select a high level language intelligence contract generation
Code.The code of the intelligent contract of high level language compiles by compiler and generates bytecode, and then the bytecode can portion
It affixes one's name on block chain.There are many high-level language that ether mill is supported, such as Solidity, Serpent, LLL language.
By taking Solidity language as an example, the contract write with it and class (Class) the very phase in Object-Oriented Programming Language
Seemingly, a variety of members, including state variable, function, function modifier, event etc. can be stated in a contract.Be as follows with
The example code 1 for the simple intelligent contract that Solidity language is write:
In the code for the intelligent contract write based on Solidity language, one can be indicated by exposure identifier
Or multiple objects, the receipt contents that this partial objects is corresponded in receipt data are stored with plaintext version, and remaining
Receipt contents stored with ciphertext form.Similarly, in the code for the intelligent contract write based on Serpent, LLL language etc.
In, it again may be by exposing identifier to indicate one or more objects, to realize the stored in clear of relevant receipts content.
Exposure identifier can be to be exclusively used in demonstrating the need for the receipt field of stored in clear, such as can use keyword
Plain characterizes the exposure identifier.It so, can be corresponding right for the receipt contents for wishing to store with plaintext version
As adding plain (alternatively, can also be associated using other modes with corresponding object) before.
The object that exposure identifier is indicated may include receipt field, than Result field as described above, Gas
The From field that is further included in used field, Logs field, Output field etc. or Logs field, To field,
Topic field, Log data field etc..For example, above-mentioned example code 1 can be adjusted to following example codes 2:
In above-mentioned example code 2, by adding exposure identifier plain in the code forefront of intelligent contract, make
Intelligent contract code be performed after, all fields in the receipt data of generation are stored with plaintext version.
Certainly, in other embodiments, the field for needing stored in clear can also be particularly pointed out.For example, passing through exposure mark
When knowledge symbol is labeled From field, the From after may make the code of intelligent contract to be performed, in the receipt data of generation
The corresponding receipt contents of field are stored with plaintext version, then subsequent can be real for the receipt contents in the From field
Search operaqtion is applied, for example the trading volume etc. that a certain account is initiated can be counted.
It is noted that in above-mentioned example code 2 and its related embodiment, by exposure identifier " plain " institute
The object (all fields or From field) indicated is contract grade object, so that the first block chain node is in storage receipt data
When, all receipt contents that the contract grade object is corresponded in receipt data are stored with plaintext version.Especially, when intelligent conjunction
When in code about including multiple events, contract grade object can be adapted for all events in intelligent contract, then with From
For field: when multiple events generate corresponding Logs field respectively, From field contained by every Logs field is equal
It can be stored using plaintext version, without adding exposure identifier respectively for each event.
Other than receipt field, exposure identifier can be also used for indicating other objects.For example, exposure identifier is indicated
Object may include state variable, and the state variable equally can be contract grade object.It is with state variable " price "
Example, can be adjusted to following example codes 3 for above-mentioned example code 1:
In above-mentioned example code 3, by adding exposure identifier before the type int of state variable " price "
" plain " (alternatively, exposure identifier plain can be placed in after type int), so that the code of intelligent contract is performed
Afterwards, in each field of the receipt data of generation (generally including Topic field, Output field etc.), with state variable
" price " relevant receipt contents are stored with plaintext version, then subsequent can be directed to and state variable " price " phase
The receipt contents of pass implement search operaqtion.Since state variable " price " belongs to contract grade object in example code 3, so that
When in the code of intelligent contract including multiple events, contract grade object can be adapted for all events in intelligent contract, that
When multiple events generate corresponding Logs field respectively, every Logs field (Topic word in such as Logs field
Section) receipt contents relevant to state variable " price " can be stored using plaintext version, Output field etc. can also use bright
Literary form stores receipt contents relevant to state variable " price ", without being directed to state variable respectively in each event
" price " adds exposure identifier.
When defining multiple state variables in the code of intelligent contract, above-mentioned contract grade object may include therein
Part or all of state variable.For example, intelligent contract may include following example code 4:
In above-mentioned example code 4, multiple states such as " price ", " price1 " are defined in the code of intelligent contract
Variable, and user can add exposure identifier plain only for state variable " price ", so that the state variable " price "
As contract grade object, and state variable " price1 " is not labeled by exposure identifier then.
Other than contract grade object, the object that exposure identifier is indicated may include: to correspond in intelligent contract to define
At least one event event level object so that the first block chain node determines receipt data when storing receipt data
In correspond at least one event receipt contents, and will in the receipt contents that determined correspond to event level object part
It is stored with plaintext version.It especially, can be at least part event setup when in intelligent contract including multiple events
The event level object stated, so that the corresponding receipt contents of this partial event are stored with plaintext version, the corresponding receipt of its complementary event
Content is stored with ciphertext form.By taking From field as an example, above-mentioned example code 1 can be adjusted to following example codes 5:
In above-mentioned example code 5, by the corresponding event functions " event of event currentPrice
The corresponding character from of addition From field in currentPrice (int price) ", and it is sudden and violent used by character from
Dew identifier is different from plain above-mentioned, but is modified by quotation marks character from, then drawing in example code 5
Number it is equivalent to exposed identifier above-mentioned, is event level object by From field configuration, so that generating the event is corresponding
In Logs field, From field will be stored with plaintext version.Other than above-mentioned event currentPrice, if intelligence
The code of contract also includes another event, then above-mentioned character from will not influence another event, another event corresponds to
Receipt contents will be stored with ciphertext form, unless exist for another event and add " from ".
Alternatively, above-mentioned example code 1 can be adjusted to following example codes 6:
In above-mentioned example code 6, by the corresponding event functions " event of event currentPrice
It adds exposure identifier " plain " before currentPrice (int price) ", and is different from and is added in example code 5
" from ", so that do not indicate that event level object is From field herein, then:
In a kind of situation, event level object may include field, this is similar with above-mentioned From field.But due to
Specific field is not indicated, can regard all fields in log caused by event currentPrice as above-mentioned thing
Part grade object, for example From field above-mentioned, To field, Topic field, Log Data field etc., are equivalent to the event
The corresponding all receipt contents of currentPrice are stored with plaintext version.
In another case, event level object may include state variable.For example, being defined in above-mentioned example code 6
State variable " price ", and event currentPrice refers to the state variable " price ", corresponds in event functions
Exposure identifier " plain " is added before " event currentPrice (int price) ", it can be by state variable
" price " as above-mentioned event level object so that in all receipts relevant to state variable " price " that the event generates
Rong Jun is stored with plaintext version.Since state variable " price " belongs to event level object in example code 6, so that working as
When in the code of intelligent contract also including the event event1 of another reference state variable " price ", if not being directed to the thing
Part event1 adds the exposure identifier of any rank, even if then event event1 refers to state variable " price ", it should
Receipt contents caused by event event1 will be stored with ciphertext form, and not be stored with plaintext version.
When referring to multiple state variables in same event, above-mentioned event level object may include the whole being cited
State variable.For example, above-mentioned example code 4 can be adjusted to following example codes 7:
In above-mentioned example code 7, the corresponding event functions of event currentPrice " event currentPrice
Keyword " plain " is added before (int price, int price1) " so that the corresponding all receipt contents of the event with
Plaintext version storage.For example, which refers to state variable " price " and " price1 " so that state variable " price " and
" price1 " will receive influence, then all receipts relevant to state variable " price " and " price1 " that the event generates
It is stored according to content with plaintext version.But for other and it is not added with the event of exposed identifier plain, generation
Receipt contents are stored with ciphertext form.
When event level object includes state variable, it can also specifically be designated as one or more states cited in event
Variable.By taking state variable " price " as an example, above-mentioned example code 1 can be adjusted to following example codes 8:
In above-mentioned example code 8, the corresponding event functions of event currentPrice " event currentPrice
(int price) " is referred to state variable " price ", and by being added before the type int of the state variable " price "
Exposure identifier plain, so that the state variable " price " is configured as event level object, which is only applicable to
Event currentPrice, other events that intelligent contract includes are not suitable for it, it may be assumed that only event currentPrice is generated
Receipt contents relevant to state variable " price " stored with plaintext version, unless also for state in other events
Variable " price " is added to exposed identifier, even if otherwise other events apply the state variable " price ", the receipts of generation
It is still stored according to content with ciphertext form.
Since the event currentPrice in example code 8 only applies state variable " price ", make its actual effect
State variable " price " configuration for exposing identifier, quoting the event is added with the event is directed in above-mentioned example code 6
It is similar for event level object.And when the event multiple state variables of application simultaneously, it can more clearly from embody the two not
Together, for example above-mentioned example code 4 can be adjusted to following example codes 9:
In above-mentioned example code 9, event currentPrice refer to simultaneously state variable " price " and
" price1 ", and by adding exposure identifier plain before the type int of state variable " price ", it can be by the state
Variable " price " is configured to event level object, and the state variable " price1 " for being not added with exposed identifier plain is not then thing
Part grade object so that the event generate receipt contents relevant to state variable " price " stored with plaintext version, with
The relevant receipt contents of state variable " price1 " are still stored with ciphertext form.
In one embodiment, the corresponding intelligent contract of the received transaction of the first block chain node, can be through advanced language
It says the intelligent contract write, or can be the intelligent contract of bytecode form.Wherein, when intelligent contract is high level language
Intelligent contract when, the first block chain node also passes through compiler and is compiled to the intelligent contract of the high level language, raw
At the intelligent contract of bytecode form, to be executed in credible performing environment.And when the received transaction pair of the first block chain node
When the intelligent contract answered is the intelligent contract of bytecode form, the intelligent contract of the bytecode form can be passed through compiling by client
Device is compiled the intelligent contract of high level language and obtains, and the intelligent contract of the high level language by user in visitor
It writes to obtain on the end of family.
Corresponding intelligent contract of trading received for the first block chain node, can be user in the first block chain node
The intelligent contract of upper generation.When user obtains above-mentioned intelligent contract using high level language, the first block chain node is also
The intelligent contract of the high level language is compiled as to the intelligent contract of bytecode form by compiler;Alternatively, user can also
It can directly write to obtain the intelligent contract of bytecode form on the first block chain node.
Corresponding intelligent contract of trading received for the first block chain node, can generate on the client for user
Intelligent contract.For example, user by corresponding account after client generates the transaction, transaction is committed to by the client
First block chain node.It include transaction/query interface in the first block chain node, which can be with client pair by taking Fig. 4 as an example
It connects, client is allowed to submit above-mentioned transaction to the first block chain node.Than as described above, user can use advanced language
Speech writes intelligent contract on the client, is then compiled by client by intelligent contract of the compiler to the high-level language
It translates, obtains the intelligent contract of corresponding bytecode form.Certainly, client can be directly by the intelligent contract of high level language
It is sent to the first block chain node, so that the first block chain node is compiled as the intelligent contract of bytecode form by compiler.
Corresponding intelligent contract of trading received for the first block chain node, can pass through the second block chain for client
Intelligent contract in the transaction that node is sent, the intelligence contract are usually bytecode form;Certainly, which may be
The intelligent contract of high level language, the then intelligence that the first block chain node can be compiled as bytecode form by compiler are closed
About.
In one embodiment, when in the code of intelligent contract including exposure identifier, the intelligence of high level language is closed
About it can have identical exposed identifier with the intelligent contract of bytecode form.And it should be understood by those skilled in the art that
Be: bytecode can using different from high-level language exposure identifier, such as high level language intelligent contract code
In comprising first identifier symbol, the intelligent contract of bytecode form code in accord with comprising second identifier, then first identifier Fu Yu
There are corresponding relationships between two identifiers, it is ensured that after being compiled as bytecode by high-level language, will not influence the function of exposed identifier
Energy.
Step 304, the first block chain node decrypts the transaction in credible performing environment, to obtain the intelligent contract
Code.
In one embodiment, above-mentioned transaction can be encrypted by way of symmetric encipherment algorithm, can also be used non-
The mode of symmetry algorithm is encrypted.The Encryption Algorithm that symmetric cryptography uses, e.g. DES algorithm, 3DES algorithm, TDEA are calculated
Method, Blowfish algorithm, RC5 algorithm, IDEA algorithm etc..Rivest, shamir, adelman, e.g. RSA, Elgamal, knapsack algorithm,
Rabin, D-H, ECC (elliptic curve encryption algorithm) etc..
In one embodiment, above-mentioned transaction can be carried out by way of symmetric encipherment algorithm combination rivest, shamir, adelman
Encryption.By taking above-mentioned transaction is committed to the first block chain node by client as an example, client can be added using symmetric encipherment algorithm
Close transaction content encrypts transaction content using the key of symmetric encipherment algorithm, and is added with rivest, shamir, adelman cryptographic symmetrical
The key used in close algorithm, for example using the key used in the public key encryption symmetric encipherment algorithm of rivest, shamir, adelman.
In this way, can be first decrypted using the private key of rivest, shamir, adelman after the first block chain node receives the transaction of encryption,
The key of symmetric encipherment algorithm is obtained, and then decrypts to obtain transaction content with the key of symmetric encipherment algorithm.For example, when transaction is used
When creating intelligent contract, transaction content may include the code of the intelligent contract of required creation;When transaction is for calling intelligence
When contract, transaction content may include the account address of called intelligent contract, the method for needing to be passed to and parameter etc..
When transaction is for calling intelligent contract, the calling of multinest structure can be.For example, transaction calls directly intelligence
Can and about 1, and the intelligence and about 1 code have invoked intelligence and about 2, and the code in intelligence and about 2 be directed toward it is intelligent with about 3
Contract address so that transaction actually have invoked indirectly intelligence and about 3 codes, and intelligence and about 3 in code can wrap
Include the object indicated by exposure identifier.In this way, being equivalent to pair for containing in intelligence and about 1 and indicating by exposure identifier
As.Specific implementation process is similar with the above process, and details are not described herein.
Step 306, the first block chain node executes the code of the intelligent contract in the credible performing environment, obtains
Receipt data.
As previously mentioned, the first received transaction of block chain node, such as can be creation and/or call the friendship of intelligent contract
Easily.Such as in ether mill, the first block chain node receives the creation that client is sent and/or calls the transaction of intelligent contract
Afterwards, can check transaction whether effectively, format it is whether correct, whether the signature for verifying transaction legal etc..
In general, the node in ether mill is typically also the node of contention book keeping operation power, and therefore, the first block chain node is made
Node for contention book keeping operation power can be performed locally the transaction.If one in the node of contention book keeping operation power is striven in epicycle
It wins during taking book keeping operation power by force, then becomes accounting nodes.If the first block chain node is in the process of epicycle contention book keeping operation power
In win, just become accounting nodes;Certainly, if if the first block chain node does not have during epicycle contention is kept accounts and weighed
It wins, is not then accounting nodes, and other nodes are likely to become accounting nodes.
Intelligent contract is similar to the class in Object-Oriented Programming, and the contract that the result of execution generates the corresponding intelligence contract is real
Example is similar to and generates the corresponding object of class.It executes in transaction for creating the process of the code of intelligent contract, will create contract account
Family, and contract is disposed in account space.In ether mill, the address of intelligent contract account is address (such as Fig. 1-2 by sender
In " 0xf5e ... ") and transaction random number (nonce) as input, pass through what Encryption Algorithm generated, such as the conjunction in Fig. 1-2
About address " 0x6f8ae93 ... " is generated by the encrypted algorithm of nonce in the address of sender " 0xf5e ... " and transaction.
In general, proved using proof of work (Proof of Work, POW) and equity (Proof of Stake,
POS), equity is appointed to prove the area of support intelligence contract of the common recognition such as (Delegated Proof of Stake, DPOS) algorithm
In block chain network, the node of contention book keeping operation power can execute the friendship after receiving the transaction comprising the intelligent contract of creation
Easily.Contention book keeping operation power node in may one of them epicycle contention keep accounts weigh during win, become accounting nodes.Note
This can be included transaction of intelligent contract by account node and other transaction be packaged together and generate new block, and by the new of generation
Block be sent to other nodes and know together.
For using machines such as practical Byzantine failure tolerance (Practical Byzantine Fault Tolerance, PBFT)
In the block chain network of the support intelligence contract of system, there is the node of book keeping operation power to have agreed upon before epicycle book keeping operation.Therefore,
After one block chain node receives above-mentioned transaction, if itself not being the accounting nodes of epicycle, which can be sent to
Accounting nodes.For the accounting nodes (can be the first block chain node) of epicycle, which is being packaged and is generating new block
During perhaps before or by the transaction with it is other transaction be packaged together and generate new block during or before,
The transaction can be executed.The transaction is packaged (or further including that other transaction are packaged together) and generates new area by the accounting nodes
After block, the new block of generation or block head are sent to other nodes and known together.
As described above, in block chain network using the support intelligence contract of POW mechanism, or using POS, DPOS,
In the block chain network of the support intelligence contract of PBFT mechanism, which can be packaged and generate new by the accounting nodes of epicycle
Block, and the new block back zone build of generation is sent to other nodes and is known together.If other nodes receive institute
It states after block that there is no problem through verifying, which can be appended to original block chain end, to complete to keep accounts
Journey is reached common understanding;If transaction completes deployment of the intelligent contract in block chain network, if handing over for creating intelligent contract
It is easy for calling intelligent contract, then completes the calling and execution of intelligent contract.Other node verification accounting nodes are sent new
Block or block head during, the transaction in the block can also be executed.
The implementation procedure can generally be executed by virtual machine.By taking ether mill as an example, support user in ether mill network
Middle creation and/or the logic for calling some complexity, this is the ultimate challenge that ether mill is different from bit coin block chain technology.Ether
Mill is ether mill virtual machine (EVM, Ethereum Virtual Machine) as the core of a programmable block chain, each
Ether mill node can run EVM.EVM is the complete virtual machine of a figure spirit, it means that can be realized by it various
Complicated logic.It is exactly to run on EVM that user, which issues in ether mill and call intelligent contract,.
In the present embodiment, the first block chain node can be in credible performing environment (Trusted Execution
Environment, TEE) in execute decryption intelligent contract code.Such as shown in Fig. 4, the first block chain node can be divided
For conventional performing environment (being located at left side in figure) and TEE, (as described above, transaction may exist it for the transaction that client is submitted
His source;This is illustrated for sentencing the transaction of client submission) initially enter " transaction/inquiry in conventional performing environment
Interface " is identified, can be left on to be handled in conventional performing environment there is no the transaction of privacy process demand and (here may be used
Recognize whether that privacy handles need with identifier according to contained by the user type of transaction initiator, type of transaction, transaction etc.
Ask), and the transaction transport that privacy process demand will be present is handled into TEE.TEE and conventional performing environment are mutually isolated.
Transaction is in encrypted state before entering TEE, and the transaction content of plaintext is then decrypted as in credible performing environment, thus
Under the premise of ensuring data safety, the transaction content of the plaintext is enabled to realize efficient process in TEE, and raw in TEE
At the receipt data of plaintext.
TEE is the security extension based on CPU hardware, and the credible performing environment completely isolated with outside.TEE be earliest by
The concept that Global Platform is proposed, for solving the security isolation of resource in mobile device, being parallel to operating system is to answer
Credible and secure performing environment is provided with program.The Trust Zone technology of ARM realizes the TEE technology of real commercialization earliest.
Along with the high speed development of internet, safe demand is higher and higher, is not limited only to mobile device, cloud device, data center
More demands all are proposed to TEE.The concept of TEE has also obtained the development and expansion of high speed.Now described TEE compare with
The concept initially proposed has been the TEE of more broad sense.For example, server chips manufacturer Intel, AMD etc. are successively proposed
The TEE of hardware auxiliary and the concept and characteristic for enriching TEE, have been widely recognized in industry.The TEE lifted now is logical
Often more refer to the TEE technology of this kind of hardware auxiliary.Different from mobile terminal, cloud access needs to remotely access, and terminal user is to hard
Part platform is invisible, therefore seeks to the genuine and believable of confirmation TEE using the first step of TEE.Therefore present TEE technology is all drawn
Enter remote proving mechanism, endorsed by hardware vendor (mainly CPU manufacturer) and ensures user to TEE by digital signature technology
State can verify that.It is simultaneously only the demand for security that the resource isolation of safety is also unable to satisfy, further data-privacy protection
Also it is suggested.Including Intel SGX, the commercial TEE including AMD SEV also both provides memory encryption technology, by reliable hardware
It is limited to inside CPU, the data of bus and memory are that ciphertext prevents malicious user from being spied upon.For example, the software of Intel
Protection extends code execution, remote proving, security configuration, the secure storage of data such as (SGX) TEE technology insulation and is used for
Execute the trusted path of code.The application program run in TEE is kept safe, as a consequence it is hardly possible to be accessed by third party.
By taking Intel SGX technology as an example, SGX provides enclosure (enclave, also referred to as enclave), i.e., one adds in memory
Close credible execution region, protects data not to be stolen by CPU.By taking the first block chain node is using the CPU for supporting SGX as an example,
Using newly-increased processor instruction, a part of region EPC (Enclave Page Cache, enclosure page can be distributed in memory
Face caching or enclave page cache), by the crypto engine MEE (Memory Encryption Engine) in CPU to wherein
Data encrypted.The content encrypted in EPC, which only enters after CPU, can just be decrypted into plain text.Therefore, in SGX, user
It can distrust operating system, VMM (Virtual Machine Monitor, monitor of virtual machine), even BIOS (Basic
Input Output System, basic input output system), it is only necessary to trust CPU just and can ensure that private data will not leak.
It in practical application, is transferred in enclosure after private data being encrypted with ciphertext form, and will be corresponding by remote proving
Code key is also passed to enclosure.Then, operation is carried out using data under the encipherment protection of CPU, as a result can be returned with ciphertext form.This
Under kind mode, powerful calculating power not only can use, but also do not have to concern of data and leak.
There are the transaction of privacy process demand for including intelligent contract in the transaction when creating intelligent contract when above-mentioned
Code, the first block chain node can be decrypted to obtain the code of intelligence contract contained by it in TEE to the transaction, and in turn
The code is executed in TEE.When it is above-mentioned there are the transaction of privacy process demand for call intelligent contract when, the first block chain link
Point can execute the code (if called intelligent contract processing encrypted state, needs first in TEE to the intelligence in TEE
Energy contract is decrypted, to obtain corresponding code).Specifically, the first block chain node can use the processing increased newly in CPU
Device instruction, distributes a part of region EPC in memory, is added by the crypto engine MEE in CPU to above-mentioned plaintext code
In the close deposit EPC.The content encrypted in EPC is decrypted into plain text after entering CPU.In CPU, the code of plaintext is carried out
Implementation procedure is completed in operation.For example, executing the plaintext code of intelligent contract in SGX technology, EVM being loaded into enclosure
In.During remote proving, Key Management server can calculate the hash value of local EVM code, and with the first block chain
The hash value of the EVM code loaded in node compares, comparison result correctly as a necessary condition by remote proving, from
And complete the measurement of the code loaded to the first block chain node SGX enclosure.Through excess vol, correct EVM can be held in SGX
The code of the above-mentioned intelligent contract of row.
Step 308, the first block chain node stores the receipt data, and the object for indicating the exposed identifier is corresponding
Receipt contents with plaintext version storage, remaining receipt contents stores with ciphertext form.
In one embodiment, the corresponding receipt contents of object that the first block chain node indicates exposure identifier are in plain text
Form storage, and remaining receipt contents is stored with ciphertext form, can neatly for receipt data carry out stored in clear or
Ciphertext storage so that can satisfy the privacy requirements of user using the receipt contents that ciphertext form stores, and uses plaintext version
The receipt contents of storage can satisfy the Search Requirement of user.For example, when log (such as entire Logs field in receipt data;
Alternatively, at least one of From field, To field, Topic field, Log data field) using plaintext version storage when, energy
The subsequent retrieval to the log content is enough supported, to realize for example based on the event-driven of log content, such as driving DAPP
(Decentralized Application, Distributed Application) client executing relevant treatment operations etc..
First block chain node, which does not pass through the corresponding receipt contents of object that exposed identifier is indicated by key pair, to carry out
Encryption.The encryption can use symmetric cryptography, can also use asymmetric encryption.If the first block chain node is with symmetrically
Cipher mode encrypts receipt contents with the symmetric key of symmetric encipherment algorithm, then (or other hold pair of key to client
As) encrypted receipt contents can be decrypted with the symmetric key of the symmetric encipherment algorithm.
When the symmetric key of first block chain node symmetric encipherment algorithm encrypts receipt contents, the symmetric key
It can be provided previously by client to the first block chain node.So, due to only having client (actually to should be in client
The corresponding user of logon account) and the first block chain node grasp the symmetric key, enable only the client decrypt accordingly
Encrypted receipt contents, avoid unrelated user even criminal encrypted receipt contents are decrypted.
For example, client, when initiating to trade to the first block chain node, client can use the first of symmetric encipherment algorithm
Beginning key pair transaction content is encrypted, to obtain the transaction;Correspondingly, the first block chain node can be initial by obtaining this
Key, for directly or indirectly being encrypted to receipt contents.For example, which can be by client and the first block
Chain node is negotiated to obtain in advance, perhaps by Key Management server is sent to client and the first block chain node or by visitor
Family end is sent to the first block chain node.When initial key is sent to the first block chain node by client, client can be with
After encrypting by the public key of rivest, shamir, adelman to the initial key, encrypted initial key is sent to the firstth area
Block chain node, and the first block chain node solves the encrypted initial key by the private key of rivest, shamir, adelman
It is close, initial key is obtained, i.e., digital envelope encryption described above, details are not described herein again.
First block chain node can encrypt receipt contents using above-mentioned initial key.Difference transaction uses
Initial key can be identical, so that the All Activity that same user is submitted is all made of the initial key and encrypts, or not
The initial key used with transaction can be different, for example client can generate an initial key for each transaction is random, with
Promote safety.
First block chain node can generate derivative key according to initial key and impact factor, and pass through the derivative key
Receipt contents are encrypted.It being encrypted compared to initial key is directlyed adopt, derivative key can increase degree of randomness, thus
The difficulty being broken is promoted, the safeguard protection for optimizing data is facilitated.Impact factor can be related to transaction;For example, influence because
Son may include trade cryptographic Hash specific bit, such as the first block chain node can will initial key and transaction cryptographic Hash before
Spliced, and Hash fortune is carried out to spliced character string for 16 (or first 32,16 latter, rear 32 or other positions)
It calculates, to generate derivative key.
First block chain node can also use asymmetric encryption mode, i.e., with the public key of rivest, shamir, adelman to receipt
Content-encrypt, then correspondingly, client can be decrypted in above-mentioned encrypted receipt with the private key of the rivest, shamir, adelman
Hold.The key of rivest, shamir, adelman, such as can be and a pair of of public key and private key are generated by client, and public key is sent in advance
To the first block chain node, so that the first block chain node can be by the receipt contents public key encryption.
First block chain node is by running the code for realizing a certain function, to realize the function.Therefore, for needing
The function to realize in TEE also needs to execute correlative code.And the code for being executed in TEE, it needs to meet TEE
Related specifications and requirement;Accordingly for the rule for realizing the code of a certain function, needed in the related technology in conjunction with TEE
Model and requirement re-start written in code, and there is only relatively bigger exploitation amounts, and are easy to produce during rewriting
Raw loophole (bug) influences the reliability and stability of function realization.
Therefore, the first block chain node can be by executing store function code, the receipts that will be generated in TEE except TEE
According to data (including needing the receipt contents of the plaintext version of stored in clear, and the receipt of the ciphertext form that needs ciphertext to store
Content) external memory space to except TEE is stored, allow the store function code to be in the related technology for realizing depositing
It stores up the code of function, need to re-start written in code in conjunction with the specification and requirement of TEE, can realize peace for receipt data
Complete reliable storage, on the basis of not influencing safe and reliable degree, can not only reduce the exploitation amount of correlative code, and
TCB (Trusted Computing Base, trusted computing base) can be reduced by reducing the correlative code of TEE, so that TEE
During technology and block chain technology are combined, it is additional caused by security risk be in controlled range.
In one embodiment, the first block chain node can execute write buffer function code in TEE, by above-mentioned receipts
It is stored in the write buffer in TEE according to data, for example the write buffer can correspond to " caching " as shown in Figure 2.Further,
One block chain node exports the data in write buffer from credible performing environment, to store to external memory space.Wherein, it writes slow
Depositing function code can be stored in TEE with plaintext version, and the caching function generation of the plaintext version can be directly executed in TEE
Code;Or, write buffer function code can be stored in except TEE with ciphertext form, for example it is stored in above-mentioned external memory space
(such as " packing+storage " shown in Fig. 2, wherein " packing " indicates the first block chain node except credible performing environment to friendship
Easily be packaged blocking), the write buffer function code of the ciphertext form can be read in TEE, be decrypted in TEE as in plain text
Code, and execute the plaintext code.
Write buffer refers to when writing data into external memory space, in order to avoid causing " the punching to external memory space
Hit " and " buffering " mechanism of offer.For example, can realize above-mentioned write buffer using buffer;Certainly, write buffer can also adopt
It is realized with cache, this specification is limited not to this.In fact, due to the security context that TEE is isolation, and it is external
Memory space is located at except TEE, so that can carry out batch by using write buffer mechanism to the data in caching and outside is written
Memory space promotes data storage efficiency to reduce the interaction times between TEE and external memory space.Meanwhile TEE exists
During constantly executing each item transaction, it may be necessary to transfer generated data, be write if the data that need to be called are located exactly at
In caching, the data can be directly read from write buffer, on the one hand can reduce the friendship between external memory space in this way
Mutually, it on the other hand eliminates to the decrypting process from external memory space data streams read, thus at the data being lifted in TEE
Manage efficiency.
It is of course also possible to write buffer be built on except TEE, for example the first block chain node can execute except TEE
Write buffer function code, thus by the write buffer outside above-mentioned receipt data deposit TEE, and further by the number in write buffer
According to storing to external memory space.
A kind of embodiment of the object level receipt memory node based on code mark of this specification is introduced below in conjunction with Fig. 5,
Include:
Receiving unit 51 receives the transaction for corresponding to intelligent contract by encryption, wraps in the code of the intelligence contract
Include the object indicated by exposure identifier;
Decryption unit 52 decrypts the transaction in credible performing environment, to obtain the code of the intelligent contract;
Execution unit 53 executes the code of the intelligent contract in the credible performing environment, obtains receipt data;
Storage unit 54 stores the receipt data, the corresponding receipt contents of object for indicating the exposed identifier
It is stored with plaintext version storage, remaining receipt contents with ciphertext form.
Optionally, the corresponding intelligent contract of the received transaction of the first block chain node, comprising:
The intelligent contract of high level language;Or,
The intelligent contract of bytecode form.
Optionally, when the intelligence that the corresponding intelligent contract of the received transaction of the first block chain node is high level language is closed
When about, described device further include:
Compilation unit 55 is compiled by intelligent contract of the compiler to the high level language, generates bytecode
The intelligent contract of form, to be executed in the credible performing environment.
Optionally, when the intelligent contract that the corresponding intelligent contract of the received transaction of the first block chain node is bytecode form
When, the intelligent contract of the bytecode form is compiled by client by intelligent contract of the compiler to high level language
And obtain, the intelligent contract of the high level language is write to obtain by user in the client.
Optionally, the intelligent contract of the high level language and the intelligent contract of the bytecode form have it is identical or
Corresponding exposed identifier.
Optionally, the corresponding intelligent contract of the received transaction of the first block chain node, comprising:
The intelligent contract that user generates on the first block chain node;Or,
The intelligent contract that user generates on the client;Or,
The intelligent contract in transaction that the client is sent by the second block chain node.
Optionally, the object that the exposed identifier is indicated includes: receipt field and/or state variable.
Optionally, the object that the exposed identifier is indicated includes: contract grade object;The storage unit 54 is specifically used
In:
When storing the receipt data, will correspond in all receipts of the contract grade object in the receipt data
Appearance is stored with plaintext version.
Optionally, the object that the exposed identifier is indicated includes: corresponding at least one defined in the intelligent contract
The event level object of a event;The storage unit 54 is specifically used for:
When storing the receipt data, the receipt for corresponding at least one event in the receipt data is determined
Content, and the part for corresponding to the event level object in the receipt contents determined is stored with plaintext version.
Optionally, the storage unit 54 is specifically used for:
Store function code is executed except the credible performing environment, and the receipt data is stored to described credible
External memory space except performing environment.
Optionally, the transaction is for creating and/or calling the intelligent contract.
Optionally, the key that the first block chain node encrypts the receipt field includes: symmetric encipherment algorithm
The key of key or rivest, shamir, adelman.
Optionally, the key of the symmetric encipherment algorithm includes the initial key that the client provides;Or, described symmetrical
The key of Encryption Algorithm includes the derivative key that the initial key and impact factor generate.
Optionally, the transaction is encrypted by the initial key, and the initial key is by rivest, shamir, adelman
Public key encrypted;The decryption unit 52 is specifically used for:
First block chain node is decrypted to obtain the initial key with the private key of the rivest, shamir, adelman, and described in use
Initial key is decrypted the transaction to obtain the code of the intelligent contract.
Optionally, the initial key is generated by client;Or, the initial key is sent to by Key Management server
The client.
Optionally, the impact factor is related to the transaction.
Optionally, the impact factor includes: the specific bit of the cryptographic Hash of the transaction.
In the 1990s, the improvement of a technology can be distinguished clearly be on hardware improvement (for example,
Improvement to circuit structures such as diode, transistor, switches) or software on improvement (improvement for method flow).So
And with the development of technology, the improvement of current many method flows can be considered as directly improving for hardware circuit.
Designer nearly all obtains corresponding hardware circuit by the way that improved method flow to be programmed into hardware circuit.Cause
This, it cannot be said that the improvement of a method flow cannot be realized with hardware entities module.For example, programmable logic device
(Programmable Logic Device, PLD) (such as field programmable gate array (Field Programmable Gate
Array, FPGA)) it is exactly such a integrated circuit, logic function determines device programming by user.By designer
Voluntarily programming comes a digital display circuit " integrated " on a piece of PLD, designs and makes without asking chip maker
Dedicated IC chip.Moreover, nowadays, substitution manually makes IC chip, this programming is also used instead mostly " is patrolled
Volume compiler (logic compiler) " software realizes that software compiler used is similar when it writes with program development,
And the source code before compiling also write by handy specific programming language, this is referred to as hardware description language
(Hardware Description Language, HDL), and HDL is also not only a kind of, but there are many kind, such as ABEL
(Advanced Boolean Expression Language)、AHDL(Altera Hardware Description
Language)、Confluence、CUPL(Cornell University Programming Language)、HDCal、JHDL
(Java Hardware Description Language)、Lava、Lola、MyHDL、PALASM、RHDL(Ruby
Hardware Description Language) etc., VHDL (Very-High-Speed is most generally used at present
Integrated Circuit Hardware Description Language) and Verilog.Those skilled in the art also answer
This understands, it is only necessary to method flow slightly programming in logic and is programmed into integrated circuit with above-mentioned several hardware description languages,
The hardware circuit for realizing the logical method process can be readily available.
Controller can be implemented in any suitable manner, for example, controller can take such as microprocessor or processing
The computer for the computer readable program code (such as software or firmware) that device and storage can be executed by (micro-) processor can
Read medium, logic gate, switch, specific integrated circuit (Application Specific Integrated Circuit,
ASIC), the form of programmable logic controller (PLC) and insertion microcontroller, the example of controller includes but is not limited to following microcontroller
Device: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicone Labs C8051F320 are deposited
Memory controller is also implemented as a part of the control logic of memory.It is also known in the art that in addition to
Pure computer readable program code mode is realized other than controller, can be made completely by the way that method and step is carried out programming in logic
Controller is obtained to come in fact in the form of logic gate, switch, specific integrated circuit, programmable logic controller (PLC) and insertion microcontroller etc.
Existing identical function.Therefore this controller is considered a kind of hardware component, and to including for realizing various in it
The device of function can also be considered as the structure in hardware component.Or even, it can will be regarded for realizing the device of various functions
For either the software module of implementation method can be the structure in hardware component again.
System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity,
Or it is realized by the product with certain function.It is a kind of typically to realize that equipment is computer.Specifically, computer for example may be used
Think personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media play
It is any in device, navigation equipment, electronic mail equipment, game console, tablet computer, wearable device or these equipment
The combination of equipment.
For convenience of description, it is divided into various units when description apparatus above with function to describe respectively.Certainly, implementing this
The function of each unit can be realized in the same or multiple software and or hardware when specification.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention
Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more,
The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces
The form of product.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
This specification can describe in the general context of computer-executable instructions executed by a computer, such as journey
Sequence module.Generally, program module include routines performing specific tasks or implementing specific abstract data types, programs, objects,
Component, data structure etc..This specification can also be practiced in a distributed computing environment, in these distributed computing environment
In, by executing task by the connected remote processing devices of communication network.In a distributed computing environment, program module
It can be located in the local and remote computer storage media including storage equipment.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.In a typical configuration, computer includes at one or more
Manage device (CPU), input/output interface, network interface and memory.
Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/or
The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium
Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves
State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable
Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM),
Digital versatile disc (DVD) or other optical storage, magnetic cassettes, disk storage, quantum memory, based on graphene
Storage medium or other magnetic storage devices or any other non-transmission medium, can be used for storing can be accessed by a computing device
Information.As defined in this article, computer-readable medium does not include temporary computer readable media (transitory media),
Such as the data-signal and carrier wave of modulation.
It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludability
It include so that the process, method, commodity or the equipment that include a series of elements not only include those elements, but also to wrap
Include other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic want
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including described want
There is also other identical elements in the process, method of element, commodity or equipment.
It is above-mentioned that this specification specific embodiment is described.Other embodiments are in the scope of the appended claims
It is interior.In some cases, the movement recorded in detail in the claims or step can be come according to the sequence being different from embodiment
It executes and desired result still may be implemented.In addition, process depicted in the drawing not necessarily require show it is specific suitable
Sequence or consecutive order are just able to achieve desired result.In some embodiments, multitasking and parallel processing be also can
With or may be advantageous.
The term that this specification one or more embodiment uses be only merely for for the purpose of describing particular embodiments, and
It is not intended to be limiting this specification one or more embodiment.In this specification one or more embodiment and the appended claims
Used in the "an" of singular, " described " and "the" be also intended to including most forms, unless context understands earth's surface
Show other meanings.It is also understood that term "and/or" used herein refers to and includes one or more associated list
Any or all of project may combine.
It will be appreciated that though this specification one or more embodiment may using term first, second, third, etc. come
Various information are described, but these information should not necessarily be limited by these terms.These terms are only used to same type of information area each other
It separates.For example, the first information can also be referred to as in the case where not departing from this specification one or more scope of embodiments
Two information, similarly, the second information can also be referred to as the first information.Depending on context, word as used in this is " such as
Fruit " can be construed to " ... when " or " when ... " or " in response to determination ".
The foregoing is merely the preferred embodiments of this specification one or more embodiment, not to limit this theory
Bright book one or more embodiment, all within the spirit and principle of this specification one or more embodiment, that is done is any
Modification, equivalent replacement, improvement etc. should be included within the scope of the protection of this specification one or more embodiment.
Claims (20)
1. a kind of object level receipt storage method based on code mark, comprising:
First block chain node receives the transaction for corresponding to intelligent contract by encryption, includes in the code of the intelligence contract
The object indicated by exposure identifier;
First block chain node decrypts the transaction in credible performing environment, to obtain the code of the intelligent contract;
First block chain node executes the code of the intelligent contract in the credible performing environment, obtains receipt data;
First block chain node stores the receipt data, the corresponding receipt contents of object for indicating the exposed identifier with
Plaintext version storage, remaining receipt contents are stored with ciphertext form.
2. according to the method described in claim 1, the corresponding intelligent contract of the received transaction of the first block chain node, comprising:
The intelligent contract of high level language;Or,
The intelligent contract of bytecode form.
3. according to the method described in claim 2, when the corresponding intelligent contract of the received transaction of the first block chain node is advanced
When the intelligent contract that language is write, the method also includes:
First block chain node is compiled by intelligent contract of the compiler to the high level language, generates bytecode shape
The intelligent contract of formula, to be executed in the credible performing environment.
4. according to the method described in claim 2, when the corresponding intelligent contract of the received transaction of the first block chain node is byte
When the intelligent contract of code form, the intelligent contract of the bytecode form is by client by compiler to high level language
Intelligent contract, which is compiled, to be obtained, and the intelligent contract of the high level language is write in the client by user
It arrives.
5. according to the method described in claim 2, the intelligence of the intelligent contract of the high level language and the bytecode form
Energy contract has identical or corresponding exposed identifier.
6. according to the method described in claim 1, the corresponding intelligent contract of the received transaction of the first block chain node, comprising:
The intelligent contract that user generates on the first block chain node;Or,
The intelligent contract that user generates on the client;Or,
The intelligent contract in transaction that the client is sent by the second block chain node.
7. according to the method described in claim 1, the object that the exposed identifier is indicated includes: receipt field and/or state
Variable.
8. according to the method described in claim 1, the object that the exposed identifier is indicated includes: contract grade object;Firstth area
Block chain node stores the receipt data, comprising:
First block chain node will correspond to the contract grade object when storing the receipt data in the receipt data
All receipt contents are stored with plaintext version.
9. according to the method described in claim 1, the object that the exposed identifier is indicated includes: corresponding to the intelligent contract
Defined at least one event event level object;First block chain node stores the receipt data, comprising:
First block chain node when storing the receipt data, determine to correspond in the receipt data it is described at least one
The receipt contents of event, and the part for corresponding to the event level object in the receipt contents determined is deposited with plaintext version
Storage.
10. according to the method described in claim 1, the first block chain node stores the receipt data, comprising:
First block chain node executes store function code except the credible performing environment, and the receipt data is stored
External memory space except to the credible performing environment.
11. according to the method described in claim 1, the transaction is for creating and/or calling the intelligent contract.
12. according to the method described in claim 1, the key packet that the first block chain node encrypts the receipt field
It includes: the key of symmetric encipherment algorithm or the key of rivest, shamir, adelman.
13. according to the method for claim 12, the key of the symmetric encipherment algorithm includes the first of the client offer
Beginning key;Or, the key of the symmetric encipherment algorithm includes the derivative key that the initial key and impact factor generate.
14. according to the method for claim 13, the transaction is encrypted by the initial key, and the initial key
It is encrypted by the public key of rivest, shamir, adelman;First block chain node is decrypted in credible performing environment in the transaction
The code of the intelligence contract, comprising:
First block chain node decrypts to obtain the initial key with the private key of the rivest, shamir, adelman, and with described initial
Transaction described in key pair is decrypted to obtain the code of the intelligent contract.
15. according to the method for claim 13, the initial key is generated by client;Or, the initial key is by close
Key management server is sent to the client.
16. according to the method for claim 13, the impact factor is related to the transaction.
17. according to the method for claim 16, the impact factor includes: the specific bit of the cryptographic Hash of the transaction.
18. a kind of object level receipt memory node based on code mark, comprising:
Receiving unit receives the transaction for corresponding to intelligent contract by encryption, includes passing through in the code of the intelligence contract
The object that exposure identifier is indicated;
Decryption unit decrypts the transaction in credible performing environment, to obtain the code of the intelligent contract;
Execution unit executes the code of the intelligent contract in the credible performing environment, obtains receipt data;
Storage unit stores the receipt data, and the corresponding receipt contents of object for indicating the exposed identifier are in plain text
Form storage, remaining receipt contents are stored with ciphertext form.
19. a kind of electronic equipment, comprising:
Processor;
Memory for storage processor executable instruction;
Wherein, the processor is by running the executable instruction to realize the side as described in any one of claim 1-17
Method.
20. a kind of computer readable storage medium, is stored thereon with computer instruction, realized such as when which is executed by processor
The step of any one of claim 1-17 the method.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910419755.8A CN110263543B (en) | 2019-05-20 | 2019-05-20 | Object-level receipt storage method and node based on code labeling |
| PCT/CN2020/089381 WO2020233421A1 (en) | 2019-05-20 | 2020-05-09 | Object-level receipt storage method and node based on code marking |
| PCT/CN2020/091408 WO2020233629A1 (en) | 2019-05-20 | 2020-05-20 | Object-level receipt storage method and node based on code labeling |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910419755.8A CN110263543B (en) | 2019-05-20 | 2019-05-20 | Object-level receipt storage method and node based on code labeling |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110263543A true CN110263543A (en) | 2019-09-20 |
| CN110263543B CN110263543B (en) | 2021-06-01 |
Family
ID=67914777
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910419755.8A Active CN110263543B (en) | 2019-05-20 | 2019-05-20 | Object-level receipt storage method and node based on code labeling |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN110263543B (en) |
| WO (1) | WO2020233629A1 (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111222157A (en) * | 2019-10-30 | 2020-06-02 | 支付宝(杭州)信息技术有限公司 | Method and device for inquiring block chain private data |
| WO2020233421A1 (en) * | 2019-05-20 | 2020-11-26 | 创新先进技术有限公司 | Object-level receipt storage method and node based on code marking |
| WO2020233638A1 (en) * | 2019-05-20 | 2020-11-26 | 创新先进技术有限公司 | Receipt storage method and node based on code labeling and transaction type |
| WO2020233634A1 (en) * | 2019-05-20 | 2020-11-26 | 创新先进技术有限公司 | Method and node for receipt storage combining transaction and event type condition restrictions |
| WO2020233629A1 (en) * | 2019-05-20 | 2020-11-26 | 创新先进技术有限公司 | Object-level receipt storage method and node based on code labeling |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107342858A (en) * | 2017-07-05 | 2017-11-10 | 武汉凤链科技有限公司 | A kind of intelligent contract guard method and system based on trusted context |
| CN107770182A (en) * | 2017-10-30 | 2018-03-06 | 中国联合网络通信集团有限公司 | The date storage method and home gateway of home gateway |
| CN108776936A (en) * | 2018-06-05 | 2018-11-09 | 中国平安人寿保险股份有限公司 | Settlement of insurance claim method, apparatus, computer equipment and storage medium |
| CN109522328A (en) * | 2018-12-27 | 2019-03-26 | 石更箭数据科技(上海)有限公司 | A kind of data processing method and its device, medium, terminal |
| CN109547477A (en) * | 2018-12-27 | 2019-03-29 | 石更箭数据科技(上海)有限公司 | A kind of data processing method and its device, medium, terminal |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017090041A1 (en) * | 2015-11-24 | 2017-06-01 | Ben-Ari Adi | A system and method for blockchain smart contract data privacy |
| CN105653973A (en) * | 2015-12-16 | 2016-06-08 | 金蝶软件(中国)有限公司 | Data encryption method and apparatus based on business platform |
| CN107294709A (en) * | 2017-06-27 | 2017-10-24 | 阿里巴巴集团控股有限公司 | A kind of block chain data processing method, apparatus and system |
| CN108052321B (en) * | 2017-12-28 | 2020-12-25 | 杭州趣链科技有限公司 | Method for automatically generating intelligent contract of block chain based on configuration information |
| CN110245945B (en) * | 2019-05-20 | 2021-03-23 | 创新先进技术有限公司 | Receipt storage method and node combining code marking and user type |
| CN110245503B (en) * | 2019-05-20 | 2021-04-27 | 创新先进技术有限公司 | Receipt storage method and node combining code marking and judging conditions |
| CN110263543B (en) * | 2019-05-20 | 2021-06-01 | 创新先进技术有限公司 | Object-level receipt storage method and node based on code labeling |
-
2019
- 2019-05-20 CN CN201910419755.8A patent/CN110263543B/en active Active
-
2020
- 2020-05-20 WO PCT/CN2020/091408 patent/WO2020233629A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107342858A (en) * | 2017-07-05 | 2017-11-10 | 武汉凤链科技有限公司 | A kind of intelligent contract guard method and system based on trusted context |
| CN107770182A (en) * | 2017-10-30 | 2018-03-06 | 中国联合网络通信集团有限公司 | The date storage method and home gateway of home gateway |
| CN108776936A (en) * | 2018-06-05 | 2018-11-09 | 中国平安人寿保险股份有限公司 | Settlement of insurance claim method, apparatus, computer equipment and storage medium |
| CN109522328A (en) * | 2018-12-27 | 2019-03-26 | 石更箭数据科技(上海)有限公司 | A kind of data processing method and its device, medium, terminal |
| CN109547477A (en) * | 2018-12-27 | 2019-03-29 | 石更箭数据科技(上海)有限公司 | A kind of data processing method and its device, medium, terminal |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020233421A1 (en) * | 2019-05-20 | 2020-11-26 | 创新先进技术有限公司 | Object-level receipt storage method and node based on code marking |
| WO2020233638A1 (en) * | 2019-05-20 | 2020-11-26 | 创新先进技术有限公司 | Receipt storage method and node based on code labeling and transaction type |
| WO2020233634A1 (en) * | 2019-05-20 | 2020-11-26 | 创新先进技术有限公司 | Method and node for receipt storage combining transaction and event type condition restrictions |
| WO2020233629A1 (en) * | 2019-05-20 | 2020-11-26 | 创新先进技术有限公司 | Object-level receipt storage method and node based on code labeling |
| CN111222157A (en) * | 2019-10-30 | 2020-06-02 | 支付宝(杭州)信息技术有限公司 | Method and device for inquiring block chain private data |
| CN111222157B (en) * | 2019-10-30 | 2021-03-23 | 支付宝(杭州)信息技术有限公司 | Method and device for inquiring block chain private data |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2020233629A1 (en) | 2020-11-26 |
| CN110263543B (en) | 2021-06-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110264195A (en) | It is marked and transaction, the receipt storage method of user type and node in conjunction with code | |
| CN110033368A (en) | The method of secret protection is realized in block chain | |
| CN110266644A (en) | In conjunction with the receipt storage method and node of code mark and type of transaction | |
| CN110223172A (en) | The receipt storage method and node of conditional combination code mark and type dimension | |
| CN110032883A (en) | Method, system and the node of secret protection are realized in block chain | |
| CN109831298A (en) | The method of security update key and node, storage medium in block chain | |
| CN110245945A (en) | In conjunction with the receipt storage method and node of code mark and user type | |
| CN110245490A (en) | The receipt storage method and node of conditional combination code mark and type dimension | |
| CN110263087A (en) | Receipt storage method and node based on various dimensions information and with condition limitation | |
| CN110264196A (en) | In conjunction with the conditional receipt storage method and node of code mark and user type | |
| CN110263544A (en) | In conjunction with the receipt storage method and node of type of transaction and Rule of judgment | |
| CN110245946A (en) | In conjunction with the receipt storage method and node of code mark and polymorphic type dimension | |
| CN110264198A (en) | In conjunction with the conditional receipt storage method and node of code mark and type of transaction | |
| CN110020855A (en) | Method, the node, storage medium of secret protection are realized in block chain | |
| CN110245503A (en) | In conjunction with the receipt storage method and node of code mark and Rule of judgment | |
| CN110278193A (en) | It is marked and transaction, the receipt storage method of event type and node in conjunction with code | |
| CN110033267A (en) | Method, node, system and the storage medium of secret protection are realized in block chain | |
| CN110263091A (en) | In conjunction with code mark and user, the receipt storage method of event type and node | |
| CN110263086A (en) | In conjunction with the receipt storage method and node of user type and event functions type | |
| CN110245504A (en) | The receipt storage method and node limited in conjunction with the condition of polymorphic type dimension | |
| CN110245947A (en) | The receipt storage method and node limited in conjunction with the condition of transaction and user type | |
| CN110245942A (en) | In conjunction with the receipt storage method and node of user type and Rule of judgment | |
| CN110032884A (en) | The method and node, storage medium of secret protection are realized in block chain | |
| CN110263543A (en) | Object level receipt storage method and node based on code mark | |
| CN110008736A (en) | The method and node, storage medium of secret protection are realized in block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20200927 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Applicant after: Innovative advanced technology Co.,Ltd. Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Applicant before: Advanced innovation technology Co.,Ltd. Effective date of registration: 20200927 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Applicant after: Advanced innovation technology Co.,Ltd. Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands Applicant before: Alibaba Group Holding Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |