CN112910641B - Verification method and device for cross-link transaction supervision, relay link node and medium - Google Patents

Verification method and device for cross-link transaction supervision, relay link node and medium Download PDF

Info

Publication number
CN112910641B
CN112910641B CN202110216464.6A CN202110216464A CN112910641B CN 112910641 B CN112910641 B CN 112910641B CN 202110216464 A CN202110216464 A CN 202110216464A CN 112910641 B CN112910641 B CN 112910641B
Authority
CN
China
Prior art keywords
ciphertext
transaction
relay
key
supervision
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110216464.6A
Other languages
Chinese (zh)
Other versions
CN112910641A (en
Inventor
邱炜伟
李伟
蔡亮
汪小益
方宝珠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Qulian Technology Co Ltd
Original Assignee
Hangzhou Qulian Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Qulian Technology Co Ltd filed Critical Hangzhou Qulian Technology Co Ltd
Priority to CN202110216464.6A priority Critical patent/CN112910641B/en
Publication of CN112910641A publication Critical patent/CN112910641A/en
Application granted granted Critical
Publication of CN112910641B publication Critical patent/CN112910641B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Abstract

The application is applicable to the technical field of block chains, and particularly relates to a verification method, a verification device, a relay link node and a medium for cross-chain transaction supervision. According to the method, the relay ciphertext and the first supervision ciphertext are obtained, the relay ciphertext is decrypted in a trusted execution environment to obtain a transaction key, the obtained transaction key is encrypted to obtain a second supervision ciphertext, the second supervision ciphertext and the first supervision ciphertext are subjected to first verification, if the verification is passed, the first supervision ciphertext and the transaction ciphertext are sent to a supervision party, and the supervision party obtains the transaction key through the first supervision ciphertext.

Description

Verification method and device for cross-link transaction supervision, relay link node and medium
Technical Field
The present application belongs to the field of block chain technology, and in particular, to a verification method, apparatus, relay link node, and medium for monitoring cross-link transactions.
Background
At present, different application systems may be configured with different blockchains, data interaction between different blockchains is usually required due to business requirements, and data interaction between different blockchains is generally referred to as cross-chain transaction. In the cross-link transaction, the transaction information is encrypted by the transaction key agreed by the two transaction parties, so that the third party cannot acquire the transaction information, and at the moment, if the monitoring party needs to monitor the cross-link transaction, the transaction initiating party needs to provide the transaction key for the monitoring party, so that the monitoring party can decrypt the transaction ciphertext to acquire the transaction information. However, the transaction initiator may provide a false transaction key, so that the monitor cannot decrypt accurate transaction information, and cannot effectively monitor the cross-link transaction, which may cause illegal transactions.
Disclosure of Invention
In view of this, embodiments of the present application provide a verification method, an apparatus, a relay link node, and a medium for monitoring a cross-link transaction, so as to solve a problem that a transaction key provided by a transaction initiator cannot be verified in the prior art, which results in that the cross-link transaction cannot be effectively monitored.
In a first aspect, an embodiment of the present application provides a verification method for cross-link transaction supervision, which is applied to a relay link node, and the verification method includes:
acquiring a relay ciphertext and a first supervision ciphertext aiming at a transaction ciphertext, wherein the relay ciphertext is a ciphertext obtained by encrypting a transaction key by using a relay key, the first supervision ciphertext is a ciphertext obtained by encrypting the transaction key by using a supervision key, the transaction key is used for encrypting cross-link transaction information, and the transaction ciphertext is a ciphertext obtained by encrypting the cross-link transaction information by using the transaction key;
decrypting the relay ciphertext by using the relay secret key in a trusted execution environment to obtain the transaction secret key;
encrypting the obtained transaction key by using the supervision key in the trusted execution environment to obtain a second supervision ciphertext;
and performing first verification on the second supervision ciphertext and the first supervision ciphertext, and sending the first supervision ciphertext and the transaction ciphertext to a supervisor after the first verification is passed.
In a second aspect, an embodiment of the present application provides an authentication apparatus for cross-link transaction supervision, which is applied to a relay link node, and the authentication apparatus includes:
the system comprises a first acquisition module, a second acquisition module and a first supervision module, wherein the first acquisition module is used for acquiring a relay ciphertext and a first supervision ciphertext aiming at a transaction ciphertext, the relay ciphertext is a ciphertext obtained by encrypting a transaction key by using a relay key, the first supervision ciphertext is a ciphertext obtained by encrypting the transaction key by using a supervision key, the transaction key is used for encrypting cross-link transaction information, and the transaction ciphertext is a ciphertext obtained by encrypting the cross-link transaction information by using the transaction key;
the relay decryption module is used for decrypting the relay ciphertext by using the relay key in a trusted execution environment to obtain the transaction key;
the supervision encryption module is used for encrypting the obtained transaction key by using the supervision key in the trusted execution environment to obtain a second supervision ciphertext;
and the first verification module is used for performing first verification on the second supervision ciphertext and the first supervision ciphertext and sending the first supervision ciphertext and the transaction ciphertext to a supervisor after the first verification is passed.
In a third aspect, embodiments of the present application provide a relay link node, where the relay link node includes a processor, a memory, and a computer program stored in the memory and executable on the processor, and the processor, when executing the computer program, implements the authentication method according to the first aspect.
In a fourth aspect, embodiments of the present application provide a computer-readable storage medium, where a computer program is stored, and the computer program, when executed by a processor, implements the authentication method according to the first aspect.
In a fifth aspect, an embodiment of the present application provides a computer program product, which, when running on a relay link node, causes the relay link node to perform the authentication method described in the first aspect.
Compared with the prior art, the embodiment of the application has the advantages that: according to the method and the system, the relay ciphertext and the first supervision ciphertext are obtained, the relay ciphertext is decrypted in the trusted execution environment to obtain the transaction key, the obtained transaction key is encrypted to obtain the second supervision ciphertext, the second supervision ciphertext and the first supervision ciphertext are subjected to first verification, if the verification is passed, the first supervision ciphertext and the transaction ciphertext are sent to the supervisor, and the supervisor obtains the transaction key through the first supervision ciphertext.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a schematic flowchart of a verification method for cross-chain transaction supervision according to a first embodiment of the present application;
fig. 2 is a schematic flowchart of a verification method for cross-chain transaction supervision according to a second embodiment of the present application;
FIG. 3 is an interaction diagram of a cross-chain transaction provided in the second embodiment of the present application;
fig. 4 is a schematic structural diagram of a verification apparatus for cross-chain transaction supervision according to a third embodiment of the present application;
fig. 5 is a schematic structural diagram of a relay chain node according to a fourth embodiment of the present application.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It should also be understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
As used in this specification and the appended claims, the term "if" may be interpreted contextually as "when", "upon" or "in response to" determining "or" in response to detecting ". Similarly, the phrase "if it is determined" or "if a [ described condition or event ] is detected" may be interpreted contextually to mean "upon determining" or "in response to determining" or "upon detecting [ described condition or event ]" or "in response to detecting [ described condition or event ]".
Furthermore, in the description of the present application and the appended claims, the terms "first," "second," "third," and the like are used for distinguishing between descriptions and not necessarily for describing or implying relative importance.
Reference throughout this specification to "one embodiment" or "some embodiments," or the like, means that a particular feature, structure, or characteristic described in connection with the embodiment is included in one or more embodiments of the present application. Thus, appearances of the phrases "in one embodiment," "in some embodiments," "in other embodiments," or the like, in various places throughout this specification are not necessarily all referring to the same embodiment, but rather "one or more but not all embodiments" unless specifically stated otherwise. The terms "comprising," "including," "having," and variations thereof mean "including, but not limited to," unless expressly specified otherwise.
The verification method for cross-chain transaction supervision provided by the embodiment of the application can be applied to devices such as a palm computer, a desktop computer, a notebook computer, a super-mobile personal computer (UMPC), a netbook, a cloud server, a Personal Digital Assistant (PDA) and the like, the devices are nodes in a relay chain, and the specific type of the relay chain node is not limited in the embodiment of the application.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.
In order to explain the technical means of the present application, the following description will be given by way of specific examples.
Referring to fig. 1, which is a schematic flowchart of a verification method for cross-chain transaction supervision according to an embodiment of the present disclosure, the verification method is executed in a node of a relay chain, as shown in fig. 1, and the verification method may include the following steps:
and step S101, acquiring a relay ciphertext and a first supervision ciphertext aiming at the transaction ciphertext.
The relay cipher text is obtained by encrypting the transaction key by using the relay key, and the transaction key is used for encrypting the cross-link transaction information. In the process of cross-chain transaction, in order to avoid leakage of cross-chain transaction information, an initiator of the cross-chain transaction needs to encrypt the cross-chain transaction information, and a key used for encryption is a transaction key. If the relay chain needs to verify the cross-chain transaction, a transaction key needs to be obtained, in order to avoid the leakage of the transaction key, an initiator of the cross-chain transaction also needs to encrypt the transaction key, and the key used for encryption is the relay key. If the relay key is a pair of asymmetric keys, the relay chain provides a public key of the relay key to the initiator, the initiator encrypts the transaction key by using the public key of the relay key to obtain a relay ciphertext, and a private key of the relay key is stored in the relay chain and used for decrypting the relay ciphertext. The transaction ciphertext is a ciphertext obtained by encrypting the cross-link transaction information by using the transaction key.
The transaction key may be a pair of symmetric keys negotiated by a cross-chain gateway of a source chain (i.e., an application chain to which an initiator of the cross-chain transaction belongs) and a cross-chain gateway of a destination chain (i.e., an application chain to which a receiver of the cross-chain transaction belongs) of the cross-chain transaction.
A cross-link gateway of a source chain sends a cross-link transaction file to a relay chain, and the relay chain acquires a relay ciphertext and a first supervision ciphertext from the cross-link transaction file to execute subsequent steps; and the cross-link gateway of the destination chain acquires the transaction ciphertext in the cross-link transaction file from the relay chain.
The cross-chain transaction information may refer to transaction content of cross-chain transaction, and may include information such as a transaction source chain address, a destination chain address, a contract address on a call destination chain, a call function name, and a parameter of a call function.
The first supervision ciphertext is a ciphertext obtained by encrypting the transaction key with the supervision key. In order to realize supervision on the cross-chain transaction, an initiator of the cross-chain transaction needs to provide an encrypted ciphertext of the cross-chain transaction information and a transaction key to a supervisor. Likewise, to avoid the leakage of the transaction key, the supervisory party provides the initiator of the cross-chain transaction with a supervisory key, which is used to encrypt the transaction key. If the supervision key is a pair of asymmetric keys, the supervision key provided by the initiator of the cross-link transaction by the supervision party is a public key, and a private key of the supervision key is stored in the supervision party and is used for decrypting the first supervision ciphertext.
Optionally, before obtaining the relay ciphertext and the first supervision ciphertext, the method further includes:
acquiring a relay key;
the relay key is sent to a source chain, the source chain is an application chain for initiating cross-chain transaction information, and the relay key is used for indicating the source chain to encrypt the transaction key by using the relay key to obtain a relay ciphertext;
accordingly, obtaining the relay ciphertext and the first supervision ciphertext comprises:
and acquiring the relay ciphertext and the first supervision ciphertext from the source chain.
The relay chain needs to send the relay key to the source chain, so that the initiator encrypts the transaction key of the cross-chain transaction. The relay key sent to the source chain is the public key of the relay key, and the private key of the relay key is stored in the relay chain.
Optionally, when the relay link node is a master node in the relay link, acquiring the relay key includes:
generating a relay key in the trusted execution environment;
when the relay link node is a slave node on the relay link, acquiring the relay key includes:
and acquiring the relay key from the main node.
The relay link node executing the verification method may be a master node or a slave node on the relay link. The master node may refer to a relay link node capable of generating a relay key in a trusted execution environment, where if the relay key is a pair of asymmetric keys, the generated relay key includes a private key and a public key.
A slave node may refer to a relay chain node that is unable to generate a relay key in a trusted execution environment. The slave node cannot generate the relay key, but can obtain the relay key from the master node, for example, in a trusted execution environment, the master node broadcasts the relay key to the slave node. When the relay key is a pair of asymmetric keys, the relay key obtained from the node at least comprises a private key.
And S102, decrypting the relay ciphertext by using the relay key in the trusted execution environment to obtain the transaction key.
The Trusted Execution Environment (TEE) may be a secure area within a Central Processing Unit (CPU) of the relay link node. The TEE runs in a separate environment and in parallel with the operating system. TEE requires corresponding software and hardware to be configured in the relay link nodes to enable the relay link nodes to provide a trusted execution environment.
The relay cipher text is encrypted by the relay key, so that the relay cipher text can be decrypted by the relay key to obtain the transaction key which is the content in the relay cipher text. And if the relay secret key is a pair of asymmetric secret keys, decrypting the relay ciphertext by using the private key of the relay secret key.
And step S103, encrypting the obtained transaction key by using the supervision key in the trusted execution environment to obtain a second supervision ciphertext.
The supervision key is provided to the relay chain by the supervisor, and if the supervision key is a pair of asymmetric keys, the supervision key provided to the relay chain is a public key, which is the same as the public key provided to the initiator in step S101. And encrypting the transaction key obtained by decryption in the step S102 by using the public key of the supervision key to obtain a ciphertext of the transaction key.
And step S104, performing first verification on the second supervision ciphertext and the first supervision ciphertext, and sending the first supervision ciphertext and the transaction ciphertext to the supervisor after the first verification is passed.
The first verification may refer to comparing the first supervision ciphertext with the second supervision ciphertext to determine whether the two supervision ciphertexts are consistent. And if the two supervision ciphertexts are consistent, the first verification is passed. For example, the occupied storage space of the first supervision ciphertext is compared to the occupied storage space of the second supervision ciphertext, or the length of the first supervision ciphertext is compared to the length of the second supervision ciphertext.
The first verification determines the authenticity of the first supervision ciphertext and sends the first supervision ciphertext to the supervisor, so that the supervisor can decrypt the first supervision ciphertext to obtain a real and effective transaction key.
According to the embodiment of the application, the relay ciphertext and the first supervision ciphertext are obtained, the relay ciphertext is decrypted in the trusted execution environment to obtain the transaction key, the obtained transaction key is encrypted to obtain the second supervision ciphertext, the second supervision ciphertext and the first supervision ciphertext are subjected to first verification, if the verification is passed, the first supervision ciphertext and the transaction ciphertext are sent to the supervision party, and the supervision party obtains the transaction key through the first supervision ciphertext.
Referring to fig. 2, it is a schematic flowchart of a verification method for cross-link transaction supervision according to the second embodiment of the present application, where the verification method may be used in a relay link node, as shown in fig. 2, the verification method may include the following steps:
step S201, a relay ciphertext and a first supervision ciphertext are obtained.
The content of step S201 is the same as that of step S101, and reference may be made to the description of step S101, which is not described herein again.
Step S202, obtaining a transaction ciphertext of the cross-chain transaction information.
The transaction ciphertext is a ciphertext obtained by encrypting the cross-link transaction information by using the transaction key. And the cross-link gateway of the source chain encrypts the cross-link transaction information by using the transaction key to obtain a transaction ciphertext, and sends the obtained transaction ciphertext, the relay ciphertext, the first supervision ciphertext and the like as a cross-link transaction file to the relay chain. And the relay link node acquires a transaction ciphertext from the cross-link transaction file.
And step S203, decrypting the relay ciphertext by using the relay key in the trusted execution environment to obtain the transaction key.
And step S204, encrypting the obtained transaction key by using the supervision key in the trusted execution environment to obtain a second supervision ciphertext.
The contents of step S203 and step S204 are the same as those of step S102 and step S103, and reference may be made to the description of step S102 and step S103, which is not repeated herein.
And S205, performing first verification on the second supervision ciphertext and the first supervision ciphertext, and sending the transaction ciphertext to the destination chain after the first verification is passed.
Wherein the destination chain is an application chain that receives cross-chain transaction information. The first verification may refer to the description of step S104 above, and after the first verification is passed, the transaction ciphertext is sent to the destination chain to complete the cross-chain transaction.
Step S206, the first supervision ciphertext and the transaction ciphertext are sent to the supervisor.
The supervisor can supervise the cross-chain transaction, namely acquiring a first supervision ciphertext.
Optionally, the sending the first supervision ciphertext and the transaction ciphertext to the supervisor includes:
and if a transaction supervision request sent by the supervisor is received, sending a first supervision ciphertext and the transaction ciphertext to the supervisor.
And the relay link point responds to the supervision transaction request and sends the first supervision ciphertext of the cross-link transaction to the destination chain. And after the monitoring party acquires the first monitoring ciphertext, the monitoring party decrypts the first monitoring ciphertext through the monitoring key to obtain the transaction key.
And the relay link node also sends a transaction ciphertext to the supervisor when sending the first supervision ciphertext, and decrypts the transaction ciphertext by using the obtained transaction key, so that the cross-link transaction information can be obtained, and the cross-link transaction is supervised.
The supervisor can also deploy a relay chain node, and the supervisor can take the data of the cross-chain transaction from the relay chain node at any time without sending a transaction supervision request to the relay chain node.
Optionally, the verification method further includes:
decrypting the transaction ciphertext by using the obtained transaction key in the trusted execution environment to obtain cross-chain transaction information;
performing second verification on the cross-chain transaction information;
accordingly, after the first verification passes, sending the transaction cryptograph to the destination chain comprises:
and after the first verification and the second verification are passed, transmitting the transaction ciphertext to a destination chain.
In order to ensure the existence, validity and the like of the cross-chain transaction, the cross-chain transaction information needs to be verified. Therefore, the transaction cipher text is decrypted through the transaction key obtained through confidentiality, the cross-chain transaction information is obtained, and the cross-chain transaction information is verified.
When the first verification and the second verification both pass, it can be determined that the cross-chain transaction exists and is valid, and can be effectively supervised by the supervisor.
Optionally, the cross-chain transaction information includes a cross-chain transaction certificate;
accordingly, second verifying the cross-chain transaction information includes:
and verifying the cross-chain transaction certificate based on a verification rule corresponding to a source chain in the trusted execution environment, wherein the source chain is an application chain for initiating cross-chain transaction information, and the verification rule is a rule recorded in a relay chain node.
The cross-chain transaction proof can be a basis for proving that the cross-chain transaction exists and is effective. The verification rule may refer to a condition set according to a requirement, and when the set condition is met, the verification is regarded as passed, and when the set condition is not met, the verification is regarded as failed.
The validation rules may be rules that have been registered on the relay chain, which may be recorded in a validation engine of the relay chain. The verification rules corresponding to different block chains may be different, and therefore, in the second verification process, the relay chain adopts the verification rule corresponding to the source chain.
Fig. 3 is an interaction diagram of a cross-chain transaction according to the second embodiment of the present application. In a specific example, the application chain a corresponds to a source chain, the application chain B corresponds to a destination chain, the application chain a is connected to the relay node through a cross-chain gateway a, the application chain B is connected to the relay node through a cross-chain gateway B, and the supervision department corresponds to the supervisor.
The specific process of cross-chain transaction is as follows:
first, the master node of the relay chain needs to generate a pair of asymmetric keys KpubAnd Kpri(i.e., relay key), K is addedpubAnd KpriBroadcasting to all relay chain nodes, negotiating a pair of symmetric key (transaction key) by the cross-chain gateway a of the application chain A and the cross-chain gateway B of the application chain B, and generating a pair of asymmetric key K by the supervision departmentpub1And Kpri1(i.e., the supervisory key).
The application chain A sends the transaction content info to the cross-chain gateway a, and the transaction content info contains information such as a transaction source chain address, a destination chain address, a contract address on a call destination chain, a call function name, parameters of a call function and the like, and a transaction proof.
The cross-link gateway a encrypts the cross-link transaction information info by using a transaction key to obtain a transaction ciphertext (info) key; public key K using relay keypubEncrypting the transaction key to obtain the relay cryptogram (key)Kpub(ii) a Public key K using supervision keyspub1Encrypting the transaction key to obtain the first keyPipe cipher text (key)Kpub1
The cross-chain gateway a combines a transaction ciphertext (info) key and ciphertext (key) of two keysKpub、(key)Kpub1Packed together as a transaction Tx sent to any node of the relay chain.
The relay link node receiving the transaction Tx broadcasts the transaction Tx to all relay link nodes in the relay link, each relay link node using the relay key's private key K in the trusted execution environmentpriDecryption relay ciphertext (key)KpubGet the key, then use the key to decrypt the transaction ciphertext (info)keyAnd obtaining cross-chain transaction information info. And the relay link node calls a verification rule recorded in a verification engine to verify the existence and the validity of the transaction proof in the cross-link transaction information info.
Relay chain node uses public key K in supervision key of supervision departmentpub1Encrypting the decrypted key to obtain a second supervision ciphertext (key)Kpub1', comparison (key)Kpub1And (key)Kpub1Whether or not to agree.
If the transaction proves proof of verification, and (key)Kpub1And (key)Kpub1'consistent' then the relay link node will trade ciphertext (info)keyTo the cross-chain gateway B of the application chain B to continue to complete the cross-chain transaction.
The supervision department requests the supervision transaction from the relay node, the relay node sends the transaction Tx to the supervision department, and the supervision department uses the private key K of the supervision keypri1Decrypting (key) in transaction TxKpub1Get the transaction key, then use the key to decrypt (info) in the transaction TxkeyAnd obtaining cross-chain transaction information info, and checking the info content for transaction supervision.
According to the embodiment of the application, cross-link transaction between the source chain and the destination chain can be realized, the existence and the effectiveness of the cross-link transaction are verified, and the first supervision ciphertext and the transaction ciphertext are sent to the supervisor, so that the supervisor supervises conveniently.
The verification method for cross-chain transaction supervision corresponding to the above embodiment is applied to a relay chain node, and fig. 4 shows a structural block diagram of a verification apparatus for cross-chain transaction supervision provided in the third embodiment of the present application, and for convenience of explanation, only the part related to the embodiment of the present application is shown.
Referring to fig. 4, the authentication apparatus includes:
a first obtaining module 41, configured to obtain a relay ciphertext and a first supervision ciphertext that are based on the transaction ciphertext, where the relay ciphertext is a ciphertext obtained by encrypting the transaction key with a relay key, the first supervision ciphertext is a ciphertext obtained by encrypting the transaction key with a supervision key, the transaction key is used to encrypt the cross-link transaction information, and the transaction ciphertext is a ciphertext obtained by encrypting the cross-link transaction information with the transaction key;
the relay decryption module 42 is configured to decrypt the relay ciphertext using the relay key in the trusted execution environment to obtain the transaction key;
the supervision encryption module 43 is configured to encrypt the obtained transaction key by using the supervision key in the trusted execution environment to obtain a second supervision ciphertext;
and the first verification module 44 is configured to perform first verification on the second supervision ciphertext and the first supervision ciphertext, and send the first supervision ciphertext and the transaction ciphertext to the supervisor after the first verification is passed.
Optionally, the verification apparatus further includes:
the second acquisition module is used for acquiring a transaction ciphertext of the cross-link transaction information, wherein the transaction ciphertext is a ciphertext obtained by encrypting the cross-link transaction information by using a transaction key;
accordingly, the first authentication module 44 includes:
the first sending unit is used for sending the transaction ciphertext to a destination chain after the first verification is passed, wherein the destination chain is an application chain for receiving cross-chain transaction information;
and the second sending unit is used for sending the first supervision ciphertext and the transaction ciphertext to the supervisor.
Optionally, the verification apparatus further includes:
the transaction decryption module is used for decrypting the transaction ciphertext by using the obtained transaction key in the trusted execution environment to obtain cross-link transaction information;
the second verification module is used for performing second verification on the cross-chain transaction information;
accordingly, the first authentication module 44 is configured to:
and after the first verification and the second verification are passed, sending the transaction ciphertext to the destination chain.
Optionally, the cross-chain transaction information includes a cross-chain transaction certificate;
correspondingly, the second verification module is specifically configured to:
and verifying the cross-chain transaction certificate based on a verification rule corresponding to a source chain in the trusted execution environment, wherein the source chain is an application chain for initiating cross-chain transaction information, and the verification rule is a rule recorded in a relay chain node.
Optionally, the second sending unit is specifically configured to:
and if a transaction supervision request sent by the supervisor is received, sending a first supervision ciphertext and the transaction ciphertext to the supervisor.
Optionally, the verification apparatus further includes:
a third obtaining module, configured to obtain a relay key;
the sending module is used for sending the relay key to a source chain, the source chain is an application chain for initiating cross-chain transaction information, and the relay key is used for indicating the source chain to encrypt the transaction key by using the relay key to obtain a relay ciphertext;
correspondingly, the first obtaining module 41 is specifically configured to:
and acquiring the relay ciphertext and the first supervision ciphertext from the source chain.
Optionally, when the relay link node is a master node in the relay link, the third obtaining module includes:
a key generation unit for generating a relay key in a trusted execution environment;
when the relay link node is a slave node on the relay link, the third obtaining module includes:
and the relay key acquisition unit is used for acquiring the relay key from the main node.
It should be noted that, because the contents of information interaction, execution process, and the like between the modules are based on the same concept as that of the embodiment of the method of the present application, specific functions and technical effects thereof may be specifically referred to a part of the embodiment of the method, and details are not described here.
Fig. 5 is a schematic structural diagram of a relay link node according to a fourth embodiment of the present application. As shown in fig. 5, the relay link node 5 of the embodiment includes: at least one processor 50 (only one shown in fig. 5), a memory 51, and a computer program 52 stored in the memory 51 and executable on the at least one processor 50, the processor 50 when executing the computer program 52 implementing the steps in any of the various embodiments of the authentication method for cross-chain transaction administration described above.
The relay link node may include, but is not limited to, a processor 50, a memory 51. Those skilled in the art will appreciate that fig. 5 is merely an example of the relay link node 5, and does not constitute a limitation to the relay link node 5, and may include more or less components than those shown, or combine some components, or different components, such as an input-output device, a network access device, and the like.
The Processor 50 may be a CPU, and the Processor 50 may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field-Programmable Gate arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 51 may in some embodiments be an internal storage unit of the relay link node 5, such as a hard disk or a memory of the relay link node 5. The memory 51 may also be an external storage device of the relay chain node 5 in other embodiments, such as a plug-in hard disk equipped on the relay chain node 5, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like. Further, the memory 51 may also include both an internal storage unit of the relay link node 5 and an external storage device. The memory 51 is used for storing an operating system, an application program, a BootLoader (BootLoader), data, and other programs, such as program codes of a computer program. The memory 51 may also be used to temporarily store data that has been output or is to be output.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules, so as to perform all or part of the functions described above. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working processes of the units and modules in the above-mentioned apparatus may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again. The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, all or part of the flow of the method of the embodiments described above can be implemented by a computer program, which can be stored in a computer readable storage medium and can implement the steps of the embodiments of the methods described above when the computer program is executed by a processor. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer readable medium may include at least: any entity or device capable of carrying computer program code, recording medium, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, and software distribution media. Such as a usb-disk, a removable hard disk, a magnetic or optical disk, etc. In some jurisdictions, computer-readable media may not be an electrical carrier signal or a telecommunications signal in accordance with legislative and proprietary practices.
When the computer program product runs on the relay link node, the relay link node is enabled to implement the steps in the embodiments of the method.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the technical solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus/relay link node and method may be implemented in other ways. For example, the above-described embodiments of the apparatus/relay chain node are merely illustrative, and for example, the division of modules or units is only one logical function division, and other division manners may be available in actual implementation, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in an electrical, mechanical or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
The above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the embodiments of the present application, and they should be construed as being included in the present application.

Claims (10)

1. A verification method for cross-chain transaction supervision is applied to a relay chain node, and is characterized by comprising the following steps:
acquiring a relay ciphertext and a first supervision ciphertext aiming at a transaction ciphertext, wherein the relay ciphertext is a ciphertext obtained by encrypting a transaction key by using a relay key, the first supervision ciphertext is a ciphertext obtained by encrypting the transaction key by using a supervision key, the transaction key is used for encrypting cross-link transaction information, and the transaction ciphertext is a ciphertext obtained by encrypting the cross-link transaction information by using the transaction key;
decrypting the relay cipher text by using the relay key in a trusted execution environment to obtain the transaction key;
encrypting the obtained transaction key by using the supervision key in the trusted execution environment to obtain a second supervision ciphertext;
and performing first verification on the second supervision ciphertext and the first supervision ciphertext, and sending the first supervision ciphertext and the transaction ciphertext to a supervisor after the first verification is passed.
2. The authentication method according to claim 1, further comprising:
acquiring the transaction ciphertext of the cross-chain transaction information;
accordingly, the sending the first supervision cryptogram and the transaction cryptogram to a supervisor after the first verification passes comprises:
after the first verification is passed, the transaction ciphertext is sent to a destination chain, and the destination chain is an application chain for receiving the cross-chain transaction information;
and sending the first supervision ciphertext and the transaction ciphertext to the supervisor.
3. The authentication method according to claim 2, further comprising:
decrypting the transaction ciphertext by using the obtained transaction key in the trusted execution environment to obtain the cross-chain transaction information;
performing second verification on the cross-chain transaction information;
correspondingly, the sending the transaction ciphertext to the destination chain after the first verification is passed comprises:
and after the first verification and the second verification are both passed, sending the transaction ciphertext to the destination chain.
4. The verification method of claim 3, wherein the cross-chain transaction information comprises cross-chain transaction credentials;
accordingly, the second verifying the cross-chain transaction information comprises:
verifying the cross-chain transaction certificate in the trusted execution environment based on a verification rule corresponding to a source chain, wherein the source chain is an application chain for initiating the cross-chain transaction information, and the verification rule is a rule recorded in the relay chain node.
5. The verification method of claim 2, wherein said sending the first supervisory cryptogram and the transaction cryptogram to the supervisor comprises:
and if a transaction supervision request sent by the supervisor is received, sending the first supervision ciphertext and the transaction ciphertext to the supervisor.
6. The authentication method according to any one of claims 1 to 5, further comprising, before obtaining the relay ciphertext and the first supervision ciphertext:
acquiring the relay key;
sending the relay key to a source chain, wherein the source chain is an application chain for initiating the cross-chain transaction information, and the relay key is used for indicating the source chain to encrypt the transaction key by using the relay key to obtain the relay ciphertext;
accordingly, the obtaining of the relay ciphertext and the first supervision ciphertext comprises:
and acquiring the relay ciphertext and the first supervision ciphertext from the source chain.
7. The authentication method according to claim 6, wherein when the relay chain node is a master node in a relay chain, the obtaining the relay key comprises:
generating the relay key in the trusted execution environment;
when the relay link node is a slave node on the relay link, the obtaining the relay key includes:
and acquiring the relay key from the main node.
8. An authentication apparatus for cross-chain transaction supervision, applied to a relay chain node, the authentication apparatus comprising:
the system comprises a first acquisition module, a second acquisition module and a first supervision module, wherein the first acquisition module is used for acquiring a relay ciphertext and a first supervision ciphertext aiming at a transaction ciphertext, the relay ciphertext is a ciphertext obtained by encrypting a transaction key by using a relay key, the first supervision ciphertext is a ciphertext obtained by encrypting the transaction key by using a supervision key, the transaction key is used for encrypting cross-link transaction information, and the transaction ciphertext is a ciphertext obtained by encrypting the cross-link transaction information by using the transaction key;
the relay decryption module is used for decrypting the relay ciphertext by using the relay secret key in a trusted execution environment to obtain the transaction secret key;
the supervision encryption module is used for encrypting the obtained transaction key by using the supervision key in the trusted execution environment to obtain a second supervision ciphertext;
and the first verification module is used for performing first verification on the second supervision ciphertext and the first supervision ciphertext and sending the first supervision ciphertext and the transaction ciphertext to a supervisor after the first verification is passed.
9. A relay chain node, characterized in that the relay chain node comprises a processor, a memory and a computer program stored in the memory and executable on the processor, the processor implementing the authentication method according to any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the authentication method according to any one of claims 1 to 7.
CN202110216464.6A 2021-02-26 2021-02-26 Verification method and device for cross-link transaction supervision, relay link node and medium Active CN112910641B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110216464.6A CN112910641B (en) 2021-02-26 2021-02-26 Verification method and device for cross-link transaction supervision, relay link node and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110216464.6A CN112910641B (en) 2021-02-26 2021-02-26 Verification method and device for cross-link transaction supervision, relay link node and medium

Publications (2)

Publication Number Publication Date
CN112910641A CN112910641A (en) 2021-06-04
CN112910641B true CN112910641B (en) 2022-06-24

Family

ID=76108467

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110216464.6A Active CN112910641B (en) 2021-02-26 2021-02-26 Verification method and device for cross-link transaction supervision, relay link node and medium

Country Status (1)

Country Link
CN (1) CN112910641B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113595735B (en) * 2021-07-12 2022-11-01 中债金科信息技术有限公司 Supervised privacy protection block chain crossing system based on CP-ABE

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110808999A (en) * 2019-11-12 2020-02-18 中钞信用卡产业发展有限公司杭州区块链技术研究院 Service interaction method, device, equipment and storage medium
CN111797164A (en) * 2020-06-24 2020-10-20 北京荷月科技有限公司 Cross-chain transaction supervision method and system based on block chain
CN111859444A (en) * 2020-06-12 2020-10-30 中国科学院信息工程研究所 Block chain data supervision method and system based on attribute encryption

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2446169A (en) * 2006-12-01 2008-08-06 David Irvine Granular accessibility to data in a distributed and/or corporate network
CN106845960B (en) * 2017-01-24 2018-03-20 上海壹账通区块链科技有限公司 Method for secure transactions and system based on block chain

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110808999A (en) * 2019-11-12 2020-02-18 中钞信用卡产业发展有限公司杭州区块链技术研究院 Service interaction method, device, equipment and storage medium
CN111859444A (en) * 2020-06-12 2020-10-30 中国科学院信息工程研究所 Block chain data supervision method and system based on attribute encryption
CN111797164A (en) * 2020-06-24 2020-10-20 北京荷月科技有限公司 Cross-chain transaction supervision method and system based on block chain

Also Published As

Publication number Publication date
CN112910641A (en) 2021-06-04

Similar Documents

Publication Publication Date Title
CN108282459B (en) Data transmission method and system based on intelligent contract
WO2021022701A1 (en) Information transmission method and apparatus, client terminal, server, and storage medium
CN110519309B (en) Data transmission method, device, terminal, server and storage medium
CN107770159B (en) Vehicle accident data recording method and related device and readable storage medium
WO2022199290A1 (en) Secure multi-party computation
CN114024710B (en) Data transmission method, device, system and equipment
CN112822181A (en) Verification method of cross-chain transaction, terminal device and readable storage medium
CN111181928B (en) Vehicle diagnosis method, server, and computer-readable storage medium
CN112182609A (en) Block chain-based data uplink storage method and tracing method, device and equipment
CN112532393A (en) Verification method of cross-link transaction, relay link node equipment and medium
KR101608815B1 (en) Method and system for providing service encryption in closed type network
CN112823503B (en) Data access method, data access device and mobile terminal
CN102495979B (en) System for realizing credible counting in digital resource transaction
US8612753B2 (en) Method and apparatus for protected code execution on clients
CN115580396B (en) Tight trace query system and method
CN104243452B (en) A kind of cloud computing access control method and system
CN115242553A (en) Data exchange method and system supporting secure multi-party computation
CN112910641B (en) Verification method and device for cross-link transaction supervision, relay link node and medium
CN110796448A (en) Intelligent contract verification method based on block chain, participating node and medium
WO2021170049A1 (en) Method and apparatus for recording access behavior
CN111625815B (en) Data transaction method and device based on trusted execution environment
CN113722749A (en) Data processing method and device for block chain BAAS service based on encryption algorithm
CN111510462A (en) Communication method, system, device, electronic equipment and readable storage medium
CN116881936A (en) Trusted computing method and related equipment
CN108242997B (en) Method and apparatus for secure communication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant