WO2021184970A1

WO2021184970A1 - Method and device for calling contract

Info

Publication number: WO2021184970A1
Application number: PCT/CN2021/074145
Authority: WO
Inventors: 吴行行; 邱鸿霖; 吴因佥
Original assignee: 支付宝(杭州)信息技术有限公司
Priority date: 2020-03-18
Filing date: 2021-01-28
Publication date: 2021-09-23
Also published as: CN111090874A; CN111090874B; CN112199701A

Abstract

A method and device for calling a contract. The method comprises: an off-chain privacy calculation node receives an encrypted calling request, and decrypts the encrypted calling request in an off-chain trusted execution environment to obtain identification information of an off-chain contract and information of incoming parameter data contained in the calling request (102); the off-chain privacy calculation node calls a pre-deployed byte code of the off-chain contract according to the identification information, and executes the byte code by means of a virtual machine deployed in the off-chain trusted execution environment so as to perform off-chain privacy calculation on the incoming parameter data (104); and the off-chain privacy calculation node encrypts an obtained off-chain privacy calculation result in the off-chain trusted execution environment and feeds back the encrypted off-chain privacy calculation result (106). By means of the method, privacy protection can be implemented in a contract calling process.

Description

Method and device for calling contract

Technical field

One or more embodiments of this specification relate to the field of verifiable computing technology, and in particular, to a method and device for invoking a contract.

Background technique

For privacy requirements in various scenarios, one way is to implement privacy protection through encryption technologies such as homomorphic encryption and zero-knowledge proof, but it also brings serious performance losses. Trusted Execution Environment (TEE) is another solution. TEE can play the role of a black box in the hardware. Neither the code executed in the TEE nor the data operating system layer can be peeped, and only the pre-defined interface in the code can operate on it. In terms of efficiency, due to the black-box nature of TEE, plaintext data is calculated in TEE instead of complex cryptographic operations in homomorphic encryption, and there is no loss in the efficiency of the calculation process.

Summary of the invention

In view of this, one or more embodiments of this specification provide a method and device for invoking a contract, which can safely implement the operation of invoking a contract in an off-chain environment.

According to the first aspect of one or more embodiments of this specification, a method for invoking a contract is proposed, which includes: an off-chain private computing node receives an encrypted invocation request, and decrypts the result in an off-chain trusted execution environment. The call request includes the identification information of the off-chain contract and the information of the input data; the off-chain privacy computing node calls the pre-deployed bytecode of the off-chain contract according to the identification information, and deploys it in the The virtual machine in the off-chain trusted execution environment executes the bytecode to perform off-chain privacy calculations on the input parameter data; the off-chain private computing node performs off-chain privacy calculations in the off-chain trusted execution environment The calculation result is encrypted and fed back.

According to the second aspect of one or more embodiments of this specification, a method for invoking a contract is proposed, including: the client generates a call request, the call request includes the identification information of the off-chain contract and the information of the input data; The client sends an encrypted call request to the off-chain private computing node, and after the identification information and the information of the input data are decrypted by the off-chain private computing node in the off-chain trusted execution environment, the The identification information is used to instruct the off-chain private computing node to obtain the bytecode of the off-chain contract, and execute the bytecode through the virtual machine deployed in the trusted execution environment of the off-chain to compare the input data Perform off-chain privacy calculations.

According to the third aspect of one or more embodiments of this specification, a method for invoking a contract is proposed, which includes: a blockchain node obtains an encrypted invocation request, the invocation request includes the identification information and input parameters of the off-chain contract Data information; the blockchain node transmits the encrypted call request to the off-chain private computing node through the oracle mechanism, and the identification information and the information of the incoming parameter data are used by the off-chain private computing node in the chain After being decrypted in the trusted execution environment, the identification information is used to instruct the off-chain private computing node to obtain the bytecode of the off-chain contract, and execute it through the virtual machine deployed in the off-chain trusted execution environment The bytecode is used to perform off-chain privacy calculations on the input parameter data.

The blockchain node receives the off-chain privacy calculation result fed back by the off-chain privacy computing node through the oracle mechanism.

According to the fourth aspect of one or more embodiments of this specification, a method for invoking a contract is proposed, which includes: the control node receives an encrypted invocation request, the invocation request includes the identification information and input data of the off-chain contract The information; the control node forwards the call request to the off-chain privacy computing node selected from the off-chain privacy computing cluster; the control node will receive the off-chain privacy from the off-chain privacy computing node Feedback of calculation results.

According to the fifth aspect of one or more embodiments of this specification, a method for invoking a contract is proposed, which includes: a privacy computing node receives an encrypted invocation request, and decrypts in a trusted execution environment to obtain that the invocation request contains The identification information of the smart contract and the information of the input data; the privacy computing node calls the pre-deployed bytecode of the smart contract according to the identification information, and uses the virtual machine deployed in the trusted execution environment The bytecode is executed to perform private calculations on the input data; the private computing node encrypts and feeds back the obtained private calculation results in a trusted execution environment.

According to the sixth aspect of one or more embodiments of this specification, a method for invoking a contract is proposed, which includes: the client generates a call request, the call request includes the identification information of the smart contract and the information of the input data; The client sends an encrypted call request to the private computing node. After the identification information and the information of the input data are decrypted by the private computing node in a trusted execution environment, the identification information is used to indicate the The privacy computing node obtains the bytecode of the smart contract, and executes the bytecode through a virtual machine deployed in the trusted execution environment to perform a privacy calculation on the input parameter data.

According to the seventh aspect of one or more embodiments of this specification, a method for invoking a contract is proposed, which includes: the control node receives an encrypted invocation request directly sent by the client, the invocation request includes the identification information of the smart contract And the information of the input parameter data; the control node forwards the call request to the private computing node selected from the private computing cluster; the control node feeds back the private computing result received from the private computing node .

According to the eighth aspect of one or more embodiments of this specification, a device for invoking a contract is proposed, including: a receiving and decrypting unit, so that the off-chain privacy computing node receives the encrypted invocation request and trusts it off-chain The execution environment is decrypted to obtain the identification information of the off-chain contract and the information of the incoming parameter data contained in the invocation request; the invocation and execution unit enables the off-chain private computing node to invoke the pre-deployed off-chain according to the identification information The bytecode of the contract, and the bytecode is executed by the virtual machine deployed in the trusted execution environment of the chain to perform the off-chain privacy calculation of the input parameter data; the feedback unit makes the off-chain privacy The computing node encrypts and feeds back the obtained off-chain privacy calculation results in the off-chain trusted execution environment.

According to the ninth aspect of one or more embodiments of this specification, a device for invoking a contract is proposed, which includes: a generating unit that enables the client to generate a call request, the call request including the identification information and input data of the off-chain contract的信息; Sending unit to enable the client to send an encrypted call request to the off-chain private computing node, the identification information and the information of the incoming parameter data are trusted by the off-chain private computing node to execute off-chain After decryption in the environment, the identification information is used to instruct the off-chain private computing node to obtain the bytecode of the off-chain contract, and execute the byte code through the virtual machine deployed in the off-chain trusted execution environment Code to perform off-chain privacy calculations on the incoming parameter data.

According to the tenth aspect of one or more embodiments of this specification, a device for invoking a contract is proposed, which includes: an obtaining unit that enables a blockchain node to obtain an encrypted invoking request, the invoking request including the identifier of the off-chain contract The transmission unit enables the blockchain node to transmit the encrypted call request to the off-chain privacy computing node through the oracle mechanism, and the identification information and the information of the input data are transferred After the off-chain private computing node is decrypted in the off-chain trusted execution environment, the identification information is used to instruct the off-chain private computing node to obtain the bytecode of the off-chain contract, and it can be deployed in the off-chain. The virtual machine in the trusted execution environment executes the bytecode to perform off-chain privacy calculations on the incoming parameter data.

The receiving unit enables the blockchain node to receive the off-chain privacy calculation result fed back by the off-chain privacy computing node through the oracle mechanism.

According to the eleventh aspect of one or more embodiments of this specification, a device for invoking a contract is proposed, which includes: a receiving unit to enable a control node to receive an encrypted invoking request, the invoking request including an identification of the off-chain contract Information and input parameter data; a forwarding unit that enables the control node to forward the call request to the off-chain privacy computing node selected from the off-chain privacy computing cluster; a feedback unit that causes the control node to The off-chain privacy calculation result received by the off-chain privacy computing node is fed back.

According to the twelfth aspect of one or more embodiments of this specification, a device for invoking a contract is proposed, including: a receiving and decrypting unit, so that a private computing node receives an encrypted invoking request, and in a trusted execution environment Decrypt to obtain the identification information of the smart contract and the information of the input parameter data contained in the call request; the call and calculation unit enables the privacy computing node to call the bytecode of the smart contract deployed in advance according to the identification information, and The bytecode is executed by the virtual machine deployed in the trusted execution environment to perform private calculation of the input parameter data; the encryption and feedback unit enables the private computing node to perform verification on the obtained data in the trusted execution environment The privacy calculation results are encrypted and fed back.

According to the thirteenth aspect of one or more embodiments of this specification, a device for invoking a contract is proposed, including: generating a calling request unit to enable the client to generate a calling request, the calling request including the identification information of the smart contract and the input Parameter data information; sending a call request unit to enable the client to send an encrypted call request to a private computing node, and the identification information and the information of the input parameter data are used by the private computing node in a trusted execution environment After the decryption is obtained, the identification information is used to instruct the privacy computing node to obtain the bytecode of the smart contract, and execute the bytecode through the virtual machine deployed in the trusted execution environment to check the input parameters. Data is calculated for privacy.

According to the fourteenth aspect of one or more embodiments of this specification, a device for invoking a contract is proposed, including: a receiving invocation request unit, so that the control node receives an encrypted invoking request directly sent by the client, the invocation The request contains the identification information of the smart contract and the information of the input parameter data; the forwarding call request unit, so that the control node forwards the call request to the privacy computing node selected from the privacy computing cluster; the feedback privacy calculation result unit, Enabling the control node to feed back the privacy calculation result received from the privacy calculation node.

According to a fifteenth aspect of one or more embodiments of this specification, an electronic device is proposed, including: a processor; a memory for storing executable instructions of the processor; wherein the processor runs the executable Instructions to implement the method described in the first aspect, the second aspect, the third aspect, the fourth aspect, the fifth aspect, the sixth aspect, or the seventh aspect.

According to the sixteenth aspect of one or more embodiments of the present specification, a computer-readable storage medium is provided, which stores computer instructions, and when the instructions are executed by a processor, the first aspect, the second aspect, and the first aspect are implemented. The steps of the method described in the third aspect, the fourth aspect, the fifth aspect, the sixth aspect, or the seventh aspect.

In summary, this manual implements an off-chain trusted execution environment on off-chain private computing nodes, so that off-chain private computing nodes can provide a safe and reliable operating environment, and the reliability of the off-chain trusted execution environment can be verified by The remote proof is verified, so that the contract deployed in the off-chain private computing node can be invoked safely and reliably, and the off-chain private computing node can ensure that the off-chain privacy computing is completed safely and faithfully.

Description of the drawings

Fig. 1 is a flowchart of a method for invoking a contract on the side of an off-chain privacy computing node provided by an exemplary embodiment of this specification.

Fig. 2 is a schematic diagram of a scenario for invoking a contract provided by an exemplary embodiment of this specification.

Fig. 3 is a schematic diagram of another scenario for invoking a contract provided by an exemplary embodiment of the present specification.

Fig. 4 is a flowchart of a method for invoking a contract on the client side according to an exemplary embodiment of this specification.

Fig. 5 is a flowchart of a method for invoking a contract on the side of a blockchain node provided by an exemplary embodiment of the present specification.

Fig. 6 is a flowchart of a method for invoking a contract on the control node side provided by an exemplary embodiment of the present specification.

Fig. 7 is a flowchart of another method for invoking a contract on the privacy node side provided by an exemplary embodiment of the present specification.

Fig. 8 is a flowchart of another method for invoking a contract on the client side according to an exemplary embodiment of the present specification.

Fig. 9 is a flowchart of another method for invoking a contract on the control node side provided by an exemplary embodiment of the present specification.

Fig. 10 is a schematic structural diagram of a device provided by an exemplary embodiment.

Fig. 11 is a block diagram of a device for invoking a contract on the side of an off-chain privacy computing node provided by an exemplary embodiment.

Fig. 12 is a block diagram of a device for invoking a contract on the client side according to an exemplary embodiment.

Fig. 13 is a block diagram of an apparatus for invoking a contract on the side of a blockchain node provided by an exemplary embodiment.

Fig. 14 is a block diagram of a device for invoking a contract on the control node side provided by an exemplary embodiment.

Fig. 15 is a block diagram of another device for invoking a contract on the side of a privacy computing node provided by an exemplary embodiment.

Fig. 16 is a block diagram of another device for invoking a contract on the client side according to an exemplary embodiment.

Fig. 17 is a block diagram of another device for invoking a contract on the control node side provided by an exemplary embodiment.

Detailed ways

The exemplary embodiments will be described in detail here, and examples thereof are shown in the accompanying drawings. When the following description refers to the accompanying drawings, unless otherwise indicated, the same numbers in different drawings represent the same or similar elements. The implementation manners described in the following exemplary embodiments do not represent all implementation manners consistent with one or more embodiments of this specification. Rather, they are merely examples of devices and methods consistent with some aspects of one or more embodiments of this specification as detailed in the appended claims.

It should be noted that in other embodiments, the steps of the corresponding method may not be executed in the order shown and described in this specification. In some other embodiments, the method may include more or fewer steps than described in this specification. In addition, a single step described in this specification may be decomposed into multiple steps for description in other embodiments; and multiple steps described in this specification may also be combined into a single step in other embodiments. describe.

Block chains are generally divided into three types: Public Blockchain, Private Blockchain and Consortium Blockchain. In addition, there are many types of combinations, such as private chain + alliance chain, alliance chain + public chain and other different combinations. Among them, the most decentralized one is the public chain. The public chain is represented by Bitcoin and Ethereum. Participants who join the public chain can read the data records on the chain, participate in transactions, and compete for the accounting rights of new blocks, etc., and each participant (ie, node) can freely join and Exit the network. The private chain is the opposite. The network's data write permission is controlled by an organization or institution, and the data read permission is regulated by the organization; in simple terms, the private chain can be a weakly centralized system with strict restrictions and few participating nodes. Therefore, the private chain is more suitable for internal use by specific institutions. Consortium chain is a block chain between public chain and private chain, which can realize "partial decentralization". Each node in the alliance chain usually has a corresponding entity or organization, and participants are authorized to join the network and form a stakeholder alliance to jointly maintain the operation of the blockchain.

In the blockchain network, by submitting the corresponding blockchain transaction (transaction for short) to the blockchain node, and the blockchain node executes the blockchain transaction to achieve the corresponding operation purpose. For any of the above types of blockchains, blockchain nodes can create a TEE and realize the TEE as a secure execution environment for blockchain transactions. TEE is a secure extension based on CPU hardware and a trusted execution environment that is completely isolated from the outside. TEE was first proposed by Global Platform to solve the security isolation of resources on mobile devices, and parallel to the operating system to provide a trusted and secure execution environment for applications. At present, the industry is very concerned about TEE solutions. Almost all mainstream chip and software alliances have their own TEE solutions, such as TPM (Trusted Platform Module) in software and Intel SGX (Software Guard Extensions) in hardware. , Software Protection Extension), ARM Trustzone (trust zone) and AMD PSP (Platform Security Processor, platform security processor), etc.

Take Intel SGX (hereinafter referred to as SGX) technology as an example. Blockchain nodes can create enclaves (enclaves or enclaves) based on SGX technology to serve as TEEs for executing blockchain transactions. Among them, the blockchain node uses the newly added processor instructions in the CPU to allocate a part of the area EPC (Enclave Page Cache, enclave page cache or enclave page cache) in the memory to reside in the above-mentioned enclave. The memory area corresponding to the above EPC is encrypted by the memory encryption engine MEE (Memory Encryption Engine) inside the CPU. The content in the memory area (code and data in the enclave) can only be decrypted in the CPU core and used for encryption and decryption. The key is only generated and stored in the CPU when the EPC is started. It can be seen that the security boundary of the enclave only includes itself and the CPU, and neither privileged or non-privileged software can access the enclave, even the operating system administrator and VMM (virtual machine monitor, or Hypervisor). Can not affect the code and data in the enclave, so it has extremely high security, and under the premise of the above-mentioned security guarantee, the CPU can process the block chain transaction in the form of plain text in the enclave, and has extremely high computational efficiency. Thus, both data security and computing efficiency are taken into consideration.

Based on the decentralized architecture of the blockchain network, every blockchain transaction on the blockchain needs to be executed on all blockchain nodes in the blockchain network to ensure that each blockchain node is maintained The blockchain ledger data is consistent. If the transaction logic is relatively simple, such as Bitcoin as an example, the blockchain transaction is only used to realize the transfer operation. At this time, even if the blockchain transaction needs to be executed on all blockchain nodes, it will not cause excessive resource consumption. . However, if the blockchain provides the function of a smart contract, and the blockchain transaction calls the smart contract, then the situation may be quite different. A smart contract on the blockchain is a contract that can be triggered by a transaction to execute on the blockchain system, and the smart contract can be defined in the form of code.

Taking Ethereum as an example, it supports users to create and call some complex logic in the Ethereum network. This is the biggest challenge that distinguishes Ethereum from Bitcoin blockchain technology. The core of Ethereum as a programmable blockchain is the Ethereum Virtual Machine (EVM), and every Ethereum node can run EVM. EVM is a Turing complete virtual machine, which means that various complex logic can be implemented through it. Users who publish and call smart contracts in Ethereum run on the EVM. In fact, what the virtual machine directly runs is virtual machine code (virtual machine bytecode, hereinafter referred to as "bytecode"). The smart contract is divided into two stages: deployment and invocation.

In the deployment phase, the user sends a transaction containing information about creating a smart contract to the Ethereum network. The data field of the transaction contains the code (such as bytecode) of the smart contract, and the to field of the transaction is empty. Each node in the Ethereum network executes this transaction through the EVM and generates a corresponding contract instance. After the nodes reach an agreement through the consensus mechanism, the smart contract corresponding to the above transaction is successfully created, and a contract account corresponding to the smart contract appears on the blockchain. The contract account has a specific contract address and contract code (i.e., smart contract). The code) or the hash value of the contract code is stored in the contract account, and the contract code is used to control the behavior of the corresponding smart contract.

In the invocation phase, the user (which can be the same or different from the user who deployed the smart contract) sends a transaction for invoking the smart contract to the Ethereum network. The from field of the transaction is the address of the external account corresponding to the user, and the to field is The contract address of the smart contract to be called. The data field contains the method and parameters for calling the smart contract. After the nodes reach an agreement through the consensus mechanism, the smart contract called by the above transaction statement is executed independently on each node of the Ethereum network in a prescribed manner. All execution records and data are stored on the blockchain, so when the transaction is completed Later, the transaction vouchers that cannot be tampered with and will not be lost are stored on the blockchain.

As mentioned earlier, EVM is a Turing complete virtual machine; similarly, other blockchains can also use other types of virtual machines, such as WASM (WebAssembly) virtual machines. In short, when the smart contract invoked by the transaction is used to implement relatively complex logic, the process of executing the code of the smart contract by the node through the virtual machine consumes relatively more computing resources, and because all nodes in the blockchain network need The code that executes the smart contract, so as the number of nodes increases, the consumption of computing resources will increase exponentially. Therefore, although the combination of TEE technology can relatively reduce the resource consumption of a single blockchain node and speed up transaction execution efficiency, it will still cause great resource consumption and waste for the entire blockchain network.

For this reason, this manual proposes to deploy private computing nodes (ie, off-chain private computing nodes) under the chain, which can transfer the computing operations that originally needed to be performed on all blockchain nodes to the off-chain private computing nodes for execution. The chain node only needs to obtain the calculation result from the off-chain private computing node and update the blockchain ledger data based on the calculation result. Off-chain private computing nodes can create off-chain TEEs, and the Verifiable Computation technology can prove that the above-mentioned calculation results are indeed executed as expected in the off-chain TEEs, thereby ensuring reliability and greatly Reduce the resource consumption on the chain.

As mentioned earlier, by invoking a smart contract on a blockchain node, the blockchain node can execute the code of the smart contract to achieve corresponding computing requirements; similarly, the code for performing computing tasks can be deployed off-chain At the privacy computing node, the deployed code is called to achieve the corresponding computing requirements. For ease of understanding, in this manual, the contract deployed on the blockchain node is called the on-chain contract, and the contract deployed on the off-chain privacy computing node is called the off-chain contract; of course, whether it is an on-chain contract or an off-chain contract, Its essence is a piece of code that can be executed in a virtual machine.

Fig. 1 is a flowchart of a method for invoking a contract on the side of an off-chain privacy computing node shown in this specification. As shown in FIG. 1, the method may include step 102 to step 103.

Step 102, the off-chain privacy computing node receives the encrypted call request, and decrypts in the off-chain trusted execution environment to obtain the identification information of the off-chain contract and the information of the input data contained in the call request.

Before invoking the off-chain contract deployed on the off-chain private computing node through a call request, the client needs to safely deploy the off-chain contract to the off-chain private computing node. For example, if the client determines that the off-chain private computing node is trustworthy, it can deploy an off-chain contract to the off-chain private computing node. The off-chain contract is similar to the on-chain contract executed by the blockchain node, and both can be bytecodes running in a virtual machine, so I won’t repeat them here.

As mentioned earlier, off-chain privacy computing nodes can create off-chain TEEs, and deployment operations and invocation operations for off-chain contracts are implemented through off-chain TEEs, thereby ensuring data security and privacy protection during operations. The off-chain TEE created on the off-chain private computing node is similar to the on-chain TEE created on the blockchain node described above, and is based on a trusted execution environment that is completely isolated from the outside and implemented by CPU hardware. The client verifies whether the off-chain private computing node is credible by obtaining the remote attestation report for the off-chain TEE created on the off-chain private computing node, specifically whether the off-chain TEE deployed on the off-chain private computing node is credible.

The remote attestation report is generated from the remote attestation process for the off-chain TEE on the off-chain private computing node. The remote attestation report is generated by the authentication server after verifying the self-recommendation information generated by the off-chain private computing node, and the self-recommended information is related to the off-chain TEE created on the off-chain private computing node. The off-chain private computing node generates the self-recommended information related to the off-chain TEE, and the authentication server verifies the self-recommended information to generate a remote attestation report, so that the remote attestation report can be used to indicate the off-chain TEE on the off-chain private computing node Trustworthy. For example, taking Intel SGX technology as an example, the off-chain TEE is an enclave created on the off-chain private computing node to realize off-chain privacy computing. The remote attestation process also involves another special enclave on the off-chain private computing node, namely Quoting enclave (QE for short), QE is an architectural enclave (Architectural Enclave) provided and signed by Intel. The above enclave first needs to generate a REPORT structure for local authentication, and QE verifies whether the enclave is on the same platform as itself based on the REPORT structure, and then QE encapsulates the REPORT structure into a structure QUOTE (ie Self-recommended information), and use the EPID (enhanced privacy identification) key to sign. The EPID key not only represents the platform of the off-chain private computing node, but also represents the credibility of the underlying hardware of the off-chain private computing node. It can also bind information such as the version of the processor firmware, and only QE can access the EPID key. , To sign the above-mentioned structure QUOTE. In SGX technology, the above authentication server can be the IAS (Intel Attestation Service) server provided by Intel. The off-chain privacy computing node sends the signed structure QUOTE to the IAS server, so that the IAS server can verify the signature and Return the corresponding remote certification report to the off-chain privacy computing node.

After the off-chain privacy computing node creates an off-chain TEE, it generates self-recommendation information for remote certification. This self-recommendation information can be used to anchor and solidify the information of the off-chain TEE, so that the final remote certification report containing the self-recommendation information can be obtained. It is used to characterize the state of the TEE under the chain and to verify whether the TEE under the chain is credible. For example, the self-recommendation information may include the first hash value to be verified, and the first hash value to be verified is the hash value of the preset information of the off-chain TEE. For example, the preset information may include all the deployed in the off-chain TEE. The code, the public key of the developer of the TEE under the chain, etc. Taking Intel SGX technology as an example, the hash value generated by all codes deployed in the off-chain TEE is MREnclave, and the hash value generated by the developer’s public key corresponding to the off-chain TEE is MRSigner, which is the first waiting The verification hash value can include MREnclave and MRSigner.

Still take Intel SGX technology as an example. As mentioned earlier, after the off-chain privacy computing node sends the signed structure QUOTE to the IAS server, the IAS server performs signature verification based on the maintained public key set, and returns a remote certification report (that is, AVR) to the off-chain privacy computing node. Report), the remote attestation report contains: the structure QUOTE and the signature verification result, and the IAS server uses its own private key to sign the remote attestation report.

Correspondingly, after the client obtains the remote attestation report, it can first perform signature verification on the remote attestation report according to the public key of the IAS server. If the verification is passed, it indicates that the remote attestation report is indeed generated by the IAS server and is in the process of data transmission. No data has been tampered with or lost. The client can obtain the public key of the IAS server through any means. For example, when the remote attestation report is provided to the client, it can also be associated with the certificate chain that provides the IAS, so that the client can extract the public key of the IAS server from the certificate chain. Then, the client can extract the structure QUOTE and the signature verification result from the remote attestation report. The client can first view the signature verification result. If the signature verification result is passed verification, it indicates that the CPU of the private computing node under the chain holds the private key provided by Intel. Therefore, the off-chain TEE is established on a reliable hardware platform and can continue to perform other operations. Verification operation: If the signature verification result is that the verification is not passed, the client can determine that the off-chain privacy computing platform is unreliable, and there is no need to continue other verification operations. Then, the client can extract the above-mentioned hash values MREnclave and MRSigner from the structure QUOTE, that is, the MREnclave to be verified and the MRSigner to be verified; at the same time, the client obtains the trusted value of the MREnclave and MRSigner of the off-chain TEE in advance, for example, These are the trusted MREnclave and the trusted MRSigner. The MREnclave to be tested is compared with the trusted MRSigner, and the MRSigner to be tested is compared with the trusted MRSigner. Then, the client can use "the MREnclave to be tested is consistent with the trusted MREnclave, and the MRSigner to be tested is consistent with the trusted MRSigner" as a prerequisite for confirming the trustworthiness of the private computing node under the chain; in other words, if the MREnclave to be tested is inconsistent with the trusted MREnclave , Or if the MRSigner to be verified is inconsistent with the trusted MRSigner, the client determines that the off-chain private computing node is not trusted, and if all the preconditions set by the client are met, it can confirm that the off-chain private computing node is trusted. In addition, there is no inevitable sequence between the operation of the client to verify the signature verification result and the verification of the MREnclave to be verified and the MRSigner to be verified, and the two can be completely independent.

In addition to MREnclave and MRSigner, the client can also verify the credibility of the off-chain private computing node through other preconditions. For example, after an off-chain private computing node creates an off-chain TEE, it can generate a key pair representing its own identity information in the off-chain TEE, and the off-chain private computing node creates its own node identity information in the off-chain TEE. The node identity information is related to the above-mentioned key pair corresponding to the identity information. For example, the node identity information may include the public key in the key pair. Among them, the key pair representing the identity information can exist in one or more groups. Encryption and decryption key pair (ie, encryption key pair), the node identity information may include the signature public key in the signature key pair and the encryption public key in the encryption key pair. In a set of key pairs, corresponding to different encryption algorithms, there may be multiple public keys at the same time, and these public keys are all included in the above-mentioned node identity information. In addition, the node identity information may also include other information related to the off-chain private computing node, such as software version, domain name, partition name, etc. This specification does not limit this. Then, when the off-chain privacy computing node generates the structure QUOTE, it can calculate the hash value of the node identity information, and add the hash value to the structure QUOTE as the second hash value to be verified.

Correspondingly, after receiving the remote certification report, the client can perform signature verification from the remote certification report. When the signature verification is passed, the client can extract the signature verification result and the second to-be-verified hash value contained in the remote certification report, and verify them separately, and there is no inevitable sequence for the verification of the two. They can be completely independent. It is assumed that the client first verifies the signature verification result, and continues to verify the second hash value to be verified if the signature verification result is passed verification. In order to verify the second hash value to be verified, the client needs to obtain the node identity information of the off-chain private computing node. For example, when the remote certification report is provided to the client, the node identity information can be associated and provided, of course, the client can also pass Obtain the node's identity information in other ways or at other times. Then, the client can perform a hash calculation on the obtained node identity information, compare the calculated hash value with the above-mentioned second hash value to be verified, and use the same comparison result as a confirmation that the off-chain privacy computing node is trusted Prerequisites. If the second hash value to be verified is verified, it can be proved that the identity information of the off-chain private computing node is initialized and generated in the off-chain TEE, and the private key in the key pair representing the identity information is only owned by the off-chain private computing node. Owned, and the private computing node under the chain can complete operations such as signing and encrypting communication.

The above lists two judgment conditions for verification of off-chain privacy computing nodes, namely, verification for the first hash value to be verified and verification for the second hash value to be verified. Other judgment conditions can also be used, which will not be listed here. When performing trusted verification for off-chain private computing nodes, one or more of the above judgment conditions can be selected. For example, the first hash value to be verified and the second hash value to be verified can be verified at the same time; or, in some cases, only the second hash value to be verified can be verified, and the first hash value to be verified No verification or partial verification is possible. For example, the client can set a trust level, and determine whether to verify or partially verify the first hash value to be verified according to the trust level. For example, when the trust level is 0, there is no need to verify the first hash value to be verified, and the trust level is 1. When verifying the MRSigner in the first hash value to be verified, and when the trust level is 2, verify the MEnclave in the first hash value to be verified.

In the above embodiment, the node identity information includes information related to the identity of the off-chain private computing node, such as a public key representing the identity. The node identity information can also include information related to the off-chain TEE. When the node identity information is hashed, and the obtained hash value to be checked is added to the structure QUOTE, the hash value to be checked is equivalent to simultaneous realization The functions of the first hash value to be verified and the second hash value to be verified are described. For example, in addition to the signature public key and encryption public key, the node identity information can also contain the values of MREnclave and MRSigner, so that the hash value to be verified obtained by hashing the identity information of the node can be combined with the off-chain The identity of the private computing node is related to the off-chain TEE. Correspondingly, after receiving the remote certification report, the client can perform signature verification from the remote certification report. In the case that the signature verification is passed, the client can extract the signature verification result and the hash value to be verified contained in the remote certification report, and verify them separately, and there is no inevitable sequence for the verification of the two. The room can be completely independent. It is assumed that the client first verifies the signature verification result, and continues to verify the hash value to be verified if the signature verification result is passed verification. In order to verify the hash value to be checked, the client needs to obtain the node identity information of the off-chain private computing node, which will not be repeated here. Then, the client can perform a hash calculation on the obtained node identity information, compare the calculated hash value with the above-mentioned hash value to be verified, and use the consistency of the comparison result as a prerequisite to confirm the trustworthiness of the off-chain private computing node condition. It can be seen that this embodiment only needs one comparison to realize the verification in the two aspects mentioned above, which helps to improve the verification efficiency.

The client's verification process of the remote attestation report can also include other operations, such as determining whether the off-chain TEE is running in test mode (there is a risk of data leakage in test mode) based on the content of the remote attestation report, etc., here is no longer one by one Go into details.

The client can initiate a challenge to the off-chain private computing node and receive the remote certification report returned by the off-chain private computing node, so that it can determine whether the off-chain private computing node is credible based on the remote certification report. For example, the client can initiate an off-chain challenge to the off-chain private computing node, that is, the process of initiating the challenge has nothing to do with the blockchain network, so that the consensus process between blockchain nodes can be skipped and the interaction between on-chain and off-chain can be reduced. , So that the client's challenge to the off-chain private computing node has a higher operational efficiency. For another example, the client can take the form of an on-chain challenge. For example, the client can submit a challenge transaction to a blockchain node. The challenge information contained in the challenge transaction can be transmitted by the blockchain node to the off-chain private computing node through the oracle mechanism. , And the challenge information is used to initiate a challenge to the off-chain private computing node.

In this specification, the oracle mechanism is used to realize the operation of transferring data from the chain to the chain or from the chain to the chain. In this specification, the coordination mechanism between the oracle contract and the oracle server is called the oracle mechanism. For example, the on-chain challenge based on the oracle mechanism in the above; and the on-chain call based on the oracle mechanism in the following. Among them, the transaction submitted by the client to the blockchain node can directly or indirectly call the oracle contract to trigger the oracle mechanism. Among them, if the contract address of the oracle contract is filled in the to field of the transaction, it indicates that the transaction directly calls the oracle contract; if the contract address of a certain chain contract is filled in the to field of the transaction, and the chain is on The contract calls the oracle contract, indicating that the transaction indirectly calls the oracle contract. The contract on the chain calls the oracle contract. In one case, the contract address of the oracle contract is pre-written in the bytecode of the on-chain contract. In another case, the contract address of the oracle contract can be used as the call. Enter the parameters of the contract on the chain, and fill the entered parameters into the data field of the above transaction. In addition to transferring call requests or other data from the chain to the off-chain, the oracle mechanism can also transfer data from off-chain to on-chain. Specifically, the oracle server can transfer the off-chain data to the oracle contract, and then the oracle contract Pass the off-chain data to the data demander. For example, the off-chain data here may include the privacy calculation results generated by invoking the off-chain contract. In the aforementioned oracle mechanism, transferring data from the chain to the chain can be regarded as a "request" process, and transferring data from the chain to the chain can be regarded as a "response" process. These two processes usually appear in pairs. .

Whether it is an off-chain challenge or an on-chain challenge, after receiving the challenge initiated by the client, the off-chain private computing node can temporarily trigger the remote attestation process as described above and generate the corresponding remote attestation report, and then report the remote attestation Feedback to the client. Or, when the off-chain private computing node receives a challenge initiated by the client, if a pre-generated remote attestation report already exists locally, the off-chain private computing node provides the remote attestation report to the client without temporarily triggering remote attestation process. Among them, the remote attestation report of the off-chain private computing node can be triggered by the off-chain private computing node in response to the challenge of other challengers except the client. For example, the other challenger may include other clients, This manual does not limit the control node and KMS server in the off-chain privacy computing cluster where the off-chain privacy computing node is located. Therefore, after receiving the challenge initiated by the client, the off-chain private computing node can first check whether there is a previously generated remote attestation report locally, and if there is, the remote attestation report is fed back to the client, otherwise the remote attestation process is temporarily triggered. Among them, the remote attestation report can have a certain time limit, such as 30 minutes or other duration. The timed out remote attestation report can be deemed invalid by the client, and the off-chain privacy computing node can also actively clear the invalid remote attestation report to avoid feedback To the client.

Based on the above solution, the client can deploy an off-chain contract to the off-chain private computing node when it is determined that the off-chain private computing node is trustworthy. Similar to the aforementioned challenge process, the client can encrypt and transmit the bytecode of the off-chain contract to the off-chain private computing node through the off-chain channel, or the client can transfer the bytecode of the off-chain contract through the on-chain channel. Encrypted transmission to the off-chain private computing node. For example, the client generates an off-chain contract deployment transaction. The off-chain contract deployment transaction contains the bytecode ciphertext obtained by encrypting the bytecode, and the client encrypts the off-chain contract deployment transaction. After submitting to the blockchain node, the encrypted off-chain contract deployment transaction can be decrypted in the on-chain TEE created at the blockchain node to obtain the bytecode ciphertext, and then the blockchain node will use the oracle mechanism to convert The bytecode ciphertext is transmitted to the privacy computing node under the chain.

After the off-chain privacy computing node can decrypt the plaintext bytecode in the off-chain TEE, the bytecode can be re-encrypted in the off-chain TEE and stored in the storage space outside the off-chain TEE, such as off-chain privacy In the hard disk of the computing node, the deployment of the off-chain contract is completed. Here, the off-chain privacy computing node usually uses a symmetric key to encrypt and store the bytecode through symmetric encryption, so that when the bytecode is subsequently called, it is compared to the form of asymmetric encryption. , The decryption operation can be completed faster. The symmetric key can be generated by the off-chain private computing node in the off-chain TEE, or distributed to the off-chain private computing node by other objects through encrypted transmission. For example, the KMS server can initiate a challenge to the off-chain private computing node, and in the case of verifying the trustworthiness of the off-chain private computing node through remote certification, the above-mentioned symmetric key is distributed to the off-chain private computing node. The off-chain privacy computing node can use the symmetric key distributed by the KMS server as the root key, and apply the derived key derived from the root key to the encrypted storage of the bytecode. For another example, based on Intel SGX technology, the above symmetric key can be the RSK (Root Seal Key) key burned in the e-fuses storage circuit in the CPU of the private computing node under the chain, or a derivative derived from the RSK key Key (ie Seal Key). Of course, the off-chain privacy computing node can also use asymmetric encryption or a combination of symmetric encryption and asymmetric encryption to encrypt and store the bytecode, which is not limited in this specification.

The client can call the off-chain contract deployed on the off-chain privacy computing node by generating a call request, where the call request can include the identification information of the off-chain contract and the information of the input data. For example, the client can directly send a call request to the off-chain privacy computing node, that is, the process of sending the call request has nothing to do with the blockchain network, which can skip the consensus process between blockchain nodes and reduce the interaction between the chain and the chain. Operation, so that the client sends a call request to the off-chain private computing node with higher operational efficiency. For another example, the client can adopt an on-chain form. For example, the client can submit a transaction to a blockchain node, and the call request contained in the transaction can be transmitted by the blockchain node to the off-chain privacy computing node through the oracle mechanism.

Take the scenario shown in Figure 2 as an example. In one case, the client 21 can directly send a call request to the off-chain privacy computing node 22 through an off-chain channel, that is, the process of sending the call request by the client 21 has nothing to do with the blockchain network. In another case, the client 21 can submit a transaction to the blockchain network 23, that is, the client 21 sends an on-chain call request to the off-chain privacy computing node 22 through the blockchain network 23, and the blockchain network 23 can follow this The transaction obtains the call request, and transmits the call request to the off-chain privacy computing node 22 through the oracle mechanism. When the client sends a call request to the client through an on-chain channel, it can include three steps: Step ①, the client 21 submits a transaction to the blockchain network 23, and the transaction can be made by a node in the blockchain network 23 23n receives and executes it, so that the blockchain node 23n obtains the encrypted call request; step ②, the node 23n calls the pre-deployed oracle smart contract (referred to as the oracle contract), and the oracle contract can pass the above call request to The oracle server 24 under the chain, for example, the oracle contract can generate an event containing the call request, and the oracle server 24 can obtain the aforementioned call request by monitoring the event generated by the oracle contract; step ③, the oracle server 24 The call request is sent to the off-chain privacy computing node 22 through the off-chain channel.

Taking the scenario shown in Figure 2 as an example, the data interaction involved may include: data interaction between the client 21 and the off-chain privacy computing node 22 (the client 21 directly sends an off-chain call request to the off-chain privacy computing node 22 , The off-chain privacy computing node 22 directly returns the off-chain privacy calculation result to the client 21), the data interaction between the client 21 and the node 23n (the client 21 submits a transaction to the node 23n, and the node 23n returns the off-chain to the client 21 Privacy calculation results), data interaction between node 23n and oracle server 24 (oracles server 24 reads the call request from node 23n, oracle server 24 feeds back the privacy calculation results under the chain to node 23n), oracle server 24 and Data interaction between off-chain privacy computing nodes 22 (the oracle server 24 sends a call request to the off-chain privacy computing node 22, and the off-chain privacy computing node 22 returns the off-chain privacy calculation result to the oracle server 24), etc. In the process of realizing any of the above-mentioned data interactions, the data transmitted between the data sender and the data receiver may leak, and the node 23n will link the transaction to cause the call request contained in the transaction to be disclosed, so it can be passed The method of encrypting data transmission avoids information leakage.

Clients can deploy more off-chain contracts to off-chain private computing nodes; similarly, other clients can also deploy off-chain contracts to off-chain private computing nodes. In order to facilitate management and facilitate subsequent calls to off-chain contracts, off-chain privacy computing nodes can generate corresponding contract IDs for deployed off-chain contracts, and there is a one-to-one correspondence between off-chain contracts and contract IDs, and the contract ID can be used as off-chain The identification information of the contract. For example, the off-chain privacy computing node may perform a hash operation on the bytecode of the off-chain contract to obtain the first hash value, and use the first hash value as the contract ID of the off-chain contract. Of course, off-chain privacy computing nodes can also generate contract IDs in other ways, and this specification does not limit this.

Therefore, in order to accurately instruct the off-chain privacy computing node to call the bytecode of the off-chain contract, the aforementioned call request may include the identification information of the off-chain contract, such as the aforementioned contract ID. Further, the call request may also include function information. In the case of multiple functions included in the off-chain contract, the call request needs to specify the function that the client needs to call through the function information. The function information may be a function name, etc. This specification does not There is no restriction on this. Of course, if the off-chain contract contains only one function, or the client wants to call all functions in the off-chain contract, the function information can also be omitted in the call request.

The call request also includes the information of the input parameter data. The information of the input parameter data can be the input parameter data itself, or the description information of the input parameter data. For example, the description information can be a storage address, etc., so that the off-chain private computing node can obtain the input parameter data accordingly, especially when the client itself In the case of not being the data owner, the interaction between the client and the data owner can be eliminated, the amount of data requested by the call can also be reduced, and the transmission speed can be accelerated.

The off-chain contract deployed on the off-chain privacy computing node can be used to update the state of an object, for example, to update the object from the first state to the second state. However, because the off-chain contract is a stateless contract, that is, the off-chain privacy computing node does not maintain the state data of the above object, so that the off-chain contract cannot actively learn the first state. If the input data only contains the data used to drive the object from the first state. For data that changes from one state to the second state, the state update for the above object will not be executed smoothly. Therefore, in addition to the data used to drive the object to change from the first state to the second state, the input data should also include the state data of the first state. For example, the above object can be a blockchain account. The data (ie state data) of the blockchain account is only maintained at the blockchain node, and the off-chain privacy computing node does not maintain the data of the blockchain account, that is, off-chain. The contract is a stateless contract, so when the execution logic of the off-chain contract is related to the blockchain account, the input data provided to the off-chain contract not only contains the data used to drive the update of the blockchain account, but also It should contain data on the historical state of the blockchain account. Since the off-chain contract is a stateless contract, it can avoid storing the state data at the off-chain private computing node, especially the data on the chain will not be stored, so that the privacy and security of the data on the chain can be guaranteed.

The call request may also include information about the identity public key of the specified object, and the identity private key is maintained by the specified object. For example, the specified object may be the aforementioned client, or any other demander specified by the client, which is not limited in this specification. Therefore, after obtaining the off-chain privacy calculation result, the off-chain privacy computing node can use the received identity public key of the specified object to encrypt the off-chain privacy calculation result, so that only the specified object who maintains the identity private key can do this chain The decryption of the private calculation results under the chain ensures the security of the off-chain private calculation results. If there are multiple designated objects at the same time, the call request can include the information of multiple identity public keys corresponding to these designated objects, so that the off-chain privacy computing node uses each identity public key to encrypt the off-chain privacy calculation results.

As shown in FIG. 2, the client 21 directly sends an off-chain invocation request to the off-chain privacy computing node 22 as an example. The client 21 generates a call request, and can directly send it to the off-chain privacy computing node 22 through the off-chain channel, then the off-chain privacy computing node 22 can call the pre-deployed off-chain contract according to the identification information of the off-chain contract contained in the call request The bytecode is executed by the virtual machine deployed in the off-chain TEE to perform privacy calculation on the input parameter data contained in the call request. However, if the client 21 does not want its call request to be arbitrarily known by other users, it can protect the privacy of the call request. The client 21 can encrypt the sent call request, and the off-chain privacy computing node can receive the encrypted call request, which can ensure that the content of the call request will not be leaked during the transmission process. At the same time, the off-chain privacy computing node 22 obtains the off-chain privacy calculation results after performing off-chain privacy calculations, and the off-chain privacy computing node 22 can directly feed back the off-chain privacy calculation results to the client or the data requester through the off-chain channel.

As shown in Figure 2, take the client 21 submitting a transaction to the node 23n as an example. The client 21 generates a transaction, and can submit a transaction to the node 23n through an on-chain channel, so that the node 23n can perform a consensus on the transaction submitted by the client 21 with other nodes and then upload the transaction on the chain, and deposit the transaction submitted by the client 21. However, if the client 21 does not want its behavior to be arbitrarily known to other users, the transaction can be protected for privacy. The client 21 can encrypt the submitted transaction, and the node 23n can receive the encrypted transaction, which can ensure that the content of the transaction will not be leaked during the transmission process. Node 23n can deploy the on-chain TEE, and node 23n can read the encrypted transaction into the on-chain TEE and decrypt it in the on-chain TEE to ensure that the decrypted challenge transaction only exists in the on-chain TEE. Leak out.

Among them, if the transaction generated by the client 21 directly contains the encrypted call request, then the node 23n can decrypt the transaction in the on-chain TEE and obtain the ciphertext of the call request, and then the node 23n can use the oracle mechanism to make the call request ciphertext. It is transmitted to the private computing node under the chain.

For the identification information of the off-chain contract in the call request, the client 21 can directly add the identification information to the transaction, then the node 23n can decrypt the transaction in the on-chain TEE to obtain the identification information; or, the exchange generated by the client 21 The called on-chain contract defines the identification information of the off-chain contract. After receiving the transaction, the node 23n can execute the called on-chain contract in the on-chain TEE to obtain the identification information.

Regarding the information of the input parameter data in the call request, the transaction generated by the client 21 may directly include the input parameter data, and then the node 23n can decrypt the transaction in the on-chain TEE and obtain the input parameter data. Then, the called on-chain contract is executed by the virtual machine deployed in the on-chain TEE. After the on-chain contract is executed, the above identification information and input parameter data can be packaged into a call request and the call request can be encrypted. Or, the transaction generated by the client can include the description information of the input parameter data, for example, the description information can be a storage address, etc., then the node 23n can query the corresponding input parameter data by executing the on-chain contract, and after the on-chain contract is executed The above identification information and input data can be packaged into a call request and the call request can be encrypted. Or, the transaction generated by the client can include initial data, then the node 23n can process the initial data by executing the on-chain contract to obtain the corresponding input data. After the on-chain contract is executed, the above identification information and the input data can be combined. Package it into a call request and encrypt the call request. Or, the transaction generated by the client can include the description information of the initial data, for example, the description information can be a storage address, etc., then the node 23n can query the corresponding initial data by executing the contract on the chain, and the contract on the chain can check the initial data For processing, after the on-chain contract is executed, the above identification information and input data can be packaged into a call request and the call request can be encrypted. Therefore, the client may not directly add the identification information or input data to the transaction. The process of invoking the off-chain contract to perform off-chain privacy calculations is transparent. The client only needs to obtain the feedback of the off-chain privacy calculation results, and does not need to pay attention to the identification information of the invoked off-chain contract or the information of the input data, etc. .

The encrypted transmission of the call request can be in the form of symmetric encryption or asymmetric encryption. Encrypted transmission of the call request can ensure that the content of the call request will not be leaked during the transmission process. When symmetric encryption is used, the client 21 and the off-chain private computing node 22 maintain the same symmetric key respectively. For example, the symmetric key can be used by the client 21 and the off-chain private computing node 22 through such as DH (Diffie-Hellman) or ECDH (Elliptic Curve Diffie-Hellman) and other algorithms are negotiated, or distributed by the KMS (Key Management Service) server to the client 21 and the privacy computing node 22 under the link. This manual does not limit the source of the key. When the key is distributed by the KMS server, the KMS server can transmit the key to the client 21 during the process of the client 21 remotely certifying the off-chain private computing node. Then, the client 21 can encrypt the call request with the above-mentioned symmetric key, and the off-chain privacy computing node 22 maintains the symmetric key in the off-chain TEE, so the off-chain privacy computing node 22 receives the data transmitted by the node 23n Invoking the request, the off-chain privacy computing node 22 reads the encrypted invoking request into the off-chain TEE, and performs a decryption operation using the symmetric key to obtain the foregoing invoking request, and performs related calculations. The encryption algorithm used by the symmetric encryption may include, for example, the DES algorithm, the 3DES algorithm, the TDEA algorithm, the Blowfish algorithm, the RC5 algorithm, and the IDEA algorithm.

When asymmetric encryption is used, the off-chain privacy computing node 22 maintains the private key of the node's asymmetric key, for example, the node private key, and the client 21 can obtain the node public key of the off-chain private computing node 22. The asymmetric key can be generated by the off-chain private computing node 22 in the off-chain TEE, or distributed by the KMS server to the off-chain private computing node 22. This specification does not limit the source of the key. Similarly, when the key is distributed by the KMS server, the KMS server can transmit the public key of the node to the client 21 during the process of the client 21 remotely certifying the off-chain private computing node. Then, the client 21 can encrypt the call request with the node public key, and the off-chain privacy computing node 22 maintains the node’s private key in the off-chain TEE, thus reading the encrypted call request into the off-chain TEE, and pass The node private key performs the decryption operation to obtain the above-mentioned call request. The asymmetric encryption algorithm used in the asymmetric encryption may include, for example, RSA, Elgamal, knapsack algorithm, Rabin, D-H, ECC (elliptic curve encryption algorithm), etc.

For the encrypted transmission of the call request, a combination of symmetric encryption and asymmetric encryption can also be used. The client 21 can maintain a symmetric key. For example, the symmetric key can be randomly generated by the client 21, and the client 21 can obtain the public key in the aforementioned node asymmetric key. The client 21 can encrypt the call request with a symmetric key, obtain the encrypted call request, and encrypt the symmetric key with an asymmetric key to obtain the encrypted key, and then the client 21 simultaneously encrypts the encrypted challenge transaction and encrypted The latter key is transmitted to the off-chain privacy computing node 22. Correspondingly, the off-chain privacy computing node 22 reads the encrypted call request and the encrypted key into the off-chain TEE, first decrypts the encrypted key with the node's private key to obtain the symmetric key, and then uses the symmetric key pair After encryption, the request is called for decryption. In comparison, the encryption and decryption efficiency of symmetric encryption is relatively higher, but the security is relatively low, while the encryption and decryption efficiency of asymmetric encryption is relatively low, but the security is relatively higher. Therefore, based on the comparison between symmetric encryption and asymmetric encryption The combined form can take into account the efficiency and security of encryption and decryption.

When encrypting the call request, symmetric encryption, asymmetric encryption, or a combination of the two can be used, and this specification does not limit this. When asymmetric encryption or a combination of symmetric encryption and asymmetric encryption is used, a set of asymmetric key pairs is involved, and the client 21 or node 23n needs to know the public key of the asymmetric key pair, and the asymmetric encryption The private key of the key pair needs to be maintained by the off-chain private computing node 22, so that the off-chain private computing node 22 can decrypt the received call request based on the private key. For example, the asymmetric key pair may be the aforementioned encryption key pair generated by the off-chain privacy computing node 22 in the off-chain TEE; accordingly, the off-chain privacy computing node 22 receives the ciphertext of the call request , Read the call request cipher text into the off-chain TEE, and decrypt the call request cipher text based on the encrypted private key to obtain the call request in plain text.

Similarly, in the process of other data interactions, the data sender and the data receiver maintain the same symmetric key, or the data sender maintains the public key of the asymmetric key, and the data receiver maintains the non-symmetric key. The private key of the symmetric key, or the combination of symmetric encryption and asymmetric encryption, can realize the encrypted transmission of data between any data sender and data receiver, which will not be repeated here.

An off-chain private computing node may belong to an off-chain private computing cluster, and the off-chain private computing cluster includes multiple off-chain private computing nodes. If the privacy computing nodes under each chain are completely independent, then the interaction process between the client and a single privacy computing node under the chain can refer to the above-mentioned embodiments. In another way, the off-chain privacy computing cluster may include a control node, and the control node will uniformly manage all off-chain privacy computing nodes in the cluster. For example, the client can send a call request to the control node, and receive the off-chain privacy calculation result of the off-chain privacy computing node returned by the control node. Similar to the foregoing embodiment, the client can send a call request to the control node, or the client can submit a transaction to the blockchain node, and the call request contained in the transaction is transmitted to the control node by the blockchain node through the oracle mechanism. , So that the control node returns the off-chain privacy calculation result sent by the off-chain privacy computing node to the client.

Take the scenario shown in Figure 3 as an example. In one case, the client 31 can directly send a call request to the control node 32 through an off-chain channel. In another case, the client 31 can submit a transaction to the control node 32 through the blockchain network 33, that is, the client 31 sends an on-chain transaction to the control node 32, and the blockchain network 33 can obtain a call request based on the transaction, and The call request is transmitted to the control node 32 through the oracle mechanism. The on-chain call request process can include three steps: Step ①, the client 31 submits a transaction to the blockchain network 33, and the transaction can be received and executed by a certain node in the blockchain network 33, such as node 33n. The blockchain node 33n obtains the encrypted call request; step ②, the node 33n calls the pre-deployed oracle smart contract (referred to as the oracle contract), which can pass the call request to the oracle server 34 under the chain For example, the oracle contract can generate an event containing the call request, and the oracle server 34 can obtain the aforementioned call request by monitoring the event generated by the oracle contract; step ③, the oracle server 34 sends the call request through the off-chain channel Send to the control node 32.

The client 31 can directly send a call request to the control node 32, that is, the process of sending a call request has nothing to do with the blockchain network, so that the consensus process between blockchain nodes can be skipped, and the interaction between on-chain and off-chain can be reduced, so that The call request sent by the client 31 to the control node 32 has higher operational efficiency. For another example, the client 31 may adopt an on-chain form. For example, the client 31 may submit a transaction to a blockchain node, and the call request contained in the transaction may be transmitted to the control node by the blockchain node through the oracle mechanism.

The control node receives the above-mentioned call request. In the call request, the target node can be set as a certain off-chain private computing node in the cluster where the control node 32 is located, such as off-chain private computing node 32n, then the control node 32 will receive The invocation request is forwarded to the off-chain private computing node 32n. Similar to the above embodiment, when the client 31 or node 33n encrypts the invocation request, it only needs to ensure that the off-chain private computing node 32n can decrypt, for example, The off-chain privacy computing node 32n can use the encrypted public key generated in the off-chain TEE to encrypt the call request, and the off-chain privacy computing node 32n can encrypt the call request in the off-chain TEE after receiving the ciphertext of the call request. The key decrypts the ciphertext of the call request to obtain the call request. Alternatively, the client 31 or the node 33n may not set the target node in the call request, and the call request may use the encrypted public key generated in the off-chain TEE by a certain off-chain privacy computing node in the cluster where the control node 32 is located. Encrypt the call request, then the control node 32 will receive the call request and forward it to all off-chain privacy computing nodes in the cluster where the control node 32 is located, then only the off-chain privacy computing that maintains the corresponding encrypted private key The node can decrypt the call request.

And the off-chain private computing node may belong to the off-chain private computing cluster, and the off-chain private computing cluster includes multiple off-chain private computing nodes. After receiving the call request, the control node 32 can select a certain off-chain privacy computing node from the off-chain privacy computing cluster according to the load balancing algorithm, and the invocation request can be received by the control node and forwarded to the off-chain privacy computing node . At this time, when the client 31 or node 33n encrypts the call request, it needs to use the encryption public key of the cluster to encrypt, so as to ensure that any off-chain private computing node in the off-chain private computing cluster can decrypt the call request. .

In the process of deploying the off-chain contract, the client first encrypts the bytecode and transmits it to the control node, and then the control node forwards it to one or more off-chain privacy computing nodes in the cluster, thereby transferring the bytes of the off-chain contract. The deployment of the code to one or more off-chain privacy computing nodes in the cluster is similar to the deployment process of the aforementioned off-chain contract, and will not be repeated here. If deployed to multiple off-chain private computing nodes, then these off-chain private computing nodes can provide the ability to call the same off-chain contract at the same time, so as to realize parallel off-chain private computing, and it can also be used in multiple off-chain private computing nodes. Achieve load balancing between.

In the case that the off-chain private computing nodes belong to the off-chain private computing cluster, unified identity information can be generated for these off-chain private computing nodes, such as cluster identity information. The cluster identity information may include a cluster encryption key pair and a cluster signature key pair. Each of the above-mentioned privacy computing nodes under the chain needs to maintain the cluster encryption private key and the cluster signature private key in their respective chain TEEs. Then, as long as the client or blockchain node encrypts the call request with the cluster encryption public key, it can ensure that each of the above-mentioned off-chain private computing nodes can decrypt with the cluster-encrypted private key in their respective off-chain TEE, thereby calling ask. Based on the cluster identity, the client does not need to pay attention to whether the other party is a single off-chain private computing node or off-chain private computing cluster. It only needs to use it as an object and interact with the object, without paying attention to the nodes or clusters behind it. detail.

In addition to the existence of a unified cluster identity for off-chain private computing nodes, contract identities can be generated for off-chain contracts deployed on off-chain private computing nodes. When there are multiple off-chain privacy computing nodes in the cluster, each off-chain privacy computing node can establish a contract identity for its deployed off-chain contract, and the contract identities generated by different off-chain privacy computing nodes for the same off-chain contract are the same . For example, off-chain privacy computing nodes can generate corresponding contract identities for off-chain contracts based on the unified cluster identity and the contract ID of the off-chain contract. Since the cluster identities are the same but the contract IDs of different off-chain contracts are necessarily different, it can be ensured : Different off-chain contracts deployed on the same chain of private computing nodes have different contract identities, and the same off-chain contracts deployed on different off-chain privacy computing nodes have the same contract identities.

The contract identity can be defined by the contract identity key pair. For example, the contract identity can include a contract encryption key pair and a contract signature key pair. Then, in addition to using the cluster identity public key to encrypt the call request, the client 31 or the node 33n may also use the contract encryption public key to encrypt the information of the input data contained in the call request. After the off-chain privacy computing node 32n receives a call request for a certain off-chain contract, it uses the contract encryption private key corresponding to the off-chain contract to decrypt the encrypted input data information in the call request, so as to ensure the entry of parameters. Data information can only be obtained by the called off-chain contract, but not by other off-chain contracts. And, after getting the call result, the off-chain privacy computing node 32n can sign the call result through the contract signature private key of the called off-chain contract, and the client 31 or node 33n can verify the signature through the contract signature public key. Therefore, it is determined that the call result is indeed generated by the called off-chain contract.

Step 104: The off-chain privacy computing node invokes the bytecode of the pre-deployed off-chain contract according to the identification information, and executes the byte code through a virtual machine deployed in the off-chain trusted execution environment Code to perform off-chain privacy calculations on the incoming parameter data.

The off-chain private computing node can decrypt the call request in the off-chain TEE to obtain other information such as identification information and input data information. The off-chain private computing node can call the bytecode of the pre-deployed off-chain contract based on the identification information. When several execution engines are deployed in an off-chain trusted execution environment, the off-chain private computing node can determine the corresponding execution engine according to the bytecode, and execute the bytecode through the determined execution engine to input Participate data for off-chain privacy calculations.

In the off-chain TEE created at the off-chain privacy computing node, several execution engines can be deployed, such as one or more of EVM, WASM virtual machine, etc. In the case of multiple execution engines deployed at the same time, the client besides In addition to the secure storage of the bytecode of the off-chain contract at the off-chain private computing node, the off-chain private computing node can also indicate the execution engine used to execute the bytecode. The off-chain privacy computing node can receive the execution engine designation information associated with the bytecode of the off-chain contract sent by the client, and set the corresponding execution engine for the bytecode according to the execution engine designation information. Therefore, off-chain privacy computing nodes can perform off-chain privacy calculations on the input parameter data in the off-chain TEE according to the determined execution engine.

And by calling the off-chain contract in this manual, any calculation logic defined by the user can be realized. For example, the off-chain contract can be used to verify whether the amount of encrypted order data stored on the blockchain is correct, and the verification result is fed back to the chain; for another example, the off-chain contract can be used to secure multi-party data according to a preset algorithm Calculations are safe multi-party calculations, and the calculation results are fed back to the chain, etc., so I won’t repeat them here.

Step 106: The off-chain privacy computing node encrypts and feeds back the obtained off-chain privacy calculation results in an off-chain trusted execution environment.

The off-chain privacy calculation result obtained by the off-chain privacy computing node performing calculations in the off-chain TEE can include at least one of the following: response code, response information, return value of contract invocation, process output of contract invocation, and off-chain privacy computing node can According to the call request, the corresponding off-chain privacy calculation result is returned, which is not restricted in this specification.

After obtaining the off-chain privacy calculation result, the off-chain privacy computing node can sign the calculation result with the node signature private key of the off-chain privacy computing node or can use the contract signature private key of the called off-chain contract to sign the calculation result , It is also possible to use both the node signature private key and the contract signature private key to sign the off-chain privacy calculation result, which is not restricted in this manual. The client or blockchain node can verify the signature through the node signature public key or the contract signature public key to determine that the off-chain privacy calculation result is indeed generated by the off-chain privacy computing node calling the corresponding off-chain contract, and the calculation The result has not been tampered with.

When the call request also includes the identity public key information of the specified object, the off-chain privacy computing node can use the identity public key to encrypt the off-chain privacy calculation result, so that only the specified object that maintains the identity private key can do so. The decryption of the off-chain privacy calculation results can restrict users who can view the off-chain privacy calculation results, while other users can only obtain the encrypted off-chain privacy calculation results when they directly view the off-chain privacy calculation results, thus ensuring the off-chain privacy calculations The result of privacy protection.

In addition to the off-chain privacy computing node feedback on the off-chain privacy calculation results, the off-chain privacy computing node can also perform a hash operation on the received call request to obtain the first hash value, and the off-chain privacy computing node will be the first hash value. Hope value and the above-mentioned off-chain privacy calculation results are associated with feedback. The client or the blockchain node compares the received first hash value with the second hash value of the generated call request, and determines whether the off-chain privacy calculation result is reliable according to the comparison result.

If the comparison result between the first hash value and the second hash value is inconsistent, it indicates that the off-chain privacy calculation result associated with the first hash value is unreliable; if the first hash value is compared with the second hash value If the comparison results are consistent, it is necessary to further verify other reference information such as the signature of the off-chain privacy computing node or the called contract. Only when the reference information is correct can the off-chain privacy calculation result be determined to be reliable.

In one case, the off-chain privacy computing node can feed back the off-chain privacy calculation result to the client or the data demander through the off-chain channel, that is, the process of the off-chain privacy computing node feeding back the off-chain privacy calculation result and the blockchain The network is independent, so that the off-chain privacy computing node directly feeds back the off-chain privacy calculation result to the client or the data demander, which has higher efficiency. In the case that the off-chain privacy computing node belongs to the off-chain privacy computing cluster, the off-chain privacy computing node can send the off-chain privacy calculation result to the control node, and the control node will feedback the off-chain privacy calculation result to the customer through the off-chain channel end. In addition, after the client receives the off-chain privacy calculation result fed back by the off-chain privacy computing node, the client can also initiate a deposit certificate transaction to the blockchain node. The deposit certificate transaction contains the off-chain privacy calculation result, so that the block The chain node will carry out the consensus on the deposit certificate transaction submitted by the client with other nodes and then upload it to the chain.

In another case, the off-chain privacy computing node can transmit the off-chain privacy calculation result to the blockchain node through the oracle mechanism, or the off-chain privacy computing node can first send the off-chain privacy calculation result to the control node. And the control node transmits the off-chain privacy calculation result to the blockchain node through the oracle mechanism.

The blockchain node can update the blockchain ledger data according to the calculation result, can solidify the calculation result, and can support the later verification of the calculation result. At the same time, compared to the on-chain data generated by the blockchain node after the on-chain contract is executed, the calculation result generated based on the off-chain contract is relatively shorter. Therefore, when the calculation result is uploaded to the chain, it is helpful to save Storage space on the chain.

The blockchain node updates the blockchain ledger data according to the calculation result, or it is called uploading the calculation result to the chain. The method can include: generating a blockchain transaction and adding the calculation result to the data field of the transaction. After the block chain transaction has passed the consensus, it can be added by each block chain node to the block body of the latest block, thereby realizing the update of the block chain ledger data, that is, completing the chaining of the calculation result; or, The blockchain node updates the state of the related account according to the calculation result. The related account can be, for example, the external account corresponding to the user or the contract account corresponding to the contract on the chain. The update of the state of the related account will cause the state tree to change. The value of the root of the tree changes, and the root of the state tree will be included in the block header of the latest block, thereby realizing the update of the blockchain ledger data, which is equivalent to uploading the calculation result to the chain.

As can be seen from the above technical solutions, this manual proposes that when the off-chain private computing node has pre-deployed the bytecode of the off-chain contract, the off-chain private computing node can call the bytecode of the off-chain contract in the off-chain TEE. The calculation operation is performed in the off-chain private computing node, and the off-chain private computing node can sign the calculation result through the node signature private key of the off-chain private computing node or the contract signature private key of the called off-chain contract can be used to sign the calculation result. Confirm that the off-chain privacy calculation result is indeed generated by the off-chain privacy computing node calling the corresponding off-chain contract, and it can be verified that the calculation result has not been tampered with, and the security and reliability of the off-chain privacy calculation result can be guaranteed; at the same time, the block The chain node does not need to perform calculation operations. It only needs to obtain the calculation result from the off-chain private calculation node and update the blockchain ledger data based on the calculation result, which can reduce the resource consumption of the blockchain network.

Corresponding to the above-mentioned embodiment on the off-chain privacy node side, this specification also proposes other embodiments on the client side, blockchain node side, control node side, etc. The embodiments involved in the off-chain privacy computing node side The description can also be applied to the embodiments on these sides, which will not be repeated hereafter.

Correspondingly, FIG. 4 is a flowchart of a method for invoking a contract on the client side provided by an exemplary embodiment. As shown in FIG. 4, the method may include steps 402 to 404.

In step 402, the client generates a call request, the call request includes the identification information of the off-chain contract and the information of the input parameter data.

As mentioned earlier, the client submits a transaction to the blockchain node, and the transaction triggers the blockchain node to transmit the encrypted call request to the off-chain private computing node through the oracle mechanism; among them, the off-chain generated by the off-chain private computing node The privacy calculation result is fed back to the blockchain node, and the off-chain privacy calculation result is used to drive the blockchain node to update the blockchain ledger data.

Step 404: The client sends an encrypted call request to the off-chain private computing node, and after the identification information and the information of the input data are decrypted by the off-chain private computing node in the off-chain trusted execution environment, The identification information is used to instruct the off-chain privacy computing node to obtain the bytecode of the off-chain contract, and execute the bytecode through the virtual machine deployed in the off-chain trusted execution environment to access the input Participate data for off-chain privacy calculations.

As mentioned earlier, the client can directly initiate an off-chain invocation request to the off-chain privacy computing node. The client can initiate a certificate deposit transaction to a blockchain node, and the certificate deposit transaction includes the results of off-chain privacy calculations.

As mentioned earlier, the client directly sends an encrypted call request to the off-chain private computing node; or, in the case that the off-chain private computing node belongs to the off-chain private computing cluster, the client sends the off-chain private computing cluster to the control node Send the encrypted call request so that the control node forwards the call request.

As mentioned above, the call request is encrypted by the public key of the node's asymmetric key pair and then transmitted, and the private key of the node's asymmetric key pair is maintained by the private computing node under the chain.

As mentioned earlier, when the off-chain private computing node belongs to the off-chain private computing cluster, the private key of the node's asymmetric key pair is only maintained by the off-chain private computing node, or the private key of the node's asymmetric key pair It is jointly maintained by all off-chain private computing nodes in the off-chain private computing cluster.

As mentioned earlier, the client obtains the remote attestation report of the off-chain private computing node. The remote attestation report is generated by the authentication server after verifying the self-recommended information generated by the off-chain private computing node. The self-recommended information is created on the off-chain private computing node The off-chain trusted execution environment is related; if the client determines that the off-chain private computing node is trustworthy according to the remote attestation report, it sends an encrypted call request to the off-chain private computing node.

As mentioned earlier, the information of the input parameter data can be encrypted by the public key of the contract asymmetric key pair. The contract asymmetric key is pre-generated by the off-chain private computing node in the off-chain trusted execution environment and corresponds to the off-chain The identity of the contract. The client can use the public key of the contract asymmetric key pair to encrypt the information of the input parameter data before transmission.

As mentioned above, different off-chain privacy computing nodes generate different contract asymmetric key pairs for off-chain contracts; or, different off-chain privacy computing nodes generate the same contract asymmetric key pairs for off-chain contracts.

As mentioned above, the client adds the information of the identity public key of the specified object to the call request; the client receives the result ciphertext returned by the off-chain privacy computing node using the identity public key to encrypt the execution result.

As mentioned above, the client adds function information to the call request, and the function information is used to instruct the off-chain privacy computing node to call the bytecode corresponding to the function information in the off-chain contract.

As mentioned earlier, the off-chain privacy calculation result includes at least one of the following: response code, response information, return value of contract invocation, and process output of contract invocation.

As mentioned earlier, the client receives the first hash value obtained by the off-chain privacy computing node hashing the invocation request and the off-chain privacy calculation result; the client generates the second hash value of the invocation request, and adds the first hash value of the invocation request. A hash value is compared with a second hash value; the client determines whether the off-chain privacy calculation result is reliable according to the comparison result.

As mentioned above, when the off-chain contract is a stateless contract, the input data of the off-chain contract includes the historical state value of the contract state defined in the off-chain contract.

Correspondingly, FIG. 5 is a flowchart of a method for invoking a contract on the side of a blockchain node provided by an exemplary embodiment. As shown in FIG. 5, the method may include step 502 to step 506.

Step 502: The blockchain node obtains an encrypted call request, the call request including the identification information of the off-chain contract and the information of the input data.

As mentioned earlier, the blockchain node extracts the call request from the transaction submitted by the client; or the blockchain node executes the on-chain contract in the trusted execution environment created by the client based on the transaction submitted by the client. Call request.

As mentioned earlier, the blockchain node directly feeds back the calculation result to the client; or, the blockchain node updates the blockchain ledger data according to the received calculation result.

In step 504, the blockchain node transmits the encrypted call request to the off-chain private computing node through the oracle mechanism, and the identification information and the information of the input data are transferred to the off-chain private computing node by the off-chain private computing node. After being decrypted in the trusted execution environment, the identification information is used to instruct the off-chain private computing node to obtain the bytecode of the off-chain contract, and execute the all-in-one through the virtual machine deployed in the off-chain trusted execution environment. The bytecode is used to perform off-chain privacy calculations on the incoming parameter data.

As mentioned earlier, the blockchain node directly transmits the encrypted call request to the off-chain private computing node through the oracle mechanism; or, in the case that the off-chain private computing node belongs to the off-chain private computing cluster, the blockchain node The encrypted call request is transmitted to the control node of the privacy computing cluster under the chain through the oracle mechanism, so that the control node forwards the call request.

As mentioned above, the call request is encrypted by the public key of the node's asymmetric key pair and then transmitted, and the private key of the asymmetric key pair is maintained by the private computing node under the chain.

As mentioned earlier, when the off-chain private computing node belongs to the off-chain private computing cluster, the private key of the node's asymmetric key pair is only maintained by the off-chain private computing node, or the node's asymmetric key pair The private key is jointly maintained by all off-chain private computing nodes in the off-chain private computing cluster.

As mentioned earlier, the information of the input data is encrypted by the public key of the contract asymmetric key pair. The contract asymmetric key is pre-generated by the off-chain private computing node in the off-chain trusted execution environment and corresponds to the off-chain contract. identity of.

Step 506: The blockchain node receives the off-chain privacy calculation result fed back by the off-chain privacy computing node through the oracle mechanism.

As mentioned above, when the call request also includes the information of the identity public key of the specified object, the blockchain node receives the calculation result returned after the off-chain privacy computing node encrypts the execution result with the identity public key Ciphertext.

As mentioned earlier, the blockchain node receives the first hash value obtained by the off-chain privacy computing node hashing the call request and the off-chain privacy calculation result; the blockchain node compares the first hash value with the off-chain privacy calculation result. The privacy calculation result is fed back to the requester, the first hash value is used to compare with the second hash value of the call request generated by the requester, and the comparison result is used to determine whether the off-chain privacy calculation result is reliable.

Correspondingly, FIG. 6 is a flowchart of a method for invoking a contract on the control node side provided by an exemplary embodiment. As shown in FIG. 6, the method may include step 602 to step 606.

Step 602: The control node receives an encrypted call request, where the call request includes the identification information of the off-chain contract and the information of the input parameter data.

As mentioned above, the control node receives the call request transmitted by the blockchain node through the oracle mechanism; or, the control node receives the off-chain call request directly sent by the client.

Step 604: The control node forwards the call request to the off-chain privacy computing node selected from the off-chain privacy computing cluster.

As mentioned above, the private key of the node's asymmetric key pair can only be maintained by the off-chain private computing node. In the case that the target node of the encrypted call request is set as the off-chain private computing node, the control node forwards the call request to the off-chain private computing node; in the case where the target node of the encrypted call request is not set The control node forwards the call request to all off-chain private computing nodes in the off-chain private computing cluster.

As mentioned earlier, the private key of the node asymmetric key pair can be jointly maintained by all off-chain privacy computing nodes in the off-chain privacy computing cluster. The control node selects the off-chain private computing node from the off-chain private computing cluster according to the load balancing algorithm, and forwards the call request to the off-chain private computing node.

Step 606: The control node feeds back the off-chain privacy calculation result received from the off-chain privacy computing node.

As mentioned earlier, the control node directly feeds back the off-chain privacy calculation result to the client; or, the control node feeds back the off-chain privacy calculation result through the oracle mechanism.

As mentioned earlier, the control node receives the first hash value and the off-chain privacy calculation result obtained by the off-chain privacy computing node hashing the call request; the control node forwards the first hash value and the off-chain privacy calculation result To the requester, the first hash value is used to compare with the second hash value of the call request generated by the requester, and the comparison result is used to determine whether the off-chain privacy calculation result is reliable.

In the technical solution of this manual, the client can also directly interact with the off-chain private computing node or control node to complete the deployment of smart contracts on the private computing node, challenge smart contracts, verify smart contracts, and call smart contracts. , Without needing to use the oracle mechanism of the blockchain to complete the above operations, and at the same time, the calculation results obtained by invoking the smart contract deployed on the privacy computing node do not need to be fed back to the blockchain. In this case, since the distinction between on-chain and off-chain is not involved, “off-chain private computing nodes” will be referred to as “private computing nodes”, and “off-chain trusted execution environment” will be referred to as “trusted execution environment”. , And call “off-chain contracts” as “smart contracts”. However, the principle of the technical solution is similar to the foregoing embodiment, and the involved implementation details can also refer to the foregoing embodiment, so the detailed description will not be given below.

Correspondingly, FIG. 7 is a flowchart of a method for invoking a smart contract on the privacy computing node side provided by an exemplary embodiment. As shown in FIG. 7, the method may include step 702 to step 706.

Step 702: The privacy computing node receives the encrypted call request, and decrypts in the trusted execution environment to obtain the identification information of the smart contract and the information of the input parameter data included in the call request.

As mentioned above, the private computing node directly receives the encrypted call request from the client; or, in the case that the private computing node belongs to a private computing cluster, the private computing node receives the private computing cluster The encrypted call request forwarded by the control node of.

As mentioned above, the call request is transmitted after being encrypted by the public key of the node asymmetric key pair, and the private key of the node asymmetric key pair is maintained by the privacy computing node.

As mentioned above, the private computing node belongs to a private computing cluster, and the private key of the node asymmetric key pair is only maintained by the private computing node; the target node of the encrypted call request is set In the case of the private computing node, the encrypted call request is received by the control node and forwarded to the private computing node; in the case where the target node of the encrypted call request is not set , The encrypted call request is received by the control node and forwarded to all private computing nodes in the private computing cluster.

As mentioned above, the private computing node belongs to a private computing cluster, and the private key of the node asymmetric key pair is jointly maintained by all private computing nodes in the private computing cluster; the private computing node is The control node is selected from the privacy computing cluster according to the load balancing algorithm, and the encrypted call request is received by the control node and forwarded to the privacy computing node.

Step 704: The privacy computing node calls the pre-deployed bytecode of the smart contract according to the identification information, and executes the bytecode through the virtual machine deployed in the trusted execution environment to Enter parameter data for privacy calculation.

As mentioned above, when the smart contract is a stateless contract, the input data of the smart contract includes the historical state value of the contract state defined in the smart contract.

Step 706: The private computing node encrypts and feeds back the obtained private computing result in a trusted execution environment.

As mentioned above, the privacy computing node performs a hash operation on the invocation request to obtain the first hash value; the privacy computing node associates the first hash value with the privacy calculation result and feeds back, the first The hash value is used to compare with the second hash value of the call request generated by the client, and the comparison result is used to determine whether the privacy calculation result is reliable.

Correspondingly, FIG. 8 is a flowchart of a method for invoking a smart contract on the client side according to an exemplary embodiment. As shown in FIG. 8, the method may include step 802 to step 804.

Step 802, the client terminal generates a call request, the call request includes the identification information of the smart contract and the information of the input parameter data.

As mentioned above, the client directly sends an encrypted call request to the private computing node; or, in the case that the private computing node belongs to the private computing cluster, the client sends the control node of the private computing cluster Send the encrypted call request, so that the control node forwards the call request.

As mentioned above, in the case that the private computing node belongs to a private computing cluster, the private key of the node asymmetric key pair is only maintained by the private computing node, or the private key of the node asymmetric key pair The private key is jointly maintained by all private computing nodes in the private computing cluster.

In step 804, the client sends an encrypted call request to the private computing node. After the identification information and the information of the input data are decrypted by the private computing node in a trusted execution environment, the identification information It is used to instruct the privacy computing node to obtain the bytecode of the smart contract, and execute the bytecode through the virtual machine deployed in the trusted execution environment to perform privacy calculation on the input parameter data.

As mentioned above, the client receives the first hash value obtained by the privacy computing node hashing the invocation request and the privacy calculation result; the client generates the first hash value of the invocation request Two hash values, and compare the first hash value with the second hash value; the client determines whether the privacy calculation result is reliable according to the comparison result.

Correspondingly, FIG. 9 is a flowchart of a method for invoking a smart contract on the control node side provided by an exemplary embodiment. As shown in FIG. 9, the method may include step 902 to step 906.

Step 902: The control node receives an encrypted call request directly sent by the client, where the call request includes the identification information of the smart contract and the information of the input parameter data.

As mentioned above, the call request is encrypted by the public key of the node asymmetric key pair and then transmitted, and the private key of the asymmetric key pair is maintained by the privacy computing node.

As mentioned above, the private key of the node asymmetric key pair is only maintained by the private computing node; the control node forwards the call request to the private computing node selected from the private computing cluster, Including: in the case where the target node of the encrypted call request is set as the private computing node, the control node forwards the call request to the private computing node; If the target node of is not set, the control node forwards the call request to all private computing nodes in the private computing cluster.

As mentioned above, the private key of the node asymmetric key pair is jointly maintained by all private computing nodes in the private computing cluster; the control node forwards the call request to all selected from the private computing cluster The privacy computing node includes: the control node selects the privacy computing node from the privacy computing cluster according to a load balancing algorithm, and forwards the call request to the privacy computing node.

Step 904: The control node forwards the call request to the privacy computing node selected from the privacy computing cluster.

Step 906: The control node feeds back the privacy calculation result received from the privacy calculation node.

As mentioned above, the control node receives the first hash value obtained by the privacy computing node hashing the call request and the privacy calculation result; the control node hashes the first hash value The value and the privacy calculation result are forwarded to the requesting party, the first hash value is used to compare with the second hash value of the call request generated by the client, and the comparison result is used to determine whether the privacy calculation result is reliable.

Fig. 10 is a schematic structural diagram of a device according to an exemplary embodiment. Please refer to FIG. 10, at the hardware level, the electronic device includes a processor 1002, an internal bus 1004, a network interface 1006, a memory 1008, and a non-volatile memory 1010. Of course, it may also include hardware required for other services. The processor 1002 reads the corresponding computer program from the non-volatile memory 1010 to the memory 1008 and then runs it, forming a command calling contract device on the logical level. Of course, in addition to the software implementation, this specification does not exclude other implementations, such as logic devices or a combination of software and hardware, etc. That is to say, the execution body of the following processing flow is not limited to each logic unit, and can also be Hardware or logic device.

Please refer to Figure 11, in the software implementation on the side of the off-chain privacy computing node, the device for invoking the contract may include: a receiving and decrypting unit 1102, so that the off-chain privacy computing node receives the encrypted invocation request and sends it to the off-chain In the trusted execution environment, the identification information of the off-chain contract and the information of the input parameter data contained in the invocation request are decrypted; the invocation and execution unit 1104 enables the off-chain private computing node to invoke the pre-deployed all data based on the identification information. The bytecode of the off-chain contract is executed by a virtual machine deployed in the off-chain trusted execution environment to perform off-chain privacy calculations on the incoming parameter data; the feedback unit 1106 enables all The off-chain private computing node encrypts and feeds back the obtained off-chain private computing results in an off-chain trusted execution environment.

Optionally, the receiving and decrypting unit 1102 is specifically configured to: enable the off-chain private computing node to receive the call request transmitted by the blockchain node through the oracle mechanism; enable the off-chain private computing node to perform trusted execution off-chain Encrypting and feeding back the obtained off-chain privacy calculation results in the environment includes: the off-chain computing node feedbacks the off-chain privacy calculation results through the oracle mechanism.

Optionally, the receiving and decrypting unit 1102 is specifically configured to: enable the encrypted call request to be extracted by the blockchain node from the transaction submitted by the client; or, enable the encrypted call request It is generated by the blockchain node executing an on-chain contract in the trusted execution environment on the chain created by the blockchain node according to the transaction submitted by the client.

Optionally, the receiving and decrypting unit 1102 is specifically configured to: enable the off-chain private computing node to receive the off-chain invocation request directly initiated by the client; and enable the off-chain private computing node to perform the verification in the off-chain trusted execution environment Encrypting and feeding back the obtained off-chain privacy calculation result includes: the off-chain computing node directly feeds back the off-chain privacy calculation result to the client.

Optionally, the receiving and decrypting unit 1102 is specifically configured to: enable the off-chain private computing node to directly receive an encrypted call request from the requesting party; or, the off-chain private computing node belongs to an off-chain private computing cluster In the case of, the off-chain privacy computing node receives the encrypted call request forwarded by the control node of the off-chain privacy computing cluster.

Optionally, the call request is transmitted after being encrypted by the public key of the node asymmetric key pair, and the private key of the node asymmetric key pair is maintained by the off-chain privacy computing node.

Optionally, the off-chain privacy computing node belongs to an off-chain privacy computing cluster, and the private key of the node asymmetric key pair is only maintained by the off-chain privacy computing node; in the encrypted call request When the target node of is set as the off-chain private computing node, the encrypted call request is received by the control node and forwarded to the off-chain private computing node; in the encrypted call request If the target node of is not set, the encrypted call request is received by the control node and forwarded to all off-chain privacy computing nodes in the off-chain privacy computing cluster.

Optionally, the off-chain privacy computing node belongs to an off-chain privacy computing cluster, and the private key of the node asymmetric key pair is jointly maintained by all off-chain privacy computing nodes in the off-chain privacy computing cluster; The off-chain privacy computing node is selected by the control node from the off-chain privacy computing cluster according to the load balancing algorithm, and the encrypted call request is received by the control node and forwarded to the off-chain privacy computing node .

Optionally, several execution engines are deployed in the off-chain trusted execution environment; the device further includes: an engine determining unit 1108, which enables the off-chain private computing node to determine the execution engine corresponding to the bytecode; an engine The execution unit 1110, where the off-chain privacy computing node executes the bytecode through the determined execution engine.

Optionally, it further includes: a remote certification report providing unit 1112 to enable the off-chain private computing node to provide a remote certification report to the requesting party, where the remote certification report is self-recommended information generated by the authentication server to the off-chain private computing node Generated after verification, the self-recommendation information is related to the off-chain trusted execution environment created on the off-chain private computing node; wherein, the call request is determined by the client on the chain according to the remote attestation report. Initiated when the next privacy computing node is trusted.

Optionally, the information of the input data is encrypted by the public key of the contract asymmetric key pair, and the contract asymmetric key is pre-defined by the off-chain private computing node in the off-chain trusted execution environment. Generated and corresponding to the identity of the off-chain contract; the device further includes: an input data information decryption unit 1114. The off-chain privacy computing node is configured in the chain according to the private key of the contract asymmetric key pair. The information of the input parameter data is obtained by decrypting in the trusted execution environment.

Optionally, different off-chain privacy computing nodes generate different contract asymmetric key pairs for the off-chain contract; or, different off-chain privacy computing nodes generate contract asymmetric key pairs for the off-chain contract same.

Optionally, the invocation request further includes information about the identity public key of the specified object, and the feedback unit 1106 is specifically configured to: enable the off-chain privacy computing node to encrypt the execution result according to the identity public key and then feed back.

Optionally, the calling request further includes function information, and the calling and executing unit 1104 is specifically configured to: enable the off-chain privacy computing node to call the bytecode corresponding to the function information in the off-chain contract.

Optionally, the off-chain privacy calculation result includes at least one of the following: response code, response information, return value of contract invocation, and process output of contract invocation.

Optionally, it further includes: an arithmetic unit 1116 that enables the off-chain privacy computing node to perform a hash operation on the call request to obtain the first hash value; an association feedback unit 1118 that enables the off-chain privacy computing node to The first hash value is associated with the feedback of the off-chain privacy calculation result, the first hash value is used for comparison with the second hash value of the call request generated by the requester, and the comparison result is used for Determine whether the off-chain privacy calculation result is reliable.

Optionally, when the off-chain contract is a stateless contract, the input data of the off-chain contract includes the historical state value of the contract state defined in the off-chain contract.

12, in the software implementation on the client side, the device for invoking the contract may include: a generating unit 1202 for the client to generate a call request, the call request including the identification information of the off-chain contract and input data Information; the sending unit 1204, which enables the client to send an encrypted call request to the off-chain private computing node, and the identification information and the information of the incoming parameter data are trusted by the off-chain private computing node to execute under the chain After decryption in the environment, the identification information is used to instruct the off-chain private computing node to obtain the bytecode of the off-chain contract, and execute the byte code through the virtual machine deployed in the off-chain trusted execution environment Code to perform off-chain privacy calculations on the incoming parameter data.

Optionally, the sending unit 1204 is specifically configured to: enable the client to submit a transaction to a blockchain node, and the transaction triggers the blockchain node to transmit the encrypted call request to the off-chain through an oracle mechanism Privacy calculation node; wherein the off-chain privacy calculation result generated by the off-chain privacy calculation node is fed back to the blockchain node, and the off-chain privacy calculation result is used to drive the blockchain node to update the blockchain Ledger data.

Optionally, enable the client to directly initiate an off-chain invocation request to the off-chain privacy computing node; optionally, it further includes: a transaction initiation module 1206 to enable the client to initiate a deposit to the blockchain node A certificate transaction, the certificate deposit transaction includes the off-chain privacy calculation result.

Optionally, the sending unit 1204 is specifically configured to: cause the client to directly send an encrypted call request to the off-chain private computing node; or, in the case that the off-chain private computing node belongs to an off-chain private computing cluster, The client is caused to send an encrypted call request to the control node of the off-chain privacy computing cluster, so that the control node forwards the call request.

Optionally, when the off-chain privacy computing node belongs to an off-chain privacy computing cluster, the private key of the node asymmetric key pair is only maintained by the off-chain privacy computing node, or the node is not The private key of the symmetric key pair is jointly maintained by all the off-chain privacy computing nodes in the off-chain privacy computing cluster.

Optionally, it further includes: a remote certification report obtaining unit 1208, which enables the client to obtain a remote certification report of the off-chain private computing node, where the remote certification report is generated by the authentication server on the off-chain private computing node The self-recommendation information is generated after verification, and the self-recommendation information is related to the off-chain trusted execution environment created on the off-chain private computing node; enabling the client to determine the availability of the off-chain private computing node according to the remote attestation report In the case of the letter, the encrypted call request is sent to the off-chain privacy computing node.

Optionally, the information of the input data is encrypted by the public key of the contract asymmetric key pair, and the contract asymmetric key is pre-defined by the off-chain private computing node in the off-chain trusted execution environment. Generated and corresponding to the identity of the off-chain contract; the device further includes: an input data information encryption unit 1210, which enables the client to use the public key of the contract asymmetric key pair to transfer the input data The information is encrypted and transmitted.

Optionally, different off-chain privacy computing nodes generate different contract asymmetric key pairs for the off-chain contract; or, different off-chain privacy computing nodes generate the same contract asymmetric key pair for the off-chain contract.

Optionally, it further includes: an identity public key information adding unit 1212, which enables the client to add the identity public key information of the specified object to the call request, so that the client receives the off-chain privacy computing node using the identity public key pair The result ciphertext returned after the execution result is encrypted.

Optionally, it further includes: a function information adding unit 1214 that enables the client to add function information to the call request, where the function information is used to instruct the off-chain privacy computing node to call the off-chain contract that corresponds to all The bytecode of the function information.

Optionally, it further includes: an operation result receiving unit 1216 to enable the client to receive the first hash value obtained by the off-chain privacy computing node hashing the invocation request and the off-chain privacy calculation Result; comparing unit 1218, causing the client to generate the second hash value of the call request, and comparing the first hash value with the second hash value; result determining unit 1220, making all The client determines whether the off-chain privacy calculation result is reliable according to the comparison result.

Please refer to FIG. 13, in the software implementation on the blockchain node side, the device for invoking the contract may include: an obtaining unit 1302, which enables the blockchain node to obtain an encrypted invoking request, the invoking request including the off-chain contract The identification information and the information of the input data; the transmission unit 1304 enables the blockchain node to transmit the encrypted call request to the off-chain privacy computing node through the oracle mechanism, the identification information and the information of the input data After being decrypted by the off-chain private computing node in the off-chain trusted execution environment, the identification information is used to instruct the off-chain private computing node to obtain the bytecode of the off-chain contract and deploy it on the chain The virtual machine in the lower trusted execution environment executes the bytecode to perform off-chain privacy calculations on the input data; the receiving unit 1306 enables the blockchain node to receive the off-chain privacy computing node through the oracle The off-chain privacy calculation result fed back by the mechanism.

Optionally, the acquiring unit 1302 is specifically configured to: enable the blockchain node to extract the call request from the transaction submitted by the client; or enable the blockchain node to create a call request based on the transaction submitted by the client. The on-chain contract is executed in the trusted execution environment on the chain to generate a call request.

Optionally, it further includes: a direct feedback unit 1308, which enables the blockchain node to directly feed back the calculation result to the client; or, an update unit 1310, which enables the blockchain node to perform the calculation according to the received calculation As a result, the blockchain ledger data is updated.

Optionally, the transmission unit 1304 is specifically configured to: make the blockchain node directly transmit the encrypted call request to the off-chain private computing node through the oracle mechanism; or, the off-chain private computing node belongs to the off-chain private computing node In the case of a cluster, the blockchain node is made to transmit the encrypted call request to the control node of the off-chain privacy computing cluster through the oracle mechanism, so that the control node forwards the call request.

Optionally, the call request is transmitted after being encrypted by the public key of the node asymmetric key pair, and the private key of the asymmetric key pair is maintained by the off-chain privacy computing node.

Optionally, the information of the input data is encrypted by the public key of the contract asymmetric key pair, and the contract asymmetric key is pre-defined by the off-chain private computing node in the off-chain trusted execution environment. Generate and correspond to the identity of the off-chain contract.

Optionally, the receiving unit 1306 is specifically configured to: in the case that the call request also includes information about the identity public key of the specified object, make the blockchain node receive the off-chain privacy computing node using The ciphertext of the calculation result returned after the identity public key encrypts the execution result.

Optionally, it further includes: an operation result receiving unit 1312 to enable the blockchain node to receive the first hash value obtained by the off-chain privacy computing node hashing the invocation request and the off-chain Privacy calculation result; the result feedback unit 1314 enables the blockchain node to feed back the first hash value and the off-chain privacy calculation result to the requesting party, and the first hash value is used to communicate with the request The second hash value of the call request generated by the party is compared, and the comparison result is used to determine whether the off-chain privacy calculation result is reliable.

Please refer to FIG. 14, in the software implementation on the control node side, the device for invoking the contract may include: a receiving unit 1402 to enable the control node to receive an encrypted invoking request, the invoking request including the identification information of the off-chain contract and Information about the input parameter data; a forwarding unit 1404, which enables the control node to forward the invocation request to the off-chain privacy computing node selected from the off-chain privacy computing cluster; a feedback unit 1406, which causes the control node from The off-chain privacy calculation result received by the off-chain privacy computing node is fed back.

Optionally, the receiving unit 1402 is specifically configured to: the control node receives the call request transmitted by the blockchain node through the oracle mechanism; or, the control node receives the off-chain call request directly sent by the client.

Optionally, it further includes: a direct feedback unit 1408 to enable the control node to directly feed back the off-chain privacy calculation result to the client; or an oracle mechanism feedback unit 1410 to enable the control node to pass the oracle The mechanism provides feedback on the off-chain privacy calculation result.

Optionally, the private key of the node asymmetric key pair is only maintained by the off-chain privacy computing node, and the forwarding unit 1404 is specifically configured to: set the target node of the encrypted call request as the chain In the case of a private computing node, the control node is made to forward the invocation request to the off-chain private computing node; in the case that the target node of the encrypted invocation request is not set, the The control node forwards the call request to all off-chain privacy computing nodes in the off-chain privacy computing cluster.

Optionally, the private key of the node asymmetric key pair is jointly maintained by all off-chain privacy computing nodes in the off-chain privacy computing cluster, and the forwarding unit 1404 is specifically configured to: make the control node according to a load balancing algorithm Select the off-chain privacy computing node from the off-chain privacy computing cluster, and forward the call request to the off-chain privacy computing node.

Optionally, it further includes: a result receiving unit 1412, which enables the control node to receive the first hash value obtained by the off-chain privacy computing node hashing the invocation request and the off-chain privacy calculation result The result forwarding unit 1414 enables the control node to forward the first hash value and the off-chain privacy calculation result to the requester, and the first hash value is used for the call request generated with the requester The second hash value of is compared, and the comparison result is used to determine whether the off-chain privacy calculation result is reliable.

Please refer to FIG. 15, in the software implementation on the side of the privacy computing node, the invoking device of the smart contract may include: a receiving and decrypting unit 1502, so that the privacy computing node receives an encrypted invocation request, and in a trusted execution environment Decrypting to obtain the identification information of the smart contract and the information of the input parameter data included in the call request; the calling and computing unit 1504 enables the private computing node to call the bytecode of the smart contract deployed in advance according to the identification information, And execute the bytecode through the virtual machine deployed in the trusted execution environment to perform private calculation on the input parameter data; the encryption and feedback unit 1506 enables the private computing node to perform the private calculation in the trusted execution environment The privacy calculation results obtained are encrypted and fed back.

Optionally, the receiving and decrypting unit 1502 is specifically configured to: enable the private computing node to directly receive an encrypted call request from the client; or, when the private computing node belongs to a private computing cluster, The privacy computing node receives the encrypted call request forwarded by the control node of the privacy computing cluster.

Optionally, the call request is transmitted after being encrypted by the public key of the node asymmetric key pair, and the private key of the node asymmetric key pair is maintained by the privacy computing node.

Optionally, the private computing node belongs to a private computing cluster, and the private key of the node asymmetric key pair is only maintained by the private computing node; the target node of the encrypted call request is set In the case of the private computing node, the encrypted call request is received by the control node and forwarded to the private computing node; in the case where the target node of the encrypted call request is not set, The encrypted call request is received by the control node and forwarded to all private computing nodes in the private computing cluster.

Optionally, the private computing node belongs to a private computing cluster, and the private key of the node asymmetric key pair is jointly maintained by all private computing nodes in the private computing cluster; the private computing node is controlled by the A node is selected from the privacy computing cluster according to a load balancing algorithm, and the encrypted call request is received by the control node and forwarded to the privacy computing node.

Optionally, it further includes: a hash calculation unit 1508, where the privacy calculation node performs a hash calculation on the call request to obtain a first hash value; and a comparison unit 1510, where the privacy calculation node hashes the first hash value The value is fed back in association with the privacy calculation result, the first hash value is used to compare with the second hash value of the call request generated by the client, and the comparison result is used to determine whether the privacy calculation result is reliable.

Optionally, when the smart contract is a stateless contract, the input data of the smart contract includes the historical state value of the contract state defined in the smart contract.

Please refer to FIG. 16, in the software implementation on the client side, the device for invoking the smart contract may include: generating a call request unit 1602 to enable the client to generate a call request, the call request including the identification information and input parameters of the smart contract Data information; the sending call request unit 1604 enables the client to send an encrypted call request to the private computing node, and the identification information and the information of the input parameter data are used by the private computing node in a trusted execution environment After the decryption is obtained, the identification information is used to instruct the privacy computing node to obtain the bytecode of the smart contract, and execute the bytecode through the virtual machine deployed in the trusted execution environment to check the input parameters. Data is calculated for privacy.

Optionally, the sending call request unit 1604 is specifically configured to: enable the client to directly send an encrypted call request to the private computing node; or, when the private computing node belongs to a private computing cluster, enable the client to The terminal sends the encrypted call request to the control node of the privacy computing cluster, so that the control node forwards the call request.

Optionally, when the private computing node belongs to a private computing cluster, the private key of the node asymmetric key pair is only maintained by the private computing node, or the private key of the node asymmetric key pair The key is jointly maintained by all private computing nodes in the private computing cluster.

Optionally, it further includes: an operation result receiving unit 1606, so that the client receives the first hash value obtained by the privacy computing node performing the hash operation on the invocation request and the privacy calculation result; a comparison unit 1608. The client generates a second hash value of the call request, and compares the first hash value with the second hash value; the result determining unit 1610, the client according to the comparison result Determine whether the privacy calculation result is reliable.

Referring to FIG. 17, in the software implementation on the control node side, the invoking device of the smart contract may include: a receiving invocation request unit 1702, which enables the control node to receive an encrypted invoking request directly sent by the client, the invoking request Contains the identification information of the smart contract and the information of the input parameter data; a forwarding call request unit 1704 to enable the control node to forward the call request to the privacy computing node selected from the privacy computing cluster; feedback the privacy calculation result unit 1706 , Enabling the control node to feed back the privacy calculation result received from the privacy calculation node.

Optionally, the call request is transmitted after being encrypted by the public key of the node asymmetric key pair, and the private key of the asymmetric key pair is maintained by the privacy computing node.

Optionally, the private key of the node asymmetric key pair is only maintained by the privacy computing node, and the forwarding call request unit 1704 is specifically configured to: set the private key of the encrypted call request to the target node In the case of a computing node, the control node forwards the call request to the privacy computing node; in the case that the target node of the encrypted call request is not set, the control node transfers the call The request is forwarded to all private computing nodes in the private computing cluster.

Optionally, the private key of the node asymmetric key pair is jointly maintained by all privacy computing nodes in the privacy computing cluster, and the forwarding call request unit 1704 is specifically configured to: the control node obtains data from the The private computing node is selected from the private computing cluster, and the call request is forwarded to the private computing node.

Optionally, it further includes: a receiving unit 1708 to enable the control node to receive the first hash value obtained by the privacy computing node performing a hash operation on the invocation request and the privacy calculation result; a result forwarding unit 1710 , Enabling the control node to forward the first hash value and the privacy calculation result to the requesting party, and the first hash value is used to communicate with the second hash value of the call request generated by the client Comparison, the comparison result is used to determine whether the privacy calculation result is reliable.

The systems, devices, modules, or units illustrated in the above embodiments may be specifically implemented by computer chips or entities, or implemented by products with certain functions. A typical implementation device is a computer. The specific form of the computer can be a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email receiving and sending device, and a game control A console, a tablet computer, a wearable device, or a combination of any of these devices.

In a typical configuration, the computer includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.

The memory may include non-permanent memory in a computer readable medium, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer readable media.

Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology. The information can be computer-readable instructions, data structures, program modules, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, disk storage, quantum memory, graphene-based storage media or other magnetic storage devices, or any other non-transmission media, can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.

It should also be noted that the terms "include", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, commodity or equipment including a series of elements not only includes those elements, but also includes Other elements that are not explicitly listed, or also include elements inherent to such processes, methods, commodities, or equipment. If there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other identical elements in the process, method, commodity, or equipment that includes the element.

The foregoing describes specific embodiments of this specification. Other embodiments are within the scope of the appended claims. In some cases, the actions or steps described in the claims can be performed in a different order than in the embodiments and still achieve desired results. In addition, the processes depicted in the drawings do not necessarily require the specific order or sequential order shown in order to achieve the desired results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.

The terms used in one or more embodiments of this specification are only for the purpose of describing specific embodiments, and are not intended to limit one or more embodiments of this specification. The singular forms "a", "said" and "the" used in one or more embodiments of this specification and the appended claims are also intended to include plural forms, unless the context clearly indicates other meanings. It should also be understood that the term "and/or" as used herein refers to and includes any or all possible combinations of one or more associated listed items.

It should be understood that although the terms first, second, third, etc. may be used to describe various information in one or more embodiments of this specification, the information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other. For example, without departing from the scope of one or more embodiments of this specification, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information. Depending on the context, the word "if" as used herein can be interpreted as "when" or "when" or "in response to determination".

The above descriptions are only preferred embodiments of one or more embodiments of this specification, and are not intended to limit one or more embodiments of this specification. All within the spirit and principle of one or more embodiments of this specification, Any modification, equivalent replacement, improvement, etc. made should be included in the protection scope of one or more embodiments of this specification.

Claims

A method of invoking a contract, including:

The off-chain privacy computing node receives the encrypted call request, and decrypts it in the off-chain trusted execution environment to obtain the identification information of the off-chain contract and the information of the input data contained in the call request;

The off-chain privacy computing node invokes the bytecode of the pre-deployed off-chain contract according to the identification information, and executes the bytecode through the virtual machine deployed in the off-chain trusted execution environment. Perform off-chain privacy calculations on the input data;

The off-chain privacy computing node encrypts and feeds back the obtained off-chain privacy calculation results in an off-chain trusted execution environment.
The method according to claim 1, wherein the off-chain private computing node receives an encrypted call request, comprising: the off-chain private computing node receives a call request transmitted by a blockchain node through an oracle mechanism;

The off-chain privacy computing node encrypts and feeds back the obtained off-chain privacy calculation results in an off-chain trusted execution environment, including: the off-chain computing node feedbacks the off-chain privacy calculation results through an oracle mechanism .
The method according to claim 2, wherein the off-chain privacy computing node receives the call request transmitted by the blockchain node through the oracle mechanism, including:

The encrypted call request is extracted by the blockchain node from the transaction submitted by the client; or,

The encrypted call request is generated by the blockchain node executing an on-chain contract in the trusted execution environment on the chain created by the blockchain node according to the transaction submitted by the client.
The method according to claim 1, wherein the off-chain privacy computing node receives an encrypted call request, comprising: the off-chain privacy computing node receives an off-chain call request directly initiated by a client;

The off-chain privacy computing node encrypts and feeds back the obtained off-chain privacy calculation results in an off-chain trusted execution environment, including: the off-chain computing node directly feeds back the off-chain privacy calculation results to the client.
The method according to claim 1, wherein the encrypted call request received by the off-chain privacy computing node includes:

The off-chain privacy computing node directly receives the encrypted call request from the requesting party; or,

In the case that the off-chain privacy computing node belongs to an off-chain privacy computing cluster, the off-chain privacy computing node receives the encrypted call request forwarded by the control node of the off-chain privacy computing cluster.
The method according to claim 1, wherein the call request is transmitted after being encrypted by the public key of the node asymmetric key pair, and the private key of the node asymmetric key pair is maintained by the off-chain privacy computing node .
According to the method of claim 6, the off-chain privacy computing node belongs to an off-chain privacy computing cluster, and the private key of the node asymmetric key pair is only maintained by the off-chain privacy computing node;

In the case where the target node of the encrypted call request is set as the off-chain private computing node, the encrypted call request is received by the control node of the off-chain private computing cluster and forwarded to the Off-chain privacy computing nodes;

In the case where the target node of the encrypted invocation request is not set, the encrypted invocation request is received by the control node and forwarded to all off-chain privacy computing nodes in the off-chain privacy computing cluster.
According to the method of claim 6, the off-chain privacy computing node belongs to an off-chain privacy computing cluster, and the private key of the node asymmetric key pair is used by all off-chain privacy computing in the off-chain privacy computing cluster. Joint maintenance of nodes;

The off-chain privacy computing node is selected from the off-chain privacy computing cluster by the control node of the off-chain privacy computing cluster according to the load balancing algorithm, and the encrypted call request is received by the control node and forwarded to The off-chain privacy computing node.
The method according to claim 1, wherein several execution engines are deployed in the off-chain trusted execution environment; the method further comprises:

The off-chain privacy computing node determines the execution engine corresponding to the bytecode;

The off-chain privacy computing node executes the bytecode through the determined execution engine.
The method according to claim 1, further comprising:

The off-chain private computing node provides a remote attestation report to the requesting party. The remote attestation report is generated by the authentication server after verifying the self-recommended information generated by the off-chain private computing node. The self-recommended information is consistent with the off-chain privacy. The off-chain trusted execution environment created on the computing node is related;

Wherein, the call request is initiated by the client when it is determined that the off-chain privacy computing node is credible according to the remote attestation report.
According to the method of claim 1, the information of the input data is encrypted by the public key of the contract asymmetric key pair, and the contract asymmetric key is available to the off-chain private computing node by the off-chain private computing node. The identity that is generated in advance in the trust execution environment and corresponds to the off-chain contract; the method further includes:

The off-chain privacy computing node decrypts in the off-chain trusted execution environment according to the private key of the contract asymmetric key pair to obtain the information of the input data.
According to the method of claim 11,

Different off-chain privacy computing nodes generate different contract asymmetric key pairs for the off-chain contract; or,

Different off-chain privacy computing nodes generate the same contract asymmetric key pair for the off-chain contract.
The method according to claim 1, wherein the invocation request further includes information specifying the identity public key of the object; the off-chain private computing node encrypts the obtained off-chain private computing results in an off-chain trusted execution environment and Feedback, including:

The off-chain privacy computing node encrypts the execution result according to the identity public key and feeds it back.
The method according to claim 1, wherein the call request further includes function information; the off-chain privacy computing node invoking the bytecode of the off-chain contract includes:

The off-chain privacy computing node calls the bytecode corresponding to the function information in the off-chain contract.
The method according to claim 1, wherein the off-chain privacy calculation result includes at least one of the following: response code, response information, return value of contract invocation, and process output of contract invocation.
The method according to claim 1, further comprising:

The off-chain privacy computing node performs a hash operation on the call request to obtain the first hash value;

The off-chain privacy computing node associates feedback with the first hash value and the off-chain privacy calculation result, and the first hash value is used for the second hash value of the call request generated by the requesting party The comparison is performed, and the comparison result is used to determine whether the off-chain privacy calculation result is reliable.
The method according to claim 1, further comprising:

In the case that the off-chain contract is a stateless contract, the input data of the off-chain contract includes the historical state value of the contract state defined in the off-chain contract.
A method of invoking a contract, including:

The client generates a call request, the call request includes the identification information of the off-chain contract and the information of the input parameter data;

The client sends an encrypted call request to the off-chain private computing node. After the identification information and the information of the input data are decrypted by the off-chain private computing node in the off-chain trusted execution environment, The identification information is used to instruct the off-chain privacy computing node to obtain the bytecode of the off-chain contract, and execute the bytecode through the virtual machine deployed in the off-chain trusted execution environment to input the parameter The data is subjected to off-chain privacy calculations.
The method according to claim 18, wherein the client sends an encrypted call request to the off-chain privacy computing node, including:

The client submits a transaction to a blockchain node, and the transaction triggers the blockchain node to transmit the encrypted call request to the off-chain privacy computing node through the oracle mechanism;

Wherein, the off-chain privacy calculation result generated by the off-chain privacy computing node is fed back to the blockchain node, and the off-chain privacy calculation result is used to drive the blockchain node to update the blockchain ledger data.
The method according to claim 18, wherein the client sends an encrypted invocation request to the off-chain privacy computing node, comprising: the client directly initiates an off-chain invocation request to the off-chain privacy computing node; the method Also includes:

The client initiates a certificate deposit transaction to a blockchain node, and the certificate deposit transaction includes the off-chain privacy calculation result.
The method according to claim 18, wherein the client sends an encrypted call request to the off-chain privacy computing node, including:

The client directly sends the encrypted call request to the off-chain privacy computing node; or,

In the case that the off-chain privacy computing node belongs to the off-chain privacy computing cluster, the client sends an encrypted call request to the control node of the off-chain privacy computing cluster, so that the control node forwards the call ask.
The method according to claim 18, wherein the call request is encrypted by the public key of the node asymmetric key pair and then transmitted, and the private key of the node asymmetric key pair is maintained by the off-chain privacy computing node .
According to the method of claim 22, when the off-chain private computing node belongs to an off-chain private computing cluster, the private key of the node asymmetric key pair is only maintained by the off-chain private computing node, Or the private key of the node asymmetric key pair is jointly maintained by all the off-chain privacy computing nodes in the off-chain privacy computing cluster.
The method of claim 18, further comprising:

The client obtains the remote certification report of the off-chain private computing node. The remote certification report is generated by the authentication server after verifying the self-recommendation information generated by the off-chain private computing node. The off-chain trusted execution environment created on the next private computing node is related;

If the client determines that the off-chain private computing node is credible according to the remote attestation report, the client sends an encrypted call request to the off-chain private computing node.
According to the method of claim 18, the information of the input data is encrypted by the public key of the contract asymmetric key pair, and the contract asymmetric key is available to the off-chain privacy computing node by the off-chain private computing node. The identity that is generated in advance in the trust execution environment and corresponds to the off-chain contract; the method further includes:

The client uses the public key of the contract asymmetric key pair to encrypt the information of the input data before transmission.
According to the method of claim 25,

Different off-chain privacy computing nodes generate different contract asymmetric key pairs for the off-chain contract; or,

The contract asymmetric key pairs generated by different off-chain privacy computing nodes for the off-chain contract are the same.
The method of claim 18, further comprising:

The client adds the information of the identity public key of the specified object to the call request;

The client receives the result ciphertext returned by the off-chain privacy computing node after encrypting the execution result using the identity public key.
The method of claim 18, further comprising:

The client adds function information to the call request, and the function information is used to instruct the off-chain privacy computing node to call the bytecode corresponding to the function information in the off-chain contract.
The method according to claim 18, the off-chain privacy calculation result includes at least one of the following: response code, response information, return value of contract call, and process output of contract call.
The method of claim 18, further comprising:

The client receives the first hash value obtained by the off-chain privacy computing node hashing the call request and the off-chain privacy calculation result;

The client generates a second hash value of the call request, and compares the first hash value with the second hash value;

The client determines whether the off-chain privacy calculation result is reliable according to the comparison result.
The method of claim 18, further comprising:

In the case that the off-chain contract is a stateless contract, the input data of the off-chain contract includes the historical state value of the contract state defined in the off-chain contract.
A method of invoking a contract, including:

The blockchain node obtains an encrypted call request, the call request includes the identification information of the off-chain contract and the information of the input parameter data;

The blockchain node transmits the encrypted call request to the off-chain private computing node through the oracle mechanism, and the identification information and the information of the input data are trusted and executed off-chain by the off-chain private computing node After decryption in the environment, the identification information is used to instruct the off-chain private computing node to obtain the bytecode of the off-chain contract, and execute the byte code through the virtual machine deployed in the off-chain trusted execution environment Code to perform off-chain privacy calculation on the input parameter data;

The blockchain node receives the off-chain privacy calculation result fed back by the off-chain privacy computing node through the oracle mechanism.
The method according to claim 32, wherein the block chain node obtaining the encrypted call request includes:

The blockchain node extracts the call request from the transaction submitted by the client; or,

The blockchain node executes the on-chain contract in the trusted execution environment on the chain created by itself according to the transaction submitted by the client to generate a call request.
The method of claim 32, further comprising:

The blockchain node directly feeds back the calculation result to the client; or,

The blockchain node updates the blockchain ledger data according to the received calculation result.
The method according to claim 32, wherein the blockchain node transmits the encrypted call request to the off-chain privacy computing node through the oracle mechanism, including:

The blockchain node directly transmits the encrypted call request to the off-chain private computing node through the oracle mechanism; or,

In the case that the off-chain privacy computing node belongs to the off-chain privacy computing cluster, the blockchain node transmits the encrypted call request to the control node of the off-chain privacy computing cluster through the oracle mechanism, so that all The control node forwards the call request.
According to the method of claim 32, the call request is encrypted by the public key of the node asymmetric key pair and then transmitted, and the private key of the asymmetric key pair is maintained by the off-chain privacy computing node.
According to the method of claim 36, when the off-chain private computing node belongs to an off-chain private computing cluster, the private key of the node asymmetric key pair is only maintained by the off-chain private computing node, Or the private key of the node asymmetric key pair is jointly maintained by all the off-chain privacy computing nodes in the off-chain privacy computing cluster.
According to the method of claim 32, the information of the input data is encrypted by the public key of the contract asymmetric key pair, and the contract asymmetric key is available to the off-chain privacy computing node by the off-chain private computing node. The letter is generated in the execution environment in advance and corresponds to the identity of the off-chain contract.
The method according to claim 32, the block chain node receiving the calculation result fed back by the off-chain privacy computing node through the oracle mechanism, comprising:

In the case that the call request also includes the information of the identity public key of the specified object, the blockchain node receives that the off-chain privacy computing node uses the identity public key to encrypt the execution result and returns it Ciphertext of the calculation result.
The method of claim 32, further comprising:

The blockchain node receives the first hash value obtained by the off-chain privacy computing node hashing the call request and the off-chain privacy calculation result;

The blockchain node feeds back the first hash value and the off-chain privacy calculation result to the requesting party, and the first hash value is used for the second call request generated by the requesting party. The hash value is compared, and the comparison result is used to determine whether the off-chain privacy calculation result is reliable.
The method of claim 32, further comprising:

In the case that the off-chain contract is a stateless contract, the input data of the off-chain contract includes the historical state value of the contract state defined in the off-chain contract.
A method of invoking a contract, including:

The control node receives an encrypted call request, the call request includes the identification information of the off-chain contract and the information of the input parameter data;

The control node forwards the call request to the off-chain privacy computing node selected from the off-chain privacy computing cluster;

The control node will feed back the off-chain privacy calculation result received from the off-chain privacy computing node.
The method according to claim 42, wherein the control node receives the encrypted call request, comprising:

The control node receives the call request transmitted by the blockchain node through the oracle mechanism; or,

The control node receives the off-chain call request directly sent by the client.
The method of claim 42, further comprising:

The control node directly feeds back the off-chain privacy calculation result to the client; or,

The control node feedbacks the off-chain privacy calculation result through the oracle mechanism.
The method according to claim 42, wherein the call request is encrypted by the public key of the node asymmetric key pair and then transmitted, and the private key of the asymmetric key pair is maintained by the off-chain privacy computing node.
The method according to claim 45, the private key of the node asymmetric key pair is only maintained by the off-chain private computing node; the control node forwards the call request to the off-chain private computing cluster The selected off-chain privacy computing nodes include:

In the case where the target node of the encrypted call request is set as the off-chain private computing node, the control node forwards the call request to the off-chain private computing node;

In the case that the target node of the encrypted call request is not set, the control node forwards the call request to all off-chain privacy computing nodes in the off-chain privacy computing cluster.
According to the method of claim 42, the private key of the node asymmetric key pair is jointly maintained by all the off-chain privacy computing nodes in the off-chain privacy computing cluster; the control node forwards the call request to The off-chain privacy computing node selected from the off-chain privacy computing cluster includes:

The control node selects the off-chain privacy computing node from the off-chain privacy computing cluster according to the load balancing algorithm, and forwards the call request to the off-chain privacy computing node.
The method of claim 42, further comprising:

The control node receives the first hash value obtained by the off-chain privacy computing node performing a hash operation on the call request and the off-chain privacy calculation result;

The control node forwards the first hash value and the off-chain privacy calculation result to the requesting party, and the first hash value is used to communicate with the second hash value of the call request generated by the requesting party. Comparison, the comparison result is used to determine whether the off-chain privacy calculation result is reliable.
The method of claim 42, further comprising:

In the case that the off-chain contract is a stateless contract, the input data of the off-chain contract includes the historical state value of the contract state defined in the off-chain contract.
A method of invoking a contract, including:

The privacy computing node receives the encrypted call request, and decrypts in the trusted execution environment to obtain the identification information of the smart contract and the information of the input parameter data included in the call request;

The privacy computing node calls the pre-deployed bytecode of the smart contract according to the identification information, and executes the bytecode through the virtual machine deployed in the trusted execution environment to perform the input data Perform privacy calculations;

The private computing node encrypts and feeds back the obtained private computing result in a trusted execution environment.
The method according to claim 50, wherein the encrypted call request received by the privacy computing node includes:

The privacy computing node directly receives the encrypted call request from the client; or,

In the case that the private computing node belongs to a private computing cluster, the private computing node receives an encrypted call request forwarded by the control node of the private computing cluster.
According to the method of claim 50, the call request is transmitted after being encrypted by the public key of the node asymmetric key pair, and the private key of the node asymmetric key pair is maintained by the privacy computing node.
According to the method of claim 52, the private computing node belongs to a private computing cluster, and the private key of the node asymmetric key pair is only maintained by the private computing node;

In a case where the target node of the encrypted call request is set as the private computing node, the encrypted call request is received by the control node of the private computing cluster and forwarded to the private computing node;

In the case where the target node of the encrypted call request is not set, the encrypted call request is received by the control node and forwarded to all private computing nodes in the private computing cluster.
According to the method of claim 52, the private computing node belongs to a private computing cluster, and the private key of the node asymmetric key pair is jointly maintained by all private computing nodes in the private computing cluster;

The private computing node is selected from the private computing cluster by the control node of the private computing cluster according to a load balancing algorithm, and the encrypted call request is received by the control node and forwarded to the private computing node.
The method of claim 50, further comprising:

The privacy computing node performs a hash operation on the call request to obtain a first hash value;

The privacy calculation node associates feedback with the first hash value and the privacy calculation result, and the first hash value is used to compare with the second hash value of the call request generated by the client, and the comparison The result is used to determine whether the privacy calculation result is reliable.
The method of claim 50, further comprising:

In the case where the smart contract is a stateless contract, the input data of the smart contract includes the historical state value of the state defined in the smart contract.
A method of invoking a contract, including:

The client generates a call request, the call request includes the identification information of the smart contract and the information of the input data;

The client sends an encrypted call request to the private computing node. After the identification information and the information of the input data are decrypted by the private computing node in a trusted execution environment, the identification information is used to indicate The privacy computing node obtains the bytecode of the smart contract, and executes the bytecode through a virtual machine deployed in the trusted execution environment to perform a privacy calculation on the input parameter data.
The method according to claim 57, wherein the client sends an encrypted call request to the privacy computing node, including:

The client directly sends the encrypted call request to the privacy computing node; or,

In a case where the privacy computing node belongs to a privacy computing cluster, the client sends an encrypted call request to the control node of the privacy computing cluster, so that the control node forwards the call request.
According to the method of claim 57, the call request is encrypted by the public key of the node asymmetric key pair and then transmitted, and the private key of the node asymmetric key pair is maintained by the privacy computing node.
The method according to claim 59, when the private computing node belongs to a private computing cluster, the private key of the node asymmetric key pair is only maintained by the private computing node, or the node is asymmetric The private key of the key pair is jointly maintained by all private computing nodes in the private computing cluster.
The method of claim 57, further comprising:

The client receives the first hash value and the privacy calculation result obtained by the privacy calculation node performing the hash calculation on the call request;

The client generates a second hash value of the call request, and compares the first hash value with the second hash value;

The client determines whether the privacy calculation result is reliable according to the comparison result.
The method of claim 57, further comprising:

In the case that the smart contract is a stateless contract, the input data of the smart contract includes the historical state value of the contract state defined in the smart contract.
A method of invoking a contract, including:

The control node receives an encrypted call request directly sent by the client, and the call request includes the identification information of the smart contract and the information of the input parameter data;

The control node forwards the call request to the private computing node selected from the private computing cluster;

The control node feeds back the privacy calculation result received from the privacy calculation node.
The method according to claim 63, wherein the call request is encrypted by the public key of the node asymmetric key pair and then transmitted, and the private key of the asymmetric key pair is maintained by the privacy computing node.
According to the method of claim 64, the private key of the node asymmetric key pair is only maintained by the private computing node; the control node forwards the call request to the selected from the private computing cluster Privacy computing nodes, including:

In the case where the target node of the encrypted call request is set as the private computing node, the control node forwards the call request to the private computing node;

In the case where the target node of the encrypted call request is not set, the control node forwards the call request to all private computing nodes in the private computing cluster.
The method according to claim 64, the private key of the node asymmetric key pair is jointly maintained by all private computing nodes in the private computing cluster; the control node forwards the call request to the slave private computing cluster The privacy computing node selected in includes:

The control node selects the privacy computing node from the privacy computing cluster according to a load balancing algorithm, and forwards the call request to the privacy computing node.
The method of claim 63, further comprising:

The control node receives the first hash value and the privacy calculation result obtained by the privacy calculation node performing a hash operation on the call request;

The control node forwards the first hash value and the privacy calculation result to the requesting party, where the first hash value is used to compare with the second hash value of the call request generated by the client, and The comparison result is used to determine whether the privacy calculation result is reliable.
The method of claim 63, further comprising:

In the case that the smart contract is a stateless contract, the input data of the smart contract includes the historical state value of the contract state defined in the smart contract.
A device for invoking a contract, including:

The receiving and decrypting unit enables the off-chain private computing node to receive the encrypted call request, and decrypt it in the off-chain trusted execution environment to obtain the identification information of the off-chain contract and the information of the input data contained in the call request;

The calling and execution unit enables the off-chain private computing node to invoke the bytecode of the pre-deployed off-chain contract according to the identification information, and execute all the data through the virtual machine deployed in the off-chain trusted execution environment The bytecode is used to perform off-chain privacy calculation on the input parameter data;

The feedback unit enables the off-chain privacy computing node to encrypt and feed back the obtained off-chain privacy calculation results in an off-chain trusted execution environment.
A device for invoking a contract, including:

The generating unit enables the client to generate a call request, the call request including the identification information of the off-chain contract and the information of the input data;

The sending unit enables the client to send an encrypted call request to the off-chain private computing node, and the identification information and the information of the input parameter data are decrypted by the off-chain private computing node in the off-chain trusted execution environment After being obtained, the identification information is used to instruct the off-chain privacy computing node to obtain the bytecode of the off-chain contract, and execute the bytecode through the virtual machine deployed in the off-chain trusted execution environment to verify The input data is subjected to off-chain privacy calculations.
A device for invoking a contract, including:

The obtaining unit enables the blockchain node to obtain the encrypted call request, the call request including the identification information of the off-chain contract and the information of the input data;

The transmission unit enables the blockchain node to transmit the encrypted call request to the off-chain private computing node through the oracle mechanism, and the identification information and the information of the input data are transferred to the off-chain private computing node by the off-chain private computing node. After being decrypted in the trusted execution environment, the identification information is used to instruct the off-chain private computing node to obtain the bytecode of the off-chain contract, and execute it through the virtual machine deployed in the off-chain trusted execution environment The bytecode is used to perform off-chain privacy calculation on the input data;

The receiving unit enables the blockchain node to receive the off-chain privacy calculation result fed back by the off-chain privacy computing node through the oracle mechanism.
A device for invoking a contract, including:

The receiving unit enables the control node to receive an encrypted call request, the call request including the identification information of the off-chain contract and the information of the input data;

A forwarding unit to enable the control node to forward the call request to the off-chain privacy computing node selected from the off-chain privacy computing cluster;

The feedback unit enables the control node to feed back the off-chain privacy calculation result received from the off-chain privacy computing node.
A device for invoking a contract, including:

The receiving and decrypting unit enables the privacy computing node to receive the encrypted call request, and decrypt in a trusted execution environment to obtain the identification information of the smart contract and the information of the input parameter data contained in the call request;

The calling and computing unit enables the privacy computing node to call the pre-deployed bytecode of the smart contract according to the identification information, and execute the bytecode through the virtual machine deployed in the trusted execution environment to Perform privacy calculation on the input parameter data;

The encryption and feedback unit enables the private computing node to encrypt and feed back the obtained private computing results in a trusted execution environment.
A device for invoking a contract, including:

Generating a call request unit to enable the client to generate a call request, the call request including the identification information of the smart contract and the information of the input parameter data;

Send a call request unit to enable the client to send an encrypted call request to the private computing node. After the identification information and the information of the input data are decrypted by the private computing node in a trusted execution environment, The identification information is used to instruct the privacy computing node to obtain the bytecode of the smart contract, and execute the bytecode through a virtual machine deployed in the trusted execution environment to perform privacy calculation on the input data.
A device for invoking a contract, including:

Receiving a call request unit to enable the control node to receive an encrypted call request directly sent by the client, the call request including the identification information of the smart contract and the information of the input parameter data;

A forwarding call request unit to enable the control node to forward the call request to the private computing node selected from the private computing cluster;

The privacy calculation result feedback unit enables the control node to feed back the privacy calculation result received from the privacy calculation node.
An electronic device including:

processor;

A memory for storing processor executable instructions;

Wherein, the processor implements the method according to any one of claims 1-68 by running the executable instruction.
A computer-readable storage medium having computer instructions stored thereon, which, when executed by a processor, implement the steps of the method according to any one of claims 1-68.