CH716283A2 - A method of distributed processing, within a blockchain network and sub-enclaves, of computer data encrypted by means of an encrypted application. - Google Patents

Abstract

The invention relates to a method for processing, within a blockchain network (1), computer data (15) contained in a first encrypted container (19), by means of a third-party application (17) contained in a second. encrypted container (21), this processing being carried out in a distributed manner within cryptographic enclaves (8M, 8E). The result (28) is entered as a transaction on the blockchain.

Description

TECHNICAL AREA

The invention relates to the field of computing, and more specifically to the field of computer data processing, in a network, by means of an application.

PRIOR ART

A computer program comprises instructions by means of which, by means of a processing unit, operations are carried out on input data, to provide, from these- ci, output data or result.

[0003] Mass data processing (in English big data) is tending to industrialize. Specialized programs scrutinize the data flows (in particular the personal data of users) circulating on the Web, analyze this data, perform calculations (in particular statistics) and then store their results in databases for the purposes of subsequent exploitation (especially commercial).

To prevent their personal data from being used without their authorization, or to maintain relative anonymity on the Web, some users take the precaution of encrypting them.

[0005] Some data are moreover (or should be) the subject of systematic encryption, because of their confidential nature (typically health data or financial data), the bodies responsible for their management (hospitals, banks) being subject to professional secrecy obligations, and as such responsible for any use that may be made of it by unauthorized third parties.

[0006] The encrypted data is however inaccessible - and therefore unusable - for those who do not have an appropriate cryptographic key allowing their decryption.

However, there are many cases where the owner of the data (typically a patient of a medical institute or a client of a bank) may wish, under conditions, to authorize an interested third party to process the data, without however, communicate the decryption key to this third party, nor authorize him to fully access the data when only part of this data is likely to interest him.

Conversely, the interested third party may wish to keep secret, vis-à-vis still other third parties, its own analysis routines, and encrypt the programmatic data of its applications, the development of which is the result of knowledge. -make valuable.

[0009] Furthermore, it may be desirable, in particular for the sender, to keep (or access) a trace of what data has been processed.

The invention aims to offer a solution to these problems, by proposing a method of processing, in a network, of encrypted data which allows both an application to process this data without affecting their confidentiality, and the application. itself to remain confidential.

SUMMARY OF THE INVENTION

A method is proposed for processing computer data within a peer-to-peer network composed of a plurality of nodes forming a distributed database on which is stored, by replication on each node, a chain of blocks, by means of a third-party application in the form of one or more programmatic data file (s), this method comprising the operations consisting in: Encrypt the data to be processed to form a first encrypted data container; Store separately, on the network, the first encrypted container and a first decryption cryptographic key thereof; Encrypt the third party application programmatic data file (s) to form a second encrypted container; Store separately, on the network, the second container and an associated second cryptographic decryption key; Send, from a third-party terminal and to the network, a request for data processing by the third-party application; On receipt of the processing request by at least one node of the network, select within the network at least one node, called master node, equipped with a computer processing unit, called master, in which an execution environment is implemented secured by cryptography, called enclave; Instantiate the so-called master enclave of the master node; Loading into the master enclave the first container and the associated first cryptographic decryption key, as well as the second container and the associated second cryptographic decryption key; Enter in a block of the block chain, by one or more nodes of the network, at least one transaction containing a digital fingerprint of the processing request and / or of the loading thus carried out; Select one or more computer processing units, called slaves, networked to the master processing unit, and in each of which a so-called slave enclave is implemented; Instantiate slave enclaves; Establish an encrypted connection between the master enclave and the slave enclaves; In the master enclave, decrypt the data from the first of the first container using the associated first decryption cryptographic key, and decrypt the program data file (s) of the contained third-party application (s) (s) in the second container by means of the associated second cryptographic decryption key; Share, from the master enclave, all or part of the data to be processed, from the first container, to the slave enclaves; Share, from the master enclave, all or part of the application's programmatic data file (s) to the slave enclaves; Share, from the master enclave and towards the slave enclaves, the execution of the third-party application on the data to be processed; Outside the enclaves, store the result of this execution on a predefined memory location; Register in a block of the blockchain, by one or more nodes of the network, at least one transaction containing a digital fingerprint of this result.

[0012] According to a preferred embodiment, prior to the operation for storing the result outside the enclave, an operation for aggregating the result in the master enclave is provided.

BRIEF DESCRIPTION OF THE FIGURES

Other objects and advantages of the invention will become apparent in the light of the description of an embodiment, given below with reference to the accompanying drawings in which: <tb> <SEP> LaFIG.1 is a simplified block diagram illustrating a peer-to-peer network on which a chain of blocks is distributed; <tb> <SEP> LaFIG.2 is a simplified functional diagram illustrating different components of a computer processing unit involved in the creation and operation of a secure execution environment called an enclave; <tb> <SEP> LaFIG.3 is a functional diagram illustrating the storage of encrypted data to be processed and of an also encrypted application; <tb> <SEP> LaFIG.4 is a functional diagram illustrating the processing of data by the application; <tb> <SEP> LaFIG.5 is a diagram illustrating the exchanges between the various stakeholders for data processing.

DETAILED DESCRIPTION OF THE INVENTION

The proposed method aims to treat, confidentially, computer data by means of a third-party application (that is to say from a publisher separate from the sender of the data).

Without being limited to it, the proposed treatment method exploits, by combining them, the functionalities offered by two relatively recent technologies, of which it seems useful to make a preliminary description before going into the details of the method, namely: Blockchain technology or, in Anglo-Saxon terminology, blockchain (in what follows, Anglo-Saxon terminology will be preferred, because of its common use in most languages, including French); The technology of the secure execution environment or, in English terminology, of the trusted execution environment (TEE).

[0016] Blockchain technology is organized in layers. She understands : A layer of hardware infrastructure, called a “blockchain network”; A protocol layer called the “blockchain protocol”; An information layer, called the “blockchain register”.

The blockchain network is a decentralized computer network, called a peer-to-peer network (in Peer-to-Peer or P2P terminology), made up of a plurality of computers (in the functional sense of the term: it is a device provided with a programmable computer processing unit, which can be in the form of a smartphone, a tablet, a desktop computer, a workstation, a physical or virtual server, that is to say a computing and memory space allocated within a physical server and on which an operating system or an operating system emulation is running), called "nodes" with reference to the theory of graphs, capable of communicating with each other (ie exchanging computer data), two by two, by means of wired or wireless links.

A network1blockchain comprising nodes2communicating by links3is illustrated in theFIG.1. For the sake of simplification and conformity with graph theory, on FIG.1, the nodes2 of the network1 are represented by circles; the bonds3, by edges connecting the circles. In order not to overload the drawing with lines, only certain links3 between nodes2 are shown.

[0019] The nodes2 can be scattered over large geographic regions; they can also be grouped into smaller geographic regions.

The blockchain protocol is in the form of a computer program implemented in each node2 of the network1 blockchain, and which includes, in addition to dialogue functions - that is to say exchange of computer data - with the other nodes2 of the network1 , a calculation algorithm which, from input data called "transactions" (which are transcriptions of interactions between one or more transmitting computer terminals and one or more recipient computer terminals): <tb> <SEP> - Builds structured data files4 called "blocks", each block4 including a body4containing digital transaction fingerprints, and a header4Bcontaining: <tb><SEP> <SEP> o A sequence number, or row, or height (height in English), in the form of an integer which designates the position of block4 within a chain in the order growing from an initial block (Genesis block); <tb><SEP> <SEP> o A unique digital fingerprint of body4A data; <tb><SEP> <SEP> o A unique digital fingerprint, called a pointer, of the header of the previous block4, <tb><SEP> <SEP> o A timestamp data; <tb> <SEP> - Implements a mechanism for validating blocks4 by consensus between all or part of the nodes2; <tb> <SEP> - Concatenates validated blocks4 to form a register5 (the blockchain register) in the form of an aggregate in which each block4 is mathematically linked to the previous one by its pointer.

The slightest modification of the data of the body4Aou of the header4B of a bloc4affects the value of its digital fingerprint and consequently breaks the link existing between this bloc4 thus modified and the next bloc4 whose pointer no longer corresponds.

[0022] According to a particular embodiment, the digital fingerprint of each bloc4 is a digest (or hash) of the data of bloc4, that is to say the result of a hash function applied to the data of block4 (including body4A and header4B except for the digital fingerprint itself). The hash function is typically SHA-256.

For a bloc4donné of rank N (N an integer), the pointer ensures with the preceding bloc4 of rank N-1 an unalterable link. Indeed, any modification of the data of block4 of rank N-1 would lead to the modification of its fingerprint, and therefore to a lack of correspondence between this (modified) fingerprint of block4 of rank N-1 and the pointer stored among the metadata of block4 of rank N.

The succession of blocks4 linked together two by two by correspondence of the pointer of a block4data of rank N with the digital fingerprint of the previous block of rank N-1 therefore constitutes the register5blockchain in the form of an aggregate of correlated blocks4, in which the slightest modification of the data of a block4 of rank N-1 results in a breaking of the link with the following block4 of rank N - and therefore the breaking of the blockchain register.

It is this particular structure which gives the data contained in the register5blockchain a reputation for immutability, guaranteed by the fact that the register5blockchain is replicated on all the nodes2 of the network1, obliging any attacker, not only to modify all the blocks4 of rank greater than the modified block4, but to deploy these modifications (even though the register5blockchain continues to be constituted by the nodes2 applying the blockchain protocol) to all the nodes2.

Regardless of the type of consensus applied by the block validation mechanism4, most blockchain technologies have the primary function of recording, in their blockchain ledger, transactions between one or more issuing terminals, and one or more. receiving terminals, interchangeably called "users".

Each user is associated with an account, called in a simplified manner "electronic wallet" (in English digital wallet), which contains a memory area and a programmatic interface having interaction functions with the 1blockchain network to submit transactions to it, and synchronization functions with the 5blockchain register to register, in the memory area, the transactions validated by registration in the 5blockchain register.

[0028] Unless otherwise indicated, and for the sake of simplicity, the simple expression "blockchain" or "blockchain" designates the register5blockchain itself.

Some recent blockchain technologies (Ethereum, typically) add to the three hardware (blockchain network), protocol (blockchain protocol) and informational (blockchain register) layers an application layer which is in the form of a development environment for programming applications, called “smart contracts”, which can be deployed on the ledger5blockchain from nodes2.

We will now briefly describe the technology of smart contracts.

[0031] A smart contract comprises two elements: An account, called a “Contract account”, in the memory area of which is written a source code containing computer instructions implementing the functions assigned to the smart contract; An executable code (in English Executable Bytecode) resulting from a compilation of the source code, this executable code being stored or deployed within the register5blockchain, that is to say inserted as a transaction in a block4 of the register5blockchain.

In the blockchain technology proposed by Ethereum, a smart contract is activated by a call (in English Call) sent by another account, said initiator account (which can be a user account or a contract account), this call is presenting in the form of a transaction containing, on the one hand, a reserve fund to be transferred (i.e. a payment) from the initiating account to the contract account and, on the other hand, initial conditions.

This call is recorded as a transaction in the register5blockchain. It triggers: The transfer of the reserve fund from the initiating account to the contract account; The designation, among the network1blockchain, of an execution node associated with a user account; The activation, in a computer processing unit of the execution node, of an execution environment or virtual machine (called Ethereum Virtual Machine or EVM in the case of Ethereum); The step-by-step execution of the steps for calculating the executable code by the virtual machine from the initial conditions, each step of calculation being accompanied by a transfer of a fraction (called gas in the case of Ethereum) of the reserve fund from the contract account to the user account of the execution node, until the calculation steps are exhausted, at the end of which a result is obtained; The entry (possibly in the form of a digital fingerprint) of this result as a transaction in the ledger5blockchain.

The initiating account retrieves (that is to say, in practice, downloads) the result when it is synchronized with the register5blockchain.

We now briefly introduce secure execution environments.

A secure execution environment (Trusted execution environment or TEE) is, within a computer processing unit provided with a processor or CPU (Central Processing Unit) 7, a temporary space for computing and storing data. , called (by convention) an enclave, or even cryptographic enclave, which is isolated, by cryptographic means, from any unauthorized action resulting from the execution of an application outside this space, typically the operating system.

[0037] Intel®, for example, from 2013 revised the structure and interfaces of its processors to include enclave functions, under the name Software Guard Extension, better known by the acronym SGX. SGX equips most of the XX86 type processors marketed by Intel® since 2015, and more specifically from the sixth generation incorporating the so-called Skylake microarchitecture. The enclave functions offered by SGX are not automatically accessible: they must be activated via the elementary input / output system (Basic Input Output System or BIOS).

It does not come within the requirements of the present description to detail the architecture of the enclaves, insofar as: <tb> <SEP> - Despite its relative youth, this architecture is relatively well documented, in particular by Intel® which has filed numerous patents, cf. e.g., among the most recent, the US patent application US 2019/0058696; <tb> <SEP> - Processors making it possible to implement them are available on the market - in particular the aforementioned Intel® processors; <tb> <SEP> - Only features allowed by the enclave are of interest to us here, these features can be implemented through specific command lines. As such, those skilled in the art may refer to the guide published in 2016 by Intel®: Software Guard Extensions, Developer Guide.

For a more accessible description of the enclaves, and more particularly of Intel® SGX, those skilled in the art can also refer to A. Adamski, Overview of Intel SGX - Part 1, SGX Internal, or to D. Boneh , Nickaming Schemes, Fast Verification, and Applications to SGX Technology, in Topics in Cryptology, CT - RSA 2017, The Cryptographers' Track at the RSA Conférence 2017, San Francisco, CA, USA, Feb. 14-17, 2017, Proceedings, pp. 149-164, or to K. Severinsen, Secure Programming with Intel SGX and Novel Applications, Thesis submitted for the Degree of Master in Programming and Networks, Dept. Of Informatics, Faculty of Mathematics and Natural Science, University of Oslo, Autumn 2017.

To summarize, with reference to theFIG.2, an enclave8includes, first of all, a secure memory zone9 (called Enclave Page Cache, in English Enclave Page Cache or EPC), which contains code and data relating to the 'enclave itself, and whose content is encrypted and decrypted in real time by a dedicated chip called the Memory Encryption Engine (MEE). The EPC9 is implemented within a part of the dynamic random access memory (DRAM) 10 allocated to the processor7, and to which ordinary applications (in particular the operating system) do not have access.

[0041] The enclave8 comprises, secondly, cryptographic keys used to encrypt or sign on the fly the data leaving the EPC9, whereby the enclave8 can be identified (in particular by other enclaves), and the The data it generates can be encrypted to be stored in unprotected memory areas (i.e. outside of the EPC9).

In order to be able to operate such an enclave8, an application11 must be segmented into, on the one hand, one or more unsecured parts12 (untrusted part (s)), and, on the other hand, one or more secure parts13 (in English trusted part (s)).

Only the processes induced by the secure part (s) 13 of the application11 can access the enclave8. The processes induced by the unsecured part (s) 12 cannot access the enclave8, i.e. they cannot dialogue with the processes induced by the part (s) (s) 13secure (s).

The creation (also called instantiation) of the enclave8 and the flow of processes within it are controlled via a set of particular instructions executable by the processor7et called by the part (s) 13secure (s) of the application11.

[0045] Among these instructions: ECREATE commands the creation of an enclave8; EINIT commands the initialization of the enclave8; EADD commands code loading into the enclave8; EENTER commands code execution in the enclave8; ERESUME commands a new execution of code in the enclave8; EEXIT controls the exit of enclave8, typically at the end of a process running in enclave8.

We have, on laFIG.2, functionally represented the enclave8 in the form of a block (in dotted lines) encompassing the secure part of the application11, the set14d'instructions of the processor7, and the EPC9. This representation is not realistic; it simply aims to visually group together the elements that make up or exploit the enclave8.

We will explain below how the enclaves are exploited.

As can be seen in laFIG.3, there is shown data 15 to be processed in the form of a file. These data15 can be in the form of one or more computer files. Data15 can be structured, e.g. in the form of database files, forms, spreadsheets, documents. It can also be raw, unstructured data.

These data15sont created, or temporarily stored, in clear (that is to say in unencrypted form), within a terminal16dit transmitter, connected to a network1blockchain.

The data processing is intended to be carried out by means of an application17tierce which is in the form of one or more programmatic data files (that is to say data representing instructions of a program of 'computer).

The programmatic data can be lines of code in high level language (source code). In this case, the programmatic data is typically in the form of text files. They can also be in the form of one or more intermediate code files (bytecode), or else in the form of one or more code files that can be executed directly by a processor.

The application 17 is created (or edited), or temporarily stored, in clear (that is to say in unencrypted form), within a terminal 18 said editor, also connected to the network1.

Before being stored on the network1 for future processing, the data15 is first encrypted to form a first encrypted data container19. The decryption of the first encrypted container can only be carried out by means of a first cryptographic decryption key. According to a particular embodiment, a single key 20 is used for both the encryption and the decryption. In this case, the encryption is said to be symmetric.

In the example illustrated, the encryption is carried out within the transmitter terminal16.

Once the encrypted data15, the first container19et the first decryption key20 are stored separately (here on distinct nodes2) on the network1.

Likewise, before being stored on the network1 for future use, the application17 is first encrypted to form a second encrypted container21. The decryption of the second encrypted container21 can only be carried out by means of a second decryption cryptographic key22. According to a particular embodiment, a single key 22 is used for both encryption and decryption. In this case, the encryption is said to be symmetric.

In the example illustrated, the encryption is carried out within the terminal18 Editor.

Once the application17 has been encrypted, the second container21 and the second decryption key22 are stored separately (here on distinct nodes2) on the network1.

The processing of the data15 can be requested by a third-party terminal (which can be confused with the publisher18). In this case, a request (REQ, FIG. 5) for processing the data 15 by the application 17 is sent by the terminal 23 third parties. According to an embodiment illustrated on theFIG.5, the request is addressed to an intelligent contract24 deployed on the blockchain5.

To carry out this processing, a first operation consists, on receipt of the data processing request REQ15, in selecting (SEL), within the network1 at least one node, called node2M master, equipped with a computer processing unit 6M, called master unit , in which an enclave8M, known as the master enclave, is implemented. This selection operation can be carried out, as illustrated in FIG. 5, by the smart contract.

A second operation consists in instantiating the enclave8M master.

A third operation consists (here at the request of the intelligent contract) in loading into the master enclave (preferably via secure communication lines, typically using the Transport Layer Security or TLS protocol): The first encrypted container19 and the first decryption cryptographic key20 associated with it; The second container 21 and the second decryption cryptographic key 22 associated with it.

To this end, the enclave8M master is advantageously provided, from its instantiation, with a communication interface emulation supporting the chosen protocol (here TLS) for the exchange of secure data.

A fourth operation consists in entering in a bloc4de the chain5de blocks, by one or more nodes2 of the network, at least one transaction containing a digital imprint of the processing request and / or of the loading thus carried out.

A fifth operation consists in selecting one or more computer processing units 6, called slaves, networked to the master processing unit 6, and in each of which an enclave 8 Edit slave is implemented. This selection operation can be carried out, as illustrated in FIG. 5, by the smart contract.

A sixth operation consists in instantiating the enclaves8Eesclaves.

A seventh operation consists in establishing an encrypted connection between the enclave8Mmistress and the enclaves8Esclaves.

An eighth operation consists, in the enclave8Mmistress, in decrypting the data of the first container19 by means of the first decryption key20. At the end of this operation, the data15 is accessible in clear in the enclave8M master (but not from outside it).

For this purpose, the enclave8Mmaîtresse is advantageously provided with a decryption module27.

A ninth operation consists, in the enclave8Mmistress, in decrypting the program (s) data file (s) of the application17thierce contained in the second container21, by means of the second decryption key22. This operation is performed here by the decryption module 27. At the end of this operation, the application 17 is accessible in clear in the enclave8 (but not from outside it).

A tenth operation consists, from the enclave8Mmistress, in sharing all or part of the data15 to be processed, coming from the first container19, to the enclaves8Esclaves.

An eleventh operation consists in sharing, from the enclave8Mmistress, all or part of the programmatic data of the application17 towards the enclaves8Slaves.

A twelfth operation then consists in sharing, from the enclave8Mmistress and towards the enclaves8Esclaves, the execution of the application17tierce on the data15 to be processed.

This execution is advantageously carried out, within each enclave8M, 8E, by a calculation module.

Each enclave8Esclave can execute part of the instructions of the application17, so that together all the enclaves8M, 8E execute all the instructions of the application17.

The division of tasks (corresponding to the instructions of the application17) is advantageously controlled by the enclave8Mmistress, which subcontracts to the enclaves8Esclaves the execution of all or part of the tasks.

When the application 17 is in the form of one (or more) executable file (s), this execution can be carried out directly. When the application17 is in the form of source code or bytecode, it should be compiled first. In this case, a compilation program can be loaded into the master enclave8M, prior to execution.

The execution of the application17 on the data produces a result28. This result28 is stored, outside the enclave8, on a predefined memory location. Beforehand, an operation of aggregation of the result28 in the enclave8M master can be provided.

This result is then entered, in a block4of the chain5de blocks, by one or more nodes2 of the network (and for example on instruction of the intelligent contract24), at least one transaction containing a digital imprint of this result28.

Thanks to this method, the data 15 can be analyzed without being available in the clear outside the enclaves 8M, 8E, to which third parties do not have access. In addition, the data15 is not communicated to the publisher18 for it to carry out its application itself17. The editor18 therefore does not have the data15: it only has the result provided by the execution of its application17. This results in maintaining the confidentiality of data15, including vis-à-vis third parties who wish (and may be authorized to) analyze them.

Likewise, the application17 is not known to third parties (or can be copied by them) either, despite its availability for the processing of data15dans enclaves8M, 8E. As a result, the publisher18 is copy-protected while being able to process the data15 when authorized to do so.

The use of the blockchain5 also makes it possible to keep an unalterable trace of the exploitation of data (particularly personal data).

The fact of having the data processed in a distributed manner, within a network of enclaves5M, 5E, also makes it possible to have sufficient calculation and / or (temporary) storage resources (while maintaining confidentiality) when the data12 and / or the application14 are large.

Claims (2)

1. A method of processing computer data (15) within a peer-to-peer network (1) composed of a plurality of nodes (2) forming a distributed database on which is stored, by replication on each node (2), a chain (5) of blocks, by means of a third-party application (17) in the form of one or more programmatic data file (s), this method comprising the operations of: - Encrypt the data (15) to be processed to form a first encrypted data container (19); - Store separately, on the network (1), the first encrypted container (19) and a first cryptographic key (20) for decryption thereof; - Encrypt the program data file (s) of the third-party application (17) to form a second encrypted container (21); - Store separately, on the network (1), the second container (21) and a second associated cryptographic decryption key (22); - Sending, from a third-party terminal (23) and to the network (1), a data processing request (15) by the third-party application (17); - On receipt of the processing request by at least one node (2) of the network (1), select within the network (1) at least one node, called the master node (2M), equipped with a unit (6M) computer processing, called master, in which an execution environment secured by cryptography, called enclave (8M) is implemented; - Instantiate the enclave (8M), called master, of the master node (2M); - Loading into the master enclave (8) the first container (19) and the first associated cryptographic decryption key (20), as well as the second container (21) and the second associated cryptographic decryption key (22); - Enter in a block (4) of the chain (5) of blocks, by one or more nodes (2) of the network (1), at least one transaction containing a digital fingerprint of the processing request and / or loading as well carried out; - Select one or more computer processing units (6E), called slaves, networked to the master processing unit (6M), and in each of which is implemented an enclave (8E) called slave; - Instantiate the slave enclaves (8E); - Establish an encrypted connection between the master enclave (8M) and the slave enclaves (8E); - In the master enclave (8M), decrypt the data of the first of the first container (19) using the associated first decryption cryptographic key (20), and decrypt the programmatic data file (s) of the third party application (s) contained in the second container (21) by means of the associated second cryptographic decryption key (22); - Sharing, from the master enclave (8M), all or part of the data (15) to be processed, coming from the first container (19), to the slave enclaves (8E); - Share, from the master enclave (8M), all or part of the program data file (s) of the application to the slave enclaves (8E); - Share, from the master enclave (8M) and towards the slave enclaves (8E), the execution of the third-party application on the data (15) to be processed; - Outside the enclaves (8M, 8E), store the result (28) of this execution on a predefined memory location; - Enter in a block (4) of the chain (5) of blocks, by one or more nodes (2) of the network (1), at least one transaction containing a digital fingerprint of this result (28). 2. Method according to claim 1, which comprises, prior to the operation of storing the result (28) outside the enclave, an operation of aggregating the result (28) in the master enclave (8M).