CN109831298A - The method of security update key and node, storage medium in block chain - Google Patents
The method of security update key and node, storage medium in block chain Download PDFInfo
- Publication number
- CN109831298A CN109831298A CN201910100786.7A CN201910100786A CN109831298A CN 109831298 A CN109831298 A CN 109831298A CN 201910100786 A CN201910100786 A CN 201910100786A CN 109831298 A CN109831298 A CN 109831298A
- Authority
- CN
- China
- Prior art keywords
- key
- contract
- block chain
- chain node
- transaction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
Abstract
This specification one or more embodiment provides the method and node, storage medium of security update key in a kind of block chain, and this method may include: that block chain node determines the corresponding intelligent contract of the transaction received;The block chain node executes the intelligent contract in credible performing environment;The block chain node is encrypted when storing implementing result with key, and the key is generated by the block chain node according to the security key being stored in the credible performing environment;It is the security key of highest version by the security key update of lowest version, wherein the security key of lowest version is irreversibly calculated by the security key of highest version when the block chain node carries out version updating to the security key.
Description
Technical field
This specification one or more embodiment is related in block chain technical field more particularly to a kind of block chain safely more
The method and node of new key, storage medium.
Background technique
Block chain technology constructs on transmission network (such as point to point network).Network node in transmission network utilizes
Linked data structure is verified and storing data, and knows together algorithm using distributed node to generate and more new data.These areas
Node in block chain network is sometimes for increase.
Technically maximum two challenges are exactly privacy and performance to the block platform chain of enterprise-level at present, and often the two are chosen
War is difficult to solve simultaneously.Most solutions are all to exchange privacy for by losing performance, or less consider that privacy goes the property pursued
Energy.The encryption technology of common solution privacy concern, as homomorphic cryptography (Homomorphic encryption) and Zero Knowledge are demonstrate,proved
Complexities such as bright (Zero-knowledge proof) are high, poor universality, but also may bring serious performance loss.
In terms of solving privacy, credible performing environment (Trusted Execution Environment, TEE) is another
Kind settling mode.TEE can play the role of the black box in hardware, the code and data operating system layer executed in TEE all without
Method is peeped, and interface predetermined can just operate on it only in code.In terms of efficiency, due to the black box property of TEE,
Carry out operation in TEE is clear data, rather than the complicated cryptography arithmetic in homomorphic cryptography, calculating process efficiency do not have
Loss, thus combine with TEE the safety that block chain can be largely promoted under the premise of performance loss is lesser and
Privacy.Industry very pays close attention to the scheme of TEE at present, and the chip and software league of nearly all mainstream have the TEE of oneself
Solution, TPM (Trusted Platform Module, reliable platform module) and hardware side including software aspects
Intel SGX (Software Guard Extensions, software protection extension), the ARM Trustzone (trusted domain) in face and
AMD PSP (Platform Security Processor, platform safety processor).
Summary of the invention
In view of this, this specification one or more embodiment provide in a kind of block chain the method for security update key and
Node, storage medium.
To achieve the above object, it is as follows to provide technical solution for this specification one or more embodiment:
According to this specification one or more embodiment in a first aspect, proposing security update key in a kind of block chain
Method, comprising:
Block chain node determines the corresponding intelligent contract of the transaction received;
The block chain node executes the intelligent contract in credible performing environment;
The block chain node is encrypted when storing implementing result with key, the key by the block chain node according to
The security key that is stored in the credible performing environment and generate;
It is height by the security key update of lowest version when the block chain node carries out version updating to the security key
The security key of version, wherein the security key of lowest version is irreversibly calculated by the security key of highest version.
According to the second aspect of this specification one or more embodiment, security update key in a kind of block chain is proposed
Node, comprising:
Determination unit, for determining the corresponding intelligent contract of transaction received;
Execution unit, for executing the intelligent contract in credible performing environment;
Storage unit, for storing implementing result;
Encryption unit, for being encrypted when storing implementing result with key, the key by the block chain node according to
The security key that is stored in the credible performing environment and generate;
The security key update of lowest version is height when for carrying out version updating to the security key by updating unit
The security key of version, wherein the security key of lowest version is irreversibly calculated by the security key of highest version.
According to the third aspect of this specification one or more embodiment, a kind of computer readable storage medium is proposed,
The step of being stored thereon with computer instruction, method as described in relation to the first aspect realized when which is executed by processor.
Detailed description of the invention
Fig. 1 is a kind of schematic diagram for creation intelligence contract that an exemplary embodiment provides.
Fig. 2 is a kind of schematic diagram for calling intelligence contract that an exemplary embodiment provides.
Fig. 3 is the schematic diagram of a kind of creation and the intelligent contract of calling that an exemplary embodiment provides.
Fig. 4 is the flow chart that the method for secret protection is realized in a kind of block chain of exemplary embodiment offer.
Fig. 5 is a kind of schematic diagram for processing block chain transaction that an exemplary embodiment provides.
Fig. 6 is a kind of schematic diagram for key version evolution that an exemplary embodiment provides.
Fig. 7 is a kind of schematic diagram of the data structure for contract state that an exemplary embodiment provides.
Fig. 8 is the composition figure that the node of secret protection is realized in a kind of block chain of exemplary embodiment offer.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to
When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment
Described in embodiment do not represent all embodiments consistent with this specification one or more embodiment.Phase
Instead, they are only some aspects phases with the one or more embodiments of as detailed in the attached claim, this specification
The example of consistent device and method.
It should be understood that the sequence that might not show and describe according to this specification in other embodiments executes
The step of correlation method.In some other embodiments, step included by method can than described in this specification more
It is more or less.In addition, single step described in this specification, may be broken down into other embodiments multiple steps into
Row description;And multiple steps described in this specification, it may also be merged into single step progress in other embodiments
Description.
Block chain is normally divided into three types: publicly-owned chain (Public Blockchain), privately owned chain (Private
) and alliance's chain (Consortium Blockchain) Blockchain.In addition, there are also a plurality of types of combinations, such as privately owned chain
The different combinations such as+alliance chain, alliance's chain+publicly-owned chain.It is publicly-owned chain that wherein decentralization degree is highest.Publicly-owned chain with than
Special coin, ether mill are representative, and the participant that publicly-owned chain is added can read data record on chain, participate in business and compete newly
Book keeping operation power of block etc..Moreover, each participant's (i.e. node) freely can be added and exit network, and carry out relevant operation.It is private
There is chain then on the contrary, the write-in permission of the network is by some tissue or mechanism controls, reading data permission is by organization prescribed.Simply
For, privately owned chain can be weak center's system, and participating in node has stringent limitation and less.Such block chain is more
It is suitable for using inside particular organization.Alliance's chain is then block chain between publicly-owned chain and privately owned chain, it can be achieved that " part
Decentralization ".Each node usually has corresponding physical mechanism or tissue in alliance's chain;Participant is added by authorization
Enter network and composition interests correlation alliance, it is common to safeguard the operation of block chain.
Whether publicly-owned chain, privately owned chain or alliance's chain may all provide the function of intelligent contract.Intelligence on block chain
Contract is the contract that can be executed by transaction triggering on block catenary system.Intelligent contract can pass through the formal definition of code.
By taking ether mill as an example, user is supported to create in the network of ether mill and call the logic of some complexity, this is ether
Mill is different from the ultimate challenge of bit coin block chain technology.Ether mill is ether mill void as the core of a programmable block chain
Quasi- machine (EVM), each ether mill node can run EVM.EVM is the complete virtual machine of figure spirit, it means that can be with
The logic of various complexity is realized by it.It is exactly to run on EVM that user, which issues in ether mill and call intelligent contract,.It is real
On border, what virtual machine was directly run is virtual machine code (Virtual Machine bytecodes, lower abbreviation " bytecode ").It is deployed on block chain
Intelligent contract can be the form of bytecode.
Such as shown in Fig. 1, after a transaction comprising the intelligent contract information of creation is sent ether mill network by Bob, section
The EVM of point 1 can execute this and trade and generate corresponding contract example.What the data field of transaction saved can be byte
Code, the to field of transaction are an empty account.After being reached an agreement between node by common recognition mechanism, this contract is successfully created,
Subsequent user can call this contract.
Contract creation after, on block chain occur a contract account corresponding with the intelligence contract, and possess one it is specific
Address, contract code and account storage will be stored in the contract account.The behavior of intelligent contract is controlled by contract code, and
The account storage of intelligent contract then saves the state of contract.In other words, intelligent contract to generate on block chain comprising closing
The about virtual account of code and account storage (Storage).
In addition, as shown in Fig. 2, Bob is by one comprising calling the transaction of intelligent contract information to send still by taking ether mill as an example
To after the network of ether mill, the EVM of node 1 can execute this and trade and generate corresponding contract example.It trades in 2 in figure
From field is the address for initiating to call the account of intelligent contract, and " 0x692a70d2 ... " in field represents called
The address of intelligent contract, value field are the value of ether coin in ether mill, and the calling that the data field of transaction saves intelligently is closed
Method and parameter about.After calling intelligent contract, the value of balance may change.Subsequent, some client can be by a certain
Block chain node checks the current value of balance.
Intelligent contract can be executed by each node disjoint of the defined mode in block chain network, all execution
Record and data are all stored on block chain, so just saving on block chain can not distort, no after the completion of such transaction
The transaction certificate that can be lost.
It creates intelligent contract and calls the schematic diagram of intelligent contract as shown in Figure 3.An intelligence is created in ether mill to close
About, it needs by writing intelligent contract, becoming bytecode, be deployed to the processes such as block chain.Intelligent contract is called in ether mill, is
The transaction for being directed toward intelligent contract address is initiated, intelligent contract code operates in each node in the network of ether mill in a distributed manner
Virtual machine in.
Below in conjunction with the realization for the embodiment of the method for illustrating to realize that contract calls in one block chain of this specification shown in Fig. 4
Journey:
Step 402, the first block chain node determines the corresponding intelligent contract of the transaction received.
In one embodiment, transaction can be committed to the first block chain node by client.For example, user is raw in client
After the transaction, transaction is committed to by the first block chain node by the client.By taking Fig. 5 as an example, in the first block chain node
Comprising transaction/query interface, which can dock with client, and client is submitted to the first block chain node and is handed over
Easily.
The transaction can also be forwarded to the first block chain node by the second block chain node.For example, user is raw in client
After the transaction, which is committed to by the second block chain node by the client;Then, the second block chain link point is further
The transaction is forwarded to the first block chain node.By taking Fig. 5 as an example, above-mentioned interface can be docked with other block chain nodes, such as should
Other block chain nodes may include the second above-mentioned block chain node, allow the second block chain node to the first block chain
Node transmitted transaction.Similarly, the second block chain node can also be docked by the transaction/query interface of itself with client, with
Receive the transaction that client is submitted.
Such as proved using proof of work (Proof of Work, POW) and equity (Proof of Stake,
POS), equity is appointed to prove in the block chain network of the common recognition such as (Delegated Proof of Stake, DPOS) algorithm, second
Block chain node is after the transaction for receiving client submission, other blocks of diffusion immediately (as broadcasted) into ether mill network
Chain node.
Using practical Byzantine failure tolerance (Practical Byzantine Fault Tolerance, PBFT) for another example
Etc. in the block chain network of mechanism, accounting nodes have been agreed upon before epicycle book keeping operation, so that the second block chain node is receiving
After the transaction that client is submitted, if itself not being accounting nodes, which is sent to fixed accounting nodes, so that
The accounting nodes transmit transaction (including the transaction) to each verifying node in the further common recognition stage.And when second
It, can be with after other block chain link points receive the transaction of client submission when block chain node itself is fixed accounting nodes
Transaction is forwarded to the second block chain node;Then, the second block chain node can common recognition the stage by above-mentioned transaction (or also
Including other transaction) it transmits to each verifying node, including the first block chain node.
In one embodiment, the transaction can be labeled as, so that first by privacy transaction by the mark of transaction level
Block chain node determines that the corresponding implementing result (the contract state that such as intelligence contract is related to) of the intelligent contract needs to encrypt
After store.For example, type field can be added in transaction, the first block chain is allowed to identify type of transaction in plain text accordingly
Transaction or privacy transaction.In the related art, such as in the network of ether mill, transaction generally comprises the words such as to, value, data
Section.And the present embodiment increases by a type field on the basis of the relevant technologies in transaction, for example is characterized as type field, and
Based on the value of the type field, show the type of relationship trading;For example, showing correlation when type field is the first value
Transaction is trades in plain text, when type field is the second value, shows relationship trading for privacy transaction.
In one embodiment, the intelligent contract can be labeled as by privacy processing type by the mark of contract rank,
So that the first block chain node determines the corresponding implementing result (the contract state that such as intelligence contract is related to) of the intelligent contract
It needs to store after encrypting.For example, there may be the processing types of the intelligent contract mark to required calling in transaction, so that first
Block chain node can use corresponding place to the intelligent contract that the transaction is called for the processing type marked in the transaction
Reason operation.For example, may include a type field in the code of intelligent contract, the first block chain node can be based on each intelligence
The value of contained type field in the code of contract determines that the intelligence contract is privacy processing type or handles type in plain text;
For another example, it may include that privacy identifier, the intelligent contract of processing type can be in plain text in the intelligent contract of privacy processing type
Not comprising the privacy identifier;For another example, the intelligent contract of processing type may include plaintext identifier, privacy processing class in plain text
The intelligent contract of type can not include the plaintext identifier;Correspondingly, the first block chain node can be based on above-mentioned difference, distinguish
The intelligent contract of different disposal type.
In one embodiment, when the transaction is in encrypted state, the first block chain node can be in credible execution ring
The decryption transaction in border (Trusted Execution Environment, TEE).TEE is that the safety based on CPU hardware expands
Exhibition, and the credible performing environment completely isolated with outside.TEE is the concept proposed by Global Platform earliest, for solving
Certainly in mobile device resource security isolation, be parallel to operating system and credible and secure performing environment be provided for application program.ARM
Trust Zone technology realize the TEE technology of real commercialization earliest.
Along with the high speed development of internet, safe demand is higher and higher, is not limited only to mobile device, cloud device,
Data center all proposes more demands to TEE.The concept of TEE has also obtained the development and expansion of high speed.Now described
TEE is compared to the TEE for the concept initially proposed being more broad sense.For example, server chips manufacturer Intel, AMD etc. are first
It is proposed the TEE of hardware auxiliary afterwards and enriches the concept and characteristic of TEE, is had been widely recognized in industry.It mentions now
The TEE risen usually more refers to the TEE technology of this kind of hardware auxiliary.Different from mobile terminal, cloud access needs to remotely access, terminal
User is invisible to hardware platform, therefore seeks to the genuine and believable of confirmation TEE using the first step of TEE.Therefore present TEE
Technology all introduces remote proving mechanism, is endorsed by hardware vendor (mainly CPU manufacturer) and is ensured by digital signature technology
User can verify that TEE state.It is simultaneously only the demand for security that the resource isolation of safety is also unable to satisfy, further data
Secret protection is also suggested.Including Intel SGX, the commercial TEE including AMD SEV also both provides memory encryption technology, will
Reliable hardware is limited to inside CPU, and the data of bus and memory are that ciphertext prevents malicious user from being spied upon.For example, Ying Te
Your software protection extends code execution, remote proving, security configuration, the secure storage of data such as (SGX) TEE technology insulation
And the trusted path for executing code.The application program run in TEE is kept safe, as a consequence it is hardly possible to by third
Side's access.
By taking Intel SGX technology as an example, SGX provides enclosure (enclave, also referred to as enclave), i.e., one adds in memory
Close credible execution region, protects data not to be stolen by CPU.By taking the first block chain node is using the CPU for supporting SGX as an example,
Using newly-increased processor instruction, a part of region EPC (Enclave Page Cache, enclosure page can be distributed in memory
Face caching or enclave page cache), by the crypto engine MEE (Memory Encryption Engine) in CPU to wherein
Data encrypted.The content encrypted in EPC, which only enters after CPU, can just be decrypted into plain text.Therefore, in SGX, user
It can distrust operating system, VMM (Virtual Machine Monitor, monitor of virtual machine), even BIOS (Basic
Input Output System, basic input output system), it is only necessary to trust CPU just and can ensure that private data will not leak.
It in practical application, is transferred in enclosure after private data being encrypted with ciphertext form, and will be corresponding by remote proving
Code key is also passed to enclosure.Then, operation is carried out using data under the encipherment protection of CPU, as a result can be returned with ciphertext form.This
Under kind mode, powerful calculating power not only can use, but also do not have to concern of data and leak.
It is assumed that above-mentioned transaction is generated by user in a certain client, which can be firstly generated in transaction in plain text
Hold, then encrypts the plaintext transaction content with key.The encryption can use symmetric cryptography, can also use asymmetric
Encryption.Correspondingly, the first block chain node can decrypt the transaction with corresponding key, to obtain plaintext transaction content.Such as
Fruit client symmetric cryptography mode encrypts plaintext transaction content with the private key of symmetric encipherment algorithm, then correspondingly, first
Block chain node can decrypt the transaction with the private key of the symmetric encipherment algorithm.The Encryption Algorithm that symmetric cryptography uses, example
DES algorithm in this way, 3DES algorithm, TDEA algorithm, Blowfish algorithm, RC5 algorithm, IDEA algorithm etc..Symmetric encipherment algorithm
Key, such as can be and negotiate to determine by client and the first block chain node.
If encrypted with the public key of rivest, shamir, adelman to plaintext transaction content, then phase with asymmetric encryption mode
Ying Di, the first block chain node can decrypt the transaction with the private key of the rivest, shamir, adelman.Rivest, shamir, adelman,
E.g. RSA, Elgamal, knapsack algorithm, Rabin, D-H, ECC (elliptic curve encryption algorithm) etc..Rivest, shamir, adelman
Key, such as can be and a pair of of public key and private key are generated by the first block chain node, and public key is sent to before step 402
The client, so that client described in step 402 can encrypt plaintext transaction content with key.
The key of rivest, shamir, adelman can also be generated by a Key Management server.Pass through the side of remote proving
Private key is sent to the first block chain node by formula, Key Management server, specifically, can be incoming first block chain node
In enclosure.First block chain node may include multiple enclosures, and the safety that above-mentioned private key can be passed into these enclosures is enclosed
Circle;For example, the safe enclosure can be QE (Quoting Enclave) enclosure, rather than AE (Application Enclave) encloses
Circle.For the public key of asymmetric encryption, the client can be sent to by Key Management server.Thus in step 402,
The client can use the public key encryption plaintext transaction content, and correspondingly, the first block chain node can use the private key solution
The close transaction, to obtain the plaintext transaction content that the transaction includes.
Client can also be in such a way that symmetric cryptography combination asymmetric encryption combines.For example, client use pair
Claim Encryption Algorithm encrypting plaintext transaction content, that is, uses the private key encryption plaintext transaction content of symmetric encipherment algorithm, and with non-right
Claim the private key used in Encryption Algorithm cryptographic symmetrical Encryption Algorithm.In general, using the public key encryption pair of rivest, shamir, adelman
Claim the private key used in Encryption Algorithm.In this way, after the first block chain node receives the transaction of encryption, it can be first using asymmetric
The private key of Encryption Algorithm is decrypted, and obtains the private key of symmetric encipherment algorithm, and then decrypted with the private key of symmetric encipherment algorithm
To plaintext transaction content.
For example, the private key of rivest, shamir, adelman can be sent to the firstth area by remote proving by Key Management server
The enclosure of block chain node, and the public key of rivest, shamir, adelman is sent to the client.Thus, the client can adopt
With symmetric cryptography mode encrypting plaintext transaction content, that is, the private key encryption plaintext transaction content of symmetric encipherment algorithm is used, is used in combination
The private key used in the public key encryption symmetric encipherment algorithm of rivest, shamir, adelman.In turn, the client can be by the friendship
Easily (obtained after being encrypted by the public key of rivest, shamir, adelman to the private key used in the symmetric encipherment algorithm with encryption key
To) it is sent to the first block chain node.It, can be first with non-right after first block chain node receives the transaction and encryption key
Claim the private key of Encryption Algorithm that the encryption key is decrypted to obtain the private key of symmetric encipherment algorithm, and then is calculated with the symmetric cryptography
The private key of method decrypts the transaction, obtains plaintext transaction content.Here cipher mode is commonly referred to as digital envelope encryption.
Step 404, the first block chain node executes the intelligent contract in credible performing environment.
In one embodiment, for creating intelligent contract, which may include the code of intelligent contract for the transaction.The
One block chain node is completed by the code of the contained intelligent contract of the execution transaction in credible performing environment to intelligent contract
Creation.
In one embodiment, for calling intelligent contract, which may include called intelligent contract for the transaction
Contract address.First block chain node is according to the contract address of the contained intelligent contract of transaction, to the generation of corresponding intelligent contract
Code is called.If called intelligent contract is plaintext contract, i.e. the code of the intelligence contract is stored in plaintext version
External memory space, the first block chain node, which can directly read in the plaintext code in credible performing environment, to be executed;Such as
The called intelligent contract of fruit is privacy contract, i.e. the code of the intelligence contract is stored in external memory space with ciphertext form,
First block chain node the ciphertext code can be decrypted according to the key pair saved in credible performing environment, and hold credible
The plaintext code obtained in row environment for decryption is executed.
Step 406, the first block chain node is encrypted when storing implementing result with key, and the key is by the block chain
Node is generated according to the security key being stored in the credible performing environment.
In one embodiment, the key can be security key, i.e., directly using security key as the key, with needle
Implementing result is encrypted.
In one embodiment, the key is generated by security key by preset algorithm, and not directly using safe close
Key encrypts implementing result.Especially, which can be related to the irreversible algorithm such as hash algorithm, in this way
Even if the key is broken or reveals, the safety of security key will not be influenced.
In one embodiment, the implementing result is related to multiple contract states, and each contract state can be by same described close
Key is encrypted.For example, the key can be by the block chain node according to the security key and at least one impact factor
And generate, and different used impact factors of trading are different, so that the data stored on the first block chain node use difference
The key of change is encrypted, and can be protected from smaller particle size to the data of the first block chain node storage, to obtain more
Excellent safeguard protection.Identical security key is all made of compared to the implementing result of All Activity to be encrypted, this specification
Above scheme increases used number of keys, even if so that also can only expose this after a certain key broken through by criminal
The encrypted data of one key still are able to guarantee other as long as the security key being located in credible performing environment is not stolen
Most data safety.
Meanwhile when criminal grasps a certain value and is A, the use of the ciphertext after secure key encryption is a, if all
The corresponding implementing result of intelligent contract is all made of security key and is encrypted, then other contract states for being a for ciphertext, no
Method molecule can deduce other contract states value be A, and if using differentiation in this specification key, can keep away
Exempt from criminal and speculate based on ciphertext value the plaintext value of contract state.
In one embodiment, the first block chain node can splice security key and at least one impact factor
Afterwards, Hash calculation carried out to concatenation information, and by a part of the cryptographic Hash being calculated or the cryptographic Hash (such as first 128
Or other parts) it is used as the key, it is encrypted with the plaintext implementing result for transaction, obtains corresponding ciphertext and execute knot
Fruit.
When generating above-mentioned key, quantity, the type of the impact factor of use are unrestricted.By selecting different influences
The secret protection of different stage may be implemented in combination between the factor or impact factor, to meet corresponding secret protection demand.
In one embodiment, impact factor may include: the contract address of the intelligent contract.When transaction is for creating intelligence
Can contract when, the first block chain node can execute intelligent contract by the code of the execution transaction intelligent contract for including
Creation operation, and determine the information of contract address corresponding to the intelligence contract, thus according to security key and the contract address
Information generate the key, encrypted by the intelligent contract that the key pair is created.When transaction is for calling intelligent conjunction
When about, the contract address for the intelligent contract that the first block chain node is called by acquisition, by the contract address and security key
It is generated as the key, is encrypted with the contract state that the intelligent contract being called by the key pair is related to.
Correspondingly, when user A initiates transaction R1, R2 relevant to intelligence and about S1, intelligent and about S2 respectively, the firstth area
For block chain node after executing intelligence and about S1 in response to transaction R1, the contract address using security key and intelligence and about S1 is raw
It is encrypted at corresponding key K1, and the first block chain node uses after executing intelligence and about S2 in response to transaction R2
Security key key K2 corresponding with the contract address generation of intelligence and about S2 is encrypted.So, even if key K1 is broken,
Using the data of key K2 encryption still in safe condition.Meanwhile even if the state value Z1 and transaction R2 that transaction R1 is related to is related to
And state value Z2 plaintext it is identical, but due to use differentiation key K1, K2 so that state value Z1 it is corresponding plus
It is not identical between data Z1m, the corresponding encrypted data Z2m of state value Z2 after close, thus encrypted data can not be passed through
The value of Z1m, Z2m carry out the value relationship between speculative status value Z1, Z2.Similarly, when the friendship that different user is initiated respectively
When easily corresponding to different intelligent contracts, also the key of available differentiation, specific situation can refer to above-mentioned example.
In one embodiment, impact factor may include: the account address of the contract founder of the intelligent contract.Work as conjunction
About founder submits a transaction when creating intelligent contract, to block chain, and the from field of the transaction is contract founder
Account address, to field be code empty, that data field includes intelligent contract, contract founder can be known from from field
Account address.In turn, the account address that can be recorded according to security key and from field generates the key, with for pair
The implementing result of the transaction of the intelligence contract is called to be encrypted.Although same contract founder can create multiple intelligence and close
About, but all users (or at least more than one user) can create intelligent contract on block chain, thus still at least
Key differentiation is realized between the intelligent contract for enabling to different user to create, and reduces the risk of leaking data.
Correspondingly, when user B initiates transaction R3, R4 relevant to intelligence and about S3, intelligent and about S4 respectively, the firstth area
Block chain node is after executing intelligence and about S3 in response to transaction R3, using the contract founder of security key and intelligence and about S3
Account address generate corresponding key K3 and encrypted, and the first block chain node is executing intelligent conjunction in response to transaction R4
After about S4, added using security key key K4 corresponding with the account address generation of contract founder of intelligence and about S4
It is close.So, even if key K3 is broken, using the data of key K4 encryption still in safe condition.Meanwhile even if transaction R3 is related to
And state value Z3 it is identical as the plaintext of state value Z4 that is related to of transaction R4, but the key K3 due to using differentiation,
K4, so that not phase between the corresponding encrypted data Z3m of state value Z3, the corresponding encrypted data Z4m of state value Z4
It together, thus can not be by the value of encrypted data Z3m, Z4m come the value relationship between speculative status value Z3, Z4.It is similar
Ground, when the transaction that different user is initiated respectively corresponds to the intelligent contract of different user creation, also available differentiation
Key, specific situation can refer to above-mentioned example.
In one embodiment, impact factor may include: the code cryptographic Hash of the intelligent contract.When different intelligence is closed
When about for realizing different functions, contained code also certainly exists more or less difference, so that code cryptographic Hash is completely not
Together;Even if if having, different user is write or even same user is in different moments for realizing the intelligent contract of identical function
It is write, contained code can also have at least part difference, so that code cryptographic Hash is entirely different.Therefore, it is based on code
The difference of cryptographic Hash enables different intelligent contract to correspond to entirely different key.So, contract address is used with above-mentioned
Embodiment it is similar, can be in the generation for trading corresponding intelligent contract when transaction is for creating or calling intelligent contract
When code cryptographic Hash difference, transaction implementing result is encrypted based on different keys.
Correspondingly, when user C initiates transaction R5, R6 relevant to intelligence and about S5, intelligent and about S6 respectively, the firstth area
Block chain node is after executing intelligence and about S5 in response to transaction R5, using the code cryptographic Hash of security key and intelligence and about S5
Corresponding key K5 is generated to be encrypted, and the first block chain node is adopted after executing intelligence and about S6 in response to transaction R6
It is encrypted with security key key K6 corresponding with the code cryptographic Hash generation of intelligence and about S6.So, even if key K5 quilt
It breaks through, using the data of key K6 encryption still in safe condition.Meanwhile even if trading the state value Z5 and transaction that R5 is related to
The plaintext for the state value Z6 that R6 is related to is identical, but key K5, K6 due to using differentiation, so that state value Z5 is corresponding
The corresponding encrypted data Z6m of encrypted data Z5m, state value Z6 between it is not identical, thus can not by encryption after
The value of data Z5m, Z6m carrys out the value relationship between speculative status value Z5, Z6.Similarly, when different user is initiated respectively
Transaction when corresponding to the different intelligent contracts of code, also the key of available differentiation, specific situation can refer to above-mentioned
Example.
In one embodiment, impact factor may include: the account address of the initiator of the transaction.When initiating direction the
When one block chain node initiates transaction, the from field of the transaction is the account address of initiator, i.e., the first block chain node can
To know the account address of initiator from the from field of transaction, to be used for key corresponding with security key generation.By adopting
Use the account address of the initiator of transaction as impact factor, even if so that different user is called same intelligent contract
When, the account address difference due to initiator is also used to the key of differentiation.Therefore, the account of the initiator based on transaction
The difference of address, even if so that identical intelligence contract can also correspond to entirely different key.
Correspondingly, when user D, user E initiate transaction R7, R8 relevant to intelligence and about S7 respectively, the first block chain
Node is corresponding with the generation of the account address of user D using security key after executing intelligence and about S7 in response to transaction R7
Key K7 is encrypted, and the first block chain node is being executed in response to transaction R8 intelligently and after about S7, using security key
Key K8 corresponding with the generation of the account address of user E is encrypted.So, even if key K7 is broken, added using key K8
Close data are still in safe condition.Meanwhile the even if state value that the state value Z7 and transaction R8 that transaction R7 is related to are related to
The plaintext of Z8 is identical, but key K7, K8 due to using differentiation, so that the corresponding encrypted data Z7m of state value Z7,
It is not identical between the corresponding encrypted data Z8m of state value Z8, thus the value of encrypted data Z7m, Z8m can not be passed through
Carry out the value relationship between speculative status value Z7, Z8.Similarly, when what different user was initiated respectively trades corresponding to different
When intelligent contract, also the key of available differentiation, specific situation can refer to above-mentioned example.
In one embodiment, the conjunction of contract address, the intelligent contract that shadow may include: the intelligent contract is influenced
About the account address of founder, the code cryptographic Hash of the intelligent contract, the transaction initiator account address between
Combination, for example simultaneously include any the two, simultaneously comprising any three, simultaneously comprising four etc..It is possible to by will be safe
Key and each influence shadow carry out after successively splicing, and generate the key.
For example, when influencing shadow includes contract address and code cryptographic Hash, unless same intelligent contract is called,
Even if otherwise the code of two intelligent contracts is identical, different keys can also be generated by the difference of contract address.
For another example when influencing shadow includes account address and the code cryptographic Hash of contract founder, unless to same intelligence
Energy contract is called, even if the multiple intelligent contracts otherwise created by same user, can also pass through the difference of code cryptographic Hash
It is different and generate different keys, even if the code cryptographic Hash phase of multiple intelligent contracts that is respectively created of multiple contract founders
Together, different keys can also be generated by the difference of the account address of contract founder.
In another example when impact factor include contract address, transaction initiator account address when, unless by same initiation
Policy is called same intelligent contract, even if being otherwise directed to different intelligent contracts by same initiator, or by difference
Initiator initiates to call for same intelligent contract, also can produce different keys.
In one embodiment, the implementing result is related to multiple contract states, and different contract states can be by different keys
It is encrypted.Different keys is respectively adopted by the contract state being related to for intelligent contract to be encrypted, so that privacy class
For Status Level, the key of differentiation can be used from the granularity of contract state, so that closing caused by even same transaction
About state can also be encrypted based on different keys.Identical safety is all made of compared to the implementing result of All Activity
Key is encrypted, and the above scheme of this specification increases used number of keys, even if so that a certain key is illegal
After molecule is broken through, the encrypted data of this key also can be only exposed, as long as the security key being located in credible performing environment is not
It is stolen, still is able to guarantee the safety of other most datas.And compared to such as transaction level or contract rank
Secret protection, i.e., different transaction or different contracts use identical key using different keys, same transaction or same contract,
Better secret protection effect may be implemented in the embodiment of this specification, even if different contract state plaintexts having the same take
Value, can also encrypt to obtain different ciphertext values based on different keys, so that criminal be effectively prevent to take based on ciphertext
Value speculates the plaintext value of contract state.
In one embodiment, it is assumed that intelligent contract is related to contract state X1~Xn, and total n contract state corresponds respectively to
Key K1~Kn.So, the corresponding key Ki of contract state Xi can be by the first block chain node according to being stored in described credible hold
The security key of row environment generates, 1≤i≤n at least one corresponding to the privately owned impact factor of contract state Xi.
It in one embodiment, include two classes: privately owned impact factor and public influence for the impact factor of the key of generation
The factor.Privately owned impact factor is only applicable to corresponding contract state, is not suitable for other contract states, such as contract state X1
Privately owned impact factor is not suitable for contract state X2~Xn.Public impact factor is suitable for all contract states simultaneously.
In one embodiment, the corresponding key Ki of contract state Xi can correspond to contract shape at least one by security key
The privately owned impact factor of state Xi and generate.For example, the first block chain node can to security key and at least one correspond to close
After the privately owned impact factor of about state Xi is spliced, Hash calculation, and the cryptographic Hash that will be calculated are carried out to concatenation information
Or a part (such as first 128 or other parts) of the cryptographic Hash is used as the key Ki, to be carried out for contract state Xi
Encryption.Since the privately owned impact factor of each contract state is different, it is ensured that accordingly generate corresponding key K1~Kn
When, each key is necessarily different, and each contract state X1~Xn is encrypted using different keys respectively.
Privately owned impact factor corresponding to contract state Xi may include: contract state Xi going out in the intelligent contract
Now sequence Pi.When the first block chain node executes the code of the intelligent contract, can be successively read in the intelligence contract code
The each contract state for including, can be by the corresponding appearance sequence P1~Pn of each contract state, as contract state X1~Xn
One of corresponding privately owned impact factor.For example, when occurring for contract state X3 first, the privately owned shadow of contract state X3
Ringing the factor may include appearance sequence P3=1, and when occurring for contract state X100 the 88th, contract state X100's is privately owned
Impact factor may include appearance sequence P100=88.Since different contract states always occurs in a different order, thus
It may insure that the corresponding appearance sequence P1~Pn of each contract state is inevitable different.
Privately owned impact factor corresponding to contract state Xi may include: the count value Qi corresponding to the appearance sequence.
For the appearance sequence of contract state, the first block chain node can not directly use appearance sequence, but use and correspond to
The now count value Qi of sequence, as privately owned impact factor.If started counting from 1, the counting interval 1 every time, count
Value Qi can be identical with the value of appearance sequence Pi;And if do not started counting from 1 or the counting interval is not 1, count
Numerical value Qi is not identical as the value of appearance sequence Pi, but maintains a preset numerical relation, such as when starting counting, count from a
Several when being divided into b, which is Qi=a+b × (Pi-1).Since different contract states always goes out in a different order
It is existing, thus based on above-mentioned numerical relation, it can be ensured that the corresponding count value Q1~Qn of each contract state is inevitable different.
Privately owned impact factor corresponding to contract state Xi may include: random number Si of the distribution to contract state Xi.The
One block chain node directly can distribute random number S1~Sn to each contract state X1~Xn, as long as ensuring each contract state
Corresponding random number does not repeat.Meanwhile by using random number Si, even if so that different transaction is to same intelligent contract
When being called, different random numbers may be distributed for the same contract state in the intelligence contract, thus to different friendships
Contract state caused by easily uses the key of differentiation, can further enhance Information Security.
Certainly, corresponding to the privately owned impact factor of contract state Xi there may be multiple such as above-mentioned appearance sequence Pi,
Combination between the privately owned impact factor of any two between count value Qi, random number Si or more.Based on greater number of private
Have an impact the factor, can be true by other privately owned impact factors when the privately owned impact factor in part is revealed for some reason
Protecting corresponding private key will not be calculated or deduce.
In one embodiment on the basis of above-mentioned privately owned impact factor, the generation of key can also be with public impact factor
It is related.For example, the first block chain node can to security key, at least one correspond to contract state Xi privately owned impact factor
After being spliced at least one public impact factor, Hash calculation, and the cryptographic Hash that will be calculated are carried out to concatenation information
Or a part (such as first 128 or other parts) of the cryptographic Hash is used as the key Ki, to be carried out for contract state Xi
Encryption.
Wherein, since the privately owned impact factor of each contract state is different, it is ensured that accordingly generate corresponding close
When key K1~Kn, each key is necessarily different, and each contract state X1~Xn is allowed to use different keys respectively
It is encrypted.And by adding public impact factor, the secret protection of other granularities or level may be implemented.
The corresponding key Ki of contract state Xi can also be highly relevant with history block.For example, the history block height can
With are as follows: block height of the first block chain node when receiving above-mentioned transaction, in block chain account book.Due to the history block height
It is related to above-mentioned transaction, thus key can be distinguished in transaction granularity.For example, ought initiate respectively and intelligence and about S1
When relevant transaction R1, R2, due to having invoked the same intelligence and about S1, so that the corresponding privately owned influence of identical contract state
The factor is possible identical (being typically different if using random number), and for example trade R1, R2 all refer to contract state Y1~Yn.Such as
Fruit generates key according only to security key and privately owned impact factor, can make between the corresponding contract state Y1~Yn of R1 using not
With the corresponding contract state of key K1_1~K1_n, R2 between use different key K2_1~K2_n, but identical contract
State may correspond to identical key, such as K1_i=K2_i in different transaction.But since different transaction R1, R2 exist
Different moments are submitted, and different history block height is likely corresponded to, thus by being included in history block height to key
Calculating process, i.e., it is close to generate according to security key, privately owned impact factor and public impact factor (such as history block height)
Key can make identical contract state correspond to different keys, i.e. K1_i ≠ K2_i in different transaction.
Similar with history block height, public impact factor can also include: the block of block locating for the transaction
Highly, position offset etc. of the transaction in locating block.These public impact factors can produce in " transaction " granularity
Raw influence, so that same intelligent contract (same contract address or contract address difference, code Hash are being called in different transaction
It is worth identical) when, the contract state of the intelligence contract corresponds to different keys in different transaction.
And other public impact factors, the influence of other granularities can also be generated.
For example public impact factor may include: the contract address of the intelligent contract, so that different transaction (same initiations
Side or different initiators) when being called to the intelligent contract of same contract address, same contract state corresponds to identical close
Key, and difference is traded when being called to the intelligent contract of different contract addresses, (different contract addresses are usual for same contract state
It is different that there are at least part contract states) correspond to different keys.
Public impact factor may include: the code cryptographic Hash of the intelligent contract for another example, so that different transaction are (same
Initiator or different initiator) when being called, same contract state corresponds to phase for identical to code cryptographic Hash intelligent contract
With key, and when the different intelligent contract different to code cryptographic Hash of trading is called, same contract state (code Hash
When being worth different, it is different usually to there is at least part contract state) correspond to different keys.
For another example public impact factor may include: the account address of the contract founder of the intelligent contract, so that not
It is adjusted with transaction (same initiator or different initiators) multiple intelligent contracts identical to code respectively but different founder
Used time, it can be ensured that same contract state corresponds to different keys.
For another example public impact factor may include: the account address of the initiator of the transaction, so that same user's needle
When initiating to call to same intelligent contract, same contract state corresponds to identical key, and different user be directed to respectively it is same
When intelligent contract initiates to call, same contract state corresponds to different keys.
Certainly, there may be blocks locating for multiple such as above-mentioned history block height, the transaction for public impact factor
Block height, the position offset of the transaction in locating block, the contract address of the intelligent contract, the intelligence closes
Code cryptographic Hash about, the account address of the contract founder of the intelligent contract, the transaction initiator account address
Between the public impact factor of any two or more between combination.Based on greater number of public impact factor, Ke Yi
When the public impact factor in part is revealed for some reason, ensure that corresponding private key will not be by by other public impact factors
It calculates or deduces, can also realize the secret protection of corresponding granularity.
Step 408, when the first block chain node carries out version updating to the security key, by the security key of lowest version
It is updated to the security key of highest version, wherein the security key of lowest version is irreversibly calculated by the security key of highest version
It arrives.
In one embodiment, a security key can have been only maintained in credible performing environment, then the first block chain node
The security key can be used when being encrypted for key.For example, the security key can be the key of symmetric cryptography, such as
It is seal (Simple Encrypted Arithmetic Library) key.The seal key, such as can be by remote
The first block chain node is sent to by Key Management server after journey proof, then for example can be each node in block chain
Negotiate to obtain between (such as the first block chain node and other block chain nodes).The security key can be stored in the firstth area
In the enclosure of block chain node.First block chain node may include multiple enclosures, and above-mentioned security key can be passed into these
Safe enclosure in enclosure;For example, the safe enclosure can be QE enclosure, rather than AE enclosure.
In one embodiment, the security key of several versions, and the peace of lowest version can be safeguarded in credible performing environment
Full key is irreversibly calculated by the security key of highest version.Such as shown in Fig. 6, can using above-mentioned seal key as
The root key of highest version, and sequentially generate based on the seal key key of other lowest versions, for example, version number be respectively 0~
The key of 255 256 versions.Wherein, by by seal key, (metric value is 255, that is, is needed with version factor 0xFF
The version number for the key to be generated;It is of course also possible to use other values) carry out Hash calculation, obtain version number be 255 it is close
Key key-255;By the way that key key-255 and version factor 0xFE is carried out Hash calculation, the key that version number is 254 is obtained
key-254;... by the way that key key-1 and version factor 0x00 is carried out Hash calculation, obtain the key key- that version number is 0
0.Due to the characteristic of hash algorithm, so that the calculating between highest version key and lowest version key is irreversible, such as can be by close
Key key-0 is calculated in key key-1 and version factor 0x00, but can not pass through key key-0 and version factor 0x00
It is anti-to release key key-1.
So, the version of security key used by each block chain node in block chain network can be negotiated.For example,
All block chain node agreements use the security key of identical a certain version, so that all block chain links are pressed according to identical side
Formula generates the corresponding key, it is ensured that the ciphertext implementing result that same transaction stores after executing is identical, to smoothly complete altogether
Know.
And in order to show each contract state key for using in encryption, the first block chain node can will be encrypted
The generating mode description information of contract state and corresponding secret key is associated storage.The generating mode description information of key Ki can be with
It include: the version information of the security key and the value of the impact factor corresponding to contract state Xi.Such as shown in Fig. 7, the
The version information of security key can be written in Info field, impact factor is written in Nounce field for one block chain node
Value, be written encrypted contract state in Cipher field, and Tag field is for verifying the complete of Cipher field
Property.
The length of Info field can be 4Bytes, and wherein 2Bytes is for being written key version number, remaining 2Bytes
For reserve bytes.The length of Nounce field can be 12Bytes, wherein 4Bytes for be written history block height,
4Bytes for position offset, the 4Bytes of transaction within a block to be written is used to that count value to be written.The length of Cipher field
It can be 32Bytes.The length of Tag field can be 16Bytes.It is, of course, also possible to using other field lengths, field groups
Conjunction mode etc., this specification is limited not to this.Wherein, the first block chain node can also be to the generating mode of key Ki
Description information is encrypted.For example, can be encrypted using the minimum key-0 of above-mentioned version, criminal is avoided to pass through all
As count value deduces corresponding contract state.
So, when the first block chain node needs the contract state using all structures as shown in Figure 7, the processing of use is grasped
Work includes: to index value according to key, and the structure of the value is as shown in Figure 7;Using key key-0 to Info and Nounce
Field is decrypted, and determines the information such as key version number, history block height, offset, count value, generates corresponding close
Key, and be decrypted by the content of key pair Cipher field, it can also be by Tag field come verification of data integrity
If (Tag is to be verified based on generating in plain text to the data after decryption;If Tag is generated based on ciphertext, to solution
Data before close are verified).
If for a long time security risk may be will increase, therefore in block chain network using the security key of a certain version
Each block chain node between can be according to the rule or interim settlement pre-established, periodically or the update institute of triggering property
The version of the security key used.
As described above, since the key of highest version can be calculated the security key of lowest version, and the peace of lowest version
Full key counter can not raise the security key of version, therefore each block chain node can make since the security key of lowest version
With, and only allow to be updated from the security key of lowest version to the security key of highest version, so on the one hand in lowest version
Security key lose after, due to highest version security key can not by lowest version security key it is counter push away, then only needing pair
Key carries out edition upgrading, can stop loss in time, on the other hand can calculate lowest version at any time by the security key of highest version
Security key, thus can to previously using lowest version security key encryption data realize compatibility.
First block chain node can use the processor instruction increased newly in CPU, can distribute a part of area in memory
Domain EPC carries out encryption to above-mentioned plaintext code by the crypto engine MEE in CPU and is stored in the EPC.It is encrypted in EPC
Content is decrypted into plain text after entering CPU.In CPU, operation is carried out to the code of the plaintext, completes implementation procedure.
In SGX technology, the code of the intelligent contract is executed, EVM can be loaded into the enclosure.In remote proving
In the process, the Key Management server can calculate the hash value of local EVM code, and with loaded in the first block chain node
The hash value of EVM code compare, comparison result is correctly as by a necessary condition of remote proving, so that completion is to the
The measurement of the code of one block chain node SGX enclosure load.Through excess vol, correct EVM can execute the intelligence in SGX
Contract code.
After EVM is finished to the code of intelligent contract, the value of contract state can be exported, and the first block chain node
Contract state can be stored using key-value pair (key-value) structure, for example value corresponds to taking for contract state
Value, key are for being indexed value.In the related art, often only value is encrypted, and not to key
It is encrypted, and EVM is too simple to the output of key, for example key value is equal to corresponding contract state going out in intelligent contract
Occurrence sequence, i.e., the corresponding key value of the contract state of first output is that the key value of the contract state of 0, second output is 1, with this
Analogize.Therefore, it when being stored using the key value of plaintext, is easy to be speculated by criminal according to the value rule of key value
Contract state representated by the corresponding value of each key value out, and in turn contract is inferred or guessed by comparing the modes such as ciphertext
(whether value such as between the numerical value of contract state, multiple contract states identical, between multiple contract states for the value of state
Value size relation etc.), it be easy to cause privacy leakage.
Therefore, corresponding not only for contract state in this specification when storing contract state by key-value pair structure
Value is encrypted, and is encrypted also directed to corresponding key, so that criminal can not be inferred to by encrypted key value
Contract state representated by corresponding value, helps to ensure that data safety.
In one embodiment, the security key safeguarded in the first available credible performing environment of block chain node, and lead to
Symmetric cryptography mode or asymmetric encryption mode key corresponding to contract state is crossed to encrypt.For example, when security key is pair
When claiming the private key of Encryption Algorithm, it can be encrypted by the private key key corresponding to contract state of the symmetric encipherment algorithm, and
It is subsequent to be equally decrypted by the private key of the symmetric encipherment algorithm.For another example when security key is rivest, shamir, adelman
When public key, it can be encrypted by the public key key corresponding to contract state of the rivest, shamir, adelman, and subsequently through this
The private key of rivest, shamir, adelman is decrypted.
In one embodiment, first state block chain node can by the corresponding key of contract state and the security key into
After row splicing, Hash calculation is carried out to splicing data, using the cryptographic Hash being calculated as encrypted key.For example it can lead to
It crosses other hash algorithms such as SHA256 and implements above-mentioned Hash calculation.
In one embodiment, the first block chain node can be corresponding to contract state by the security key of minimum version
Key is encrypted.It, can be using key key-0 to contract shape such as key key-0~key key-255 shown in fig. 6
The corresponding key of state is encrypted, even if the first block chain node is lost key key-0 in this way, but only needs to be grasped other
The key for version of anticipating, can derive and calculate key key-0.Certainly, the first block chain node can also pass through other versions
The corresponding key of key pair contract state encrypted, this specification is limited not to this.
In one embodiment, it when being encrypted to contract state, the corresponding key of contract state, can use identical close
Key.
In one embodiment, it when in credible performing environment including the key of above-mentioned several versions, can be respectively adopted not
Key pair contract state together, the corresponding key of contract state are encrypted.In fact, the data safety due to contract state needs
Ask relatively higher, therefore can be encrypted using the relatively higher key pair contract state of security level, and use safety etc.
The corresponding key of the relatively lower key pair contract state of grade is encrypted;What is used when for example, encrypting to contract state is close
Key version can be higher than the key version that key corresponding to contract state is encrypted, even if the corresponding key of contract state in this way
It is broken, counter can not also release the key of more highest version, it is ensured that contract state is in a safe condition.
When intelligent contract is called in the transaction that first block chain link point receives, which can be related to many contract shapes
State.Key-value pair structure corresponding for each contract state:, can be using unification for lower security protection demand
" key " in each key-value pair structure of key pair is encrypted, for example is used uniformly above-mentioned key key-0;And for each conjunction
About state, " value " i.e. in key-value pair structure may be due to encryptions although can be encrypted using identical key
Linkage variation between data afterwards, exposes the information such as numerical value change situation, the numerical associations of contract state.
Therefore, for each contract state involved in intelligent contract, different keys can be respectively adopted and encrypted.
In one embodiment, different contract states can be encrypted using the key of different editions respectively.Work as intelligence
It, can be in this way in the case that contract state involved in energy contract is less, key version is sufficient;But if intelligence
Contract state is more, has exceeded the quantity of key version involved in energy contract, may cause and needs between the contract state of part
The key of same version is shared, or needs the interim key for generating more multi version.
In one embodiment, different contract states can use the key of same version, but can add other shadows
The factor is rung, so that the practical key used of each contract state is generated by the key of a certain version with impact factor jointly, it is ensured that
Each contract state is encrypted using different keys, and does not have extra demand to the quantity of key version.If about root
Key is generated according to security key and impact factor, is had been described in above, details are not described herein again.
In general, the contract state can change after CPU executes the plaintext code.Contract state is stored in area
Block chain is that database, such as local database is written in the contract state from the angle of block chain node.The database,
It is generally stored among storage medium, more common is persistent storage medium.The persistent storage medium, can be magnetic
Disk, floppy disk are also possible to the memory etc that can restore data after being powered so as to persistent storage.
The operation that database is written, if being indicated with code, such as setstorage (key, ENC (value, secret_
key)).In setstorage (key, ENC (value, secret_key)), key (key) can be with traditional key writing mode phase
Together.As for the write-in of value, Intel SGX technology can be used, ENC indicates that enclave, secret_key indicate to use SGX
The key used when database is written in technology, the corresponding private key of difference contract state is also different in the present specification.
In one embodiment, the first block chain node exports the contract state pair from the credible performing environment
The encrypted key-value pair data answered, and by executing store function code except the credible performing environment, it will be described
Encrypted key-value pair data is stored to the external memory space except the credible performing environment.
First block chain node is by running the code for realizing a certain function, to realize the function.Therefore, for needing
The function to realize in credible performing environment also needs to execute correlative code.And for being executed in credible performing environment
Code, need to meet the related specifications and requirement of credible performing environment;Accordingly in the related technology for realizing a certain
The code of function needs the specification and requirement in conjunction with credible performing environment to re-start written in code, and there is only relatively bigger
Exploitation amount, and be easy during rewriting generate loophole (bug), influence function realization reliability and stability.
Therefore, the first block chain node is by carrying out encryption storage to implementing result, and only passes through credible performing environment
It is decrypted, it can be ensured that encrypted implementing result safe enough itself.On this basis, the first block chain node passes through
Store function code is executed except the credible performing environment, and encrypted implementing result is stored to the credible execution ring
External memory space except border allows the store function code to be in the related technology for realizing the generation of store function
Code does not need to re-start written in code in conjunction with the specification and requirement of credible performing environment, can be directed to the encrypted execution
As a result it realizes safe and reliable storage, not only can reduce opening for correlative code on the basis of not influencing safe and reliable degree
Hair amount, and can be reduced by reducing the correlative code of credible performing environment TCB (Trusted Computing Base,
Trusted computing base) so that during TEE technology and block chain technology are combined, it is additional caused by security risk be in can
Control range.
In one embodiment, the first block chain node can execute write buffer function code in credible performing environment, with
The implementing result of the corresponding plaintext of contract state is stored in the write buffer in the credible performing environment, for example the write buffer can
To correspond to " caching " as shown in Figure 5.Further, the first block chain node by after the data encryption in the write buffer from
The credible performing environment output, to store to the external memory space.Wherein, the write buffer function code can be with bright
Literary form is stored in the credible performing environment, and the caching function of the plaintext version can be directly executed in credible performing environment
It can code;Or, the write buffer function code can be stored in except the credible performing environment with ciphertext form, for example store
It, can be by the write buffer function generation of the ciphertext form in above-mentioned external memory space (such as " memory space " shown in fig. 5)
Code reads in credible performing environment, is decrypted in credible performing environment as plaintext code, and executes the plaintext code.
Write buffer refers to when writing data into external memory space, in order to avoid causing " the punching to external memory space
Hit " and " buffering " mechanism of offer.For example, can realize above-mentioned write buffer using buffer;Certainly, write buffer can also adopt
It is realized with cache, this specification is limited not to this.In fact, due to the safety collar that credible performing environment is isolation
Border, and external memory space is located at except credible performing environment, so that by using write buffer mechanism, it can be to the number in caching
External memory space is written according to batch is carried out, so that the interaction times between credible performing environment and external memory space are reduced,
Promote data storage efficiency.Meanwhile credible performing environment is during constantly executing each intelligent contract, it may be necessary to transfer
Generated data (such as value of contract state) can be directly from writing if the data that need to be called are located exactly in write buffer
It reads the data in caching, on the one hand can reduce the interaction between external memory space in this way, on the other hand eliminate pair
From the decrypting process of external memory space data streams read, to be lifted at the data-handling efficiency in credible performing environment.
It is of course also possible to write buffer is built on except credible performing environment, for example the first block chain node can be can
Believe and execute write buffer function code except performing environment, so that ciphertext contract state is stored in writing outside the credible performing environment
In caching, and further the data in the write buffer are stored to the external memory space.
In one embodiment, the inquiry request that the first block chain node can be initiated according to client, to the key assignments of plaintext
It is exported to after data encryption from credible performing environment, to be back to the client.
For example, the first block chain node can read ciphertext contract state from the external memory space, it will be described close
Literary contract state decryption is the reading credible performing environment, then to the plaintext contract shape after the plaintext contract state
It is exported after state encryption from credible performing environment, such as encrypted to client return by transaction/query interface shown in fig. 5
Plaintext contract state.
For another example the first block chain node can read the plaintext contract shape from the read buffer in credible performing environment
State, and exported to after plaintext contract state encryption from credible performing environment;Wherein, the plaintext contract state is by the firstth area
Block chain node executes read buffer function code in credible performing environment in advance, reads from the external memory space described close
Literary contract state decrypts the ciphertext contract state to read in the credible performing environment simultaneously after the plaintext contract state
It is stored in the read buffer.In other words, the first block chain node reads the ciphertext contract shape from the external memory space
State decrypts the ciphertext contract state for after the plaintext contract state, can be by executing reading in credible performing environment
The plaintext contract state is stored in the read buffer in credible performing environment by caching function code, for example the read buffer can be right
It should be in " caching " shown in fig. 5;Further, the inquiry request initiated for client, or exist for credible performing environment
Data required when intelligent contract are executed, reading data can be preferentially carried out from the read buffer, if it can read related data
Without being read from external memory space, to reduce and the interaction times of external memory space, release data decrypting process.
Read buffer refers to after data are read in credible performing environment from external memory space, in order to reduce and external storage
The data read can be stored in the read buffer space in credible performing environment by the interaction times in space with plaintext version
It is interior.For example, can realize above-mentioned read buffer using cache;Certainly, read buffer can also be realized using buffer, this theory
Bright book is limited not to this.
First block chain node can support above-mentioned read buffer mechanism and write buffer mechanism simultaneously.And with caching technology
Continuous development, same caching can be applied not only to realize reading data or data write-in, it might even be possible to while support data
Read-write operation, so that the boundary line between read buffer and write buffer is not sometimes very clear, thus only with " caching " progress in Fig. 5
Signal, and its concrete type is not distinguished specifically, it can be configured and be adjusted according to actual needs.
The node embodiment that secret protection is realized in a kind of block chain of this specification is introduced below in conjunction with Fig. 8, comprising:
Determination unit 801, for determining the corresponding intelligent contract of transaction received;
Execution unit 802, for executing the intelligent contract in credible performing environment;
Storage unit 803, for storing implementing result;
Encryption unit 804, for being encrypted when storing implementing result with key, the key is by the block chain node root
It is generated according to the security key being stored in the credible performing environment;
Updating unit 805, for the security key carry out version updating when, be by the security key update of lowest version
The security key of highest version, wherein the security key of lowest version is irreversibly calculated by the security key of highest version.For
It is encrypted when storing the contract state that the intelligent contract is related to key, and different contract states correspond to different keys.
Optionally, the security key of highest version includes seal key, the security key of other versions directly or indirectly by
The seal key is irreversibly calculated.
Optionally,
The seal key the first block chain node SGX by remote proving after sent by Key Management server;
Or,
The seal key between the first block chain node and other block chain nodes by negotiating to obtain.
Optionally, the security key is stored in the enclosure of the first block chain node.
Optionally, there are several enclosures, the security key to be stored in safe enclosure for the first block chain node.
Optionally, the safe enclosure includes QE enclosure.
Optionally, the implementing result is related to multiple contract states, and each contract state is added by the same key
It is close.
Optionally, the key is given birth to by the block chain node according to the security key and at least one impact factor
At.
Optionally, the impact factor includes at least one of: the contract address of the intelligence contract, the intelligence are closed
Code cryptographic Hash about, the account address of the contract founder of the intelligent contract, the transaction initiator account address.
Optionally, the implementing result is related to multiple contract states, and different contract states are encrypted by different keys.
Optionally, the implementing result is related to contract state X1~Xn, corresponds respectively to key K1~Kn;Wherein, contract
The corresponding key Ki of state Xi corresponds to contract state Xi at least one according to the security key by the block chain node
Impact factor and generate, 1≤i≤n.
Optionally, the impact factor includes at least one following privately owned impact factor: contract state Xi is in the intelligence
Can appearance sequence Pi in contract, corresponding to the count value Qi of the appearance sequence, the random number Si of distribution to contract state Xi.
Optionally, the impact factor includes at least one following public impact factor: history block height, the friendship
Position offset in locating block of the block height of easily locating block, the transaction, the intelligent contract contract address,
The code cryptographic Hash of the intelligence contract, the account address of the contract founder of the intelligent contract, the transaction initiator
Account address.
Optionally, the block chain node by the generating mode description information of encrypted contract state and corresponding secret key into
Row associated storage.
Optionally, the generating mode description information of key Ki include: the security key version information and correspond to close
The about value of the impact factor of state Xi.
Optionally, when the block chain node stores the contract state that the implementing result is related to using key-value pair structure,
Contract state and corresponding key are encrypted respectively.
Optionally, encryption unit 804 is specifically used for:
The block chain node obtains the security key safeguarded in credible performing environment, and passes through symmetric cryptography mode or non-
Symmetric cryptography mode encrypts the corresponding key of contract state;Or,
After the block chain node is spliced the corresponding key of contract state and the security key, to splicing data into
Row Hash calculation, using the cryptographic Hash being calculated as encrypted key.
Optionally, the block chain node adds the corresponding key of contract state by the security key of minimum version
It is close.
Optionally, storage unit 803 is specifically used for: the block chain node except the credible performing environment by holding
Row store function code stores encrypted implementing result to the external memory space except the credible performing environment.
In the 1990s, the improvement of a technology can be distinguished clearly be on hardware improvement (for example,
Improvement to circuit structures such as diode, transistor, switches) or software on improvement (improvement for method flow).So
And with the development of technology, the improvement of current many method flows can be considered as directly improving for hardware circuit.
Designer nearly all obtains corresponding hardware circuit by the way that improved method flow to be programmed into hardware circuit.Cause
This, it cannot be said that the improvement of a method flow cannot be realized with hardware entities module.For example, programmable logic device
(Programmable Logic Device, PLD) (such as field programmable gate array (Field Programmable Gate
Array, FPGA)) it is exactly such a integrated circuit, logic function determines device programming by user.By designer
Voluntarily programming comes a digital display circuit " integrated " on a piece of PLD, designs and makes without asking chip maker
Dedicated IC chip.Moreover, nowadays, substitution manually makes IC chip, this programming is also used instead mostly " is patrolled
Volume compiler (logic compiler) " software realizes that software compiler used is similar when it writes with program development,
And the source code before compiling also write by handy specific programming language, this is referred to as hardware description language
(Hardware Description Language, HDL), and HDL is also not only a kind of, but there are many kind, such as ABEL
(Advanced Boolean Expression Language)、AHDL(Altera Hardware Description
Language)、Confluence、CUPL(Cornell University Programming Language)、HDCal、JHDL
(Java Hardware Description Language)、Lava、Lola、MyHDL、PALASM、RHDL(Ruby
Hardware Description Language) etc., VHDL (Very-High-Speed is most generally used at present
Integrated Circuit Hardware Description Language) and Verilog.Those skilled in the art also answer
This understands, it is only necessary to method flow slightly programming in logic and is programmed into integrated circuit with above-mentioned several hardware description languages,
The hardware circuit for realizing the logical method process can be readily available.
Controller can be implemented in any suitable manner, for example, controller can take such as microprocessor or processing
The computer for the computer readable program code (such as software or firmware) that device and storage can be executed by (micro-) processor can
Read medium, logic gate, switch, specific integrated circuit (Application Specific Integrated Circuit,
ASIC), the form of programmable logic controller (PLC) and insertion microcontroller, the example of controller includes but is not limited to following microcontroller
Device: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicone Labs C8051F320 are deposited
Memory controller is also implemented as a part of the control logic of memory.It is also known in the art that in addition to
Pure computer readable program code mode is realized other than controller, can be made completely by the way that method and step is carried out programming in logic
Controller is obtained to come in fact in the form of logic gate, switch, specific integrated circuit, programmable logic controller (PLC) and insertion microcontroller etc.
Existing identical function.Therefore this controller is considered a kind of hardware component, and to including for realizing various in it
The device of function can also be considered as the structure in hardware component.Or even, it can will be regarded for realizing the device of various functions
For either the software module of implementation method can be the structure in hardware component again.
System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity,
Or it is realized by the product with certain function.It is a kind of typically to realize that equipment is computer.Specifically, computer for example may be used
Think personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media play
It is any in device, navigation equipment, electronic mail equipment, game console, tablet computer, wearable device or these equipment
The combination of equipment.
For convenience of description, it is divided into various units when description apparatus above with function to describe respectively.Certainly, implementing this
The function of each unit can be realized in the same or multiple software and or hardware when specification.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention
Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more,
The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces
The form of product.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
This specification can describe in the general context of computer-executable instructions executed by a computer, such as journey
Sequence module.Generally, program module include routines performing specific tasks or implementing specific abstract data types, programs, objects,
Component, data structure etc..This specification can also be practiced in a distributed computing environment, in these distributed computing environment
In, by executing task by the connected remote processing devices of communication network.In a distributed computing environment, program module
It can be located in the local and remote computer storage media including storage equipment.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.In a typical configuration, computer includes at one or more
Manage device (CPU), input/output interface, network interface and memory.
Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/or
The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium
Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves
State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable
Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM),
Digital versatile disc (DVD) or other optical storage, magnetic cassettes, disk storage, quantum memory, based on graphene
Storage medium or other magnetic storage devices or any other non-transmission medium, can be used for storing can be accessed by a computing device
Information.As defined in this article, computer-readable medium does not include temporary computer readable media (transitory media),
Such as the data-signal and carrier wave of modulation.
It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludability
It include so that the process, method, commodity or the equipment that include a series of elements not only include those elements, but also to wrap
Include other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic want
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including described want
There is also other identical elements in the process, method of element, commodity or equipment.
It is above-mentioned that this specification specific embodiment is described.Other embodiments are in the scope of the appended claims
It is interior.In some cases, the movement recorded in detail in the claims or step can be come according to the sequence being different from embodiment
It executes and desired result still may be implemented.In addition, process depicted in the drawing not necessarily require show it is specific suitable
Sequence or consecutive order are just able to achieve desired result.In some embodiments, multitasking and parallel processing be also can
With or may be advantageous.
The term that this specification one or more embodiment uses be only merely for for the purpose of describing particular embodiments, and
It is not intended to be limiting this specification one or more embodiment.In this specification one or more embodiment and the appended claims
Used in the "an" of singular, " described " and "the" be also intended to including most forms, unless context understands earth's surface
Show other meanings.It is also understood that term "and/or" used herein refers to and includes one or more associated list
Any or all of project may combine.
It will be appreciated that though this specification one or more embodiment may using term first, second, third, etc. come
Various information are described, but these information should not necessarily be limited by these terms.These terms are only used to same type of information area each other
It separates.For example, the first information can also be referred to as in the case where not departing from this specification one or more scope of embodiments
Two information, similarly, the second information can also be referred to as the first information.Depending on context, word as used in this is " such as
Fruit " can be construed to " ... when " or " when ... " or " in response to determination ".
The foregoing is merely the preferred embodiments of this specification one or more embodiment, not to limit this theory
Bright book one or more embodiment, all within the spirit and principle of this specification one or more embodiment, that is done is any
Modification, equivalent replacement, improvement etc. should be included within the scope of the protection of this specification one or more embodiment.
Claims (21)
1. a kind of method of security update key in block chain, comprising:
Block chain node determines the corresponding intelligent contract of the transaction received;
The block chain node executes the intelligent contract in credible performing environment;
The block chain node is encrypted when storing implementing result with key, and the key is by the block chain node according to preservation
Security key in the credible performing environment and generate;
It is highest version by the security key update of lowest version when the block chain node carries out version updating to the security key
Security key, wherein the security key of lowest version is irreversibly calculated by the security key of highest version.
2. the safety of other versions is close according to the method described in claim 1, the security key of highest version includes seal key
Key is directly or indirectly irreversibly calculated by the seal key.
3. according to the method described in claim 2,
The seal key the first block chain node SGX by remote proving after sent by Key Management server;Or,
The seal key between the first block chain node and other block chain nodes by negotiating to obtain.
4. according to the method described in claim 1, the security key is stored in the enclosure of the first block chain node.
5. according to the method described in claim 4, there are several enclosures, the security key storages for the first block chain node
In safe enclosure.
6. according to the method described in claim 5, the safe enclosure includes QE enclosure.
7. each contract state is by same according to the method described in claim 1, the implementing result is related to multiple contract states
The key is encrypted.
8. according to the method described in claim 7, the key by the block chain node according to the security key and at least
One impact factor and generate.
9. according to the method described in claim 8, the impact factor includes at least one of: the contract of the intelligence contract
Address, the code cryptographic Hash of the intelligent contract, the account address of the contract founder of the intelligent contract, the transaction hair
Play the account address of side.
10. different contract states are not by according to the method described in claim 1, the implementing result is related to multiple contract states
Same key is encrypted.
11. corresponding respectively to key according to the method described in claim 10, the implementing result is related to contract state X1~Xn
K1~Kn;Wherein, the corresponding key Ki of contract state Xi is by the block chain node according to the security key and at least one
Corresponding to contract state Xi impact factor and generate, 1≤i≤n.
12. according to the method for claim 11, the impact factor includes at least one following privately owned impact factor: being closed
Appearance sequence Pi, count value Qi corresponding to the appearance sequence, distribution to contract of the about state Xi in the intelligent contract
The random number Si of state Xi.
13. according to the method for claim 11, the impact factor includes at least one following public impact factor: being gone through
The block height of block locating for history block height, the transaction, the position offset traded in locating block, the intelligence
Can the contract address of contract, the code cryptographic Hash of the intelligent contract, the intelligent contract contract founder account address,
The account address of the initiator of the transaction.
14. according to the method for claim 11, further includes:
The generating mode description information of encrypted contract state and corresponding secret key is associated storage by the block chain node.
15. according to the method for claim 14, the generating mode description information of key Ki includes: the version of the security key
The value of this information and the impact factor corresponding to contract state Xi.
16. being related to according to the method described in claim 1, the block chain node stores the implementing result using key-value pair structure
And contract state when, contract state and corresponding key are encrypted respectively.
17. according to the method for claim 16, the block chain node pairing about corresponding key of state is encrypted, wrap
It includes:
The block chain node obtains the security key safeguarded in credible performing environment, and passes through symmetric cryptography mode or asymmetric
Cipher mode encrypts the corresponding key of contract state;Or,
After the block chain node is spliced the corresponding key of contract state and the security key, splicing data are breathed out
It is uncommon to calculate, using the cryptographic Hash being calculated as encrypted key.
18. according to the method for claim 17, the block chain node is by the security key of minimum version to contract shape
The corresponding key of state is encrypted.
19. according to the method described in claim 1, the block chain node is encrypted when storing implementing result with key, comprising:
The block chain node executes knot for encrypted by executing store function code except the credible performing environment
Fruit stores to the external memory space except the credible performing environment.
20. the node of security update key in a kind of block chain, comprising:
Determination unit, for determining the corresponding intelligent contract of transaction received;
Execution unit, for executing the intelligent contract in credible performing environment;
Storage unit, for storing implementing result;
Encryption unit, for being encrypted when storing implementing result with key, the key is by the block chain node according to preservation
Security key in the credible performing environment and generate;
The security key update of lowest version is highest version when for carrying out version updating to the security key by updating unit
Security key, wherein the security key of lowest version is irreversibly calculated by the security key of highest version.
21. a kind of computer readable storage medium, is stored thereon with computer instruction, realized such as when which is executed by processor
The step of any one of claim 1-19 the method.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010394207.7A CN111614464B (en) | 2019-01-31 | 2019-01-31 | Method for safely updating secret key in blockchain, node and storage medium |
| CN201910100786.7A CN109831298B (en) | 2019-01-31 | 2019-01-31 | Method for safely updating key in block chain, node and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910100786.7A CN109831298B (en) | 2019-01-31 | 2019-01-31 | Method for safely updating key in block chain, node and storage medium |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010394207.7A Division CN111614464B (en) | 2019-01-31 | 2019-01-31 | Method for safely updating secret key in blockchain, node and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109831298A true CN109831298A (en) | 2019-05-31 |
| CN109831298B CN109831298B (en) | 2020-05-15 |
Family
ID=66862167
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910100786.7A Active CN109831298B (en) | 2019-01-31 | 2019-01-31 | Method for safely updating key in block chain, node and storage medium |
| CN202010394207.7A Active CN111614464B (en) | 2019-01-31 | 2019-01-31 | Method for safely updating secret key in blockchain, node and storage medium |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010394207.7A Active CN111614464B (en) | 2019-01-31 | 2019-01-31 | Method for safely updating secret key in blockchain, node and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN109831298B (en) |
Cited By (27)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110391906A (en) * | 2019-07-25 | 2019-10-29 | 深圳壹账通智能科技有限公司 | Data processing method, electronic device and readable storage medium storing program for executing based on block chain |
| CN110493005A (en) * | 2019-08-09 | 2019-11-22 | 如般量子科技有限公司 | Anti- quantum calculation public key pond update method and system based on alliance's chain |
| CN110489421A (en) * | 2019-08-22 | 2019-11-22 | 腾讯科技(深圳)有限公司 | Date storage method, device, computer readable storage medium and computer equipment |
| CN110505062A (en) * | 2019-08-27 | 2019-11-26 | 杭州云象网络技术有限公司 | A kind of Dynamic Oval curve cryptographic methods applied to alliance's chain |
| CN110519260A (en) * | 2019-08-23 | 2019-11-29 | 联想(北京)有限公司 | A kind of information processing method and information processing unit |
| CN110620668A (en) * | 2019-08-09 | 2019-12-27 | 如般量子科技有限公司 | Block chain-based quantum computation resistant public key pool updating method and system |
| CN110635897A (en) * | 2019-08-28 | 2019-12-31 | 如般量子科技有限公司 | Key updating or downloading method and system based on alliance chain and resisting quantum computing |
| CN110688651A (en) * | 2019-09-25 | 2020-01-14 | 支付宝(杭州)信息技术有限公司 | Method and device for realizing state updating based on FPGA |
| CN110765488A (en) * | 2019-10-28 | 2020-02-07 | 联想(北京)有限公司 | Data storage and reading method and electronic equipment |
| CN111008228A (en) * | 2020-03-09 | 2020-04-14 | 支付宝(杭州)信息技术有限公司 | Method and device for inquiring account privacy information in block chain |
| CN111092727A (en) * | 2020-03-18 | 2020-05-01 | 支付宝(杭州)信息技术有限公司 | Method and device for sharing cluster key |
| CN111092726A (en) * | 2020-03-18 | 2020-05-01 | 支付宝(杭州)信息技术有限公司 | Method and device for generating shared contract key |
| CN111133733A (en) * | 2019-06-21 | 2020-05-08 | 阿里巴巴集团控股有限公司 | Method and system for automatic blockchain deployment based on cloud platform |
| CN111291399A (en) * | 2020-03-05 | 2020-06-16 | 联想(北京)有限公司 | Data encryption method, system, computer system and computer readable storage medium |
| CN111404684A (en) * | 2020-04-14 | 2020-07-10 | 成都质数斯达克科技有限公司 | Key agreement method and device applied to block chain |
| CN111510918A (en) * | 2020-04-28 | 2020-08-07 | 拉扎斯网络科技(上海)有限公司 | Communication method, system, device, electronic equipment and readable storage medium |
| CN111510462A (en) * | 2020-04-28 | 2020-08-07 | 拉扎斯网络科技(上海)有限公司 | Communication method, system, device, electronic equipment and readable storage medium |
| CN111683043A (en) * | 2020-04-26 | 2020-09-18 | 华东师范大学 | Intelligent contract concurrent execution method facing alliance chain and based on trusted execution environment |
| CN111936995A (en) * | 2020-06-08 | 2020-11-13 | 支付宝实验室(新加坡)有限公司 | Distributed storage of customs clearance data |
| CN112073182A (en) * | 2020-07-31 | 2020-12-11 | 成都信息工程大学 | Quantum key management method and system based on block chain |
| WO2021057273A1 (en) * | 2019-09-25 | 2021-04-01 | 支付宝(杭州)信息技术有限公司 | Method and apparatus for realizing efficient contract calling on fpga |
| WO2021057272A1 (en) * | 2019-09-25 | 2021-04-01 | 支付宝(杭州)信息技术有限公司 | Method and apparatus for implementing contract invoking based on fpga |
| CN113079025A (en) * | 2021-04-07 | 2021-07-06 | 上海万向区块链股份公司 | Method and system compatible with multiple public key algorithm signatures |
| CN113326541A (en) * | 2021-08-03 | 2021-08-31 | 之江实验室 | Cloud edge collaborative multi-mode private data transfer method based on intelligent contract |
| CN113343286A (en) * | 2021-08-05 | 2021-09-03 | 江西农业大学 | Data encryption and decryption method, data uploading end, data receiving end and system |
| WO2022193119A1 (en) * | 2021-03-16 | 2022-09-22 | 中国科学院深圳先进技术研究院 | Blockchain data protection method and system |
| WO2022206437A1 (en) * | 2021-03-30 | 2022-10-06 | 支付宝(杭州)信息技术有限公司 | Method and apparatus for querying ledger data of fabric blockchain |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1859086A (en) * | 2005-12-31 | 2006-11-08 | 华为技术有限公司 | Content grading access control system and method |
| CN101330379A (en) * | 2007-06-22 | 2008-12-24 | 华为技术有限公司 | Method and apparatus for down distributing cryptographic key |
| WO2016154001A1 (en) * | 2015-03-20 | 2016-09-29 | Rivetz Corp. | Automated attestation of device integrity using the block chain |
| CN106897879A (en) * | 2017-03-06 | 2017-06-27 | 广东工业大学 | Block chain encryption method based on the PKI CLC close algorithms of isomerization polymerization label |
| CN106899698A (en) * | 2017-04-11 | 2017-06-27 | 张铮文 | A kind of across chain mutual operation method between block chain |
| CN107342858A (en) * | 2017-07-05 | 2017-11-10 | 武汉凤链科技有限公司 | A kind of intelligent contract guard method and system based on trusted context |
| US20170352027A1 (en) * | 2016-06-07 | 2017-12-07 | Cornell University | Authenticated data feed for blockchains |
| CN107919954A (en) * | 2017-10-20 | 2018-04-17 | 浙江大学 | A kind of block chain user key guard method and device based on SGX |
| CN108320160A (en) * | 2018-02-02 | 2018-07-24 | 张超 | Block catenary system, block common recognition method and apparatus |
| WO2018153485A1 (en) * | 2017-02-24 | 2018-08-30 | NEC Laboratories Europe GmbH | Method for mining a block in a decentralized blockchain consensus network |
| CN108959911A (en) * | 2018-06-14 | 2018-12-07 | 联动优势科技有限公司 | A kind of key chain generates, verification method and its device |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE112009005466T5 (en) * | 2009-12-22 | 2012-10-31 | Intel Corporation | Method and apparatus for providing secure application execution |
| EP3520318A4 (en) * | 2016-09-29 | 2020-04-29 | Nokia Technologies Oy | Method and apparatus for trusted computing |
| CN107273759B (en) * | 2017-05-08 | 2020-07-14 | 上海点融信息科技有限责任公司 | Method, apparatus, and computer-readable storage medium for protecting blockchain data |
| CN107294709A (en) * | 2017-06-27 | 2017-10-24 | 阿里巴巴集团控股有限公司 | A kind of block chain data processing method, apparatus and system |
| CN107563228B (en) * | 2017-08-03 | 2021-04-20 | 海光信息技术股份有限公司 | Memory data encryption and decryption method |
| CN108377189B (en) * | 2018-05-09 | 2021-01-26 | 深圳壹账通智能科技有限公司 | Block chain user communication encryption method and device, terminal equipment and storage medium |
-
2019
- 2019-01-31 CN CN201910100786.7A patent/CN109831298B/en active Active
- 2019-01-31 CN CN202010394207.7A patent/CN111614464B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1859086A (en) * | 2005-12-31 | 2006-11-08 | 华为技术有限公司 | Content grading access control system and method |
| CN101330379A (en) * | 2007-06-22 | 2008-12-24 | 华为技术有限公司 | Method and apparatus for down distributing cryptographic key |
| WO2016154001A1 (en) * | 2015-03-20 | 2016-09-29 | Rivetz Corp. | Automated attestation of device integrity using the block chain |
| US20170352027A1 (en) * | 2016-06-07 | 2017-12-07 | Cornell University | Authenticated data feed for blockchains |
| WO2018153485A1 (en) * | 2017-02-24 | 2018-08-30 | NEC Laboratories Europe GmbH | Method for mining a block in a decentralized blockchain consensus network |
| CN106897879A (en) * | 2017-03-06 | 2017-06-27 | 广东工业大学 | Block chain encryption method based on the PKI CLC close algorithms of isomerization polymerization label |
| CN106899698A (en) * | 2017-04-11 | 2017-06-27 | 张铮文 | A kind of across chain mutual operation method between block chain |
| CN107342858A (en) * | 2017-07-05 | 2017-11-10 | 武汉凤链科技有限公司 | A kind of intelligent contract guard method and system based on trusted context |
| CN107919954A (en) * | 2017-10-20 | 2018-04-17 | 浙江大学 | A kind of block chain user key guard method and device based on SGX |
| CN108320160A (en) * | 2018-02-02 | 2018-07-24 | 张超 | Block catenary system, block common recognition method and apparatus |
| CN108959911A (en) * | 2018-06-14 | 2018-12-07 | 联动优势科技有限公司 | A kind of key chain generates, verification method and its device |
Cited By (40)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111133733B (en) * | 2019-06-21 | 2022-03-01 | 创新先进技术有限公司 | Method and system for automatic blockchain deployment based on cloud platform |
| CN111133733A (en) * | 2019-06-21 | 2020-05-08 | 阿里巴巴集团控股有限公司 | Method and system for automatic blockchain deployment based on cloud platform |
| CN110391906A (en) * | 2019-07-25 | 2019-10-29 | 深圳壹账通智能科技有限公司 | Data processing method, electronic device and readable storage medium storing program for executing based on block chain |
| CN110391906B (en) * | 2019-07-25 | 2022-10-25 | 深圳壹账通智能科技有限公司 | Data processing method based on block chain, electronic device and readable storage medium |
| CN110493005A (en) * | 2019-08-09 | 2019-11-22 | 如般量子科技有限公司 | Anti- quantum calculation public key pond update method and system based on alliance's chain |
| CN110493005B (en) * | 2019-08-09 | 2021-11-16 | 如般量子科技有限公司 | Anti-quantum computing public key pool updating method and system based on alliance chain |
| CN110620668A (en) * | 2019-08-09 | 2019-12-27 | 如般量子科技有限公司 | Block chain-based quantum computation resistant public key pool updating method and system |
| CN110620668B (en) * | 2019-08-09 | 2022-11-15 | 如般量子科技有限公司 | Block chain based quantum computation resistant public key pool updating method and system |
| CN110489421A (en) * | 2019-08-22 | 2019-11-22 | 腾讯科技(深圳)有限公司 | Date storage method, device, computer readable storage medium and computer equipment |
| CN110489421B (en) * | 2019-08-22 | 2023-11-14 | 腾讯科技(深圳)有限公司 | Data storage method, apparatus, computer readable storage medium and computer device |
| CN110519260B (en) * | 2019-08-23 | 2020-09-25 | 联想(北京)有限公司 | Information processing method and information processing device |
| CN110519260A (en) * | 2019-08-23 | 2019-11-29 | 联想(北京)有限公司 | A kind of information processing method and information processing unit |
| CN110505062A (en) * | 2019-08-27 | 2019-11-26 | 杭州云象网络技术有限公司 | A kind of Dynamic Oval curve cryptographic methods applied to alliance's chain |
| CN110635897B (en) * | 2019-08-28 | 2021-10-22 | 如般量子科技有限公司 | Key updating or downloading method and system based on alliance chain and resisting quantum computing |
| CN110635897A (en) * | 2019-08-28 | 2019-12-31 | 如般量子科技有限公司 | Key updating or downloading method and system based on alliance chain and resisting quantum computing |
| CN110688651A (en) * | 2019-09-25 | 2020-01-14 | 支付宝(杭州)信息技术有限公司 | Method and device for realizing state updating based on FPGA |
| WO2021057273A1 (en) * | 2019-09-25 | 2021-04-01 | 支付宝(杭州)信息技术有限公司 | Method and apparatus for realizing efficient contract calling on fpga |
| WO2021057272A1 (en) * | 2019-09-25 | 2021-04-01 | 支付宝(杭州)信息技术有限公司 | Method and apparatus for implementing contract invoking based on fpga |
| WO2021057221A1 (en) * | 2019-09-25 | 2021-04-01 | 支付宝(杭州)信息技术有限公司 | Method and apparatus for realizing state update based on fpga |
| CN110765488A (en) * | 2019-10-28 | 2020-02-07 | 联想(北京)有限公司 | Data storage and reading method and electronic equipment |
| CN111291399B (en) * | 2020-03-05 | 2023-01-17 | 联想(北京)有限公司 | Data encryption method, system, computer system and computer readable storage medium |
| CN111291399A (en) * | 2020-03-05 | 2020-06-16 | 联想(北京)有限公司 | Data encryption method, system, computer system and computer readable storage medium |
| WO2021179743A1 (en) * | 2020-03-09 | 2021-09-16 | 支付宝(杭州)信息技术有限公司 | Method and apparatus for querying account privacy information in blockchain |
| CN111008228A (en) * | 2020-03-09 | 2020-04-14 | 支付宝(杭州)信息技术有限公司 | Method and device for inquiring account privacy information in block chain |
| CN111092727A (en) * | 2020-03-18 | 2020-05-01 | 支付宝(杭州)信息技术有限公司 | Method and device for sharing cluster key |
| CN111092726A (en) * | 2020-03-18 | 2020-05-01 | 支付宝(杭州)信息技术有限公司 | Method and device for generating shared contract key |
| WO2021184962A1 (en) * | 2020-03-18 | 2021-09-23 | 支付宝(杭州)信息技术有限公司 | Method and apparatus for generating shared contract key |
| CN111404684A (en) * | 2020-04-14 | 2020-07-10 | 成都质数斯达克科技有限公司 | Key agreement method and device applied to block chain |
| CN111404684B (en) * | 2020-04-14 | 2023-02-21 | 成都质数斯达克科技有限公司 | Key agreement method and device applied to block chain |
| CN111683043A (en) * | 2020-04-26 | 2020-09-18 | 华东师范大学 | Intelligent contract concurrent execution method facing alliance chain and based on trusted execution environment |
| CN111510918B (en) * | 2020-04-28 | 2022-08-02 | 拉扎斯网络科技(上海)有限公司 | Communication method, system, device, electronic equipment and readable storage medium |
| CN111510462A (en) * | 2020-04-28 | 2020-08-07 | 拉扎斯网络科技(上海)有限公司 | Communication method, system, device, electronic equipment and readable storage medium |
| CN111510918A (en) * | 2020-04-28 | 2020-08-07 | 拉扎斯网络科技(上海)有限公司 | Communication method, system, device, electronic equipment and readable storage medium |
| CN111936995A (en) * | 2020-06-08 | 2020-11-13 | 支付宝实验室(新加坡)有限公司 | Distributed storage of customs clearance data |
| CN112073182A (en) * | 2020-07-31 | 2020-12-11 | 成都信息工程大学 | Quantum key management method and system based on block chain |
| WO2022193119A1 (en) * | 2021-03-16 | 2022-09-22 | 中国科学院深圳先进技术研究院 | Blockchain data protection method and system |
| WO2022206437A1 (en) * | 2021-03-30 | 2022-10-06 | 支付宝(杭州)信息技术有限公司 | Method and apparatus for querying ledger data of fabric blockchain |
| CN113079025A (en) * | 2021-04-07 | 2021-07-06 | 上海万向区块链股份公司 | Method and system compatible with multiple public key algorithm signatures |
| CN113326541A (en) * | 2021-08-03 | 2021-08-31 | 之江实验室 | Cloud edge collaborative multi-mode private data transfer method based on intelligent contract |
| CN113343286A (en) * | 2021-08-05 | 2021-09-03 | 江西农业大学 | Data encryption and decryption method, data uploading end, data receiving end and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109831298B (en) | 2020-05-15 |
| CN111614464A (en) | 2020-09-01 |
| CN111614464B (en) | 2023-09-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109831298A (en) | The method of security update key and node, storage medium in block chain | |
| CN110020855A (en) | Method, the node, storage medium of secret protection are realized in block chain | |
| CN109886682A (en) | The method and node, storage medium that contract calls are realized in block chain | |
| CN110032884A (en) | The method and node, storage medium of secret protection are realized in block chain | |
| CN110008736A (en) | The method and node, storage medium of secret protection are realized in block chain | |
| CN109936626A (en) | Method, node and the storage medium of secret protection are realized in block chain | |
| CN110008735A (en) | The method and node, storage medium that contract calls are realized in block chain | |
| CN110032883A (en) | Method, system and the node of secret protection are realized in block chain | |
| CN110033267A (en) | Method, node, system and the storage medium of secret protection are realized in block chain | |
| CN110032885A (en) | Method, node and the storage medium of secret protection are realized in block chain | |
| CN110060054A (en) | Method, node, system and the storage medium of secret protection are realized in block chain | |
| CN110008715A (en) | The method and node, storage medium of secret protection are realized in block chain | |
| CN110223172A (en) | The receipt storage method and node of conditional combination code mark and type dimension | |
| CN110020549A (en) | Method, node and the storage medium of secret protection are realized in block chain | |
| CN110264195A (en) | It is marked and transaction, the receipt storage method of user type and node in conjunction with code | |
| CN110263544A (en) | In conjunction with the receipt storage method and node of type of transaction and Rule of judgment | |
| CN110245490A (en) | The receipt storage method and node of conditional combination code mark and type dimension | |
| CN110020856A (en) | Method, node and the storage medium of three handed deal are realized in block chain | |
| CN110264196A (en) | In conjunction with the conditional receipt storage method and node of code mark and user type | |
| CN110032876A (en) | Method, node and the storage medium of secret protection are realized in block chain | |
| CN110264198A (en) | In conjunction with the conditional receipt storage method and node of code mark and type of transaction | |
| CN110263086A (en) | In conjunction with the receipt storage method and node of user type and event functions type | |
| CN110245503A (en) | In conjunction with the receipt storage method and node of code mark and Rule of judgment | |
| CN110263087A (en) | Receipt storage method and node based on various dimensions information and with condition limitation | |
| CN110266644A (en) | In conjunction with the receipt storage method and node of code mark and type of transaction |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20200925 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Patentee after: Innovative advanced technology Co.,Ltd. Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Patentee before: Advanced innovation technology Co.,Ltd. Effective date of registration: 20200925 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Patentee after: Advanced innovation technology Co.,Ltd. Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands Patentee before: Alibaba Group Holding Ltd. |