CN110020856A

CN110020856A - Method, node and the storage medium of three handed deal are realized in block chain

Info

Publication number: CN110020856A
Application number: CN201910100731.6A
Authority: CN
Inventors: 闫莺; 魏长征
Original assignee: Alibaba Group Holding Ltd
Current assignee: Ant Blockchain Technology Shanghai Co Ltd
Priority date: 2019-01-31
Filing date: 2019-01-31
Publication date: 2019-07-16
Anticipated expiration: 2039-01-31
Also published as: CN110020856B

Abstract

The embodiment of this specification provides method, node and the storage medium that three handed deal is realized in a kind of block chain, and this method may include: that the first block chain node receives transaction, and the transaction includes the type field of plaintext；The value of first block chain node type field according to contained by the transaction identifies the transaction for transaction in plain text or privacy transaction；First block chain node executes the plaintext transaction except credible performing environment, and obtained plaintext implementing result is stored to the external memory space except the credible performing environment；Privacy transaction is decrypted in first block chain node, to obtain corresponding plaintext transaction content；The plaintext transaction content is executed in credible performing environment, and obtained plaintext implementing result is encrypted as exporting from the credible performing environment after ciphertext implementing result；Store function code is executed except the credible performing environment, and the ciphertext implementing result is stored to the external memory space.

Description

Method, node and the storage medium of three handed deal are realized in block chain

Technical field

This specification one or more embodiment is related to realizing in block chain technical field more particularly to a kind of block chain mixed Close method, node and the storage medium of transaction.

Background technique

Block chain technology constructs on transmission network (such as point to point network).Network node in transmission network utilizes Linked data structure is verified and storing data, and knows together algorithm using distributed node to generate and more new data.These areas Node in block chain network is sometimes for increase.

Technically maximum two challenges are exactly privacy and performance to the block platform chain of enterprise-level at present, and often the two are chosen War is difficult to solve simultaneously.Most solutions are all to exchange privacy for by losing performance, or less consider that privacy goes the property pursued Energy.The encryption technology of common solution privacy concern, as homomorphic cryptography (Homomorphic encryption) and Zero Knowledge are demonstrate,proved Complexities such as bright (Zero-knowledge proof) are high, poor universality, but also may bring serious performance loss.

In terms of solving privacy, credible performing environment (Trusted Execution Environment, TEE) is another Kind settling mode.TEE can play the role of the black box in hardware, the code and data operating system layer executed in TEE all without Method is peeped, and interface predetermined can just operate on it only in code.In terms of efficiency, due to the black box property of TEE, Carry out operation in TEE is clear data, rather than the complicated cryptography arithmetic in homomorphic cryptography, calculating process efficiency do not have Loss, thus combine with TEE the safety that block chain can be largely promoted under the premise of performance loss is lesser and Privacy.Industry very pays close attention to the scheme of TEE at present, and the chip and software league of nearly all mainstream have the TEE of oneself Solution, TPM (Trusted Platform Module, reliable platform module) and hardware side including software aspects Intel SGX (Software Guard Extensions, software protection extension), the ARM Trustzone (trusted domain) in face and AMD PSP (Platform Security Processor, platform safety processor).

Summary of the invention

In view of this, this specification one or more embodiment provide realized in a kind of block chain three handed deal method, Node and storage medium.

To achieve the above object, it is as follows to provide technical solution for this specification one or more embodiment:

Three handed deal is realized in a first aspect, proposing in a kind of block chain according to this specification one or more embodiment Method, comprising:

First block chain node receives transaction, and the transaction includes the type field of plaintext；

The value of first block chain node type field according to contained by the transaction, identify it is described transaction in plain text transaction or Privacy transaction；

First block chain node executes the plaintext transaction except credible performing environment, and obtained plaintext is executed knot Fruit stores to the external memory space except the credible performing environment；

Privacy transaction is decrypted in first block chain node, to obtain corresponding plaintext transaction content；Credible It executes the plaintext transaction content in performing environment, and obtained plaintext implementing result is encrypted as after ciphertext implementing result from institute It states and is exported in credible performing environment；Store function code is executed except the credible performing environment, and the ciphertext is executed As a result it stores to the external memory space.

According to the second aspect of this specification one or more embodiment, proposes in a kind of block chain and realize three handed deal Method, comprising:

First block chain node executes the plaintext transaction except credible performing environment, and obtained plaintext is executed knot Fruit stores to the external memory space except the credible performing environment.

According to the third aspect of this specification one or more embodiment, proposes in a kind of block chain and realize three handed deal Method, comprising:

Privacy transaction is decrypted in first block chain node, to obtain corresponding plaintext transaction content；Credible It executes the plaintext transaction content in performing environment, and obtained plaintext implementing result is encrypted as after ciphertext implementing result from institute It states and is exported in credible performing environment；Store function code is executed except the credible performing environment, and the ciphertext is executed As a result it stores to the external memory space except the credible performing environment.

According to the fourth aspect of this specification one or more embodiment, proposes in a kind of block chain and realize three handed deal Node, comprising:

Receiving unit, for receiving transaction, the transaction includes the type field of plaintext；

Recognition unit, for the value of the type field according to contained by the transaction, identify the transaction for transaction in plain text or Privacy transaction；

Plaintext transaction handling unit, for executing the plaintext transaction except credible performing environment, and it is bright by what is obtained Literary implementing result is stored to the external memory space except the credible performing environment；

Privacy transaction handling unit, for privacy transaction to be decrypted, to obtain corresponding plaintext transaction content； The plaintext transaction content is executed in credible performing environment, and obtained plaintext implementing result is encrypted as ciphertext implementing result It is exported from the credible performing environment afterwards；Store function code is executed except the credible performing environment, it will be described close Literary implementing result is stored to the external memory space.

According to the 5th of this specification one or more embodiment aspect, proposes in a kind of block chain and realize three handed deal Node, comprising:

Plaintext transaction handling unit, for executing the plaintext transaction except credible performing environment, and it is bright by what is obtained Literary implementing result is stored to the external memory space except the credible performing environment.

According to the 6th of this specification one or more embodiment aspect, proposes in a kind of block chain and realize three handed deal Node, comprising:

Decryption unit, for privacy transaction to be decrypted, to obtain corresponding plaintext transaction content；

Execution unit is executed for executing the plaintext transaction content in credible performing environment, and by obtained plaintext As a result it is exported from the credible performing environment after being encrypted as ciphertext implementing result；

Storage unit executes the ciphertext for executing store function code except the credible performing environment As a result it stores to the external memory space except the credible performing environment.

According to the 7th of this specification one or more embodiment the aspect, a kind of computer readable storage medium is proposed, It is stored thereon with computer instruction, is realized when which is executed by processor such as first aspect, second aspect or third aspect institute The step of stating method.

Detailed description of the invention

Fig. 1 is the flow chart that the method for three handed deal is realized in a kind of block chain of exemplary embodiment offer.

Fig. 2 is a kind of schematic diagram for three handed deal that an exemplary embodiment provides.

Fig. 3 is a kind of schematic diagram for creation intelligence contract that an exemplary embodiment provides.

Fig. 4 is a kind of schematic diagram for calling intelligence contract that an exemplary embodiment provides.

Fig. 5 is the schematic diagram of a kind of creation and the intelligent contract of calling that an exemplary embodiment provides.

Fig. 6 is the flow chart that the method for three handed deal is realized in another block chain of exemplary embodiment offer.

Fig. 7 is the flow chart that the method for three handed deal is realized in another block chain of exemplary embodiment offer.

Fig. 8 is the composition figure that the node of secret protection is realized in a kind of block chain of exemplary embodiment offer.

Fig. 9 is the composition figure that the node of three handed deal is realized in another block chain of exemplary embodiment offer.

Figure 10 is the composition figure that the node of three handed deal is realized in another block chain of exemplary embodiment offer.

Specific embodiment

Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with this specification one or more embodiment.Phase Instead, they are only some aspects phases with the one or more embodiments of as detailed in the attached claim, this specification The example of consistent device and method.

It should be understood that the sequence that might not show and describe according to this specification in other embodiments executes The step of correlation method.In some other embodiments, step included by method can than described in this specification more It is more or less.In addition, single step described in this specification, may be broken down into other embodiments multiple steps into Row description；And multiple steps described in this specification, it may also be merged into single step progress in other embodiments Description.

Block chain is normally divided into three types: publicly-owned chain (Public Blockchain), privately owned chain (Private ) and alliance's chain (Consortium Blockchain) Blockchain.In addition, there are also a plurality of types of combinations, such as privately owned chain The different combinations such as+alliance chain, alliance's chain+publicly-owned chain.It is publicly-owned chain that wherein decentralization degree is highest.Publicly-owned chain with than Special coin, ether mill are representative, and the participant that publicly-owned chain is added can read data record on chain, participate in business and compete newly Book keeping operation power of block etc..Moreover, each participant's (i.e. node) freely can be added and exit network, and carry out relevant operation.It is private There is chain then on the contrary, the write-in permission of the network is by some tissue or mechanism controls, reading data permission is by organization prescribed.Simply For, privately owned chain can be weak center's system, and participating in node has stringent limitation and less.Such block chain is more It is suitable for using inside particular organization.Alliance's chain is then block chain between publicly-owned chain and privately owned chain, it can be achieved that " part Decentralization ".Each node usually has corresponding physical mechanism or tissue in alliance's chain；Participant is added by authorization Enter network and composition interests correlation alliance, it is common to safeguard the operation of block chain.

Below in conjunction with the realization for the embodiment of the method for illustrating to realize three handed deal shown in Fig. 1 in one block chain of this specification Journey:

Step 102, the first block chain node receives transaction, and the transaction includes the type field of plaintext.

In one embodiment, transaction can be committed to the first block chain node by client.For example, user is raw in client After the transaction, transaction is committed to by the first block chain node by the client.By taking Fig. 2 as an example, in the first block chain node Comprising transaction/query interface, which can dock with client, and client is submitted to the first block chain node and is handed over Easily.

The transaction can also be forwarded to the first block chain node by the second block chain node.For example, user is raw in client After the transaction, which is committed to by the second block chain node by the client；Then, the second block chain link point is further The transaction is forwarded to the first block chain node.By taking Fig. 2 as an example, above-mentioned interface can be docked with other block chain nodes, such as should Other block chain nodes may include the second above-mentioned block chain node, allow the second block chain node to the first block chain Node transmitted transaction.Similarly, the second block chain node can also be docked by the transaction/query interface of itself with client, with Receive the transaction that client is submitted.

Such as proved using proof of work (Proof of Work, POW) and equity (Proof of Stake, POS), equity is appointed to prove in the block chain network of the common recognition such as (Delegated Proof of Stake, DPOS) algorithm, second Block chain node is after the transaction for receiving client submission, other blocks of diffusion immediately (as broadcasted) into ether mill network Chain node.

Using practical Byzantine failure tolerance (Practical Byzantine Fault Tolerance, PBFT) for another example Etc. in the block chain network of mechanism, accounting nodes have been agreed upon before epicycle book keeping operation, so that the second block chain node is receiving After the transaction that client is submitted, if itself not being accounting nodes, which is sent to fixed accounting nodes, so that The accounting nodes transmit transaction (including the transaction) to each verifying node in the further common recognition stage.And when second It, can be with after other block chain link points receive the transaction of client submission when block chain node itself is fixed accounting nodes Transaction is forwarded to the second block chain node；Then, the second block chain node can common recognition the stage by above-mentioned transaction (or also Including other transaction) it transmits to each verifying node, including the first block chain node.

Step 104, the value of first block chain node type field according to contained by the transaction identifies that the transaction is bright Text transaction or privacy transaction.

In one embodiment, by adding type field in transaction, the first block chain is allowed to identify transaction accordingly Type is transaction in plain text or privacy transaction.In the related art, such as in the network of ether mill, transaction generally comprise to, The fields such as value, data.And the present embodiment increases by a type field on the basis of the relevant technologies in transaction, for example characterizes For type field, and the value based on the type field, show the type of relationship trading；For example, when type field takes for first When value, shows relationship trading to trade in plain text, when type field is the second value, show relationship trading for privacy transaction.

In one embodiment, all the elements of transaction are all made of plaintext version in plain text, i.e. each field of the transaction is adopted With plaintext version, the first block chain node is directly read out to each field of plaintext transaction, to implement phase Pass processing.Other than type field is using plaintext version, other fields are all made of ciphertext form for privacy transaction, so that on the one hand First block chain node can quickly identify type of transaction without decryption, thus for transaction and privacy in plain text Differentiation processing is implemented in transaction, on the other hand makes it only by using ciphertext form and can be held the object of key to be decrypted And reading, avoid Transaction Information from revealing.

Step 106A, the first block chain node execute plaintext transaction except credible performing environment, and will obtain Plaintext implementing result is stored to the external memory space except the credible performing environment.

In one embodiment, the first block chain node is compatible in the related technology for the processing capacity of plaintext transaction, can be with Plaintext transaction is handled except credible performing environment, and plaintext implementing result is stored to external memory space.Such as Shown in Fig. 2, the first block chain node can be divided into conventional performing environment and credible performing environment, and client is submitted (with client Hold submit transaction for) transaction initially enter " transaction/query interface " in conventional performing environment carry out type identification, general The plaintext transaction identified stays in the privacy transaction transport that is handled in conventional performing environment, and will identify that credible execution It is handled in environment.In other words, the first block chain node can be not only compatible in the related technology for the processing of plaintext transaction, but also It can trade and handle to the privacy of ciphertext form, thus real to plaintext transaction and privacy transaction in entire block chain network Existing mixed processing.

Transaction in this specification can be used to implement relatively simple processing logic, for example be similar in the related technology It transfers accounts logic.

Transaction in this specification can be also used for realizing relative complex processing logic, here can be by means of intelligent conjunction About realize.Whether publicly-owned chain, privately owned chain or alliance's chain may all provide the function of intelligent contract.Intelligence on block chain Energy contract is the contract that can be executed by transaction triggering on block catenary system.Intelligent contract can be determined by way of code Justice.Certainly, above-mentioned plaintext transaction content might not be related to intelligent contract, for example the plaintext transaction content only includes to transfer accounts Information etc., but by using plaintext transaction content relevant to intelligent contract, relatively more complicated processing logic may be implemented.

By taking ether mill as an example, user is supported to create in the network of ether mill and call the logic of some complexity, this is ether Mill is different from the ultimate challenge of bit coin block chain technology.Ether mill is ether mill void as the core of a programmable block chain Quasi- machine (EVM), each ether mill node can run EVM.EVM is the complete virtual machine of figure spirit, it means that can be with The logic of various complexity is realized by it.It is exactly to run on EVM that user, which issues in ether mill and call intelligent contract,.It is real On border, what virtual machine was directly run is virtual machine code (Virtual Machine bytecodes, lower abbreviation " bytecode ").It is deployed on block chain Intelligent contract can be the form of bytecode.

Such as shown in Fig. 3, after a transaction comprising the intelligent contract information of creation is sent ether mill network by Bob, section The EVM of point 1 can execute this and trade and generate corresponding contract example.What the data field of transaction saved can be byte Code, the to field of transaction are an empty account.After being reached an agreement between node by common recognition mechanism, this contract is successfully created, Subsequent user can call this contract.

Contract creation after, on block chain occur a contract account corresponding with the intelligence contract, and possess one it is specific Address, contract code and account storage will be stored in the contract account.The behavior of intelligent contract is controlled by contract code, and The account storage of intelligent contract then saves the state of contract.In other words, intelligent contract to generate on block chain comprising closing The about virtual account of code and account storage (Storage).

It is previously mentioned, the byte that can be the intelligence contract saved comprising creating the data field of transaction of intelligent contract Code.Bytecode is made of a series of byte, and each byte can identify an operation.It is more based on development efficiency, readability etc. From the aspect of, developer can not directly write bytecode, but select a high level language intelligence contract code.It is advanced The intelligent contract code that language is write, compiles by compiler, generates bytecode, and then the bytecode can be deployed to block chain On.There are many high-level language that ether mill is supported, such as Solidity, Serpent, LLL language.

In addition, as shown in figure 4, Bob is by one comprising calling the transaction of intelligent contract information to send still by taking ether mill as an example To after the network of ether mill, the EVM of node 1 can execute this and trade and generate corresponding contract example.It trades in 4 in figure From field is the address for initiating to call the account of intelligent contract, and " 0x692a70d2 ... " in field represents called The address of intelligent contract, value field are the value of ether coin in ether mill, and the calling that the data field of transaction saves intelligently is closed Method and parameter about.After calling intelligent contract, the value of balance may change.Subsequent, some client can be by a certain Block chain node checks the current value of balance.

Intelligent contract can be executed by each node disjoint of the defined mode in block chain network, all execution Record and data are all stored on block chain, so just saving on block chain can not distort, no after the completion of such transaction The transaction certificate that can be lost.

It creates intelligent contract and calls the schematic diagram of intelligent contract as shown in Figure 5.An intelligence is created in ether mill to close About, it needs by writing intelligent contract, becoming bytecode, be deployed to the processes such as block chain.Intelligent contract is called in ether mill, is The transaction for being directed toward intelligent contract address is initiated, intelligent contract code operates in each node in the network of ether mill in a distributed manner Virtual machine in.

Privacy transaction is decrypted in step 106B, the first block chain node, to obtain in corresponding transaction in plain text Hold；The plaintext transaction content is executed in credible performing environment, and obtained plaintext implementing result is encrypted as ciphertext and is executed As a result it is exported from the credible performing environment after；Store function code is executed except the credible performing environment, by institute Ciphertext implementing result is stated to store to the external memory space.

In one embodiment, the first block chain node can be in credible performing environment (Trusted Execution Environment, TEE) in decryption privacy transaction.TEE is the security extension based on CPU hardware, and with it is external completely every From credible performing environment.TEE is the concept proposed by Global Platform earliest, for solving resource in mobile device Security isolation, be parallel to operating system and credible and secure performing environment be provided for application program.The Trust Zone technology of ARM The TEE technology of real commercialization is realized earliest.

Along with the high speed development of internet, safe demand is higher and higher, is not limited only to mobile device, cloud device, Data center all proposes more demands to TEE.The concept of TEE has also obtained the development and expansion of high speed.Now described TEE is compared to the TEE for the concept initially proposed being more broad sense.For example, server chips manufacturer Intel, AMD etc. are first It is proposed the TEE of hardware auxiliary afterwards and enriches the concept and characteristic of TEE, is had been widely recognized in industry.It mentions now The TEE risen usually more refers to the TEE technology of this kind of hardware auxiliary.Different from mobile terminal, cloud access needs to remotely access, terminal User is invisible to hardware platform, therefore seeks to the genuine and believable of confirmation TEE using the first step of TEE.Therefore present TEE Technology all introduces remote proving mechanism, is endorsed by hardware vendor (mainly CPU manufacturer) and is ensured by digital signature technology User can verify that TEE state.It is simultaneously only the demand for security that the resource isolation of safety is also unable to satisfy, further data Secret protection is also suggested.Including Intel SGX, the commercial TEE including AMD SEV also both provides memory encryption technology, will Reliable hardware is limited to inside CPU, and the data of bus and memory are that ciphertext prevents malicious user from being spied upon.For example, Ying Te Your software protection extends code execution, remote proving, security configuration, the secure storage of data such as (SGX) TEE technology insulation And the trusted path for executing code.The application program run in TEE is kept safe, as a consequence it is hardly possible to by third Side's access.

By taking Intel SGX technology as an example, SGX provides enclosure (enclave, also referred to as enclave), i.e., one adds in memory Close credible execution region, protects data not to be stolen by CPU.By taking the first block chain node is using the CPU for supporting SGX as an example, Using newly-increased processor instruction, a part of region EPC (Enclave Page Cache, enclosure page can be distributed in memory Face caching or enclave page cache), by the crypto engine MEE (Memory Encryption Engine) in CPU to wherein Data encrypted.The content encrypted in EPC, which only enters after CPU, can just be decrypted into plain text.Therefore, in SGX, user It can distrust operating system, VMM (Virtual Machine Monitor, monitor of virtual machine), even BIOS (Basic Input Output System, basic input output system), it is only necessary to trust CPU just and can ensure that private data will not leak. It in practical application, is transferred in enclosure after private data being encrypted with ciphertext form, and will be corresponding by remote proving Code key is also passed to enclosure.Then, operation is carried out using data under the encipherment protection of CPU, as a result can be returned with ciphertext form.This Under kind mode, powerful calculating power not only can use, but also do not have to concern of data and leak.

It is assumed that above-mentioned privacy transaction is generated by user in a certain client, which can firstly generate hands in plain text Then easy content encrypts the plaintext transaction content with key.The encryption can use symmetric cryptography, can also use non- Symmetric cryptography.Correspondingly, the first block chain node can decrypt the privacy with corresponding key and trade, and be traded in plain text with obtaining Content.If client symmetric cryptography mode, i.e., plaintext transaction content is encrypted with the private key of symmetric encipherment algorithm, then accordingly Ground, the first block chain node can decrypt the privacy with the private key of the symmetric encipherment algorithm and trade.What symmetric cryptography used Encryption Algorithm, e.g. DES algorithm, 3DES algorithm, TDEA algorithm, Blowfish algorithm, RC5 algorithm, IDEA algorithm etc..Symmetrically The key of Encryption Algorithm, such as can be and negotiate to determine by client and the first block chain node.

If encrypted with the private key of rivest, shamir, adelman to plaintext transaction content, then phase with asymmetric encryption mode Ying Di, the first block chain node can decrypt the privacy with the private key of the rivest, shamir, adelman and trade.Asymmetric encryption Algorithm, e.g. RSA, Elgamal, knapsack algorithm, Rabin, D-H, ECC (elliptic curve encryption algorithm) etc..Asymmetric encryption The key of algorithm, such as can be and a pair of of public key and private key are generated by the first block chain node, and by public key before step 402 It is sent to the client, so that client described in step 402 can encrypt plaintext transaction content with key.

The key of rivest, shamir, adelman can also be generated by a Key Management server.Pass through the side of remote proving Private key is sent to the first block chain node by formula, Key Management server, specifically, can be incoming first block chain node In enclosure.First block chain node may include multiple enclosures, and the safety that above-mentioned private key can be passed into these enclosures is enclosed Circle；For example, the safe enclosure can be QE (Quoting Enclave) enclosure, rather than AE (Application Enclave) encloses Circle.For the public key of asymmetric encryption, the client can be sent to by Key Management server.Thus in step 402, The client can use the public key encryption plaintext transaction content, and correspondingly, the first block chain node can use the private key solution The close privacy transaction, to obtain the plaintext transaction content that privacy transaction includes.

Client can also be in such a way that symmetric cryptography combination asymmetric encryption combines.For example, client use pair Claim Encryption Algorithm encrypting plaintext transaction content, that is, uses the private key encryption plaintext transaction content of symmetric encipherment algorithm, and with non-right Claim the private key used in Encryption Algorithm cryptographic symmetrical Encryption Algorithm.In general, using the public key encryption pair of rivest, shamir, adelman Claim the private key used in Encryption Algorithm.In this way, after the first block chain node receives the transaction of encryption, it can be first using asymmetric The private key of Encryption Algorithm is decrypted, and obtains the private key of symmetric encipherment algorithm, and then decrypted with the private key of symmetric encipherment algorithm To plaintext transaction content.

For example, the private key of rivest, shamir, adelman can be sent to the firstth area by remote proving by Key Management server The enclosure of block chain node, and the private key of rivest, shamir, adelman is sent to the client.Thus, the client can adopt With the private key encryption plaintext transaction content of symmetric encipherment algorithm, that is, use in the private key encryption plaintext transaction of symmetric encipherment algorithm Hold, and with the private key used in the public key encryption symmetric encipherment algorithm of rivest, shamir, adelman.In turn, the client can incite somebody to action Privacy transaction and encryption key (by rivest, shamir, adelman public key to the private key used in the symmetric encipherment algorithm into Obtained after row encryption) it is sent to the first block chain node.First block chain node receives the privacy transaction and encryption key Afterwards, first the encryption key can be decrypted with the private key of rivest, shamir, adelman to obtain the private key of symmetric encipherment algorithm, into And decrypt the privacy with the private key of the symmetric encipherment algorithm and trade, obtain plaintext transaction content.Here cipher mode is general Referred to as digital envelope encrypts.

After privacy transaction is decrypted in first block chain node, plaintext transaction content is obtained.Plaintext transaction content can be with Code comprising intelligent contract, for creating intelligent contract in block chain；Plaintext transaction content may include in block chain The contract address of a certain intelligent contract created, for calling the intelligence contract.

Either for creating or calling intelligent contract, the first block chain node can be by executing generation of the intelligence contract Code, to complete to trade.First block chain node can execute the code of the intelligent contract in credible performing environment.Work as intelligence When the code of contract is located in privacy transaction, the first block chain node to privacy transaction by being decrypted to obtain above-mentioned plaintext Transaction content, the code of the intelligent contract in the plaintext transaction content comprising plaintext；When intelligent contract has created in advance, privacy is handed over When being easy for calling the intelligence contract, if the intelligence contract carries out encryption storage by the first block chain link point in advance, and this One block chain node can be by reading in the code of the intelligent contract of ciphertext in credible performing environment, and decrypts and obtain plaintext The code of intelligent contract.Multinest structure may be implemented between intelligent contract；Such as the code in intelligence and about 1 has invoked intelligence Can be with about 2, and the code in intelligence and about 2 has been directed toward the contract address 3 through creating intelligent contract code building, to work as privacy When the code in intelligence and about 1 is called in transaction, the intelligent contract code in the contract address 3 is had invoked indirectly.

In one embodiment, there may be multiple corresponding intelligent contracts for the ciphertext transaction, and in ciphertext transaction The processing type that each intelligent contract marks respectively is existed for, the first block chain node is directed in ciphertext transaction not The processing operation of differentiation is used with the intelligent contract of processing type；Wherein, plaintext implementing result described above includes each The corresponding plaintext contract implementing result of intelligent contract.For example, may include a type field in the code of intelligent contract, the One block chain node can in the code based on each intelligent contract contained type field value, determine that the intelligence contract is hidden Privates manages type or in plain text processing type；For another example privacy processing type intelligent contract in may include privacy identifier, The intelligent contract of processing type can not include the privacy identifier in plain text；In another example the intelligent contract of processing type can in plain text The plaintext identifier can not included with the intelligent contract comprising plaintext identifier, privacy processing type；Correspondingly, the first block Chain node can be based on above-mentioned difference, distinguish the intelligent contract of different disposal type.

It is assumed that the ciphertext transaction, there are the corresponding first intelligent contract, which is noted as privacy processing Type, the first block chain node can execute the first intelligent contract in credible performing environment, obtain corresponding plaintext contract Implementing result, and further by key pair, the corresponding plaintext contract implementing result of the first intelligence contract carries out being encrypted as ciphertext Contract implementing result, then above-mentioned ciphertext implementing result includes the ciphertext contract implementing result, which can To realize ciphertext storage in external memory space.

It is assumed that the ciphertext transaction, there are the corresponding second intelligent contract, which is noted as handling in plain text Type, the first block chain node can execute the second intelligent contract in credible performing environment, obtain corresponding plaintext contract Implementing result, but without further implementing cryptographic operation, above-mentioned ciphertext implementing result may include the plaintext contract and execute knot Fruit, the plaintext contract implementing result can realize stored in clear in external memory space.

As it can be seen that when each intelligent contract that ciphertext transaction includes is privacy processing type, ciphertext implementing result Include these corresponding ciphertext contract implementing results of intelligence contract；When the ciphertext is traded while handling type comprising privacy When handling the intelligent contract of type with plaintext, ciphertext implementing result includes that these corresponding ciphertext contracts of intelligence contracts execute As a result with plaintext contract implementing result.

The ciphertext transaction can be used for creating intelligent contract and/or call intelligent contract.

When the ciphertext is traded for creating intelligent contract, the to field in transaction is sky, and can be in data field The code of multiple intelligent contracts for needing to create is separately included, and the processing type of corresponding intelligent contract can be marked in code. So, for the intelligent contract of privacy processing type, the first block chain node can be created as the intelligent contract of privacy type, should The code of intelligent contract is stored in external memory space with ciphertext form.The intelligent contract of type, the firstth area are handled for plaintext Block chain node can be created as the intelligent contract of plaintext type, and the code of the intelligence contract is stored in external storage with plaintext version Space.

When the ciphertext is traded for calling intelligent contract, n to field may include in transaction, to correspond respectively to N different contracts call, for example, to1 field be intelligence and about 1 address, to be called for the intelligence and about 1, to2 Field be intelligence and about 2 address, to be called for the intelligence and about 2.So, it is called for each contract, it can be with Indicate corresponding processing type in data field respectively: when intelligence and about 1 be noted as privacy processing type when, no matter the intelligence About 1 intelligent contract as privacy type or plaintext type, the first block chain node execute the intelligence and about 1, make After corresponding contract state changes, store after being encrypted to the contract state to external memory space；When intelligent conjunction About 2 when being noted as handling type in plain text, the intelligence and about 2 it is general should be plaintext type intelligent contracts (it is certain, do not arrange Except intelligence and about 2 be privacy type intelligent contract the case where), the first block chain node execute the intelligence and about 2, make phase After the contract state answered changes, stored in clear is carried out to external memory space to the contract state.

Certainly, when ciphertext is traded for calling intelligent contract, if multiple contracts call to same intelligent contract into Row calls, and can only include a to field in transaction, and the value of the to field is the address of called intelligent contract, and Data field may include the information repeatedly called for implementation needed for the same intelligent contract.For example called intelligence is closed About for implementing transfer operation in given time, then the ground of the intelligence contract can be written in field in ciphertext transaction Location is respectively written into the information of each calling in data field, for example each calling wishes at the time of generation, transfers accounts and object and transfer accounts Amount of money etc., and mark wishes the processing type used respectively；For example, when calling 1 to wish to be transferred to the amount of money to account U1 in moment t1 M1, when being labeled as privacy processing type, the first block chain node can call the intelligence contract to complete to transfer accounts, and by contract shape State encryption after store to external memory space, and when call 2 wish moment t2 to account U2 be transferred to amount of money M2, be labeled as in plain text When handling type, the first block chain node can call the intelligence contract to complete to transfer accounts, and extremely by contract state stored in clear External memory space.

When the ciphertext is traded for creating and calling intelligent contract, all creation intelligence contracts can correspond to one The to field of a sky, and the intelligent contract of each calling can according to circumstances use one or more to field, this can refer to upper State correlation circumstance when calling intelligent contract.Correspondingly, data field may include the code for the intelligent contract that need to be created, the generation The processing type and data field that related intelligent contract can be marked in code may include for called intelligent contract and The processing type of mark.First block chain node correspondingly can create and call intelligent contract according to the processing type of mark, It can be respectively with reference to the embodiment of above-mentioned creation intelligence contract and the intelligent contract of calling.

Specifically, the first block chain node can use the processor instruction increased newly in CPU, one can be distributed in memory Partial region EPC carries out encryption to above-mentioned plaintext code by the crypto engine MEE in CPU and is stored in the EPC.In EPC The content of encryption is decrypted into plain text after entering CPU.In CPU, operation is carried out to the code of the plaintext, completion executed Journey.

In SGX technology, the code of the intelligent contract is executed, EVM can be loaded into the enclosure.In remote proving In the process, the Key Management server can calculate the hash value of local EVM code, and with loaded in the first block chain node The hash value of EVM code compare, comparison result is correctly as by a necessary condition of remote proving, so that completion is to the The measurement of the code of one block chain node SGX enclosure load.Through excess vol, correct EVM can execute the intelligence in SGX Contract code.

In general, the contract state can change after CPU executes the plaintext code.Contract state is stored in area Block chain is that database, such as local database is written in the contract state from the angle of block chain node.The database, It is generally stored among storage medium, more common is persistent storage medium.The persistent storage medium, can be magnetic Disk, floppy disk are also possible to the memory etc that can restore data after being powered so as to persistent storage.

The operation that database is written, if being indicated with code, such as setstorage (key, ENC (value, secret_ key)).In setstorage (key, ENC (value, secret_key)), key (key) can be with traditional key writing mode phase Together.As for the write-in of value, Intel SGX technology can be used, ENC indicates that enclave, secret_key indicate to use SGX The key used when database is written in technology.The key can be the key of symmetric cryptography, e.g. seal (Simple Encrypted Arithmetic Library) key.The seal key, for example, can be by after remote proving by key Management server is sent to the first block chain node, then for example can be each node (such as the first block chain link in block chain Point and other block chain nodes) between negotiate to obtain.The key is also possible to the key of asymmetric encryption.The key can be with It is stored in the enclosure of the first block chain node.First block chain node may include multiple enclosures, and above-mentioned private key can be with The safe enclosure being passed into these enclosures；For example, the safe enclosure can be QE enclosure, rather than AE enclosure.

As it can be seen that the first block chain node can create credible performing environment, and ensure phase in the embodiment of this specification Close sensitive information (such as transaction content, implementing result) only in credible performing environment be decrypted read or execute, and once from It is in encrypted state when opening credible performing environment, thus in the full link of processing transaction, it is ensured that privacy and safety.

First block chain node is by running the code for realizing a certain function, to realize the function.Therefore, for needing The function to realize in credible performing environment also needs to execute correlative code.And for being executed in credible performing environment Code, need to meet the related specifications and requirement of credible performing environment；Accordingly in the related technology for realizing a certain The code of function needs the specification and requirement in conjunction with credible performing environment to re-start written in code, and there is only relatively bigger Exploitation amount, and be easy during rewriting generate loophole (bug), influence function realization reliability and stability.

Therefore, the first block chain node is by being encrypted as ciphertext implementing result by key for plaintext implementing result, and is somebody's turn to do Ciphertext implementing result is only decrypted by credible performing environment, it can be ensured that ciphertext implementing result safe enough itself. On this basis, the first block chain node, will be described close by executing store function code except the credible performing environment Literary implementing result is stored to the external memory space except the credible performing environment, and the store function code is allowed to be phase Code is re-started in the technology of pass for realizing the code of store function, the specification and requirement not needed in conjunction with credible performing environment It writes, can realize safe and reliable storage for the ciphertext implementing result, can not only not influence safe and reliable degree On the basis of, the exploitation amount of correlative code is reduced, and TCB can be reduced by reducing the correlative code of credible performing environment (Trusted Computing Base, trusted computing base), so that during TEE technology and block chain technology are combined, Security risk caused by additional is in controlled range.

In one embodiment, the first block chain node can execute write buffer function code in credible performing environment, with The plaintext implementing result is stored in the write buffer in the credible performing environment, for example the write buffer can correspond to such as figure " caching " shown in 2.Further, the first block chain node by after the data encryption in the write buffer from the credible execution Environment output, to store to the external memory space.Wherein, the write buffer function code can be stored in plaintext version In the credible performing environment, the caching function code of the plaintext version can be directly executed in credible performing environment；Or, institute Stating write buffer function code can be stored in except the credible performing environment with ciphertext form, for example be stored in above-mentioned outside The write buffer function code of the ciphertext form can be read in credible hold by memory space (such as " packing+storage " shown in Fig. 2) Row environment is decrypted as plaintext code in credible performing environment, and executes the plaintext code.

Write buffer refers to when writing data into external memory space, in order to avoid causing " the punching to external memory space Hit " and " buffering " mechanism of offer.For example, can realize above-mentioned write buffer using buffer；Certainly, write buffer can also adopt It is realized with cache, this specification is limited not to this.In fact, due to the safety collar that credible performing environment is isolation Border, and external memory space is located at except credible performing environment, so that by using write buffer mechanism, it can be to the number in caching External memory space is written according to batch is carried out, so that the interaction times between credible performing environment and external memory space are reduced, Promote data storage efficiency.Meanwhile credible performing environment is during constantly executing each item plaintext transaction content, it may be necessary to Transferring generated data (such as value of contract state) can be direct if the data that need to be called are located exactly in write buffer The data are read from write buffer, on the one hand can be reduced the interaction between external memory space in this way, on the other hand be removed from To the decrypting process from external memory space data streams read, thus the data processing effect being lifted in credible performing environment Rate.

It is of course also possible to write buffer is built on except credible performing environment, for example the first block chain node can be can Believe and execute write buffer function code except performing environment, so that the ciphertext implementing result is stored in outside the credible performing environment Write buffer in, and further the data in the write buffer are stored to the external memory space.

In one embodiment, the inquiry request that the first block chain node can be initiated according to client, holds the plaintext It is exported after the encryption of row result from credible performing environment, to be back to the client.

For example, the first block chain node can read the ciphertext implementing result from the external memory space, by institute The decryption of ciphertext implementing result is stated the credible performing environment to be read in, then being held to the plaintext after the plaintext implementing result It is exported after the encryption of row result from credible performing environment, for example is returned and encrypted to client by transaction/query interface shown in Fig. 2 Plaintext implementing result afterwards.

For another example the first block chain node can read the plaintext from the read buffer in credible performing environment executes knot Fruit, and exported to after plaintext implementing result encryption from credible performing environment；Wherein, the plaintext implementing result is by the firstth area Block chain node executes read buffer function code in credible performing environment in advance, reads from the external memory space described close Literary implementing result decrypts the ciphertext implementing result to read in the credible performing environment simultaneously after the plaintext implementing result It is stored in the read buffer.In other words, the first block chain node reads the ciphertext from the external memory space and executes knot Fruit decrypts the ciphertext implementing result for after the plaintext implementing result, can be by executing reading in credible performing environment The plaintext implementing result is stored in the read buffer in credible performing environment by caching function code, for example the read buffer can be right It should be in " caching " shown in Fig. 2；Further, the inquiry request initiated for client, or exist for credible performing environment Data required when plaintext transaction content are executed, reading data can be preferentially carried out from the read buffer, if dependency number can be read According to being then not necessarily to read from external memory space, to reduce and the interaction times of external memory space, release data deciphering mistake Journey.

Read buffer refers to after data are read in credible performing environment from external memory space, in order to reduce and external storage The data read can be stored in the read buffer space in credible performing environment by the interaction times in space with plaintext version It is interior.For example, can realize above-mentioned read buffer using cache；Certainly, read buffer can also be realized using buffer, this theory Bright book is limited not to this.

First block chain node can support above-mentioned read buffer mechanism and write buffer mechanism simultaneously.And with caching technology Continuous development, same caching can be applied not only to realize reading data or data write-in, it might even be possible to while support data Read-write operation, so that the boundary line between read buffer and write buffer is not sometimes very clear, thus only with " caching " progress in Fig. 2 Signal, and its concrete type is not distinguished specifically, it can be configured and be adjusted according to actual needs.

Certainly, the caching mechanism in above-mentioned credible performing environment, can be applied equally in conventional performing environment, such as logical " caching " Lai Shixian in conventional performing environment shown in Fig. 2 is crossed, but reading and writing data at this time relates only to read and write in plain text, no Need to implement data encrypting and deciphering operation, details are not described herein again.

When the first block chain node is by competition or negotiates to be determined as accounting nodes, the first block chain node can be to area Verifying node in block chain initiates common recognition.Specifically, the first block chain node can determine that epicycle needs one group of transaction of cochain, These transaction can be that plaintext trades, is privacy transaction or transaction and privacy transaction in plain text simultaneously, then the first block Chain node can be traded by executing each item in group transaction, and according to every transaction and its corresponding transaction implementing result Information such as (corresponding to ciphertext implementing result if corresponding to plaintext implementing result, privacy transaction if plaintext is traded), generate state Tree, transaction tree and receipt tree, corresponding Hash of root node that this three are set is charged in block head；Then, the first block chain After one group of above-mentioned transaction is packaged (such as " packing+storage " module as shown in Figure 2 is realized) and generates new block by node, The block or block head are broadcasted into the verifying node into block chain network (i.e. in block chain network other than accounting nodes Block chain node), it initiates common recognition and proposes.And node is verified by executing one group of above-mentioned transaction, to the root Hash in block head It is verified, and after determining proposal by verifying, the block comprising this group transaction is appended to original block chain end (i.e. Cochain), according to this group transaction implementing result world state is updated.And the first block chain node can know together in confirmation By rear, by executing the store function code to corresponding plaintext implementing result and/or the privacy transaction correspondence of trading in plain text Ciphertext implementing result stored；It is of course also possible to just be stored when common recognition unconfirmed passes through, and carried out after finding the problem Rollback.

When the first block chain node is verifying node rather than accounting nodes, the first block chain node can receive book keeping operation The common recognition that node is initiated proposes that the common recognition is proposed related to plaintext transaction and/or privacy transaction.For example, accounting nodes can be with For the second block chain node, and the common recognition that the first block chain link point receives the initiation of the second block chain node is proposed, which proposes Comprising one group of transaction, these transaction are that plaintext trades, is privacy transaction or transaction and privacy transaction in plain text simultaneously, this is total Know the root node proposed also comprising three trees described above.First block chain node can be held by process described above Transaction obtains corresponding plaintext implementing result to row in plain text, execution privacy trades to obtain corresponding ciphertext implementing result, then generates The root node of three trees, and be compared by root node contained by block head in proposing with common recognition, to be in comparison result Determine that the common recognition proposes otherwise to be determined as unverified by verifying when consistent.After being verified, the first block chain link Point is by executing the store function code to corresponding plaintext implementing result and/or the corresponding ciphertext of privacy transaction of trading in plain text Implementing result is stored.

It is noted that each block chain node in block chain network, corresponding bright trading for same privacy When literary implementing result is encrypted, it should be ensured that the key of use is identical, in this way in the corresponding plaintext implementing result phase of privacy transaction It can ensure that resulting ciphertext implementing result is identical in the case where, to generate identical root node.

Below in conjunction with the realization for the embodiment of the method for illustrating to realize three handed deal shown in Fig. 6 in another block chain of this specification Process:

Step 602, the first block chain node receives transaction, and the transaction includes the type field of plaintext.

Described in step 102 as shown in figure 1, transaction can be committed to the first block chain node by client.The transaction The first block chain node can be forwarded to by the second block chain node.

For example, transaction is committed to the first block chain node after client generates the transaction, through the client by user. It include transaction/query interface in the first block chain node, which can dock with client, so that client can by taking Fig. 2 as an example It is traded with being submitted to the first block chain node.

For another example the transaction is committed to the second block chain after client generates the transaction, through the client by user Node；Then, which is further forwarded to the first block chain node by the second block chain link point.By taking Fig. 2 as an example, above-mentioned interface It can be docked with other block chain nodes, for example other block chain nodes may include the second above-mentioned block chain node, so that Second block chain node can be to the first block chain node transmitted transaction.Similarly, the second block chain node can also pass through itself Transaction/query interface docked with client, with receive client submission transaction.

Step 604, the value of first block chain node type field according to contained by the transaction identifies that the transaction is bright Text transaction or privacy transaction.

Described in step 104 as shown in figure 1, by adding type field in transaction, allow the first block chain accordingly Identify that type of transaction is transaction in plain text or privacy transaction.The present embodiment increases a kind of on the basis of the relevant technologies in transaction Type-word section, for example it is characterized as type field, and the value based on the type field, show the type of relationship trading；For example, working as class When type-word section is the first value, show that relationship trading to trade in plain text, when type field is the second value, shows relationship trading For privacy transaction.

Step 606, the first block chain node executes the plaintext transaction except credible performing environment, and bright by what is obtained Literary implementing result is stored to the external memory space except the credible performing environment.

Described in step 106A as shown in figure 1, the first block chain node is compatible in the related technology for the processing of plaintext transaction Ability can handle plaintext transaction except credible performing environment, and plaintext implementing result is stored to external storage Space.Such as shown in Fig. 2, the first block chain node can be divided into conventional performing environment and credible performing environment, and client mentions It hands over the transaction (by taking the transaction that client is submitted as an example) to initially enter " transaction/query interface " in conventional performing environment and carries out class Type identification, the plaintext transaction that will identify that stay in the privacy transaction transport for being handled in conventional performing environment, and being will identify that Extremely handled in credible performing environment.In other words, the first block chain node, which can be both compatible with, in the related technology hands over plaintext Easy processing, and can trade and handle to the privacy of ciphertext form, to trade in entire block chain network to plaintext It trades with privacy and realizes mixed processing.

Transaction in this specification can be used to implement relatively simple processing logic, for example be similar in the related technology It transfers accounts logic.Transaction in this specification can be also used for realizing relative complex processing logic, here can be by means of intelligence Contract is realized.

Further, described in step 106B as shown in figure 1, privacy transaction is decrypted in the first block chain node, To obtain corresponding plaintext transaction content；The plaintext transaction content, and the plaintext that will be obtained are executed in credible performing environment Implementing result is exported from the credible performing environment after being encrypted as ciphertext implementing result；It is held except the credible performing environment Row store function code, the ciphertext implementing result is stored to the external memory space.

About the relevant information for the encryption and decryption traded to privacy, is executed to plaintext implementing result and ciphertext adding between structure Decryption, based on caching mechanism, common recognition process between credible performing environment and external memory space etc., can refer to step The associated description of 106B, details are not described herein again.

Below in conjunction with the realization for the embodiment of the method for illustrating to realize three handed deal shown in Fig. 7 in the another block chain of this specification Process:

Step 702, the first block chain node receives transaction, and the transaction includes the type field of plaintext.

Step 704, the value of first block chain node type field according to contained by the transaction identifies that the transaction is bright Text transaction or privacy transaction.

Step 706, privacy transaction is decrypted in the first block chain node, to obtain in corresponding transaction in plain text Hold；The plaintext transaction content is executed in credible performing environment, and obtained plaintext implementing result is encrypted as ciphertext and is executed As a result it is exported from the credible performing environment after；Store function code is executed except the credible performing environment, by institute Ciphertext implementing result is stated to store to the external memory space except the credible performing environment.

In step 706, it is executed about the relevant information for the encryption and decryption traded to privacy, to plaintext implementing result and ciphertext Encryption and decryption between structure, based on caching mechanism, common recognition process between credible performing environment and external memory space etc., With the associated description with reference to step 106B, details are not described herein again.

Further, described in step 106A as shown in figure 1, the first block chain node executes institute except credible performing environment It states literary transaction clearly, and obtained plaintext implementing result is stored to the external memory space except the credible performing environment.I.e. First block chain node is compatible in the related technology for the processing capacity of plaintext transaction, can be except credible performing environment to bright Text transaction is handled, and plaintext implementing result is stored to external memory space.Such as shown in Fig. 2, the first block chain node It can be divided into conventional performing environment and credible performing environment, client submits the transaction (by taking the transaction that client is submitted as an example) " transaction/query interface " initially entered in conventional performing environment carries out type identification, and the plaintext transaction that will identify that stays in often It is handled in rule performing environment, and the privacy transaction transport that will identify that is handled into credible performing environment.In other words, First block chain node can be not only compatible in the related technology for the processing of plaintext transaction, but also can be handed over the privacy of ciphertext form It is easily handled, to realize mixed processing to plaintext transaction and privacy transaction in entire block chain network.

The node embodiment that three handed deal is realized in a kind of block chain of this specification is introduced below in conjunction with Fig. 8, comprising:

Receiving unit 801, for receiving transaction, the transaction includes the type field of plaintext；

Recognition unit 802 identifies the transaction for the value of the type field according to contained by the transaction to trade in plain text Or privacy transaction；

Plaintext transaction handling unit 803 for executing plaintext transaction except credible performing environment, and will obtain Plaintext implementing result is stored to the external memory space except the credible performing environment；

Privacy transaction handling unit 804, for privacy transaction to be decrypted, to obtain in corresponding transaction in plain text Hold；The plaintext transaction content is executed in credible performing environment, and obtained plaintext implementing result is encrypted as ciphertext and is executed As a result it is exported from the credible performing environment after；Store function code is executed except the credible performing environment, by institute Ciphertext implementing result is stated to store to the external memory space.

The node embodiment that three handed deal is realized in a kind of block chain of this specification is introduced below in conjunction with Fig. 9, comprising:

Receiving unit 901, for receiving transaction, the transaction includes the type field of plaintext；

Recognition unit 902 identifies the transaction for the value of the type field according to contained by the transaction to trade in plain text Or privacy transaction；

Plaintext transaction handling unit 903 for executing plaintext transaction except credible performing environment, and will obtain Plaintext implementing result is stored to the external memory space except the credible performing environment.

Optionally, further includes:

Decryption unit 904, for privacy transaction to be decrypted, to obtain corresponding plaintext transaction content；

Execution unit 905 is held for executing the plaintext transaction content in credible performing environment, and by obtained plaintext Row result is exported from the credible performing environment after being encrypted as ciphertext implementing result；

Storage unit 906 holds the ciphertext for executing store function code except the credible performing environment Row result is stored to the external memory space.

The node embodiment that three handed deal is realized in a kind of block chain of this specification is introduced below in conjunction with Figure 10, comprising:

Receiving unit 1001, for receiving transaction, the transaction includes the type field of plaintext；

Recognition unit 1002 identifies the transaction for the value of the type field according to contained by the transaction to hand in plain text Easily or privacy is traded；

Decryption unit 1003, for privacy transaction to be decrypted, to obtain corresponding plaintext transaction content；

Execution unit 1004, for executing the plaintext transaction content, and the plaintext that will be obtained in credible performing environment Implementing result is exported from the credible performing environment after being encrypted as ciphertext implementing result；

Storage unit 1005, for executing store function code except the credible performing environment, by the ciphertext Implementing result is stored to the external memory space except the credible performing environment.

Optionally, further includes:

Plaintext transaction handling unit 1006 for executing the plaintext transaction except credible performing environment, and will obtain Plaintext implementing result store to the external memory space.

In the 1990s, the improvement of a technology can be distinguished clearly be on hardware improvement (for example, Improvement to circuit structures such as diode, transistor, switches) or software on improvement (improvement for method flow).So And with the development of technology, the improvement of current many method flows can be considered as directly improving for hardware circuit. Designer nearly all obtains corresponding hardware circuit by the way that improved method flow to be programmed into hardware circuit.Cause This, it cannot be said that the improvement of a method flow cannot be realized with hardware entities module.For example, programmable logic device (Programmable Logic Device, PLD) (such as field programmable gate array (Field Programmable Gate Array, FPGA)) it is exactly such a integrated circuit, logic function determines device programming by user.By designer Voluntarily programming comes a digital display circuit " integrated " on a piece of PLD, designs and makes without asking chip maker Dedicated IC chip.Moreover, nowadays, substitution manually makes IC chip, this programming is also used instead mostly " is patrolled Volume compiler (logic compiler) " software realizes that software compiler used is similar when it writes with program development, And the source code before compiling also write by handy specific programming language, this is referred to as hardware description language (Hardware Description Language, HDL), and HDL is also not only a kind of, but there are many kind, such as ABEL (Advanced Boolean Expression Language)、AHDL(Altera Hardware Description Language)、Confluence、CUPL(Cornell University Programming Language)、HDCal、JHDL (Java Hardware Description Language)、Lava、Lola、MyHDL、PALASM、RHDL(Ruby Hardware Description Language) etc., VHDL (Very-High-Speed is most generally used at present Integrated Circuit Hardware Description Language) and Verilog.Those skilled in the art also answer This understands, it is only necessary to method flow slightly programming in logic and is programmed into integrated circuit with above-mentioned several hardware description languages, The hardware circuit for realizing the logical method process can be readily available.

Controller can be implemented in any suitable manner, for example, controller can take such as microprocessor or processing The computer for the computer readable program code (such as software or firmware) that device and storage can be executed by (micro-) processor can Read medium, logic gate, switch, specific integrated circuit (Application Specific Integrated Circuit, ASIC), the form of programmable logic controller (PLC) and insertion microcontroller, the example of controller includes but is not limited to following microcontroller Device: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicone Labs C8051F320 are deposited Memory controller is also implemented as a part of the control logic of memory.It is also known in the art that in addition to Pure computer readable program code mode is realized other than controller, can be made completely by the way that method and step is carried out programming in logic Controller is obtained to come in fact in the form of logic gate, switch, specific integrated circuit, programmable logic controller (PLC) and insertion microcontroller etc. Existing identical function.Therefore this controller is considered a kind of hardware component, and to including for realizing various in it The device of function can also be considered as the structure in hardware component.Or even, it can will be regarded for realizing the device of various functions For either the software module of implementation method can be the structure in hardware component again.

System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity, Or it is realized by the product with certain function.It is a kind of typically to realize that equipment is computer.Specifically, computer for example may be used Think personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media play It is any in device, navigation equipment, electronic mail equipment, game console, tablet computer, wearable device or these equipment The combination of equipment.

For convenience of description, it is divided into various units when description apparatus above with function to describe respectively.Certainly, implementing this The function of each unit can be realized in the same or multiple software and or hardware when specification.

It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more, The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces The form of product.

The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.

This specification can describe in the general context of computer-executable instructions executed by a computer, such as journey Sequence module.Generally, program module include routines performing specific tasks or implementing specific abstract data types, programs, objects, Component, data structure etc..This specification can also be practiced in a distributed computing environment, in these distributed computing environment In, by executing task by the connected remote processing devices of communication network.In a distributed computing environment, program module It can be located in the local and remote computer storage media including storage equipment.

These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates, Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or The function of being specified in multiple boxes.

These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.In a typical configuration, computer includes at one or more Manage device (CPU), input/output interface, network interface and memory.

Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/or The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium Example.

Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data. The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM), Digital versatile disc (DVD) or other optical storage, magnetic cassettes, disk storage, quantum memory, based on graphene Storage medium or other magnetic storage devices or any other non-transmission medium, can be used for storing can be accessed by a computing device Information.As defined in this article, computer-readable medium does not include temporary computer readable media (transitory media), Such as the data-signal and carrier wave of modulation.

It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludability It include so that the process, method, commodity or the equipment that include a series of elements not only include those elements, but also to wrap Include other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic want Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including described want There is also other identical elements in the process, method of element, commodity or equipment.

It is above-mentioned that this specification specific embodiment is described.Other embodiments are in the scope of the appended claims It is interior.In some cases, the movement recorded in detail in the claims or step can be come according to the sequence being different from embodiment It executes and desired result still may be implemented.In addition, process depicted in the drawing not necessarily require show it is specific suitable Sequence or consecutive order are just able to achieve desired result.In some embodiments, multitasking and parallel processing be also can With or may be advantageous.

The term that this specification one or more embodiment uses be only merely for for the purpose of describing particular embodiments, and It is not intended to be limiting this specification one or more embodiment.In this specification one or more embodiment and the appended claims Used in the "an" of singular, " described " and "the" be also intended to including most forms, unless context understands earth's surface Show other meanings.It is also understood that term "and/or" used herein refers to and includes one or more associated list Any or all of project may combine.

It will be appreciated that though this specification one or more embodiment may using term first, second, third, etc. come Various information are described, but these information should not necessarily be limited by these terms.These terms are only used to same type of information area each other It separates.For example, the first information can also be referred to as in the case where not departing from this specification one or more scope of embodiments Two information, similarly, the second information can also be referred to as the first information.Depending on context, word as used in this is " such as Fruit " can be construed to " ... when " or " when ... " or " in response to determination ".

The foregoing is merely the preferred embodiments of this specification one or more embodiment, not to limit this theory Bright book one or more embodiment, all within the spirit and principle of this specification one or more embodiment, that is done is any Modification, equivalent replacement, improvement etc. should be included within the scope of the protection of this specification one or more embodiment.

Claims

1. realizing the method for three handed deal in a kind of block chain, comprising:

The value of first block chain node type field according to contained by the transaction identifies the transaction for transaction or privacy in plain text Transaction；

First block chain node executes the plaintext transaction except credible performing environment, and obtained plaintext implementing result is deposited It stores up to the external memory space except the credible performing environment；

Privacy transaction is decrypted in first block chain node, to obtain corresponding plaintext transaction content；In credible execution Execute the plaintext transaction content in environment, and by obtained plaintext implementing result be encrypted as after ciphertext implementing result from it is described can It is exported in letter performing environment；Store function code is executed except the credible performing environment, by the ciphertext implementing result It stores to the external memory space.

2. according to the method described in claim 1,

The transaction is committed to the first block chain node by client；Or,

The transaction is forwarded to the first block chain node by the second block chain node.

3. according to the method described in claim 1, further include:

Verifying node of the first block chain node into block chain initiates common recognition, the common recognition to it is at least one following related: it is bright Text transaction and its corresponding plaintext implementing result, privacy transaction and its corresponding ciphertext implementing result, keep verifying node verification total Knowledge stores trade in plain text corresponding plaintext implementing result and/or the corresponding ciphertext implementing result of privacy transaction after passing through.

4. according to the method described in claim 1, further include:

The common recognition that first block chain link point receives accounting nodes initiation proposes that the common recognition is proposed and transaction and/or privacy in plain text Transaction is related；

First block chain node executes knot according to trade in plain text corresponding plaintext implementing result and/or privacy corresponding ciphertext of trading Fruit verifies common recognition proposal；Wherein, after being verified, the first block chain node is by executing the store function Code stores trade in plain text corresponding plaintext implementing result and/or privacy corresponding ciphertext implementing result of trading.

5. according to the method described in claim 1,

The privacy transaction is encrypted by the private key of symmetric encipherment algorithm, the first block chain node symmetric encipherment algorithm Private key trade the plaintext transaction content that is decrypted to the privacy；Or,

The privacy transaction is encrypted by the public key of rivest, shamir, adelman, the first block chain node asymmetric encryption The private key of algorithm is decrypted to obtain the plaintext transaction content to privacy transaction.

6. according to the method described in claim 1, privacy transaction is encrypted by the private key of symmetric encipherment algorithm, and described The private key of symmetric encipherment algorithm is encrypted by the public key of rivest, shamir, adelman；

First block chain node is decrypted to obtain the private key of the symmetric encipherment algorithm with the private key of the rivest, shamir, adelman, and Privacy transaction is decrypted to obtain the plaintext transaction content with the private key of the symmetric encipherment algorithm.

7. method according to claim 5 or 6, the private key of the symmetric encipherment algorithm, the generation traded by the privacy Side negotiates to obtain with the first block chain node, or sends to obtain by Key Management server.

8. according to the method described in claim 6, Key Management server passes through remote proving for the rivest, shamir, adelman Private key be sent to the enclosure of the first block chain node, the public key of the rivest, shamir, adelman is sent to the privacy and is traded Generation side.

9. according to the method described in claim 1, there are multiple corresponding intelligent contracts for ciphertext transaction, and the ciphertext is handed over The processing type that each intelligent contract marks respectively is existed in easily；The plaintext implementing result includes each intelligent contract difference Corresponding plaintext contract implementing result；

When the corresponding first intelligent contract of ciphertext transaction is noted as privacy processing type, the first intelligent contract is corresponding Plaintext contract implementing result is encrypted as ciphertext contract implementing result by key by the first block chain node, and the ciphertext executes knot Fruit includes the ciphertext contract implementing result；

When the corresponding second intelligent contract of ciphertext transaction is noted as handling type in plain text, the ciphertext implementing result packet Containing the corresponding plaintext contract implementing result of the second intelligence contract.

10. according to the method described in claim 9, ciphertext transaction is for creating intelligent contract and/or calling intelligent contract.

11. according to the method described in claim 1, the key encrypted to the plaintext implementing result includes that symmetric cryptography is calculated The key of method or the key of rivest, shamir, adelman.

12. according to the method for claim 11, the key of the symmetric encipherment algorithm includes seal key.

13. according to the method for claim 12,

The seal key the first block chain node SGX by remote proving after sent by Key Management server；Or,

The seal key between the first block chain node and other block chain nodes by negotiating to obtain.

14. according to the method described in claim 1, the key storage encrypted to the plaintext implementing result is in the first block In the enclosure of chain node.

15. according to the method described in claim 1, further include:

First block chain node executes write buffer function code in credible performing environment, and the plaintext implementing result is stored in In write buffer in the credible performing environment；

Wherein, the first block chain node will export after the data encryption in the write buffer from the credible performing environment, to deposit It stores up to the external memory space.

16. according to the method for claim 15, the caching function code is stored in the credible execution with plaintext version In environment；Or, the write buffer function code is stored in except the credible performing environment with ciphertext form.

17. according to the method described in claim 1, further include:

First block chain node executes write buffer function code except credible performing environment, and the ciphertext implementing result is deposited Enter in the write buffer outside the credible performing environment；

Wherein, the first block chain link point further stores the data in the write buffer to the external memory space.

18. according to the method described in claim 1, further include:

The inquiry request that first block chain node is initiated according to client, from credible execution after being encrypted to the plaintext implementing result Environment output, to be back to the client.

19. according to the method for claim 18, defeated from credible performing environment after the encryption to the plaintext implementing result Out, comprising:

First block chain node reads the ciphertext implementing result from the external memory space, by the ciphertext implementing result Decryption is the reading credible performing environment after the plaintext implementing result；From credible after being encrypted to the plaintext implementing result Performing environment output；Or,

First block chain node reads the plaintext implementing result from the read buffer in credible performing environment, and to the plaintext It is exported after implementing result encryption from credible performing environment；Wherein, the plaintext implementing result is existed in advance by the first block chain node Read buffer function code is executed in credible performing environment, and the ciphertext implementing result is read from the external memory space, it will The ciphertext implementing result decryption is simultaneously stored in the read buffer after the plaintext implementing result, to read in the credible performing environment In.

20. realizing the method for three handed deal in a kind of block chain, comprising:

First block chain node executes the plaintext transaction except credible performing environment, and obtained plaintext implementing result is deposited It stores up to the external memory space except the credible performing environment.

21. according to the method for claim 20, further includes:

Privacy transaction is decrypted in first block chain node, to obtain corresponding plaintext transaction content；

First block chain node executes the plaintext transaction content, and the plaintext implementing result that will be obtained in credible performing environment It is exported from the credible performing environment after being encrypted as ciphertext implementing result；

First block chain node executes store function code except the credible performing environment, by the ciphertext implementing result It stores to the external memory space.

22. according to the method for claim 21, further includes:

23. according to the method for claim 22, the caching function code is stored in the credible execution with plaintext version In environment；Or, the write buffer function code is stored in except the credible performing environment with ciphertext form.

24. according to the method for claim 21, further includes:

25. according to the method for claim 21, further includes:

26. according to the method for claim 25, defeated from credible performing environment after the encryption to the plaintext implementing result Out, comprising:

27. realizing the method for three handed deal in a kind of block chain, comprising:

Privacy transaction is decrypted in first block chain node, to obtain corresponding plaintext transaction content；In credible execution Execute the plaintext transaction content in environment, and by obtained plaintext implementing result be encrypted as after ciphertext implementing result from it is described can It is exported in letter performing environment；Store function code is executed except the credible performing environment, by the ciphertext implementing result It stores to the external memory space except the credible performing environment.

28. according to the method for claim 27, further includes:

First block chain node executes the plaintext transaction except credible performing environment, and obtained plaintext implementing result is deposited It stores up to the external memory space.

29. according to the method for claim 27, further includes:

30. according to the method for claim 29, the caching function code is stored in the credible execution with plaintext version In environment；Or, the write buffer function code is stored in except the credible performing environment with ciphertext form.

31. according to the method for claim 27, further includes:

32. according to the method for claim 27, further includes:

33. according to the method for claim 32, defeated from credible performing environment after the encryption to the plaintext implementing result Out, comprising:

34. realizing the node of three handed deal in a kind of block chain, comprising:

Recognition unit identifies the transaction for transaction or privacy in plain text for the value of the type field according to contained by the transaction Transaction；

Plaintext transaction handling unit for executing the plaintext transaction except credible performing environment, and obtained plaintext is held Row result is stored to the external memory space except the credible performing environment；

Privacy transaction handling unit, for privacy transaction to be decrypted, to obtain corresponding plaintext transaction content；Can Execute the plaintext transaction content in letter performing environment, and by obtained plaintext implementing result be encrypted as after ciphertext implementing result from It is exported in the credible performing environment；Store function code is executed except the credible performing environment, and the ciphertext is held Row result is stored to the external memory space.

35. realizing the node of three handed deal in a kind of block chain, comprising:

Plaintext transaction handling unit for executing the plaintext transaction except credible performing environment, and obtained plaintext is held Row result is stored to the external memory space except the credible performing environment.

36. node according to claim 35, further includes:

Execution unit, for executing the plaintext transaction content, and the plaintext implementing result that will be obtained in credible performing environment It is exported from the credible performing environment after being encrypted as ciphertext implementing result；

Storage unit, for executing store function code except the credible performing environment, by the ciphertext implementing result It stores to the external memory space.

37. realizing the node of three handed deal in a kind of block chain, comprising:

Storage unit, for executing store function code except the credible performing environment, by the ciphertext implementing result It stores to the external memory space except the credible performing environment.

38. the node according to claim 37, further includes:

Plaintext transaction handling unit for executing the plaintext transaction except credible performing environment, and obtained plaintext is held Row result is stored to the external memory space.

39. a kind of computer readable storage medium, is stored thereon with computer instruction, realized such as when which is executed by processor The step of any one of claim 1-33 the method.