Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to
When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment
Described in embodiment do not represent all embodiments consistent with this specification one or more embodiment.Phase
Instead, they are only some aspects phases with the one or more embodiments of as detailed in the attached claim, this specification
The example of consistent device and method.
It should be understood that the sequence that might not show and describe according to this specification in other embodiments executes
The step of correlation method.In some other embodiments, step included by method can than described in this specification more
It is more or less.In addition, single step described in this specification, may be broken down into other embodiments multiple steps into
Row description;And multiple steps described in this specification, it may also be merged into single step progress in other embodiments
Description.
Block chain is normally divided into three types: publicly-owned chain (Public Blockchain), privately owned chain (Private
) and alliance's chain (Consortium Blockchain) Blockchain.In addition, there are also a plurality of types of combinations, such as privately owned chain
The different combinations such as+alliance chain, alliance's chain+publicly-owned chain.It is publicly-owned chain that wherein decentralization degree is highest.Publicly-owned chain with than
Special coin, ether mill are representative, and the participant that publicly-owned chain is added can read data record on chain, participate in business and compete newly
Book keeping operation power of block etc..Moreover, each participant's (i.e. node) freely can be added and exit network, and carry out relevant operation.It is private
There is chain then on the contrary, the write-in permission of the network is by some tissue or mechanism controls, reading data permission is by organization prescribed.Simply
For, privately owned chain can be weak center's system, and participating in node has stringent limitation and less.Such block chain is more
It is suitable for using inside particular organization.Alliance's chain is then block chain between publicly-owned chain and privately owned chain, it can be achieved that " part
Decentralization ".Each node usually has corresponding physical mechanism or tissue in alliance's chain;Participant is added by authorization
Enter network and composition interests correlation alliance, it is common to safeguard the operation of block chain.
Whether publicly-owned chain, privately owned chain or alliance's chain may all provide the function of intelligent contract.Intelligence on block chain
Contract is the contract that can be executed by transaction triggering on block catenary system.Intelligent contract can pass through the formal definition of code.
By taking ether mill as an example, user is supported to create in the network of ether mill and call the logic of some complexity, this is ether
Mill is different from the ultimate challenge of bit coin block chain technology.Ether mill is ether mill void as the core of a programmable block chain
Quasi- machine (EVM), each ether mill node can run EVM.EVM is the complete virtual machine of figure spirit, it means that can be with
The logic of various complexity is realized by it.It is exactly to run on EVM that user, which issues in ether mill and call intelligent contract,.It is real
On border, what virtual machine was directly run is virtual machine code (Virtual Machine bytecodes, lower abbreviation " bytecode ").It is deployed on block chain
Intelligent contract can be the form of bytecode.
Such as shown in Fig. 1, after a transaction comprising the intelligent contract information of creation is sent ether mill network by Bob, section
The EVM of point 1 can execute this and trade and generate corresponding contract example.What the data field of transaction saved can be byte
Code, the to field of transaction are an empty account.After being reached an agreement between node by common recognition mechanism, this contract is successfully created,
Subsequent user can call this contract.
Contract creation after, on block chain occur a contract account corresponding with the intelligence contract, and possess one it is specific
Address, contract code and account storage will be stored in the contract account.The behavior of intelligent contract is controlled by contract code, and
The account storage of intelligent contract then saves the state of contract.In other words, intelligent contract to generate on block chain comprising closing
The about virtual account of code and account storage (Storage).
In addition, as shown in Fig. 2, Bob is by one comprising calling the transaction of intelligent contract information to send still by taking ether mill as an example
To after the network of ether mill, the EVM of node 1 can execute this and trade and generate corresponding contract example.It trades in 2 in figure
From field is the address for initiating to call the account of intelligent contract, and " 0x692a70d2 ... " in field represents called
The address of intelligent contract, value field are the value of ether coin in ether mill, and the calling that the data field of transaction saves intelligently is closed
Method and parameter about.After calling intelligent contract, the value of balance may change.Subsequent, some client can be by a certain
Block chain node checks the current value of balance.
Intelligent contract can be executed by each node disjoint of the defined mode in block chain network, all execution
Record and data are all stored on block chain, so just saving on block chain can not distort, no after the completion of such transaction
The transaction certificate that can be lost.
It creates intelligent contract and calls the schematic diagram of intelligent contract as shown in Figure 3.An intelligence is created in ether mill to close
About, it needs by writing intelligent contract, becoming bytecode, be deployed to the processes such as block chain.Intelligent contract is called in ether mill, is
The transaction for being directed toward intelligent contract address is initiated, intelligent contract code operates in each node in the network of ether mill in a distributed manner
Virtual machine in.
Below in conjunction with the realization for the embodiment of the method for illustrating to realize that contract calls in one block chain of this specification shown in Fig. 4
Journey:
Step 402, the first block chain node determines the corresponding intelligent contract of the transaction received.
In one embodiment, transaction can be committed to the first block chain node by client.For example, user is raw in client
After the transaction, transaction is committed to by the first block chain node by the client.By taking Fig. 5 as an example, in the first block chain node
Comprising transaction/query interface, which can dock with client, and client is submitted to the first block chain node and is handed over
Easily.
The transaction can also be forwarded to the first block chain node by the second block chain node.For example, user is raw in client
After the transaction, which is committed to by the second block chain node by the client;Then, the second block chain link point is further
The transaction is forwarded to the first block chain node.By taking Fig. 5 as an example, above-mentioned interface can be docked with other block chain nodes, such as should
Other block chain nodes may include the second above-mentioned block chain node, allow the second block chain node to the first block chain
Node transmitted transaction.Similarly, the second block chain node can also be docked by the transaction/query interface of itself with client, with
Receive the transaction that client is submitted.
Such as proved using proof of work (Proof of Work, POW) and equity (Proof of Stake,
POS), equity is appointed to prove in the block chain network of the common recognition such as (Delegated Proof of Stake, DPOS) algorithm, second
Block chain node is after the transaction for receiving client submission, other blocks of diffusion immediately (as broadcasted) into ether mill network
Chain node.
Using practical Byzantine failure tolerance (Practical Byzantine Fault Tolerance, PBFT) for another example
Etc. in the block chain network of mechanism, accounting nodes have been agreed upon before epicycle book keeping operation, so that the second block chain node is receiving
After the transaction that client is submitted, if itself not being accounting nodes, which is sent to fixed accounting nodes, so that
The accounting nodes transmit transaction (including the transaction) to each verifying node in the further common recognition stage.And when second
It, can be with after other block chain link points receive the transaction of client submission when block chain node itself is fixed accounting nodes
Transaction is forwarded to the second block chain node;Then, the second block chain node can common recognition the stage by above-mentioned transaction (or also
Including other transaction) it transmits to each verifying node, including the first block chain node.
In one embodiment, the transaction can be labeled as, so that first by privacy transaction by the mark of transaction level
Block chain node determines that the corresponding implementing result (the contract state that such as intelligence contract is related to) of the intelligent contract needs to encrypt
After store.For example, type field can be added in transaction, the first block chain is allowed to identify type of transaction in plain text accordingly
Transaction or privacy transaction.In the related art, such as in the network of ether mill, transaction generally comprises the words such as to, value, data
Section.And the present embodiment increases by a type field on the basis of the relevant technologies in transaction, for example is characterized as type field, and
Based on the value of the type field, show the type of relationship trading;For example, showing correlation when type field is the first value
Transaction is trades in plain text, when type field is the second value, shows relationship trading for privacy transaction.
In one embodiment, the intelligent contract can be labeled as by privacy processing type by the mark of contract rank,
So that the first block chain node determines the corresponding implementing result (the contract state that such as intelligence contract is related to) of the intelligent contract
It needs to store after encrypting.For example, there may be the processing types of the intelligent contract mark to required calling in transaction, so that first
Block chain node can use corresponding place to the intelligent contract that the transaction is called for the processing type marked in the transaction
Reason operation.For example, may include a type field in the code of intelligent contract, the first block chain node can be based on each intelligence
The value of contained type field in the code of contract determines that the intelligence contract is privacy processing type or handles type in plain text;
For another example, it may include that privacy identifier, the intelligent contract of processing type can be in plain text in the intelligent contract of privacy processing type
Not comprising the privacy identifier;For another example, the intelligent contract of processing type may include plaintext identifier, privacy processing class in plain text
The intelligent contract of type can not include the plaintext identifier;Correspondingly, the first block chain node can be based on above-mentioned difference, distinguish
The intelligent contract of different disposal type.
In one embodiment, when the transaction is in encrypted state, the first block chain node can be in credible execution ring
The decryption transaction in border (Trusted Execution Environment, TEE).TEE is that the safety based on CPU hardware expands
Exhibition, and the credible performing environment completely isolated with outside.TEE is the concept proposed by GlobalPlatform earliest, for solving
Certainly in mobile device resource security isolation, be parallel to operating system and credible and secure performing environment be provided for application program.ARM
Trust Zone technology realize the TEE technology of real commercialization earliest.
Along with the high speed development of internet, safe demand is higher and higher, is not limited only to mobile device, cloud device,
Data center all proposes more demands to TEE.The concept of TEE has also obtained the development and expansion of high speed.Now described
TEE is compared to the TEE for the concept initially proposed being more broad sense.For example, server chips manufacturer Intel, AMD etc. are first
It is proposed the TEE of hardware auxiliary afterwards and enriches the concept and characteristic of TEE, is had been widely recognized in industry.It mentions now
The TEE risen usually more refers to the TEE technology of this kind of hardware auxiliary.Different from mobile terminal, cloud access needs to remotely access, terminal
User is invisible to hardware platform, therefore seeks to the genuine and believable of confirmation TEE using the first step of TEE.Therefore present TEE
Technology all introduces remote proving mechanism, is endorsed by hardware vendor (mainly CPU manufacturer) and is ensured by digital signature technology
User can verify that TEE state.It is simultaneously only the demand for security that the resource isolation of safety is also unable to satisfy, further data
Secret protection is also suggested.Including Intel SGX, the commercial TEE including AMDSEV also both provides memory encryption technology, can
Letter hardware is limited to inside CPU, and the data of bus and memory are that ciphertext prevents malicious user from being spied upon.For example, Intel
The code execution of software protection extension (SGX) etc. TEE technology insulation, remote proving, security configuration, the secure storage of data with
And the trusted path for executing code.The application program run in TEE is kept safe, as a consequence it is hardly possible to by third party
Access.
By taking Intel SGX technology as an example, SGX provides enclosure (enclave, also referred to as enclave), i.e., one adds in memory
Close credible execution region, protects data not to be stolen by CPU.By taking the first block chain node is using the CPU for supporting SGX as an example,
Using newly-increased processor instruction, a part of region EPC (Enclave Page Cache, enclosure page can be distributed in memory
Face caching or enclave page cache), by the crypto engine MEE (Memory Encryption Engine) in CPU to wherein
Data encrypted.The content encrypted in EPC, which only enters after CPU, can just be decrypted into plain text.Therefore, in SGX, user
It can distrust operating system, VMM (Virtual Machine Monitor, monitor of virtual machine), even BIOS (Basic
Input Output System, basic input output system), it is only necessary to trust CPU just and can ensure that private data will not leak.
It in practical application, is transferred in enclosure after private data being encrypted with ciphertext form, and will be corresponding by remote proving
Code key is also passed to enclosure.Then, operation is carried out using data under the encipherment protection of CPU, as a result can be returned with ciphertext form.This
Under kind mode, powerful calculating power not only can use, but also do not have to concern of data and leak.
It is assumed that above-mentioned transaction is generated by user in a certain client, which can be firstly generated in transaction in plain text
Hold, then encrypts the plaintext transaction content with key.The encryption can use symmetric cryptography, can also use asymmetric
Encryption.Correspondingly, the first block chain node can decrypt the transaction with corresponding key, to obtain plaintext transaction content.Such as
Fruit client symmetric cryptography mode encrypts plaintext transaction content with the private key of symmetric encipherment algorithm, then correspondingly, first
Block chain node can decrypt the transaction with the private key of the symmetric encipherment algorithm.The Encryption Algorithm that symmetric cryptography uses, example
DES algorithm in this way, 3DES algorithm, TDEA algorithm, Blowfish algorithm, RC5 algorithm, IDEA algorithm etc..Symmetric encipherment algorithm
Key, such as can be and negotiate to determine by client and the first block chain node.
If encrypted with the public key of rivest, shamir, adelman to plaintext transaction content, then phase with asymmetric encryption mode
Ying Di, the first block chain node can decrypt the transaction with the private key of the rivest, shamir, adelman.Rivest, shamir, adelman,
E.g. RSA, Elgamal, knapsack algorithm, Rabin, D-H, ECC (elliptic curve encryption algorithm) etc..Rivest, shamir, adelman
Key, such as can be and a pair of of public key and private key are generated by the first block chain node, and public key is sent to before step 402
The client, so that client described in step 402 can encrypt plaintext transaction content with key.
The key of rivest, shamir, adelman can also be generated by a Key Management server.Pass through the side of remote proving
Private key is sent to the first block chain node by formula, Key Management server, specifically, can be incoming first block chain node
In enclosure.First block chain node may include multiple enclosures, and the safety that above-mentioned private key can be passed into these enclosures is enclosed
Circle;For example, the safe enclosure can be QE (QuotingEnclave) enclosure, rather than AE (Application Enclave) encloses
Circle.For the public key of asymmetric encryption, the client can be sent to by Key Management server.Thus in step 402,
The client can use the public key encryption plaintext transaction content, and correspondingly, the first block chain node can use the private key solution
The close transaction, to obtain the plaintext transaction content that the transaction includes.
Client can also be in such a way that symmetric cryptography combination asymmetric encryption combines.For example, client use pair
Claim Encryption Algorithm encrypting plaintext transaction content, that is, uses the private key encryption plaintext transaction content of symmetric encipherment algorithm, and with non-right
Claim the private key used in Encryption Algorithm cryptographic symmetrical Encryption Algorithm.In general, using the public key encryption pair of rivest, shamir, adelman
Claim the private key used in Encryption Algorithm.In this way, after the first block chain node receives the transaction of encryption, it can be first using asymmetric
The private key of Encryption Algorithm is decrypted, and obtains the private key of symmetric encipherment algorithm, and then decrypted with the private key of symmetric encipherment algorithm
To plaintext transaction content.
For example, the private key of rivest, shamir, adelman can be sent to the firstth area by remote proving by Key Management server
The enclosure of block chain node, and the public key of rivest, shamir, adelman is sent to the client.Thus, the client can adopt
With symmetric cryptography mode encrypting plaintext transaction content, that is, the private key encryption plaintext transaction content of symmetric encipherment algorithm is used, is used in combination
The private key used in the public key encryption symmetric encipherment algorithm of rivest, shamir, adelman.In turn, the client can be by the friendship
Easily (obtained after being encrypted by the public key of rivest, shamir, adelman to the private key used in the symmetric encipherment algorithm with encryption key
To) it is sent to the first block chain node.It, can be first with non-right after first block chain node receives the transaction and encryption key
Claim the private key of Encryption Algorithm that the encryption key is decrypted to obtain the private key of symmetric encipherment algorithm, and then is calculated with the symmetric cryptography
The private key of method decrypts the transaction, obtains plaintext transaction content.Here cipher mode is commonly referred to as digital envelope encryption.
Step 404, the first block chain node executes the intelligent contract in credible performing environment.
In one embodiment, for creating intelligent contract, which may include the code of intelligent contract for the transaction.The
One block chain node is completed by the code of the contained intelligent contract of the execution transaction in credible performing environment to intelligent contract
Creation.
In one embodiment, for calling intelligent contract, which may include called intelligent contract for the transaction
Contract address.First block chain node is according to the contract address of the contained intelligent contract of transaction, to the generation of corresponding intelligent contract
Code is called.If called intelligent contract is plaintext contract, i.e. the code of the intelligence contract is stored in plaintext version
External memory space, the first block chain node, which can directly read in the plaintext code in credible performing environment, to be executed;Such as
The called intelligent contract of fruit is privacy contract, i.e. the code of the intelligence contract is stored in external memory space with ciphertext form,
First block chain node the ciphertext code can be decrypted according to the key pair saved in credible performing environment, and hold credible
The plaintext code obtained in row environment for decryption is executed.
Step 406, the first block chain node is encrypted when storing the contract state that the intelligent contract is related to key, and
Different contract states correspond to different keys.
In one embodiment, different keys is respectively adopted by the contract state being related to for intelligent contract to be encrypted,
So that privacy class is Status Level, the key of differentiation can be used from the granularity of contract state, so that even same friendship
Contract state, can also be encrypted based on different keys caused by easily.Implementing result compared to All Activity is adopted
Encrypted with identical security key, the above scheme of this specification increases used number of keys, even if so that certain
After one key is broken through by criminal, the encrypted data of this key also can be only exposed, as long as being located in credible performing environment
Security key be not stolen, still be able to guarantee the safety of other most datas.And compared to such as transaction level
Or the secret protection of contract rank, i.e., different transaction or different contracts are adopted using different keys, same transaction or same contract
With identical key, better secret protection effect is may be implemented in the embodiment of this specification, even if different contract states have
Identical plaintext value can also encrypt to obtain different ciphertext values based on different keys, to effectively prevent illegal point
Subbase speculates the plaintext value of contract state in ciphertext value.
In one embodiment, it is assumed that intelligent contract is related to contract state X1~Xn, and total n contract state corresponds respectively to
Key K1~Kn.So, the corresponding key Ki of contract state Xi can be by the first block chain node according to being stored in described credible hold
The security key of row environment generates, 1≤i≤n at least one corresponding to the privately owned impact factor of contract state Xi.
In one embodiment, security key can be the key of symmetric cryptography, e.g. seal (Simple Encrypted
Arithmetic Library) key.The seal key, for example, can be by after remote proving by Key Management server
It is sent to the first block chain node, then for example can be each node (such as the first block chain node and other areas in block chain
Block chain node) between negotiate to obtain.The security key can be stored in the enclosure of the first block chain node.First block
Chain node may include multiple enclosures, and above-mentioned security key can be passed into the safe enclosure in these enclosures;For example, the peace
Full enclosure can be QE enclosure, rather than AE enclosure.
It in one embodiment, include two classes: privately owned impact factor and public influence for the impact factor of the key of generation
The factor.Privately owned impact factor is only applicable to corresponding contract state, is not suitable for other contract states, such as contract state X1
Privately owned impact factor is not suitable for contract state X2~Xn.Public impact factor is suitable for all contract states simultaneously.
In one embodiment, the corresponding key Ki of contract state Xi can correspond to contract shape at least one by security key
The privately owned impact factor of state Xi and generate.For example, the first block chain node can to security key and at least one correspond to close
After the privately owned impact factor of about state Xi is spliced, Hash calculation, and the cryptographic Hash that will be calculated are carried out to concatenation information
Or a part (such as first 128 or other parts) of the cryptographic Hash is used as the key Ki, to be carried out for contract state Xi
Encryption.Since the privately owned impact factor of each contract state is different, it is ensured that accordingly generate corresponding key K1~Kn
When, each key is necessarily different, and each contract state X1~Xn is encrypted using different keys respectively.
Privately owned impact factor corresponding to contract state Xi may include: contract state Xi going out in the intelligent contract
Now sequence Pi.When the first block chain node executes the code of the intelligent contract, can be successively read in the intelligence contract code
The each contract state for including, can be by the corresponding appearance sequence P1~Pn of each contract state, as contract state X1~Xn
One of corresponding privately owned impact factor.For example, when occurring for contract state X3 first, the privately owned shadow of contract state X3
Ringing the factor may include appearance sequence P3=1, and when occurring for contract state X100 the 88th, contract state X100's is privately owned
Impact factor may include appearance sequence P100=88.Since different contract states always occurs in a different order, thus
It may insure that the corresponding appearance sequence P1~Pn of each contract state is inevitable different.
Privately owned impact factor corresponding to contract state Xi may include: the count value Qi corresponding to the appearance sequence.
For the appearance sequence of contract state, the first block chain node can not directly use appearance sequence, but use and correspond to
The now count value Qi of sequence, as privately owned impact factor.If started counting from 1, the counting interval 1 every time, count
Value Qi can be identical with the value of appearance sequence Pi;And if do not started counting from 1 or the counting interval is not 1, count
Numerical value Qi is not identical as the value of appearance sequence Pi, but maintains a preset numerical relation, such as when starting counting, count from a
Several when being divided into b, which is Qi=a+b × (Pi-1).Since different contract states always goes out in a different order
It is existing, thus based on above-mentioned numerical relation, it can be ensured that the corresponding count value Q1~Qn of each contract state is inevitable different.
Privately owned impact factor corresponding to contract state Xi may include: random number Si of the distribution to contract state Xi.The
One block chain node directly can distribute random number S1~Sn to each contract state X1~Xn, as long as ensuring each contract state
Corresponding random number does not repeat.Meanwhile by using random number Si, even if so that different transaction is to same intelligent contract
When being called, different random numbers may be distributed for the same contract state in the intelligence contract, thus to different friendships
Contract state caused by easily uses the key of differentiation, can further enhance Information Security.
Certainly, corresponding to the privately owned impact factor of contract state Xi there may be multiple such as above-mentioned appearance sequence Pi,
Combination between the privately owned impact factor of any two between count value Qi, random number Si or more.Based on greater number of private
Have an impact the factor, can be true by other privately owned impact factors when the privately owned impact factor in part is revealed for some reason
Protecting corresponding private key will not be calculated or deduce.
In one embodiment on the basis of above-mentioned privately owned impact factor, the generation of key can also be with public impact factor
It is related.For example, the first block chain node can to security key, at least one correspond to contract state Xi privately owned impact factor
After being spliced at least one public impact factor, Hash calculation, and the cryptographic Hash that will be calculated are carried out to concatenation information
Or a part (such as first 128 or other parts) of the cryptographic Hash is used as the key Ki, to be carried out for contract state Xi
Encryption.
Wherein, since the privately owned impact factor of each contract state is different, it is ensured that accordingly generate corresponding close
When key K1~Kn, each key is necessarily different, and each contract state X1~Xn is allowed to use different keys respectively
It is encrypted.And by adding public impact factor, the secret protection of other granularities or level may be implemented.
The corresponding key Ki of contract state Xi can also be highly relevant with history block.For example, the history block height can
With are as follows: block height of the first block chain node when receiving above-mentioned transaction, in block chain account book.Due to the history block height
It is related to above-mentioned transaction, thus key can be distinguished in transaction granularity.For example, ought initiate respectively and intelligence and about S1
When relevant transaction R1, R2, due to having invoked the same intelligence and about S1, so that the corresponding privately owned influence of identical contract state
The factor is possible identical (being typically different if using random number), and for example trade R1, R2 all refer to contract state Y1~Yn.Such as
Fruit generates key according only to security key and privately owned impact factor, can make between the corresponding contract state Y1~Yn of R1 using not
With the corresponding contract state of key K1_1~K1_n, R2 between use different key K2_1~K2_n, but identical contract
State may correspond to identical key, such as K1_i=K2_i in different transaction.But since different transaction R1, R2 exist
Different moments are submitted, and different history block height is likely corresponded to, thus by being included in history block height to key
Calculating process, i.e., it is close to generate according to security key, privately owned impact factor and public impact factor (such as history block height)
Key can make identical contract state correspond to different keys, i.e. K1_i ≠ K2_i in different transaction.
Similar with history block height, public impact factor can also include: the block of block locating for the transaction
Highly, position offset etc. of the transaction in locating block.These public impact factors can produce in " transaction " granularity
Raw influence, so that same intelligent contract (same contract address or contract address difference, code Hash are being called in different transaction
It is worth identical) when, the contract state of the intelligence contract corresponds to different keys in different transaction.
And other public impact factors, the influence of other granularities can also be generated.
For example public impact factor may include: the contract address of the intelligent contract, so that different transaction (same initiations
Side or different initiators) when being called to the intelligent contract of same contract address, same contract state corresponds to identical close
Key, and difference is traded when being called to the intelligent contract of different contract addresses, (different contract addresses are usual for same contract state
It is different that there are at least part contract states) correspond to different keys.
Public impact factor may include: the code cryptographic Hash of the intelligent contract for another example, so that different transaction are (same
Initiator or different initiator) when being called, same contract state corresponds to phase for identical to code cryptographic Hash intelligent contract
With key, and when the different intelligent contract different to code cryptographic Hash of trading is called, same contract state (code Hash
When being worth different, it is different usually to there is at least part contract state) correspond to different keys.
For another example public impact factor may include: the account address of the contract founder of the intelligent contract, so that not
It is adjusted with transaction (same initiator or different initiators) multiple intelligent contracts identical to code respectively but different founder
Used time, it can be ensured that same contract state corresponds to different keys.
For another example public impact factor may include: the account address of the initiator of the transaction, so that same user's needle
When initiating to call to same intelligent contract, same contract state corresponds to identical key, and different user be directed to respectively it is same
When intelligent contract initiates to call, same contract state corresponds to different keys.
Certainly, there may be blocks locating for multiple such as above-mentioned history block height, the transaction for public impact factor
Block height, the position offset of the transaction in locating block, the contract address of the intelligent contract, the intelligence closes
Code cryptographic Hash about, the account address of the contract founder of the intelligent contract, the transaction initiator account address
Between the public impact factor of any two or more between combination.Based on greater number of public impact factor, Ke Yi
When the public impact factor in part is revealed for some reason, ensure that corresponding private key will not be by by other public impact factors
It calculates or deduces, can also realize the secret protection of corresponding granularity.
First block chain node can use the processor instruction increased newly in CPU, can distribute a part of area in memory
Domain EPC carries out encryption to above-mentioned plaintext code by the crypto engine MEE in CPU and is stored in the EPC.It is encrypted in EPC
Content is decrypted into plain text after entering CPU.In CPU, operation is carried out to the code of the plaintext, completes implementation procedure.
In SGX technology, the code of the intelligent contract is executed, EVM can be loaded into the enclosure.In remote proving
In the process, the Key Management server can calculate the hash value of local EVM code, and with loaded in the first block chain node
The hash value of EVM code compare, comparison result is correctly as by a necessary condition of remote proving, so that completion is to the
The measurement of the code of one block chain node SGX enclosure load.Through excess vol, correct EVM can execute the intelligence in SGX
Contract code.
In general, the contract state can change after CPU executes the plaintext code.Contract state is stored in area
Block chain is that database, such as local database is written in the contract state from the angle of block chain node.The database,
It is generally stored among storage medium, more common is persistent storage medium.The persistent storage medium, can be magnetic
Disk, floppy disk are also possible to the memory etc that can restore data after being powered so as to persistent storage.
The operation that database is written, if being indicated with code, such as setstorage (key, ENC (value, secret_
key)).In setstorage (key, ENC (value, secret_key)), key (key) can be with traditional key writing mode phase
Together.As for the write-in of value, Intel SGX technology can be used, ENC indicates that enclave, secret_key indicate to use SGX
The key used when database is written in technology, the corresponding private key of difference contract state is also different in the present specification.
In one embodiment, after the first block chain node obtains plaintext contract state in credible performing environment, with described
The plaintext contract state is encrypted as ciphertext contract state by key, and is exported the ciphertext from the credible performing environment and closed
About state;First block chain node except the credible performing environment by executing store function code, by the ciphertext
Contract state is stored to the external memory space except the credible performing environment.
First block chain node is by running the code for realizing a certain function, to realize the function.Therefore, for needing
The function to realize in credible performing environment also needs to execute correlative code.And for being executed in credible performing environment
Code, need to meet the related specifications and requirement of credible performing environment;Accordingly in the related technology for realizing a certain
The code of function needs the specification and requirement in conjunction with credible performing environment to re-start written in code, and there is only relatively bigger
Exploitation amount, and be easy during rewriting generate loophole (bug), influence function realization reliability and stability.
Therefore, the first block chain node is by being encrypted as ciphertext contract state by key for plaintext contract state, and is somebody's turn to do
Ciphertext contract state is only decrypted by credible performing environment, it can be ensured that ciphertext contract state safe enough itself.
On this basis, the first block chain node, will be described close by executing store function code except the credible performing environment
Literary contract state is stored to the external memory space except the credible performing environment, and the store function code is allowed to be phase
Code is re-started in the technology of pass for realizing the code of store function, the specification and requirement not needed in conjunction with credible performing environment
It writes, can realize safe and reliable storage for the ciphertext contract state, can not only not influence safe and reliable degree
On the basis of, the exploitation amount of correlative code is reduced, and TCB can be reduced by reducing the correlative code of credible performing environment
(Trusted Computing Base, trusted computing base), so that during TEE technology and block chain technology are combined,
Security risk caused by additional is in controlled range.
In one embodiment, the first block chain node can execute write buffer function code in credible performing environment, with
The plaintext contract state is stored in the write buffer in the credible performing environment, for example the write buffer can correspond to such as figure
" caching " shown in 5.Further, the first block chain node by after the data encryption in the write buffer from the credible execution
Environment output, to store to the external memory space.Wherein, the write buffer function code can be stored in plaintext version
In the credible performing environment, the caching function code of the plaintext version can be directly executed in credible performing environment;Or, institute
Stating write buffer function code can be stored in except the credible performing environment with ciphertext form, for example be stored in above-mentioned outside
The write buffer function code of the ciphertext form can be read in credible hold by memory space (such as " memory space " shown in fig. 5)
Row environment is decrypted as plaintext code in credible performing environment, and executes the plaintext code.
Write buffer refers to when writing data into external memory space, in order to avoid causing " the punching to external memory space
Hit " and " buffering " mechanism of offer.For example, can realize above-mentioned write buffer using buffer;Certainly, write buffer can also adopt
It is realized with cache, this specification is limited not to this.In fact, due to the safety collar that credible performing environment is isolation
Border, and external memory space is located at except credible performing environment, so that by using write buffer mechanism, it can be to the number in caching
External memory space is written according to batch is carried out, so that the interaction times between credible performing environment and external memory space are reduced,
Promote data storage efficiency.Meanwhile credible performing environment is during constantly executing each intelligent contract, it may be necessary to transfer
Generated data (such as value of contract state) can be directly from writing if the data that need to be called are located exactly in write buffer
It reads the data in caching, on the one hand can reduce the interaction between external memory space in this way, on the other hand eliminate pair
From the decrypting process of external memory space data streams read, to be lifted at the data-handling efficiency in credible performing environment.
It is of course also possible to write buffer is built on except credible performing environment, for example the first block chain node can be can
Believe and execute write buffer function code except performing environment, so that the ciphertext contract state is stored in outside the credible performing environment
Write buffer in, and further the data in the write buffer are stored to the external memory space.
In one embodiment, the inquiry request that the first block chain node can be initiated according to client, closes the plaintext
It is about exported after state encryption from credible performing environment, to be back to the client.
For example, the first block chain node can read the ciphertext contract state from the external memory space, by institute
Stating the decryption of ciphertext contract state is the reading credible performing environment, then to plaintext conjunction after the plaintext contract state
It is about exported after state encryption from credible performing environment, for example is returned and encrypted to client by transaction/query interface shown in fig. 5
Plaintext contract state afterwards.
For another example the first block chain node can read the plaintext contract shape from the read buffer in credible performing environment
State, and exported to after plaintext contract state encryption from credible performing environment;Wherein, the plaintext contract state is by the firstth area
Block chain node executes read buffer function code in credible performing environment in advance, reads from the external memory space described close
Literary contract state decrypts the ciphertext contract state to read in the credible performing environment simultaneously after the plaintext contract state
It is stored in the read buffer.In other words, the first block chain node reads the ciphertext contract shape from the external memory space
State decrypts the ciphertext contract state for after the plaintext contract state, can be by executing reading in credible performing environment
The plaintext contract state is stored in the read buffer in credible performing environment by caching function code, for example the read buffer can be right
It should be in " caching " shown in fig. 5;Further, the inquiry request initiated for client, or exist for credible performing environment
Data required when intelligent contract are executed, reading data can be preferentially carried out from the read buffer, if it can read related data
Without being read from external memory space, to reduce and the interaction times of external memory space, release data decrypting process.
Read buffer refers to after data are read in credible performing environment from external memory space, in order to reduce and external storage
The data read can be stored in the read buffer space in credible performing environment by the interaction times in space with plaintext version
It is interior.For example, can realize above-mentioned read buffer using cache;Certainly, read buffer can also be realized using buffer, this theory
Bright book is limited not to this.
First block chain node can support above-mentioned read buffer mechanism and write buffer mechanism simultaneously.And with caching technology
Continuous development, same caching can be applied not only to realize reading data or data write-in, it might even be possible to while support data
Read-write operation, so that the boundary line between read buffer and write buffer is not sometimes very clear, thus only with " caching " progress in Fig. 5
Signal, and its concrete type is not distinguished specifically, it can be configured and be adjusted according to actual needs.
The node embodiment that secret protection is realized in a kind of block chain of this specification is introduced below in conjunction with Fig. 6, comprising:
Determination unit 601, for determining the corresponding intelligent contract of transaction received;
Execution unit 602, for executing the intelligent contract in credible performing environment;
Encryption unit 603, for being encrypted when storing the contract state that the intelligent contract is related to key, and different conjunctions
About state corresponds to different keys.
Optionally, the intelligent contract is related to contract state X1~Xn, corresponds respectively to key K1~Kn;Wherein, contract
The corresponding key Ki of state Xi by the block chain node according to the security key for being stored in the credible performing environment and at least
One corresponds to the privately owned impact factor of contract state Xi and generates, 1≤i≤n.
Optionally, the privately owned impact factor corresponding to contract state Xi includes at least one of: contract state Xi is in institute
State appearance sequence Pi in intelligent contract, corresponding to the count value Qi of the appearance sequence, distribution to contract state Xi it is random
Number Si.
Optionally, the corresponding key Ki of contract state Xi is also related at least one following public impact factor: history
The block height of block locating for block height, the transaction, the position offset traded in locating block, the intelligence
The contract address of contract, the code cryptographic Hash of the intelligent contract, the account address of the contract founder of the intelligent contract, institute
State the account address of the initiator of transaction.
Optionally, the security key includes seal key.
Optionally,
The seal key the first block chain node SGX by remote proving after sent by Key Management server;
Or,
The seal key between the first block chain node and other block chain nodes by negotiating to obtain.
Optionally, the security key is stored in the enclosure of the first block chain node.
Optionally, there are several enclosures, the security key to be stored in safe enclosure for the first block chain node.
Optionally, the safe enclosure includes QE enclosure.
Optionally, storage unit 603 is specifically used for
After obtaining the corresponding plaintext contract state of any contract state in credible performing environment, with any contract shape
The plaintext contract state is encrypted as ciphertext contract state by the corresponding key of state, and exports institute from the credible performing environment
State ciphertext contract state;
By except the credible performing environment execute store function code, by the ciphertext contract state store to
External memory space except the credible performing environment.
System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity,
Or it is realized by the product with certain function.A kind of typically to realize that equipment is computer, the concrete form of computer can
To be personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media play
In device, navigation equipment, E-mail receiver/send equipment, game console, tablet computer, wearable device or these equipment
The combination of any several equipment.
In a typical configuration, computer includes one or more processors (CPU), input/output interface, network
Interface and memory.
Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/or
The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium
Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves
State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable
Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM),
Digital versatile disc (DVD) or other optical storage, magnetic cassettes, disk storage, quantum memory, based on graphene
Storage medium or other magnetic storage devices or any other non-transmission medium, can be used for storing can be accessed by a computing device
Information.As defined in this article, computer-readable medium does not include temporary computer readable media (transitory media),
Such as the data-signal and carrier wave of modulation.
It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludability
It include so that the process, method, commodity or the equipment that include a series of elements not only include those elements, but also to wrap
Include other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic want
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including described want
There is also other identical elements in the process, method of element, commodity or equipment.
It is above-mentioned that this specification specific embodiment is described.Other embodiments are in the scope of the appended claims
It is interior.In some cases, the movement recorded in detail in the claims or step can be come according to the sequence being different from embodiment
It executes and desired result still may be implemented.In addition, process depicted in the drawing not necessarily require show it is specific suitable
Sequence or consecutive order are just able to achieve desired result.In some embodiments, multitasking and parallel processing be also can
With or may be advantageous.
The term that this specification one or more embodiment uses be only merely for for the purpose of describing particular embodiments, and
It is not intended to be limiting this specification one or more embodiment.In this specification one or more embodiment and the appended claims
Used in the "an" of singular, " described " and "the" be also intended to including most forms, unless context understands earth's surface
Show other meanings.It is also understood that term "and/or" used herein refers to and includes one or more associated list
Any or all of project may combine.
It will be appreciated that though this specification one or more embodiment may using term first, second, third, etc. come
Various information are described, but these information should not necessarily be limited by these terms.These terms are only used to same type of information area each other
It separates.For example, the first information can also be referred to as in the case where not departing from this specification one or more scope of embodiments
Two information, similarly, the second information can also be referred to as the first information.Depending on context, word as used in this is " such as
Fruit " can be construed to " ... when " or " when ... " or " in response to determination ".
The foregoing is merely the preferred embodiments of this specification one or more embodiment, not to limit this theory
Bright book one or more embodiment, all within the spirit and principle of this specification one or more embodiment, that is done is any
Modification, equivalent replacement, improvement etc. should be included within the scope of the protection of this specification one or more embodiment.