CN110263091A - In conjunction with code mark and user, the receipt storage method of event type and node - Google Patents

Abstract

This specification one or more embodiment provides a kind of combination code mark and user, the receipt storage method of event type and node, this method may include: that the first block chain node receives the transaction for corresponding to intelligent contract for passing through encryption, include the object indicated by exposure identifier in the code of the intelligence contract；First block chain node decrypts the transaction in credible performing environment to obtain intelligent contract, which includes special event function；First block chain node executes the intelligence contract in the credible performing environment, obtains receipt data, which includes the log corresponding to the special event function；First block chain node stores the receipt data, when the initiator that trades belongs to pre-set user type, store at least part receipt contents in the log corresponding to the special event function with ciphertext form with remaining content of plaintext version storage, the receipt data, which is matched with the object that the exposure identifier is indicated.

Description

In conjunction with code mark and user, the receipt storage method of event type and node

Technical field

This specification one or more embodiment be related to block chain technical field more particularly to a kind of combination code mark with User, the receipt storage method of event type and node.

Background technique

Block chain technology constructs on transmission network (such as point to point network).Network node in transmission network utilizes Linked data structure is verified and storing data, and knows together algorithm using distributed node to generate and more new data.

Technically maximum two challenges are exactly privacy and performance to the block platform chain of enterprise-level at present, and often the two are chosen War is difficult to solve simultaneously.Most solutions are all to exchange privacy for by losing performance, or less consider that privacy goes the property pursued Energy.The encryption technology of common solution privacy concern, as homomorphic cryptography (Homomorphic encryption) and Zero Knowledge are demonstrate,proved Complexities such as bright (Zero-knowledge proof) are high, poor universality, but also may bring serious performance loss.

Credible performing environment (Trusted Execution Environment, TEE) is another solution privacy concern Mode.TEE can play the role of the black box in hardware, and the code and data operating system layer executed in TEE can not all be peeped, Interface predetermined can just operate on it only in code.In terms of efficiency, due to the black box property of TEE, in TEE Carry out operation is clear data, rather than the complicated cryptography arithmetic in homomorphic cryptography, calculating process efficiency are not lost, because This combines safety and the privacy that block chain can be largely promoted under the premise of performance loss is lesser with TEE. Industry very pays close attention to the scheme of TEE at present, and the chip and software league of nearly all mainstream have the TEE solution party of oneself Case, TPM's (Trusted Platform Module, reliable platform module) and hardware aspect including software aspects Intel SGX (Software Guard Extensions, software protection extension), ARM Trustzone (trusted domain) and AMD PSP (Platform Security Processor, platform safety processor).

Summary of the invention

In view of this, this specification one or more embodiment provides a kind of combination code mark and user, event type Receipt storage method and node.

To achieve the above object, it is as follows to provide technical solution for this specification one or more embodiment:

According to this specification one or more embodiment in a first aspect, propose a kind of combination code mark and user, The receipt storage method of event type, comprising:

First block chain node receives the transaction for corresponding to intelligent contract by encryption, in the code of the intelligence contract Including the object indicated by exposure identifier；

First block chain node decrypts the transaction in credible performing environment to obtain the intelligent contract, the intelligence Contract includes special event function；

First block chain node executes the intelligent contract in the credible performing environment, obtains receipt data, described Receipt data includes the log corresponding to the special event function；

First block chain node stores the receipt data, when the initiator that trades belongs to pre-set user type, to make pair At least part receipt contents in the log of special event function described in Ying Yu are with plaintext version storage, the receipt data Remaining content is stored with ciphertext form, and at least part receipt contents are matched with the object that the exposed identifier is indicated.

According to the second aspect of this specification one or more embodiment, propose a kind of combination code mark and user, The receipt memory node of event type, comprising:

Receiving unit receives the transaction for corresponding to intelligent contract by encryption, includes in the code of the intelligence contract The object indicated by exposure identifier；

Decryption unit decrypts the transaction in credible performing environment to obtain the intelligent contract, the intelligence contract Include special event function；

Execution unit executes the intelligent contract in the credible performing environment, obtains receipt data, the receipt number According to the log comprising corresponding to the special event function；

Storage unit stores the receipt data, to make to correspond to institute when the initiator that trades belongs to pre-set user type State at least part receipt contents in the log of special event function with plaintext version storage, the receipt data remaining in Appearance is stored with ciphertext form, and at least part receipt contents are matched with the object that the exposed identifier is indicated.

According to the third aspect of this specification one or more embodiment, a kind of electronic equipment is proposed, comprising:

Processor；

Memory for storage processor executable instruction；

Wherein, the processor is by running the executable instruction to realize method as described in relation to the first aspect.

According to the fourth aspect of this specification one or more embodiment, a kind of computer readable storage medium is proposed, The step of being stored thereon with computer instruction, method as described in relation to the first aspect realized when which is executed by processor.

Detailed description of the invention

Fig. 1 is a kind of schematic diagram for creation intelligence contract that an exemplary embodiment provides.

Fig. 2 is a kind of schematic diagram for calling intelligence contract that an exemplary embodiment provides.

Fig. 3 is the receipt storage side of a kind of combination code mark and user, event type that an exemplary embodiment provides The flow chart of method.

Fig. 4 is a kind of schematic diagram that secret protection is realized on block chain node that an exemplary embodiment provides.

Fig. 5 is a kind of function that block chain network is realized by system contract and chain code that an exemplary embodiment provides The schematic diagram of logic.

Fig. 6 is that a kind of combination code mark that an exemplary embodiment provides and the receipt storage of user, event type save The block diagram of point.

Specific embodiment

Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with this specification one or more embodiment.Phase Instead, they are only some aspects phases with the one or more embodiments of as detailed in the attached claim, this specification The example of consistent device and method.

It should be understood that the sequence that might not show and describe according to this specification in other embodiments executes The step of correlation method.In some other embodiments, step included by method can than described in this specification more It is more or less.In addition, single step described in this specification, may be broken down into other embodiments multiple steps into Row description；And multiple steps described in this specification, it may also be merged into single step progress in other embodiments Description.

Block chain is normally divided into three types: publicly-owned chain (Public Blockchain), privately owned chain (Private ) and alliance's chain (Consortium Blockchain) Blockchain.In addition, there are also a plurality of types of combinations, such as privately owned chain The different combinations such as+alliance chain, alliance's chain+publicly-owned chain.It is publicly-owned chain that wherein decentralization degree is highest.Publicly-owned chain with than Special coin, ether mill are representative, and the participant that publicly-owned chain is added can read data record on chain, participate in business and compete newly Book keeping operation power of block etc..Moreover, each participant's (i.e. node) freely can be added and exit network, and carry out relevant operation.It is private There is chain then on the contrary, the write-in permission of the network is by some tissue or mechanism controls, reading data permission is by organization prescribed.Simply For, privately owned chain can be weak center's system, and participating in node has stringent limitation and less.Such block chain is more It is suitable for using inside particular organization.Alliance's chain is then block chain between publicly-owned chain and privately owned chain, it can be achieved that " part Decentralization ".Each node usually has corresponding physical mechanism or tissue in alliance's chain；Participant is added by authorization Enter network and composition interests correlation alliance, it is common to safeguard the operation of block chain.

Whether publicly-owned chain, privately owned chain or alliance's chain may all provide the function of intelligent contract.Intelligence on block chain Contract is the contract that can be executed by transaction triggering on block catenary system.Intelligent contract can pass through the formal definition of code.

By taking ether mill as an example, user is supported to create in the network of ether mill and call the logic of some complexity, this is ether Mill is different from the ultimate challenge of bit coin block chain technology.Ether mill is ether mill void as the core of a programmable block chain Quasi- machine (EVM), each ether mill node can run EVM.EVM is the complete virtual machine of figure spirit, it means that can be with The logic of various complexity is realized by it.It is exactly to run on EVM that user, which issues in ether mill and call intelligent contract,.It is real On border, what virtual machine was directly run is virtual machine code (Virtual Machine bytecodes, lower abbreviation " bytecode ").It is deployed on block chain Intelligent contract can be the form of bytecode.

Such as shown in Fig. 1, after a transaction comprising the intelligent contract information of creation is sent ether mill network by Bob, section The EVM of point 1 can execute this and trade and generate corresponding contract example." 0x6f8ae93 ... " in 1 in figure represents this The address of contract, what the data field of transaction saved can be bytecode, and the to field of transaction is sky.Pass through common recognition machine between node After system is reached an agreement, this contract is successfully created, and can be called in the follow-up process.After contract creation, on block chain There is a contract account corresponding with the intelligence contract, and possess a specific address, contract code will be stored in the conjunction About in account.The behavior of intelligent contract is controlled by contract code.In other words, intelligent contract to generate on block chain comprising closing The about virtual account of code and account storage (Storage).

As shown in Fig. 2, one is used to call the transaction of intelligent contract to be sent to ether mill by Bob still by taking ether mill as an example After network, the EVM of a certain node can execute this and trade and generate corresponding contract example.The from word traded in 2 in figure Section is the address of the account of transaction initiator (i.e. Bob), and " 0x6f8ae93 ... " in field represents called intelligence and close Address about, value field are the value of ether coin, the side of the intelligent contract of the calling that the data field of transaction saves in ether mill Method and parameter.Intelligent contract in a prescribed manner in block chain network each node disjoint execution, all execution record and Data are all stored on block chain, so just saving the transaction that can not be distorted, will not lose on block chain after the completion of transaction Voucher.

Node in block chain network can generate corresponding receipt (receipt) number after executing the transaction that Bob is initiated According to for recording the relevant receipt information of the transaction.By taking ether mill as an example, node executes the resulting receipt data of trading can be with Including following content:

Result field indicates the implementing result of transaction；

Gas used field indicates the gas value of transaction consumption；

Logs field indicates that the log that transaction generates, log may further include From field, To field, Topic word Section and Log data field etc., wherein From field indicates that the account address of the initiator called, To field indicate called pair As the account address of (such as intelligent contract), Topic field indicate that the theme of log, Log data field indicate daily record data；

Output field indicates the output of transaction.

In general, the receipt data that transaction generates after executing is stored with plaintext version, anyone is it can be seen that receive According to the content of above-mentioned each receipt field contained by data, the setting and ability of no secret protection.And in some block chains and TEE In the solution combined, in order to realize secret protection, the full content of receipt data, which is taken as, needs secret protection Data are stored on block chain.The block chain is stored in data set made of certain logic tissue in the database of node It closes.The database, as described later, physical support can store medium, such as persistent storage medium.In fact, receipt May there was only partial content in data is sensitive, and other contents and insensitive, it is only necessary to be carried out for sensitive content hidden Private protection, other content can disclose, or even may need to implement partial content retrieval in some cases to drive correlation The implementation of operation, then implementing secret protection for this partial content will affect the implementation of search operaqtion.

Below in conjunction with the receipt storage method for illustrating that the application one combines code mark and user, event type shown in Fig. 3 Embodiment realization process:

Step 302, the first block chain node receives the transaction for corresponding to intelligent contract by encryption, the intelligence contract Code in include by the object indicated of exposure identifier.

Exposure identifier is mark of overall importance defined in the programming language of intelligent contract, is suitable for using the programming language Say all intelligent contracts write.Therefore, by defining exposure identifier in programming language, so that in any intelligent contract Code uses the exposure identifier, and the storage control to receipt data can be realized.For example, user is in the generation for writing intelligent contract When code, one or more objects can be indicated by adding exposure identifier in code, to show that user wishes receipt number Receipt contents in corresponding to this partial objects use stored in clear, and residue does not mark corresponding to the object of exposed identifier Receipt contents do not allow using stored in clear, must using ciphertext store, to realize corresponding secret protection.

In other words, for the object indicated of exposure identifier, from the dimension of programming language for, allow corresponding to receive It is stored according to content with plaintext version；But this specification can also further consider transaction initiator belonging to user type and Event functions contained by intelligent contract, and comprehensive consideration is realized from the dimension of programming language, user type and event functions, really Whether determine will expose receipt contents corresponding to the object that identifier is indicated is stored with plaintext version.With user type, event letter The relevant information of number will be described below, and wouldn't repeat herein.

As described above, in the transaction for creating intelligent contract, what data field saved can be the intelligence contract Bytecode.Bytecode is made of a series of byte, and each byte can identify an operation.Based on development efficiency, readable Property etc. it is many-sided consider, developer can not directly write bytecode, but select a high level language intelligence contract generation Code.The code of the intelligent contract of high level language compiles by compiler and generates bytecode, and then the bytecode can portion It affixes one's name on block chain.There are many high-level language that ether mill is supported, such as Solidity, Serpent, LLL language.

By taking Solidity language as an example, the contract write with it and class (Class) the very phase in Object-Oriented Programming Language Seemingly, a variety of members, including state variable, function, function modifier, event etc. can be stated in a contract.Be as follows with The example code 1 for the simple intelligent contract that Solidity language is write:

In the code for the intelligent contract write based on Solidity language, one can be indicated by exposure identifier Or multiple objects, it (is needed so that the receipt contents in receipt data corresponding to this partial objects are allowed to store with plaintext version Determine whether reality uses stored in clear further combined with user type and the dimension of event functions), and in remaining receipt Appearance should be stored with ciphertext form.Similarly, in the code for the intelligent contract write based on Serpent, LLL language etc., together Sample can indicate one or more objects by exposure identifier, to realize the stored in clear of relevant receipts content.

Exposure identifier can be to be exclusively used in indicating the receipt field for allowing stored in clear, such as can use keyword Plain characterizes the exposure identifier.It so, can be corresponding right for the receipt contents for wishing to store with plaintext version As adding plain (alternatively, can also be associated using other modes with corresponding object) before.

The object that exposure identifier is indicated may include receipt field, than Result field as described above, Gas The From field that is further included in used field, Logs field, Output field etc. or Logs field, To field, Topic field, Log data field etc..For example, above-mentioned example code 1 can be adjusted to following example codes 2:

In above-mentioned example code 2, by adding exposure identifier plain in the code forefront of intelligent contract, make Intelligent contract code be performed after, all fields in the receipt data of generation allow to be stored with plaintext version. Specifically, when the initiator that trades belongs to pre-set user type, for the log generated in receipt data by special event function, The corresponding all receipt contents of the log are allowed to be stored with plaintext version.

Certainly, in other embodiments, the field for needing stored in clear can also be particularly pointed out.For example, passing through exposure mark When knowledge symbol is labeled From field, after may make the code of intelligent contract to be performed, when transaction, initiator belongs to default use When the type of family, for the log generated in receipt data by special event function, allow the corresponding receipt contents of From field with Plaintext version is stored, and can implement search operaqtion for the receipt contents in the From field then subsequent, such as can be with Count the trading volume etc. that a certain account is initiated.

Other than receipt field, exposure identifier can be also used for indicating other objects.For example, exposure identifier is indicated Object may include state variable.By taking state variable " price " as an example, above-mentioned example code 1 can be adjusted to following Example code 3:

In above-mentioned example code 3, by adding exposure identifier before the type int of state variable " price " " plain " (alternatively, exposure identifier plain can be placed in after type int), so that the code of intelligent contract is performed Afterwards, when the initiator that trades belongs to pre-set user type, for the log generated in receipt data by special event function, allow Receipt contents relevant to state variable " price " are stored with plaintext version (on condition that transaction initiator belongs to default use Family type), then subsequent can implement search operaqtion for receipt contents relevant to state variable " price ".

In one embodiment, the corresponding intelligent contract of the received transaction of the first block chain node, can be through advanced language It says the intelligent contract write, or can be the intelligent contract of bytecode form.Wherein, when intelligent contract is high level language Intelligent contract when, the first block chain node also passes through compiler and is compiled to the intelligent contract of the high level language, raw At the intelligent contract of bytecode form, to be executed in credible performing environment.And when the received transaction pair of the first block chain node When the intelligent contract answered is the intelligent contract of bytecode form, the intelligent contract of the bytecode form can be passed through compiling by client Device is compiled the intelligent contract of high level language and obtains, and the intelligent contract of the high level language by user in visitor It writes to obtain on the end of family.

Corresponding intelligent contract of trading received for the first block chain node, can be user in the first block chain node The intelligent contract of upper generation.When user obtains above-mentioned intelligent contract using high level language, the first block chain node is also The intelligent contract of the high level language is compiled as to the intelligent contract of bytecode form by compiler；Alternatively, user can also It can directly write to obtain the intelligent contract of bytecode form on the first block chain node.

Corresponding intelligent contract of trading received for the first block chain node, can generate on the client for user Intelligent contract.For example, user by corresponding account after client generates the transaction, transaction is committed to by the client First block chain node.It include transaction/query interface in the first block chain node, which can be with client pair by taking Fig. 4 as an example It connects, client is allowed to submit above-mentioned transaction to the first block chain node.Than as described above, user can use advanced language Speech writes intelligent contract on the client, is then compiled by client by intelligent contract of the compiler to the high-level language It translates, obtains the intelligent contract of corresponding bytecode form.Certainly, client can be directly by the intelligent contract of high level language It is sent to the first block chain node, so that the first block chain node is compiled as the intelligent contract of bytecode form by compiler.

Corresponding intelligent contract of trading received for the first block chain node, can pass through the second block chain for client Intelligent contract in the transaction that node is sent, the intelligence contract are usually bytecode form；Certainly, which may be The intelligent contract of high level language, the then intelligence that the first block chain node can be compiled as bytecode form by compiler are closed About.

In one embodiment, when in the code of intelligent contract including exposure identifier, the intelligence of high level language is closed About it can have identical exposed identifier with the intelligent contract of bytecode form.And it should be understood by those skilled in the art that Be: bytecode can using different from high-level language exposure identifier, such as high level language intelligent contract code In comprising first identifier symbol, the intelligent contract of bytecode form code in accord with comprising second identifier, then first identifier Fu Yu There are corresponding relationships between two identifiers, it is ensured that after being compiled as bytecode by high-level language, will not influence the function of exposed identifier Energy.

Step 304, the first block chain node decrypts the transaction in credible performing environment to obtain the intelligent contract, The intelligence contract includes special event function.

In one embodiment, intelligent contract may include one or more events, and each event is for realizing predefined Relevant treatment logic.Each event contained by intelligent contract is called execute after, can generate corresponding Logs field, for example, when Intelligent contract include event 1 and event 2 when, corresponding Logs field can be generated in event 1, event 2 can be generated it is corresponding Logs field, so that the corresponding receipt data of intelligence contract includes simultaneously multiple Logs fields.

In one embodiment, event contained by intelligent contract can be divided into special event function and common event function, In: log caused by common event function is stored using ciphertext form, to realize secret protection；Special event function institute The log of generation then allows under the premise of meeting secret protection demand, and at least part log field is carried out with plaintext version Storage, so as to be retrieved for the Content Implementation of the partial log field, to drive the implementation of relevant operation.

In one embodiment, it can be recorded in the chain code or system contract of block chain network and belong to " special event letter The event functions of number ", for example can recorde in special event function list；Correspondingly, by that will include in intelligent contract Event functions are compared with above-mentioned special event function list, can determine event functions that intelligent contract includes whether be Above-mentioned special event function.

In one embodiment, special event function can be customized arbitrary function in intelligent contract, and by intelligence The type identifier for being directed to event functions can be added in contract, which can be labeled as special event function.With For Solidity language, the example code in above-mentioned example code 1 comprising event functions is as follows:

event currentPrice(int price)；

In above-mentioned example code, intelligent Contracts Definitions event: event currentPrice.But the event is not wrapped Identifier containing any type, thus corresponding event functions belong to common event function.And to the event functions in example code 1 After being adjusted, the example code of available event functions is as follows:

event currentPrice expose(int price)；

In the above-mentioned modified example code, intelligent Contracts Definitions event: event currentPrice.By in thing Type identifier " expose " is added in part currentPrice, event currentPrice can be labeled as above-mentioned spy Different event functions.

There are many high-level language that ether mill is supported, such as Solidity, Serpent, LLL language, may include above-mentioned Type identifier.The intelligent contract of high level language can be compiled as corresponding bytecode, the firstth area by compiler Block chain node finally executes the intelligent contract of bytecode form in EVM virtual machine.So, above-mentioned type identifier is advanced It can be the first kind in identical or high-level language intelligent contract code in language and the intelligent contract code of bytecode form Type identifier, bytecode form intelligent contract code in be Second Type identifier, first kind identifier and Second Type It can be corresponded to each other between identifier.

In one embodiment, by encrypting to transaction content, the above-mentioned transaction by encryption can be made to be in privacy guarantor The state of shield, avoids transaction content from exposing.It for example, may the account address comprising transaction initiator, friendship in transaction content The information such as the account address of easy target, may insure these transaction contents by encryption can not be read directly.

In one embodiment, above-mentioned transaction can be encrypted by way of symmetric encipherment algorithm, can also be used non- The mode of symmetry algorithm is encrypted.The Encryption Algorithm that symmetric cryptography uses, e.g. DES algorithm, 3DES algorithm, TDEA are calculated Method, Blowfish algorithm, RC5 algorithm, IDEA algorithm etc..Rivest, shamir, adelman, e.g. RSA, Elgamal, knapsack algorithm, Rabin, D-H, ECC (elliptic curve encryption algorithm) etc..

In one embodiment, above-mentioned transaction can be carried out by way of symmetric encipherment algorithm combination rivest, shamir, adelman Encryption.By taking above-mentioned transaction is committed to the first block chain node by client as an example, client can be added using symmetric encipherment algorithm Close transaction content encrypts transaction content using the key of symmetric encipherment algorithm, and is added with rivest, shamir, adelman cryptographic symmetrical The key used in close algorithm, for example using the key used in the public key encryption symmetric encipherment algorithm of rivest, shamir, adelman. In this way, can be first decrypted using the private key of rivest, shamir, adelman after the first block chain node receives the transaction of encryption, The key of symmetric encipherment algorithm is obtained, and then decrypts to obtain transaction content with the key of symmetric encipherment algorithm.

When transaction is for calling intelligent contract, the calling of multinest structure can be.For example, transaction calls directly intelligence Can and about 1, and the intelligence and about 1 code have invoked intelligence and about 2, and the code in intelligence and about 2 be directed toward it is intelligent with about 3 Contract address so that transaction actually have invoked indirectly intelligence and about 3 codes, and intelligence and about 3 in include a certain event Function.The event functions are contained in this way, being equivalent in intelligence and about 1.Specific implementation process is similar with the above process, herein not It repeats again.

Step 306, the first block chain node executes the intelligent contract in the credible performing environment, obtains receipt number According to the receipt data includes the log corresponding to the special event function.

As previously mentioned, the first block chain node is when executing the code of intelligent contract, for each event contained by code Function will generate corresponding Logs field respectively, i.e., generate the log for corresponding to each event functions respectively.Thus sent out in transaction It rises in the case where just belonging to pre-set user type, by determining special event function, may further determine that out special event The corresponding log of function, so that the corresponding at least part log field of special event function be deposited using plaintext version Storage.

In one embodiment, such as in ether mill, the first block chain node receives the calling intelligence that client is sent After the transaction of contract, can check transaction whether effectively, format it is whether correct, whether the signature for verifying transaction legal etc..

In general, the node in ether mill is typically also the node of contention book keeping operation power, and therefore, the first block chain node is made Node for contention book keeping operation power can be performed locally the transaction.If one in the node of contention book keeping operation power is striven in epicycle It wins during taking book keeping operation power by force, then becomes accounting nodes.If the first block chain node is in the process of epicycle contention book keeping operation power In win, just become accounting nodes；Certainly, if if the first block chain node does not have during epicycle contention is kept accounts and weighed It wins, is not then accounting nodes, and other nodes are likely to become accounting nodes.

Intelligent contract is similar to the class in Object-Oriented Programming, and the contract that the result of execution generates the corresponding intelligence contract is real Example is similar to and generates the corresponding object of class.It executes in transaction for creating the process of the code of intelligent contract, will create contract account Family, and contract is disposed in account space.In ether mill, the address of intelligent contract account is address (such as Fig. 1-2 by sender In " 0xf5e ... ") and transaction random number (nonce) as input, pass through what Encryption Algorithm generated, such as the conjunction in Fig. 1-2 About address " 0x6f8ae93 ... " is generated by the encrypted algorithm of nonce in the address of sender " 0xf5e ... " and transaction.

In general, proved using proof of work (Proof of Work, POW) and equity (Proof of Stake, POS), equity is appointed to prove the area of support intelligence contract of the common recognition such as (Delegated Proof of Stake, DPOS) algorithm In block chain network, the node of contention book keeping operation power can execute the friendship after receiving the transaction comprising the intelligent contract of creation Easily.Contention book keeping operation power node in may one of them epicycle contention keep accounts weigh during win, become accounting nodes.Note This can be included transaction of intelligent contract by account node and other transaction be packaged together and generate new block, and by the new of generation Block be sent to other nodes and know together.

For using machines such as practical Byzantine failure tolerance (Practical Byzantine Fault Tolerance, PBFT) In the block chain network of the support intelligence contract of system, there is the node of book keeping operation power to have agreed upon before epicycle book keeping operation.Therefore, After one block chain node receives above-mentioned transaction, if itself not being the accounting nodes of epicycle, which can be sent to Accounting nodes.For the accounting nodes (can be the first block chain node) of epicycle, which is being packaged and is generating new block During perhaps before or by the transaction with it is other transaction be packaged together and generate new block during or before, The transaction can be executed.The transaction is packaged (or further including that other transaction are packaged together) and generates new area by the accounting nodes After block, the new block of generation or block head are sent to other nodes and known together.

As described above, in block chain network using the support intelligence contract of POW mechanism, or using POS, DPOS, In the block chain network of the support intelligence contract of PBFT mechanism, which can be packaged and generate new by the accounting nodes of epicycle Block, and the new block back zone build of generation is sent to other nodes and is known together.If other nodes receive institute It states after block that there is no problem through verifying, which can be appended to original block chain end, to complete to keep accounts Journey is reached common understanding；If transaction completes deployment of the intelligent contract in block chain network, if handing over for creating intelligent contract It is easy for calling intelligent contract, then completes the calling and execution of intelligent contract.Other node verification accounting nodes are sent new Block or block head during, the transaction in the block can also be executed.

The implementation procedure can generally be executed by virtual machine.By taking ether mill as an example, support user in ether mill network Middle creation and/or the logic for calling some complexity, this is the ultimate challenge that ether mill is different from bit coin block chain technology.Ether Mill is ether mill virtual machine (EVM, Ethereum Virtual Machine) as the core of a programmable block chain, each Ether mill node can run EVM.EVM is the complete virtual machine of a figure spirit, it means that can be realized by it various Complicated logic.It is exactly to run on EVM that user, which issues in ether mill and call intelligent contract,.

In the present embodiment, the first block chain node can be in credible performing environment (Trusted Execution Environment, TEE) in execute decryption intelligent contract code.Such as shown in Fig. 4, the first block chain node can be divided For conventional performing environment (being located at left side in figure) and TEE, (as described above, transaction may exist it for the transaction that client is submitted His source；This is illustrated for sentencing the transaction of client submission) initially enter " transaction/inquiry in conventional performing environment Interface " is identified, can be left on to be handled in conventional performing environment there is no the transaction of privacy process demand and (here may be used Recognize whether that privacy handles need with identifier according to contained by the user type of transaction initiator, type of transaction, transaction etc. Ask), and the transaction transport that privacy process demand will be present is handled into TEE.TEE and conventional performing environment are mutually isolated. Transaction is in encrypted state before entering TEE, and the transaction content of plaintext is then decrypted as in credible performing environment, thus Under the premise of ensuring data safety, the transaction content of the plaintext is enabled to realize efficient process in TEE, and raw in TEE At the receipt data of plaintext.

TEE is the security extension based on CPU hardware, and the credible performing environment completely isolated with outside.TEE be earliest by The concept that Global Platform is proposed, for solving the security isolation of resource in mobile device, being parallel to operating system is to answer Credible and secure performing environment is provided with program.The Trust Zone technology of ARM realizes the TEE technology of real commercialization earliest. Along with the high speed development of internet, safe demand is higher and higher, is not limited only to mobile device, cloud device, data center More demands all are proposed to TEE.The concept of TEE has also obtained the development and expansion of high speed.Now described TEE compare with The concept initially proposed has been the TEE of more broad sense.For example, server chips manufacturer Intel, AMD etc. are successively proposed The TEE of hardware auxiliary and the concept and characteristic for enriching TEE, have been widely recognized in industry.The TEE lifted now is logical Often more refer to the TEE technology of this kind of hardware auxiliary.Different from mobile terminal, cloud access needs to remotely access, and terminal user is to hard Part platform is invisible, therefore seeks to the genuine and believable of confirmation TEE using the first step of TEE.Therefore present TEE technology is all drawn Enter remote proving mechanism, endorsed by hardware vendor (mainly CPU manufacturer) and ensures user to TEE by digital signature technology State can verify that.It is simultaneously only the demand for security that the resource isolation of safety is also unable to satisfy, further data-privacy protection Also it is suggested.Including Intel SGX, the commercial TEE including AMD SEV also both provides memory encryption technology, by reliable hardware It is limited to inside CPU, the data of bus and memory are that ciphertext prevents malicious user from being spied upon.For example, the software of Intel Protection extends code execution, remote proving, security configuration, the secure storage of data such as (SGX) TEE technology insulation and is used for Execute the trusted path of code.The application program run in TEE is kept safe, as a consequence it is hardly possible to be accessed by third party.

By taking Intel SGX technology as an example, SGX provides enclosure (enclave, also referred to as enclave), i.e., one adds in memory Close credible execution region, protects data not to be stolen by CPU.By taking the first block chain node is using the CPU for supporting SGX as an example, Using newly-increased processor instruction, a part of region EPC (Enclave Page Cache, enclosure page can be distributed in memory Face caching or enclave page cache), by the crypto engine MEE (Memory Encryption Engine) in CPU to wherein Data encrypted.The content encrypted in EPC, which only enters after CPU, can just be decrypted into plain text.Therefore, in SGX, user It can distrust operating system, VMM (Virtual Machine Monitor, monitor of virtual machine), even BIOS (Basic Input Output System, basic input output system), it is only necessary to trust CPU just and can ensure that private data will not leak. It in practical application, is transferred in enclosure after private data being encrypted with ciphertext form, and will be corresponding by remote proving Code key is also passed to enclosure.Then, operation is carried out using data under the encipherment protection of CPU, as a result can be returned with ciphertext form.This Under kind mode, powerful calculating power not only can use, but also do not have to concern of data and leak.

As described above, by executing the transaction content after decrypting in TEE, it can be ensured that implementation procedure is in trusted context Interior completion, to ensure that privacy information will not leak.It is used to create intelligent conjunction there are the transaction of privacy process demand when above-mentioned It include the code of intelligent contract when about, in the transaction, the first block chain node can be decrypted to obtain in TEE to the transaction The code of its contained intelligent contract, and the code is executed in TEE in turn.When the above-mentioned transaction there are privacy process demand is used for When calling intelligent contract, the first block chain node can execute the code (if called intelligent contract processing encryption in TEE State then needs that first the intelligence contract is decrypted in TEE, to obtain corresponding code).Specifically, the first block chain Node can use the processor instruction increased newly in CPU, distributes a part of region EPC in memory, is drawn by the encryption in CPU MEE is held up to carry out in the encryption deposit EPC above-mentioned plaintext code.The content encrypted in EPC enter after CPU be decrypted into it is bright Text.In CPU, operation is carried out to the code of plaintext, completes implementation procedure.For example, executing intelligent contract in SGX technology Plaintext code can load EVM into enclosure.During remote proving, Key Management server can calculate local EVM The hash value of code, and compared with the hash value of the EVM code loaded in the first block chain node, comparison result is correctly as logical A necessary condition of remote proving is crossed, to complete the measurement of the code loaded to the first block chain node SGX enclosure.By Measurement, correct EVM can execute the code of above-mentioned intelligent contract in SGX.

Step 308, the first block chain node stores the receipt data, to belong to pre-set user type in transaction initiator When, make at least part receipt contents in the log corresponding to the special event function with plaintext version storage, the receipts It is stored according to remaining content of data with ciphertext form, at least part receipt contents are matched with the exposed identifier and indicate Object.

In one embodiment, there are corresponding external accounts on block chain by user, and initiate to hand over based on the external account Easily or implement other operations.So, user type, i.e. user type belonging to the external account belonging to transaction initiator.Cause This, the first block chain node can determine the corresponding external account of the transaction initiator, and by recording on inquiry block chain The corresponding user type of the external account, using as user type belonging to the transaction initiator.

In one embodiment, external account may include the type field (such as the type field) being recorded on block chain, should The value of type field corresponds to user type.For example, user type is ordinary user when the value of type field is 00, When the value of type field is 01, user type is advanced level user, and when the value of type field is 11, user type is pipe Manage user etc..Therefore, the first block chain node can be based on value by the type field of the above-mentioned external account of reading Determine corresponding user type.

In one embodiment, when creating above-mentioned external account, user type, which can be configured as, to be associated with to outside this Account is recorded in the incidence relation between user type and external account in block chain, such as by user type and outside Above-mentioned incidence relation is established in the account address of portion's account, so that the data structure of external account does not need to change, i.e., it is outer Portion's account is without including above-mentioned type field.Therefore, the first block chain node can be by reading the pass recorded on block chain Connection relationship, and based on the corresponding external account of transaction initiator, determine the corresponding above-mentioned pre-set user type of the external account.

In one embodiment, it can modify under certain condition to the user type of external account.For example, management is used Family can have modification claim, allow the first block chain node according to management Client-initiated change request, change above-mentioned The corresponding user type of external account.Management user can correspond to external account preset, with administration authority in wound generation block Family allows management user to carry out Type Change to other ordinary users, advanced level user etc., for example ordinary user is changed Ordinary user etc. is changed to for advanced level user, by advanced level user.

First block chain node can determine that transaction initiator's is hidden by user type belonging to identification transaction initiator The intensity of private protection demand: when belonging to pre-set user type, the secret protection demand of transaction initiator can be determined It is relatively weak, the exposure of receipt data to a certain extent can be received, to realize corresponding Function Extension；When being not belonging to preset When user type, it can determine that the secret protection demand of transaction initiator is relatively strong, can not receive to the sudden and violent of receipt data Dew.Thus, based on the identification to user type belonging to transaction initiator, the storage mode for receipt data can be made to meet and handed over The actual demand of easy initiator, can take into account secret protection and Function Extension.For example, the demand phase of the secret protection of ordinary user To lower, relatively higher to the Function Extension demand based on receipt data, then produced by the transaction initiated for ordinary user Receipt data, can permit part receipt content and stored using plaintext version, so that the receipt contents for stored in clear are real Apply Function Extension.For another example advanced level user and management user secret protection demand it is relatively higher, to based on receipt data Function Extension demand is relatively lower, then for receipt data caused by advanced level user and management Client-initiated transaction, it can All receipt contents are all made of ciphertext form storage.

In the code of intelligent contract, exposure identifier can indicate one or more objects, these objects are in receipt number There are corresponding receipt contents in.And after special event function is performed, comprising corresponding to special event letter in receipt data Several logs, it is part receipt content in receipt data that the log is practical.And in this specification, belong in transaction initiator pre- If in the case where user type, by carrying out comprehensive consideration to exposure identifier and special event function, can filter out above-mentioned The intersection content of two parts receipt contents, and it is directed to the intersection Content Implementation stored in clear, remaining content of receipt data is adopted It is stored with ciphertext.

The mark of overall importance as defined in the programming language that exposure identifier is intelligent contract, as long as thus in intelligence After exposure identifier is written in contract, just it is difficult to modify the object that the exposure identifier is indicated.And user type then depends on Trade initiator, unrelated with programming language, even if when so that different transaction initiators calling same intelligence contract, to receipt data Storage mode (ciphertext or plaintext) be also likely to be present difference.Meanwhile the definition of special event function might not be based on programming Language realization, such as when recording special event function based on modes such as special event function lists, even if being wrapped in intelligent contract The a certain event functions contained originally belong to special event function, can also be by the side that is modified to special event function list Original special event function is updated to common event function by formula, so that the log for avoiding the event functions from generating is in plain text Form storage, or original common event function is updated to special event function, so that the log that the event functions generate In at least part content stored with plaintext version.Therefore, it by being called by different user to intelligent contract, or adjusts The type of event functions contained by whole intelligence contract can need plaintext or cipher text to store with the limitation of escape exposure identifier, adjustment Receipt contents.

By taking above-mentioned example code 2 as an example: it is assumed that event currentPrice is not recorded in special event function originally In list, i.e. event currentPrice corresponds to common event function, even if then being added in the code of intelligent contract Exposure identifier plain and transaction initiator belong to pre-set user type, each in the log of event currentPrice generation A field is still stored with ciphertext form.But if event currentPrice is added in special event function list, that In the case that example code 2 does not need adjustment, when the initiator that trades belongs to pre-set user type, event can be made Each field in the corresponding log of currentPrice is stored with plaintext version.

By taking above-mentioned example code 3 as an example: it is assumed that event currentPrice is not recorded in special event function originally In list, i.e. event currentPrice corresponds to common event function, even if then being added in the code of intelligent contract It exposes identifier plain and transaction initiator belongs to pre-set user type, in the log that event currentPrice is generated, shape The value of state variable price is still stored with ciphertext form.But if event currentPrice is added to special event letter In ordered series of numbers table, then, when the initiator that trades belongs to pre-set user type, can make in the case that example code 2 does not need adjustment In the corresponding log of event currentPrice, the value of state variable price is stored with plaintext version.

It is noted that in above-mentioned example code 2, by stating " plain " in code forefront, the exposure mark Knowing the object that symbol " plain " is indicated is all fields in receipt data, and these fields are contract grade object, so that the One block chain node all corresponds to the receipt contents of the contract grade object, quilt when storing receipt data in receipt data Permission is stored with plaintext version.It certainly, should if being labelled with From field by exposure identifier in example code 2 From field is above-mentioned contract grade object, so that the first block chain node when storing receipt data, owns in receipt data Corresponding to the receipt contents of the From field, it is allowed to store with plaintext version.Similarly, in above-mentioned example code 3, The state variable " price " that exposure identifier " plain " is indicated is similarly contract grade object, so that the first block chain node exists When storing receipt data, the receipt contents of the contract grade object " price " are all corresponded in receipt data, are allowed to bright Literary form storage.

Especially, it when in the code of intelligent contract including multiple event functions, is generated respectively in multiple event functions In corresponding Logs field, there may be receipt contents corresponding to contract grade object；Know it is possible to further pass through Not Jiao Yi user type and the type of each event functions belonging to initiator be common event function or special event function, To be corresponded in log caused by all special event functions in the case where the initiator that trades belongs to pre-set user type It is stored in the receipt contents of contract grade object with plaintext version.For example, intelligent contract may include following example code 4:

In above-mentioned example code 4, analogously with example code 2, exposure identifier " plain " is located at intelligent contract Code forefront so that all fields in receipt data are noted as contract grade object；Meanwhile including in intelligent contract Event currentPrice1 and event currentPrice2: it is assumed that event currentPrice1 corresponds to special event letter Special event function, event currentPrice2 defined in ordered series of numbers table correspond to common event function, then initiating in transaction In the case that side belongs to pre-set user type, in the day that event currentPrice1 and event currentPrice2 are generated respectively In will Log1, Log2, all fields that all fields that log Log1 includes include with plaintext version storage, log Log2 are equal It is stored with ciphertext form.Also, if after by being updated to special event function list, by event currentPrice2 It is updated to correspond to special event function, then all fields that log Log2 includes will be stored with plaintext version, without Any variation is done to the code of intelligent contract.Certainly, if being labelled with From field by exposure identifier in example code 4, So the From field is above-mentioned contract grade object, in the case where the initiator that trades belongs to pre-set user type, so that thing When part currentPrice1 is special event function, event currentPrice2 is common event function, in log Log1 From field is stored with plaintext version, remaining field is stored with ciphertext form, and all fields that log Log2 includes are with close Literary form storage；And when event currentPrice2 is updated to special event function, then the From word in log Log2 Section is stored with plaintext version storage, remaining field with ciphertext form.

For above-mentioned contract grade object, it can be indicated by type identifier above-mentioned contained by intelligent contract Whether event functions are special event function.For example, above-mentioned example code 4 can be adjusted to following example codes 5:

In above-mentioned example code 5, analogously with example code 2, contract grade object includes the institute in receipt data There is field；Meanwhile event currentPrice1 and event currentPrice2 are contained in intelligent contract: due to event CurrentPrice1 is comprising foregoing type identifier expose, so that event currentPrice1 is noted as Corresponding to special event function, and event currentPrice2 not containing type identifier expose, so that event CurrentPrice2 is noted as corresponding to common event function, then belonging to the feelings of pre-set user type in transaction initiator Under condition, in log Log1, Log2 that event currentPrice1 and event currentPrice2 are generated respectively, log Log1 All fields that all fields for including are stored with plaintext version, log Log2 includes are stored with ciphertext form.

It is all complete defined in the programming language of intelligent contract although type identifier is similar with exposure identifier Office's property mark, but identifier acts on contract grade object, type identifier acts on event functions for exposure, so that by will be sudden and violent Dew identifier is used cooperatively with type identifier, it is only necessary to which the exposed identifier of single addition can set that form above-mentioned contract grade right As, and the event functions for wishing that stored in clear is carried out to contract grade object can be neatly marked in turn, especially work as intelligence The quantity for the event functions for including in contract is more, the quantity of object (such as field or state variable) involved in event functions compared with When more, without implementing setting operation respectively for every an object involved in each event functions, it can simplify code logic, prevent Only wrong mark or spill tag.

Contract grade object in above-described embodiment includes field, such as From field etc..Contract grade object can also include State variable；For example, above-mentioned example code 4 can be adjusted to following example codes 6:

Contract Example{

plain int price；

int price1；

event currentPrice1(int price)；

event currentPrice2(int price)；

event currentPrice3(int price1)；

…

In above-mentioned example code 6, event currentPrice1 and event currentPrice2 refer to state change Amount price, event currentPrice3 refer to state variable price1；Due to the type int of state variable price it Before be added to exposed identifier " plain ", can be using state variable price as above-mentioned contract grade object.Correspondingly, In the case that transaction initiator belongs to pre-set user type, for quoting the event functions of the contract grade object, in special event In log caused by function, which is stored with plaintext version, and common event function is Just the contract grade object is referred to, generated log is still stored with ciphertext form.For example, in conjunction with recording in block chain network Special event function list: in the case where the initiator that trades belongs to pre-set user type, when event currentPrice1 is corresponding When special event function, since event currentPrice1 refers to the state variable price as contract grade object, because And in the log Logs that event currentPrice1 is generated, receipt contents relevant to state variable price are in plain text Form is stored；When event currentPrice2 corresponds to common event function, although event currentPrice2 draws The state variable price as contract grade object is used, but in the log Logs that event currentPrice2 is generated, with The relevant receipt contents of state variable price are stored with ciphertext form；Although event currentPrice3 corresponds to spy Different event functions, but since event currentPrice3 is not incorporated as the state variable price of contract grade object, because And the log Logs that event currentPrice3 is generated is stored with ciphertext form.

It is similar with previous embodiment, for the contract grade object of state variable type, type identifier can be passed through To mark the type of event functions.For example, above-mentioned example code 6 can be adjusted to following example codes 7:

Contract Example{

plain int price；

int price1；

event currentPrice1expose(int price)；

event currentPrice2(int price)；

event currentPrice3expose(int price1)；

…

In above-mentioned code instance 7, it is right that state variable price can be labeled as by exposure identifier by contract grade As, and state variable price1 is not contract grade object；The event indicated by type identifier expose CurrentPrice1, event currentPrice3 both correspond to special event function, and event currentPrice2 corresponds to Common event function.Therefore, in the case where the initiator that trades belongs to pre-set user type, in event currentPrice1 In the log Logs of generation, receipt contents relevant to state variable price are stored with plaintext version；In the event In the log Logs that currentPrice2 is generated, receipt contents relevant to state variable price are deposited with ciphertext form Storage；The log Logs that event currentPrice3 is generated is stored with ciphertext form.

Other than contract grade object, the object that exposure identifier is indicated may include: to correspond in intelligent contract to define At least one event event level object so that trade initiator belong to pre-set user type in the case where, the first block Chain node stores the part for corresponding to the event level object in receipt contents that special event function generates with plaintext version.Especially It is, when in intelligent contract including multiple events, can be directed to the above-mentioned event level object of at least part event setup, make The corresponding receipt contents of this partial event are obtained to deposit with plaintext version storage, the corresponding receipt contents of its complementary event with ciphertext form Storage.By taking From field as an example, above-mentioned example code 5 can be adjusted to following example codes 8:

Contract Example{

int price；

int price1；

event currentPrice1("from",int price)；

event currentPrice2(int price1)；

…

In above-mentioned example code 8, although event currentPrice1 is not added with exposed identifier " plain ", still Content " from " is contained, which corresponds to From field, for showing day produced by event currentPrice1 From field needs in will are stored with plaintext version, thus the content " from " had not only belonged to above-mentioned exposure identifier, but also mark The From field for needing stored in clear is illustrated.Also, since content " from " is located in event currentPrice1, thus From field is event level object, so that in the case where the initiator that trades belongs to pre-set user type, when the event When currentPrice1 corresponds to special event function, in the corresponding log Logs generated of event currentPrice1, From field will be stored with plaintext version, other fields are stored with ciphertext form.And for another contained by example code 8 Event currentPrice2 adds exposure identifier due to not being directed to event currentPrice2, because regardless of the thing Part currentPrice2 corresponds to special event function or common event function, and generated log Logs is with ciphertext form Storage.

Above-mentioned keyword " from ", which is specified, is set as event level object for From field；It is word for event level object The case where segment type, can also and not denote that specific field.For example, above-mentioned example code 5 can be adjusted to following Example code 9:

Contract Example{

int price；

int price1；

plain event currentPrice1(int price,int price1)；

event currentPrice2(int price1)；

…

In above-mentioned example code 9, by adding exposure identifier " plain " before event currentPrice1, All fields in log caused by event currentPrice1 can be used as to above-mentioned event level object, for example From field above-mentioned, To field, Topic field, Log Data field etc..So, belong to pre-set user in transaction initiator In the case where type, when event currentPrice1 corresponds to special event function, it is equivalent to the event The corresponding all receipt contents (such as the log generated) of currentPrice1 are stored with plaintext version.

Event level object can also include state variable.For the dimension of state variable, above-mentioned example code 9 can be with It explains are as follows: event currentPrice1 refers to state variable price and price1, event currentPrice2 refers to shape State variable price1；It, can be by the thing due to exposing identifier " plain " by adding before event currentPrice1 State variable price and price1 cited in part currentPrice1 is as above-mentioned event level object, so that sending out in transaction It rises in the case where just belonging to pre-set user type, when event currentPrice1 corresponds to special event function, in the thing In the log Logs that part currentPrice1 is generated, receipt contents relevant to state variable price and price1 are in plain text Form is stored.And for another event currentPrice2 contained by example code 9, due to not being directed to the event CurrentPrice2 add exposure identifier, even if thus transaction initiator belong to pre-set user type, no matter the event CurrentPrice2 corresponds to special event function or common event function, the day caused by event currentPrice2 In will Logs, receipt contents relevant to state variable price1 are stored with ciphertext form.

When event level object includes state variable, it can also specifically be designated as one or more states cited in event Variable.For example, above-mentioned example code 5 can be adjusted to following example codes 10:

Contract Example{

int price；

int price1

Event currentPrice1 (plain int price, int price1)；

event currentPrice2(int price)；

…

In above-mentioned example code 10, in the corresponding event functions of event currentPrice1, comprising addition in shape Exposure identifier plain before the type int of state variable price, so that state variable price is configured as event level pair As.Since exposure identifier plain is located in the corresponding event functions of event currentPrice1, and event Although the corresponding event functions of currentPrice2 refer to state variable price but do not mark exposure identifier Plain, thus the corresponding event functions of event currentPrice2 are unrelated with event level object.Therefore, belong in transaction initiator In the case where pre-set user type, even if event currentPrice1 and event currentPrice2 both correspond to special thing Part function, also only in the log that event currentPrice1 is generated, by the state variable price as event level object Corresponding receipt contents are stored with plaintext version, and the log that event currentPrice2 is generated is stored with ciphertext form.Class As, in the case where the initiator that trades belongs to pre-set user type, although event currentPrice1 refers to state variable Price1, but since the state variable price1 identifier that is not exposed is labeled, thus state variable price1 And it is not belonging to event level object, even if event currentPrice1 corresponds to special event function, but in event In the log that currentPrice1 is generated, the corresponding receipt contents of state variable price1 are still stored with ciphertext form.

It is noted that in the above-mentioned corresponding embodiment of example code 8~10, i.e., for event level object and Speech, can by way of special event function list or type identifier event functions contained by identification intelligent contract whether For special event function, no longer repeat one by one herein.

This specification by a certain extent expose receipt contents, with for realizing to DAPP client driving or its His Function Extension.Also, this specification is by comprehensively considering user type belonging to transaction initiator, exposure identifier is indicated Object and special event function generate log, can accurately choose the receipt contents for stored in clear, i.e., meet simultaneously " transaction initiator belong to pre-set user type ", " being matched with the object that exposed identifier is indicated " and " belong to special event function The receipt contents of the log of generation ", thus while meeting above-mentioned Function Extension demand, it is ensured that most privacy of user It can be protected.Especially, when the first block chain node is according to information (such as special event letter recorded in block chain network Ordered series of numbers table) come when identifying special event function, can after intelligent contract has created, by " special event function " into Row updates, and to adjust the storage mode of receipt data, for example the receipt contents of script stored in clear is changed to ciphertext and are stored, or The receipt contents that script ciphertext stores are changed to stored in clear.

By program code (the hereinafter referred to as chain generation for running block chain on calculating equipment (physical machine or virtual machine) Code), it can be the block chain node in block chain network, such as the first above-mentioned block chain node by the calculating device configuration Deng.In other words, the first block chain node is by running above-mentioned chain code, to realize corresponding function logic.Therefore, Ke Yi When creating block chain network, receipt data relevant to exposure identifier, user type and event functions described above is deposited It stores up in logic write-in chain code, so that receipt data storage logic may be implemented in each block chain node；With the first block For chain node, being somebody's turn to do receipt data storage logic relevant to exposure identifier, user type and event functions may include: pair The recognition logic of user type is patrolled to the recognition logic of event functions, based on exposure identifier what receipt contents were stored Volume.

First block chain node is used to indicate to the recognition logic of user type: the user type of identification transaction initiator. Such as: the incidence relation or system that can recorde between predefined external account and user type in system contract close It can recorde the corresponding relationship between the value and user type of user's type field in about.It can specifically refer to and above know The associated description of other user type, details are not described herein again.

First block chain node is used to indicate to the recognition logic of event functions: contained by the corresponding intelligent contract of identification transaction Event functions type.Such as: the type identifier according to contained by event functions identified, or according to block chain network The special event function list of middle record is identified.It can specifically be retouched with reference to the correlation of above identification special event function It states, details are not described herein again.

The logic stored based on exposure identifier to receipt contents is used to indicate the first block chain node: for exposure Object, exposure not specified object of identifier that identifier is indicated etc., are respectively adopted which kind of mode stores corresponding receipt contents. Such as: in the case where the initiator that trades belongs to pre-set user type, for the special event function identified, by the special thing It is stored corresponding to the part of above-mentioned object using plaintext version in the corresponding receipt contents of part function, rest part is using close Literary form is stored, and other receipt contents are all made of ciphertext form and are stored in receipt data.

However, the upgrading update of chain code is relatively difficult, so that realizing the storage to receipt data using chain code There is a problem of that flexibility is low, scalability is insufficient.In order to realize the Function Extension to chain code, as shown in figure 5, can use The mode that chain code is combined with system contract: chain code for realizing block chain network basic function, and in operational process Function Extension can be realized by way of system contract.Similar with above-mentioned intelligent contract, system contract includes example Such as the code of bytecode form, the first block chain node can be by the code of operating system contract (for example, according to unique corresponding Address " 0x53a98 ... " read the code in the system contract), realize and the function of chain code supplemented.Correspondingly, first Block chain node can read the code of system contract, define in the code of the system contract and exposure identifier, user class Type and the relevant receipt data of event functions store logic；Then, the first block chain node can execute the code of system contract, To store logic based on receipt data relevant to exposure identifier, user type and type of transaction, in transaction, initiator belongs to When pre-set user type, by least part receipt contents in the log for corresponding to the special event function with plaintext shape Formula stores, remaining content of the receipt data is stored with ciphertext form, and at least part receipt contents are matched with described The object that exposure identifier is indicated.

It is different from the above-mentioned intelligent contract that block chain is distributed to by user, system contract can not freely be issued by user.The The system contract that one block chain node is read may include the preset system contract being configured in the wound generation block of block chain network；With And the administrator (i.e. above-mentioned management user) in block chain network can have the renewal authority for system contract, thus It is updated for such as above-mentioned preset system contract, then the system contract that above-mentioned first block chain node is read can also wrap Include system contract after updating accordingly.Certainly, system contract can be implemented once preset system contract by administrator after update It is obtained after update；Alternatively, system contract obtains after can implementing successive ignition update to preset system contract by administrator after updating Arrive, for example, by preset system contract update to obtain system and about 1, to system and about 1 update the system that obtains and about 2, system is closed About 2 updates obtain system and about 3, and the system and about 1, system and about 2, system and about 3 can be considered as system contract after update, But the first block chain node would generally be subject to the system contract of latest edition, for example the first block chain node can be with system contract Subject to code in 3, and the code in nonsystematic and about 1 or system and about 2.

Other than the preset system contract for including in wound generation block, administrator can also close delivery system in subsequent block About, and for the system contract issued it is updated.In short, should be closed by modes such as rights managements to system Publication about and update and implement a degree of limitation, with ensure block chain network function logic can normal operation, and It avoids causing unnecessary loss to any user.

First block chain node is encrypted by key pair at least part receipt contents.The encryption can use Symmetric cryptography can also use asymmetric encryption.If the first block chain node symmetric cryptography mode, i.e., calculated with symmetric cryptography The symmetric key of method encrypts receipt contents, then client (or other hold the object of key) can use the symmetric encipherment algorithm Symmetric key encrypted receipt contents are decrypted.

When the symmetric key of first block chain node symmetric encipherment algorithm encrypts receipt contents, the symmetric key It can be provided previously by client to the first block chain node.So, due to only having client (actually to should be in client The corresponding user of logon account) and the first block chain node grasp the symmetric key, enable only the client decrypt accordingly Encrypted receipt contents, avoid unrelated user even criminal encrypted receipt contents are decrypted.

For example, client, when initiating to trade to the first block chain node, client can use the first of symmetric encipherment algorithm Beginning key pair transaction content is encrypted, to obtain the transaction；Correspondingly, the first block chain node can be initial by obtaining this Key, for directly or indirectly being encrypted to receipt contents.For example, which can be by client and the first block Chain node is negotiated to obtain in advance, perhaps by Key Management server is sent to client and the first block chain node or by visitor Family end is sent to the first block chain node.When initial key is sent to the first block chain node by client, client can be with After encrypting by the public key of rivest, shamir, adelman to the initial key, encrypted initial key is sent to the firstth area Block chain node, and the first block chain node solves the encrypted initial key by the private key of rivest, shamir, adelman It is close, initial key is obtained, i.e., digital envelope encryption described above, details are not described herein again.

First block chain node can encrypt receipt contents using above-mentioned initial key.Difference transaction uses Initial key can be identical, so that the All Activity that same user is submitted is all made of the initial key and encrypts, or not The initial key used with transaction can be different, for example client can generate an initial key for each transaction is random, with Promote safety.

First block chain node can generate derivative key according to initial key and impact factor, and pass through the derivative key Receipt contents are encrypted.It being encrypted compared to initial key is directlyed adopt, derivative key can increase degree of randomness, thus The difficulty being broken is promoted, the safeguard protection for optimizing data is facilitated.Impact factor can be related to transaction；For example, influence because Son may include trade cryptographic Hash specific bit, such as the first block chain node can will initial key and transaction cryptographic Hash before Spliced, and Hash fortune is carried out to spliced character string for 16 (or first 32,16 latter, rear 32 or other positions) It calculates, to generate derivative key.

First block chain node can also use asymmetric encryption mode, i.e., with the public key of rivest, shamir, adelman to receipt Content-encrypt, then correspondingly, client can be decrypted in above-mentioned encrypted receipt with the private key of the rivest, shamir, adelman Hold.The key of rivest, shamir, adelman, such as can be and a pair of of public key and private key are generated by client, and public key is sent in advance To the first block chain node, so that the first block chain node can be by the receipt contents public key encryption.

First block chain node is by running the code for realizing a certain function, to realize the function.Therefore, for needing The function to realize in TEE also needs to execute correlative code.And the code for being executed in TEE, it needs to meet TEE Related specifications and requirement；Accordingly for the rule for realizing the code of a certain function, needed in the related technology in conjunction with TEE Model and requirement re-start written in code, and there is only relatively bigger exploitation amounts, and are easy to produce during rewriting Raw loophole (bug) influences the reliability and stability of function realization.

Therefore, the first block chain node can be by executing store function code, the receipts that will be generated in TEE except TEE According to data (including needing the receipt contents of the plaintext version of stored in clear, and the receipt of the ciphertext form that needs ciphertext to store Content) external memory space to except TEE is stored, allow the store function code to be in the related technology for realizing depositing It stores up the code of function, need to re-start written in code in conjunction with the specification and requirement of TEE, can realize peace for receipt data Complete reliable storage, on the basis of not influencing safe and reliable degree, can not only reduce the exploitation amount of correlative code, and TCB (Trusted Computing Base, trusted computing base) can be reduced by reducing the correlative code of TEE, so that TEE During technology and block chain technology are combined, it is additional caused by security risk be in controlled range.

In one embodiment, the first block chain node can execute write buffer function code in TEE, by above-mentioned receipts It is stored in the write buffer in TEE according to data, for example the write buffer can correspond to " caching " as shown in Figure 2.Further, One block chain node exports the data in write buffer from credible performing environment, to store to external memory space.Wherein, it writes slow Depositing function code can be stored in TEE with plaintext version, and the caching function generation of the plaintext version can be directly executed in TEE Code；Or, write buffer function code can be stored in except TEE with ciphertext form, for example it is stored in above-mentioned external memory space (such as " packing+storage " shown in Fig. 2, wherein " packing " indicates the first block chain node except credible performing environment to friendship Easily be packaged blocking), the write buffer function code of the ciphertext form can be read in TEE, be decrypted in TEE as in plain text Code, and execute the plaintext code.

Write buffer refers to when writing data into external memory space, in order to avoid causing " the punching to external memory space Hit " and " buffering " mechanism of offer.For example, can realize above-mentioned write buffer using buffer；Certainly, write buffer can also adopt It is realized with cache, this specification is limited not to this.In fact, due to the security context that TEE is isolation, and it is external Memory space is located at except TEE, so that can carry out batch by using write buffer mechanism to the data in caching and outside is written Memory space promotes data storage efficiency to reduce the interaction times between TEE and external memory space.Meanwhile TEE exists During constantly executing each item transaction, it may be necessary to transfer generated data, be write if the data that need to be called are located exactly at In caching, the data can be directly read from write buffer, on the one hand can reduce the friendship between external memory space in this way Mutually, it on the other hand eliminates to the decrypting process from external memory space data streams read, thus at the data being lifted in TEE Manage efficiency.

It is of course also possible to write buffer be built on except TEE, for example the first block chain node can execute except TEE Write buffer function code, thus by the write buffer outside above-mentioned receipt data deposit TEE, and further by the number in write buffer According to storing to external memory space.

A kind of receipt memory node of combination code mark and user, event type of this specification is introduced below in conjunction with Fig. 6 Embodiment, comprising:

Receiving unit 61 receives the transaction for corresponding to intelligent contract by encryption, wraps in the code of the intelligence contract Include the object indicated by exposure identifier；

Decryption unit 62 decrypts the transaction in credible performing environment to obtain the intelligent contract, and the intelligence is closed It about include special event function；

Execution unit 63 executes the intelligent contract in the credible performing environment, obtains receipt data, the receipt Data include the log corresponding to the special event function；

Storage unit 64 stores the receipt data, to make to correspond to when the initiator that trades belongs to pre-set user type At least part receipt contents in the log of the special event function with plaintext version storage, the receipt data remaining Content is stored with ciphertext form, and at least part receipt contents are matched with the object that the exposed identifier is indicated.

Optionally, the corresponding intelligent contract of the received transaction of the first block chain node, comprising:

The intelligent contract of high level language；Or,

The intelligent contract of bytecode form.

Optionally, when the intelligence that the corresponding intelligent contract of the received transaction of the first block chain node is high level language is closed When about, the node further include:

Compilation unit 65 is compiled by intelligent contract of the compiler to the high level language, generates bytecode The intelligent contract of form, to be executed in the credible performing environment.

Optionally, when the intelligent contract that the corresponding intelligent contract of the received transaction of the first block chain node is bytecode form When, the intelligent contract of the bytecode form is compiled by client by intelligent contract of the compiler to high level language And obtain, the intelligent contract of the high level language is write to obtain by user in the client.

Optionally, the intelligent contract of the high level language and the intelligent contract of the bytecode form have it is identical or Corresponding exposed identifier.

Optionally, the corresponding intelligent contract of the received transaction of the first block chain node, comprising:

The intelligent contract that user generates on the first block chain node；Or,

The intelligent contract that user generates on the client；Or,

The intelligent contract in transaction that the client is sent by the second block chain node.

Optionally, the object that the exposed identifier is indicated includes: receipt field and/or state variable.

Optionally, the object that the exposed identifier is indicated includes: contract grade object；Storage unit 64 is specifically used for:

When the initiator that trades belongs to pre-set user type, institute will be corresponded in the log of all special event functions generation The part for stating contract grade object is stored with plaintext version.

Optionally, the object that the exposed identifier is indicated includes: corresponding at least one defined in the intelligent contract The event level object of a event；Storage unit 64 is specifically used for:

When the initiator that trades belongs to pre-set user type, the corresponding special event letter of at least one described event is determined The log that number generates, and the part for corresponding to the event level object in the log determined is stored with plaintext version.

Optionally, the event functions containing type identifier in the intelligent contract, the type identifier are used for institute Event functions are stated labeled as special event function.

Optionally, when the event functions that the intelligent contract includes are located in the special function list recorded on block chain When, the event functions that the intelligence contract includes are judged as special event function.

Optionally, the first block chain node determines user type belonging to the transaction initiator by following manner:

First block chain node determines the corresponding external account of the transaction initiator；

The corresponding user type of the external account recorded on first block chain node interrogation zone block chain, using as described User type belonging to transaction initiator.

Optionally, the external account includes the type field being recorded on block chain, the value pair of the type field User type described in Ying Yu.

Optionally, when creating the external account, the user type is configured as association to the external account, makes Incidence relation between the user type and the external account is recorded in block chain.

Optionally, further includes:

Changing unit 66 changes the corresponding user type of the external account according to management Client-initiated change request.

Optionally, storage unit 64 is specifically used for:

The code of reading system contract defines in the code of the system contract and exposure identifier and special event letter The relevant receipt data of number stores logic；

The code of the system contract is executed, will correspond to described when the initiator that trades belongs to pre-set user type At least part receipt contents in the log of special event function are with plaintext version storage, remaining content of the receipt data It is stored with ciphertext form, at least part receipt contents are matched with the object that the exposed identifier is indicated.

Optionally, the system contract includes: that the preset system contract being recorded in wound generation block or the preset system close System contract after about corresponding update.

Optionally, storage unit 64 is specifically used for:

Store function code is executed except the credible performing environment, and the receipt data is stored to described credible External memory space except performing environment.

Optionally, the key that the first block chain node encrypts the receipt data includes: symmetric encipherment algorithm The key of key or rivest, shamir, adelman.

Optionally, the key of the symmetric encipherment algorithm includes the initial key that the client provides；Or, described symmetrical The key of Encryption Algorithm includes the derivative key that the initial key and impact factor generate.

Optionally, the transaction is encrypted by the initial key, and the initial key is by rivest, shamir, adelman Public key encrypted；Decryption unit 62 is specifically used for:

It is decrypted to obtain the initial key with the private key of the rivest, shamir, adelman, and with the initial key to described Transaction is decrypted, to obtain the transaction content.

Optionally, the initial key is generated by client；Or, the initial key is sent to by Key Management server The client.

Optionally, the impact factor is related to the transaction.

Optionally, the impact factor includes: the specific bit of the cryptographic Hash of the transaction.

In the 1990s, the improvement of a technology can be distinguished clearly be on hardware improvement (for example, Improvement to circuit structures such as diode, transistor, switches) or software on improvement (improvement for method flow).So And with the development of technology, the improvement of current many method flows can be considered as directly improving for hardware circuit. Designer nearly all obtains corresponding hardware circuit by the way that improved method flow to be programmed into hardware circuit.Cause This, it cannot be said that the improvement of a method flow cannot be realized with hardware entities module.For example, programmable logic device (Programmable Logic Device, PLD) (such as field programmable gate array (Field Programmable Gate Array, FPGA)) it is exactly such a integrated circuit, logic function determines device programming by user.By designer Voluntarily programming comes a digital display circuit " integrated " on a piece of PLD, designs and makes without asking chip maker Dedicated IC chip.Moreover, nowadays, substitution manually makes IC chip, this programming is also used instead mostly " is patrolled Volume compiler (logic compiler) " software realizes that software compiler used is similar when it writes with program development, And the source code before compiling also write by handy specific programming language, this is referred to as hardware description language (Hardware Description Language, HDL), and HDL is also not only a kind of, but there are many kind, such as ABEL (Advanced Boolean Expression Language)、AHDL(Altera Hardware Description Language)、Confluence、CUPL(Cornell University Programming Language)、HDCal、JHDL (Java Hardware Description Language)、Lava、Lola、MyHDL、PALASM、RHDL(Ruby Hardware Description Language) etc., VHDL (Very-High-Speed is most generally used at present Integrated Circuit Hardware Description Language) and Verilog.Those skilled in the art also answer This understands, it is only necessary to method flow slightly programming in logic and is programmed into integrated circuit with above-mentioned several hardware description languages, The hardware circuit for realizing the logical method process can be readily available.

Controller can be implemented in any suitable manner, for example, controller can take such as microprocessor or processing The computer for the computer readable program code (such as software or firmware) that device and storage can be executed by (micro-) processor can Read medium, logic gate, switch, specific integrated circuit (Application Specific Integrated Circuit, ASIC), the form of programmable logic controller (PLC) and insertion microcontroller, the example of controller includes but is not limited to following microcontroller Device: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicone Labs C8051F320 are deposited Memory controller is also implemented as a part of the control logic of memory.It is also known in the art that in addition to Pure computer readable program code mode is realized other than controller, can be made completely by the way that method and step is carried out programming in logic Controller is obtained to come in fact in the form of logic gate, switch, specific integrated circuit, programmable logic controller (PLC) and insertion microcontroller etc. Existing identical function.Therefore this controller is considered a kind of hardware component, and to including for realizing various in it The device of function can also be considered as the structure in hardware component.Or even, it can will be regarded for realizing the device of various functions For either the software module of implementation method can be the structure in hardware component again.

System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity, Or it is realized by the product with certain function.It is a kind of typically to realize that equipment is computer.Specifically, computer for example may be used Think personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media play It is any in device, navigation equipment, electronic mail equipment, game console, tablet computer, wearable device or these equipment The combination of equipment.

For convenience of description, it is divided into various units when description apparatus above with function to describe respectively.Certainly, implementing this The function of each unit can be realized in the same or multiple software and or hardware when specification.

It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more, The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces The form of product.

The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.

This specification can describe in the general context of computer-executable instructions executed by a computer, such as journey Sequence module.Generally, program module include routines performing specific tasks or implementing specific abstract data types, programs, objects, Component, data structure etc..This specification can also be practiced in a distributed computing environment, in these distributed computing environment In, by executing task by the connected remote processing devices of communication network.In a distributed computing environment, program module It can be located in the local and remote computer storage media including storage equipment.

These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates, Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or The function of being specified in multiple boxes.

These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.In a typical configuration, computer includes at one or more Manage device (CPU), input/output interface, network interface and memory.

Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/or The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium Example.

Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data. The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM), Digital versatile disc (DVD) or other optical storage, magnetic cassettes, disk storage, quantum memory, based on graphene Storage medium or other magnetic storage devices or any other non-transmission medium, can be used for storing can be accessed by a computing device Information.As defined in this article, computer-readable medium does not include temporary computer readable media (transitory media), Such as the data-signal and carrier wave of modulation.

It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludability It include so that the process, method, commodity or the equipment that include a series of elements not only include those elements, but also to wrap Include other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic want Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including described want There is also other identical elements in the process, method of element, commodity or equipment.

It is above-mentioned that this specification specific embodiment is described.Other embodiments are in the scope of the appended claims It is interior.In some cases, the movement recorded in detail in the claims or step can be come according to the sequence being different from embodiment It executes and desired result still may be implemented.In addition, process depicted in the drawing not necessarily require show it is specific suitable Sequence or consecutive order are just able to achieve desired result.In some embodiments, multitasking and parallel processing be also can With or may be advantageous.

The term that this specification one or more embodiment uses be only merely for for the purpose of describing particular embodiments, and It is not intended to be limiting this specification one or more embodiment.In this specification one or more embodiment and the appended claims Used in the "an" of singular, " described " and "the" be also intended to including most forms, unless context understands earth's surface Show other meanings.It is also understood that term "and/or" used herein refers to and includes one or more associated list Any or all of project may combine.

It will be appreciated that though this specification one or more embodiment may using term first, second, third, etc. come Various information are described, but these information should not necessarily be limited by these terms.These terms are only used to same type of information area each other It separates.For example, the first information can also be referred to as in the case where not departing from this specification one or more scope of embodiments Two information, similarly, the second information can also be referred to as the first information.Depending on context, word as used in this is " such as Fruit " can be construed to " ... when " or " when ... " or " in response to determination ".

The foregoing is merely the preferred embodiments of this specification one or more embodiment, not to limit this theory Bright book one or more embodiment, all within the spirit and principle of this specification one or more embodiment, that is done is any Modification, equivalent replacement, improvement etc. should be included within the scope of the protection of this specification one or more embodiment.

Claims (27)

1. a kind of receipt storage method of combination code mark and user, event type, comprising:

First block chain node receives the transaction for corresponding to intelligent contract by encryption, includes in the code of the intelligence contract The object indicated by exposure identifier；

First block chain node decrypts the transaction in credible performing environment to obtain the intelligent contract, the intelligence contract Include special event function；

First block chain node executes the intelligent contract in the credible performing environment, obtains receipt data, the receipt Data include the log corresponding to the special event function；

First block chain node stores the receipt data, to make to correspond to when the initiator that trades belongs to pre-set user type At least part receipt contents in the log of the special event function with plaintext version storage, the receipt data remaining Content is stored with ciphertext form, and at least part receipt contents are matched with the object that the exposed identifier is indicated.

2. according to the method described in claim 1, the corresponding intelligent contract of the received transaction of the first block chain node, comprising:

The intelligent contract of high level language；Or,

The intelligent contract of bytecode form.

3. according to the method described in claim 2, when the corresponding intelligent contract of the received transaction of the first block chain node is advanced When the intelligent contract that language is write, the method also includes:

First block chain node is compiled by intelligent contract of the compiler to the high level language, generates bytecode shape The intelligent contract of formula, to be executed in the credible performing environment.

4. according to the method described in claim 2, when the corresponding intelligent contract of the received transaction of the first block chain node is byte When the intelligent contract of code form, the intelligent contract of the bytecode form is by client by compiler to high level language Intelligent contract, which is compiled, to be obtained, and the intelligent contract of the high level language is write in the client by user It arrives.

5. according to the method described in claim 2, the intelligence of the intelligent contract of the high level language and the bytecode form Energy contract has identical or corresponding exposed identifier.

6. according to the method described in claim 1, the corresponding intelligent contract of the received transaction of the first block chain node, comprising:

The intelligent contract that user generates on the first block chain node；Or,

The intelligent contract that user generates on the client；Or,

The intelligent contract in transaction that the client is sent by the second block chain node.

7. according to the method described in claim 1, the object that the exposed identifier is indicated includes: receipt field and/or state Variable.

8. according to the method described in claim 1, the object that the exposed identifier is indicated includes: contract grade object；Firstth area Block chain node stores the receipt data, comprising:

First block chain node is when the initiator that trades belongs to pre-set user type, by the log of all special event functions generation In correspond to the contract grade object part stored with plaintext version.

9. according to the method described in claim 1, the object that the exposed identifier is indicated includes: corresponding to the intelligent contract Defined at least one event event level object；First block chain node stores the receipt data, comprising:

First block chain node determines that at least one described event is corresponding when the initiator that trades belongs to pre-set user type The log that special event function generates, and the part of the event level object will be corresponded in the log determined with plaintext version Storage.

10. according to the method described in claim 1, the event functions containing type identifier in the intelligence contract, the class Type identifier is used to the event functions being labeled as special event function.

11. according to the method described in claim 1, being recorded when the event functions that the intelligent contract includes are located on block chain When in special function list, the event functions that the intelligence contract includes are judged as special event function.

12. according to the method described in claim 1, the first block chain node determines transaction initiator institute by following manner The user type of category:

First block chain node determines the corresponding external account of the transaction initiator；

The corresponding user type of the external account recorded on first block chain node interrogation zone block chain, using as the transaction User type belonging to initiator.

13. according to the method for claim 12, the external account includes the type field being recorded on block chain, described The value of type field corresponds to the user type.

14. according to the method for claim 12, when creating the external account, the user type is configured as being associated with To the external account, it is recorded in the incidence relation between the user type and the external account in block chain.

15. according to the method for claim 14, further includes:

First block chain node changes the corresponding user type of the external account according to management Client-initiated change request.

16. according to the method described in claim 1, the first block chain node stores the receipt data, comprising:

First block chain node reads the code of system contract, define in the code of the system contract with exposure identifier, The receipt data of user type and special event functional dependence stores logic；

First block chain node executes the code of the system contract, to incite somebody to action when the initiator that trades belongs to pre-set user type Corresponding at least part receipt contents in the log of the special event function with plaintext version storage, the receipt data Remaining content stored with ciphertext form, at least part receipt contents are matched with pair that the exposed identifier is indicated As.

17. according to the method for claim 16, the system contract includes: that the preset system being recorded in wound generation block closes System contract about or after the corresponding update of the preset system contract.

18. according to the method described in claim 1, the first block chain node stores the receipt data, comprising:

First block chain node executes store function code except the credible performing environment, and the receipt data is stored External memory space except to the credible performing environment.

19. according to the method described in claim 1, the key packet that the first block chain node encrypts the receipt data It includes: the key of symmetric encipherment algorithm or the key of rivest, shamir, adelman.

20. according to the method for claim 19, the key of the symmetric encipherment algorithm includes the first of the client offer Beginning key；Or, the key of the symmetric encipherment algorithm includes the derivative key that the initial key and impact factor generate.

21. according to the method for claim 20, the transaction is encrypted by the initial key, and the initial key It is encrypted by the public key of rivest, shamir, adelman；First block chain node decrypts the transaction in credible performing environment, packet It includes:

First block chain node decrypts to obtain the initial key with the private key of the rivest, shamir, adelman, and with described initial Transaction described in key pair is decrypted, to obtain the transaction content.

22. according to the method for claim 20, the initial key is generated by client；Or, the initial key is by close Key management server is sent to the client.

23. according to the method for claim 20, the impact factor is related to the transaction.

24. according to the method for claim 23, the impact factor includes: the specific bit of the cryptographic Hash of the transaction.

25. a kind of receipt memory node of combination code mark and user, event type, comprising:

Receiving unit receives the transaction for corresponding to intelligent contract by encryption, includes passing through in the code of the intelligence contract The object that exposure identifier is indicated；

Decryption unit decrypts the transaction in credible performing environment to obtain the intelligent contract, and the intelligence contract includes Special event function；

Execution unit executes the intelligent contract in the credible performing environment, obtains receipt data, the receipt data packet Containing the log for corresponding to the special event function；

Storage unit stores the receipt data, to make to correspond to the spy when the initiator that trades belongs to pre-set user type At least part receipt contents in the log of different event functions with remaining content of plaintext version storage, the receipt data with Ciphertext form storage, at least part receipt contents are matched with the object that the exposed identifier is indicated.

26. a kind of electronic equipment characterized by comprising

Processor；

Memory for storage processor executable instruction；

Wherein, the processor is by running the executable instruction to realize the side as described in any one of claim 1-24 Method.

27. a kind of computer readable storage medium, is stored thereon with computer instruction, which is characterized in that the instruction is by processor It is realized when execution such as the step of any one of claim 1-24 the method.