Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the following exemplary embodiments do not represent all implementations consistent with one or more embodiments of the present specification. Rather, they are merely examples of apparatus and methods consistent with certain aspects of one or more embodiments of the specification, as detailed in the claims which follow.
It should be noted that: in other embodiments, the steps of the corresponding methods are not necessarily performed in the order shown and described herein. In some other embodiments, the method may include more or fewer steps than those described herein. Moreover, a single step described in this specification may be broken down into multiple steps for description in other embodiments; multiple steps described in this specification may be combined into a single step in other embodiments.
Blockchains are generally divided into three types: public chain (Public Blockchain), Private chain (Private Blockchain) and alliance chain (Consortium Blockchain). In addition, there are various types of combinations, such as private chain + federation chain, federation chain + public chain, and other different combinations. The most decentralized of these is the public chain. The public chain is represented by bitcoin and ether house, and the participators joining the public chain can read the data record on the chain, participate in transaction, compete for accounting right of new blocks, and the like. Furthermore, each participant (i.e., node) is free to join and leave the network and perform related operations. Private chains are the opposite, with the network's write rights controlled by an organization or organization and the data read rights specified by the organization. Briefly, a private chain can be a weakly centralized system with strictly limited and few participating nodes. This type of blockchain is more suitable for use within a particular establishment. A federation chain is a block chain between a public chain and a private chain, and "partial decentralization" can be achieved. Each node in a federation chain typically has a physical organization or organization corresponding to it; participants jointly maintain blockchain operation by authorizing to join the network and forming a benefit-related alliance.
Whether public, private, or alliance, may provide the functionality of an intelligent contract. An intelligent contract on a blockchain is a contract that can be executed on a blockchain system triggered by a transaction. An intelligent contract may be defined in the form of code.
Taking the ethernet as an example, the support user creates and invokes some complex logic in the ethernet network, which is the biggest challenge of ethernet to distinguish from bitcoin blockchain technology. The core of the ethernet plant as a programmable blockchain is the ethernet plant virtual machine (EVM), each ethernet plant node can run the EVM. The EVM is a well-behaved virtual machine, which means that a variety of complex logic can be implemented through it. The user issuing and invoking smart contracts in the etherhouse is running on the EVM. In fact, what the virtual machine directly runs is virtual machine code (virtual machine bytecode, hereinafter referred to as "bytecode"). The intelligent contracts deployed on the blockchain may be in the form of bytecodes.
For example, as shown in fig. 1, after Bob sends a transaction containing information to create an intelligent contract to the ethernet network, the EVM of node 1 may execute the transaction and generate a corresponding contract instance. The "0 x6f8ae93 …" in fig. 1 represents the address of the contract, the data field of the transaction holds the byte code, and the to field of the transaction is empty. After agreement is reached between the nodes through the consensus mechanism, this contract is successfully created and can be invoked in subsequent procedures. After the contract is created, a contract account corresponding to the intelligent contract appears on the blockchain and has a specific address, and the contract code is stored in the contract account. The behavior of the intelligent contract is controlled by the contract code. In other words, an intelligent contract causes a virtual account to be generated on a blockchain that contains a contract code and an account store (Storage).
As shown in fig. 2, still taking an ethernet house as an example, after Bob sends a transaction for invoking an intelligent contract to the ethernet house network, the EVM of a certain node may execute the transaction and generate a corresponding contract instance. The from field of the transaction in fig. 2 is the address of the account of the transaction initiator (i.e., Bob), the "0 x6f8ae93 …" in the to field represents the address of the smart contract called, and the value field is the value of tai-currency in the etherhouse, and the data field of the transaction holds the method and parameters for calling the smart contract. The intelligent contract is independently executed at each node in the blockchain network in a specified mode, and all execution records and data are stored on the blockchain, so that after the transaction is completed, transaction certificates which cannot be tampered and cannot be lost are stored on the blockchain.
After executing Bob-initiated transaction, a node in the blockchain network generates corresponding receipt (receipt) data for recording receipt information related to the transaction. Taking the ether house as an example, the receipt data obtained by the node executing the transaction may include the following:
a Result field indicating the execution Result of the transaction;
a Gas used field representing a Gas value consumed by the transaction;
a Logs field for representing a Log generated by the transaction, wherein the Log may further comprise a From field for representing an account address of an initiator of the call, a To field for representing an account address of an object (such as a smart contract) To be called, a Topic field for representing a subject of the Log, a Log data field for representing Log data, and the like;
an Output field, representing the Output of the transaction.
Generally, receipt data generated after a transaction is executed is stored in a clear text form, so that anyone can see the contents of the receipt fields contained in the receipt data, and the setting and the capability of privacy protection are not provided. In some combined blockchain and TEE solutions, the entire content of the receipt data is stored on the blockchain as data requiring privacy protection in order to achieve privacy protection. The block chain is a data set organized by specific logics stored in a database of nodes. The database, as described later, may be a storage medium, such as a persistent storage medium, in physical carrier. In fact, only part of the receipt data may be sensitive, while other content is not sensitive, only privacy protection is required for the sensitive content, other content can be disclosed, and even in some cases, retrieval of part of the content may be required to drive implementation of relevant operations, and then implementing privacy protection for the part of the content will affect implementation of the retrieval operations.
The implementation process of an embodiment of the present application, which is based on the object-level receipt storage method of code labeling, is described below with reference to fig. 3:
in step 302, a first block link point receives an encrypted transaction corresponding to a smart contract having code comprising an object designated by an exposed identifier.
In one embodiment, when a user writes the code of the smart contract, one or more objects can be marked by adding an exposed identifier in the code, so that the receipt content corresponding to the part of the objects in the receipt data can be stored in plain text, and then the receipt content corresponding to the remaining objects without the exposed identifier needs to be stored in cipher text, so as to achieve corresponding privacy protection.
As described above, in a transaction for creating a smart contract, the data field may hold the byte code of the smart contract. A bytecode consists of a series of bytes, each of which can identify an operation. Based on the multiple considerations of development efficiency, readability and the like, a developer can select a high-level language to write intelligent contract codes instead of directly writing byte codes. The code of the intelligent contract written by the high-level language is compiled by a compiler to generate byte codes, and the byte codes can be deployed on the block chain. The high-level languages supported by Etherns are many, such as Solidity, Serpent, LLL, etc.
Taking the Solidity language as an example, the contract written by the method is similar to a Class (Class) in an object-oriented programming language, and various members including state variables, functions, function modifiers, events and the like can be declared in one contract. The following code example 1 is a simple intelligent contract written in the Solidity language:
in the code of the intelligent contract written based on the solid language, one or more objects can be marked by exposing identifiers, so that the receipt content corresponding to the part of the objects in the receipt data can be stored in a plaintext form, and the rest of the receipt content is stored in a ciphertext form. Similarly, in the code of a smart contract written based on Serpent, LLL language, etc., one or more objects may also be designated by an exposed identifier to enable clear text storage of the relevant receipt content.
The exposure identifier may be a receipt field dedicated to indicating that plaintext storage is required, for example the exposure identifier may be characterized using a keyword play. Then, for receipt content that is desired to be stored in clear text, a play may be added before (or otherwise associated with) the corresponding object.
The object designated by the exposure identifier may include a receipt field such as a Result field, a Gas used field, a Logs field, an Output field, etc., as described above, or a From field, a To field, a Topic field, a Log data field, etc., which are further included in the Logs field. For example, the above code example 1 may be adjusted to the following code example 2:
in the code example 2 described above, all fields in the generated receipt data are stored in a plain text form after the code of the smart contract is executed by adding the exposure identifier plain at the forefront of the code of the smart contract.
Of course, in other embodiments, fields that require plaintext storage may also be specified. For example, when the From field is labeled by exposing the identifier, the content of the receipt corresponding to the From field in the generated receipt data is stored in the clear after the code of the intelligent contract is executed, and then a retrieval operation may be subsequently performed on the content of the receipt in the From field, for example, statistics of the amount of transactions initiated by an account may be performed.
It should be noted that: in code example 2 and its related embodiments described above, the object (all fields or From fields) designated by the exposure identifier "plain" is a contract-level object, such that the first blockchain node, when storing receipt data, stores all receipt content in the receipt data corresponding to the contract-level object in plaintext form. In particular, when multiple events are included in the code of a smart contract, the contract-level objects may be applicable to all events in the smart contract, and then the From field is taken as an example: when a plurality of events respectively generate corresponding Logs fields, the From field contained in each Logs field is stored in a clear text form without adding an exposure identifier for each event.
In addition to receipt fields, the exposed identifier may also be used to designate other objects. For example, an object designated by an exposure identifier may include a state variable, and the state variable may likewise be a contract-level object. Taking the state variable "price" as an example, the code example 1 described above may be adjusted to the following code example 3:
in the above code example 3, after the code of the intelligent contract is executed by adding the exposure identifier "place" before the type int of the state variable "price" (or, the exposure identifier place may be placed after the type int), the receipt content related to the state variable "price" is stored in the clear text in each field (generally including the Topic field, the Output field, and the like) of the generated receipt data, and then, a retrieval operation may be subsequently performed on the receipt content related to the state variable "price". Since the state variable "price" belongs to the contract-level object in the code example 3, so that when the code of the smart contract includes multiple events, the contract-level object can be applied to all events in the smart contract, when the multiple events respectively generate corresponding Logs fields, each log field (for example, the Topic field in the Logs field) stores the receipt content related to the state variable "price" in a plaintext form, and the Output field and the like also stores the receipt content related to the state variable "price" in a plaintext form, without adding an exposure identifier for the state variable "price" in each event.
When multiple state variables are defined in the code of the intelligent contract, the contract-level object may include some or all of the state variables. For example, a smart contract may include the following code example 4:
in the code example 4, a plurality of state variables such as "price", "price 1" and the like are defined in the code of the smart contract, and the user may add the exposure identifier place only for the state variable "price", so that the state variable "price" becomes a contract-level object, and the state variable "price 1" is not labeled by the exposure identifier.
In addition to contract-level objects, exposing identifier-designated objects may include: and the event-level object corresponds to at least one event defined in the intelligent contract, so that when the receipt data is stored, the first blockchain node determines the receipt content corresponding to the at least one event in the receipt data, and stores the part of the determined receipt content corresponding to the event-level object in a clear text form. In particular, when a plurality of events are included in the smart contract, the event level object may be set for at least a part of the events, so that the receipt content corresponding to the part of the events is stored in a plaintext form, and the receipt content corresponding to the rest of the events is stored in a ciphertext form. Taking the From field as an example, the above code example 1 can be adjusted to the following code example 5:
in the above code example 5, by adding a character From corresponding to the From field in an event function "event currentPrice (int price)" corresponding to the event currentPrice, and the exposure identifier adopted by the character From is different From the aforementioned plain, but the character From is modified by a quotation mark, the quotation mark in the code example 5 is equivalent to the aforementioned exposure identifier, and the From field is configured as an event-level object, so that in the Logs field generated corresponding to the event, the From field is stored in a clear text form. In addition to the event currentPrice, if the code of the smart contract also contains another event, the character from will not affect the other event, and the receipt content corresponding to the other event will be stored in the form of ciphertext unless there is "from" added for the other event.
Alternatively, the above code example 1 may be adjusted to the following code example 6:
in the above code example 6, by adding the exposure identifier "plan" before the event function "event currentPrice (int price)" corresponding to the event currentPrice, "From" added in the code example 5 is distinguished, so that the event level object is not specified as a From field here, then:
in one case, the event-level object may include a field, similar to the From field described above. However, since no specific field is specified, all fields in the Log generated by the currentPrice event can be used as the above-mentioned event level objects, such as the above-mentioned From field, To field, Topic field, Log Data field, etc., which is equivalent To storing all the receipt contents corresponding To the currentPrice event in a clear text form.
In another case, the event-level object may include a state variable. For example, the state variable "price" is defined in the above-mentioned code example 6, and the event currentPrice refers to the state variable "price", and corresponding to adding the exposure identifier "plain" before the event function "event currentPrice (int price)", the state variable "price" may be used as the above-mentioned event-level object, so that all the receipt contents related to the state variable "price" generated by the event are stored in a plaintext form. Since the state variable "price" belongs to an event-level object in code example 6, when another event1 referencing the state variable "price" is also contained in the code of the smart contract, if no exposed identifier of any level is added for the event1, the receipt content generated by the event1 will be stored in ciphertext rather than plaintext even if the event1 references the state variable "price".
When multiple state variables are referenced in the same event, the event-level object described above may include all of the referenced state variables. For example, the above code example 4 may be adjusted to the following code example 7:
in the above code example 7, a keyword "place" is added before an event function "event currentPrice (int price, int price 1)" corresponding to the event currentPrice, so that all receipt contents corresponding to the event are stored in a plaintext form. For example, if the event references the state variables "price" and "price 1" such that both the state variables "price" and "price 1" are affected, then all of the receipt contents associated with the state variables "price" and "price 1" generated by the event are stored in clear text. However, for other events that do not add the exposure identifier plain, the generated receipt content is stored in ciphertext form.
When an event-level object includes state variables, one or more state variables referenced for the event may also be specified. Taking the state variable "price" as an example, the code example 1 described above may be adjusted to the following code example 8:
in the above code example 8, the event function "event currentPrice (int price)" corresponding to the event currentPrice refers to the state variable "price", and by adding the exposure identifier place before the type int of the state variable "price", the state variable "price" is configured as an event-level object, which is only applicable to the event currentPrice and is not applicable to other events contained in the smart contract, that is: only the receipt content generated by the event currentPrice and related to the state variable "price" is stored in a plaintext form, and unless an exposure identifier is added to the state variable "price" in other events, even if the state variable "price" is applied to other events, the generated receipt content is stored in a ciphertext form.
Since the event currentPrice in code example 8 only applies the state variable "price", the actual effect is similar to the above-described code example 6 in which the exposure identifier is added for the event and the state variable "price" referred to by the event is configured as an event-level object. When the event applies a plurality of state variables simultaneously, the difference between the two can be more clearly reflected, for example, the above code example 4 can be adjusted to the following code example 9:
in the above code example 9, the event currentPrice refers to the state variables "price" and "price 1" at the same time, and by adding the exposure identifier place before the type int of the state variable "price", the state variable "price" can be configured as an event-level object, while the state variable "price 1" to which the exposure identifier place is not added is not an event-level object, so that the receipt content related to the state variable "price" generated by the event is stored in a plaintext form, and the receipt content related to the state variable "price 1" is still stored in a ciphertext form.
In one embodiment, the intelligent contract corresponding to the transaction received by the first blockchain node may be an intelligent contract written in a high-level language or may be an intelligent contract in a byte code form. When the intelligent contract is an intelligent contract written in a high-level language, the first block chain node also compiles the intelligent contract written in the high-level language through a compiler to generate the intelligent contract in a byte code form to be executed in a trusted execution environment. And when the intelligent contract corresponding to the transaction received by the first blockchain node is the intelligent contract in the form of byte codes, the intelligent contract in the form of byte codes can be obtained by compiling the intelligent contract written in the high-level language by the client through the compiler, and the intelligent contract written in the high-level language is obtained by writing on the client by the user.
For the intelligent contract corresponding to the transaction received by the first blockchain node, the intelligent contract generated on the first blockchain node by the user can be generated. When a user adopts a high-level language to compile the intelligent contract, the first block chain node compiles the intelligent contract compiled by the high-level language into an intelligent contract in a byte code form through a compiler; alternatively, the user may write the intelligent contract directly on the first blockchain node in bytecode.
For the intelligent contract corresponding to the transaction received by the first blockchain node, the intelligent contract generated on the client side for the user can be obtained. For example, after the user generates the transaction at the client through the corresponding account, the transaction is submitted to the first blockchain node through the client. Taking fig. 4 as an example, the first tile nexus includes a transaction/query interface that can interface with the client so that the client can submit the transaction to the first tile nexus. For example, as described above, a user may write an intelligent contract in a high-level language on a client, and then the client compiles the intelligent contract in the high-level language through a compiler to obtain a corresponding intelligent contract in a bytecode form. Of course, the client may directly send the intelligent contract written in the high-level language to the first block chain node, so that the first block chain node is compiled into the intelligent contract in the form of byte codes by the compiler.
For the intelligent contract corresponding to the transaction received by the first blockchain node, the intelligent contract may be an intelligent contract in the transaction sent by the client through the second blockchain node, and the intelligent contract is usually in a byte code form; of course, the intelligent contract may also be an intelligent contract written in a high-level language, and the first block link point may be compiled into an intelligent contract in a byte code form by a compiler.
In one embodiment, when an exposed identifier is included in the code of a smart contract, a high-level language written smart contract may have the same exposed identifier as a bytecode-style smart contract. And those skilled in the art will understand that: the bytecode can adopt an exposed identifier different from the high-level language, for example, the code of the intelligent contract written in the high-level language includes a first identifier, and the code of the intelligent contract in the form of the bytecode includes a second identifier, so that there is a correspondence between the first identifier and the second identifier, and it is ensured that the function of the exposed identifier is not affected after the bytecode is compiled from the high-level language.
At step 304, the first blockchain node decrypts the transaction in the trusted execution environment to obtain the code of the smart contract.
In an embodiment, the transaction may be encrypted by a symmetric encryption algorithm or may be encrypted by an asymmetric encryption algorithm. The encryption algorithm used for symmetric encryption is, for example, DES algorithm, 3DES algorithm, TDEA algorithm, Blowfish algorithm, RC5 algorithm, IDEA algorithm, etc. Examples of asymmetric encryption algorithms are RSA, Elgamal, knapsack Algorithm, Rabin, D-H, ECC (elliptic curve encryption Algorithm), etc.
In one embodiment, the transaction may be encrypted by combining a symmetric encryption algorithm with an asymmetric encryption algorithm. Taking the example that the client submits the transaction to the first blockchain node, the client may encrypt the transaction content using a symmetric encryption algorithm, that is, encrypt the transaction content using a key of the symmetric encryption algorithm, and encrypt the key used in the symmetric encryption algorithm using an asymmetric encryption algorithm, for example, encrypt the key used in the symmetric encryption algorithm using a public key of the asymmetric encryption algorithm. Therefore, after the first block chain node receives the encrypted transaction, the first block chain node can firstly decrypt by using the private key of the asymmetric encryption algorithm to obtain the key of the symmetric encryption algorithm, and then decrypt by using the key of the symmetric encryption algorithm to obtain the transaction content. For example, when a transaction is used to create a smart contract, the transaction content may include the code of the smart contract that needs to be created; when a transaction is used to invoke a smart contract, the transaction content may include the account address of the invoked smart contract, the methods and parameters that need to be passed in, and so on.
When the transaction is used to invoke a smart contract, it may be an invocation of multiple nested structures. For example, a transaction directly calls intelligent contract 1, while the code of intelligent contract 1 calls intelligent contract 2, and the code in intelligent contract 2 points to the contract address of intelligent contract 3, so that a transaction actually indirectly calls the code of intelligent contract 3, while the code in intelligent contract 3 may include an object designated by an exposed identifier. This corresponds to the inclusion of an object in the smart contract 1 that is identified by the exposed identifier. The specific implementation process is similar to the above process, and is not described herein again.
In step 306, the first blockchain node executes the code of the intelligent contract in the trusted execution environment to obtain receipt data.
As previously described, the transaction received by the first blockchain node may be, for example, a transaction that creates and/or invokes a smart contract. For example, in an ethernet, after receiving a transaction sent by a client to create and/or invoke an intelligent contract, a first block node may check whether the transaction is valid, whether the format is correct, whether a signature of the transaction is valid, and the like.
Typically, the nodes in the Etherhouse are also accounting contested nodes, and thus the first blockchain node can perform the transaction locally as accounting contested node. If one of the nodes competing for accounting rights wins the current round of accounting rights, the node becomes the accounting node. If the first block link point wins the accounting right in the current round, the first block link point becomes an accounting node; of course, if the first block link point does not win in the process of competing for accounting rights in the current round, it is not an accounting node, and other nodes may become accounting nodes.
An intelligent contract is similar to a class in object-oriented programming, with the result of execution generating a contract instance corresponding to the intelligent contract, similar to generating an object corresponding to a class. Executing code in the transaction to create the intelligent contract creates a contract account and deploys the contract in the account space. In the etherhouse, the address of the intelligent contract account is generated by an encryption algorithm by taking the address of the sender (e.g., "0 xf5e …" in fig. 1-2) and a transaction random number (nonce) as input, such as the contract address "0 x6f8ae93 …" in fig. 1-2, i.e., by the address of the sender "0 xf5e …" and the nonce in the transaction.
In general, in a blockchain network supporting intelligent contracts using consensus algorithms such as Proof of Work (POW) and Proof of equity (POS), Proof of commission (DPOS), nodes competing for accounting rights may execute a transaction including creation of an intelligent contract after receiving the transaction. One of the nodes competing for the accounting right wins the accounting right in the current round of the accounting right competition, and becomes the accounting node. The accounting node may package the transaction containing the smart contract with other transactions and generate a new block, and send the generated new block to other nodes for consensus.
For a block chain network supporting an intelligent contract by using a Practical Byzantine Fault Tolerance (PBFT) mechanism and the like, nodes with the accounting right are already agreed before accounting in the current round. Therefore, after the first block link node receives the transaction, if the first block link node is not the accounting node of the current round, the transaction can be sent to the accounting node. For the accounting node of the current round (which may be the first blockchain node), the transaction may be performed during or before the process of packaging the transaction and generating the new tile, or during or before the process of packaging the transaction with other transactions and generating the new tile. After the accounting node packages the transaction (or packages other transactions together) and generates a new block, the generated new block or a block header is sent to other nodes for consensus.
As described above, in the blockchain network supporting the intelligent contract using the POW mechanism or the blockchain network supporting the intelligent contract using the POS, DPOS, or PBFT mechanisms, the accounting node in the current round may package the transaction and generate a new block, and send the block header after the generated new block to other nodes for consensus. If the other nodes verify that no problem exists after receiving the block, the new block can be added to the tail of the original block chain, so that the accounting process is completed, and consensus is achieved; and if the transaction is used for calling the intelligent contract, the calling and executing of the intelligent contract are finished. Other nodes may also perform transactions in the block while verifying the new block or block header sent by the accounting node.
The execution process may be generally performed by a virtual machine. Taking the ethernet house as an example, the support user creates and/or invokes some complex logic in the ethernet house network, which is the biggest challenge of the ethernet house to distinguish from the bitcoin blockchain technology. The core of an etherhouse as a programmable block chain is an Etherhouse Virtual Machine (EVM), and each etherhouse node can run the EVM. The EVM is a well-behaved virtual machine, which means that a variety of complex logic can be implemented through it. The user issuing and invoking smart contracts in the etherhouse is running on the EVM.
In this embodiment, the first block link point may execute the decrypted code of the smart contract in a Trusted Execution Environment (TEE). For example, as shown in fig. 4, the first block node may be divided into a regular execution environment (left side in the figure) and a TEE, a transaction submitted by a client (as described above, the transaction may have other sources; the transaction submitted by the client is taken as an example for explanation here) first enters a "transaction/query interface" in the regular execution environment to be identified, a transaction without a privacy processing requirement may be left in the regular execution environment to be processed (whether the privacy processing requirement exists may be identified here according to a user type of a transaction initiator, a transaction type, an identifier included in the transaction, and the like), and a transaction with the privacy processing requirement may be transferred to the TEE to be processed. The TEE is isolated from the regular execution environment. The transaction is in an encrypted state before entering the TEE, and is decrypted into plaintext transaction content in a trusted execution environment, so that the plaintext transaction content can be efficiently processed in the TEE on the premise of ensuring data security, and plaintext receipt data is generated in the TEE.
The TEE is a trusted execution environment that is based on a secure extension of the CPU hardware and is completely isolated from the outside. TEE was originally proposed by Global Platform to address the secure isolation of resources on mobile devices, providing a trusted and secure execution environment for applications parallel to the operating system. The Trust Zone technology of ARM realizes the real commercial TEE technology at the earliest. Along with the rapid development of the internet, the security requirement is higher and higher, and more requirements are provided for the TEE by mobile equipment, cloud equipment and a data center. The concept of TEE has also been developed and expanded at a high rate. The concept now referred to as TEE has been a more generalized TEE than the concept originally proposed. For example, server chip manufacturers Intel, AMD, etc. have introduced hardware-assisted TEE in turn and enriched the concept and characteristics of TEE, which have gained wide acceptance in the industry. The mention of TEE now is more generally directed to such hardware assisted TEE techniques. Unlike the mobile terminal, the cloud access requires remote access, and the end user is not visible to the hardware platform, so the first step of using the TEE is to confirm the authenticity and credibility of the TEE. Therefore, the current TEE technology introduces a remote attestation mechanism which is endorsed by a hardware manufacturer (mainly a CPU manufacturer) and ensures that a user can verify the TEE state through a digital signature technology. Meanwhile, the security requirement which cannot be met by only safe resource isolation is also met, and further data privacy protection is also provided. Commercial TEE including Intel SGX, AMD SEV also provide memory encryption techniques, limiting trusted hardware within the CPU, with the data of the bus and memory being ciphertext to prevent snooping by malicious users. For example, TEE technology such as intel's software protection extensions (SGX) isolates code execution, remote attestation, secure configuration, secure storage of data, and trusted paths for executing code. Applications running in the TEE are secured and are almost impossible to access by third parties.
Taking the Intel SGX technology as an example, SGX provides an enclosure (also called enclave), that is, an encrypted trusted execution area in memory, and a CPU protects data from being stolen. Taking the example that the first block link point adopts a CPU supporting SGX, a part of an area EPC (enclosure Page Cache, Enclave Page Cache, or Enclave Page Cache) may be allocated in the memory by using a newly added processor instruction, and data therein is encrypted by an Encryption engine mee (memory Encryption engine) in the CPU. The encrypted content in the EPC is decrypted into plaintext only after entering the CPU. Therefore, in the SGX, a user may not trust an operating System, a VMM (Virtual Machine Monitor), or even a BIOS (Basic Input Output System), and only need to trust the CPU to ensure that private data is not leaked. In practical application, the private data can be encrypted and then transmitted to the enclosure in a ciphertext form, and the corresponding secret key is transmitted to the enclosure through remote certification. Then, the operation is performed by using the data under the encryption protection of the CPU, and the result is returned in a ciphertext form. In this mode, not only can the powerful calculation be utilized, but also data leakage is not worried about.
When the transaction with the privacy processing requirement is used for creating the intelligent contract, the transaction comprises the code of the intelligent contract, and the first block link point can decrypt the transaction in the TEE to obtain the code of the intelligent contract contained in the transaction and further execute the code in the TEE. When the transaction requiring privacy processing is used for invoking the intelligent contract, the first block link point may execute the code in the TEE (if the invoked intelligent contract handles the encryption state, the intelligent contract needs to be decrypted in the TEE to obtain the corresponding code). Specifically, the first block link point may allocate a part of the area EPC in the memory by using a processor instruction newly added in the CPU, and encrypt the plaintext code by using an encryption engine MEE in the CPU and store the plaintext code in the EPC. The encrypted content in the EPC enters the CPU and is decrypted into plaintext. And in the CPU, the operation is carried out on the code of the plaintext, and the execution process is completed. For example, in SGX technology, the EVM may be loaded into the enclosure by executing the plaintext code of the smart contract. In the remote certification process, the key management server can calculate a hash value of the local EVM code, compare the hash value with the hash value of the EVM code loaded in the first block chain link point, and correctly use a comparison result as a necessary condition for passing the remote certification, thereby completing measurement of the code loaded on the SGX enclosure of the first block chain node. Measured, the correct EVM can execute the code of the intelligent contract described above in the SGX.
And step 308, storing the receipt data by the first block chain node, so that the receipt content corresponding to the object marked by the exposed identifier is stored in a plaintext form, and the rest receipt content is stored in a ciphertext form.
In one embodiment, the first block link point stores the receipt content corresponding to the object marked by the exposed identifier in a plaintext form, and stores the rest of the receipt content in a ciphertext form, so that the receipt data can be flexibly stored in the plaintext or in the ciphertext, the receipt content stored in the ciphertext form can meet the privacy requirement of a user, and the receipt content stored in the plaintext form can meet the retrieval requirement of the user. For example, when the Log (such as the entire Logs field; or at least one of the From field, To field, Topic field, and Log data field) in the receipt data is stored in a clear text form, subsequent retrieval of the Log content can be supported, thereby realizing event driving based on the Log content, such as driving a DAPP (Decentralized Application) client To perform related processing operations, and the like.
The first block link point encrypts, with a key, receipt content corresponding to an object not identified by the exposed identifier. The encryption can adopt symmetric encryption or asymmetric encryption. If the first blockchain node encrypts the receipt content in a symmetric encryption manner, i.e., using the symmetric key of the symmetric encryption algorithm, the client (or other object holding the key) can decrypt the encrypted receipt content using the symmetric key of the symmetric encryption algorithm.
When the first blockchain node encrypts the receipt content with the symmetric key of the symmetric encryption algorithm, the symmetric key may be provided to the first blockchain node in advance by the client. Then, only the client (which should actually be the user corresponding to the logged-in account on the client) and the first block link point grasp the symmetric key, so that only the client can decrypt the corresponding encrypted receipt content, and an unrelated user or even a lawbreaker is prevented from decrypting the encrypted receipt content.
For example, when the client initiates a transaction to the first block link node, the client may encrypt the transaction content with an initial key of a symmetric encryption algorithm to obtain the transaction; accordingly, the first tile chain node may be used to directly or indirectly encrypt the receipt content by obtaining the initial key. For example, the initial key may be pre-negotiated by the client and the first blockchain node, or sent by the key management server to the client and the first blockchain node, or sent by the client to the first blockchain node. When the initial key is sent to the first block chain node by the client, the client can encrypt the initial key by the public key of the asymmetric encryption algorithm and then send the encrypted initial key to the first block chain node, and the first block chain node decrypts the encrypted initial key by the private key of the asymmetric encryption algorithm to obtain the initial key, that is, the digital envelope encryption described above, which is not described herein again.
The first tile link point may encrypt the receipt content using the initial key described above. The initial keys used for different transactions may be the same, so that all transactions submitted by the same user are encrypted using the initial keys, or the initial keys used for different transactions may be different, for example, the client may randomly generate an initial key for each transaction, so as to improve security.
The first tile chain node may generate a derivative key based on the initial key and the impact factor, and encrypt the receipt content with the derivative key. Compared with the method that the initial key is directly adopted for encryption, the derived key can increase the randomness, so that the difficulty of being broken is improved, and the safety protection of data is optimized. The impact factor may be related to the transaction; for example, the impact factor may include designated bits of the transaction hash value, such as the first chunk nexus may concatenate the initial key with the first 16 bits (or the first 32 bits, the last 16 bits, the last 32 bits, or other bits) of the transaction hash value and hash the concatenated string to generate the derivative key.
The first block link point can also adopt an asymmetric encryption mode, namely, the receipt content is encrypted by using a public key of an asymmetric encryption algorithm, and accordingly, the client can decrypt the encrypted receipt content by using a private key of the asymmetric encryption algorithm. The key of the asymmetric encryption algorithm may be, for example, a pair of a public key and a private key generated by the client, and the public key is sent to the first blockchain node in advance, so that the first blockchain node may encrypt the receipt content with the public key.
The first block link point implements a function by running code for implementing the function. Thus, for functions that need to be implemented in the TEE, the relevant code needs to be executed as well. For code executed in the TEE, relevant specifications and requirements of the TEE need to be met; accordingly, for codes used for realizing a certain function in the related art, code writing needs to be performed again in combination with the specification and requirements of the TEE, so that not only is a relatively large development amount, but also a bug (bug) is easily generated in the rewriting process, and reliability and stability of function realization are affected.
Thus, a first block link point may store receipt data generated in the TEE (including receipt content in plain text requiring plain text storage, and receipt content in cipher text requiring cipher text storage) to an external storage space outside the TEE by executing a store function code outside the TEE, so that the storage function code can be the code used for realizing the storage function in the related art, does not need to be re-written with the specification and requirement of the TEE, the receipt data can be safely and reliably stored, the development amount of related codes can be reduced on the basis of not influencing the safety and reliability, furthermore, the TCB (Trusted Computing Base) can be reduced by reducing the related codes of the TEE, so that the additional security risk caused by the combination of the TEE technology and the block chain technology is in a controllable range.
In one embodiment, the first block chain node may execute a write cache function code within the TEE to store the receipt data described above in a write cache within the TEE, such as may correspond to a "cache" as shown in fig. 2. Further, the first block chain node outputs the data in the write cache from the trusted execution environment to be stored in the external storage space. The writing cache function code can be stored in the TEE in a plaintext form, and the cache function code in the plaintext form can be directly executed in the TEE; alternatively, the write cache function code may be stored outside the TEE in a ciphertext form, such as in the external storage space (for example, "pack + store" shown in fig. 2, where "pack" indicates that the first blockchain node packs the transaction into blocks outside the trusted execution environment), and the write cache function code in the ciphertext form may be read into the TEE, decrypted in the TEE into a plaintext code, and executed.
Write caching refers to a "buffering" mechanism provided to avoid causing a "shock" to an external storage space when data is written to the external storage space. For example, the above write cache may be implemented by using a buffer; of course, the write cache may also be implemented by using a cache, which is not limited in this specification. In fact, because the TEE is an isolated security environment and the external storage space is located outside the TEE, the external storage space can be written into the data in the cache in batches by adopting a cache writing mechanism, so that the interaction times between the TEE and the external storage space are reduced, and the data storage efficiency is improved. Meanwhile, the TEE may need to call generated data in the process of continuously executing each transaction, and if the data needing to be called is just located in the write cache, the data can be directly read from the write cache, so that on one hand, interaction with an external storage space can be reduced, on the other hand, a decryption process of the data read from the external storage space is omitted, and therefore the data processing efficiency in the TEE is improved.
Of course, the write cache may also be established outside the TEE, for example, the first tile chain node may execute the write cache function code outside the TEE, so as to store the receipt data in the write cache outside the TEE, and further store the data in the write cache to the external storage space.
An embodiment of an object-level receipt storage node based on code labeling according to the present specification is described below with reference to fig. 5, and includes:
a receiving unit 51 that receives encrypted transactions corresponding to a smart contract whose code includes an object designated by an exposed identifier;
a decryption unit 52 to decrypt the transaction in a trusted execution environment to obtain code of the smart contract;
an execution unit 53, configured to execute the code of the smart contract in the trusted execution environment, to obtain receipt data;
the storage unit 54 stores the receipt data, and stores the receipt content corresponding to the object indicated by the exposure identifier in a plaintext form and stores the remaining receipt content in a ciphertext form.
Optionally, the intelligent contract corresponding to the transaction received by the first blockchain node includes:
intelligent contracts written in a high-level language; or the like, or, alternatively,
an intelligent contract in bytecode.
Optionally, when the intelligent contract corresponding to the transaction received by the first blockchain node is an intelligent contract written in a high-level language, the apparatus further includes:
and the compiling unit 55 is used for compiling the intelligent contract written in the high-level language through a compiler to generate the intelligent contract in a byte code form so as to execute in the trusted execution environment.
Optionally, when the intelligent contract corresponding to the transaction received by the first blockchain node is an intelligent contract in a byte code form, the intelligent contract in the byte code form is compiled by the client through a compiler on an intelligent contract written in a high-level language, and the intelligent contract written in the high-level language is compiled by the user on the client.
Optionally, the intelligent contract written in the high-level language has the same or corresponding exposed identifier as the intelligent contract in bytecode.
Optionally, the intelligent contract corresponding to the transaction received by the first blockchain node includes:
the intelligent contract generated by the user on the first block chain node; or the like, or, alternatively,
intelligent contracts generated by users on clients; or the like, or, alternatively,
and the client sends the intelligent contract in the transaction through the second blockchain node.
Optionally, the object marked by the exposure identifier includes: receipt fields and/or status variables.
Optionally, the object marked by the exposure identifier includes: a contract level object; the storage unit 54 is specifically configured to:
when storing the receipt data, storing all receipt content in the receipt data corresponding to the contract level object in clear text.
Optionally, the object marked by the exposure identifier includes: an event-level object corresponding to at least one event defined in the smart contract; the storage unit 54 is specifically configured to:
in storing the receipt data, determining receipt content in the receipt data corresponding to the at least one event, and storing a portion of the determined receipt content corresponding to the event-level object in clear text.
Optionally, the storage unit 54 is specifically configured to:
executing storage function code outside the trusted execution environment to store the receipt data to an external storage space outside the trusted execution environment.
Optionally, the transaction is used to create and/or invoke the smart contract.
Optionally, the key for encrypting the receipt field by the first block link point includes: a key of a symmetric encryption algorithm or a key of an asymmetric encryption algorithm.
Optionally, the key of the symmetric encryption algorithm includes an initial key provided by the client; or, the key of the symmetric encryption algorithm comprises the initial key and a derivative key generated by the influence factor.
Optionally, the transaction is encrypted by the initial key, and the initial key is encrypted by a public key of an asymmetric encryption algorithm; the decryption unit 52 is specifically configured to:
and the first blockchain node decrypts by using a private key of the asymmetric encryption algorithm to obtain the initial key, and decrypts the transaction by using the initial key to obtain the code of the intelligent contract.
Optionally, the initial key is generated by the client; or, the initial key is sent to the client by a key management server.
Optionally, the impact factor is associated with the transaction.
Optionally, the influence factor includes: a specified bit of the hash value for the transaction.
In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually making an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as abel (advanced Boolean Expression Language), ahdl (alternate Hardware Description Language), traffic, pl (core universal Programming Language), HDCal (jhdware Description Language), lang, Lola, HDL, laspam, hardward Description Language (vhr Description Language), vhal (Hardware Description Language), and vhigh-Language, which are currently used in most common. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be considered a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functions of the various elements may be implemented in the same one or more software and/or hardware implementations of the present description.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
This description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks. In a typical configuration, a computer includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic disk storage, quantum memory, graphene-based storage media or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The terminology used in the description of the one or more embodiments is for the purpose of describing the particular embodiments only and is not intended to be limiting of the description of the one or more embodiments. As used in one or more embodiments of the present specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used in one or more embodiments of the present description to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of one or more embodiments herein. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
The above description is only for the purpose of illustrating the preferred embodiments of the one or more embodiments of the present disclosure, and is not intended to limit the scope of the one or more embodiments of the present disclosure, and any modifications, equivalent substitutions, improvements, etc. made within the spirit and principle of the one or more embodiments of the present disclosure should be included in the scope of the one or more embodiments of the present disclosure.