CN110263547A - Modification order based on contract state realizes the method and device of dynamic encryption - Google Patents

Modification order based on contract state realizes the method and device of dynamic encryption Download PDF

Info

Publication number
CN110263547A
CN110263547A CN201910473002.5A CN201910473002A CN110263547A CN 110263547 A CN110263547 A CN 110263547A CN 201910473002 A CN201910473002 A CN 201910473002A CN 110263547 A CN110263547 A CN 110263547A
Authority
CN
China
Prior art keywords
contract
state
contract state
encryption
transaction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910473002.5A
Other languages
Chinese (zh)
Other versions
CN110263547B (en
Inventor
刘琦
闫莺
魏长征
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Advanced New Technologies Co Ltd
Advantageous New Technologies Co Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201910473002.5A priority Critical patent/CN110263547B/en
Publication of CN110263547A publication Critical patent/CN110263547A/en
Priority to PCT/CN2020/092231 priority patent/WO2020238878A1/en
Priority to PCT/CN2020/092606 priority patent/WO2020238958A1/en
Application granted granted Critical
Publication of CN110263547B publication Critical patent/CN110263547B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

This specification one or more embodiment provides a kind of method and device of modification order realization dynamic encryption based on contract state, this method may include: that block chain node decrypts the transaction received in credible performing environment, with the corresponding intelligent contract of the determination transaction;The block chain node executes the intelligent contract in credible performing environment, modifies the contract state for including in the intelligent contract;The block chain node encrypts the contract state according to public keys and impact factor in credible performing environment, with contract state write-in database after encrypting, wherein the impact factor include the contract state the intelligent contract be performed by modification order.

Description

Modification order based on contract state realizes the method and device of dynamic encryption
Technical field
This specification one or more embodiment is related to block chain technical field more particularly to a kind of based on contract state Modify the method and device that order realizes dynamic encryption.
Background technique
Block chain technology constructs on transmission network (such as point to point network).Network node in transmission network utilizes Linked data structure is verified and storing data, and knows together algorithm using distributed node to generate and more new data.These areas Node in block chain network is sometimes for increase.
Technically maximum two challenges are exactly privacy and performance to the block platform chain of enterprise-level at present, and often the two are chosen War is difficult to solve simultaneously.Most solutions are all to exchange privacy for by losing performance, or less consider that privacy goes the property pursued Energy.The encryption technology of common solution privacy concern, as homomorphic cryptography (Homomorphic encryption) and Zero Knowledge are demonstrate,proved Complexities such as bright (Zero-knowledge proof) are high, poor universality, but also may bring serious performance loss.
In terms of solving privacy, credible performing environment (Trusted Execution Environment, TEE) is another Kind settling mode.TEE can play the role of the black box in hardware, and the code and data executed in TEE all can not be by operation System layer is peeped, and only can just be operated on it by interface predetermined in code.It is black due to TEE in terms of efficiency Case property, carry out operation in TEE is clear data, rather than the complicated cryptography arithmetic in homomorphic cryptography, calculating process Inefficent loss, therefore combined with TEE and can largely promote block chain under the premise of performance loss is lesser Safety and privacy.Industry very pays close attention to the scheme of TEE at present, and the chip and software league of nearly all mainstream have certainly Oneself TEE solution, TPM (Trusted Platform Module, reliable platform module) including software aspects and Intel SGX (Software Guard Extensions, software protection extension), the ARM Trustzone (letter of hardware aspect Appoint area) and AMD PSP (Platform Security Processor, platform safety processor).
Summary of the invention
In view of this, this specification one or more embodiment provide a kind of modification order based on contract state realize it is dynamic The method and device of state encryption.
To achieve the above object, it is as follows to provide technical solution for this specification one or more embodiment:
According to this specification one or more embodiment in a first aspect, proposing a kind of modification based on contract state time The method of sequence realization dynamic encryption, comprising:
Block chain node decrypts the transaction received in credible performing environment, is closed with the corresponding intelligence of the determination transaction About;
The block chain node executes the intelligent contract in credible performing environment, make include in the intelligent contract Contract state is modified;
The block chain node in credible performing environment according to public keys and impact factor to the contract state into Row encryption, database is written in contract state after encrypting, wherein the impact factor includes the contract state in the intelligence Can contract be performed by modification order.
According to the second aspect of this specification one or more embodiment, a kind of modification based on contract state time is proposed The device of sequence realization dynamic encryption, comprising:
Decryption unit decrypts the transaction received in credible performing environment, is closed with the corresponding intelligence of the determination transaction About;
Execution unit executes the intelligent contract in credible performing environment, makes the contract for including in the intelligent contract State is modified;
Encryption unit adds the contract state according to public keys and impact factor in credible performing environment It is close, wherein the impact factor include the contract state the intelligent contract be performed by modification order;
Storage unit, for contract state write-in database after encrypting.
According to the third aspect of this specification one or more embodiment, a kind of electronic equipment is proposed, comprising:
Processor;
Memory for storage processor executable instruction;
Wherein, the processor is by running the executable instruction to realize method as described in relation to the first aspect.
According to the fourth aspect of this specification one or more embodiment, a kind of computer readable storage medium is proposed, The step of being stored thereon with computer instruction, method as described in relation to the first aspect realized when which is executed by processor.
Detailed description of the invention
Fig. 1 is a kind of schematic diagram for creation intelligence contract that an exemplary embodiment provides.
Fig. 2 is a kind of schematic diagram for calling intelligence contract that an exemplary embodiment provides.
Fig. 3 is the method that a kind of modification order based on contract state that an exemplary embodiment provides realizes dynamic encryption Flow chart.
Fig. 4 be an exemplary embodiment provide a kind of impact factor only include contract state by modification order when plus Close schematic diagram.
Fig. 5 is a kind of impact factor that an exemplary embodiment provides while including contract state by modification order and area Encryption schematic diagram when block height.
Fig. 6 is that a kind of impact factor that an exemplary embodiment provides includes contract state by modification order and friendship simultaneously Encryption schematic diagram when easy offset.
Fig. 7 is that a kind of impact factor that an exemplary embodiment provides includes block height, transaction offset and conjunction simultaneously About state by modification order when encryption schematic diagram.
Fig. 8 is a kind of structural schematic diagram of the key-value pair for contract state that an exemplary embodiment provides.
Fig. 9 is the structural schematic diagram of the key-value pair for another contract state that an exemplary embodiment provides.
Figure 10 is a kind of structural schematic diagram for equipment that an exemplary embodiment provides.
Figure 11 is the dress that a kind of modification order based on contract state that an exemplary embodiment provides realizes dynamic encryption The block diagram set.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with this specification one or more embodiment.Phase Instead, they are only some aspects phases with the one or more embodiments of as detailed in the attached claim, this specification The example of consistent device and method.
It should be understood that the sequence that might not show and describe according to this specification in other embodiments executes The step of correlation method.In some other embodiments, step included by method can than described in this specification more It is more or less.In addition, single step described in this specification, may be broken down into other embodiments multiple steps into Row description;And multiple steps described in this specification, it may also be merged into single step progress in other embodiments Description.
Block chain is normally divided into three types: publicly-owned chain (Public Blockchain), privately owned chain (Private ) and alliance's chain (Consortium Blockchain) Blockchain.In addition, there are also a plurality of types of combinations, such as privately owned chain The different combinations such as+alliance chain, alliance's chain+publicly-owned chain.The participant of block chain, that is, block chain node (or abbreviation node), area Block chain node can read data record, the book keeping operation power participated in business and compete new block on chain etc., each block chain link Point constitutes corresponding block chain network.In the block chain of the above-mentioned type, highest decentralization degree is publicly-owned chain.It is publicly-owned Chain using bit coin, ether mill as representative, the participant that publicly-owned chain is added can read data record on chain, participate in business and The book keeping operation power etc. of new block is competed, and each participant freely can be added and exit network.Privately owned chain is then on the contrary, network of relation Permission is written by some tissue or mechanism controls, reading data permission is organized or the regulation of mechanism.In simple terms, privately owned chain It can be weak center's system, participant has stringent limitation and less.Such block chain is more suitable for specific machine It is used inside structure.Alliance's chain is then the block chain between publicly-owned chain and privately owned chain, it can be achieved that " part decentralization ".Connection Each node usually has corresponding physical mechanism or tissue in alliance's chain;Network and composition is added by authorization in participant Interests correlation alliance, it is common to safeguard the operation of block chain.
Whether publicly-owned chain, privately owned chain or alliance's chain may all provide the function of intelligent contract.Intelligence on block chain Contract is the contract that can be executed by transaction triggering on block catenary system.Intelligent contract can pass through the formal definition of code.
By taking ether mill as an example, user is supported to create in the network of ether mill and call the logic of some complexity, this is ether Mill is different from the ultimate challenge of bit coin block chain technology.Ether mill is ether mill void as the core of a programmable block chain Quasi- machine (EVM), each ether mill node can run EVM.EVM is the complete virtual machine of figure spirit, it means that can be with The logic of various complexity is realized by it.It is exactly to run on EVM that user, which issues in ether mill and call intelligent contract,.It is real On border, what virtual machine was directly run is virtual machine code (Virtual Machine bytecodes, lower abbreviation " bytecode ").It is deployed on block chain Intelligent contract can be the form of bytecode.
Such as shown in Fig. 1, after a transaction comprising the intelligent contract information of creation is sent ether mill network by Bob, section The EVM of point 1 can execute this and trade and generate corresponding contract example." 0x6f8ae93 ... " in 1 in figure represents this The address of contract, what the data field of transaction saved can be bytecode, and the to field of transaction is sky.Pass through common recognition machine between node After system is reached an agreement, this contract is successfully created, and can be called in the follow-up process.After contract creation, on block chain There is a contract account corresponding with the intelligence contract, and possess a specific address, contract code will be stored in the conjunction About in account.The behavior of intelligent contract is controlled by contract code.In other words, intelligent contract to generate on block chain comprising closing The about virtual account of code and account storage (Storage).
As shown in Fig. 2, one is used to call the transaction of intelligent contract to be sent to ether mill by Bob still by taking ether mill as an example After network, the EVM of a certain node can execute this and trade and generate corresponding contract example.The from word traded in 2 in figure Section is the address of the account of transaction initiator (i.e. Bob), and " 0x6f8ae93 ... " in field represents called intelligence and close Address about, value field are the value of ether coin, the side of the intelligent contract of the calling that the data field of transaction saves in ether mill Method and parameter.Intelligent contract in a prescribed manner in block chain network each node disjoint execution, all execution record and Data are all stored on block chain, so just saving the transaction that can not be distorted, will not lose on block chain after the completion of transaction Voucher.
As previously mentioned, the intelligent contract being deployed on block chain can be the form of bytecode.Bytecode is by a series of Byte composition, each byte can identify an operation.Consider based on development efficiency, readability etc. are many-sided, developer can be with Bytecode is not write directly, but selects a high level language intelligence contract code.The intelligent contract of high level language Code is compiled by compiler, generates bytecode, and then the bytecode can be deployed on block chain.The height that ether mill is supported There are many grade language, such as Solidity, Serpent, LLL language.
By taking Solidity language as an example, the contract write with it and class (Class) the very phase in Object-Oriented Programming Language Seemingly, a variety of members, including contract state, function, function modifier, event etc. can be stated in a contract.Contract state It is the value being permanently stored in the account storage of intelligent contract, for saving the state of contract.
It is the example code for the simple intelligent contract write with Solidity language as follows:
In general, " balance " this corresponding storage state of contract state is bright after this contract is deployed in block chain Text, anyone is it can be seen that its state, the setting and ability of no secret protection.If user wants to play state secret protection Come, at present using zero-knowledge proof, homomorphic cryptography solution, need to rewrite this contract again so that " balance " this A contract state encipherment protection gets up, and needs support all operations of the balance in encrypted domain.General this cipher mode Operation is complicated, and is difficult the suitable algorithm of design and supports in encrypted domain.And combined in some block chains with TEE In solution, in order to realize secret protection, some or all of intelligent contract contract state, which is taken as, needs secret protection Data are stored in the database of block chain node maintenance.The database, physical support can be storage medium, such as hold Long property storage medium.
TEE is the security extension based on CPU hardware, and the credible performing environment completely isolated with outside.TEE be earliest by The concept that Global Platform is proposed, for solving the security isolation of resource in mobile device, being parallel to operating system is to answer Credible and secure performing environment is provided with program.The Trust Zone technology of ARM realizes the TEE technology of real commercialization earliest. And along with the high speed development of internet, safe demand is higher and higher, is not limited only to mobile device, cloud device, in data The heart all proposes more demands to TEE.The concept of TEE has also obtained the development and expansion of high speed.Described TEE is compared now It has been the TEE of more broad sense with the concept initially proposed.For example, server chips manufacturer Intel, AMD etc. are successively released The TEE of hardware auxiliary and the concept and characteristic for enriching TEE, have been widely recognized in industry.The TEE lifted now Usually more refer to the TEE technology of this kind of hardware auxiliary.Different from mobile terminal, cloud access needs to remotely access, terminal user couple Hardware platform is invisible, therefore seeks to the genuine and believable of confirmation TEE using the first step of TEE.Therefore present TEE technology is all Remote proving mechanism is introduced, endorsed by hardware vendor (mainly CPU manufacturer) and user couple is ensured by digital signature technology TEE state can verify that.
Meanwhile only the resource isolation of safety may also be unable to satisfy demand for security, so that further data-privacy Protection is also suggested.Including Intel SGX, the commercial TEE including AMD SEV also both provides memory encryption technology, will be credible Hardware is limited to inside CPU, and the data of bus and memory are that ciphertext prevents malicious user from being spied upon.For example, Intel Software protection extend the TEE technology insulation such as (SGX) code execution, remote proving, security configuration, the secure storage of data and For executing the trusted path of code.The application program run in TEE is kept safe, as a consequence it is hardly possible to be visited by third party It asks.
By taking Intel SGX technology as an example, SGX provides enclosure (enclave, also referred to as enclave), i.e., one adds in memory Close credible execution region, protects data not to be stolen by CPU.By taking a certain block chain node is using the CPU for supporting SGX as an example, Using newly-increased processor instruction, a part of region EPC (Enclave Page Cache, enclosure page can be distributed in memory Face caching or enclave page cache), by the crypto engine MEE (Memory Encryption Engine) in CPU to wherein Data encrypted.The content encrypted in EPC, which only enters after CPU, can just be decrypted into plain text.Therefore, in SGX, user It can distrust operating system, VMM (Virtual Machine Monitor, monitor of virtual machine), even BIOS (Basic Input Output System, basic input output system), it is only necessary to trust CPU just and can ensure that private data will not leak. Therefore, under the encipherment protection of CPU, intelligent contract can be executed in enclosure, generates contract state, and is hidden to needing in enclosure The contract state of private protection is encrypted, and then will be stored after the outflow of obtained ciphertext contract state, to both can use CPU Powerful calculating power, and do not have to concern of data and leak.
Fig. 3 is the method that a kind of modification order based on contract state that an exemplary embodiment provides realizes dynamic encryption Flow chart.As shown in figure 3, this method is applied to block chain node, may comprise steps of:
Step 302, block chain node decrypts the transaction received in credible performing environment, is corresponded to the determination transaction Intelligent contract.
In one embodiment, client can create transaction, and the transaction is for creating or calling intelligent contract.Client can It is encrypted with the transaction by key pair, and encrypted transaction is sent to block chain node, so that block chain node can The encrypted transaction to be decrypted in credible performing environment, so that it is determined that the corresponding intelligent contract of the transaction.
As previously mentioned, when above-mentioned transaction is for when creating intelligent contract, the data field of the transaction to preserve intelligent contract Code corresponding intelligent contract can be read from the data field of the transaction so that after the transaction of block chain node decryption. When above-mentioned transaction is for when calling intelligent contract, the to field of the transaction to include the address of called intelligent contract, so that area After the transaction of block chain node decryption, the address of intelligent contract can be read from the to field of the transaction, and obtain based on the address Take the code of corresponding intelligent contract.
When transaction is for calling intelligent contract, the calling of multinest structure can be.For example, transaction calls directly intelligence Can and about 1, and the intelligence and about 1 code have invoked intelligence and about 2, and the code in intelligence and about 2 be directed toward it is intelligent with about 3 Contract address so that transaction actually have invoked indirectly intelligence and about 3 codes.In this way, whether intelligent and about 1, intelligence About 2 or intelligence and when about contract state defined in 3 is modified, this specification can to modified contract state into Row encryption storage.
In one embodiment, client can be symmetric cryptography, asymmetric encryption to the cipher mode of transaction, or symmetrical Encryption combines asymmetric encryption.When using symmetric cryptography, client encrypts transaction by encryption key, and block chain Node is decrypted transaction by identical encryption key;Correspondingly, used symmetric encipherment algorithm can be DES calculation Method, 3DES algorithm, TDEA algorithm, Blowfish algorithm, RC5 algorithm, IDEA algorithm etc..When using asymmetric encryption, client End encrypts transaction by public key, block chain node is decrypted transaction by private key;Correspondingly, used non-right Claim Encryption Algorithm, e.g. RSA, Elgamal, knapsack algorithm, Rabin, D-H, ECC (elliptic curve encryption algorithm) etc..When adopting When with symmetric cryptography combination asymmetric encryption, client can use symmetric cryptography using symmetric encipherment algorithm encryption transaction The key of algorithm encrypts transaction, and with the key used in rivest, shamir, adelman cryptographic symmetrical Encryption Algorithm, for example using non- The key used in the public key encryption symmetric encipherment algorithm of symmetric encipherment algorithm;In this way, block chain node receives the friendship of encryption Yi Hou can be first decrypted using the private key of rivest, shamir, adelman, obtain the key of symmetric encipherment algorithm, and then with symmetrically The key of Encryption Algorithm decrypts above-mentioned transaction.
Step 304, the block chain node executes the intelligent contract in credible performing environment, makes the intelligent contract In include contract state modified.
As previously mentioned, block chain node can be by executing intelligent contract, to ensure contract state and its value in TEE It will not leak.For example, block chain node can obtain the corresponding intelligent contract of transaction after decrypting process above-mentioned Plaintext code, and plaintext code obtained is executed in TEE.Specifically, block chain node can use the place increased newly in CPU Manage device instruction, a part of region EPC can be distributed in memory, by the crypto engine MEE in CPU to above-mentioned plaintext code into Row encryption is stored in the EPC.The content encrypted in EPC is decrypted into plain text after entering CPU, i.e., above-mentioned plaintext code makes Operation can be carried out to the plaintext code by obtaining CPU, complete implementation procedure.
In SGX technology, EVM can be loaded into above-mentioned enclosure, EVM be executed in enclosure above-mentioned Plaintext code, to make full use of the powerful calculation power of CPU.During remote proving, Key Management server can calculate this The hash value of ground EVM code, and compared with the hash value of the EVM code loaded in block chain node, the correct conduct of comparison result By a necessary condition of remote proving, to complete the measurement of the code loaded to block chain node SGX enclosure.Through excessive Amount, correct EVM can execute the plaintext code for corresponding intelligent contract of trading in SGX, and ensure that all correct EVM exist Result after executing same section of code is identical.
In general, after the plaintext code of the intelligent contract of CPU execution, part or all of contract shape defined in the plaintext code State can change, i.e., part or all of contract state is modified, and this specification can be for the contract state that these are modified It carries out after reliably encrypting, stores into the database of block chain node maintenance, to realize that high level data safety and privacy are protected Shield.
Step 306, the block chain node in credible performing environment according to public keys and impact factor to the conjunction About state is encrypted, and database is written in contract state after encrypting, wherein the impact factor includes the contract state The intelligent contract be performed by modification order.
It in one embodiment, is to write the contract state from the angle of block chain node by contract state deposit block chain Enter database, such as local database.The database, is generally stored among storage medium, and more common is persistence Storage medium.The persistent storage medium can be disk, floppy disk, be also possible to be powered after can restore data so as to Memory of persistent storage etc.
In one embodiment, block chain node can encrypt contract state according to public keys and impact factor, The effect by public keys and impact factor simultaneously of the value of contract state, identical in public keys after the encryption made In the case of, the randomness of contract state after encryption can be increased by the impact factor of differentiation.In other words, work as public keys It is acquired even if the contract state for identical value is encrypted by using different impact factors in identical situation Encryption after contract state will also have different values.Therefore, public keys progress is all made of compared to all contract states Encryption, can to avoid criminal grasp encryption after contract state value changing rule, prevent criminal by attempt and The value of contract state is compared and deduced, there is higher safety.
In one embodiment, impact factor can be repaired only comprising contract state what corresponding intelligent contract was performed Change order.Several contract states are defined in intelligent contract, during intelligent contract is performed, part or all of contract shape The value of state may be modified, and it can be one or many for modifying number.Value modification to contract state is successively to send out Raw, and block chain node can determine that each contract state is corresponding by modification order respectively, for example contract state 1 is the 1st It is a modified, contract state 2 is modified at the 5th, then the corresponding impact factor of contract state 1 can with value be 1, contract shape The corresponding impact factor of state 2 can be with value for 5.What block chain node can be performed by the above-mentioned intelligent contract of counters count The modification number occurred in the process, such as when contract state 1 is modified corresponding modification number are 1, show contract state 1 By modification order be 1, contract state 2 when being modified it is corresponding modification number be 5, show contract state 2 be by modification order 5.Certainly, the value of contract state may occur repeatedly to modify, then can choose the contract state certain it is primary modify when pair Answer by modification order, such as last time;Still by taking the statistical of above-mentioned counter as an example, when contract state i is modified When corresponding modification number is respectively N1, N2 and N3, can by contract state i it is corresponding by modification order be set as N3 (when So, or N1 or N2, as long as giving differentiation with other contract states), and N1 and N2 are dropped, so each conjunction About state is not necessarily successively changed by modification order, often generates since part contract state is repeatedly modified The jumping characteristic of value changes, but this has no effect on each contract state different impact factors is respectively adopted and is encrypted.And it is right The contract state caused by different transaction, no matter these transaction are in same block or different blocks, as long as contract state pair That answers is different by modification order, may insure the contract state of identical value corresponding to contract shape after the encryption of different values State.As it can be seen that when impact factor be contract state it is corresponding intelligence contract be performed by modification order when, can be in contract Increase the value randomness of contract state after each encryption in state dimension, it is ensured that contract after the corresponding all encryptions of same transaction The governed value variation of rule will not be generated between state, and the contract shape that position offset is different in different transaction is also ensured The governed value variation of rule will not be generated after the corresponding encryption of state between contract state.
It is assumed that including block B1 and block B2 in a certain block chain network, the block height of block B1 is H1, block B2 Block height be H2.For the sake of understanding, it is assumed that comprising transaction Tx1, Tx2 in block B1, in block B2 comprising transaction Tx3, Tx4, transaction Tx1, Tx3 corresponding position offset in block B1, B2 is Offset1, and trade Tx2, Tx4 are in area Corresponding position offset is Offset2 in block B1, B2;Meanwhile contract state is defined in trade Tx1, Tx3 Balance1, Balance2, transaction Tx2, Tx4 in define contract state Balance3, Balance4.
When impact factor only include contract state intelligent contract be performed by modification order when, as shown in Figure 4: right The contracts state such as Balance1, Balance2, Balance3 and Balance4 involved in block B1, due to contract state Balance1 and Balance2 belongs to transaction Tx1, thus Balance1 necessarily corresponds respectively to different quilts from Balance2 Order is modified, for example Balance1, which corresponds to, is corresponded to by modification order U1, Balance2 by modification order U2, thus can adopt With public keys Key128 (i.e. version number be 128 security key, reference can be made to below with respect to the description of key version;Alternatively, can With using other forms public keys, be only used for illustrating herein) and by modification order U1 to contract state Balance1 carry out It encrypts, obtain contract state S-Balance1-1 after corresponding encryption, and using public keys Key128 and by modification order U2 Contract state Balance2 is encrypted, obtains contract state S-Balance2-1 after corresponding encryption.Simultaneously as contract State Balance3 and Balance4 belongs to transaction Tx2, thus Balance3 and Balance4 necessarily correspond respectively to difference By modification order, for example Balance3, which corresponds to, is corresponded to by modification order U1, Balance4 by modification order U2, thus can After being encrypted to contract state Balance3 using public keys Key128 and by modification order U1, obtain corresponding encryption Contract state S-Balance3-1, and use public keys Key128 and contract state Balance4 is carried out by modification order U2 It encrypts, obtain contract state S-Balance4-1 after corresponding encryption.
Similarly, for block B2, since contract state Balance1 and Balance2 belongs to transaction Tx3, because And Balance1 necessarily corresponds respectively to different by modification order from Balance2, for example Balance1 corresponds to by modification time Sequence U1, Balance2 corresponds to by modification order U2, thus can be using public keys Key128 and by modification order U1 pairing About state Balance1 is encrypted, is obtained contract state R-Balance1-1 after corresponding encryption, and uses public keys Key128 and contract state Balance2 is encrypted by modification order U2, obtains contract state R- after corresponding encryption Balance2-1.Simultaneously as contract state Balance3 and Balance4 belong to transaction Tx4, thus Balance3 with Balance4 necessarily correspond respectively to it is different by modification order, for example Balance3 correspond to by modification order U1, Balance4 corresponds to by modification order U2, thus can be using public keys Key128 and by modification order U1 to contract state Balance3 encrypted, obtains contract state R-Balance3-1 after corresponding encryption, and use public keys Key128 and Contract state Balance4 is encrypted by modification order U2, obtains contract state R-Balance4-1 after corresponding encryption.
In addition to " contract state intelligent contract be performed by modification order " other than, impact factor can also be further Comprising other conditions, for example other conditions may include " the block height for locating block of trading ", " transaction is in locating block Position offset " etc. one or more, to obtain the impact factor as made of multiple conditional combinations, can other dimension Cryptographic operation is implemented to contract state on degree.
In one embodiment, impact factor can be the block height, contract state of block at exchange in intelligent contract Be performed by modification order.In conjunction with above respectively to condition " the block height of block locating for transaction ", condition " contract state Intelligent contract be performed by modification order " description, it is known that: the condition block height of block " trade locating " can be real The control extension of existing block dimension ensures necessarily make contract state generation rule after encryption governed between different blocks Value variation, condition " contract state intelligent contract be performed by modification order " the encryption control of state dimension may be implemented Making, ensuring will not necessarily make contract state generation rule after encryption governed between the different contract states of same transaction generation Value variation, then when impact factor includes above-mentioned two condition simultaneously, may be implemented block dimension and state dimension plus Close control, even if so that having the same by modification time between the contract state that multiple transaction in different blocks generate respectively Sequence also will not necessarily make contract state after encryption generate the governed value variation of rule.Wherein, same transaction is generated Multiple contract states, can by condition " contract state intelligent contract be performed by modification order " realize encryption control System, this is because it is same transaction generate different contract states necessarily have it is different by modification order;And for different blocks The contract state that generates respectively of multiple transaction, even if these contract states are having the same by modification time in respective transaction Number can also further pass through condition " the block height for locating block of trading " and realize control extension, this is because different blocks Transaction necessarily have different block height.
Still by taking above-mentioned block B1, B2 as an example.As shown in figure 5, when block chain node considers block height and contract simultaneously State by modification order when, for contracts such as block B1 Balance1, Balance2, Balance3 and Balance4 being related to State, since Balance1 and Balance2 is from same transaction Tx1, so that Balance1 and Balance2 is necessarily right respectively Should be in different by modification order, for example Balance1, which corresponds to, is corresponded to by modification order U1, Balance2 by modification order U2, thus by public keys Key128, block height H1 with Balance1 is encrypted by modification order U1, encrypted S-Balance1-3 afterwards, and Balance2 is carried out with by modification order U2 by public keys Key128, block height H1 Encryption, obtains encrypted S-Balance2-3.Simultaneously as Balance3 and Balance4 makes from same transaction Tx2 Balance3 necessarily corresponds respectively to different by modification order from Balance4, for example Balance3 corresponds to secondary by modification Sequence U1, Balance4 corresponds to by modification order U2, thus by public keys Key128, block height H1 and by modification order U1 encrypts Balance3, obtains encrypted S-Balance3-3, and passes through public keys Key128, block height H1 Balance4 is encrypted with by modification order U2, obtains encrypted S-Balance4-3.
Similarly, for contracts shapes such as block B2 Balance1, Balance2, Balance3 and Balance4 being related to State, since Balance1 and Balance2 is from same transaction Tx3, so that Balance1 and Balance2 is necessarily respectively corresponded In different by modification order, for example Balance1, which corresponds to, is corresponded to by modification order U1, Balance2 by modification order U2, Thus by public keys Key128, block height H2 with Balance1 is encrypted by modification order U1, after obtaining encryption R-Balance1-3, and by public keys Key128, block height H2 with by modification order U2 Balance2 is added It is close, obtain encrypted R-Balance2-3.Simultaneously as Balance3 and Balance4 is from same transaction Tx4, so that Balance3 necessarily corresponds respectively to different by modification order from Balance4, and for example Balance3 corresponds to by modification order U1, Balance4 correspond to by modification order U2, thus by public keys Key128, block height H2 and by modification order U1 Balance3 is encrypted, obtains encrypted R-Balance3-3, and by public keys Key128, block height H2 with Balance4 is encrypted by modification order U2, obtains encrypted R-Balance4-3.
In one embodiment, impact factor can be the trade position offset in locating block, contract state in intelligence Can contract be performed by modification order.In conjunction with above respectively to condition " transaction position offset " in locating block, Condition " contract state intelligent contract be performed by modification order " description, it is known that: condition " transaction in locating block Position offset " control extension of transaction dimension may be implemented, ensure different transaction in same block between necessarily will not So that contract state generates the governed value variation of rule, the condition " quilt that contract state is performed in intelligent contract after encryption Modification order " may be implemented the control extension of state dimension, ensure that certainty is not between the different contract states of same transaction generation Meeting is so that contract state generates the governed value variation of rule after encryption, then when impact factor includes simultaneously above-mentioned two condition When, the control extension of transaction dimension and state dimension may be implemented, so that the conjunction that the different transaction on same block generate respectively Even if having the same by modification order about between state, it also will not necessarily make contract state generation rule after encryption governed Value variation.Wherein, the multiple contract states generated for same transaction, can " contract state be in intelligent contract by condition Be performed by modification order " realize control extension, this is because it is same transaction generate different contract states necessarily have It is different by modification order;And for the contract state that the different transaction of same block generate respectively, even if these contract states It is having the same by modification number in respective transaction, it can also further pass through condition " position of the transaction in locating block Set offset " realize control extension, this is because the different transaction of same block necessarily have different position offsets.
Still by taking above-mentioned block B1, B2 as an example.As shown in fig. 6, when block chain node considers transaction offset simultaneously and closes About state by modification order when, for block B1 Balance1, Balance2, Balance3 and Balance4 being related to etc. close About state, since Balance1 and Balance2 is from same transaction Tx1, so that Balance1 and Balance2 necessarily distinguishes Corresponding to identical transaction offset, different by modification order, for example the transaction offset of transaction Tx1 is Offset1, and Balance1 correspond to by modification order U1, Balance2 correspond to by modification order U2, thus by public keys Key128, Transaction offset Offset1 encrypts Balance1 with by modification order U1, obtains encrypted S-Balance1-3, and Balance2 is encrypted with by modification order U2 by public keys Key128, transaction offset Offset1, is encrypted S-Balance2-3 afterwards.Simultaneously as Balance3 and Balance4 is from same transaction Tx2 so that Balance3 with Balance4 necessarily corresponds respectively to identical transaction offset, is different by modification order, the transaction offset for the Tx2 that for example trades Amount is that Offset2 and Balance3 corresponds to corresponding to by modification order U1, Balance4 by modification order U2, thus leads to Cross public keys Key128, transaction offset Offset2 Balance3 is encrypted with by modification order U1, after obtaining encryption S-Balance3-3, and by public keys Key128, transaction offset Offset2 with by modification order U2 to Balance4 It is encrypted, obtains encrypted S-Balance4-3.
Similarly, for block B2, since Balance1 and Balance2 is from same transaction Tx3, so that Balance1 necessarily corresponds respectively to identical transaction offset, different by modification order from Balance2, and for example trade Tx3 Transaction offset be Offset1 and Balance1 correspond to by modification order U1, Balance2 correspond to by modification order U2, thus Balance1 is encrypted by public keys Key128, transaction offset Offset1 and by modification order U1, Encrypted R-Balance1-3 is obtained, and by public keys Key128, transaction offset Offset1 and by modification order U2 Balance2 is encrypted, encrypted R-Balance2-3 is obtained.Simultaneously as Balance3 and Balance4 from Same transaction Tx4, so that Balance3 necessarily corresponds respectively to identical transaction offset from Balance4, different modified Order, the transaction offset for the Tx4 that for example trades are that Offset2 and Balance3 corresponds to by modification order U1, Balance4 Corresponding to by modification order U2, thus by public keys Key128, transaction offset Offset2 with by U1 pairs of modification order Balance3 is encrypted, and encrypted R-Balance3-3 is obtained, and passes through public keys Key128, transaction offset Offset2 encrypts Balance4 with by modification order U2, obtains encrypted R-Balance4-3.
In one embodiment, impact factor can be " the block height for locating block of trading ", " transaction is in locating block Position offset " and " contract state intelligent contract be performed by modification order ", may be implemented block dimension, transaction The control extension of dimension and state dimension, so that contract state all necessarily will not after encryption caused by any two contract state The governed value variation of generation rule, regardless of any two contract state whether comes from same transaction or difference is traded, no Whether same block or different blocks are come from transaction.Wherein, the multiple contract states generated for same transaction, can pass through Condition " contract state intelligent contract be performed by modification order " realize control extension, this is because same transaction generation Different contract states necessarily have it is different by modification order;And for the different contracts generated respectively of trading of same block State can also further pass through condition even if these contract states are having the same by modification number in respective transaction " position offset of the transaction in locating block " realizes control extension, this is because the different transaction of same block necessarily have Different position offsets;And for the contract state that multiple transaction of different blocks generate respectively, even if these contract states Having the same by modification number in respective transaction, can also further passing through condition, " block for locating block of trading is high Degree " realizes control extension, this is because the transaction of different blocks necessarily has different block height.
Still by taking above-mentioned block B1, B2 as an example.As shown in fig. 7, when block chain node considers block height, transaction pair simultaneously The position offset answered and contract state by modification order when, Balance1, Balance2 for being related to for block B1, The contracts state such as Balance3 and Balance4, since Balance1 and Balance2 is from transaction Tx1, so that Balance1 Necessarily corresponded respectively to from Balance2 it is different by modification order, for example Balance1 correspond to by modification order U1, Balance2 corresponds to by modification order U2, while the corresponding position offset of Tx1 that assumes to trade is Offset1, then can be with Balance1 is added by public keys Key128, block height H1, position offset Offset1 and by modification order U1 It is close, encrypted S-Balance1-4 is obtained, and pass through public keys Key128, block height H1, position offset Offset1 Balance2 is encrypted with by modification order U2, obtains encrypted S-Balance2-4.Simultaneously as Balance3 with Balance4 from transaction Tx2 so that Balance3 necessarily corresponded respectively to from Balance4 it is different by modification order, example Corresponded to by modification order U1, Balance4 by modification order U2 as Balance3 corresponds to, while assuming that transaction Tx2 is corresponding Position offset is Offset2, then can by public keys Key128, block height H1, position offset Offset2 and Balance3 is encrypted by modification order U1, obtains encrypted S-Balance3-4, and by public keys Key128, Block height H1, position offset Offset2 and Balance4 is encrypted by modification order U2, obtains encrypted S- Balance4-4。
Similarly, for contracts shapes such as block B2 Balance1, Balance2, Balance3 and Balance4 being related to State, since Balance1 and Balance2 is from transaction Tx3, so that Balance1 and Balance2 are necessarily corresponded respectively to not With by modification order, for example Balance1 corresponds to is corresponded to by modification order U2, simultaneously by modification order U1, Balance2 It is assumed that the corresponding position offset of transaction Tx3 is Offset1, then can pass through public keys Key128, block height H2, position It sets offset Offset1 and Balance1 is encrypted by modification order U1, obtain encrypted R-Balance1-4, and lead to It crosses public keys Key128, block height H2, position offset Offset1 and Balance2 is added by modification order U2 It is close, obtain encrypted R-Balance2-4.Simultaneously as Balance3 and Balance4 from transaction Tx4 so that Balance3 necessarily corresponds respectively to different by modification order from Balance4, and for example Balance3 corresponds to by modification order U1, Balance4 correspond to by modification order U2, while assuming that the corresponding position offset of transaction Tx4 is Offset2, then can With by public keys Key128, block height H2, position offset Offset2 and by modification order U1 to Balance3 carry out Encryption obtains encrypted R-Balance3-4, and passes through public keys Key128, block height H2, position offset Offset2 and Balance4 is encrypted by modification order U2, obtains encrypted R-Balance4-4.
In one embodiment, the encrypted transaction received is read in credible performing environment and is decrypted by block chain node And corresponding intelligent contract is executed, and encrypt in credible performing environment to the contract state for generating modification, be then written It is stored in database, it is ensured that it is ciphertext except credible performing environment, with assuring data security, and credible performing environment Within can decrypt calculation power to be handled in plain text, to make full use of CPU.
When block chain node encrypts contract state according to public keys and impact factor in credible performing environment, There are the cryptographic means of plurality of optional, can use for reference scrambling solutions in the related technology.Two kinds may be used below Scrambling solutions introduced.
In one embodiment, block chain node can be by GCM (Galois/Counter Mode) algorithm to above-mentioned conjunction About state is encrypted;Alphabetical G in GCM represent GMAC (Galois message authentication code mode, Galois Message Authentication Code), letter C represent CTR (CounTeR counter mode).The input of GCM algorithm includes 3 parts: to be added Ciphertext data, symmetric key and initialization vector (IV, Initialization Vector), can will be above-mentioned in this specification Contract state as be-encrypted data, using above-mentioned public keys as symmetric key needed for GCM algorithm, by above-mentioned influence The factor is as initialization vector needed for GCM algorithm, to encrypt to contract state, generates contract shape after corresponding encryption State and corresponding check code, the check code can be used for verifying the integrality of contract state after encryption.
Therefore, block chain node, can be by contract state phase after check code and encryption in contract state after storage encrypts Database is associatedly written.So, when contract state is decrypted after subsequent for encryption, if decryption failure can pass through Check code verifies contract state after encryption: when verifying successfully, show that the data of contract state after encrypting are complete, it should It is that failure, such as the key or impact factor mistake that input are decrypted as caused by other factors;When verifying failure, show to encrypt The data of contract state are imperfect afterwards.
In another embodiment, block chain node can generate derivative key according to public keys and impact factor, such as Hash operation or other operations will be carried out after public keys and impact factor splicing, to obtain derivative key;Then, block chain link Point can encrypt contract state according to derivative key, generate contract state after encryption.
In one embodiment, public keys is stored in the enclosure on block chain node.Since only CPU is able to access that enclosure The public keys of interior storage ensures that and adds so that the public keys safe enough, can not theoretically be obtained by criminal The safety of contract state after close.
Public keys can be by block chain node by extremely should after remote proving by Key Management server (KMS) distribution Block chain node;Alternatively, public keys can be by negotiating to obtain between each node in block chain network;Alternatively, can pass through Other modes obtain public keys, and this specification is limited not to this.
Based on above-mentioned approach obtain key can and non-public key.For example, the key that above-mentioned channel obtains can be Security key, and the security key may be implemented it is version evolving, thus develop obtain above-mentioned public keys.In other words, above-mentioned Public keys can be indicated release security key;Wherein, in the security key of adjacent version, the safety of lowest version is close Key is irreversibly calculated by the security key of highest version, and for example the security key of highest version is root key (root Key), and the security key of other versions is directly or indirectly irreversibly calculated by root key.Such as the safety of lowest version Key carries out Hash operation with presupposed information by the security key of highest version and obtains, then due to the characteristic of Hash operation, so that The security key of lowest version can not backstepping go out the security key of highest version, facilitate so real by the version evolution of security key Now to the replacement of public keys, and avoid using identical public keys for a long time.It, can be with also, when replacing public keys The version of key is always above the version for replacing preceding key after ensuring to replace, to ensure: on the one hand, even if previously used key It leaks, the key of highest version can also be changed to and stopped loss in time;On the other hand, as long as possessing the key of highest version, i.e., Can develop to obtain the key of lowest version, the key being previously used is compatible with, thus to the contract state of preceding encryption into Row decryption.
Version evolving rule between security key can be with are as follows: adjacent highest version key and adjacent lowest version key pair The version number answered carries out Hash operation, obtains adjacent lowest version key.For example, deriving version number if necessary is respectively 0 The key of~255 256 versions can breathe out root key with version number 0xFF (corresponding decimal system value is 255) It is uncommon to calculate, obtain the key key-255 that version number is 255;By by key key-255 and version factor 0xFE (corresponding ten System value is 254) to carry out Hash calculation, obtains the key key-254 that version number is 254;... by by key key-1 with Version factor 0x00 (corresponding decimal system value is 0) carries out Hash calculation, obtains the key key-0 that version number is 0.Due to breathing out The characteristic of uncommon algorithm so that the calculating between highest version key and lowest version key is irreversible, such as can by key key-1 with Version factor 0x00 is calculated key key-0, but can not by key key-0 with version factor 0x00 is counter releases key key-1.Therefore, the security key of a certain version can be selected, and is set to public keys used in block chain node, For contract state to be encrypted.
As previously mentioned, block chain node encrypts contract state according to public keys and impact factor, to be added Contract state after close.If public keys and impact factor are fixed value, only need public keys, impact factor point It is not stored separately in enclosure;But if public keys or impact factor have dynamic value, i.e., for different conjunctions When about state is encrypted, it is therefore possible to use different public keys or impact factor, then should storage encryption after contract shape When state, to public keys, the impact factor or for showing that the information of its value is associated storage accordingly used, in order to Subsequent implementation decryption oprerations.
It is assumed that the value of impact factor the factor and encryption there are dynamic change, can be will affect after contract state in association Database is written.Such as shown in Fig. 8, block chain node with the form of key-value pair (key-value) to contract state after encryption into Row storage.The value of Key can be determined with reference to mode in the related technology, such as key=hash (RLP (value)), i.e. key Value be RLP (Recursive Length Prefix, recursion length prefix) coding after value cryptographic Hash.And The component part of value may include: contract state, check value and impact factor after encryption.Contract state can be by upper after encryption The mode in embodiment is stated, is encrypted to obtain according to public keys and impact factor.And when using such as GCM algorithm or other When Encryption Algorithm implements encryption, check value can also be obtained;Certainly, if there is no check value, then can not be wrapped in value Containing check value.And the value of impact factor is there are a variety of situations described above, with impact factor includes simultaneously block height in Fig. 8 For degree, transaction offset and modification order, i.e., impact factor by the block height of block " trade locating ", " transaction is locating Position offset in block " and " contract state intelligent contract be performed by modification order " constitute.
Based on embodiment shown in Fig. 8, block chain node, can be from the key-value pair after reading this key-value pair Impact factor needed for obtaining decryption in value, so that contract state after encryption be decrypted in conjunction with public keys.And one In a little scenes, impact factor can be encrypted, for example memory phase by block chain node in TEE to impact factor into Row encryption, so that include encrypted impact factor in value, rather than the impact factor of plaintext version;Correspondingly, it is reading such as After key-value pair shown in Fig. 8, the impact factor for directly obtaining plaintext version will be unable to, can further be promoted to contract after encryption The decryption threshold of state promotes safety.
Block chain node can encrypt impact factor using arbitrary key.Although can also be using above-mentioned public Key pair impact factor is encrypted, but in order to increase the diversity of key, promote safety, it can be public using being different from Other key pair impact factors of key are encrypted.For example, when public keys is the key of aforementioned a certain version, to influence The key that the factor is encrypted can be another version, to be different from public keys;For example, version number can be used for 0 Minimum version key pair impact factor is encrypted, and the version number of public keys can be set to be naturally larger than 0.
There may be version informations for public keys, and for example public keys is the security key of above-mentioned a certain version.Block chain Node can include the version letter of public keys in value when the key-value pair of contract state after for encryption is stored Breath, the especially public keys that uses of block chain node are there are in the case where version updating, the version of currently employed public keys This may be different from the history public keys that contract state is used in encryption after previously stored encryption, thus institute in value The key that the version information contained uses needed for block chain node can be helped accurately to choose.Such as shown in Fig. 9, reality shown in Fig. 8 On the basis of applying example, information field may include in the value of key-value pair, which can further include version letter Subfield is ceased, which is used to record the version information of public keys.
Wherein, it after block chain node can encrypt version information, is added in value, rather than uses plaintext shape Formula recording version information.Key for encrypting to version information can be public keys, or be different from public keys its His key, such as similar with impact factor above-mentioned, can use version number for 0 minimum version key pair version information It is encrypted.
In conclusion this specification encrypts contract state according to public keys and impact factor, compared to simple It is encrypted using public keys, the randomness of contract state after encryption can be increased by impact factor, to promote data peace Quan Xing.
Figure 10 is a kind of schematic configuration diagram for equipment that an exemplary embodiment provides.Referring to FIG. 10, in hardware view, The equipment includes processor 1002, internal bus 1004, network interface 1006, memory 1008 and nonvolatile memory 1010, it is also possible that hardware required for other business certainly.Processor 1002 is read from nonvolatile memory 1010 Then corresponding computer program is run into memory 1008, it is real that the modification order based on contract state is formed on logic level The device of existing dynamic encryption.Certainly, other than software realization mode, it is not precluded in this specification one or more embodiment His implementation, such as logical device or the mode of software and hardware combining etc., that is to say, that the execution master of following process flow Body is not limited to each logic unit, is also possible to hardware or logical device.
Figure 11 is please referred to, in Software Implementation, the dress of dynamic encryption should be realized based on the modification order of contract state It sets and may include:
Decryption unit 1101 decrypts the transaction received in credible performing environment, with the corresponding intelligence of the determination transaction It can contract;
Execution unit 1102 executes the intelligent contract in credible performing environment, make include in the intelligent contract Contract state is modified;
Encryption unit 1103 carries out the contract state according to public keys and impact factor in credible performing environment Encryption, wherein the impact factor include the contract state the intelligent contract be performed by modification order;
Storage unit 1104, for contract state write-in database after encrypting.
Optionally, the impact factor further includes at least one of: the block height of block locating for the transaction, described Position offset of the transaction in locating block.
Optionally, database is written with contract state after the encryption in the impact factor in association.
Optionally, it is related to contract state after the encryption after the impact factor is encrypted in credible performing environment Connection ground write-in database.
Optionally, encryption unit 1103 is specifically used for:
Using the public keys as symmetric key needed for GCM algorithm, using the impact factor as needed for GCM algorithm Initialization vector, the contract state is encrypted by GCM algorithm, generates after the encryption contract state and corresponding Check code;Wherein, database is written with contract state after the encryption in the check code in association.
Optionally, encryption unit 1103 is specifically used for:
Derivative key is generated according to the public keys and the impact factor;
The contract state is encrypted according to the derivative key, generates contract state after the encryption.
Optionally, the public keys includes: the security key of indicated release;Wherein, in the security key of adjacent version In, the security key of lowest version is irreversibly calculated by the security key of highest version.
Optionally, the security key of highest version is root key, and the security key of other versions is directly or indirectly by described Root key is irreversibly calculated.
Optionally, data are written with contract state after the encryption in the version information of the public keys in association Library.
Optionally, it after the version information of the public keys is encrypted in credible performing environment, and is closed after the encryption About database is written in state in association.
System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity, Or it is realized by the product with certain function.A kind of typically to realize that equipment is computer, the concrete form of computer can To be personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media play In device, navigation equipment, E-mail receiver/send equipment, game console, tablet computer, wearable device or these equipment The combination of any several equipment.
In a typical configuration, computer includes one or more processors (CPU), input/output interface, network Interface and memory.
Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/or The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data. The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM), Digital versatile disc (DVD) or other optical storage, magnetic cassettes, disk storage, quantum memory, based on graphene Storage medium or other magnetic storage devices or any other non-transmission medium, can be used for storing can be accessed by a computing device Information.As defined in this article, computer-readable medium does not include temporary computer readable media (transitory media), Such as the data-signal and carrier wave of modulation.
It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludability It include so that the process, method, commodity or the equipment that include a series of elements not only include those elements, but also to wrap Include other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic want Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including described want There is also other identical elements in the process, method of element, commodity or equipment.
It is above-mentioned that this specification specific embodiment is described.Other embodiments are in the scope of the appended claims It is interior.In some cases, the movement recorded in detail in the claims or step can be come according to the sequence being different from embodiment It executes and desired result still may be implemented.In addition, process depicted in the drawing not necessarily require show it is specific suitable Sequence or consecutive order are just able to achieve desired result.In some embodiments, multitasking and parallel processing be also can With or may be advantageous.
The term that this specification one or more embodiment uses be only merely for for the purpose of describing particular embodiments, and It is not intended to be limiting this specification one or more embodiment.In this specification one or more embodiment and the appended claims Used in the "an" of singular, " described " and "the" be also intended to including most forms, unless context understands earth's surface Show other meanings.It is also understood that term "and/or" used herein refers to and includes one or more associated list Any or all of project may combine.
It will be appreciated that though this specification one or more embodiment may using term first, second, third, etc. come Various information are described, but these information should not necessarily be limited by these terms.These terms are only used to same type of information area each other It separates.For example, the first information can also be referred to as in the case where not departing from this specification one or more scope of embodiments Two information, similarly, the second information can also be referred to as the first information.Depending on context, word as used in this is " such as Fruit " can be construed to " ... when " or " when ... " or " in response to determination ".
The foregoing is merely the preferred embodiments of this specification one or more embodiment, not to limit this theory Bright book one or more embodiment, all within the spirit and principle of this specification one or more embodiment, that is done is any Modification, equivalent replacement, improvement etc. should be included within the scope of the protection of this specification one or more embodiment.

Claims (13)

1. a kind of method that the modification order based on contract state realizes dynamic encryption, comprising:
Block chain node decrypts the transaction received in credible performing environment, with the corresponding intelligent contract of the determination transaction;
The block chain node executes the intelligent contract in credible performing environment, makes the contract for including in the intelligent contract State is modified;
The block chain node adds the contract state according to public keys and impact factor in credible performing environment Close, database is written in contract state after encrypting, wherein the impact factor includes that the contract state is closed in the intelligence About be performed by modification order.
2. according to the method described in claim 1, the impact factor further includes at least one of: the transaction is in locating area The block height of block locating for position offset, the transaction in block.
3. method according to claim 1 or 2, the impact factor is write in association with contract state after the encryption Enter database.
4. according to the method described in claim 3, the impact factor in credible performing environment be encrypted after, with the encryption Database is written in contract state in association afterwards.
5. according to the method described in claim 1, the block chain node is in credible performing environment according to public keys and shadow Contract state described in factor pair is rung to be encrypted, comprising:
The block chain node using the public keys as symmetric key needed for GCM algorithm, using the impact factor as Initialization vector needed for GCM algorithm encrypts the contract state by GCM algorithm, generates contract after the encryption State and corresponding check code;Wherein, database is written with contract state after the encryption in the check code in association.
6. according to the method described in claim 1, the block chain node is in credible performing environment according to public keys and shadow Contract state described in factor pair is rung to be encrypted, comprising:
The block chain node generates derivative key according to the public keys and the impact factor;
The block chain node encrypts the contract state according to the derivative key, generates contract shape after the encryption State.
7. according to the method described in claim 1, the public keys includes: the security key of indicated release;Wherein, adjacent In the security key of version, the security key of lowest version is irreversibly calculated by the security key of highest version.
8. the security key of other versions is straight according to the method described in claim 7, the security key of highest version is root key It connects or is irreversibly calculated by the root key indirectly.
9. according to the method described in claim 7, the version information of the public keys by with contract state phase after the encryption Database is associatedly written.
10. according to the method described in claim 9, the version information of the public keys is encrypted in credible performing environment Afterwards, database is written in association with contract state after the encryption.
11. the device that a kind of modification order based on contract state realizes dynamic encryption, comprising:
Decryption unit decrypts the transaction received in credible performing environment, with the corresponding intelligent contract of the determination transaction;
Execution unit executes the intelligent contract in credible performing environment, makes the contract state for including in the intelligent contract It is modified;
Encryption unit encrypts the contract state according to public keys and impact factor in credible performing environment, Described in impact factor include the contract state the intelligent contract be performed by modification order;
Storage unit, for contract state write-in database after encrypting.
12. a kind of electronic equipment, comprising:
Processor;
Memory for storage processor executable instruction;
Wherein, the processor is by running the executable instruction to realize such as side of any of claims 1-10 Method.
13. a kind of computer readable storage medium, is stored thereon with computer instruction, realized such as when which is executed by processor The step of any one of claim 1-10 the method.
CN201910473002.5A 2019-05-31 2019-05-31 Method and device for realizing dynamic encryption based on contract state modification sequence Active CN110263547B (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN201910473002.5A CN110263547B (en) 2019-05-31 2019-05-31 Method and device for realizing dynamic encryption based on contract state modification sequence
PCT/CN2020/092231 WO2020238878A1 (en) 2019-05-31 2020-05-26 Dynamic encryption method and device
PCT/CN2020/092606 WO2020238958A1 (en) 2019-05-31 2020-05-27 Method and device for realizing dynamic encryption based on order of modification of contract state

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910473002.5A CN110263547B (en) 2019-05-31 2019-05-31 Method and device for realizing dynamic encryption based on contract state modification sequence

Publications (2)

Publication Number Publication Date
CN110263547A true CN110263547A (en) 2019-09-20
CN110263547B CN110263547B (en) 2021-07-20

Family

ID=67916437

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910473002.5A Active CN110263547B (en) 2019-05-31 2019-05-31 Method and device for realizing dynamic encryption based on contract state modification sequence

Country Status (2)

Country Link
CN (1) CN110263547B (en)
WO (1) WO2020238958A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020238959A1 (en) * 2019-05-31 2020-12-03 创新先进技术有限公司 Method and device for realizing dynamic encryption based on block height
WO2020238958A1 (en) * 2019-05-31 2020-12-03 创新先进技术有限公司 Method and device for realizing dynamic encryption based on order of modification of contract state
WO2020238878A1 (en) * 2019-05-31 2020-12-03 创新先进技术有限公司 Dynamic encryption method and device

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010056398A1 (en) * 2000-04-14 2001-12-27 E-Vantage International, Inc. Method and system for delivering foreign exchange risk management advisory solutions to a designated market
CN1909443A (en) * 2005-08-02 2007-02-07 三菱电机株式会社 Data distribution apparatus and data communications system
CN101330379A (en) * 2007-06-22 2008-12-24 华为技术有限公司 Method and apparatus for down distributing cryptographic key
CN104463001A (en) * 2014-12-19 2015-03-25 比特卡国际有限公司 Method for independently generating and storing encrypted digital currency private key and device for bearing encrypted digital currency private key
CN104661031A (en) * 2015-02-16 2015-05-27 华为技术有限公司 Method for coding and decoding video image, coding equipment and decoding equipment
US20160321751A1 (en) * 2015-04-28 2016-11-03 Domus Tower, Inc. Real-time settlement of securities trades over append-only ledgers
CN106548330A (en) * 2016-10-27 2017-03-29 上海亿账通区块链科技有限公司 Transaction verification method and system based on block chain
CN107294709A (en) * 2017-06-27 2017-10-24 阿里巴巴集团控股有限公司 A kind of block chain data processing method, apparatus and system
CN107342858A (en) * 2017-07-05 2017-11-10 武汉凤链科技有限公司 A kind of intelligent contract guard method and system based on trusted context
CN107425982A (en) * 2017-07-07 2017-12-01 众安信息技术服务有限公司 A kind of method and block chain for realizing intelligent contract data encryption
CN107911216A (en) * 2017-10-26 2018-04-13 矩阵元技术(深圳)有限公司 A kind of block chain transaction method for secret protection and system
CN108235772A (en) * 2017-12-29 2018-06-29 深圳前海达闼云端智能科技有限公司 Data processing method, device, storage medium and electronic equipment based on block chain
CN108377189A (en) * 2018-05-09 2018-08-07 深圳壹账通智能科技有限公司 User's communication encrypting method, device, terminal device and storage medium on block chain
WO2018200166A1 (en) * 2017-04-25 2018-11-01 Microsoft Technology Licensing, Llc Confidentiality in a consortium blockchain network
CN109191124A (en) * 2018-08-16 2019-01-11 北京京东尚科信息技术有限公司 Block chain network, dispositions method and storage medium

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8971535B2 (en) * 2010-05-27 2015-03-03 Bladelogic, Inc. Multi-level key management
CN108229962B (en) * 2018-01-04 2021-04-06 众安信息技术服务有限公司 Permission management method and system based on block chain
CN108632045A (en) * 2018-05-10 2018-10-09 阿里巴巴集团控股有限公司 A kind of block chain data processing method, device, processing equipment and system
CN110263547B (en) * 2019-05-31 2021-07-20 创新先进技术有限公司 Method and device for realizing dynamic encryption based on contract state modification sequence

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010056398A1 (en) * 2000-04-14 2001-12-27 E-Vantage International, Inc. Method and system for delivering foreign exchange risk management advisory solutions to a designated market
CN1909443A (en) * 2005-08-02 2007-02-07 三菱电机株式会社 Data distribution apparatus and data communications system
CN101330379A (en) * 2007-06-22 2008-12-24 华为技术有限公司 Method and apparatus for down distributing cryptographic key
CN104463001A (en) * 2014-12-19 2015-03-25 比特卡国际有限公司 Method for independently generating and storing encrypted digital currency private key and device for bearing encrypted digital currency private key
CN104661031A (en) * 2015-02-16 2015-05-27 华为技术有限公司 Method for coding and decoding video image, coding equipment and decoding equipment
US20160321751A1 (en) * 2015-04-28 2016-11-03 Domus Tower, Inc. Real-time settlement of securities trades over append-only ledgers
CN106548330A (en) * 2016-10-27 2017-03-29 上海亿账通区块链科技有限公司 Transaction verification method and system based on block chain
WO2018200166A1 (en) * 2017-04-25 2018-11-01 Microsoft Technology Licensing, Llc Confidentiality in a consortium blockchain network
CN107294709A (en) * 2017-06-27 2017-10-24 阿里巴巴集团控股有限公司 A kind of block chain data processing method, apparatus and system
CN107342858A (en) * 2017-07-05 2017-11-10 武汉凤链科技有限公司 A kind of intelligent contract guard method and system based on trusted context
CN107425982A (en) * 2017-07-07 2017-12-01 众安信息技术服务有限公司 A kind of method and block chain for realizing intelligent contract data encryption
CN107911216A (en) * 2017-10-26 2018-04-13 矩阵元技术(深圳)有限公司 A kind of block chain transaction method for secret protection and system
CN108235772A (en) * 2017-12-29 2018-06-29 深圳前海达闼云端智能科技有限公司 Data processing method, device, storage medium and electronic equipment based on block chain
CN108377189A (en) * 2018-05-09 2018-08-07 深圳壹账通智能科技有限公司 User's communication encrypting method, device, terminal device and storage medium on block chain
CN109191124A (en) * 2018-08-16 2019-01-11 北京京东尚科信息技术有限公司 Block chain network, dispositions method and storage medium

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
DAVID A. MCGREW, ET AL.: "The Galois/Counter Mode of Operation (GCM)", 《HTTPS://LUCA-GIUZZI.UNIBS.IT/CORSI/SUPPORT/PAPERS-CRYPTOGRAPHY/GCM-SPEC.PDF》 *
姚爽: "基于SGX保护国密算法运行环境的研究与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *
程涛, 等: "抗物理攻击存储安全技术研究综述", 《计算机应用研究》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020238959A1 (en) * 2019-05-31 2020-12-03 创新先进技术有限公司 Method and device for realizing dynamic encryption based on block height
WO2020238958A1 (en) * 2019-05-31 2020-12-03 创新先进技术有限公司 Method and device for realizing dynamic encryption based on order of modification of contract state
WO2020238878A1 (en) * 2019-05-31 2020-12-03 创新先进技术有限公司 Dynamic encryption method and device

Also Published As

Publication number Publication date
WO2020238958A1 (en) 2020-12-03
CN110263547B (en) 2021-07-20

Similar Documents

Publication Publication Date Title
CN110266467A (en) The method and device of dynamic encryption is realized based on block height
WO2020238255A1 (en) Smart contract management method and apparatus based on blockchain, and electronic device
CN109831298A (en) The method of security update key and node, storage medium in block chain
CN110032884A (en) The method and node, storage medium of secret protection are realized in block chain
CN110580245B (en) Private data sharing method and device
CN110276610B (en) Method and device for realizing dynamic encryption based on transaction offset
CN110263544A (en) In conjunction with the receipt storage method and node of type of transaction and Rule of judgment
CN110223172A (en) The receipt storage method and node of conditional combination code mark and type dimension
CN110033267A (en) Method, node, system and the storage medium of secret protection are realized in block chain
CN110245490A (en) The receipt storage method and node of conditional combination code mark and type dimension
CN110264195A (en) It is marked and transaction, the receipt storage method of user type and node in conjunction with code
CN110008736A (en) The method and node, storage medium of secret protection are realized in block chain
CN110245945A (en) In conjunction with the receipt storage method and node of code mark and user type
CN110245947A (en) The receipt storage method and node limited in conjunction with the condition of transaction and user type
CN110264196A (en) In conjunction with the conditional receipt storage method and node of code mark and user type
CN110266644A (en) In conjunction with the receipt storage method and node of code mark and type of transaction
CN110264198A (en) In conjunction with the conditional receipt storage method and node of code mark and type of transaction
CN110264192A (en) Receipt storage method and node based on type of transaction
CN110263086A (en) In conjunction with the receipt storage method and node of user type and event functions type
CN110245504A (en) The receipt storage method and node limited in conjunction with the condition of polymorphic type dimension
CN110245503A (en) In conjunction with the receipt storage method and node of code mark and Rule of judgment
CN110264197A (en) The receipt storage method and node of binding events type function and Rule of judgment
CN110245489A (en) Receipt storage method, node and system based on plaintext log
CN110245944A (en) Receipt storage method and node based on user type
CN110580417A (en) Private data query method and device based on intelligent contract

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20200925

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant after: Innovative advanced technology Co.,Ltd.

Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant before: Advanced innovation technology Co.,Ltd.

Effective date of registration: 20200925

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant after: Advanced innovation technology Co.,Ltd.

Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands

Applicant before: Alibaba Group Holding Ltd.

GR01 Patent grant
GR01 Patent grant