CN110266467A - The method and device of dynamic encryption is realized based on block height - Google Patents

The method and device of dynamic encryption is realized based on block height Download PDF

Info

Publication number
CN110266467A
CN110266467A CN201910471633.3A CN201910471633A CN110266467A CN 110266467 A CN110266467 A CN 110266467A CN 201910471633 A CN201910471633 A CN 201910471633A CN 110266467 A CN110266467 A CN 110266467A
Authority
CN
China
Prior art keywords
contract
block
transaction
encryption
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910471633.3A
Other languages
Chinese (zh)
Other versions
CN110266467B (en
Inventor
刘琦
闫莺
魏长征
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Advanced New Technologies Co Ltd
Advantageous New Technologies Co Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201910471633.3A priority Critical patent/CN110266467B/en
Priority to CN202110666018.5A priority patent/CN113438068B/en
Publication of CN110266467A publication Critical patent/CN110266467A/en
Priority to PCT/CN2020/092231 priority patent/WO2020238878A1/en
Priority to PCT/CN2020/092611 priority patent/WO2020238959A1/en
Application granted granted Critical
Publication of CN110266467B publication Critical patent/CN110266467B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3827Use of message hashing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Accounting & Taxation (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

This specification one or more embodiment provides a kind of method and device that dynamic encryption is realized based on block height, and this method may include: that block chain node decrypts the transaction received in credible performing environment, with the corresponding intelligent contract of the determination transaction;The block chain node executes the intelligent contract in credible performing environment, modifies the contract state for including in the intelligent contract;The block chain node encrypts the contract state according to public keys and impact factor in credible performing environment, and database is written in contract state after encrypting, wherein the impact factor includes the block height of block locating for the transaction.

Description

The method and device of dynamic encryption is realized based on block height
Technical field
This specification one or more embodiment is related to block chain technical field, more particularly to a kind of real based on block height The method and device of existing dynamic encryption.
Background technique
Block chain technology constructs on transmission network (such as point to point network).Network node in transmission network utilizes Linked data structure is verified and storing data, and knows together algorithm using distributed node to generate and more new data.These areas Node in block chain network is sometimes for increase.
Technically maximum two challenges are exactly privacy and performance to the block platform chain of enterprise-level at present, and often the two are chosen War is difficult to solve simultaneously.Most solutions are all to exchange privacy for by losing performance, or less consider that privacy goes the property pursued Energy.The encryption technology of common solution privacy concern, as homomorphic cryptography (Homomorphic encryption) and Zero Knowledge are demonstrate,proved Complexities such as bright (Zero-knowledge proof) are high, poor universality, but also may bring serious performance loss.
In terms of solving privacy, credible performing environment (Trusted Execution Environment, TEE) is another Kind settling mode.TEE can play the role of the black box in hardware, and the code and data executed in TEE all can not be by operation System layer is peeped, and only can just be operated on it by interface predetermined in code.It is black due to TEE in terms of efficiency Case property, carry out operation in TEE is clear data, rather than the complicated cryptography arithmetic in homomorphic cryptography, calculating process Inefficent loss, therefore combined with TEE and can largely promote block chain under the premise of performance loss is lesser Safety and privacy.Industry very pays close attention to the scheme of TEE at present, and the chip and software league of nearly all mainstream have certainly Oneself TEE solution, TPM (Trusted Platform Module, reliable platform module) including software aspects and Intel SGX (Software Guard Extensions, software protection extension), the ARMTrustzone of hardware aspect (trust Area) and AMD PSP (Platform Security Processor, platform safety processor).
Summary of the invention
In view of this, this specification one or more embodiment provides a kind of side for realizing dynamic encryption based on block height Method and device.
To achieve the above object, it is as follows to provide technical solution for this specification one or more embodiment:
According to this specification one or more embodiment in a first aspect, proposing a kind of based on block height realization dynamic The method of encryption, comprising:
Block chain node decrypts the transaction received in credible performing environment, is closed with the corresponding intelligence of the determination transaction About;
The block chain node executes the intelligent contract in credible performing environment, make include in the intelligent contract Contract state is modified;
The block chain node in credible performing environment according to public keys and impact factor to the contract state into Row encryption, database is written in contract state after encrypting, wherein the impact factor includes the area of block locating for the transaction Block height.
According to the second aspect of this specification one or more embodiment, propose a kind of based on block height realization dynamic The device of encryption, comprising:
Decryption unit decrypts the transaction received in credible performing environment, is closed with the corresponding intelligence of the determination transaction About;
Execution unit executes the intelligent contract in credible performing environment, makes the contract for including in the intelligent contract State is modified;
Encryption unit adds the contract state according to public keys and impact factor in credible performing environment It is close, wherein the impact factor includes the block height of block locating for the transaction;
Storage unit, for contract state write-in database after encrypting.
According to the third aspect of this specification one or more embodiment, a kind of electronic equipment is proposed, comprising:
Processor;
Memory for storage processor executable instruction;
Wherein, the processor is by running the executable instruction to realize method as described in relation to the first aspect.
According to the fourth aspect of this specification one or more embodiment, a kind of computer readable storage medium is proposed, The step of being stored thereon with computer instruction, method as described in relation to the first aspect realized when which is executed by processor.
Detailed description of the invention
Fig. 1 is a kind of schematic diagram for creation intelligence contract that an exemplary embodiment provides.
Fig. 2 is a kind of schematic diagram for calling intelligence contract that an exemplary embodiment provides.
Fig. 3 is a kind of flow chart for method that dynamic encryption is realized based on block height that an exemplary embodiment provides.
Fig. 4 is a kind of encryption schematic diagram of the impact factor that provides of exemplary embodiment when only including block height.
Fig. 5 be a kind of impact factor that an exemplary embodiment provides simultaneously include block height with trade offset when Encrypt schematic diagram.
Fig. 6 is a kind of impact factor that an exemplary embodiment provides while including block height and contract state is repaired Change encryption schematic diagram when order.
Fig. 7 is that a kind of impact factor that an exemplary embodiment provides includes block height, transaction offset and conjunction simultaneously About state by modification order when encryption schematic diagram.
Fig. 8 is a kind of structural schematic diagram of the key-value pair for contract state that an exemplary embodiment provides.
Fig. 9 is the structural schematic diagram of the key-value pair for another contract state that an exemplary embodiment provides.
Figure 10 is a kind of structural schematic diagram for equipment that an exemplary embodiment provides.
Figure 11 is a kind of block diagram for device that dynamic encryption is realized based on block height that an exemplary embodiment provides.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with this specification one or more embodiment.Phase Instead, they are only some aspects phases with the one or more embodiments of as detailed in the attached claim, this specification The example of consistent device and method.
It should be understood that the sequence that might not show and describe according to this specification in other embodiments executes The step of correlation method.In some other embodiments, step included by method can than described in this specification more It is more or less.In addition, single step described in this specification, may be broken down into other embodiments multiple steps into Row description;And multiple steps described in this specification, it may also be merged into single step progress in other embodiments Description.
Block chain is normally divided into three types: publicly-owned chain (Public Blockchain), privately owned chain (PrivateBlockchain) and alliance's chain (Consortium Blockchain).In addition, there are also a plurality of types of combinations, than Such as privately owned chain+alliance's chain, alliance's chain+publicly-owned chain different combinations.The participant of block chain, that is, block chain node (or referred to as Node), block chain node can read data record, the book keeping operation power participated in business and compete new block on chain etc., each Block chain node constitutes corresponding block chain network.In the block chain of the above-mentioned type, highest decentralization degree is public There is chain.For publicly-owned chain using bit coin, ether mill as representative, the participant that publicly-owned chain is added can read data record on chain, ginseng Weighed with the book keeping operation for trading and competing new block etc., and each participant freely can be added and exit network.Privately owned chain then on the contrary, The write-in permission of network of relation is by some tissue or mechanism controls, and reading data permission is organized or the regulation of mechanism.Simply For, privately owned chain can be weak center's system, and participant has stringent limitation and less.Such block chain is more suitable It is used together in particular organization inside.Alliance's chain is then the block chain between publicly-owned chain and privately owned chain, it can be achieved that " partially going Centralization ".Each node usually has corresponding physical mechanism or tissue in alliance's chain;Participant is added by authorization Network and composition interests correlation alliance, it is common to safeguard the operation of block chain.
Whether publicly-owned chain, privately owned chain or alliance's chain may all provide the function of intelligent contract.Intelligence on block chain Contract is the contract that can be executed by transaction triggering on block catenary system.Intelligent contract can pass through the formal definition of code.
By taking ether mill as an example, user is supported to create in the network of ether mill and call the logic of some complexity, this is ether Mill is different from the ultimate challenge of bit coin block chain technology.Ether mill is ether mill void as the core of a programmable block chain Quasi- machine (EVM), each ether mill node can run EVM.EVM is the complete virtual machine of figure spirit, it means that can be with The logic of various complexity is realized by it.It is exactly to run on EVM that user, which issues in ether mill and call intelligent contract,.It is real On border, what virtual machine was directly run is virtual machine code (Virtual Machine bytecodes, lower abbreviation " bytecode ").It is deployed on block chain Intelligent contract can be the form of bytecode.
Such as shown in Fig. 1, after a transaction comprising the intelligent contract information of creation is sent ether mill network by Bob, section The EVM of point 1 can execute this and trade and generate corresponding contract example." 0x6f8ae93 ... " in 1 in figure represents this The address of contract, what the data field of transaction saved can be bytecode, and the to field of transaction is sky.Pass through common recognition machine between node After system is reached an agreement, this contract is successfully created, and can be called in the follow-up process.After contract creation, on block chain There is a contract account corresponding with the intelligence contract, and possess a specific address, contract code will be stored in the conjunction About in account.The behavior of intelligent contract is controlled by contract code.In other words, intelligent contract to generate on block chain comprising closing The about virtual account of code and account storage (Storage).
As shown in Fig. 2, one is used to call the transaction of intelligent contract to be sent to ether mill by Bob still by taking ether mill as an example After network, the EVM of a certain node can execute this and trade and generate corresponding contract example.The from word traded in 2 in figure Section is the address of the account of transaction initiator (i.e. Bob), and " 0x6f8ae93 ... " in field represents called intelligence and close Address about, value field are the value of ether coin, the side of the intelligent contract of the calling that the data field of transaction saves in ether mill Method and parameter.Intelligent contract in a prescribed manner in block chain network each node disjoint execution, all execution record and Data are all stored on block chain, so just saving the transaction that can not be distorted, will not lose on block chain after the completion of transaction Voucher.
As previously mentioned, the intelligent contract being deployed on block chain can be the form of bytecode.Bytecode is by a series of Byte composition, each byte can identify an operation.Consider based on development efficiency, readability etc. are many-sided, developer can be with Bytecode is not write directly, but selects a high level language intelligence contract code.The intelligent contract of high level language Code is compiled by compiler, generates bytecode, and then the bytecode can be deployed on block chain.The height that ether mill is supported There are many grade language, such as Solidity, Serpent, LLL language.
By taking Solidity language as an example, the contract write with it and class (Class) the very phase in Object-Oriented Programming Language Seemingly, a variety of members, including contract state, function, function modifier, event etc. can be stated in a contract.Contract state It is the value being permanently stored in the account storage of intelligent contract, for saving the state of contract.
It is the example code for the simple intelligent contract write with Solidity language as follows:
In general, " balance " this corresponding storage state of contract state is bright after this contract is deployed in block chain Text, anyone is it can be seen that its state, the setting and ability of no secret protection.If user wants to play state secret protection Come, at present using zero-knowledge proof, homomorphic cryptography solution, need to rewrite this contract again so that " balance " this A contract state encipherment protection gets up, and needs support all operations of the balance in encrypted domain.General this cipher mode Operation is complicated, and is difficult the suitable algorithm of design and supports in encrypted domain.And combined in some block chains with TEE In solution, in order to realize secret protection, some or all of intelligent contract contract state, which is taken as, needs secret protection Data are stored in the database of block chain node maintenance.The database, physical support can be storage medium, such as hold Long property storage medium.
TEE is the security extension based on CPU hardware, and the credible performing environment completely isolated with outside.TEE be earliest by The concept that Global Platform is proposed, for solving the security isolation of resource in mobile device, being parallel to operating system is to answer Credible and secure performing environment is provided with program.The Trust Zone technology of ARM realizes the TEE technology of real commercialization earliest. And along with the high speed development of internet, safe demand is higher and higher, is not limited only to mobile device, cloud device, in data The heart all proposes more demands to TEE.The concept of TEE has also obtained the development and expansion of high speed.Described TEE is compared now It has been the TEE of more broad sense with the concept initially proposed.For example, server chips manufacturer Intel, AMD etc. are successively released The TEE of hardware auxiliary and the concept and characteristic for enriching TEE, have been widely recognized in industry.The TEE lifted now Usually more refer to the TEE technology of this kind of hardware auxiliary.Different from mobile terminal, cloud access needs to remotely access, terminal user couple Hardware platform is invisible, therefore seeks to the genuine and believable of confirmation TEE using the first step of TEE.Therefore present TEE technology is all Remote proving mechanism is introduced, endorsed by hardware vendor (mainly CPU manufacturer) and user couple is ensured by digital signature technology TEE state can verify that.
Meanwhile only the resource isolation of safety may also be unable to satisfy demand for security, so that further data-privacy Protection is also suggested.Including Intel SGX, the commercial TEE including AMD SEV also both provides memory encryption technology, will be credible Hardware is limited to inside CPU, and the data of bus and memory are that ciphertext prevents malicious user from being spied upon.For example, Intel Software protection extend the TEE technology insulation such as (SGX) code execution, remote proving, security configuration, the secure storage of data and For executing the trusted path of code.The application program run in TEE is kept safe, as a consequence it is hardly possible to be visited by third party It asks.
By taking Intel SGX technology as an example, SGX provides enclosure (enclave, also referred to as enclave), i.e., one adds in memory Close credible execution region, protects data not to be stolen by CPU.By taking a certain block chain node is using the CPU for supporting SGX as an example, Using newly-increased processor instruction, a part of region EPC (Enclave Page Cache, enclosure page can be distributed in memory Face caching or enclave page cache), by the crypto engine MEE (Memory Encryption Engine) in CPU to wherein Data encrypted.The content encrypted in EPC, which only enters after CPU, can just be decrypted into plain text.Therefore, in SGX, user It can distrust operating system, VMM (Virtual Machine Monitor, monitor of virtual machine), even BIOS (Basic Input Output System, basic input output system), it is only necessary to trust CPU just and can ensure that private data will not leak. Therefore, under the encipherment protection of CPU, intelligent contract can be executed in enclosure, generates contract state, and is hidden to needing in enclosure The contract state of private protection is encrypted, and then will be stored after the outflow of obtained ciphertext contract state, to both can use CPU Powerful calculating power, and do not have to concern of data and leak.
Fig. 3 is the flow chart that the method for dynamic encryption is realized in a kind of block chain of exemplary embodiment offer.Such as Fig. 3 Shown, this method is applied to block chain node, may comprise steps of:
Step 302, block chain node decrypts the transaction received in credible performing environment, is corresponded to the determination transaction Intelligent contract.
In one embodiment, client can create transaction, and the transaction is for creating or calling intelligent contract.Client can It is encrypted with the transaction by key pair, and encrypted transaction is sent to block chain node, so that block chain node can The encrypted transaction to be decrypted in credible performing environment, so that it is determined that the corresponding intelligent contract of the transaction.
As previously mentioned, when above-mentioned transaction is for when creating intelligent contract, the data field of the transaction to preserve intelligent contract Code corresponding intelligent contract can be read from the data field of the transaction so that after the transaction of block chain node decryption. When above-mentioned transaction is for when calling intelligent contract, the to field of the transaction to include the address of called intelligent contract, so that area After the transaction of block chain node decryption, the address of intelligent contract can be read from the to field of the transaction, and obtain based on the address Take the code of corresponding intelligent contract.
When transaction is for calling intelligent contract, the calling of multinest structure can be.For example, transaction calls directly intelligence Can and about 1, and the intelligence and about 1 code have invoked intelligence and about 2, and the code in intelligence and about 2 be directed toward it is intelligent with about 3 Contract address so that transaction actually have invoked indirectly intelligence and about 3 codes.In this way, whether intelligent and about 1, intelligence About 2 or intelligence and when about contract state defined in 3 is modified, this specification can to modified contract state into Row encryption storage.
In one embodiment, client can be symmetric cryptography, asymmetric encryption to the cipher mode of transaction, or symmetrical Encryption combines asymmetric encryption.When using symmetric cryptography, client encrypts transaction by encryption key, and block chain Node is decrypted transaction by identical encryption key;Correspondingly, used symmetric encipherment algorithm can be DES calculation Method, 3DES algorithm, TDEA algorithm, Blowfish algorithm, RC5 algorithm, IDEA algorithm etc..When using asymmetric encryption, client End encrypts transaction by public key, block chain node is decrypted transaction by private key;Correspondingly, used non-right Claim Encryption Algorithm, e.g. RSA, Elgamal, knapsack algorithm, Rabin, D-H, ECC (elliptic curve encryption algorithm) etc..When adopting When with symmetric cryptography combination asymmetric encryption, client can use symmetric cryptography using symmetric encipherment algorithm encryption transaction The key of algorithm encrypts transaction, and with the key used in rivest, shamir, adelman cryptographic symmetrical Encryption Algorithm, for example using non- The key used in the public key encryption symmetric encipherment algorithm of symmetric encipherment algorithm;In this way, block chain node receives the friendship of encryption Yi Hou can be first decrypted using the private key of rivest, shamir, adelman, obtain the key of symmetric encipherment algorithm, and then with symmetrically The key of Encryption Algorithm decrypts above-mentioned transaction.
Step 304, the block chain node executes the intelligent contract in credible performing environment, makes the intelligent contract In include contract state modified.
As previously mentioned, block chain node can be by executing intelligent contract, to ensure contract state and its value in TEE It will not leak.For example, block chain node can obtain the corresponding intelligent contract of transaction after decrypting process above-mentioned Plaintext code, and plaintext code obtained is executed in TEE.Specifically, block chain node can use the place increased newly in CPU Manage device instruction, a part of region EPC can be distributed in memory, by the crypto engine MEE in CPU to above-mentioned plaintext code into Row encryption is stored in the EPC.The content encrypted in EPC is decrypted into plain text after entering CPU, i.e., above-mentioned plaintext code makes Operation can be carried out to the plaintext code by obtaining CPU, complete implementation procedure.
In SGX technology, EVM can be loaded into above-mentioned enclosure, EVM be executed in enclosure above-mentioned Plaintext code, to make full use of the powerful calculation power of CPU.During remote proving, Key Management server can calculate this The hash value of ground EVM code, and compared with the hash value of the EVM code loaded in block chain node, the correct conduct of comparison result By a necessary condition of remote proving, to complete the measurement of the code loaded to block chain node SGX enclosure.Through excessive Amount, correct EVM can execute the plaintext code for corresponding intelligent contract of trading in SGX, and ensure that all correct EVM exist Result after executing same section of code is identical.
In general, after the plaintext code of the intelligent contract of CPU execution, part or all of contract shape defined in the plaintext code State can change, i.e., part or all of contract state is modified, and this specification can be for the contract state that these are modified It carries out after reliably encrypting, stores into the database of block chain node maintenance, to realize that high level data safety and privacy are protected Shield.
Step 306, the block chain node in credible performing environment according to public keys and impact factor to the conjunction About state is encrypted, and database is written in contract state after encrypting, wherein the impact factor includes locating for the transaction The block height of block.
It in one embodiment, is to write the contract state from the angle of block chain node by contract state deposit block chain Enter database, such as local database.The database, is generally stored among storage medium, and more common is persistence Storage medium.The persistent storage medium can be disk, floppy disk, be also possible to be powered after can restore data so as to Memory of persistent storage etc.
In one embodiment, block chain node can encrypt contract state according to public keys and impact factor, The effect by public keys and impact factor simultaneously of the value of contract state, identical in public keys after the encryption made In the case of, the randomness of contract state after encryption can be increased by the impact factor of differentiation.In other words, work as public keys It is acquired even if the contract state for identical value is encrypted by using different impact factors in identical situation Encryption after contract state will also have different values.Therefore, public keys progress is all made of compared to all contract states Encryption, can to avoid criminal grasp encryption after contract state value changing rule, prevent criminal by attempt and The value of contract state is compared and deduced, there is higher safety.
In one embodiment, impact factor can only include the block height of block locating for above-mentioned transaction.Therefore, for not With block transaction be performed after the contract state modified, block chain node will be using the impact factor of different values.So, When block chain node encrypts contract state according to public keys and impact factor, even if contract state before encrypting has There is identical value, since the block height as impact factor is different, can also make contract state after encryption entirely different, thus Increase the value randomness of contract state after encrypting.As it can be seen that when impact factor is the block height of the locating block of transaction, it can To increase the value randomness of contract state after each encryption in block dimension, it is ensured that the transaction of different blocks is corresponding The governed value variation of rule will not be generated after encryption between contract state.
It is assumed that including block B1 and block B2 in a certain block chain network, the block height of block B1 is H1, block B2 Block height be H2.For the sake of understanding, it is assumed that comprising transaction Tx1, Tx2 in block B1, in block B2 comprising transaction Tx3, Tx4, transaction Tx1, Tx3 corresponding position offset in block B1, B2 is Offset1, and trade Tx2, Tx4 are in area Corresponding position offset is Offset2 in block B1, B2;Meanwhile contract state is defined in trade Tx1, Tx3 Balance1, Balance2, transaction Tx2, Tx4 in define contract state Balance3, Balance4.
When impact factor only includes block height, as shown in Figure 4: for Balance1 involved in block B1, The contracts state such as Balance2, Balance3 and Balance4, and though each contract state whether from it is same transaction or not With transaction, be all made of public keys Key128 (i.e. version number be 128 security key, reference can be made to below with respect to key version Description;Alternatively, the public keys of other forms can be used, it is only used for illustrating herein) and block height H1 implementation cryptographic operation, To respectively obtain contract state after corresponding encryption, for example Balance1 corresponding S-Balance1-1, Balance2 are corresponded to The corresponding S-Balance4-1 of S-Balance2-1, Balance3 corresponding S-Balance3-1, Balance4 etc..
Similarly, for block B2, no matter whether each contract state trades from same transaction or difference, Cryptographic operation is implemented using public keys key128 and block height H2, so that contract state after corresponding encryption is respectively obtained, Such as the corresponding R- of Balance1 corresponding R-Balance1-1, Balance2 corresponding R-Balance2-1, Balance3 Corresponding R-Balance4-1 of Balance3-1, Balance4 etc..
Other than " the block height for locating block of trading ", impact factor can also further include other conditions, than As other conditions may include " position offset of the transaction in locating block ", " contract state is performed in intelligent contract By modification order " etc. one or more can be at other to obtain the impact factor as made of multiple conditional combinations Cryptographic operation is implemented to contract state in dimension.
In one embodiment, impact factor can be the block height of block, transaction at exchange in locating block Position offset.In conjunction with " trading in locating block to the condition block height of block " trade locating ", condition respectively above The description of position offset ", it is known that: the encryption control of block dimension may be implemented in condition " the block height for locating block of trading " It makes, ensure that contract state after encryption will not necessarily be made to generate the governed value variation of rule, condition " transaction between different blocks Position offset in locating block " may be implemented the control extension of transaction dimension, ensure the different transaction in same block Between will not necessarily make contract state after encryption generate rule governed value variation, then when impact factor includes simultaneously upper When stating two conditions, the control extension of block dimension and transaction dimension may be implemented, so that will not necessarily make between different transaction Contract state generates the governed value variation of rule after must encrypting, regardless of whether these transaction are in same block or not same district Block.Wherein, it trades, can be realized by condition " position offset of the transaction in locating block " for the difference of same block Control extension, this is because the different transaction in same block necessarily have different position offsets;And for different blocks Different transaction, even if these transaction are identical in the corresponding position offset of locating block, can also further pass through item Part " the block height for locating block of trading " realizes control extension, this is because the transaction of different blocks necessarily has different areas Block height.
Still by taking above-mentioned block B1, B2 as an example.As shown in figure 5, when block chain node considers block height and transaction simultaneously When corresponding position offset, for contracts such as block B1 Balance1, Balance2, Balance3 and Balance4 being related to State, since Balance1 and Balance2 are Offset1 from the corresponding position offset of transaction Tx1, transaction Tx1, Thus Balance1 and Balance2 is carried out by public keys Key128, block height H1 and position offset Offset1 Encrypt respectively, for example, obtain S-Balance1-2 after encrypting to Balance1, Balance2 is encrypted after obtain S- Balance2-2.Simultaneously as Balance3 and Balance4 are from the corresponding position offset of transaction Tx2, transaction Tx2 For Offset2, thus by public keys Key128, block height H1 and position offset Offset2 to Balance3 and Balance4 is encrypted respectively, for example is obtained S-Balance3-2 after encrypting to Balance3, carried out to Balance4 S-Balance4-2 is obtained after encryption.
Similarly, for block B2, since Balance1 and Balance2 is from transaction Tx3, Tx3 pairs of the transaction The position offset answered is Offset1, thus passes through public keys Key128, block height H2 and position offset Offset1 Balance1 and Balance2 is encrypted respectively, for example obtains R-Balance1-2, right after encrypting to Balance1 Balance2 obtains R-Balance2-2 after being encrypted.Simultaneously as Balance3 and Balance4 from transaction Tx4, The corresponding position offset of transaction Tx4 is Offset2, thus inclined by public keys Key128, block height H2 and position Shifting amount Offset2 encrypts Balance3 and Balance4 respectively, for example obtains R- after encrypting to Balance3 Balance3-2, R-Balance4-2 is obtained after encrypting to Balance4.
In one embodiment, impact factor can be the block height, contract state of block at exchange in intelligent contract Be performed by modification order.In conjunction with above respectively to condition " the block height of block locating for transaction ", condition " contract state Intelligent contract be performed by modification order " description, it is known that: the condition block height of block " trade locating " can be real The control extension of existing block dimension ensures necessarily make contract state generation rule after encryption governed between different blocks Value variation, condition " contract state intelligent contract be performed by modification order " the encryption control of state dimension may be implemented Making, ensuring will not necessarily make contract state generation rule after encryption governed between the different contract states of same transaction generation Value variation, then when impact factor includes above-mentioned two condition simultaneously, may be implemented block dimension and state dimension plus Close control, even if so that having the same by modification time between the contract state that multiple transaction in different blocks generate respectively Sequence also will not necessarily make contract state after encryption generate the governed value variation of rule.Wherein, same transaction is generated Multiple contract states, can by condition " contract state intelligent contract be performed by modification order " realize encryption control System, this is because it is same transaction generate different contract states necessarily have it is different by modification order;And for different blocks The contract state that generates respectively of multiple transaction, even if these contract states are having the same by modification time in respective transaction Number can also further pass through condition " the block height for locating block of trading " and realize control extension, this is because different blocks Transaction necessarily have different block height.
Still by taking above-mentioned block B1, B2 as an example.As shown in fig. 6, when block chain node considers block height and contract simultaneously State by modification order when, for contracts such as block B1 Balance1, Balance2, Balance3 and Balance4 being related to State, since Balance1 and Balance2 is from same transaction Tx1, so that Balance1 and Balance2 is necessarily right respectively Should be in different by modification order, for example Balance1, which corresponds to, is corresponded to by modification order U1, Balance2 by modification order U2, thus by public keys Key128, block height H1 with Balance1 is encrypted by modification order U1, encrypted S-Balance1-3 afterwards, and Balance2 is carried out with by modification order U2 by public keys Key128, block height H1 Encryption, obtains encrypted S-Balance2-3.Simultaneously as Balance3 and Balance4 makes from same transaction Tx2 Balance3 necessarily corresponds respectively to different by modification order from Balance4, for example Balance3 corresponds to secondary by modification Sequence U1, Balance4 corresponds to by modification order U2, thus by public keys Key128, block height H1 and by modification order U1 encrypts Balance3, obtains encrypted S-Balance3-3, and passes through public keys Key128, block height H1 Balance4 is encrypted with by modification order U2, obtains encrypted S-Balance4-3.
Similarly, for contracts shapes such as block B2 Balance1, Balance2, Balance3 and Balance4 being related to State, since Balance1 and Balance2 is from same transaction Tx3, so that Balance1 and Balance2 is necessarily respectively corresponded In different by modification order, for example Balance1, which corresponds to, is corresponded to by modification order U1, Balance2 by modification order U2, Thus by public keys Key128, block height H2 with Balance1 is encrypted by modification order U1, after obtaining encryption R-Balance1-3, and by public keys Key128, block height H2 with by modification order U2 Balance2 is added It is close, obtain encrypted R-Balance2-3.Simultaneously as Balance3 and Balance4 is from same transaction Tx4, so that Balance3 necessarily corresponds respectively to different by modification order from Balance4, and for example Balance3 corresponds to by modification order U1, Balance4 correspond to by modification order U2, thus by public keys Key128, block height H2 and by modification order U1 Balance3 is encrypted, obtains encrypted R-Balance3-3, and by public keys Key128, block height H2 with Balance4 is encrypted by modification order U2, obtains encrypted R-Balance4-3.
In one embodiment, impact factor can be " the block height for locating block of trading ", " transaction is in locating block Position offset " and " contract state intelligent contract be performed by modification order ", may be implemented block dimension, transaction The control extension of dimension and state dimension, so that contract state all necessarily will not after encryption caused by any two contract state The governed value variation of generation rule, regardless of any two contract state whether comes from same transaction or difference is traded, no Whether same block or different blocks are come from transaction.Wherein, the multiple contract states generated for same transaction, can pass through Condition " contract state intelligent contract be performed by modification order " realize control extension, this is because same transaction generation Different contract states necessarily have it is different by modification order;And for the different contracts generated respectively of trading of same block State can also further pass through condition even if these contract states are having the same by modification number in respective transaction " position offset of the transaction in locating block " realizes control extension, this is because the different transaction of same block necessarily have Different position offsets;And for the contract state that multiple transaction of different blocks generate respectively, even if these contract states Having the same by modification number in respective transaction, can also further passing through condition, " block for locating block of trading is high Degree " realizes control extension, this is because the transaction of different blocks necessarily has different block height.
Still by taking above-mentioned block B1, B2 as an example.As shown in fig. 7, when block chain node considers block height, transaction pair simultaneously The position offset answered and contract state by modification order when, Balance1, Balance2 for being related to for block B1, The contracts state such as Balance3 and Balance4, since Balance1 and Balance2 is from transaction Tx1, so that Balance1 Necessarily corresponded respectively to from Balance2 it is different by modification order, for example Balance1 correspond to by modification order U1, Balance2 corresponds to by modification order U2, while the corresponding position offset of Tx1 that assumes to trade is Offset1, then can be with Balance1 is added by public keys Key128, block height H1, position offset Offset1 and by modification order U1 It is close, encrypted S-Balance1-4 is obtained, and pass through public keys Key128, block height H1, position offset Offset1 Balance2 is encrypted with by modification order U2, obtains encrypted S-Balance2-4.Simultaneously as Balance3 with Balance4 from transaction Tx2 so that Balance3 necessarily corresponded respectively to from Balance4 it is different by modification order, example Corresponded to by modification order U1, Balance4 by modification order U2 as Balance3 corresponds to, while assuming that transaction Tx2 is corresponding Position offset is Offset2, then can by public keys Key128, block height H1, position offset Offset2 and Balance3 is encrypted by modification order U1, obtains encrypted S-Balance3-4, and by public keys Key128, Block height H1, position offset Offset2 and Balance4 is encrypted by modification order U2, obtains encrypted S- Balance4-4。
Similarly, for contracts shapes such as block B2 Balance1, Balance2, Balance3 and Balance4 being related to State, since Balance1 and Balance2 is from transaction Tx3, so that Balance1 and Balance2 are necessarily corresponded respectively to not With by modification order, for example Balance1 corresponds to is corresponded to by modification order U2, simultaneously by modification order U1, Balance2 It is assumed that the corresponding position offset of transaction Tx3 is Offset1, then can pass through public keys Key128, block height H2, position It sets offset Offset1 and Balance1 is encrypted by modification order U1, obtain encrypted R-Balance1-4, and lead to It crosses public keys Key128, block height H2, position offset Offset1 and Balance2 is added by modification order U2 It is close, obtain encrypted R-Balance2-4.Simultaneously as Balance3 and Balance4 from transaction Tx4 so that Balance3 necessarily corresponds respectively to different by modification order from Balance4, and for example Balance3 corresponds to by modification order U1, Balance4 correspond to by modification order U2, while assuming that the corresponding position offset of transaction Tx4 is Offset2, then can With by public keys Key128, block height H2, position offset Offset2 and by modification order U1 to Balance3 carry out Encryption obtains encrypted R-Balance3-4, and passes through public keys Key128, block height H2, position offset Offset2 and Balance4 is encrypted by modification order U2, obtains encrypted R-Balance4-4.
In one embodiment, the encrypted transaction received is read in credible performing environment and is decrypted by block chain node And corresponding intelligent contract is executed, and encrypt in credible performing environment to the contract state for generating modification, be then written It is stored in database, it is ensured that it is ciphertext except credible performing environment, with assuring data security, and credible performing environment Within can decrypt calculation power to be handled in plain text, to make full use of CPU.
When block chain node encrypts contract state according to public keys and impact factor in credible performing environment, There are the cryptographic means of plurality of optional, can use for reference scrambling solutions in the related technology.Two kinds may be used below Scrambling solutions introduced.
In one embodiment, block chain node can be by GCM (Galois/Counter Mode) algorithm to above-mentioned conjunction About state is encrypted;Alphabetical G in GCM represent GMAC (Galois message authentication code mode, Galois Message Authentication Code), letter C represent CTR (CounTeR counter mode).The input of GCM algorithm includes 3 parts: to be added Ciphertext data, symmetric key and initialization vector (IV, Initialization Vector), can will be above-mentioned in this specification Contract state as be-encrypted data, using above-mentioned public keys as symmetric key needed for GCM algorithm, by above-mentioned influence The factor is as initialization vector needed for GCM algorithm, to encrypt to contract state, generates contract shape after corresponding encryption State and corresponding check code, the check code can be used for verifying the integrality of contract state after encryption.
Therefore, block chain node, can be by contract state phase after check code and encryption in contract state after storage encrypts Database is associatedly written.So, when contract state is decrypted after subsequent for encryption, if decryption failure can pass through Check code verifies contract state after encryption: when verifying successfully, show that the data of contract state after encrypting are complete, it should It is that failure, such as the key or impact factor mistake that input are decrypted as caused by other factors;When verifying failure, show to encrypt The data of contract state are imperfect afterwards.
In another embodiment, block chain node can generate derivative key according to public keys and impact factor, such as Hash operation or other operations will be carried out after public keys and impact factor splicing, to obtain derivative key;Then, block chain link Point can encrypt contract state according to derivative key, generate contract state after encryption.
In one embodiment, public keys is stored in the enclosure on block chain node.Since only CPU is able to access that enclosure The public keys of interior storage ensures that and adds so that the public keys safe enough, can not theoretically be obtained by criminal The safety of contract state after close.
Public keys can be by block chain node by extremely should after remote proving by Key Management server (KMS) distribution Block chain node;Alternatively, public keys can be by negotiating to obtain between each node in block chain network;Alternatively, can pass through Other modes obtain public keys, and this specification is limited not to this.
Based on above-mentioned approach obtain key can and non-public key.For example, the key that above-mentioned channel obtains can be Security key, and the security key may be implemented it is version evolving, thus develop obtain above-mentioned public keys.In other words, above-mentioned Public keys can be indicated release security key;Wherein, in the security key of adjacent version, the safety of lowest version is close Key is irreversibly calculated by the security key of highest version, and for example the security key of highest version is root key (root Key), and the security key of other versions is directly or indirectly irreversibly calculated by root key.Such as the safety of lowest version Key carries out Hash operation with presupposed information by the security key of highest version and obtains, then due to the characteristic of Hash operation, so that The security key of lowest version can not backstepping go out the security key of highest version, facilitate so real by the version evolution of security key Now to the replacement of public keys, and avoid using identical public keys for a long time.It, can be with also, when replacing public keys The version of key is always above the version for replacing preceding key after ensuring to replace, to ensure: on the one hand, even if previously used key It leaks, the key of highest version can also be changed to and stopped loss in time;On the other hand, as long as possessing the key of highest version, i.e., Can develop to obtain the key of lowest version, the key being previously used is compatible with, thus to the contract state of preceding encryption into Row decryption.
Version evolving rule between security key can be with are as follows: adjacent highest version key and adjacent lowest version key pair The version number answered carries out Hash operation, obtains adjacent lowest version key.For example, deriving version number if necessary is respectively 0 The key of~255 256 versions can breathe out root key with version number 0xFF (corresponding decimal system value is 255) It is uncommon to calculate, obtain the key key-255 that version number is 255;By by key key-255 and version factor 0xFE (corresponding ten System value is 254) to carry out Hash calculation, obtains the key key-254 that version number is 254;... by by key key-1 with Version factor 0x00 (corresponding decimal system value is 0) carries out Hash calculation, obtains the key key-0 that version number is 0.Due to breathing out The characteristic of uncommon algorithm so that the calculating between highest version key and lowest version key is irreversible, such as can by key key-1 with Version factor 0x00 is calculated key key-0, but can not by key key-0 with version factor 0x00 is counter releases key key-1.Therefore, the security key of a certain version can be selected, and is set to public keys used in block chain node, For contract state to be encrypted.
As previously mentioned, block chain node encrypts contract state according to public keys and impact factor, to be added Contract state after close.If public keys and impact factor are fixed value, only need public keys, impact factor point It is not stored separately in enclosure;But if public keys or impact factor have dynamic value, i.e., for different conjunctions When about state is encrypted, it is therefore possible to use different public keys or impact factor, then should storage encryption after contract shape When state, to public keys, the impact factor or for showing that the information of its value is associated storage accordingly used, in order to Subsequent implementation decryption oprerations.
It is assumed that the value of impact factor the factor and encryption there are dynamic change, can be will affect after contract state in association Database is written.Such as shown in Fig. 8, block chain node with the form of key-value pair (key-value) to contract state after encryption into Row storage.The value of Key can be determined with reference to mode in the related technology, such as key=hash (RLP (value)), i.e. key Value be RLP (Recursive Length Prefix, recursion length prefix) coding after value cryptographic Hash.And The component part of value may include: contract state, check value and impact factor after encryption.Contract state can be by upper after encryption The mode in embodiment is stated, is encrypted to obtain according to public keys and impact factor.And when using such as GCM algorithm or other When Encryption Algorithm implements encryption, check value can also be obtained;Certainly, if there is no check value, then can not be wrapped in value Containing check value.And the value of impact factor is there are a variety of situations described above, with impact factor includes simultaneously block height in Fig. 8 For degree, transaction offset and modification order, i.e., impact factor by the block height of block " trade locating ", " transaction is locating Position offset in block " and " contract state intelligent contract be performed by modification order " constitute.
Based on embodiment shown in Fig. 8, block chain node, can be from the key-value pair after reading this key-value pair Impact factor needed for obtaining decryption in value, so that contract state after encryption be decrypted in conjunction with public keys.And one In a little scenes, impact factor can be encrypted, for example memory phase by block chain node in TEE to impact factor into Row encryption, so that include encrypted impact factor in value, rather than the impact factor of plaintext version;Correspondingly, it is reading such as After key-value pair shown in Fig. 8, the impact factor for directly obtaining plaintext version will be unable to, can further be promoted to contract after encryption The decryption threshold of state promotes safety.
Block chain node can encrypt impact factor using arbitrary key.Although can also be using above-mentioned public Key pair impact factor is encrypted, but in order to increase the diversity of key, promote safety, it can be public using being different from Other key pair impact factors of key are encrypted.For example, when public keys is the key of aforementioned a certain version, to influence The key that the factor is encrypted can be another version, to be different from public keys;For example, version number can be used for 0 Minimum version key pair impact factor is encrypted, and the version number of public keys can be set to be naturally larger than 0.
There may be version informations for public keys, and for example public keys is the security key of above-mentioned a certain version.Block chain Node can include the version letter of public keys in value when the key-value pair of contract state after for encryption is stored Breath, the especially public keys that uses of block chain node are there are in the case where version updating, the version of currently employed public keys This may be different from the history public keys that contract state is used in encryption after previously stored encryption, thus institute in value The key that the version information contained uses needed for block chain node can be helped accurately to choose.Such as shown in Fig. 9, reality shown in Fig. 8 On the basis of applying example, information field may include in the value of key-value pair, which can further include version letter Subfield is ceased, which is used to record the version information of public keys.
Wherein, it after block chain node can encrypt version information, is added in value, rather than uses plaintext shape Formula recording version information.Key for encrypting to version information can be public keys, or be different from public keys its His key, such as similar with impact factor above-mentioned, can use version number for 0 minimum version key pair version information It is encrypted.
In conclusion this specification encrypts contract state according to public keys and impact factor, compared to simple It is encrypted using public keys, the randomness of contract state after encryption can be increased by impact factor, to promote data peace Quan Xing.
Figure 10 is a kind of schematic configuration diagram for equipment that an exemplary embodiment provides.Referring to FIG. 10, in hardware view, The equipment includes processor 1002, internal bus 1004, network interface 1006, memory 1008 and nonvolatile memory 1010, it is also possible that hardware required for other business certainly.Processor 1002 is read from nonvolatile memory 1010 Then corresponding computer program is run into memory 1008, formed on logic level and realize dynamic encryption based on block height Device.Certainly, other than software realization mode, other realization sides are not precluded in this specification one or more embodiment Formula, such as logical device or the mode of software and hardware combining etc., that is to say, that the executing subject of following process flow is simultaneously unlimited Due to each logic unit, it is also possible to hardware or logical device.
Figure 11 is please referred to, in Software Implementation, should realize that the device of dynamic encryption may include: based on block height
Decryption unit 1101 decrypts the transaction received in credible performing environment, with the corresponding intelligence of the determination transaction It can contract;
Execution unit 1102 executes the intelligent contract in credible performing environment, make include in the intelligent contract Contract state is modified;
Encryption unit 1103 carries out the contract state according to public keys and impact factor in credible performing environment Encryption, wherein the impact factor includes the block height of block locating for the transaction;
Storage unit 1104, for contract state write-in database after encrypting.
Optionally, the impact factor further includes at least one of: positional shift of the transaction in locating block Amount, the contract state the intelligent contract be performed by modification order.
Optionally, database is written with contract state after the encryption in the impact factor in association.
Optionally, it is related to contract state after the encryption after the impact factor is encrypted in credible performing environment Connection ground write-in database.
Optionally, encryption unit 1103 is specifically used for:
Using the public keys as symmetric key needed for GCM algorithm, using the impact factor as needed for GCM algorithm Initialization vector, the contract state is encrypted by GCM algorithm, generates after the encryption contract state and corresponding Check code;Wherein, database is written with contract state after the encryption in the check code in association.
Optionally, encryption unit 1103 is specifically used for:
Derivative key is generated according to the public keys and the impact factor;
The contract state is encrypted according to the derivative key, generates contract state after the encryption.
Optionally, the public keys includes: the security key of indicated release;Wherein, in the security key of adjacent version In, the security key of lowest version is irreversibly calculated by the security key of highest version.
Optionally, the security key of highest version is root key, and the security key of other versions is directly or indirectly by described Root key is irreversibly calculated.
Optionally, data are written with contract state after the encryption in the version information of the public keys in association Library.
Optionally, it after the version information of the public keys is encrypted in credible performing environment, and is closed after the encryption About database is written in state in association.
System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity, Or it is realized by the product with certain function.A kind of typically to realize that equipment is computer, the concrete form of computer can To be personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media play In device, navigation equipment, E-mail receiver/send equipment, game console, tablet computer, wearable device or these equipment The combination of any several equipment.
In a typical configuration, computer includes one or more processors (CPU), input/output interface, network Interface and memory.
Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/or The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data. The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM), Digital versatile disc (DVD) or other optical storage, magnetic cassettes, disk storage, quantum memory, based on graphene Storage medium or other magnetic storage devices or any other non-transmission medium, can be used for storing can be accessed by a computing device Information.As defined in this article, computer-readable medium does not include temporary computer readable media (transitory media), Such as the data-signal and carrier wave of modulation.
It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludability It include so that the process, method, commodity or the equipment that include a series of elements not only include those elements, but also to wrap Include other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic want Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including described want There is also other identical elements in the process, method of element, commodity or equipment.
It is above-mentioned that this specification specific embodiment is described.Other embodiments are in the scope of the appended claims It is interior.In some cases, the movement recorded in detail in the claims or step can be come according to the sequence being different from embodiment It executes and desired result still may be implemented.In addition, process depicted in the drawing not necessarily require show it is specific suitable Sequence or consecutive order are just able to achieve desired result.In some embodiments, multitasking and parallel processing be also can With or may be advantageous.
The term that this specification one or more embodiment uses be only merely for for the purpose of describing particular embodiments, and It is not intended to be limiting this specification one or more embodiment.In this specification one or more embodiment and the appended claims Used in the "an" of singular, " described " and "the" be also intended to including most forms, unless context understands earth's surface Show other meanings.It is also understood that term "and/or" used herein refers to and includes one or more associated list Any or all of project may combine.
It will be appreciated that though this specification one or more embodiment may using term first, second, third, etc. come Various information are described, but these information should not necessarily be limited by these terms.These terms are only used to same type of information area each other It separates.For example, the first information can also be referred to as in the case where not departing from this specification one or more scope of embodiments Two information, similarly, the second information can also be referred to as the first information.Depending on context, word as used in this is " such as Fruit " can be construed to " ... when " or " when ... " or " in response to determination ".
The foregoing is merely the preferred embodiments of this specification one or more embodiment, not to limit this theory Bright book one or more embodiment, all within the spirit and principle of this specification one or more embodiment, that is done is any Modification, equivalent replacement, improvement etc. should be included within the scope of the protection of this specification one or more embodiment.

Claims (13)

1. a kind of method for realizing dynamic encryption based on block height, comprising:
Block chain node decrypts the transaction received in credible performing environment, with the corresponding intelligent contract of the determination transaction;
The block chain node executes the intelligent contract in credible performing environment, makes the contract for including in the intelligent contract State is modified;
The block chain node adds the contract state according to public keys and impact factor in credible performing environment Close, database is written in contract state after encrypting, wherein the impact factor includes the block height of block locating for the transaction Degree.
2. according to the method described in claim 1, the impact factor further includes at least one of: the transaction is in locating area Position offset, the contract state in block the intelligent contract be performed by modification order.
3. method according to claim 1 or 2, the impact factor is write in association with contract state after the encryption Enter database.
4. according to the method described in claim 3, the impact factor in credible performing environment be encrypted after, with the encryption Database is written in contract state in association afterwards.
5. according to the method described in claim 1, the block chain node is in credible performing environment according to public keys and shadow Contract state described in factor pair is rung to be encrypted, comprising:
The block chain node using the public keys as symmetric key needed for GCM algorithm, using the impact factor as Initialization vector needed for GCM algorithm encrypts the contract state by GCM algorithm, generates contract after the encryption State and corresponding check code;Wherein, database is written with contract state after the encryption in the check code in association.
6. according to the method described in claim 1, the block chain node is in credible performing environment according to public keys and shadow Contract state described in factor pair is rung to be encrypted, comprising:
The block chain node generates derivative key according to the public keys and the impact factor;
The block chain node encrypts the contract state according to the derivative key, generates contract shape after the encryption State.
7. according to the method described in claim 1, the public keys includes: the security key of indicated release;Wherein, adjacent In the security key of version, the security key of lowest version is irreversibly calculated by the security key of highest version.
8. the security key of other versions is straight according to the method described in claim 7, the security key of highest version is root key It connects or is irreversibly calculated by the root key indirectly.
9. according to the method described in claim 7, the version information of the public keys by with contract state phase after the encryption Database is associatedly written.
10. according to the method described in claim 9, the version information of the public keys is encrypted in credible performing environment Afterwards, database is written in association with contract state after the encryption.
11. a kind of device for realizing dynamic encryption based on block height, comprising:
Decryption unit decrypts the transaction received in credible performing environment, with the corresponding intelligent contract of the determination transaction;
Execution unit executes the intelligent contract in credible performing environment, makes the contract state for including in the intelligent contract It is modified;
Encryption unit encrypts the contract state according to public keys and impact factor in credible performing environment, Described in impact factor include block locating for the transaction block height;
Storage unit, for contract state write-in database after encrypting.
12. a kind of electronic equipment, comprising:
Processor;
Memory for storage processor executable instruction;
Wherein, the processor is by running the executable instruction to realize such as side of any of claims 1-10 Method.
13. a kind of computer readable storage medium, is stored thereon with computer instruction, realized such as when which is executed by processor The step of any one of claim 1-10 the method.
CN201910471633.3A 2019-05-31 2019-05-31 Method and device for realizing dynamic encryption based on block height Active CN110266467B (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
CN201910471633.3A CN110266467B (en) 2019-05-31 2019-05-31 Method and device for realizing dynamic encryption based on block height
CN202110666018.5A CN113438068B (en) 2019-05-31 2019-05-31 Method and device for realizing dynamic encryption based on block height
PCT/CN2020/092231 WO2020238878A1 (en) 2019-05-31 2020-05-26 Dynamic encryption method and device
PCT/CN2020/092611 WO2020238959A1 (en) 2019-05-31 2020-05-27 Method and device for realizing dynamic encryption based on block height

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910471633.3A CN110266467B (en) 2019-05-31 2019-05-31 Method and device for realizing dynamic encryption based on block height

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN202110666018.5A Division CN113438068B (en) 2019-05-31 2019-05-31 Method and device for realizing dynamic encryption based on block height

Publications (2)

Publication Number Publication Date
CN110266467A true CN110266467A (en) 2019-09-20
CN110266467B CN110266467B (en) 2021-04-27

Family

ID=67916276

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201910471633.3A Active CN110266467B (en) 2019-05-31 2019-05-31 Method and device for realizing dynamic encryption based on block height
CN202110666018.5A Active CN113438068B (en) 2019-05-31 2019-05-31 Method and device for realizing dynamic encryption based on block height

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN202110666018.5A Active CN113438068B (en) 2019-05-31 2019-05-31 Method and device for realizing dynamic encryption based on block height

Country Status (2)

Country Link
CN (2) CN110266467B (en)
WO (1) WO2020238959A1 (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110968895A (en) * 2019-11-29 2020-04-07 北京百度网讯科技有限公司 Data processing method and device, electronic equipment and storage medium
CN111160913A (en) * 2020-04-02 2020-05-15 支付宝(杭州)信息技术有限公司 Block chain account balance deposit certificate and recovery method and device
CN111523895A (en) * 2020-05-06 2020-08-11 杭州复杂美科技有限公司 Data delay publishing method, device and storage medium
CN111597567A (en) * 2020-05-14 2020-08-28 腾讯科技(深圳)有限公司 Data processing method, data processing device, node equipment and storage medium
WO2020238959A1 (en) * 2019-05-31 2020-12-03 创新先进技术有限公司 Method and device for realizing dynamic encryption based on block height
WO2020238878A1 (en) * 2019-05-31 2020-12-03 创新先进技术有限公司 Dynamic encryption method and device
CN112507369A (en) * 2021-01-29 2021-03-16 腾讯科技(深圳)有限公司 Service processing method and device based on block chain, readable medium and electronic equipment
CN112801785A (en) * 2021-01-13 2021-05-14 中央财经大学 Fair data transaction method and device based on block chain intelligent contract
CN113393327A (en) * 2021-06-10 2021-09-14 杭州溪塔科技有限公司 Privacy protection method and device for on-chain evidence-storing transaction and electronic equipment
CN115758396A (en) * 2022-08-31 2023-03-07 兰州大学 Database security access control technology based on trusted execution environment

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114679284A (en) * 2020-12-24 2022-06-28 中国移动通信有限公司研究院 Trusted remote attestation system, storage method, verification method and storage medium thereof

Citations (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101330379A (en) * 2007-06-22 2008-12-24 华为技术有限公司 Method and apparatus for down distributing cryptographic key
WO2017090041A1 (en) * 2015-11-24 2017-06-01 Ben-Ari Adi A system and method for blockchain smart contract data privacy
CN107273759A (en) * 2017-05-08 2017-10-20 上海点融信息科技有限责任公司 Method, equipment and computer-readable recording medium for protecting block chain data
CN107342858A (en) * 2017-07-05 2017-11-10 武汉凤链科技有限公司 A kind of intelligent contract guard method and system based on trusted context
CN107425982A (en) * 2017-07-07 2017-12-01 众安信息技术服务有限公司 A kind of method and block chain for realizing intelligent contract data encryption
CN108416577A (en) * 2018-03-02 2018-08-17 上海汉得信息技术股份有限公司 A kind of block chain service system
CN108632045A (en) * 2018-05-10 2018-10-09 阿里巴巴集团控股有限公司 A kind of block chain data processing method, device, processing equipment and system
CN108694587A (en) * 2017-04-05 2018-10-23 三星Sds株式会社 Transaction determines confidence level computational methods and block chain network monitoring system
US20180309569A1 (en) * 2017-04-25 2018-10-25 Entit Software Llc Format preserving encryption of object code
CN109039649A (en) * 2018-08-03 2018-12-18 北京大学深圳研究生院 Key management method, device and storage medium based on block chain in a kind of CCN
CN109450856A (en) * 2018-10-12 2019-03-08 西安电子科技大学 Data-link information flow control system and method based on block chain
CN109493049A (en) * 2018-11-21 2019-03-19 利尔·契夫 A kind of wallet asset protection system based on block chain
CN109559105A (en) * 2018-11-05 2019-04-02 深圳市恒达移动互联科技有限公司 Digital wallet generation method and system based on TEE and encryption chip
CN109587200A (en) * 2017-09-29 2019-04-05 中兴通讯股份有限公司 A kind of block chain, that is, service platform and system
CN109697613A (en) * 2018-12-29 2019-04-30 重庆巴奥科技有限公司 For network trade safety certification method and system in block chain
CN109741057A (en) * 2018-12-27 2019-05-10 石更箭数据科技(上海)有限公司 Collecting method and system, platform, storage medium
CN109766712A (en) * 2018-12-14 2019-05-17 华东师范大学 A kind of reference report circulation method based on block chain and Intel SGX
CN109768865A (en) * 2019-01-18 2019-05-17 深圳市威赫科技有限公司 Block chain upper body part under credible performing environment digitizes realization method and system
CN109792386A (en) * 2016-09-29 2019-05-21 诺基亚技术有限公司 Method and apparatus for trust computing
US20190164153A1 (en) * 2017-11-30 2019-05-30 Shashank Agrawal Blockchain system for confidential and anonymous smart contracts

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017122187A2 (en) * 2016-01-15 2017-07-20 Enrico Maim Methods and systems implemented in a network architecture with nodes capable of performing message-based transactions
US10764259B2 (en) * 2017-02-07 2020-09-01 Microsoft Technology Licensing, Llc Transaction processing for consortium blockchain network
US10742393B2 (en) * 2017-04-25 2020-08-11 Microsoft Technology Licensing, Llc Confidentiality in a consortium blockchain network
US11244309B2 (en) * 2017-11-22 2022-02-08 Cornell University Real-time cryptocurrency exchange using trusted hardware
CN109360091B (en) * 2018-08-30 2020-09-01 阿里巴巴集团控股有限公司 Random object selection method and device based on block chain
CN109345242B (en) * 2018-09-18 2022-10-28 百度在线网络技术(北京)有限公司 Key storage and update method, device, equipment and medium based on block chain
CN110276610B (en) * 2019-05-31 2021-04-06 创新先进技术有限公司 Method and device for realizing dynamic encryption based on transaction offset
CN110266467B (en) * 2019-05-31 2021-04-27 创新先进技术有限公司 Method and device for realizing dynamic encryption based on block height
CN110263547B (en) * 2019-05-31 2021-07-20 创新先进技术有限公司 Method and device for realizing dynamic encryption based on contract state modification sequence

Patent Citations (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101330379A (en) * 2007-06-22 2008-12-24 华为技术有限公司 Method and apparatus for down distributing cryptographic key
WO2017090041A1 (en) * 2015-11-24 2017-06-01 Ben-Ari Adi A system and method for blockchain smart contract data privacy
CN109792386A (en) * 2016-09-29 2019-05-21 诺基亚技术有限公司 Method and apparatus for trust computing
CN108694587A (en) * 2017-04-05 2018-10-23 三星Sds株式会社 Transaction determines confidence level computational methods and block chain network monitoring system
US20180309569A1 (en) * 2017-04-25 2018-10-25 Entit Software Llc Format preserving encryption of object code
CN107273759A (en) * 2017-05-08 2017-10-20 上海点融信息科技有限责任公司 Method, equipment and computer-readable recording medium for protecting block chain data
CN107342858A (en) * 2017-07-05 2017-11-10 武汉凤链科技有限公司 A kind of intelligent contract guard method and system based on trusted context
CN107425982A (en) * 2017-07-07 2017-12-01 众安信息技术服务有限公司 A kind of method and block chain for realizing intelligent contract data encryption
CN109587200A (en) * 2017-09-29 2019-04-05 中兴通讯股份有限公司 A kind of block chain, that is, service platform and system
US20190164153A1 (en) * 2017-11-30 2019-05-30 Shashank Agrawal Blockchain system for confidential and anonymous smart contracts
CN108416577A (en) * 2018-03-02 2018-08-17 上海汉得信息技术股份有限公司 A kind of block chain service system
CN108632045A (en) * 2018-05-10 2018-10-09 阿里巴巴集团控股有限公司 A kind of block chain data processing method, device, processing equipment and system
CN109039649A (en) * 2018-08-03 2018-12-18 北京大学深圳研究生院 Key management method, device and storage medium based on block chain in a kind of CCN
CN109450856A (en) * 2018-10-12 2019-03-08 西安电子科技大学 Data-link information flow control system and method based on block chain
CN109559105A (en) * 2018-11-05 2019-04-02 深圳市恒达移动互联科技有限公司 Digital wallet generation method and system based on TEE and encryption chip
CN109493049A (en) * 2018-11-21 2019-03-19 利尔·契夫 A kind of wallet asset protection system based on block chain
CN109766712A (en) * 2018-12-14 2019-05-17 华东师范大学 A kind of reference report circulation method based on block chain and Intel SGX
CN109741057A (en) * 2018-12-27 2019-05-10 石更箭数据科技(上海)有限公司 Collecting method and system, platform, storage medium
CN109697613A (en) * 2018-12-29 2019-04-30 重庆巴奥科技有限公司 For network trade safety certification method and system in block chain
CN109768865A (en) * 2019-01-18 2019-05-17 深圳市威赫科技有限公司 Block chain upper body part under credible performing environment digitizes realization method and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
姚爽: "基于SGX保护国密算法运行环境的研究与实现", 《中国优秀硕士学位论文 全文数据库 信息科技辑》 *

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020238959A1 (en) * 2019-05-31 2020-12-03 创新先进技术有限公司 Method and device for realizing dynamic encryption based on block height
WO2020238878A1 (en) * 2019-05-31 2020-12-03 创新先进技术有限公司 Dynamic encryption method and device
CN110968895A (en) * 2019-11-29 2020-04-07 北京百度网讯科技有限公司 Data processing method and device, electronic equipment and storage medium
CN111160913A (en) * 2020-04-02 2020-05-15 支付宝(杭州)信息技术有限公司 Block chain account balance deposit certificate and recovery method and device
CN111523895A (en) * 2020-05-06 2020-08-11 杭州复杂美科技有限公司 Data delay publishing method, device and storage medium
CN111597567B (en) * 2020-05-14 2022-03-04 腾讯科技(深圳)有限公司 Data processing method, data processing device, node equipment and storage medium
CN111597567A (en) * 2020-05-14 2020-08-28 腾讯科技(深圳)有限公司 Data processing method, data processing device, node equipment and storage medium
CN112801785A (en) * 2021-01-13 2021-05-14 中央财经大学 Fair data transaction method and device based on block chain intelligent contract
CN112801785B (en) * 2021-01-13 2023-10-20 中央财经大学 Fair data transaction method and device based on blockchain intelligent contract
CN112507369A (en) * 2021-01-29 2021-03-16 腾讯科技(深圳)有限公司 Service processing method and device based on block chain, readable medium and electronic equipment
CN112507369B (en) * 2021-01-29 2021-05-25 腾讯科技(深圳)有限公司 Service processing method and device based on block chain, readable medium and electronic equipment
CN113393327A (en) * 2021-06-10 2021-09-14 杭州溪塔科技有限公司 Privacy protection method and device for on-chain evidence-storing transaction and electronic equipment
CN115758396A (en) * 2022-08-31 2023-03-07 兰州大学 Database security access control technology based on trusted execution environment

Also Published As

Publication number Publication date
CN110266467B (en) 2021-04-27
CN113438068B (en) 2024-01-09
CN113438068A (en) 2021-09-24
WO2020238959A1 (en) 2020-12-03

Similar Documents

Publication Publication Date Title
CN110266467A (en) The method and device of dynamic encryption is realized based on block height
CN110032884A (en) The method and node, storage medium of secret protection are realized in block chain
CN109831298A (en) The method of security update key and node, storage medium in block chain
CN110032883A (en) Method, system and the node of secret protection are realized in block chain
CN110276610A (en) The method and device of dynamic encryption is realized based on transaction offset
CN110033267A (en) Method, node, system and the storage medium of secret protection are realized in block chain
CN110008736A (en) The method and node, storage medium of secret protection are realized in block chain
CN110223172A (en) The receipt storage method and node of conditional combination code mark and type dimension
CN110263544A (en) In conjunction with the receipt storage method and node of type of transaction and Rule of judgment
CN110264195A (en) It is marked and transaction, the receipt storage method of user type and node in conjunction with code
CN110245490A (en) The receipt storage method and node of conditional combination code mark and type dimension
CN110264192A (en) Receipt storage method and node based on type of transaction
CN110245947A (en) The receipt storage method and node limited in conjunction with the condition of transaction and user type
CN110264197A (en) The receipt storage method and node of binding events type function and Rule of judgment
CN110060054A (en) Method, node, system and the storage medium of secret protection are realized in block chain
CN110266644A (en) In conjunction with the receipt storage method and node of code mark and type of transaction
CN110264198A (en) In conjunction with the conditional receipt storage method and node of code mark and type of transaction
CN110245945A (en) In conjunction with the receipt storage method and node of code mark and user type
CN110264196A (en) In conjunction with the conditional receipt storage method and node of code mark and user type
CN110245942A (en) In conjunction with the receipt storage method and node of user type and Rule of judgment
CN110245504A (en) The receipt storage method and node limited in conjunction with the condition of polymorphic type dimension
CN110245944A (en) Receipt storage method and node based on user type
CN110263086A (en) In conjunction with the receipt storage method and node of user type and event functions type
CN110580245A (en) private data sharing method and device
CN110245503A (en) In conjunction with the receipt storage method and node of code mark and Rule of judgment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20200924

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant after: Innovative advanced technology Co.,Ltd.

Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant before: Advanced innovation technology Co.,Ltd.

Effective date of registration: 20200924

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant after: Advanced innovation technology Co.,Ltd.

Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands

Applicant before: Alibaba Group Holding Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant