Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the following exemplary embodiments do not represent all implementations consistent with one or more embodiments of the present specification. Rather, they are merely examples of apparatus and methods consistent with certain aspects of one or more embodiments of the specification, as detailed in the claims which follow.
It should be noted that: in other embodiments, the steps of the corresponding methods are not necessarily performed in the order shown and described herein. In some other embodiments, the method may include more or fewer steps than those described herein. Moreover, a single step described in this specification may be broken down into multiple steps for description in other embodiments; multiple steps described in this specification may be combined into a single step in other embodiments.
Referring to fig. 1, fig. 1 is a schematic diagram illustrating a network environment related to a blockchain according to the present disclosure.
In a network environment as shown in fig. 1, may include a client-side computing device 101, a server-side 102, and at least one blockchain system; such as blockchain system 103, blockchain system 104, and blockchain system 105.
In one embodiment, the client-side computing device 101, may include a variety of different types of client-side computing devices; for example, the client side terminal device may include devices such as a PC terminal device, a mobile terminal device, an internet of things device, and other forms of smart devices with certain computing capabilities, and so on.
In one embodiment, at least a portion of the computing devices in the client-side terminal device 101 may be connected to the server-side 102 through various communication networks; for example, the device 1 and the device 2 shown in fig. 1 are connected to the server side 102.
It is understood that some terminal devices in the client-side terminal device 101 may not be connected to the server-side terminal device 102, but may be directly connected to the blockchain system as blockchain nodes through various communication networks; for example, the apparatus 4 shown in fig. 1 may be connected as a blockchain link point to a blockchain system.
Wherein, the communication network may comprise a wired and/or wireless communication network; for example, the Network may be a Local Area Network (LAN), a Wide Area Network (WAN), the internet, or a combination thereof, implemented based on a wired access Network or a wireless access Network provided by an operator, such as a mobile cellular Network.
In one embodiment, the client-side computing device 101, may also include one or more user-side servers; such as the device 5 shown in fig. 1. At least a part of the computing devices in the client-side terminal device 101 may be connected to the user-side server, and the user-side server may further be connected to the server 102; for example, the devices 1 and 2 shown in fig. 1 are connected to the device 5, and the device 5 is further connected to the server side 102.
In an embodiment, the user-side server may be implemented by a service entity that establishes a user account system; the service entity may include an operation entity providing various service bearers for online and/or offline services to a user;
the service carrier may include a service carrier in a software form, and may also include a service carrier in a hardware form.
In one embodiment, the service carrier may include various client software providing online internet services; such as a website, web page, APP, etc.
In an embodiment, the service carrier may also include various intelligent devices deployed offline and capable of providing offline services; for example, intelligent express cabinets are deployed in residential areas, office areas, and public places.
Correspondingly, the operation entity may include an operator corresponding to the service bearer; for example, the operation entity may include an individual, an organization, a company, an enterprise, and the like that operate and manage the service carrier.
In one embodiment, the server side 102 may also be connected to one or more blockchain systems through various communication networks; for example, the server side 102 shown in fig. 1 may be connected to the blockchain system 103, the blockchain system 104, and the blockchain system 105, respectively, and so on.
In one embodiment, each blockchain system may maintain one or more blockchains (e.g., public blockchains, private blockchains, federation blockchains, etc.) and include a plurality of blockchain nodes for carrying the one or more blockchains; for example, a block chain node 1, a block link point 2, a block link point 3, a block link point 4, a block link point i, etc., as shown in fig. 1, may collectively carry one or more block chains. And cross-chain data access can be performed among the blockchains contained in each blockchain system and among the blockchain systems.
In one embodiment, the block link points may include full nodes and light nodes. The whole node can download the blockchain transaction contained in each block in the blockchain in a whole amount, and can perform consensus verification on the blockchain transaction contained in each blockchain according to the carried blockchain consensus algorithm.
And the light node may not download the complete blockchain, but may only download the data of the block header of each block in the blockchain, and use the data contained in the block header as a verification root for verifying the authenticity of the blockchain transaction. Light nodes may attach to full nodes to access more functions of the blockchain.
For example, each blockchain node in the blockchain system 103 shown in fig. 1 may be a full node; the device 4 shown in fig. 1, which is directly connected to the blockchain system, may be attached to each full node in the blockchain system 103 as a light node.
In one embodiment, a block link point may be a physical device, or may be a virtual device implemented in a server or a server cluster;
for example, the block-node device may be a physical host in a server cluster, or may be a virtual machine created after a virtualization technology is performed on a server or a hardware resource carried by the server cluster. Each blockchain node can be connected together by various types of communication methods (such as TCP/IP) to form a network so as to carry one or more blockchains.
In one embodiment, the server 102 may include a BaaS platform (also referred to as a BaaS cloud) for providing a Blockchain as a Service (BaaS). The BaaS platform can provide a pre-programmed software mode for activities (such as subscription and notification, user verification, database management and remote updating) occurring on a block chain, provides simple and easy-to-use block chain service which is deployed by one key, fast in verification and flexible and customizable for client-side computing equipment connected with the BaaS platform, and further can accelerate the development, test and online of block chain service application and assist the landing of block chain business application scenes of various industries.
For example, in one example, a BaaS platform may provide software such as MQ (Message Queue) services; the client-side computing equipment connected with the BaaS platform can subscribe an intelligent contract deployed on a certain block chain in a block chain system connected with the BaaS platform and trigger a contract event generated on the block chain after execution; and the BaaS platform can monitor the event generated on the block chain after the intelligent contract is triggered to execute, and then add the contract event into the message queue in the form of notification message based on the software related to MQ service, so that the client-side computing device subscribing the message queue can obtain the notification related to the contract event.
In one embodiment, the BaaS platform may also provide enterprise-level platform services based on blockchain technology to help enterprise-level customers construct a secure and stable blockchain environment and easily manage deployment, operation, maintenance, and development of blockchains.
For example, in one example, the BaaS platform may implement rich security policies and multi-tenant isolation environments based on cloud technology, provide advanced security protection based on chip encryption technology, provide highly reliable data storage based on high availability end-to-end services that can be quickly extended without interruption;
in another example, enhanced management functionality may also be provided to assist customers in building enterprise-level blockchain network environments; and, local support can also be provided for standard blockchain applications and data, supporting mainstream open source blockchain technologies such as Hyperhedger Fabric and Enterprise Ethereum-Quorum, to build an open and inclusive technology ecosystem.
In the embodiment of the present specification, each blockchain node in the blockchain system 103 is deployed in a TEE (Trusted Execution Environment), the deployed intelligent contracts run in a TEE environment, can provide credible and verifiable services for users, the BaaS platform included in the server 102 provides a cross-chain service, and a cross-chain service program corresponding to the cross-chain service runs in a TEE deployed in the server 102, from another perspective, this is equivalent to the blockchain system 103 shown in figure 1 being considered as the first blockchain network to which this description refers, any blockchain node such as blockchain node 2 can be regarded as the first blockchain node referred to in this specification, the server 102 corresponds to a cross-chain system referred to in this specification, and the blockchain system 105 or the blockchain system 104 corresponds to a second blockchain network referred to in this specification.
Fig. 2 is a diagram of a network architecture shown in accordance with an example embodiment and including a first blockchain node in a first blockchain network, a second blockchain node in a second blockchain network, and a cross-chain system, wherein an intelligent contract, such as a cross-chain contract, a P2P (peer-to-peer) contract, and a business contract, is run in a trusted execution environment deployed in the first blockchain node, a trusted execution environment may also be deployed in the second blockchain node, and an intelligent contract is run in the trusted execution environment. The second blockchain network refers to a blockchain network designated by a cross-chain message sent by a first blockchain node and received, and includes a plurality of blockchain nodes, and the second blockchain node may be a proxy blockchain node anchored to the cross-chain system in the second blockchain network, or may be any blockchain node in the second blockchain network. The cross-chain system can establish network connection with only the block chain link points corresponding to the second block chain network to realize information interaction, and can also establish network connection with a plurality of block chain link points corresponding to the block chain network including the second block chain network to realize information interaction.
Embodiments of the present specification relate to a Trusted Execution Environment (TEE) that may provide a secure execution environment for software, where the TEE is a CPU hardware-based secure extension and is completely isolated from the outside. TEE was originally proposed by Global Platform to address the secure isolation of resources on mobile devices, providing a trusted and secure execution environment for applications parallel to the operating system. The industry is concerned with TEE solutions, and almost all mainstream chip and software consortiums have their own TEE solutions, such as TPM (Trusted Platform Module) in software, and Intel SGX, ARM Trustzone (Trusted zone), AMD PSP (Platform Security Processor) in hardware.
The Intel SGX (hereinafter referred to as SGX) technology is taken as an example. The blockchain node may create enclave (enclosure or enclave) based on SGX technology as a TEE for performing blockchain transactions. The block link point may allocate a partial area EPC (enclosure Page Cache, Enclave Page Cache, or Enclave Page Cache) in the memory by using a newly added processor instruction in the CPU, so as to reside the above-mentioned enclosure. The memory area corresponding to the EPC is encrypted by a memory Encryption engine mee (memory Encryption engine) inside the CPU, the contents (code and data in the enclave) in the memory area can be decrypted only in the CPU core, and a key for Encryption and decryption is generated and stored in the CPU only when the EPC is started. It can be seen that the security boundary of enclave only includes itself and the CPU, and no matter privileged or non-privileged software can not access enclave, even an operating system administrator and a VMM (virtual machine monitor, or called Hypervisor) can not affect code and data in enclave, so that the enclave has extremely high security.
Fig. 3 is a flowchart illustrating a method for message cross-link transmission according to an exemplary embodiment, where the method is applied to a first blockchain node in the first blockchain network illustrated in fig. 2, and includes:
s302: acquiring a cross-chain transaction ciphertext aiming at a second blockchain network, executing a cross-chain transaction obtained by decrypting the cross-chain transaction ciphertext in a trusted execution environment, encrypting and storing a cross-chain message generated by executing the cross-chain transaction, wherein a message cross-chain event generated by triggering after the cross-chain transaction is executed comprises a message identifier corresponding to the cross-chain message.
The second blockchain network related to the embodiment of the present specification is specifically a privacy blockchain network, and therefore each blockchain node in the second blockchain network is deployed with a TEE, and an intelligent contract is run in the TEE, data will run in plaintext when inside the TEE, and data outside the TEE is encrypted by a key maintained by the TEE, for example, a transaction sent to the second blockchain network needs to be in a ciphertext state first, only when each node in the second blockchain network decrypts a received transaction ciphertext in the TEE can be executed, and information and blockchain information that need to be stored in the database in the transaction execution process can be stored in the database after being encrypted in the TEE, so that an external device cannot know information on the second blockchain network by reading the database, and privacy of the second blockchain network is ensured.
In the embodiment of the specification, intelligent contracts are deployed on the first blockchain network, the cross-chain transaction is a transaction for calling the intelligent contracts deployed on the first blockchain network, and meanwhile contract logic for executing the cross-chain transaction is included in the intelligent contracts called by the cross-chain transaction; alternatively, the contract logic for performing the cross-chain transaction includes: first contract logic defined in intelligent contracts invoked by the cross-chain transactions, and second contract logic defined in other contracts deployed on first block link points, the other contracts including communication contracts and/or cross-chain contracts. In the case that the other contracts comprise communication contracts, the first contract logic is used for generating cross-chain information according to the cross-chain transaction, and the second contract logic is used for packaging the cross-chain information into the cross-chain information by adopting a preset communication protocol; the first contract logic is further used for triggering encryption storage of the cross-chain message and writing of a message identifier corresponding to the cross-chain message in the message cross-chain event; under the condition that the other contracts comprise cross-link contracts, the first contract logic is used for generating cross-link information according to the cross-link transaction and packaging the cross-link information into the cross-link message by adopting a preset communication protocol, and the second contract logic is used for triggering encryption storage of the cross-link message and writing a message identifier corresponding to the cross-link message in the message cross-link event; in the case where the other contracts include the correspondence contract and the cross-chain contract, the first contract logic is configured to generate cross-chain information from the cross-chain transaction, and the second contract logic includes contract logic defined in the correspondence contract and the cross-chain contract, respectively, wherein: and the contract logic defined in the communication contract is used for packaging the cross-chain information into the cross-chain message by adopting a preset communication protocol, and the contract logic defined in the cross-chain contract is used for triggering encryption storage of the cross-chain message and writing the message identifier corresponding to the cross-chain message in the message cross-chain event.
The communication contract referred to in this specification may specifically include P2P contract, P2P contract is a system contract on a blockchain network, which is essentially a callable program that writes P2P communication modules in the form of contracts in blockchain point instance code, like the P2P module in the prior art, the P2P contract has basic network communication functions, and specifically, the P2P contract has the properties of both client and server, can encapsulate and send messages based on the P2P communication protocol, and receiving and decapsulating the message and maintaining routing information for other blockchain nodes in the blockchain network, thus, for example, in this specification, a P2P contract at a first block link point may respond to the message request transaction by returning the cross-chain message ciphertext back to the cross-chain system, while a P2P contract at a second block link point may decapsulate the received cross-chain message.
The contract logic for executing cross-chain transaction referred to in the present specification specifically refers to: generating a cross-chain demand corresponding to cross-chain information in the process of executing the cross-chain transaction, packaging each item of additional information of the cross-chain information to obtain cross-chain information, generating a message identifier corresponding to the cross-chain information, storing the cross-chain information in a database in an encrypted manner, maintaining the corresponding relationship between the message identifier and the cross-chain information in a contract, and finally writing the message identifier in a message cross-chain event which triggers a generated receipt after the execution of the cross-chain transaction is finished. For example, in an embodiment, when a first blockchain node executes a cross-chain transaction in a trusted execution environment, a service contract is called first, where the service contract is an intelligent contract directly called by the cross-chain transaction, the service contract may obtain cross-chain information from the cross-chain transaction, or after a cross-chain requirement corresponding to the cross-chain information is generated in the execution process, a call request is triggered to call a P2P contract, the P2P contract obtains the call request of the service contract, extracts the cross-chain information included in the call request, packages the cross-chain information with information such as a serial number, a domain name of a target blockchain network, an address of a target intelligent contract, and the like, further sends the call request including the preliminarily packaged cross-chain information to the cross-chain contract, and after the cross-chain contract receives the preliminarily packaged cross-chain information included in the call request, continues to package version information on the cross-chain information, The method includes the steps that information such as sender identity, protocol type and the like is finally obtained, completely packaged cross-chain information, namely cross-chain information is finally obtained, after the cross-chain information is obtained, a hash value obtained by performing hash operation on the cross-chain information is used as a message identifier of the cross-chain information and written into a message cross-chain event, meanwhile, the cross-chain information is stored in a database after being encrypted in a TEE, the message identifier is used as an index of the cross-chain information and is used for reading the encrypted cross-chain information in the database through the message identifier, a calling request sent by the service contract or the P2P contract comprises a local transaction form, it is required to be pointed out that the local transaction does not participate in consensus in the execution process and a calling party can directly obtain an execution result of the local transaction in the form of the message identifier, all contract logics required by executing the cross-chain transaction are obtained through the above process, and in the embodiment, the contract logics for executing the cross-chain transaction are respectively split into the services, the P2P contract and the cross-link contract enable the P2P contract and the cross-link contract to be multiplexed for different business contracts, so that repeated development is avoided. In another embodiment, the contract logic executed by the P2P contract and the cross-chain contract may be encapsulated in the same contract, so that only one local call is needed to execute the cross-chain transaction by the service contract, and of course, the contract logic executed by the P2P contract and the cross-chain contract may be encapsulated in the service contract, so that the local call is not needed to be initiated during the execution of the cross-chain transaction, but all the contract logic needed for executing the cross-chain transaction by the service contract directly invoked by the cross-chain transaction.
The message identifier in the embodiment of the present specification may specifically be a hash value corresponding to a cross-chain message, and in a process that a first blockchain node executes a cross-chain transaction in a TEE, the hash value obtained by performing hash operation on the cross-chain message is used as a message identifier of the cross-chain message, and when the cross-chain message is encrypted and transmitted out of the TEE and stored in a database, a hash table is maintained in the TEE, and a correspondence between the message identifier and an address of the encrypted cross-chain message stored in the database is established, so that the first blockchain node can search for the encrypted cross-chain message corresponding to any message identifier from the database by searching the hash table and reading the encrypted cross-chain message into the TEE to decrypt the cross-chain message corresponding to the any message identifier under the condition that any message identifier is obtained.
In this embodiment of the present specification, the cross-chain transaction ciphertext may be obtained by encrypting the cross-chain transaction through a symmetric key/asymmetric key pair maintained in the TEE, so that it may be that the first blockchain node decrypts the cross-chain transaction ciphertext in the TEE to obtain the cross-chain transaction. Similarly, the chain crossing message is also encrypted by another symmetric key/asymmetric key maintained in the TEE and then stored in the database, and the encrypted chain crossing message read from the database can be decrypted by the symmetric key/asymmetric key maintained in the TEE to obtain the chain crossing message.
S304: acquiring a message request transaction ciphertext sent by a cross-chain system under the condition that the message cross-chain event is monitored, executing a message request transaction obtained by decrypting the message request transaction ciphertext in the trusted execution environment, and providing the cross-chain message ciphertext obtained by encrypting the cross-chain message to the cross-chain system under the condition that the message request transaction contains the message identifier, so that the cross-chain system decrypts the cross-chain message ciphertext and forwards the cross-chain message ciphertext to a second blockchain network.
In this embodiment of the present specification, the inter-chain system may acquire information on the first blockchain network through an event monitoring mechanism, specifically, the inter-chain system acquires information on the first blockchain network by monitoring receipt information included in each piece of block information on the first blockchain network, in the blockchain technology, a receipt for executing a transaction may include a plurality of events, where each event is composed of a subject field topic and a data field data, a topic field of a message inter-chain event in this embodiment of the present specification includes an msg typeface, and a data field includes the foregoing message identifier. For example, the events in the receipt that are listened to by the cross-chain system are as follows:
Event:
[topic:other][data]
[topic:msg][data]
......
then, when the cross-link system monitors the 1 st event, because the contained content of topic is other, it is determined that the event is not a cross-link message event; and when the cross-chain system monitors the 2 nd event, because the contained content of topic is msg, determining that the event is a cross-chain message event, and further reading a data field corresponding to the event, wherein the data field contains a message identifier. After acquiring a message identifier by monitoring a message cross-link event, the cross-link system sends a message request transaction ciphertext to a first block link point, the message request ciphertext is obtained by encrypting a message request transaction constructed by the cross-link system through a key maintained in a TEE on the first block link point, so that the message request ciphertext can be decrypted in the TEE to obtain the message request transaction and executed after being acquired by the first block link point, and the message request transaction can be a general transaction needing to be identified or a local transaction needing not to be identified.
The message request transaction may also be a transaction for invoking an intelligent contract deployed on the first blockchain network, for example, when the first blockchain node executes the message request transaction, the cross-chain contract is invoked to execute the message request transaction, a message identifier included in the message request transaction is read first, so that a cross-chain message specifically required to be acquired by the cross-chain system serving as the caller is determined according to the message identifier, a cross-chain message corresponding to the message identifier is acquired according to a hash table established before, and a cross-chain message ciphertext obtained by encrypting the cross-chain message is provided to the cross-chain system.
In one embodiment, the obtaining of the message request transaction cryptogram sent by the cross-chain system includes: receiving a message request transaction ciphertext sent by the cross-chain system after encrypting the message request transaction by using a public key corresponding to a first block link point; the executing, in the trusted execution environment, the message request transaction decrypted by the message request transaction ciphertext includes: and decrypting the message request transaction ciphertext by using a private key corresponding to a first block link point in the trusted execution environment to obtain the message request transaction, and executing the message request transaction in the trusted execution environment. As described above, due to the characteristics of the privacy chain of the first blockchain network, the transaction needs to be encrypted and then sent to the first blockchain node on the first blockchain network, in this embodiment, the cross-chain system knows the public key corresponding to the first blockchain node in advance, so that the message request transaction can be encrypted through the public key, so that after the first blockchain node receives the message request transaction ciphertext, the private key corresponding to the first blockchain node maintained by the first blockchain node is used for decryption in the TEE to obtain the message request transaction, thereby implementing a unidirectional encryption channel from the cross-chain system to the first blockchain node. Similarly, when the first block link point encrypts the cross-link message to obtain the cross-link message ciphertext, the first block link point may encrypt the cross-link message by using the public key of the cross-link system, so that the cross-link system may decrypt the cross-link message ciphertext according to the private key corresponding to the cross-link system maintained by the cross-link system to obtain the cross-link message ciphertext after obtaining the cross-link message ciphertext, thereby implementing a unidirectional encrypted channel from the first block link node to the cross-link system, and combining the bidirectional transmission processes to implement a bidirectional encrypted channel between the first block link point and the cross-link system.
In another embodiment, the obtaining of the transaction cryptogram of the message request issued by the cross-chain system includes: receiving a message request transaction ciphertext and a symmetric key ciphertext which are sent by the cross-chain system, wherein the message request transaction ciphertext is obtained by encrypting the message request transaction by the cross-chain system by using a self-maintained symmetric key, and the symmetric key ciphertext is obtained by encrypting the symmetric key by the cross-chain system by using a public key corresponding to a first block chain link point; the executing, in the trusted execution environment, the message request transaction decrypted by the message request transaction ciphertext includes: and decrypting the symmetric key ciphertext by using a private key corresponding to a first block link point in the trusted execution environment to obtain the symmetric key, decrypting the message request transaction ciphertext by using the symmetric key to obtain the message request transaction, and executing the message request transaction in the trusted execution environment. In this embodiment of the present disclosure, a one-way encrypted channel from a cross-chain system to a first block chain node may also be implemented, but since the efficiency of symmetric encryption and decryption is higher than that of asymmetric encryption and decryption, and the security of asymmetric encryption and decryption is higher than that of symmetric encryption and decryption, a message request transaction with a large data size may be symmetrically encrypted by only asymmetrically encrypting and decrypting a symmetric key with a small data size, and a message request transaction ciphertext with a large data size may be symmetrically decrypted by asymmetrically decrypting a symmetric key ciphertext with a small data size, so that the encryption and decryption efficiency at a symmetric encryption and decryption level may be obtained under the condition of communication security at an asymmetric encryption and decryption level. On the basis of this embodiment, when the first block link point encrypts the cross-link message to obtain the cross-link message ciphertext, the first block link point may encrypt the cross-link message using the symmetric key, so that the cross-link system may decrypt the cross-link message ciphertext according to the symmetric key maintained by the cross-link system after obtaining the cross-link message ciphertext, thereby implementing a one-way encrypted channel from the first block link point to the cross-link system.
In an embodiment of the present specification, the providing the cross-chain message ciphertext to the cross-chain system includes: in response to the message request transaction, calling back the cross-chain message ciphertext to the cross-chain system; or, in response to the message request transaction, writing the cross-chain message ciphertext into a message request event generated by triggering after the message request transaction is executed, so that the cross-chain system monitors the message request event and acquires the cross-chain message ciphertext contained in the message request event. In this embodiment of the present description, when a message request transaction initiated by a cross-chain system is a local transaction, the message request transaction may be regarded as a call of a program, and then after the message request transaction is executed, a first blockchain node may directly call back a cross-chain message ciphertext serving as a transaction execution result and a program call result to the cross-chain system, so that the cross-chain system may quickly obtain a response result corresponding to the message request transaction without performing a consensus operation on the message request transaction by a first blockchain network; or, when the message request transaction initiated by the cross-link system is a normal transaction, the first blockchain node firstly performs consensus after receiving the transaction, so that other blockchain nodes in the first blockchain network also acquire and execute the transaction, and trigger a message request event in a generated receipt to be written into the cross-link message ciphertext after the transaction is executed, so that the external device can acquire the cross-link message ciphertext by monitoring the message request event in the receipt.
The inter-link system according to the embodiment of the present disclosure maintains a correspondence between a block link domain name and a block link node IP address on a corresponding block link network, and therefore, after the inter-link system decrypts an inter-link message ciphertext to obtain an inter-link message, a corresponding block link network is determined according to a block link domain name included in the inter-link message, and then the inter-link message is forwarded to the corresponding block link network based on a pre-established network connection with the block link node on the corresponding block link network, for example, a second block link network in the embodiment of the present disclosure is determined by a block link domain name belonging to the second block link network included in the inter-link message.
The technical scheme provided by the embodiment of the specification can have the following beneficial effects:
in the embodiment of the present specification, after the inter-chain transaction is executed, the first blockchain node only writes the corresponding message identifier of the inter-chain message in the corresponding message inter-chain event, instead of directly describing the inter-chain message in plaintext, so that the external device cannot acquire the inter-chain message initiated by the first blockchain network only through the event monitoring mechanism, and since the first blockchain node on the first blockchain network operates under the TEE, the data in the database thereof is stored in an encrypted manner, so that the external device cannot acquire any data on the first blockchain network through reading the blockchain information, and meanwhile, the inter-chain system can know that the first blockchain network has the message inter-chain transmission requirement in the case of monitoring the message inter-chain event, and establish an encrypted channel with the first blockchain node to enable the first blockchain node to provide the inter-chain message to the inter-chain system, and then the decrypted message is forwarded to the second blockchain network by the cross-chain system, so that the plain text of the cross-chain message can be ensured to be only known by the first blockchain network, the cross-chain system and the second blockchain network in the whole transmission process of the cross-chain message, and the cross-chain transmission service under the premise of privacy protection is realized.
Optionally, the providing the cross-chain message ciphertext to the cross-chain system includes:
providing the cross-chain message ciphertext to the cross-chain system upon determining that the cross-chain system has cross-chain interaction rights. In this embodiment, after the first blockchain node acquires and decrypts the transaction ciphertext of the message request sent by the cross-chain system, the first blockchain node further detects whether the cross-chain system has the cross-chain interaction authority, for example, when the identity information corresponding to the cross-chain system is included in a white list maintained by the first blockchain node, it is determined that the cross-chain system has the cross-chain interaction authority; or when the identity information corresponding to the cross-chain system is not included in the blacklist maintained by the first block chain node, determining that the cross-chain system has cross-chain interaction authority. The embodiment of the specification allows a cross-chain message ciphertext to be provided to the cross-chain system under the condition that the cross-chain system is detected to have the cross-chain interaction authority, so that the cross-chain message cannot be stolen by an illegal external device which is not registered in advance and has the cross-chain interaction authority.
Optionally, the cross-chain system is deployed in a trusted execution environment, so that program logic implemented by the cross-chain system runs in the TEE, and the external device can verify, in a remote authentication manner, that program codes on the cross-chain system are not tampered and actually run in the trusted execution environment, so as to determine that the cross-chain system is trusted, that is, the first blockchain network and the cross-chain system both run in the TEE, and implement a trusted and verifiable message cross-chain transmission service.
Fig. 4 is a flowchart illustrating a method for message cross-link transmission according to an exemplary embodiment, where the method is applied to the cross-link system illustrated in fig. 2, and includes:
s402: monitoring a message cross-chain event generated by triggering a first block chain node in a first block chain network after executing cross-chain transaction in a trusted execution environment, and acquiring a message identifier corresponding to a cross-chain message generated after executing the cross-chain transaction and contained in the message cross-chain event, wherein the cross-chain transaction is obtained by decrypting a cross-chain transaction ciphertext aiming at a second block chain network by the first block chain node, and the cross-chain message is encrypted and stored in the first block chain node.
S404: and sending the message request transaction ciphertext to the first block chain node so that the first block chain node executes the message request transaction obtained by decrypting the message request transaction ciphertext in the trusted execution environment.
S406: and acquiring a cross-chain message ciphertext provided by the first blockchain node under the condition that the message request transaction contains the message identifier and encrypted by the cross-chain message, decrypting the cross-chain message ciphertext and forwarding the decrypted cross-chain message ciphertext to a second blockchain network. Obtaining a cross-link message ciphertext provided by the first block link point may include obtaining the cross-link message ciphertext that the first block link point has returned to the cross-link system in response to the message request transaction; or monitoring a message request event generated by triggering after the first block link point executes the message request transaction, and acquiring a cross-link message ciphertext contained in the message request event. The second blockchain network is determined by a blockchain domain name included in the cross-chain message.
Optionally, the decrypting the cross-chain message ciphertext and forwarding the decrypted cross-chain message ciphertext to the second blockchain network includes:
decrypting the cross-chain message ciphertext to obtain the cross-chain message, comparing the message identifier with a hash value corresponding to the cross-chain message to obtain a comparison result, and forwarding the cross-chain message and the comparison result to a second blockchain node in a second blockchain network, so that the second blockchain node determines that the cross-chain message is not tampered when the comparison result is consistent; or
And decrypting the cross-chain message ciphertext to obtain the cross-chain message, and forwarding the cross-chain message and the message identifier to a second blockchain node in a second blockchain network, so that the second blockchain node determines that the cross-chain message is not tampered under the condition that the hash values corresponding to the message identifier and the cross-chain message are consistent in comparison.
In this embodiment of the present disclosure, a message identifier of the cross-link message is a hash value corresponding to the cross-link message, so that after obtaining the cross-link message, a cross-link system may compare the hash value corresponding to the cross-link message with a message identifier obtained by monitoring from the message cross-link event to obtain a comparison result, and since the hash operation has a functional property, it may be determined that the cross-link message obtained and decrypted from the first blockchain is not tampered when the comparison result is consistent, and indeed the cross-link message that needs to be transmitted when the first blockchain network executes a cross-link transaction ciphertext, and meanwhile, the cross-link system may also forward the comparison result to a second blockchain node on the second blockchain network, so that the second blockchain node does not need to perform the hash operation and directly determines whether the cross-link message is tampered through the comparison result, avoiding duplicate calculations. Of course, in another embodiment, the inter-chain system may forward the inter-chain message and the message identifier together to a second blockchain node in the second blockchain network, so that the second blockchain node performs the above-mentioned process of comparing and verifying by calculating the hash value by itself, and may also allow the second blockchain node to determine whether the inter-chain message is tampered, and consider the inter-chain message as trusted if the inter-chain message is determined not to be tampered, so as to further utilize the inter-chain message, and consider the inter-chain message as untrusted if the inter-chain message is determined to be tampered, so as to discard the inter-chain message and send the message request transaction to the first blockchain network again.
Optionally, the message cross-chain event is located in a receipt generated by triggering after the cross-chain transaction is executed; the method further comprises the following steps:
and forwarding the receipt and a certification result corresponding to the receipt to a second blockchain node in a second blockchain network, so that the second blockchain node determines that the cross-chain message originates from the first blockchain network under the condition that the certification result shows that the receipt is legal and the message cross-chain event located in the receipt contains a hash value corresponding to the cross-chain message.
In this embodiment of the present specification, the cross-chain system may obtain the chunk header information by monitoring the chunk data of the first blockchain network, so as to perform the verification of the chunk hash and the receipt Merkle root, and determine that the monitored receipt is legal and originated from the first blockchain when the verification passes, and meanwhile, since the message identifier is read from the message cross-chain event in the receipt, after the cross-chain system obtains and decrypts the cross-chain message, the hash value corresponding to the cross-chain message may be further compared with the message identifier on the receipt, and when the comparison is consistent, it is determined that the obtained cross-chain message is formed by performing the cross-chain transaction on the first blockchain network, so as to determine that the cross-chain message is indeed originated from the first blockchain network.
Optionally, the decrypting the cross-chain message ciphertext and forwarding the decrypted cross-chain message ciphertext to the second blockchain network includes:
and decrypting the cross-chain message ciphertext to obtain the cross-chain message, and forwarding the cross-chain message and a digital signature corresponding to the cross-chain message to a second blockchain node in a second blockchain network, so that the second blockchain node determines that the cross-chain message is credible under the condition that the digital signature is successfully verified through a public key corresponding to the cross-chain system and the cross-chain system is determined to pass remote authentication.
In this embodiment of the present disclosure, the inter-chain system encrypts the hash value of the inter-chain message using a private key of the inter-chain system to obtain a digital signature, and forwards the digital signature and the inter-chain message to the second blockchain node, then, the second blockchain node needs to determine, through the remote authentication report, whether the inter-chain system operates in a trusted execution environment and a corresponding program code is not tampered, and in a case that the second blockchain node determines that the inter-chain system has passed the remote authentication, the trust relationship to the inter-chain system may be anchored, so that only by verifying, through the digital signature, that the received inter-chain message actually originates from the inter-chain system, the inter-chain message may be directly determined without making any other certification (because the second blockchain node may know, through the program code of the disclosed inter-chain system, that the inter-chain system has made a relevant certification), specifically, the public key of the cross-chain system, which has been verified by the remote authentication report, may be used to decrypt the digital signature to obtain a first value, and at the same time, the cross-chain message may be subjected to a hash operation to obtain a second value, and the first value and the second value are compared, and it is determined that the digital signature verification is successful if the comparison is consistent.
Optionally, the decrypting the cross-chain message ciphertext and forwarding the cross-chain message ciphertext to the second blockchain network includes:
and decrypting the cross-chain message ciphertext to obtain the cross-chain message, and forwarding the message provision transaction containing the cross-chain message to a second blockchain node in a second blockchain network so as to call a cross-chain contract deployed on the second blockchain network to execute the message provision transaction. In an embodiment of the present specification, a cross-link system encapsulates a cross-link message obtained by decrypting a cross-link message ciphertext in a message provision transaction, and forwards the cross-link message to a second blockchain network in a manner of sending the message provision transaction to a second blockchain node in the second blockchain network, where after the second blockchain network receives the message provision transaction, the second blockchain network further identifies the transaction in the second blockchain network, and invokes a cross-link contract deployed on the second blockchain network to execute the message provision transaction, so that the cross-link message is verified on the second blockchain network, and becomes information on the second blockchain network, and information transmission from a link corresponding to the cross-link system to a link is achieved.
Optionally, the cross-chain message includes a target contract address to indicate that a cross-chain contract deployed on the second blockchain network forwards the cross-chain message to an intelligent contract corresponding to the target contract address deployed on the second blockchain network at about the time of executing the message provision transaction. In this embodiment of the present specification, when executing a message provision transaction, first decapsulate the message provision transaction to obtain a cross-link message, and then further forward, according to a target contract address included in the cross-link message, the cross-link message to an intelligent contract corresponding to the target contract address deployed on the second blockchain network, where the intelligent contract may be a service contract, so as to implement transmission of the cross-link message from the service contract on the first blockchain network to the second blockchain network.
Optionally, the method further includes:
and under the condition that a cross-chain success event generated by triggering of a second blockchain node after the message provision transaction is executed is monitored, determining that the cross-chain message is successfully forwarded to the intelligent contract corresponding to the target contract address. In this embodiment of the present specification, after forwarding the cross-link message to the smart contract corresponding to the target contract address deployed on the second blockchain network, a cross-link success event is written in a receipt generated by triggering the execution message provision transaction, so that the cross-link system may determine that the cross-link message is successfully forwarded to the smart contract corresponding to the target contract address, where the cross-link system determines that the cross-link message successfully implements cross-link forwarding by monitoring the cross-link success event generated by triggering the second blockchain node after executing the message provision transaction, and the whole message cross-link process is ended.
In the following, a detailed description is given of a scheme of message cross-link transmission in this specification, taking as an example that a service contract deployed in a first blockchain node by a first blockchain network in fig. 2 transmits a cross-link message to a service contract deployed in a second blockchain node by a cross-link system, where the second blockchain network is deployed in the second blockchain node. Fig. 5 is an interaction flowchart of a method for message cross-chain transmission provided by the present specification according to an exemplary embodiment, please refer to fig. 5, a scheme for message cross-chain transmission referred to by the present specification may be implemented based on an interaction between a first blockchain node, a second blockchain node, and a cross-chain system, and the method may include the following steps:
s501: the first block chain link point receives the cross-chain transaction ciphertext, decrypts the cross-chain message ciphertext in the TEE to obtain the cross-chain transaction for execution, and the to field of the cross-chain transaction points to the service contract on the first block chain link point, so that the first block chain link point calls the service contract on the first block chain link point to execute the cross-chain transaction.
S502: the service contract generates a message cross-chain transmission demand in the execution process, and generates required cross-chain information for cross-chain transmission, the cross-chain information can be used for calling contract calling information of the service contract in the second blockchain network or request information for accessing a blockchain service related to the second blockchain network, and the cross-chain contract locally calls the generated cross-chain information to the P2P contract in the form of local transaction.
S503: after receiving the local transaction containing the cross-chain information, the P2P contract packages the corresponding sequence number, the blockchain domain name of the second blockchain network, and the contract address of the target service contract for the cross-chain information according to the cross-chain requirement information contained in the cross-chain information, and then further initiates a local call to the cross-chain contract deployed in the first blockchain network in the form of local transaction.
S504: after receiving a local call sent by a P2P contract, the cross-link contract further packages a version number, a sender ID and a protocol type to the cross-link information to finally obtain the cross-link message, encrypts and stores the cross-link message in a database of a first blockchain node by using a symmetric key maintained by TEE, calculates a hash value corresponding to the cross-link message as a message identifier corresponding to the cross-link message, establishes a hash index table, and finally writes the message identifier into a message cross-link event of a receipt corresponding to the cross-link transaction.
S505: and a cross-chain service program in the cross-chain system monitors a receipt corresponding to the cross-chain transaction, reads a message cross-chain event from the receipt, and acquires a message identifier recorded in the message cross-chain event, so that the fact that the first blockchain network has a cross-chain requirement is known.
S506: and a cross-chain service program in the cross-chain system constructs a message request transaction containing the message identifier, encrypts the message request transaction ciphertext by using a symmetric key maintained by the cross-chain service program to obtain a symmetric key ciphertext, encrypts the symmetric key by using a public key corresponding to the first block chain network to obtain the symmetric key ciphertext, and sends the encrypted message request transaction ciphertext and the symmetric key ciphertext to the first block chain node.
S507: after a first block chain link point obtains a message request transaction ciphertext and a symmetric key ciphertext, a private key of a first block chain node maintained by the first block chain link point is used for decrypting the symmetric key ciphertext in the TEE to obtain a symmetric key, the symmetric key is used for decrypting the message request transaction ciphertext to obtain a message request ciphertext, the message request transaction is finally executed, the message request transaction calls a cross-chain contract to execute a process of checking the legitimacy of the cross-chain system, identity information, such as a public key of the cross-chain system, carried in the message request transaction is firstly obtained, then the identity information is compared in a white list maintained in the cross-chain contract, the cross-chain system is confirmed to be legal and the message request transaction is continuously executed under the condition that the white list contains the public key of the cross-chain system, a message identifier carried in the message request transaction is searched in a hash index table maintained locally, and determining a storage address of the cross-chain message corresponding to the message identifier, finding the encrypted cross-chain message in the corresponding storage address of the database, reading the encrypted cross-chain message into the TEE, decrypting the encrypted cross-chain message to obtain a cross-chain message plaintext, and calling back a cross-chain message ciphertext obtained by encrypting the cross-chain message through a symmetric key obtained by decryption before to a cross-chain system.
S508: after acquiring the callback cross-chain message ciphertext, the cross-chain service program in the cross-chain system decrypts the message ciphertext by using the symmetric key maintained by the cross-chain service program to obtain the cross-chain message, and corresponding blockchain domain names are obtained through analysis, so that the cross-chain message is determined to be sent to a second blockchain node corresponding to a second blockchain network according to a locally maintained routing table, meanwhile, the corresponding receipt of the cross-chain transaction is legally proved, whether the block containing the receipt is from the first blockchain network or not is verified through the block header information on the received block data, and then digitally signing the cross-chain message by using a public key maintained by the cross-chain message, encapsulating the message identification, the receipt containing the message identification, the certification result of the receipt, the cross-chain message and the corresponding digital signature into a message providing transaction, and forwarding the message providing transaction to a second blockchain node on a second blockchain network.
S509: after receiving the message providing transaction, the second blockchain node invokes a self-deployed cross-chain contract to execute the message providing transaction, decapsulates the message providing transaction to obtain a message identifier, a receipt containing the message identifier, a proof result of the receipt, a cross-chain message and a corresponding digital signature, and then starts to perform multiple verifications to finally prove that the cross-chain message is authentic, including: in the case that the remote authentication report for the cross-chain system determines that the cross-chain system passes the remote authentication, the cross-chain system is considered to be authentic, so that a certification result of the cross-chain system about the receipt can be trusted, in the case that the certification result indicates that the receipt is legal, the receipt is considered to be indeed from the first blockchain network, then a hash value obtained by performing a hash operation on the cross-chain message is compared with a message identifier, in the case that the comparison is consistent, whether the message identifier is contained in the receipt is further searched, assuming that the message identifier is indeed in the receipt, so that the cross-chain message can be certified that the cross-chain message is indeed from the first blockchain network and has not been tampered, and after all the verifications are passed, the cross-chain message can be considered to be authentic.
S510: the cross-link contract at the second tile link point initiates a local call to a P2P contract at the second tile link point further in the form of a local transaction, after completion of the verification.
S511: after receiving and acquiring the local trade sent by the cross-chain contract and acquiring the cross-chain message contained in the local trade, the P2P contract at the second block link point further sends the cross-chain message to the service contract at the second block link point in the form of local trade according to the contract address of the target intelligent contract contained in the cross-chain message, wherein the service contract is the target intelligent contract corresponding to the cross-chain message.
S512: after the business contract on the second block link point receives the local transaction sent by the P2P contract and successfully acquires the cross-chain message therein, the cross-chain success event is written in the receipt generated by the message provision transaction trigger.
S513: and the cross-chain system determines that the cross-chain message is successfully forwarded to the target intelligent contract under the condition of monitoring a cross-chain success event generated by the second block chain link point, and the whole message cross-chain transmission process is finished.
The present specification also provides embodiments of an apparatus, an electronic device, and a storage medium, corresponding to embodiments of the foregoing method.
FIG. 6 is a schematic block diagram of an apparatus provided in an exemplary embodiment. Referring to fig. 6, at the hardware level, the apparatus includes a processor 602, an internal bus 604, a network interface 606, a memory 608 and a non-volatile memory 610, but may also include hardware required for other services. One or more embodiments of the present description may be implemented in software, such as by processor 602 reading corresponding computer programs from non-volatile memory 610 into memory 608 and then executing. Of course, besides software implementation, the one or more embodiments in this specification do not exclude other implementations, such as logic devices or combinations of software and hardware, and so on, that is, the execution subject of the following processing flow is not limited to each logic unit, and may also be hardware or logic devices.
Fig. 7 is a block diagram of an apparatus for message cross-link transmission shown in this specification according to an exemplary embodiment, where the apparatus may be applied to a device shown in fig. 6 to implement the technical solution of this specification, and the apparatus is applied to a first blockchain node in a first blockchain network, and includes:
a cross-chain transaction execution unit 701, configured to acquire a cross-chain transaction ciphertext for a second blockchain network, execute a cross-chain transaction obtained by decrypting the cross-chain transaction ciphertext in a trusted execution environment, encrypt and store a cross-chain message generated by executing the cross-chain transaction, where a message cross-chain event generated by triggering after the execution of the cross-chain transaction includes a message identifier corresponding to the cross-chain message;
a message request transaction execution unit 702, configured to acquire a message request transaction ciphertext sent by a cross-chain system when the message cross-chain event is monitored, execute, in the trusted execution environment, a message request transaction obtained by decrypting the message request transaction ciphertext, and provide, when the message request transaction includes the message identifier, the cross-chain message ciphertext obtained by encrypting the cross-chain message to the cross-chain system, so that the cross-chain system decrypts the cross-chain message ciphertext and forwards the cross-chain message ciphertext to a second blockchain network.
Optionally, the cross-chain transaction comprises a transaction that invokes a smart contract deployed on the first blockchain network.
Optionally, the contract logic for executing the cross-chain transaction is included in the intelligent contract called by the cross-chain transaction; or,
contract logic for performing the cross-chain transaction includes: first contract logic defined in intelligent contracts invoked by the cross-chain transactions, and second contract logic defined in other contracts deployed on first block link points.
Optionally, in a case that the other contracts include communication contracts, the first contract logic is configured to generate cross-chain information according to the cross-chain transaction, and the second contract logic is configured to encapsulate the cross-chain information into the cross-chain message by using a preset communication protocol; the first contract logic is further used for triggering encryption storage of the cross-chain message and writing of a message identifier corresponding to the cross-chain message in the message cross-chain event;
under the condition that the other contracts comprise cross-link contracts, the first contract logic is used for generating cross-link information according to the cross-link transaction and packaging the cross-link information into the cross-link message by adopting a preset communication protocol, and the second contract logic is used for triggering encryption storage of the cross-link message and writing a message identifier corresponding to the cross-link message in the message cross-link event;
in the case where the other contracts include the correspondence contract and the cross-chain contract, the first contract logic is configured to generate cross-chain information from the cross-chain transaction, and the second contract logic includes contract logic defined in the correspondence contract and the cross-chain contract, respectively, wherein: and the contract logic defined in the communication contract is used for packaging the cross-chain information into the cross-chain message by adopting a preset communication protocol, and the contract logic defined in the cross-chain contract is used for triggering encryption storage of the cross-chain message and writing the message identifier corresponding to the cross-chain message in the message cross-chain event.
Optionally, the cross-chain transaction executing unit 701 is specifically configured to:
receiving a message request transaction ciphertext sent by the cross-chain system after encrypting the message request transaction by using a public key corresponding to a first block link point;
the message request transaction execution unit 702 is specifically configured to decrypt the message request transaction ciphertext using a private key corresponding to a first block link point in the trusted execution environment to obtain the message request transaction, and execute the message request transaction in the trusted execution environment.
Optionally, the message request transaction executing unit 702 is specifically configured to:
receiving a message request transaction ciphertext and a symmetric key ciphertext which are sent by the cross-chain system, wherein the message request transaction ciphertext is obtained by encrypting the message request transaction by the cross-chain system by using a self-maintained symmetric key, and the symmetric key ciphertext is obtained by encrypting the symmetric key by the cross-chain system by using a public key corresponding to a first block chain link point;
and decrypting the symmetric key ciphertext by using a private key corresponding to a first block link point in the trusted execution environment to obtain the symmetric key, decrypting the message request transaction ciphertext by using the symmetric key to obtain the message request transaction, and executing the message request transaction in the trusted execution environment.
Optionally, the cross-chain message ciphertext is obtained by encrypting the cross-chain message by using the symmetric key by the first block link point.
Optionally, the cross-chain message ciphertext is obtained by encrypting the cross-chain message by using a public key corresponding to the cross-chain system by the first block link point.
Optionally, the message request transaction executing unit 702 is specifically configured to:
providing the cross-chain message ciphertext to the cross-chain system upon determining that the cross-chain system has cross-chain interaction rights.
Optionally, the determining that the cross-chain system has cross-chain interaction authority includes:
when the identity information corresponding to the cross-chain system is contained in a white list maintained by a first block chain link point, determining that the cross-chain system has cross-chain interaction authority; or,
and when the identity information corresponding to the cross-chain system is not contained in the blacklist maintained by the first block chain node, determining that the cross-chain system has cross-chain interaction authority.
Optionally, the message request transaction executing unit 702 is specifically configured to:
in response to the message request transaction, calling back the cross-chain message ciphertext to the cross-chain system; or,
and responding to the message request transaction, writing the cross-chain message ciphertext into a message request event generated by triggering after the message request transaction is executed, so that the cross-chain system monitors the message request event and acquires the cross-chain message ciphertext contained in the message request event.
Optionally, the second blockchain network is determined by a blockchain domain name included in the cross-chain message.
Optionally, the cross-chain system is deployed in a trusted execution environment.
Fig. 8 is a block diagram of an apparatus for message cross-chain transmission shown in this specification according to an exemplary embodiment, where the apparatus may be applied to the device shown in fig. 6 to implement the technical solution of this specification, and the apparatus is applied to a cross-chain system, and includes:
an event monitoring unit 801, configured to monitor a message cross-chain event generated by triggering a first block chain node in a first block chain network after performing a cross-chain transaction in a trusted execution environment, and acquire a message identifier corresponding to a cross-chain message generated after the cross-chain transaction is performed, where the message cross-chain transaction is obtained by decrypting a cross-chain transaction ciphertext for a second block chain network by the first block chain node, and the cross-chain message is encrypted and stored in the first block chain node;
a transaction sending unit 802, configured to send a message request transaction ciphertext to a first block chain node, so that the first block chain node executes the message request transaction obtained by decrypting the message request transaction ciphertext in the trusted execution environment;
a message forwarding unit 803, configured to acquire a cross-link message ciphertext provided by the first blockchain node when the message request transaction includes the message identifier and encrypted by the cross-link message, and forward the cross-link message ciphertext to the second blockchain network after decrypting the cross-link message ciphertext.
Optionally, the message forwarding unit 803 is specifically configured to:
decrypting the cross-chain message ciphertext to obtain the cross-chain message, comparing the message identifier with a hash value corresponding to the cross-chain message to obtain a comparison result, and forwarding the cross-chain message and the comparison result to a second blockchain node in a second blockchain network, so that the second blockchain node determines that the cross-chain message is not tampered when the comparison result is consistent; or
And decrypting the cross-chain message ciphertext to obtain the cross-chain message, and forwarding the cross-chain message and the message identifier to a second blockchain node in a second blockchain network, so that the second blockchain node determines that the cross-chain message is not tampered under the condition that the hash values corresponding to the message identifier and the cross-chain message are consistent in comparison.
Optionally, the message cross-chain event is located in a receipt generated by triggering after the cross-chain transaction is executed; the method further comprises the following steps:
a receipt forwarding unit 804, configured to forward the receipt and a certification result corresponding to the receipt to a second blockchain node in a second blockchain network, so that the second blockchain node determines that the cross-chain message originates from the first blockchain network when the certification result indicates that the receipt is legal and the message cross-chain event located in the receipt includes a hash value corresponding to the cross-chain message.
Optionally, the message forwarding unit 803 is specifically configured to:
and decrypting the cross-chain message ciphertext to obtain the cross-chain message, and forwarding the cross-chain message and a digital signature corresponding to the cross-chain message to a second blockchain node in a second blockchain network, so that the second blockchain node determines that the cross-chain message is credible under the condition that the digital signature is successfully verified through a public key corresponding to the cross-chain system and the cross-chain system is determined to pass remote authentication.
Optionally, the message forwarding unit 803 is specifically configured to:
and decrypting the cross-chain message ciphertext to obtain the cross-chain message, and forwarding the message provision transaction containing the cross-chain message to a second blockchain node in a second blockchain network so as to call a cross-chain contract deployed on the second blockchain network to execute the message provision transaction.
Optionally, the cross-chain message includes a target contract address to indicate that a cross-chain contract deployed on the second blockchain network forwards the cross-chain message to an intelligent contract corresponding to the target contract address deployed on the second blockchain network at about the time of executing the message provision transaction.
Optionally, the method further includes:
and a cross-chain success event monitoring unit 805, configured to determine that the cross-chain message is successfully forwarded to the intelligent contract corresponding to the target contract address when a cross-chain success event generated by the second blockchain node after executing the message provision transaction is monitored.
Optionally, the message forwarding unit 803 is specifically configured to:
obtaining the cross-chain message ciphertext of a first block link point which is returned to the cross-chain system in response to the message request transaction; or,
and monitoring a message request event generated by triggering after the first block link point executes the message request transaction, and acquiring a cross-chain message ciphertext contained in the message request event.
Optionally, the second blockchain network is determined by a blockchain domain name included in the cross-chain message.
Optionally, the cross-chain system is deployed in a trusted execution environment.
Correspondingly, the present specification also provides an apparatus comprising a processor; a memory for storing processor-executable instructions; wherein the processor is configured to implement the steps of implementing the trusted computing method provided by all of the above method embodiments.
Accordingly, the present specification also provides a computer readable storage medium having executable instructions stored thereon; wherein the instructions, when executed by the processor, implement the steps of implementing the trusted computing method provided by all of the above method embodiments.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, wherein the modules described as separate parts may or may not be physically separate, and the parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution in the specification. One of ordinary skill in the art can understand and implement it without inventive effort.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
In a typical configuration, a computer includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic disk storage, quantum memory, graphene-based storage media or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The terminology used in the description of the one or more embodiments is for the purpose of describing the particular embodiments only and is not intended to be limiting of the description of the one or more embodiments. As used in one or more embodiments of the present specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used in one or more embodiments of the present description to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of one or more embodiments herein. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
The above description is only for the purpose of illustrating the preferred embodiments of the one or more embodiments of the present disclosure, and is not intended to limit the scope of the one or more embodiments of the present disclosure, and any modifications, equivalent substitutions, improvements, etc. made within the spirit and principle of the one or more embodiments of the present disclosure should be included in the scope of the one or more embodiments of the present disclosure.