CN115952519A - Block chain data processing method and device, electronic equipment and storage medium - Google Patents

Block chain data processing method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN115952519A
CN115952519A CN202211705020.XA CN202211705020A CN115952519A CN 115952519 A CN115952519 A CN 115952519A CN 202211705020 A CN202211705020 A CN 202211705020A CN 115952519 A CN115952519 A CN 115952519A
Authority
CN
China
Prior art keywords
contract
data
block chain
calling
ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211705020.XA
Other languages
Chinese (zh)
Inventor
帅斌成
包芬
高扬
郭林海
张琛
万化
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Pudong Development Bank Co Ltd
Original Assignee
Shanghai Pudong Development Bank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Pudong Development Bank Co Ltd filed Critical Shanghai Pudong Development Bank Co Ltd
Priority to CN202211705020.XA priority Critical patent/CN115952519A/en
Publication of CN115952519A publication Critical patent/CN115952519A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application relates to a block chain data processing method, a device, computer equipment and a storage medium, wherein a data generation request is received, the data generation request is forwarded to a contract execution engine in a trusted execution environment, a first intelligent contract is called based on the contract execution engine to generate corresponding target data, the target data is encrypted based on a block chain contract interface in the trusted execution environment to obtain ciphertext data, finally a contract operation program is called to upload the ciphertext data to a block chain, a data verification request is received, the ciphertext data corresponding to a data identifier is obtained from the block chain based on the block chain contract interface, security verification is carried out on the ciphertext data based on the block chain contract interface, if the security verification is passed, the ciphertext data is decrypted based on the block chain contract interface to obtain decrypted plaintext data, so that the ciphertext data outside the trusted execution environment are the ciphertext data, and the block chain data sharing privacy security is ensured.

Description

Block chain data processing method and device, electronic equipment and storage medium
Technical Field
The present application relates to the field of block chain privacy protection technologies, and in particular, to a block chain data processing method and apparatus, an electronic device, and a storage medium.
Background
The block chain is a chain formed by blocks, each block stores certain information, the information is connected into the chain according to the time sequence generated by each block, the chain is stored in all servers, and the whole block chain is safe as long as one server in the whole system can work.
In the block chain, data on the chain is transparently shared among all servers, and in an actual use scene, some data are inconvenient to be directly acquired by all block chain nodes due to privacy. How to provide a function of sharing block chain data and guarantee privacy security of private data becomes an urgent problem to be solved.
Disclosure of Invention
In view of the above, it is necessary to provide a method, an apparatus, a computer device, and a storage medium for processing blockchain data, which can ensure privacy of blockchain data sharing.
In a first aspect, the present application provides a blockchain data processing method, executed by a first electronic device, where a first intelligent contract, a contract execution engine, and a blockchain contract interface are deployed in a trusted execution environment of the first electronic device, and the method includes:
receiving a data generation request, and forwarding the data generation request to a contract execution engine in a trusted execution environment;
calling a first intelligent contract based on a contract execution engine to generate corresponding target data;
encrypting the target data based on a block chaining contract interface in the trusted execution environment to obtain ciphertext data;
and calling a contract running program to upload the ciphertext data to the block chain.
In one embodiment, the data generation request carries data to be processed; the step of invoking the first intelligent contract based on the contract execution engine to generate corresponding target data comprises:
acquiring input parameters of a first intelligent contract based on data to be processed;
and transmitting the input parameters to the first intelligent contract to indicate the first intelligent contract to process according to the input parameters to obtain target data.
In one embodiment, the step of calling the contract running program to upload the ciphertext data to the blockchain comprises:
calling a contract running program to store the ciphertext data into a first contract calling read-write set;
and calling a read-write set based on a first contract to generate a first endorsement signature, sending the first endorsement signature to a first client to indicate the first client to carry out consistency check, triggering consensus operation after the consistency check is passed, and triggering ciphertext data to be uploaded to a block chain after the consensus is passed.
In one embodiment, the method further comprises: starting a contract scheduler, creating a trusted execution environment when the contract scheduler receives a contract initialization request, and loading a contract execution engine and an intelligent contract;
remotely certifying the trusted execution environment through a contract scheduler, and uploading a remote certification report to a block chain;
and informing the contract execution engine through the contract scheduler to call the intelligent contract for initialization.
In a second aspect, the present application further provides a block chain data processing apparatus, including:
the receiving module is used for receiving the data generation request and forwarding the data generation request to a contract execution engine in a trusted execution environment;
the generation module is used for calling a first intelligent contract to generate corresponding target data based on a contract execution engine;
the encryption module is used for encrypting the target data based on the block chaining contract interface in the trusted execution environment to obtain ciphertext data;
and the storage module is used for calling a contract running program to upload the ciphertext data to the block chain.
In a third aspect, the present application further provides an electronic device, which includes a memory and a processor, where the memory stores a computer program, and the processor implements the method steps of any one of the first aspect or the second aspect when executing the computer program.
In a fourth aspect, the present application also provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, performs the method steps of any one of the first or second aspects.
In a fifth aspect, the present application also provides a computer program product comprising a computer program that, when executed by a processor, performs the method steps of any one of the first or second aspects.
According to the block chain data processing method, the block chain data processing device, the computer equipment and the storage medium, the data generation request is received, the data generation request is forwarded to the contract execution engine in the trusted execution environment, the first intelligent contract is called based on the contract execution engine to generate the corresponding target data, the target data is encrypted based on the block chain contract interface in the trusted execution environment to obtain the ciphertext data, and finally the contract operation program is called to upload the ciphertext data to the block chain, so that the data outside the trusted execution environment are both the ciphertext data, and the block chain data sharing privacy security is guaranteed.
In a sixth aspect, the present application provides a method for processing blockchain data, where the method is executed by a second electronic device, and a second intelligent contract, a contract execution engine, and a blockchain contract interface are deployed in a trusted execution environment of the second electronic device, and the method includes:
receiving a data verification request, wherein the data verification request carries a data identifier;
acquiring ciphertext data corresponding to the data identifier from the block chain based on the block chaining contract interface, and performing security check on the ciphertext data based on the block chaining contract interface;
if the safety check is passed, decrypting the ciphertext data based on the block chaining contract interface to obtain decrypted plaintext data;
and verifying whether the plaintext data meets the target service condition through a second intelligent contract, and returning a verification result.
In one embodiment, the method further comprises: calling a contract running program to store the verification result into a second contract calling read-write set;
and calling the read-write set based on the second contract to generate a second endorsement signature, sending the second endorsement signature to the second client to indicate the second client to carry out consistency check, triggering consensus operation after the consistency check is passed, and triggering to upload a verification result to the block chain after the consensus is passed.
In a seventh aspect, the present application further provides a block chain data processing apparatus, where the apparatus includes:
the request module is used for receiving a data verification request, and the data verification request carries a data identifier;
the acquisition module is used for acquiring ciphertext data corresponding to the data identifier from the block chain based on the block chain contract interface and carrying out security check on the ciphertext data based on the block chain contract interface;
the decryption module is used for decrypting the ciphertext data based on the block chaining contract interface if the security check is passed, so as to obtain decrypted plaintext data;
and the verification module is used for verifying whether the plaintext data meets the target service condition through the second intelligent contract and returning a verification result.
In an eighth aspect, the present application further provides an electronic device, which includes a memory and a processor, wherein the memory stores a computer program, and the processor implements the method steps of any one of the first aspect or the second aspect when executing the computer program.
In a ninth aspect, the present application further provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the method steps of any one of the first or second aspects.
In a tenth aspect, the present application also provides a computer program product comprising a computer program that, when executed by a processor, performs the method steps of any one of the first or second aspects.
According to the block chain data processing method, the block chain data processing device, the computer equipment and the storage medium, the data verification request is received, the ciphertext data corresponding to the data identification are obtained from the block chain based on the block chain contract interface, the ciphertext data are subjected to safety verification based on the block chain contract interface, if the safety verification is passed, the ciphertext data are decrypted based on the block chain contract interface, the decrypted plaintext data are obtained, the plaintext data can be guaranteed to exist only in a credible execution environment, and therefore privacy of the block chain data is guaranteed.
Drawings
FIG. 1 is a diagram of an exemplary block chain data processing method;
FIG. 2 is a flow chart illustrating a method for processing blockchain data according to an embodiment;
FIG. 3 is a flowchart illustrating a method for processing blockchain data according to an embodiment;
FIG. 4 is a flowchart illustrating a method for processing blockchain data according to an embodiment;
FIG. 5 is a block diagram of the architecture of the TEE enhanced WASM privacy contract architecture in one embodiment;
FIG. 6 is a block diagram of a blockchain data processing apparatus according to an embodiment;
FIG. 7 is a block diagram of a block chain data processing apparatus according to an embodiment;
FIG. 8 is a diagram illustrating the internal architecture of an electronic device in one embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The block chain data processing method provided by the embodiment of the application can be applied to the application environment shown in fig. 1. The first electronic device 102 and the second electronic device 104 are each a blockchain node in a blockchain network. The first electronic device 102 is configured to receive a data generation request, forward the data generation request to a contract execution engine in a trusted execution environment, call a first intelligent contract based on the contract execution engine to generate corresponding target data, encrypt the target data based on a block chain contract interface in the trusted execution environment to obtain ciphertext data, and then call a contract execution program to upload the ciphertext data to a block chain. The second electronic device 104 is configured to receive the data verification request, obtain ciphertext data corresponding to the data identifier from the block chain based on the block chain contract interface, perform security check on the ciphertext data based on the block chain contract interface, and decrypt the ciphertext data based on the block chain contract interface if the security check passes, to obtain decrypted plaintext data. The second electronic device 104 is further configured to verify whether the plaintext data satisfies the target service condition through the second intelligent contract, and return a verification result. The first electronic device 102 and the second electronic device 104 are both blockchain nodes.
In one embodiment, as shown in fig. 2, a method for processing blockchain data is provided, which is executed by a first electronic device, where a first smart contract, a contract execution engine and a blockchain contract interface are deployed in a trusted execution environment of the first electronic device, and includes the following steps:
s202: and receiving a data generation request, and forwarding the data generation request to a contract execution engine in the trusted execution environment.
The first electronic device is a node in a blockchain, and a trusted execution environment in the first electronic device is deployed with a first intelligent contract, a contract execution engine and a blockchain contract interface. The Trusted Execution Environment (TEE) can play a black box role in hardware, codes and a data operating system layer executed in the TEE cannot be peeped, and only an interface defined in advance in the codes can operate the codes, so that privacy protection of data can be realized. The first intelligent contract refers to a smart contract (WASM), which is a binary instruction set of a stacked virtual machine design that can be targeted for platform compilation in high-level languages like C/C + +/Rust. The contract execution engine is used for executing the intelligent contract, and the block chain contract interface is an interface in the intelligent contract and can provide an interactive interface with the block chain and read data in the block chain when the WASM contract runs.
The first electronic device receives a data generation request and forwards the data generation request to a contract execution engine in the trusted execution environment, where the data generation request may be applicable to the processing of arbitrary blockchain data. For example, some kind of certification file needs to be generated, in order to ensure that the certification file is not read by other blockchain nodes, the first electronic device, after receiving a data generation request, immediately forwards the request to a contract execution engine in a trusted execution environment, and the contract execution engine invokes an intelligent contract generation certification file.
S204: and calling the first intelligent contract based on the contract execution engine to generate corresponding target data.
The first electronic equipment calls a first intelligent contract based on a contract execution engine, and transmits the data to be processed to the intelligent contract to indicate the intelligent contract to generate corresponding target data. Specifically, the intelligent contract is written in advance as logic for generating target data, after receiving a data generation request, the contract execution engine firstly calls the intelligent contract to perform contract initialization, and after the initialization, the contract execution engine executes the intelligent contract to generate corresponding target data. In the financial field, the target data can be target summary fields of various financial assets, and in the public information security field, the target data can be target identity files and the like.
S206: and encrypting the target data based on a block chaining contract interface in the trusted execution environment to obtain ciphertext data.
The first electronic device encrypts the target data based on a block chaining contract interface in the new order environment to obtain ciphertext data, wherein the block chaining contract interface is further used for calling a WASM contract after obtaining the encrypted data, so that the ciphertext data is finally stored in the block chaining. In addition, the block chaining contract interface can decrypt the ciphertext data to obtain corresponding plaintext data.
S208: and calling a contract running program to upload the ciphertext data to the block chain.
Specifically, the first electronic device generates a read-write set for calling an intelligent contract based on the contract running program, stores all read-write data records of the intelligent contract in the read-write set, generates a corresponding signature endorsement based on the read-write set, returns the signature endorsement to the first terminal to indicate the first terminal to check the consistency of the signature endorsement, and finally uploads the ciphertext data to the block chain by the submitting node if the check is passed. A commit node is another type of node of a blockchain that is capable of uploading data to the blockchain.
According to the block chain data processing method, the block chain data processing device, the computer equipment and the storage medium, the data generation request is received, the data generation request is forwarded to the contract execution engine in the trusted execution environment, the first intelligent contract is called based on the contract execution engine to generate the corresponding target data, the target data is encrypted based on the block chain contract interface in the trusted execution environment to obtain the ciphertext data, finally, the contract execution program is called to upload the ciphertext data to the block chain, so that the data outside the trusted execution environment are both the ciphertext data, and the block chain data sharing privacy security is ensured.
In one embodiment, the data generation request carries data to be processed; the step of invoking the first intelligent contract based on the contract execution engine to generate corresponding target data comprises: acquiring input parameters of a first intelligent contract based on data to be processed; and transmitting the input parameters to the first intelligent contract to indicate the first intelligent contract to process according to the input parameters to obtain target data.
The first electronic equipment obtains input parameters of a first intelligent contract based on the data to be processed, transmits the input parameters to a deployed intelligent contract, namely the first intelligent contract, based on a contract execution engine, and executes a generation method of intelligent contract for executing the contract, so that the intelligent contract processes the input parameters to obtain target data.
In this embodiment, the step of invoking the first intelligent contract based on the contract execution engine to generate the corresponding target data includes obtaining an input parameter of the first intelligent contract based on the data to be processed, and transmitting the input parameter to the first intelligent contract to instruct the first intelligent contract to process according to the input parameter, so as to obtain the target data, and the target data can be accurately obtained.
In one embodiment, the step of invoking the contract running program to upload the ciphertext data to the blockchain comprises: calling a contract running program to store the ciphertext data into a first contract calling read-write set; and calling a read-write set based on a first contract to generate a first endorsement signature, sending the first endorsement signature to a first client to indicate the first client to carry out consistency check, triggering consensus operation after the consistency check is passed, and triggering ciphertext data to be uploaded to a block chain after the consensus is passed.
The first electronic equipment calls a contract running program, the contract running program is called to store ciphertext data into a first contract calling read-write set, and all read-write data records of the first contract are stored in the first contract calling read-write set. And then the first electronic equipment calls the read-write set based on the first contract to generate a first endorsement signature, and sends the first endorsement signature to the first client, so that the consistency of the first client is verified, if the consistency is verified to be passed, common identification operation is triggered, common identification is verified, and after the common identification verification is passed, ciphertext data is uploaded to the block chain.
In this embodiment, a contract running program is called to store ciphertext data into a first contract calling read-write set, a first endorsement signature is generated based on the first contract calling read-write set, the first endorsement signature is sent to a first client to indicate the first client to perform consistency check, after the consistency check is passed, a consensus operation is triggered, after the consensus is passed, ciphertext data is uploaded to a block chain in a triggering mode, the ciphertext data can be stored in the block chain, and privacy of data sharing is guaranteed.
In one embodiment, as shown in fig. 3, the method further comprises:
s302: and starting a contract scheduler, creating a trusted execution environment when the contract scheduler receives a contract initialization request, and loading a contract execution engine and an intelligent contract.
The first electronic device starts the contract scheduler, sends the contract initialization request to the contract scheduler after receiving the contract initialization request so as to instruct the contract scheduler to create a trusted execution environment, and loads the contract execution engine and the intelligent contract in the trusted execution environment.
S304: the trusted execution environment is remotely certified by a contract scheduler and a remote certification report is uploaded into the blockchain.
The first electronic device remotely certifies the trusted execution environment through the contract scheduler, the remote certification comprises integrity measurement and identity key citation, the integrity measurement solves the problem of 'what to certify', the identity key citation solves the problem of 'how to certify', and the first electronic device obtains a remote certification report according to the remote certification and uploads the remote certification report to the block chain.
S306: and informing the contract execution engine through the contract scheduler to call the intelligent contract for initialization.
After the remote certification is passed, the first electronic equipment informs the contract execution engine through the contract scheduler so that the contract execution engine calls the intelligent contract for initialization.
In this embodiment, by starting the contract scheduler, when the contract scheduler receives a contract initialization request, a trusted execution environment is created, a contract execution engine and an intelligent contract are loaded, the trusted execution environment is remotely certified by the contract scheduler, a remote certification report is uploaded to a block chain, and the contract execution engine is notified by the contract scheduler to call the intelligent contract for initialization, so that the security of the trusted execution environment can be ensured, the intelligent contract is initialized, and the intelligent contract can generate target data.
In one embodiment, as shown in fig. 4, there is provided a blockchain data processing method executed by a second electronic device, where a second intelligent contract, a contract execution engine and a blockchain contract interface are deployed in a trusted execution environment of the second electronic device, the method including the steps of:
s402: and receiving a data verification request, wherein the data verification request carries a data identifier.
The second electronic device is a node in the block chain, and the trusted execution environment in the first electronic device is deployed with a first intelligent contract, a contract execution engine and a block chain contract interface. And the second electronic equipment receives a data verification request, wherein the data verification request carries a data identifier, and the data identifier is used for indicating the ciphertext data.
S404: and acquiring ciphertext data corresponding to the data identifier from the block chain based on the block chain contract interface, and performing security check on the ciphertext data based on the block chain contract interface.
And the second electronic equipment acquires the ciphertext data corresponding to the data identifier from the block chain based on the block chain contract interface, and firstly, safety verification is carried out on the ciphertext data to ensure the safety and credibility of the data. Specifically, the merkel proof can be used to check the ciphertext data, and the merkel proof only needs the full amount of block header information in the chain to prove whether the transaction exists in a certain block.
S406: and if the safety check is passed, decrypting the ciphertext data based on the block chaining contract interface to obtain decrypted plaintext data.
If the current ciphertext data exists in a certain block, the current ciphertext data is credible, and the security check is passed. And the second electronic equipment decrypts the ciphertext data based on the block chaining contract interface to obtain decrypted plaintext data.
S408: and verifying whether the plaintext data meets the target service condition through the second intelligent contract, and returning a verification result.
And the second electronic equipment verifies whether the plaintext data meets the target service condition through the second intelligent contract, returns a verification result, and executes the target service if the plaintext data meets the target service condition through verification.
In this embodiment, by receiving the data verification request, ciphertext data corresponding to the data identifier is acquired from the blockchain based on the blockchain contract interface, security check is performed on the ciphertext data based on the blockchain contract interface, and if the security check is passed, the ciphertext data is decrypted based on the blockchain contract interface to obtain decrypted plaintext data, so that data outside the trusted execution environment are both ciphertext data, and the block chain data sharing privacy security is ensured.
In one embodiment, the method further comprises: calling a contract running program to store the verification result into a second contract calling read-write set; and calling the read-write set based on the second contract to generate a second endorsement signature, sending the second endorsement signature to the second client to indicate the second client to carry out consistency check, triggering consensus operation after the consistency check is passed, and triggering to upload a verification result to the block chain after the consensus is passed.
The contract operation program is called to store the ciphertext data into a second contract calling read-write set, and all read-write data records of the second contract are stored in the second contract calling read-write set. And then the second electronic equipment calls the read-write set to generate a second endorsement signature based on a second contract, and sends the second endorsement signature to the second client, so that the second client checks the consistency, if the consistency check is passed, common identification operation is triggered, common identification is checked, and after the common identification check is passed, ciphertext data are uploaded to the block chain.
In this embodiment, a contract running program is called to store a verification result in a second contract calling read-write set, a second endorsement signature is generated based on the second contract calling read-write set, the second endorsement signature is sent to a second client to indicate the second client to perform consistency check, after the consistency check is passed, a consensus operation is triggered, and after the consensus passes, the verification result is triggered to be uploaded to a block chain, so that ciphertext data can be stored in the block chain, and privacy of data sharing is guaranteed.
In one embodiment, a privacy contract implementation method based on TEE and WASM is provided, for example, a credential file is generated based on an intelligent contract, a privacy contract architecture is shown in fig. 5, and the method includes the following steps:
company Z develops a proof of revenue for user a:
1. the Z company prepares the certification information of the A user;
2. a Z company initiates a certification file generation request of a privacy contract to first electronic equipment and transmits to-be-processed data corresponding to the certification file;
3. the first electronic equipment transmits a certification file generation request to a WASM contract scheduler based on the WASM contract scheduler, the WASM contract scheduler calls a WASM contract and transfers the request to a WASM contract execution engine, and the execution engine calls a method for generating a certification file by an intelligent contract and accesses parameters.
4. The first electronic equipment generates a certification file according to the input parameters through an intelligent contract;
5. the first electronic equipment encrypts the certification file based on the block chaining contract interface to obtain a ciphertext file, then calls a WASM running program, and is responsible for finally chaining data during running;
6. the first electronic equipment generates a read-write set called by a contract, generates a signature endorsement based on the read-write set and returns the signature endorsement to the first terminal;
7. the first electronic equipment indicates the first terminal to verify the consistency of the response, and after the consistency is passed, a transaction is constructed and sent to the consensus node;
8. after the transaction consensus verification is passed, the submitting node writes the encrypted income certificate into an account book;
9. the income certification of the user A is completed.
Company Y verifies the revenue proof of user a:
1. the user A sends the unique identifier of the certificate to the second electronic equipment of the company Y, and the second electronic equipment initiates a certificate verification request to the blockchain;
2. the second electronic equipment acquires a ciphertext file corresponding to the data identifier from the block chain based on the block chain contract interface;
3. the second electronic equipment verifies the returned data based on the Merckel proof based on the block chain contract interface, and the safety and the credibility of the data are ensured;
4. the second electronic device verifies the remote attestation of the trusted execution environment and returns a verification result;
5. the second electronic equipment decrypts the ciphertext file based on the region cross-link contract interface to obtain a plaintext file, and returns the plaintext file to the second intelligent contract;
6. the second electronic equipment verifies whether the plaintext file meets the target service condition and returns a verification result;
7. the second electronic equipment generates a read-write set called by the contract, signs the endorsement and returns a response to the second terminal;
8. the second terminal verifies the consistency of the response, establishes a transaction after the response is passed and sends the transaction to the consensus node;
9. after the transaction consensus verification is passed, the submitting node writes the encrypted income certificate into an account book;
10. and the Y company obtains the execution result and executes the subsequent business process.
In the embodiment, the WASM intelligent contract is introduced into the block chain and executed in the TEE environment, so that on one hand, privacy safety in the contract execution process is protected, on the other hand, the difficulty of development and deployment is reduced, and the usability is improved.
It should be understood that, although the steps in the flowcharts related to the embodiments are shown in sequence as indicated by the arrows, the steps are not necessarily executed in sequence as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a part of the steps in the flowcharts related to the above embodiments may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of performing the steps or stages is not necessarily sequential, but may be performed alternately or alternately with other steps or at least a part of the steps or stages in other steps.
Based on the same inventive concept, the embodiment of the present application further provides a block chain data processing apparatus for implementing the above related block chain data processing method. The implementation scheme for solving the problem provided by the apparatus is similar to the implementation scheme described in the above method, so specific limitations in one or more embodiments of the following block chain data processing apparatus may refer to the above limitations on the block chain data processing method, and details are not described herein again.
In one embodiment, as shown in fig. 6, there is provided a block chain data processing apparatus including: receiving module 10, generating module 20, encrypting module 30 and saving module 40, wherein:
the receiving module 10 is configured to receive a data generation request, and forward the data generation request to a contract execution engine in the trusted execution environment.
And the generating module 20 is configured to generate corresponding target data based on the contract execution engine invoking the first intelligent contract.
The encryption module 30 is configured to encrypt the target data based on a block chaining contract interface in the trusted execution environment to obtain ciphertext data.
And the saving module 40 is used for calling the contract running program to upload the ciphertext data to the block chain.
In one embodiment, the data generation request carries data to be processed, and the generation module 20 includes: parameter acquisition unit and data transmission unit, wherein:
and the parameter acquisition unit is used for acquiring the input parameters of the first intelligent contract based on the data to be processed.
And the data transmission unit is used for transmitting the input parameters to the first intelligent contract so as to indicate the first intelligent contract to process according to the input parameters to obtain target data.
In one embodiment, the saving module 40 includes: ciphertext memory cell and ciphertext upload the unit, wherein:
and the ciphertext storage unit is used for calling the contract running program to store the ciphertext data into the first contract calling read-write set.
And the ciphertext uploading unit is used for calling the read-write set to generate a first endorsement signature based on a first contract, sending the first endorsement signature to the first client to indicate the first client to carry out consistency check, triggering consensus operation after the consistency check is passed, and triggering ciphertext data to be uploaded to the block chain after the consensus is passed.
In one embodiment, the saving module 40 further comprises: a contract initiation unit, a remote attestation unit, and a contract execution unit, wherein:
the contract starting unit is used for starting the contract scheduler, creating a trusted execution environment when the contract scheduler receives a contract initialization request, and loading a contract execution engine and an intelligent contract;
the remote certification unit is used for remotely certifying the trusted execution environment through the contract scheduler and uploading a remote certification report to the block chain;
and the contract execution unit is used for informing the contract execution engine through the contract scheduler to call the intelligent contract for initialization.
In one embodiment, as shown in fig. 7, there is provided a block chain data processing apparatus including: a request module 50, an acquisition module 60, a decryption module 70 and a verification module 80, wherein:
a request module 50, configured to receive a data verification request, where the data verification request carries a data identifier;
an obtaining module 60, configured to obtain ciphertext data corresponding to the data identifier from the block chain based on the block chaining contract interface, and perform security check on the ciphertext data based on the block chaining contract interface;
the decryption module 70 is configured to decrypt the ciphertext data based on the block chaining contract interface if the security check passes, so as to obtain decrypted plaintext data;
and the verification module 80 is configured to verify whether the plaintext data meets the target service condition through the second intelligent contract, and return a verification result.
In one embodiment, the verification module 80 further comprises: a verification storage unit and a verification uploading unit, wherein:
the verification storage unit is used for calling the contract running program to store the verification result into a second contract calling read-write set;
and the verification uploading unit is used for calling the read-write set based on the second contract to generate a second endorsement signature, sending the second endorsement signature to the second client so as to indicate the second client to carry out consistency verification, triggering consensus operation after the consistency verification is passed, and uploading a verification result to the block chain after the consensus is passed.
The respective modules in the above block chain data processing apparatus may be wholly or partially implemented by software, hardware, and a combination thereof. The modules can be embedded in a hardware form or independent of a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a first electronic device or a second electronic device, and the internal structure thereof may be as shown in fig. 8. The electronic device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the electronic device is configured to provide computing and control capabilities. The memory of the electronic device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operating system and the computer program to run on the non-volatile storage medium. The database of the electronic device is used to store blockchain data. The network interface of the electronic device is used for connecting and communicating with an external terminal through a network. The electronic program is executed by a processor to implement a block chain data processing method.
Those skilled in the art will appreciate that the architecture shown in fig. 8 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, an electronic device is provided, comprising a memory and a processor, the memory having a computer program stored therein, the processor implementing the following steps when executing the computer program: receiving a data generation request, and forwarding the data generation request to a contract execution engine in a trusted execution environment; calling a first intelligent contract based on a contract execution engine to generate corresponding target data; encrypting the target data based on a block chaining contract interface in the trusted execution environment to obtain ciphertext data; and calling a contract running program to upload the ciphertext data to the block chain.
In one embodiment, a data generation request involved in execution of a computer program by a processor carries data to be processed; invoking a first intelligent contract based on a contract execution engine to generate corresponding target data, comprising: acquiring input parameters of a first intelligent contract based on data to be processed; and transmitting the input parameters to the first intelligent contract to indicate the first intelligent contract to process according to the input parameters to obtain target data.
In one embodiment, the invoking contract run program involved in the processor executing the computer program to upload ciphertext data to the blockchain comprises: calling a contract running program to store the ciphertext data into a first contract calling read-write set; calling a read-write set based on a first contract to generate a first endorsement signature, sending the first endorsement signature to a first client to indicate the first client to carry out consistency check, triggering consensus operation after the consistency check is passed, and triggering ciphertext data to be uploaded to a block chain after the consensus is passed.
In one embodiment, the processor, when executing the computer program, further performs the steps of: starting a contract scheduler, creating a trusted execution environment when the contract scheduler receives a contract initialization request, and loading a contract execution engine and an intelligent contract; remotely proving the trusted execution environment through a contract scheduler, and uploading a remote proving report to a block chain; and informing the contract execution engine through the contract scheduler to call the intelligent contract for initialization.
In one embodiment, an electronic device is provided, comprising a memory having a computer program stored therein and a processor that when executing the computer program performs the steps of: receiving a data verification request, wherein the data verification request carries a data identifier; acquiring ciphertext data corresponding to the data identifier from the block chain based on the block chain contract interface, and performing security check on the ciphertext data based on the block chain contract interface; if the safety check is passed, the ciphertext data is decrypted based on the block chaining contract interface to obtain decrypted plaintext data; and verifying whether the plaintext data meets the target service condition through a second intelligent contract, and returning a verification result.
In one embodiment, the processor, when executing the computer program, further performs the steps of: calling a contract running program to store the verification result into a second contract calling read-write set; and calling the read-write set based on the second contract to generate a second endorsement signature, sending the second endorsement signature to the second client to indicate the second client to carry out consistency check, triggering consensus operation after the consistency check is passed, and triggering to upload a verification result to the block chain after the consensus is passed.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of: receiving a data generation request, and forwarding the data generation request to a contract execution engine in a trusted execution environment; calling a first intelligent contract based on a contract execution engine to generate corresponding target data; encrypting the target data based on a block chaining contract interface in the trusted execution environment to obtain ciphertext data; and calling a contract running program to upload the ciphertext data to the block chain.
In one embodiment, a data generation request involved in the execution of the computer program by the processor carries data to be processed; invoking a first intelligent contract based on a contract execution engine to generate corresponding target data, comprising: acquiring input parameters of a first intelligent contract based on data to be processed; and transmitting the input parameters to the first intelligent contract to indicate the first intelligent contract to process according to the input parameters to obtain target data.
In one embodiment, the computer program, when executed by the processor, involves invoking a contract execution program to upload ciphertext data to the blockchain, comprising: calling a contract running program to store the ciphertext data into a first contract calling read-write set; and calling a read-write set based on a first contract to generate a first endorsement signature, sending the first endorsement signature to a first client to indicate the first client to carry out consistency check, triggering consensus operation after the consistency check is passed, and triggering ciphertext data to be uploaded to a block chain after the consensus is passed.
In one embodiment, the computer program when executed by the processor further performs the steps of: starting a contract scheduler, creating a trusted execution environment when the contract scheduler receives a contract initialization request, and loading a contract execution engine and an intelligent contract; remotely certifying the trusted execution environment through a contract scheduler, and uploading a remote certification report to a block chain; and informing the contract execution engine through the contract scheduler to call the intelligent contract for initialization.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of: receiving a data verification request, wherein the data verification request carries a data identifier; acquiring ciphertext data corresponding to the data identifier from the block chain based on the block chain contract interface, and performing security check on the ciphertext data based on the block chain contract interface; if the safety check is passed, decrypting the ciphertext data based on the block chaining contract interface to obtain decrypted plaintext data; and verifying whether the plaintext data meets the target service condition through the second intelligent contract, and returning a verification result.
In one embodiment, the computer program when executed by the processor further performs the steps of: calling a contract running program to store the verification result into a second contract calling read-write set; and calling the read-write set based on the second contract to generate a second endorsement signature, sending the second endorsement signature to the second client to indicate the second client to carry out consistency check, triggering consensus operation after the consistency check is passed, and triggering to upload a verification result to the block chain after the consensus is passed.
In one embodiment, a computer program product is provided, comprising a computer program which, when executed by a processor, performs the steps of: receiving a data generation request, and forwarding the data generation request to a contract execution engine in a trusted execution environment; calling a first intelligent contract based on a contract execution engine to generate corresponding target data; encrypting the target data based on a block chaining contract interface in the trusted execution environment to obtain ciphertext data; and calling a contract running program to upload the ciphertext data to the block chain.
In one embodiment, a computer program, when executed by a processor, involves a data generation request carrying data to be processed; invoking a first intelligent contract based on a contract execution engine to generate corresponding target data, comprising: acquiring input parameters of a first intelligent contract based on data to be processed; and transmitting the input parameters to the first intelligent contract to indicate the first intelligent contract to process according to the input parameters to obtain target data.
In one embodiment, the computer program, when executed by the processor, involves invoking a contract execution program to upload ciphertext data to the blockchain, comprising: calling a contract running program to store the ciphertext data into a first contract calling read-write set; and calling a read-write set based on a first contract to generate a first endorsement signature, sending the first endorsement signature to a first client to indicate the first client to carry out consistency check, triggering consensus operation after the consistency check is passed, and triggering ciphertext data to be uploaded to a block chain after the consensus is passed.
In one embodiment, the computer program when executed by the processor further performs the steps of: starting a contract scheduler, creating a trusted execution environment when the contract scheduler receives a contract initialization request, and loading a contract execution engine and an intelligent contract; remotely certifying the trusted execution environment through a contract scheduler, and uploading a remote certification report to a block chain; the contract execution engine is notified by the contract scheduler to invoke the intelligent contract for initialization.
In one embodiment, a computer program product is provided, comprising a computer program which, when executed by a processor, performs the steps of: receiving a data verification request, wherein the data verification request carries a data identifier; acquiring ciphertext data corresponding to the data identifier from the block chain based on the block chain contract interface, and performing security check on the ciphertext data based on the block chain contract interface; if the safety check is passed, decrypting the ciphertext data based on the block chaining contract interface to obtain decrypted plaintext data; and verifying whether the plaintext data meets the target service condition through the second intelligent contract, and returning a verification result.
In one embodiment, the computer program when executed by the processor further performs the steps of: calling a contract running program to store the verification result into a second contract calling read-write set; and calling the read-write set based on the second contract to generate a second endorsement signature, sending the second endorsement signature to the second client to indicate the second client to carry out consistency check, triggering consensus operation after the consistency check is passed, and triggering to upload a verification result to the block chain after the consensus is passed.
It should be noted that the blockchain data (including but not limited to the data to be processed, the target data generated, the data for analysis, the stored data, the data displayed, and the like) referred to in the present application are all information and data authorized by the user or sufficiently authorized by each party.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware related to instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, database, or other medium used in the embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include a Read-Only Memory (ROM), a magnetic tape, a floppy disk, a flash Memory, an optical Memory, a high-density embedded nonvolatile Memory, a resistive Random Access Memory (ReRAM), a Magnetic Random Access Memory (MRAM), a Ferroelectric Random Access Memory (FRAM), a Phase Change Memory (PCM), a graphene Memory, and the like. Volatile Memory can include Random Access Memory (RAM), external cache Memory, and the like. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), for example. The databases referred to in various embodiments provided herein may include at least one of relational and non-relational databases. The non-relational database may include, but is not limited to, a block chain based distributed database, and the like. The processors referred to in the various embodiments provided herein may be, without limitation, general purpose processors, central processing units, graphics processors, digital signal processors, programmable logic devices, quantum computing-based data processing logic devices, or the like.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above examples only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present application. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present application shall be subject to the appended claims.

Claims (10)

1. A blockchain data processing method executed by a first electronic device having a first smart contract, a contract execution engine, and a blockchain contract interface deployed in a trusted execution environment of the first electronic device, the method comprising:
receiving a data generation request, and forwarding the data generation request to a contract execution engine in the trusted execution environment;
calling a first intelligent contract to generate corresponding target data based on the contract execution engine;
encrypting the target data based on a block chaining contract interface in the trusted execution environment to obtain ciphertext data;
and calling a contract running program to upload the ciphertext data to the block chain.
2. The method of claim 1, wherein the data generation request carries data to be processed; the method for generating the corresponding target data based on the contract execution engine calling the first intelligent contract comprises the following steps:
acquiring input parameters of a first intelligent contract based on the data to be processed;
and transmitting the input parameters to the first intelligent contract to indicate the first intelligent contract to process according to the input parameters to obtain target data.
3. The method of claim 1, wherein invoking the contract running program to upload the ciphertext data to a blockchain comprises:
calling a contract running program to store the ciphertext data into a first contract calling read-write set;
and calling a read-write set based on the first contract to generate a first endorsement signature, sending the first endorsement signature to a first client to indicate the first client to carry out consistency check, triggering consensus operation after the consistency check is passed, and triggering to upload the ciphertext data to a block chain after the consensus is passed.
4. The method of claim 1, further comprising:
starting a contract scheduler, creating a trusted execution environment when the contract scheduler receives a contract initialization request, and loading a contract execution engine and an intelligent contract;
remotely certifying a trusted execution environment through the contract scheduler, and uploading a remote certification report to a block chain;
notifying, by the contract scheduler, the contract execution engine to invoke the intelligent contract for initialization.
5. A blockchain data processing method executed by a second electronic device having a second smart contract, a contract execution engine, and a blockchain contract interface deployed in a trusted execution environment of the second electronic device, the method comprising:
receiving a data verification request, wherein the data verification request carries a data identifier;
acquiring ciphertext data corresponding to the data identifier from a block chain based on the block chain contract interface, and performing security check on the ciphertext data based on the block chain contract interface;
if the security check is passed, decrypting the ciphertext data based on the block chain contract interface to obtain decrypted plaintext data;
and verifying whether the plaintext data meets the target service condition through the second intelligent contract, and returning a verification result.
6. The method of claim 5, further comprising:
calling a contract running program to store the verification result into a second contract calling read-write set;
and calling a read-write set based on the second contract to generate a second endorsement signature, sending the second endorsement signature to a second client to indicate the second client to carry out consistency check, triggering common identification operation after the consistency check is passed, and triggering to upload the verification result to a block chain after the common identification is passed.
7. An apparatus for block chain data processing, the apparatus comprising:
a receiving module, configured to receive a data generation request, and forward the data generation request to a contract execution engine in the trusted execution environment;
the generation module is used for calling a first intelligent contract to generate corresponding target data based on the contract execution engine;
the encryption module is used for encrypting the target data based on a block chaining contract interface in the trusted execution environment to obtain ciphertext data;
and the storage module is used for calling a contract operation program to upload the ciphertext data to the block chain.
8. An apparatus for block chain data processing, the apparatus comprising:
the request module is used for receiving a data verification request, and the data verification request carries a data identifier;
the obtaining module is used for obtaining ciphertext data corresponding to the data identifier from a block chain based on the block chain contract interface and carrying out security check on the ciphertext data based on the block chain contract interface;
the decryption module is used for decrypting the ciphertext data based on the block chain contract interface if the security check is passed, so as to obtain decrypted plaintext data;
and the verification module is used for verifying whether the plaintext data meets the target service condition through the second intelligent contract and returning a verification result.
9. An electronic device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the method of any of claims 1 to 4 or 5 to 6.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 4 or 5 to 6.
CN202211705020.XA 2022-12-29 2022-12-29 Block chain data processing method and device, electronic equipment and storage medium Pending CN115952519A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211705020.XA CN115952519A (en) 2022-12-29 2022-12-29 Block chain data processing method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211705020.XA CN115952519A (en) 2022-12-29 2022-12-29 Block chain data processing method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN115952519A true CN115952519A (en) 2023-04-11

Family

ID=87282195

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211705020.XA Pending CN115952519A (en) 2022-12-29 2022-12-29 Block chain data processing method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115952519A (en)

Similar Documents

Publication Publication Date Title
CN111475849B (en) Private data query method and device based on blockchain account
CN110580413B (en) Private data query method and device based on down-link authorization
CN110580412B (en) Permission query configuration method and device based on chain codes
CN110881063B (en) Storage method, device, equipment and medium of private data
CN110162992B (en) Data processing method, data processing device and computer system
EP3961974B1 (en) Block content editing methods and apparatuses
CN110580245B (en) Private data sharing method and device
Hao et al. Deleting secret data with public verifiability
CN111475850B (en) Intelligent contract-based privacy data query method and device
CN113114476B (en) Privacy evidence storing method and device based on contract
CN110580411B (en) Permission query configuration method and device based on intelligent contract
CN107370595A (en) One kind is based on fine-grained ciphertext access control method
CN112669147B (en) Service request method and device based on block chain
KR102282788B1 (en) Blockchain system for supporting change of plain text data included in transaction
CN117155549A (en) Key distribution method, key distribution device, computer equipment and storage medium
CN116232639B (en) Data transmission method, device, computer equipment and storage medium
CN114499875A (en) Service data processing method and device, computer equipment and storage medium
CN114896621B (en) Application service acquisition method, encryption method, device and computer equipment
CN116684102A (en) Message transmission method, message verification method, device, equipment, medium and product
CN111125734B (en) Data processing method and system
Liu et al. Video data integrity verification method based on full homomorphic encryption in cloud system
CN115952519A (en) Block chain data processing method and device, electronic equipment and storage medium
CN116882983A (en) Resource transfer method, device, computer equipment and storage medium
CN117313147A (en) Data storage sharing method, device, chip and terminal
CN117195166A (en) Component source code protection method, device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination