CN117743455A - Block chain-based data processing method, device, equipment, medium and product - Google Patents

Block chain-based data processing method, device, equipment, medium and product Download PDF

Info

Publication number
CN117743455A
CN117743455A CN202211116846.2A CN202211116846A CN117743455A CN 117743455 A CN117743455 A CN 117743455A CN 202211116846 A CN202211116846 A CN 202211116846A CN 117743455 A CN117743455 A CN 117743455A
Authority
CN
China
Prior art keywords
contract
service
data
blockchain
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211116846.2A
Other languages
Chinese (zh)
Inventor
卢光宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Cloud Computing Beijing Co Ltd
Original Assignee
Tencent Cloud Computing Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Cloud Computing Beijing Co Ltd filed Critical Tencent Cloud Computing Beijing Co Ltd
Priority to CN202211116846.2A priority Critical patent/CN117743455A/en
Publication of CN117743455A publication Critical patent/CN117743455A/en
Pending legal-status Critical Current

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiment of the application provides a data processing method, a device, equipment, a medium and a product based on a block chain, wherein the data processing method based on the block chain comprises the following steps: receiving a service request sent by a service object, wherein the service request carries service data of a requested blockchain service, and the service data comprises contract identification data and contract execution data; the service data is transmitted into a trusted execution environment, and a target service computing contract corresponding to the contract identification data is deployed in the trusted execution environment; executing a target service calculation contract in a trusted execution environment based on contract execution data to obtain a service execution result of the blockchain service; and uploading the service execution result to a block chain for storage, and returning the service execution result to the service object. By adopting the embodiment of the application, the requested block chain service can be executed in a trusted execution environment, and the execution process of the block chain service is effectively protected from being disclosed.

Description

Block chain-based data processing method, device, equipment, medium and product
Technical Field
The present application relates to the field of computer technology, and in particular, to a data processing method based on a blockchain, a data processing apparatus based on a blockchain, a computer device, a computer readable storage medium, and a computer program product.
Background
With the rapid development of computer technology, blockchains are widely used in various large business scenarios, and based on the advantages of non-tampering, traceability and the like of the blockchains, the business execution process combined with the blockchains (i.e., the execution process of the blockchain business (or may be called as a blockchain transaction)) becomes safe and reliable. In general, data in a blockchain service (e.g., service data involved in executing the blockchain service, intelligence contracts required to execute the blockchain service, etc.) is disclosed to participants of the blockchain, that is, the execution of the blockchain service is disclosed to participants of the blockchain; currently, the execution process of the protection blockchain service is not disclosed, and the realization of "available but invisible" data in the blockchain service becomes a requirement of more and more blockchain participants. Therefore, how to protect the execution process of the blockchain service is not disclosed, and the implementation process is a current research hotspot.
Disclosure of Invention
The embodiment of the application provides a data processing method, device, equipment, medium and product based on a blockchain, which can execute requested blockchain service in a trusted execution environment and effectively protect the execution process of the blockchain service from being disclosed.
In one aspect, an embodiment of the present application provides a data processing method based on a blockchain, including:
receiving a service request sent by a service object, wherein the service request carries service data of a requested blockchain service, and the service data comprises contract identification data and contract execution data;
the service data is transmitted into a trusted execution environment, and a target service computing contract corresponding to the contract identification data is deployed in the trusted execution environment;
executing a target service calculation contract in a trusted execution environment based on contract execution data to obtain a service execution result of the blockchain service;
and uploading the service execution result to a block chain for storage, and returning the service execution result to the service object.
Accordingly, embodiments of the present application provide a blockchain-based data processing device, including:
the communication unit is used for receiving a service request sent by a service object, wherein the service request carries service data of the requested blockchain service, and the service data comprises contract identification data and contract execution data;
the processing unit is used for transmitting the service data into a trusted execution environment, and a target service computing contract corresponding to the contract identification data is deployed in the trusted execution environment;
The processing unit is also used for executing the target service calculation contract in the trusted execution environment based on contract execution data to obtain a service execution result of the block chain service;
and the communication unit is also used for uploading the service execution result to the blockchain for storage and returning the service execution result to the service object.
In one implementation, the contract identification data includes a contract name identification and a contract method identification; one or more business computing contracts are deployed in the trusted execution environment; the processing unit is used for executing the target service calculation contract in the trusted execution environment based on contract execution data, and is particularly used for executing the following steps when the service execution result of the blockchain service is obtained:
searching a target business computing contract corresponding to the contract name identification in a trusted execution environment, wherein the target business computing contract comprises one or more contract methods;
acquiring a target contract method corresponding to a contract method identifier in a target business computing contract;
and executing the target contract method in the trusted execution environment based on the contract execution data to obtain a service execution result of the blockchain service.
In one implementation, an interface contract corresponding to a target business computing contract is deployed in the blockchain, the interface contract defining data required to execute the target business computing contract;
The communication unit is also used for calling the interface contract to acquire the blockchain data required by executing the target business computing contract from the blockchain based on the definition of the interface contract;
the processing unit is also used for transmitting the blockchain data into a trusted execution environment;
the processing unit is used for executing the target service calculation contract in the trusted execution environment based on contract execution data, and is particularly used for executing the following steps when the service execution result of the blockchain service is obtained:
and executing the target service calculation contract in the trusted execution environment based on the contract execution data and the blockchain data to obtain a service execution result of the blockchain service.
In one implementation, the business data and blockchain data are encrypted by a public key of the trusted execution environment prior to being passed into the trusted execution environment; the processing unit is further used for executing the following steps:
decrypting the service data by adopting a private key of the trusted execution environment;
and decrypting the blockchain data by adopting a private key of the trusted execution environment.
In one implementation, the processing unit, before being configured to transfer the service data into the trusted execution environment, is further configured to perform the following steps:
identity authentication is carried out on the business object;
After the identity of the business object passes, triggering the execution of the step of transmitting the business data into the trusted execution environment.
In one implementation, the service request also carries a signature of the service data, wherein the signature of the service data is obtained by signing the service data by adopting a private key of the service object; the processing unit is used for executing the following steps when the identity of the business object is authenticated:
signing the signature of the service data by adopting a public key of the service object;
if the signature verification of the service data is successful, a trusted object list is obtained, wherein the trusted object list comprises object identifiers of one or more trusted objects;
and if the trusted object list comprises the object identification of the service object, determining that the identity authentication of the service object passes.
In one implementation, an interface contract corresponding to a target service computation contract is deployed in the blockchain, and the interface contract defines data to be uploaded to the blockchain after the target service computation contract is executed;
the communication unit is used for uploading the service execution result to the blockchain for storage, and is specifically used for executing the following steps:
calling an interface contract to send a service execution result to the blockchain so that the blockchain stores the service execution result after the service execution result passes verification;
Wherein, the service execution result is data assembled according to the definition of the interface contract.
In one implementation, the service execution results include a contract execution result of the target service computing contract and the target service computing contract, the service execution result being signed by a private key of the trusted execution environment; the verification process of the block chain on the service execution result comprises the following steps:
acquiring a remote certification file corresponding to the target business computing contract, and checking the legitimacy of the trusted execution environment based on the remote certification file;
if the validity of the trusted execution environment is checked, checking the service execution result by adopting a public key of the trusted execution environment;
if the service execution result is checked successfully, comparing the target service calculation contract in the service execution result with the target service calculation contract stored in the blockchain;
if the target business calculation contract in the business execution result is the same as the target business calculation contract stored in the blockchain, determining that the business execution result passes the verification.
In one implementation, the processing unit is further configured to perform the steps of:
responding to a contract deployment request sent by a contract deployment object, and performing identity authentication on the contract deployment object; the contract deployment request carries the contract to be deployed;
And if the identity authentication of the contract deployment object passes, deploying the contract to be deployed.
In one implementation, the contracts to be deployed include a target business computing contract and an interface contract corresponding to the target business computing contract; the processing unit is used for executing the following steps when deploying the contracts needing to be deployed:
deploying the target business computing contract into a trusted execution environment;
the interface contracts are deployed into the blockchain.
In one implementation, the processing unit is configured to, when deploying the target business computing contract into the trusted execution environment, specifically perform the following steps:
compiling the target business computing contract to obtain a compiling file of the target business computing contract;
and deploying the compiled file of the target business computing contract into a cache space of the trusted execution environment.
In one implementation, the processing unit is further configured to perform the steps of:
generating a remote certificate corresponding to the target business computing contract;
uploading the remote certificate of the target business computing contract, the compiled file of the target business computing contract and the target business computing contract to a blockchain for storage.
In one implementation, the processing unit is configured to, when deploying the interface contract into the blockchain, specifically perform the following steps:
compiling the interface contract to obtain a compiling file of the interface contract;
the compiled file of the interface contract is deployed into a blockchain, and a contract hash is calculated in the blockchain for the compiled file of the interface contract, wherein the contract hash is calculated based on the target business.
Accordingly, embodiments of the present application provide a computer device comprising:
a processor adapted to implement a computer program;
a computer readable storage medium storing a computer program adapted to be loaded by a processor and to perform the above described blockchain-based data processing method.
Accordingly, embodiments of the present application provide a computer readable storage medium storing a computer program which, when read and executed by a processor of a computer device, causes the computer device to perform the above-described blockchain-based data processing method.
Accordingly, embodiments of the present application provide a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer readable storage medium and executes the computer instructions to cause the computer device to perform the blockchain-based data processing method described above.
In the embodiment of the present application, after receiving a service request sent by a service object, service data of a requested blockchain service carried in the service request may be transferred into a trusted execution environment, where the service data may include contract identification data and contract execution data, and a target service computing contract corresponding to the contract identification data is deployed in the trusted execution environment; then, the target service calculation contract can be executed in the trusted execution environment based on the contract execution data to obtain a service execution result of the blockchain service. As can be seen from the foregoing, in the embodiments of the present application, the data related to the blockchain service is in the trusted execution environment (i.e., the service data related to the blockchain service is transferred into the trusted execution environment), and the target service computation contract related to the blockchain service is deployed in the trusted execution environment, and the target service computation is executed in the trusted execution environment, that is, the execution process of the blockchain service is in the trusted execution environment, which can effectively protect the execution process of the blockchain service from being disclosed.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a block chain network architecture according to an embodiment of the present application;
FIG. 2 is a block chain architecture diagram provided in an embodiment of the present application;
fig. 3 is a schematic structural diagram of a block generation process according to an embodiment of the present application;
FIG. 4a is a schematic diagram of a block chain based data processing system according to an embodiment of the present application;
FIG. 4b is a schematic diagram of an architecture of another blockchain-based data processing system provided by embodiments of the present application;
FIG. 4c is a schematic diagram of an architecture of another blockchain-based data processing system provided in an embodiment of the present application;
FIG. 5 is a flowchart of a data processing method based on a blockchain according to an embodiment of the present application;
FIG. 6 is a flow chart of another method for processing data based on blockchain according to an embodiment of the present application;
FIG. 7 is a schematic diagram of a data processing operating system according to an embodiment of the present application;
FIG. 8 is a schematic diagram of a contract deployment process provided by an embodiment of the present application;
FIG. 9 is a schematic diagram of a contract execution flow provided by an embodiment of the present application;
FIG. 10 is a block chain based data processing apparatus according to an embodiment of the present application;
Fig. 11 is a schematic structural diagram of a computer device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.
In order to more clearly understand the technical solutions provided by the embodiments of the present application, key terms related to the embodiments of the present application are described herein:
(1) A blockchain network. The blockchain network, i.e., P2P (Peer to Peer) network, is a network of point-to-point connections, where each node of the point-to-point connection is called a Peer node, and the P2P network is based on a specific network protocol, so that a central node is not required between Peer nodes to maintain a network state, and each node maintains a node state of the whole network and a connection state of the node with a neighboring node through broadcast interaction with the neighboring node.
The P2P network may be understood as the data sharing system 10 shown in fig. 1. The data sharing system 10 refers to a system for performing data sharing between nodes, where the data sharing system may include a plurality of nodes 101, and the plurality of nodes 101 may be respective clients, terminals, or servers in the data sharing system. Each node 101 may receive input information while performing normal operation and maintain shared data within the data sharing system based on the received input information. In order to ensure the information intercommunication in the data sharing system, information connection can exist between each node in the data sharing system, and the nodes can transmit information through the information connection. For example, when any node in the data sharing system receives input information, other nodes in the data sharing system acquire the input information according to a consensus algorithm, and store the input information as data in the shared data, so that the data stored on all nodes in the data sharing system are consistent. Each node in the data sharing system has a node identifier corresponding to the node identifier, and each node in the data sharing system can store the node identifiers of other nodes in the data sharing system, so that the generated block can be broadcast to other nodes in the data sharing system according to the node identifiers of other nodes. Each node may maintain a node identifier list as shown in table 1 below, and the node names and node identifiers may be stored in the node identifier list. The node identifier may be an IP (Internet Protoc ol, protocol interconnected between networks) address and any other information that can be used to identify the node, and table 1 is only illustrated by taking an IP address as an example:
TABLE 1
Node name Node identification
Node 1 XXX.XXX.XXX.XX1
Node 2 XXX.XXX.XXX.XX2
Node N XXX.XXX.XXX.XXN
(2) A blockchain. Each node in the blockchain network stores the same blockchain, and the blockchain is a distributed account book technology in the field of information technology, and generally consists of common knowledge, transaction blocks, state data storage, cryptography identity security and other contents. The blockchain is composed of a plurality of blocks, and can be seen in the blockchain structure shown in fig. 2, the blockchain is composed of a plurality of blocks, an originating block in the blockchain comprises a block head and a block main body, the block head of the originating block stores an input information characteristic value, a version number, a timestamp and a difficulty value, and the block main body of the originating block stores input information; the next block of the starting block takes the starting block as a father block, the next block also comprises a block head and a block main body, the block head of the next block stores the block head characteristic value of the father block besides the input information characteristic value, the version number, the time stamp and the difficulty value of the current block, and the like, so that the block data stored in each block in the blockchain are associated with the block data stored in the father block, and the safety of the input information in the block is ensured.
When each block in the blockchain is generated, referring to the block generation process shown in fig. 3, when the node where the blockchain is located receives input information, checking the input information, after the checking is completed, storing the input information into a memory pool, and updating a hash tree for recording the input information; then, updating the update time stamp to the time of receiving the input information, trying different random numbers, and calculating the characteristic value for a plurality of times, so that the calculated characteristic value can meet the following formula:
SHA256(SHA256(version+prev_hash+merkle_root+ntime+nbits+x))<TARGET
wherein SHA256 (Secure Hash Algorithm, a secure hash algorithm) is a eigenvalue algorithm used to calculate eigenvalues; version (version number) is version information of the related block protocol in the block chain; the prev_hash is the block header characteristic value of the parent block of the current block; the merkle_root is a characteristic value of input information; ntime is the update time of the update timestamp; the nbits is the current difficulty, is a fixed value in a period of time, and is determined again after exceeding a fixed period of time; x is a random number; TARGET is a eigenvalue threshold that can be determined from nbits.
Thus, when the random number meeting the formula is calculated, the information can be correspondingly stored to generate the block head and the block main body, and the current block is obtained. And then, the node where the blockchain is located sends the newly generated blocks to other nodes in the data sharing system where the newly generated blocks are located according to the node identification of other nodes in the data sharing system, the other nodes verify the newly generated blocks, and the newly generated blocks are added into the blockchain stored in the newly generated blocks after the verification is completed.
(3) An intelligent contract. Smart Contract (Smart contact) is a computerized agreement that can execute the terms of a Contract for code implementation that is executed when certain conditions are met, for completing automated transactions based on actual business demand code; of course, the smart contract is not limited to executing the contract for the transaction, and may execute a contract that processes the received information.
(4) And (5) data protection calculation. Data protection computation (price computer or Privacy Computing) is a technique and system of joint computation by multiple (i.e., two or more) participants who perform joint machine learning and analysis of their data by collaboration without revealing the respective data. Under the framework of data protection and calculation, the data of the participators are not local, and the data is not visible.
(5) SGX. SGX (Software Guard Extensions, software guard extension) is a set of security related instructions that are built into a CPU (Central Processing Unit ). They allow user-state and kernel-state code definitions to set specific memory regions to private regions, which may be referred to as trusted execution environments (i.e., enclaves); wherein content in the trusted execution environment is protected from access by any process other than itself, including processes running at higher levels of rights.
Based on the above related description of key terms, embodiments of the present application provide a blockchain-based data processing scheme that may include two phases of contract deployment and contract execution:
for the contract deployment phase: the embodiment of the application provides a business calculation contract and an interface contract, wherein one business calculation contract can correspond to one interface contract, and the business calculation contract and the interface contract belong to intelligent contracts; the interface contracts corresponding to the business computation contracts can be used for acquiring the data required for executing the business computation contracts, and can also be used for uploading the data required to be stored into the blockchain for storage after the business computation contracts are executed. In the embodiment of the application, the business computing contracts are deployed in a trusted execution environment, and the interface contracts corresponding to the business computing contracts are deployed in a blockchain.
For the contract invocation phase: when a service request sent by a service object is received, service data carried in the service request can be transmitted into a trusted execution environment, and the service data can comprise contract identification data and contract execution data; then, based on the contract execution data, executing a target service calculation contract corresponding to the contract identification data in a trusted execution environment to obtain a service execution result of the requested blockchain service; or, the interface contract corresponding to the target service computing contract can be called, the blockchain data required by executing the target service computing contract can be obtained from the blockchain, and the target service computing contract corresponding to the contract identification data can be executed in the trusted execution environment based on the contract execution data and the blockchain data to obtain the service execution result of the requested blockchain service; after that, the interface contract corresponding to the target business computing contract can be called to upload the business execution result to the blockchain for storage, and the business execution result can be returned to the business object.
Based on the above scheme, on one hand, the data related to the execution process of the blockchain service are all in a trusted execution environment (the service data is transmitted into the trusted execution environment, the service computation contract is deployed in the trusted execution environment), and the service computation is executed in the trusted execution environment, that is, the execution process of the blockchain service is in the trusted execution environment, and the trusted execution environment can effectively protect the execution process of the blockchain service from being disclosed. On the other hand, through the definition of the interface contract corresponding to the business computation contract, all data required by executing the business computation contract can be acquired before the business computation contract is executed, repeated acquisition is not required in the execution process of the business computation contract, the execution process of the business computation contract can be more efficient, and the execution process of the blockchain business can be more efficient.
It should be noted that, the data processing scheme based on the blockchain provided in the embodiments of the present application may be implemented by a mini data processing operating system (Gramine). The data processing operating system is an SGX LibOS (SGX library operating system) project, and the Gramine itself directly interacts with the SGx AESM Gateway (SGX Application Enclave Services Manager Gateway, SGX application enclave service manager Gateway) service, so that the implementation is independent of the SGx SDK (SGX Software Development Kit ). Gramine currently encapsulates multiple Host ABIs (Host Application Binary Interface, host application binary interfaces), 36 of which require OCall (an untrusted function), and supports Inter-process communication for most systems V IPC (System V Inter-Process Communication, a Unix operating System), including fork (a function), exec (a function). Gramine currently contains approximately 5 ten thousand lines of LibOS code and 2 ten thousand lines of SGX PAL (SGX Programmable Array Logic ) code, which are very lightweight after compilation. The Gramine user-mode multi-process model is isolated by LibOS, i.e., a new OS (Operating System) process is started by creating a new Enclave. The LibOS uses RPC (Remote Procedure Call ) to simulate inter-process communication between processes.
The blockchain-based data processing system to which embodiments of the present application relate is described below in conjunction with fig. 4 a-4 c:
as in the data processing system shown in fig. 4a, a first terminal 401, a second terminal 402 and a server 403 may be included in the data processing system. The first terminal 401 may be a terminal device used by a contract deployment object, the second terminal 402 may be a terminal device used by a service object, the server 403 belongs to a blockchain network, a data processing operating system (Gramine) and a blockchain may be deployed in the server, and the data processing operating system (Gramine) and the blockchain are deployed in different areas of the server 403. In the data processing system shown in fig. 4 a:
for the contract deployment phase: the contract deployment object may send a contract deployment request to the server 403 through the first terminal 401, where the contract deployment request may carry a service computation contract to be deployed and an interface contract corresponding to the service computation contract; gramine in server 403 may deploy the business computation contracts in a trusted execution environment, and the interface contracts corresponding to the business computation contracts in a blockchain; then, after the service computation contract and the interface contract corresponding to the service computation contract are successfully deployed, gramine in the server 403 may return a contract deployment result to the contract deployment object.
For the contract execution phase: the service object may send a service request to the server 403 through the second terminal 402, where the service request may carry contract identification data and contract execution data; gramine in server 403 can transmit service data into a trusted execution environment, and execute a target service calculation contract corresponding to contract identification data in the trusted execution environment based on contract execution data to obtain a service execution result of the requested blockchain service; alternatively, the Gramine in the server 403 may transmit the service data into the trusted execution environment, the Gramine in the server 403 may also call an interface contract corresponding to the target service computation contract, obtain the blockchain data required in the execution process of the target service computation contract from the blockchain, and transmit the blockchain data into the trusted execution environment, and the Gramine in the server 403 may execute the target service computation contract in the trusted execution environment based on the contract execution data and the blockchain data to obtain the service execution result of the requested blockchain service; then, the Gramine in the server 403 may return the service execution result to the service object, and may also call an interface contract corresponding to the target service calculation contract, and upload the service execution result to the blockchain for storage.
As shown in fig. 4b, a data processing system may include a first terminal 401, a second terminal 402, a trusted server 404, and a blockchain server 405. The first terminal 401 may be a terminal device used by a contract deployment object, the second terminal 402 may be a terminal device used by a service object, both the trusted server 404 and the blockchain server 405 belong to a blockchain network, a data processing operating system (Gramine) may be deployed in the trusted server 404, and a blockchain may be deployed in the blockchain server 405, that is, the data processing operating system (Gramine) and the blockchain are deployed in different servers. As with the data processing system shown in FIG. 4c, the data processing system shown in FIG. 4c differs from the data processing system shown in FIG. 4b in that in the data processing system shown in FIG. 4b both trusted server 404 and blockchain server 405 belong to a blockchain network, whereas in the data processing system shown in FIG. 4c trusted server 404 does not belong to a blockchain network and blockchain server 405 belongs to a blockchain network. In the data processing system shown in fig. 4b and 4 c:
for the contract deployment phase: the contract deployment object may send a contract deployment request to the trusted server 404 through the first terminal 401, where the contract deployment request may carry a service computation contract to be deployed and an interface contract corresponding to the service computation contract; gramine in trusted server 404 may deploy the business computation contract in a trusted execution environment and request blockchain server 405 to deploy an interface contract corresponding to the business computation contract in the blockchain; then, after the service computation contract and the interface contract corresponding to the service computation contract are successfully deployed, a contract deployment result can be returned to the contract deployment object.
For the contract execution phase: the service object may send a service request to the trusted server 404 through the second terminal 402, where the service request may carry contract identification data and contract execution data; gramine in the trusted server 404 can transmit service data into a trusted execution environment, execute a target service computation contract corresponding to contract identification data in the trusted execution environment based on contract execution data, and obtain a service execution result of the requested blockchain service; alternatively, the Gramine in the trusted server 404 may transmit the service data into the trusted execution environment, and the Gramine in the trusted server 404 may request the blockchain server 405 to call an interface contract corresponding to the target service computation contract, obtain the blockchain data required in the execution process of the target service computation contract from the blockchain, after receiving the blockchain data, the Gramine in the trusted server 404 may transmit the blockchain data into the trusted execution environment, and execute the target service computation contract in the trusted execution environment based on the contract execution data and the blockchain data, to obtain the service execution result of the requested blockchain service; then, the grant in the trusted server 404 may return the service execution result to the service object, or may request the blockchain server 405 to call an interface contract corresponding to the target service calculation contract, and upload the service execution result to the blockchain for storage.
It should be noted that, in the data processing system shown in fig. 4a to 4c, the mentioned terminal may be a smart phone, a tablet computer, a notebook computer, a desktop computer, an intelligent voice interaction device, a smart watch, a vehicle-mounted terminal, a smart home appliance, an aircraft, etc., but is not limited thereto; the mentioned server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDN (Content Delivery Network ), basic cloud computing services such as big data and an artificial intelligence platform, which is not limited in the embodiment of the present application; the embodiments of the present application are not limited to this, and the terminals and the servers may be directly connected by wired communication or indirectly connected by wireless communication. Also, a server deploying a data processing operating system (Gramine) needs to support a hardware environment for trusted computing, and a blockchain needs to support contract engine capabilities; the process of deploying a data processing operating system (Gramine) in a server may be: a basic Gramine environment mirror image is made, a runtime environment of multiple languages (such as Golang language, rust language and the like) is installed in the mirror image, the corresponding binary compiling file is compiled, and gateway part codes are installed in the mirror image.
It will be appreciated that the blockchain-based data processing system described in the embodiments of the present application is for more clearly describing the technical solution of the embodiments of the present application, and is not limited to the technical solution provided in the embodiments of the present application, and those skilled in the art will appreciate that, with the evolution of the system architecture and the appearance of new service scenarios, the technical solution provided in the embodiments of the present application is equally applicable to similar technical problems.
The block chain based data processing scheme provided in the embodiments of the present application is described in detail below with reference to the accompanying drawings.
The embodiment of the application provides a data processing method based on a block chain, which mainly introduces the execution flow of a business computation contract. The blockchain-based data processing method may be performed by a computer device, which may be the server 403 or trusted server 404 in the blockchain-based data processing system described above. As shown in fig. 5, the blockchain-based data processing method may include, but is not limited to, the following steps S501-S504:
s501, receiving a service request sent by a service object.
The service object is an object for requesting to execute the blockchain service, the service request sent by the service object can carry service data of the requested blockchain service, and the service data can comprise contract identification data and contract execution data; the contract identification data is data for identifying the business computing contract, and the contract execution data is contract parameters, namely data required for executing the business computing contract corresponding to the contract identification data.
S502, the service data is transmitted into a trusted execution environment.
Before step S502, identity authentication may be performed on the service object, if the identity authentication of the service object passes, it may be determined that the service object is a trusted object, so that service data may be transferred into the trusted execution environment, and if the identity authentication of the service object fails, it may be determined that the service object is an untrusted object, so that a service request of the service object may be denied. The process of identity authentication for the business object may include the following contents:
first, a trusted object list (i.e., a white list) may be obtained, where the trusted object list may include object identifiers of one or more trusted objects, if the trusted object list includes object identifiers of service objects, it may be determined that identity authentication of the service objects passes, and if the trusted object list does not include object identifiers of service objects, it may be determined that identity authentication of the service objects fails.
The second type of the method may further carry a signature of the service data, where the signature of the service data may be obtained by signing the service data with a private key of the service object, and more specifically, the signature of the service data may be obtained by encrypting the digest of the service data with the private key of the service object after the digest of the service data is obtained by calculating with a digest algorithm agreed by the service object and the data processing operating system. The public key of the service object can be adopted to check the signature of the service data, and if the signature check of the service data fails, the identity authentication failure of the service object can be determined; if signature verification of the service data is successful, a trusted object list (i.e. a white list) can be obtained, the trusted object list can comprise one or more object identifiers of the trusted objects, if the trusted object list comprises the object identifiers of the service objects, the identity authentication of the service objects can be determined to pass, and if the trusted object list does not comprise the object identifiers of the service objects, the identity authentication of the service objects can be determined to fail.
The process of checking the signature can comprise the following steps: decrypting the signature of the service data by adopting the public key of the service object to obtain first abstract information, then carrying out abstract calculation on the service data carried in the service request by adopting an agreed abstract algorithm to obtain second abstract information, if the first abstract information is the same as the second abstract information, determining that the signature verification of the service data is successful, and if the first abstract information is different from the second abstract information, determining that the signature verification of the service data is failed.
By carrying out identity authentication on the service object, the service request of the unreliable object can be refused, so that the problem that the trusted computing resource is crashed due to malicious use of the trusted computing resource by the unreliable object can be avoided.
In step S502, after the identity of the service object passes, the service data may be transferred to a trusted execution environment, where a target service computing contract corresponding to the contract identification data may be deployed.
S503, executing the target service calculation contract in the trusted execution environment based on the contract execution data to obtain a service execution result of the blockchain service.
From the foregoing, it can be seen that the interface contracts corresponding to the business computing contracts define data required for executing the business computing contracts, and the interface contracts corresponding to the business computing contracts are deployed in the blockchain, that is, the interface contracts corresponding to the target business computing contracts are deployed in the blockchain, and the interface contracts corresponding to the target business computing contracts define data required for executing the target business computing contracts. In step S503, when the contract execution data included in the service data is the data required for executing the target service computation contract, the target service computation contract may be executed in the trusted execution environment directly based on the contract execution data, so as to obtain the service execution result of the blockchain service. When the contract execution data contained in the business data is less than the data required by executing the target business computation contract, the interface contract is required to be called based on the definition of the interface contract, the blockchain data required by executing the target business computation contract is acquired from the blockchain, the blockchain data is transmitted into the trusted execution environment, and then the target business computation contract can be executed in the trusted execution environment based on the contract execution data and the blockchain data to obtain the business execution result of the blockchain business.
For the situation that the interface contract is not required to be called to acquire blockchain data required for executing the target business computing contract from the blockchain, the contract identification data can comprise contract name identifications and contract method identifications, one or more business computing contracts can be deployed in a trusted execution environment, the target business computing contract corresponding to the contract name identifications can be searched in the trusted execution environment, and one or more contract methods can be included in the target business computing contract; then, a target contract method corresponding to the contract method identification in the target service computing contract can be acquired, so that the target contract method can be executed in a trusted execution environment based on contract execution data to obtain a service execution result of the blockchain service.
For the case that the interface contract is required to be called to acquire blockchain data required by executing the target business computing contract from the blockchain, the contract identification data can comprise contract name identification and contract method identification, one or more business computing contracts can be deployed in a trusted execution environment, the target business computing contract corresponding to the contract name identification can be searched in the trusted execution environment, and one or more contract methods can be included in the target business computing contract; then, a target contract method corresponding to the contract method identifier in the target service computing contract can be acquired, and the blockchain data can be specifically blockchain data required for executing the target contract method, so that the target contract method can be executed in a trusted execution environment based on contract execution data and blockchain data to obtain a service execution result of the blockchain service. The interface contracts corresponding to the target business computing contracts define the data required by executing the target business computing contracts, all the data required by executing the target business computing contracts can be acquired once before the target business computing contracts are executed, repeated acquisition for a plurality of times in the executing process of the target business computing contracts is not required, the executing process of the target business computing contracts can be more efficient, and the executing process of the blockchain business can be more efficient.
It should be noted that, before the service data (service data and blockchain data) is transmitted into the trusted execution environment, the public key of the trusted execution environment may be used to encrypt the service data (service data and blockchain data), based on which, before the target service computation contract is executed in the trusted execution environment, the private key of the trusted execution environment may be used to decrypt the service data (service data and blockchain data) in the trusted execution environment, and then, based on the contract execution data (contract execution data and blockchain data), the target service computation contract may be executed in the trusted execution environment to obtain the service execution result of the blockchain service. By encrypting the data needing to be transmitted into the trusted execution environment by adopting the public key of the trusted execution environment outside the trusted execution environment and decrypting the encrypted data transmitted into the trusted execution environment by adopting the private key of the trusted execution environment inside the trusted execution environment, the credibility of the data transmitted into the trusted execution environment can be improved.
It should be further noted that, the service computing contracts deployed in the trusted execution environment are deployed in the form of compiled files (specifically, binary compiled files) of the service computing contracts, and the target service computing contracts are executed in the trusted execution environment based on contract execution data (contract execution data and blockchain data), specifically, the binary compiled files of the target service computing contracts are executed in the trusted execution environment, so as to obtain service execution results of the blockchain service. The method has the advantages that the file volume of the compiled file is smaller, the execution efficiency is higher, the service computing contract is deployed in the form of the compiled file in the trusted execution environment, the storage space of the trusted execution environment can be saved, the execution efficiency of the service computing contract can be accelerated, and the execution process of the blockchain service can be more efficient.
S504, uploading the service execution result to the blockchain for storage, and returning the service execution result to the service object.
In step S504, after obtaining the service execution result of the requested blockchain service, the service execution result may be uploaded to the blockchain for storage, and the service execution result may be returned to the service object. For the process of returning the service execution result to the service object, the service execution result may be returned to the service object as required, specifically, the result data to be returned may be selected from the service execution result according to the data return requirement of the service request, and returned to the service object in the form of plaintext or ciphertext (may be encrypted by using the private key of the trusted execution environment).
For the process of uploading the service execution result to the blockchain for storage, the service execution result may be sent to the blockchain by calling an interface contract corresponding to the target service calculation contract, specifically, the interface contract defines data to be uploaded to the blockchain for storage after the target service calculation contract is executed, the service execution result may be data assembled according to the definition of the interface contract, and the interface contract corresponding to the target service calculation contract may be called to send the service execution result to the blockchain, so that the blockchain stores the service execution result after the service execution result passes verification, and refuses to store the service execution result after the service execution result fails verification.
The verification process of the block chain on the service execution result can comprise the following steps: verifying the validity of a trusted execution environment, verifying the reliability of a service execution result and verifying the consistency of a target service calculation contract; wherein:
(1) legitimacy check of trusted execution environment:
the remote certification file corresponding to the target business computing contract can be obtained, and the validity of the trusted execution environment is checked based on the remote certification file; if the validity check of the trusted execution environment fails, the verification failure of the service execution result can be determined, and if the validity check of the trusted execution environment passes, the step (2) can be executed.
The remote certificate (query) corresponding to the target service computing contract can be generated and uploaded to the blockchain for storage after the target service computing contract is successfully deployed in the trusted execution environment; the remote certificate may include: the signature of the compiled file of the target business computing contract with the private key of the trusted execution environment, and the signature of the public key of the trusted execution environment by the remote trusted root (which may be, for example, the private key of an official trusted authority). Based on this, verifying the validity of the trusted execution environment may include the following: signature verification of a public key of a trusted execution environment is performed by adopting a remote trusted root (for example, the public key of an official trusted authority), if signature verification of the public key of the trusted execution environment is successful, signature verification of a compiled file of a target business computing contract can be performed by adopting the public key of the trusted execution environment, and if signature verification of the compiled file of the target business computing contract is successful, validity verification of the trusted execution environment can be determined to pass; if signature verification of the public key of the trusted execution environment fails, determining that validity verification of the trusted execution environment fails; if signature verification of the compiled file of the target business computing contract fails, the validity verification of the trusted execution environment can be determined to fail. It should be noted that, the signing process of the public key of the trusted execution environment and the signing process of the compiled file of the target service computing contract are similar to the signing process of the service data, and the signing process of the service data is specifically referred to and will not be repeated herein.
By verifying the validity of the trusted execution environment, the trusted execution environment can be described as a legal trusted execution environment which is approved by a trusted authority for the trusted execution environment with the validity verified.
(2) Reliability of service execution results:
executing a target service calculation contract in a trusted execution environment, after obtaining a service execution result of the requested blockchain service, signing the service execution result by a private key of the trusted execution environment, and if the validity of the trusted execution environment is checked, checking the reliability of the service execution result, wherein the reliability check specifically means that the service execution result is checked by adopting a public key of the trusted execution environment; if the verification of the service execution result fails, namely the reliability verification of the service execution result fails, the verification failure of the service execution result can be determined; and (3) if the verification of the service execution result is successful, namely the reliability verification of the service execution result is successful, executing the step (3). The signing process of the service execution result is similar to the signing process of the service data, and specifically, the signing process of the service data can be referred to, which is not described herein.
By checking the reliability of the service execution result, the service execution result with the passed reliability check can be explained as the reliable service execution result approved by the trusted execution environment.
(3) Consistency check of the target business computing contract:
after the target service computing contract is successfully deployed to the trusted execution environment, the target service computing contract needs to be uploaded to a blockchain for storage, and if the service execution result is checked successfully (namely, the reliability of the service execution result is checked successfully), the target service computing contract can be checked for consistency, and the consistency check specifically refers to: comparing the target business computation contract in the business execution result with the target business computation contract stored in the blockchain; if the target service calculation contract in the service execution result is different from the target service calculation contract stored in the blockchain, determining that the consistency check of the target service calculation contract fails, and determining that the verification of the service execution result fails; if the target service calculation contract in the service execution result is the same as the target service calculation contract stored in the blockchain, the success of consistency check on the target service calculation contract can be determined, and the passing of verification on the service execution result can be determined.
The comparison between the target service computation contract in the service execution result and the target service computation contract stored in the blockchain can be performed through contract hash. Specifically, after the target service computing contract is successfully deployed to the trusted execution environment, a hash algorithm may be adopted to calculate a contract hash according to a compiled file of the target service computing contract and a bottom-layer dependency library of the target service computing contract, and then the contract hash may be uploaded into a blockchain and bound with an interface contract corresponding to the target service computing contract uploaded into the blockchain. The service execution result may include a contract execution result of the target service computation contract, the target service computation contract (specifically may be a compiled file of the target service computation contract), and a bottom-layer dependency library of the target service computation contract, and a hash algorithm may be adopted to calculate a contract hash corresponding to the service execution result according to the compiled file of the target service computation contract and the bottom-layer dependency library of the target service computation contract in the service execution result; and comparing the contract hash corresponding to the service execution result with the contract hash bound with the interface contract, if the contract hash corresponding to the service execution result is the same as the contract hash bound with the interface contract, determining that the target service calculation contract in the service execution result is the same as the target service calculation contract stored in the blockchain, and if the contract hash corresponding to the service execution result is different from the contract hash bound with the interface contract, determining that the target service calculation contract in the service execution result is different from the target service calculation contract stored in the blockchain.
By comparing the consistency of the executed target business computation contract with the deployed target business computation contract, the executed target business computation contract can be determined to be not tampered, and the reliability of the business execution result is improved. Moreover, based on the irreversibility of the hash algorithm, the reliability of the consistency verification process is ensured, and comparison is not needed at the contract level, the compared data volume is greatly reduced, and the block chain can efficiently verify the service execution result.
In the embodiment of the present application, the data related to the blockchain service is in a trusted execution environment (i.e., the service data related to the blockchain service is transferred into the trusted execution environment), and the target service computing contract related to the blockchain service is deployed in the trusted execution environment, and the target service computing is executed in the trusted execution environment, that is, the execution process of the blockchain service is in the trusted execution environment, and the trusted execution environment can effectively protect the execution process of the blockchain service from being disclosed. In addition, the target service computation contracts and the interface contracts corresponding to the target service computation contracts are matched with each other, all data required by the execution of the target service computation contracts can be acquired at one time through the interface contracts before the execution of the target service computation contracts, repeated acquisition is not needed, and the execution efficiency of the block chain service can be effectively improved. In addition, before formally executing the target business computation contract, the business request of the untrusted object can be refused by carrying out identity authentication on the business object, so that the trusted computing resource breakdown caused by malicious use of the trusted computing resource by the untrusted object can be avoided. In addition, the blockchain verifies the business execution results through validity verification of the trusted execution environment, reliability verification of the business execution results, and consistency verification of the target business computing contracts, so that the business execution results stored in the blockchain are reliable and trustworthy.
On the basis of the data processing method based on the blockchain shown in fig. 5, the embodiment of the application provides a data processing method based on the blockchain, and the data processing method based on the blockchain mainly introduces a deployment flow of business computation contracts and interface contracts. The blockchain-based data processing method may be performed by a computer device, which may be the server 403 or trusted server 404 of the blockchain-based data processing system described above. As shown in fig. 6, the blockchain-based data processing method may include, but is not limited to, the following steps S601-S606:
s601, responding to a contract deployment request sent by a contract deployment object, and performing identity authentication on the contract deployment object.
S602, if the identity authentication of the contract deployment object passes, deploying the contract to be deployed.
In step S601-step S602, the contract deployment object may be an object requesting contract deployment, and the contract deployment request may carry a contract that needs to be deployed. The identity authentication can be performed on the contract deployment object, if the identity authentication on the contract deployment object is successful, the contract to be deployed can be deployed, and if the identity authentication on the contract deployment object fails, the contract deployment request of the contract deployment object can be refused. The process of identity authentication on the contracted deployment object can comprise the following steps:
The contracts to be deployed can be signed by the private key of the contract deployment object, the public key of the contract deployment object can be adopted to check the contracts to be deployed, and if the contracts to be deployed fail to check the contracts to be deployed, the identity authentication failure of the contract deployment object can be determined; if signing the contract to be deployed is successful, a trusted object list (i.e. a white list) can be obtained, the trusted object list can comprise object identifiers of one or more trusted objects, if the trusted object list comprises the object identifiers of the contract deployment objects, the identity authentication of the contract deployment objects can be determined to pass, and if the trusted object list does not comprise the object identifiers of the service objects, the identity authentication of the contract deployment objects can be determined to fail. The signing process of the contracts to be deployed is similar to the signing process of the business data, and specifically, the signing process of the business data can be referred to, and will not be described herein.
By performing identity authentication on the contract deployment object, the contract deployment request of the untrusted object can be refused, so that the trusted computing resource breakdown caused by malicious use of the trusted computing resource by the untrusted object can be avoided.
The contracts to be deployed may include a target business computing contract and an interface contract corresponding to the target business computing contract, and the target business computing contract may be deployed into a trusted execution environment and the interface contract may be deployed into a blockchain. Specifically:
the deployment process of the target business computing contract can be described as follows: the target business computing contract may be compiled to obtain a compiled file of the target business computing contract, and then the compiled file of the target business computing contract may be deployed into a cache space of the trusted execution environment. After that, a hash algorithm can be adopted to calculate contract hash according to the compiling file of the target business calculation contract and the bottom layer dependency library of the target business calculation contract; and a remote attestation file corresponding to the target business computing contract may be generated (i.e., the compiled file of the target business computing contract is signed with a private key of the trusted execution environment, and the public key of the trusted execution environment is signed with a remote trusted root (which may be, for example, a private key of an official trusted authority), which may include both signatures).
The deployment process of the interface contract corresponding to the target business computing contract can be described as follows: the method comprises the steps of compiling an interface contract corresponding to a target business computing contract to obtain a compiled file of the interface contract, deploying the compiled file of the interface contract into a blockchain, and binding a contract hash (i.e. a contract hash obtained by computing in the deployment process of the target business computing contract) for the compiled file of the interface contract in the blockchain, wherein the contract hash is obtained based on target business computing contract computing (specifically, the compiled file of the target business computing contract).
After that, the remote certificate corresponding to the target business computing contract, the compiled file of the target business computing contract, the underlying dependency library of the target business computing contract, and the like may be uploaded to the blockchain for storage.
S603, receiving a service request sent by the service object.
In this embodiment, the execution process of step S603 is the same as the execution process of step S501 in the embodiment shown in fig. 5, and the specific execution process can be referred to the description of step S501 in the embodiment shown in fig. 5, which is not repeated here.
And S604, the service data is transmitted into a trusted execution environment.
In this embodiment, the execution process of step S604 is the same as the execution process of step S502 in the embodiment shown in fig. 5, and the specific execution process can be referred to the description of step S502 in the embodiment shown in fig. 5, which is not repeated here.
S605, executing the target service calculation contract in the trusted execution environment based on the contract execution data to obtain a service execution result of the blockchain service.
In this embodiment, the execution process of step S605 is the same as the execution process of step S503 in the embodiment shown in fig. 5, and the specific execution process can be referred to the description of step S503 in the embodiment shown in fig. 5, which is not repeated here.
S606, uploading the service execution result to the blockchain for storage, and returning the service execution result to the service object.
In this embodiment, the execution process of step S606 is the same as the execution process of step S504 in the embodiment shown in fig. 5, and the specific execution process can be referred to the description of step S504 in the embodiment shown in fig. 5, which is not repeated here.
In the embodiment of the application, the target service computing contract is deployed into the cache space of the trusted execution environment, so that the target service computing contract can be conveniently read from the cache space of the trusted execution environment directly when being executed, and the method is reliable and efficient; the interface contracts corresponding to the target business computation contracts are deployed in the blockchain, so that the interface contracts can be conveniently called to acquire data from the blockchain, and the method is reliable and efficient. In addition, the remote certificate corresponding to the target business computing contract, the compiling file of the target business computing contract, the bottom layer dependency library of the target business computing contract, the contract hash obtained based on the target business computing contract and other data are uploaded into the blockchain, and the blockchain is favorable for verifying the business execution result based on the target business computing contract based on the data based on the characteristics that the blockchain is not tamperable and traceable.
The foregoing focuses on a contract deployment scheme and a contract execution scheme based on a data processing operating system (Gramine), and the following focuses on a data processing architecture of the data processing operating system (Gramine), and combines a contract deployment flow and a contract execution flow under the data processing architecture.
FIG. 7 illustrates a data processing architecture of a data processing operating system (Gramine), which may be viewed as a Container (Docker Container) may include: gateway (Gateway), runtime module (run), trusted execution environment (Enclave). Wherein:
(1) Gateway (Gateway).
The gateway may be used to interface with the portals or RPC network interfaces of the various modules, and may specifically include:
an Authentication module (Authentication) may be used to authenticate the object that originated the request (e.g., the business object and contract deployment object mentioned above) to determine if the object that originated the request is a trusted object. When the object which initiates the request is determined to be a trusted object, the request initiated by the object can be responded, and when the object which initiates the request is determined to be an untrusted object, the request initiated by the object can be refused, so that unnecessary computing resources are avoided being wasted.
A blockchain access module (Blockchain Access) may be used to network interact with the blockchain. For example, the remote certificate corresponding to the target business computing contract, the compiled file of the target business computing contract, the underlying dependency library of the target business computing contract, and the like are uploaded into the blockchain for storage; as another example, the call interface contract mentioned above obtains data from the blockchain required for execution of the business computing contract; also, as mentioned above, the calling interface contract uploads the service execution result to the blockchain for storage; etc.
A run time Access module (run time Access) can be used for interacting with the language Runtime, and after receiving the contract code, the contract code can be transmitted to the corresponding Runtime for compiling.
A trusted execution environment Access module (also referred to as Enclave Access module) may be used to interact with the trusted execution environment, typically to send the blockchain service that needs to be executed, and receive the execution result of the blockchain service.
(2) Language Runtime module (run time).
The language runtime module may include a plurality of language runtimes, each corresponding to a different contract code writing language, for example, golang language (a code writing language) runtime, rust language (a code writing language) runtime, and WASM compiler; may be used to compile contract code written in a corresponding language into a compiled file (i.e., a binary compiled file, or may be referred to as a binary executable file) using a language runtime or language compiler.
(3) Trusted execution environment (Enclave).
The data and the code inside the trusted execution environment are invisible, and the execution process can not be interrupted or information can not be stolen by an external process, which can specifically include:
a trusted Contract interface (API) that may include a Contract call interface (Invoke contact) and a remote attestation interface (Get Quote); wherein a Contract call interface (Invoke contact) may be used to Invoke the execution business computation Contract and a remote attestation interface may be used to generate a remote attestation file.
The Contract environment (contact & Environments), namely the buffer space in the trusted execution environment, the storage area of the executable business computation Contract, and the corresponding business computation Contract can be queried for execution by inputting the Contract name identifier and the Contract method identifier. The contract environment may include a plurality of language standard libraries, each of which corresponds to a different contract code writing language, for example, a Golang standard library, a Rust standard library, a WASM standard library, an EVM (one code writing language) standard library, and so on.
The underlying software environment support, which may include an underlying operating system (GNUC) and corresponding underlying dependency library (Gramine LibOS), may ensure the proper construction and execution of the upper layer constraint environment.
Based on the data processing architecture of the data processing operating system (Gramine), the reduced deployment flow is summarized below in conjunction with FIG. 8:
(1) the contract deployment object initiates a contract deployment request, the contract deployment request carries a contract to be deployed written by the service deployment object, the contract to be deployed can include a target service computation contract and an interface contract corresponding to the target service computation contract, the contract to be deployed is signed by adopting a private key of the contract deployment object, and the contract deployment request is sent to a Gateway (Gateway) of Gramine.
(2) The gateway of Gramine firstly carries out identity Authentication on the contract deployment object through an Authentication module (Authentication), determines that the contract deployment request is sent by the contract deployment object by adopting the public key of the contract deployment object, and determines that the contract deployment object is a trusted object in a white list, so as to prevent the contract deployment object from maliciously using computing resources to cause the collapse.
(3) The gateway of Gramine sends contracts that need to be deployed to the language Runtime module (run time) through the run time Access module (run time Access). The language runtime module may invoke the corresponding language runtime to compile the target business computation contract and the interface contract into compiled files (i.e., executable binary code, which may not be compiled if the written language of the contract code is EVM) respectively.
(4) The gateway of Gramine deploys the compiled file of the target service computing contract to the enclaspe for caching through a trusted execution environment Access module (enclaspe Access). In addition, gramine can adopt a hash algorithm to calculate contract hash according to the compiling file of the target service calculation contract and the bottom layer dependency library of the target service calculation contract; the remote attestation file Quote may also be generated from the target business computing contract (including a signature of the private key of the trusted execution environment to the compiled file of the target business computing contract, and a signature of the public key of the trusted execution environment by the remote trusted root).
(5) Gramine deploys interface contracts onto the blockchain through a blockchain access module (Blockchain Access) and binds them with the above-described contract hash (hash).
(6) Gramine uploads the attestation data into the blockchain for storage through a blockchain access module (Blockchain Access). Wherein, the proving data may include: remote proof files corresponding to the target business computing contracts, compiled files of the target business computing contracts, underlying dependency libraries of the target business computing contracts, and the like.
(7) Gramine returns the contract deployment result to the contract deployment object.
The target business computation contract is deployed into the cache space of the trusted execution environment, so that the target business computation contract can be conveniently and directly read from the cache space of the trusted execution environment when being executed, and the method is reliable and efficient; and by disposing the interface contract corresponding to the target business computation contract in the blockchain, the interface contract is convenient to be called to acquire data from the blockchain, so that the method is reliable and efficient.
Based on the data processing architecture of the data processing operating system (Gramine), the following summary of the constraint enforcement procedure is presented in conjunction with FIG. 9:
(1) the service object initiates a service request, the service request can carry service data, the service data can comprise contract identification data (can comprise contract name identification and contract method identification), and contract execution data (i.e. contract parameters), and Gramine can encrypt the service data by adopting a public key of a published trusted execution environment.
(2) The gateway of Gramine firstly carries out identity Authentication on the service object through an Authentication module (Authentication), determines that the contract deployment object is a trusted object in a white list, and prevents the contract deployment object from maliciously using the computing resource to cause breakdown.
(3) The Gramine calls an interface contract through a blockchain access module (Blockchain Access) to acquire blockchain data required by target service computing contract execution from a blockchain, and after the interface contract receives the data acquisition parameters, the blockchain data corresponding to the data acquisition parameters are acquired from the blockchain and returned to the Gramine, and the blockchain data can be encrypted by a public key of a trusted execution environment.
(4) Gramine transmits service data and blockchain data to a trusted execution environment (Enclave) through a trusted execution environment Access module (Enclave Access), decryption can be carried out through a private key in the Enclave, after decryption, a target contract method in a target service computing contract corresponding to contract name identification can be executed in the Enclave based on contract execution data and blockchain data, and the target contract method corresponds to contract method identification, so that a service execution result is obtained. After that, the grant may sign the service execution result by using the private key, and the service execution result may include: the contract execution results of the target business computing contract, the compiled file of the target business computing contract, the underlying dependency library of the target business computing contract, and so forth.
(5) Gramine calls an interface contract through a blockchain access module (Blockchain Access) to upload service execution results to a blockchain for storage. After the verification of the service execution result is passed, the block chain stores the service execution result. The verification process of the block chain on the service execution result can comprise the following steps: validity check of trusted execution environment, reliability check of service execution result, and consistency check of target service calculation contract.
(6) Gramine returns ciphertext or plaintext of specific parameters to the service object according to the requirement of the service request.
The data related to the blockchain service is in a trusted execution environment (i.e. the service data related to the blockchain service is transmitted into the trusted execution environment), the target service computing contract related to the blockchain service is deployed in the trusted execution environment, and the target service computing contract is executed in the trusted execution environment, that is, the execution process of the blockchain service is in the trusted execution environment, and the trusted execution environment can effectively protect the execution process of the blockchain service from being disclosed. In addition, the target service computation contracts and the interface contracts corresponding to the target service computation contracts are matched with each other, all data required by the execution of the target service computation contracts can be acquired at one time through the interface contracts before the execution of the target service computation contracts, repeated acquisition is not needed, and the execution efficiency of the block chain service can be effectively improved.
Business computing contracts and interface contracts are described below in connection with specific code examples:
the interface contract defines the data required by the execution of the corresponding business computation contract and the data required to be stored after the execution of the corresponding business computation contract is finished; the interface contracts are always stored on the block chain, the existence of the interface contracts can ensure that all data can be acquired in advance before the corresponding business calculation contracts are executed, repeated acquisition in the execution process is not needed, and therefore high efficiency is ensured. The interface contract code of an exemplary transfer service is as follows:
As indicated by the code above:
line 1 code represents data required for obtaining execution of a business computing contract, and incoming a, b, amounts represent that object a transfers amounts to object b, all three parameters can be ciphertext encrypted by public keys of a trusted execution environment;
the dataPayload in the code of lines 2-7 contains the contract methods in the business computing contract that need to be invoked, and all the data needed to execute the business computing contract;
the 8 th line code represents the certificate of dataPayload call, so that the subsequent inquiry and use are facilitated;
line 9 code identification returns dataPayload, where the data array is a ciphertext array;
line 11 code is the save method (which is generic), representing storing the business execution results onto the blockchain, where sig represents the signature of the trusted environment private key, payloadToSave refers to the encrypted data to be stored;
line 12 is a line 12 in which signature verification is performed, the public key of the trusted execution environment, the service computation contract, and the like are global, and the service computation contract is verified to be actually executed in the trusted environment by taking the public key, the signature and the stored encrypted data, and meanwhile, the executed service computation contract is consistent with the stored data in the blockchain;
the 14 th-16 th line codes store the data that needs to be stored in the blockchain.
The business computing contracts are mainly executed in a trusted execution environment, the method for acquiring data in the interface contract is carried out, and the method for storing data in the interface contract is carried out below, and the business computing contracts are mainly used for executing the requested blockchain business. The trusted execution environment will decrypt the incoming encrypted data first and then go into the following exemplary transfer service calculation method in the transfer service calculation contract:
as indicated by the code above:
line 2 code ensures that the balance of object a is sufficient;
the 3 rd line code returns the execution result directly.
The foregoing details of the method of embodiments of the present application are set forth in order to provide a better understanding of the foregoing aspects of embodiments of the present application, and accordingly, the following provides a device of embodiments of the present application.
Referring to fig. 10, fig. 10 is a schematic structural diagram of a blockchain-based data processing apparatus provided in an embodiment of the present application, where the data processing apparatus may be provided in a computer device provided in an embodiment of the present application, and the computer device may be the server 403 or the trusted server 404 mentioned in the embodiment of the method. The data processing apparatus shown in fig. 10 may be a computer program (comprising program code) running in a computer device, which may be used to perform some or all of the steps of the method embodiments shown in fig. 5 or 6. Referring to fig. 10, the data processing apparatus may include the following units:
A communication unit 1001, configured to receive a service request sent by a service object, where the service request carries service data of a requested blockchain service, and the service data includes contract identification data and contract execution data;
a processing unit 1002, configured to transfer the service data into a trusted execution environment, where a target service computing contract corresponding to the contract identification data is deployed;
the processing unit 1002 is further configured to execute the target service computation contract in the trusted execution environment based on the contract execution data to obtain a service execution result of the blockchain service;
the communication unit 1001 is further configured to upload a service execution result to the blockchain for storage, and return the service execution result to the service object.
In one implementation, the contract identification data includes a contract name identification and a contract method identification; one or more business computing contracts are deployed in the trusted execution environment; the processing unit 1002 is configured to execute, based on the contract execution data, the target service computation contract in the trusted execution environment, and when obtaining a service execution result of the blockchain service, specifically configured to execute the following steps:
searching a target business computing contract corresponding to the contract name identification in a trusted execution environment, wherein the target business computing contract comprises one or more contract methods;
Acquiring a target contract method corresponding to a contract method identifier in a target business computing contract;
and executing the target contract method in the trusted execution environment based on the contract execution data to obtain a service execution result of the blockchain service.
In one implementation, an interface contract corresponding to a target business computing contract is deployed in the blockchain, the interface contract defining data required to execute the target business computing contract;
the communication unit 1001 is further configured to invoke an interface contract to obtain, from a blockchain, blockchain data required for executing the target business computation contract based on a definition of the interface contract;
the processing unit 1002 is further configured to transfer the blockchain data into a trusted execution environment;
the processing unit 1002 is configured to execute, based on the contract execution data, the target service computation contract in the trusted execution environment, and when obtaining a service execution result of the blockchain service, specifically configured to execute the following steps:
and executing the target service calculation contract in the trusted execution environment based on the contract execution data and the blockchain data to obtain a service execution result of the blockchain service.
In one implementation, the business data and blockchain data are encrypted by a public key of the trusted execution environment prior to being passed into the trusted execution environment; the processing unit 1002 is further configured to perform the following steps:
Decrypting the service data by adopting a private key of the trusted execution environment;
and decrypting the blockchain data by adopting a private key of the trusted execution environment.
In one implementation, the processing unit 1002 is configured to, before the service data is transferred into the trusted execution environment, further perform the following steps:
identity authentication is carried out on the business object;
after the identity of the business object passes, triggering the execution of the step of transmitting the business data into the trusted execution environment.
In one implementation, the service request also carries a signature of the service data, wherein the signature of the service data is obtained by signing the service data by adopting a private key of the service object; the processing unit 1002 is configured to perform the following steps when performing identity authentication on a service object:
signing the signature of the service data by adopting a public key of the service object;
if the signature verification of the service data is successful, a trusted object list is obtained, wherein the trusted object list comprises object identifiers of one or more trusted objects;
and if the trusted object list comprises the object identification of the service object, determining that the identity authentication of the service object passes.
In one implementation, an interface contract corresponding to a target service computation contract is deployed in the blockchain, and the interface contract defines data to be uploaded to the blockchain after the target service computation contract is executed;
The communication unit 1001 is configured to, when uploading the service execution result to the blockchain for storage, specifically perform the following steps:
calling an interface contract to send a service execution result to the blockchain so that the blockchain stores the service execution result after the service execution result passes verification;
wherein, the service execution result is data assembled according to the definition of the interface contract.
In one implementation, the service execution results include a contract execution result of the target service computing contract and the target service computing contract, the service execution result being signed by a private key of the trusted execution environment; the verification process of the block chain on the service execution result comprises the following steps:
acquiring a remote certification file corresponding to the target business computing contract, and checking the legitimacy of the trusted execution environment based on the remote certification file;
if the validity of the trusted execution environment is checked, checking the service execution result by adopting a public key of the trusted execution environment;
if the service execution result is checked successfully, comparing the target service calculation contract in the service execution result with the target service calculation contract stored in the blockchain;
if the target business calculation contract in the business execution result is the same as the target business calculation contract stored in the blockchain, determining that the business execution result passes the verification.
In one implementation, the processing unit 1002 is further configured to perform the following steps:
responding to a contract deployment request sent by a contract deployment object, and performing identity authentication on the contract deployment object; the contract deployment request carries the contract to be deployed;
and if the identity authentication of the contract deployment object passes, deploying the contract to be deployed.
In one implementation, the contracts to be deployed include a target business computing contract and an interface contract corresponding to the target business computing contract; the processing unit 1002 is configured to, when deploying a contract that needs to be deployed, specifically perform the following steps:
deploying the target business computing contract into a trusted execution environment;
the interface contracts are deployed into the blockchain.
In one implementation, the processing unit 1002 is configured to, when deploying the target business computing contract into a trusted execution environment, specifically perform the following steps:
compiling the target business computing contract to obtain a compiling file of the target business computing contract;
and deploying the compiled file of the target business computing contract into a cache space of the trusted execution environment.
In one implementation, the processing unit 1002 is further configured to perform the following steps:
Generating a remote certificate corresponding to the target business computing contract;
uploading the remote certificate of the target business computing contract, the compiled file of the target business computing contract and the target business computing contract to a blockchain for storage.
In one implementation, the processing unit 1002 is configured to, when deploying the interface contract into the blockchain, specifically perform the following steps:
compiling the interface contract to obtain a compiling file of the interface contract;
the compiled file of the interface contract is deployed into a blockchain, and a contract hash is calculated in the blockchain for the compiled file of the interface contract, wherein the contract hash is calculated based on the target business.
According to another embodiment of the present application, each unit in the data processing apparatus shown in fig. 10 may be separately or completely combined into one or several other units, or some unit(s) thereof may be further split into a plurality of units with smaller functions, which may achieve the same operation without affecting the implementation of the technical effects of the embodiments of the present application. The above units are divided based on logic functions, and in practical applications, the functions of one unit may be implemented by a plurality of units, or the functions of a plurality of units may be implemented by one unit. In other embodiments of the present application, the data processing apparatus may also include other units, and in practical applications, these functions may also be implemented with assistance from other units, and may be implemented by cooperation of a plurality of units.
According to another embodiment of the present application, a data processing apparatus as shown in fig. 10 may be constructed by running a computer program (including program code) capable of executing some or all of the steps involved in the method as shown in fig. 5 or 6 on a general-purpose computing device such as a computer including a Central Processing Unit (CPU), a random access storage medium (RAM), a read only storage medium (ROM), etc., processing elements and storage elements, and implementing the blockchain-based data processing method of the embodiments of the present application. The computer program may be recorded on, for example, a computer-readable storage medium, and loaded into and executed by the computing device described above.
In the embodiment of the present application, after receiving a service request sent by a service object, service data of a requested blockchain service carried in the service request may be transferred into a trusted execution environment, where the service data may include contract identification data and contract execution data, and a target service computing contract corresponding to the contract identification data is deployed in the trusted execution environment; then, the target service calculation contract can be executed in the trusted execution environment based on the contract execution data to obtain a service execution result of the blockchain service. As can be seen from the foregoing, in the embodiments of the present application, the data related to the blockchain service is in the trusted execution environment (i.e., the service data related to the blockchain service is transferred into the trusted execution environment), and the target service computation contract related to the blockchain service is deployed in the trusted execution environment, and the target service computation is executed in the trusted execution environment, that is, the execution process of the blockchain service is in the trusted execution environment, which can effectively protect the execution process of the blockchain service from being disclosed.
Based on the above-described method and apparatus embodiments, embodiments of the present application provide a computer device, which may be the aforementioned server 403 or trusted server 404. Referring to fig. 11, fig. 11 is a schematic structural diagram of a computer device according to an embodiment of the present application. The computer device shown in fig. 11 includes at least a processor 1101, an input interface 1102, an output interface 1103, and a computer readable storage medium 1104. Wherein the processor 1101, the input interface 1102, the output interface 1103, and the computer readable storage medium 1104 may be connected by a bus or other means.
The computer readable storage medium 1104 may be stored in a memory of a computer device, the computer readable storage medium 1104 for storing a computer program comprising computer instructions, and the processor 1101 for executing the program instructions stored by the computer readable storage medium 1104. The processor 1101 (or CPU (Central Processing Unit, central processing unit)) is a computing core and a control core of a computer device adapted to implement one or more computer instructions, in particular adapted to load and execute one or more computer instructions to implement a corresponding method flow or a corresponding function.
The embodiments of the present application also provide a computer-readable storage medium (Memory), which is a Memory device in a computer device, for storing programs and data. It is understood that the computer readable storage medium herein may include both built-in storage media in a computer device and extended storage media supported by the computer device. The computer-readable storage medium provides storage space that stores an operating system of the computer device. Also stored in the memory space are one or more computer instructions, which may be one or more computer programs (including program code), adapted to be loaded and executed by the processor. Note that the computer readable storage medium can be either a high-speed RAM Memory or a Non-Volatile Memory (Non-Volatile Memory), such as at least one magnetic disk Memory; optionally, at least one computer readable storage medium remotely located from the aforementioned processor.
In some embodiments, one or more computer instructions stored in computer-readable storage medium 1104 may be loaded and executed by processor 1101 to implement the corresponding steps described above with respect to the blockchain-based data processing method shown in fig. 5 or 6. In particular implementations, computer instructions in the computer-readable storage medium 1104 are loaded by the processor 1101 and perform the steps of:
Receiving a service request sent by a service object, wherein the service request carries service data of a requested blockchain service, and the service data comprises contract identification data and contract execution data;
the service data is transmitted into a trusted execution environment, and a target service computing contract corresponding to the contract identification data is deployed in the trusted execution environment;
executing a target service calculation contract in a trusted execution environment based on contract execution data to obtain a service execution result of the blockchain service;
and uploading the service execution result to a block chain for storage, and returning the service execution result to the service object.
In one implementation, the contract identification data includes a contract name identification and a contract method identification; one or more business computing contracts are deployed in the trusted execution environment; computer instructions in the computer readable storage medium 1104 are loaded and executed by the processor 1101 based on contract execution data, and when executing a target service computation contract in a trusted execution environment to obtain a service execution result of a blockchain service, the computer instructions are specifically configured to perform the steps of:
searching a target business computing contract corresponding to the contract name identification in a trusted execution environment, wherein the target business computing contract comprises one or more contract methods;
Acquiring a target contract method corresponding to a contract method identifier in a target business computing contract;
and executing the target contract method in the trusted execution environment based on the contract execution data to obtain a service execution result of the blockchain service.
In one implementation, an interface contract corresponding to a target business computing contract is deployed in the blockchain, the interface contract defining data required to execute the target business computing contract; computer instructions in the computer readable storage medium 1104 are loaded by the processor 1101 and further serve to perform the steps of:
calling the interface contract to acquire the blockchain data required by executing the target business computation contract from the blockchain based on the definition of the interface contract;
the block chain data is transmitted into a trusted execution environment;
computer instructions in the computer readable storage medium 1104 are loaded and executed by the processor 1101 based on contract execution data, and when executing a target service computation contract in a trusted execution environment to obtain a service execution result of a blockchain service, the computer instructions are specifically configured to perform the steps of:
and executing the target service calculation contract in the trusted execution environment based on the contract execution data and the blockchain data to obtain a service execution result of the blockchain service.
In one implementation, the business data and blockchain data are encrypted by a public key of the trusted execution environment prior to being passed into the trusted execution environment; computer instructions in the computer readable storage medium 1104 are loaded by the processor 1101 and further serve to perform the steps of:
decrypting the service data by adopting a private key of the trusted execution environment;
and decrypting the blockchain data by adopting a private key of the trusted execution environment.
In one implementation, the computer instructions in the computer-readable storage medium 1104 are further for performing the following steps, before being loaded and executed by the processor 1101 to transfer the service data into the trusted execution environment:
identity authentication is carried out on the business object;
after the identity of the business object passes, triggering the execution of the step of transmitting the business data into the trusted execution environment.
In one implementation, the service request also carries a signature of the service data, wherein the signature of the service data is obtained by signing the service data by adopting a private key of the service object; computer instructions in the computer-readable storage medium 1104, when loaded and executed by the processor 1101, perform the steps of:
Signing the signature of the service data by adopting a public key of the service object;
if the signature verification of the service data is successful, a trusted object list is obtained, wherein the trusted object list comprises object identifiers of one or more trusted objects;
and if the trusted object list comprises the object identification of the service object, determining that the identity authentication of the service object passes.
In one implementation, an interface contract corresponding to a target service computation contract is deployed in the blockchain, and the interface contract defines data to be uploaded to the blockchain after the target service computation contract is executed;
computer instructions in the computer-readable storage medium 1104, when loaded and executed by the processor 1101, perform the steps of:
calling an interface contract to send a service execution result to the blockchain so that the blockchain stores the service execution result after the service execution result passes verification;
wherein, the service execution result is data assembled according to the definition of the interface contract.
In one implementation, the service execution results include a contract execution result of the target service computing contract and the target service computing contract, the service execution result being signed by a private key of the trusted execution environment; the verification process of the block chain on the service execution result comprises the following steps:
Acquiring a remote certification file corresponding to the target business computing contract, and checking the legitimacy of the trusted execution environment based on the remote certification file;
if the validity of the trusted execution environment is checked, checking the service execution result by adopting a public key of the trusted execution environment;
if the service execution result is checked successfully, comparing the target service calculation contract in the service execution result with the target service calculation contract stored in the blockchain;
if the target business calculation contract in the business execution result is the same as the target business calculation contract stored in the blockchain, determining that the business execution result passes the verification.
In one implementation, computer instructions in the computer-readable storage medium 1104 are loaded by the processor 1101 and are further used to perform the steps of:
responding to a contract deployment request sent by a contract deployment object, and performing identity authentication on the contract deployment object; the contract deployment request carries the contract to be deployed;
and if the identity authentication of the contract deployment object passes, deploying the contract to be deployed.
In one implementation, the contracts to be deployed include a target business computing contract and an interface contract corresponding to the target business computing contract; computer instructions in the computer-readable storage medium 1104, when loaded by the processor 1101 and executed to deploy a contract that requires deployment, are specifically configured to perform the steps of:
Deploying the target business computing contract into a trusted execution environment;
the interface contracts are deployed into the blockchain.
In one implementation, the computer instructions in the computer readable storage medium 1104 are loaded and executed by the processor 1101 to deploy the target business computing contract into a trusted execution environment, specifically for performing the steps of:
compiling the target business computing contract to obtain a compiling file of the target business computing contract;
and deploying the compiled file of the target business computing contract into a cache space of the trusted execution environment.
In one implementation, computer instructions in the computer-readable storage medium 1104 are loaded by the processor 1101 and are further used to perform the steps of:
generating a remote certificate corresponding to the target business computing contract;
uploading the remote certificate of the target business computing contract, the compiled file of the target business computing contract and the target business computing contract to a blockchain for storage.
In one implementation, the computer instructions in the computer-readable storage medium 1104, when loaded and executed by the processor 1101, perform the steps of:
Compiling the interface contract to obtain a compiling file of the interface contract;
the compiled file of the interface contract is deployed into a blockchain, and a contract hash is calculated in the blockchain for the compiled file of the interface contract, wherein the contract hash is calculated based on the target business.
In the embodiment of the present application, after receiving a service request sent by a service object, service data of a requested blockchain service carried in the service request may be transferred into a trusted execution environment, where the service data may include contract identification data and contract execution data, and a target service computing contract corresponding to the contract identification data is deployed in the trusted execution environment; then, the target service calculation contract can be executed in the trusted execution environment based on the contract execution data to obtain a service execution result of the blockchain service. As can be seen from the foregoing, in the embodiments of the present application, the data related to the blockchain service is in the trusted execution environment (i.e., the service data related to the blockchain service is transferred into the trusted execution environment), and the target service computation contract related to the blockchain service is deployed in the trusted execution environment, and the target service computation is executed in the trusted execution environment, that is, the execution process of the blockchain service is in the trusted execution environment, which can effectively protect the execution process of the blockchain service from being disclosed.
According to one aspect of the present application, there is provided a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer readable storage medium and executes the computer instructions to cause the computer device to perform the blockchain-based data processing method provided in the various alternatives described above.
The foregoing is merely specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present application, and the changes and substitutions are intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (17)

1. A method of blockchain-based data processing, the method comprising:
receiving a service request sent by a service object, wherein the service request carries service data of a requested blockchain service, and the service data comprises contract identification data and contract execution data;
Transmitting the service data into a trusted execution environment, wherein a target service computing contract corresponding to the contract identification data is deployed in the trusted execution environment;
executing the target service computation contract in the trusted execution environment based on the contract execution data to obtain a service execution result of the blockchain service;
and uploading the service execution result to a blockchain for storage, and returning the service execution result to the service object.
2. The method of claim 1, wherein the contract identification data includes a contract name identification and a contract method identification; one or more business computing contracts are deployed in the trusted execution environment; the executing the target service computing contract in the trusted execution environment based on the contract execution data to obtain a service execution result of the blockchain service, including:
searching a target business computing contract corresponding to the contract name identifier in the trusted execution environment, wherein the target business computing contract comprises one or more contract methods;
acquiring a target contract method corresponding to the contract method identifier in the target business computing contract;
And executing the target contract method in the trusted execution environment based on the contract execution data to obtain a service execution result of the block chain service.
3. The method of claim 1, wherein the blockchain is populated with interface contracts corresponding to the target business computing contracts, the interface contracts defining data required to execute the target business computing contracts; the method further comprises the steps of:
invoking the interface contract to acquire blockchain data required for executing the target business computing contract from the blockchain based on the definition of the interface contract;
transmitting the blockchain data into the trusted execution environment;
the executing the target service computing contract in the trusted execution environment based on the contract execution data to obtain a service execution result of the blockchain service, including:
and executing the target service calculation contract in the trusted execution environment based on the contract execution data and the blockchain data to obtain a service execution result of the blockchain service.
4. The method of claim 3, wherein the traffic data and the blockchain data are encrypted by a public key of the trusted execution environment prior to being passed into the trusted execution environment; the method further comprises the steps of:
Decrypting the service data by adopting a private key of the trusted execution environment;
and decrypting the blockchain data by adopting a private key of the trusted execution environment.
5. The method of claim 1, wherein prior to said transferring said business data into a trusted execution environment, said method further comprises:
identity authentication is carried out on the business object;
and triggering and executing the step of transmitting the service data into the trusted execution environment after the identity authentication of the service object is passed.
6. The method of claim 5, wherein the service request further carries a signature of the service data, the signature of the service data being obtained by signing the service data using a private key of the service object; the step of authenticating the identity of the business object comprises the following steps:
signing the signature of the service data by adopting the public key of the service object;
if the signature verification of the business data is successful, a trusted object list is obtained, wherein the trusted object list comprises object identifiers of one or more trusted objects;
and if the trusted object list comprises the object identification of the service object, determining that the identity authentication of the service object passes.
7. The method of claim 1, wherein the blockchain is populated with interface contracts corresponding to the target business computing contracts, the interface contracts defining data that needs to be uploaded to the blockchain after execution of the target business computing contracts;
the uploading the service execution result to a blockchain for storage comprises the following steps:
invoking the interface contract to send the service execution result to the blockchain, so that the blockchain stores the service execution result after the service execution result passes verification;
and the service execution result is subjected to data assembly according to the definition of the interface contract.
8. The method of claim 7, wherein the business execution results include a contract execution result of the target business computing contract, and the target business computing contract, the business execution result signed by a private key of the trusted execution environment; the verification process of the block chain to the service execution result comprises the following steps:
acquiring a remote certificate corresponding to the target business computing contract, and checking the validity of the trusted execution environment based on the remote certificate;
If the validity of the trusted execution environment is checked, checking the service execution result by adopting a public key of the trusted execution environment;
if the service execution result is checked to be successful, comparing a target service calculation contract in the service execution result with a target service calculation contract stored in the block chain;
and if the target business calculation contract in the business execution result is the same as the target business calculation contract stored in the block chain, determining that the business execution result passes the verification.
9. The method of claim 1, wherein the method further comprises:
responding to a contract deployment request sent by a contract deployment object, and carrying out identity authentication on the contract deployment object; the contract deployment request carries contracts to be deployed;
and if the identity authentication of the contract deployment object passes, deploying the contract to be deployed.
10. The method of claim 9, wherein the contracts to be deployed include the target business computing contract and an interface contract corresponding to the target business computing contract; the deploying the contracts needing to be deployed comprises the following steps:
Deploying the target business computing contract into the trusted execution environment;
deploying the interface contract into the blockchain.
11. The method of claim 10, wherein deploying the target business computing contract into the trusted execution environment comprises:
compiling the target business computing contract to obtain a compiling file of the target business computing contract;
and deploying the compiled file of the target business computing contract into a cache space of the trusted execution environment.
12. The method of claim 11, wherein the method further comprises:
generating a remote certificate corresponding to the target business computing contract;
uploading the remote certificate of the target business computing contract, the compiled file of the target business computing contract and the target business computing contract to the blockchain for storage.
13. The method of claim 10, wherein the deploying the interface contract into the blockchain comprises:
compiling the interface contract to obtain a compiling file of the interface contract;
deploying the compiled file of the interface contract into the blockchain, and binding a contract hash for the compiled file of the interface contract in the blockchain, wherein the contract hash is calculated based on the target business calculation contract.
14. A blockchain-based data processing device, the device comprising:
the communication unit is used for receiving a service request sent by a service object, wherein the service request carries service data of a requested blockchain service, and the service data comprises contract identification data and contract execution data;
the processing unit is used for transmitting the service data into a trusted execution environment, and a target service computing contract corresponding to the contract identification data is deployed in the trusted execution environment;
the processing unit is further configured to execute the target service computation contract in the trusted execution environment based on the contract execution data to obtain a service execution result of the blockchain service;
the communication unit is further configured to upload the service execution result to a blockchain for storage, and return the service execution result to the service object.
15. A computer device, the computer device comprising:
a processor adapted to implement a computer program;
a computer readable storage medium storing a computer program adapted to be loaded by the processor and to perform the blockchain-based data processing method of any of claims 1 to 13.
16. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program adapted to be loaded by a processor and to perform the blockchain-based data processing method of any of claims 1 to 13.
17. A computer program product comprising computer instructions which, when executed by a processor, implement the blockchain-based data processing method of any of claims 1 to 13.
CN202211116846.2A 2022-09-14 2022-09-14 Block chain-based data processing method, device, equipment, medium and product Pending CN117743455A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211116846.2A CN117743455A (en) 2022-09-14 2022-09-14 Block chain-based data processing method, device, equipment, medium and product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211116846.2A CN117743455A (en) 2022-09-14 2022-09-14 Block chain-based data processing method, device, equipment, medium and product

Publications (1)

Publication Number Publication Date
CN117743455A true CN117743455A (en) 2024-03-22

Family

ID=90249479

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211116846.2A Pending CN117743455A (en) 2022-09-14 2022-09-14 Block chain-based data processing method, device, equipment, medium and product

Country Status (1)

Country Link
CN (1) CN117743455A (en)

Similar Documents

Publication Publication Date Title
CN110535872B (en) Method and apparatus for processing data requests in a blockchain network
EP3721603B1 (en) System and method for creating decentralized identifiers
CN111090888B (en) Contract verification method and device
Ourad et al. Using blockchain for IOT access control and authentication management
CN111092914B (en) Method and device for accessing external data
CN110009494B (en) Method and device for monitoring transaction content in block chain
US20190207762A1 (en) Communication method, apparatus and system, electronic device, and computer readable storage medium
CN114679293A (en) Access control method, device and storage medium based on zero trust security
JP7551222B2 (en) Data processing method, device and computer device based on blockchain network
CN111262889A (en) Authority authentication method, device, equipment and medium for cloud service
CN110910110B (en) Data processing method and device and computer storage medium
CN111597537B (en) Block chain network-based certificate issuing method, related equipment and medium
CN114338682B (en) Flow identity identification transmission method and device, electronic equipment and storage medium
CN112637167A (en) System login method and device, computer equipment and storage medium
US11977620B2 (en) Attestation of application identity for inter-app communications
Lunardi et al. Consensus algorithms on appendable-block blockchains: Impact and security analysis
Lin et al. User-managed access delegation for blockchain-driven IoT services
Shuhan et al. Decentralised identity federations using blockchain
US11231920B2 (en) Electronic device management
Khalil et al. DSCOT: An NFT-based blockchain architecture for the authentication of IoT-enabled smart devices in smart cities
CN116980155A (en) Data processing method, device, product, equipment and medium of block chain network
CN117743455A (en) Block chain-based data processing method, device, equipment, medium and product
CN116032494B (en) Data interaction method, blockchain predictor, device and medium
CN114499869B (en) Resource cross-chain exchange method and device based on block chain and computer equipment
CN116781268A (en) Block chain-based data processing method, equipment and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination