WO2018205731A1 - Method and device for protecting block chain data and computer readable storage medium - Google Patents

Method and device for protecting block chain data and computer readable storage medium Download PDF

Info

Publication number
WO2018205731A1
WO2018205731A1 PCT/CN2018/078518 CN2018078518W WO2018205731A1 WO 2018205731 A1 WO2018205731 A1 WO 2018205731A1 CN 2018078518 W CN2018078518 W CN 2018078518W WO 2018205731 A1 WO2018205731 A1 WO 2018205731A1
Authority
WO
WIPO (PCT)
Prior art keywords
node
smart contract
data
key
blockchain
Prior art date
Application number
PCT/CN2018/078518
Other languages
French (fr)
Chinese (zh)
Inventor
陈曦
Original Assignee
上海点融信息科技有限责任公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 上海点融信息科技有限责任公司 filed Critical 上海点融信息科技有限责任公司
Publication of WO2018205731A1 publication Critical patent/WO2018205731A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party

Definitions

  • Embodiments of the present disclosure generally relate to blockchain techniques and, more particularly, to methods, apparatus, and computer readable storage media for protecting blockchain data.
  • Blockchain has received wide attention as a new type of decentralized recording technology. Since the blockchain itself does not support data protection, data protection is one of the key technologies for blockchain applications such as commercial use.
  • the existing solutions include: 1) multi-chain + plaintext data, that is, each block chain node needs to maintain multiple blockchains; 2) homomorphic algorithm or zero-knowledge proof.
  • the first solution has backup risk and consensus risk due to the limited number of nodes in a single blockchain; and the second solution has the problems of high algorithm complexity and low execution efficiency.
  • Embodiments of the present disclosure provide methods, apparatus, and computer readable storage media for protecting blockchain data to at least partially address the above and other potential problems of the prior art.
  • a method for protecting blockchain data includes: creating a smart contract at a first node of a blockchain, the smart contract being set with a rights management field, the rights management field including a list of accessible addresses; encrypting the smart contract with a key at the first node, And including the encrypted smart contract in the block data at the first node; distributing the key to the second node of the block chain according to the accessible address list at the first node; and placing the block at the first node Data is sent to the second node,
  • an apparatus for protecting blockchain data includes a processor, a memory coupled to the processor and storing instructions that, when executed by the processor, cause the apparatus to perform the act of: creating a smart contract at a first node of the blockchain, the smart contract being set Having a rights management field, the rights management field includes an accessible address list; encrypting the smart contract using the key at the first node, and including the encrypted smart contract in the block data at the first node; The node distributes the key to the second node of the blockchain according to the accessible address list; and transmits the block data to the second node at the first node.
  • a computer readable storage medium has computer readable program instructions stored thereon for performing the method as described above in the first aspect of the present disclosure.
  • Figure 1 shows a schematic diagram of a blockchain technique
  • FIG. 2 shows a flow diagram of a method for protecting blockchain data in accordance with an embodiment of the present disclosure
  • FIG. 3 illustrates an example implementation of a method for protecting blockchain data in accordance with an embodiment of the present disclosure
  • FIG. 4 shows a schematic diagram of an apparatus for protecting blockchain data in accordance with an embodiment of the present disclosure.
  • FIG. 1 shows a schematic diagram of a blockchain technique, which may be implemented in such a scenario (eg, a blockchain network) in an example embodiment of the present disclosure.
  • the blockchain is a new application mode of computer technology such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithm.
  • the so-called consensus mechanism is a mathematical algorithm for realizing trust and acquiring rights between different nodes in the blockchain system. Since the blockchain is a new type of decentralized recording technology, it has received extensive attention and its application fields are becoming more and more extensive.
  • a smart contract is a set of promises defined in digital form, including agreements on which contract participants can execute these commitments. ". Essentially, these automated contracts work like if-then statements from other computer programs. Smart contracts only interact with real-world assets in this way. When a pre-programmed condition is triggered, the smart contract enforces the corresponding contract terms.
  • embodiments of the present disclosure provide methods, apparatus, and computer readable storage media for protecting blockchain data.
  • FIG. 2 illustrates a flow diagram of a method 200 for protecting blockchain data in accordance with an embodiment of the present disclosure.
  • the method 200 can be applied to the blockchain network shown in FIG. 1.
  • a smart contract is created at the first node of the blockchain, the smart contract can be set with a rights management field, and the rights management field includes a list of accessible addresses.
  • the rights management field may further include access rights of the second node to the smart contract, and the access rights may include read and write access rights for setting read and write permissions.
  • the blockchain network includes, for example, three blockchain nodes, which are blockchain node 1 (referred to as “first node”), blockchain node 2 (referred to as “second node”), and blockchain. Node 3 (called the "third node”).
  • a smart contract is created at blockchain node 1, and upon submission, an additional rights management field may be added, which may include a list of accessible addresses (eg, a list of accessible address hashes). In this way, private data can be managed through smart contracts and configured with appropriate access rights.
  • the rights management field may include access to the smart contract by blockchain node 2 in addition to the list of accessible addresses.
  • the rights management field may also include access rights of the blockchain node 3 to the smart contract.
  • the access rights may include, for example, setting read and write access rights for specific read and write or specific data interface access. It should be understood that the definition of "access rights" herein is merely exemplary and is not intended to limit the scope of the disclosure in any way.
  • a smart contract X can be created at the blockchain node 1 of the blockchain, and a rights management field is set, and the content of the rights management field is a hash of the addresses of the block chain nodes 2 and 3. Values (ie "3C344bQYPsL5FXAbv67kGksNLR1urufnE" and "3GFHwAZFDtPuBDS396PirD5jzHRDv9ni1n”), and blockchain nodes 2 and 3 access to smart contract X.
  • the content of the specifically implemented rights management field is as follows.
  • the rights management field for smart contract X can be set. Moreover, according to the accessible address list in the above rights management field, the block chain node 2 and the block chain node 3 on the blockchain can access the smart contract X created at the block chain node 1. In addition, since the block chain node 2 and the block chain node 3 can also be set to access the smart contract in the rights management field, according to such access rights, the block chain node 2 and the block chain node 3 Smart Contract X can have different access rights respectively.
  • the smart contract if the smart contract is not set with a rights management field, the smart contract will be processed as a public smart contract (as disclosed in Figure 3), ie the creation and trading information of the smart contract will be in clear text. Form exists.
  • the smart contract is encrypted using the key at the first node and the encrypted smart contract is included in the block data at the first node.
  • the block data is used for inter-block inter-chain communication, wherein the encrypted smart contract at the first node can be included in the block data, and the block data can then be sent to other nodes on the blockchain (for example, blockchain node 2 and blockchain node 3) in FIG.
  • the block data can then be sent to other nodes on the blockchain (for example, blockchain node 2 and blockchain node 3) in FIG.
  • all transaction data for a smart contract can be added to the block data in cipher text and then sent to other nodes on the blockchain.
  • the block data also includes block numbers, transaction data, signatures, and random numbers (Nonce).
  • block data is part of the data on the chain and is used for data communication between block chain nodes, and smart contract data can be included in the block data.
  • smart contract data can be included in the block data.
  • the block raw data can be saved separately, and the execution status data of the smart contract can be separated. Since the block data can be shared by the entire network, the consistency of the data on the blockchain can be fundamentally guaranteed.
  • a key is distributed to the second node of the blockchain based on the accessible address list at the first node.
  • distributing the key to the second node based on the accessible address list at the first node includes key distribution in a point-to-point communication, the key including a symmetric key.
  • blockchain node 1 creates a smart contract Y and specifies that only blockchain node 2 is accessible in the list of accessible addresses (eg, S1-- create smart contract Y in Figure 3, set blockchain Node 2 is accessible). Accordingly, the block chain node 1 can distribute the key only to the block chain node 2 in point-to-point communication (for example, S2- in FIG. 3 - transmitting the smart contract Y key to the block chain node 2).
  • the block data is transmitted to the second node at the first node.
  • the method 200 illustrated in FIG. 2 may further include transmitting the block data to the third node of the blockchain at the first node without distributing the key to the third node.
  • the key and block data are received at the second node and the encrypted smart contract is decrypted from the block data using the key to create a decrypted smart contract. Additionally, the transaction can also be performed at the second node based on the decrypted smart contract.
  • the block chain node 1 includes the encrypted smart contract Y in the block data at the first node (ie, the block chain node 1)
  • the block data can be transmitted in a broadcast manner.
  • the second node ie, blockchain node 2
  • the third node ie, blockchain node 3
  • S4--Send the encrypted smart contract Y (which is included in the block data)).
  • the block chain node 2 can receive the area.
  • the block data is then decrypted using such a key (eg, S5 in Figure 3 - decrypting the smart contract Y) to create a decrypted smart contract Y at the blockchain node 2 (eg, S6 in Figure 3 - building a smart contract) Y logical data fragmentation), and since blockchain node 3 does not receive such a key, it will not be able to create a decrypted smart contract Y at blockchain node 3 (eg S5 in Figure 3 - decryption intelligence) Contract Y failed).
  • a key eg, S5 in Figure 3 - decrypting the smart contract Y
  • Method 200 may also include an additional data consensus process in accordance with an embodiment of the present disclosure. For example, after 208, a data consensus can be made between the first node and the second node by peer-to-peer communication.
  • the data consensus here refers, for example, to the use of existing consensus algorithms (eg raft/pbft) to confirm data consistency between multiple nodes on a blockchain. In this way, the present disclosure can achieve data consensus while ensuring data privacy.
  • existing consensus algorithms eg raft/pbft
  • the data consensus can be based on a block number, a smart contract number of a smart contract, and a transaction data digest formed from historical transaction data for a smart contract.
  • the data consensus (such as the consensus of private data (such as smart contract Y)) may have a unique identifier, that is, a block number and a smart contract number (for example, may be a smart contract address or a uniquely designated ID).
  • a unique identifier that is, a block number and a smart contract number (for example, may be a smart contract address or a uniquely designated ID).
  • existing consensus algorithms can be used to achieve local consensus.
  • the historical transaction data and current status of each smart contract can be logically isolated during storage.
  • the bottom layer can use the same physical database or a different physical database.
  • a record with the block number and the smart contract number as the key value can be inserted in the logical database of the smart contract for subsequent data consensus.
  • the historical transaction data and current state of the smart contract may be stored in the database in a logically isolated manner, and the current state of the smart contract is queried according to the block number stored in the database and the smart contract number of the smart contract. .
  • the data consensus can be completed through peer-to-peer communication, and the nodes deploying the same smart contract (for example, the blockchain node 1 and the blockchain node 2 deployed with the same smart contract Y in FIG. 3) can participate in the consensus (for example, S7 in FIG. 3) -- Consensus to complete the block of trading for Smart Contract Y).
  • the data consensus can be initiated by the node submitting the smart contract (for example, the blockchain node 1 that creates the smart contract in Figure 3), and sends data waiting for consensus through peer-to-peer communication, for example:
  • the above data waiting for consensus includes a block number (blockhash), a smart contract number (contract) and a summary of transaction data formed according to all the historical data of the smart contract (such as the merkleroot value mentioned above).
  • merkleroot can be generated based on historical transaction data of the smart contract, generating a summary (here a hash value) for each transaction, inserting the underlying node as the merkle number, and updating the root node value.
  • the data awaiting consensus here is merely exemplary and is not intended to limit the scope of the disclosure in any way.
  • FIG. 4 illustrates an apparatus 400 for protecting blockchain data in accordance with an embodiment of the present disclosure.
  • the device 400 includes a processor 402 and a memory 404.
  • the memory 404 is coupled to the processor 402 and stores instructions that, when executed by the processor, cause the device to perform the act of creating a smart contract at a first node of the blockchain, the smart contract being set with a rights management field,
  • the rights management field includes an accessible address list; the smart contract is encrypted using the key at the first node, and the encrypted smart contract is included in the block data at the first node; accessible at the first node
  • the address list distributes the key to the second node of the blockchain; and transmits the block data to the second node at the first node.
  • each blockchain node can include a respective processor 402 and memory 404, where processor 402 can include a data management module 406 and a key management module 408.
  • Data management module 406 can be responsible for managing block data and smart contract data.
  • the block data is part of the data on the chain and is used for data communication between nodes, and the smart contract data is included in the block data.
  • the block raw data is saved separately and is separate from the execution status data of the smart contract.
  • the block data is shared by the whole network, which fundamentally guarantees the consistency of the data on the chain.
  • smart contracts that manage private data can be stored in separate logical data slices (for example, smart contracts that manage private data, where the original contract and transaction data are encrypted and stored in a unique blockchain, each smart contract corresponds to An independent data fragment), querying the current status by block number and smart contract number (such as smart contract address or uniquely specified ID).
  • Key management module 408, may be responsible for maintaining the generation, distribution, use, storage, and backup of keys for smart contracts.
  • the key management module 408 can also introduce key maintenance algorithms such as forward security or key rotation to improve security.
  • the key management module 408 can also distribute keys according to rights management fields (eg, rights lists) given by the data management module 406, while providing an interface to the data management module 406 for encryption and decryption of data.
  • rights management fields eg, rights lists
  • the present disclosure may be embodied as a computer readable storage medium having computer readable program instructions stored thereon, the computer readable program instructions being operative to perform a protected area as described in accordance with the example embodiment of FIG. The method of blockchain data.
  • the present disclosure may be embodied as a system, method, and/or computer program product, depending on the particular needs and application scenarios.
  • the computer program product can include a computer readable storage medium having computer readable program instructions for performing various aspects of the present disclosure.
  • FPGA Field Programmable Gate Array
  • ASIC Application Specific Integrated Circuit
  • ASSP Application Specific Standard Product
  • SOC System on Chip
  • CPLD Complex Programmable Logic Device
  • the computer readable storage medium can be a tangible device that can hold and store the instructions used by the instruction execution device.
  • the computer readable storage medium can be, for example, but not limited to, an electrical storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing.
  • Non-exhaustive list of computer readable storage media include: portable computer disks, hard disks, random access memory (RAM), read only memory (ROM), erasable programmable read only memory (EPROM) Or flash memory), static random access memory (SRAM), portable compact disk read only memory (CD-ROM), digital versatile disk (DVD), memory stick, floppy disk, mechanical encoding device, for example, with instructions stored thereon A raised structure in the hole card or groove, and any suitable combination of the above.
  • a computer readable storage medium as used herein is not to be interpreted as a transient signal itself, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission medium (eg, light pulses through a fiber optic cable), or through wires The electrical signal transmitted.
  • the computer readable program instructions described herein can be downloaded from a computer readable storage medium to various computing/processing devices or downloaded to an external computer or external storage device over a network, such as the Internet, a local area network, a wide area network, and/or a wireless network.
  • the network may include copper transmission cables, fiber optic transmissions, wireless transmissions, routers, firewalls, switches, gateway computers, and/or edge servers.
  • a network adapter card or network interface in each computing/processing device receives computer readable program instructions from the network and forwards the computer readable program instructions for storage in a computer readable storage medium in each computing/processing device .
  • Computer program instructions for performing the operations of the present disclosure may be assembly instructions, instruction set architecture (ISA) instructions, machine instructions, machine related instructions, microcode, firmware instructions, state setting data, or in one or more programming languages.
  • Source code or object code written in any combination including object oriented programming languages - such as Smalltalk, C++, etc., as well as conventional procedural programming languages - such as the "C" language or similar programming languages.
  • the computer readable program instructions can execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer, partly on the remote computer, or entirely on the remote computer or server. carried out.
  • the remote computer can be connected to the user's computer via any kind of network, including a local area network (LAN) or wide area network (WAN), or can be connected to an external computer (eg, using an Internet service provider to access the Internet) connection).
  • the customized electronic circuit such as a programmable logic circuit, a field programmable gate array (FPGA), or a programmable logic array (PLA), can be customized by utilizing state information of computer readable program instructions.
  • Computer readable program instructions are executed to implement various aspects of the present disclosure.
  • the computer readable program instructions can be provided to a general purpose computer, a special purpose computer, or a processor of other programmable data processing apparatus to produce a machine such that when executed by a processor of a computer or other programmable data processing apparatus Means for implementing the functions/acts specified in one or more of the blocks of the flowcharts and/or block diagrams.
  • the computer readable program instructions can also be stored in a computer readable storage medium that causes the computer, programmable data processing device, and/or other device to operate in a particular manner, such that the computer readable medium storing the instructions includes An article of manufacture that includes instructions for implementing various aspects of the functions/acts recited in one or more of the flowcharts.
  • the computer readable program instructions can also be loaded onto a computer, other programmable data processing device, or other device to perform a series of operational steps on a computer, other programmable data processing device or other device to produce a computer-implemented process.
  • instructions executed on a computer, other programmable data processing apparatus, or other device implement the functions/acts recited in one or more of the flowcharts and/or block diagrams.
  • each block in the flowchart or block diagram can represent a module, a program segment, or a portion of an instruction that includes one or more components for implementing the specified logical functions.
  • Executable instructions can also occur in a different order than those illustrated in the drawings. For example, two consecutive blocks may be executed substantially in parallel, and they may sometimes be executed in the reverse order, depending upon the functionality involved.
  • each block of the block diagrams and/or flowcharts, and combinations of blocks in the block diagrams and/or flowcharts can be implemented in a dedicated hardware-based system that performs the specified function or function. Or it can be implemented by a combination of dedicated hardware and computer instructions.
  • the present disclosure can be implemented as a method for protecting blockchain data, comprising: creating a smart contract at a first node of the blockchain, the smart contract being set with a rights management field, the rights
  • the management field includes an accessible address list; the smart contract is encrypted using the key at the first node, and the encrypted smart contract is included in the block data at the first node; Distributing the key to the second node of the blockchain according to the accessible address list at the first node; and transmitting the block data to the second node at the first node .
  • the rights management field further includes access rights of the second node to the smart contract, the access rights including read and write access rights for setting read and write rights.
  • the distributing the key to the second node according to the accessible address list at the first node comprises: performing key distribution in a point-to-point communication, the key comprising a symmetric key key.
  • the key and the block data are received at the second node and the encrypted smart contract is decrypted from the block data using the key to create a The smart contract that was decrypted.
  • the transaction is performed at the second node in accordance with the decrypted smart contract.
  • the block data further includes a block number, transaction data, a signature, and a random number.
  • historical transaction data and current state of the smart contract are stored in a database in a logically isolated manner, the current state of the smart contract being based on the block number stored in the database and the smart contract The smart contract number is queried.
  • data negotiation is performed between the first node and the second node by peer-to-peer communication.
  • the data consensus is performed based on the block number, the smart contract number of the smart contract, and a transaction data digest formed by historical transaction data of the smart contract.
  • the method further comprises: transmitting the block data to a third node of the blockchain at the first node without distributing the key to the third node .
  • the present disclosure can be implemented as an apparatus for protecting blockchain data, comprising: a processor; a memory coupled to the processor and storing instructions that, when executed by the processor, cause the The device performs the following actions: creating a smart contract at a first node of the blockchain, the smart contract being set with a rights management field, the rights management field including a list of accessible addresses; at the first node Encrypting the smart contract using a key and including the encrypted smart contract in the block data at the first node; at the first node according to the accessible address list
  • the second node of the blockchain distributes the key; and transmits the block data to the second node at the first node.
  • the rights management field further includes access rights of the second node to the smart contract, the access rights including read and write access rights for setting read and write rights.
  • the distributing the key to the second node according to the accessible address list at the first node comprises: performing key distribution in a point-to-point communication, the key comprising a symmetric key key.
  • the key and the block data are received at the second node and the encrypted smart contract is decrypted from the block data using the key to create a The smart contract that was decrypted.
  • the transaction is performed at the second node in accordance with the decrypted smart contract.
  • the block data further includes a block number, transaction data, a signature, and a random number.
  • historical transaction data and current state of the smart contract are stored in a database in a logically isolated manner, the current state of the smart contract being based on the block number stored in the database and the smart contract The smart contract number is queried.
  • data negotiation is performed between the first node and the second node by peer-to-peer communication.
  • the data consensus is performed based on the block number, the smart contract number of the smart contract, and a transaction data digest formed by historical transaction data of the smart contract.
  • the instructions when executed by the processor, cause the device to further perform the act of transmitting the block data to a third node of the blockchain at the first node Without distributing the key to the third node.
  • the present disclosure can be embodied as a computer readable storage medium having computer readable program instructions stored thereon for performing a method for protecting blockchain data according to the above described .

Abstract

A method and a device for protecting block chain data and a computer readable storage medium. The method for protecting block chain data comprises: creating an intelligent contract at a first node of a block chain, the intelligent contract being set with a permission management field, and the permission management field including an accessible address list (202); using a secret key to encrypt the intelligent contract at the first node, and adding the encrypted intelligent contract in block data at the first node (204); distributing the secret key at the first node to a second node of the block chain according to the accessible address list (206); and sending the block data at the first node to the second node (208).

Description

用于保护区块链数据的方法、设备以及计算机可读存储介质Method, device, and computer readable storage medium for protecting blockchain data 技术领域Technical field
本公开的实施例总体上涉及区块链技术,并且更具体地,涉及用于保护区块链数据的方法、设备以及计算机可读存储介质。Embodiments of the present disclosure generally relate to blockchain techniques and, more particularly, to methods, apparatus, and computer readable storage media for protecting blockchain data.
背景技术Background technique
区块链作为一种新型的去中心化的记录技术而受到广泛关注。由于区块链本身不支持数据保护,因此,数据保护成为区块链应用(例如商用)的重点技术之一。Blockchain has received wide attention as a new type of decentralized recording technology. Since the blockchain itself does not support data protection, data protection is one of the key technologies for blockchain applications such as commercial use.
目前已有的解决方案包括:1)多链+明文数据,即每个区块链节点需要维护多条区块链;2)同态算法或零知识证明。这两种解决方案中,第一种解决方案存在因单一区块链上节点数有限而产生的备份风险及共识风险;而第二种解决方案存在算法复杂度高,执行效率低的问题。The existing solutions include: 1) multi-chain + plaintext data, that is, each block chain node needs to maintain multiple blockchains; 2) homomorphic algorithm or zero-knowledge proof. Among the two solutions, the first solution has backup risk and consensus risk due to the limited number of nodes in a single blockchain; and the second solution has the problems of high algorithm complexity and low execution efficiency.
发明内容Summary of the invention
本公开的各实施例提供了用于保护区块链数据的方法、设备以及计算机可读存储介质以至少部分地解决现有技术的上述以及其它潜在问题。Embodiments of the present disclosure provide methods, apparatus, and computer readable storage media for protecting blockchain data to at least partially address the above and other potential problems of the prior art.
在本公开的第一方面,提供了一种用于保护区块链数据的方法。该方法包括:在区块链的第一节点处创建智能合约,智能合约被设定有权限管理字段,权限管理字段包括可访问地址列表;在第一节点处使用密钥对智能合约进行加密,并将经加密的智能合约包括在第一节点处的区块数据中;在第一节点处根据可访问地址列表向区块链的第二节点分发密钥;以及在第一节点处将区块数据发送到第二节点,In a first aspect of the present disclosure, a method for protecting blockchain data is provided. The method includes: creating a smart contract at a first node of a blockchain, the smart contract being set with a rights management field, the rights management field including a list of accessible addresses; encrypting the smart contract with a key at the first node, And including the encrypted smart contract in the block data at the first node; distributing the key to the second node of the block chain according to the accessible address list at the first node; and placing the block at the first node Data is sent to the second node,
在本公开的第二方面,提供了一种用于保护区块链数据的设备。该设备包括:处理器;存储器,耦合至处理器并且存储有指令,该指令在由处理器执行时使得设备执行以下动作:在区块链的第一节点处创建智能合约,智能合约被设定有权限管理字段,权限管理字段包括可访问地址列表;在第一节点处使用密钥对智能合约进行加密,并将经加密的智能合约包括在第一节点处的区块数据中;在第一节点处根据可访问地址列表向区块链的 第二节点分发密钥;以及在第一节点处将区块数据发送到第二节点。In a second aspect of the present disclosure, an apparatus for protecting blockchain data is provided. The apparatus includes a processor, a memory coupled to the processor and storing instructions that, when executed by the processor, cause the apparatus to perform the act of: creating a smart contract at a first node of the blockchain, the smart contract being set Having a rights management field, the rights management field includes an accessible address list; encrypting the smart contract using the key at the first node, and including the encrypted smart contract in the block data at the first node; The node distributes the key to the second node of the blockchain according to the accessible address list; and transmits the block data to the second node at the first node.
在本公开的第三方面,提供了一种计算机可读存储介质。该计算机可读存储介质具有存储在其上的计算机可读程序指令,该计算机可读程序指令用于执行根据以上在本公开的第一方面中所描述的方法。In a third aspect of the present disclosure, a computer readable storage medium is provided. The computer readable storage medium has computer readable program instructions stored thereon for performing the method as described above in the first aspect of the present disclosure.
附图说明DRAWINGS
现将仅通过示例的方式,参考所附附图对本公开的实施例进行描述,在附图中,相同或相似的附图标注表示相同或相似的元素,其中:The embodiments of the present disclosure will be described by way of example only with reference to the accompanying drawings in which the same or
图1示出了区块链技术的示意图;Figure 1 shows a schematic diagram of a blockchain technique;
图2示出了根据本公开的实施例的用于保护区块链数据的方法的流程示意图;2 shows a flow diagram of a method for protecting blockchain data in accordance with an embodiment of the present disclosure;
图3示出了根据本公开的实施例的用于保护区块链数据的方法的示例实现方式;以及FIG. 3 illustrates an example implementation of a method for protecting blockchain data in accordance with an embodiment of the present disclosure;
图4示出了根据本公开的实施例的用于保护区块链数据的设备的示意图。FIG. 4 shows a schematic diagram of an apparatus for protecting blockchain data in accordance with an embodiment of the present disclosure.
具体实施方式detailed description
下面将参照附图更详细地描述本公开的实施例。虽然附图中显示了本公开的某些实施例,然而应当理解的是,本公开可以通过各种形式来实现,而且不应该被解释为限于这里阐述的实施例,相反提供这些实施例是为了更加透彻和完整地理解本公开。应当理解的是,本公开的附图及实施例仅用于示例性作用,并非用于限制本公开的保护范围。Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although certain embodiments of the present disclosure are shown in the drawings, it is understood that the invention may be embodied in various forms and should not be construed as limited to the embodiments set forth herein. A more complete and complete understanding of the present disclosure. The drawings and embodiments of the present disclosure are to be considered as illustrative only and not limiting the scope of the disclosure.
本文使用的术语"包括"及其变形是开放性包括,即"包括但不限于"。术语"基于"是"至少部分地基于"。术语"一个实施例"表示"至少一个实施例";术语"另一实施例"表示"至少一个另外的实施例"。其他术语的相关定义将在下文描述中给出。The term "comprising" and variations thereof as used herein are open-ended, ie, "including but not limited to". The term "based on" is "based at least in part on." The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one additional embodiment." Relevant definitions of other terms will be given in the description below.
图1示出了区块链技术的示意图,本公开的示例实施例中的方法、设备以及计算机可读存储介质可以实现于这样的场景(例如区块链网络)中。应当理解的是,区块链是分布式数据存储、点对点传输、共识机制、加密算法等计算机技术的新型应用模式。其中,所谓共识机制是区块链系统中 实现不同节点之间建立信任、获取权益的数学算法。由于区块链是一种新型的去中心化的记录技术,因此受到了广泛的关注,其应用领域也日益广泛。1 shows a schematic diagram of a blockchain technique, which may be implemented in such a scenario (eg, a blockchain network) in an example embodiment of the present disclosure. It should be understood that the blockchain is a new application mode of computer technology such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithm. Among them, the so-called consensus mechanism is a mathematical algorithm for realizing trust and acquiring rights between different nodes in the blockchain system. Since the blockchain is a new type of decentralized recording technology, it has received extensive attention and its application fields are becoming more and more extensive.
关于智能合约的理念,密码学家尼克·萨博(Nick Szabo)给出的定义是"一个智能合约是一套以数字形式定义的承诺(promises),包括合约参与方可以在上面执行这些承诺的协议"。从本质上讲,这些自动合约的工作原理类似于其它计算机程序的if-then语句。智能合约只是以这种方式与真实世界的资产进行交互。当一个预先编好的条件被触发时,智能合约执行相应的合同条款。Regarding the concept of smart contracts, cryptographer Nick Szabo gives the definition that "a smart contract is a set of promises defined in digital form, including agreements on which contract participants can execute these commitments. ". Essentially, these automated contracts work like if-then statements from other computer programs. Smart contracts only interact with real-world assets in this way. When a pre-programmed condition is triggered, the smart contract enforces the corresponding contract terms.
传统地,由于区块链本身不支持数据保护,因此,数据保护成为区块链商用的重点技术之一。以区块链的典型应用场景--供应链管理为例,供应链的上下游企业形成了区块链上的各个节点。这一场景并不适合采用传统的多链形式进行数据交易。而且,对链上的任一企业而言,由于交易仅限于链上的部分企业,因此,不必要的交易信息共享将会导致商业机密的泄露。Traditionally, data protection has become one of the key technologies for blockchain commercialization because the blockchain itself does not support data protection. Taking the typical application scenario of blockchain--supply chain management as an example, the upstream and downstream enterprises of the supply chain form each node on the blockchain. This scenario is not suitable for data transactions using traditional multi-chain forms. Moreover, for any company in the chain, because the transaction is limited to some enterprises in the chain, unnecessary transaction information sharing will lead to the leakage of trade secrets.
为了解决上述以及其他潜在的缺陷和问题,本公开的实施例提供了用于保护区块链数据的方法、设备以及计算机可读存储介质。下面将参考附图描述本公开的若干示例实施例。In order to address the above and other potential deficiencies and problems, embodiments of the present disclosure provide methods, apparatus, and computer readable storage media for protecting blockchain data. Several example embodiments of the present disclosure will be described below with reference to the drawings.
图2示出了根据本公开的实施例的用于保护区块链数据的方法200的流程示意图。其中,该方法200能够应用于图1所示的区块链网络中。FIG. 2 illustrates a flow diagram of a method 200 for protecting blockchain data in accordance with an embodiment of the present disclosure. The method 200 can be applied to the blockchain network shown in FIG. 1.
在202处,在区块链的第一节点处创建智能合约,智能合约可以被设定有权限管理字段,权限管理字段包括可访问地址列表。At 202, a smart contract is created at the first node of the blockchain, the smart contract can be set with a rights management field, and the rights management field includes a list of accessible addresses.
在一些示例实现中,权限管理字段还可以包括第二节点对智能合约的访问权限,访问权限可以包括设定读写权限的读写访问权限。In some example implementations, the rights management field may further include access rights of the second node to the smart contract, and the access rights may include read and write access rights for setting read and write permissions.
以三个区块链节点为例,如图3所示,其中示出了用于保护区块链数据的方法的示例实现方式。该区块链网络中包括例如三个区块链节点,分别为区块链节点1(称为"第一节点")、区块链节点2(称为"第二节点")和区块链节点3(称为"第三节点")。其中,在区块链节点1处创建智能合约,在提交时,可以增加额外的权限管理字段,该权限管理字段可包含可访问地址列表(例如可访问地址哈希值列表)。以此方式,私密数据可以通过智能合约进行管理,配置相应的访问权限。Taking three blockchain nodes as an example, as shown in FIG. 3, an example implementation of a method for protecting blockchain data is shown. The blockchain network includes, for example, three blockchain nodes, which are blockchain node 1 (referred to as "first node"), blockchain node 2 (referred to as "second node"), and blockchain. Node 3 (called the "third node"). Wherein, a smart contract is created at blockchain node 1, and upon submission, an additional rights management field may be added, which may include a list of accessible addresses (eg, a list of accessible address hashes). In this way, private data can be managed through smart contracts and configured with appropriate access rights.
附加地,在区块链节点1处创建智能合约时,权限管理字段除了可包含可访问地址列表之外,还可以包含区块链节点2对智能合约的访问权限。此外,权限管理字段还可以包含区块链节点3对智能合约的访问权限。该访问权限例如可以包括设定具体读写或特定数据接口访问的读写访问权限。应当理解的是,这里对"访问权限"的限定仅仅是示例性的,无意以任何方式限制本公开的范围。Additionally, when a smart contract is created at blockchain node 1, the rights management field may include access to the smart contract by blockchain node 2 in addition to the list of accessible addresses. In addition, the rights management field may also include access rights of the blockchain node 3 to the smart contract. The access rights may include, for example, setting read and write access rights for specific read and write or specific data interface access. It should be understood that the definition of "access rights" herein is merely exemplary and is not intended to limit the scope of the disclosure in any way.
例如,如图3所示,可以在区块链的区块链节点1处创建智能合约X,并设定权限管理字段,权限管理字段的内容为区块链节点2和3的地址的哈希值(即"3C344bQYPsL5FXAbv67kGksNLR1urufnE"和"3GFHwAZFDtPuBDS396PirD5jzHRDv9ni1n"),以及区块链节点2和3对智能合约X的访问权限。For example, as shown in FIG. 3, a smart contract X can be created at the blockchain node 1 of the blockchain, and a rights management field is set, and the content of the rights management field is a hash of the addresses of the block chain nodes 2 and 3. Values (ie "3C344bQYPsL5FXAbv67kGksNLR1urufnE" and "3GFHwAZFDtPuBDS396PirD5jzHRDv9ni1n"), and blockchain nodes 2 and 3 access to smart contract X.
作为示例,具体实现的权限管理字段的内容如下所示。As an example, the content of the specifically implemented rights management field is as follows.
{{
   "3C344bQYPsL5FXAbv67kGksNLR1urufnE5",//区块链节点2的地址的哈希值"3C344bQYPsL5FXAbv67kGksNLR1urufnE5", // hash of the address of blockchain node 2
   "3GFHwAZFDtPuBDS396PirD5jzHRDv9ni1n"//区块链节点3的地址的哈希值"3GFHwAZFDtPuBDS396PirD5jzHRDv9ni1n"//Hash value of the address of blockchain node 3
}}
通过以上的示例,可以设置针对智能合约X的权限管理字段。而且,根据以上权限管理字段中的可访问地址列表,区块链上的区块链节点2和区块链节点3可以访问在区块链节点1处创建的智能合约X。附加地,由于权限管理字段中还可以设置有区块链节点2和区块链节点3对智能合约的访问权限,因此,根据这样的访问权限,区块链节点2和区块链节点3对于智能合约X可以分别具有不同的访问权限。Through the above example, the rights management field for smart contract X can be set. Moreover, according to the accessible address list in the above rights management field, the block chain node 2 and the block chain node 3 on the blockchain can access the smart contract X created at the block chain node 1. In addition, since the block chain node 2 and the block chain node 3 can also be set to access the smart contract in the rights management field, according to such access rights, the block chain node 2 and the block chain node 3 Smart Contract X can have different access rights respectively.
在一些示例实现中,如果智能合约未设定有权限管理字段,则该智能合约将以公开智能合约(如图3所示的公开智能合约)处理,即智能合约的创建和交易信息将以明文形式存在。In some example implementations, if the smart contract is not set with a rights management field, the smart contract will be processed as a public smart contract (as disclosed in Figure 3), ie the creation and trading information of the smart contract will be in clear text. Form exists.
在204处,在第一节点处使用密钥对智能合约进行加密,并将经加密的智能合约包括在第一节点处的区块数据中。At 204, the smart contract is encrypted using the key at the first node and the encrypted smart contract is included in the block data at the first node.
例如,区块数据为区块链间通信使用,其中在第一节点处经加密的智能合约可以包括在区块数据中,而该区块数据随后可以被发送到区块链上 的其它节点(例如图3中的区块链节点2和区块链节点3)。比如,智能合约的所有交易数据可以以密文形式添加到区块数据中,随后可以发送给区块链上的其它节点。For example, the block data is used for inter-block inter-chain communication, wherein the encrypted smart contract at the first node can be included in the block data, and the block data can then be sent to other nodes on the blockchain ( For example, blockchain node 2 and blockchain node 3) in FIG. For example, all transaction data for a smart contract can be added to the block data in cipher text and then sent to other nodes on the blockchain.
以此方式,可以保证私密数据(例如第一节点处的智能合约Y)以密文形式保存在区块链上,所有节点均可备份,不存在因节点数的限制(例如传统的多链+明文数据技术中存在的节点数的限制)带来的备份风险。而且,由于具体实现时仅依赖于常用的加密算法,不存在高时延(例如传统的同态算法技术中存在算法复杂度高带来的高时延)而带来的效率问题。In this way, it can be ensured that private data (for example, smart contract Y at the first node) is stored in the blockchain in cipher text, all nodes can be backed up, and there is no limitation due to the number of nodes (for example, traditional multi-chain + Backup risk due to the limitation of the number of nodes in the plaintext data technology. Moreover, since the specific implementation relies only on the commonly used encryption algorithm, there is no efficiency problem caused by high latency (for example, high latency caused by high complexity of the algorithm in the conventional homomorphic algorithm technique).
在一些示例实现中,区块数据还包括区块号、交易数据、签名、以及随机数(Nonce)。In some example implementations, the block data also includes block numbers, transaction data, signatures, and random numbers (Nonce).
例如,区块数据是链上数据的一部分,且用于区块链节点之间的数据通信,而智能合约数据可以包含在区块数据中。在保存数据时,区块原始数据可以单独保存,与智能合约的执行状态数据可以是分离的。由于区块数据可被全网共享,因此,可以从根本上保证区块链上的数据的一致性。For example, block data is part of the data on the chain and is used for data communication between block chain nodes, and smart contract data can be included in the block data. When saving data, the block raw data can be saved separately, and the execution status data of the smart contract can be separated. Since the block data can be shared by the entire network, the consistency of the data on the blockchain can be fundamentally guaranteed.
在206处,在第一节点处根据可访问地址列表向区块链的第二节点分发密钥。At 206, a key is distributed to the second node of the blockchain based on the accessible address list at the first node.
在一些示例实现中,在第一节点处根据可访问地址列表向第二节点分发密钥包括:以点对点通信进行密钥分发,密钥包括对称密钥。In some example implementations, distributing the key to the second node based on the accessible address list at the first node includes key distribution in a point-to-point communication, the key including a symmetric key.
如图3所示,区块链节点1创建了智能合约Y,并在可访问地址列表中指定仅区块链节点2可访问(例如图3中S1--创建智能合约Y,设置区块链节点2可访问)。相应地,区块链节点1可以以点对点通信仅向区块链节点2分发密钥(例如图3中S2--发送智能合约Y密钥给区块链节点2)。As shown in Figure 3, blockchain node 1 creates a smart contract Y and specifies that only blockchain node 2 is accessible in the list of accessible addresses (eg, S1-- create smart contract Y in Figure 3, set blockchain Node 2 is accessible). Accordingly, the block chain node 1 can distribute the key only to the block chain node 2 in point-to-point communication (for example, S2- in FIG. 3 - transmitting the smart contract Y key to the block chain node 2).
在208处,在第一节点处将区块数据发送到第二节点。At 208, the block data is transmitted to the second node at the first node.
在一些示例实现中,图2所示的方法200还可以包括:在第一节点处将区块数据发送到区块链的第三节点,而不向第三节点分发密钥。In some example implementations, the method 200 illustrated in FIG. 2 may further include transmitting the block data to the third node of the blockchain at the first node without distributing the key to the third node.
在一些示例实现中,在第二节点处接收密钥和区块数据,并使用密钥从区块数据中解密经加密的智能合约,以创建经解密的智能合约。附加地,在第二节点处还可以根据经解密的智能合约来执行交易。In some example implementations, the key and block data are received at the second node and the encrypted smart contract is decrypted from the block data using the key to create a decrypted smart contract. Additionally, the transaction can also be performed at the second node based on the decrypted smart contract.
如图3所示,区块链节点1在将经加密的智能合约Y包括在第一节点(即区块链节点1)处的区块数据中之后,可以以广播的方式将区块数据发送到包括第二节点(即区块链节点2)和第三节点(即区块链节点3)的所 有区块链节点上(例如,图3中S3--加密智能合约Y,以及图3中S4--发送经加密的智能合约Y(其被包含在区块数据中))。As shown in FIG. 3, after the block chain node 1 includes the encrypted smart contract Y in the block data at the first node (ie, the block chain node 1), the block data can be transmitted in a broadcast manner. To all blockchain nodes including the second node (ie, blockchain node 2) and the third node (ie, blockchain node 3) (eg, S3--encrypted smart contract Y in Figure 3, and in Figure 3) S4--Send the encrypted smart contract Y (which is included in the block data)).
此时,由于区块链节点2接收到从第一节点发送的智能合约Y的密钥,而区块链节点3没有接收到这样的密钥,因此,区块链节点2可以在接收到区块数据后采用这样的密钥进行解密(例如图3中S5--解密智能合约Y),以便在区块链节点2处创建经解密的智能合约Y(例如图3中S6--建立智能合约Y的逻辑数据分片),而区块链节点3由于没有接收到这样的密钥,因此将无法在区块链节点3处创建经解密的智能合约Y(例如图3中S5--解密智能合约Y失败)。At this time, since the block chain node 2 receives the key of the smart contract Y transmitted from the first node, and the block chain node 3 does not receive such a key, the block chain node 2 can receive the area. The block data is then decrypted using such a key (eg, S5 in Figure 3 - decrypting the smart contract Y) to create a decrypted smart contract Y at the blockchain node 2 (eg, S6 in Figure 3 - building a smart contract) Y logical data fragmentation), and since blockchain node 3 does not receive such a key, it will not be able to create a decrypted smart contract Y at blockchain node 3 (eg S5 in Figure 3 - decryption intelligence) Contract Y failed).
以此方式,在第一节点处创建智能合约并将经加密的智能合约包括在第一节点处的区块数据中之后,区块链上的其它节点都可接收区块数据(即实现所有节点均可备份),但只有拥有该智能合约的密钥的节点才能进行解密,执行相应的交易,从而实现对区块链上数据的保护功能(例如,在交易仅限于供应链上的部分企业时,避免不必要的交易信息共享所导致的商业机密泄露的问题)。In this way, after the smart contract is created at the first node and the encrypted smart contract is included in the block data at the first node, other nodes on the block chain can receive the block data (ie, implement all nodes) Can be backed up), but only the node that owns the key of the smart contract can decrypt and execute the corresponding transaction, thus realizing the protection of data on the blockchain (for example, when the transaction is limited to some enterprises in the supply chain) To avoid the problem of trade secret disclosure caused by unnecessary transaction information sharing).
根据本公开的实施例,方法200还可以包括附加的数据共识过程。例如,在208之后,第一节点与第二节点之间可以通过点对点通信来进行数据共识。 Method 200 may also include an additional data consensus process in accordance with an embodiment of the present disclosure. For example, after 208, a data consensus can be made between the first node and the second node by peer-to-peer communication.
这里的数据共识例如是指采用已有共识算法(例如raft/pbft)来确认区块链上多个节点之间的数据一致性。以此方式,本公开能够在保证数据私密性的同时可达成数据共识。The data consensus here refers, for example, to the use of existing consensus algorithms (eg raft/pbft) to confirm data consistency between multiple nodes on a blockchain. In this way, the present disclosure can achieve data consensus while ensuring data privacy.
在一些示例实现中,数据共识可以根据区块号、智能合约的智能合约号、以及智能合约的历史交易数据形成的交易数据摘要来进行。In some example implementations, the data consensus can be based on a block number, a smart contract number of a smart contract, and a transaction data digest formed from historical transaction data for a smart contract.
这里,数据共识(例如私密数据(如智能合约Y)的共识)可以具有唯一标识,即区块号及智能合约号(例如可以是智能合约地址或唯一指定的ID)。并且,可以采用现有共识算法来达成局部共识。Here, the data consensus (such as the consensus of private data (such as smart contract Y)) may have a unique identifier, that is, a block number and a smart contract number (for example, may be a smart contract address or a uniquely designated ID). Also, existing consensus algorithms can be used to achieve local consensus.
为获得区块号及智能合约号,每个智能合约的历史交易数据及当前状态在存储时可以逻辑隔离。例如,底层可采用相同的物理数据库,也可采用不同的物理数据库。在存储时,执行完任一交易后,可以在智能合约的逻辑数据库中插入一条以区块号及智能合约号作为键值的记录,以便用于后续完成数据共识。In order to obtain the block number and the smart contract number, the historical transaction data and current status of each smart contract can be logically isolated during storage. For example, the bottom layer can use the same physical database or a different physical database. At the time of storage, after executing any transaction, a record with the block number and the smart contract number as the key value can be inserted in the logical database of the smart contract for subsequent data consensus.
相应地,在一些示例实现中,智能合约的历史交易数据和当前状态可以被逻辑隔离地存储在数据库中,智能合约的当前状态根据数据库中存储的区块号和智能合约的智能合约号进行查询。Accordingly, in some example implementations, the historical transaction data and current state of the smart contract may be stored in the database in a logically isolated manner, and the current state of the smart contract is queried according to the block number stored in the database and the smart contract number of the smart contract. .
进一步地,数据共识可以通过点对点通信完成,部署同一智能合约的节点(例如图3中部署有同一智能合约Y的区块链节点1和区块链节点2)可参与共识(例如图3中S7--完成智能合约Y的交易的区块的共识)。而且,数据共识可由提交智能合约的节点(例如图3中创建智能合约的区块链节点1)发起,通过点对点通信,发送等待共识的数据,例如:Further, the data consensus can be completed through peer-to-peer communication, and the nodes deploying the same smart contract (for example, the blockchain node 1 and the blockchain node 2 deployed with the same smart contract Y in FIG. 3) can participate in the consensus (for example, S7 in FIG. 3) -- Consensus to complete the block of trading for Smart Contract Y). Moreover, the data consensus can be initiated by the node submitting the smart contract (for example, the blockchain node 1 that creates the smart contract in Figure 3), and sends data waiting for consensus through peer-to-peer communication, for example:
Figure PCTCN2018078518-appb-000001
Figure PCTCN2018078518-appb-000001
其中,以上等待共识的数据包括区块号(blockhash),智能合约号(contract)以及根据所有该智能合约历史数据形成的交易数据摘要(如上面提到的merkleroot值)。具体来说,merkleroot可以基于该智能合约的历史交易数据来生成,对每次交易生成一个摘要(这里是哈希值),插入作为merkle数的底层节点,同时更新根节点值。这里的等待共识的数据仅仅是示例性的,无意以任何方式限制本公开的范围。Among them, the above data waiting for consensus includes a block number (blockhash), a smart contract number (contract) and a summary of transaction data formed according to all the historical data of the smart contract (such as the merkleroot value mentioned above). Specifically, merkleroot can be generated based on historical transaction data of the smart contract, generating a summary (here a hash value) for each transaction, inserting the underlying node as the merkle number, and updating the root node value. The data awaiting consensus here is merely exemplary and is not intended to limit the scope of the disclosure in any way.
由此可见,由于私密数据(例如智能合约Y)以密文形式保存在区块数据中,区块链上所有节点均可备份,而且还可以对区块数据达成数据共识,因此不存在因节点数的限制(例如传统的多链+明文数据技术中存在节点数的限制)带来的备份风险和共识风险。It can be seen that since private data (such as smart contract Y) is stored in block data in cipher text, all nodes in the blockchain can be backed up, and data consensus can be reached on the block data, so there is no cause node. The number of restrictions (such as the traditional multi-chain + plaintext data technology has a limit on the number of nodes) brings backup risks and consensus risks.
图4示出了根据本公开的实施例的用于保护区块链数据的设备400。该设备400包括处理器402和存储器404。该存储器404耦合至处理器402并且存储有指令,该指令在由处理器执行时使得设备执行以下动作:在区 块链的第一节点处创建智能合约,智能合约被设定有权限管理字段,权限管理字段包括可访问地址列表;在第一节点处使用密钥对智能合约进行加密,并将经加密的智能合约包括在第一节点处的区块数据中;在第一节点处根据可访问地址列表向区块链的第二节点分发密钥;以及在第一节点处将区块数据发送到第二节点。FIG. 4 illustrates an apparatus 400 for protecting blockchain data in accordance with an embodiment of the present disclosure. The device 400 includes a processor 402 and a memory 404. The memory 404 is coupled to the processor 402 and stores instructions that, when executed by the processor, cause the device to perform the act of creating a smart contract at a first node of the blockchain, the smart contract being set with a rights management field, The rights management field includes an accessible address list; the smart contract is encrypted using the key at the first node, and the encrypted smart contract is included in the block data at the first node; accessible at the first node The address list distributes the key to the second node of the blockchain; and transmits the block data to the second node at the first node.
在一些示例实现中,用于保护区块链数据的设备400可以对应于区块链上的任意节点。作为示例,每个区块链节点可以包含相应的处理器402和存储器404,其中处理器402可以包括数据管理模块406和密钥管理模块408。In some example implementations, the device 400 for protecting blockchain data may correspond to any node on the blockchain. As an example, each blockchain node can include a respective processor 402 and memory 404, where processor 402 can include a data management module 406 and a key management module 408.
数据管理模块406例如可以负责管理区块数据和智能合约数据。其中,区块数据是链上数据的一部分,且用于节点间数据通信,而智能合约数据是包含在区块数据中。在保存数据时,区块原始数据单独保存,与智能合约的执行状态数据是分离的。区块数据为全网共享,从根本上保证了链上数据的一致性。这里,管理私密数据的智能合约可以保存在独立的逻辑数据分片中(例如管理私密数据的智能合约,其原始合约和交易数据均加密后保存在唯一的区块链上,每个智能合约对应一个独立的数据分片),按区块号及智能合约号(例如智能合约地址或唯一指定的ID)查询当前状态。 Data management module 406, for example, can be responsible for managing block data and smart contract data. Among them, the block data is part of the data on the chain and is used for data communication between nodes, and the smart contract data is included in the block data. When the data is saved, the block raw data is saved separately and is separate from the execution status data of the smart contract. The block data is shared by the whole network, which fundamentally guarantees the consistency of the data on the chain. Here, smart contracts that manage private data can be stored in separate logical data slices (for example, smart contracts that manage private data, where the original contract and transaction data are encrypted and stored in a unique blockchain, each smart contract corresponds to An independent data fragment), querying the current status by block number and smart contract number (such as smart contract address or uniquely specified ID).
密钥管理模块408例如可以负责维护智能合约的密钥的生成、分发、使用、存储和备份等。密钥管理模块408还可以引入密钥维护算法,如前向安全性或密钥旋转以提升安全性。此外,密钥管理模块408还可以根据数据管理模块406给出的权限管理字段(例如权限列表)来分发密钥,同时向数据管理模块406提供数据的加密和解密的接口。 Key management module 408, for example, may be responsible for maintaining the generation, distribution, use, storage, and backup of keys for smart contracts. The key management module 408 can also introduce key maintenance algorithms such as forward security or key rotation to improve security. In addition, the key management module 408 can also distribute keys according to rights management fields (eg, rights lists) given by the data management module 406, while providing an interface to the data management module 406 for encryption and decryption of data.
本公开可以被实现为一种计算机可读存储介质,具有存储在其上的计算机可读程序指令,计算机可读程序指令可以用于执行根据图1中的示例实施例所描述的用于保护区块链数据的方法。The present disclosure may be embodied as a computer readable storage medium having computer readable program instructions stored thereon, the computer readable program instructions being operative to perform a protected area as described in accordance with the example embodiment of FIG. The method of blockchain data.
取决于具体的需求和应用场景,本公开可以被具体实现为一种系统、方法和/或计算机程序产品。计算机程序产品可以包括计算机可读存储介质,其上载有用于执行本公开的各个方面的计算机可读程序指令。The present disclosure may be embodied as a system, method, and/or computer program product, depending on the particular needs and application scenarios. The computer program product can include a computer readable storage medium having computer readable program instructions for performing various aspects of the present disclosure.
本公开中所描述的方法和功能可以至少部分地由一个或多个硬件逻辑组件来执行。例如但不限于,可以使用的硬件逻辑组件的示意性类型包括现场可编程门阵列(FPGA)、专用集成电路(ASIC)、专用标准产品(ASSP)、 片上系统(SOC)、复杂可编程逻辑器件(CPLD)等。The methods and functions described in this disclosure can be performed at least in part by one or more hardware logic components. For example, without limitation, illustrative types of hardware logic components that may be used include Field Programmable Gate Array (FPGA), Application Specific Integrated Circuit (ASIC), Application Specific Standard Product (ASSP), System on Chip (SOC), Complex Programmable Logic Device (CPLD) and so on.
计算机可读存储介质可以是可以保持和存储由指令执行设备使用的指令的有形设备。计算机可读存储介质例如可以是――但不限于――电存储设备、磁存储设备、光存储设备、电磁存储设备、半导体存储设备或者上述的任意合适的组合。计算机可读存储介质的更具体的例子(非穷举的列表)包括:便携式计算机盘、硬盘、随机存取存储器(RAM)、只读存储器(ROM)、可擦式可编程只读存储器(EPROM或闪存)、静态随机存取存储器(SRAM)、便携式压缩盘只读存储器(CD-ROM)、数字多功能盘(DVD)、记忆棒、软盘、机械编码设备、例如其上存储有指令的打孔卡或凹槽内凸起结构、以及上述的任意合适的组合。这里所使用的计算机可读存储介质不被解释为瞬时信号本身,诸如无线电波或者其它自由传播的电磁波、通过波导或其它传输媒介传播的电磁波(例如,通过光纤电缆的光脉冲)、或者通过电线传输的电信号。The computer readable storage medium can be a tangible device that can hold and store the instructions used by the instruction execution device. The computer readable storage medium can be, for example, but not limited to, an electrical storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing. More specific examples (non-exhaustive list) of computer readable storage media include: portable computer disks, hard disks, random access memory (RAM), read only memory (ROM), erasable programmable read only memory (EPROM) Or flash memory), static random access memory (SRAM), portable compact disk read only memory (CD-ROM), digital versatile disk (DVD), memory stick, floppy disk, mechanical encoding device, for example, with instructions stored thereon A raised structure in the hole card or groove, and any suitable combination of the above. A computer readable storage medium as used herein is not to be interpreted as a transient signal itself, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission medium (eg, light pulses through a fiber optic cable), or through wires The electrical signal transmitted.
这里所描述的计算机可读程序指令可以从计算机可读存储介质下载到各个计算/处理设备,或者通过网络、例如因特网、局域网、广域网和/或无线网下载到外部计算机或外部存储设备。网络可以包括铜传输电缆、光纤传输、无线传输、路由器、防火墙、交换机、网关计算机和/或边缘服务器。每个计算/处理设备中的网络适配卡或者网络接口从网络接收计算机可读程序指令,并转发该计算机可读程序指令,以供存储在各个计算/处理设备中的计算机可读存储介质中。The computer readable program instructions described herein can be downloaded from a computer readable storage medium to various computing/processing devices or downloaded to an external computer or external storage device over a network, such as the Internet, a local area network, a wide area network, and/or a wireless network. The network may include copper transmission cables, fiber optic transmissions, wireless transmissions, routers, firewalls, switches, gateway computers, and/or edge servers. A network adapter card or network interface in each computing/processing device receives computer readable program instructions from the network and forwards the computer readable program instructions for storage in a computer readable storage medium in each computing/processing device .
用于执行本公开操作的计算机程序指令可以是汇编指令、指令集架构(ISA)指令、机器指令、机器相关指令、微代码、固件指令、状态设置数据、或者以一种或多种编程语言的任意组合编写的源代码或目标代码,所述编程语言包括面向对象的编程语言-诸如Smalltalk、C++等,以及常规的过程式编程语言-诸如"C"语言或类似的编程语言。计算机可读程序指令可以完全地在用户计算机上执行、部分地在用户计算机上执行、作为一个独立的软件包执行、部分在用户计算机上部分在远程计算机上执行、或者完全在远程计算机或服务器上执行。在涉及远程计算机的情形中,远程计算机可以通过任意种类的网络-包括局域网(LAN)或广域网(WAN)-连接到用户计算机,或者,可以连接到外部计算机(例如利用因特网服务提供商来通过因特网连接)。在一些实施例中,通过利用计算机可读程序指令的状态 信息来个性化定制电子电路,例如可编程逻辑电路、现场可编程门阵列(FPGA)或可编程逻辑阵列(PLA),该电子电路可以执行计算机可读程序指令,从而实现本公开的各个方面。Computer program instructions for performing the operations of the present disclosure may be assembly instructions, instruction set architecture (ISA) instructions, machine instructions, machine related instructions, microcode, firmware instructions, state setting data, or in one or more programming languages. Source code or object code written in any combination, including object oriented programming languages - such as Smalltalk, C++, etc., as well as conventional procedural programming languages - such as the "C" language or similar programming languages. The computer readable program instructions can execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer, partly on the remote computer, or entirely on the remote computer or server. carried out. In the case of a remote computer, the remote computer can be connected to the user's computer via any kind of network, including a local area network (LAN) or wide area network (WAN), or can be connected to an external computer (eg, using an Internet service provider to access the Internet) connection). In some embodiments, the customized electronic circuit, such as a programmable logic circuit, a field programmable gate array (FPGA), or a programmable logic array (PLA), can be customized by utilizing state information of computer readable program instructions. Computer readable program instructions are executed to implement various aspects of the present disclosure.
这里参照根据本公开实施例的方法、装置(系统)和计算机程序产品的流程图和/或框图描述了本公开的各个方面。应当理解,流程图和/或框图的每个方框以及流程图和/或框图中各方框的组合,都可以由计算机可读程序指令实现。Aspects of the present disclosure are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus, and computer program products according to embodiments of the present disclosure. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowcharts and/or block diagrams can be implemented by computer readable program instructions.
这些计算机可读程序指令可以提供给通用计算机、专用计算机或其它可编程数据处理装置的处理器,从而生产出一种机器,使得这些指令在通过计算机或其它可编程数据处理装置的处理器执行时,产生了实现流程图和/或框图中的一个或多个方框中规定的功能/动作的装置。也可以把这些计算机可读程序指令存储在计算机可读存储介质中,这些指令使得计算机、可编程数据处理装置和/或其它设备以特定方式工作,从而,存储有指令的计算机可读介质则包括一个制造品,其包括实现流程图和/或框图中的一个或多个方框中规定的功能/动作的各个方面的指令。The computer readable program instructions can be provided to a general purpose computer, a special purpose computer, or a processor of other programmable data processing apparatus to produce a machine such that when executed by a processor of a computer or other programmable data processing apparatus Means for implementing the functions/acts specified in one or more of the blocks of the flowcharts and/or block diagrams. The computer readable program instructions can also be stored in a computer readable storage medium that causes the computer, programmable data processing device, and/or other device to operate in a particular manner, such that the computer readable medium storing the instructions includes An article of manufacture that includes instructions for implementing various aspects of the functions/acts recited in one or more of the flowcharts.
也可以把计算机可读程序指令加载到计算机、其它可编程数据处理装置、或其它设备上,使得在计算机、其它可编程数据处理装置或其它设备上执行一系列操作步骤,以产生计算机实现的过程,从而使得在计算机、其它可编程数据处理装置、或其它设备上执行的指令实现流程图和/或框图中的一个或多个方框中规定的功能/动作。The computer readable program instructions can also be loaded onto a computer, other programmable data processing device, or other device to perform a series of operational steps on a computer, other programmable data processing device or other device to produce a computer-implemented process. Thus, instructions executed on a computer, other programmable data processing apparatus, or other device implement the functions/acts recited in one or more of the flowcharts and/or block diagrams.
附图中的流程图和框图显示了根据本公开的多个实施例的系统、方法和计算机程序产品的可能实现的体系架构、功能和操作。在这点上,流程图或框图中的每个方框可以代表一个模块、程序段或指令的一部分,所述模块、程序段或指令的一部分包含一个或多个用于实现规定的逻辑功能的可执行指令。在有些作为替换的实现中,方框中所标注的功能也可以以不同于附图中所标注的顺序发生。例如,两个连续的方框实际上可以基本并行地执行,它们有时也可以按相反的顺序执行,这依所涉及的功能而定。也要注意的是,框图和/或流程图中的每个方框、以及框图和/或流程图中的方框的组合,可以用执行规定的功能或动作的专用的基于硬件的系统来实现,或者可以用专用硬件与计算机指令的组合来实现。The flowchart and block diagrams in the Figures illustrate the architecture, functionality and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagram can represent a module, a program segment, or a portion of an instruction that includes one or more components for implementing the specified logical functions. Executable instructions. In some alternative implementations, the functions noted in the blocks may also occur in a different order than those illustrated in the drawings. For example, two consecutive blocks may be executed substantially in parallel, and they may sometimes be executed in the reverse order, depending upon the functionality involved. It is also noted that each block of the block diagrams and/or flowcharts, and combinations of blocks in the block diagrams and/or flowcharts, can be implemented in a dedicated hardware-based system that performs the specified function or function. Or it can be implemented by a combination of dedicated hardware and computer instructions.
此外,虽然采用特定次序描绘了各操作,但是这应当理解为要求这样 操作以所示出的特定次序或以顺序次序执行,或者要求所有图示的操作应被执行以取得期望的结果。在一定环境下,多任务和并行处理可能是有利的。同样地,虽然在上面论述中包含了若干具体实现细节,但是这些不应当被解释为对本公开的范围的限制。在单独的实现的上下文中描述的某些特征还可以组合地实现在单个实现中。相反地,在单个实现的上下文中描述的各种特征也可以单独地或以任何合适的子组合的方式实现在多个实现中。In addition, although the operations are depicted in a particular order, this should be understood as requiring that such operations be performed in the particular order shown or in the order of the order, or that all illustrated operations should be performed to achieve the desired results. Multitasking and parallel processing may be advantageous in certain circumstances. Likewise, although several specific implementation details are included in the above discussion, these should not be construed as limiting the scope of the disclosure. Certain features that are described in the context of separate implementations can also be implemented in combination in a single implementation. Conversely, various features that are described in the context of a single implementation can be implemented in a plurality of implementations, either individually or in any suitable sub-combination.
以下列出了本公开的一些示例实现方式。Some example implementations of the present disclosure are listed below.
本公开可以被实现为一种用于保护区块链数据的方法,包括:在所述区块链的第一节点处创建智能合约,所述智能合约被设定有权限管理字段,所述权限管理字段包括可访问地址列表;在所述第一节点处使用密钥对所述智能合约进行加密,并将经加密的所述智能合约包括在所述第一节点处的区块数据中;在所述第一节点处根据所述可访问地址列表向所述区块链的第二节点分发所述密钥;以及在所述第一节点处将所述区块数据发送到所述第二节点。The present disclosure can be implemented as a method for protecting blockchain data, comprising: creating a smart contract at a first node of the blockchain, the smart contract being set with a rights management field, the rights The management field includes an accessible address list; the smart contract is encrypted using the key at the first node, and the encrypted smart contract is included in the block data at the first node; Distributing the key to the second node of the blockchain according to the accessible address list at the first node; and transmitting the block data to the second node at the first node .
在一些实施例中,所述权限管理字段还包括所述第二节点对所述智能合约的访问权限,所述访问权限包括设定读写权限的读写访问权限。In some embodiments, the rights management field further includes access rights of the second node to the smart contract, the access rights including read and write access rights for setting read and write rights.
在一些实施例中,所述在所述第一节点处根据所述可访问地址列表向所述第二节点分发所述密钥包括:以点对点通信进行密钥分发,所述密钥包括对称密钥。In some embodiments, the distributing the key to the second node according to the accessible address list at the first node comprises: performing key distribution in a point-to-point communication, the key comprising a symmetric key key.
在一些实施例中,在所述第二节点处接收所述密钥和所述区块数据,并使用所述密钥从所述区块数据中解密经加密的所述智能合约,以创建经解密的所述智能合约。In some embodiments, the key and the block data are received at the second node and the encrypted smart contract is decrypted from the block data using the key to create a The smart contract that was decrypted.
在一些实施例中,在所述第二节点处根据经解密的所述智能合约来执行交易。In some embodiments, the transaction is performed at the second node in accordance with the decrypted smart contract.
在一些实施例中,所述区块数据还包括区块号、交易数据、签名、以及随机数。In some embodiments, the block data further includes a block number, transaction data, a signature, and a random number.
在一些实施例中,所述智能合约的历史交易数据和当前状态被逻辑隔离地存储在数据库中,所述智能合约的当前状态根据所述数据库中存储的所述区块号和所述智能合约的智能合约号进行查询。In some embodiments, historical transaction data and current state of the smart contract are stored in a database in a logically isolated manner, the current state of the smart contract being based on the block number stored in the database and the smart contract The smart contract number is queried.
在一些实施例中,所述第一节点与所述第二节点之间通过点对点通信 来进行数据共识。In some embodiments, data negotiation is performed between the first node and the second node by peer-to-peer communication.
在一些实施例中,所述数据共识根据所述区块号、所述智能合约的智能合约号、以及所述智能合约的历史交易数据形成的交易数据摘要来进行。In some embodiments, the data consensus is performed based on the block number, the smart contract number of the smart contract, and a transaction data digest formed by historical transaction data of the smart contract.
在一些实施例中,所述方法还包括:在所述第一节点处将所述区块数据发送到所述区块链的第三节点,而不向所述第三节点分发所述密钥。In some embodiments, the method further comprises: transmitting the block data to a third node of the blockchain at the first node without distributing the key to the third node .
本公开可以被实现为一种用于保护区块链数据的设备,包括:处理器;存储器,耦合至所述处理器并且存储有指令,所述指令在由所述处理器执行时使得所述设备执行以下动作:在所述区块链的第一节点处创建智能合约,所述智能合约被设定有权限管理字段,所述权限管理字段包括可访问地址列表;在所述第一节点处使用密钥对所述智能合约进行加密,并将经加密的所述智能合约包括在所述第一节点处的区块数据中;在所述第一节点处根据所述可访问地址列表向所述区块链的第二节点分发所述密钥;以及在所述第一节点处将所述区块数据发送到所述第二节点。The present disclosure can be implemented as an apparatus for protecting blockchain data, comprising: a processor; a memory coupled to the processor and storing instructions that, when executed by the processor, cause the The device performs the following actions: creating a smart contract at a first node of the blockchain, the smart contract being set with a rights management field, the rights management field including a list of accessible addresses; at the first node Encrypting the smart contract using a key and including the encrypted smart contract in the block data at the first node; at the first node according to the accessible address list The second node of the blockchain distributes the key; and transmits the block data to the second node at the first node.
在一些实施例中,所述权限管理字段还包括所述第二节点对所述智能合约的访问权限,所述访问权限包括设定读写权限的读写访问权限。In some embodiments, the rights management field further includes access rights of the second node to the smart contract, the access rights including read and write access rights for setting read and write rights.
在一些实施例中,所述在所述第一节点处根据所述可访问地址列表向所述第二节点分发所述密钥包括:以点对点通信进行密钥分发,所述密钥包括对称密钥。In some embodiments, the distributing the key to the second node according to the accessible address list at the first node comprises: performing key distribution in a point-to-point communication, the key comprising a symmetric key key.
在一些实施例中,在所述第二节点处接收所述密钥和所述区块数据,并使用所述密钥从所述区块数据中解密经加密的所述智能合约,以创建经解密的所述智能合约。In some embodiments, the key and the block data are received at the second node and the encrypted smart contract is decrypted from the block data using the key to create a The smart contract that was decrypted.
在一些实施例中,在所述第二节点处根据经解密的所述智能合约来执行交易。In some embodiments, the transaction is performed at the second node in accordance with the decrypted smart contract.
在一些实施例中,所述区块数据还包括区块号、交易数据、签名、以及随机数。In some embodiments, the block data further includes a block number, transaction data, a signature, and a random number.
在一些实施例中,所述智能合约的历史交易数据和当前状态被逻辑隔离地存储在数据库中,所述智能合约的当前状态根据所述数据库中存储的所述区块号和所述智能合约的智能合约号进行查询。In some embodiments, historical transaction data and current state of the smart contract are stored in a database in a logically isolated manner, the current state of the smart contract being based on the block number stored in the database and the smart contract The smart contract number is queried.
在一些实施例中,所述第一节点与所述第二节点之间通过点对点通信来进行数据共识。In some embodiments, data negotiation is performed between the first node and the second node by peer-to-peer communication.
在一些实施例中,所述数据共识根据所述区块号、所述智能合约的智 能合约号、以及所述智能合约的历史交易数据形成的交易数据摘要来进行。In some embodiments, the data consensus is performed based on the block number, the smart contract number of the smart contract, and a transaction data digest formed by historical transaction data of the smart contract.
在一些实施例中,所述指令在由所述处理器执行时使得所述设备还执行以下动作:在所述第一节点处将所述区块数据发送到所述区块链的第三节点,而不向所述第三节点分发所述密钥。In some embodiments, the instructions, when executed by the processor, cause the device to further perform the act of transmitting the block data to a third node of the blockchain at the first node Without distributing the key to the third node.
本公开可以被实现为一种计算机可读存储介质,具有存储在其上的计算机可读程序指令,所述计算机可读程序指令用于执行根据以上所描述的用于保护区块链数据的方法。The present disclosure can be embodied as a computer readable storage medium having computer readable program instructions stored thereon for performing a method for protecting blockchain data according to the above described .
通过以上描述和相关附图中所给出的教导,这里所给出的本公开的许多修改形式和其它实施方式将被本公开相关领域的技术人员所意识到。因此,所要理解的是,本公开的实施方式并不局限于所公开的具体实施方式,并且修改形式和其它实施方式意在包括在本公开的范围之内。此外,虽然以上描述和相关附图在部件和/或功能的某些示例组合形式的背景下对示例实施方式进行了描述,但是应当意识到的是,可以由备选实施方式提供部件和/或功能的不同组合形式而并不背离本公开的范围。就这点而言,例如,与以上明确描述的有所不同的部件和/或功能的其它组合形式也被预期处于本公开的范围之内。虽然这里采用了具体术语,但是它们仅以一般且描述性的含义所使用而并非意在进行限制。Many modifications and other embodiments of the present disclosure will be apparent to those skilled in the <RTIgt; Therefore, it is to be understood that the embodiments of the present invention are not limited to the specific embodiments disclosed, and modifications and other embodiments are intended to be included within the scope of the present disclosure. In addition, while the above description and related drawings have described the example embodiments in the context of certain example combinations of components and/or functions, it should be appreciated that the components and/or Different combinations of functions are possible without departing from the scope of the present disclosure. In this regard, for example, other combinations of components and/or functions that are different from those explicitly described above are also contemplated as being within the scope of the present disclosure. Although specific terms are employed herein, they are used in a generic and descriptive sense and are not intended to be limiting.

Claims (21)

  1. 一种用于保护区块链数据的方法,包括:A method for protecting blockchain data, comprising:
    在所述区块链的第一节点处创建智能合约,所述智能合约被设定有权限管理字段,所述权限管理字段包括可访问地址列表;Creating a smart contract at a first node of the blockchain, the smart contract being set with a rights management field, the rights management field including a list of accessible addresses;
    在所述第一节点处使用密钥对所述智能合约进行加密,并将经加密的所述智能合约包括在所述第一节点处的区块数据中;Encrypting the smart contract using a key at the first node, and including the encrypted smart contract in the block data at the first node;
    在所述第一节点处根据所述可访问地址列表向所述区块链的第二节点分发所述密钥;以及Distributing the key to the second node of the blockchain according to the accessible address list at the first node;
    在所述第一节点处将所述区块数据发送到所述第二节点。The block data is transmitted to the second node at the first node.
  2. 根据权利要求1所述的方法,其中,所述权限管理字段还包括所述第二节点对所述智能合约的访问权限,所述访问权限包括设定读写权限的读写访问权限。The method of claim 1, wherein the rights management field further comprises access rights of the second node to the smart contract, the access rights comprising read and write access rights for setting read and write rights.
  3. 根据权利要求1或2所述的方法,其中,所述在所述第一节点处根据所述可访问地址列表向所述第二节点分发所述密钥包括:The method of claim 1 or 2, wherein the distributing the key to the second node according to the accessible address list at the first node comprises:
    以点对点通信进行密钥分发,所述密钥包括对称密钥。Key distribution is performed in peer-to-peer communication, the key including a symmetric key.
  4. 根据权利要求1或2所述的方法,其中,在所述第二节点处接收所述密钥和所述区块数据,并使用所述密钥从所述区块数据中解密经加密的所述智能合约,以创建经解密的所述智能合约。The method according to claim 1 or 2, wherein said key and said block data are received at said second node, and said encrypted data is decrypted from said block data using said key A smart contract is created to create the decrypted smart contract.
  5. 根据权利要求4所述的方法,其中,在所述第二节点处根据经解密的所述智能合约来执行交易。The method of claim 4 wherein the transaction is performed at the second node in accordance with the decrypted smart contract.
  6. 根据权利要求1或2所述的方法,其中,所述区块数据还包括区块号、交易数据、签名、以及随机数。The method of claim 1 or 2, wherein the block data further comprises a block number, transaction data, a signature, and a random number.
  7. 根据权利要求6所述的方法,其中,所述智能合约的历史交易数据和当前状态被逻辑隔离地存储在数据库中,所述智能合约的当前状态根据所述数据库中存储的所述区块号和所述智能合约的智能合约号进行查询。The method of claim 6, wherein the historical transaction data and the current state of the smart contract are stored in a database in a logically isolated manner, the current state of the smart contract being based on the block number stored in the database Query with the smart contract number of the smart contract.
  8. 根据权利要求6所述的方法,其中,所述第一节点与所述第二节点之间通过点对点通信来进行数据共识。The method of claim 6, wherein the first node and the second node communicate data by peer-to-peer communication.
  9. 根据权利要求8所述的方法,其中,所述数据共识根据所述区块号、所述智能合约的智能合约号、以及所述智能合约的历史交易数据形成的交易数据摘要来进行。The method of claim 8, wherein the data consensus is performed based on the block number, the smart contract number of the smart contract, and a transaction data digest formed by historical transaction data of the smart contract.
  10. 根据权利要求1或2所述的方法,还包括:The method of claim 1 or 2, further comprising:
    在所述第一节点处将所述区块数据发送到所述区块链的第三节点,而不向所述第三节点分发所述密钥。The block data is transmitted to the third node of the blockchain at the first node without distributing the key to the third node.
  11. 一种用于保护区块链数据的设备,包括:A device for protecting blockchain data, comprising:
    处理器;processor;
    存储器,耦合至所述处理器并且存储有指令,所述指令在由所述处理器执行时使得所述设备执行以下动作:A memory coupled to the processor and storing instructions that, when executed by the processor, cause the device to perform the following actions:
    在所述区块链的第一节点处创建智能合约,所述智能合约被设定有权限管理字段,所述权限管理字段包括可访问地址列表;Creating a smart contract at a first node of the blockchain, the smart contract being set with a rights management field, the rights management field including a list of accessible addresses;
    在所述第一节点处使用密钥对所述智能合约进行加密,并将经加密的所述智能合约包括在所述第一节点处的区块数据中;Encrypting the smart contract using a key at the first node, and including the encrypted smart contract in the block data at the first node;
    在所述第一节点处根据所述可访问地址列表向所述区块链的第二节点分发所述密钥;以及Distributing the key to the second node of the blockchain according to the accessible address list at the first node;
    在所述第一节点处将所述区块数据发送到所述第二节点。The block data is transmitted to the second node at the first node.
  12. 根据权利要求11所述的设备,其中,所述权限管理字段还包括所述第二节点对所述智能合约的访问权限,所述访问权限包括设定读写权限 的读写访问权限。The device according to claim 11, wherein the rights management field further comprises access rights of the second node to the smart contract, the access rights including read and write access rights for setting read and write rights.
  13. 根据权利要求11或12所述的设备,其中,所述在所述第一节点处根据所述可访问地址列表向所述第二节点分发所述密钥包括:The device according to claim 11 or 12, wherein the distributing the key to the second node according to the accessible address list at the first node comprises:
    以点对点通信进行密钥分发,所述密钥包括对称密钥。Key distribution is performed in peer-to-peer communication, the key including a symmetric key.
  14. 根据权利要求11或12所述的设备,其中,在所述第二节点处接收所述密钥和所述区块数据,并使用所述密钥从所述区块数据中解密经加密的所述智能合约,以创建经解密的所述智能合约。The apparatus according to claim 11 or 12, wherein said key and said block data are received at said second node, and said encrypted data is decrypted from said block data using said key A smart contract is created to create the decrypted smart contract.
  15. 根据权利要求14所述的设备,其中,在所述第二节点处根据经解密的所述智能合约来执行交易。The apparatus of claim 14, wherein the transaction is performed at the second node in accordance with the decrypted smart contract.
  16. 根据权利要求11或12所述的设备,其中,所述区块数据还包括区块号、交易数据、签名、以及随机数。The apparatus of claim 11 or 12, wherein the block data further comprises a block number, transaction data, a signature, and a random number.
  17. 根据权利要求16所述的设备,其中,所述智能合约的历史交易数据和当前状态被逻辑隔离地存储在数据库中,所述智能合约的当前状态根据所述数据库中存储的所述区块号和所述智能合约的智能合约号进行查询。The apparatus according to claim 16, wherein the historical transaction data and the current state of the smart contract are logically stored in a database, the current state of the smart contract being based on the block number stored in the database Query with the smart contract number of the smart contract.
  18. 根据权利要求16所述的设备,其中,所述第一节点与所述第二节点之间通过点对点通信来进行数据共识。The apparatus of claim 16, wherein the first node and the second node communicate data by peer-to-peer communication.
  19. 根据权利要求18所述的设备,其中,所述数据共识根据所述区块号、所述智能合约的智能合约号、以及所述智能合约的历史交易数据形成的交易数据摘要来进行。The apparatus of claim 18, wherein the data consensus is performed based on the block number, a smart contract number of the smart contract, and a transaction data digest formed by historical transaction data of the smart contract.
  20. 根据权利要求11或12所述的设备,所述指令在由所述处理器执 行时使得所述设备还执行以下动作:The apparatus of claim 11 or 12, the instructions, when executed by the processor, cause the apparatus to perform the following actions:
    在所述第一节点处将所述区块数据发送到所述区块链的第三节点,而不向所述第三节点分发所述密钥。The block data is transmitted to the third node of the blockchain at the first node without distributing the key to the third node.
  21. 一种计算机可读存储介质,具有存储在其上的计算机可读程序指令,所述计算机可读程序指令用于执行根据权利要求1-10中任一项所述的方法。A computer readable storage medium having computer readable program instructions stored thereon for performing the method of any of claims 1-10.
PCT/CN2018/078518 2017-05-08 2018-03-09 Method and device for protecting block chain data and computer readable storage medium WO2018205731A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710318981.8 2017-05-08
CN201710318981.8A CN107273759B (en) 2017-05-08 2017-05-08 Method, apparatus, and computer-readable storage medium for protecting blockchain data

Publications (1)

Publication Number Publication Date
WO2018205731A1 true WO2018205731A1 (en) 2018-11-15

Family

ID=60074098

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/078518 WO2018205731A1 (en) 2017-05-08 2018-03-09 Method and device for protecting block chain data and computer readable storage medium

Country Status (2)

Country Link
CN (1) CN107273759B (en)
WO (1) WO2018205731A1 (en)

Families Citing this family (56)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107273759B (en) * 2017-05-08 2020-07-14 上海点融信息科技有限责任公司 Method, apparatus, and computer-readable storage medium for protecting blockchain data
CN108234442B (en) * 2017-10-26 2020-11-27 招商银行股份有限公司 Method, system and readable storage medium for acquiring contract
CN108009824A (en) * 2017-11-28 2018-05-08 北京博晨技术有限公司 Data common recognition method, apparatus and electronic equipment
CN108418689B (en) * 2017-11-30 2020-07-10 矩阵元技术(深圳)有限公司 Zero-knowledge proof method and medium suitable for block chain privacy protection
CN108170740B (en) * 2017-12-18 2022-04-26 深圳前海微众银行股份有限公司 Data migration method, system and computer readable storage medium
CN108282459B (en) 2017-12-18 2020-12-15 中国银联股份有限公司 Data transmission method and system based on intelligent contract
WO2019127531A1 (en) * 2017-12-29 2019-07-04 深圳前海达闼云端智能科技有限公司 Block chain-based data processing method and apparatus, storage medium and electronic device
US11544708B2 (en) 2017-12-29 2023-01-03 Ebay Inc. User controlled storage and sharing of personal user information on a blockchain
CN111587434A (en) * 2018-01-02 2020-08-25 惠普发展公司,有限责任合伙企业 Adjustment of modifications
CN108346110B (en) * 2018-01-26 2021-04-02 广东工业大学 Information interaction system based on manufacturing block chain
CN108389118B (en) 2018-02-14 2020-05-29 阿里巴巴集团控股有限公司 Asset management system, method and device and electronic equipment
CN108335207B (en) 2018-02-14 2020-08-04 阿里巴巴集团控股有限公司 Asset management method and device and electronic equipment
CN108335206B (en) 2018-02-14 2020-12-22 创新先进技术有限公司 Asset management method and device and electronic equipment
CN108416675A (en) 2018-02-14 2018-08-17 阿里巴巴集团控股有限公司 Assets management method and device, electronic equipment
CN108492180B (en) 2018-02-14 2020-11-24 创新先进技术有限公司 Asset management method and device and electronic equipment
CN108416226B (en) * 2018-02-26 2020-07-14 深圳智乾区块链科技有限公司 Authority management method and device of block chain and computer readable storage medium
CN108616574B (en) * 2018-03-30 2020-06-16 华为技术有限公司 Management data storage method, device and storage medium
CN110390516B (en) * 2018-04-20 2023-06-06 伊姆西Ip控股有限责任公司 Method, apparatus and computer storage medium for data processing
CN108596618B (en) * 2018-04-26 2022-03-04 众安信息技术服务有限公司 Data processing method and device for block chain system and computer readable storage medium
CN108848058A (en) * 2018-05-07 2018-11-20 众安信息技术服务有限公司 Intelligent contract processing method and block catenary system
CN108737105B (en) * 2018-05-07 2021-09-28 中钞信用卡产业发展有限公司杭州区块链技术研究院 Method and device for retrieving private key, private key equipment and medium
CN108829725B (en) * 2018-05-09 2021-06-25 深圳壹账通智能科技有限公司 Block chain user communication method, block chain user communication device, terminal equipment and storage medium
KR102384351B1 (en) * 2018-05-09 2022-04-06 삼성에스디에스 주식회사 Method for generating a block in a blockchain-based system
CN108805565B (en) * 2018-05-17 2022-01-18 深圳前海微众银行股份有限公司 Block chain based commitment presence proving method, device and readable storage medium
CN108768988B (en) * 2018-05-17 2021-01-05 深圳前海微众银行股份有限公司 Block chain access control method, block chain access control equipment and computer readable storage medium
CN108664223B (en) 2018-05-18 2021-07-02 百度在线网络技术(北京)有限公司 Distributed storage method and device, computer equipment and storage medium
CN108959945B (en) * 2018-07-06 2020-05-05 腾讯科技(深圳)有限公司 Medical data sharing method and device, computer readable medium and electronic equipment
JP7056430B2 (en) * 2018-07-18 2022-04-19 株式会社デンソー History management method, history management device and history management system
CN109214197B (en) * 2018-08-14 2021-07-27 上海点融信息科技有限责任公司 Method, apparatus and storage medium for processing private data based on block chain
CN109359957B (en) * 2018-09-17 2022-11-22 中国银联股份有限公司 Safe multiparty computing method and related device
CN109040133A (en) * 2018-09-27 2018-12-18 上海点融信息科技有限责任公司 The method, apparatus and storage medium of intelligent contract are installed in block chain network
CN109255210A (en) * 2018-09-27 2019-01-22 上海点融信息科技有限责任公司 The method, apparatus and storage medium of intelligent contract are provided in block chain network
US11301452B2 (en) 2018-10-09 2022-04-12 Ebay, Inc. Storing and verification of derivative work data on blockchain with original work data
CN109615383B (en) * 2018-10-26 2021-03-16 创新先进技术有限公司 Data storage and acquisition method and device based on block chain
CN109727132B (en) * 2018-12-28 2021-03-23 合肥达朴汇联科技有限公司 Method and device for acquiring block chain consensus node, electronic equipment and storage medium
CN109493061B (en) * 2018-12-28 2021-03-23 合肥达朴汇联科技有限公司 Verification method and device for data of block chain, electronic equipment and storage medium
CN111382458A (en) * 2018-12-28 2020-07-07 富泰华工业(深圳)有限公司 Data batch sealing method and device and computer storage medium
CN109727033B (en) * 2018-12-29 2020-12-11 杭州趣链科技有限公司 Block chain-based data security access control method
CN110032884B (en) * 2019-01-31 2020-04-17 阿里巴巴集团控股有限公司 Method for realizing privacy protection in block chain, node and storage medium
CN109831298B (en) * 2019-01-31 2020-05-15 阿里巴巴集团控股有限公司 Method for safely updating key in block chain, node and storage medium
CN109936626B (en) * 2019-02-19 2020-05-29 阿里巴巴集团控股有限公司 Method, node and storage medium for implementing privacy protection in block chain
CN110060158B (en) * 2019-03-07 2020-06-09 阿里巴巴集团控股有限公司 Variable length coding-based intelligent contract execution method and device
CN109886694B (en) * 2019-03-26 2021-04-27 创新先进技术有限公司 Data processing method and device based on block chain and electronic equipment
CN110264195B (en) * 2019-05-20 2021-03-16 创新先进技术有限公司 Receipt storage method and node combining code marking with transaction and user type
CN110266467B (en) * 2019-05-31 2021-04-27 创新先进技术有限公司 Method and device for realizing dynamic encryption based on block height
CN110213268A (en) * 2019-05-31 2019-09-06 联想(北京)有限公司 A kind of data processing method, data processing equipment and computer system
CN110971390A (en) * 2019-11-29 2020-04-07 杭州云象网络技术有限公司 Fully homomorphic encryption method for intelligent contract privacy protection
CN111127205B (en) * 2019-12-23 2020-11-20 卓尔智联(武汉)研究院有限公司 Intelligent contract generation method and device, computer equipment and storage medium
CN113127921A (en) * 2019-12-31 2021-07-16 伊姆西Ip控股有限责任公司 Method, electronic device and computer program product for data management
CN111262692B (en) * 2020-01-08 2023-02-28 网络通信与安全紫金山实验室 Key distribution system and method based on block chain
CN113496398A (en) * 2020-03-19 2021-10-12 中移(上海)信息通信科技有限公司 Data processing method, device, equipment and medium based on intelligent contract
CN111478890B (en) * 2020-03-30 2021-12-03 中国科学院计算技术研究所 Network service access control method and system based on intelligent contract
CN112468577B (en) * 2020-11-25 2021-11-02 上海欧冶金融信息服务股份有限公司 Data controllable sharing method and system based on data mapping relation
CN112822224B (en) * 2021-04-19 2021-06-22 国网浙江省电力有限公司 Safe transmission method for financial data query
CN113360883B (en) * 2021-06-10 2023-07-11 网易(杭州)网络有限公司 Intelligent contract processing method and device, computer equipment and storage medium
CN114666064A (en) * 2022-03-25 2022-06-24 广东启链科技有限公司 Block chain-based digital asset management method, device, storage medium and equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106341421A (en) * 2016-10-31 2017-01-18 杭州云象网络技术有限公司 Block chain technology based data exchange method
CN106506505A (en) * 2016-11-15 2017-03-15 深圳银链科技有限公司 A kind of list based on block chain is close to be chatted and group close merely method and its system
CN106534097A (en) * 2016-10-27 2017-03-22 上海亿账通区块链科技有限公司 Block chain trading based authority control method and system
CN106548330A (en) * 2016-10-27 2017-03-29 上海亿账通区块链科技有限公司 Transaction verification method and system based on block chain
CN107273759A (en) * 2017-05-08 2017-10-20 上海点融信息科技有限责任公司 Method, equipment and computer-readable recording medium for protecting block chain data

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106022917A (en) * 2016-05-08 2016-10-12 杭州复杂美科技有限公司 Block chain matching exchange scheme
CN105812126B (en) * 2016-05-19 2018-10-12 齐鲁工业大学 Lightweight backup and the efficient restoration methods of healthy block chain data encryption key

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106534097A (en) * 2016-10-27 2017-03-22 上海亿账通区块链科技有限公司 Block chain trading based authority control method and system
CN106548330A (en) * 2016-10-27 2017-03-29 上海亿账通区块链科技有限公司 Transaction verification method and system based on block chain
CN106341421A (en) * 2016-10-31 2017-01-18 杭州云象网络技术有限公司 Block chain technology based data exchange method
CN106506505A (en) * 2016-11-15 2017-03-15 深圳银链科技有限公司 A kind of list based on block chain is close to be chatted and group close merely method and its system
CN107273759A (en) * 2017-05-08 2017-10-20 上海点融信息科技有限责任公司 Method, equipment and computer-readable recording medium for protecting block chain data

Also Published As

Publication number Publication date
CN107273759B (en) 2020-07-14
CN107273759A (en) 2017-10-20

Similar Documents

Publication Publication Date Title
WO2018205731A1 (en) Method and device for protecting block chain data and computer readable storage medium
US10270593B2 (en) Managing security in a computing environment
US10218685B2 (en) Keychain syncing
US10581603B2 (en) Method and system for secure delegated access to encrypted data in big data computing clusters
US9467282B2 (en) Encryption scheme in a shared data store
US7454021B2 (en) Off-loading data re-encryption in encrypted data management systems
US11354656B2 (en) Smart contract whitelists
JP2020528224A (en) Secure execution of smart contract operations in a reliable execution environment
US20210328767A1 (en) Hash updating methods and apparatuses of blockchain integrated station
US11387999B2 (en) Access to secured information
US11621834B2 (en) Systems and methods for preserving data integrity when integrating secure multiparty computation and blockchain technology
US11102193B2 (en) Systems and methods for credentials distribution
CN111541724A (en) Block chain all-in-one machine and automatic node adding method and device thereof
US20200265154A1 (en) Hybrid centralized and decentralized enterprise system
US11470065B2 (en) Protection of private data using an enclave cluster
US11418340B2 (en) Waterfall request for decryption
WO2020082226A1 (en) Method and system for transferring data in a blockchain system
US10637833B2 (en) Method and system for secure data sharing
US20190149332A1 (en) Zero-knowledge architecture between multiple systems
WO2023273947A1 (en) Key management system and key management implementation method thereof, and computing node
US20230016036A1 (en) Serverless identity management
TW202304172A (en) Location-key encryption system
Cui et al. Lightweight management of authorization update on cloud data
Vanitha et al. Secured data destruction in cloud based multi-tenant database architecture
TW202018568A (en) Key management system based on distributed multi-layered recursive and method thereof

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18798879

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC , EPO FORM 1205A DATED 13.03.2020.

122 Ep: pct application non-entry in european phase

Ref document number: 18798879

Country of ref document: EP

Kind code of ref document: A1