WO2020233631A1 - Procédé et nœud de stockage de reçu basés sur le type de transaction - Google Patents

Procédé et nœud de stockage de reçu basés sur le type de transaction Download PDF

Info

Publication number
WO2020233631A1
WO2020233631A1 PCT/CN2020/091410 CN2020091410W WO2020233631A1 WO 2020233631 A1 WO2020233631 A1 WO 2020233631A1 CN 2020091410 W CN2020091410 W CN 2020091410W WO 2020233631 A1 WO2020233631 A1 WO 2020233631A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
blockchain node
receipt
key
receipt data
Prior art date
Application number
PCT/CN2020/091410
Other languages
English (en)
Chinese (zh)
Inventor
刘琦
闫莺
魏长征
Original Assignee
创新先进技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 创新先进技术有限公司 filed Critical 创新先进技术有限公司
Publication of WO2020233631A1 publication Critical patent/WO2020233631A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange

Definitions

  • One or more embodiments of this specification relate to the field of blockchain technology, and in particular to a method and node for storing receipts based on transaction types.
  • Blockchain technology is built on a transmission network (such as a peer-to-peer network).
  • the network nodes in the transmission network use chained data structures to verify and store data, and use distributed node consensus algorithms to generate and update data.
  • TEE Trusted Execution Environment
  • TEE can play the role of a black box in the hardware. Neither the code executed in the TEE nor the data operating system layer can be peeped. Only the pre-defined interface in the code can operate on it.
  • plaintext data is calculated in TEE instead of complex cryptographic operations in homomorphic encryption. There is no loss of efficiency in the calculation process. Therefore, the combination with TEE can achieve less performance loss. Under the premise, the security and privacy of the blockchain are greatly improved. At present, the industry is very concerned about TEE solutions.
  • TEE solutions including TPM (Trusted Platform Module) for software and Intel SGX (Software Guard Extensions) for hardware. , Software Protection Extension), ARM Trustzone (trust zone) and AMD PSP (Platform Security Processor, platform security processor).
  • one or more embodiments of this specification provide a receipt storage method and node based on transaction type.
  • a method for storing receipts based on transaction types including:
  • the first blockchain node receives the encrypted transaction
  • the first blockchain node decrypts the transaction in the trusted execution environment and executes the obtained transaction content to obtain receipt data
  • the first blockchain node determines the exposed field in the receipt data according to the transaction type of the transaction
  • the first blockchain node stores the receipt data so that the exposed fields are stored in plain text and the remaining receipt fields are stored in cipher text.
  • a receipt storage node based on transaction type including:
  • the receiving unit receives encrypted transactions
  • the decryption unit decrypts the transaction in a trusted execution environment to obtain transaction content
  • the execution unit executes the transaction content in the trusted execution environment to obtain receipt data
  • the determining unit determines the exposed fields in the receipt data according to the transaction type of the transaction
  • the storage unit stores the receipt data so that the exposed fields are stored in plain text, and the rest of the receipt fields are stored in cipher text.
  • an electronic device including:
  • a memory for storing processor executable instructions
  • the processor implements the method according to the first aspect by running the executable instruction.
  • a computer-readable storage medium is provided, and computer instructions are stored thereon, which, when executed by a processor, implement the steps of the method described in the first aspect.
  • Fig. 1 is a schematic diagram of implementing privacy protection on blockchain nodes according to an exemplary embodiment.
  • Fig. 2 is a flowchart of a method for storing receipts based on transaction types according to an exemplary embodiment.
  • Fig. 3 is a schematic diagram of creating a smart contract according to an exemplary embodiment.
  • Fig. 4 is a schematic diagram of invoking a smart contract provided by an exemplary embodiment.
  • Fig. 5 is a schematic diagram of the functional logic of implementing a blockchain network through a system contract and a chain code provided by an exemplary embodiment.
  • Fig. 6 is a block diagram of a receipt storage device based on transaction type according to an exemplary embodiment.
  • the steps of the corresponding method may not be executed in the order shown and described in this specification.
  • the method includes more or fewer steps than described in this specification.
  • a single step described in this specification may be decomposed into multiple steps for description in other embodiments; and multiple steps described in this specification may also be combined into a single step in other embodiments. description.
  • Blockchain is generally divided into three types: Public Blockchain, Private Blockchain and Consortium Blockchain.
  • the most decentralized one is the public chain.
  • the public chain is represented by Bitcoin and Ethereum. Participants who join the public chain can read the data records on the chain, participate in transactions, and compete for the accounting rights of new blocks. Moreover, each participant (ie, node) can freely join and exit the network, and perform related operations.
  • the private chain is the opposite.
  • the write permission of the network is controlled by an organization or institution, and the data read permission is regulated by the organization.
  • the private chain can be a weakly centralized system with strict restrictions and few participating nodes. This type of blockchain is more suitable for internal use by specific institutions.
  • the alliance chain is a block chain between the public chain and the private chain, which can achieve "partial decentralization".
  • Each node in the alliance chain usually has a corresponding entity or organization; participants are authorized to join the network and form a stakeholder alliance to jointly maintain the operation of the blockchain.
  • the receipt data obtained by a node executing a transaction can include the following:
  • the Result field indicates the execution result of the transaction
  • the Gas used field indicates the gas value consumed by the transaction
  • the Logs field indicates the log generated by the transaction.
  • the log can further include the From field, To field, Topic field, and Log data field, among which the From field indicates the account address of the initiator of the call, and the To field indicates the called object (such as a smart contract)
  • the account address and Topic field indicate the subject of the log, and the Log data field indicates the log data;
  • the Output field indicates the output of the transaction.
  • the receipt data forms a receipt tree.
  • the receipt tree is generated through organization, so that when querying or verifying receipt data, the corresponding query or verification efficiency can be greatly improved.
  • the MPT Merkle Patricia Tree
  • the leaf of the receipt tree is the hash value of the receipt data corresponding to each transaction contained in the block, and the receiptRoot is Root hashes generated sequentially upwards according to the hash value of the receipt data at the leaf.
  • other types of tree structures can also be used in other blockchain networks.
  • the receipt data generated after the transaction is executed is stored in plain text, and anyone can see the contents of the above-mentioned receipt fields contained in the receipt data, without privacy protection settings and capabilities.
  • the receipt data needs to be stored in cipher text.
  • the first blockchain node includes the conventional environment on the left (on the left in the figure) and TEE.
  • the transaction submitted by the client (or other sources) first enters the "transaction/query interface" in the conventional environment , And then pass the transaction to the TEE for processing.
  • TEE is isolated from the normal environment. For example, when a transaction is encrypted, the transaction needs to be transferred to the TEE for decryption as the transaction content in clear text, so that the transaction content in the clear text can be efficiently processed in the TEE and in the TEE under the premise of ensuring data security.
  • the receipt data in plaintext is generated in.
  • TEE is a secure extension based on CPU hardware and a trusted execution environment completely isolated from the outside.
  • TEE was first proposed by Global Platform to solve the security isolation of resources on mobile devices, and parallel to the operating system to provide a trusted and secure execution environment for applications.
  • ARM's Trust Zone technology is the first to realize the real commercial TEE technology.
  • security requirements are getting higher and higher.
  • Not only mobile devices, cloud devices, and data centers have put forward more needs for TEE.
  • the concept of TEE has also been rapidly developed and expanded. Compared with the originally proposed concept, TEE is a broader TEE. For example, server chip manufacturers Intel, AMD, etc. have successively introduced hardware-assisted TEE and enriched the concepts and features of TEE, which has been widely recognized in the industry.
  • Intel Software Protection Extensions (SGX) and other TEE technologies isolate code execution, remote attestation, secure configuration, secure storage of data, and trusted paths for code execution.
  • the applications running in the TEE are protected by security and are almost impossible to be accessed by third parties.
  • SGX provides an enclave (also called an enclave), which is an encrypted trusted execution area in the memory, and the CPU protects data from being stolen.
  • enclave also called an enclave
  • the CPU protects data from being stolen.
  • a part of the area EPC Enclave Page Cache, enclave page cache or enclave page cache
  • the encryption engine MEE Memory Encryption Engine
  • SGX users can distrust the operating system, VMM (Virtual Machine Monitor), and even BIOS (Basic Input Output System). They only need to trust the CPU to ensure that private data will not leakage.
  • the private data can be encrypted and transmitted to the circle in cipher text, and the corresponding secret key can also be transmitted to the circle through remote certification. Then, the data is used for calculation under the encryption protection of the CPU, and the result will be returned in ciphertext. In this mode, you can use powerful computing power without worrying about data leakage.
  • the block chain is a data set stored in a database of a node and organized by a specific logic.
  • the database may be a storage medium, such as a persistent storage medium, on a physical carrier.
  • the privacy protection requirements for receipt data are not the same. For example, deposit certificate transactions focus on the privacy protection of the identity of the transaction initiator, transfer transactions focus on the privacy protection of the identities of both parties to the transfer, and transactions related to smart contracts focus on the privacy protection of the identity of the transaction initiator.
  • step 202 the first blockchain node receives the encrypted transaction.
  • the user can directly generate a transaction on the first blockchain node; or, the user can generate a transaction on the client, and send the transaction to the first blockchain node through the client; or, the client
  • the terminal can send the above transaction to the second blockchain node, and the second blockchain node sends the transaction to the first blockchain node.
  • the transactions in this manual can be used to implement relatively simple processing logic, such as similar to the deposit logic and transfer logic in related technologies, that is, the relevant transactions are deposit transactions, transfer transactions, etc. At this time, the above transaction may not be related to the smart contract.
  • a smart contract on the blockchain is a contract that can be triggered and executed by a transaction on the blockchain system.
  • Smart contracts can be defined in the form of codes.
  • EVM Ethereum Virtual Machine
  • bytecode virtual machine code
  • the EVM of node 1 can execute the transaction and generate a corresponding contract instance.
  • "0x6f8ae93" in the figure 3 represents the address of this contract, the data field of the transaction can be stored in bytecode, and the to field of the transaction is empty.
  • the contract is successfully created and can be called in the subsequent process.
  • a contract account corresponding to the smart contract appears on the blockchain and has a specific address, and the contract code will be stored in the contract account.
  • the behavior of the smart contract is controlled by the contract code.
  • smart contracts enable virtual accounts containing contract codes and account storage (Storage) to be generated on the blockchain.
  • the EVM of a certain node can execute the transaction and generate a corresponding contract instance.
  • the from field of the transaction in Figure 2 is the address of the account of the transaction initiator (ie Bob), the "0x6f8ae93" in the to field represents the address of the called smart contract, and the value field in Ethereum is the value of Ether ,
  • the method and parameters of calling the smart contract are stored in the data field of the transaction. Smart contracts are executed independently on each node in the blockchain network in a prescribed manner. All execution records and data are stored on the blockchain, so when the transaction is completed, the blockchain will be stored on the blockchain that cannot be tampered with. Lost transaction certificate.
  • the transaction content can include the code of the smart contract that needs to be created; when the transaction is used to call a smart contract, the transaction content can include the account address of the smart contract being called, and the required input Methods and parameters, etc.
  • Step 204 The first blockchain node decrypts the transaction in the trusted execution environment and executes the obtained transaction content to obtain receipt data.
  • the encrypted transaction can be kept in a state of privacy protection, and the transaction content can be prevented from being exposed.
  • the transaction content may contain information such as the account address of the transaction initiator and the account address of the transaction target. Encryption processing can ensure that these transaction contents cannot be directly read.
  • the foregoing transaction may be encrypted by a symmetric encryption algorithm, or may be encrypted by an asymmetric algorithm.
  • the encryption algorithm used by symmetric encryption such as DES algorithm, 3DES algorithm, TDEA algorithm, Blowfish algorithm, RC5 algorithm, IDEA algorithm, etc.
  • Asymmetric encryption algorithms such as RSA, Elgamal, knapsack algorithm, Rabin, D-H, ECC (elliptic curve encryption algorithm), etc.
  • the foregoing transaction may be encrypted by a combination of a symmetric encryption algorithm and an asymmetric encryption algorithm.
  • the client can use a symmetric encryption algorithm to encrypt the transaction content, that is, use the symmetric encryption algorithm key to encrypt the transaction content, and use an asymmetric encryption algorithm to encrypt the symmetric encryption algorithm
  • the key used for example, the key used in the public key encryption symmetric encryption algorithm using an asymmetric encryption algorithm.
  • the first blockchain node After the first blockchain node receives the encrypted transaction, it can first decrypt it with the private key of the asymmetric encryption algorithm to obtain the key of the symmetric encryption algorithm, and then decrypt it with the key of the symmetric encryption algorithm to obtain the transaction content.
  • a transaction When a transaction is used to call a smart contract, it can be a call of multiple nested structures. For example, the transaction directly calls smart contract 1, and the code of smart contract 1 calls smart contract 2, and the code in smart contract 2 points to the contract address of smart contract 3, so that the transaction actually calls the code of smart contract 3 indirectly .
  • the specific implementation process is similar to the above process, and will not be repeated here.
  • the transaction received by the first blockchain node may be, for example, a transaction for creating and/or invoking a smart contract.
  • a transaction for creating and/or invoking a smart contract For example, in Ethereum, after the first blockchain node receives the transaction to create and/or call the smart contract from the client, it can check whether the transaction is valid, the format is correct, and the signature of the transaction is legal.
  • the nodes in Ethereum are generally nodes that compete for the right to bookkeeping. Therefore, the first blockchain node as the node that competes for the right to bookkeeping can execute the transaction locally. If one of the nodes competing for the accounting right wins in the current round of the accounting right, it becomes the accounting node. If the first blockchain node wins this round of competition for accounting rights, it becomes the accounting node; of course, if the first blockchain node does not win in this round of competition for accounting rights, it is not Accounting nodes, and other nodes may become accounting nodes.
  • a smart contract is similar to a class in object-oriented programming.
  • the result of execution generates a contract instance corresponding to the smart contract, similar to the object corresponding to the generated class.
  • the process of executing the code used to create a smart contract in a transaction will create a contract account and deploy the contract in the account space.
  • the address of the smart contract account is generated from the sender's address ("0xf5e -- in Figure 3-4) and the transaction nonce (nonce) as input, and is generated by an encryption algorithm, such as in Figure 3-4
  • the contract address "0x6f8ae93" is generated from the sender's address "0xf5e" and the nonce in the transaction through an encryption algorithm.
  • consensus algorithms such as Proof of Work (POW), Proof of Stake (POS), and Delegated Proof of Stake (DPOS) are adopted in blockchain networks that support smart contracts. All nodes competing for the right to account can execute the transaction after receiving the transaction including the creation of a smart contract. One of the nodes competing for the right to bookkeeping may win this round and become the bookkeeping node.
  • the accounting node can package the transaction containing the smart contract with other transactions and generate a new block, and send the generated new block to other nodes for consensus.
  • the nodes with the right to book accounts have been agreed before this round of bookkeeping. Therefore, after the first blockchain node receives the above transaction, if it is not the accounting node of this round, it can send the transaction to the accounting node.
  • accounting nodes which can be the first blockchain node
  • the accounting node packages the transaction (or other transactions together) and generates a new block
  • the generated new block or block header is sent to other nodes for consensus.
  • the accounting nodes in this round can package and package the transaction. Generate a new block, and send the header of the generated new block to other nodes for consensus. If other nodes receive the block and verify that there is no problem, they can append the new block to the end of the original block chain to complete the accounting process and reach a consensus; if the transaction is used to create a smart contract, then The deployment of the smart contract on the blockchain network is completed. If the transaction is used to call the smart contract, the call and execution of the smart contract are completed. In the process of verifying the new block or block header sent by the accounting node, other nodes may also execute the transaction in the block.
  • the transaction contains the code of the smart contract
  • the first blockchain node can decrypt the transaction in the TEE to obtain the code of the smart contract contained therein, and then Execute this code in TEE.
  • the first blockchain node can execute the code in the TEE (if the called smart contract handles the encryption state, the smart contract needs to be executed in the TEE first. Decrypt to get the corresponding code).
  • the first blockchain node may use the newly added processor instructions in the CPU to allocate a part of the area EPC in the memory, and encrypt the above-mentioned plaintext code and store it in the EPC through the encryption engine MEE in the CPU.
  • the encrypted content in EPC is decrypted into plain text after entering the CPU.
  • the plaintext code for executing smart contracts can load the EVM into the enclosure.
  • the key management server can calculate the hash value of the local EVM code and compare it with the hash value of the EVM code loaded in the first blockchain node. The correct comparison result is a necessary condition for passing remote certification. , So as to complete the measurement of the code loaded in the SGX circle of the first blockchain node. After measurement, the correct EVM can execute the above smart contract code in SGX.
  • Step 206 The first blockchain node determines the exposed field in the receipt data according to the transaction type of the transaction.
  • the transaction may include a type field, and the value of the type field is used to indicate the corresponding transaction type. Therefore, by reading the value of the type field in the exchange, the transaction type can be determined, such as the type of deposit certificate, the type of asset transfer (such as transfer), the type of contract creation, and the type of contract invocation. This manual does not limit this.
  • different types of transactions may respectively have corresponding exposed fields.
  • the exposed field is one or more fields specified in the receipt data.
  • the content of the receipt corresponding to the exposed field is allowed to be stored in plain text for subsequent receipts stored in plain text.
  • the mapping relationship between each transaction type and the exposed field may be predefined, so that the first blockchain node can obtain the predefined mapping relationship, and further based on the transaction type of the transaction and the mapping relationship, Identify the exposed fields in the receipt data.
  • the exposed field corresponding to the attestation type may include all fields except the above-mentioned From field
  • the exposed field corresponding to the asset transfer type may include the above-mentioned To field
  • the exposed field corresponding to the contract creation type and contract invocation type may include the above-mentioned From field. All the fields except for the other transaction types will not be repeated here.
  • mapping relationship may be recorded in the system contract. If there is no upgrade requirement for the above mapping relationship, the mapping relationship can also be recorded in the chain code of the blockchain network.
  • Step 208 The first blockchain node stores the receipt data so that the exposed fields are stored in plain text, and the remaining receipt fields are stored in cipher text.
  • the first blockchain node reads the code of the system contract.
  • the code of the system contract defines the receipt data storage logic related to the transaction type, that is, the exposed field corresponding to each transaction type (similar to The above mapping relationship), the logic of implementing plaintext storage for exposed fields, the logic of implementing ciphertext storage for non-exposed fields, etc.; accordingly, the first blockchain node can execute the code of the system contract to convert the exposed fields to Stored in plain text, and the rest of the receipt fields are stored in cipher text.
  • the computing device By running the program code of the blockchain (hereinafter referred to as the chain code) on the computing device (physical machine or virtual machine), the computing device can be configured as a blockchain node in the blockchain network, such as the first Blockchain nodes, etc.
  • the first blockchain node runs the above chain code to realize the corresponding functional logic. Therefore, when the blockchain network is created, the receipt data storage logic related to the transaction type described above can be written into the chain code, so that each blockchain node can implement the receipt data storage logic; Take the blockchain node as an example.
  • the receipt data storage logic is as described above: the receipt data storage logic can specifically define the exposed fields corresponding to each transaction type, so that the first blockchain node can determine according to the transaction type Which receipt content in the receipt data generated by the transaction needs to be stored in plain text, and which receipt content needs to be stored in cipher text.
  • chain code is used to realize the basic functions of the blockchain network, and the function expansion during operation can be achieved through the system Realized by way of contract.
  • the system contract includes code in the form of bytecode, for example, the first blockchain node can run the system contract code (for example, according to the unique corresponding address "0x53a98" to read the system The code in the contract) to realize the functional supplement of the chain code.
  • the system contract read by the first blockchain node may include a preset system contract configured in the genesis block of the blockchain network; and, the administrator in the blockchain network (ie, the above-mentioned management user) may have The update authority of the system contract, so as to update the preset system contract such as the above, the system contract read by the first blockchain node may also include the corresponding updated system contract.
  • the updated system contract can be obtained by the administrator after one update of the preset system contract; or, the updated system contract can be obtained by the administrator after multiple iterations of the preset system contract, such as the preset system contract Update the system contract 1, update the system contract 1 to obtain the system contract 2, update the system contract 2 to obtain the system contract 3.
  • the system contract 1, the system contract 2, and the system contract 3 can all be regarded as the updated system contract, but the first Blockchain nodes usually follow the latest version of the system contract. For example, the first blockchain node will follow the code in system contract 3 instead of the code in system contract 1 or system contract 2.
  • the administrator can also publish system contracts in subsequent blocks and update the published system contracts.
  • system contracts in subsequent blocks and update the published system contracts.
  • a certain degree of restrictions should be imposed on the issuance and update of system contracts through methods such as authority management to ensure that the functional logic of the blockchain network can operate normally and avoid unnecessary losses to any users.
  • the first blockchain node can read the code of the system contract, and the code of the system contract defines the receipt data storage logic related to the preset transaction type; then, the first blockchain node can execute the system contract Code to determine the corresponding exposed field according to the transaction type, and store the corresponding receipt content in the receipt data in plain text, and store the remaining receipt content in cipher text.
  • the first blockchain node encrypts the receipt content corresponding to the non-exposed field by using a key.
  • the encryption may be symmetric encryption or asymmetric encryption. If the first blockchain node uses symmetric encryption, that is, the symmetric key of the symmetric encryption algorithm is used to encrypt the content of the receipt, the client (or other object holding the key) can use the symmetric key pair of the symmetric encryption algorithm The encrypted receipt content is decrypted.
  • the symmetric key may be provided to the first blockchain node in advance by the client. Then, since only the client (actually the user corresponding to the logged-in account on the client) and the first blockchain node have the symmetric key, only the client can decrypt the corresponding encrypted receipt content, avoiding Irrelevant users and even criminals decrypt the encrypted receipt content.
  • the client when the client initiates a transaction to the first blockchain node, the client can use the initial key of the symmetric encryption algorithm to encrypt the transaction content to obtain the transaction; accordingly, the first blockchain node can obtain
  • the initial key is used to directly or indirectly encrypt the content of the receipt.
  • the initial key can be negotiated in advance by the client and the first blockchain node, or sent by the key management server to the client and the first blockchain node, or sent by the client to the first blockchain node.
  • the client can encrypt the initial key with the public key of the asymmetric encryption algorithm, and then send the encrypted initial key to the first block
  • the chain node, and the first blockchain node decrypts the encrypted initial key through the private key of the asymmetric encryption algorithm to obtain the initial key, which is the digital envelope encryption described above, which will not be repeated here.
  • the first blockchain node may use the aforementioned initial key to encrypt the content of the receipt.
  • Different transactions can use the same initial key, so that all transactions submitted by the same user are encrypted with this initial key, or different transactions can use different initial keys.
  • the client can randomly generate an initial key for each transaction. Key to improve security.
  • the first blockchain node may generate a derived key according to the initial key and the impact factor, and encrypt the content of the receipt through the derived key.
  • the derived key can increase the degree of randomness, thereby increasing the difficulty of being compromised and helping to optimize the security protection of data.
  • the impact factor can be related to the transaction; for example, the impact factor can include the specified bits of the transaction hash value.
  • the first blockchain node can associate the initial key with the first 16 bits (or the first 32 bits and the last 16 bits) of the transaction hash value. Bits, last 32 bits, or other bits) are spliced, and the spliced string is hashed to generate a derived key.
  • the first blockchain node may also use an asymmetric encryption method, that is, use the public key of the asymmetric encryption algorithm to encrypt the content of the receipt, and accordingly, the client may use the private key of the asymmetric encryption algorithm.
  • the key decrypts the encrypted receipt content.
  • the key of an asymmetric encryption algorithm for example, can be that the client generates a pair of public and private keys, and sends the public key to the first blockchain node in advance, so that the first blockchain node can use the receipt content Public key encryption.
  • the first blockchain node realizes the function by running the code used to realize the function. Therefore, for the functions that need to be implemented in the TEE, the relevant code also needs to be executed. For the code executed in the TEE, it needs to comply with the relevant specifications and requirements of the TEE; accordingly, for the code used to implement a certain function in the related technology, the code needs to be rewritten in combination with the specifications and requirements of the TEE. Large amount of development, and easy to produce loopholes (bugs) in the process of rewriting, affecting the reliability and stability of function implementation.
  • the first blockchain node can execute the storage function code outside the TEE to store the receipt data generated in the TEE (including the receipt content in plain text that needs to be stored in plain text, and the receipt content in cipher text that needs to be stored in cipher text.
  • TEE Is stored in an external storage space outside the TEE, so that the storage function code can be the code used to implement the storage function in the related technology, and does not need to be rewritten in conjunction with the specifications and requirements of the TEE to achieve safe and reliable receipt data
  • the storage of TEE can not only reduce the amount of related code development without affecting security and reliability, but also reduce TCB (Trusted Computing Base) by reducing the related code of TEE, making TEE technology and regional In the process of combining block chain technology, the additional security risks caused are in a controllable range.
  • TCB Trusted Computing Base
  • the first blockchain node may execute the write cache function code in the TEE to store the above-mentioned receipt data in the write cache in the TEE.
  • the write cache may correspond to the one shown in FIG. 1 "Cache".
  • the first blockchain node outputs the data in the write cache from the trusted execution environment to be stored in the external storage space.
  • the write cache function code can be stored in the TEE in plain text, and the cache function code in the plain text can be directly executed in the TEE; or, the write cache function code can be stored outside the TEE in cipher text, such as the above External storage space (such as the "package + storage” shown in Figure 1, where "package” means that the first blockchain node packages the transaction into blocks outside of the trusted execution environment), the cipher text form
  • the write cache function code is read into the TEE, decrypted into the plaintext code in the TEE, and the plaintext code is executed.
  • Write cache refers to a "buffer" mechanism provided to avoid “impact” to the external storage space when data is written to the external storage space.
  • the above-mentioned write cache can be implemented by using buffer; of course, the write cache can also be implemented by using cache, which is not limited in this specification.
  • the write cache mechanism can be used to write the data in the cache to the external storage space in batches, thereby reducing the gap between the TEE and the external storage space. The number of interactions increases the efficiency of data storage.
  • TEE may need to retrieve the generated data.
  • the data to be called happens to be in the write cache, the data can be read directly from the write cache.
  • the interaction between the external storage space eliminates the decryption process of the data read from the external storage space, thereby improving the data processing efficiency in the TEE.
  • the write cache can also be established outside the TEE.
  • the first blockchain node can execute the write cache function code outside the TEE, so as to store the above receipt data in the write cache outside the TEE, and further write The data in the cache is stored in an external storage space.
  • the receiving unit 61 receives the encrypted transaction
  • the decryption unit 62 decrypts the transaction in a trusted execution environment to obtain transaction content
  • the execution unit 63 executes the transaction content in the trusted execution environment to obtain receipt data
  • the determining unit 64 determines the exposed fields in the receipt data according to the transaction type of the transaction;
  • the storage unit 65 stores the receipt data so that the exposed fields are stored in plain text, and the rest of the receipt fields are stored in cipher text.
  • the transaction includes a type field, and the value of the type field is used to indicate the corresponding transaction type.
  • the determining unit 64 is specifically configured to:
  • mapping relationship is recorded in a system contract.
  • the storage unit 65 is specifically configured to:
  • the code of the system contract is executed to store the exposed fields in plaintext and the remaining receipt fields in ciphertext.
  • the system contract includes: a preset system contract recorded in the genesis block, or an updated system contract corresponding to the preset system contract.
  • the transaction type of the transaction includes: deposit certificate type, asset transfer type, contract creation type, contract call type.
  • the storage unit 65 is specifically configured to:
  • the storage function code is executed outside the trusted execution environment to store the receipt data in an external storage space outside the trusted execution environment.
  • the key used by the first blockchain node to encrypt the receipt data includes: a key of a symmetric encryption algorithm or a key of an asymmetric encryption algorithm.
  • the key of the symmetric encryption algorithm includes an initial key provided by the client; or, the key of the symmetric encryption algorithm includes a derived key generated by the initial key and an influence factor.
  • the transaction is encrypted by the initial key, and the initial key is encrypted by a public key of an asymmetric encryption algorithm; the decryption unit 62 is specifically configured to:
  • the initial key is generated by the client; or, the initial key is sent to the client by the key management server.
  • the impact factor is related to the transaction.
  • the impact factor includes: a designated bit of the hash value of the transaction.
  • Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology.
  • the information can be computer-readable instructions, data structures, program modules, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, magnetic disk storage, quantum memory, graphene-based storage media or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
  • first, second, third, etc. may be used in one or more embodiments of this specification to describe various information, the information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other.
  • first information may also be referred to as second information, and similarly, the second information may also be referred to as first information.
  • word “if” as used herein can be interpreted as "when” or “when” or "in response to determination”.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

L'invention concerne un procédé et un nœud de stockage de reçu basés sur le type de transaction. Ledit procédé peut comprendre les étapes suivantes : un premier nœud de chaîne de blocs reçoit une transaction chiffrée (202) ; le premier nœud de chaîne de blocs déchiffre la transaction dans un environnement d'exécution de confiance et exécute le contenu de transaction obtenu de façon à obtenir des données de reçu (204) ; le premier nœud de chaîne de blocs détermine un champ exposé dans les données de reçu selon un type de transaction de la transaction (206) ; et le premier nœud de chaîne de blocs stocke les données de reçu, de telle sorte que le champ exposé est stocké sous la forme d'un texte en clair, et les champs de reçu restants sont stockés sous la forme d'un texte chiffré (208).
PCT/CN2020/091410 2019-05-20 2020-05-20 Procédé et nœud de stockage de reçu basés sur le type de transaction WO2020233631A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910419140.5A CN110264192B (zh) 2019-05-20 2019-05-20 基于交易类型的收据存储方法和节点
CN201910419140.5 2019-05-20

Publications (1)

Publication Number Publication Date
WO2020233631A1 true WO2020233631A1 (fr) 2020-11-26

Family

ID=67914790

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/091410 WO2020233631A1 (fr) 2019-05-20 2020-05-20 Procédé et nœud de stockage de reçu basés sur le type de transaction

Country Status (2)

Country Link
CN (1) CN110264192B (fr)
WO (1) WO2020233631A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112685750A (zh) * 2020-12-25 2021-04-20 联想(北京)有限公司 数据处理方法及装置
CN112995181A (zh) * 2021-03-04 2021-06-18 广州大学 一种基于可信环境与区块链的群智感知系统及其激励方法
CN113766034A (zh) * 2021-09-15 2021-12-07 城云科技(中国)有限公司 基于区块链的业务处理方法和装置

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110245942B (zh) * 2019-05-20 2021-05-04 创新先进技术有限公司 结合用户类型和判断条件的收据存储方法和节点
CN110264192B (zh) * 2019-05-20 2021-08-06 创新先进技术有限公司 基于交易类型的收据存储方法和节点
WO2020233423A1 (fr) * 2019-05-20 2020-11-26 创新先进技术有限公司 Procédé de stockage de reçu et nœud basé sur un type de transaction
CN111339569B (zh) * 2020-02-26 2023-05-26 百度在线网络技术(北京)有限公司 区块链数据处理方法、装置、电子设备和介质
CN112488836B (zh) * 2020-11-30 2023-06-02 成都质数斯达克科技有限公司 交易发送方法、装置、电子设备及可读存储介质

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107342858A (zh) * 2017-07-05 2017-11-10 武汉凤链科技有限公司 一种基于可信环境的智能合约保护方法和系统
CN107451175A (zh) * 2017-05-23 2017-12-08 阿里巴巴集团控股有限公司 一种基于区块链的数据处理方法及设备
CN109033855A (zh) * 2018-07-18 2018-12-18 腾讯科技(深圳)有限公司 一种基于区块链的数据传输方法、装置及存储介质
WO2019004118A1 (fr) * 2017-06-28 2019-01-03 特定非営利活動法人サイバー・キャンパス・コンソーシアムTies Contrat de contenu dans une chaîne de blocs, et système de gestion de contenu et procédé de fourniture de contenu utilisant celui-ci
CN110264192A (zh) * 2019-05-20 2019-09-20 阿里巴巴集团控股有限公司 基于交易类型的收据存储方法和节点

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105812332A (zh) * 2014-12-31 2016-07-27 北京握奇智能科技有限公司 数据保护方法
US10929823B2 (en) * 2017-09-12 2021-02-23 Northwestern University Peer auditing in a blockchain distribution network
CN108768655B (zh) * 2018-04-13 2022-01-18 北京握奇智能科技有限公司 动态口令生成方法和系统
CN109711849B (zh) * 2018-12-29 2021-10-26 北京金山安全软件有限公司 以太坊地址画像生成方法、装置、电子设备及存储介质

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107451175A (zh) * 2017-05-23 2017-12-08 阿里巴巴集团控股有限公司 一种基于区块链的数据处理方法及设备
WO2019004118A1 (fr) * 2017-06-28 2019-01-03 特定非営利活動法人サイバー・キャンパス・コンソーシアムTies Contrat de contenu dans une chaîne de blocs, et système de gestion de contenu et procédé de fourniture de contenu utilisant celui-ci
CN107342858A (zh) * 2017-07-05 2017-11-10 武汉凤链科技有限公司 一种基于可信环境的智能合约保护方法和系统
CN109033855A (zh) * 2018-07-18 2018-12-18 腾讯科技(深圳)有限公司 一种基于区块链的数据传输方法、装置及存储介质
CN110264192A (zh) * 2019-05-20 2019-09-20 阿里巴巴集团控股有限公司 基于交易类型的收据存储方法和节点

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112685750A (zh) * 2020-12-25 2021-04-20 联想(北京)有限公司 数据处理方法及装置
CN112995181A (zh) * 2021-03-04 2021-06-18 广州大学 一种基于可信环境与区块链的群智感知系统及其激励方法
CN113766034A (zh) * 2021-09-15 2021-12-07 城云科技(中国)有限公司 基于区块链的业务处理方法和装置
CN113766034B (zh) * 2021-09-15 2024-02-02 城云科技(中国)有限公司 基于区块链的业务处理方法和装置

Also Published As

Publication number Publication date
CN110264192A (zh) 2019-09-20
CN110264192B (zh) 2021-08-06

Similar Documents

Publication Publication Date Title
WO2020238255A1 (fr) Procédé et appareil de gestion de contrat intelligent en fonction d'une chaîne de blocs et dispositif électronique
WO2021103794A1 (fr) Procédé permettant de réaliser une transaction de préservation de la vie privée hautement efficace dans une chaîne de blocs, et dispositif
WO2021179743A1 (fr) Procédé et appareil d'interrogation d'informations de confidentialité de compte dans une chaîne de blocs
WO2021088548A1 (fr) Procédé et appareil d'interrogation de données de confidentialité sur la base d'un contrat intelligent
WO2021088547A1 (fr) Procédé et appareil d'interrogation de données privées de compte basés sur une chaîne de blocs
WO2021088546A1 (fr) Procédé et dispositif d'interrogation de données de confidentialité basés sur un compte de chaîne de blocs
WO2020233631A1 (fr) Procédé et nœud de stockage de reçu basés sur le type de transaction
WO2021088536A1 (fr) Procédé et appareil d'interrogation de données privées basés sur une autorisation hors chaîne
WO2020233623A1 (fr) Procédé de stockage de reçu et nœud combinant un type de transaction et un état d'évaluation
WO2020233616A1 (fr) Procédé de stockage de reçu et nœud utilisant un marquage de code en combinaison avec un type de transaction et un type d'utilisateur
WO2020233630A1 (fr) Procédé et nœud de mémorisation de reçus en fonction du type d'utilisateur
WO2020233626A1 (fr) Procédé et nœud de stockage de reçu combinés à une limitation conditionnelle de types de transactions et d'utilisateurs
WO2021088549A1 (fr) Procédé et appareil de configuration de requête d'autorisation basés sur un code de chaîne
WO2020238959A1 (fr) Procédé et dispositif pour réaliser un chiffrement dynamique en fonction d'une hauteur de bloc
WO2020233625A1 (fr) Procédé de stockage de reçus combinant un type d'utilisateur, des conditions de détermination et un nœud
WO2020233635A1 (fr) Procédé de stockage de reçu combinant des restrictions conditionnelles de multiples types de dimensions et nœud
WO2020233612A1 (fr) Procédé et nœud de stockage de reçu combinant une annotation de code avec des types de transaction et d'événement
WO2020233619A1 (fr) Procédé et nœud de stockage de reçu en combinaison avec un type d'utilisateur et un type de transaction
WO2020233643A1 (fr) Procédé et nœud de stockage de reçu utilisant des informations multidimensionnelles et ayant une restriction
WO2020233615A1 (fr) Procédé de stockage de reçu combinant un type d'utilisateur et un type de fonction d'événement et nœud
WO2021088533A1 (fr) Procédé et dispositif de partage de données privées
WO2020233624A1 (fr) Procédé de mémorisation de reçus et nœud utilisant un type de transaction en combinaison avec un type de fonction d'événement
WO2020233613A1 (fr) Procédé et noeud de stockage de reçu conditionnel qui combinent le marquage de code avec un type de transaction
WO2021088535A1 (fr) Procédé et dispositif d'interrogation de données privées basés sur un contrat intelligent
WO2020233628A1 (fr) Procédé et nœud de stockage de reçu basés sur une combinaison d'un type de fonction d'événement et d'une condition d'évaluation

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20809028

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20809028

Country of ref document: EP

Kind code of ref document: A1