WO2021057167A1 - Procédé et dispositif de traitement de transaction pour processeur de contrat intelligent sécurisé à base de fpga - Google Patents

Procédé et dispositif de traitement de transaction pour processeur de contrat intelligent sécurisé à base de fpga Download PDF

Info

Publication number
WO2021057167A1
WO2021057167A1 PCT/CN2020/100492 CN2020100492W WO2021057167A1 WO 2021057167 A1 WO2021057167 A1 WO 2021057167A1 CN 2020100492 W CN2020100492 W CN 2020100492W WO 2021057167 A1 WO2021057167 A1 WO 2021057167A1
Authority
WO
WIPO (PCT)
Prior art keywords
fpga
register
chip
transaction
code program
Prior art date
Application number
PCT/CN2020/100492
Other languages
English (en)
Chinese (zh)
Inventor
潘国振
魏长征
闫莺
郭学鹏
Original Assignee
支付宝(杭州)信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 支付宝(杭州)信息技术有限公司 filed Critical 支付宝(杭州)信息技术有限公司
Publication of WO2021057167A1 publication Critical patent/WO2021057167A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/76Architectures of general purpose stored program computers
    • G06F15/78Architectures of general purpose stored program computers comprising a single central processing unit
    • G06F15/7807System on chip, i.e. computer system on a single chip; System in package, i.e. computer system on one or more chips in a single package
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45583Memory management, e.g. access or allocation

Definitions

  • One or more embodiments of this specification relate to the field of blockchain technology, and more particularly to a transaction processing method and device based on an FPGA-based secure smart contract processor.
  • Blockchain technology is built on a transmission network (such as a peer-to-peer network).
  • the network nodes in the transmission network use chained data structures to verify and store data, and use distributed node consensus algorithms to generate and update data.
  • TEE Trusted Execution Environment
  • TEE can play the role of a black box in the hardware. Neither the code executed in the TEE nor the data operating system layer can be peeped, and only the pre-defined interface in the code can operate on it.
  • plaintext data is calculated in TEE instead of complex cryptographic operations in homomorphic encryption. There is no loss of efficiency in the calculation process. Therefore, the combination with TEE can achieve less performance loss. Under the premise, the security and privacy of the blockchain are greatly improved. At present, the industry is very concerned about the TEE solution.
  • TEE solutions including TPM (Trusted Platform Module) in software and Intel SGX (Software Guard Extensions) in hardware. , Software Protection Extension), ARM Trustzone (trust zone) and AMD PSP (Platform Security Processor, platform security processor).
  • one or more embodiments of this specification provide a transaction processing method and device based on an FPGA-based secure smart contract processor.
  • an FPGA-based secure smart contract processor transaction processing method which includes: FPGA structure loads the deployed circuit logic configuration files in the memory onto the FPGA chip , To form a register type on-chip processor for realizing virtual machine logic on the FPGA chip; the FPGA structure obtains the register type code program of the smart contract involved in the transaction according to the transaction received by the blockchain node to which it belongs The FPGA structure transfers the register type code program to the register type on-chip processor, so that the register type on-chip processor executes the register type code program.
  • an FPGA-based secure smart contract processor transaction processing device which includes: a loading unit that enables the FPGA structure to load the deployed circuit logic configuration file in the memory To the FPGA chip to form a register-based on-chip processor for realizing virtual machine logic on the FPGA chip; the acquisition unit enables the FPGA structure to acquire the transaction involved in the transaction according to the transaction received by the blockchain node to which it belongs The register-style code program of the smart contract; an execution unit that causes the FPGA structure to transfer the register-style code program to the register-style on-chip processor, so that the register-style on-chip processor executes the register-style code program.
  • an electronic device including: a processor; a memory for storing executable instructions of the processor; wherein the processor runs the executable instructions In order to realize the method as described in the first aspect.
  • a computer-readable storage medium on which computer instructions are stored, and when the instructions are executed by a processor, the steps of the method described in the first aspect are implemented.
  • Fig. 1 is a flowchart of a transaction processing method of an FPGA-based secure smart contract processor provided by an exemplary embodiment.
  • Fig. 2 is a schematic structural diagram of a blockchain node provided by an exemplary embodiment.
  • Fig. 3 is a schematic diagram of forming a functional module on an FPGA chip provided by an exemplary embodiment.
  • Fig. 4 is a block diagram of an FPGA-based secure smart contract processor-based transaction processing device provided by an exemplary embodiment.
  • the steps of the corresponding method are not necessarily executed in the order shown and described in this specification.
  • the method may include more or fewer steps than described in this specification.
  • a single step described in this specification may be decomposed into multiple steps for description in other embodiments; and multiple steps described in this specification may also be combined into a single step in other embodiments. description.
  • Block chains are generally divided into three types: Public Blockchain, Private Blockchain and Consortium Blockchain.
  • the public chain is represented by Bitcoin and Ethereum. Participants who join the public chain can read the data records on the chain, participate in transactions, and compete for the accounting rights of new blocks. Moreover, each participant (ie, node) can freely join and exit the network, and perform related operations.
  • the private chain is the opposite.
  • the write permission of the network is controlled by an organization or institution, and the data read permission is regulated by the organization.
  • the private chain can be a weakly centralized system with strict restrictions and few participating nodes.
  • This type of blockchain is more suitable for internal use by specific institutions.
  • Consortium chain is a block chain between public chain and private chain, which can realize "partial decentralization".
  • Each node in the alliance chain usually has a corresponding entity or organization; participants are authorized to join the network and form a stakeholder alliance to jointly maintain the operation of the blockchain.
  • the nodes in the blockchain network may use a solution that combines the blockchain and the TEE (Trusted Execution Environment).
  • TEE Trusted Execution Environment
  • TEE is a secure extension based on CPU hardware and a trusted execution environment that is completely isolated from the outside.
  • TEE was first proposed by Global Platform to solve the security isolation of resources on mobile devices, and parallel to the operating system to provide a trusted and secure execution environment for applications.
  • ARM's Trust Zone technology is the first to realize the real commercial TEE technology. With the rapid development of the Internet, security requirements are getting higher and higher. Not only mobile devices, cloud devices, and data centers have put forward more demands on TEE.
  • TEE has also been rapidly developed and expanded. Compared with the originally proposed concept, the TEE referred to now is a more generalized TEE.
  • server chip manufacturers Intel and AMD have successively introduced hardware-assisted TEE and enriched the concepts and features of TEE, which has been widely recognized in the industry.
  • the TEE mentioned now usually refers more to this kind of hardware-assisted TEE technology.
  • SGX provides an enclave (also known as an enclave), which is an encrypted trusted execution area in the memory, and the CPU protects data from being stolen.
  • enclave also known as an enclave
  • the CPU protects data from being stolen.
  • a part of the area EPC Enclave Page Cache, enclave page cache or enclave page cache
  • the encryption engine MEE Memory Encryption Engine
  • the first step in using TEE is to confirm the authenticity of TEE.
  • the related technology provides a remote certification mechanism for the above-mentioned SGX technology to prove that the SGX platform on the target device and the challenger have deployed the same configuration file.
  • the TEE technology in the related technology is implemented by software or a combination of software and hardware, even if the remote attestation method can indicate to a certain extent that the configuration file deployed in the TEE has not been tampered with, the TEE itself depends on the operation The environment cannot be verified.
  • a virtual machine for executing smart contracts needs to be configured in the TEE.
  • the instructions executed by the virtual machine are not directly executed, but actually executed corresponding X86 instructions (Assuming that the target device adopts the X86 architecture), which poses a certain degree of security risk.
  • this specification proposes a hardware TEE technology based on FPGA implementation.
  • FPGA implements hardware TEE by loading circuit logic configuration files. Because the content of the circuit logic configuration file can be checked and verified in advance, and the FPGA is configured and operated completely based on the logic recorded in the circuit logic configuration file, it can be ensured that the hardware TEE implemented by the FPGA has relatively higher security.
  • all virtual machines in related technologies adopt a stack architecture, so that FPGAs configured accordingly also use an operand stack to execute code programs of smart contracts, and the operating efficiency is much lower than the register architecture.
  • Fig. 1 is a flowchart of a transaction processing method of an FPGA-based secure smart contract processor provided by an exemplary embodiment. As shown in Figure 1, the method is applied to the FPGA structure and can include the following steps:
  • Step 102 The FPGA structure loads the deployed circuit logic configuration file in the memory onto the FPGA chip to form a register-type on-chip processor for realizing virtual machine logic on the FPGA chip.
  • the FPGA chip contains a number of editable hardware logic units. After these hardware logic units are configured via a circuit logic configuration file, they can be implemented as corresponding functional modules to implement corresponding logic functions. Specifically, the circuit logic configuration file can be burned to the FPGA structure based on the form of a bit stream.
  • a register-based on-chip processor can be formed on the FPGA chip.
  • the register-based on-chip processor can be used to implement virtual machine logic in related technologies, which is equivalent to configuring on the FPGA chip.
  • the formed "hardware virtual machine", for example, the virtual machine logic may include the execution logic of the Ethereum virtual machine or the execution logic of the WASM virtual machine, etc. This specification does not limit this.
  • Step 104 The FPGA structure obtains the register-type code program of the smart contract involved in the transaction according to the transaction received by the blockchain node to which it belongs.
  • Byte-code is composed of a series of bytes, and each byte can identify an operation. Based on many considerations such as development efficiency and readability, developers may not directly write bytecode programs, but choose a high-level language to write code programs for smart contracts. A code program written in a high-level language is compiled by a compiler to generate a corresponding bytecode program, and then the bytecode program can be deployed to the blockchain. There are many high-level languages supported by Ethereum, such as Solidity, Serpent, and LLL languages.
  • the above-mentioned compiler can be deployed on the client, so that the client can compile a code program written in a high-level language into a bytecode program through the compiler, and then compile the bytecode program into a register code program, and then pass The transaction is submitted to the blockchain network; or; the client can directly compile the code program written in the high-level language into a register code program by the compiler; or, the above-mentioned compiler can be deployed at the blockchain node to make the blockchain node After receiving the transaction submitted by the client, if the transaction contains a code program written in a high-level language, the blockchain node can use a compiler to compile the code program written in a high-level language into a bytecode program, and then the byte code program The code program is compiled into a register-style code program, or a blockchain node can directly compile a code program written in a high-level language into a register-style code program through a compiler. If the transaction contains a bytecode program, the blockchain no
  • the contract written in it is very similar to the class in the object-oriented programming language.
  • a variety of members can be declared in a contract, including contract state (or state variable), function, and function modifier. , Events, etc.
  • the contract state is the value permanently stored in the account storage of the smart contract and is used to save the state of the contract.
  • the compilation result of the compiler is, for example, as shown below (/*...*/The part of... is a comment, and if there are Chinese characters after it, it is the corresponding Chinese comment):
  • dup2/* copy the second item from the top to the bottom in the stack, so at this time the stack has 1, 0, and 1 data from the top to the top*/
  • Solidity code in the above code example is compiled into a corresponding bytecode program, and each bytecode contained in the bytecode program includes a byte-length opcode (Opcode) and the following zero at most Operands (Operands), which are the parameters required by the corresponding operation code during execution.
  • Opcode byte-length opcode
  • Operaands the following zero at most Operands
  • the code program obtained by the blockchain node in the related technology is usually a bytecode program.
  • the high-level language program can be compiled into a bytecode program at the client.
  • the client can further compile the bytecode program into a register-style code program, and then submit the transaction containing the register-style code program to the blockchain node through the client.
  • the compiler can compile the high-level language program into a bytecode program, and further compile the bytecode program into a register code program.
  • the bytecode program is based on the stack type, and the characteristic of the stack type architecture is that there is no ambiguity. Therefore, by first compiling the high-level language program into a bytecode program, the code behavior represented by the code program can be solidified, so that further compilation can be obtained.
  • the register code program is completely based on the solidified code behavior and will not change the code behavior, thus ensuring that the logic executed by all blockchain nodes is completely consistent.
  • this specification does not limit this.
  • Step 106 The FPGA structure transfers the register-type code program to the register-type on-chip processor, so that the register-type on-chip processor executes the register-type code program.
  • the bytecode program obtained by compiling the high-level language program is a stack type.
  • the operand involved in the bytecode program is written into the operand stack.
  • the operands involved in the register-based code program are written into the registers on the FPGA chip, rather than written into the operand stack, so that the register-based on-chip processor can perform operations based on the corresponding opcodes.
  • Register information (such as name, etc.) and directly process the operands stored in the register. Compared with pushing the operands into the operand stack or popping them from the operand stack, it is equivalent to the operands in multiple registers. Implement parallel operations to achieve the above-mentioned effects of improving efficiency and speeding up.
  • the FPGA structure can obtain the above-mentioned transaction in an encrypted state from the blockchain node, and pass the transaction to the encryption and decryption module on the FPGA chip.
  • the encryption and decryption module is formed on the FPGA chip by the above-mentioned deployed circuit logic configuration file, and its formation process is similar to the above-mentioned register-type on-chip processor. Then, the FPGA structure obtains the bytecode program according to the decrypted transaction content output by the encryption and decryption module.
  • the data field of the transaction content after decryption will contain the register code program of the smart contract.
  • the to field of the decrypted transaction content will contain the contract address of the called smart contract, and the FPGA structure can call the corresponding deployed register-style code program based on the contract address; for example, when the smart When the contract is deployed at the blockchain node, the FPGA structure can send the above-mentioned contract address to the blockchain node, and the blockchain node returns the register code program corresponding to the contract address to the FPGA structure.
  • a node private key can be deployed on the FPGA structure, and the node public key corresponding to the node private key is in a public state.
  • the above transaction can be encrypted and generated by the transaction initiator based on the symmetric key and node public key maintained by itself (for example, randomly generated for each transaction) using a digital envelope method: the transaction initiator encrypts the plaintext transaction content through the symmetric key to obtain The ciphertext transaction content, and the above-mentioned symmetric key is encrypted by the node public key to obtain the ciphertext symmetric key, and the above-mentioned transaction includes the ciphertext transaction content and the ciphertext symmetric key.
  • the FPGA structure can form a decryption module on the FPGA chip through the deployed circuit logic configuration file, and decrypt the above-mentioned transaction through the decryption module.
  • the decryption module first decrypts the ciphertext symmetric key based on the node's private key to obtain the above-mentioned symmetric key, and then the decryption module decrypts the ciphertext transaction content based on the symmetric key to obtain the above-mentioned plaintext transaction content, namely The decrypted transaction.
  • the register-type on-chip processor executes the above-mentioned register-type code program, it can generate the corresponding contract status, transaction receipt, and so on.
  • the transaction receipt may include information such as the transaction execution result, which needs to be fed back to the transaction initiator.
  • the FPGA structure can pass the transaction receipt generated by the register-based on-chip processor into the encryption module, and encrypt it with the symmetric key adopted by the digital envelope, and then the encrypted transaction
  • the receipt is returned to the blockchain node and then provided to the transaction initiator; where the encryption module is formed by the FPGA chip by loading the deployed circuit logic configuration file. Since the symmetric key used in the digital envelope is only held by the transaction initiator, using the symmetric key to generate an encrypted transaction receipt can ensure that the encrypted transaction receipt can only be decrypted by the transaction initiator to ensure the security and safety of the transaction receipt. privacy protection.
  • the code program can be deployed at the blockchain node, and the FPGA structure can request the blockchain node to obtain the code program for execution in the register-type on-chip processor formed on the FPGA chip.
  • the blockchain node belongs to the external storage space outside the FPGA chip, and the external storage space can also exist in other forms.
  • the FPGA structure can include an external DDR memory connected to the FPGA chip, etc., which can also be used to deploy the aforementioned code programs. At this time, the number of interactions between the FPGA structure and the blockchain node can be reduced.
  • the code program can also be deployed in the on-chip storage space of the FPGA chip.
  • the FPGA structure only the FPGA chip is considered to be a safe environment (TEE based on the FPGA structure), and the environment outside the FPGA chip is considered insecure, so the register code program can be deployed on the above-mentioned chip in clear text Storage space, but must be deployed in the above-mentioned external storage space in the form of ciphertext. Therefore, when the FPGA structure obtains the encrypted register code program from, for example, an external storage space, the encrypted register code program can be transferred to the decryption module on the FPGA chip, and the decrypted register output by the decryption module can be obtained.
  • Type code program in order to be executed in the register type on-chip processor.
  • the encrypted register-type code program can be obtained by encrypting the register-type code program by the service root key maintained by the FPGA structure or a derived key of the service root key. For example, after the FPGA structure obtains a transaction for deploying a smart contract, a register-type code program in plain text can be obtained from the transaction. Then, the FPGA structure can encrypt the register type code program through the encryption module to obtain the encrypted register type code program.
  • the key used is the above-mentioned service root key or the derived key of the service root key.
  • the node private key and service root key described above can be deployed to the FPGA structure by the user. Users can complete the deployment locally or remotely through the client. In the remote deployment process, the client can negotiate with the FPGA structure in advance to obtain the business secret deployment key, and the node private key or business root key can be encrypted and sent to the FPGA structure through the business secret deployment key, and the FPGA structure can be passed through The business secret deployment key decrypts the received data to obtain the node private key or the business root key.
  • a key agreement module By loading the deployed circuit logic configuration file onto the FPGA chip, a key agreement module can be formed on the FPGA chip, and the FPGA structure can implement the above-mentioned key agreement operation based on the key agreement module and the client.
  • the key agreement process can be implemented using any algorithm or standard in related technologies, which is not limited in this specification.
  • the key agreement process can include: the user can generate a key Ka-1 at the local client, the key agreement module can generate a key Kb-1 locally, and the client can generate a key Kb-1 based on the key Ka- 1
  • the key agreement module can calculate the key agreement information Kb-2 based on the key Kb-1, and then the client sends the key agreement information Ka-2 to the key agreement module
  • the key agreement module sends the key agreement information Kb-2 to the client, so that the client can generate a secret value based on the key Ka-1 and the key agreement information Kb-2, and the key agreement module can be based on the key Kb -1 generates the same secret value as the key agreement information Ka-2, and finally the client and the key agreement module respectively derive the same business secret deployment key from the same secret value based on the key derivation function, and the business secret deployment
  • the key can be stored in the FPGA chip or the secret management chip.
  • the key agreement information Ka-2 and key agreement information Kb-2 are transmitted between the client and the key agreement module via the blockchain node, the key Ka-1 is controlled by the client , The key Kb-1 is controlled by the key agreement module, so it can ensure that the blockchain node cannot know the final secret value and the business secret deployment key, and avoid possible security risks.
  • An authentication root key can be deployed in the FPGA structure, and the authentication root key can be pre-placed in the FPGA structure, or the authentication root key can be deployed to the FPGA structure by the client or other objects in an offline security environment, or the The authentication root key can be remotely deployed into the FPGA structure by the client or other objects.
  • the authentication root key is an asymmetric key.
  • the key agreement module can sign the generated key agreement information Kb-2 with the authentication root key, and the client can verify the signature to determine whether the received information actually comes from the FPGA structure and has not been transmitted during transmission. Tampered, and the information that fails the signature verification will not be trusted and adopted by the client.
  • the public key of the authentication root key can be managed by the authentication server and not made public, then the client can send the received information to the authentication server, and the authentication server can perform signature verification with the maintained public key; then, the authentication The server can provide the client with the verification result, the verification result is signed by the verification server, and the verification result contains the certificate of the verification server or the public key of the verification server can be made public, so that the client can verify the signature to determine the validity of the verification result Sex.
  • the public key of the authentication root key can be made public, so that the client can perform signature verification on the information from the FPGA structure based on the public key without going through the authentication server, which can reduce the interactive links in the signature verification process. Thereby improving the efficiency of verification and reducing the security risks caused by more interactive links.
  • the aforementioned authentication root key can be deployed to the FPGA structure based on the aforementioned deployed circuit logic configuration file.
  • the FPGA structure can avoid taking the authentication root key from the circuit logic configuration file, so that the FPGA structure can obtain the corresponding authentication root key after loading the circuit logic configuration file to the FPGA chip.
  • the FPGA structure can include a key management chip independent of the FPGA chip, and the FPGA structure can take the authentication root key out of the circuit logic configuration file to which it belongs and maintain it in the key management chip, so that only the authentication root key exists In the key management chip, it will no longer appear in the circuit logic configuration file deployed on the FPGA structure to improve the security of the authentication root key.
  • the public key or preset certificate corresponding to the client can be deployed on the FPGA structure.
  • the client can sign the aforementioned key agreement information Ka-2 and then send it to the FPGA structure, so that the FPGA structure can perform signature verification on the received key agreement information Ka-2, and verify that the signature is based on the key.
  • Negotiation information Ka-2 is one of the conditions for generating a secret value.
  • the public key or certificate corresponding to the client can be deployed in the FPGA structure by the aforementioned circuit logic configuration file.
  • the FPGA structure can also negotiate other keys with the client for use in other scenarios.
  • the FPGA structure can negotiate with the client through the key agreement module to obtain the configuration file deployment key, and the process can refer to the above-mentioned negotiation process for the business secret deployment key.
  • the FPGA structure can also negotiate to obtain multiple keys at one time; for example, when the key agreement module negotiates with the client to obtain the above-mentioned secret value After that, a 32-bit character string can be derived at one time based on KDF, and the first 16-bit character string and the last 16-bit character string can be used as different keys, such as the configuration file deployment key and the business secret deployment key mentioned above.
  • the circuit logic configuration files that have been deployed on the FPGA structure are implemented and updated.
  • the FPGA structure receives the encrypted new version of the circuit logic configuration file from the client, it can read the encrypted new version of the circuit logic configuration file into the trusted update module on the FPGA chip for decryption.
  • the circuit logic configuration file is formed on the FPGA chip; accordingly, the FPGA structure can update the deployed circuit logic configuration file based on the new version of the circuit logic configuration file obtained by decryption.
  • the client can use the above configuration file deployment key to encrypt the new version of the circuit logic configuration file to obtain the encrypted new version of the circuit logic configuration file
  • the trusted update module can also encrypt the new version of the circuit logic configuration file based on the above configuration file deployment key.
  • the new version of the circuit logic configuration file is decrypted to obtain the new version of the circuit logic configuration file.
  • the client can also sign the new version of the circuit logic configuration file before encryption, and the trusted update module can decrypt the new version of the circuit logic configuration file based on the user public key or preset certificate pre-configured on the FPGA structure. Carry out verification. Then, in the case of a decryption failure or a signature verification failure, the trusted update module can terminate the update operation.
  • the "new version” is relative to the circuit logic configuration file that has been deployed on the FPGA structure, to indicate that the deployed circuit logic configuration file is configured in the FPGA structure relatively earlier, and It does not mean that the logic or function implemented by the corresponding circuit logic configuration file will necessarily achieve version iteration.
  • the circuit logic configuration file can be directly read and configured in the FPGA chip.
  • the FPGA chip is volatile, and the circuit logic configuration file deployed after the power is off will be lost, so that the client needs to re-deploy the circuit logic configuration file after power on.
  • the FPGA structure can further include a memory, which is connected to the FPGA chip, so that the circuit logic configuration file is deployed in the memory, and the FPGA chip reads the circuit logic configuration file from the memory to implement related functions ;
  • the memory is non-volatile, even if the power is off, the circuit logic configuration file can still be saved, and after the power is turned on, it is only necessary to read the FPGA chip from the memory again, without the client re-deployment.
  • the memory may have various forms, such as a non-volatile memory that can be re-erasable, such as flash memory, and a non-re-erasable memory, such as a fuse memory, which is not limited in this specification. Therefore, when the deployed circuit logic configuration file is located in the memory, the FPGA structure can update and deploy the memory based on the new version of the circuit logic configuration file, so that the deployed circuit logic configuration file in the memory is updated to the new version of the circuit logic configuration file.
  • the FPGA structure can generate an authentication result for the new version of the circuit logic configuration file that is updated and deployed, and the authentication result includes content related to the new version of the circuit logic configuration file.
  • the above-mentioned content related to the new version of the circuit logic configuration file may be the hash value of the new version of the circuit logic configuration file or a derived value of the hash value; and the client can generate the hash value or the hash value based on the new version of the circuit logic configuration file maintained by itself. If the client receives and generates the same hash value (or its derived value), the client can determine that the new version of the circuit logic file has been successfully deployed to the FPGA structure.
  • the FPGA structure can sign the authentication result with the authentication root key and send it to the client, so that the client can determine that the received authentication result comes from the FPGA structure and has not been tampered with.
  • the authentication root key used in the FPGA structure can be provided by the previously deployed circuit logic configuration file; or, when the new version of the circuit logic configuration file contains the new version of the authentication root key, the FPGA structure can be based on the new version of the authentication root key Sign the authentication result.
  • the authentication result may also be related to other information.
  • the new version of the circuit logic configuration file can be loaded on the FPGA chip to form a new version of the key agreement module, and based on the new version of the key agreement module, the key agreement module can be negotiated with the client. If the new version configuration file deployment key is obtained, the other information mentioned above can be the hash value (or its derivative value) of the new version configuration file deployment key.
  • the new version key agreement module negotiates the deployment key of the new version of the configuration file with the client, the authentication root key recently deployed on the FPGA structure is used.
  • the authentication root key can come from the previously deployed circuit logic configuration file or the new version of the circuit. Logical configuration file. Among them, when the foregoing deployed circuit logic configuration file and the new version of the circuit logic configuration file on the FPGA structure are not generated and deployed by the same user, the foregoing deployed circuit logic configuration file may be viewed by other users before being burned to the FPGA structure Or check, causing the authentication root key contained in the deployed circuit logic configuration file to be known by other users, which poses a certain security risk. Therefore, deploying a new version of the authentication root key through the new version of the circuit logic configuration file can effectively improve security.
  • the FPGA structure can respectively generate the hash value of the new version of the circuit logic configuration file and the hash value of the new version of the configuration file deployment key, and calculate the two hash values through such as sm3 algorithm or other algorithms.
  • the calculation result can be used as the above-mentioned content related to the new version of the circuit logic configuration file; accordingly, based on the authentication result, the client can determine that the new version of the circuit logic configuration file is successfully deployed on the FPGA structure, and the client and the FPGA structure are successfully negotiated Get the new version of the configuration file deployment key.
  • Fig. 2 is a schematic structural diagram of a blockchain node provided by an exemplary embodiment.
  • an FPGA structure can be added to the blockchain node to implement hardware TEE.
  • the FPGA structure can be an FPGA board as shown in FIG. 2.
  • the FPGA board can be connected to the blockchain node through the PCIE interface to realize the data interaction between the FPGA board and the blockchain node.
  • FPGA boards can include FPGA chips, Flash (flash memory) chips, and dense tube chips; of course, in addition to FPGA chips in some embodiments, they may only include parts of the remaining Flash chips and dense tube chips. , Or may contain more structures, here are just examples.
  • no user-defined logic is programmed on the FPGA chip, which is equivalent to the FPGA chip in a blank state.
  • Users can burn circuit logic configuration files on the FPGA chip to form corresponding functions or logic on the FPGA chip.
  • the FPGA board does not have the capability of security protection, so it usually needs to provide an external security environment.
  • users can implement the programming of the circuit logic configuration file in an offline environment to achieve physical security isolation. Instead of implementing remote programming online.
  • the corresponding logic code can be formed through FPGA hardware language, and then the logic code can be mirrored to obtain the above-mentioned circuit logic configuration file.
  • the user can check the above-mentioned logic code. Especially, when multiple users are involved at the same time, multiple users can check the above logic code separately to ensure that the FPGA board can finally meet the needs of all users and prevent security risks, logic errors, fraud and other abnormalities. problem.
  • the user can burn the circuit logic configuration file to the FPGA board in the above-mentioned offline environment.
  • the circuit logic configuration file is transferred from the blockchain node to the FPGA board, and then deployed to the Flash chip as shown in Figure 2, so that even if the FPGA board is powered off, the Flash chip can still save the above-mentioned circuit logic. Configuration file.
  • Fig. 3 is a schematic diagram of forming a functional module on an FPGA chip provided by an exemplary embodiment.
  • the hardware logic unit contained in the FPGA chip can be configured to form corresponding functional modules on the FPGA chip.
  • the formed functional modules can include such Figure 3 shows the plaintext calculation module, key agreement module, decryption signature verification module, encryption and decryption module, etc.
  • the circuit logic configuration file can also be used to transmit the information that needs to be stored to the FPGA board.
  • the preset certificate can be stored on the FPGA chip, and the authentication root key can be stored in the secret tube chip (the authentication root key can also be Stored on the FPGA chip) and so on.
  • the FPGA board can realize remote key agreement with the user.
  • the key agreement process can use related technologies. Any algorithm or standard can be implemented, and this specification does not limit it.
  • the key agreement process can include: the user can generate a key Ka-1 at the local client, the key agreement module can generate a key Kb-1 locally, and the client can generate a key Kb-1 based on the key Ka- 1 Calculate the key agreement information Ka-2, the key agreement module can calculate the key agreement information Kb-2 based on the key Kb-1, and then the client sends the key agreement information Ka-2 to the key agreement module, The key agreement module sends the key agreement information Kb-2 to the client, so that the client can generate a secret value based on the key Ka-1 and the key agreement information Kb-2, and the key agreement module can be based on the key Kb -1 generates the same secret value as the key agreement information Ka-2, and finally the client and the key agreement module respectively derive the same
  • the key agreement information Ka-2 and key agreement information Kb-2 are transmitted between the client and the key agreement module via the blockchain node
  • the key Ka-1 is controlled by the client
  • the key Kb-1 is controlled by the key agreement module, so it can ensure that the blockchain node cannot know the final secret value and the configuration file deployment key, so as to avoid possible security risks.
  • the secret value is also used to derive the business secret deployment key; for example, the secret value can be derived as a 32-bit value, the first 16 bits can be used as the configuration file deployment key, and the last 16 bits can be used as the business secret deployment Key.
  • the user can deploy the service key to the FPGA board through the service secret deployment key.
  • the service key may include the node private key and the service root key.
  • the user can use the business secret deployment key on the client to sign, encrypt the node private key or the business root key, and send it to the FPGA board, so that after the FPGA board is decrypted and verified through the decryption verification module, Deploy the obtained node private key or service root key.
  • the FPGA board can be implemented as a TEE on the blockchain node to meet privacy requirements. For example, when a blockchain node receives a transaction, if the transaction is a plaintext transaction, the blockchain node can directly process the plaintext transaction, if the transaction is a private transaction, the blockchain node transmits the private transaction to the FPGA The board is processed.
  • the transaction content of a plaintext transaction is in plaintext form, and the contract status generated after the transaction is executed is also stored in plaintext form.
  • the transaction content of a private transaction is in the form of cipher text, which is obtained by encrypting the content of the transaction in plain text by the transaction initiator, and the contract state generated after the transaction is executed needs to be stored in the form of cipher text to ensure the protection of transaction privacy.
  • the transaction initiator can generate a symmetric key randomly or based on other methods.
  • the business public key corresponding to the above-mentioned business private key is disclosed, then the transaction initiator can perform transaction content in plaintext based on the symmetric key and the business public key.
  • the transaction initiator encrypts the plaintext transaction content with a symmetric key, and encrypts the symmetric key with the business public key.
  • the two parts obtained are included in the above-mentioned private transaction; in other words, the private transaction includes Two parts of content: the content of the transaction in plaintext encrypted with a symmetric key, and the symmetric key encrypted with the business public key.
  • the encryption and decryption module can use the business private key to decrypt the symmetric key encrypted with the business public key to obtain the symmetric key, and then the encryption and decryption module
  • the symmetric key is used to decrypt the plaintext transaction content encrypted with the symmetric key to obtain the plaintext transaction content.
  • Private transactions can be used to deploy smart contracts, then the data field of the plaintext transaction content can contain the register contract code of the smart contract to be deployed; or, the privacy transaction can be used to call the smart contract, then the to field of the plaintext transaction content can contain the The contract address of the called smart contract, and the FPGA board can call the corresponding register-type contract code based on the contract address.
  • the plaintext calculation module formed on the FPGA chip is used to implement virtual machine logic in related technologies, that is, the plaintext calculation module is equivalent to the "hardware virtual machine" on the FPGA board. Therefore, after the register-type contract code is determined based on the above-mentioned plaintext transaction content, the register-type contract code can be passed into the plaintext calculation module, so that the plaintext calculation module executes the register-type contract code. After the execution is completed, the status of the contract involved in the register-type contract code may be updated.
  • the encryption and decryption module can encrypt the updated contract state through the aforementioned business root key or its derivative key, and store the encrypted contract state to ensure privacy
  • the transaction-related data is only in the clear text state in the FPGA chip and in the cipher text state outside the FPGA chip, so as to ensure the security of the data.
  • the plaintext calculation module can be the register type on-chip processor in this specification.
  • the register-type on-chip processor executes the register-type code program of the smart contract.
  • the register code program can be directly compiled by the high-level language program on the client by the transaction submitting party, or the high-level language program can be compiled into a byte code program and then compiled into a register code program.
  • the register-based on-chip processor stores the operands involved in the operation instructions contained in the register-based code program in the registers on the FPGA chip during the execution of the register-based code program, and the execution is related When operating instructions, directly obtain operands and perform operations based on the information in the registers, and then store the results of the operations in the registers.
  • the number of operands involved in the above machine code can be one or more.
  • each operand can be stored in or read from the register in parallel, instead of being pushed or popped into the stack in sequence, so it has a relatively higher execution efficiency.
  • the stack operation involves 4 steps, and the register operation involves 2 steps. If each step requires one clock cycle of the register-based on-chip processor, Then the stack operation needs to consume 4 clock cycles, and the register operation only needs 2 clock cycles.
  • the register-based on-chip processor can read the operands corresponding to these operation instructions in parallel to implement parallel operations on these operands. For example, when the contract code contains 1000 instructions, assuming that each instruction needs to occupy one clock cycle of the register-based on-chip processor, then the sequential execution of the contract code needs to consume 1000 clock cycles, and based on the above parallel operation, the clock cycle can be reduced. The amount of consumption and the specific reduction depends on the dependency between the instructions.
  • the user may want to update the version of the circuit logic configuration file deployed on the FPGA board.
  • the authentication root key contained in the circuit logic configuration file may be known by risky users, or the user wants to update the version on the FPGA board.
  • the deployed functional modules are upgraded, etc. This manual does not limit this.
  • the circuit logic configuration file that has been deployed in the above process can be referred to as the old version of the circuit logic configuration file, and the circuit logic configuration file that needs to be deployed is referred to as the new version of the circuit logic configuration file.
  • the user can generate a new version of the circuit logic configuration file through the process of writing code and mirroring. Further, the user can sign the new version of the circuit logic configuration file with his own private key, and then encrypt the signed new version of the circuit logic configuration file with the configuration file deployment key negotiated above to obtain the encrypted new version of the circuit Logical configuration file. In some cases, there may be multiple users at the same time, so the old version of the circuit logic configuration file needs to deploy the preset certificates corresponding to these users to the FPGA board, and these users need to use their own private keys to pair the new version of the circuit. Sign the logical configuration file.
  • the user can remotely send the encrypted new version of the circuit logic configuration file to the blockchain node through the client, and the blockchain node will further transfer it to the FPGA board.
  • the decryption verification module formed on the FPGA chip in the foregoing process is located on the transmission path between the PCIE interface and the Flash chip, so that the encrypted new version of the circuit logic configuration file must first be successfully processed by the decryption verification module before it can be
  • the Flash chip is passed in to achieve a credible update, and the Flash chip cannot be updated directly without bypassing the process of decryption and verification.
  • the decryption verification module After the decryption verification module receives the encrypted new version of the circuit logic configuration file, it first decrypts it with the configuration file deployment key deployed on the FPGA board. If the decryption is successful, the decryption verification module is further based on the preset certificate deployed on the FPGA chip , To perform signature verification on the decrypted new version of the circuit logic configuration file.
  • the decryption fails or the signature verification fails, it means that the received file is not from the above-mentioned user or has been tampered with, and the decryption verification module will trigger the termination of this update operation; and if the decryption is successful and the verification is passed, it can be It is determined that the obtained new version of the circuit logic configuration file is from the aforementioned user and has not been tampered with during the transmission process.
  • the new version of the circuit logic configuration file can be further transmitted to the Flash chip to update and deploy the old version of the circuit logic configuration file in the Flash chip.
  • the above-mentioned key agreement module, decryption and verification module can also be formed on the FPGA chip, and the pre-set certificate and authentication can be stored in the FPGA chip. Root key and other information.
  • the formed key agreement module, decryption verification module, etc., the implemented functional logic can be changed and upgraded, and the information stored in the deployed preset certificate, authentication root key and other information may also be different from the information before the update .
  • the FPGA board can remotely negotiate with the user to obtain a new configuration file deployment key based on the updated key agreement module, authentication root key, etc., and the configuration file deployment key can be used for the next renewal Update process. Similarly, a reliable update operation for FPGA boards can be continuously implemented accordingly.
  • the FPGA board can generate certification results for the new version of the circuit logic configuration file.
  • the above-mentioned key agreement module can calculate the hash value of the new version of the circuit logic configuration file and the hash value of the configuration file deployment key negotiated based on the new version of the circuit logic configuration file through an algorithm such as sm3 or other algorithms.
  • the calculation result can be used as the above-mentioned authentication result, and the key agreement module sends the authentication result to the user.
  • the user can verify the authentication result on the client based on the maintained new version of the circuit logic configuration file and the configuration file deployment key negotiated accordingly. If the verification is successful, it indicates that the new version of the circuit logic configuration file is successful on the FPGA board. Deployed, and the user and the FPGA board successfully negotiated accordingly to obtain a consistent configuration file deployment key, thereby confirming the successful completion of the circuit logic configuration file update deployment.
  • Fig. 4 is a schematic structural diagram of an FPGA-based secure smart contract processor-based transaction processing device provided by an exemplary embodiment. Please refer to Figure 4, in the software implementation, the device may include:
  • the loading unit 401 causes the FPGA structure to load the deployed circuit logic configuration file in the memory onto the FPGA chip, so as to form a register-type on-chip processor for realizing virtual machine logic on the FPGA chip;
  • the acquiring unit 402 enables the FPGA structure to acquire the register-type code program of the smart contract involved in the transaction according to the transaction received by the blockchain node to which it belongs;
  • the execution unit 403 causes the FPGA structure to transfer the register-type code program to the register-type on-chip processor, so that the register-type on-chip processor executes the register-type code program.
  • the operands involved in the register-type code program are written into the registers on the FPGA chip.
  • the register-style code program is directly compiled by a high-level language program; or, the register-style code program is directly compiled by a bytecode program, and the bytecode program is directly compiled by the high-level language program .
  • it further includes: a decryption unit 404 to enable the FPGA structure to obtain an encrypted transaction from the blockchain node to which it belongs, and pass the transaction to the decryption module on the FPGA chip to obtain the content of the transaction in plaintext ;
  • the decryption module is formed on the FPGA chip by the deployed circuit logic configuration file;
  • An extracting unit 405 when the transaction is used to deploy a smart contract, causes the FPGA structure to extract the register code program from the plaintext transaction content;
  • the search unit 406 when the transaction is used for invoking a smart contract, causes the FPGA structure to extract the contract address from the plaintext transaction content, and obtain the register code program based on the contract address.
  • the search unit 406 is specifically configured to: make the FPGA structure request and obtain the encrypted register code program corresponding to the contract address from the blockchain node; make the FPGA structure encrypt the The latter register code program is passed into the decryption module to decrypt the register code program.
  • a plaintext storage unit 407 which enables the FPGA structure to store the contract state updated after the register code program is run in the on-chip storage space of the FPGA chip; or,
  • the ciphertext storage unit 408 enables the FPGA structure to encrypt the updated contract state after the register code program runs through the encryption module on the FPGA chip, and stores the encrypted contract state outside the FPGA chip The external storage space; wherein the encryption module is formed on the FPGA chip by the deployed circuit logic configuration file.
  • the virtual machine logic includes: the execution logic of the Ethereum virtual machine or the execution logic of the WASM virtual machine.
  • a typical implementation device is a computer.
  • the specific form of the computer can be a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email receiving and sending device, and a game control A console, a tablet computer, a wearable device, or a combination of any of these devices.
  • the computer includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.
  • processors CPU
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • the memory may include non-permanent memory in a computer readable medium, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer readable media.
  • RAM random access memory
  • ROM read-only memory
  • flash RAM flash memory
  • Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology.
  • the information can be computer-readable instructions, data structures, program modules, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, disk storage, quantum memory, graphene-based storage media or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
  • first, second, third, etc. may be used to describe various information in one or more embodiments of this specification, the information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other.
  • first information may also be referred to as second information, and similarly, the second information may also be referred to as first information.
  • word “if” as used herein can be interpreted as "when” or “when” or “in response to certainty”.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computing Systems (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Technology Law (AREA)
  • General Business, Economics & Management (AREA)
  • Storage Device Security (AREA)

Abstract

Procédé et dispositif de traitement de transaction pour processeur de contrat intelligent sécurisé à base de FPGA. Le procédé peut comprendre les étapes suivantes : une structure FPGA charge un fichier de configuration de logique de circuit déployé dans une mémoire vers une puce FPGA, formant ainsi un processeur sur puce de type registre utilisé pour mettre en œuvre une logique de machine virtuelle (102) ; la structure FPGA acquiert, sur la base d'une transaction reçue par un nœud de chaîne de blocs pertinent, un programme de code de type registre d'un contrat intelligent concernant la transaction (104) ; et la structure FPGA transmet le programme de code de type registre dans le processeur sur puce de type registre, permettant ainsi au processeur sur puce de type registre d'exécuter le programme de code de type registre (106).
PCT/CN2020/100492 2019-09-25 2020-07-06 Procédé et dispositif de traitement de transaction pour processeur de contrat intelligent sécurisé à base de fpga WO2021057167A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910913482.2 2019-09-25
CN201910913482.2A CN110738567B (zh) 2019-09-25 2019-09-25 基于fpga的安全智能合约处理器的交易处理方法及装置

Publications (1)

Publication Number Publication Date
WO2021057167A1 true WO2021057167A1 (fr) 2021-04-01

Family

ID=69269582

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/100492 WO2021057167A1 (fr) 2019-09-25 2020-07-06 Procédé et dispositif de traitement de transaction pour processeur de contrat intelligent sécurisé à base de fpga

Country Status (2)

Country Link
CN (1) CN110738567B (fr)
WO (1) WO2021057167A1 (fr)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110688651A (zh) * 2019-09-25 2020-01-14 支付宝(杭州)信息技术有限公司 基于fpga实现状态更新的方法及装置
CN110738567B (zh) * 2019-09-25 2021-02-09 支付宝(杭州)信息技术有限公司 基于fpga的安全智能合约处理器的交易处理方法及装置
CN111770206B (zh) * 2020-08-31 2020-12-29 支付宝(杭州)信息技术有限公司 一种部署智能合约的方法、区块链节点和存储介质

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109886682A (zh) * 2019-01-31 2019-06-14 阿里巴巴集团控股有限公司 区块链中实现合约调用的方法及节点、存储介质
WO2019120315A2 (fr) * 2019-03-26 2019-06-27 Alibaba Group Holding Limited Environnement d'exécution sécurisé basé sur un réseau prédiffusé programmable par l'utilisateur destiné à être utilisé dans un réseau de chaîne de blocs
CN110032884A (zh) * 2019-01-31 2019-07-19 阿里巴巴集团控股有限公司 区块链中实现隐私保护的方法及节点、存储介质
CN110245506A (zh) * 2019-05-30 2019-09-17 阿里巴巴集团控股有限公司 基于区块链的智能合约管理方法及装置、电子设备
CN110738567A (zh) * 2019-09-25 2020-01-31 支付宝(杭州)信息技术有限公司 基于fpga的安全智能合约处理器的交易处理方法及装置

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101834638A (zh) * 2010-05-28 2010-09-15 哈尔滨工业大学 能识别目标蓝牙功能设备的蓝牙通信系统
US20190095879A1 (en) * 2017-09-26 2019-03-28 Cornell University Blockchain payment channels with trusted execution environments
CN110264361A (zh) * 2019-06-24 2019-09-20 深圳前海微众银行股份有限公司 一种区块链的数据解析方法及装置

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109886682A (zh) * 2019-01-31 2019-06-14 阿里巴巴集团控股有限公司 区块链中实现合约调用的方法及节点、存储介质
CN110032884A (zh) * 2019-01-31 2019-07-19 阿里巴巴集团控股有限公司 区块链中实现隐私保护的方法及节点、存储介质
WO2019120315A2 (fr) * 2019-03-26 2019-06-27 Alibaba Group Holding Limited Environnement d'exécution sécurisé basé sur un réseau prédiffusé programmable par l'utilisateur destiné à être utilisé dans un réseau de chaîne de blocs
CN110245506A (zh) * 2019-05-30 2019-09-17 阿里巴巴集团控股有限公司 基于区块链的智能合约管理方法及装置、电子设备
CN110738567A (zh) * 2019-09-25 2020-01-31 支付宝(杭州)信息技术有限公司 基于fpga的安全智能合约处理器的交易处理方法及装置

Also Published As

Publication number Publication date
CN110738567A (zh) 2020-01-31
CN110738567B (zh) 2021-02-09

Similar Documents

Publication Publication Date Title
US11048825B2 (en) Managing a smart contract on a blockchain
CN110264195B (zh) 结合代码标注与交易、用户类型的收据存储方法和节点
CN110020855B (zh) 区块链中实现隐私保护的方法、节点、存储介质
TW202113645A (zh) 基於區塊鏈的智能合約管理方法及裝置、電子設備
WO2021057168A1 (fr) Procédé et appareil permettant de réaliser une opération de machine virtuelle sur la base d'un réseau fpga
CN110245490B (zh) 有条件的结合代码标注与类型维度的收据存储方法和节点
CN110266644B (zh) 结合代码标注与交易类型的收据存储方法和节点
CN110060054B (zh) 区块链中实现隐私保护的方法、节点、系统和存储介质
WO2021057184A1 (fr) Procédé et appareil de fonctionnement efficace pour un processeur de contrat intelligent de sécurité basé sur un fpga
WO2020233637A1 (fr) Procédé de stockage de reçu combinant un marquage de code avec un type d'utilisateur, et nœud
CN110245947B (zh) 结合交易与用户类型的条件限制的收据存储方法和节点
CN110264198B (zh) 结合代码标注与交易类型的有条件的收据存储方法和节点
CN110020856B (zh) 区块链中实现混合交易的方法、节点和存储介质
CN110264196B (zh) 结合代码标注与用户类型的有条件的收据存储方法和节点
WO2020233630A1 (fr) Procédé et nœud de mémorisation de reçus en fonction du type d'utilisateur
WO2021057166A1 (fr) Procédé et appareil pour mettre en œuvre un appel externe dans un fpga
WO2021057167A1 (fr) Procédé et dispositif de traitement de transaction pour processeur de contrat intelligent sécurisé à base de fpga
WO2021057181A1 (fr) Procédé et dispositif de négociation de clés à base de fpga
WO2020233640A1 (fr) Procédé de mémorisation de reçus et nœud basés sur un marquage de code et condition de détermination
WO2020233639A1 (fr) Procédé de stockage de reçus et nœud basés sur l'étiquetage de code et le type de fonction d'événement
WO2020233629A1 (fr) Procédé et nœud de stockage de reçu au niveau d'un objet sur la base d'un marquage de code
WO2021057182A1 (fr) Procédé et appareil de mise à jour de confiance pour logique fpga
WO2021057180A1 (fr) Procédé et dispositif de mise en œuvre de chaîne de blocs de confidentialité basée sur fpga, et dispositif
WO2020233627A1 (fr) Procédé et nœud de stockage de reçu basés sur de multiples types de dimensions
WO2021057272A1 (fr) Procédé et appareil pour mettre en œuvre une invocation de contrat basée sur fpga

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20867956

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20867956

Country of ref document: EP

Kind code of ref document: A1