WO2024001028A1 - Method and apparatus for maintaining blockchain data, and electronic device and storage medium - Google Patents

Abstract

Provided in the present description are a method and apparatus for maintaining blockchain data, and an electronic device and a storage medium. The method is applied to a node device, which is deployed with a blockchain node and a first trusted execution environment, wherein the node device maintains a blockchain non-relational database and a blockchain relational database, the blockchain non-relational database is used for maintaining ciphertext data, and the ciphertext data is obtained by the blockchain node encrypting, by means of a first key corresponding to a second trusted execution environment, blockchain data which is generated when a blockchain service is run in the second trusted execution environment. The method comprises: when remote attestation corresponding to a first trusted execution environment passes verification of a blockchain node, acquiring ciphertext data, which is maintained in a blockchain non-relational database; in the first trusted execution environment, decrypting, converting and encrypting the ciphertext data into ciphertext standard data; and maintaining the ciphertext standard data in a blockchain relational database, wherein the blockchain relational database is used for providing a data analysis service for an analysis demander.

Description

A method, device, electronic device and storage medium for maintaining blockchain data

This application requests the priority of the Chinese patent application submitted to the China Patent Office on June 29, 2022, with the application number 202210761451.1 and the invention title "A method, device, electronic device and storage medium for maintaining blockchain data", The entire contents of which are incorporated herein by reference.

Technical field

The embodiments of this specification belong to the field of blockchain technology, and particularly relate to a method, device, electronic device and storage medium for maintaining blockchain data.

Background technique

Blockchain is a new application model of computer technology such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithm. In the blockchain system, data blocks are combined into a chained data structure in a chronological manner and are cryptographically guaranteed to be an untamperable and unforgeable distributed ledger.

In traditional blockchain technology, in order to meet the storage needs of blockchain nodes for large amounts of data when running blockchain services, blockchain nodes usually use non-relational databases with efficient access efficiency for data storage. However, non-relational databases lack transaction relationships, lack connections between data and are not standardized, which is not conducive to data analysis. Relational databases have complete transaction relationships, connections between data and a strict standardized structure. If the non-relational database in traditional blockchain technology is replaced by a relational database, although it is beneficial to data analysis, it will not be used in the block chain. The direct use of relational databases in the chain's underlying system will bring huge challenges to the online read and write performance of blockchain nodes when running blockchain services. Therefore, how to implement convenient data analysis services while ensuring that the blockchain service execution process has high access efficiency is an urgent problem in this field that needs to be solved.

Contents of the invention

The purpose of the present invention is to provide a method, device, electronic device and storage medium for maintaining blockchain data.

According to a first aspect of one or more embodiments of this specification, a method for maintaining blockchain data is proposed, which is applied to a node device deployed with a blockchain node and a first trusted execution environment, and the node device maintains There are blockchain non-relational databases and blockchain relational databases. The blockchain non-relational database is used to maintain ciphertext data. The ciphertext data is stored in the second trusted database by the blockchain node. The blockchain data generated when running the blockchain service in the execution environment is encrypted by the first key corresponding to the second trusted execution environment; the method includes:

If the blockchain node passes the remote certification verification corresponding to the first trusted execution environment, obtain the ciphertext data maintained in the blockchain non-relational database;

In the first trusted execution environment, the ciphertext data is decrypted into the blockchain data through the first key, and the blockchain data is converted into a database corresponding to the blockchain relational database. The standard data defined by the mode information, and encrypting the standard data into ciphertext standard data through the second key corresponding to the first trusted execution environment;

The ciphertext standard data is maintained in the blockchain relational database, and the blockchain relational database is used to provide data analysis services running in the first trusted execution environment to the analysis requester.

According to a second aspect of one or more embodiments of this specification, a device for maintaining blockchain data is proposed, which is applied to a node device deployed with a blockchain node and a first trusted execution environment, and the node device maintains There are blockchain non-relational databases and blockchain relational databases. The blockchain non-relational database is used to maintain ciphertext data. The ciphertext data is stored in the second trusted database by the blockchain node. The blockchain data generated when running the blockchain service in the execution environment is encrypted by the first key corresponding to the second trusted execution environment; the device includes:

A blockchain data acquisition unit configured to acquire the ciphertext maintained in the blockchain non-relational database when the blockchain node passes the remote certification verification corresponding to the first trusted execution environment. data;

A blockchain data acquisition unit, configured to decrypt the ciphertext data into the blockchain data through the first key in the first trusted execution environment, and convert the blockchain data into the blockchain data. Standard data defined by the database schema information corresponding to the blockchain relational database, and encrypting the standard data into ciphertext standard data through the second key corresponding to the first trusted execution environment;

A standard data maintenance unit, used to maintain the ciphertext standard data in the blockchain relational database, and the blockchain relational database is used to provide the analysis requester with information running in the first trusted execution environment. data analysis services.

According to a third aspect of one or more embodiments of this specification, an electronic device is proposed, including:

processor;

Memory used to store instructions executable by the processor;

Wherein, the processor implements the method described in the first aspect by running the executable instructions.

According to a fourth aspect of one or more embodiments of this specification, a computer-readable storage medium is proposed, on which computer instructions are stored, and when the instructions are executed by a processor, the steps of the method described in the first aspect are implemented.

The embodiment of this specification separately deploys a blockchain non-relational database and a blockchain relational database on node devices. On the one hand, the blockchain non-relational database is used to maintain and run blockchain services on blockchain nodes. The ciphertext data obtained by encrypting the blockchain data generated at the time enables the blockchain node to efficiently store the encrypted blockchain data and efficiently read the ciphertext data when running the blockchain service; on the other hand, , by decrypting, converting and encrypting the ciphertext data maintained in the blockchain non-relational database into ciphertext standard data to be simultaneously maintained in the blockchain relational database, thereby using the blockchain relational database to achieve convenient Data analysis services. In addition, whether it is the blockchain service run by the blockchain node, or the process of decrypting, converting and encrypting the ciphertext data by the node device, it is carried out in the corresponding trusted execution environment. At the same time, the blockchain node is providing the ciphertext. The remote certificate corresponding to the first trusted execution environment needs to be verified in advance before data is sent, thereby ensuring system-level data security in data processing, data transmission and data storage. The method for maintaining blockchain data involved in the embodiments of this specification realizes the backup of one data in two places, objectively improves the disaster recovery capability, and realizes convenient data access while ensuring efficient access efficiency during the execution of the blockchain service. Analysis services; at the same time, due to the combination of trusted execution environment technology, it realizes the entire process of trusted data transfer and trusted data processing from on-chain blockchain services to off-chain data conversion and data analysis services. The risk of data leakage is reduced as much as possible.

Description of drawings

In order to explain the technical solutions of the embodiments of this specification more clearly, the drawings needed to be used in the description of the embodiments will be briefly introduced below. Obviously, the drawings in the following description are only some of the embodiments recorded in this specification. , for those of ordinary skill in the art, other drawings can also be obtained based on these drawings without exerting creative labor.

Figure 1 is a flow chart of a method for maintaining blockchain data provided by an exemplary embodiment.

Figure 2 is a system architecture diagram for maintaining blockchain data provided by an exemplary embodiment.

Figure 3 is a schematic structural diagram of a device provided by an exemplary embodiment.

Figure 4 is a block diagram of a device for maintaining blockchain data provided in an exemplary embodiment.

Detailed ways

In order to enable those skilled in the art to better understand the technical solutions in this specification, the technical solutions in the embodiments of this specification will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of this specification. Obviously, the described The embodiments are only some of the embodiments of this specification, but not all of the embodiments. Based on the embodiments in this specification, all other embodiments obtained by those of ordinary skill in the art without creative efforts should fall within the scope of protection of this specification.

Figure 1 is a flow chart of a method for maintaining blockchain data provided by an exemplary embodiment. This method is applied to a node device deployed with a blockchain node and a first trusted execution environment. The node device maintains a blockchain non-relational database and a blockchain relational database. The blockchain non-relational database The database is used to maintain ciphertext data. The ciphertext data is generated by the blockchain node when running the blockchain service in the second trusted execution environment through the corresponding second trusted execution environment. The first key is obtained through encryption; the method includes:

S102: If the blockchain node passes the remote certification verification corresponding to the first trusted execution environment, obtain the ciphertext data maintained in the blockchain non-relational database.

Figure 2 is a system architecture diagram for maintaining blockchain data provided by an exemplary embodiment. As shown in Figure 2, each blockchain node in the blockchain network is deployed on the corresponding node device. Each node device maintains both a blockchain non-relational database and a blockchain relational database. At the same time, the node device is also deployed with a first trusted execution environment (Trusted execution environment, TEE) and a second trusted execution environment. In the embodiment of this specification, the blockchain non-relational database is a non-relational database, and the blockchain relational database is a relational database. In addition, the second trusted execution environment is used to undertake the blockchain node to run the block. chain service, and the first trusted execution environment is used to undertake the data analysis service of the node device. At the same time, the first trusted execution environment is also used to undertake the process of decrypting, converting and re-encrypting the ciphertext data by the node device. Specifically, , a data conversion engine and a data analysis engine running in the first trusted execution environment are deployed under the node device chain. The data conversion engine is used to perform the process of decrypting, converting and re-encrypting ciphertext data, and the data analysis engine The engine is used to run data analysis services.

In the embodiment of this specification, the data inside the trusted execution environment needs to be in the clear text state. When the data goes out of the domain, that is, when the data needs to be output to the outside of the trusted execution environment, it is necessary to ensure that the data is encrypted and in the cipher text state. , therefore, the trusted execution environment maintains a corresponding key to encrypt internal data and output it to the outside, or to read ciphertext from the outside and decrypt it into plaintext internally. Normally, the key corresponding to the trusted execution environment belongs to Symmetric key. For example, in the embodiment of this specification, the first trusted execution environment maintains a second key for encryption and decryption in the process of accessing data from the blockchain non-relational database, and the second trusted execution environment maintains a second key. The first key is used for encryption and decryption during the process of accessing data from the blockchain relational database.

On the one hand, the blockchain non-relational database serves as the native database for blockchain nodes to run blockchain services, that is, as part of the infrastructure of the underlying system of the blockchain, it is used to run blockchain services on blockchain nodes. The blockchain data generated during the process is efficiently accessed. In order to ensure data security, the blockchain node uses it as a substitute for directly storing the blockchain data when it needs to store the blockchain data in the blockchain non-relational database. , the blockchain node can first encrypt the blockchain data in the second trusted execution environment to obtain the ciphertext data (through the first key corresponding to the second trusted execution environment), and then store the ciphertext data in the zone The blockchain non-relational database avoids the risk of data leakage caused by directly storing plain text data. Of course, in addition to maintaining ciphertext data, the blockchain non-relational database is also used to maintain the blockchain nodes. The blockchain data generated when running the blockchain service, that is to say, some blockchain data with low privacy requirements can be directly accessed in plaintext in the blockchain non-relational database. Blockchain non-relational databases can specifically use Key-Value databases (key-value databases, a typical non-relational database, referred to as K-V database). Unlike relational databases, K-V databases do not know the value of the stored data. And there is no concept of schema (database schema information) like in MySQL (relational database management system) and PostgreSQL (a free software object-relational database management system with very complete features). This means that it cannot filter and query part of the stored data by using SQL (Structured Query Language) with where like a relational database. If you don't know where to query, you need to traverse all key values, find the corresponding value, filter it, and finally retain only the part of the data you want. This will result in a very large amount of calculation, and it also means that the K-V database can ensure high performance only when the key is known, otherwise its performance is obviously insufficient. Therefore, although the K-V database is superior to the relational database in terms of absolute access speed, the requirement of knowing the key value limits its application scenarios. Although the above description only involves the introduction of K-V database, it is essentially applicable to most non-relational databases. Generally speaking, non-relational databases have efficient access speed but lack data analysis capabilities, such as the lack of index-based and data-based databases. The ability to query relationships between

In the embodiment of this specification, since the blockchain underlying system (including blockchain nodes and corresponding blockchain databases) deployed by the node equipment continues to use a non-relational database with efficient access speed (i.e., blockchain non-relational type database), so the blockchain node can efficiently access data from the blockchain non-relational database when running the blockchain service, thereby ensuring the efficient operation of the blockchain service. At the same time, because the stored Blockchain data is encrypted to obtain ciphertext data, so it can also avoid security risks caused by data leakage.

On the other hand, the node devices involved in the embodiments of this specification also maintain an additional blockchain relational database as a native database for providing data analysis services to users, that is, as part of the infrastructure of the data analysis system, used to provide analysis services to users. The demander provides data analysis services. For example, blockchain non-relational databases can specifically use relational databases such as Oracle database and MySQL. A relational database refers to a database that uses a relational model to organize data. It stores data in the form of rows and columns to facilitate user understanding. The series of rows and columns in a relational database are called tables, and a set of tables consists of database. Users retrieve data from a database through queries, which are executable codes that limit certain areas of the database. The relational model can be simply understood as a two-dimensional table model, and a relational database is a data organization composed of two-dimensional tables and the relationships between them. A relational database needs to define the table structure, table relationships, and standardized Database schema information such as data structure is then stored in data based on the database schema information. It supports SQL and has strong data analysis capabilities. However, because relational databases place great emphasis on data consistency, they pay a huge price for reducing read and write performance. , although the reliability of relational database for storing and processing data is very good, the efficiency will become very poor once faced with the processing of massive data, especially when encountering high concurrent reading and writing, the performance will drop very much. sharp. In general, relational databases have powerful data analysis capabilities but poor access speed and read and write performance, and are not suitable for large-scale concurrent read and write application scenarios.

In the embodiment of this description, since the data analysis system deployed under the node device chain (including the data analysis engine and corresponding database not shown in Figure 2) adopts a non-relational database (i.e., block database) with efficient access speed, chain relational database), thus enabling node devices to utilize the powerful data analysis capabilities of blockchain non-relational databases when running data analysis services by calling the data analysis engine, thereby ensuring that convenient data analysis is provided to analysis demand parties. Serve.

The data maintained in the blockchain relational database involved in the embodiments of this specification is obtained through data conversion and migration in the blockchain non-relational database. The process of data conversion and migration will be introduced in detail below.

In the embodiment of this specification, only when the blockchain node passes the remote certification verification corresponding to the first trusted execution environment, the node device can obtain all the information maintained in the blockchain non-relational database. Describe the ciphertext data. For the blockchain node, it needs to verify the access rights to any data requester requesting data from the non-relational database in the blockchain, so that the data requester is allowed to request the data only if the data requester has access rights. The party provides data. In this embodiment, the node device (specifically, the data conversion engine deployed by the node device) belongs to the data demander. Therefore, the blockchain node needs to verify whether the node device has access to the blockchain non-relational database. Permissions, the embodiment of this specification determines whether the node device has access permissions to the blockchain non-relational database by verifying whether the remote certificate corresponding to the first trusted execution environment deployed by the node device is valid. Specifically, the remote certificate corresponding to the first trusted execution environment includes the first trusted execution environment using the CPU private key corresponding to the first trusted execution environment to all the programs running in its environment (the hash values corresponding to these programs) After obtaining the digital signature obtained by signing the remote certificate, the blockchain node can verify the digital signature contained in the remote certificate through the CPU public key corresponding to the locally maintained first trusted execution environment. After verification, If the signature is passed, it can be confirmed that the node device is indeed running the first trusted execution environment and that the program running in the first trusted execution environment is legal and trustworthy and has not been tampered with, thereby determining that the node device has the qualifications of a blockchain non-relational database. Access rights; or, after obtaining the remote certificate, the blockchain node may not have the CPU public key corresponding to the first trusted execution environment, so it can also send the remote certificate to the holder of the first trusted execution environment. The authentication third party of the corresponding CPU public key will return the corresponding remote authentication report to the blockchain node after verifying that the remote certificate is passed. The blockchain node will verify the corresponding public key through the authentication third party. If the remote authentication report is valid and the remote authentication report is used to indicate that the remote certification is valid, it can be confirmed that the node device indeed runs the first trusted execution environment and that the program running in the first trusted execution environment is legal and trustworthy. It has not been tampered with, so it can be judged that the node device has access rights to the blockchain non-relational database.

In the embodiment of this specification, obtaining the ciphertext data maintained in the blockchain non-relational database includes: receiving the ciphertext data actively pushed by the blockchain node; and/or, Send a blockchain data request to the blockchain node, and receive the ciphertext data returned by the blockchain node in response to the blockchain data request.

The method for maintaining blockchain data involved in the embodiments of this specification is applied to node devices, specifically to the data conversion engine deployed under the node device chain. The node device can obtain the ciphertext data maintained in the non-relational database of the blockchain through at least one of two methods. The two methods include: first, by receiving the ciphertext data actively pushed by the blockchain node, For example, every time a blockchain node adds or modifies ciphertext data to the blockchain non-relational database while running the blockchain service in the second trusted execution environment, the blockchain node will send a message to the chain. The data conversion engine under the system actively pushes data update messages carrying the latest newly added or modified ciphertext data. This method can timely convert and synchronize the data in the blockchain non-relational database to the blockchain relational database. Thereby ensuring the symmetry and timeliness of data in the blockchain relational database; secondly, sending a blockchain data request to the blockchain node through the node device to obtain the response of the blockchain node to the blockchain data Request the returned ciphertext data. This method obtains the ciphertext data through the request-response mode, which can effectively control the range of the requested ciphertext data and thus shield some data that does not need to be maintained in the blockchain relational database.

In the embodiment of this specification, the remote certificate is included in the blockchain data request; or, the remote certificate is maintained in the blockchain node in advance. When remote certification is included in the blockchain data request, it is equivalent to the blockchain node verifying the latest remote certification corresponding to the first trusted execution environment, thereby ensuring the timeliness of the remote certification. When the remote certification is pre-maintained on the blockchain node, it is equivalent to the blockchain node being able to determine whether the node device has access rights to the blockchain non-relational database through the remote certification maintained on the blockchain node in advance. Therefore, the intermediate links in the process of node devices obtaining ciphertext data can be reduced, and the efficiency of obtaining ciphertext data can be increased.

Optionally, sending a blockchain data request to the blockchain node includes: initiating to the smart contract deployed by the blockchain node a non-relational database maintained in the blockchain for the smart contract. The blockchain data request for the ciphertext data in the blockchain node; or, initiating the blockchain data request for the ciphertext data maintained in the blockchain non-relational database to the blockchain node. Data Request.

The blockchain data involved in the embodiments of this specification includes block data, status data and event data. Among them, block data refers to the blockchain ledger maintained by each blockchain node in the blockchain network. The blockchain ledger and/or the ciphertext data corresponding to the blockchain ledger are essentially maintained in the non-blockchain database. In relational databases, since the blockchain ledger is a special data structure, it is composed of multiple blocks connected end to end through hash anchoring and cannot be tampered with. Each block consists of a block header and a block The block header of any block contains information such as the status tree root, transaction number root, receipt tree root, block height and the hash value of the corresponding parent block of the block, while the block body Contains the transaction data (transaction hash) contained in the block. The block data involved in the embodiments of this specification refers to the data contained in the blockchain ledger. The status data and event data involved in the embodiments of this specification are maintained by various smart contracts deployed by the blockchain nodes. In essence, the status data, event data and/or the ciphertext data corresponding to the status data and event data are maintained in The contract storage space corresponding to each smart contract in the blockchain non-relational database.

In one embodiment, the blockchain node is deployed with several smart contracts, and each smart contract maintains corresponding status data. These status data are encrypted with the first key in the second trusted execution environment as The form of ciphertext data is maintained in the contract storage space corresponding to any of the smart contracts in the blockchain non-relational database. The node device can initiate a blockchain data request to the smart contract deployed by the blockchain node (in fact, any smart contract is deployed on each blockchain node in the blockchain network). The blockchain data request is Formally it is a blockchain transaction. After the blockchain transaction is received by the blockchain node, the blockchain node will further call the smart contract instructed by the blockchain transaction to execute the blockchain transaction. When the smart contract executes the blockchain transaction, it searches for and obtains the ciphertext data indicated by the blockchain transaction from the contract storage space corresponding to the smart contract in the blockchain non-relational database, and uses the ciphertext data as The response message corresponding to the blockchain data request (such as in the form of a blockchain event) is called back to the node device, thereby achieving the method of calling a smart contract to obtain the ciphertext data maintained in the blockchain non-relational database.

In another embodiment, the node device can directly initiate a blockchain data request to the blockchain node, for example, initiate a blockchain data request through the data query interface of the blockchain node. The blockchain data request is used to make the district The blockchain node retrieves the ciphertext data indicated by the blockchain data request from the blockchain non-relational database (obtained from the block data encrypted by the first key in the second trusted execution environment) and calls back to Node device.

In another embodiment, the node device can directly initiate a blockchain data request to the blockchain non-relational database, for example, through the database interface of the blockchain non-relational database, which is equivalent to the node. Local calls under the device chain without going through the blockchain node, the blockchain non-relational database directly responds to the received blockchain data request and returns the ciphertext data indicated by the blockchain data request.

It should be noted that although a blockchain data request is in the same form as a blockchain transaction, it does not necessarily have all the properties of a blockchain transaction. For example, a blockchain node may not necessarily Instead of consensus in the blockchain network, it is processed as a local call request. This kind of blockchain transaction that will only be executed within the local blockchain node without consensus is called a local transaction; of course, the blockchain Data requests can also have all the properties of a blockchain transaction, that is, after completing consensus in the blockchain network as a consensus transaction, they are executed separately by each blockchain node in the blockchain network.

S104: In the first trusted execution environment, decrypt the ciphertext data into the blockchain data using the first key, and convert the blockchain data into the blockchain relational database corresponding The standard data defined by the database schema information, and the standard data is encrypted into ciphertext standard data through the second key corresponding to the first trusted execution environment.

After the node device obtains the ciphertext data, it will read it into the first trusted execution environment, and at the same time call the data conversion engine running in the first trusted execution environment to execute the relevant ciphertext in the first trusted execution environment. Data decryption, transformation and encryption tasks. Specifically, the node device first decrypts the ciphertext data into plaintext data, that is, the aforementioned blockchain data, through the first key, and then converts the blockchain data into the blockchain relationship. The standard data defined by the database schema information corresponding to the database is finally encrypted into ciphertext standard data through the second key corresponding to the first trusted execution environment. Since the above processes are all implemented in the first trusted execution environment, data leakage issues can be effectively avoided and system security improved.

In the embodiment of this specification, the first key is provided to the first trusted execution environment deployed by the node device when the blockchain node passes the verification of the remote certificate; or, the first key is pre- Maintained in the first trusted execution environment. The first key can be provided by the blockchain node to the third node in the node device in a timely manner under the condition of verifying the remote attestation (that is, the blockchain node confirms that the node device has access rights to the blockchain non-relational database). A trusted execution environment, or pre-maintained in the first trusted execution environment, for example, historically the node device has been confirmed by the blockchain node to have the corresponding access rights and the first key has been provided by the blockchain node to the first Trusted execution environment, then the first trusted execution environment will maintain the first key in advance.

The database schema information involved in the embodiments of this specification specifically refers to the database schema. Schema is an abstract collection of metadata, including a set of schema components: mainly the declaration of elements and attributes, and the definition of complex and simple data types. , specifically including: defining the elements that can appear in the document; defining the attributes that can appear in the document; defining which element is a sub-element; defining the order of sub-elements; defining the number of sub-elements; defining whether the element is empty or whether it can Contains text; defines data types for elements and attributes; defines default and fixed values for elements and attributes. In a database, schema is the organization and structure of the database. Database schema information contains schema objects, which can be tables, columns, data types, views, stored procedures, relationships, and primary keys. , foreign key, etc. Database schema information can be represented by a visual diagram that shows database objects and their relationships to each other. Since the database schema information is used to describe the structure of the database and can be used as a blueprint for creating a database, by specifying the database schema information corresponding to a database, it can guide how the data in the database is stored.

After the node device decrypts the blockchain data, it will convert the blockchain data into standard data defined by the database schema information based on the database schema information corresponding to the blockchain relational database in the first trusted execution environment. This means that the converted standard data can be maintained in the blockchain relational database according to certain rules, and the standard data already has a standardized structure and is defined to be connected with other data in the blockchain relational database. Relationship. The conversion process of blockchain data to standard data includes but is not limited to the conversion of data tables, rows, and columns. For example, the block is implemented through the ETL (Extract-Transform-Load, data warehouse technology based on data extraction, conversion, and loading) mechanism. The specific implementation methods for converting chain data into standard data have been documented in existing technologies and will not be described again here. Since the ciphertext standard data is obtained by encrypting the standard data, it is only numerically desensitized, but it still retains the structure of the standard data state and the relationship between the standard data state and other data, that is, The ciphertext standard data, like the standard data before encryption, can be maintained in the blockchain relational database according to certain rules.

Optionally, in the case where the blockchain data request is for the ciphertext data maintained in the blockchain non-relational database by the smart contract, the method further includes:

Initiate a schema information query request to the smart contract, and determine the first database schema information recorded in the smart contract returned by the smart contract in response to the schema information query request as corresponding to the blockchain relational database The database schema information.

In the embodiment of this specification, the database schema information corresponding to the blockchain relational database can be maintained at the node device in advance (for example, set by the administrator user of the node device), or can be obtained by requesting a smart contract. As mentioned before, each smart contract deployed by the blockchain node has a corresponding contract storage space in the blockchain non-relational database, and each smart contract has different characteristics when processing data, organizing data, and storing data. characteristics, so the corresponding contract storage spaces of different smart contracts in the non-relational blockchain have different data organization forms, and this data organization form includes the format, relationship and connotation of the data organization, etc. It is also based on database schema information The form is maintained in the smart contract. Therefore, in order to correctly deal with the ciphertext data with different organizational characteristics maintained by different smart contracts in the non-relational database of the blockchain, the embodiment of this specification obtains the ciphertext data maintained in the smart contract corresponding to the smart contract by requesting the corresponding smart contract. The first database schema information of the ciphertext data maintained in the non-relational database is used to decrypt, convert and encrypt the ciphertext data involved in maintaining the smart contract in the blockchain relational database (decryption can also be used in this specification) , the process of conversion and encryption is referred to as conversion), so that the ciphertext standard data involved in the smart contract can be correctly maintained in the blockchain relational database. When a blockchain node contains multiple smart contracts, and different smart contracts have different data organization forms, the database schema information corresponding to each smart contract can be obtained through the embodiments of this specification, and the database schema information corresponding to the smart contract can be obtained according to the corresponding smart contract. The database schema information is used as the database schema information corresponding to the blockchain relational database to realize the conversion of the ciphertext data involved in the corresponding smart contract into the ciphertext standard data, and finally according to the respective database schema information of different smart contracts, Realize the correct maintenance of ciphertext standard data involved in multiple smart contracts in the blockchain relational database. At this time, it is equivalent to the blockchain relational database application having a variety of different database schema information, and the database schema information corresponding to any smart contract only supports the maintenance of the ciphertext standard data involved in any smart contract (that is, from any The ciphertext standard data obtained by decrypting, converting and encrypting the ciphertext data in the smart contract), thereby supporting multiple smart contracts using different data organization forms to correctly convert the ciphertext data maintained in the blockchain non-relational database into ciphertext data. After documenting the standard data, it is finally migrated to the blockchain relational database for maintenance in the form of ciphertext standard data.

S106: Maintain the ciphertext standard data in the blockchain relational database. The blockchain relational database is used to provide data analysis services running in the first trusted execution environment to the analysis requester.

After the node device encrypts the ciphertext standard data in the first trusted environment, it can store the ciphertext standard data in the blockchain relational database according to the blockchain mode information corresponding to the blockchain relational database to achieve Conversion and migration of ciphertext data in the blockchain non-relational database to ciphertext standard data in the blockchain relational database. Since the blockchain relational database supports a variety of SQL and has powerful data analysis capabilities (such as data query capabilities based on various conditions, indexes, and relationships), the blockchain relational database can easily provide analysis needs to parties. Data analysis service, and because the data analysis service runs in the first trusted execution environment, it actually decrypts the ciphertext standard data in the first trusted execution environment and then analyzes it to obtain the analysis results. Analyzing data can ensure the efficiency of analysis, and running data analysis services in TEE can also ensure data security. For example, the data analysis engine running in the first trusted execution environment deployed on and off the chain of the node device provides a data analysis interface to the outside world, so as to provide analysis requesters that call the analysis interface externally for the blockchain relational database. Data analysis services.

The embodiment of this specification separately deploys a blockchain non-relational database and a blockchain relational database on node devices. On the one hand, the blockchain non-relational database is used to maintain and run blockchain services on blockchain nodes. The ciphertext data obtained by encrypting the blockchain data generated at the time enables the blockchain node to efficiently store the encrypted blockchain data and efficiently read the ciphertext data when running the blockchain service; on the other hand, , by decrypting, converting and encrypting the ciphertext data maintained in the blockchain non-relational database into ciphertext standard data to be simultaneously maintained in the blockchain relational database, thereby using the blockchain relational database to achieve convenient Data analysis services. In addition, whether it is the blockchain service run by the blockchain node, or the process of decrypting, converting and encrypting the ciphertext data by the node device, it is carried out in the corresponding trusted execution environment. At the same time, the blockchain node is providing the ciphertext. The remote certificate corresponding to the first trusted execution environment needs to be verified in advance before data is sent, thereby ensuring system-level data security in data processing, data transmission and data storage. The method for maintaining blockchain data involved in the embodiments of this specification realizes the backup of one data in two places, objectively improves the disaster recovery capability, and realizes convenient data access while ensuring efficient access efficiency during the execution of the blockchain service. Analysis services; at the same time, due to the combination of trusted execution environment technology, it realizes the entire process of trusted data transfer and trusted data processing from on-chain blockchain services to off-chain data conversion and data analysis services. The risk of data leakage is reduced as much as possible.

Optional, also includes:

Receive the data analysis request sent by the analysis requester;

Reading at least one ciphertext standard data corresponding to the data analysis request maintained in the blockchain relational database into the first trusted execution environment, and decrypting the at least one ciphertext standard data respectively using the second key For at least one standard data, the analysis result obtained by analyzing the at least one standard data based on the data analysis request is returned to the analysis requester.

As an embodiment of providing data analysis services, the data analysis engine deployed on and off-chain on the node device can also be used to receive data analysis requests sent by the analysis requester, and then retrieve the blockchain relational database based on the data analysis engine. At least one ciphertext standard data corresponding to the data analysis request maintained in the first trusted execution environment is read into the first trusted execution environment, and the at least one ciphertext standard data is decrypted into at least one standard data using the second key, and in the first Build a memory database based on at least one standard data (plain text state) in a trusted execution environment, analyze the memory database based on the data analysis request, and return the analysis results obtained by the analysis to the analysis requester, and the analysis results It can be encrypted by the second key and then returned to the analysis requester, or it can be directly returned to the analysis requester in plain text. This instruction does not impose any restrictions on this, and a complete data analysis service can be achieved at this point. For example, if the data analysis request is a data query request that satisfies both condition A and condition B, then the data analysis engine will query the ciphertext standard data that satisfies both condition A and condition B in the blockchain relational database, and convert these ciphertext standard data into the blockchain relational database. The text standard data is read into the first trusted execution environment and decrypted into standard data through the second key, and then returned to the analysis requester as an analysis result.

Optionally, reading at least one ciphertext standard data corresponding to the data analysis request maintained in the blockchain relational database into the first trusted execution environment includes:

When it is determined that the analysis requester is a legitimate user of the data analysis service, the at least one ciphertext standard data corresponding to the data analysis request maintained in the blockchain relational database is read into the third A trusted execution environment.

In the embodiment of this specification, the node device needs to first verify the analysis permission of the analysis requester, and only after confirming that the analysis requester has the analysis permission will it respond to the data analysis request sent by the analysis requester and perform subsequent steps. The node device maintains a legal user list corresponding to the data analysis service in the first trusted execution environment. The node device, specifically the data analysis engine, can verify the identity of the analysis requester (for example, through the first analysis requester corresponding to the first The public key is used to verify the digital signature contained in the data analysis request. If the signature verification passes, it is confirmed that the data analysis request does come from the first analysis requester corresponding to the first public key), by checking that the digital signature included in the legal user list If the identification information of the analysis requester is included, it is determined that the analysis requester has the analysis authority. If the legal user list does not contain the identification information of the analysis requester, it is determined that the analysis requester does not have the analysis authority.

Optionally, the first user list ciphertext corresponding to the legal user is maintained in the blockchain relational database, and the first user list ciphertext is passed by the node device in the first trusted execution environment through the second The first user list is obtained by encrypting the first user list with the key. The first user list is decrypted by the node device in the first trusted execution environment using the first key to decrypt the second user list ciphertext and based on the database schema information. Obtained after conversion, wherein the second user list ciphertext is maintained in the blockchain non-relational database by the user authorization contract deployed by the blockchain node.

In the embodiment of this specification, the legal user list corresponding to the legal user is obtained by the node device reading the first user list ciphertext from the blockchain relational database and using the second key in the first trusted execution environment. Decryption is obtained, and the ciphertext of the first user list maintained in the blockchain relational database is also obtained from the second user list in the blockchain non-relational database through the method of maintaining blockchain data involved in the embodiment of this specification. The ciphertext is migrated. Specifically, the legal user list corresponding to the legal user is actually maintained in the user authorization contract deployed by the blockchain node, which can be modified, updated, added, etc. through blockchain transactions, as mentioned above. As mentioned above, the legal user list maintained by the user authorization contract is actually encrypted by the blockchain node through the second key into the second user list ciphertext, and then maintained in the blockchain non-relational database corresponding to the user authorization. Within the contract storage space of the contract, therefore, the second user list ciphertext can be used as the ciphertext data involved in the embodiments of this specification, and is deployed on the node device through the method of maintaining blockchain data involved in the embodiments of this specification. The legal user list obtained by the data conversion engine is decrypted by the second key in the first trusted execution environment into a clear text state, and the legal user list is further converted into a database schema information definition corresponding to the blockchain relational database. The standard legal user list (the data connotation contained in it is consistent with the legal user list), so that the standard legal user list is finally encrypted by the first key to the second user list ciphertext backup and maintained in the blockchain relational database. When the data analysis engine running in the first trusted execution environment needs to obtain the legal user list, it can read the first user list ciphertext from the blockchain relational database and use the second key to decrypt it to obtain the standard legal user list. . In the embodiment of this specification, the legal user list corresponding to the legal user is essentially maintained by the user authorization contract deployed on the blockchain node, and the node device can use the method of maintaining blockchain data involved in the embodiment of this specification to maintain the area. The legal user list stored in the blockchain non-relational database in the form of the second user list ciphertext is synchronously maintained in the blockchain relational database in the form of the first user list ciphertext, so that the node device does not need to call the user authorization on the chain. The contract can obtain the list of legal users through off-chain methods.

Figure 3 is a schematic structural diagram of a device provided by an exemplary embodiment. Please refer to Figure 3. At the hardware level, the device includes a processor 302, an internal bus 303, a network interface 306, a memory 308 and a non-volatile memory 310. Of course, it may also include hardware required for other functions. One or more embodiments of this specification may be implemented based on software. For example, the processor 302 reads the corresponding computer program from the non-volatile memory 310 into the memory 308 and then runs it. Of course, in addition to software implementation, one or more embodiments of this specification do not exclude other implementations, such as logic devices or a combination of software and hardware, etc. That is to say, the execution subject of the following processing flow is not limited to each A logic unit can also be a hardware or logic device.

As shown in Figure 4, Figure 4 is a block diagram of a device for maintaining blockchain data provided in this specification according to an exemplary embodiment. This device can be applied to the equipment shown in Figure 3 to implement the instructions of this specification. Technical solution: This device is applied to node equipment deployed with blockchain nodes and a first trusted execution environment. The node equipment maintains a blockchain non-relational database and a blockchain relational database. The blockchain The non-relational database is used to maintain ciphertext data. The ciphertext data is generated by the blockchain node when running the blockchain service in the second trusted execution environment through the second trusted execution environment. The first key corresponding to the environment is encrypted and obtained; the device includes:

The ciphertext data acquisition unit 401 is configured to acquire the ciphertext maintained in the blockchain non-relational database when the blockchain node passes the remote certification verification corresponding to the first trusted execution environment. data;

Data conversion unit 402, configured to decrypt the ciphertext data into the blockchain data through the first key in the first trusted execution environment, and convert the blockchain data into the block Link the standard data defined by the database schema information corresponding to the relational database, and encrypt the standard data into ciphertext standard data through the second key corresponding to the first trusted execution environment;

The ciphertext standard data maintenance unit 403 is used to maintain the ciphertext standard data in the blockchain relational database, and the blockchain relational database is used to provide analysis demanders with information running on the first trusted Data analysis services in the execution environment.

Optionally, the ciphertext data acquisition unit 401 is specifically used to:

Receive the ciphertext data actively pushed by the blockchain node; and/or,

Send a blockchain data request to the blockchain node, and receive the ciphertext data returned by the blockchain node in response to the blockchain data request.

Optionally, the ciphertext data acquisition unit 401 is further used to:

Initiate the blockchain data request for the ciphertext data maintained in the blockchain non-relational database by the smart contract to the smart contract deployed by the blockchain node; or,

Initiating the blockchain data request for the ciphertext data maintained in the blockchain non-relational database to the blockchain node.

Optionally, in the case where the blockchain data request is for the ciphertext data maintained in the blockchain non-relational database by the smart contract, the device further includes:

The mode information query request sending unit 404 is configured to initiate a mode information query request to the smart contract, and determine the first database mode information recorded in the smart contract returned by the smart contract in response to the mode information query request. It is the database schema information corresponding to the blockchain relational database.

Optionally, the remote certificate is included in the blockchain data request; or,

The remote certificate is maintained in the blockchain node in advance.

Optionally, the blockchain data includes block data, status data and event data.

Optionally, the first key is provided to the first trusted execution environment deployed by the node device when the blockchain node passes the verification of the remote certificate; or, the first key is maintained in advance in the first trusted execution environment. A trusted execution environment.

Optional, also includes:

The data analysis request receiving unit 405 is used to receive the data analysis request sent by the analysis requester;

The analysis result return unit 406 is configured to read at least one ciphertext standard data corresponding to the data analysis request maintained in the blockchain relational database into the first trusted execution environment, and use the second key to return the ciphertext standard data to the first trusted execution environment. At least one ciphertext standard data is respectively decrypted into at least one standard data, and the analysis result obtained by analyzing the at least one standard data based on the data analysis request is returned to the analysis requester.

Optionally, the analysis result return unit 406 is further used to:

When it is determined that the analysis requester is a legitimate user of the data analysis service, the at least one ciphertext standard data corresponding to the data analysis request maintained in the blockchain relational database is read into the third A trusted execution environment.

Optionally, the first user list ciphertext corresponding to the legal user is maintained in the blockchain relational database, and the first user list ciphertext is passed by the node device in the first trusted execution environment through the second The first user list is obtained by encrypting the first user list with the key. The first user list is decrypted by the node device in the first trusted execution environment using the first key to decrypt the second user list ciphertext and based on the database schema information. Obtained after conversion, wherein the second user list ciphertext is maintained in the blockchain non-relational database by the user authorization contract deployed by the blockchain node.

In the 1990s, improvements in a technology could be clearly distinguished as hardware improvements (for example, improvements in circuit structures such as diodes, transistors, switches, etc.) or software improvements (improvements in method processes). However, with the development of technology, many improvements in today's method processes can be regarded as direct improvements in hardware circuit structures. Designers almost always obtain the corresponding hardware circuit structure by programming the improved method flow into the hardware circuit. Therefore, it cannot be said that an improvement of a method flow cannot be implemented using hardware entity modules. For example, a Programmable Logic Device (PLD) (such as a Field Programmable Gate Array (FPGA)) is such an integrated circuit whose logic functions are determined by the user programming the device. Designers can program themselves to "integrate" a digital system on a PLD, instead of asking chip manufacturers to design and produce dedicated integrated circuit chips. Moreover, nowadays, instead of manually making integrated circuit chips, this kind of programming is mostly implemented using "logic compiler" software, which is similar to the software compiler used in program development and writing, and before compilation The original code must also be written in a specific programming language, which is called Hardware Description Language (HDL), and HDL is not just one kind, but there are many, such as ABEL (Advanced Boolean Expression Language) , AHDL (Altera Hardware Description Language), Confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), Lava, Lola, MyHDL, PALASM, RHDL (Ruby Hardware Description Language), etc., are currently the most commonly used The two are VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) and Verilog. Those skilled in the art should also know that by simply logically programming the method flow using the above-mentioned hardware description languages and programming it into the integrated circuit, the hardware circuit that implements the logical method flow can be easily obtained.

The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer readable medium storing computer readable program code (eg, software or firmware) executable by the (micro)processor. , logic gates, switches, Application Specific Integrated Circuit (ASIC), programmable logic controllers and embedded microcontrollers. Examples of controllers include but are not limited to the following microcontrollers: ARC 625D, Atmel AT91SAM, For Microchip PIC18F26K20 and Silicone Labs C8051F320, the memory controller can also be implemented as part of the memory's control logic. Those skilled in the art also know that in addition to implementing the controller in the form of pure computer-readable program code, the controller can be completely programmed with logic gates, switches, application-specific integrated circuits, programmable logic controllers and embedded logic by logically programming the method steps. Microcontroller, etc. to achieve the same function. Therefore, this controller can be considered as a hardware component, and the devices included therein for implementing various functions can also be considered as structures within the hardware component. Or even, the means for implementing various functions can be considered as structures within hardware components as well as software modules implementing the methods.

The systems, devices, modules or units described in the above embodiments may be implemented by computer chips or entities, or by products with certain functions. A typical implementation device is a server system. Of course, the present invention does not exclude that with the development of computer technology in the future, the computer that implements the functions of the above embodiments may be, for example, a personal computer, a laptop computer, a vehicle-mounted human-computer interaction device, a cellular phone, a camera phone, a smart phone, or a personal digital assistant. , media player, navigation device, email device, game console, tablet, wearable device, or a combination of any of these devices.

Although one or more embodiments of this specification provide method operation steps as described in the embodiments or flow charts, more or fewer operation steps may be included based on conventional or non-inventive means. The sequence of steps listed in the embodiment is only one way of executing the sequence of many steps, and does not represent the only execution sequence. When the actual device or terminal product is executed, it may be executed sequentially or in parallel according to the methods shown in the embodiments or figures (for example, a parallel processor or a multi-thread processing environment, or even a distributed data processing environment). The terms "comprises," "comprises" or any other variation thereof are intended to cover a non-exclusive inclusion such that a process, method, product or apparatus including a list of elements includes not only those elements but also others not expressly listed elements, or also elements inherent to the process, method, product or equipment. Without further limitation, it does not exclude the presence of additional identical or equivalent elements in a process, method, product or apparatus including the stated elements. For example, if the words "first" and "second" are used to express names, they do not indicate any specific order.

For the convenience of description, when describing the above device, the functions are divided into various modules and described separately. Of course, when implementing one or more of this specification, the functions of each module can be implemented in the same or multiple software and/or hardware, or the modules that implement the same function can be implemented by a combination of multiple sub-modules or sub-units, etc. . The device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated. to another system, or some features can be ignored, or not implemented. On the other hand, the coupling or direct coupling or communication connection between each other shown or discussed may be through some interfaces, and the indirect coupling or communication connection of the devices or units may be in electrical, mechanical or other forms.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each process and/or block in the flowchart illustrations and/or block diagrams, and combinations of processes and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine, such that the instructions executed by the processor of the computer or other programmable data processing device produce a use A device for realizing the functions specified in one process or multiple processes of the flowchart and/or one block or multiple blocks of the block diagram.

These computer program instructions may also be stored in a computer-readable memory that causes a computer or other programmable data processing apparatus to operate in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction means, the instructions The device implements the functions specified in a process or processes of the flowchart and/or a block or blocks of the block diagram.

These computer program instructions may also be loaded onto a computer or other programmable data processing device, causing a series of operating steps to be performed on the computer or other programmable device to produce computer-implemented processing, thereby executing on the computer or other programmable device. Instructions provide steps for implementing the functions specified in a process or processes of a flowchart diagram and/or a block or blocks of a block diagram.

In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

Memory may include non-permanent storage in computer-readable media, random access memory (RAM) and/or non-volatile memory in the form of read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.

Computer-readable media includes both persistent and non-volatile, removable and non-removable media that can be implemented by any method or technology for storage of information. Information may be computer-readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), and read-only memory. (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, compact disc read-only memory (CD-ROM), digital versatile disc (DVD) or other optical storage, Magnetic tape, magnetic tape storage, graphene storage or other magnetic storage devices or any other non-transmission medium can be used to store information that can be accessed by a computing device. As defined in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.

It should be understood by those skilled in the art that one or more embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment that combines software and hardware aspects. Furthermore, one or more embodiments of the present description may employ a computer program implemented on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein. Product form.

One or more embodiments of this specification may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform specific tasks or implement specific abstract data types. One or more embodiments of the present description may also be practiced in distributed computing environments where tasks are performed by remote processing devices connected through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including storage devices.

Each embodiment in this specification is described in a progressive manner. The same and similar parts between the various embodiments can be referred to each other. Each embodiment focuses on its differences from other embodiments. In particular, for the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple. For relevant details, please refer to the partial description of the method embodiment. In the description of this specification, reference to the terms "one embodiment," "some embodiments," "an example," "specific examples," or "some examples" or the like means that specific features are described in connection with the embodiment or example. , structures, materials or features are included in at least one embodiment or example of this specification. In this specification, the schematic expressions of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the specific features, structures, materials or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, those skilled in the art may combine and combine different embodiments or examples and features of different embodiments or examples described in this specification unless they are inconsistent with each other.

The above descriptions are only examples of one or more embodiments of this specification, and are not intended to limit one or more embodiments of this specification. To those skilled in the art, various modifications and changes may be made to one or more embodiments of this specification. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and principles of this specification shall be included in the scope of the claims.

Claims (13)

1. A method for maintaining blockchain data, applied to a node device deployed with a blockchain node and a first trusted execution environment, the node device maintaining a blockchain non-relational database and a blockchain relational database, The blockchain non-relational database is used to maintain ciphertext data. The ciphertext data is passed by the blockchain node through the blockchain data generated when running the blockchain service in the second trusted execution environment. The first key corresponding to the second trusted execution environment is encrypted and obtained; the method includes:

   If the blockchain node passes the remote certification verification corresponding to the first trusted execution environment, obtain the ciphertext data maintained in the blockchain non-relational database;

   In the first trusted execution environment, the ciphertext data is decrypted into the blockchain data through the first key, and the blockchain data is converted into a database corresponding to the blockchain relational database. The standard data defined by the mode information, and encrypting the standard data into ciphertext standard data through the second key corresponding to the first trusted execution environment;

   The ciphertext standard data is maintained in the blockchain relational database, and the blockchain relational database is used to provide data analysis services running in the first trusted execution environment to the analysis requester.
2. According to the method of claim 1, obtaining the ciphertext data maintained in the blockchain non-relational database includes:

   Receive the ciphertext data actively pushed by the blockchain node; and/or,

   Send a blockchain data request to the blockchain node, and receive the ciphertext data returned by the blockchain node in response to the blockchain data request.
3. The method according to claim 2, said sending a blockchain data request to the blockchain node includes:

   Initiate the blockchain data request for the ciphertext data maintained in the blockchain non-relational database by the smart contract to the smart contract deployed by the blockchain node; or,

   Initiating the blockchain data request for the ciphertext data maintained in the blockchain non-relational database to the blockchain node.
4. The method according to claim 3, in the case where the blockchain data request is for the ciphertext data maintained in the blockchain non-relational database by the smart contract, the method further includes :

   Initiate a schema information query request to the smart contract, and determine the first database schema information recorded in the smart contract returned by the smart contract in response to the schema information query request as corresponding to the blockchain relational database The database schema information.
5. The method of claim 2, wherein the remote certificate is included in the blockchain data request; or,

   The remote certificate is maintained in the blockchain node in advance.
6. According to the method of claim 1, the blockchain data includes block data, status data and event data.
7. According to the method of claim 1, the first key is provided by the blockchain node to the first trusted execution environment deployed by the node device when the remote certificate verification is passed; or, the first key The key is maintained in the first trusted execution environment in advance.
8. The method of claim 1, further comprising:

   Receive the data analysis request sent by the analysis requester;

   Reading at least one ciphertext standard data corresponding to the data analysis request maintained in the blockchain relational database into the first trusted execution environment, and decrypting the at least one ciphertext standard data respectively using the second key For at least one standard data, the analysis result obtained by analyzing the at least one standard data based on the data analysis request is returned to the analysis requester.
9. The method according to claim 8, wherein reading at least one ciphertext standard data corresponding to the data analysis request maintained in the blockchain relational database into the first trusted execution environment includes:

   When it is determined that the analysis requester is a legitimate user of the data analysis service, the at least one ciphertext standard data corresponding to the data analysis request maintained in the blockchain relational database is read into the third A trusted execution environment.
10. According to the method of claim 9, the first user list ciphertext corresponding to the legal user is maintained in the blockchain relational database, and the first user list ciphertext is executed by the node device in the first trusted The first user list is obtained by encrypting the first user list with the second key in the environment. The first user list is decrypted by the node device in the first trusted execution environment with the first key and the second user list ciphertext is decrypted based on The database schema information is obtained after conversion, wherein the second user list ciphertext is maintained in the blockchain non-relational database by the user authorization contract deployed by the blockchain node.
11. A device for maintaining blockchain data, applied to node equipment deployed with blockchain nodes and a first trusted execution environment, the node equipment maintaining a blockchain non-relational database and a blockchain relational database, The blockchain non-relational database is used to maintain ciphertext data. The ciphertext data is passed by the blockchain node through the blockchain data generated when running the blockchain service in the second trusted execution environment. The first key corresponding to the second trusted execution environment is encrypted and obtained; the device includes:

    A blockchain data acquisition unit configured to acquire the ciphertext maintained in the blockchain non-relational database when the blockchain node passes the remote certification verification corresponding to the first trusted execution environment. data;

    A blockchain data acquisition unit, configured to decrypt the ciphertext data into the blockchain data through the first key in the first trusted execution environment, and convert the blockchain data into the blockchain data. Standard data defined by the database schema information corresponding to the blockchain relational database, and encrypting the standard data into ciphertext standard data through the second key corresponding to the first trusted execution environment;

    A standard data maintenance unit, used to maintain the ciphertext standard data in the blockchain relational database, and the blockchain relational database is used to provide the analysis requester with information running in the first trusted execution environment. data analysis services.
12. An electronic device including:

    processor;

    Memory used to store instructions executable by the processor;

    Wherein, the processor implements the method according to any one of claims 1-10 by running the executable instructions.
13. A computer-readable storage medium having computer instructions stored thereon, which when executed by a processor, implements the steps of the method according to any one of claims 1-10.

Images