[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2021184970A1 - Method and device for calling contract - Google Patents

Method and device for calling contract Download PDF

Info

Publication number
WO2021184970A1
WO2021184970A1 PCT/CN2021/074145 CN2021074145W WO2021184970A1 WO 2021184970 A1 WO2021184970 A1 WO 2021184970A1 CN 2021074145 W CN2021074145 W CN 2021074145W WO 2021184970 A1 WO2021184970 A1 WO 2021184970A1
Authority
WO
WIPO (PCT)
Prior art keywords
chain
node
call request
contract
computing node
Prior art date
Application number
PCT/CN2021/074145
Other languages
French (fr)
Chinese (zh)
Inventor
吴行行
邱鸿霖
吴因佥
Original Assignee
支付宝(杭州)信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 支付宝(杭州)信息技术有限公司 filed Critical 支付宝(杭州)信息技术有限公司
Publication of WO2021184970A1 publication Critical patent/WO2021184970A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Definitions

  • One or more embodiments of this specification relate to the field of verifiable computing technology, and in particular, to a method and device for invoking a contract.
  • TEE Trusted Execution Environment
  • TEE can play the role of a black box in the hardware. Neither the code executed in the TEE nor the data operating system layer can be peeped, and only the pre-defined interface in the code can operate on it.
  • plaintext data is calculated in TEE instead of complex cryptographic operations in homomorphic encryption, and there is no loss in the efficiency of the calculation process.
  • one or more embodiments of this specification provide a method and device for invoking a contract, which can safely implement the operation of invoking a contract in an off-chain environment.
  • a method for invoking a contract which includes: an off-chain private computing node receives an encrypted invocation request, and decrypts the result in an off-chain trusted execution environment.
  • the call request includes the identification information of the off-chain contract and the information of the input data;
  • the off-chain privacy computing node calls the pre-deployed bytecode of the off-chain contract according to the identification information, and deploys it in the
  • the virtual machine in the off-chain trusted execution environment executes the bytecode to perform off-chain privacy calculations on the input parameter data;
  • the off-chain private computing node performs off-chain privacy calculations in the off-chain trusted execution environment
  • the calculation result is encrypted and fed back.
  • a method for invoking a contract including: the client generates a call request, the call request includes the identification information of the off-chain contract and the information of the input data; The client sends an encrypted call request to the off-chain private computing node, and after the identification information and the information of the input data are decrypted by the off-chain private computing node in the off-chain trusted execution environment, the The identification information is used to instruct the off-chain private computing node to obtain the bytecode of the off-chain contract, and execute the bytecode through the virtual machine deployed in the trusted execution environment of the off-chain to compare the input data Perform off-chain privacy calculations.
  • a method for invoking a contract which includes: a blockchain node obtains an encrypted invocation request, the invocation request includes the identification information and input parameters of the off-chain contract Data information; the blockchain node transmits the encrypted call request to the off-chain private computing node through the oracle mechanism, and the identification information and the information of the incoming parameter data are used by the off-chain private computing node in the chain
  • the identification information is used to instruct the off-chain private computing node to obtain the bytecode of the off-chain contract, and execute it through the virtual machine deployed in the off-chain trusted execution environment
  • the bytecode is used to perform off-chain privacy calculations on the input parameter data.
  • the blockchain node receives the off-chain privacy calculation result fed back by the off-chain privacy computing node through the oracle mechanism.
  • a method for invoking a contract which includes: the control node receives an encrypted invocation request, the invocation request includes the identification information and input data of the off-chain contract The information; the control node forwards the call request to the off-chain privacy computing node selected from the off-chain privacy computing cluster; the control node will receive the off-chain privacy from the off-chain privacy computing node Feedback of calculation results.
  • a method for invoking a contract which includes: a privacy computing node receives an encrypted invocation request, and decrypts in a trusted execution environment to obtain that the invocation request contains The identification information of the smart contract and the information of the input data; the privacy computing node calls the pre-deployed bytecode of the smart contract according to the identification information, and uses the virtual machine deployed in the trusted execution environment The bytecode is executed to perform private calculations on the input data; the private computing node encrypts and feeds back the obtained private calculation results in a trusted execution environment.
  • a method for invoking a contract which includes: the client generates a call request, the call request includes the identification information of the smart contract and the information of the input data; The client sends an encrypted call request to the private computing node. After the identification information and the information of the input data are decrypted by the private computing node in a trusted execution environment, the identification information is used to indicate the The privacy computing node obtains the bytecode of the smart contract, and executes the bytecode through a virtual machine deployed in the trusted execution environment to perform a privacy calculation on the input parameter data.
  • a method for invoking a contract which includes: the control node receives an encrypted invocation request directly sent by the client, the invocation request includes the identification information of the smart contract And the information of the input parameter data; the control node forwards the call request to the private computing node selected from the private computing cluster; the control node feeds back the private computing result received from the private computing node .
  • a device for invoking a contract including: a receiving and decrypting unit, so that the off-chain privacy computing node receives the encrypted invocation request and trusts it off-chain
  • the execution environment is decrypted to obtain the identification information of the off-chain contract and the information of the incoming parameter data contained in the invocation request; the invocation and execution unit enables the off-chain private computing node to invoke the pre-deployed off-chain according to the identification information
  • the bytecode of the contract, and the bytecode is executed by the virtual machine deployed in the trusted execution environment of the chain to perform the off-chain privacy calculation of the input parameter data; the feedback unit makes the off-chain privacy
  • the computing node encrypts and feeds back the obtained off-chain privacy calculation results in the off-chain trusted execution environment.
  • a device for invoking a contract which includes: a generating unit that enables the client to generate a call request, the call request including the identification information and input data of the off-chain contract ⁇ ; Sending unit to enable the client to send an encrypted call request to the off-chain private computing node, the identification information and the information of the incoming parameter data are trusted by the off-chain private computing node to execute off-chain After decryption in the environment, the identification information is used to instruct the off-chain private computing node to obtain the bytecode of the off-chain contract, and execute the byte code through the virtual machine deployed in the off-chain trusted execution environment Code to perform off-chain privacy calculations on the incoming parameter data.
  • a device for invoking a contract which includes: an obtaining unit that enables a blockchain node to obtain an encrypted invoking request, the invoking request including the identifier of the off-chain contract
  • the transmission unit enables the blockchain node to transmit the encrypted call request to the off-chain privacy computing node through the oracle mechanism, and the identification information and the information of the input data are transferred
  • the identification information is used to instruct the off-chain private computing node to obtain the bytecode of the off-chain contract, and it can be deployed in the off-chain.
  • the virtual machine in the trusted execution environment executes the bytecode to perform off-chain privacy calculations on the incoming parameter data.
  • the receiving unit enables the blockchain node to receive the off-chain privacy calculation result fed back by the off-chain privacy computing node through the oracle mechanism.
  • a device for invoking a contract which includes: a receiving unit to enable a control node to receive an encrypted invoking request, the invoking request including an identification of the off-chain contract Information and input parameter data; a forwarding unit that enables the control node to forward the call request to the off-chain privacy computing node selected from the off-chain privacy computing cluster; a feedback unit that causes the control node to The off-chain privacy calculation result received by the off-chain privacy computing node is fed back.
  • a device for invoking a contract including: a receiving and decrypting unit, so that a private computing node receives an encrypted invoking request, and in a trusted execution environment Decrypt to obtain the identification information of the smart contract and the information of the input parameter data contained in the call request; the call and calculation unit enables the privacy computing node to call the bytecode of the smart contract deployed in advance according to the identification information, and The bytecode is executed by the virtual machine deployed in the trusted execution environment to perform private calculation of the input parameter data; the encryption and feedback unit enables the private computing node to perform verification on the obtained data in the trusted execution environment The privacy calculation results are encrypted and fed back.
  • a device for invoking a contract including: generating a calling request unit to enable the client to generate a calling request, the calling request including the identification information of the smart contract and the input Parameter data information; sending a call request unit to enable the client to send an encrypted call request to a private computing node, and the identification information and the information of the input parameter data are used by the private computing node in a trusted execution environment After the decryption is obtained, the identification information is used to instruct the privacy computing node to obtain the bytecode of the smart contract, and execute the bytecode through the virtual machine deployed in the trusted execution environment to check the input parameters. Data is calculated for privacy.
  • a device for invoking a contract including: a receiving invocation request unit, so that the control node receives an encrypted invoking request directly sent by the client, the invocation The request contains the identification information of the smart contract and the information of the input parameter data; the forwarding call request unit, so that the control node forwards the call request to the privacy computing node selected from the privacy computing cluster; the feedback privacy calculation result unit, Enabling the control node to feed back the privacy calculation result received from the privacy calculation node.
  • an electronic device including: a processor; a memory for storing executable instructions of the processor; wherein the processor runs the executable Instructions to implement the method described in the first aspect, the second aspect, the third aspect, the fourth aspect, the fifth aspect, the sixth aspect, or the seventh aspect.
  • a computer-readable storage medium which stores computer instructions, and when the instructions are executed by a processor, the first aspect, the second aspect, and the first aspect are implemented.
  • this manual implements an off-chain trusted execution environment on off-chain private computing nodes, so that off-chain private computing nodes can provide a safe and reliable operating environment, and the reliability of the off-chain trusted execution environment can be verified by The remote proof is verified, so that the contract deployed in the off-chain private computing node can be invoked safely and reliably, and the off-chain private computing node can ensure that the off-chain privacy computing is completed safely and faithfully.
  • Fig. 1 is a flowchart of a method for invoking a contract on the side of an off-chain privacy computing node provided by an exemplary embodiment of this specification.
  • Fig. 2 is a schematic diagram of a scenario for invoking a contract provided by an exemplary embodiment of this specification.
  • Fig. 3 is a schematic diagram of another scenario for invoking a contract provided by an exemplary embodiment of the present specification.
  • Fig. 4 is a flowchart of a method for invoking a contract on the client side according to an exemplary embodiment of this specification.
  • Fig. 5 is a flowchart of a method for invoking a contract on the side of a blockchain node provided by an exemplary embodiment of the present specification.
  • Fig. 6 is a flowchart of a method for invoking a contract on the control node side provided by an exemplary embodiment of the present specification.
  • Fig. 7 is a flowchart of another method for invoking a contract on the privacy node side provided by an exemplary embodiment of the present specification.
  • Fig. 8 is a flowchart of another method for invoking a contract on the client side according to an exemplary embodiment of the present specification.
  • Fig. 9 is a flowchart of another method for invoking a contract on the control node side provided by an exemplary embodiment of the present specification.
  • Fig. 10 is a schematic structural diagram of a device provided by an exemplary embodiment.
  • Fig. 11 is a block diagram of a device for invoking a contract on the side of an off-chain privacy computing node provided by an exemplary embodiment.
  • Fig. 12 is a block diagram of a device for invoking a contract on the client side according to an exemplary embodiment.
  • Fig. 13 is a block diagram of an apparatus for invoking a contract on the side of a blockchain node provided by an exemplary embodiment.
  • Fig. 14 is a block diagram of a device for invoking a contract on the control node side provided by an exemplary embodiment.
  • Fig. 15 is a block diagram of another device for invoking a contract on the side of a privacy computing node provided by an exemplary embodiment.
  • Fig. 16 is a block diagram of another device for invoking a contract on the client side according to an exemplary embodiment.
  • Fig. 17 is a block diagram of another device for invoking a contract on the control node side provided by an exemplary embodiment.
  • the steps of the corresponding method may not be executed in the order shown and described in this specification.
  • the method may include more or fewer steps than described in this specification.
  • a single step described in this specification may be decomposed into multiple steps for description in other embodiments; and multiple steps described in this specification may also be combined into a single step in other embodiments. describe.
  • Block chains are generally divided into three types: Public Blockchain, Private Blockchain and Consortium Blockchain.
  • the public chain is represented by Bitcoin and Ethereum. Participants who join the public chain can read the data records on the chain, participate in transactions, and compete for the accounting rights of new blocks, etc., and each participant (ie, node) can freely join and Exit the network.
  • the private chain is the opposite.
  • the network's data write permission is controlled by an organization or institution, and the data read permission is regulated by the organization; in simple terms, the private chain can be a weakly centralized system with strict restrictions and few participating nodes.
  • consortium chain is a block chain between public chain and private chain, which can realize "partial decentralization".
  • Each node in the alliance chain usually has a corresponding entity or organization, and participants are authorized to join the network and form a stakeholder alliance to jointly maintain the operation of the blockchain.
  • blockchain nodes can create a TEE and realize the TEE as a secure execution environment for blockchain transactions.
  • TEE is a secure extension based on CPU hardware and a trusted execution environment that is completely isolated from the outside.
  • TEE was first proposed by Global Platform to solve the security isolation of resources on mobile devices, and parallel to the operating system to provide a trusted and secure execution environment for applications. At present, the industry is very concerned about TEE solutions.
  • TEE solutions such as TPM (Trusted Platform Module) in software and Intel SGX (Software Guard Extensions) in hardware. , Software Protection Extension), ARM Trustzone (trust zone) and AMD PSP (Platform Security Processor, platform security processor), etc.
  • Blockchain nodes can create enclaves (enclaves or enclaves) based on SGX technology to serve as TEEs for executing blockchain transactions.
  • the blockchain node uses the newly added processor instructions in the CPU to allocate a part of the area EPC (Enclave Page Cache, enclave page cache or enclave page cache) in the memory to reside in the above-mentioned enclave.
  • the memory area corresponding to the above EPC is encrypted by the memory encryption engine MEE (Memory Encryption Engine) inside the CPU.
  • MEE Memory Encryption Engine
  • the content in the memory area can only be decrypted in the CPU core and used for encryption and decryption.
  • the key is only generated and stored in the CPU when the EPC is started.
  • the security boundary of the enclave only includes itself and the CPU, and neither privileged or non-privileged software can access the enclave, even the operating system administrator and VMM (virtual machine monitor, or Hypervisor).
  • VMM virtual machine monitor, or Hypervisor
  • Every blockchain transaction on the blockchain needs to be executed on all blockchain nodes in the blockchain network to ensure that each blockchain node is maintained
  • the blockchain ledger data is consistent. If the transaction logic is relatively simple, such as Bitcoin as an example, the blockchain transaction is only used to realize the transfer operation. At this time, even if the blockchain transaction needs to be executed on all blockchain nodes, it will not cause excessive resource consumption. . However, if the blockchain provides the function of a smart contract, and the blockchain transaction calls the smart contract, then the situation may be quite different.
  • a smart contract on the blockchain is a contract that can be triggered by a transaction to execute on the blockchain system, and the smart contract can be defined in the form of code.
  • EVM Ethereum Virtual Machine
  • Every Ethereum node can run EVM.
  • EVM is a Turing complete virtual machine, which means that various complex logic can be implemented through it.
  • Users who publish and call smart contracts in Ethereum run on the EVM.
  • virtual machine code virtual machine bytecode, hereinafter referred to as "bytecode"
  • the smart contract is divided into two stages: deployment and invocation.
  • the user sends a transaction containing information about creating a smart contract to the Ethereum network.
  • the data field of the transaction contains the code (such as bytecode) of the smart contract, and the to field of the transaction is empty.
  • Each node in the Ethereum network executes this transaction through the EVM and generates a corresponding contract instance.
  • the smart contract corresponding to the above transaction is successfully created, and a contract account corresponding to the smart contract appears on the blockchain.
  • the contract account has a specific contract address and contract code (i.e., smart contract).
  • the code) or the hash value of the contract code is stored in the contract account, and the contract code is used to control the behavior of the corresponding smart contract.
  • the user (which can be the same or different from the user who deployed the smart contract) sends a transaction for invoking the smart contract to the Ethereum network.
  • the from field of the transaction is the address of the external account corresponding to the user, and the to field is The contract address of the smart contract to be called.
  • the data field contains the method and parameters for calling the smart contract.
  • EVM is a Turing complete virtual machine; similarly, other blockchains can also use other types of virtual machines, such as WASM (WebAssembly) virtual machines.
  • WASM WebAssembly
  • the process of executing the code of the smart contract by the node through the virtual machine consumes relatively more computing resources, and because all nodes in the blockchain network need The code that executes the smart contract, so as the number of nodes increases, the consumption of computing resources will increase exponentially. Therefore, although the combination of TEE technology can relatively reduce the resource consumption of a single blockchain node and speed up transaction execution efficiency, it will still cause great resource consumption and waste for the entire blockchain network.
  • this manual proposes to deploy private computing nodes (ie, off-chain private computing nodes) under the chain, which can transfer the computing operations that originally needed to be performed on all blockchain nodes to the off-chain private computing nodes for execution.
  • the chain node only needs to obtain the calculation result from the off-chain private computing node and update the blockchain ledger data based on the calculation result.
  • Off-chain private computing nodes can create off-chain TEEs, and the Verifiable Computation technology can prove that the above-mentioned calculation results are indeed executed as expected in the off-chain TEEs, thereby ensuring reliability and greatly Reduce the resource consumption on the chain.
  • the blockchain node can execute the code of the smart contract to achieve corresponding computing requirements; similarly, the code for performing computing tasks can be deployed off-chain
  • the deployed code is called to achieve the corresponding computing requirements.
  • the contract deployed on the blockchain node is called the on-chain contract
  • the contract deployed on the off-chain privacy computing node is called the off-chain contract; of course, whether it is an on-chain contract or an off-chain contract, Its essence is a piece of code that can be executed in a virtual machine.
  • Fig. 1 is a flowchart of a method for invoking a contract on the side of an off-chain privacy computing node shown in this specification. As shown in FIG. 1, the method may include step 102 to step 103.
  • Step 102 the off-chain privacy computing node receives the encrypted call request, and decrypts in the off-chain trusted execution environment to obtain the identification information of the off-chain contract and the information of the input data contained in the call request.
  • the client Before invoking the off-chain contract deployed on the off-chain private computing node through a call request, the client needs to safely deploy the off-chain contract to the off-chain private computing node. For example, if the client determines that the off-chain private computing node is trustworthy, it can deploy an off-chain contract to the off-chain private computing node.
  • the off-chain contract is similar to the on-chain contract executed by the blockchain node, and both can be bytecodes running in a virtual machine, so I won’t repeat them here.
  • off-chain privacy computing nodes can create off-chain TEEs, and deployment operations and invocation operations for off-chain contracts are implemented through off-chain TEEs, thereby ensuring data security and privacy protection during operations.
  • the off-chain TEE created on the off-chain private computing node is similar to the on-chain TEE created on the blockchain node described above, and is based on a trusted execution environment that is completely isolated from the outside and implemented by CPU hardware.
  • the client verifies whether the off-chain private computing node is credible by obtaining the remote attestation report for the off-chain TEE created on the off-chain private computing node, specifically whether the off-chain TEE deployed on the off-chain private computing node is credible.
  • the remote attestation report is generated from the remote attestation process for the off-chain TEE on the off-chain private computing node.
  • the remote attestation report is generated by the authentication server after verifying the self-recommendation information generated by the off-chain private computing node, and the self-recommended information is related to the off-chain TEE created on the off-chain private computing node.
  • the off-chain private computing node generates the self-recommended information related to the off-chain TEE, and the authentication server verifies the self-recommended information to generate a remote attestation report, so that the remote attestation report can be used to indicate the off-chain TEE on the off-chain private computing node Trustworthy.
  • the off-chain TEE is an enclave created on the off-chain private computing node to realize off-chain privacy computing.
  • the remote attestation process also involves another special enclave on the off-chain private computing node, namely Quoting enclave (QE for short), QE is an architectural enclave (Architectural Enclave) provided and signed by Intel.
  • the above enclave first needs to generate a REPORT structure for local authentication, and QE verifies whether the enclave is on the same platform as itself based on the REPORT structure, and then QE encapsulates the REPORT structure into a structure QUOTE (ie Self-recommended information), and use the EPID (enhanced privacy identification) key to sign.
  • the EPID key not only represents the platform of the off-chain private computing node, but also represents the credibility of the underlying hardware of the off-chain private computing node. It can also bind information such as the version of the processor firmware, and only QE can access the EPID key. , To sign the above-mentioned structure QUOTE.
  • the above authentication server can be the IAS (Intel Attestation Service) server provided by Intel.
  • the off-chain privacy computing node sends the signed structure QUOTE to the IAS server, so that the IAS server can verify the signature and Return the corresponding remote certification report to the off-chain privacy computing node.
  • the off-chain privacy computing node After the off-chain privacy computing node creates an off-chain TEE, it generates self-recommendation information for remote certification.
  • This self-recommendation information can be used to anchor and solidify the information of the off-chain TEE, so that the final remote certification report containing the self-recommendation information can be obtained. It is used to characterize the state of the TEE under the chain and to verify whether the TEE under the chain is credible.
  • the self-recommendation information may include the first hash value to be verified, and the first hash value to be verified is the hash value of the preset information of the off-chain TEE.
  • the preset information may include all the deployed in the off-chain TEE.
  • the code, the public key of the developer of the TEE under the chain, etc. Taking Intel SGX technology as an example, the hash value generated by all codes deployed in the off-chain TEE is MREnclave, and the hash value generated by the developer’s public key corresponding to the off-chain TEE is MRSigner, which is the first waiting
  • the verification hash value can include MREnclave and MRSigner.
  • the IAS server performs signature verification based on the maintained public key set, and returns a remote certification report (that is, AVR) to the off-chain privacy computing node.
  • Report contains: the structure QUOTE and the signature verification result, and the IAS server uses its own private key to sign the remote attestation report.
  • the client can first perform signature verification on the remote attestation report according to the public key of the IAS server. If the verification is passed, it indicates that the remote attestation report is indeed generated by the IAS server and is in the process of data transmission. No data has been tampered with or lost.
  • the client can obtain the public key of the IAS server through any means. For example, when the remote attestation report is provided to the client, it can also be associated with the certificate chain that provides the IAS, so that the client can extract the public key of the IAS server from the certificate chain. Then, the client can extract the structure QUOTE and the signature verification result from the remote attestation report. The client can first view the signature verification result.
  • the off-chain TEE is established on a reliable hardware platform and can continue to perform other operations. Verification operation: If the signature verification result is that the verification is not passed, the client can determine that the off-chain privacy computing platform is unreliable, and there is no need to continue other verification operations.
  • the client can extract the above-mentioned hash values MREnclave and MRSigner from the structure QUOTE, that is, the MREnclave to be verified and the MRSigner to be verified; at the same time, the client obtains the trusted value of the MREnclave and MRSigner of the off-chain TEE in advance, for example, These are the trusted MREnclave and the trusted MRSigner.
  • the MREnclave to be tested is compared with the trusted MRSigner, and the MRSigner to be tested is compared with the trusted MRSigner.
  • the client can use "the MREnclave to be tested is consistent with the trusted MREnclave, and the MRSigner to be tested is consistent with the trusted MRSigner" as a prerequisite for confirming the trustworthiness of the private computing node under the chain; in other words, if the MREnclave to be tested is inconsistent with the trusted MREnclave , Or if the MRSigner to be verified is inconsistent with the trusted MRSigner, the client determines that the off-chain private computing node is not trusted, and if all the preconditions set by the client are met, it can confirm that the off-chain private computing node is trusted. In addition, there is no inevitable sequence between the operation of the client to verify the signature verification result and the verification of the MREnclave to be verified and the MRSigner to be verified, and the two can be completely independent.
  • the client can also verify the credibility of the off-chain private computing node through other preconditions. For example, after an off-chain private computing node creates an off-chain TEE, it can generate a key pair representing its own identity information in the off-chain TEE, and the off-chain private computing node creates its own node identity information in the off-chain TEE.
  • the node identity information is related to the above-mentioned key pair corresponding to the identity information.
  • the node identity information may include the public key in the key pair.
  • the key pair representing the identity information can exist in one or more groups.
  • the node identity information may include the signature public key in the signature key pair and the encryption public key in the encryption key pair. In a set of key pairs, corresponding to different encryption algorithms, there may be multiple public keys at the same time, and these public keys are all included in the above-mentioned node identity information.
  • the node identity information may also include other information related to the off-chain private computing node, such as software version, domain name, partition name, etc. This specification does not limit this. Then, when the off-chain privacy computing node generates the structure QUOTE, it can calculate the hash value of the node identity information, and add the hash value to the structure QUOTE as the second hash value to be verified.
  • the client can perform signature verification from the remote certification report.
  • the client can extract the signature verification result and the second to-be-verified hash value contained in the remote certification report, and verify them separately, and there is no inevitable sequence for the verification of the two. They can be completely independent. It is assumed that the client first verifies the signature verification result, and continues to verify the second hash value to be verified if the signature verification result is passed verification. In order to verify the second hash value to be verified, the client needs to obtain the node identity information of the off-chain private computing node.
  • the node identity information can be associated and provided, of course, the client can also pass Obtain the node's identity information in other ways or at other times. Then, the client can perform a hash calculation on the obtained node identity information, compare the calculated hash value with the above-mentioned second hash value to be verified, and use the same comparison result as a confirmation that the off-chain privacy computing node is trusted Prerequisites. If the second hash value to be verified is verified, it can be proved that the identity information of the off-chain private computing node is initialized and generated in the off-chain TEE, and the private key in the key pair representing the identity information is only owned by the off-chain private computing node. Owned, and the private computing node under the chain can complete operations such as signing and encrypting communication.
  • the above judgment conditions can be selected.
  • the first hash value to be verified and the second hash value to be verified can be verified at the same time; or, in some cases, only the second hash value to be verified can be verified, and the first hash value to be verified No verification or partial verification is possible.
  • the client can set a trust level, and determine whether to verify or partially verify the first hash value to be verified according to the trust level.
  • the trust level is 0, there is no need to verify the first hash value to be verified, and the trust level is 1.
  • verifying the MRSigner in the first hash value to be verified and when the trust level is 2, verify the MEnclave in the first hash value to be verified.
  • the node identity information includes information related to the identity of the off-chain private computing node, such as a public key representing the identity.
  • the node identity information can also include information related to the off-chain TEE.
  • the node identity information can also contain the values of MREnclave and MRSigner, so that the hash value to be verified obtained by hashing the identity information of the node can be combined with the off-chain
  • the identity of the private computing node is related to the off-chain TEE.
  • the client can perform signature verification from the remote certification report.
  • the client can extract the signature verification result and the hash value to be verified contained in the remote certification report, and verify them separately, and there is no inevitable sequence for the verification of the two.
  • the room can be completely independent.
  • the client first verifies the signature verification result, and continues to verify the hash value to be verified if the signature verification result is passed verification.
  • the client needs to obtain the node identity information of the off-chain private computing node, which will not be repeated here. Then, the client can perform a hash calculation on the obtained node identity information, compare the calculated hash value with the above-mentioned hash value to be verified, and use the consistency of the comparison result as a prerequisite to confirm the trustworthiness of the off-chain private computing node condition. It can be seen that this embodiment only needs one comparison to realize the verification in the two aspects mentioned above, which helps to improve the verification efficiency.
  • the client's verification process of the remote attestation report can also include other operations, such as determining whether the off-chain TEE is running in test mode (there is a risk of data leakage in test mode) based on the content of the remote attestation report, etc., here is no longer one by one Go into details.
  • the client can initiate a challenge to the off-chain private computing node and receive the remote certification report returned by the off-chain private computing node, so that it can determine whether the off-chain private computing node is credible based on the remote certification report.
  • the client can initiate an off-chain challenge to the off-chain private computing node, that is, the process of initiating the challenge has nothing to do with the blockchain network, so that the consensus process between blockchain nodes can be skipped and the interaction between on-chain and off-chain can be reduced. , So that the client's challenge to the off-chain private computing node has a higher operational efficiency.
  • the client can take the form of an on-chain challenge.
  • the client can submit a challenge transaction to a blockchain node.
  • the challenge information contained in the challenge transaction can be transmitted by the blockchain node to the off-chain private computing node through the oracle mechanism.
  • the challenge information is used to initiate a challenge to the off-chain private computing node.
  • the oracle mechanism is used to realize the operation of transferring data from the chain to the chain or from the chain to the chain.
  • the coordination mechanism between the oracle contract and the oracle server is called the oracle mechanism.
  • the on-chain challenge based on the oracle mechanism in the above; and the on-chain call based on the oracle mechanism in the following.
  • the transaction submitted by the client to the blockchain node can directly or indirectly call the oracle contract to trigger the oracle mechanism.
  • the contract address of the oracle contract is filled in the to field of the transaction, it indicates that the transaction directly calls the oracle contract; if the contract address of a certain chain contract is filled in the to field of the transaction, and the chain is on The contract calls the oracle contract, indicating that the transaction indirectly calls the oracle contract.
  • the contract on the chain calls the oracle contract.
  • the contract address of the oracle contract is pre-written in the bytecode of the on-chain contract.
  • the contract address of the oracle contract can be used as the call. Enter the parameters of the contract on the chain, and fill the entered parameters into the data field of the above transaction.
  • the oracle mechanism can also transfer data from off-chain to on-chain.
  • the oracle server can transfer the off-chain data to the oracle contract, and then the oracle contract Pass the off-chain data to the data demander.
  • the off-chain data here may include the privacy calculation results generated by invoking the off-chain contract.
  • transferring data from the chain to the chain can be regarded as a "request” process, and transferring data from the chain to the chain can be regarded as a "response” process. These two processes usually appear in pairs. .
  • the off-chain private computing node can temporarily trigger the remote attestation process as described above and generate the corresponding remote attestation report, and then report the remote attestation Feedback to the client. Or, when the off-chain private computing node receives a challenge initiated by the client, if a pre-generated remote attestation report already exists locally, the off-chain private computing node provides the remote attestation report to the client without temporarily triggering remote attestation process. Among them, the remote attestation report of the off-chain private computing node can be triggered by the off-chain private computing node in response to the challenge of other challengers except the client.
  • the other challenger may include other clients, This manual does not limit the control node and KMS server in the off-chain privacy computing cluster where the off-chain privacy computing node is located. Therefore, after receiving the challenge initiated by the client, the off-chain private computing node can first check whether there is a previously generated remote attestation report locally, and if there is, the remote attestation report is fed back to the client, otherwise the remote attestation process is temporarily triggered. Among them, the remote attestation report can have a certain time limit, such as 30 minutes or other duration. The timed out remote attestation report can be deemed invalid by the client, and the off-chain privacy computing node can also actively clear the invalid remote attestation report to avoid feedback To the client.
  • the client can deploy an off-chain contract to the off-chain private computing node when it is determined that the off-chain private computing node is trustworthy. Similar to the aforementioned challenge process, the client can encrypt and transmit the bytecode of the off-chain contract to the off-chain private computing node through the off-chain channel, or the client can transfer the bytecode of the off-chain contract through the on-chain channel. Encrypted transmission to the off-chain private computing node. For example, the client generates an off-chain contract deployment transaction. The off-chain contract deployment transaction contains the bytecode ciphertext obtained by encrypting the bytecode, and the client encrypts the off-chain contract deployment transaction.
  • the encrypted off-chain contract deployment transaction can be decrypted in the on-chain TEE created at the blockchain node to obtain the bytecode ciphertext, and then the blockchain node will use the oracle mechanism to convert The bytecode ciphertext is transmitted to the privacy computing node under the chain.
  • the off-chain privacy computing node can decrypt the plaintext bytecode in the off-chain TEE, the bytecode can be re-encrypted in the off-chain TEE and stored in the storage space outside the off-chain TEE, such as off-chain privacy In the hard disk of the computing node, the deployment of the off-chain contract is completed.
  • the off-chain privacy computing node usually uses a symmetric key to encrypt and store the bytecode through symmetric encryption, so that when the bytecode is subsequently called, it is compared to the form of asymmetric encryption. , The decryption operation can be completed faster.
  • the symmetric key can be generated by the off-chain private computing node in the off-chain TEE, or distributed to the off-chain private computing node by other objects through encrypted transmission.
  • the KMS server can initiate a challenge to the off-chain private computing node, and in the case of verifying the trustworthiness of the off-chain private computing node through remote certification, the above-mentioned symmetric key is distributed to the off-chain private computing node.
  • the off-chain privacy computing node can use the symmetric key distributed by the KMS server as the root key, and apply the derived key derived from the root key to the encrypted storage of the bytecode.
  • the above symmetric key can be the RSK (Root Seal Key) key burned in the e-fuses storage circuit in the CPU of the private computing node under the chain, or a derivative derived from the RSK key Key (ie Seal Key).
  • RSK Room Seal Key
  • the off-chain privacy computing node can also use asymmetric encryption or a combination of symmetric encryption and asymmetric encryption to encrypt and store the bytecode, which is not limited in this specification.
  • the client can call the off-chain contract deployed on the off-chain privacy computing node by generating a call request, where the call request can include the identification information of the off-chain contract and the information of the input data.
  • the client can directly send a call request to the off-chain privacy computing node, that is, the process of sending the call request has nothing to do with the blockchain network, which can skip the consensus process between blockchain nodes and reduce the interaction between the chain and the chain. Operation, so that the client sends a call request to the off-chain private computing node with higher operational efficiency.
  • the client can adopt an on-chain form.
  • the client can submit a transaction to a blockchain node, and the call request contained in the transaction can be transmitted by the blockchain node to the off-chain privacy computing node through the oracle mechanism.
  • the client 21 can directly send a call request to the off-chain privacy computing node 22 through an off-chain channel, that is, the process of sending the call request by the client 21 has nothing to do with the blockchain network.
  • the client 21 can submit a transaction to the blockchain network 23, that is, the client 21 sends an on-chain call request to the off-chain privacy computing node 22 through the blockchain network 23, and the blockchain network 23 can follow this The transaction obtains the call request, and transmits the call request to the off-chain privacy computing node 22 through the oracle mechanism.
  • Step 1 the client 21 submits a transaction to the blockchain network 23, and the transaction can be made by a node in the blockchain network 23 23n receives and executes it, so that the blockchain node 23n obtains the encrypted call request;
  • step 2 the node 23n calls the pre-deployed oracle smart contract (referred to as the oracle contract), and the oracle contract can pass the above call request to The oracle server 24 under the chain, for example, the oracle contract can generate an event containing the call request, and the oracle server 24 can obtain the aforementioned call request by monitoring the event generated by the oracle contract;
  • step 3 the oracle server 24
  • the call request is sent to the off-chain privacy computing node 22 through the off-chain channel.
  • the data interaction involved may include: data interaction between the client 21 and the off-chain privacy computing node 22 (the client 21 directly sends an off-chain call request to the off-chain privacy computing node 22 , The off-chain privacy computing node 22 directly returns the off-chain privacy calculation result to the client 21), the data interaction between the client 21 and the node 23n (the client 21 submits a transaction to the node 23n, and the node 23n returns the off-chain to the client 21 Privacy calculation results), data interaction between node 23n and oracle server 24 (oracles server 24 reads the call request from node 23n, oracle server 24 feeds back the privacy calculation results under the chain to node 23n), oracle server 24 and Data interaction between off-chain privacy computing nodes 22 (the oracle server 24 sends a call request to the off-chain privacy computing node 22, and the off-chain privacy computing node 22 returns the off-chain privacy calculation result to the oracle server 24), etc.
  • the data transmitted between the data sender and the data receiver may leak, and the node 23n will link the transaction to cause the call request contained in the transaction to be disclosed, so it can be passed
  • the method of encrypting data transmission avoids information leakage.
  • Clients can deploy more off-chain contracts to off-chain private computing nodes; similarly, other clients can also deploy off-chain contracts to off-chain private computing nodes.
  • off-chain privacy computing nodes can generate corresponding contract IDs for deployed off-chain contracts, and there is a one-to-one correspondence between off-chain contracts and contract IDs, and the contract ID can be used as off-chain The identification information of the contract.
  • the off-chain privacy computing node may perform a hash operation on the bytecode of the off-chain contract to obtain the first hash value, and use the first hash value as the contract ID of the off-chain contract.
  • off-chain privacy computing nodes can also generate contract IDs in other ways, and this specification does not limit this.
  • the aforementioned call request may include the identification information of the off-chain contract, such as the aforementioned contract ID. Further, the call request may also include function information. In the case of multiple functions included in the off-chain contract, the call request needs to specify the function that the client needs to call through the function information.
  • the function information may be a function name, etc. This specification does not There is no restriction on this. Of course, if the off-chain contract contains only one function, or the client wants to call all functions in the off-chain contract, the function information can also be omitted in the call request.
  • the call request also includes the information of the input parameter data.
  • the information of the input parameter data can be the input parameter data itself, or the description information of the input parameter data.
  • the description information can be a storage address, etc., so that the off-chain private computing node can obtain the input parameter data accordingly, especially when the client itself In the case of not being the data owner, the interaction between the client and the data owner can be eliminated, the amount of data requested by the call can also be reduced, and the transmission speed can be accelerated.
  • the off-chain contract deployed on the off-chain privacy computing node can be used to update the state of an object, for example, to update the object from the first state to the second state.
  • the off-chain contract is a stateless contract, that is, the off-chain privacy computing node does not maintain the state data of the above object, so that the off-chain contract cannot actively learn the first state.
  • the input data only contains the data used to drive the object from the first state.
  • the state update for the above object will not be executed smoothly. Therefore, in addition to the data used to drive the object to change from the first state to the second state, the input data should also include the state data of the first state.
  • the above object can be a blockchain account.
  • the data (ie state data) of the blockchain account is only maintained at the blockchain node, and the off-chain privacy computing node does not maintain the data of the blockchain account, that is, off-chain.
  • the contract is a stateless contract, so when the execution logic of the off-chain contract is related to the blockchain account, the input data provided to the off-chain contract not only contains the data used to drive the update of the blockchain account, but also It should contain data on the historical state of the blockchain account. Since the off-chain contract is a stateless contract, it can avoid storing the state data at the off-chain private computing node, especially the data on the chain will not be stored, so that the privacy and security of the data on the chain can be guaranteed.
  • the call request may also include information about the identity public key of the specified object, and the identity private key is maintained by the specified object.
  • the specified object may be the aforementioned client, or any other demander specified by the client, which is not limited in this specification. Therefore, after obtaining the off-chain privacy calculation result, the off-chain privacy computing node can use the received identity public key of the specified object to encrypt the off-chain privacy calculation result, so that only the specified object who maintains the identity private key can do this chain The decryption of the private calculation results under the chain ensures the security of the off-chain private calculation results. If there are multiple designated objects at the same time, the call request can include the information of multiple identity public keys corresponding to these designated objects, so that the off-chain privacy computing node uses each identity public key to encrypt the off-chain privacy calculation results.
  • the client 21 directly sends an off-chain invocation request to the off-chain privacy computing node 22 as an example.
  • the client 21 generates a call request, and can directly send it to the off-chain privacy computing node 22 through the off-chain channel, then the off-chain privacy computing node 22 can call the pre-deployed off-chain contract according to the identification information of the off-chain contract contained in the call request.
  • the bytecode is executed by the virtual machine deployed in the off-chain TEE to perform privacy calculation on the input parameter data contained in the call request.
  • the client 21 does not want its call request to be arbitrarily known by other users, it can protect the privacy of the call request.
  • the client 21 can encrypt the sent call request, and the off-chain privacy computing node can receive the encrypted call request, which can ensure that the content of the call request will not be leaked during the transmission process.
  • the off-chain privacy computing node 22 obtains the off-chain privacy calculation results after performing off-chain privacy calculations, and the off-chain privacy computing node 22 can directly feed back the off-chain privacy calculation results to the client or the data requester through the off-chain channel.
  • the client 21 takes the client 21 submitting a transaction to the node 23n as an example.
  • the client 21 generates a transaction, and can submit a transaction to the node 23n through an on-chain channel, so that the node 23n can perform a consensus on the transaction submitted by the client 21 with other nodes and then upload the transaction on the chain, and deposit the transaction submitted by the client 21.
  • the client 21 does not want its behavior to be arbitrarily known to other users, the transaction can be protected for privacy.
  • the client 21 can encrypt the submitted transaction, and the node 23n can receive the encrypted transaction, which can ensure that the content of the transaction will not be leaked during the transmission process.
  • Node 23n can deploy the on-chain TEE, and node 23n can read the encrypted transaction into the on-chain TEE and decrypt it in the on-chain TEE to ensure that the decrypted challenge transaction only exists in the on-chain TEE. Leak out.
  • the node 23n can decrypt the transaction in the on-chain TEE and obtain the ciphertext of the call request, and then the node 23n can use the oracle mechanism to make the call request ciphertext. It is transmitted to the private computing node under the chain.
  • the client 21 can directly add the identification information to the transaction, then the node 23n can decrypt the transaction in the on-chain TEE to obtain the identification information; or, the exchange generated by the client 21
  • the called on-chain contract defines the identification information of the off-chain contract.
  • the node 23n can execute the called on-chain contract in the on-chain TEE to obtain the identification information.
  • the transaction generated by the client 21 may directly include the input parameter data, and then the node 23n can decrypt the transaction in the on-chain TEE and obtain the input parameter data. Then, the called on-chain contract is executed by the virtual machine deployed in the on-chain TEE. After the on-chain contract is executed, the above identification information and input parameter data can be packaged into a call request and the call request can be encrypted.
  • the transaction generated by the client can include the description information of the input parameter data, for example, the description information can be a storage address, etc., then the node 23n can query the corresponding input parameter data by executing the on-chain contract, and after the on-chain contract is executed
  • the above identification information and input data can be packaged into a call request and the call request can be encrypted.
  • the transaction generated by the client can include initial data, then the node 23n can process the initial data by executing the on-chain contract to obtain the corresponding input data. After the on-chain contract is executed, the above identification information and the input data can be combined. Package it into a call request and encrypt the call request.
  • the transaction generated by the client can include the description information of the initial data, for example, the description information can be a storage address, etc.
  • the node 23n can query the corresponding initial data by executing the contract on the chain, and the contract on the chain can check the initial data
  • the above identification information and input data can be packaged into a call request and the call request can be encrypted. Therefore, the client may not directly add the identification information or input data to the transaction.
  • the process of invoking the off-chain contract to perform off-chain privacy calculations is transparent. The client only needs to obtain the feedback of the off-chain privacy calculation results, and does not need to pay attention to the identification information of the invoked off-chain contract or the information of the input data, etc. .
  • the encrypted transmission of the call request can be in the form of symmetric encryption or asymmetric encryption. Encrypted transmission of the call request can ensure that the content of the call request will not be leaked during the transmission process.
  • symmetric encryption the client 21 and the off-chain private computing node 22 maintain the same symmetric key respectively.
  • the symmetric key can be used by the client 21 and the off-chain private computing node 22 through such as DH (Diffie-Hellman) or ECDH (Elliptic Curve Diffie-Hellman) and other algorithms are negotiated, or distributed by the KMS (Key Management Service) server to the client 21 and the privacy computing node 22 under the link. This manual does not limit the source of the key.
  • the KMS server can transmit the key to the client 21 during the process of the client 21 remotely certifying the off-chain private computing node. Then, the client 21 can encrypt the call request with the above-mentioned symmetric key, and the off-chain privacy computing node 22 maintains the symmetric key in the off-chain TEE, so the off-chain privacy computing node 22 receives the data transmitted by the node 23n Invoking the request, the off-chain privacy computing node 22 reads the encrypted invoking request into the off-chain TEE, and performs a decryption operation using the symmetric key to obtain the foregoing invoking request, and performs related calculations.
  • the encryption algorithm used by the symmetric encryption may include, for example, the DES algorithm, the 3DES algorithm, the TDEA algorithm, the Blowfish algorithm, the RC5 algorithm, and the IDEA algorithm.
  • the off-chain privacy computing node 22 maintains the private key of the node's asymmetric key, for example, the node private key, and the client 21 can obtain the node public key of the off-chain private computing node 22.
  • the asymmetric key can be generated by the off-chain private computing node 22 in the off-chain TEE, or distributed by the KMS server to the off-chain private computing node 22. This specification does not limit the source of the key.
  • the KMS server can transmit the public key of the node to the client 21 during the process of the client 21 remotely certifying the off-chain private computing node.
  • the client 21 can encrypt the call request with the node public key, and the off-chain privacy computing node 22 maintains the node’s private key in the off-chain TEE, thus reading the encrypted call request into the off-chain TEE, and pass The node private key performs the decryption operation to obtain the above-mentioned call request.
  • the asymmetric encryption algorithm used in the asymmetric encryption may include, for example, RSA, Elgamal, knapsack algorithm, Rabin, D-H, ECC (elliptic curve encryption algorithm), etc.
  • a combination of symmetric encryption and asymmetric encryption can also be used.
  • the client 21 can maintain a symmetric key.
  • the symmetric key can be randomly generated by the client 21, and the client 21 can obtain the public key in the aforementioned node asymmetric key.
  • the client 21 can encrypt the call request with a symmetric key, obtain the encrypted call request, and encrypt the symmetric key with an asymmetric key to obtain the encrypted key, and then the client 21 simultaneously encrypts the encrypted challenge transaction and encrypted
  • the latter key is transmitted to the off-chain privacy computing node 22.
  • the off-chain privacy computing node 22 reads the encrypted call request and the encrypted key into the off-chain TEE, first decrypts the encrypted key with the node's private key to obtain the symmetric key, and then uses the symmetric key pair After encryption, the request is called for decryption.
  • the encryption and decryption efficiency of symmetric encryption is relatively higher, but the security is relatively low, while the encryption and decryption efficiency of asymmetric encryption is relatively low, but the security is relatively higher. Therefore, based on the comparison between symmetric encryption and asymmetric encryption The combined form can take into account the efficiency and security of encryption and decryption.
  • symmetric encryption When encrypting the call request, symmetric encryption, asymmetric encryption, or a combination of the two can be used, and this specification does not limit this.
  • asymmetric encryption or a combination of symmetric encryption and asymmetric encryption When asymmetric encryption or a combination of symmetric encryption and asymmetric encryption is used, a set of asymmetric key pairs is involved, and the client 21 or node 23n needs to know the public key of the asymmetric key pair, and the asymmetric encryption The private key of the key pair needs to be maintained by the off-chain private computing node 22, so that the off-chain private computing node 22 can decrypt the received call request based on the private key.
  • the asymmetric key pair may be the aforementioned encryption key pair generated by the off-chain privacy computing node 22 in the off-chain TEE; accordingly, the off-chain privacy computing node 22 receives the ciphertext of the call request , Read the call request cipher text into the off-chain TEE, and decrypt the call request cipher text based on the encrypted private key to obtain the call request in plain text.
  • the data sender and the data receiver maintain the same symmetric key, or the data sender maintains the public key of the asymmetric key, and the data receiver maintains the non-symmetric key.
  • the private key of the symmetric key, or the combination of symmetric encryption and asymmetric encryption can realize the encrypted transmission of data between any data sender and data receiver, which will not be repeated here.
  • An off-chain private computing node may belong to an off-chain private computing cluster, and the off-chain private computing cluster includes multiple off-chain private computing nodes. If the privacy computing nodes under each chain are completely independent, then the interaction process between the client and a single privacy computing node under the chain can refer to the above-mentioned embodiments.
  • the off-chain privacy computing cluster may include a control node, and the control node will uniformly manage all off-chain privacy computing nodes in the cluster. For example, the client can send a call request to the control node, and receive the off-chain privacy calculation result of the off-chain privacy computing node returned by the control node.
  • the client can send a call request to the control node, or the client can submit a transaction to the blockchain node, and the call request contained in the transaction is transmitted to the control node by the blockchain node through the oracle mechanism. , So that the control node returns the off-chain privacy calculation result sent by the off-chain privacy computing node to the client.
  • the client 31 can directly send a call request to the control node 32 through an off-chain channel.
  • the client 31 can submit a transaction to the control node 32 through the blockchain network 33, that is, the client 31 sends an on-chain transaction to the control node 32, and the blockchain network 33 can obtain a call request based on the transaction, and The call request is transmitted to the control node 32 through the oracle mechanism.
  • the on-chain call request process can include three steps: Step 1, the client 31 submits a transaction to the blockchain network 33, and the transaction can be received and executed by a certain node in the blockchain network 33, such as node 33n.
  • the blockchain node 33n obtains the encrypted call request; step 2, the node 33n calls the pre-deployed oracle smart contract (referred to as the oracle contract), which can pass the call request to the oracle server 34 under the chain
  • the oracle contract can generate an event containing the call request, and the oracle server 34 can obtain the aforementioned call request by monitoring the event generated by the oracle contract; step 3, the oracle server 34 sends the call request through the off-chain channel Send to the control node 32.
  • the client 31 can directly send a call request to the control node 32, that is, the process of sending a call request has nothing to do with the blockchain network, so that the consensus process between blockchain nodes can be skipped, and the interaction between on-chain and off-chain can be reduced, so that The call request sent by the client 31 to the control node 32 has higher operational efficiency.
  • the client 31 may adopt an on-chain form.
  • the client 31 may submit a transaction to a blockchain node, and the call request contained in the transaction may be transmitted to the control node by the blockchain node through the oracle mechanism.
  • the control node receives the above-mentioned call request.
  • the target node can be set as a certain off-chain private computing node in the cluster where the control node 32 is located, such as off-chain private computing node 32n, then the control node 32 will receive The invocation request is forwarded to the off-chain private computing node 32n.
  • the client 31 or node 33n when the client 31 or node 33n encrypts the invocation request, it only needs to ensure that the off-chain private computing node 32n can decrypt, for example,
  • the off-chain privacy computing node 32n can use the encrypted public key generated in the off-chain TEE to encrypt the call request, and the off-chain privacy computing node 32n can encrypt the call request in the off-chain TEE after receiving the ciphertext of the call request.
  • the key decrypts the ciphertext of the call request to obtain the call request.
  • the client 31 or the node 33n may not set the target node in the call request, and the call request may use the encrypted public key generated in the off-chain TEE by a certain off-chain privacy computing node in the cluster where the control node 32 is located. Encrypt the call request, then the control node 32 will receive the call request and forward it to all off-chain privacy computing nodes in the cluster where the control node 32 is located, then only the off-chain privacy computing that maintains the corresponding encrypted private key The node can decrypt the call request.
  • the off-chain private computing node may belong to the off-chain private computing cluster, and the off-chain private computing cluster includes multiple off-chain private computing nodes.
  • the control node 32 can select a certain off-chain privacy computing node from the off-chain privacy computing cluster according to the load balancing algorithm, and the invocation request can be received by the control node and forwarded to the off-chain privacy computing node .
  • the client 31 or node 33n encrypts the call request, it needs to use the encryption public key of the cluster to encrypt, so as to ensure that any off-chain private computing node in the off-chain private computing cluster can decrypt the call request. .
  • the client In the process of deploying the off-chain contract, the client first encrypts the bytecode and transmits it to the control node, and then the control node forwards it to one or more off-chain privacy computing nodes in the cluster, thereby transferring the bytes of the off-chain contract.
  • the deployment of the code to one or more off-chain privacy computing nodes in the cluster is similar to the deployment process of the aforementioned off-chain contract, and will not be repeated here. If deployed to multiple off-chain private computing nodes, then these off-chain private computing nodes can provide the ability to call the same off-chain contract at the same time, so as to realize parallel off-chain private computing, and it can also be used in multiple off-chain private computing nodes. Achieve load balancing between.
  • unified identity information can be generated for these off-chain private computing nodes, such as cluster identity information.
  • the cluster identity information may include a cluster encryption key pair and a cluster signature key pair.
  • Each of the above-mentioned privacy computing nodes under the chain needs to maintain the cluster encryption private key and the cluster signature private key in their respective chain TEEs. Then, as long as the client or blockchain node encrypts the call request with the cluster encryption public key, it can ensure that each of the above-mentioned off-chain private computing nodes can decrypt with the cluster-encrypted private key in their respective off-chain TEE, thereby calling ask.
  • the client does not need to pay attention to whether the other party is a single off-chain private computing node or off-chain private computing cluster. It only needs to use it as an object and interact with the object, without paying attention to the nodes or clusters behind it. detail.
  • contract identities can be generated for off-chain contracts deployed on off-chain private computing nodes.
  • each off-chain privacy computing node can establish a contract identity for its deployed off-chain contract, and the contract identities generated by different off-chain privacy computing nodes for the same off-chain contract are the same .
  • off-chain privacy computing nodes can generate corresponding contract identities for off-chain contracts based on the unified cluster identity and the contract ID of the off-chain contract.
  • the contract identity can be defined by the contract identity key pair.
  • the contract identity can include a contract encryption key pair and a contract signature key pair.
  • the client 31 or the node 33n may also use the contract encryption public key to encrypt the information of the input data contained in the call request.
  • the off-chain privacy computing node 32n After the off-chain privacy computing node 32n receives a call request for a certain off-chain contract, it uses the contract encryption private key corresponding to the off-chain contract to decrypt the encrypted input data information in the call request, so as to ensure the entry of parameters. Data information can only be obtained by the called off-chain contract, but not by other off-chain contracts.
  • the off-chain privacy computing node 32n can sign the call result through the contract signature private key of the called off-chain contract, and the client 31 or node 33n can verify the signature through the contract signature public key. Therefore, it is determined that the call result is indeed generated by the called off-chain contract.
  • Step 104 The off-chain privacy computing node invokes the bytecode of the pre-deployed off-chain contract according to the identification information, and executes the byte code through a virtual machine deployed in the off-chain trusted execution environment Code to perform off-chain privacy calculations on the incoming parameter data.
  • the off-chain private computing node can decrypt the call request in the off-chain TEE to obtain other information such as identification information and input data information.
  • the off-chain private computing node can call the bytecode of the pre-deployed off-chain contract based on the identification information.
  • the off-chain private computing node can determine the corresponding execution engine according to the bytecode, and execute the bytecode through the determined execution engine to input Participate data for off-chain privacy calculations.
  • the off-chain private computing node can also indicate the execution engine used to execute the bytecode.
  • the off-chain privacy computing node can receive the execution engine designation information associated with the bytecode of the off-chain contract sent by the client, and set the corresponding execution engine for the bytecode according to the execution engine designation information. Therefore, off-chain privacy computing nodes can perform off-chain privacy calculations on the input parameter data in the off-chain TEE according to the determined execution engine.
  • the off-chain contract can be used to verify whether the amount of encrypted order data stored on the blockchain is correct, and the verification result is fed back to the chain; for another example, the off-chain contract can be used to secure multi-party data according to a preset algorithm Calculations are safe multi-party calculations, and the calculation results are fed back to the chain, etc., so I won’t repeat them here.
  • Step 106 The off-chain privacy computing node encrypts and feeds back the obtained off-chain privacy calculation results in an off-chain trusted execution environment.
  • the off-chain privacy calculation result obtained by the off-chain privacy computing node performing calculations in the off-chain TEE can include at least one of the following: response code, response information, return value of contract invocation, process output of contract invocation, and off-chain privacy computing node can According to the call request, the corresponding off-chain privacy calculation result is returned, which is not restricted in this specification.
  • the off-chain privacy computing node can sign the calculation result with the node signature private key of the off-chain privacy computing node or can use the contract signature private key of the called off-chain contract to sign the calculation result , It is also possible to use both the node signature private key and the contract signature private key to sign the off-chain privacy calculation result, which is not restricted in this manual.
  • the client or blockchain node can verify the signature through the node signature public key or the contract signature public key to determine that the off-chain privacy calculation result is indeed generated by the off-chain privacy computing node calling the corresponding off-chain contract, and the calculation The result has not been tampered with.
  • the off-chain privacy computing node can use the identity public key to encrypt the off-chain privacy calculation result, so that only the specified object that maintains the identity private key can do so.
  • the decryption of the off-chain privacy calculation results can restrict users who can view the off-chain privacy calculation results, while other users can only obtain the encrypted off-chain privacy calculation results when they directly view the off-chain privacy calculation results, thus ensuring the off-chain privacy calculations The result of privacy protection.
  • the off-chain privacy computing node can also perform a hash operation on the received call request to obtain the first hash value, and the off-chain privacy computing node will be the first hash value. Hope value and the above-mentioned off-chain privacy calculation results are associated with feedback.
  • the client or the blockchain node compares the received first hash value with the second hash value of the generated call request, and determines whether the off-chain privacy calculation result is reliable according to the comparison result.
  • the comparison result between the first hash value and the second hash value is inconsistent, it indicates that the off-chain privacy calculation result associated with the first hash value is unreliable; if the first hash value is compared with the second hash value If the comparison results are consistent, it is necessary to further verify other reference information such as the signature of the off-chain privacy computing node or the called contract. Only when the reference information is correct can the off-chain privacy calculation result be determined to be reliable.
  • the off-chain privacy computing node can feed back the off-chain privacy calculation result to the client or the data demander through the off-chain channel, that is, the process of the off-chain privacy computing node feeding back the off-chain privacy calculation result and the blockchain
  • the network is independent, so that the off-chain privacy computing node directly feeds back the off-chain privacy calculation result to the client or the data demander, which has higher efficiency.
  • the off-chain privacy computing node belongs to the off-chain privacy computing cluster, the off-chain privacy computing node can send the off-chain privacy calculation result to the control node, and the control node will feedback the off-chain privacy calculation result to the customer through the off-chain channel end.
  • the client can also initiate a deposit certificate transaction to the blockchain node.
  • the deposit certificate transaction contains the off-chain privacy calculation result, so that the block
  • the chain node will carry out the consensus on the deposit certificate transaction submitted by the client with other nodes and then upload it to the chain.
  • the off-chain privacy computing node can transmit the off-chain privacy calculation result to the blockchain node through the oracle mechanism, or the off-chain privacy computing node can first send the off-chain privacy calculation result to the control node. And the control node transmits the off-chain privacy calculation result to the blockchain node through the oracle mechanism.
  • the blockchain node can update the blockchain ledger data according to the calculation result, can solidify the calculation result, and can support the later verification of the calculation result.
  • the calculation result generated based on the off-chain contract is relatively shorter. Therefore, when the calculation result is uploaded to the chain, it is helpful to save Storage space on the chain.
  • the blockchain node updates the blockchain ledger data according to the calculation result, or it is called uploading the calculation result to the chain.
  • the method can include: generating a blockchain transaction and adding the calculation result to the data field of the transaction. After the block chain transaction has passed the consensus, it can be added by each block chain node to the block body of the latest block, thereby realizing the update of the block chain ledger data, that is, completing the chaining of the calculation result; or,
  • the blockchain node updates the state of the related account according to the calculation result.
  • the related account can be, for example, the external account corresponding to the user or the contract account corresponding to the contract on the chain.
  • the update of the state of the related account will cause the state tree to change.
  • the value of the root of the tree changes, and the root of the state tree will be included in the block header of the latest block, thereby realizing the update of the blockchain ledger data, which is equivalent to uploading the calculation result to the chain.
  • this manual proposes that when the off-chain private computing node has pre-deployed the bytecode of the off-chain contract, the off-chain private computing node can call the bytecode of the off-chain contract in the off-chain TEE.
  • the calculation operation is performed in the off-chain private computing node, and the off-chain private computing node can sign the calculation result through the node signature private key of the off-chain private computing node or the contract signature private key of the called off-chain contract can be used to sign the calculation result.
  • the off-chain privacy calculation result is indeed generated by the off-chain privacy computing node calling the corresponding off-chain contract, and it can be verified that the calculation result has not been tampered with, and the security and reliability of the off-chain privacy calculation result can be guaranteed; at the same time, the block
  • the chain node does not need to perform calculation operations. It only needs to obtain the calculation result from the off-chain private calculation node and update the blockchain ledger data based on the calculation result, which can reduce the resource consumption of the blockchain network.
  • this specification also proposes other embodiments on the client side, blockchain node side, control node side, etc.
  • the embodiments involved in the off-chain privacy computing node side The description can also be applied to the embodiments on these sides, which will not be repeated hereafter.
  • FIG. 4 is a flowchart of a method for invoking a contract on the client side provided by an exemplary embodiment. As shown in FIG. 4, the method may include steps 402 to 404.
  • step 402 the client generates a call request, the call request includes the identification information of the off-chain contract and the information of the input parameter data.
  • the client submits a transaction to the blockchain node, and the transaction triggers the blockchain node to transmit the encrypted call request to the off-chain private computing node through the oracle mechanism; among them, the off-chain generated by the off-chain private computing node
  • the privacy calculation result is fed back to the blockchain node, and the off-chain privacy calculation result is used to drive the blockchain node to update the blockchain ledger data.
  • Step 404 The client sends an encrypted call request to the off-chain private computing node, and after the identification information and the information of the input data are decrypted by the off-chain private computing node in the off-chain trusted execution environment, The identification information is used to instruct the off-chain privacy computing node to obtain the bytecode of the off-chain contract, and execute the bytecode through the virtual machine deployed in the off-chain trusted execution environment to access the input Participate data for off-chain privacy calculations.
  • the client can directly initiate an off-chain invocation request to the off-chain privacy computing node.
  • the client can initiate a certificate deposit transaction to a blockchain node, and the certificate deposit transaction includes the results of off-chain privacy calculations.
  • the client directly sends an encrypted call request to the off-chain private computing node; or, in the case that the off-chain private computing node belongs to the off-chain private computing cluster, the client sends the off-chain private computing cluster to the control node Send the encrypted call request so that the control node forwards the call request.
  • the call request is encrypted by the public key of the node's asymmetric key pair and then transmitted, and the private key of the node's asymmetric key pair is maintained by the private computing node under the chain.
  • the private key of the node's asymmetric key pair is only maintained by the off-chain private computing node, or the private key of the node's asymmetric key pair It is jointly maintained by all off-chain private computing nodes in the off-chain private computing cluster.
  • the client obtains the remote attestation report of the off-chain private computing node.
  • the remote attestation report is generated by the authentication server after verifying the self-recommended information generated by the off-chain private computing node.
  • the self-recommended information is created on the off-chain private computing node.
  • the off-chain trusted execution environment is related; if the client determines that the off-chain private computing node is trustworthy according to the remote attestation report, it sends an encrypted call request to the off-chain private computing node.
  • the information of the input parameter data can be encrypted by the public key of the contract asymmetric key pair.
  • the contract asymmetric key is pre-generated by the off-chain private computing node in the off-chain trusted execution environment and corresponds to the off-chain The identity of the contract.
  • the client can use the public key of the contract asymmetric key pair to encrypt the information of the input parameter data before transmission.
  • different off-chain privacy computing nodes generate different contract asymmetric key pairs for off-chain contracts; or, different off-chain privacy computing nodes generate the same contract asymmetric key pairs for off-chain contracts.
  • the client adds the information of the identity public key of the specified object to the call request; the client receives the result ciphertext returned by the off-chain privacy computing node using the identity public key to encrypt the execution result.
  • the client adds function information to the call request, and the function information is used to instruct the off-chain privacy computing node to call the bytecode corresponding to the function information in the off-chain contract.
  • the off-chain privacy calculation result includes at least one of the following: response code, response information, return value of contract invocation, and process output of contract invocation.
  • the client receives the first hash value obtained by the off-chain privacy computing node hashing the invocation request and the off-chain privacy calculation result; the client generates the second hash value of the invocation request, and adds the first hash value of the invocation request.
  • a hash value is compared with a second hash value; the client determines whether the off-chain privacy calculation result is reliable according to the comparison result.
  • the input data of the off-chain contract includes the historical state value of the contract state defined in the off-chain contract.
  • FIG. 5 is a flowchart of a method for invoking a contract on the side of a blockchain node provided by an exemplary embodiment. As shown in FIG. 5, the method may include step 502 to step 506.
  • Step 502 The blockchain node obtains an encrypted call request, the call request including the identification information of the off-chain contract and the information of the input data.
  • the blockchain node extracts the call request from the transaction submitted by the client; or the blockchain node executes the on-chain contract in the trusted execution environment created by the client based on the transaction submitted by the client. Call request.
  • the blockchain node directly feeds back the calculation result to the client; or, the blockchain node updates the blockchain ledger data according to the received calculation result.
  • the blockchain node transmits the encrypted call request to the off-chain private computing node through the oracle mechanism, and the identification information and the information of the input data are transferred to the off-chain private computing node by the off-chain private computing node.
  • the identification information is used to instruct the off-chain private computing node to obtain the bytecode of the off-chain contract, and execute the all-in-one through the virtual machine deployed in the off-chain trusted execution environment.
  • the bytecode is used to perform off-chain privacy calculations on the incoming parameter data.
  • the blockchain node directly transmits the encrypted call request to the off-chain private computing node through the oracle mechanism; or, in the case that the off-chain private computing node belongs to the off-chain private computing cluster, the blockchain node
  • the encrypted call request is transmitted to the control node of the privacy computing cluster under the chain through the oracle mechanism, so that the control node forwards the call request.
  • the call request is encrypted by the public key of the node's asymmetric key pair and then transmitted, and the private key of the asymmetric key pair is maintained by the private computing node under the chain.
  • the private key of the node's asymmetric key pair is only maintained by the off-chain private computing node, or the node's asymmetric key pair
  • the private key is jointly maintained by all off-chain private computing nodes in the off-chain private computing cluster.
  • the information of the input data is encrypted by the public key of the contract asymmetric key pair.
  • the contract asymmetric key is pre-generated by the off-chain private computing node in the off-chain trusted execution environment and corresponds to the off-chain contract. identity of.
  • Step 506 The blockchain node receives the off-chain privacy calculation result fed back by the off-chain privacy computing node through the oracle mechanism.
  • the blockchain node receives the calculation result returned after the off-chain privacy computing node encrypts the execution result with the identity public key Ciphertext.
  • the blockchain node receives the first hash value obtained by the off-chain privacy computing node hashing the call request and the off-chain privacy calculation result; the blockchain node compares the first hash value with the off-chain privacy calculation result.
  • the privacy calculation result is fed back to the requester, the first hash value is used to compare with the second hash value of the call request generated by the requester, and the comparison result is used to determine whether the off-chain privacy calculation result is reliable.
  • the input data of the off-chain contract includes the historical state value of the contract state defined in the off-chain contract.
  • FIG. 6 is a flowchart of a method for invoking a contract on the control node side provided by an exemplary embodiment. As shown in FIG. 6, the method may include step 602 to step 606.
  • Step 602 The control node receives an encrypted call request, where the call request includes the identification information of the off-chain contract and the information of the input parameter data.
  • control node receives the call request transmitted by the blockchain node through the oracle mechanism; or, the control node receives the off-chain call request directly sent by the client.
  • the call request is encrypted by the public key of the node's asymmetric key pair and then transmitted, and the private key of the asymmetric key pair is maintained by the private computing node under the chain.
  • Step 604 The control node forwards the call request to the off-chain privacy computing node selected from the off-chain privacy computing cluster.
  • the private key of the node's asymmetric key pair can only be maintained by the off-chain private computing node.
  • the control node forwards the call request to the off-chain private computing node; in the case where the target node of the encrypted call request is not set The control node forwards the call request to all off-chain private computing nodes in the off-chain private computing cluster.
  • the private key of the node asymmetric key pair can be jointly maintained by all off-chain privacy computing nodes in the off-chain privacy computing cluster.
  • the control node selects the off-chain private computing node from the off-chain private computing cluster according to the load balancing algorithm, and forwards the call request to the off-chain private computing node.
  • Step 606 The control node feeds back the off-chain privacy calculation result received from the off-chain privacy computing node.
  • control node directly feeds back the off-chain privacy calculation result to the client; or, the control node feeds back the off-chain privacy calculation result through the oracle mechanism.
  • control node receives the first hash value and the off-chain privacy calculation result obtained by the off-chain privacy computing node hashing the call request; the control node forwards the first hash value and the off-chain privacy calculation result To the requester, the first hash value is used to compare with the second hash value of the call request generated by the requester, and the comparison result is used to determine whether the off-chain privacy calculation result is reliable.
  • the input data of the off-chain contract includes the historical state value of the contract state defined in the off-chain contract.
  • the client can also directly interact with the off-chain private computing node or control node to complete the deployment of smart contracts on the private computing node, challenge smart contracts, verify smart contracts, and call smart contracts.
  • the calculation results obtained by invoking the smart contract deployed on the privacy computing node do not need to be fed back to the blockchain.
  • “off-chain private computing nodes” will be referred to as “private computing nodes”
  • “off-chain trusted execution environment” will be referred to as “trusted execution environment”.
  • the principle of the technical solution is similar to the foregoing embodiment, and the involved implementation details can also refer to the foregoing embodiment, so the detailed description will not be given below.
  • FIG. 7 is a flowchart of a method for invoking a smart contract on the privacy computing node side provided by an exemplary embodiment. As shown in FIG. 7, the method may include step 702 to step 706.
  • Step 702 The privacy computing node receives the encrypted call request, and decrypts in the trusted execution environment to obtain the identification information of the smart contract and the information of the input parameter data included in the call request.
  • the private computing node directly receives the encrypted call request from the client; or, in the case that the private computing node belongs to a private computing cluster, the private computing node receives the private computing cluster The encrypted call request forwarded by the control node of.
  • the call request is transmitted after being encrypted by the public key of the node asymmetric key pair, and the private key of the node asymmetric key pair is maintained by the privacy computing node.
  • the private computing node belongs to a private computing cluster, and the private key of the node asymmetric key pair is only maintained by the private computing node; the target node of the encrypted call request is set
  • the encrypted call request is received by the control node and forwarded to the private computing node; in the case where the target node of the encrypted call request is not set , The encrypted call request is received by the control node and forwarded to all private computing nodes in the private computing cluster.
  • the private computing node belongs to a private computing cluster, and the private key of the node asymmetric key pair is jointly maintained by all private computing nodes in the private computing cluster; the private computing node is The control node is selected from the privacy computing cluster according to the load balancing algorithm, and the encrypted call request is received by the control node and forwarded to the privacy computing node.
  • Step 704 The privacy computing node calls the pre-deployed bytecode of the smart contract according to the identification information, and executes the bytecode through the virtual machine deployed in the trusted execution environment to Enter parameter data for privacy calculation.
  • the input data of the smart contract includes the historical state value of the contract state defined in the smart contract.
  • Step 706 The private computing node encrypts and feeds back the obtained private computing result in a trusted execution environment.
  • the privacy computing node performs a hash operation on the invocation request to obtain the first hash value; the privacy computing node associates the first hash value with the privacy calculation result and feeds back, the first The hash value is used to compare with the second hash value of the call request generated by the client, and the comparison result is used to determine whether the privacy calculation result is reliable.
  • FIG. 8 is a flowchart of a method for invoking a smart contract on the client side according to an exemplary embodiment. As shown in FIG. 8, the method may include step 802 to step 804.
  • Step 802 the client terminal generates a call request, the call request includes the identification information of the smart contract and the information of the input parameter data.
  • the client directly sends an encrypted call request to the private computing node; or, in the case that the private computing node belongs to the private computing cluster, the client sends the control node of the private computing cluster Send the encrypted call request, so that the control node forwards the call request.
  • the call request is transmitted after being encrypted by the public key of the node asymmetric key pair, and the private key of the node asymmetric key pair is maintained by the privacy computing node.
  • the private key of the node asymmetric key pair is only maintained by the private computing node, or the private key of the node asymmetric key pair
  • the private key is jointly maintained by all private computing nodes in the private computing cluster.
  • step 804 the client sends an encrypted call request to the private computing node.
  • the identification information and the information of the input data are decrypted by the private computing node in a trusted execution environment
  • the identification information It is used to instruct the privacy computing node to obtain the bytecode of the smart contract, and execute the bytecode through the virtual machine deployed in the trusted execution environment to perform privacy calculation on the input parameter data.
  • the client receives the first hash value obtained by the privacy computing node hashing the invocation request and the privacy calculation result; the client generates the first hash value of the invocation request Two hash values, and compare the first hash value with the second hash value; the client determines whether the privacy calculation result is reliable according to the comparison result.
  • the input data of the smart contract includes the historical state value of the contract state defined in the smart contract.
  • FIG. 9 is a flowchart of a method for invoking a smart contract on the control node side provided by an exemplary embodiment. As shown in FIG. 9, the method may include step 902 to step 906.
  • Step 902 The control node receives an encrypted call request directly sent by the client, where the call request includes the identification information of the smart contract and the information of the input parameter data.
  • the call request is encrypted by the public key of the node asymmetric key pair and then transmitted, and the private key of the asymmetric key pair is maintained by the privacy computing node.
  • the private key of the node asymmetric key pair is only maintained by the private computing node; the control node forwards the call request to the private computing node selected from the private computing cluster, Including: in the case where the target node of the encrypted call request is set as the private computing node, the control node forwards the call request to the private computing node; If the target node of is not set, the control node forwards the call request to all private computing nodes in the private computing cluster.
  • the private key of the node asymmetric key pair is jointly maintained by all private computing nodes in the private computing cluster; the control node forwards the call request to all selected from the private computing cluster
  • the privacy computing node includes: the control node selects the privacy computing node from the privacy computing cluster according to a load balancing algorithm, and forwards the call request to the privacy computing node.
  • Step 904 The control node forwards the call request to the privacy computing node selected from the privacy computing cluster.
  • the input data of the smart contract includes the historical state value of the contract state defined in the smart contract.
  • Step 906 The control node feeds back the privacy calculation result received from the privacy calculation node.
  • control node receives the first hash value obtained by the privacy computing node hashing the call request and the privacy calculation result; the control node hashes the first hash value The value and the privacy calculation result are forwarded to the requesting party, the first hash value is used to compare with the second hash value of the call request generated by the client, and the comparison result is used to determine whether the privacy calculation result is reliable.
  • Fig. 10 is a schematic structural diagram of a device according to an exemplary embodiment.
  • the electronic device includes a processor 1002, an internal bus 1004, a network interface 1006, a memory 1008, and a non-volatile memory 1010.
  • the processor 1002 reads the corresponding computer program from the non-volatile memory 1010 to the memory 1008 and then runs it, forming a command calling contract device on the logical level.
  • this specification does not exclude other implementations, such as logic devices or a combination of software and hardware, etc. That is to say, the execution body of the following processing flow is not limited to each logic unit, and can also be Hardware or logic device.
  • the device for invoking the contract may include: a receiving and decrypting unit 1102, so that the off-chain privacy computing node receives the encrypted invocation request and sends it to the off-chain
  • the identification information of the off-chain contract and the information of the input parameter data contained in the invocation request are decrypted; the invocation and execution unit 1104 enables the off-chain private computing node to invoke the pre-deployed all data based on the identification information.
  • the bytecode of the off-chain contract is executed by a virtual machine deployed in the off-chain trusted execution environment to perform off-chain privacy calculations on the incoming parameter data; the feedback unit 1106 enables all The off-chain private computing node encrypts and feeds back the obtained off-chain private computing results in an off-chain trusted execution environment.
  • the receiving and decrypting unit 1102 is specifically configured to: enable the off-chain private computing node to receive the call request transmitted by the blockchain node through the oracle mechanism; enable the off-chain private computing node to perform trusted execution off-chain Encrypting and feeding back the obtained off-chain privacy calculation results in the environment includes: the off-chain computing node feedbacks the off-chain privacy calculation results through the oracle mechanism.
  • the receiving and decrypting unit 1102 is specifically configured to: enable the encrypted call request to be extracted by the blockchain node from the transaction submitted by the client; or, enable the encrypted call request It is generated by the blockchain node executing an on-chain contract in the trusted execution environment on the chain created by the blockchain node according to the transaction submitted by the client.
  • the receiving and decrypting unit 1102 is specifically configured to: enable the off-chain private computing node to receive the off-chain invocation request directly initiated by the client; and enable the off-chain private computing node to perform the verification in the off-chain trusted execution environment Encrypting and feeding back the obtained off-chain privacy calculation result includes: the off-chain computing node directly feeds back the off-chain privacy calculation result to the client.
  • the receiving and decrypting unit 1102 is specifically configured to: enable the off-chain private computing node to directly receive an encrypted call request from the requesting party; or, the off-chain private computing node belongs to an off-chain private computing cluster In the case of, the off-chain privacy computing node receives the encrypted call request forwarded by the control node of the off-chain privacy computing cluster.
  • the call request is transmitted after being encrypted by the public key of the node asymmetric key pair, and the private key of the node asymmetric key pair is maintained by the off-chain privacy computing node.
  • the off-chain privacy computing node belongs to an off-chain privacy computing cluster, and the private key of the node asymmetric key pair is only maintained by the off-chain privacy computing node; in the encrypted call request When the target node of is set as the off-chain private computing node, the encrypted call request is received by the control node and forwarded to the off-chain private computing node; in the encrypted call request If the target node of is not set, the encrypted call request is received by the control node and forwarded to all off-chain privacy computing nodes in the off-chain privacy computing cluster.
  • the off-chain privacy computing node belongs to an off-chain privacy computing cluster, and the private key of the node asymmetric key pair is jointly maintained by all off-chain privacy computing nodes in the off-chain privacy computing cluster;
  • the off-chain privacy computing node is selected by the control node from the off-chain privacy computing cluster according to the load balancing algorithm, and the encrypted call request is received by the control node and forwarded to the off-chain privacy computing node .
  • the device further includes: an engine determining unit 1108, which enables the off-chain private computing node to determine the execution engine corresponding to the bytecode; an engine The execution unit 1110, where the off-chain privacy computing node executes the bytecode through the determined execution engine.
  • a remote certification report providing unit 1112 to enable the off-chain private computing node to provide a remote certification report to the requesting party, where the remote certification report is self-recommended information generated by the authentication server to the off-chain private computing node Generated after verification, the self-recommendation information is related to the off-chain trusted execution environment created on the off-chain private computing node; wherein, the call request is determined by the client on the chain according to the remote attestation report. Initiated when the next privacy computing node is trusted.
  • the information of the input data is encrypted by the public key of the contract asymmetric key pair, and the contract asymmetric key is pre-defined by the off-chain private computing node in the off-chain trusted execution environment.
  • the device further includes: an input data information decryption unit 1114.
  • the off-chain privacy computing node is configured in the chain according to the private key of the contract asymmetric key pair.
  • the information of the input parameter data is obtained by decrypting in the trusted execution environment.
  • different off-chain privacy computing nodes generate different contract asymmetric key pairs for the off-chain contract; or, different off-chain privacy computing nodes generate contract asymmetric key pairs for the off-chain contract same.
  • the invocation request further includes information about the identity public key of the specified object
  • the feedback unit 1106 is specifically configured to: enable the off-chain privacy computing node to encrypt the execution result according to the identity public key and then feed back.
  • the calling request further includes function information
  • the calling and executing unit 1104 is specifically configured to: enable the off-chain privacy computing node to call the bytecode corresponding to the function information in the off-chain contract.
  • the off-chain privacy calculation result includes at least one of the following: response code, response information, return value of contract invocation, and process output of contract invocation.
  • it further includes: an arithmetic unit 1116 that enables the off-chain privacy computing node to perform a hash operation on the call request to obtain the first hash value; an association feedback unit 1118 that enables the off-chain privacy computing node to The first hash value is associated with the feedback of the off-chain privacy calculation result, the first hash value is used for comparison with the second hash value of the call request generated by the requester, and the comparison result is used for Determine whether the off-chain privacy calculation result is reliable.
  • an arithmetic unit 1116 that enables the off-chain privacy computing node to perform a hash operation on the call request to obtain the first hash value
  • an association feedback unit 1118 that enables the off-chain privacy computing node to The first hash value is associated with the feedback of the off-chain privacy calculation result, the first hash value is used for comparison with the second hash value of the call request generated by the requester, and the comparison result is used for Determine whether the off-chain privacy calculation result is reliable.
  • the input data of the off-chain contract includes the historical state value of the contract state defined in the off-chain contract.
  • the device for invoking the contract may include: a generating unit 1202 for the client to generate a call request, the call request including the identification information of the off-chain contract and input data Information; the sending unit 1204, which enables the client to send an encrypted call request to the off-chain private computing node, and the identification information and the information of the incoming parameter data are trusted by the off-chain private computing node to execute under the chain After decryption in the environment, the identification information is used to instruct the off-chain private computing node to obtain the bytecode of the off-chain contract, and execute the byte code through the virtual machine deployed in the off-chain trusted execution environment Code to perform off-chain privacy calculations on the incoming parameter data.
  • the sending unit 1204 is specifically configured to: enable the client to submit a transaction to a blockchain node, and the transaction triggers the blockchain node to transmit the encrypted call request to the off-chain through an oracle mechanism Privacy calculation node; wherein the off-chain privacy calculation result generated by the off-chain privacy calculation node is fed back to the blockchain node, and the off-chain privacy calculation result is used to drive the blockchain node to update the blockchain Ledger data.
  • the sending unit 1204 is specifically configured to: cause the client to directly send an encrypted call request to the off-chain private computing node; or, in the case that the off-chain private computing node belongs to an off-chain private computing cluster, The client is caused to send an encrypted call request to the control node of the off-chain privacy computing cluster, so that the control node forwards the call request.
  • the call request is transmitted after being encrypted by the public key of the node asymmetric key pair, and the private key of the node asymmetric key pair is maintained by the off-chain privacy computing node.
  • the private key of the node asymmetric key pair is only maintained by the off-chain privacy computing node, or the node is not The private key of the symmetric key pair is jointly maintained by all the off-chain privacy computing nodes in the off-chain privacy computing cluster.
  • a remote certification report obtaining unit 1208, which enables the client to obtain a remote certification report of the off-chain private computing node, where the remote certification report is generated by the authentication server on the off-chain private computing node
  • the self-recommendation information is generated after verification, and the self-recommendation information is related to the off-chain trusted execution environment created on the off-chain private computing node; enabling the client to determine the availability of the off-chain private computing node according to the remote attestation report
  • the encrypted call request is sent to the off-chain privacy computing node.
  • the information of the input data is encrypted by the public key of the contract asymmetric key pair, and the contract asymmetric key is pre-defined by the off-chain private computing node in the off-chain trusted execution environment.
  • the device further includes: an input data information encryption unit 1210, which enables the client to use the public key of the contract asymmetric key pair to transfer the input data
  • the information is encrypted and transmitted.
  • different off-chain privacy computing nodes generate different contract asymmetric key pairs for the off-chain contract; or, different off-chain privacy computing nodes generate the same contract asymmetric key pair for the off-chain contract.
  • an identity public key information adding unit 1212 which enables the client to add the identity public key information of the specified object to the call request, so that the client receives the off-chain privacy computing node using the identity public key pair
  • the result ciphertext returned after the execution result is encrypted.
  • it further includes: a function information adding unit 1214 that enables the client to add function information to the call request, where the function information is used to instruct the off-chain privacy computing node to call the off-chain contract that corresponds to all The bytecode of the function information.
  • a function information adding unit 1214 that enables the client to add function information to the call request, where the function information is used to instruct the off-chain privacy computing node to call the off-chain contract that corresponds to all The bytecode of the function information.
  • the off-chain privacy calculation result includes at least one of the following: response code, response information, return value of contract invocation, and process output of contract invocation.
  • it further includes: an operation result receiving unit 1216 to enable the client to receive the first hash value obtained by the off-chain privacy computing node hashing the invocation request and the off-chain privacy calculation Result; comparing unit 1218, causing the client to generate the second hash value of the call request, and comparing the first hash value with the second hash value; result determining unit 1220, making all The client determines whether the off-chain privacy calculation result is reliable according to the comparison result.
  • the input data of the off-chain contract includes the historical state value of the contract state defined in the off-chain contract.
  • the device for invoking the contract may include: an obtaining unit 1302, which enables the blockchain node to obtain an encrypted invoking request, the invoking request including the off-chain contract The identification information and the information of the input data; the transmission unit 1304 enables the blockchain node to transmit the encrypted call request to the off-chain privacy computing node through the oracle mechanism, the identification information and the information of the input data After being decrypted by the off-chain private computing node in the off-chain trusted execution environment, the identification information is used to instruct the off-chain private computing node to obtain the bytecode of the off-chain contract and deploy it on the chain The virtual machine in the lower trusted execution environment executes the bytecode to perform off-chain privacy calculations on the input data; the receiving unit 1306 enables the blockchain node to receive the off-chain privacy computing node through the oracle The off-chain privacy calculation result fed back by the mechanism.
  • the acquiring unit 1302 is specifically configured to: enable the blockchain node to extract the call request from the transaction submitted by the client; or enable the blockchain node to create a call request based on the transaction submitted by the client.
  • the on-chain contract is executed in the trusted execution environment on the chain to generate a call request.
  • it further includes: a direct feedback unit 1308, which enables the blockchain node to directly feed back the calculation result to the client; or, an update unit 1310, which enables the blockchain node to perform the calculation according to the received calculation As a result, the blockchain ledger data is updated.
  • the transmission unit 1304 is specifically configured to: make the blockchain node directly transmit the encrypted call request to the off-chain private computing node through the oracle mechanism; or, the off-chain private computing node belongs to the off-chain private computing node In the case of a cluster, the blockchain node is made to transmit the encrypted call request to the control node of the off-chain privacy computing cluster through the oracle mechanism, so that the control node forwards the call request.
  • the call request is transmitted after being encrypted by the public key of the node asymmetric key pair, and the private key of the asymmetric key pair is maintained by the off-chain privacy computing node.
  • the private key of the node asymmetric key pair is only maintained by the off-chain privacy computing node, or the node is not The private key of the symmetric key pair is jointly maintained by all the off-chain privacy computing nodes in the off-chain privacy computing cluster.
  • the information of the input data is encrypted by the public key of the contract asymmetric key pair, and the contract asymmetric key is pre-defined by the off-chain private computing node in the off-chain trusted execution environment. Generate and correspond to the identity of the off-chain contract.
  • the receiving unit 1306 is specifically configured to: in the case that the call request also includes information about the identity public key of the specified object, make the blockchain node receive the off-chain privacy computing node using The ciphertext of the calculation result returned after the identity public key encrypts the execution result.
  • it further includes: an operation result receiving unit 1312 to enable the blockchain node to receive the first hash value obtained by the off-chain privacy computing node hashing the invocation request and the off-chain Privacy calculation result; the result feedback unit 1314 enables the blockchain node to feed back the first hash value and the off-chain privacy calculation result to the requesting party, and the first hash value is used to communicate with the request The second hash value of the call request generated by the party is compared, and the comparison result is used to determine whether the off-chain privacy calculation result is reliable.
  • the input data of the off-chain contract includes the historical state value of the contract state defined in the off-chain contract.
  • the device for invoking the contract may include: a receiving unit 1402 to enable the control node to receive an encrypted invoking request, the invoking request including the identification information of the off-chain contract and Information about the input parameter data; a forwarding unit 1404, which enables the control node to forward the invocation request to the off-chain privacy computing node selected from the off-chain privacy computing cluster; a feedback unit 1406, which causes the control node from The off-chain privacy calculation result received by the off-chain privacy computing node is fed back.
  • the receiving unit 1402 is specifically configured to: the control node receives the call request transmitted by the blockchain node through the oracle mechanism; or, the control node receives the off-chain call request directly sent by the client.
  • it further includes: a direct feedback unit 1408 to enable the control node to directly feed back the off-chain privacy calculation result to the client; or an oracle mechanism feedback unit 1410 to enable the control node to pass the oracle The mechanism provides feedback on the off-chain privacy calculation result.
  • the call request is transmitted after being encrypted by the public key of the node asymmetric key pair, and the private key of the asymmetric key pair is maintained by the off-chain privacy computing node.
  • the private key of the node asymmetric key pair is only maintained by the off-chain privacy computing node, and the forwarding unit 1404 is specifically configured to: set the target node of the encrypted call request as the chain In the case of a private computing node, the control node is made to forward the invocation request to the off-chain private computing node; in the case that the target node of the encrypted invocation request is not set, the The control node forwards the call request to all off-chain privacy computing nodes in the off-chain privacy computing cluster.
  • the private key of the node asymmetric key pair is jointly maintained by all off-chain privacy computing nodes in the off-chain privacy computing cluster, and the forwarding unit 1404 is specifically configured to: make the control node according to a load balancing algorithm Select the off-chain privacy computing node from the off-chain privacy computing cluster, and forward the call request to the off-chain privacy computing node.
  • it further includes: a result receiving unit 1412, which enables the control node to receive the first hash value obtained by the off-chain privacy computing node hashing the invocation request and the off-chain privacy calculation result
  • the result forwarding unit 1414 enables the control node to forward the first hash value and the off-chain privacy calculation result to the requester, and the first hash value is used for the call request generated with the requester
  • the second hash value of is compared, and the comparison result is used to determine whether the off-chain privacy calculation result is reliable.
  • the input data of the off-chain contract includes the historical state value of the contract state defined in the off-chain contract.
  • the invoking device of the smart contract may include: a receiving and decrypting unit 1502, so that the privacy computing node receives an encrypted invocation request, and in a trusted execution environment Decrypting to obtain the identification information of the smart contract and the information of the input parameter data included in the call request; the calling and computing unit 1504 enables the private computing node to call the bytecode of the smart contract deployed in advance according to the identification information, And execute the bytecode through the virtual machine deployed in the trusted execution environment to perform private calculation on the input parameter data; the encryption and feedback unit 1506 enables the private computing node to perform the private calculation in the trusted execution environment The privacy calculation results obtained are encrypted and fed back.
  • the receiving and decrypting unit 1502 is specifically configured to: enable the private computing node to directly receive an encrypted call request from the client; or, when the private computing node belongs to a private computing cluster, The privacy computing node receives the encrypted call request forwarded by the control node of the privacy computing cluster.
  • the call request is transmitted after being encrypted by the public key of the node asymmetric key pair, and the private key of the node asymmetric key pair is maintained by the privacy computing node.
  • the private computing node belongs to a private computing cluster, and the private key of the node asymmetric key pair is only maintained by the private computing node; the target node of the encrypted call request is set
  • the encrypted call request is received by the control node and forwarded to the private computing node; in the case where the target node of the encrypted call request is not set, The encrypted call request is received by the control node and forwarded to all private computing nodes in the private computing cluster.
  • the private computing node belongs to a private computing cluster, and the private key of the node asymmetric key pair is jointly maintained by all private computing nodes in the private computing cluster; the private computing node is controlled by the A node is selected from the privacy computing cluster according to a load balancing algorithm, and the encrypted call request is received by the control node and forwarded to the privacy computing node.
  • it further includes: a hash calculation unit 1508, where the privacy calculation node performs a hash calculation on the call request to obtain a first hash value; and a comparison unit 1510, where the privacy calculation node hashes the first hash value The value is fed back in association with the privacy calculation result, the first hash value is used to compare with the second hash value of the call request generated by the client, and the comparison result is used to determine whether the privacy calculation result is reliable.
  • a hash calculation unit 1508 where the privacy calculation node performs a hash calculation on the call request to obtain a first hash value
  • a comparison unit 1510 where the privacy calculation node hashes the first hash value The value is fed back in association with the privacy calculation result, the first hash value is used to compare with the second hash value of the call request generated by the client, and the comparison result is used to determine whether the privacy calculation result is reliable.
  • the input data of the smart contract includes the historical state value of the contract state defined in the smart contract.
  • the device for invoking the smart contract may include: generating a call request unit 1602 to enable the client to generate a call request, the call request including the identification information and input parameters of the smart contract Data information; the sending call request unit 1604 enables the client to send an encrypted call request to the private computing node, and the identification information and the information of the input parameter data are used by the private computing node in a trusted execution environment After the decryption is obtained, the identification information is used to instruct the privacy computing node to obtain the bytecode of the smart contract, and execute the bytecode through the virtual machine deployed in the trusted execution environment to check the input parameters. Data is calculated for privacy.
  • the sending call request unit 1604 is specifically configured to: enable the client to directly send an encrypted call request to the private computing node; or, when the private computing node belongs to a private computing cluster, enable the client to The terminal sends the encrypted call request to the control node of the privacy computing cluster, so that the control node forwards the call request.
  • the call request is transmitted after being encrypted by the public key of the node asymmetric key pair, and the private key of the node asymmetric key pair is maintained by the privacy computing node.
  • the private key of the node asymmetric key pair is only maintained by the private computing node, or the private key of the node asymmetric key pair The key is jointly maintained by all private computing nodes in the private computing cluster.
  • it further includes: an operation result receiving unit 1606, so that the client receives the first hash value obtained by the privacy computing node performing the hash operation on the invocation request and the privacy calculation result; a comparison unit 1608.
  • the client generates a second hash value of the call request, and compares the first hash value with the second hash value; the result determining unit 1610, the client according to the comparison result Determine whether the privacy calculation result is reliable.
  • the input data of the smart contract includes the historical state value of the contract state defined in the smart contract.
  • the invoking device of the smart contract may include: a receiving invocation request unit 1702, which enables the control node to receive an encrypted invoking request directly sent by the client, the invoking request Contains the identification information of the smart contract and the information of the input parameter data; a forwarding call request unit 1704 to enable the control node to forward the call request to the privacy computing node selected from the privacy computing cluster; feedback the privacy calculation result unit 1706 , Enabling the control node to feed back the privacy calculation result received from the privacy calculation node.
  • a receiving invocation request unit 1702 which enables the control node to receive an encrypted invoking request directly sent by the client, the invoking request Contains the identification information of the smart contract and the information of the input parameter data
  • a forwarding call request unit 1704 to enable the control node to forward the call request to the privacy computing node selected from the privacy computing cluster
  • feedback the privacy calculation result unit 1706 Enabling the control node to feed back the privacy calculation result received from the privacy calculation node.
  • the call request is transmitted after being encrypted by the public key of the node asymmetric key pair, and the private key of the asymmetric key pair is maintained by the privacy computing node.
  • the private key of the node asymmetric key pair is only maintained by the privacy computing node, and the forwarding call request unit 1704 is specifically configured to: set the private key of the encrypted call request to the target node In the case of a computing node, the control node forwards the call request to the privacy computing node; in the case that the target node of the encrypted call request is not set, the control node transfers the call The request is forwarded to all private computing nodes in the private computing cluster.
  • the private key of the node asymmetric key pair is jointly maintained by all privacy computing nodes in the privacy computing cluster, and the forwarding call request unit 1704 is specifically configured to: the control node obtains data from the The private computing node is selected from the private computing cluster, and the call request is forwarded to the private computing node.
  • it further includes: a receiving unit 1708 to enable the control node to receive the first hash value obtained by the privacy computing node performing a hash operation on the invocation request and the privacy calculation result; a result forwarding unit 1710 , Enabling the control node to forward the first hash value and the privacy calculation result to the requesting party, and the first hash value is used to communicate with the second hash value of the call request generated by the client Comparison, the comparison result is used to determine whether the privacy calculation result is reliable.
  • the input data of the smart contract includes the historical state value of the contract state defined in the smart contract.
  • a typical implementation device is a computer.
  • the specific form of the computer can be a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email receiving and sending device, and a game control A console, a tablet computer, a wearable device, or a combination of any of these devices.
  • the computer includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.
  • processors CPU
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • the memory may include non-permanent memory in a computer readable medium, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer readable media.
  • RAM random access memory
  • ROM read-only memory
  • flash RAM flash memory
  • Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology.
  • the information can be computer-readable instructions, data structures, program modules, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, disk storage, quantum memory, graphene-based storage media or other magnetic storage devices, or any other non-transmission media, can be used to store information that can be accessed by computing devices.
  • computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
  • first, second, third, etc. may be used to describe various information in one or more embodiments of this specification, the information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other.
  • first information may also be referred to as second information, and similarly, the second information may also be referred to as first information.
  • word “if” as used herein can be interpreted as "when” or “when” or "in response to determination”.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A method and device for calling a contract. The method comprises: an off-chain privacy calculation node receives an encrypted calling request, and decrypts the encrypted calling request in an off-chain trusted execution environment to obtain identification information of an off-chain contract and information of incoming parameter data contained in the calling request (102); the off-chain privacy calculation node calls a pre-deployed byte code of the off-chain contract according to the identification information, and executes the byte code by means of a virtual machine deployed in the off-chain trusted execution environment so as to perform off-chain privacy calculation on the incoming parameter data (104); and the off-chain privacy calculation node encrypts an obtained off-chain privacy calculation result in the off-chain trusted execution environment and feeds back the encrypted off-chain privacy calculation result (106). By means of the method, privacy protection can be implemented in a contract calling process.

Description

调用合约的方法及装置Method and device for calling contract 技术领域Technical field
本说明书一个或多个实施例涉及可验证计算技术领域,尤其涉及一种调用合约的方法及装置。One or more embodiments of this specification relate to the field of verifiable computing technology, and in particular, to a method and device for invoking a contract.
背景技术Background technique
针对各种场景下的隐私需求,一种方式是通过同态加密(Homomorphic encryption)和零知识证明(Zero-knowledge proof)等加密技术实现隐私保护,但也随之带来了严重的性能损失。可信执行环境(Trusted Execution Environment,TEE)是另一种解决方式。TEE可以起到硬件中的黑箱作用,在TEE中执行的代码和数据操作系统层都无法偷窥,只有代码中预先定义的接口才能对其进行操作。在效率方面,由于TEE的黑箱性质,在TEE中进行运算的是明文数据,而不是同态加密中的复杂密码学运算,计算过程效率没有损失。For privacy requirements in various scenarios, one way is to implement privacy protection through encryption technologies such as homomorphic encryption and zero-knowledge proof, but it also brings serious performance losses. Trusted Execution Environment (TEE) is another solution. TEE can play the role of a black box in the hardware. Neither the code executed in the TEE nor the data operating system layer can be peeped, and only the pre-defined interface in the code can operate on it. In terms of efficiency, due to the black-box nature of TEE, plaintext data is calculated in TEE instead of complex cryptographic operations in homomorphic encryption, and there is no loss in the efficiency of the calculation process.
发明内容Summary of the invention
有鉴于此,本说明书一个或多个实施例提供一种调用合约的方法及装置,能够在链下环境内安全实现调用合约的操作。In view of this, one or more embodiments of this specification provide a method and device for invoking a contract, which can safely implement the operation of invoking a contract in an off-chain environment.
根据本说明书一个或多个实施例的第一方面,提出了一种调用合约的方法,包括:链下隐私计算节点接收到经过加密的调用请求,并在链下可信执行环境中解密得到所述调用请求包含的链下合约的标识信息和入参数据的信息;所述链下隐私计算节点根据所述标识信息调用预先部署的所述链下合约的字节码,并通过部署于所述链下可信执行环境中的虚拟机执行所述字节码以对所述入参数据进行链下隐私计算;所述链下隐私计算节点在链下可信执行环境中对得到的链下隐私计算结果进行加密并反馈。According to the first aspect of one or more embodiments of this specification, a method for invoking a contract is proposed, which includes: an off-chain private computing node receives an encrypted invocation request, and decrypts the result in an off-chain trusted execution environment. The call request includes the identification information of the off-chain contract and the information of the input data; the off-chain privacy computing node calls the pre-deployed bytecode of the off-chain contract according to the identification information, and deploys it in the The virtual machine in the off-chain trusted execution environment executes the bytecode to perform off-chain privacy calculations on the input parameter data; the off-chain private computing node performs off-chain privacy calculations in the off-chain trusted execution environment The calculation result is encrypted and fed back.
根据本说明书一个或多个实施例的第二方面,提出了一种调用合约的方法,包括:客户端生成调用请求,所述调用请求包含链下合约的标识信息和入参数据的信息;所述客户端向链下隐私计算节点发送经过加密的调用请求,所述标识信息和所述入参数据的信息被所述链下隐私计算节点在链下可信执行环境中解密得到后,所述标识信息用于指示所述链下隐私计算节点获取链下合约的字节码,并通过部署于所述链下可信执行环境中的虚拟机执行所述字节码以对所述入参数据进行链下隐私计算。According to the second aspect of one or more embodiments of this specification, a method for invoking a contract is proposed, including: the client generates a call request, the call request includes the identification information of the off-chain contract and the information of the input data; The client sends an encrypted call request to the off-chain private computing node, and after the identification information and the information of the input data are decrypted by the off-chain private computing node in the off-chain trusted execution environment, the The identification information is used to instruct the off-chain private computing node to obtain the bytecode of the off-chain contract, and execute the bytecode through the virtual machine deployed in the trusted execution environment of the off-chain to compare the input data Perform off-chain privacy calculations.
根据本说明书一个或多个实施例的第三方面,提出了一种调用合约的方法,包括:区块链节点获取经过加密的调用请求,所述调用请求包含链下合约的标识信息和入参数据的信息;所述区块链节点通过预言机机制将经过加密的调用请求传输至链下隐私计算节点,所述标识信息和所述入参数据的信息被所述链下隐私计算节点在链下可信执行环境中解密得到后,所述标识信息用于指示所述链下隐私计算节点获取链下合约的字节码,并通过部署于所述链下可信执行环境中的虚拟机执行所述字节码以对所述入参数据进行链下隐私计算。According to the third aspect of one or more embodiments of this specification, a method for invoking a contract is proposed, which includes: a blockchain node obtains an encrypted invocation request, the invocation request includes the identification information and input parameters of the off-chain contract Data information; the blockchain node transmits the encrypted call request to the off-chain private computing node through the oracle mechanism, and the identification information and the information of the incoming parameter data are used by the off-chain private computing node in the chain After being decrypted in the trusted execution environment, the identification information is used to instruct the off-chain private computing node to obtain the bytecode of the off-chain contract, and execute it through the virtual machine deployed in the off-chain trusted execution environment The bytecode is used to perform off-chain privacy calculations on the input parameter data.
所述区块链节点接收所述链下隐私计算节点通过预言机机制反馈的链下隐私计算结果。The blockchain node receives the off-chain privacy calculation result fed back by the off-chain privacy computing node through the oracle mechanism.
根据本说明书一个或多个实施例的第四方面,提出了一种调用合约的方法,包括:控制节点接收到经过加密的调用请求,所述调用请求包含链下合约的标识信息和入参数据的信息;所述控制节点将所述调用请求转发至从链下隐私计算集群中选取的所述链下隐私计算节点;所述控制节点将从所述链下隐私计算节点接收到的链下隐私计算结果进行反馈。According to the fourth aspect of one or more embodiments of this specification, a method for invoking a contract is proposed, which includes: the control node receives an encrypted invocation request, the invocation request includes the identification information and input data of the off-chain contract The information; the control node forwards the call request to the off-chain privacy computing node selected from the off-chain privacy computing cluster; the control node will receive the off-chain privacy from the off-chain privacy computing node Feedback of calculation results.
根据本说明书一个或多个实施例的第五方面,提出了一种调用合约的方法,包括:隐私计算节点接收到经过加密的调用请求,并在可信执行环境中解密得到所述调用请求包含的智能合约的标识信息和入参数据的信息;所述隐私计算节点根据所述标识信息调用预先部署的所述智能合约的字节码,并通过部署于所述可信执行环境中的虚拟机执行所述字节码以对所述入参数据进行隐私计算;所述隐私计算节点在可信执行环境中对得 到的隐私计算结果进行加密并反馈。According to the fifth aspect of one or more embodiments of this specification, a method for invoking a contract is proposed, which includes: a privacy computing node receives an encrypted invocation request, and decrypts in a trusted execution environment to obtain that the invocation request contains The identification information of the smart contract and the information of the input data; the privacy computing node calls the pre-deployed bytecode of the smart contract according to the identification information, and uses the virtual machine deployed in the trusted execution environment The bytecode is executed to perform private calculations on the input data; the private computing node encrypts and feeds back the obtained private calculation results in a trusted execution environment.
根据本说明书一个或多个实施例的第六方面,提出了一种调用合约的方法,包括:客户端生成调用请求,所述调用请求包含智能合约的标识信息和入参数据的信息;所述客户端向隐私计算节点发送经过加密的调用请求,所述标识信息和所述入参数据的信息被所述隐私计算节点在可信执行环境中解密得到后,所述标识信息用于指示所述隐私计算节点获取智能合约的字节码,并通过部署于所述可信执行环境中的虚拟机执行所述字节码以对所述入参数据进行隐私计算。According to the sixth aspect of one or more embodiments of this specification, a method for invoking a contract is proposed, which includes: the client generates a call request, the call request includes the identification information of the smart contract and the information of the input data; The client sends an encrypted call request to the private computing node. After the identification information and the information of the input data are decrypted by the private computing node in a trusted execution environment, the identification information is used to indicate the The privacy computing node obtains the bytecode of the smart contract, and executes the bytecode through a virtual machine deployed in the trusted execution environment to perform a privacy calculation on the input parameter data.
根据本说明书一个或多个实施例的第七方面,提出了一种调用合约的方法,包括:控制节点接收到客户端直接发送的经过加密的调用请求,所述调用请求包含智能合约的标识信息和入参数据的信息;所述控制节点将所述调用请求转发至从隐私计算集群中选取的所述隐私计算节点;所述控制节点将从所述隐私计算节点接收到的隐私计算结果进行反馈。According to the seventh aspect of one or more embodiments of this specification, a method for invoking a contract is proposed, which includes: the control node receives an encrypted invocation request directly sent by the client, the invocation request includes the identification information of the smart contract And the information of the input parameter data; the control node forwards the call request to the private computing node selected from the private computing cluster; the control node feeds back the private computing result received from the private computing node .
根据本说明书一个或多个实施例的第八方面,提出了一种调用合约的装置,包括:接收与解密单元,使链下隐私计算节点接收到经过加密的调用请求,并在链下可信执行环境中解密得到所述调用请求包含的链下合约的标识信息和入参数据的信息;调用与执行单元,使所述链下隐私计算节点根据所述标识信息调用预先部署的所述链下合约的字节码,并通过部署于所述链下可信执行环境中的虚拟机执行所述字节码以对所述入参数据进行链下隐私计算;反馈单元,使所述链下隐私计算节点在链下可信执行环境中对得到的链下隐私计算结果进行加密并反馈。According to the eighth aspect of one or more embodiments of this specification, a device for invoking a contract is proposed, including: a receiving and decrypting unit, so that the off-chain privacy computing node receives the encrypted invocation request and trusts it off-chain The execution environment is decrypted to obtain the identification information of the off-chain contract and the information of the incoming parameter data contained in the invocation request; the invocation and execution unit enables the off-chain private computing node to invoke the pre-deployed off-chain according to the identification information The bytecode of the contract, and the bytecode is executed by the virtual machine deployed in the trusted execution environment of the chain to perform the off-chain privacy calculation of the input parameter data; the feedback unit makes the off-chain privacy The computing node encrypts and feeds back the obtained off-chain privacy calculation results in the off-chain trusted execution environment.
根据本说明书一个或多个实施例的第九方面,提出了一种调用合约的装置,包括:生成单元,使客户端生成调用请求,所述调用请求包含链下合约的标识信息和入参数据的信息;发送单元,使所述客户端向链下隐私计算节点发送经过加密的调用请求,所述标识信息和所述入参数据的信息被所述链下隐私计算节点在链下可信执行环境中解密得到后,所述标识信息用于指示所述链下隐私计算节点获取链下合约的字节码,并通过部署于所述链下可信执行环境中的虚拟机执行所述字节码以对所述入参数据进行链下隐私计算。According to the ninth aspect of one or more embodiments of this specification, a device for invoking a contract is proposed, which includes: a generating unit that enables the client to generate a call request, the call request including the identification information and input data of the off-chain contract的信息; Sending unit to enable the client to send an encrypted call request to the off-chain private computing node, the identification information and the information of the incoming parameter data are trusted by the off-chain private computing node to execute off-chain After decryption in the environment, the identification information is used to instruct the off-chain private computing node to obtain the bytecode of the off-chain contract, and execute the byte code through the virtual machine deployed in the off-chain trusted execution environment Code to perform off-chain privacy calculations on the incoming parameter data.
根据本说明书一个或多个实施例的第十方面,提出了一种调用合约的装置,包括:获取单元,使区块链节点获取经过加密的调用请求,所述调用请求包含链下合约的标识信息和入参数据的信息;传输单元,使所述区块链节点通过预言机机制将经过加密的调用请求传输至链下隐私计算节点,所述标识信息和所述入参数据的信息被所述链下隐私计算节点在链下可信执行环境中解密得到后,所述标识信息用于指示所述链下隐私计算节点获取链下合约的字节码,并通过部署于所述链下可信执行环境中的虚拟机执行所述字节码以对所述入参数据进行链下隐私计算。According to the tenth aspect of one or more embodiments of this specification, a device for invoking a contract is proposed, which includes: an obtaining unit that enables a blockchain node to obtain an encrypted invoking request, the invoking request including the identifier of the off-chain contract The transmission unit enables the blockchain node to transmit the encrypted call request to the off-chain privacy computing node through the oracle mechanism, and the identification information and the information of the input data are transferred After the off-chain private computing node is decrypted in the off-chain trusted execution environment, the identification information is used to instruct the off-chain private computing node to obtain the bytecode of the off-chain contract, and it can be deployed in the off-chain. The virtual machine in the trusted execution environment executes the bytecode to perform off-chain privacy calculations on the incoming parameter data.
接收单元,使所述区块链节点接收所述链下隐私计算节点通过预言机机制反馈的链下隐私计算结果。The receiving unit enables the blockchain node to receive the off-chain privacy calculation result fed back by the off-chain privacy computing node through the oracle mechanism.
根据本说明书一个或多个实施例的第十一方面,提出了一种调用合约的装置,包括:接收单元,使控制节点接收到经过加密的调用请求,所述调用请求包含链下合约的标识信息和入参数据的信息;转发单元,使所述控制节点将所述调用请求转发至从链下隐私计算集群中选取的所述链下隐私计算节点;反馈单元,使所述控制节点将从所述链下隐私计算节点接收到的链下隐私计算结果进行反馈。According to the eleventh aspect of one or more embodiments of this specification, a device for invoking a contract is proposed, which includes: a receiving unit to enable a control node to receive an encrypted invoking request, the invoking request including an identification of the off-chain contract Information and input parameter data; a forwarding unit that enables the control node to forward the call request to the off-chain privacy computing node selected from the off-chain privacy computing cluster; a feedback unit that causes the control node to The off-chain privacy calculation result received by the off-chain privacy computing node is fed back.
根据本说明书一个或多个实施例的第十二方面,提出了一种调用合约的装置,包括:接收与解密单元,使隐私计算节点接收到经过加密的调用请求,并在可信执行环境中解密得到所述调用请求包含的智能合约的标识信息和入参数据的信息;调用与计算单元,使所述隐私计算节点根据所述标识信息调用预先部署的所述智能合约的字节码,并通过部署于所述可信执行环境中的虚拟机执行所述字节码以对所述入参数据进行隐私计算;加密与反馈单元,使所述隐私计算节点在可信执行环境中对得到的隐私计算结果 进行加密并反馈。According to the twelfth aspect of one or more embodiments of this specification, a device for invoking a contract is proposed, including: a receiving and decrypting unit, so that a private computing node receives an encrypted invoking request, and in a trusted execution environment Decrypt to obtain the identification information of the smart contract and the information of the input parameter data contained in the call request; the call and calculation unit enables the privacy computing node to call the bytecode of the smart contract deployed in advance according to the identification information, and The bytecode is executed by the virtual machine deployed in the trusted execution environment to perform private calculation of the input parameter data; the encryption and feedback unit enables the private computing node to perform verification on the obtained data in the trusted execution environment The privacy calculation results are encrypted and fed back.
根据本说明书一个或多个实施例的第十三方面,提出了一种调用合约的装置,包括:生成调用请求单元,使客户端生成调用请求,所述调用请求包含智能合约的标识信息和入参数据的信息;发送调用请求单元,使所述客户端向隐私计算节点发送经过加密的调用请求,所述标识信息和所述入参数据的信息被所述隐私计算节点在可信执行环境中解密得到后,所述标识信息用于指示所述隐私计算节点获取智能合约的字节码,并通过部署于所述可信执行环境中的虚拟机执行所述字节码以对所述入参数据进行隐私计算。According to the thirteenth aspect of one or more embodiments of this specification, a device for invoking a contract is proposed, including: generating a calling request unit to enable the client to generate a calling request, the calling request including the identification information of the smart contract and the input Parameter data information; sending a call request unit to enable the client to send an encrypted call request to a private computing node, and the identification information and the information of the input parameter data are used by the private computing node in a trusted execution environment After the decryption is obtained, the identification information is used to instruct the privacy computing node to obtain the bytecode of the smart contract, and execute the bytecode through the virtual machine deployed in the trusted execution environment to check the input parameters. Data is calculated for privacy.
根据本说明书一个或多个实施例的第十四方面,提出了一种调用合约的装置,包括:接收调用请求单元,使控制节点接收到客户端直接发送的经过加密的调用请求,所述调用请求包含智能合约的标识信息和入参数据的信息;转发调用请求单元,使所述控制节点将所述调用请求转发至从隐私计算集群中选取的所述隐私计算节点;反馈隐私计算结果单元,使所述控制节点将从所述隐私计算节点接收到的隐私计算结果进行反馈。According to the fourteenth aspect of one or more embodiments of this specification, a device for invoking a contract is proposed, including: a receiving invocation request unit, so that the control node receives an encrypted invoking request directly sent by the client, the invocation The request contains the identification information of the smart contract and the information of the input parameter data; the forwarding call request unit, so that the control node forwards the call request to the privacy computing node selected from the privacy computing cluster; the feedback privacy calculation result unit, Enabling the control node to feed back the privacy calculation result received from the privacy calculation node.
根据本说明书一个或多个实施例的第十五方面,提出了一种电子设备,包括:处理器;用于存储处理器可执行指令的存储器;其中,所述处理器通过运行所述可执行指令以实现如第一方面、第二方面、第三方面、第四方面、第五方面、第六方面或第七方面所述的方法。According to a fifteenth aspect of one or more embodiments of this specification, an electronic device is proposed, including: a processor; a memory for storing executable instructions of the processor; wherein the processor runs the executable Instructions to implement the method described in the first aspect, the second aspect, the third aspect, the fourth aspect, the fifth aspect, the sixth aspect, or the seventh aspect.
根据本说明书一个或多个实施例的第十六方面,提出了一种计算机可读存储介质,其上存储有计算机指令,该指令被处理器执行时实现如第一方面、第二方面、第三方面、第四方面、第五方面、第六方面或第七方面所述方法的步骤。According to the sixteenth aspect of one or more embodiments of the present specification, a computer-readable storage medium is provided, which stores computer instructions, and when the instructions are executed by a processor, the first aspect, the second aspect, and the first aspect are implemented. The steps of the method described in the third aspect, the fourth aspect, the fifth aspect, the sixth aspect, or the seventh aspect.
综上所述,本说明书通过在链下隐私计算节点上实现链下可信执行环境,使得链下隐私计算节点可以提供安全可靠的运行环境,并且该链下可信执行环境的可靠性可以通过远程证明予以验证,从而能够安全可靠地调用部署于该链下隐私计算节点内的合约,确保链下隐私计算节点安全并且忠实地完成链下隐私计算。In summary, this manual implements an off-chain trusted execution environment on off-chain private computing nodes, so that off-chain private computing nodes can provide a safe and reliable operating environment, and the reliability of the off-chain trusted execution environment can be verified by The remote proof is verified, so that the contract deployed in the off-chain private computing node can be invoked safely and reliably, and the off-chain private computing node can ensure that the off-chain privacy computing is completed safely and faithfully.
附图说明Description of the drawings
图1是本说明书一示例性实施例提供的一种链下隐私计算节点侧的调用合约的方法的流程图。Fig. 1 is a flowchart of a method for invoking a contract on the side of an off-chain privacy computing node provided by an exemplary embodiment of this specification.
图2是本说明书一示例性实施例提供的一种调用合约的场景示意图。Fig. 2 is a schematic diagram of a scenario for invoking a contract provided by an exemplary embodiment of this specification.
图3是本说明书一示例性实施例提供的另一种调用合约的场景示意图。Fig. 3 is a schematic diagram of another scenario for invoking a contract provided by an exemplary embodiment of the present specification.
图4是本说明书一示例性实施例提供的一种客户端侧的调用合约的方法的流程图。Fig. 4 is a flowchart of a method for invoking a contract on the client side according to an exemplary embodiment of this specification.
图5是本说明书一示例性实施例提供的一种区块链节点侧的调用合约的方法的流程图。Fig. 5 is a flowchart of a method for invoking a contract on the side of a blockchain node provided by an exemplary embodiment of the present specification.
图6是本说明书一示例性实施例提供的一种控制节点侧的调用合约的方法的流程图。Fig. 6 is a flowchart of a method for invoking a contract on the control node side provided by an exemplary embodiment of the present specification.
图7是本说明书一示例性实施例提供的另一种隐私节点侧的调用合约的方法的流程图。Fig. 7 is a flowchart of another method for invoking a contract on the privacy node side provided by an exemplary embodiment of the present specification.
图8是本说明书一示例性实施例提供的另一种客户端侧的调用合约的方法的流程图。Fig. 8 is a flowchart of another method for invoking a contract on the client side according to an exemplary embodiment of the present specification.
图9是本说明书一示例性实施例提供的另一种控制节点侧的调用合约的方法的流程图。Fig. 9 is a flowchart of another method for invoking a contract on the control node side provided by an exemplary embodiment of the present specification.
图10是一示例性实施例提供的一种设备的结构示意图。Fig. 10 is a schematic structural diagram of a device provided by an exemplary embodiment.
图11是一示例性实施例提供的一种链下隐私计算节点侧的调用合约的装置的框图。Fig. 11 is a block diagram of a device for invoking a contract on the side of an off-chain privacy computing node provided by an exemplary embodiment.
图12是一示例性实施例提供的一种客户端侧的调用合约的装置的框图。Fig. 12 is a block diagram of a device for invoking a contract on the client side according to an exemplary embodiment.
图13是一示例性实施例提供的一种区块链节点侧的调用合约的装置的框图。Fig. 13 is a block diagram of an apparatus for invoking a contract on the side of a blockchain node provided by an exemplary embodiment.
图14是一示例性实施例提供的一种控制节点侧的调用合约的装置的框图。Fig. 14 is a block diagram of a device for invoking a contract on the control node side provided by an exemplary embodiment.
图15是一示例性实施例提供的另一种隐私计算节点侧的调用合约的装置的框图。Fig. 15 is a block diagram of another device for invoking a contract on the side of a privacy computing node provided by an exemplary embodiment.
图16是一示例性实施例提供的另一种客户端侧的调用合约的装置的框图。Fig. 16 is a block diagram of another device for invoking a contract on the client side according to an exemplary embodiment.
图17是一示例性实施例提供的另一种控制节点侧的调用合约的装置的框图。Fig. 17 is a block diagram of another device for invoking a contract on the control node side provided by an exemplary embodiment.
具体实施方式Detailed ways
这里将详细地对示例性实施例进行说明,其示例表示在附图中。下面的描述涉及附图时,除非另有表示,不同附图中的相同数字表示相同或相似的要素。以下示例性实施例中所描述的实施方式并不代表与本说明书一个或多个实施例相一致的所有实施方式。相反,它们仅是与如所附权利要求书中所详述的、本说明书一个或多个实施例的一些方面相一致的装置和方法的例子。The exemplary embodiments will be described in detail here, and examples thereof are shown in the accompanying drawings. When the following description refers to the accompanying drawings, unless otherwise indicated, the same numbers in different drawings represent the same or similar elements. The implementation manners described in the following exemplary embodiments do not represent all implementation manners consistent with one or more embodiments of this specification. Rather, they are merely examples of devices and methods consistent with some aspects of one or more embodiments of this specification as detailed in the appended claims.
需要说明的是:在其他实施例中并不一定按照本说明书示出和描述的顺序来执行相应方法的步骤。在一些其他实施例中,其方法所包括的步骤可以比本说明书所描述的更多或更少。此外,本说明书中所描述的单个步骤,在其他实施例中可能被分解为多个步骤进行描述;而本说明书中所描述的多个步骤,在其他实施例中也可能被合并为单个步骤进行描述。It should be noted that in other embodiments, the steps of the corresponding method may not be executed in the order shown and described in this specification. In some other embodiments, the method may include more or fewer steps than described in this specification. In addition, a single step described in this specification may be decomposed into multiple steps for description in other embodiments; and multiple steps described in this specification may also be combined into a single step in other embodiments. describe.
区块链一般被划分为三种类型:公有链(Public Blockchain)、私有链(Private Blockchain)和联盟链(Consortium Blockchain)。此外,还有多种类型的结合,比如私有链+联盟链、联盟链+公有链等不同组合形式。其中去中心化程度最高的是公有链。公有链以比特币、以太坊为代表,加入公有链的参与者可以读取链上的数据记录、参与交易以及竞争新区块的记账权等,且各参与者(即节点)可自由加入以及退出网络。私有链则相反,该网络的数据写入权限由某个组织或者机构控制,数据读取权限受组织规定;简单来说,私有链可以为一个弱中心化系统,参与节点具有严格限制且少,因而私有链更适合于特定机构内部使用。联盟链则是介于公有链以及私有链之间的区块链,可实现“部分去中心化”。联盟链中各个节点通常有与之相对应的实体机构或者组织,参与者通过授权加入网络并组成利益相关联盟,共同维护区块链运行。Block chains are generally divided into three types: Public Blockchain, Private Blockchain and Consortium Blockchain. In addition, there are many types of combinations, such as private chain + alliance chain, alliance chain + public chain and other different combinations. Among them, the most decentralized one is the public chain. The public chain is represented by Bitcoin and Ethereum. Participants who join the public chain can read the data records on the chain, participate in transactions, and compete for the accounting rights of new blocks, etc., and each participant (ie, node) can freely join and Exit the network. The private chain is the opposite. The network's data write permission is controlled by an organization or institution, and the data read permission is regulated by the organization; in simple terms, the private chain can be a weakly centralized system with strict restrictions and few participating nodes. Therefore, the private chain is more suitable for internal use by specific institutions. Consortium chain is a block chain between public chain and private chain, which can realize "partial decentralization". Each node in the alliance chain usually has a corresponding entity or organization, and participants are authorized to join the network and form a stakeholder alliance to jointly maintain the operation of the blockchain.
在区块链网络中,通过向区块链节点提交相应的区块链交易(简称交易),并由区块链节点执行区块链交易,以实现相应的操作目的。对于上述任何类型的区块链而言,区块链节点均可以通过创建TEE,并将TEE实现为区块链交易的安全执行环境。TEE是基于CPU硬件的安全扩展,且与外部完全隔离的可信执行环境。TEE最早是由Global Platform提出的概念,用于解决移动设备上资源的安全隔离,平行于操作系统为应用程序提供可信安全的执行环境。目前工业界十分关注TEE的方案,几乎所有主流的芯片和软件联盟都有自己的TEE解决方案,比如软件方面的TPM(Trusted Platform Module,可信赖平台模块)以及硬件方面的Intel SGX(Software Guard Extensions,软件保护扩展)、ARM Trustzone(信任区)和AMD PSP(Platform Security Processor,平台安全处理器)等。In the blockchain network, by submitting the corresponding blockchain transaction (transaction for short) to the blockchain node, and the blockchain node executes the blockchain transaction to achieve the corresponding operation purpose. For any of the above types of blockchains, blockchain nodes can create a TEE and realize the TEE as a secure execution environment for blockchain transactions. TEE is a secure extension based on CPU hardware and a trusted execution environment that is completely isolated from the outside. TEE was first proposed by Global Platform to solve the security isolation of resources on mobile devices, and parallel to the operating system to provide a trusted and secure execution environment for applications. At present, the industry is very concerned about TEE solutions. Almost all mainstream chip and software alliances have their own TEE solutions, such as TPM (Trusted Platform Module) in software and Intel SGX (Software Guard Extensions) in hardware. , Software Protection Extension), ARM Trustzone (trust zone) and AMD PSP (Platform Security Processor, platform security processor), etc.
以Intel SGX(以下简称SGX)技术为例。区块链节点可以基于SGX技术创建enclave(围圈或飞地),以作为用于执行区块链交易的TEE。其中,区块链节点利用CPU中新增的处理器指令,在内存中可以分配一部分区域EPC(Enclave Page Cache,围圈页面缓存或飞地页面缓存),以用于驻留上述的enclave。上述EPC对应的内存区域被CPU内部的内存加密引擎MEE(Memory Encryption Engine)加密,该内存区域中的内容(enclave中的代码和数据)只有在CPU内核中才能够被解密,且用于加解密的密钥只有在EPC启动时生成并存储在CPU中。可见,enclave的安全边界只包含其自身和CPU,无论是特权或非特权软件都无法访问enclave,即便是操作系统管理员和VMM(virtual machine monitor,虚拟机监视器;或称为,Hypervisor)也无法影响enclave中的代码和数据,因而具有极高的安全性,并且在上述安全性保障的前提下,CPU能够在enclave中对明文形式的区块链交易进行处理,具有极高的运算效率,从而兼顾了数据安全性和计算效率。Take Intel SGX (hereinafter referred to as SGX) technology as an example. Blockchain nodes can create enclaves (enclaves or enclaves) based on SGX technology to serve as TEEs for executing blockchain transactions. Among them, the blockchain node uses the newly added processor instructions in the CPU to allocate a part of the area EPC (Enclave Page Cache, enclave page cache or enclave page cache) in the memory to reside in the above-mentioned enclave. The memory area corresponding to the above EPC is encrypted by the memory encryption engine MEE (Memory Encryption Engine) inside the CPU. The content in the memory area (code and data in the enclave) can only be decrypted in the CPU core and used for encryption and decryption. The key is only generated and stored in the CPU when the EPC is started. It can be seen that the security boundary of the enclave only includes itself and the CPU, and neither privileged or non-privileged software can access the enclave, even the operating system administrator and VMM (virtual machine monitor, or Hypervisor). Can not affect the code and data in the enclave, so it has extremely high security, and under the premise of the above-mentioned security guarantee, the CPU can process the block chain transaction in the form of plain text in the enclave, and has extremely high computational efficiency. Thus, both data security and computing efficiency are taken into consideration.
基于区块链网络的去中心化架构,使得区块链上的每笔区块链交易都需要在区块 链网络内的所有区块链节点上执行,以确保每个区块链节点所维护的区块链账本数据一致。如果交易逻辑较为简单,比如以比特币为例,区块链交易仅用于实现转账操作,此时即便区块链交易需要在所有区块链节点都执行,也不会导致过多的资源消耗。但是,如果区块链提供了智能合约的功能,而区块链交易调用了智能合约,那么情况可能大不相同。区块链上的智能合约是在区块链系统上可以被交易触发执行的合约,智能合约可以通过代码的形式定义。Based on the decentralized architecture of the blockchain network, every blockchain transaction on the blockchain needs to be executed on all blockchain nodes in the blockchain network to ensure that each blockchain node is maintained The blockchain ledger data is consistent. If the transaction logic is relatively simple, such as Bitcoin as an example, the blockchain transaction is only used to realize the transfer operation. At this time, even if the blockchain transaction needs to be executed on all blockchain nodes, it will not cause excessive resource consumption. . However, if the blockchain provides the function of a smart contract, and the blockchain transaction calls the smart contract, then the situation may be quite different. A smart contract on the blockchain is a contract that can be triggered by a transaction to execute on the blockchain system, and the smart contract can be defined in the form of code.
以以太坊为例,支持用户在以太坊网络中创建并调用一些复杂的逻辑,这是以太坊区别于比特币区块链技术的最大挑战。以太坊作为一个可编程区块链的核心是以太坊虚拟机(EVM),每个以太坊节点都可以运行EVM。EVM是一个图灵完备的虚拟机,这意味着可以通过它实现各种复杂的逻辑。用户在以太坊中发布和调用智能合约就是在EVM上运行的。实际上,虚拟机直接运行的是虚拟机代码(虚拟机字节码,下简称“字节码”)。智能合约分为部署和调用两个阶段。Taking Ethereum as an example, it supports users to create and call some complex logic in the Ethereum network. This is the biggest challenge that distinguishes Ethereum from Bitcoin blockchain technology. The core of Ethereum as a programmable blockchain is the Ethereum Virtual Machine (EVM), and every Ethereum node can run EVM. EVM is a Turing complete virtual machine, which means that various complex logic can be implemented through it. Users who publish and call smart contracts in Ethereum run on the EVM. In fact, what the virtual machine directly runs is virtual machine code (virtual machine bytecode, hereinafter referred to as "bytecode"). The smart contract is divided into two stages: deployment and invocation.
在部署阶段,用户将一个包含创建智能合约信息的交易发送至以太坊网络,该交易的data字段包含智能合约的代码(如字节码),该交易的to字段为空。以太坊网络中的各个节点分别通过EVM执行这个交易,并生成对应的合约实例。在节点间通过共识机制达成一致后,上述交易对应的智能合约创建成功,区块链上出现一个与该智能合约对应的合约账户,该合约账户拥有一个特定的合约地址,合约代码(即智能合约的代码)或合约代码的哈希值保存在该合约账户中,该合约代码用于控制相应的智能合约的行为。In the deployment phase, the user sends a transaction containing information about creating a smart contract to the Ethereum network. The data field of the transaction contains the code (such as bytecode) of the smart contract, and the to field of the transaction is empty. Each node in the Ethereum network executes this transaction through the EVM and generates a corresponding contract instance. After the nodes reach an agreement through the consensus mechanism, the smart contract corresponding to the above transaction is successfully created, and a contract account corresponding to the smart contract appears on the blockchain. The contract account has a specific contract address and contract code (i.e., smart contract). The code) or the hash value of the contract code is stored in the contract account, and the contract code is used to control the behavior of the corresponding smart contract.
在调用阶段,用户(可以与部署智能合约的用户相同或不同)将一个用于调用智能合约的交易发送到以太坊网络,该交易的from字段是该用户对应的外部账户的地址,to字段是所需调用的智能合约的合约地址,data字段包含调用智能合约的方法和参数。在节点间通过共识机制达成一致后,上述交易声明调用的智能合约以规定的方式在以太坊网络的每个节点上独立执行,所有执行记录和数据都保存在区块链上,所以当交易完成后,区块链上就保存了无法篡改、不会丢失的交易凭证。In the invocation phase, the user (which can be the same or different from the user who deployed the smart contract) sends a transaction for invoking the smart contract to the Ethereum network. The from field of the transaction is the address of the external account corresponding to the user, and the to field is The contract address of the smart contract to be called. The data field contains the method and parameters for calling the smart contract. After the nodes reach an agreement through the consensus mechanism, the smart contract called by the above transaction statement is executed independently on each node of the Ethereum network in a prescribed manner. All execution records and data are stored on the blockchain, so when the transaction is completed Later, the transaction vouchers that cannot be tampered with and will not be lost are stored on the blockchain.
如前所述,EVM是一个图灵完备的虚拟机;类似地,其他区块链也可以采用其他类型的虚拟机,比如WASM(WebAssembly)虚拟机等。总之,当交易调用的智能合约用于实现相对复杂的逻辑时,节点通过虚拟机执行该智能合约的代码的过程会消耗相对较多的计算资源,并且由于区块链网络内的所有节点都需要执行该智能合约的代码,因此随着节点数量的增加会导致计算资源的消耗量成倍增长。因此,虽然结合TEE技术可以相对减少单个区块链节点的资源消耗、加快交易执行效率,但就整个区块链网络而言,仍然会造成极大的资源消耗和浪费。As mentioned earlier, EVM is a Turing complete virtual machine; similarly, other blockchains can also use other types of virtual machines, such as WASM (WebAssembly) virtual machines. In short, when the smart contract invoked by the transaction is used to implement relatively complex logic, the process of executing the code of the smart contract by the node through the virtual machine consumes relatively more computing resources, and because all nodes in the blockchain network need The code that executes the smart contract, so as the number of nodes increases, the consumption of computing resources will increase exponentially. Therefore, although the combination of TEE technology can relatively reduce the resource consumption of a single blockchain node and speed up transaction execution efficiency, it will still cause great resource consumption and waste for the entire blockchain network.
为此,本说明书提出了在链下部署隐私计算节点(即链下隐私计算节点),可以将原本需要在所有区块链节点上执行的计算操作转移至链下隐私计算节点处执行,区块链节点只需要从链下隐私计算节点处获取计算结果并基于该计算结果更新区块链账本数据即可。链下隐私计算节点上可以创建链下TEE,而基于可验证计算(Verifiable Computation)技术能够证明上述的计算结果确实是在该链下TEE内按照预期执行,从而在确保可靠性的同时,极大地降低了链上的资源消耗。For this reason, this manual proposes to deploy private computing nodes (ie, off-chain private computing nodes) under the chain, which can transfer the computing operations that originally needed to be performed on all blockchain nodes to the off-chain private computing nodes for execution. The chain node only needs to obtain the calculation result from the off-chain private computing node and update the blockchain ledger data based on the calculation result. Off-chain private computing nodes can create off-chain TEEs, and the Verifiable Computation technology can prove that the above-mentioned calculation results are indeed executed as expected in the off-chain TEEs, thereby ensuring reliability and greatly Reduce the resource consumption on the chain.
如前所述,通过在区块链节点调用智能合约,使得区块链节点可以执行该智能合约的代码以实现相应的计算需求;类似地,可以将用于执行计算任务的代码部署于链下隐私计算节点处,并通过对所部署的代码进行调用以实现相应的计算需求。为了便于理解,本说明书中将部署于区块链节点的合约称为链上合约、将部署于链下隐私计算节点的合约称为链下合约;当然,无论是链上合约还是链下合约,其本质都是一段可以在虚拟机内执行的代码。As mentioned earlier, by invoking a smart contract on a blockchain node, the blockchain node can execute the code of the smart contract to achieve corresponding computing requirements; similarly, the code for performing computing tasks can be deployed off-chain At the privacy computing node, the deployed code is called to achieve the corresponding computing requirements. For ease of understanding, in this manual, the contract deployed on the blockchain node is called the on-chain contract, and the contract deployed on the off-chain privacy computing node is called the off-chain contract; of course, whether it is an on-chain contract or an off-chain contract, Its essence is a piece of code that can be executed in a virtual machine.
图1是本说明书示出的一种链下隐私计算节点侧的调用合约的方法的流程图。如图1所示,该方法可以包括步骤102~步骤103。Fig. 1 is a flowchart of a method for invoking a contract on the side of an off-chain privacy computing node shown in this specification. As shown in FIG. 1, the method may include step 102 to step 103.
步骤102,链下隐私计算节点接收到经过加密的调用请求,并在链下可信执行环境中解密得到所述调用请求包含的链下合约的标识信息和入参数据的信息。 Step 102, the off-chain privacy computing node receives the encrypted call request, and decrypts in the off-chain trusted execution environment to obtain the identification information of the off-chain contract and the information of the input data contained in the call request.
在通过调用请求来调用链下隐私计算节点上部署的链下合约之前,客户端需要将链下合约安全部署至该链下隐私计算节点处。例如,客户端在确定链下隐私计算节点可信的情况下,可以向链下隐私计算节点部署链下合约。链下合约与区块链节点所执行的链上合约类似,均可以为运行于虚拟机中的字节码,此处不再赘述。Before invoking the off-chain contract deployed on the off-chain private computing node through a call request, the client needs to safely deploy the off-chain contract to the off-chain private computing node. For example, if the client determines that the off-chain private computing node is trustworthy, it can deploy an off-chain contract to the off-chain private computing node. The off-chain contract is similar to the on-chain contract executed by the blockchain node, and both can be bytecodes running in a virtual machine, so I won’t repeat them here.
如前所述,链下隐私计算节点可以创建链下TEE,而针对链下合约的部署操作和调用操作均通过该链下TEE实现,从而确保操作过程中的数据安全和隐私保护。在链下隐私计算节点上创建的链下TEE,与前文所述的区块链节点上创建的链上TEE相似,都是基于CPU硬件实现的与外部完全隔离的可信执行环境。客户端通过获取针对链下隐私计算节点上创建的链下TEE的远程证明报告,验证该链下隐私计算节点是否可信,具体指该链下隐私计算节点上部署的链下TEE是否可信。As mentioned earlier, off-chain privacy computing nodes can create off-chain TEEs, and deployment operations and invocation operations for off-chain contracts are implemented through off-chain TEEs, thereby ensuring data security and privacy protection during operations. The off-chain TEE created on the off-chain private computing node is similar to the on-chain TEE created on the blockchain node described above, and is based on a trusted execution environment that is completely isolated from the outside and implemented by CPU hardware. The client verifies whether the off-chain private computing node is credible by obtaining the remote attestation report for the off-chain TEE created on the off-chain private computing node, specifically whether the off-chain TEE deployed on the off-chain private computing node is credible.
远程证明报告产生于针对链下隐私计算节点上的链下TEE的远程证明过程。远程证明报告由认证服务器对链下隐私计算节点产生的自荐信息进行验证后生成,该自荐信息与链下隐私计算节点上创建的链下TEE相关。链下隐私计算节点通过产生与链下TEE相关的自荐信息,并由认证服务器对该自荐信息进行验证后产生远程证明报告,使得远程证明报告可以用于表明链下隐私计算节点上的链下TEE可信任。例如,以Intel SGX技术为例,链下TEE为链下隐私计算节点上创建的用于实现链下隐私计算的enclave,远程证明过程还涉及到链下隐私计算节点上另一个特殊的enclave,即quoting enclave(简称QE),QE是由英特尔提供并签名的架构型enclave(Architectural Enclave)。上述enclave首先需要生成一用于本地认证的REPORT(报告)结构,并由QE基于该REPORT结构验证该enclave是否与自身处于同一平台上,而后由QE将该REPORT结构封装为一结构体QUOTE(即自荐信息),并使用EPID(enhanced privacy identification)密钥进行签名。EPID密钥不仅代表链下隐私计算节点这一平台,还代表链下隐私计算节点的底层硬件的可信度,还可以绑定处理器固件的版本等信息,并且只有QE才能访问到EPID密钥,以用于对上述的结构体QUOTE进行签名。在SGX技术中,上述的认证服务器可以为英特尔公司提供的IAS(Intel Attestation Service)服务器,链下隐私计算节点向IAS服务器发送经过签名的上述结构体QUOTE,使得IAS服务器可以对签名进行验证,并向链下隐私计算节点返回相应的远程证明报告。The remote attestation report is generated from the remote attestation process for the off-chain TEE on the off-chain private computing node. The remote attestation report is generated by the authentication server after verifying the self-recommendation information generated by the off-chain private computing node, and the self-recommended information is related to the off-chain TEE created on the off-chain private computing node. The off-chain private computing node generates the self-recommended information related to the off-chain TEE, and the authentication server verifies the self-recommended information to generate a remote attestation report, so that the remote attestation report can be used to indicate the off-chain TEE on the off-chain private computing node Trustworthy. For example, taking Intel SGX technology as an example, the off-chain TEE is an enclave created on the off-chain private computing node to realize off-chain privacy computing. The remote attestation process also involves another special enclave on the off-chain private computing node, namely Quoting enclave (QE for short), QE is an architectural enclave (Architectural Enclave) provided and signed by Intel. The above enclave first needs to generate a REPORT structure for local authentication, and QE verifies whether the enclave is on the same platform as itself based on the REPORT structure, and then QE encapsulates the REPORT structure into a structure QUOTE (ie Self-recommended information), and use the EPID (enhanced privacy identification) key to sign. The EPID key not only represents the platform of the off-chain private computing node, but also represents the credibility of the underlying hardware of the off-chain private computing node. It can also bind information such as the version of the processor firmware, and only QE can access the EPID key. , To sign the above-mentioned structure QUOTE. In SGX technology, the above authentication server can be the IAS (Intel Attestation Service) server provided by Intel. The off-chain privacy computing node sends the signed structure QUOTE to the IAS server, so that the IAS server can verify the signature and Return the corresponding remote certification report to the off-chain privacy computing node.
链下隐私计算节点创建链下TEE后,产生用于实现远程证明的自荐信息,该自荐信息可以用于锚定和固化链下TEE的信息,使得最终得到的包含该自荐信息的远程证明报告可以用于表征链下TEE的状态,并用于验证该链下TEE是否可信。例如,自荐信息中可以包含第一待检验哈希值,该第一待检验哈希值为链下TEE的预设信息的哈希值,比如该预设信息可以包括链下TEE内部署的所有代码、该链下TEE的开发者的公钥等。以Intel SGX技术为例,对应于链下TEE内部署的所有代码所生成的哈希值为MREnclave,对应于链下TEE的开发者的公钥所生成的哈希值为MRSigner,即第一待检验哈希值可以包括MREnclave和MRSigner。After the off-chain privacy computing node creates an off-chain TEE, it generates self-recommendation information for remote certification. This self-recommendation information can be used to anchor and solidify the information of the off-chain TEE, so that the final remote certification report containing the self-recommendation information can be obtained. It is used to characterize the state of the TEE under the chain and to verify whether the TEE under the chain is credible. For example, the self-recommendation information may include the first hash value to be verified, and the first hash value to be verified is the hash value of the preset information of the off-chain TEE. For example, the preset information may include all the deployed in the off-chain TEE. The code, the public key of the developer of the TEE under the chain, etc. Taking Intel SGX technology as an example, the hash value generated by all codes deployed in the off-chain TEE is MREnclave, and the hash value generated by the developer’s public key corresponding to the off-chain TEE is MRSigner, which is the first waiting The verification hash value can include MREnclave and MRSigner.
仍以Intel SGX技术为例。如前所述,链下隐私计算节点向IAS服务器发送经过签名的结构体QUOTE后,由IAS服务器根据所维护的公钥集合进行签名验证,并向链下隐私计算节点返回远程证明报告(即AVR报告),该远程证明报告中包含:结构体QUOTE和签名验证结果,并且IAS服务器采用自身持有的私钥对该远程证明报告进行签名。Still take Intel SGX technology as an example. As mentioned earlier, after the off-chain privacy computing node sends the signed structure QUOTE to the IAS server, the IAS server performs signature verification based on the maintained public key set, and returns a remote certification report (that is, AVR) to the off-chain privacy computing node. Report), the remote attestation report contains: the structure QUOTE and the signature verification result, and the IAS server uses its own private key to sign the remote attestation report.
相应地,客户端在获取远程证明报告后,可以首先根据IAS服务器的公钥对该远程证明报告进行签名验证,如果验证通过则表明该远程证明报告确实由IAS服务器生成,且在数据传输过程中未被篡改或丢失数据。客户端可以通过任意途径获得IAS服务器的公钥,譬如远程证明报告被提供至客户端时,还可以关联提供IAS的证书链,使得客户 端可以从该证书链中提取IAS服务器的公钥。然后,客户端可以从远程证明报告中提取结构体QUOTE和签名验证结果。客户端可以首先查看签名验证结果,如果签名验证结果为通过验证,表明链下隐私计算节点的CPU持有由Intel提供的私钥,因而链下TEE建立在可靠的硬件平台上,可以继续执行其他验证操作;如果签名验证结果为未通过验证,客户端可以判定链下隐私计算平台不可靠,无需继续其他验证操作。然后,客户端可以从结构体QUOTE内提取上述的哈希值MREnclave和MRSigner,即待检验MREnclave和待检验MRSigner;同时,客户端预先获得了链下TEE的MREnclave和MRSigner的可信值,比如称之为可信MREnclave和可信MRSigner,并将待检验MREnclave与可信MREnclave进行比较、将待检验MRSigner与可信MRSigner进行比较。那么,客户端可以将“待检验MREnclave与可信MREnclave一致,且待检验MRSigner与可信MRSigner一致”作为确认链下隐私计算节点可信的前提条件;换言之,如果待检验MREnclave与可信MREnclave不一致,或者待检验MRSigner与可信MRSigner不一致,客户端就判定链下隐私计算节点不可信,而如果客户端设定的所有前提条件都被满足,就可以确认链下隐私计算节点可信。此外,客户端对于签名验证结果进行验证的操作,与针对待检验MREnclave和待检验MRSigner进行验证的操作之间,并不存在必然的先后顺序,两者之间可以完全独立。Correspondingly, after the client obtains the remote attestation report, it can first perform signature verification on the remote attestation report according to the public key of the IAS server. If the verification is passed, it indicates that the remote attestation report is indeed generated by the IAS server and is in the process of data transmission. No data has been tampered with or lost. The client can obtain the public key of the IAS server through any means. For example, when the remote attestation report is provided to the client, it can also be associated with the certificate chain that provides the IAS, so that the client can extract the public key of the IAS server from the certificate chain. Then, the client can extract the structure QUOTE and the signature verification result from the remote attestation report. The client can first view the signature verification result. If the signature verification result is passed verification, it indicates that the CPU of the private computing node under the chain holds the private key provided by Intel. Therefore, the off-chain TEE is established on a reliable hardware platform and can continue to perform other operations. Verification operation: If the signature verification result is that the verification is not passed, the client can determine that the off-chain privacy computing platform is unreliable, and there is no need to continue other verification operations. Then, the client can extract the above-mentioned hash values MREnclave and MRSigner from the structure QUOTE, that is, the MREnclave to be verified and the MRSigner to be verified; at the same time, the client obtains the trusted value of the MREnclave and MRSigner of the off-chain TEE in advance, for example, These are the trusted MREnclave and the trusted MRSigner. The MREnclave to be tested is compared with the trusted MRSigner, and the MRSigner to be tested is compared with the trusted MRSigner. Then, the client can use "the MREnclave to be tested is consistent with the trusted MREnclave, and the MRSigner to be tested is consistent with the trusted MRSigner" as a prerequisite for confirming the trustworthiness of the private computing node under the chain; in other words, if the MREnclave to be tested is inconsistent with the trusted MREnclave , Or if the MRSigner to be verified is inconsistent with the trusted MRSigner, the client determines that the off-chain private computing node is not trusted, and if all the preconditions set by the client are met, it can confirm that the off-chain private computing node is trusted. In addition, there is no inevitable sequence between the operation of the client to verify the signature verification result and the verification of the MREnclave to be verified and the MRSigner to be verified, and the two can be completely independent.
除了MREnclave和MRSigner之外,客户端还可以通过其他的前提条件对链下隐私计算节点的可信度进行验证。例如,链下隐私计算节点在创建链下TEE后,可以在链下TEE内生成代表自身的身份信息的密钥对,并且链下隐私计算节点在链下TEE中创建自身的节点身份信息,该节点身份信息与上述对应于身份信息的密钥对相关,比如该节点身份信息可以包含该密钥对中的公钥。其中,代表身份信息的密钥对可以存在一组或多组,比如一组密钥对为用于签名与验签的密钥对(即签名密钥对),一组密钥对为用于加密与解密的密钥对(即加密密钥对),则节点身份信息可以包括签名密钥对中的签名公钥和加密密钥对中的加密公钥。在一组密钥对中,对应于不同的加密算法,可能同时存在多个公钥,这些公钥均被包含于上述的节点身份信息中。此外,节点身份信息还可以包含其他与链下隐私计算节点相关的信息,比如软件版本、所在域名、所在分区名等,本说明书并不对此进行限制。那么,链下隐私计算节点在生成结构体QUOTE时,可以计算上述节点身份信息的哈希值,并将该哈希值作为第二待检验哈希值添加至结构体QUOTE中。In addition to MREnclave and MRSigner, the client can also verify the credibility of the off-chain private computing node through other preconditions. For example, after an off-chain private computing node creates an off-chain TEE, it can generate a key pair representing its own identity information in the off-chain TEE, and the off-chain private computing node creates its own node identity information in the off-chain TEE. The node identity information is related to the above-mentioned key pair corresponding to the identity information. For example, the node identity information may include the public key in the key pair. Among them, the key pair representing the identity information can exist in one or more groups. Encryption and decryption key pair (ie, encryption key pair), the node identity information may include the signature public key in the signature key pair and the encryption public key in the encryption key pair. In a set of key pairs, corresponding to different encryption algorithms, there may be multiple public keys at the same time, and these public keys are all included in the above-mentioned node identity information. In addition, the node identity information may also include other information related to the off-chain private computing node, such as software version, domain name, partition name, etc. This specification does not limit this. Then, when the off-chain privacy computing node generates the structure QUOTE, it can calculate the hash value of the node identity information, and add the hash value to the structure QUOTE as the second hash value to be verified.
相应地,客户端在收到远程证明报告后,可以从该远程证明报告进行签名验证。在签名验证通过的情况下,客户端可以提取远程证明报告所含的签名验证结果和第二待检验哈希值,并分别予以验证,且对于两者的验证并不存在必然的先后顺序,两者之间可以完全独立。假定客户端首先验证签名验证结果,并在签名验证结果为通过验证的情况下,继续对第二待检验哈希值进行验证。为了对第二待检验哈希值进行验证,客户端需要获取链下隐私计算节点的节点身份信息,比如远程证明报告被提供至客户端的同时,可以关联提供节点身份信息,当然客户端也可以通过其他方式或在其他时刻获得该节点身份信息。然后,客户端可以对获得的节点身份信息进行哈希计算,将计算得到的哈希值与上述的第二待检验哈希值进行比较,并将比较结果一致作为确认链下隐私计算节点可信的前提条件。如果第二待检验哈希值通过验证,可以证明链下隐私计算节点的身份信息是在链下TEE内初始化生成,上述代表身份信息的密钥对中的私钥仅由链下隐私计算节点所拥有,且该链下隐私计算节点能够完成签名、加密通讯等操作。Correspondingly, after receiving the remote certification report, the client can perform signature verification from the remote certification report. When the signature verification is passed, the client can extract the signature verification result and the second to-be-verified hash value contained in the remote certification report, and verify them separately, and there is no inevitable sequence for the verification of the two. They can be completely independent. It is assumed that the client first verifies the signature verification result, and continues to verify the second hash value to be verified if the signature verification result is passed verification. In order to verify the second hash value to be verified, the client needs to obtain the node identity information of the off-chain private computing node. For example, when the remote certification report is provided to the client, the node identity information can be associated and provided, of course, the client can also pass Obtain the node's identity information in other ways or at other times. Then, the client can perform a hash calculation on the obtained node identity information, compare the calculated hash value with the above-mentioned second hash value to be verified, and use the same comparison result as a confirmation that the off-chain privacy computing node is trusted Prerequisites. If the second hash value to be verified is verified, it can be proved that the identity information of the off-chain private computing node is initialized and generated in the off-chain TEE, and the private key in the key pair representing the identity information is only owned by the off-chain private computing node. Owned, and the private computing node under the chain can complete operations such as signing and encrypting communication.
以上列举了两种针对链下隐私计算节点进行验证时采用的判断条件,即针对第一待检验哈希值的验证、针对第二待检验哈希值的验证。还可以采用其他的判断条件,此处不再一一列举。在针对链下隐私计算节点进行可信验证时,可以选用上述的一个或多个判断条件。例如,可以同时针对第一待检验哈希值和第二待检验哈希值进行验证;或者,在一些情况下,可以仅验证第二待检验哈希值,而对第一待检验哈希值可以不验证 或者部分验证。例如,客户端上可以设置信任等级,并根据信任等级确定是否验证或部分验证第一待检验哈希值,比如信任等级为0时,不需要验证第一待检验哈希值,信任等级为1时,验证第一待检验哈希值中的MRSigner,信任等级为2时,验证第一待检验哈希值中的MREnclave等。The above lists two judgment conditions for verification of off-chain privacy computing nodes, namely, verification for the first hash value to be verified and verification for the second hash value to be verified. Other judgment conditions can also be used, which will not be listed here. When performing trusted verification for off-chain private computing nodes, one or more of the above judgment conditions can be selected. For example, the first hash value to be verified and the second hash value to be verified can be verified at the same time; or, in some cases, only the second hash value to be verified can be verified, and the first hash value to be verified No verification or partial verification is possible. For example, the client can set a trust level, and determine whether to verify or partially verify the first hash value to be verified according to the trust level. For example, when the trust level is 0, there is no need to verify the first hash value to be verified, and the trust level is 1. When verifying the MRSigner in the first hash value to be verified, and when the trust level is 2, verify the MEnclave in the first hash value to be verified.
在上述实施例中,节点身份信息包含了链下隐私计算节点的身份相关的信息,比如代表身份的公钥等。节点身份信息还可以包含与链下TEE相关的信息,那么对节点身份信息进行哈希计算,并将得到的待检验哈希值添加至结构体QUOTE时,该待检验哈希值相当于同时实现了上述第一待检验哈希值和第二待检验哈希值的作用。例如,节点身份信息除了包含签名公钥和加密公钥等信息之外,还可以包含MREnclave和MRSigner的值,使得对该节点身份信息进行哈希计算得到的待检验哈希值,同时与链下隐私计算节点的身份、链下TEE相关。相应的,客户端在收到远程证明报告后,可以从该远程证明报告进行签名验证。在签名验证通过的情况下,客户端可以提取远程证明报告所含的签名验证结果和待检验哈希值,并分别予以验证,且对于两者的验证并不存在必然的先后顺序,两者之间可以完全独立。假定客户端首先验证签名验证结果,并在签名验证结果为通过验证的情况下,继续对待检验哈希值进行验证。为了对待检验哈希值进行验证,客户端需要获取链下隐私计算节点的节点身份信息,此处不再赘述。然后,客户端可以对获得的节点身份信息进行哈希计算,将计算得到的哈希值与上述的待检验哈希值进行比较,并将比较结果一致作为确认链下隐私计算节点可信的前提条件。可见,本实施例仅需一次比较,即可实现前文中两方面的验证,有助于提升验证效率。In the above embodiment, the node identity information includes information related to the identity of the off-chain private computing node, such as a public key representing the identity. The node identity information can also include information related to the off-chain TEE. When the node identity information is hashed, and the obtained hash value to be checked is added to the structure QUOTE, the hash value to be checked is equivalent to simultaneous realization The functions of the first hash value to be verified and the second hash value to be verified are described. For example, in addition to the signature public key and encryption public key, the node identity information can also contain the values of MREnclave and MRSigner, so that the hash value to be verified obtained by hashing the identity information of the node can be combined with the off-chain The identity of the private computing node is related to the off-chain TEE. Correspondingly, after receiving the remote certification report, the client can perform signature verification from the remote certification report. In the case that the signature verification is passed, the client can extract the signature verification result and the hash value to be verified contained in the remote certification report, and verify them separately, and there is no inevitable sequence for the verification of the two. The room can be completely independent. It is assumed that the client first verifies the signature verification result, and continues to verify the hash value to be verified if the signature verification result is passed verification. In order to verify the hash value to be checked, the client needs to obtain the node identity information of the off-chain private computing node, which will not be repeated here. Then, the client can perform a hash calculation on the obtained node identity information, compare the calculated hash value with the above-mentioned hash value to be verified, and use the consistency of the comparison result as a prerequisite to confirm the trustworthiness of the off-chain private computing node condition. It can be seen that this embodiment only needs one comparison to realize the verification in the two aspects mentioned above, which helps to improve the verification efficiency.
客户端对远程证明报告的验证过程,还可以包括其他操作,比如根据远程证明报告的内容确定链下TEE是否运行于测试模式(测试模式下存在数据泄露的风险)等,此处不再一一赘述。The client's verification process of the remote attestation report can also include other operations, such as determining whether the off-chain TEE is running in test mode (there is a risk of data leakage in test mode) based on the content of the remote attestation report, etc., here is no longer one by one Go into details.
客户端可以向链下隐私计算节点发起挑战,并接收链下隐私计算节点返回的远程证明报告,从而可以根据远程证明报告确定链下隐私计算节点是否可信。例如,客户端可以向链下隐私计算节点发起链下挑战,即发起挑战的过程与区块链网络无关,这样可以跳过区块链节点之间的共识过程、减少链上链下的交互操作,使得客户端向链下隐私计算节点的挑战具有更高的操作效率。再例如,客户端可以采用链上挑战的形式,比如客户端可以向区块链节点提交挑战交易,该挑战交易所含的挑战信息可由区块链节点通过预言机机制传输至链下隐私计算节点,且该挑战信息用于向链下隐私计算节点发起挑战。The client can initiate a challenge to the off-chain private computing node and receive the remote certification report returned by the off-chain private computing node, so that it can determine whether the off-chain private computing node is credible based on the remote certification report. For example, the client can initiate an off-chain challenge to the off-chain private computing node, that is, the process of initiating the challenge has nothing to do with the blockchain network, so that the consensus process between blockchain nodes can be skipped and the interaction between on-chain and off-chain can be reduced. , So that the client's challenge to the off-chain private computing node has a higher operational efficiency. For another example, the client can take the form of an on-chain challenge. For example, the client can submit a challenge transaction to a blockchain node. The challenge information contained in the challenge transaction can be transmitted by the blockchain node to the off-chain private computing node through the oracle mechanism. , And the challenge information is used to initiate a challenge to the off-chain private computing node.
本说明书中通过预言机机制实现将数据从链上传递至链下或者从链下传递至链上的操作。本说明书中将预言机合约与预言机服务器之间的配合机制称为预言机机制。比如,上文中基于预言机机制实现的链上挑战;以及,下文中基于预言机机制实现的链上调用等。其中,客户端向区块链节点提交的交易可以直接或间接调用预言机合约,以触发预言机机制。其中,如果将预言机合约的合约地址填入该交易的to字段,表明该交易直接调用了预言机合约;如果将某一链上合约的合约地址填入该交易的to字段,且该链上合约调用了预言机合约,表明该交易间接调用了预言机合约。链上合约调用预言机合约,一种情况下可以是在链上合约的字节码中预先写入了预言机合约的合约地址,另一种情况下可以是将预言机合约的合约地址作为调用该链上合约时的入参,并将该入参填入上述交易的data字段。除了将调用请求或其他数据从链上传递至链下,预言机机制还可以将数据从链下传递至链上,具体可由预言机服务器将链下数据传递至预言机合约,然后由预言机合约将链下数据传递至数据需求方,比如这里的链下数据可以包括调用链下合约所产生的隐私计算结果等。在上述的预言机机制中,将数据从链上传递至链下可以视为“请求”过程,将数据从链下传递至链上可以视为“响应”过程,这两个过程通常成对出现。In this specification, the oracle mechanism is used to realize the operation of transferring data from the chain to the chain or from the chain to the chain. In this specification, the coordination mechanism between the oracle contract and the oracle server is called the oracle mechanism. For example, the on-chain challenge based on the oracle mechanism in the above; and the on-chain call based on the oracle mechanism in the following. Among them, the transaction submitted by the client to the blockchain node can directly or indirectly call the oracle contract to trigger the oracle mechanism. Among them, if the contract address of the oracle contract is filled in the to field of the transaction, it indicates that the transaction directly calls the oracle contract; if the contract address of a certain chain contract is filled in the to field of the transaction, and the chain is on The contract calls the oracle contract, indicating that the transaction indirectly calls the oracle contract. The contract on the chain calls the oracle contract. In one case, the contract address of the oracle contract is pre-written in the bytecode of the on-chain contract. In another case, the contract address of the oracle contract can be used as the call. Enter the parameters of the contract on the chain, and fill the entered parameters into the data field of the above transaction. In addition to transferring call requests or other data from the chain to the off-chain, the oracle mechanism can also transfer data from off-chain to on-chain. Specifically, the oracle server can transfer the off-chain data to the oracle contract, and then the oracle contract Pass the off-chain data to the data demander. For example, the off-chain data here may include the privacy calculation results generated by invoking the off-chain contract. In the aforementioned oracle mechanism, transferring data from the chain to the chain can be regarded as a "request" process, and transferring data from the chain to the chain can be regarded as a "response" process. These two processes usually appear in pairs. .
无论是链下挑战或链上挑战,链下隐私计算节点在收到客户端发起的挑战后,均 可以临时触发如前文所述的远程证明过程并产生相应的远程证明报告,然后将远程证明报告反馈至客户端。或者,链下隐私计算节点在收到客户端发起的挑战时,如果本地已经存在预先生成的远程证明报告,那么链下隐私计算节点将该远程证明报告提供至客户端,而无需临时触发远程证明过程。其中,链下隐私计算节点本地存在的远程证明报告,可以是该链下隐私计算节点响应于除客户端之外的其他挑战者的挑战而触发产生,比如该其他挑战者可以包括其他客户端、链下隐私计算节点所处的链下隐私计算集群中的控制节点、KMS服务器等,本说明书并不对此进行限制。因此,链下隐私计算节点在收到客户端发起的挑战后,可以首先查看本地是否存在先前生成的远程证明报告,如果存在则将该远程证明报告反馈至客户端,否则临时触发远程证明过程。其中,远程证明报告可以具有一定的时限性,比如30分钟或其他时长,超时的远程证明报告可以被客户端认定为失效,链下隐私计算节点也可以主动清除已失效的远程证明报告以避免反馈至客户端。Whether it is an off-chain challenge or an on-chain challenge, after receiving the challenge initiated by the client, the off-chain private computing node can temporarily trigger the remote attestation process as described above and generate the corresponding remote attestation report, and then report the remote attestation Feedback to the client. Or, when the off-chain private computing node receives a challenge initiated by the client, if a pre-generated remote attestation report already exists locally, the off-chain private computing node provides the remote attestation report to the client without temporarily triggering remote attestation process. Among them, the remote attestation report of the off-chain private computing node can be triggered by the off-chain private computing node in response to the challenge of other challengers except the client. For example, the other challenger may include other clients, This manual does not limit the control node and KMS server in the off-chain privacy computing cluster where the off-chain privacy computing node is located. Therefore, after receiving the challenge initiated by the client, the off-chain private computing node can first check whether there is a previously generated remote attestation report locally, and if there is, the remote attestation report is fed back to the client, otherwise the remote attestation process is temporarily triggered. Among them, the remote attestation report can have a certain time limit, such as 30 minutes or other duration. The timed out remote attestation report can be deemed invalid by the client, and the off-chain privacy computing node can also actively clear the invalid remote attestation report to avoid feedback To the client.
基于上述方案,客户端在确定链下隐私计算节点可信的情况下,可以向链下隐私计算节点部署链下合约。与前述的挑战过程相类似的,客户端可以通过链下途径将链下合约的字节码加密传输至链下隐私计算节点,或者,客户端可以通过链上途径将链下合约的字节码加密传输至链下隐私计算节点,比如客户端生成链下合约部署交易,该链下合约部署交易中包含对字节码进行加密得到的字节码密文,客户端将链下合约部署交易加密后提交至区块链节点,加密后的链下合约部署交易可在区块链节点处创建的链上TEE内被解密、得到字节码密文,然后由区块链节点通过预言机机制将该字节码密文传输至链下隐私计算节点。Based on the above solution, the client can deploy an off-chain contract to the off-chain private computing node when it is determined that the off-chain private computing node is trustworthy. Similar to the aforementioned challenge process, the client can encrypt and transmit the bytecode of the off-chain contract to the off-chain private computing node through the off-chain channel, or the client can transfer the bytecode of the off-chain contract through the on-chain channel. Encrypted transmission to the off-chain private computing node. For example, the client generates an off-chain contract deployment transaction. The off-chain contract deployment transaction contains the bytecode ciphertext obtained by encrypting the bytecode, and the client encrypts the off-chain contract deployment transaction. After submitting to the blockchain node, the encrypted off-chain contract deployment transaction can be decrypted in the on-chain TEE created at the blockchain node to obtain the bytecode ciphertext, and then the blockchain node will use the oracle mechanism to convert The bytecode ciphertext is transmitted to the privacy computing node under the chain.
链下隐私计算节点可以在链下TEE中解密得到明文的字节码后,可以在链下TEE中对字节码进行重新加密后,存储至链下TEE之外的存储空间,比如链下隐私计算节点的硬盘中,从而完成对链下合约的部署。此处,链下隐私计算节点通常采用一对称密钥,通过对称加密的方式对字节码进行加密并存储,这样在后续调用该字节码时,相比于采用非对称加密的形式而言,可以更快地完成解密操作。该对称密钥可由链下隐私计算节点在链下TEE中生成,或者由其他对象通过加密传输的方式分发至链下隐私计算节点。例如,可由KMS服务器对链下隐私计算节点发起挑战,并通过远程证明验证该链下隐私计算节点可信的情况下,向该链下隐私计算节点分发上述的对称密钥。链下隐私计算节点可以将KMS服务器分发的对称密钥作为根密钥,并将基于该根密钥派生得到的衍生密钥应用于针对字节码的加密存储。再例如,基于Intel SGX技术,上述对称密钥可以为烧录于链下隐私计算节点的CPU内e-fuses存储电路中的RSK(Root Seal Key)密钥,或者该RSK密钥派生得到的衍生密钥(即Seal Key)。当然,链下隐私计算节点也可以采用非对称加密或者对称加密与非对称加密结合的方式,对字节码进行加密存储,本说明书并不对此进行限制。After the off-chain privacy computing node can decrypt the plaintext bytecode in the off-chain TEE, the bytecode can be re-encrypted in the off-chain TEE and stored in the storage space outside the off-chain TEE, such as off-chain privacy In the hard disk of the computing node, the deployment of the off-chain contract is completed. Here, the off-chain privacy computing node usually uses a symmetric key to encrypt and store the bytecode through symmetric encryption, so that when the bytecode is subsequently called, it is compared to the form of asymmetric encryption. , The decryption operation can be completed faster. The symmetric key can be generated by the off-chain private computing node in the off-chain TEE, or distributed to the off-chain private computing node by other objects through encrypted transmission. For example, the KMS server can initiate a challenge to the off-chain private computing node, and in the case of verifying the trustworthiness of the off-chain private computing node through remote certification, the above-mentioned symmetric key is distributed to the off-chain private computing node. The off-chain privacy computing node can use the symmetric key distributed by the KMS server as the root key, and apply the derived key derived from the root key to the encrypted storage of the bytecode. For another example, based on Intel SGX technology, the above symmetric key can be the RSK (Root Seal Key) key burned in the e-fuses storage circuit in the CPU of the private computing node under the chain, or a derivative derived from the RSK key Key (ie Seal Key). Of course, the off-chain privacy computing node can also use asymmetric encryption or a combination of symmetric encryption and asymmetric encryption to encrypt and store the bytecode, which is not limited in this specification.
客户端可以通过生成调用请求来调用链下隐私计算节点上部署的链下合约,其中,调用请求中,可以包含链下合约的标识信息和入参数据的信息。例如,客户端可以直接向链下隐私计算节点发送调用请求,即发送调用请求的过程与区块链网络无关,这样可以跳过区块链节点之间的共识过程、减少链上链下的交互操作,使得客户端向链下隐私计算节点的发送调用请求具有更高的操作效率。再例如,客户端可以采用链上的形式,比如客户端可以向区块链节点提交交易,该交易所含的调用请求可由区块链节点通过预言机机制传输至链下隐私计算节点。The client can call the off-chain contract deployed on the off-chain privacy computing node by generating a call request, where the call request can include the identification information of the off-chain contract and the information of the input data. For example, the client can directly send a call request to the off-chain privacy computing node, that is, the process of sending the call request has nothing to do with the blockchain network, which can skip the consensus process between blockchain nodes and reduce the interaction between the chain and the chain. Operation, so that the client sends a call request to the off-chain private computing node with higher operational efficiency. For another example, the client can adopt an on-chain form. For example, the client can submit a transaction to a blockchain node, and the call request contained in the transaction can be transmitted by the blockchain node to the off-chain privacy computing node through the oracle mechanism.
以图2所示的场景为例。一种情况下,客户端21可以通过链下渠道直接向链下隐私计算节点22发送调用请求,即客户端21发送调用请求的过程与区块链网络无关。另一种情况下,客户端21可以向区块链网络23提交交易,即客户端21通过区块链网络23向链下隐私计算节点22发送链上调用请求,区块链网络23可以根据该交易获得调用请求,并通过预言机机制将调用请求传输至链下隐私计算节点22。客户端通过链上渠道 向客户端发送调用请求时,可以包括三个步骤:步骤①,客户端21向区块链网络23提交一笔交易,该交易可由区块链网络23内的某一节点23n接收并执行,从而由区块链节点23n获得经过加密的调用请求;步骤②,节点23n调用预先部署的预言机智能合约(简称预言机合约),该预言机合约可以将上述调用请求传递至链下的预言机服务器24,比如预言机合约可以产生包含该调用请求的事件,而预言机服务器24可以通过监听预言机合约产生的事件,从而获取上述的调用请求;步骤③,预言机服务器24将调用请求通过链下渠道发送至链下隐私计算节点22。Take the scenario shown in Figure 2 as an example. In one case, the client 21 can directly send a call request to the off-chain privacy computing node 22 through an off-chain channel, that is, the process of sending the call request by the client 21 has nothing to do with the blockchain network. In another case, the client 21 can submit a transaction to the blockchain network 23, that is, the client 21 sends an on-chain call request to the off-chain privacy computing node 22 through the blockchain network 23, and the blockchain network 23 can follow this The transaction obtains the call request, and transmits the call request to the off-chain privacy computing node 22 through the oracle mechanism. When the client sends a call request to the client through an on-chain channel, it can include three steps: Step ①, the client 21 submits a transaction to the blockchain network 23, and the transaction can be made by a node in the blockchain network 23 23n receives and executes it, so that the blockchain node 23n obtains the encrypted call request; step ②, the node 23n calls the pre-deployed oracle smart contract (referred to as the oracle contract), and the oracle contract can pass the above call request to The oracle server 24 under the chain, for example, the oracle contract can generate an event containing the call request, and the oracle server 24 can obtain the aforementioned call request by monitoring the event generated by the oracle contract; step ③, the oracle server 24 The call request is sent to the off-chain privacy computing node 22 through the off-chain channel.
以图2所示的场景为例,所涉及的数据交互可以包括:客户端21与链下隐私计算节点22之间的数据交互(客户端21直接向链下隐私计算节点22发送链下调用请求,链下隐私计算节点22直接向客户端21返回链下隐私计算结果)、客户端21与节点23n之间的数据交互(客户端21向节点23n提交交易、节点23n向客户端21返回链下隐私计算结果)、节点23n与预言机服务器24之间的数据交互(预言机服务器24从节点23n读取调用请求、预言机服务器24向节点23n反馈链下隐私计算结果)、预言机服务器24与链下隐私计算节点22之间的数据交互(预言机服务器24向链下隐私计算节点22发送调用请求、链下隐私计算节点22向预言机服务器24返回链下隐私计算结果)等。在实现上述任一数据交互的过程中,数据发送方与数据接收方之间传输的数据存在泄漏的可能性,并且节点23n会将交易上链导致该交易包含的调用请求被公开,因此可以通过对数据进行加密传输的方式,避免造成信息泄露。Taking the scenario shown in Figure 2 as an example, the data interaction involved may include: data interaction between the client 21 and the off-chain privacy computing node 22 (the client 21 directly sends an off-chain call request to the off-chain privacy computing node 22 , The off-chain privacy computing node 22 directly returns the off-chain privacy calculation result to the client 21), the data interaction between the client 21 and the node 23n (the client 21 submits a transaction to the node 23n, and the node 23n returns the off-chain to the client 21 Privacy calculation results), data interaction between node 23n and oracle server 24 (oracles server 24 reads the call request from node 23n, oracle server 24 feeds back the privacy calculation results under the chain to node 23n), oracle server 24 and Data interaction between off-chain privacy computing nodes 22 (the oracle server 24 sends a call request to the off-chain privacy computing node 22, and the off-chain privacy computing node 22 returns the off-chain privacy calculation result to the oracle server 24), etc. In the process of realizing any of the above-mentioned data interactions, the data transmitted between the data sender and the data receiver may leak, and the node 23n will link the transaction to cause the call request contained in the transaction to be disclosed, so it can be passed The method of encrypting data transmission avoids information leakage.
客户端可以向链下隐私计算节点部署更多的链下合约;类似地,其他客户端也可以向链下隐私计算节点部署链下合约。为了便于管理,以及便于后续对链下合约进行调用,链下隐私计算节点可以为部署的链下合约生成相应的合约ID,链下合约与合约ID之间一一对应,合约ID可以作为链下合约的标识信息。例如,链下隐私计算节点可以对该链下合约的字节码进行哈希运算,得到第一哈希值,并将该第一哈希值作为该链下合约的合约ID。当然,链下隐私计算节点也可以通过其他方式生成合约ID,本说明书并不对此进行限制。Clients can deploy more off-chain contracts to off-chain private computing nodes; similarly, other clients can also deploy off-chain contracts to off-chain private computing nodes. In order to facilitate management and facilitate subsequent calls to off-chain contracts, off-chain privacy computing nodes can generate corresponding contract IDs for deployed off-chain contracts, and there is a one-to-one correspondence between off-chain contracts and contract IDs, and the contract ID can be used as off-chain The identification information of the contract. For example, the off-chain privacy computing node may perform a hash operation on the bytecode of the off-chain contract to obtain the first hash value, and use the first hash value as the contract ID of the off-chain contract. Of course, off-chain privacy computing nodes can also generate contract IDs in other ways, and this specification does not limit this.
因此,为了准确地指示链下隐私计算节点对链下合约的字节码进行调用,上述的调用请求中可以包含该链下合约的标识信息,比如上述的合约ID。进一步地,调用请求还可以包括函数信息,在链下合约中包含多个函数的情况下,调用请求需要通过函数信息指明客户端需要调用的函数,该函数信息可以是函数名等,本说明书并不对此进行限制。当然,如果链下合约仅包含一个函数,或者客户端希望调用链下合约中的所有函数,那么调用请求中也可以省去函数信息。Therefore, in order to accurately instruct the off-chain privacy computing node to call the bytecode of the off-chain contract, the aforementioned call request may include the identification information of the off-chain contract, such as the aforementioned contract ID. Further, the call request may also include function information. In the case of multiple functions included in the off-chain contract, the call request needs to specify the function that the client needs to call through the function information. The function information may be a function name, etc. This specification does not There is no restriction on this. Of course, if the off-chain contract contains only one function, or the client wants to call all functions in the off-chain contract, the function information can also be omitted in the call request.
调用请求还包括入参数据的信息。入参数据的信息可以为入参数据本身,或者入参数据的描述信息,比如该描述信息可以为存储地址等,使得链下隐私计算节点可以据此获取入参数据,尤其是当客户端本身并非数据拥有者的情况下,可以省去客户端与数据拥有者之间的交互,还可以降低调用请求的数据量、加快其传输速度。The call request also includes the information of the input parameter data. The information of the input parameter data can be the input parameter data itself, or the description information of the input parameter data. For example, the description information can be a storage address, etc., so that the off-chain private computing node can obtain the input parameter data accordingly, especially when the client itself In the case of not being the data owner, the interaction between the client and the data owner can be eliminated, the amount of data requested by the call can also be reduced, and the transmission speed can be accelerated.
部署在链下隐私计算节点的链下合约可以用于实现对某一对象的状态更新,比如使得该对象从第一状态更新至第二状态。但是,由于链下合约为无状态合约,即链下隐私计算节点并不维护上述对象的状态数据,使得链下合约无法主动获知第一状态,如果入参数据仅包含用于驱动该对象从第一状态向第二状态进行变化的数据,则针对上述对象的状态更新将无法顺利执行。因此,除了上述用于驱动该对象从第一状态向第二状态进行变化的数据之外,入参数据还应当包括第一状态的状态数据。例如,上述的对象可以是区块链账户,区块链账户的数据(即状态数据)仅维护于区块链节点处,链下隐私计算节点不会维护区块链账户的数据,即链下合约为无状态合约,那么在链下合约的执行逻辑与区块链账户相关的情况下,提供给链下合约的入参数据除了包含用于驱动区块链账户实现更新的数据之外,还应当包含区块链账户的历史状态的数据。由于链下合约为无状态合约,可以避免将状态数据存储于链下隐私计算节点处,尤其是不会对链上数 据进行存储,从而可以保证链上数据的隐私性和安全性。The off-chain contract deployed on the off-chain privacy computing node can be used to update the state of an object, for example, to update the object from the first state to the second state. However, because the off-chain contract is a stateless contract, that is, the off-chain privacy computing node does not maintain the state data of the above object, so that the off-chain contract cannot actively learn the first state. If the input data only contains the data used to drive the object from the first state. For data that changes from one state to the second state, the state update for the above object will not be executed smoothly. Therefore, in addition to the data used to drive the object to change from the first state to the second state, the input data should also include the state data of the first state. For example, the above object can be a blockchain account. The data (ie state data) of the blockchain account is only maintained at the blockchain node, and the off-chain privacy computing node does not maintain the data of the blockchain account, that is, off-chain. The contract is a stateless contract, so when the execution logic of the off-chain contract is related to the blockchain account, the input data provided to the off-chain contract not only contains the data used to drive the update of the blockchain account, but also It should contain data on the historical state of the blockchain account. Since the off-chain contract is a stateless contract, it can avoid storing the state data at the off-chain private computing node, especially the data on the chain will not be stored, so that the privacy and security of the data on the chain can be guaranteed.
调用请求中还可以包括指定对象的身份公钥的信息,该身份私钥由指定对象所维护。比如该指定对象可以为上述的客户端,或者由该客户端所指定的其他任意需求方,本说明书并不对此进行限制。因此,在获得链下隐私计算结果后,链下隐私计算节点可以采用接收到的指定对象的身份公钥对链下隐私计算结果进行加密,使得只有维护有身份私钥的指定对象才能对该链下隐私计算结果进行解密,保证了链下隐私计算结果的安全性。如果同时存在多个指定对象,调用请求中可以包含这些指定对象分别对应的多个身份公钥的信息,使得链下隐私计算节点分别用每个身份公钥对链下隐私计算结果进行加密。The call request may also include information about the identity public key of the specified object, and the identity private key is maintained by the specified object. For example, the specified object may be the aforementioned client, or any other demander specified by the client, which is not limited in this specification. Therefore, after obtaining the off-chain privacy calculation result, the off-chain privacy computing node can use the received identity public key of the specified object to encrypt the off-chain privacy calculation result, so that only the specified object who maintains the identity private key can do this chain The decryption of the private calculation results under the chain ensures the security of the off-chain private calculation results. If there are multiple designated objects at the same time, the call request can include the information of multiple identity public keys corresponding to these designated objects, so that the off-chain privacy computing node uses each identity public key to encrypt the off-chain privacy calculation results.
如图2所示,以客户端21直接向链下隐私计算节点22发送链下调用请求为例。客户端21生成调用请求,并可以直接通过链下渠道发送至链下隐私计算节点22,那么链下隐私计算节点22可以根据调用请求中包含的链下合约的标识信息调用预先部署的链下合约的字节码,并通过部署在链下TEE中的虚拟机执行该字节码以对调用请求中包含的入参数据进行隐私计算。但是,如果客户端21并不希望自己的调用请求被其他用户随意获知,可以对调用请求进行隐私保护。客户端21可以对发送的调用请求进行加密,而链下隐私计算节点可以接收经过加密的调用请求,这样可以确保传输过程中不会造成调用请求的内容泄露。同时,链下隐私计算节点22执行链下隐私计算后得到链下隐私计算结果,链下隐私计算节点22可以直接通过链下渠道将链下隐私计算结果反馈至客户端或者数据需求方。As shown in FIG. 2, the client 21 directly sends an off-chain invocation request to the off-chain privacy computing node 22 as an example. The client 21 generates a call request, and can directly send it to the off-chain privacy computing node 22 through the off-chain channel, then the off-chain privacy computing node 22 can call the pre-deployed off-chain contract according to the identification information of the off-chain contract contained in the call request The bytecode is executed by the virtual machine deployed in the off-chain TEE to perform privacy calculation on the input parameter data contained in the call request. However, if the client 21 does not want its call request to be arbitrarily known by other users, it can protect the privacy of the call request. The client 21 can encrypt the sent call request, and the off-chain privacy computing node can receive the encrypted call request, which can ensure that the content of the call request will not be leaked during the transmission process. At the same time, the off-chain privacy computing node 22 obtains the off-chain privacy calculation results after performing off-chain privacy calculations, and the off-chain privacy computing node 22 can directly feed back the off-chain privacy calculation results to the client or the data requester through the off-chain channel.
如图2所示,以客户端21向节点23n提交交易为例。客户端21生成交易,并可以通过链上渠道向节点23n提交交易,使得节点23n可以将客户端21提交的交易与其他节点进行共识后上链,对客户端21提交的交易进行存证。但是,如果客户端21并不希望自己的行为被其他用户随意获知,可以对交易进行隐私保护。客户端21可以对提交的交易进行加密,而节点23n可以接收经过加密的交易,这样可以确保传输过程中不会造成交易的内容泄露。节点23n处可以部署链上TEE,并且节点23n可以将经过加密的交易读入该链上TEE后,在链上TEE内解密,可以确保解密得到的挑战交易仅存在于链上TEE内、不会外泄。As shown in Figure 2, take the client 21 submitting a transaction to the node 23n as an example. The client 21 generates a transaction, and can submit a transaction to the node 23n through an on-chain channel, so that the node 23n can perform a consensus on the transaction submitted by the client 21 with other nodes and then upload the transaction on the chain, and deposit the transaction submitted by the client 21. However, if the client 21 does not want its behavior to be arbitrarily known to other users, the transaction can be protected for privacy. The client 21 can encrypt the submitted transaction, and the node 23n can receive the encrypted transaction, which can ensure that the content of the transaction will not be leaked during the transmission process. Node 23n can deploy the on-chain TEE, and node 23n can read the encrypted transaction into the on-chain TEE and decrypt it in the on-chain TEE to ensure that the decrypted challenge transaction only exists in the on-chain TEE. Leak out.
其中,如果客户端21生成的交易中直接包含经过加密的调用请求,那么节点23n可以在链上TEE内解密交易、得到调用请求密文,然后节点23n可以通过预言机机制将该调用请求密文传输至链下隐私计算节点。Among them, if the transaction generated by the client 21 directly contains the encrypted call request, then the node 23n can decrypt the transaction in the on-chain TEE and obtain the ciphertext of the call request, and then the node 23n can use the oracle mechanism to make the call request ciphertext. It is transmitted to the private computing node under the chain.
针对调用请求中链下合约的标识信息,客户端21可以直接将该标识信息添加在交易中,那么节点23n可以在链上TEE内解密交易、得到标识信息;或者,客户端21生成的交易所调用的链上合约中定义了链下合约的标识信息,那么节点23n在接收到该交易后,可以在链上TEE内执行被调用的链上合约,从而获得该标识信息。For the identification information of the off-chain contract in the call request, the client 21 can directly add the identification information to the transaction, then the node 23n can decrypt the transaction in the on-chain TEE to obtain the identification information; or, the exchange generated by the client 21 The called on-chain contract defines the identification information of the off-chain contract. After receiving the transaction, the node 23n can execute the called on-chain contract in the on-chain TEE to obtain the identification information.
针对调用请求中入参数据的信息,客户端21生成的交易中可以直接包含入参数据,那么节点23n可以在链上TEE内解密交易、得到入参数据。然后通过链上TEE内部署的虚拟机执行被调用的链上合约,链上合约被执行后可以将上述标识信息和入参数据打包为调用请求并对该调用请求进行加密。或者,客户端生成的交易中可以包含入参数据的描述信息,比如该描述信息可以为存储地址等,那么节点23n可以通过执行链上合约查询到相应的入参数据,链上合约被执行后可以将上述标识信息和入参数据打包为调用请求并对该调用请求进行加密。或者,客户端生成的交易中可以包含初始数据,那么节点23n可以通过执行链上合约对初始数据进行处理以获得相应的入参数据,链上合约被执行后可以将上述标识信息和入参数据打包为调用请求并对该调用请求进行加密。或者,客户端生成的交易中可以包含初始数据的描述信息,比如该描述信息可以为存储地址等,那么节点23n可以通过执行链上合约查询到相应的初始数据,并由链上合约对初始数据进行处理,链上合约被执行后可以将上述标识信息和入参数据打包为调用请求并对该调 用请求进行加密,因而客户端可以不直接将标识信息或者入参数据添加在交易中,客户端对于调用链下合约执行链下隐私计算的过程是透明的,客户端只需要获得反馈的链下隐私计算结果即可,而不需要关注调用的链下合约的标识信息或者入参数据的信息等。Regarding the information of the input parameter data in the call request, the transaction generated by the client 21 may directly include the input parameter data, and then the node 23n can decrypt the transaction in the on-chain TEE and obtain the input parameter data. Then, the called on-chain contract is executed by the virtual machine deployed in the on-chain TEE. After the on-chain contract is executed, the above identification information and input parameter data can be packaged into a call request and the call request can be encrypted. Or, the transaction generated by the client can include the description information of the input parameter data, for example, the description information can be a storage address, etc., then the node 23n can query the corresponding input parameter data by executing the on-chain contract, and after the on-chain contract is executed The above identification information and input data can be packaged into a call request and the call request can be encrypted. Or, the transaction generated by the client can include initial data, then the node 23n can process the initial data by executing the on-chain contract to obtain the corresponding input data. After the on-chain contract is executed, the above identification information and the input data can be combined. Package it into a call request and encrypt the call request. Or, the transaction generated by the client can include the description information of the initial data, for example, the description information can be a storage address, etc., then the node 23n can query the corresponding initial data by executing the contract on the chain, and the contract on the chain can check the initial data For processing, after the on-chain contract is executed, the above identification information and input data can be packaged into a call request and the call request can be encrypted. Therefore, the client may not directly add the identification information or input data to the transaction. The process of invoking the off-chain contract to perform off-chain privacy calculations is transparent. The client only needs to obtain the feedback of the off-chain privacy calculation results, and does not need to pay attention to the identification information of the invoked off-chain contract or the information of the input data, etc. .
针对调用请求的加密传输,可以采用对称加密或非对称加密的形式。通过对调用请求进行加密传输可以确保传输过程中不会造成调用请求的内容泄露。当采用对称加密时,客户端21和链下隐私计算节点22分别维护有相同的对称密钥,比如该对称密钥可由客户端21与链下隐私计算节点22通过诸如DH(Diffie-Hellman)或ECDH(Elliptic Curve Diffie–Hellman)等算法协商得到,或者由KMS(Key Management Service,密钥管理服务)服务器分发至客户端21和节链下隐私计算节点22,本说明书并不限制密钥来源。当密钥由KMS服务器分发时,KMS服务器可以在客户端21对链下隐私计算节点进行远程证明的过程中,将密钥传输至客户端21处。那么,客户端21可以通过上述的对称密钥对调用请求进行加密,而链下隐私计算节点22将对称密钥维护于链下TEE中,因而链下隐私计算节点22接受到由节点23n传输的调用请求,链下隐私计算节点22将经过加密的调用请求读入链下TEE内,并通过该对称密钥执行解密操作得到上述的调用请求,并进行相关的计算。对称加密采用的加密算法,例如可以包括DES算法,3DES算法,TDEA算法,Blowfish算法,RC5算法,IDEA算法等。The encrypted transmission of the call request can be in the form of symmetric encryption or asymmetric encryption. Encrypted transmission of the call request can ensure that the content of the call request will not be leaked during the transmission process. When symmetric encryption is used, the client 21 and the off-chain private computing node 22 maintain the same symmetric key respectively. For example, the symmetric key can be used by the client 21 and the off-chain private computing node 22 through such as DH (Diffie-Hellman) or ECDH (Elliptic Curve Diffie-Hellman) and other algorithms are negotiated, or distributed by the KMS (Key Management Service) server to the client 21 and the privacy computing node 22 under the link. This manual does not limit the source of the key. When the key is distributed by the KMS server, the KMS server can transmit the key to the client 21 during the process of the client 21 remotely certifying the off-chain private computing node. Then, the client 21 can encrypt the call request with the above-mentioned symmetric key, and the off-chain privacy computing node 22 maintains the symmetric key in the off-chain TEE, so the off-chain privacy computing node 22 receives the data transmitted by the node 23n Invoking the request, the off-chain privacy computing node 22 reads the encrypted invoking request into the off-chain TEE, and performs a decryption operation using the symmetric key to obtain the foregoing invoking request, and performs related calculations. The encryption algorithm used by the symmetric encryption may include, for example, the DES algorithm, the 3DES algorithm, the TDEA algorithm, the Blowfish algorithm, the RC5 algorithm, and the IDEA algorithm.
当采用非对称加密时,链下隐私计算节点22维护有节点非对称密钥的私钥,比如称之为节点私钥,而客户端21可以获得该链下隐私计算节点22的节点公钥。非对称密钥可由链下隐私计算节点22在链下TEE内生成,或者由KMS服务器分发至该链下隐私计算节点22,本说明书并不限制密钥来源。类似地,当密钥由KMS服务器分发时,KMS服务器可以在客户端21对链下隐私计算节点进行远程证明的过程中,将节点公钥传输至客户端21处。那么,客户端21可以通过节点公钥对调用请求进行加密,而链下隐私计算节点22将节点私钥维护于链下TEE中,因而将经过加密的调用请求读入链下TEE内,并通过节点私钥执行解密操作得到上述的调用请求。非对称加密采用的非对称加密算法,例如可以包括RSA、Elgamal、背包算法、Rabin、D-H、ECC(椭圆曲线加密算法)等。When asymmetric encryption is used, the off-chain privacy computing node 22 maintains the private key of the node's asymmetric key, for example, the node private key, and the client 21 can obtain the node public key of the off-chain private computing node 22. The asymmetric key can be generated by the off-chain private computing node 22 in the off-chain TEE, or distributed by the KMS server to the off-chain private computing node 22. This specification does not limit the source of the key. Similarly, when the key is distributed by the KMS server, the KMS server can transmit the public key of the node to the client 21 during the process of the client 21 remotely certifying the off-chain private computing node. Then, the client 21 can encrypt the call request with the node public key, and the off-chain privacy computing node 22 maintains the node’s private key in the off-chain TEE, thus reading the encrypted call request into the off-chain TEE, and pass The node private key performs the decryption operation to obtain the above-mentioned call request. The asymmetric encryption algorithm used in the asymmetric encryption may include, for example, RSA, Elgamal, knapsack algorithm, Rabin, D-H, ECC (elliptic curve encryption algorithm), etc.
针对调用请求的加密传输,还可以采用对称加密与非对称加密相结合的形式。客户端21可以维护一对称密钥,比如该对称密钥可由客户端21随机生成,且客户端21可以获得上述节点非对称密钥中的公钥。客户端21可以通过对称密钥对调用请求进行加密、得到加密后调用请求,并通过非对称密钥加密该对称密钥、得到加密后密钥,然后客户端21同时将加密后挑战交易与加密后密钥传输至链下隐私计算节点22。相应的,链下隐私计算节点22将加密后调用请求与加密后密钥读入链下TEE内,首先通过节点私钥对加密后密钥进行解密、得到对称密钥,然后通过对称密钥对加密后调用请求进行解密。相比较而言,对称加密的加解密效率相对更高、但安全性相对较低,而非对称加密的加解密效率相对较低、但安全性相对更高,因此基于对称加密与非对称加密相结合的形式,可以兼顾加解密效率与安全性。For the encrypted transmission of the call request, a combination of symmetric encryption and asymmetric encryption can also be used. The client 21 can maintain a symmetric key. For example, the symmetric key can be randomly generated by the client 21, and the client 21 can obtain the public key in the aforementioned node asymmetric key. The client 21 can encrypt the call request with a symmetric key, obtain the encrypted call request, and encrypt the symmetric key with an asymmetric key to obtain the encrypted key, and then the client 21 simultaneously encrypts the encrypted challenge transaction and encrypted The latter key is transmitted to the off-chain privacy computing node 22. Correspondingly, the off-chain privacy computing node 22 reads the encrypted call request and the encrypted key into the off-chain TEE, first decrypts the encrypted key with the node's private key to obtain the symmetric key, and then uses the symmetric key pair After encryption, the request is called for decryption. In comparison, the encryption and decryption efficiency of symmetric encryption is relatively higher, but the security is relatively low, while the encryption and decryption efficiency of asymmetric encryption is relatively low, but the security is relatively higher. Therefore, based on the comparison between symmetric encryption and asymmetric encryption The combined form can take into account the efficiency and security of encryption and decryption.
针对调用请求进行加密时,可以采用对称加密、非对称加密或两者结合的方式,本说明书并不对此进行限制。当采用非对称加密或者对称加密与非对称加密结合的方式时,涉及到一组非对称密钥对,客户端21或节点23n需要获知该非对称密钥对的公钥,且该非对称密钥对的私钥需要由链下隐私计算节点22所维护,使得该链下隐私计算节点22可以基于该私钥对收到的调用请求进行解密。例如,该非对称密钥对可以为前文所述的、链下隐私计算节点22在链下TEE中产生的加密密钥对;相应地,链下隐私计算节点22在收到调用请求密文后,将该调用请求密文读入链下TEE中,并基于加密私钥对该调用请求密文进行解密,从而得到明文的调用请求。When encrypting the call request, symmetric encryption, asymmetric encryption, or a combination of the two can be used, and this specification does not limit this. When asymmetric encryption or a combination of symmetric encryption and asymmetric encryption is used, a set of asymmetric key pairs is involved, and the client 21 or node 23n needs to know the public key of the asymmetric key pair, and the asymmetric encryption The private key of the key pair needs to be maintained by the off-chain private computing node 22, so that the off-chain private computing node 22 can decrypt the received call request based on the private key. For example, the asymmetric key pair may be the aforementioned encryption key pair generated by the off-chain privacy computing node 22 in the off-chain TEE; accordingly, the off-chain privacy computing node 22 receives the ciphertext of the call request , Read the call request cipher text into the off-chain TEE, and decrypt the call request cipher text based on the encrypted private key to obtain the call request in plain text.
类似地,在其他数据交互的过程中,通过使得数据发送方与数据接收方之间维护相同的对称密钥,或者使得数据发送方维护有非对称密钥的公钥、数据接收方维护有非 对称密钥的私钥,或者结合对称加密与非对称加密的形式,可以实现任意的数据发送方与数据接收方之间的数据加密传输,此处不再赘述。Similarly, in the process of other data interactions, the data sender and the data receiver maintain the same symmetric key, or the data sender maintains the public key of the asymmetric key, and the data receiver maintains the non-symmetric key. The private key of the symmetric key, or the combination of symmetric encryption and asymmetric encryption, can realize the encrypted transmission of data between any data sender and data receiver, which will not be repeated here.
链下隐私计算节点可能属于链下隐私计算集群,该链下隐私计算集群包含多个链下隐私计算节点。如果各个链下隐私计算节点之间完全独立,那么客户端与单个链下隐私计算节点之间的交互过程可以参考上文所述的实施例。而另一种方式下,链下隐私计算集群可以包含一控制节点,并由该控制节点对集群内的所有链下隐私计算节点进行统一管理。比如,客户端可以向控制节点发送调用请求,并接收控制节点返回的上述链下隐私计算节点的链下隐私计算结果。与前述实施例相类似的,客户端可以向控制节点发送调用请求,或者客户端可以向区块链节点提交交易,该交易所含的调用请求由区块链节点通过预言机机制传输至控制节点,使得控制节点向客户端返回由链下隐私计算节点的发送的链下隐私计算结果。An off-chain private computing node may belong to an off-chain private computing cluster, and the off-chain private computing cluster includes multiple off-chain private computing nodes. If the privacy computing nodes under each chain are completely independent, then the interaction process between the client and a single privacy computing node under the chain can refer to the above-mentioned embodiments. In another way, the off-chain privacy computing cluster may include a control node, and the control node will uniformly manage all off-chain privacy computing nodes in the cluster. For example, the client can send a call request to the control node, and receive the off-chain privacy calculation result of the off-chain privacy computing node returned by the control node. Similar to the foregoing embodiment, the client can send a call request to the control node, or the client can submit a transaction to the blockchain node, and the call request contained in the transaction is transmitted to the control node by the blockchain node through the oracle mechanism. , So that the control node returns the off-chain privacy calculation result sent by the off-chain privacy computing node to the client.
以图3所示的场景为例。一种情况下,客户端31可以通过链下渠道直接向控制节点32发送调用请求。另一种情况下,客户端31可以通过区块链网络33向控制节点32提交交易,即客户端31向控制节点32发送链上交易,区块链网络33可以根据该交易获得调用请求,并通过预言机机制将调用请求传输至控制节点32。链上调用请求过程可以包括三个步骤:步骤①,客户端31向区块链网络33提交一笔交易,该交易可由区块链网络33内的某一节点例如节点33n接收并执行,从而由区块链节点33n获得经过加密的调用请求;步骤②,节点33n调用预先部署的预言机智能合约(简称预言机合约),该预言机合约可以将上述调用请求传递至链下的预言机服务器34,比如预言机合约可以产生包含该调用请求的事件,而预言机服务器34可以通过监听预言机合约产生的事件,从而获取上述的调用请求;步骤③,预言机服务器34将调用请求通过链下渠道发送至控制节点32。Take the scenario shown in Figure 3 as an example. In one case, the client 31 can directly send a call request to the control node 32 through an off-chain channel. In another case, the client 31 can submit a transaction to the control node 32 through the blockchain network 33, that is, the client 31 sends an on-chain transaction to the control node 32, and the blockchain network 33 can obtain a call request based on the transaction, and The call request is transmitted to the control node 32 through the oracle mechanism. The on-chain call request process can include three steps: Step ①, the client 31 submits a transaction to the blockchain network 33, and the transaction can be received and executed by a certain node in the blockchain network 33, such as node 33n. The blockchain node 33n obtains the encrypted call request; step ②, the node 33n calls the pre-deployed oracle smart contract (referred to as the oracle contract), which can pass the call request to the oracle server 34 under the chain For example, the oracle contract can generate an event containing the call request, and the oracle server 34 can obtain the aforementioned call request by monitoring the event generated by the oracle contract; step ③, the oracle server 34 sends the call request through the off-chain channel Send to the control node 32.
客户端31可以直接向控制节点32发送调用请求,即发送调用请求的过程与区块链网络无关,这样可以跳过区块链节点之间的共识过程、减少链上链下的交互操作,使得客户端31向控制节点32的发送调用请求具有更高的操作效率。再例如,客户端31可以采用链上的形式,比如客户端31可以向区块链节点提交交易,该交易所含的调用请求可由区块链节点通过预言机机制传输至控制节点。The client 31 can directly send a call request to the control node 32, that is, the process of sending a call request has nothing to do with the blockchain network, so that the consensus process between blockchain nodes can be skipped, and the interaction between on-chain and off-chain can be reduced, so that The call request sent by the client 31 to the control node 32 has higher operational efficiency. For another example, the client 31 may adopt an on-chain form. For example, the client 31 may submit a transaction to a blockchain node, and the call request contained in the transaction may be transmitted to the control node by the blockchain node through the oracle mechanism.
控制节点接收到上述调用请求,该调用请求中可以将目标节点设定为控制节点32所处集群内的某一链下隐私计算节点,比如链下隐私计算节点32n,那么控制节点32将接收到的调用请求转发至链下隐私计算节点32n,与上述实施例类似的,客户端31或者节点33n在针对调用请求进行加密时,只需要确保该链下隐私计算节点32n能够解密即可,例如,可以采用该链下隐私计算节点32n在链下TEE内生成的加密公钥对调用请求进行加密,而链下隐私计算节点32n在收到调用请求密文后,可以在链下TEE内通过加密私钥对该调用请求密文进行解密,从而获得该调用请求。或者,客户端31或节点33n也可以不设定调用请求中的目标节点,而调用请求可以采用控制节点32所处集群内的某一链下隐私计算节点在链下TEE内生成的加密公钥对调用请求进行加密,那么控制节点32将接收到该调用请求并将其转发至控制节点32所处集群内的所有链下隐私计算节点,那么只有维护有对应的加密私钥的链下隐私计算节点可以对该调用请求进行解密。The control node receives the above-mentioned call request. In the call request, the target node can be set as a certain off-chain private computing node in the cluster where the control node 32 is located, such as off-chain private computing node 32n, then the control node 32 will receive The invocation request is forwarded to the off-chain private computing node 32n. Similar to the above embodiment, when the client 31 or node 33n encrypts the invocation request, it only needs to ensure that the off-chain private computing node 32n can decrypt, for example, The off-chain privacy computing node 32n can use the encrypted public key generated in the off-chain TEE to encrypt the call request, and the off-chain privacy computing node 32n can encrypt the call request in the off-chain TEE after receiving the ciphertext of the call request. The key decrypts the ciphertext of the call request to obtain the call request. Alternatively, the client 31 or the node 33n may not set the target node in the call request, and the call request may use the encrypted public key generated in the off-chain TEE by a certain off-chain privacy computing node in the cluster where the control node 32 is located. Encrypt the call request, then the control node 32 will receive the call request and forward it to all off-chain privacy computing nodes in the cluster where the control node 32 is located, then only the off-chain privacy computing that maintains the corresponding encrypted private key The node can decrypt the call request.
以及链下隐私计算节点可能属于链下隐私计算集群,该链下隐私计算集群包含多个链下隐私计算节点。那控制节点32在接收到该调用请求后可以根据负载均衡算法从链下隐私计算集群中选取某一链下隐私计算节点,调用请求可以被所述控制节点接收并转发至该链下隐私计算节点。此时,客户端31或者节点33n在针对调用请求进行加密时,需要采用集群的加密公钥进行加密,从而确保该链下隐私计算集群中的任一链下隐私计算节点都能对该调用请求进行解密。And the off-chain private computing node may belong to the off-chain private computing cluster, and the off-chain private computing cluster includes multiple off-chain private computing nodes. After receiving the call request, the control node 32 can select a certain off-chain privacy computing node from the off-chain privacy computing cluster according to the load balancing algorithm, and the invocation request can be received by the control node and forwarded to the off-chain privacy computing node . At this time, when the client 31 or node 33n encrypts the call request, it needs to use the encryption public key of the cluster to encrypt, so as to ensure that any off-chain private computing node in the off-chain private computing cluster can decrypt the call request. .
而客户端在部署链下合约的过程中,首先将字节码加密传输至控制节点,然后由 控制节点转发至集群内的一个或多个链下隐私计算节点,从而将链下合约的字节码部署至集群内的一个或多个链下隐私计算节点,与前述链下合约的部署过程类似,此处不再赘述。如果部署至多个链下隐私计算节点,那么这些链下隐私计算节点可以同时向外提供针对同一链下合约的调用能力,从而实现并行的链下隐私计算,还可以在多个链下隐私计算节点之间实现负载均衡。In the process of deploying the off-chain contract, the client first encrypts the bytecode and transmits it to the control node, and then the control node forwards it to one or more off-chain privacy computing nodes in the cluster, thereby transferring the bytes of the off-chain contract. The deployment of the code to one or more off-chain privacy computing nodes in the cluster is similar to the deployment process of the aforementioned off-chain contract, and will not be repeated here. If deployed to multiple off-chain private computing nodes, then these off-chain private computing nodes can provide the ability to call the same off-chain contract at the same time, so as to realize parallel off-chain private computing, and it can also be used in multiple off-chain private computing nodes. Achieve load balancing between.
在链下隐私计算节点属于链下隐私计算集群的情况下,可以为这些链下隐私计算节点生成统一的身份信息,比如称为集群身份信息。集群身份信息可以包括集群加密密钥对和集群签名密钥对,上述的各个链下隐私计算节点均需在各自的链下TEE内维护集群加密私钥、集群签名私钥。那么客户端或区块链节点只要使用集群加密公钥对调用请求进行加密,即可确保上述的各个链下隐私计算节点均能够在各自的链下TEE内通过集群加密私钥进行解密,从而调用请求。基于集群身份,客户端并不需要关注对方为单个链下隐私计算节点或者链下隐私计算集群,只需要将其作为一个对象并与该对象进行交互即可,无需关注于背后的节点或集群的细节。In the case that the off-chain private computing nodes belong to the off-chain private computing cluster, unified identity information can be generated for these off-chain private computing nodes, such as cluster identity information. The cluster identity information may include a cluster encryption key pair and a cluster signature key pair. Each of the above-mentioned privacy computing nodes under the chain needs to maintain the cluster encryption private key and the cluster signature private key in their respective chain TEEs. Then, as long as the client or blockchain node encrypts the call request with the cluster encryption public key, it can ensure that each of the above-mentioned off-chain private computing nodes can decrypt with the cluster-encrypted private key in their respective off-chain TEE, thereby calling ask. Based on the cluster identity, the client does not need to pay attention to whether the other party is a single off-chain private computing node or off-chain private computing cluster. It only needs to use it as an object and interact with the object, without paying attention to the nodes or clusters behind it. detail.
除了链下隐私计算节点可以存在统一的集群身份之外,可以为链下隐私计算节点上部署的链下合约生成合约身份。当集群内存在多个链下隐私计算节点时,每个链下隐私计算节点可以为自身已部署的链下合约建立合约身份,且不同链下隐私计算节点针对同一链下合约生成的合约身份相同。例如,链下隐私计算节点可以根据统一的集群身份和链下合约的合约ID,为链下合约生成相应的合约身份,由于集群身份相同、而不同链下合约的合约ID必然不同,因而可以确保:同一链下隐私计算节点上部署的不同链下合约存在不同的合约身份,而不同链下隐私计算节点上部署的同一链下合约存在相同的合约身份。In addition to the existence of a unified cluster identity for off-chain private computing nodes, contract identities can be generated for off-chain contracts deployed on off-chain private computing nodes. When there are multiple off-chain privacy computing nodes in the cluster, each off-chain privacy computing node can establish a contract identity for its deployed off-chain contract, and the contract identities generated by different off-chain privacy computing nodes for the same off-chain contract are the same . For example, off-chain privacy computing nodes can generate corresponding contract identities for off-chain contracts based on the unified cluster identity and the contract ID of the off-chain contract. Since the cluster identities are the same but the contract IDs of different off-chain contracts are necessarily different, it can be ensured : Different off-chain contracts deployed on the same chain of private computing nodes have different contract identities, and the same off-chain contracts deployed on different off-chain privacy computing nodes have the same contract identities.
合约身份可由合约身份密钥对所定义。例如,合约身份可以包括合约加密密钥对和合约签名密钥对。那么,客户端31或节点33n除了采用集群身份公钥对调用请求进行加密之外,还可以采用合约加密公钥对调用请求内所含的入参数据的信息进行加密。链下隐私计算节点32n在收到针对某一链下合约的调用请求后,采用该链下合约对应的合约加密私钥对调用请求内加密后的入参数据的信息进行解密,从而确保入参数据的信息只能由被调用的链下合约所获得,而不会被其他链下合约获得。以及,在得到调用结果后,链下隐私计算节点32n可以通过被调用的链下合约的合约签名私钥对调用结果进行签名,而客户端31或节点33n可以通过合约签名公钥进行验签,从而确定该调用结果确实是由被调用的链下合约所产生。The contract identity can be defined by the contract identity key pair. For example, the contract identity can include a contract encryption key pair and a contract signature key pair. Then, in addition to using the cluster identity public key to encrypt the call request, the client 31 or the node 33n may also use the contract encryption public key to encrypt the information of the input data contained in the call request. After the off-chain privacy computing node 32n receives a call request for a certain off-chain contract, it uses the contract encryption private key corresponding to the off-chain contract to decrypt the encrypted input data information in the call request, so as to ensure the entry of parameters. Data information can only be obtained by the called off-chain contract, but not by other off-chain contracts. And, after getting the call result, the off-chain privacy computing node 32n can sign the call result through the contract signature private key of the called off-chain contract, and the client 31 or node 33n can verify the signature through the contract signature public key. Therefore, it is determined that the call result is indeed generated by the called off-chain contract.
步骤104,所述链下隐私计算节点根据所述标识信息调用预先部署的所述链下合约的字节码,并通过部署于所述链下可信执行环境中的虚拟机执行所述字节码以对所述入参数据进行链下隐私计算。Step 104: The off-chain privacy computing node invokes the bytecode of the pre-deployed off-chain contract according to the identification information, and executes the byte code through a virtual machine deployed in the off-chain trusted execution environment Code to perform off-chain privacy calculations on the incoming parameter data.
链下隐私计算节点可以在链下TEE中对调用请求进行解密得到标识信息和入参数据的信息等其他信息,链下隐私计算节点可以根据标识信息调用预先部署的链下合约的字节码,而在链下可信执行环境中部署有若干执行引擎的情况下,链下隐私计算节点可以根据字节码确定对应的执行引擎,并且通过确定出的执行引擎执行所述字节码以对入参数据进行链下隐私计算。The off-chain private computing node can decrypt the call request in the off-chain TEE to obtain other information such as identification information and input data information. The off-chain private computing node can call the bytecode of the pre-deployed off-chain contract based on the identification information. When several execution engines are deployed in an off-chain trusted execution environment, the off-chain private computing node can determine the corresponding execution engine according to the bytecode, and execute the bytecode through the determined execution engine to input Participate data for off-chain privacy calculations.
在链下隐私计算节点处创建的链下TEE中,可以部署有若干执行引擎,比如EVM、WASM虚拟机等中的一个或多个,在同时部署了多种执行引擎的情况下,客户端除了在链下隐私计算节点处安全存储链下合约的字节码之外,还可以向链下隐私计算节点指明用于执行该字节码的执行引擎。链下隐私计算节点可以接收客户端发送的与链下合约的字节码相关联的执行引擎指定信息,并根据执行引擎指定信息为字节码设定相应的执行引擎。因而链下隐私计算节点可以在链下TEE中根据确定出的执行引擎对入参数据进行链下隐私计算。In the off-chain TEE created at the off-chain privacy computing node, several execution engines can be deployed, such as one or more of EVM, WASM virtual machine, etc. In the case of multiple execution engines deployed at the same time, the client besides In addition to the secure storage of the bytecode of the off-chain contract at the off-chain private computing node, the off-chain private computing node can also indicate the execution engine used to execute the bytecode. The off-chain privacy computing node can receive the execution engine designation information associated with the bytecode of the off-chain contract sent by the client, and set the corresponding execution engine for the bytecode according to the execution engine designation information. Therefore, off-chain privacy computing nodes can perform off-chain privacy calculations on the input parameter data in the off-chain TEE according to the determined execution engine.
以及本说明书中通过调用链下合约,可以实现用户定义的任何计算逻辑。例如, 链下合约可以用于验证区块链上存储的加密订单数据的金额是否正确,并将验证结果反馈至链上;再例如,链下合约可以用于根据预设算法对多方数据进行安全计算,即安全多方计算,并将计算结果反馈至链上等,此处不再一一赘述。And by calling the off-chain contract in this manual, any calculation logic defined by the user can be realized. For example, the off-chain contract can be used to verify whether the amount of encrypted order data stored on the blockchain is correct, and the verification result is fed back to the chain; for another example, the off-chain contract can be used to secure multi-party data according to a preset algorithm Calculations are safe multi-party calculations, and the calculation results are fed back to the chain, etc., so I won’t repeat them here.
步骤106,所述链下隐私计算节点在链下可信执行环境中对得到的链下隐私计算结果进行加密并反馈。Step 106: The off-chain privacy computing node encrypts and feeds back the obtained off-chain privacy calculation results in an off-chain trusted execution environment.
链下隐私计算节点在链下TEE中执行计算得到的链下隐私计算结果可以包括以下至少之一:响应码、响应信息、合约调用的返回值、合约调用的过程输出,链下隐私计算节点可以根据调用请求返回相应的链下隐私计算结果,本说明书中并不对此进行限制。The off-chain privacy calculation result obtained by the off-chain privacy computing node performing calculations in the off-chain TEE can include at least one of the following: response code, response information, return value of contract invocation, process output of contract invocation, and off-chain privacy computing node can According to the call request, the corresponding off-chain privacy calculation result is returned, which is not restricted in this specification.
在得到链下隐私计算结果后,链下隐私计算节点可以通过链下隐私计算节点的节点签名私钥对计算结果进行签名或者可以采用被调用的链下合约的合约签名私钥对计算结果进行签名,也可以同时采用节点签名私钥和合约签名私钥对链下隐私计算结果进行签名,本说明书中并不对此进行限制。客户端或者区块链节点可以通过节点签名公钥或者合约签名公钥进行验签,从而确定该链下隐私计算结果确实是由链下隐私计算节点调用相应的链下合约所产生,并且该计算结果没有被篡改。After obtaining the off-chain privacy calculation result, the off-chain privacy computing node can sign the calculation result with the node signature private key of the off-chain privacy computing node or can use the contract signature private key of the called off-chain contract to sign the calculation result , It is also possible to use both the node signature private key and the contract signature private key to sign the off-chain privacy calculation result, which is not restricted in this manual. The client or blockchain node can verify the signature through the node signature public key or the contract signature public key to determine that the off-chain privacy calculation result is indeed generated by the off-chain privacy computing node calling the corresponding off-chain contract, and the calculation The result has not been tampered with.
在调用请求中还包括指定对象的身份公钥的信息的情况下,链下隐私计算节点可以采用身份公钥对链下隐私计算结果进行加密,使得只有维护有身份私钥的指定对象才能对该链下隐私计算结果进行解密,可以限制能够查看链下隐私计算结果的用户,而其他用户直接查看链下隐私计算结果时仅能够获得加密后的链下隐私计算结果,从而保证了链下隐私计算结果的隐私保护。When the call request also includes the identity public key information of the specified object, the off-chain privacy computing node can use the identity public key to encrypt the off-chain privacy calculation result, so that only the specified object that maintains the identity private key can do so. The decryption of the off-chain privacy calculation results can restrict users who can view the off-chain privacy calculation results, while other users can only obtain the encrypted off-chain privacy calculation results when they directly view the off-chain privacy calculation results, thus ensuring the off-chain privacy calculations The result of privacy protection.
链下隐私计算节点除了对链下隐私计算结果进行反馈之外,链下隐私计算节点还可以对接收到的调用请求进行哈希运算得到第一哈希值,链下隐私计算节点将第一哈希值与上述链下隐私计算结果进行关联反馈。客户端或者区块链节点将接收到的第一哈希值与生成的调用请求的第二哈希值进行比较,根据比较结果确定链下隐私计算结果是否可靠。In addition to the off-chain privacy computing node feedback on the off-chain privacy calculation results, the off-chain privacy computing node can also perform a hash operation on the received call request to obtain the first hash value, and the off-chain privacy computing node will be the first hash value. Hope value and the above-mentioned off-chain privacy calculation results are associated with feedback. The client or the blockchain node compares the received first hash value with the second hash value of the generated call request, and determines whether the off-chain privacy calculation result is reliable according to the comparison result.
若第一哈希值与第二哈希值的比较结果不一致,则表明与该第一哈希值关联反馈的链下隐私计算结果不可靠;若第一哈希值与第二哈希值的比较结果一致,则需要进一步验证链下隐私计算节点或者被调用合约的签名等其他参考信息,在参考信息均正确的情况下,才能确定该链下隐私计算结果可靠。If the comparison result between the first hash value and the second hash value is inconsistent, it indicates that the off-chain privacy calculation result associated with the first hash value is unreliable; if the first hash value is compared with the second hash value If the comparison results are consistent, it is necessary to further verify other reference information such as the signature of the off-chain privacy computing node or the called contract. Only when the reference information is correct can the off-chain privacy calculation result be determined to be reliable.
在一种情况下,链下隐私计算节点可以通过链下渠道将链下隐私计算结果反馈至客户端或者是数据需求方,即链下隐私计算节点反馈链下隐私计算结果的过程与区块链网络无关,使得链下隐私计算节点直接向客户端或者数据需求方反馈链下隐私计算结果,具有更高的效率。在链下隐私计算节点属于链下隐私计算集群的情况下,链下隐私计算节点可以将链下隐私计算结果发送至控制节点,并由控制节点通过链下渠道将链下隐私计算结果反馈至客户端。此外,客户端在接受到链下隐私计算节点反馈的链下隐私计算结果后,客户端还可以向区块链节点发起存证交易,该存证交易中包含链下隐私计算结果,使得区块链节点将客户端提交的存证交易与其他节点进行共识后上链。In one case, the off-chain privacy computing node can feed back the off-chain privacy calculation result to the client or the data demander through the off-chain channel, that is, the process of the off-chain privacy computing node feeding back the off-chain privacy calculation result and the blockchain The network is independent, so that the off-chain privacy computing node directly feeds back the off-chain privacy calculation result to the client or the data demander, which has higher efficiency. In the case that the off-chain privacy computing node belongs to the off-chain privacy computing cluster, the off-chain privacy computing node can send the off-chain privacy calculation result to the control node, and the control node will feedback the off-chain privacy calculation result to the customer through the off-chain channel end. In addition, after the client receives the off-chain privacy calculation result fed back by the off-chain privacy computing node, the client can also initiate a deposit certificate transaction to the blockchain node. The deposit certificate transaction contains the off-chain privacy calculation result, so that the block The chain node will carry out the consensus on the deposit certificate transaction submitted by the client with other nodes and then upload it to the chain.
在另一种情况下,链下隐私计算节点可以通过预言机机制将链下隐私计算结果传输至区块链节点,或者,链下隐私计算节点可以先将链下隐私计算结果发送至控制节点,并由控制节点通过预言机机制将链下隐私计算结果传输至区块链节点。In another case, the off-chain privacy computing node can transmit the off-chain privacy calculation result to the blockchain node through the oracle mechanism, or the off-chain privacy computing node can first send the off-chain privacy calculation result to the control node. And the control node transmits the off-chain privacy calculation result to the blockchain node through the oracle mechanism.
区块链节点可以根据计算结果对区块链账本数据进行更新,可以对计算结果进行固化存证,而且可以支持针对该计算结果的后期验证。同时,相比于区块链节点在执行链上合约后所产生的上链数据而言,基于链下合约产生的计算结果本身相对更加简短,因而将该计算结果上链时,有助于节省链上存储空间。The blockchain node can update the blockchain ledger data according to the calculation result, can solidify the calculation result, and can support the later verification of the calculation result. At the same time, compared to the on-chain data generated by the blockchain node after the on-chain contract is executed, the calculation result generated based on the off-chain contract is relatively shorter. Therefore, when the calculation result is uploaded to the chain, it is helpful to save Storage space on the chain.
区块链节点根据计算结果更新区块链账本数据,或者称为对计算结果进行上链,其方式可以包括:生成一笔区块链交易,将计算结果添加至交易的data字段,当该区块链交易通过共识后,可被各个区块链节点添加至最新区块的区块体中,从而实现了区块 链账本数据的更新,亦即完成了对该计算结果的上链;或者,区块链节点根据计算结果对相关账户的状态进行更新,该相关账户譬如可以为用户对应的外部账户或者链上合约对应的合约账户,该相关账户的状态更新会导致状态树(state tree)的树根发生取值变化,而该状态树的树根会被包含于最新区块的区块头,从而实现了区块链账本数据的更新,亦即相当于将该计算结果上链。The blockchain node updates the blockchain ledger data according to the calculation result, or it is called uploading the calculation result to the chain. The method can include: generating a blockchain transaction and adding the calculation result to the data field of the transaction. After the block chain transaction has passed the consensus, it can be added by each block chain node to the block body of the latest block, thereby realizing the update of the block chain ledger data, that is, completing the chaining of the calculation result; or, The blockchain node updates the state of the related account according to the calculation result. The related account can be, for example, the external account corresponding to the user or the contract account corresponding to the contract on the chain. The update of the state of the related account will cause the state tree to change. The value of the root of the tree changes, and the root of the state tree will be included in the block header of the latest block, thereby realizing the update of the blockchain ledger data, which is equivalent to uploading the calculation result to the chain.
由以上技术方案可见,本说明书提出了在链下隐私计算节点处预先部署了链下合约的字节码的情况下,可以通过链下隐私计算节点调用链下合约的字节码在链下TEE中执行计算操作,并且链下隐私计算节点可以通过链下隐私计算节点的节点签名私钥对计算结果进行签名或者可以采用被调用的链下合约的合约签名私钥对计算结果进行签名,从而可以确定链下隐私计算结果确实是由链下隐私计算节点调用相应的链下合约所产生,并且可验证计算结果没有被篡改,可以保证链下隐私计算结果的安全性和可靠性;同时,区块链节点无需执行计算操作,只需要从链下隐私计算节点处获得计算结果并且基于该计算结果更新区块链账本数据,可以降低区块链网络的资源消耗。As can be seen from the above technical solutions, this manual proposes that when the off-chain private computing node has pre-deployed the bytecode of the off-chain contract, the off-chain private computing node can call the bytecode of the off-chain contract in the off-chain TEE. The calculation operation is performed in the off-chain private computing node, and the off-chain private computing node can sign the calculation result through the node signature private key of the off-chain private computing node or the contract signature private key of the called off-chain contract can be used to sign the calculation result. Confirm that the off-chain privacy calculation result is indeed generated by the off-chain privacy computing node calling the corresponding off-chain contract, and it can be verified that the calculation result has not been tampered with, and the security and reliability of the off-chain privacy calculation result can be guaranteed; at the same time, the block The chain node does not need to perform calculation operations. It only needs to obtain the calculation result from the off-chain private calculation node and update the blockchain ledger data based on the calculation result, which can reduce the resource consumption of the blockchain network.
对应于上述链下隐私节点侧的实施例,本说明书还提出了客户端侧、区块链节点侧、控制节点侧等其他方面的实施例,在链下隐私计算节点侧实施例中所涉及的描述同样可以适用于这些侧的实施例,下文中不再对此进行赘述。Corresponding to the above-mentioned embodiment on the off-chain privacy node side, this specification also proposes other embodiments on the client side, blockchain node side, control node side, etc. The embodiments involved in the off-chain privacy computing node side The description can also be applied to the embodiments on these sides, which will not be repeated hereafter.
相应地,图4是一示例性实施例提供的一种客户端侧的调用合约的方法的流程图。如图4所示,该方法可以包括步骤402~步骤404。Correspondingly, FIG. 4 is a flowchart of a method for invoking a contract on the client side provided by an exemplary embodiment. As shown in FIG. 4, the method may include steps 402 to 404.
步骤402,客户端生成调用请求,所述调用请求包含链下合约的标识信息和入参数据的信息。In step 402, the client generates a call request, the call request includes the identification information of the off-chain contract and the information of the input parameter data.
如前所述,客户端向区块链节点提交交易,交易触发区块链节点通过预言机机制将经过加密的调用请求传输至链下隐私计算节点;其中,链下隐私计算节点产生的链下隐私计算结果被反馈至区块链节点,链下隐私计算结果用于驱动区块链节点更新区块链账本数据。As mentioned earlier, the client submits a transaction to the blockchain node, and the transaction triggers the blockchain node to transmit the encrypted call request to the off-chain private computing node through the oracle mechanism; among them, the off-chain generated by the off-chain private computing node The privacy calculation result is fed back to the blockchain node, and the off-chain privacy calculation result is used to drive the blockchain node to update the blockchain ledger data.
步骤404,客户端向链下隐私计算节点发送经过加密的调用请求,所述标识信息和所述入参数据的信息被所述链下隐私计算节点在链下可信执行环境中解密得到后,所述标识信息用于指示所述链下隐私计算节点获取链下合约的字节码,并通过部署于所述链下可信执行环境中的虚拟机执行所述字节码以对所述入参数据进行链下隐私计算。Step 404: The client sends an encrypted call request to the off-chain private computing node, and after the identification information and the information of the input data are decrypted by the off-chain private computing node in the off-chain trusted execution environment, The identification information is used to instruct the off-chain privacy computing node to obtain the bytecode of the off-chain contract, and execute the bytecode through the virtual machine deployed in the off-chain trusted execution environment to access the input Participate data for off-chain privacy calculations.
如前所述,客户端可以向链下隐私计算节点直接发起链下调用请求。客户端可以向区块链节点发起存证交易,存证交易包含链下隐私计算结果。As mentioned earlier, the client can directly initiate an off-chain invocation request to the off-chain privacy computing node. The client can initiate a certificate deposit transaction to a blockchain node, and the certificate deposit transaction includes the results of off-chain privacy calculations.
如前所述,客户端直接向链下隐私计算节点发送经过加密的调用请求;或者,在链下隐私计算节点属于链下隐私计算集群的情况下,客户端向链下隐私计算集群的控制节点发送经过加密的调用请求,以由控制节点转发调用请求。As mentioned earlier, the client directly sends an encrypted call request to the off-chain private computing node; or, in the case that the off-chain private computing node belongs to the off-chain private computing cluster, the client sends the off-chain private computing cluster to the control node Send the encrypted call request so that the control node forwards the call request.
如前所述,调用请求由节点非对称密钥对的公钥进行加密后传输,且节点非对称密钥对的私钥被链下隐私计算节点所维护。As mentioned above, the call request is encrypted by the public key of the node's asymmetric key pair and then transmitted, and the private key of the node's asymmetric key pair is maintained by the private computing node under the chain.
如前所述,在链下隐私计算节点属于链下隐私计算集群的情况下,节点非对称密钥对的私钥仅被链下隐私计算节点所维护,或者节点非对称密钥对的私钥被链下隐私计算集群内的所有链下隐私计算节点共同维护。As mentioned earlier, when the off-chain private computing node belongs to the off-chain private computing cluster, the private key of the node's asymmetric key pair is only maintained by the off-chain private computing node, or the private key of the node's asymmetric key pair It is jointly maintained by all off-chain private computing nodes in the off-chain private computing cluster.
如前所述,客户端获取链下隐私计算节点的远程证明报告,远程证明报告由认证服务器对链下隐私计算节点产生的自荐信息进行验证后生成,自荐信息与链下隐私计算节点上创建的链下可信执行环境相关;客户端根据远程证明报告确定链下隐私计算节点可信的情况下,向链下隐私计算节点发送经过加密的调用请求。As mentioned earlier, the client obtains the remote attestation report of the off-chain private computing node. The remote attestation report is generated by the authentication server after verifying the self-recommended information generated by the off-chain private computing node. The self-recommended information is created on the off-chain private computing node The off-chain trusted execution environment is related; if the client determines that the off-chain private computing node is trustworthy according to the remote attestation report, it sends an encrypted call request to the off-chain private computing node.
如前所述,入参数据的信息可以由合约非对称密钥对的公钥进行加密,合约非对称密钥由链下隐私计算节点在链下可信执行环境内预先生成且对应于链下合约的身份。客户端可以采用所述合约非对称密钥对的公钥对入参数据的信息进行加密后传输。As mentioned earlier, the information of the input parameter data can be encrypted by the public key of the contract asymmetric key pair. The contract asymmetric key is pre-generated by the off-chain private computing node in the off-chain trusted execution environment and corresponds to the off-chain The identity of the contract. The client can use the public key of the contract asymmetric key pair to encrypt the information of the input parameter data before transmission.
如前所述,不同链下隐私计算节点针对链下合约生成的合约非对称密钥对不同; 或者,不同链下隐私计算节点针对链下合约生成的合约非对称密钥对相同。As mentioned above, different off-chain privacy computing nodes generate different contract asymmetric key pairs for off-chain contracts; or, different off-chain privacy computing nodes generate the same contract asymmetric key pairs for off-chain contracts.
如前所述,客户端向调用请求中添加指定对象的身份公钥的信息;客户端接收链下隐私计算节点采用身份公钥对执行结果进行加密后返回的结果密文。As mentioned above, the client adds the information of the identity public key of the specified object to the call request; the client receives the result ciphertext returned by the off-chain privacy computing node using the identity public key to encrypt the execution result.
如前所述,客户端向调用请求中添加函数信息,函数信息用于指示所述链下隐私计算节点用于调用链下合约中对应于函数信息的的字节码。As mentioned above, the client adds function information to the call request, and the function information is used to instruct the off-chain privacy computing node to call the bytecode corresponding to the function information in the off-chain contract.
如前所述,链下隐私计算结果包括以下至少之一:响应码、响应信息、合约调用的返回值、合约调用的过程输出。As mentioned earlier, the off-chain privacy calculation result includes at least one of the following: response code, response information, return value of contract invocation, and process output of contract invocation.
如前所述,客户端接收到链下隐私计算节点对调用请求进行哈希运算得到的第一哈希值与链下隐私计算结果;客户端生成调用请求的第二哈希值,并将第一哈希值与第二哈希值进行比较;客户端根据比较结果确定所述链下隐私计算结果是否可靠。As mentioned earlier, the client receives the first hash value obtained by the off-chain privacy computing node hashing the invocation request and the off-chain privacy calculation result; the client generates the second hash value of the invocation request, and adds the first hash value of the invocation request. A hash value is compared with a second hash value; the client determines whether the off-chain privacy calculation result is reliable according to the comparison result.
如前所述,在所述链下合约为无状态合约的情况下,所述链下合约的入参数据包括所述链下合约中定义的合约状态的历史状态取值。As mentioned above, when the off-chain contract is a stateless contract, the input data of the off-chain contract includes the historical state value of the contract state defined in the off-chain contract.
相应地,图5是一示例性实施例提供的一种区块链节点侧的调用合约的方法的流程图。如图5所示,该方法可以包括步骤502~步骤506。Correspondingly, FIG. 5 is a flowchart of a method for invoking a contract on the side of a blockchain node provided by an exemplary embodiment. As shown in FIG. 5, the method may include step 502 to step 506.
步骤502,区块链节点获取经过加密的调用请求,所述调用请求包含链下合约的标识信息和入参数据的信息。Step 502: The blockchain node obtains an encrypted call request, the call request including the identification information of the off-chain contract and the information of the input data.
如前所述,区块链节点从客户端提交的交易中提取得到调用请求;或者,区块链节点根据客户端提交的交易在自身创建的链上可信执行环境内执行链上合约而生成调用请求。As mentioned earlier, the blockchain node extracts the call request from the transaction submitted by the client; or the blockchain node executes the on-chain contract in the trusted execution environment created by the client based on the transaction submitted by the client. Call request.
如前所述,区块链节点将计算结果直接反馈至客户端;或者,区块链节点根据接收到的计算结果更新区块链账本数据。As mentioned earlier, the blockchain node directly feeds back the calculation result to the client; or, the blockchain node updates the blockchain ledger data according to the received calculation result.
步骤504,所述区块链节点通过预言机机制将经过加密的调用请求传输至链下隐私计算节点,所述标识信息和所述入参数据的信息被所述链下隐私计算节点在链下可信执行环境中解密得到后,所述标识信息用于指示所述链下隐私计算节点获取链下合约的字节码,并通过部署于所述链下可信执行环境中的虚拟机执行所述字节码以对所述入参数据进行链下隐私计算。In step 504, the blockchain node transmits the encrypted call request to the off-chain private computing node through the oracle mechanism, and the identification information and the information of the input data are transferred to the off-chain private computing node by the off-chain private computing node. After being decrypted in the trusted execution environment, the identification information is used to instruct the off-chain private computing node to obtain the bytecode of the off-chain contract, and execute the all-in-one through the virtual machine deployed in the off-chain trusted execution environment. The bytecode is used to perform off-chain privacy calculations on the incoming parameter data.
如前所述,区块链节点直接通过预言机机制将经过加密的调用请求传输至链下隐私计算节点;或者,在链下隐私计算节点属于链下隐私计算集群的情况下,区块链节点通过预言机机制将经过加密的调用请求传输至链下隐私计算集群的控制节点,以由控制节点转发调用请求。As mentioned earlier, the blockchain node directly transmits the encrypted call request to the off-chain private computing node through the oracle mechanism; or, in the case that the off-chain private computing node belongs to the off-chain private computing cluster, the blockchain node The encrypted call request is transmitted to the control node of the privacy computing cluster under the chain through the oracle mechanism, so that the control node forwards the call request.
如前所述,调用请求由节点非对称密钥对的公钥进行加密后传输,且非对称密钥对的私钥被链下隐私计算节点所维护。As mentioned above, the call request is encrypted by the public key of the node's asymmetric key pair and then transmitted, and the private key of the asymmetric key pair is maintained by the private computing node under the chain.
如前所述,在链下隐私计算节点属于链下隐私计算集群的情况下,所述节点非对称密钥对的私钥仅被链下隐私计算节点所维护,或者节点非对称密钥对的私钥被链下隐私计算集群内的所有链下隐私计算节点共同维护。As mentioned earlier, when the off-chain private computing node belongs to the off-chain private computing cluster, the private key of the node's asymmetric key pair is only maintained by the off-chain private computing node, or the node's asymmetric key pair The private key is jointly maintained by all off-chain private computing nodes in the off-chain private computing cluster.
如前所述,入参数据的信息由合约非对称密钥对的公钥进行加密,合约非对称密钥由链下隐私计算节点在链下可信执行环境内预先生成且对应于链下合约的身份。As mentioned earlier, the information of the input data is encrypted by the public key of the contract asymmetric key pair. The contract asymmetric key is pre-generated by the off-chain private computing node in the off-chain trusted execution environment and corresponds to the off-chain contract. identity of.
步骤506,所述区块链节点接收所述链下隐私计算节点通过预言机机制反馈的链下隐私计算结果。Step 506: The blockchain node receives the off-chain privacy calculation result fed back by the off-chain privacy computing node through the oracle mechanism.
如前所述,在调用请求中还包括所述指定对象的身份公钥的信息的情况下,区块链节点接收到链下隐私计算节点采用身份公钥对执行结果进行加密后返回的计算结果密文。As mentioned above, when the call request also includes the information of the identity public key of the specified object, the blockchain node receives the calculation result returned after the off-chain privacy computing node encrypts the execution result with the identity public key Ciphertext.
如前所述,区块链节点接收到链下隐私计算节点对调用请求进行哈希运算得到的第一哈希值与链下隐私计算结果;区块链节点将第一哈希值与链下隐私计算结果反馈至请求方,第一哈希值用于与请求方生成的调用请求的第二哈希值进行比较,比较结果用于确定链下隐私计算结果是否可靠。As mentioned earlier, the blockchain node receives the first hash value obtained by the off-chain privacy computing node hashing the call request and the off-chain privacy calculation result; the blockchain node compares the first hash value with the off-chain privacy calculation result. The privacy calculation result is fed back to the requester, the first hash value is used to compare with the second hash value of the call request generated by the requester, and the comparison result is used to determine whether the off-chain privacy calculation result is reliable.
如前所述,在所述链下合约为无状态合约的情况下,所述链下合约的入参数据包括所述链下合约中定义的合约状态的历史状态取值。As mentioned above, when the off-chain contract is a stateless contract, the input data of the off-chain contract includes the historical state value of the contract state defined in the off-chain contract.
相应地,图6是一示例性实施例提供的一种控制节点侧的调用合约的方法的流程图。如图6所示,该方法可以包括步骤602~步骤606。Correspondingly, FIG. 6 is a flowchart of a method for invoking a contract on the control node side provided by an exemplary embodiment. As shown in FIG. 6, the method may include step 602 to step 606.
步骤602,控制节点接收到经过加密的调用请求,所述调用请求包含链下合约的标识信息和入参数据的信息。Step 602: The control node receives an encrypted call request, where the call request includes the identification information of the off-chain contract and the information of the input parameter data.
如前所述,控制节点接收到区块链节点通过预言机机制传输的调用请求;或者,控制节点接收客户端直接发送的链下调用请求。As mentioned above, the control node receives the call request transmitted by the blockchain node through the oracle mechanism; or, the control node receives the off-chain call request directly sent by the client.
如前所述,调用请求由节点非对称密钥对的公钥进行加密后传输,且非对称密钥对的私钥被链下隐私计算节点所维护。As mentioned above, the call request is encrypted by the public key of the node's asymmetric key pair and then transmitted, and the private key of the asymmetric key pair is maintained by the private computing node under the chain.
步骤604,所述控制节点将所述调用请求转发至从链下隐私计算集群中选取的所述链下隐私计算节点。Step 604: The control node forwards the call request to the off-chain privacy computing node selected from the off-chain privacy computing cluster.
如前所述,节点非对称密钥对的私钥可以仅被所述链下隐私计算节点所维护。在经过加密的调用请求的目标节点被设定为链下隐私计算节点的情况下,控制接节点将调用请求转发至链下隐私计算节点;在经过加密的调用请求的目标节点未设定的情况下,控制节点将调用请求转发至链下隐私计算集群中的所有链下隐私计算节点。As mentioned above, the private key of the node's asymmetric key pair can only be maintained by the off-chain private computing node. In the case that the target node of the encrypted call request is set as the off-chain private computing node, the control node forwards the call request to the off-chain private computing node; in the case where the target node of the encrypted call request is not set The control node forwards the call request to all off-chain private computing nodes in the off-chain private computing cluster.
如前所述,节点非对称密钥对的私钥可以被链下隐私计算集群内的所有链下隐私计算节点共同维护。控制节点根据负载均衡算法从链下隐私计算集群中选取链下隐私计算节点,并将调用请求转发至链下隐私计算节点。As mentioned earlier, the private key of the node asymmetric key pair can be jointly maintained by all off-chain privacy computing nodes in the off-chain privacy computing cluster. The control node selects the off-chain private computing node from the off-chain private computing cluster according to the load balancing algorithm, and forwards the call request to the off-chain private computing node.
步骤606,所述控制节点将从所述链下隐私计算节点接收到的链下隐私计算结果进行反馈。Step 606: The control node feeds back the off-chain privacy calculation result received from the off-chain privacy computing node.
如前所述,控制节点直接将链下隐私计算结果反馈至客户端;或者,控制节点通过预言机机制对链下隐私计算结果进行反馈。As mentioned earlier, the control node directly feeds back the off-chain privacy calculation result to the client; or, the control node feeds back the off-chain privacy calculation result through the oracle mechanism.
如前所述,控制节点接收到链下隐私计算节点对调用请求进行哈希运算得到的第一哈希值与链下隐私计算结果;控制节点将第一哈希值与链下隐私计算结果转发至请求方,第一哈希值用于与请求方生成的调用请求的第二哈希值进行比较,比较结果用于确定链下隐私计算结果是否可靠。As mentioned earlier, the control node receives the first hash value and the off-chain privacy calculation result obtained by the off-chain privacy computing node hashing the call request; the control node forwards the first hash value and the off-chain privacy calculation result To the requester, the first hash value is used to compare with the second hash value of the call request generated by the requester, and the comparison result is used to determine whether the off-chain privacy calculation result is reliable.
如前所述,在所述链下合约为无状态合约的情况下,所述链下合约的入参数据包括所述链下合约中定义的合约状态的历史状态取值。As mentioned above, when the off-chain contract is a stateless contract, the input data of the off-chain contract includes the historical state value of the contract state defined in the off-chain contract.
在本说明书的技术方案中,还可由客户端直接与链下隐私计算节点或者控制节点进行交互以完成在隐私计算节点上部署智能合约、向智能合约发起挑战、验证智能合约和调用智能合约等操作,而无需通过区块链的预言机机制来完成上述操作,同时调用部署于隐私计算节点的智能合约得到的计算结果也无需反馈至区块链。在该情况下,由于不涉及链上和链下的区分,下文将“链下隐私计算节点”称为“隐私计算节点”,将“链下可信执行环境”称为“可信执行环境”,将“链下合约”称为“智能合约”。但是,技术方案的原理与上述实施例类似,所涉及的实施细节同样可参考上述实施例,因此下文不再进行详细描述。In the technical solution of this manual, the client can also directly interact with the off-chain private computing node or control node to complete the deployment of smart contracts on the private computing node, challenge smart contracts, verify smart contracts, and call smart contracts. , Without needing to use the oracle mechanism of the blockchain to complete the above operations, and at the same time, the calculation results obtained by invoking the smart contract deployed on the privacy computing node do not need to be fed back to the blockchain. In this case, since the distinction between on-chain and off-chain is not involved, “off-chain private computing nodes” will be referred to as “private computing nodes”, and “off-chain trusted execution environment” will be referred to as “trusted execution environment”. , And call “off-chain contracts” as “smart contracts”. However, the principle of the technical solution is similar to the foregoing embodiment, and the involved implementation details can also refer to the foregoing embodiment, so the detailed description will not be given below.
相应地,图7是一示例性实施例提供的一种隐私计算节点侧的智能合约的调用方法的流程图。如图7所示,该方法可以包括步骤702~步骤706。Correspondingly, FIG. 7 is a flowchart of a method for invoking a smart contract on the privacy computing node side provided by an exemplary embodiment. As shown in FIG. 7, the method may include step 702 to step 706.
步骤702,隐私计算节点接收到经过加密的调用请求,并在可信执行环境中解密得到所述调用请求包含的智能合约的标识信息和入参数据的信息。Step 702: The privacy computing node receives the encrypted call request, and decrypts in the trusted execution environment to obtain the identification information of the smart contract and the information of the input parameter data included in the call request.
如前所述,所述隐私计算节点直接从客户端处接收到经过加密的调用请求;或者,在所述隐私计算节点属于隐私计算集群的情况下,所述隐私计算节点接收所述隐私计算集群的控制节点转发的经过加密的调用请求。As mentioned above, the private computing node directly receives the encrypted call request from the client; or, in the case that the private computing node belongs to a private computing cluster, the private computing node receives the private computing cluster The encrypted call request forwarded by the control node of.
如前所述,所述调用请求由节点非对称密钥对的公钥进行加密后传输,且所述节点非对称密钥对的私钥被所述隐私计算节点所维护。As mentioned above, the call request is transmitted after being encrypted by the public key of the node asymmetric key pair, and the private key of the node asymmetric key pair is maintained by the privacy computing node.
如前所述,所述隐私计算节点属于隐私计算集群,且所述节点非对称密钥对的私钥仅被所述隐私计算节点所维护;在所述经过加密的调用请求的目标节点被设定为所述隐私计算节点的情况下,所述经过加密的调用请求被所述控制节点接收并转发至所述隐私计算节点;在所述经过加密的调用请求的目标节点未设定的情况下,所述经过加密的调用请求被所述控制节点接收并转发至所述隐私计算集群中的所有隐私计算节点。As mentioned above, the private computing node belongs to a private computing cluster, and the private key of the node asymmetric key pair is only maintained by the private computing node; the target node of the encrypted call request is set In the case of the private computing node, the encrypted call request is received by the control node and forwarded to the private computing node; in the case where the target node of the encrypted call request is not set , The encrypted call request is received by the control node and forwarded to all private computing nodes in the private computing cluster.
如前所述,所述隐私计算节点属于隐私计算集群,且所述节点非对称密钥对的私钥被所述隐私计算集群内的所有隐私计算节点共同维护;所述隐私计算节点被所述控制节点根据负载均衡算法从所述隐私计算集群中选取,且所述经过加密的调用请求被所述控制节点接收并转发至所述隐私计算节点。As mentioned above, the private computing node belongs to a private computing cluster, and the private key of the node asymmetric key pair is jointly maintained by all private computing nodes in the private computing cluster; the private computing node is The control node is selected from the privacy computing cluster according to the load balancing algorithm, and the encrypted call request is received by the control node and forwarded to the privacy computing node.
步骤704,所述隐私计算节点根据所述标识信息调用预先部署的所述智能合约的字节码,并通过部署于所述可信执行环境中的虚拟机执行所述字节码以对所述入参数据进行隐私计算。Step 704: The privacy computing node calls the pre-deployed bytecode of the smart contract according to the identification information, and executes the bytecode through the virtual machine deployed in the trusted execution environment to Enter parameter data for privacy calculation.
如前所述,在所述智能合约为无状态合约的情况下,所述智能合约的入参数据包括所述智能合约中定义的合约状态的历史状态取值。As mentioned above, when the smart contract is a stateless contract, the input data of the smart contract includes the historical state value of the contract state defined in the smart contract.
步骤706,所述隐私计算节点在可信执行环境中对得到的隐私计算结果进行加密并反馈。Step 706: The private computing node encrypts and feeds back the obtained private computing result in a trusted execution environment.
如前所述,所述隐私计算节点对所述调用请求进行哈希运算得到第一哈希值;所述隐私计算节点将所述第一哈希值与隐私计算结果关联反馈,所述第一哈希值用于与客户端生成的所述调用请求的第二哈希值进行比较,所述比较结果用于确定所述隐私计算结果是否可靠。As mentioned above, the privacy computing node performs a hash operation on the invocation request to obtain the first hash value; the privacy computing node associates the first hash value with the privacy calculation result and feeds back, the first The hash value is used to compare with the second hash value of the call request generated by the client, and the comparison result is used to determine whether the privacy calculation result is reliable.
相应地,图8是一示例性实施例提供的一种客户端侧的智能合约的调用方法的流程图。如图8所示,该方法可以包括步骤802~步骤804。Correspondingly, FIG. 8 is a flowchart of a method for invoking a smart contract on the client side according to an exemplary embodiment. As shown in FIG. 8, the method may include step 802 to step 804.
步骤802,客户端生成调用请求,所述调用请求包含智能合约的标识信息和入参数据的信息。 Step 802, the client terminal generates a call request, the call request includes the identification information of the smart contract and the information of the input parameter data.
如前所述,所述客户端直接向隐私计算节点发送经过加密的调用请求;或者,在所述隐私计算节点属于隐私计算集群的情况下,所述客户端向所述隐私计算集群的控制节点发送经过加密的调用请求,以由所述控制节点转发所述调用请求。As mentioned above, the client directly sends an encrypted call request to the private computing node; or, in the case that the private computing node belongs to the private computing cluster, the client sends the control node of the private computing cluster Send the encrypted call request, so that the control node forwards the call request.
如前所述,所述调用请求由节点非对称密钥对的公钥进行加密后传输,且所述节点非对称密钥对的私钥被所述隐私计算节点所维护。As mentioned above, the call request is transmitted after being encrypted by the public key of the node asymmetric key pair, and the private key of the node asymmetric key pair is maintained by the privacy computing node.
如前所述,在所述隐私计算节点属于隐私计算集群的情况下,所述节点非对称密钥对的私钥仅被所述隐私计算节点所维护,或者所述节点非对称密钥对的私钥被所述隐私计算集群内的所有隐私计算节点共同维护。As mentioned above, in the case that the private computing node belongs to a private computing cluster, the private key of the node asymmetric key pair is only maintained by the private computing node, or the private key of the node asymmetric key pair The private key is jointly maintained by all private computing nodes in the private computing cluster.
步骤804,所述客户端向隐私计算节点发送经过加密的调用请求,所述标识信息和所述入参数据的信息被所述隐私计算节点在可信执行环境中解密得到后,所述标识信息用于指示所述隐私计算节点获取智能合约的字节码,并通过部署于所述可信执行环境中的虚拟机执行所述字节码以对所述入参数据进行隐私计算。In step 804, the client sends an encrypted call request to the private computing node. After the identification information and the information of the input data are decrypted by the private computing node in a trusted execution environment, the identification information It is used to instruct the privacy computing node to obtain the bytecode of the smart contract, and execute the bytecode through the virtual machine deployed in the trusted execution environment to perform privacy calculation on the input parameter data.
如前所述,所述客户端接收到所述隐私计算节点对所述调用请求进行哈希运算得到的第一哈希值与所述隐私计算结果;所述客户端生成所述调用请求的第二哈希值,并将所述第一哈希值与所述第二哈希值进行比较;所述客户端根据比较结果确定所述隐私计算结果是否可靠。As mentioned above, the client receives the first hash value obtained by the privacy computing node hashing the invocation request and the privacy calculation result; the client generates the first hash value of the invocation request Two hash values, and compare the first hash value with the second hash value; the client determines whether the privacy calculation result is reliable according to the comparison result.
如前所述,在所述智能合约为无状态合约的情况下,所述智能合约的入参数据包括所述智能合约中定义的合约状态的历史状态取值。As mentioned above, when the smart contract is a stateless contract, the input data of the smart contract includes the historical state value of the contract state defined in the smart contract.
相应地,图9是一示例性实施例提供的一种控制节点侧的智能合约的调用方法的流程图。如图9所示,该方法可以包括步骤902~步骤906。Correspondingly, FIG. 9 is a flowchart of a method for invoking a smart contract on the control node side provided by an exemplary embodiment. As shown in FIG. 9, the method may include step 902 to step 906.
步骤902,控制节点接收到客户端直接发送的经过加密的调用请求,所述调用请求包含智能合约的标识信息和入参数据的信息。Step 902: The control node receives an encrypted call request directly sent by the client, where the call request includes the identification information of the smart contract and the information of the input parameter data.
如前所述,所述调用请求由节点非对称密钥对的公钥进行加密后传输,且所述非对称密钥对的私钥被所述隐私计算节点所维护。As mentioned above, the call request is encrypted by the public key of the node asymmetric key pair and then transmitted, and the private key of the asymmetric key pair is maintained by the privacy computing node.
如前所述,所述节点非对称密钥对的私钥仅被所述隐私计算节点所维护;所述控制节点将所述调用请求转发至从隐私计算集群中选取的所述隐私计算节点,包括:在经过加密的调用请求的目标节点被设定为所述隐私计算节点的情况下,所述控制接节点将所述调用请求转发至所述隐私计算节点;在所述经过加密的调用请求的目标节点未设定的情况下,所述控制节点将所述调用请求转发至所述隐私计算集群中的所有隐私计算节点。As mentioned above, the private key of the node asymmetric key pair is only maintained by the private computing node; the control node forwards the call request to the private computing node selected from the private computing cluster, Including: in the case where the target node of the encrypted call request is set as the private computing node, the control node forwards the call request to the private computing node; If the target node of is not set, the control node forwards the call request to all private computing nodes in the private computing cluster.
如前所述,所述节点非对称密钥对的私钥被所述隐私计算集群内的所有隐私计算节点共同维护;所述控制节点将所述调用请求转发至从隐私计算集群中选取的所述隐私计算节点,包括:所述控制节点根据负载均衡算法从所述隐私计算集群中选取所述隐私计算节点,并将所述调用请求转发至所述隐私计算节点。As mentioned above, the private key of the node asymmetric key pair is jointly maintained by all private computing nodes in the private computing cluster; the control node forwards the call request to all selected from the private computing cluster The privacy computing node includes: the control node selects the privacy computing node from the privacy computing cluster according to a load balancing algorithm, and forwards the call request to the privacy computing node.
步骤904,所述控制节点将所述调用请求转发至从隐私计算集群中选取的所述隐私计算节点。Step 904: The control node forwards the call request to the privacy computing node selected from the privacy computing cluster.
如前所述,在所述智能合约为无状态合约的情况下,所述智能合约的入参数据包括所述智能合约中定义的合约状态的历史状态取值。As mentioned above, when the smart contract is a stateless contract, the input data of the smart contract includes the historical state value of the contract state defined in the smart contract.
步骤906,所述控制节点将从所述隐私计算节点接收到的隐私计算结果进行反馈。Step 906: The control node feeds back the privacy calculation result received from the privacy calculation node.
如前所述,所述控制节点接收到所述隐私计算节点对所述调用请求进行哈希运算得到的第一哈希值与所述隐私计算结果;所述控制节点将所述第一哈希值与所述隐私计算结果转发至请求方,所述第一哈希值用于与客户端生成的所述调用请求的第二哈希值进行比较,比较结果用于确定所述隐私计算结果是否可靠。As mentioned above, the control node receives the first hash value obtained by the privacy computing node hashing the call request and the privacy calculation result; the control node hashes the first hash value The value and the privacy calculation result are forwarded to the requesting party, the first hash value is used to compare with the second hash value of the call request generated by the client, and the comparison result is used to determine whether the privacy calculation result is reliable.
图10是一示例性实施例提供的一种设备的示意结构图。请参考图10,在硬件层面,该电子设备包括处理器1002、内部总线1004、网络接口1006、内存1008以及非易失性存储器1010,当然还可能包括其他业务所需要的硬件。处理器1002从非易失性存储器1010中读取对应的计算机程序到内存1008中然后运行,在逻辑层面上形成命令的调用合约的装置。当然,除了软件实现方式之外,本说明书并不排除其他实现方式,比如逻辑器件抑或软硬件结合的方式等等,也就是说以下处理流程的执行主体并不限定于各个逻辑单元,也可以是硬件或逻辑器件。Fig. 10 is a schematic structural diagram of a device according to an exemplary embodiment. Please refer to FIG. 10, at the hardware level, the electronic device includes a processor 1002, an internal bus 1004, a network interface 1006, a memory 1008, and a non-volatile memory 1010. Of course, it may also include hardware required for other services. The processor 1002 reads the corresponding computer program from the non-volatile memory 1010 to the memory 1008 and then runs it, forming a command calling contract device on the logical level. Of course, in addition to the software implementation, this specification does not exclude other implementations, such as logic devices or a combination of software and hardware, etc. That is to say, the execution body of the following processing flow is not limited to each logic unit, and can also be Hardware or logic device.
请参考图11,在链下隐私计算节点侧的软件实施方式中,该调用合约的装置可以包括:接收与解密单元1102,使链下隐私计算节点接收到经过加密的调用请求,并在链下可信执行环境中解密得到所述调用请求包含的链下合约的标识信息和入参数据的信息;调用与执行单元1104,使所述链下隐私计算节点根据所述标识信息调用预先部署的所述链下合约的字节码,并通过部署于所述链下可信执行环境中的虚拟机执行所述字节码以对所述入参数据进行链下隐私计算;反馈单元1106,使所述链下隐私计算节点在链下可信执行环境中对得到的链下隐私计算结果进行加密并反馈。Please refer to Figure 11, in the software implementation on the side of the off-chain privacy computing node, the device for invoking the contract may include: a receiving and decrypting unit 1102, so that the off-chain privacy computing node receives the encrypted invocation request and sends it to the off-chain In the trusted execution environment, the identification information of the off-chain contract and the information of the input parameter data contained in the invocation request are decrypted; the invocation and execution unit 1104 enables the off-chain private computing node to invoke the pre-deployed all data based on the identification information. The bytecode of the off-chain contract is executed by a virtual machine deployed in the off-chain trusted execution environment to perform off-chain privacy calculations on the incoming parameter data; the feedback unit 1106 enables all The off-chain private computing node encrypts and feeds back the obtained off-chain private computing results in an off-chain trusted execution environment.
可选的,接收与解密单元1102具体用于:使所述链下隐私计算节点接收到区块链节点通过预言机机制传输的调用请求;使所述链下隐私计算节点在链下可信执行环境中对得到的链下隐私计算结果进行加密并反馈,包括:所述链下计算节点通过预言机机制对所述链下隐私计算结果进行反馈。Optionally, the receiving and decrypting unit 1102 is specifically configured to: enable the off-chain private computing node to receive the call request transmitted by the blockchain node through the oracle mechanism; enable the off-chain private computing node to perform trusted execution off-chain Encrypting and feeding back the obtained off-chain privacy calculation results in the environment includes: the off-chain computing node feedbacks the off-chain privacy calculation results through the oracle mechanism.
可选的,接收与解密单元1102具体用于:使所述经过加密的调用请求由所述区块链节点从所述客户端提交的交易中提取得到;或者,使所述经过加密的调用请求由所述区块链节点根据所述客户端提交的交易在自身创建的链上可信执行环境内执行链上合约而生成。Optionally, the receiving and decrypting unit 1102 is specifically configured to: enable the encrypted call request to be extracted by the blockchain node from the transaction submitted by the client; or, enable the encrypted call request It is generated by the blockchain node executing an on-chain contract in the trusted execution environment on the chain created by the blockchain node according to the transaction submitted by the client.
可选的,接收与解密单元1102具体用于:使所述链下隐私计算节点接收到客户端直接发起的链下调用请求;使所述链下隐私计算节点在链下可信执行环境中对得到的链下隐私计算结果进行加密并反馈,包括:所述链下计算节点将所述链下隐私计算结果直 接反馈给客户端。Optionally, the receiving and decrypting unit 1102 is specifically configured to: enable the off-chain private computing node to receive the off-chain invocation request directly initiated by the client; and enable the off-chain private computing node to perform the verification in the off-chain trusted execution environment Encrypting and feeding back the obtained off-chain privacy calculation result includes: the off-chain computing node directly feeds back the off-chain privacy calculation result to the client.
可选的,接收与解密单元1102具体用于:使所述链下隐私计算节点直接从请求方处接收到经过加密的调用请求;或者,在所述链下隐私计算节点属于链下隐私计算集群的情况下,所述链下隐私计算节点接收所述链下隐私计算集群的控制节点转发的经过加密的调用请求。Optionally, the receiving and decrypting unit 1102 is specifically configured to: enable the off-chain private computing node to directly receive an encrypted call request from the requesting party; or, the off-chain private computing node belongs to an off-chain private computing cluster In the case of, the off-chain privacy computing node receives the encrypted call request forwarded by the control node of the off-chain privacy computing cluster.
可选的,所述调用请求由节点非对称密钥对的公钥进行加密后传输,且所述节点非对称密钥对的私钥被所述链下隐私计算节点所维护。Optionally, the call request is transmitted after being encrypted by the public key of the node asymmetric key pair, and the private key of the node asymmetric key pair is maintained by the off-chain privacy computing node.
可选的,所述链下隐私计算节点属于链下隐私计算集群,且所述节点非对称密钥对的私钥仅被所述链下隐私计算节点所维护;在所述经过加密的调用请求的目标节点被设定为所述链下隐私计算节点的情况下,所述经过加密的调用请求被所述控制节点接收并转发至所述链下隐私计算节点;在所述经过加密的调用请求的目标节点未设定的情况下,所述经过加密的调用请求被所述控制节点接收并转发至所述链下隐私计算集群中的所有链下隐私计算节点。Optionally, the off-chain privacy computing node belongs to an off-chain privacy computing cluster, and the private key of the node asymmetric key pair is only maintained by the off-chain privacy computing node; in the encrypted call request When the target node of is set as the off-chain private computing node, the encrypted call request is received by the control node and forwarded to the off-chain private computing node; in the encrypted call request If the target node of is not set, the encrypted call request is received by the control node and forwarded to all off-chain privacy computing nodes in the off-chain privacy computing cluster.
可选的,所述链下隐私计算节点属于链下隐私计算集群,且所述节点非对称密钥对的私钥被所述链下隐私计算集群内的所有链下隐私计算节点共同维护;所述链下隐私计算节点被所述控制节点根据负载均衡算法从所述链下隐私计算集群中选取,且所述经过加密的调用请求被所述控制节点接收并转发至所述链下隐私计算节点。Optionally, the off-chain privacy computing node belongs to an off-chain privacy computing cluster, and the private key of the node asymmetric key pair is jointly maintained by all off-chain privacy computing nodes in the off-chain privacy computing cluster; The off-chain privacy computing node is selected by the control node from the off-chain privacy computing cluster according to the load balancing algorithm, and the encrypted call request is received by the control node and forwarded to the off-chain privacy computing node .
可选的,所述链下可信执行环境中部署有若干执行引擎;所述装置还包括:引擎确定单元1108,使所述链下隐私计算节点确定所述字节码对应的执行引擎;引擎执行单元1110,所述链下隐私计算节点通过确定出的执行引擎执行所述字节码。Optionally, several execution engines are deployed in the off-chain trusted execution environment; the device further includes: an engine determining unit 1108, which enables the off-chain private computing node to determine the execution engine corresponding to the bytecode; an engine The execution unit 1110, where the off-chain privacy computing node executes the bytecode through the determined execution engine.
可选的,还包括:远程证明报告提供单元1112,使所述链下隐私计算节点向请求方提供远程证明报告,所述远程证明报告由认证服务器对所述链下隐私计算节点产生的自荐信息进行验证后生成,所述自荐信息与所述链下隐私计算节点上创建的链下可信执行环境相关;其中,所述调用请求由所述客户端在根据所述远程证明报告确定所述链下隐私计算节点可信的情况下发起。Optionally, it further includes: a remote certification report providing unit 1112 to enable the off-chain private computing node to provide a remote certification report to the requesting party, where the remote certification report is self-recommended information generated by the authentication server to the off-chain private computing node Generated after verification, the self-recommendation information is related to the off-chain trusted execution environment created on the off-chain private computing node; wherein, the call request is determined by the client on the chain according to the remote attestation report. Initiated when the next privacy computing node is trusted.
可选的,所述入参数据的信息由合约非对称密钥对的公钥进行加密,所述合约非对称密钥由所述链下隐私计算节点在所述链下可信执行环境内预先生成且对应于所述链下合约的身份;所述装置还包括:入参数据信息解密单元1114,所述链下隐私计算节点根据所述合约非对称密钥对的私钥,在所述链下可信执行环境中解密得到所述入参数据的信息。Optionally, the information of the input data is encrypted by the public key of the contract asymmetric key pair, and the contract asymmetric key is pre-defined by the off-chain private computing node in the off-chain trusted execution environment. Generated and corresponding to the identity of the off-chain contract; the device further includes: an input data information decryption unit 1114. The off-chain privacy computing node is configured in the chain according to the private key of the contract asymmetric key pair. The information of the input parameter data is obtained by decrypting in the trusted execution environment.
可选的,不同的链下隐私计算节点针对所述链下合约生成的合约非对称密钥对不同;或者,不同的链下隐私计算节点针对所述链下合约生成的合约非对称密钥对相同。Optionally, different off-chain privacy computing nodes generate different contract asymmetric key pairs for the off-chain contract; or, different off-chain privacy computing nodes generate contract asymmetric key pairs for the off-chain contract same.
可选的,所述调用请求还包括指定对象的身份公钥的信息,反馈单元1106具体用于:使所述链下隐私计算节点根据所述身份公钥对所述执行结果进行加密后反馈。Optionally, the invocation request further includes information about the identity public key of the specified object, and the feedback unit 1106 is specifically configured to: enable the off-chain privacy computing node to encrypt the execution result according to the identity public key and then feed back.
可选的,所述调用请求还包含函数信息,调用与执行单元1104具体用于:使所述链下隐私计算节点调用所述链下合约中对应于所述函数信息的字节码。Optionally, the calling request further includes function information, and the calling and executing unit 1104 is specifically configured to: enable the off-chain privacy computing node to call the bytecode corresponding to the function information in the off-chain contract.
可选的,所述链下隐私计算结果包括以下至少之一:响应码、响应信息、合约调用的返回值、合约调用的过程输出。Optionally, the off-chain privacy calculation result includes at least one of the following: response code, response information, return value of contract invocation, and process output of contract invocation.
可选的,还包括:运算单元1116,使所述链下隐私计算节点对所述调用请求进行哈希运算得到第一哈希值;关联反馈单元1118,使所述链下隐私计算节点将所述第一哈希值与所述链下隐私计算结果关联反馈,所述第一哈希值用于与请求方生成的所述调用请求的第二哈希值进行比较,所述比较结果用于确定所述链下隐私计算结果是否可靠。Optionally, it further includes: an arithmetic unit 1116 that enables the off-chain privacy computing node to perform a hash operation on the call request to obtain the first hash value; an association feedback unit 1118 that enables the off-chain privacy computing node to The first hash value is associated with the feedback of the off-chain privacy calculation result, the first hash value is used for comparison with the second hash value of the call request generated by the requester, and the comparison result is used for Determine whether the off-chain privacy calculation result is reliable.
可选的,在所述链下合约为无状态合约的情况下,所述链下合约的入参数据包括所述链下合约中定义的合约状态的历史状态取值。Optionally, when the off-chain contract is a stateless contract, the input data of the off-chain contract includes the historical state value of the contract state defined in the off-chain contract.
请参考图12,在客户端侧的软件实施方式中,该调用合约的装置可以包括:生成单元1202,使客户端生成调用请求,所述调用请求包含链下合约的标识信息和入参数据 的信息;发送单元1204,使所述客户端向链下隐私计算节点发送经过加密的调用请求,所述标识信息和所述入参数据的信息被所述链下隐私计算节点在链下可信执行环境中解密得到后,所述标识信息用于指示所述链下隐私计算节点获取链下合约的字节码,并通过部署于所述链下可信执行环境中的虚拟机执行所述字节码以对所述入参数据进行链下隐私计算。12, in the software implementation on the client side, the device for invoking the contract may include: a generating unit 1202 for the client to generate a call request, the call request including the identification information of the off-chain contract and input data Information; the sending unit 1204, which enables the client to send an encrypted call request to the off-chain private computing node, and the identification information and the information of the incoming parameter data are trusted by the off-chain private computing node to execute under the chain After decryption in the environment, the identification information is used to instruct the off-chain private computing node to obtain the bytecode of the off-chain contract, and execute the byte code through the virtual machine deployed in the off-chain trusted execution environment Code to perform off-chain privacy calculations on the incoming parameter data.
可选的,发送单元1204具体用于:使所述客户端向区块链节点提交交易,所述交易触发所述区块链节点通过预言机机制将经过加密的调用请求传输至所述链下隐私计算节点;其中,所述链下隐私计算节点产生的链下隐私计算结果被反馈至所述区块链节点,所述链下隐私计算结果用于驱动所述区块链节点更新区块链账本数据。Optionally, the sending unit 1204 is specifically configured to: enable the client to submit a transaction to a blockchain node, and the transaction triggers the blockchain node to transmit the encrypted call request to the off-chain through an oracle mechanism Privacy calculation node; wherein the off-chain privacy calculation result generated by the off-chain privacy calculation node is fed back to the blockchain node, and the off-chain privacy calculation result is used to drive the blockchain node to update the blockchain Ledger data.
可选的,使所述客户端向所述链下隐私计算节点直接发起链下调用请求;可选的,还包括:交易发起模块1206,使所述客户端向所述区块链节点发起存证交易,所述存证交易包含所述链下隐私计算结果。Optionally, enable the client to directly initiate an off-chain invocation request to the off-chain privacy computing node; optionally, it further includes: a transaction initiation module 1206 to enable the client to initiate a deposit to the blockchain node A certificate transaction, the certificate deposit transaction includes the off-chain privacy calculation result.
可选的,发送单元1204具体用于:使所述客户端直接向链下隐私计算节点发送经过加密的调用请求;或者,在所述链下隐私计算节点属于链下隐私计算集群的情况下,使所述客户端向所述链下隐私计算集群的控制节点发送经过加密的调用请求,以由所述控制节点转发所述调用请求。Optionally, the sending unit 1204 is specifically configured to: cause the client to directly send an encrypted call request to the off-chain private computing node; or, in the case that the off-chain private computing node belongs to an off-chain private computing cluster, The client is caused to send an encrypted call request to the control node of the off-chain privacy computing cluster, so that the control node forwards the call request.
可选的,所述调用请求由节点非对称密钥对的公钥进行加密后传输,且所述节点非对称密钥对的私钥被所述链下隐私计算节点所维护。Optionally, the call request is transmitted after being encrypted by the public key of the node asymmetric key pair, and the private key of the node asymmetric key pair is maintained by the off-chain privacy computing node.
可选的,在所述链下隐私计算节点属于链下隐私计算集群的情况下,所述节点非对称密钥对的私钥仅被所述链下隐私计算节点所维护,或者所述节点非对称密钥对的私钥被所述链下隐私计算集群内的所有链下隐私计算节点共同维护。Optionally, when the off-chain privacy computing node belongs to an off-chain privacy computing cluster, the private key of the node asymmetric key pair is only maintained by the off-chain privacy computing node, or the node is not The private key of the symmetric key pair is jointly maintained by all the off-chain privacy computing nodes in the off-chain privacy computing cluster.
可选的,还包括:远程证明报告获取单元1208,使所述客户端获取所述链下隐私计算节点的远程证明报告,所述远程证明报告由认证服务器对所述链下隐私计算节点产生的自荐信息进行验证后生成,所述自荐信息与所述链下隐私计算节点上创建的链下可信执行环境相关;使所述客户端根据所述远程证明报告确定所述链下隐私计算节点可信的情况下,向所述链下隐私计算节点发送经过加密的调用请求。Optionally, it further includes: a remote certification report obtaining unit 1208, which enables the client to obtain a remote certification report of the off-chain private computing node, where the remote certification report is generated by the authentication server on the off-chain private computing node The self-recommendation information is generated after verification, and the self-recommendation information is related to the off-chain trusted execution environment created on the off-chain private computing node; enabling the client to determine the availability of the off-chain private computing node according to the remote attestation report In the case of the letter, the encrypted call request is sent to the off-chain privacy computing node.
可选的,所述入参数据的信息由合约非对称密钥对的公钥进行加密,所述合约非对称密钥由所述链下隐私计算节点在所述链下可信执行环境内预先生成且对应于所述链下合约的身份;所述装置还包括:入参数据信息加密单元1210,使所述客户端采用所述合约非对称密钥对的公钥对所述入参数据的信息进行加密后传输。Optionally, the information of the input data is encrypted by the public key of the contract asymmetric key pair, and the contract asymmetric key is pre-defined by the off-chain private computing node in the off-chain trusted execution environment. Generated and corresponding to the identity of the off-chain contract; the device further includes: an input data information encryption unit 1210, which enables the client to use the public key of the contract asymmetric key pair to transfer the input data The information is encrypted and transmitted.
可选的,不同链下隐私计算节点针对所述链下合约生成的合约非对称密钥对不同;或者,不同链下隐私计算节点针对所述链下合约生成的合约非对称密钥对相同。Optionally, different off-chain privacy computing nodes generate different contract asymmetric key pairs for the off-chain contract; or, different off-chain privacy computing nodes generate the same contract asymmetric key pair for the off-chain contract.
可选的,还包括:身份公钥信息添加单元1212,使客户端向调用请求中添加指定对象的身份公钥的信息,使客户端接收所述链下隐私计算节点采用所述身份公钥对所述执行结果进行加密后返回的结果密文。Optionally, it further includes: an identity public key information adding unit 1212, which enables the client to add the identity public key information of the specified object to the call request, so that the client receives the off-chain privacy computing node using the identity public key pair The result ciphertext returned after the execution result is encrypted.
可选的,还包括:函数信息添加单元1214,使客户端向调用请求中添加函数信息,所述函数信息用于指示所述链下隐私计算节点用于调用所述链下合约中对应于所述函数信息的的字节码。Optionally, it further includes: a function information adding unit 1214 that enables the client to add function information to the call request, where the function information is used to instruct the off-chain privacy computing node to call the off-chain contract that corresponds to all The bytecode of the function information.
可选的,所述链下隐私计算结果包括以下至少之一:响应码、响应信息、合约调用的返回值、合约调用的过程输出。Optionally, the off-chain privacy calculation result includes at least one of the following: response code, response information, return value of contract invocation, and process output of contract invocation.
可选的,还包括:运算结果接收单元1216,使所述客户端接收到所述链下隐私计算节点对所述调用请求进行哈希运算得到的第一哈希值与所述链下隐私计算结果;比较单元1218,使所述客户端生成所述调用请求的第二哈希值,并将所述第一哈希值与所述第二哈希值进行比较;结果确定单元1220,使所述客户端根据比较结果确定所述链下隐私计算结果是否可靠。Optionally, it further includes: an operation result receiving unit 1216 to enable the client to receive the first hash value obtained by the off-chain privacy computing node hashing the invocation request and the off-chain privacy calculation Result; comparing unit 1218, causing the client to generate the second hash value of the call request, and comparing the first hash value with the second hash value; result determining unit 1220, making all The client determines whether the off-chain privacy calculation result is reliable according to the comparison result.
可选的,在所述链下合约为无状态合约的情况下,所述链下合约的入参数据包括 所述链下合约中定义的合约状态的历史状态取值。Optionally, when the off-chain contract is a stateless contract, the input data of the off-chain contract includes the historical state value of the contract state defined in the off-chain contract.
请参考图13,在区块链节点侧的软件实施方式中,该调用合约的装置可以包括:获取单元1302,使区块链节点获取经过加密的调用请求,所述调用请求包含链下合约的标识信息和入参数据的信息;传输单元1304,使所述区块链节点通过预言机机制将经过加密的调用请求传输至链下隐私计算节点,所述标识信息和所述入参数据的信息被所述链下隐私计算节点在链下可信执行环境中解密得到后,所述标识信息用于指示所述链下隐私计算节点获取链下合约的字节码,并通过部署于所述链下可信执行环境中的虚拟机执行所述字节码以对所述入参数据进行链下隐私计算;接收单元1306,使所述区块链节点接收所述链下隐私计算节点通过预言机机制反馈的链下隐私计算结果。Please refer to FIG. 13, in the software implementation on the blockchain node side, the device for invoking the contract may include: an obtaining unit 1302, which enables the blockchain node to obtain an encrypted invoking request, the invoking request including the off-chain contract The identification information and the information of the input data; the transmission unit 1304 enables the blockchain node to transmit the encrypted call request to the off-chain privacy computing node through the oracle mechanism, the identification information and the information of the input data After being decrypted by the off-chain private computing node in the off-chain trusted execution environment, the identification information is used to instruct the off-chain private computing node to obtain the bytecode of the off-chain contract and deploy it on the chain The virtual machine in the lower trusted execution environment executes the bytecode to perform off-chain privacy calculations on the input data; the receiving unit 1306 enables the blockchain node to receive the off-chain privacy computing node through the oracle The off-chain privacy calculation result fed back by the mechanism.
可选的,获取单元1302具体用于:使区块链节点从所述客户端提交的交易中提取得到调用请求;或者,使所述区块链节点根据所述客户端提交的交易在自身创建的链上可信执行环境内执行链上合约而生成调用请求。Optionally, the acquiring unit 1302 is specifically configured to: enable the blockchain node to extract the call request from the transaction submitted by the client; or enable the blockchain node to create a call request based on the transaction submitted by the client. The on-chain contract is executed in the trusted execution environment on the chain to generate a call request.
可选的,还包括:直接反馈单元1308,使所述区块链节点将所述计算结果直接反馈至客户端;或者,更新单元1310,使所述区块链节点根据接收到的所述计算结果更新区块链账本数据。Optionally, it further includes: a direct feedback unit 1308, which enables the blockchain node to directly feed back the calculation result to the client; or, an update unit 1310, which enables the blockchain node to perform the calculation according to the received calculation As a result, the blockchain ledger data is updated.
可选的,传输单元1304具体用于:使区块链节点直接通过预言机机制将经过加密的调用请求传输至链下隐私计算节点;或者,在所述链下隐私计算节点属于链下隐私计算集群的情况下,使所述区块链节点通过预言机机制将经过加密的调用请求传输至所述链下隐私计算集群的控制节点,以由所述控制节点转发所述调用请求。Optionally, the transmission unit 1304 is specifically configured to: make the blockchain node directly transmit the encrypted call request to the off-chain private computing node through the oracle mechanism; or, the off-chain private computing node belongs to the off-chain private computing node In the case of a cluster, the blockchain node is made to transmit the encrypted call request to the control node of the off-chain privacy computing cluster through the oracle mechanism, so that the control node forwards the call request.
可选的,所述调用请求由节点非对称密钥对的公钥进行加密后传输,且所述非对称密钥对的私钥被所述链下隐私计算节点所维护。Optionally, the call request is transmitted after being encrypted by the public key of the node asymmetric key pair, and the private key of the asymmetric key pair is maintained by the off-chain privacy computing node.
可选的,在所述链下隐私计算节点属于链下隐私计算集群的情况下,所述节点非对称密钥对的私钥仅被所述链下隐私计算节点所维护,或者所述节点非对称密钥对的私钥被所述链下隐私计算集群内的所有链下隐私计算节点共同维护。Optionally, when the off-chain privacy computing node belongs to an off-chain privacy computing cluster, the private key of the node asymmetric key pair is only maintained by the off-chain privacy computing node, or the node is not The private key of the symmetric key pair is jointly maintained by all the off-chain privacy computing nodes in the off-chain privacy computing cluster.
可选的,所述入参数据的信息由合约非对称密钥对的公钥进行加密,所述合约非对称密钥由所述链下隐私计算节点在所述链下可信执行环境内预先生成且对应于所述链下合约的身份。Optionally, the information of the input data is encrypted by the public key of the contract asymmetric key pair, and the contract asymmetric key is pre-defined by the off-chain private computing node in the off-chain trusted execution environment. Generate and correspond to the identity of the off-chain contract.
可选的,接收单元1306具体用于:在所述调用请求中还包括所述指定对象的身份公钥的信息的情况下,使所述区块链节点接收到所述链下隐私计算节点采用所述身份公钥对所述执行结果进行加密后返回的计算结果密文。Optionally, the receiving unit 1306 is specifically configured to: in the case that the call request also includes information about the identity public key of the specified object, make the blockchain node receive the off-chain privacy computing node using The ciphertext of the calculation result returned after the identity public key encrypts the execution result.
可选的,还包括:运算结果接收单元1312,使所述区块链节点接收到所述链下隐私计算节点对所述调用请求进行哈希运算得到的第一哈希值与所述链下隐私计算结果;结果反馈单元1314,使所述区块链节点将所述第一哈希值与所述链下隐私计算结果反馈至请求方,所述第一哈希值用于与所述请求方生成的所述调用请求的第二哈希值进行比较,比较结果用于确定所述链下隐私计算结果是否可靠。Optionally, it further includes: an operation result receiving unit 1312 to enable the blockchain node to receive the first hash value obtained by the off-chain privacy computing node hashing the invocation request and the off-chain Privacy calculation result; the result feedback unit 1314 enables the blockchain node to feed back the first hash value and the off-chain privacy calculation result to the requesting party, and the first hash value is used to communicate with the request The second hash value of the call request generated by the party is compared, and the comparison result is used to determine whether the off-chain privacy calculation result is reliable.
可选的,在所述链下合约为无状态合约的情况下,所述链下合约的入参数据包括所述链下合约中定义的合约状态的历史状态取值。Optionally, when the off-chain contract is a stateless contract, the input data of the off-chain contract includes the historical state value of the contract state defined in the off-chain contract.
请参考图14,在控制节点侧的软件实施方式中,该调用合约的装置可以包括:接收单元1402,使控制节点接收到经过加密的调用请求,所述调用请求包含链下合约的标识信息和入参数据的信息;转发单元1404,使所述控制节点将所述调用请求转发至从链下隐私计算集群中选取的所述链下隐私计算节点;反馈单元1406,使所述控制节点将从所述链下隐私计算节点接收到的链下隐私计算结果进行反馈。Please refer to FIG. 14, in the software implementation on the control node side, the device for invoking the contract may include: a receiving unit 1402 to enable the control node to receive an encrypted invoking request, the invoking request including the identification information of the off-chain contract and Information about the input parameter data; a forwarding unit 1404, which enables the control node to forward the invocation request to the off-chain privacy computing node selected from the off-chain privacy computing cluster; a feedback unit 1406, which causes the control node from The off-chain privacy calculation result received by the off-chain privacy computing node is fed back.
可选的,接收单元1402具体用于:所述控制节点接收到区块链节点通过预言机机制传输的调用请求;或者,所述控制节点接收所述客户端直接发送的链下调用请求。Optionally, the receiving unit 1402 is specifically configured to: the control node receives the call request transmitted by the blockchain node through the oracle mechanism; or, the control node receives the off-chain call request directly sent by the client.
可选的,还包括:直接反馈单元1408,使所述控制节点直接将所述链下隐私计算结果反馈至所述客户端;或者,预言机机制反馈单元1410,使所述控制节点通过预言机 机制对所述链下隐私计算结果进行反馈。Optionally, it further includes: a direct feedback unit 1408 to enable the control node to directly feed back the off-chain privacy calculation result to the client; or an oracle mechanism feedback unit 1410 to enable the control node to pass the oracle The mechanism provides feedback on the off-chain privacy calculation result.
可选的,所述调用请求由节点非对称密钥对的公钥进行加密后传输,且所述非对称密钥对的私钥被所述链下隐私计算节点所维护。Optionally, the call request is transmitted after being encrypted by the public key of the node asymmetric key pair, and the private key of the asymmetric key pair is maintained by the off-chain privacy computing node.
可选的,所述节点非对称密钥对的私钥仅被所述链下隐私计算节点所维护,转发单元1404具体用于:在经过加密的调用请求的目标节点被设定为所述链下隐私计算节点的情况下,使所述控制接节点将所述调用请求转发至所述链下隐私计算节点;在所述经过加密的调用请求的目标节点未设定的情况下,使所述控制节点将所述调用请求转发至所述链下隐私计算集群中的所有链下隐私计算节点。Optionally, the private key of the node asymmetric key pair is only maintained by the off-chain privacy computing node, and the forwarding unit 1404 is specifically configured to: set the target node of the encrypted call request as the chain In the case of a private computing node, the control node is made to forward the invocation request to the off-chain private computing node; in the case that the target node of the encrypted invocation request is not set, the The control node forwards the call request to all off-chain privacy computing nodes in the off-chain privacy computing cluster.
可选的,所述节点非对称密钥对的私钥被所述链下隐私计算集群内的所有链下隐私计算节点共同维护,转发单元1404具体用于:使所述控制节点根据负载均衡算法从所述链下隐私计算集群中选取所述链下隐私计算节点,并将所述调用请求转发至所述链下隐私计算节点。Optionally, the private key of the node asymmetric key pair is jointly maintained by all off-chain privacy computing nodes in the off-chain privacy computing cluster, and the forwarding unit 1404 is specifically configured to: make the control node according to a load balancing algorithm Select the off-chain privacy computing node from the off-chain privacy computing cluster, and forward the call request to the off-chain privacy computing node.
可选的,还包括:结果接收单元1412,使所述控制节点接收到所述链下隐私计算节点对所述调用请求进行哈希运算得到的第一哈希值与所述链下隐私计算结果;结果转发单元1414,使所述控制节点将所述第一哈希值与所述链下隐私计算结果转发至请求方,所述第一哈希值用于与请求方生成的所述调用请求的第二哈希值进行比较,比较结果用于确定所述链下隐私计算结果是否可靠。Optionally, it further includes: a result receiving unit 1412, which enables the control node to receive the first hash value obtained by the off-chain privacy computing node hashing the invocation request and the off-chain privacy calculation result The result forwarding unit 1414 enables the control node to forward the first hash value and the off-chain privacy calculation result to the requester, and the first hash value is used for the call request generated with the requester The second hash value of is compared, and the comparison result is used to determine whether the off-chain privacy calculation result is reliable.
可选的,在所述链下合约为无状态合约的情况下,所述链下合约的入参数据包括所述链下合约中定义的合约状态的历史状态取值。Optionally, when the off-chain contract is a stateless contract, the input data of the off-chain contract includes the historical state value of the contract state defined in the off-chain contract.
请参考图15,在隐私计算节点侧的软件实施方式中,该智能合约的调用装置可以包括:接收与解密单元1502,使隐私计算节点接收到经过加密的调用请求,并在可信执行环境中解密得到所述调用请求包含的智能合约的标识信息和入参数据的信息;调用与计算单元1504,使所述隐私计算节点根据所述标识信息调用预先部署的所述智能合约的字节码,并通过部署于所述可信执行环境中的虚拟机执行所述字节码以对所述入参数据进行隐私计算;加密与反馈单元1506,使所述隐私计算节点在可信执行环境中对得到的隐私计算结果进行加密并反馈。Please refer to FIG. 15, in the software implementation on the side of the privacy computing node, the invoking device of the smart contract may include: a receiving and decrypting unit 1502, so that the privacy computing node receives an encrypted invocation request, and in a trusted execution environment Decrypting to obtain the identification information of the smart contract and the information of the input parameter data included in the call request; the calling and computing unit 1504 enables the private computing node to call the bytecode of the smart contract deployed in advance according to the identification information, And execute the bytecode through the virtual machine deployed in the trusted execution environment to perform private calculation on the input parameter data; the encryption and feedback unit 1506 enables the private computing node to perform the private calculation in the trusted execution environment The privacy calculation results obtained are encrypted and fed back.
可选的,所述接收与解密单元1502具体用于:使所述隐私计算节点直接从客户端处接收到经过加密的调用请求;或者,在所述隐私计算节点属于隐私计算集群的情况下,所述隐私计算节点接收所述隐私计算集群的控制节点转发的经过加密的调用请求。Optionally, the receiving and decrypting unit 1502 is specifically configured to: enable the private computing node to directly receive an encrypted call request from the client; or, when the private computing node belongs to a private computing cluster, The privacy computing node receives the encrypted call request forwarded by the control node of the privacy computing cluster.
可选的,所述调用请求由节点非对称密钥对的公钥进行加密后传输,且所述节点非对称密钥对的私钥被所述隐私计算节点所维护。Optionally, the call request is transmitted after being encrypted by the public key of the node asymmetric key pair, and the private key of the node asymmetric key pair is maintained by the privacy computing node.
可选的,所述隐私计算节点属于隐私计算集群,且所述节点非对称密钥对的私钥仅被所述隐私计算节点所维护;在所述经过加密的调用请求的目标节点被设定为所述隐私计算节点的情况下,所述经过加密的调用请求被所述控制节点接收并转发至所述隐私计算节点;在所述经过加密的调用请求的目标节点未设定的情况下,所述经过加密的调用请求被所述控制节点接收并转发至所述隐私计算集群中的所有隐私计算节点。Optionally, the private computing node belongs to a private computing cluster, and the private key of the node asymmetric key pair is only maintained by the private computing node; the target node of the encrypted call request is set In the case of the private computing node, the encrypted call request is received by the control node and forwarded to the private computing node; in the case where the target node of the encrypted call request is not set, The encrypted call request is received by the control node and forwarded to all private computing nodes in the private computing cluster.
可选的,所述隐私计算节点属于隐私计算集群,且所述节点非对称密钥对的私钥被所述隐私计算集群内的所有隐私计算节点共同维护;所述隐私计算节点被所述控制节点根据负载均衡算法从所述隐私计算集群中选取,且所述经过加密的调用请求被所述控制节点接收并转发至所述隐私计算节点。Optionally, the private computing node belongs to a private computing cluster, and the private key of the node asymmetric key pair is jointly maintained by all private computing nodes in the private computing cluster; the private computing node is controlled by the A node is selected from the privacy computing cluster according to a load balancing algorithm, and the encrypted call request is received by the control node and forwarded to the privacy computing node.
可选的,还包括:哈希运算单元1508,所述隐私计算节点对所述调用请求进行哈希运算得到第一哈希值;比较单元1510,所述隐私计算节点将所述第一哈希值与隐私计算结果关联反馈,所述第一哈希值用于与客户端生成的所述调用请求的第二哈希值进行比较,所述比较结果用于确定所述隐私计算结果是否可靠。Optionally, it further includes: a hash calculation unit 1508, where the privacy calculation node performs a hash calculation on the call request to obtain a first hash value; and a comparison unit 1510, where the privacy calculation node hashes the first hash value The value is fed back in association with the privacy calculation result, the first hash value is used to compare with the second hash value of the call request generated by the client, and the comparison result is used to determine whether the privacy calculation result is reliable.
可选的,在所述智能合约为无状态合约的情况下,所述智能合约的入参数据包括所述智能合约中定义的合约状态的历史状态取值。Optionally, when the smart contract is a stateless contract, the input data of the smart contract includes the historical state value of the contract state defined in the smart contract.
请参考图16,在客户端侧的软件实施方式中,该智能合约的调用装置可以包括:生成调用请求单元1602,使客户端生成调用请求,所述调用请求包含智能合约的标识信息和入参数据的信息;发送调用请求单元1604,使所述客户端向隐私计算节点发送经过加密的调用请求,所述标识信息和所述入参数据的信息被所述隐私计算节点在可信执行环境中解密得到后,所述标识信息用于指示所述隐私计算节点获取智能合约的字节码,并通过部署于所述可信执行环境中的虚拟机执行所述字节码以对所述入参数据进行隐私计算。Please refer to FIG. 16, in the software implementation on the client side, the device for invoking the smart contract may include: generating a call request unit 1602 to enable the client to generate a call request, the call request including the identification information and input parameters of the smart contract Data information; the sending call request unit 1604 enables the client to send an encrypted call request to the private computing node, and the identification information and the information of the input parameter data are used by the private computing node in a trusted execution environment After the decryption is obtained, the identification information is used to instruct the privacy computing node to obtain the bytecode of the smart contract, and execute the bytecode through the virtual machine deployed in the trusted execution environment to check the input parameters. Data is calculated for privacy.
可选的,发送调用请求单元1604具体用于:使所述客户端直接向隐私计算节点发送经过加密的调用请求;或者,在所述隐私计算节点属于隐私计算集群的情况下,使所述客户端向所述隐私计算集群的控制节点发送经过加密的调用请求,以由所述控制节点转发所述调用请求。Optionally, the sending call request unit 1604 is specifically configured to: enable the client to directly send an encrypted call request to the private computing node; or, when the private computing node belongs to a private computing cluster, enable the client to The terminal sends the encrypted call request to the control node of the privacy computing cluster, so that the control node forwards the call request.
可选的,所述调用请求由节点非对称密钥对的公钥进行加密后传输,且所述节点非对称密钥对的私钥被所述隐私计算节点所维护。Optionally, the call request is transmitted after being encrypted by the public key of the node asymmetric key pair, and the private key of the node asymmetric key pair is maintained by the privacy computing node.
可选的,在所述隐私计算节点属于隐私计算集群的情况下,所述节点非对称密钥对的私钥仅被所述隐私计算节点所维护,或者所述节点非对称密钥对的私钥被所述隐私计算集群内的所有隐私计算节点共同维护。Optionally, when the private computing node belongs to a private computing cluster, the private key of the node asymmetric key pair is only maintained by the private computing node, or the private key of the node asymmetric key pair The key is jointly maintained by all private computing nodes in the private computing cluster.
可选的,还包括:运算结果接收单元1606,使得所述客户端接收到所述隐私计算节点对所述调用请求进行哈希运算得到的第一哈希值与所述隐私计算结果;比较单元1608,所述客户端生成所述调用请求的第二哈希值,并将所述第一哈希值与所述第二哈希值进行比较;结果确定单元1610,所述客户端根据比较结果确定所述隐私计算结果是否可靠。Optionally, it further includes: an operation result receiving unit 1606, so that the client receives the first hash value obtained by the privacy computing node performing the hash operation on the invocation request and the privacy calculation result; a comparison unit 1608. The client generates a second hash value of the call request, and compares the first hash value with the second hash value; the result determining unit 1610, the client according to the comparison result Determine whether the privacy calculation result is reliable.
可选的,在所述智能合约为无状态合约的情况下,所述智能合约的入参数据包括所述智能合约中定义的合约状态的历史状态取值。Optionally, when the smart contract is a stateless contract, the input data of the smart contract includes the historical state value of the contract state defined in the smart contract.
请参考图17,在控制节点侧的软件实施方式中,该智能合约的调用装置可以包括:接收调用请求单元1702,使控制节点接收到客户端直接发送的经过加密的调用请求,所述调用请求包含智能合约的标识信息和入参数据的信息;转发调用请求单元1704,使所述控制节点将所述调用请求转发至从隐私计算集群中选取的所述隐私计算节点;反馈隐私计算结果单元1706,使所述控制节点将从所述隐私计算节点接收到的隐私计算结果进行反馈。Referring to FIG. 17, in the software implementation on the control node side, the invoking device of the smart contract may include: a receiving invocation request unit 1702, which enables the control node to receive an encrypted invoking request directly sent by the client, the invoking request Contains the identification information of the smart contract and the information of the input parameter data; a forwarding call request unit 1704 to enable the control node to forward the call request to the privacy computing node selected from the privacy computing cluster; feedback the privacy calculation result unit 1706 , Enabling the control node to feed back the privacy calculation result received from the privacy calculation node.
可选的,所述调用请求由节点非对称密钥对的公钥进行加密后传输,且所述非对称密钥对的私钥被所述隐私计算节点所维护。Optionally, the call request is transmitted after being encrypted by the public key of the node asymmetric key pair, and the private key of the asymmetric key pair is maintained by the privacy computing node.
可选的,所述节点非对称密钥对的私钥仅被所述隐私计算节点所维护,转发调用请求单元1704具体用于:在经过加密的调用请求的目标节点被设定为所述隐私计算节点的情况下,所述控制接节点将所述调用请求转发至所述隐私计算节点;在所述经过加密的调用请求的目标节点未设定的情况下,所述控制节点将所述调用请求转发至所述隐私计算集群中的所有隐私计算节点。Optionally, the private key of the node asymmetric key pair is only maintained by the privacy computing node, and the forwarding call request unit 1704 is specifically configured to: set the private key of the encrypted call request to the target node In the case of a computing node, the control node forwards the call request to the privacy computing node; in the case that the target node of the encrypted call request is not set, the control node transfers the call The request is forwarded to all private computing nodes in the private computing cluster.
可选的,所述节点非对称密钥对的私钥被所述隐私计算集群内的所有隐私计算节点共同维护,转发调用请求单元1704具体用于:所述控制节点根据负载均衡算法从所述隐私计算集群中选取所述隐私计算节点,并将所述调用请求转发至所述隐私计算节点。Optionally, the private key of the node asymmetric key pair is jointly maintained by all privacy computing nodes in the privacy computing cluster, and the forwarding call request unit 1704 is specifically configured to: the control node obtains data from the The private computing node is selected from the private computing cluster, and the call request is forwarded to the private computing node.
可选的,还包括:接收单元1708,使所述控制节点接收到所述隐私计算节点对所述调用请求进行哈希运算得到的第一哈希值与所述隐私计算结果;结果转发单元1710,使所述控制节点将所述第一哈希值与所述隐私计算结果转发至请求方,所述第一哈希值用于与客户端生成的所述调用请求的第二哈希值进行比较,比较结果用于确定所述隐私计算结果是否可靠。Optionally, it further includes: a receiving unit 1708 to enable the control node to receive the first hash value obtained by the privacy computing node performing a hash operation on the invocation request and the privacy calculation result; a result forwarding unit 1710 , Enabling the control node to forward the first hash value and the privacy calculation result to the requesting party, and the first hash value is used to communicate with the second hash value of the call request generated by the client Comparison, the comparison result is used to determine whether the privacy calculation result is reliable.
可选的,在所述智能合约为无状态合约的情况下,所述智能合约的入参数据包括所述智能合约中定义的合约状态的历史状态取值。Optionally, when the smart contract is a stateless contract, the input data of the smart contract includes the historical state value of the contract state defined in the smart contract.
上述实施例阐明的系统、装置、模块或单元,具体可以由计算机芯片或实体实现,或者由具有某种功能的产品来实现。一种典型的实现设备为计算机,计算机的具体形式可以是个人计算机、膝上型计算机、蜂窝电话、相机电话、智能电话、个人数字助理、媒体播放器、导航设备、电子邮件收发设备、游戏控制台、平板计算机、可穿戴设备或者这些设备中的任意几种设备的组合。The systems, devices, modules, or units illustrated in the above embodiments may be specifically implemented by computer chips or entities, or implemented by products with certain functions. A typical implementation device is a computer. The specific form of the computer can be a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email receiving and sending device, and a game control A console, a tablet computer, a wearable device, or a combination of any of these devices.
在一个典型的配置中,计算机包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。In a typical configuration, the computer includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.
内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。内存是计算机可读介质的示例。The memory may include non-permanent memory in a computer readable medium, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer readable media.
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带、磁盘存储、量子存储器、基于石墨烯的存储介质或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology. The information can be computer-readable instructions, data structures, program modules, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, disk storage, quantum memory, graphene-based storage media or other magnetic storage devices, or any other non-transmission media, can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
还需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、商品或者设备中还存在另外的相同要素。It should also be noted that the terms "include", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, commodity or equipment including a series of elements not only includes those elements, but also includes Other elements that are not explicitly listed, or also include elements inherent to such processes, methods, commodities, or equipment. If there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other identical elements in the process, method, commodity, or equipment that includes the element.
上述对本说明书特定实施例进行了描述。其它实施例在所附权利要求书的范围内。在一些情况下,在权利要求书中记载的动作或步骤可以按照不同于实施例中的顺序来执行并且仍然可以实现期望的结果。另外,在附图中描绘的过程不一定要求示出的特定顺序或者连续顺序才能实现期望的结果。在某些实施方式中,多任务处理和并行处理也是可以的或者可能是有利的。The foregoing describes specific embodiments of this specification. Other embodiments are within the scope of the appended claims. In some cases, the actions or steps described in the claims can be performed in a different order than in the embodiments and still achieve desired results. In addition, the processes depicted in the drawings do not necessarily require the specific order or sequential order shown in order to achieve the desired results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
在本说明书一个或多个实施例使用的术语是仅仅出于描述特定实施例的目的,而非旨在限制本说明书一个或多个实施例。在本说明书一个或多个实施例和所附权利要求书中所使用的单数形式的“一种”、“所述”和“该”也旨在包括多数形式,除非上下文清楚地表示其他含义。还应当理解,本文中使用的术语“和/或”是指并包含一个或多个相关联的列出项目的任何或所有可能组合。The terms used in one or more embodiments of this specification are only for the purpose of describing specific embodiments, and are not intended to limit one or more embodiments of this specification. The singular forms "a", "said" and "the" used in one or more embodiments of this specification and the appended claims are also intended to include plural forms, unless the context clearly indicates other meanings. It should also be understood that the term "and/or" as used herein refers to and includes any or all possible combinations of one or more associated listed items.
应当理解,尽管在本说明书一个或多个实施例可能采用术语第一、第二、第三等来描述各种信息,但这些信息不应限于这些术语。这些术语仅用来将同一类型的信息彼此区分开。例如,在不脱离本说明书一个或多个实施例范围的情况下,第一信息也可以被称为第二信息,类似地,第二信息也可以被称为第一信息。取决于语境,如在此所使用的词语“如果”可以被解释成为“在……时”或“当……时”或“响应于确定”。It should be understood that although the terms first, second, third, etc. may be used to describe various information in one or more embodiments of this specification, the information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other. For example, without departing from the scope of one or more embodiments of this specification, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information. Depending on the context, the word "if" as used herein can be interpreted as "when" or "when" or "in response to determination".
以上所述仅为本说明书一个或多个实施例的较佳实施例而已,并不用以限制本说明书一个或多个实施例,凡在本说明书一个或多个实施例的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本说明书一个或多个实施例保护的范围之内。The above descriptions are only preferred embodiments of one or more embodiments of this specification, and are not intended to limit one or more embodiments of this specification. All within the spirit and principle of one or more embodiments of this specification, Any modification, equivalent replacement, improvement, etc. made should be included in the protection scope of one or more embodiments of this specification.

Claims (77)

  1. 一种调用合约的方法,包括:A method of invoking a contract, including:
    链下隐私计算节点接收到经过加密的调用请求,并在链下可信执行环境中解密得到所述调用请求包含的链下合约的标识信息和入参数据的信息;The off-chain privacy computing node receives the encrypted call request, and decrypts it in the off-chain trusted execution environment to obtain the identification information of the off-chain contract and the information of the input data contained in the call request;
    所述链下隐私计算节点根据所述标识信息调用预先部署的所述链下合约的字节码,并通过部署于所述链下可信执行环境中的虚拟机执行所述字节码以对所述入参数据进行链下隐私计算;The off-chain privacy computing node invokes the bytecode of the pre-deployed off-chain contract according to the identification information, and executes the bytecode through the virtual machine deployed in the off-chain trusted execution environment. Perform off-chain privacy calculations on the input data;
    所述链下隐私计算节点在链下可信执行环境中对得到的链下隐私计算结果进行加密并反馈。The off-chain privacy computing node encrypts and feeds back the obtained off-chain privacy calculation results in an off-chain trusted execution environment.
  2. 根据权利要求1所述的方法,所述链下隐私计算节点接收到经过加密的调用请求,包括:所述链下隐私计算节点接收到区块链节点通过预言机机制传输的调用请求;The method according to claim 1, wherein the off-chain private computing node receives an encrypted call request, comprising: the off-chain private computing node receives a call request transmitted by a blockchain node through an oracle mechanism;
    所述链下隐私计算节点在链下可信执行环境中对得到的链下隐私计算结果进行加密并反馈,包括:所述链下计算节点通过预言机机制对所述链下隐私计算结果进行反馈。The off-chain privacy computing node encrypts and feeds back the obtained off-chain privacy calculation results in an off-chain trusted execution environment, including: the off-chain computing node feedbacks the off-chain privacy calculation results through an oracle mechanism .
  3. 根据权利要求2所述的方法,所述链下隐私计算节点接收到区块链节点通过预言机机制传输的调用请求,包括:The method according to claim 2, wherein the off-chain privacy computing node receives the call request transmitted by the blockchain node through the oracle mechanism, including:
    所述经过加密的调用请求由所述区块链节点从客户端提交的交易中提取得到;或者,The encrypted call request is extracted by the blockchain node from the transaction submitted by the client; or,
    所述经过加密的调用请求由所述区块链节点根据所述客户端提交的交易在自身创建的链上可信执行环境内执行链上合约而生成。The encrypted call request is generated by the blockchain node executing an on-chain contract in the trusted execution environment on the chain created by the blockchain node according to the transaction submitted by the client.
  4. 根据权利要求1所述的方法,所述链下隐私计算节点接收到经过加密的调用请求,包括:所述链下隐私计算节点接收到客户端直接发起的链下调用请求;The method according to claim 1, wherein the off-chain privacy computing node receives an encrypted call request, comprising: the off-chain privacy computing node receives an off-chain call request directly initiated by a client;
    所述链下隐私计算节点在链下可信执行环境中对得到的链下隐私计算结果进行加密并反馈,包括:所述链下计算节点将所述链下隐私计算结果直接反馈给客户端。The off-chain privacy computing node encrypts and feeds back the obtained off-chain privacy calculation results in an off-chain trusted execution environment, including: the off-chain computing node directly feeds back the off-chain privacy calculation results to the client.
  5. 根据权利要求1所述的方法,所述链下隐私计算节点接收到经过加密的调用请求,包括:The method according to claim 1, wherein the encrypted call request received by the off-chain privacy computing node includes:
    所述链下隐私计算节点直接从请求方处接收到经过加密的调用请求;或者,The off-chain privacy computing node directly receives the encrypted call request from the requesting party; or,
    在所述链下隐私计算节点属于链下隐私计算集群的情况下,所述链下隐私计算节点接收所述链下隐私计算集群的控制节点转发的经过加密的调用请求。In the case that the off-chain privacy computing node belongs to an off-chain privacy computing cluster, the off-chain privacy computing node receives the encrypted call request forwarded by the control node of the off-chain privacy computing cluster.
  6. 根据权利要求1所述的方法,所述调用请求由节点非对称密钥对的公钥进行加密后传输,且所述节点非对称密钥对的私钥被所述链下隐私计算节点所维护。The method according to claim 1, wherein the call request is transmitted after being encrypted by the public key of the node asymmetric key pair, and the private key of the node asymmetric key pair is maintained by the off-chain privacy computing node .
  7. 根据权利要求6所述的方法,所述链下隐私计算节点属于链下隐私计算集群,且所述节点非对称密钥对的私钥仅被所述链下隐私计算节点所维护;According to the method of claim 6, the off-chain privacy computing node belongs to an off-chain privacy computing cluster, and the private key of the node asymmetric key pair is only maintained by the off-chain privacy computing node;
    在所述经过加密的调用请求的目标节点被设定为所述链下隐私计算节点的情况下,所述经过加密的调用请求被所述链下隐私计算集群的控制节点接收并转发至所述链下隐私计算节点;In the case where the target node of the encrypted call request is set as the off-chain private computing node, the encrypted call request is received by the control node of the off-chain private computing cluster and forwarded to the Off-chain privacy computing nodes;
    在所述经过加密的调用请求的目标节点未设定的情况下,所述经过加密的调用请求被所述控制节点接收并转发至所述链下隐私计算集群中的所有链下隐私计算节点。In the case where the target node of the encrypted invocation request is not set, the encrypted invocation request is received by the control node and forwarded to all off-chain privacy computing nodes in the off-chain privacy computing cluster.
  8. 根据权利要求6所述的方法,所述链下隐私计算节点属于链下隐私计算集群,且所述节点非对称密钥对的私钥被所述链下隐私计算集群内的所有链下隐私计算节点共同维护;According to the method of claim 6, the off-chain privacy computing node belongs to an off-chain privacy computing cluster, and the private key of the node asymmetric key pair is used by all off-chain privacy computing in the off-chain privacy computing cluster. Joint maintenance of nodes;
    所述链下隐私计算节点被所述链下隐私计算集群的控制节点根据负载均衡算法从所述链下隐私计算集群中选取,且所述经过加密的调用请求被所述控制节点接收并转发至所述链下隐私计算节点。The off-chain privacy computing node is selected from the off-chain privacy computing cluster by the control node of the off-chain privacy computing cluster according to the load balancing algorithm, and the encrypted call request is received by the control node and forwarded to The off-chain privacy computing node.
  9. 根据权利要求1所述的方法,所述链下可信执行环境中部署有若干执行引擎;所述方法还包括:The method according to claim 1, wherein several execution engines are deployed in the off-chain trusted execution environment; the method further comprises:
    所述链下隐私计算节点确定所述字节码对应的执行引擎;The off-chain privacy computing node determines the execution engine corresponding to the bytecode;
    所述链下隐私计算节点通过确定出的执行引擎执行所述字节码。The off-chain privacy computing node executes the bytecode through the determined execution engine.
  10. 根据权利要求1所述的方法,还包括:The method according to claim 1, further comprising:
    所述链下隐私计算节点向请求方提供远程证明报告,所述远程证明报告由认证服务器对所述链下隐私计算节点产生的自荐信息进行验证后生成,所述自荐信息与所述链下隐私计算节点上创建的链下可信执行环境相关;The off-chain private computing node provides a remote attestation report to the requesting party. The remote attestation report is generated by the authentication server after verifying the self-recommended information generated by the off-chain private computing node. The self-recommended information is consistent with the off-chain privacy. The off-chain trusted execution environment created on the computing node is related;
    其中,所述调用请求由客户端在根据所述远程证明报告确定所述链下隐私计算节点可信的情况下发起。Wherein, the call request is initiated by the client when it is determined that the off-chain privacy computing node is credible according to the remote attestation report.
  11. 根据权利要求1所述的方法,所述入参数据的信息由合约非对称密钥对的公钥进行加密,所述合约非对称密钥由所述链下隐私计算节点在所述链下可信执行环境内预先生成且对应于所述链下合约的身份;所述方法还包括:According to the method of claim 1, the information of the input data is encrypted by the public key of the contract asymmetric key pair, and the contract asymmetric key is available to the off-chain private computing node by the off-chain private computing node. The identity that is generated in advance in the trust execution environment and corresponds to the off-chain contract; the method further includes:
    所述链下隐私计算节点根据所述合约非对称密钥对的私钥,在所述链下可信执行环境中解密得到所述入参数据的信息。The off-chain privacy computing node decrypts in the off-chain trusted execution environment according to the private key of the contract asymmetric key pair to obtain the information of the input data.
  12. 根据权利要求11所述的方法,According to the method of claim 11,
    不同的链下隐私计算节点针对所述链下合约生成的合约非对称密钥对不同;或者,Different off-chain privacy computing nodes generate different contract asymmetric key pairs for the off-chain contract; or,
    不同的链下隐私计算节点针对所述链下合约生成的合约非对称密钥对相同。Different off-chain privacy computing nodes generate the same contract asymmetric key pair for the off-chain contract.
  13. 根据权利要求1所述的方法,所述调用请求还包括指定对象的身份公钥的信息;所述链下隐私计算节点在链下可信执行环境中对得到的链下隐私计算结果进行加密并反馈,包括:The method according to claim 1, wherein the invocation request further includes information specifying the identity public key of the object; the off-chain private computing node encrypts the obtained off-chain private computing results in an off-chain trusted execution environment and Feedback, including:
    所述链下隐私计算节点根据所述身份公钥对所述执行结果进行加密后反馈。The off-chain privacy computing node encrypts the execution result according to the identity public key and feeds it back.
  14. 根据权利要求1所述的方法,所述调用请求还包含函数信息;所述链下隐私计算节点调用所述链下合约的字节码,包括:The method according to claim 1, wherein the call request further includes function information; the off-chain privacy computing node invoking the bytecode of the off-chain contract includes:
    所述链下隐私计算节点调用所述链下合约中对应于所述函数信息的字节码。The off-chain privacy computing node calls the bytecode corresponding to the function information in the off-chain contract.
  15. 根据权利要求1所述的方法,所述链下隐私计算结果包括以下至少之一:响应码、响应信息、合约调用的返回值、合约调用的过程输出。The method according to claim 1, wherein the off-chain privacy calculation result includes at least one of the following: response code, response information, return value of contract invocation, and process output of contract invocation.
  16. 根据权利要求1所述的方法,还包括:The method according to claim 1, further comprising:
    所述链下隐私计算节点对所述调用请求进行哈希运算得到第一哈希值;The off-chain privacy computing node performs a hash operation on the call request to obtain the first hash value;
    所述链下隐私计算节点将所述第一哈希值与所述链下隐私计算结果关联反馈,所述第一哈希值用于与请求方生成的所述调用请求的第二哈希值进行比较,所述比较结果用于确定所述链下隐私计算结果是否可靠。The off-chain privacy computing node associates feedback with the first hash value and the off-chain privacy calculation result, and the first hash value is used for the second hash value of the call request generated by the requesting party The comparison is performed, and the comparison result is used to determine whether the off-chain privacy calculation result is reliable.
  17. 根据权利要求1所述的方法,还包括:The method according to claim 1, further comprising:
    在所述链下合约为无状态合约的情况下,所述链下合约的入参数据包括所述链下合约中定义的合约状态的历史状态取值。In the case that the off-chain contract is a stateless contract, the input data of the off-chain contract includes the historical state value of the contract state defined in the off-chain contract.
  18. 一种调用合约的方法,包括:A method of invoking a contract, including:
    客户端生成调用请求,所述调用请求包含链下合约的标识信息和入参数据的信息;The client generates a call request, the call request includes the identification information of the off-chain contract and the information of the input parameter data;
    所述客户端向链下隐私计算节点发送经过加密的调用请求,所述标识信息和所述入参数据的信息被所述链下隐私计算节点在链下可信执行环境中解密得到后,所述标识信息用于指示所述链下隐私计算节点获取链下合约的字节码,并通过部署于所述链下可信执行环境中的虚拟机执行所述字节码以对所述入参数据进行链下隐私计算。The client sends an encrypted call request to the off-chain private computing node. After the identification information and the information of the input data are decrypted by the off-chain private computing node in the off-chain trusted execution environment, The identification information is used to instruct the off-chain privacy computing node to obtain the bytecode of the off-chain contract, and execute the bytecode through the virtual machine deployed in the off-chain trusted execution environment to input the parameter The data is subjected to off-chain privacy calculations.
  19. 根据权利要求18所述的方法,所述客户端向链下隐私计算节点发送经过加密的调用请求,包括:The method according to claim 18, wherein the client sends an encrypted call request to the off-chain privacy computing node, including:
    所述客户端向区块链节点提交交易,所述交易触发所述区块链节点通过预言机机制将经过加密的调用请求传输至所述链下隐私计算节点;The client submits a transaction to a blockchain node, and the transaction triggers the blockchain node to transmit the encrypted call request to the off-chain privacy computing node through the oracle mechanism;
    其中,所述链下隐私计算节点产生的链下隐私计算结果被反馈至所述区块链节点,所述链下隐私计算结果用于驱动所述区块链节点更新区块链账本数据。Wherein, the off-chain privacy calculation result generated by the off-chain privacy computing node is fed back to the blockchain node, and the off-chain privacy calculation result is used to drive the blockchain node to update the blockchain ledger data.
  20. 根据权利要求18所述的方法,所述客户端向链下隐私计算节点发送经过加密的调用请求,包括:所述客户端向所述链下隐私计算节点直接发起链下调用请求;所述方法还包括:The method according to claim 18, wherein the client sends an encrypted invocation request to the off-chain privacy computing node, comprising: the client directly initiates an off-chain invocation request to the off-chain privacy computing node; the method Also includes:
    所述客户端向区块链节点发起存证交易,所述存证交易包含所述链下隐私计算结果。The client initiates a certificate deposit transaction to a blockchain node, and the certificate deposit transaction includes the off-chain privacy calculation result.
  21. 根据权利要求18所述的方法,所述客户端向链下隐私计算节点发送经过加密的调用 请求,包括:The method according to claim 18, wherein the client sends an encrypted call request to the off-chain privacy computing node, including:
    所述客户端直接向链下隐私计算节点发送经过加密的调用请求;或者,The client directly sends the encrypted call request to the off-chain privacy computing node; or,
    在所述链下隐私计算节点属于链下隐私计算集群的情况下,所述客户端向所述链下隐私计算集群的控制节点发送经过加密的调用请求,以由所述控制节点转发所述调用请求。In the case that the off-chain privacy computing node belongs to the off-chain privacy computing cluster, the client sends an encrypted call request to the control node of the off-chain privacy computing cluster, so that the control node forwards the call ask.
  22. 根据权利要求18所述的方法,所述调用请求由节点非对称密钥对的公钥进行加密后传输,且所述节点非对称密钥对的私钥被所述链下隐私计算节点所维护。The method according to claim 18, wherein the call request is encrypted by the public key of the node asymmetric key pair and then transmitted, and the private key of the node asymmetric key pair is maintained by the off-chain privacy computing node .
  23. 根据权利要求22所述的方法,在所述链下隐私计算节点属于链下隐私计算集群的情况下,所述节点非对称密钥对的私钥仅被所述链下隐私计算节点所维护,或者所述节点非对称密钥对的私钥被所述链下隐私计算集群内的所有链下隐私计算节点共同维护。According to the method of claim 22, when the off-chain private computing node belongs to an off-chain private computing cluster, the private key of the node asymmetric key pair is only maintained by the off-chain private computing node, Or the private key of the node asymmetric key pair is jointly maintained by all the off-chain privacy computing nodes in the off-chain privacy computing cluster.
  24. 根据权利要求18所述的方法,还包括:The method of claim 18, further comprising:
    所述客户端获取所述链下隐私计算节点的远程证明报告,所述远程证明报告由认证服务器对所述链下隐私计算节点产生的自荐信息进行验证后生成,所述自荐信息与所述链下隐私计算节点上创建的链下可信执行环境相关;The client obtains the remote certification report of the off-chain private computing node. The remote certification report is generated by the authentication server after verifying the self-recommendation information generated by the off-chain private computing node. The off-chain trusted execution environment created on the next private computing node is related;
    所述客户端根据所述远程证明报告确定所述链下隐私计算节点可信的情况下,向所述链下隐私计算节点发送经过加密的调用请求。If the client determines that the off-chain private computing node is credible according to the remote attestation report, the client sends an encrypted call request to the off-chain private computing node.
  25. 根据权利要求18所述的方法,所述入参数据的信息由合约非对称密钥对的公钥进行加密,所述合约非对称密钥由所述链下隐私计算节点在所述链下可信执行环境内预先生成且对应于所述链下合约的身份;所述方法还包括:According to the method of claim 18, the information of the input data is encrypted by the public key of the contract asymmetric key pair, and the contract asymmetric key is available to the off-chain privacy computing node by the off-chain private computing node. The identity that is generated in advance in the trust execution environment and corresponds to the off-chain contract; the method further includes:
    所述客户端采用所述合约非对称密钥对的公钥对所述入参数据的信息进行加密后传输。The client uses the public key of the contract asymmetric key pair to encrypt the information of the input data before transmission.
  26. 根据权利要求25所述的方法,According to the method of claim 25,
    不同链下隐私计算节点针对所述链下合约生成的合约非对称密钥对不同;或者,Different off-chain privacy computing nodes generate different contract asymmetric key pairs for the off-chain contract; or,
    不同链下隐私计算节点针对所述链下合约生成的合约非对称密钥对相同。The contract asymmetric key pairs generated by different off-chain privacy computing nodes for the off-chain contract are the same.
  27. 根据权利要求18所述的方法,还包括:The method of claim 18, further comprising:
    客户端向调用请求中添加指定对象的身份公钥的信息;The client adds the information of the identity public key of the specified object to the call request;
    客户端接收所述链下隐私计算节点采用所述身份公钥对所述执行结果进行加密后返回的结果密文。The client receives the result ciphertext returned by the off-chain privacy computing node after encrypting the execution result using the identity public key.
  28. 根据权利要求18所述的方法,还包括:The method of claim 18, further comprising:
    客户端向调用请求中添加函数信息,所述函数信息用于指示所述链下隐私计算节点用于调用所述链下合约中对应于所述函数信息的的字节码。The client adds function information to the call request, and the function information is used to instruct the off-chain privacy computing node to call the bytecode corresponding to the function information in the off-chain contract.
  29. 根据权利要求18所述的方法,所述链下隐私计算结果包括以下至少之一:响应码、响应信息、合约调用的返回值、合约调用的过程输出。The method according to claim 18, the off-chain privacy calculation result includes at least one of the following: response code, response information, return value of contract call, and process output of contract call.
  30. 根据权利要求18所述的方法,还包括:The method of claim 18, further comprising:
    所述客户端接收到所述链下隐私计算节点对所述调用请求进行哈希运算得到的第一哈希值与所述链下隐私计算结果;The client receives the first hash value obtained by the off-chain privacy computing node hashing the call request and the off-chain privacy calculation result;
    所述客户端生成所述调用请求的第二哈希值,并将所述第一哈希值与所述第二哈希值进行比较;The client generates a second hash value of the call request, and compares the first hash value with the second hash value;
    所述客户端根据比较结果确定所述链下隐私计算结果是否可靠。The client determines whether the off-chain privacy calculation result is reliable according to the comparison result.
  31. 根据权利要求18所述的方法,还包括:The method of claim 18, further comprising:
    在所述链下合约为无状态合约的情况下,所述链下合约的入参数据包括所述链下合约中定义的合约状态的历史状态取值。In the case that the off-chain contract is a stateless contract, the input data of the off-chain contract includes the historical state value of the contract state defined in the off-chain contract.
  32. 一种调用合约的方法,包括:A method of invoking a contract, including:
    区块链节点获取经过加密的调用请求,所述调用请求包含链下合约的标识信息和入参数据的信息;The blockchain node obtains an encrypted call request, the call request includes the identification information of the off-chain contract and the information of the input parameter data;
    所述区块链节点通过预言机机制将经过加密的调用请求传输至链下隐私计算节点,所述标识信息和所述入参数据的信息被所述链下隐私计算节点在链下可信执行环境中解密得到后,所述标识信息用于指示所述链下隐私计算节点获取链下合约的字节码,并通过部署于所述链 下可信执行环境中的虚拟机执行所述字节码以对所述入参数据进行链下隐私计算;The blockchain node transmits the encrypted call request to the off-chain private computing node through the oracle mechanism, and the identification information and the information of the input data are trusted and executed off-chain by the off-chain private computing node After decryption in the environment, the identification information is used to instruct the off-chain private computing node to obtain the bytecode of the off-chain contract, and execute the byte code through the virtual machine deployed in the off-chain trusted execution environment Code to perform off-chain privacy calculation on the input parameter data;
    所述区块链节点接收所述链下隐私计算节点通过预言机机制反馈的链下隐私计算结果。The blockchain node receives the off-chain privacy calculation result fed back by the off-chain privacy computing node through the oracle mechanism.
  33. 根据权利要求32所述的方法,所述区块链节点获取经过加密的调用请求,包括:The method according to claim 32, wherein the block chain node obtaining the encrypted call request includes:
    区块链节点从客户端提交的交易中提取得到调用请求;或者,The blockchain node extracts the call request from the transaction submitted by the client; or,
    所述区块链节点根据所述客户端提交的交易在自身创建的链上可信执行环境内执行链上合约而生成调用请求。The blockchain node executes the on-chain contract in the trusted execution environment on the chain created by itself according to the transaction submitted by the client to generate a call request.
  34. 根据权利要求32所述的方法,还包括:The method of claim 32, further comprising:
    所述区块链节点将所述计算结果直接反馈至客户端;或者,The blockchain node directly feeds back the calculation result to the client; or,
    所述区块链节点根据接收到的所述计算结果更新区块链账本数据。The blockchain node updates the blockchain ledger data according to the received calculation result.
  35. 根据权利要求32所述的方法,所述区块链节点通过预言机机制将经过加密的调用请求传输至链下隐私计算节点,包括:The method according to claim 32, wherein the blockchain node transmits the encrypted call request to the off-chain privacy computing node through the oracle mechanism, including:
    区块链节点直接通过预言机机制将经过加密的调用请求传输至链下隐私计算节点;或者,The blockchain node directly transmits the encrypted call request to the off-chain private computing node through the oracle mechanism; or,
    在所述链下隐私计算节点属于链下隐私计算集群的情况下,所述区块链节点通过预言机机制将经过加密的调用请求传输至所述链下隐私计算集群的控制节点,以由所述控制节点转发所述调用请求。In the case that the off-chain privacy computing node belongs to the off-chain privacy computing cluster, the blockchain node transmits the encrypted call request to the control node of the off-chain privacy computing cluster through the oracle mechanism, so that all The control node forwards the call request.
  36. 根据权利要求32所述的方法,所述调用请求由节点非对称密钥对的公钥进行加密后传输,且所述非对称密钥对的私钥被所述链下隐私计算节点所维护。According to the method of claim 32, the call request is encrypted by the public key of the node asymmetric key pair and then transmitted, and the private key of the asymmetric key pair is maintained by the off-chain privacy computing node.
  37. 根据权利要求36所述的方法,在所述链下隐私计算节点属于链下隐私计算集群的情况下,所述节点非对称密钥对的私钥仅被所述链下隐私计算节点所维护,或者所述节点非对称密钥对的私钥被所述链下隐私计算集群内的所有链下隐私计算节点共同维护。According to the method of claim 36, when the off-chain private computing node belongs to an off-chain private computing cluster, the private key of the node asymmetric key pair is only maintained by the off-chain private computing node, Or the private key of the node asymmetric key pair is jointly maintained by all the off-chain privacy computing nodes in the off-chain privacy computing cluster.
  38. 根据权利要求32所述的方法,所述入参数据的信息由合约非对称密钥对的公钥进行加密,所述合约非对称密钥由所述链下隐私计算节点在所述链下可信执行环境内预先生成且对应于所述链下合约的身份。According to the method of claim 32, the information of the input data is encrypted by the public key of the contract asymmetric key pair, and the contract asymmetric key is available to the off-chain privacy computing node by the off-chain private computing node. The letter is generated in the execution environment in advance and corresponds to the identity of the off-chain contract.
  39. 根据权利要求32所述的方法,所述区块链节点接收所述链下隐私计算节点通过预言机机制反馈的计算结果,包括:The method according to claim 32, the block chain node receiving the calculation result fed back by the off-chain privacy computing node through the oracle mechanism, comprising:
    在所述调用请求中还包括指定对象的身份公钥的信息的情况下,所述区块链节点接收到所述链下隐私计算节点采用所述身份公钥对所述执行结果进行加密后返回的计算结果密文。In the case that the call request also includes the information of the identity public key of the specified object, the blockchain node receives that the off-chain privacy computing node uses the identity public key to encrypt the execution result and returns it Ciphertext of the calculation result.
  40. 根据权利要求32所述的方法,还包括:The method of claim 32, further comprising:
    所述区块链节点接收到所述链下隐私计算节点对所述调用请求进行哈希运算得到的第一哈希值与所述链下隐私计算结果;The blockchain node receives the first hash value obtained by the off-chain privacy computing node hashing the call request and the off-chain privacy calculation result;
    所述区块链节点将所述第一哈希值与所述链下隐私计算结果反馈至请求方,所述第一哈希值用于与所述请求方生成的所述调用请求的第二哈希值进行比较,比较结果用于确定所述链下隐私计算结果是否可靠。The blockchain node feeds back the first hash value and the off-chain privacy calculation result to the requesting party, and the first hash value is used for the second call request generated by the requesting party. The hash value is compared, and the comparison result is used to determine whether the off-chain privacy calculation result is reliable.
  41. 根据权利要求32所述的方法,还包括:The method of claim 32, further comprising:
    在所述链下合约为无状态合约的情况下,所述链下合约的入参数据包括所述链下合约中定义的合约状态的历史状态取值。In the case that the off-chain contract is a stateless contract, the input data of the off-chain contract includes the historical state value of the contract state defined in the off-chain contract.
  42. 一种调用合约的方法,包括:A method of invoking a contract, including:
    控制节点接收到经过加密的调用请求,所述调用请求包含链下合约的标识信息和入参数据的信息;The control node receives an encrypted call request, the call request includes the identification information of the off-chain contract and the information of the input parameter data;
    所述控制节点将所述调用请求转发至从链下隐私计算集群中选取的所述链下隐私计算节点;The control node forwards the call request to the off-chain privacy computing node selected from the off-chain privacy computing cluster;
    所述控制节点将从所述链下隐私计算节点接收到的链下隐私计算结果进行反馈。The control node will feed back the off-chain privacy calculation result received from the off-chain privacy computing node.
  43. 根据权利要求42所述的方法,所述控制节点接收到经过加密的调用请求,包括:The method according to claim 42, wherein the control node receives the encrypted call request, comprising:
    所述控制节点接收到区块链节点通过预言机机制传输的调用请求;或者,The control node receives the call request transmitted by the blockchain node through the oracle mechanism; or,
    所述控制节点接收客户端直接发送的链下调用请求。The control node receives the off-chain call request directly sent by the client.
  44. 根据权利要求42所述的方法,还包括:The method of claim 42, further comprising:
    所述控制节点直接将所述链下隐私计算结果反馈至客户端;或者,The control node directly feeds back the off-chain privacy calculation result to the client; or,
    所述控制节点通过预言机机制对所述链下隐私计算结果进行反馈。The control node feedbacks the off-chain privacy calculation result through the oracle mechanism.
  45. 根据权利要求42所述的方法,所述调用请求由节点非对称密钥对的公钥进行加密后传输,且所述非对称密钥对的私钥被所述链下隐私计算节点所维护。The method according to claim 42, wherein the call request is encrypted by the public key of the node asymmetric key pair and then transmitted, and the private key of the asymmetric key pair is maintained by the off-chain privacy computing node.
  46. 根据权利要求45所述的方法,所述节点非对称密钥对的私钥仅被所述链下隐私计算节点所维护;所述控制节点将所述调用请求转发至从链下隐私计算集群中选取的所述链下隐私计算节点,包括:The method according to claim 45, the private key of the node asymmetric key pair is only maintained by the off-chain private computing node; the control node forwards the call request to the off-chain private computing cluster The selected off-chain privacy computing nodes include:
    在经过加密的调用请求的目标节点被设定为所述链下隐私计算节点的情况下,所述控制接节点将所述调用请求转发至所述链下隐私计算节点;In the case where the target node of the encrypted call request is set as the off-chain private computing node, the control node forwards the call request to the off-chain private computing node;
    在所述经过加密的调用请求的目标节点未设定的情况下,所述控制节点将所述调用请求转发至所述链下隐私计算集群中的所有链下隐私计算节点。In the case that the target node of the encrypted call request is not set, the control node forwards the call request to all off-chain privacy computing nodes in the off-chain privacy computing cluster.
  47. 根据权利要求42所述的方法,所述节点非对称密钥对的私钥被所述链下隐私计算集群内的所有链下隐私计算节点共同维护;所述控制节点将所述调用请求转发至从链下隐私计算集群中选取的所述链下隐私计算节点,包括:According to the method of claim 42, the private key of the node asymmetric key pair is jointly maintained by all the off-chain privacy computing nodes in the off-chain privacy computing cluster; the control node forwards the call request to The off-chain privacy computing node selected from the off-chain privacy computing cluster includes:
    所述控制节点根据负载均衡算法从所述链下隐私计算集群中选取所述链下隐私计算节点,并将所述调用请求转发至所述链下隐私计算节点。The control node selects the off-chain privacy computing node from the off-chain privacy computing cluster according to the load balancing algorithm, and forwards the call request to the off-chain privacy computing node.
  48. 根据权利要求42所述的方法,还包括:The method of claim 42, further comprising:
    所述控制节点接收到所述链下隐私计算节点对所述调用请求进行哈希运算得到的第一哈希值与所述链下隐私计算结果;The control node receives the first hash value obtained by the off-chain privacy computing node performing a hash operation on the call request and the off-chain privacy calculation result;
    所述控制节点将所述第一哈希值与所述链下隐私计算结果转发至请求方,所述第一哈希值用于与请求方生成的所述调用请求的第二哈希值进行比较,比较结果用于确定所述链下隐私计算结果是否可靠。The control node forwards the first hash value and the off-chain privacy calculation result to the requesting party, and the first hash value is used to communicate with the second hash value of the call request generated by the requesting party. Comparison, the comparison result is used to determine whether the off-chain privacy calculation result is reliable.
  49. 根据权利要求42所述的方法,还包括:The method of claim 42, further comprising:
    在所述链下合约为无状态合约的情况下,所述链下合约的入参数据包括所述链下合约中定义的合约状态的历史状态取值。In the case that the off-chain contract is a stateless contract, the input data of the off-chain contract includes the historical state value of the contract state defined in the off-chain contract.
  50. 一种调用合约的方法,包括:A method of invoking a contract, including:
    隐私计算节点接收到经过加密的调用请求,并在可信执行环境中解密得到所述调用请求包含的智能合约的标识信息和入参数据的信息;The privacy computing node receives the encrypted call request, and decrypts in the trusted execution environment to obtain the identification information of the smart contract and the information of the input parameter data included in the call request;
    所述隐私计算节点根据所述标识信息调用预先部署的所述智能合约的字节码,并通过部署于所述可信执行环境中的虚拟机执行所述字节码以对所述入参数据进行隐私计算;The privacy computing node calls the pre-deployed bytecode of the smart contract according to the identification information, and executes the bytecode through the virtual machine deployed in the trusted execution environment to perform the input data Perform privacy calculations;
    所述隐私计算节点在可信执行环境中对得到的隐私计算结果进行加密并反馈。The private computing node encrypts and feeds back the obtained private computing result in a trusted execution environment.
  51. 根据权利要求50所述的方法,所述隐私计算节点接收到经过加密的调用请求,包括:The method according to claim 50, wherein the encrypted call request received by the privacy computing node includes:
    所述隐私计算节点直接从客户端处接收到经过加密的调用请求;或者,The privacy computing node directly receives the encrypted call request from the client; or,
    在所述隐私计算节点属于隐私计算集群的情况下,所述隐私计算节点接收所述隐私计算集群的控制节点转发的经过加密的调用请求。In the case that the private computing node belongs to a private computing cluster, the private computing node receives an encrypted call request forwarded by the control node of the private computing cluster.
  52. 根据权利要求50所述的方法,所述调用请求由节点非对称密钥对的公钥进行加密后传输,且所述节点非对称密钥对的私钥被所述隐私计算节点所维护。According to the method of claim 50, the call request is transmitted after being encrypted by the public key of the node asymmetric key pair, and the private key of the node asymmetric key pair is maintained by the privacy computing node.
  53. 根据权利要求52所述的方法,所述隐私计算节点属于隐私计算集群,且所述节点非对称密钥对的私钥仅被所述隐私计算节点所维护;According to the method of claim 52, the private computing node belongs to a private computing cluster, and the private key of the node asymmetric key pair is only maintained by the private computing node;
    在所述经过加密的调用请求的目标节点被设定为所述隐私计算节点的情况下,所述经过加密的调用请求被所述隐私计算集群的控制节点接收并转发至所述隐私计算节点;In a case where the target node of the encrypted call request is set as the private computing node, the encrypted call request is received by the control node of the private computing cluster and forwarded to the private computing node;
    在所述经过加密的调用请求的目标节点未设定的情况下,所述经过加密的调用请求被所述控制节点接收并转发至所述隐私计算集群中的所有隐私计算节点。In the case where the target node of the encrypted call request is not set, the encrypted call request is received by the control node and forwarded to all private computing nodes in the private computing cluster.
  54. 根据权利要求52所述的方法,所述隐私计算节点属于隐私计算集群,且所述节点非对称密钥对的私钥被所述隐私计算集群内的所有隐私计算节点共同维护;According to the method of claim 52, the private computing node belongs to a private computing cluster, and the private key of the node asymmetric key pair is jointly maintained by all private computing nodes in the private computing cluster;
    所述隐私计算节点被所述隐私计算集群的控制节点根据负载均衡算法从所述隐私计算集 群中选取,且所述经过加密的调用请求被所述控制节点接收并转发至所述隐私计算节点。The private computing node is selected from the private computing cluster by the control node of the private computing cluster according to a load balancing algorithm, and the encrypted call request is received by the control node and forwarded to the private computing node.
  55. 根据权利要求50所述的方法,还包括:The method of claim 50, further comprising:
    所述隐私计算节点对所述调用请求进行哈希运算得到第一哈希值;The privacy computing node performs a hash operation on the call request to obtain a first hash value;
    所述隐私计算节点将所述第一哈希值与隐私计算结果关联反馈,所述第一哈希值用于与客户端生成的所述调用请求的第二哈希值进行比较,所述比较结果用于确定所述隐私计算结果是否可靠。The privacy calculation node associates feedback with the first hash value and the privacy calculation result, and the first hash value is used to compare with the second hash value of the call request generated by the client, and the comparison The result is used to determine whether the privacy calculation result is reliable.
  56. 根据权利要求50所述的方法,还包括:The method of claim 50, further comprising:
    在所述智能合约为无状态合约的情况下,所述智能合约的入参数据包括所述智能合约中定义的状态的历史状态取值。In the case where the smart contract is a stateless contract, the input data of the smart contract includes the historical state value of the state defined in the smart contract.
  57. 一种调用合约的方法,包括:A method of invoking a contract, including:
    客户端生成调用请求,所述调用请求包含智能合约的标识信息和入参数据的信息;The client generates a call request, the call request includes the identification information of the smart contract and the information of the input data;
    所述客户端向隐私计算节点发送经过加密的调用请求,所述标识信息和所述入参数据的信息被所述隐私计算节点在可信执行环境中解密得到后,所述标识信息用于指示所述隐私计算节点获取智能合约的字节码,并通过部署于所述可信执行环境中的虚拟机执行所述字节码以对所述入参数据进行隐私计算。The client sends an encrypted call request to the private computing node. After the identification information and the information of the input data are decrypted by the private computing node in a trusted execution environment, the identification information is used to indicate The privacy computing node obtains the bytecode of the smart contract, and executes the bytecode through a virtual machine deployed in the trusted execution environment to perform a privacy calculation on the input parameter data.
  58. 根据权利要求57所述的方法,所述客户端向隐私计算节点发送经过加密的调用请求,包括:The method according to claim 57, wherein the client sends an encrypted call request to the privacy computing node, including:
    所述客户端直接向隐私计算节点发送经过加密的调用请求;或者,The client directly sends the encrypted call request to the privacy computing node; or,
    在所述隐私计算节点属于隐私计算集群的情况下,所述客户端向所述隐私计算集群的控制节点发送经过加密的调用请求,以由所述控制节点转发所述调用请求。In a case where the privacy computing node belongs to a privacy computing cluster, the client sends an encrypted call request to the control node of the privacy computing cluster, so that the control node forwards the call request.
  59. 根据权利要求57所述的方法,所述调用请求由节点非对称密钥对的公钥进行加密后传输,且所述节点非对称密钥对的私钥被所述隐私计算节点所维护。According to the method of claim 57, the call request is encrypted by the public key of the node asymmetric key pair and then transmitted, and the private key of the node asymmetric key pair is maintained by the privacy computing node.
  60. 根据权利要求59所述的方法,在所述隐私计算节点属于隐私计算集群的情况下,所述节点非对称密钥对的私钥仅被所述隐私计算节点所维护,或者所述节点非对称密钥对的私钥被所述隐私计算集群内的所有隐私计算节点共同维护。The method according to claim 59, when the private computing node belongs to a private computing cluster, the private key of the node asymmetric key pair is only maintained by the private computing node, or the node is asymmetric The private key of the key pair is jointly maintained by all private computing nodes in the private computing cluster.
  61. 根据权利要求57所述的方法,还包括:The method of claim 57, further comprising:
    所述客户端接收到所述隐私计算节点对所述调用请求进行哈希运算得到的第一哈希值与所述隐私计算结果;The client receives the first hash value and the privacy calculation result obtained by the privacy calculation node performing the hash calculation on the call request;
    所述客户端生成所述调用请求的第二哈希值,并将所述第一哈希值与所述第二哈希值进行比较;The client generates a second hash value of the call request, and compares the first hash value with the second hash value;
    所述客户端根据比较结果确定所述隐私计算结果是否可靠。The client determines whether the privacy calculation result is reliable according to the comparison result.
  62. 根据权利要求57所述的方法,还包括:The method of claim 57, further comprising:
    在所述智能合约为无状态合约的情况下,所述智能合约的入参数据包括所述智能合约中定义的合约状态的历史状态取值。In the case that the smart contract is a stateless contract, the input data of the smart contract includes the historical state value of the contract state defined in the smart contract.
  63. 一种调用合约的方法,包括:A method of invoking a contract, including:
    控制节点接收到客户端直接发送的经过加密的调用请求,所述调用请求包含智能合约的标识信息和入参数据的信息;The control node receives an encrypted call request directly sent by the client, and the call request includes the identification information of the smart contract and the information of the input parameter data;
    所述控制节点将所述调用请求转发至从隐私计算集群中选取的所述隐私计算节点;The control node forwards the call request to the private computing node selected from the private computing cluster;
    所述控制节点将从所述隐私计算节点接收到的隐私计算结果进行反馈。The control node feeds back the privacy calculation result received from the privacy calculation node.
  64. 根据权利要求63所述的方法,所述调用请求由节点非对称密钥对的公钥进行加密后传输,且所述非对称密钥对的私钥被所述隐私计算节点所维护。The method according to claim 63, wherein the call request is encrypted by the public key of the node asymmetric key pair and then transmitted, and the private key of the asymmetric key pair is maintained by the privacy computing node.
  65. 根据权利要求64所述的方法,所述节点非对称密钥对的私钥仅被所述隐私计算节点所维护;所述控制节点将所述调用请求转发至从隐私计算集群中选取的所述隐私计算节点,包括:According to the method of claim 64, the private key of the node asymmetric key pair is only maintained by the private computing node; the control node forwards the call request to the selected from the private computing cluster Privacy computing nodes, including:
    在经过加密的调用请求的目标节点被设定为所述隐私计算节点的情况下,所述控制接节点将所述调用请求转发至所述隐私计算节点;In the case where the target node of the encrypted call request is set as the private computing node, the control node forwards the call request to the private computing node;
    在所述经过加密的调用请求的目标节点未设定的情况下,所述控制节点将所述调用请求转发至所述隐私计算集群中的所有隐私计算节点。In the case where the target node of the encrypted call request is not set, the control node forwards the call request to all private computing nodes in the private computing cluster.
  66. 根据权利要求64所述的方法,所述节点非对称密钥对的私钥被所述隐私计算集群内的所有隐私计算节点共同维护;所述控制节点将所述调用请求转发至从隐私计算集群中选取的所述隐私计算节点,包括:The method according to claim 64, the private key of the node asymmetric key pair is jointly maintained by all private computing nodes in the private computing cluster; the control node forwards the call request to the slave private computing cluster The privacy computing node selected in includes:
    所述控制节点根据负载均衡算法从所述隐私计算集群中选取所述隐私计算节点,并将所述调用请求转发至所述隐私计算节点。The control node selects the privacy computing node from the privacy computing cluster according to a load balancing algorithm, and forwards the call request to the privacy computing node.
  67. 根据权利要求63所述的方法,还包括:The method of claim 63, further comprising:
    所述控制节点接收到所述隐私计算节点对所述调用请求进行哈希运算得到的第一哈希值与所述隐私计算结果;The control node receives the first hash value and the privacy calculation result obtained by the privacy calculation node performing a hash operation on the call request;
    所述控制节点将所述第一哈希值与所述隐私计算结果转发至请求方,所述第一哈希值用于与客户端生成的所述调用请求的第二哈希值进行比较,比较结果用于确定所述隐私计算结果是否可靠。The control node forwards the first hash value and the privacy calculation result to the requesting party, where the first hash value is used to compare with the second hash value of the call request generated by the client, and The comparison result is used to determine whether the privacy calculation result is reliable.
  68. 根据权利要求63所述的方法,还包括:The method of claim 63, further comprising:
    在所述智能合约为无状态合约的情况下,所述智能合约的入参数据包括所述智能合约中定义的合约状态的历史状态取值。In the case that the smart contract is a stateless contract, the input data of the smart contract includes the historical state value of the contract state defined in the smart contract.
  69. 一种调用合约的装置,包括:A device for invoking a contract, including:
    接收与解密单元,使链下隐私计算节点接收到经过加密的调用请求,并在链下可信执行环境中解密得到所述调用请求包含的链下合约的标识信息和入参数据的信息;The receiving and decrypting unit enables the off-chain private computing node to receive the encrypted call request, and decrypt it in the off-chain trusted execution environment to obtain the identification information of the off-chain contract and the information of the input data contained in the call request;
    调用与执行单元,使所述链下隐私计算节点根据所述标识信息调用预先部署的所述链下合约的字节码,并通过部署于所述链下可信执行环境中的虚拟机执行所述字节码以对所述入参数据进行链下隐私计算;The calling and execution unit enables the off-chain private computing node to invoke the bytecode of the pre-deployed off-chain contract according to the identification information, and execute all the data through the virtual machine deployed in the off-chain trusted execution environment The bytecode is used to perform off-chain privacy calculation on the input parameter data;
    反馈单元,使所述链下隐私计算节点在链下可信执行环境中对得到的链下隐私计算结果进行加密并反馈。The feedback unit enables the off-chain privacy computing node to encrypt and feed back the obtained off-chain privacy calculation results in an off-chain trusted execution environment.
  70. 一种调用合约的装置,包括:A device for invoking a contract, including:
    生成单元,使客户端生成调用请求,所述调用请求包含链下合约的标识信息和入参数据的信息;The generating unit enables the client to generate a call request, the call request including the identification information of the off-chain contract and the information of the input data;
    发送单元,使所述客户端向链下隐私计算节点发送经过加密的调用请求,所述标识信息和所述入参数据的信息被所述链下隐私计算节点在链下可信执行环境中解密得到后,所述标识信息用于指示所述链下隐私计算节点获取链下合约的字节码,并通过部署于所述链下可信执行环境中的虚拟机执行所述字节码以对所述入参数据进行链下隐私计算。The sending unit enables the client to send an encrypted call request to the off-chain private computing node, and the identification information and the information of the input parameter data are decrypted by the off-chain private computing node in the off-chain trusted execution environment After being obtained, the identification information is used to instruct the off-chain privacy computing node to obtain the bytecode of the off-chain contract, and execute the bytecode through the virtual machine deployed in the off-chain trusted execution environment to verify The input data is subjected to off-chain privacy calculations.
  71. 一种调用合约的装置,包括:A device for invoking a contract, including:
    获取单元,使区块链节点获取经过加密的调用请求,所述调用请求包含链下合约的标识信息和入参数据的信息;The obtaining unit enables the blockchain node to obtain the encrypted call request, the call request including the identification information of the off-chain contract and the information of the input data;
    传输单元,使所述区块链节点通过预言机机制将经过加密的调用请求传输至链下隐私计算节点,所述标识信息和所述入参数据的信息被所述链下隐私计算节点在链下可信执行环境中解密得到后,所述标识信息用于指示所述链下隐私计算节点获取链下合约的字节码,并通过部署于所述链下可信执行环境中的虚拟机执行所述字节码以对所述入参数据进行链下隐私计算;The transmission unit enables the blockchain node to transmit the encrypted call request to the off-chain private computing node through the oracle mechanism, and the identification information and the information of the input data are transferred to the off-chain private computing node by the off-chain private computing node. After being decrypted in the trusted execution environment, the identification information is used to instruct the off-chain private computing node to obtain the bytecode of the off-chain contract, and execute it through the virtual machine deployed in the off-chain trusted execution environment The bytecode is used to perform off-chain privacy calculation on the input data;
    接收单元,使所述区块链节点接收所述链下隐私计算节点通过预言机机制反馈的链下隐私计算结果。The receiving unit enables the blockchain node to receive the off-chain privacy calculation result fed back by the off-chain privacy computing node through the oracle mechanism.
  72. 一种调用合约的装置,包括:A device for invoking a contract, including:
    接收单元,使控制节点接收到经过加密的调用请求,所述调用请求包含链下合约的标识信息和入参数据的信息;The receiving unit enables the control node to receive an encrypted call request, the call request including the identification information of the off-chain contract and the information of the input data;
    转发单元,使所述控制节点将所述调用请求转发至从链下隐私计算集群中选取的所述链下隐私计算节点;A forwarding unit to enable the control node to forward the call request to the off-chain privacy computing node selected from the off-chain privacy computing cluster;
    反馈单元,使所述控制节点将从所述链下隐私计算节点接收到的链下隐私计算结果进行反馈。The feedback unit enables the control node to feed back the off-chain privacy calculation result received from the off-chain privacy computing node.
  73. 一种调用合约的装置,包括:A device for invoking a contract, including:
    接收与解密单元,使隐私计算节点接收到经过加密的调用请求,并在可信执行环境中解密得到所述调用请求包含的智能合约的标识信息和入参数据的信息;The receiving and decrypting unit enables the privacy computing node to receive the encrypted call request, and decrypt in a trusted execution environment to obtain the identification information of the smart contract and the information of the input parameter data contained in the call request;
    调用与计算单元,使所述隐私计算节点根据所述标识信息调用预先部署的所述智能合约的字节码,并通过部署于所述可信执行环境中的虚拟机执行所述字节码以对所述入参数据进行隐私计算;The calling and computing unit enables the privacy computing node to call the pre-deployed bytecode of the smart contract according to the identification information, and execute the bytecode through the virtual machine deployed in the trusted execution environment to Perform privacy calculation on the input parameter data;
    加密与反馈单元,使所述隐私计算节点在可信执行环境中对得到的隐私计算结果进行加密并反馈。The encryption and feedback unit enables the private computing node to encrypt and feed back the obtained private computing results in a trusted execution environment.
  74. 一种调用合约的装置,包括:A device for invoking a contract, including:
    生成调用请求单元,使客户端生成调用请求,所述调用请求包含智能合约的标识信息和入参数据的信息;Generating a call request unit to enable the client to generate a call request, the call request including the identification information of the smart contract and the information of the input parameter data;
    发送调用请求单元,使所述客户端向隐私计算节点发送经过加密的调用请求,所述标识信息和所述入参数据的信息被所述隐私计算节点在可信执行环境中解密得到后,所述标识信息用于指示所述隐私计算节点获取智能合约的字节码,并通过部署于所述可信执行环境中的虚拟机执行所述字节码以对所述入参数据进行隐私计算。Send a call request unit to enable the client to send an encrypted call request to the private computing node. After the identification information and the information of the input data are decrypted by the private computing node in a trusted execution environment, The identification information is used to instruct the privacy computing node to obtain the bytecode of the smart contract, and execute the bytecode through a virtual machine deployed in the trusted execution environment to perform privacy calculation on the input data.
  75. 一种调用合约的装置,包括:A device for invoking a contract, including:
    接收调用请求单元,使控制节点接收到客户端直接发送的经过加密的调用请求,所述调用请求包含智能合约的标识信息和入参数据的信息;Receiving a call request unit to enable the control node to receive an encrypted call request directly sent by the client, the call request including the identification information of the smart contract and the information of the input parameter data;
    转发调用请求单元,使所述控制节点将所述调用请求转发至从隐私计算集群中选取的所述隐私计算节点;A forwarding call request unit to enable the control node to forward the call request to the private computing node selected from the private computing cluster;
    反馈隐私计算结果单元,使所述控制节点将从所述隐私计算节点接收到的隐私计算结果进行反馈。The privacy calculation result feedback unit enables the control node to feed back the privacy calculation result received from the privacy calculation node.
  76. 一种电子设备,包括:An electronic device including:
    处理器;processor;
    用于存储处理器可执行指令的存储器;A memory for storing processor executable instructions;
    其中,所述处理器通过运行所述可执行指令以实现如权利要求1-68中任一项所述的方法。Wherein, the processor implements the method according to any one of claims 1-68 by running the executable instruction.
  77. 一种计算机可读存储介质,其上存储有计算机指令,该指令被处理器执行时实现如权利要求1-68中任一项所述方法的步骤。A computer-readable storage medium having computer instructions stored thereon, which, when executed by a processor, implement the steps of the method according to any one of claims 1-68.
PCT/CN2021/074145 2020-03-18 2021-01-28 Method and device for calling contract WO2021184970A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010190860.1 2020-03-18
CN202010190860.1A CN111090874B (en) 2020-03-18 2020-03-18 Contract calling method and device

Publications (1)

Publication Number Publication Date
WO2021184970A1 true WO2021184970A1 (en) 2021-09-23

Family

ID=70400561

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/074145 WO2021184970A1 (en) 2020-03-18 2021-01-28 Method and device for calling contract

Country Status (2)

Country Link
CN (2) CN112199701B (en)
WO (1) WO2021184970A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114499866A (en) * 2022-04-08 2022-05-13 深圳致星科技有限公司 Key hierarchical management method and device for federal learning and privacy calculation
CN114722422A (en) * 2022-02-18 2022-07-08 国网浙江省电力有限公司湖州供电公司 Contract management and control method and system based on marketing field operation platform
CN114978651A (en) * 2022-05-16 2022-08-30 中国联合网络通信集团有限公司 Privacy calculation evidence storage method and device, electronic equipment and storage medium
CN115065487A (en) * 2022-08-17 2022-09-16 北京锘崴信息科技有限公司 Privacy protection cloud computing method and cloud computing method for protecting financial privacy data
CN115242646A (en) * 2022-06-15 2022-10-25 西安电子科技大学 Block chain-based network slice application method and related device
WO2023185057A1 (en) * 2022-03-30 2023-10-05 蚂蚁区块链科技(上海)有限公司 Smart contract-based computing method and apparatus, and electronic device
CN118445835A (en) * 2024-07-09 2024-08-06 阿里云计算有限公司 Parameter tuning method and device and electronic equipment

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112199701B (en) * 2020-03-18 2024-06-14 支付宝(杭州)信息技术有限公司 Method and device for calling contract
CN113438289B (en) * 2020-07-08 2023-05-12 支付宝(杭州)信息技术有限公司 Block chain data processing method and device based on cloud computing
CN111770199B (en) 2020-08-31 2020-12-08 支付宝(杭州)信息技术有限公司 Information sharing method, device and equipment
CN113129017B (en) * 2020-08-31 2022-06-24 支付宝(杭州)信息技术有限公司 Information sharing method, device and equipment
CN112184220A (en) * 2020-09-22 2021-01-05 远光软件股份有限公司 Secure multiparty computing method, electronic device and storage medium
CN111857892B (en) * 2020-09-22 2020-12-18 支付宝(杭州)信息技术有限公司 Method and device for processing service through block chain
CN111930523B (en) * 2020-09-28 2024-09-24 支付宝(杭州)信息技术有限公司 Load balancing method and system for service cluster
CN113221166A (en) * 2021-05-11 2021-08-06 支付宝(杭州)信息技术有限公司 Method and device for acquiring block chain data, electronic equipment and storage medium
CN112989319B (en) * 2021-05-12 2021-08-31 支付宝(杭州)信息技术有限公司 Method, device, electronic equipment and storage medium for realizing trusted computing
CN113726733B (en) * 2021-07-19 2022-07-22 东南大学 Encryption intelligent contract privacy protection method based on trusted execution environment
CN114598554B (en) * 2022-05-09 2022-08-02 山东省计算中心(国家超级计算济南中心) Method and system for protecting user privacy data in application program
CN115439256B (en) * 2022-11-10 2023-03-24 杭州费尔斯通科技有限公司 Cloud computing big data computing result transaction method based on block chain

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018152519A1 (en) * 2017-02-20 2018-08-23 AlphaPoint Performance of distributed system functions using a trusted execution environment
CN109727131A (en) * 2018-12-28 2019-05-07 苏州鸿链信息科技有限公司 Method of commerce and system are executed under a kind of chain based on block chain contract layer
CN110060158A (en) * 2019-03-07 2019-07-26 阿里巴巴集团控股有限公司 Intelligent contract based on variable-length encoding executes method and apparatus
CN110520884A (en) * 2018-12-13 2019-11-29 阿里巴巴集团控股有限公司 Intelligent bond service outside chain based on credible performing environment
CN110580412A (en) * 2019-11-08 2019-12-17 支付宝(杭州)信息技术有限公司 Permission query configuration method and device based on chain codes
CN111090874A (en) * 2020-03-18 2020-05-01 支付宝(杭州)信息技术有限公司 Contract calling method and device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107329888B (en) * 2017-05-31 2019-10-18 深圳前海微众银行股份有限公司 Intelligent contract operation code coverage rate calculation method and system
CN108694669A (en) * 2018-07-18 2018-10-23 矩阵元技术(深圳)有限公司 A kind of block chain intelligence contract implementation method and device
CN109670335A (en) * 2018-12-20 2019-04-23 众安信息技术服务有限公司 For in the method and device interacted between data outside block chain and chain
CN110766550B (en) * 2019-09-05 2021-06-22 创新先进技术有限公司 Asset query method and device based on block chain and electronic equipment
CN111475827A (en) * 2019-11-08 2020-07-31 支付宝(杭州)信息技术有限公司 Private data query method and device based on down-link authorization

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018152519A1 (en) * 2017-02-20 2018-08-23 AlphaPoint Performance of distributed system functions using a trusted execution environment
CN110520884A (en) * 2018-12-13 2019-11-29 阿里巴巴集团控股有限公司 Intelligent bond service outside chain based on credible performing environment
CN109727131A (en) * 2018-12-28 2019-05-07 苏州鸿链信息科技有限公司 Method of commerce and system are executed under a kind of chain based on block chain contract layer
CN110060158A (en) * 2019-03-07 2019-07-26 阿里巴巴集团控股有限公司 Intelligent contract based on variable-length encoding executes method and apparatus
CN110580412A (en) * 2019-11-08 2019-12-17 支付宝(杭州)信息技术有限公司 Permission query configuration method and device based on chain codes
CN111090874A (en) * 2020-03-18 2020-05-01 支付宝(杭州)信息技术有限公司 Contract calling method and device

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114722422A (en) * 2022-02-18 2022-07-08 国网浙江省电力有限公司湖州供电公司 Contract management and control method and system based on marketing field operation platform
WO2023185057A1 (en) * 2022-03-30 2023-10-05 蚂蚁区块链科技(上海)有限公司 Smart contract-based computing method and apparatus, and electronic device
CN114499866A (en) * 2022-04-08 2022-05-13 深圳致星科技有限公司 Key hierarchical management method and device for federal learning and privacy calculation
CN114499866B (en) * 2022-04-08 2022-07-26 深圳致星科技有限公司 Key hierarchical management method and device for federal learning and privacy calculation
CN114978651A (en) * 2022-05-16 2022-08-30 中国联合网络通信集团有限公司 Privacy calculation evidence storage method and device, electronic equipment and storage medium
CN114978651B (en) * 2022-05-16 2023-07-07 中国联合网络通信集团有限公司 Privacy calculation evidence-storing method and device, electronic equipment and storage medium
CN115242646A (en) * 2022-06-15 2022-10-25 西安电子科技大学 Block chain-based network slice application method and related device
CN115242646B (en) * 2022-06-15 2024-02-13 西安电子科技大学 Block chain-based network slice application method and related device
CN115065487A (en) * 2022-08-17 2022-09-16 北京锘崴信息科技有限公司 Privacy protection cloud computing method and cloud computing method for protecting financial privacy data
CN118445835A (en) * 2024-07-09 2024-08-06 阿里云计算有限公司 Parameter tuning method and device and electronic equipment

Also Published As

Publication number Publication date
CN112199701B (en) 2024-06-14
CN111090874A (en) 2020-05-01
CN111090874B (en) 2020-09-01
CN112199701A (en) 2021-01-08

Similar Documents

Publication Publication Date Title
WO2021184970A1 (en) Method and device for calling contract
WO2021184961A1 (en) Contract deploying method and apparatus
WO2021184975A1 (en) Off-chain privacy calculation method and apparatus for on-chain data
WO2021184968A1 (en) Cluster key sharing method and device
WO2021184962A1 (en) Method and apparatus for generating shared contract key
WO2021184973A1 (en) External data accessing method and device
WO2021184882A1 (en) Method and apparatus for verifying contract
WO2021184963A1 (en) Contract calling method and apparatus
CN110580414B (en) Private data query method and device based on block chain account
CN110580418B (en) Private data query method and device based on block chain account
CN110580413B (en) Private data query method and device based on down-link authorization
CN110580262B (en) Private data query method and device based on intelligent contract
CN110580412B (en) Permission query configuration method and device based on chain codes
TWI701929B (en) Cryptographic calculation, method for creating working key, cryptographic service platform and equipment
CN110580245B (en) Private data sharing method and device
CN110580411B (en) Permission query configuration method and device based on intelligent contract

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21772110

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21772110

Country of ref document: EP

Kind code of ref document: A1