CN114881650B - Privacy-preserving distributed ledger auditing method and system based on TEE - Google Patents

Abstract

The invention discloses a privacy protection distributed account book auditing method and system based on TEE, wherein the method comprises the steps that a client firstly selects a proper service provider and registers the service provider as a legal user; in order to process the user service request, the service provider successfully runs a transaction verification program in a trusted execution environment after being authorized by a supervisor; before initiating a service request, a user reads the latest state of a distributed account book and obtains the confidential information; the user anonymously acquires the latest identity of the user from the supervisor; and finally, the user sends an identification and a transaction request to the trusted execution environment to complete the transaction. In the auditing link, an auditor describes the auditing task by using an executable file, and if the administrator approves the auditing, the auditor can obtain the auditing result, but the auditing result is inaccessible to the auditing process. The invention can realize high-efficiency and generalized audit function on the premise of fully protecting the privacy of the user.

Description

Translated fromChinese

基于TEE的隐私保护分布式账本审计方法及系统Privacy-preserving distributed ledger auditing method and system based on TEE

技术领域Technical Field

本发明属于分布式账本技术领域，具体涉及一种基于TEE的隐私保护分布式账本审计方法及系统。The present invention belongs to the technical field of distributed ledgers, and in particular relates to a privacy-preserving distributed ledger auditing method and system based on TEE.

背景技术Background technique

审计一般指针对特定的流程、质量系统或是合规性所进行的检查或审查，其对于威慑或揭露违法舞弊行为起着不可替代的作用，亦是解决“信息不对称”窘境的主要手段之一。例如，全球主要经济体的金融监管部门普遍要求上市公司定期向投资者等利益相关方披露经审计的财务报告，以保护利益相关方免受重大经济损失。分布式账本技术(如区块链技术等)的出现为审计工作带来行业转机，其记录不可篡改的特性可以有效防止待审计数据被恶意伪造，为业务记录的审计提供了更多的确定性，各行业领导者均积极布局这一“新兴基础设施”。Audit generally refers to the inspection or review of specific processes, quality systems or compliance. It plays an irreplaceable role in deterring or exposing illegal and fraudulent behaviors, and is also one of the main means to solve the dilemma of "information asymmetry". For example, financial regulators in major economies around the world generally require listed companies to disclose audited financial reports to investors and other stakeholders on a regular basis to protect stakeholders from significant economic losses. The emergence of distributed ledger technology (such as blockchain technology) has brought an industry turnaround for auditing. The tamper-proof nature of its records can effectively prevent the malicious falsification of audited data, providing more certainty for the audit of business records. Leaders in various industries are actively deploying this "emerging infrastructure".

然而，对分布式账本进行合规审计往往面临以下挑战：1)对用户隐私的保护程度不足，为了保证审计师正确完成审计任务，审计师对用户数据可能拥有超越必须程度的访问权限；2)审计功能的局限性，当对用户数据进行加密后，隐私保护下的审计工作往往只适用于特定审计类别，不具备通用性价值；3)审计效率底下，隐私保护下的审计工作往往依赖于零知识证明等复杂运算，审计效率无法适应大数据时代的数据量级。现有的方案仍然没有解决该类问题。However, compliance audits of distributed ledgers often face the following challenges: 1) Insufficient protection of user privacy. In order to ensure that auditors complete their audit tasks correctly, auditors may have access to user data beyond the necessary level; 2) Limitations of audit functions. When user data is encrypted, audits under privacy protection are often only applicable to specific audit categories and do not have universal value; 3) Low audit efficiency. Audits under privacy protection often rely on complex operations such as zero-knowledge proofs, and audit efficiency cannot adapt to the data volume in the big data era. Existing solutions still do not solve this problem.

发明内容Summary of the invention

本发明的主要目的在于克服现有技术的缺点与不足，提出一种基于TEE的隐私保护分布式账本审计方法及系统，通过可信执行环境TEE及默克尔树，用户可以在分布式账本上生成隐私保护的业务记录，审计师可以在获准后对用户的任意交易完成任意审计工作，且审计师仅可以获得最终审计结果。The main purpose of the present invention is to overcome the shortcomings and deficiencies of the prior art and to propose a privacy-preserving distributed ledger auditing method and system based on TEE. Through the trusted execution environment TEE and the Merkle tree, users can generate privacy-preserving business records on the distributed ledger, and auditors can complete any audit work on any transaction of the user after approval, and the auditors can only obtain the final audit results.

为了达到上述目的，本发明采用以下技术方案：In order to achieve the above object, the present invention adopts the following technical solutions:

基于TEE的隐私保护分布式账本审计方法，包括以下步骤：The privacy protection distributed ledger audit method based on TEE includes the following steps:

S1、用户向服务商提出注册请求，若请求通过，用户从服务商收到对用户的唯一标识符的数字签名；若监管者同意注册，用户从监管者收到注册信息；S1. The user submits a registration request to the service provider. If the request is approved, the user receives a digital signature of the user's unique identifier from the service provider; if the regulator agrees to the registration, the user receives registration information from the regulator;

S2、服务商在监管者许可与配合下，在可信执行环境TEE中启动交易验证程序；S2. With the permission and cooperation of the regulator, the service provider starts the transaction verification procedure in the trusted execution environment TEE;

S3、用户在发起业务请求前，向监管者匿名请求并计算最新身份证明，并向任意服务商请求当前可用可信执行环境TEE；S3. Before initiating a business request, the user anonymously requests and calculates the latest identity proof from the regulator, and requests the currently available trusted execution environment TEE from any service provider;

并且，用户还读取分布式账本最新状态，并解密私密内容用于生成业务请求；In addition, users also read the latest status of the distributed ledger and decrypt private content to generate business requests;

S4、用户选择任意可信执行环境TEE完成远程鉴证，并向其发送身份证明与业务请求，用户再次读取分布式账本最新状态，确认业务请求是否已生效；S4. The user selects any trusted execution environment TEE to complete remote authentication and sends the identity certificate and business request to it. The user reads the latest status of the distributed ledger again to confirm whether the business request has taken effect.

S5、审计师请求在任意服务商部署的可信执行环境TEE中装载代表审计任务的程序代码，并向监管者发送审计请求；S5. The auditor requests to load the program code representing the audit task in the trusted execution environment TEE deployed by any service provider, and sends the audit request to the regulator;

S6、可信执行环境TEE向监管者远程鉴证，若鉴证成功，监管者向可信执行环境TEE发送解密密钥及待审计内容。S6. The trusted execution environment TEE remotely authenticates the regulator. If the authentication is successful, the regulator sends the decryption key and the content to be audited to the trusted execution environment TEE.

进一步的，步骤S1中：Furthermore, in step S1:

注册请求通过的用户U收到数字签名σ＝∑.Sig(ssk_P，U)，收到后，用户验证∑.Vf(spk_P，U，σ)＝1，并向监管者发送(U，P，σ)以完成注册流程；User U whose registration request is approved receives the digital signature σ = ∑.Sig(ssk_P , U). After receiving it, the user verifies ∑.Vf(spk_P , U, σ) = 1 and sends (U, P, σ) to the regulator to complete the registration process;

当监管者收到(U，P，σ)，首先根据要求审核用户U注册的合法性，若同意注册，验证∑.Vf(spk_P，U，σ)＝1并为其生成专属用户规则或信息usrSpecif，同时为用户生成随机数r与m；When the regulator receives (U, P, σ), it first reviews the legitimacy of user U's registration according to the requirements. If the user agrees to register, it verifies that ∑.Vf(spk_P , U, σ) = 1 and generates exclusive user rules or information usrSpecif for the user, and generates random numbers r and m for the user.

监管者存储一叶子结点个数为2^|m|的默克尔树M；The supervisor stores a Merkle tree M with 2^|m| leaf nodes;

设H为抗碰撞哈希函数，监管者将H(usrSpecif，r，m)插入默克尔树M，并重新计算默克尔树M的根结点并记录各结点值，并向用户返回注册信息 (usrSpecif，r，m)；Let H be a collision-resistant hash function. The supervisor inserts H(usrSpecif, r, m) into the Merkle tree M, recalculates the root node of the Merkle tree M, records the value of each node, and returns the registration information (usrSpecif, r, m) to the user.

其中，∑为P使用的签名方案，Sig为签名算法，Vf()为签名验证算法， (spk_P，ssk_P)为服务商P所持有的签名用公私钥对。Where ∑ is the signature scheme used by P, Sig is the signature algorithm, Vf() is the signature verification algorithm, and (spk_P , ssk_P ) is the public and private key pair for signature held by service provider P.

进一步的，步骤S2中，交易验证程序vfProg包含获取加密密钥、生成签名密钥、请求默克尔树根结点以及交易验证，具体为：Furthermore, in step S2, the transaction verification program vfProg includes obtaining encryption keys, generating signature keys, requesting Merkle tree root nodes, and transaction verification, specifically:

交易验证程序与监管者完成远程鉴证后，从监管者获取对称密钥K；After the transaction verification program and the regulator complete remote authentication, they obtain the symmetric key K from the regulator;

运行∑.KGEN生成对称密钥(spk，ssk)，程序输出(spk，σ_TEE)，σ_TEE＝∑_TEE.Sig(ssk_TEE，spk)；即可信执行环境TEE对spk所作的远程鉴证；Run ∑.KGEN to generate a symmetric key (spk, ssk), and the program output is (spk, σ_TEE ), σ_TEE = ∑_TEE .Sig(ssk_TEE , spk); that is, the trusted execution environment TEE performs remote authentication on spk;

向监管者请求最新的默克尔树M根结点merkleRoot；Request the latest Merkle tree M root node merkleRoot from the regulator;

根据merkleRoot验证身份证明、匿名字段的正确性，根据特定业务逻辑与usrSpecif验证txReq的正确性，并输出交易tx；Verify the correctness of the identity proof and anonymous fields according to merkleRoot, verify the correctness of txReq according to specific business logic and usrSpecif, and output transaction tx;

交易tx的具体表示为(c_a，c_p，pub，ktag，σ_TEE，spk，σ)；The specific representation of transaction tx is (_ca ,_cp , pub, ktag,_σTEE , spk, σ);

其中，c_a为业务所定义的可审计字段，用于存储可供审计的信息，由对称密钥K加密；c_p为业务所定义的非公开内容，由指定的对称或非对称密钥加密； pub为交易的公开可访问字段；ktag为业务参与方自定义匿名标签；σ_TEE为对交易验证程序内生成spk所作远程鉴证，用于证明spk生成的正确性与机密性； spk为交易验证程序内生成的签名公私钥对的公开部分；σ为用ssk对前述各字段所作签名，σ＝∑.Sig(ssk，(c_a，c_p，pub，ktag，σ_TEE，spk))；Wherein, c_a is an auditable field defined by the business, used to store auditable information, encrypted by the symmetric key K;_cp is a non-public content defined by the business, encrypted by a specified symmetric or asymmetric key; pub is a publicly accessible field of the transaction; ktag is a customized anonymous tag of the business participant; σ_TEE is a remote authentication of spk generated in the transaction verification program, used to prove the correctness and confidentiality of spk generation; spk is the public part of the signature public-private key pair generated in the transaction verification program; σ is the signature of the above fields using ssk, σ=∑.Sig(ssk, (c_a , c_p , pub, ktag, σ_TEE , spk));

其中，∑_TEE为可信执行环境使用的签名方案，∑为P使用的签名方案，KGEN 代表签名方案的密钥生成算法，Sig为签名算法，ssk_TEE为可信执行环境TEE所持签名私钥。Among them, ∑_TEE is the signature scheme used by the trusted execution environment, ∑ is the signature scheme used by P, KGEN represents the key generation algorithm of the signature scheme, Sig is the signature algorithm, and ssk_TEE is the signature private key held by the trusted execution environment TEE.

进一步的，可信执行环境TEE将所生成交易tx直接发予分布式账本维护者进行验证，分布式账本维护者，根据分布式账本的实际类型，为服务提供商本身或其他公有分布式账本的维护者，具体为：Furthermore, the trusted execution environment TEE sends the generated transaction tx directly to the distributed ledger maintainer for verification. The distributed ledger maintainer, depending on the actual type of the distributed ledger, is the service provider itself or the maintainer of other public distributed ledgers, specifically:

分布式账本维护者从可信执行环境TEE收到交易tx，将其解析为(c_a，c_p，pub，ktag，σ_TEE，spk，σ)，并验证∑_TEE.Vf(spk_TEE，spk，σ_TEE)＝1及∑.Vf(spk，(c_a，c_p，pub，ktag，σ_TEE，spk)，σ)＝1，最后分布式账本维护者根据具体业务类型与当前账本验证tx的合法性后将其加入分布式账本；The distributed ledger maintainer receives the transaction tx from the trusted execution environment TEE, parses it into (_ca ,_cp , pub, ktag,_σTEE , spk, σ), and verifies that_∑TEE.Vf (_spkTEE , spk,_σTEE ) = 1 and ∑.Vf(spk, (_ca ,_cp , pub, ktag,_σTEE , spk), σ) = 1. Finally, the distributed ledger maintainer verifies the legitimacy of tx according to the specific business type and the current ledger and adds it to the distributed ledger.

其中，Vf()为签名验证算法，spk_TEE为可信执行环境TEE所持验证签名公钥。Among them, Vf() is the signature verification algorithm, and spk_TEE is the verification signature public key held by the trusted execution environment TEE.

进一步的，步骤S3具体为：Furthermore, step S3 is specifically as follows:

用户向监管者发送位于所属叶子结点至默克尔树M根结点路径上的任意结点编号v，监管者向用户返回v到e的路径上的所有结点及其兄弟结点与位于v结点下的所有叶子结点所构成的集合，用户据此还原出其完整的存在性证明，即身份证明proof；The user sends the supervisor any node number v on the path from the leaf node to the root node of the Merkle tree M. The supervisor returns to the user the set of all nodes on the path from v to e, their sibling nodes, and all leaf nodes under node v. The user can restore its complete existence proof, i.e., proof of identity.

当用户向服务商查询可用可信执行环境TEE时，服务商向其返回启动交易验证程序时所得输出(spk，σ_TEE)；When the user queries the service provider for an available trusted execution environment TEE, the service provider returns the output (spk, σ_TEE ) obtained when starting the transaction verification program;

用户通过所持有的解密密钥解密字段c_p，m_p＝SE.Dec(K，c_p)或m_p＝ AE.Dec(esk，c_p)，通过解密内容m_p的合法性判断自身是否为交易的参与方并获取私密内容，用户生成业务请求txReq；The user decrypts the field c_p using the decryption key he holds,_mp = SE.Dec(K, c_p ) or_mp = AE.Dec(esk, c_p ), determines whether he is a participant in the transaction and obtains private content based on the legitimacy of the decrypted content_mp , and generates a service request txReq;

其中，∑_TEE为可信执行环境使用的签名方案，SE代表对称加密方案，AE代表非对称加密方案，Dec代表解密算法，spk_TEE为可信执行环境TEE所持验证签名公钥。Among them, ∑_TEE is the signature scheme used by the trusted execution environment, SE represents the symmetric encryption scheme, AE represents the asymmetric encryption scheme, Dec represents the decryption algorithm, and spk_TEE is the verification signature public key held by the trusted execution environment TEE.

进一步的，步骤S4具体为：Furthermore, step S4 is specifically as follows:

用户选择任意可信执行环境TEE，验证∑_TEE.Vf(spk_TEE，spk，σ_TEE)＝1完成对交易验证程序vfProg及所生成spk的远程鉴证，随后向其发送最新身份证明 proof及业务请求txReq；The user selects any trusted execution environment TEE, verifies that ∑_TEE .Vf(spk_TEE , spk, σ_TEE )=1 to complete the remote authentication of the transaction verification program vfProg and the generated spk, and then sends the latest identity proof and business request txReq to it;

用户从分布式账本上读取最新状态，用户通过所持有的解密密钥解密字段 c_p，m_p＝SE.Dec(K，c_p)或m_p＝AE.Dec(esk，c_p)，以判断该交易是否为所提交交易，确认业务请求是否已生效。The user reads the latest status from the distributed ledger and decrypts the field c_p ,_mp = SE.Dec(K, c_p ) or_mp = AE.Dec(esk, c_p ) using the decryption key held by the user to determine whether the transaction is the submitted transaction and confirm whether the business request has taken effect.

进一步的，步骤S5具体为：Furthermore, step S5 is specifically as follows:

审计师通过ktag判断所审计用户是否可能涉及某一特定交易；Auditors use ktags to determine whether the audited user may be involved in a specific transaction;

审计师将程序代码audProg发予任意服务商，同时，将代表审计任务的可执行代码audProg及待审计内容{c_a}发予监管者进行审核；The auditor sends the program code audProg to any service provider, and at the same time, sends the executable code audProg representing the audit task and the content to be audited {c_a } to the regulator for review;

若审核失败且复议无效，监管者中止流程并对审计师进行警告或惩罚；If the audit fails and the reconsideration is ineffective, the regulator will terminate the process and warn or punish the auditor;

若审核通过且服务商当前可接受审计任务，则在其部署的可信执行环境内运行audProg，audProg向监管者作远程鉴证。If the audit is passed and the service provider is currently able to accept audit tasks, audProg will be run in the trusted execution environment deployed by it, and audProg will provide remote authentication to the regulator.

进一步的，步骤S6具体为：Furthermore, step S6 is specifically as follows:

鉴证成功后监管者向可信执行环境TEE发送解密密钥K及待审计内容{c_a}，audProg利用解密密钥K解密c_a获得m_a＝SE.Dec(K，c_a)，完成密文审计工作，输出审计结果result与h＝H({c_a})，令 outp′＝AE.Enc(epk，(result，h))，audProg将密文与远程鉴证签名σ_TEE＝∑_TEE.Sig(ssk_TEE，outp′)一并输出给服务商，由其转发审计师；After the authentication is successful, the supervisor sends the decryption key K and the audit content {c_a } to the trusted execution environment TEE. audProg uses the decryption key K to decrypt c_a to obtain_ma = SE.Dec(K, c_a ), completes the ciphertext audit, and outputs the audit results result and h = H({c_a }). Let outp′ = AE.Enc(epk, (result, h)). audProg outputs the ciphertext and the remote authentication signature σ_TEE = ∑_TEE .Sig(ssk_TEE , outp′) to the service provider, who forwards it to the auditor.

其中，∑_TEE为可信执行环境使用的签名方案，Sig为签名算法，SE代表对称加密方案，AE代表非对称加密方案，Enc代表加密算法，Dec代表解密算法，H为抗碰撞哈希函数，ssk_TEE为可信执行环境TEE所持签名私钥；Where ∑_TEE is the signature scheme used by the trusted execution environment, Sig is the signature algorithm, SE represents the symmetric encryption scheme, AE represents the asymmetric encryption scheme, Enc represents the encryption algorithm, Dec represents the decryption algorithm, H is the collision-resistant hash function, and ssk_TEE is the signature private key held by the trusted execution environment TEE;

审计师从服务商收到(outp′，σ_TEE)，进行远程鉴证，即验证∑_TEE.Vf(spk_TEE，outp′，σ_TEE)＝1，并用解密密钥esk解密outp′，即(result，h)＝ AE.Dec(esk，outp′)，审计师验证h＝H({c_a})以确认审计结果的正确性；The auditor receives (outp′, σ_TEE ) from the service provider and performs remote authentication, i.e., verifies ∑_TEE .Vf(spk_TEE , outp′, σ_TEE ) = 1, and decrypts outp′ with the decryption key esk, i.e., (result, h) = AE.Dec(esk, outp′). The auditor verifies h = H({c_a }) to confirm the correctness of the audit result;

其中，Vf()为签名验证算法，spk_TEE为可信执行环境TEE所持验证签名公钥。Among them, Vf() is the signature verification algorithm, and spk_TEE is the verification signature public key held by the trusted execution environment TEE.

进一步的，程序代码audProg具体包括：Furthermore, the program code audProg specifically includes:

可信执行环境TEE向监管者完成远程鉴证并请求解密密钥与待审计交易，审计内容为交易的字段c_a，解密用对称密钥K与待审计内容一并发送至可信执行环境TEE；The trusted execution environment TEE completes remote authentication to the regulator and requests the decryption key and the transaction to be audited. The audit content is the transaction field c_a . The decryption symmetric key K is sent to the trusted execution environment TEE together with the content to be audited.

在隐私保护的审计环节中，可信执行环境TEE使用对称密钥K解密待审计内容，m_a＝SE.Dec(K，c_a)，并对其明文执行审计代码，获得计算结果的明文 result；In the privacy protection audit phase, the trusted execution environment TEE uses the symmetric key K to decrypt the content to be audited,_ma = SE.Dec(K, c_a ), and executes the audit code on its plaintext to obtain the plaintext result of the calculation result;

可信执行环境TEE利用嵌入代码中的审计师加密公钥加密运算结果result 与审计内容哈希值获得outp′，将密文与远程鉴证签名σ_TEE＝∑_TEE.Sig(ssk_TEE，outp′)一并输出给服务商。The trusted execution environment TEE uses the auditor's encrypted public key embedded in the code to encrypt the operation result result and the audit content hash value to obtain outp′, and outputs the ciphertext and the remote authentication signature σ_TEE =∑_TEE .Sig(ssk_TEE ,outp′) to the service provider.

本发明还包括一种基于可信执行环境TEE的隐私保护分布式账本审计系统，系统应用提供的所述隐私保护分布式账本审计方法，包括注册模块、处理授权模块、业务模块、审计授权模块以及审计模块：The present invention also includes a privacy-preserving distributed ledger auditing system based on a trusted execution environment TEE. The privacy-preserving distributed ledger auditing method provided by the system application includes a registration module, a processing authorization module, a business module, an audit authorization module, and an audit module:

注册模块，用于在用户、服务商及监管者的协作之下完成用户注册流程；The registration module is used to complete the user registration process with the collaboration of users, service providers and regulators;

处理授权模块，用于完成监管者对服务商启动交易验证程序的授权；Processing authorization module, used to complete the regulator's authorization to the service provider to initiate the transaction verification procedure;

业务模块，运行于服务商部署的可信执行环境TEE内，负责接受用户的业务请求，验证业务请求的有效性，并生成业务记录及用于证明交易已正确验证的远程鉴证签名，该模块向分布式账本的维护者发送生成的交易及远程鉴证签名；The business module runs in the trusted execution environment TEE deployed by the service provider. It is responsible for accepting the user's business request, verifying the validity of the business request, and generating business records and remote authentication signatures to prove that the transaction has been correctly verified. This module sends the generated transaction and remote authentication signature to the maintainer of the distributed ledger;

审计授权模块，用于完成监管者对审计师审计任务的授权；Audit authorization module, used to complete the regulator's authorization of auditors' audit tasks;

审计模块，根据可执行代码的要求完成审计任务。Audit module, completes audit tasks according to the requirements of executable code.

本发明与现有技术相比，具有如下优点和有益效果：Compared with the prior art, the present invention has the following advantages and beneficial effects:

1、本发明在完全保护分布式账本上的用户交易隐私的同时，可以支持审计师的任意合理审计需求，且该过程仅向审计师泄露精准审计结果，且效率理想。因此，本发明技术方案能够在充分保护用户隐私的前提下，实现高效且一般化的审计功能。1. While fully protecting the privacy of user transactions on the distributed ledger, the present invention can support any reasonable audit needs of auditors, and the process only discloses accurate audit results to auditors with ideal efficiency. Therefore, the technical solution of the present invention can achieve efficient and generalized audit functions under the premise of fully protecting user privacy.

2、相比传统的软件方案，本发明结合了硬件安全领域的最新研究成果可信执行环境TEE，能够在隐私保护的前提下进行明文直接审计，在充分保护用户隐私数据的同时能够完全具备审计实操所需的高效性与灵活性。2. Compared with traditional software solutions, the present invention combines the latest research results in the field of hardware security, the Trusted Execution Environment TEE, which can perform plaintext direct auditing under the premise of privacy protection, and can fully protect user privacy data while fully possessing the efficiency and flexibility required for audit operations.

3、本发明针对可信执行环境TEE的硬件缺陷进行了专门设计，以密码学方案克服了其缺乏可信时间源、可信执行内存瓶颈及运行效率减损等问题，增强了隐私保护审计方法及系统的稳健性与完备性。3. The present invention is specially designed to address the hardware defects of the trusted execution environment TEE, and overcomes the problems of lack of a trusted time source, trusted execution memory bottleneck, and reduced operating efficiency through cryptographic solutions, thereby enhancing the robustness and completeness of the privacy protection audit method and system.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1是本实施例方法的流程示意图；FIG1 is a schematic diagram of a flow chart of the method of this embodiment;

图2是本实施例系统的结构示意图。FIG. 2 is a schematic diagram of the structure of the system of this embodiment.

具体实施方式Detailed ways

下面结合实施例及附图对本发明作进一步详细的描述，但本发明的实施方式不限于此。The present invention is further described in detail below in conjunction with embodiments and drawings, but the embodiments of the present invention are not limited thereto.

实施例Example

如图1所示，基于TEE的隐私保护分布式账本审计方法，包括以下步骤：As shown in Figure 1, the privacy protection distributed ledger audit method based on TEE includes the following steps:

步骤S1：用户向服务商提出注册申请，获批用户获得服务商签名认证σ。Step S1: The user submits a registration application to the service provider, and the approved user obtains the service provider's signature authentication σ.

在本实施例中，用户向服务商出示个人身份信息以及相关的证明材料，形式包括但不限于图片、文字(WORD、PDF等)，服务商对申请材料审核通过后对用户的唯一标识符U作数字签名σ＝∑.Sig(ssk_P，U)，若用户可向单个服务商注册多个不同账户，则可在签名内容中加入时间戳或其它标识以区分。用户收到签名后验证∑.Vf(spk_P，U，σ)＝1；In this embodiment, the user presents personal identity information and related certification materials to the service provider, in the form of but not limited to pictures, text (WORD, PDF, etc.). After the service provider reviews and approves the application materials, it digitally signs the user's unique identifier U as σ=∑.Sig(ssk_P , U). If the user can register multiple different accounts with a single service provider, a timestamp or other identifier can be added to the signature content to distinguish them. After receiving the signature, the user verifies ∑.Vf(spk_P , U, σ)=1;

其中，∑为P使用的签名方案，Sig为签名算法，Vf()为签名验证算法，ssk_P为服务商P所持有的签名用私钥，spk_P为服务商P所持有的验证签名用公钥。Among them, ∑ is the signature scheme used by P, Sig is the signature algorithm, Vf() is the signature verification algorithm, ssk_P is the private key for signature held by service provider P, and spk_P is the public key for signature verification held by service provider P.

步骤S2：用户向监管者提供注册证明σ，获批用户获得注册信息 (usrSpecif，r，m)并完成注册。Step S2: The user provides the regulator with a registration certificate σ, and the approved user obtains the registration information (usrSpecif, r, m) and completes the registration.

在本实施例中，用户向监管者发送(U，P，σ)以完成注册流程，若同意注册，监管者验证∑.Vf(spk_P，U，σ)＝1并为其生成专属用户规则或信息usrSpecif，其依不同的场景而定义，如在支付场景，其可为用户的单笔交易最高支付额度。同时为用户生成随机数r与m，其中，监管者存储了一叶子结点个数为2^|m|的默克尔树M。设H为抗碰撞哈希函数，监管者将H(usrSpecif，r，m)插入默克尔树M，并重新计算默克尔树M的根结点并记录各结点值，并向用户返回 (usrSpecif，r，m)。In this embodiment, the user sends (U, P, σ) to the regulator to complete the registration process. If the user agrees to register, the regulator verifies that ∑.Vf(spk_P , U, σ) = 1 and generates exclusive user rules or information usrSpecif for the user, which is defined according to different scenarios. For example, in the payment scenario, it can be the maximum payment amount for a single transaction of the user. At the same time, random numbers r and m are generated for the user, where the regulator stores a Merkle tree M with 2^|m| leaf nodes. Let H be a collision-resistant hash function. The regulator inserts H(usrSpecif, r, m) into the Merkle tree M, recalculates the root node of the Merkle tree M, records the value of each node, and returns (usrSpecif, r, m) to the user.

步骤S3：服务商在监管者许可与配合下在可信执行环境TEE中装载交易验证程序vfProg。Step S3: The service provider loads the transaction verification program vfProg in the trusted execution environment TEE with the permission and cooperation of the regulator.

在本实施例中，服务商在监管者的配合之下，在可信执行环境TEE中启动交易验证程序vfProg，vfProg首先向监管者作远程鉴证以请求对称密钥K，随后，运行∑.KGEN生成对称密钥(spk，ssk)，程序输出(spk，σ_TEE)，σ_TEE＝∑_TEE.Sig(ssk_TEE，spk)，即可信执行环境TEE对spk所作的远程鉴证。In this embodiment, the service provider, with the cooperation of the regulator, starts the transaction verification program vfProg in the trusted execution environment TEE. vfProg first performs remote authentication to the regulator to request the symmetric key K, and then runs ∑.KGEN to generate the symmetric key (spk, ssk). The program outputs (spk, σ_TEE ), σ_TEE = ∑_TEE .Sig(ssk_TEE , spk), which is the remote authentication of spk by the trusted execution environment TEE.

向监管者请求最新的默克尔树M根结点merkleRoot；Request the latest Merkle tree M root node merkleRoot from the regulator;

根据merkleRoot验证身份证明、匿名字段的正确性，根据特定业务逻辑与usrSpecif验证txReq的正确性，并输出交易tx；Verify the correctness of the identity proof and anonymous fields according to merkleRoot, verify the correctness of txReq according to specific business logic and usrSpecif, and output transaction tx;

交易tx的具体表示为(c_a，c_p，pub，ktag，σ_TEE，spk，σ)；The specific representation of transaction tx is (_ca ,_cp , pub, ktag,_σTEE , spk, σ);

其中，c_a为业务所定义的可审计字段，用于存储可供审计的信息，由对称密钥K加密；c_p为业务所定义的非公开内容，由指定的对称或非对称密钥加密； pub为交易的公开可访问字段；ktag为业务参与方自定义匿名标签；σ_TEE为对交易验证程序内生成spk所作远程鉴证，用于证明spk生成的正确性与机密性； spk为交易验证程序内生成的签名公私钥对的公开部分；σ为用ssk对前述各字段所作签名，σ＝∑.Sig(ssk,(c_a,c_p,pub,ktag,σ_TEE,spk))；Wherein, c_a is an auditable field defined by the business, used to store auditable information, encrypted by the symmetric key K;_cp is the non-public content defined by the business, encrypted by the specified symmetric or asymmetric key; pub is a publicly accessible field of the transaction; ktag is a customized anonymous tag of the business participant; σ_TEE is the remote authentication of spk generated in the transaction verification program, used to prove the correctness and confidentiality of spk generation; spk is the public part of the signature public-private key pair generated in the transaction verification program; σ is the signature of the above fields using ssk, σ=∑.Sig(ssk,(c_a ,_cp , pub, ktag, σ_TEE , spk));

其中，∑_TEE为可信执行环境使用的签名方案，∑为P使用的签名方案，KGEN 代表签名方案的密钥生成算法，Sig为签名算法，ssk_TEE为可信执行环境TEE所持签名私钥。Among them, ∑_TEE is the signature scheme used by the trusted execution environment, ∑ is the signature scheme used by P, KGEN represents the key generation algorithm of the signature scheme, Sig is the signature algorithm, and ssk_TEE is the signature private key held by the trusted execution environment TEE.

在本实施例中，交易验证程序vfProg依不同业务场景所区分，例如在支付场景下，需验证资金所有权及支付金额合理性等。In this embodiment, the transaction verification program vfProg is differentiated according to different business scenarios. For example, in a payment scenario, it is necessary to verify the ownership of funds and the rationality of the payment amount.

可信执行环境TEE将所生成交易tx直接发予分布式账本维护者进行验证，分布式账本维护者，根据分布式账本的实际类型，为服务提供商本身或其他公有分布式账本的维护者，具体为：The Trusted Execution Environment TEE sends the generated transaction tx directly to the distributed ledger maintainer for verification. The distributed ledger maintainer, depending on the actual type of distributed ledger, is the service provider itself or the maintainer of other public distributed ledgers, specifically:

分布式账本维护者从可信执行环境TEE收到交易tx，将其解析为 (c_a，c_p，pub，ktag，σ_TEE，spk，σ)，并验证∑_TEE.Vf(spk_TEE，spk，σ_TEE)＝1及∑.Vf(spk，(c_a，c_p，pub，ktag，σ_TEE，spk)，σ)＝1，最后分布式账本维护者根据具体业务类型与当前账本验证tx的合法性后将其加入分布式账本；The distributed ledger maintainer receives the transaction tx from the trusted execution environment TEE, parses it into (_ca ,_cp , pub, ktag,_σTEE , spk, σ), and verifies that_∑TEE.Vf (_spkTEE , spk,_σTEE ) = 1 and ∑.Vf(spk, (_ca ,_cp , pub, ktag,_σTEE , spk), σ) = 1. Finally, the distributed ledger maintainer verifies the legitimacy of tx according to the specific business type and the current ledger and adds it to the distributed ledger.

其中，Vf()为签名验证算法，spk_TEE为可信执行环境TEE所持验证签名公钥。Among them, Vf() is the signature verification algorithm, and spk_TEE is the verification signature public key held by the trusted execution environment TEE.

步骤S4：用户向监管者匿名请求并计算最新身份证明proof，向任意服务商请求当前可用可信执行环境TEE。Step S4: The user anonymously requests and calculates the latest identity proof from the regulator, and requests the currently available trusted execution environment TEE from any service provider.

在本实施例中，用户向监管者发送位于所属叶子结点至默克尔树M根结点路径上的任意结点编号v，监管者向用户返回v到e的路径上的所有结点及其兄弟结点与位于v结点下的所有叶子结点所构成的集合，用户据此还原出其完整的存在性证明，即身份证明proof。In this embodiment, the user sends the supervisor any node number v on the path from the leaf node to the root node of the Merkle tree M, and the supervisor returns to the user a set consisting of all nodes on the path from v to e, their sibling nodes, and all leaf nodes under the node v. The user can restore its complete existence proof, i.e., identity proof, based on this.

在本实施例中，当用户向服务商请求可用可信执行环境TEE时，服务商返回当前运行的可信执行环境TEE启动阶段所生成的spk及其远程鉴证σ_TEE。每个服务商可能部署多个可信执行环境TEE，因此可能选择返回一个或多个二元组 (spk，σ_TEE)。In this embodiment, when a user requests an available trusted execution environment TEE from a service provider, the service provider returns the spk generated during the startup phase of the currently running trusted execution environment TEE and its remote authentication σ_TEE . Each service provider may deploy multiple trusted execution environments TEE, so it may choose to return one or more tuples (spk, σ_TEE ).

步骤S5：用户从分布式账本上读取最新状态，解密私密内容以生成业务请求txReq。Step S5: The user reads the latest status from the distributed ledger and decrypts the private content to generate a service request txReq.

在本实施例中，用户通过所持有的解密密钥(对称或非对称)解密字段 c_p，m_p＝SE.Dec(K，c_p)或m_p＝AE.Dec(esk，c_p)，通过解密内容m_p的合法性判断自身是否为交易的参与方并获取私密信息，生成业务请求txReq。In this embodiment, the user decrypts the field c_p by using the decryption key (symmetric or asymmetric) he holds,_mp = SE.Dec(K, c_p ) or_mp = AE.Dec(esk, c_p ), determines whether he is a participant of the transaction and obtains private information by checking the legitimacy of the decrypted content_mp , and generates a service request txReq.

其中，SE代表对称加密方案，AE代表非对称加密方案，Dec代表其解密算法。Among them, SE represents the symmetric encryption scheme, AE represents the asymmetric encryption scheme, and Dec represents its decryption algorithm.

步骤S6：用户选择任意可信执行环境TEE并完成远程鉴证，向其发送最新身份证明proof及业务请求txReq。Step S6: The user selects any trusted execution environment TEE and completes remote authentication, sending it the latest identity proof and business request txReq.

在本实施例中，用户仅需验证一个二元组，即验证∑_TEE.Vf(spk_TEE，spk，σ_TEE)＝1完成对交易验证程序vfProg及所生成spk的远程鉴证，随后向其发送最新身份证明proof及业务请求txReq。根据具体场景及交易验证程序vfProg，txReq的构成各不相同，一般可包括交易参与者的自定义匿名标签ktag(m到默克尔树根结点路径上的任意结点的编号)，用户的机密信息等等。In this embodiment, the user only needs to verify a binary group, that is, verify ∑_TEE .Vf(spk_TEE , spk, σ_TEE ) = 1 to complete the remote authentication of the transaction verification program vfProg and the generated spk, and then send the latest identity proof and business request txReq to it. Depending on the specific scenario and the transaction verification program vfProg, the composition of txReq varies, and generally may include the transaction participant's custom anonymous tag ktag (the number of any node on the path from m to the Merkle tree root node), the user's confidential information, etc.

步骤S7：用户从分布式账本上读取最新状态，确认业务请求已生效。Step S7: The user reads the latest status from the distributed ledger to confirm that the business request has taken effect.

在本实施例中，用户从分布式账本上读取最新状态，对于某些场景，用户通过所持有的解密密钥(对称或非对称)解密字段c_p，m_p＝SE.Dec(K，c_p)或 m_p＝AE.Dec(esk，c_p)，以判断该交易是否为所提交交易。In this embodiment, the user reads the latest status from the distributed ledger. For some scenarios, the user decrypts the field c_p ,_mp = SE.Dec(K, c_p ) or_mp = AE.Dec(esk, c_p ) using the decryption key (symmetric or asymmetric) held by the user to determine whether the transaction is a submitted transaction.

步骤S8：审计师将审计程序代码在任意服务商部署的可信执行环境TEE中装载，并向监管者提出审计申请。Step S8: The auditor loads the audit program code into the trusted execution environment TEE deployed by any service provider and submits an audit application to the regulator.

在本实施例中，审计师首先确认待审计交易集合。审计师首先向监管者获取受审计用户的m值，即其叶子结点编号，通过ktag判断所审计用户是否可能涉及某一特定交易，即ktag是否位于m到默克尔树M根结点的路径上，审计师依此确定的集合将可能稍大于被审计用户的实际交易，但小于所有交易之集合。审计师将audProg发予任意服务商，同时，将代表审计任务的程序代码audProg 及待审计内容{c_a}发予监管者进行审核；In this embodiment, the auditor first confirms the set of transactions to be audited. The auditor first obtains the m value of the audited user from the regulator, that is, its leaf node number, and determines whether the audited user may be involved in a specific transaction through ktag, that is, whether the ktag is located on the path from m to the root node of the Merkle tree M. The set determined by the auditor in this way may be slightly larger than the actual transaction of the audited user, but smaller than the set of all transactions. The auditor sends audProg to any service provider, and at the same time, sends the program code audProg representing the audit task and the content to be audited {c_a } to the regulator for review;

若审核通过且服务商当前可接受审计任务，则在其部署的可信执行环境内运行audProg，audProg向监管者作远程鉴证。If the audit is passed and the service provider is currently able to accept audit tasks, audProg will be run in the trusted execution environment deployed by it, and audProg will provide remote authentication to the regulator.

若审核失败，审计师有权对审计请求提起复议，该复议可由监管者的上级机关或特定机构完成，若复议成功，监管者按步骤S9完成审计授权，否则，监管者依法对审计师进行警告或处分。If the audit fails, the auditor has the right to file a review of the audit request, which can be completed by the regulator's superior authority or specific agency. If the review is successful, the regulator completes the audit authorization according to step S9. Otherwise, the regulator warns or punishes the auditor in accordance with the law.

步骤S9：监管者进行远程鉴证，若鉴证成功，监管者向可信执行环境TEE 发送解密密钥K及待审计内容{c_a}。Step S9: The supervisor performs remote authentication. If the authentication is successful, the supervisor sends the decryption key K and the content to be audited {c_a } to the trusted execution environment TEE.

步骤S10：审计师从可信执行环境TEE中获得审计结果并验证计算正确性。Step S10: The auditor obtains the audit results from the trusted execution environment TEE and verifies the correctness of the calculation.

在本实施例中，audProg利用解密密钥K解密c_a获得m_a＝SE.Dec(K，c_a)，完成密文审计工作，输出审计结果result与h＝H({c_a})，令 outp′＝AE.Enc(epk，(result，h))，audProg将密文与远程鉴证签名σ_TEE＝∑_TEE.Sig(ssk_TEE，outp′)一并输出给服务商，由其转发审计师。In this embodiment, audProg uses the decryption key K to decrypt c_a to obtain_ma = SE.Dec(K, c_a ), completes the ciphertext audit, outputs the audit results result and h = H({c_a }), and sets outp′ = AE.Enc(epk, (result, h)). audProg outputs the ciphertext and the remote authentication signature σ_TEE = ∑_TEE .Sig(ssk_TEE , outp′) to the service provider, which forwards it to the auditor.

审计师从服务商收到(outp′，σ_TEE)，进行远程鉴证，即验证∑_TEE.Vf(spk_TEE，outp′，σ_TEE)＝1，并用解密密钥esk解密outp′，即(result，h)＝ AE.Dec(esk，outp′)，审计师验证h＝H({c_a})以确认审计结果的正确性。The auditor receives (outp′, σ_TEE ) from the service provider and performs remote authentication, i.e., verifies that ∑_TEE .Vf(spk_TEE , outp′, σ_TEE ) = 1, and decrypts outp′ with the decryption key esk, i.e., (result, h) = AE.Dec(esk, outp′). The auditor verifies h = H({c_a }) to confirm the correctness of the audit result.

其中，Enc代表加密算法，H为抗碰撞哈希函数。Among them, Enc represents the encryption algorithm and H is the collision-resistant hash function.

在另一个实施例中，还提供了一种基于TEE的隐私保护分布式账本审计系统，如图2所示，包括In another embodiment, a privacy protection distributed ledger audit system based on TEE is also provided, as shown in FIG2, including

注册模块、处理授权模块、业务模块、审计授权模块以及审计模块：Registration module, processing authorization module, business module, audit authorization module and audit module:

注册模块，用于在用户、服务商及监管者的协作之下完成用户注册流程；The registration module is used to complete the user registration process with the collaboration of users, service providers and regulators;

处理授权模块，用于完成监管者对服务商启动交易验证程序的授权；Processing authorization module, used to complete the regulator's authorization to the service provider to initiate the transaction verification procedure;

业务模块，运行于服务商部署的可信执行环境TEE内，负责接受用户的业务请求，验证业务请求的有效性，并生成业务记录及用于证明交易已正确验证的远程鉴证签名，该模块向分布式账本的维护者发送生成的交易及远程鉴证签名；The business module runs in the trusted execution environment TEE deployed by the service provider. It is responsible for accepting the user's business request, verifying the validity of the business request, and generating business records and remote authentication signatures to prove that the transaction has been correctly verified. This module sends the generated transaction and remote authentication signature to the maintainer of the distributed ledger;

审计授权模块，用于完成监管者对审计师审计任务的授权；Audit authorization module, used to complete the regulator's authorization of auditors' audit tasks;

审计模块，根据可执行代码audProg的要求完成审计任务。The audit module completes the audit task according to the requirements of the executable code audProg.

本发明实施例公开的基于TEE的隐私保护分布式账本审计方法及系统，遵从一般的“客户-服务商”模型，客户首先选择合适的服务商，并注册成为其合法用户，该过程需要监管者的审核，且用户的业务行为受监管者指定的用户专属字段usrSpecif的限制。为了处理用户业务请求，服务商在经监管者授权后在可信执行环境TEE内成功运行交易验证程序vfProg。发起业务请求前，用户首先读取分布式账本最新状态，并获得所属机密信息；用户匿名向监管者获取其最新身份证明；用户向服务商请求可用可信执行环境TEE，最后，用户向可信执行环境TEE发送身份证明及交易请求完成交易。审计环节中，审计师用可执行文件audProg描述其审计任务，监管者批准审计则审计师可获得审计结果，但对审计的过程不可访问。与现有技术相比，本发明在完全保护分布式账本上的用户交易隐私的同时，可以支持审计师的任意合理审计需求，且该过程仅向审计师泄露精准审计结果，且效率理想。因此，本发明技术方案能够在充分保护用户隐私的前提下，实现高效且一般化的审计功能。The privacy-protected distributed ledger audit method and system based on TEE disclosed in the embodiment of the present invention complies with the general "client-service provider" model. The client first selects a suitable service provider and registers as its legal user. The process requires the review of the regulator, and the user's business behavior is restricted by the user-specific field usrSpecif specified by the regulator. In order to process the user's business request, the service provider successfully runs the transaction verification program vfProg in the trusted execution environment TEE after being authorized by the regulator. Before initiating a business request, the user first reads the latest status of the distributed ledger and obtains the confidential information belonging to it; the user anonymously obtains his latest identity certificate from the regulator; the user requests the service provider to use the trusted execution environment TEE, and finally, the user sends the identity certificate and transaction request to the trusted execution environment TEE to complete the transaction. In the audit link, the auditor uses the executable file audProg to describe his audit task. If the regulator approves the audit, the auditor can obtain the audit results, but the audit process cannot be accessed. Compared with the prior art, the present invention can support any reasonable audit needs of the auditor while fully protecting the privacy of user transactions on the distributed ledger, and the process only discloses accurate audit results to the auditor, and the efficiency is ideal. Therefore, the technical solution of the present invention can achieve efficient and generalized auditing functions under the premise of fully protecting user privacy.

还需要说明的是，在本说明书中，诸如术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含，从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素，而且还包括没有明确列出的其他要素，或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下，由语句“包括一个……”限定的要素，并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。It should also be noted that in this specification, terms such as "comprises", "includes" or any other variations thereof are intended to cover non-exclusive inclusion, so that a process, method, article or device including a series of elements includes not only those elements, but also includes other elements not explicitly listed, or also includes elements inherent to such process, method, article or device. In the absence of more restrictions, an element defined by the sentence "comprises a ..." does not exclude the presence of other identical elements in the process, method, article or device including the element.

对所公开的实施例的上述说明，使本领域专业技术人员能够实现或使用本发明。对这些实施例的多种修改对本领域的专业技术人员来说将是显而易见的，本文中所定义的一般原理可以在不脱离本发明的精神或范围的情况下，在其他实施例中实现。因此，本发明将不会被限制于本文所示的这些实施例，而是要符合与本文所公开的原理和新颖特点相一致的最宽的范围。The above description of the disclosed embodiments enables those skilled in the art to implement or use the present invention. Various modifications to these embodiments will be apparent to those skilled in the art, and the general principles defined herein may be implemented in other embodiments without departing from the spirit or scope of the present invention. Therefore, the present invention will not be limited to the embodiments shown herein, but rather to the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

Translated fromChinese

1.基于TEE的隐私保护分布式账本审计方法，其特征在于，包括以下步骤：1. A privacy-preserving distributed ledger auditing method based on TEE, characterized in that it includes the following steps:S1、用户向服务商提出注册请求，若请求通过，用户从服务商收到对用户的唯一标识符的数字签名；若监管者同意注册，用户从监管者收到注册信息；S1. The user submits a registration request to the service provider. If the request is approved, the user receives a digital signature of the user's unique identifier from the service provider; if the regulator agrees to the registration, the user receives registration information from the regulator;S2、服务商在监管者许可与配合下，在可信执行环境TEE中启动交易验证程序；S2. With the permission and cooperation of the regulator, the service provider starts the transaction verification procedure in the trusted execution environment TEE;S3、用户在发起业务请求前，向监管者匿名请求并计算最新身份证明，并向任意服务商请求当前可用可信执行环境TEE；S3. Before initiating a business request, the user anonymously requests and calculates the latest identity proof from the regulator, and requests the currently available trusted execution environment TEE from any service provider;并且，用户还读取分布式账本最新状态，并解密私密内容用于生成业务请求；In addition, users also read the latest status of the distributed ledger and decrypt private content to generate business requests;S4、用户选择任意可信执行环境TEE完成远程鉴证，并向其发送身份证明与业务请求，用户再次读取分布式账本最新状态，确认业务请求是否已生效；S4. The user selects any trusted execution environment TEE to complete remote authentication and sends the identity certificate and business request to it. The user reads the latest status of the distributed ledger again to confirm whether the business request has taken effect.S5、审计师请求在任意服务商部署的可信执行环境TEE中装载代表审计任务的程序代码，并向监管者发送审计请求；S5. The auditor requests to load the program code representing the audit task in the trusted execution environment TEE deployed by any service provider, and sends the audit request to the regulator;S6、可信执行环境TEE向监管者远程鉴证，若鉴证成功，监管者向可信执行环境TEE发送解密密钥及待审计内容。S6. The trusted execution environment TEE remotely authenticates the regulator. If the authentication is successful, the regulator sends the decryption key and the content to be audited to the trusted execution environment TEE.2.根据权利要求1所述的基于TEE的隐私保护分布式账本审计方法，其特征在于，步骤S1中：2. The privacy-preserving distributed ledger auditing method based on TEE according to claim 1, characterized in that in step S1:注册请求通过的用户U收到数字签名σ＝∑.Sig(ssk_P，U)，收到后，用户验证∑.Vf(spk_P，U，σ)＝1，并向监管者发送(U，P，σ)以完成注册流程；User U whose registration request is approved receives the digital signature σ = ∑.Sig(ssk_P , U). After receiving it, the user verifies ∑.Vf(spk_P , U, σ) = 1 and sends (U, P, σ) to the regulator to complete the registration process;当监管者收到(U，P，σ)，首先根据要求审核用户U注册的合法性，若同意注册，验证∑.Vf(spk_P，U，σ)＝1并为其生成专属用户规则或信息usrSpecif，同时为用户生成随机数r与m；When the regulator receives (U, P, σ), it first reviews the legitimacy of user U's registration according to the requirements. If the user agrees to register, it verifies that ∑.Vf(spk_P , U, σ) = 1 and generates exclusive user rules or information usrSpecif for the user, and generates random numbers r and m for the user.监管者存储一叶子结点个数为2^|m|的默克尔树M；The supervisor stores a Merkle tree M with 2^|m| leaf nodes;设H为抗碰撞哈希函数，监管者将H(usrSpecif，r，m)插入默克尔树M，并重新计算默克尔树M的根结点并记录各结点值，并向用户返回注册信息(usrSpecif，r，m)；Let H be a collision-resistant hash function. The supervisor inserts H(usrSpecif, r, m) into the Merkle tree M, recalculates the root node of the Merkle tree M, records the value of each node, and returns the registration information (usrSpecif, r, m) to the user.其中，∑为P使用的签名方案，Sig为签名算法，Vf()为签名验证算法，(spk_P，ssk_P)为服务商P所持有的签名用公私钥对。Where ∑ is the signature scheme used by P, Sig is the signature algorithm, Vf() is the signature verification algorithm, and (spk_P , ssk_P ) is the public and private key pair for signature held by service provider P.3.根据权利要求1所述的基于TEE的隐私保护分布式账本审计方法，其特征在于，步骤S2中，交易验证程序vfProg包含获取加密密钥、生成签名密钥、请求默克尔树根结点以及交易验证，具体为：3. The privacy-preserving distributed ledger auditing method based on TEE according to claim 1 is characterized in that, in step S2, the transaction verification program vfProg includes obtaining encryption keys, generating signature keys, requesting Merkle tree root nodes and transaction verification, specifically:交易验证程序与监管者完成远程鉴证后，从监管者获取对称密钥K；After the transaction verification program and the regulator complete remote authentication, they obtain the symmetric key K from the regulator;运行∑.KGEN生成对称密钥(spk，ssk)，程序输出(spk，σ_TEE)，σ_TEE＝∑_TEE.Sig(ssk_TEE，spk)；即可信执行环境TEE对spk所作的远程鉴证；Run ∑.KGEN to generate a symmetric key (spk, ssk), and the program output is (spk, σ_TEE ), σ_TEE = ∑_TEE .Sig(ssk_TEE , spk); that is, the trusted execution environment TEE performs remote authentication on spk;向监管者请求最新的默克尔树M根结点merkleRoot；Request the latest Merkle tree M root node merkleRoot from the regulator;根据merkleRoot验证身份证明、匿名字段的正确性，根据特定业务逻辑与usrSpecif验证txReq的正确性，并输出交易tx；Verify the correctness of the identity proof and anonymous fields according to merkleRoot, verify the correctness of txReq according to specific business logic and usrSpecif, and output transaction tx;交易tx的具体表示为(c_a，c_p，pub，ktag，σ_TEE，spk，σ)；The specific representation of transaction tx is (_ca ,_cp , pub, ktag,_σTEE , spk, σ);其中，c_a为业务所定义的可审计字段，用于存储可供审计的信息，由对称密钥K加密；c_p为业务所定义的非公开内容，由指定的对称或非对称密钥加密；pub为交易的公开可访问字段；ktag为业务参与方自定义匿名标签；σ_TEE为对交易验证程序内生成spk所作远程鉴证，用于证明spk生成的正确性与机密性；spk为交易验证程序内生成的签名公私钥对的公开部分；σ为用ssk对前述各字段所作签名，σ＝∑.Sig(ssk，(c_a，c_p，pub，ktag，σ_TEE，spk))；Wherein, c_a is an auditable field defined by the business, used to store auditable information, encrypted by the symmetric key K;_cp is a non-public content defined by the business, encrypted by a specified symmetric or asymmetric key; pub is a publicly accessible field of the transaction; ktag is a customized anonymous tag for the business participant; σ_TEE is a remote authentication of spk generated in the transaction verification program, used to prove the correctness and confidentiality of spk generation; spk is the public part of the signature public-private key pair generated in the transaction verification program; σ is the signature of the above fields using ssk, σ=∑.Sig(ssk, (c_a , c_p , pub, ktag, σ_TEE , spk));其中，∑_TEE为可信执行环境使用的签名方案，∑为P使用的签名方案，KGEN代表签名方案的密钥生成算法，Sig为签名算法，ssk_TEE为可信执行环境TEE所持签名私钥。Among them, ∑_TEE is the signature scheme used by the trusted execution environment, ∑ is the signature scheme used by P, KGEN represents the key generation algorithm of the signature scheme, Sig is the signature algorithm, and ssk_TEE is the signature private key held by the trusted execution environment TEE.4.根据权利要求3所述的基于TEE的隐私保护分布式账本审计方法，其特征在于，可信执行环境TEE将所生成交易tx直接发予分布式账本维护者进行验证，分布式账本维护者，根据分布式账本的实际类型，为服务提供商本身或其他公有分布式账本的维护者，具体为：4. The privacy-preserving distributed ledger auditing method based on TEE according to claim 3 is characterized in that the trusted execution environment TEE directly sends the generated transaction tx to the distributed ledger maintainer for verification. The distributed ledger maintainer, according to the actual type of the distributed ledger, is the service provider itself or the maintainer of other public distributed ledgers, specifically:分布式账本维护者从可信执行环境TEE收到交易tx，将其解析为(c_a，c_p，pub，ktag，σ_TEE，spk，σ)，并验证∑_TEE.Vf(spk_TEE，spk，σ_TEE)＝1及∑.Vf(spk，(c_a，c_p，pub，ktag，σ_TEE，spk)，σ)＝1，最后分布式账本维护者根据具体业务类型与当前账本验证tx的合法性后将其加入分布式账本；The distributed ledger maintainer receives the transaction tx from the trusted execution environment TEE, parses it into (_ca ,_cp , pub, ktag,_σTEE , spk, σ), and verifies that_∑TEE.Vf (_spkTEE , spk,_σTEE ) = 1 and ∑.Vf(spk, (_ca ,_cp , pub, ktag,_σTEE , spk), σ) = 1. Finally, the distributed ledger maintainer verifies the legitimacy of tx according to the specific business type and the current ledger and adds it to the distributed ledger.其中，Vf()为签名验证算法，spk_TEE为可信执行环境TEE所持验证签名公钥。Among them, Vf() is the signature verification algorithm, and spk_TEE is the verification signature public key held by the trusted execution environment TEE.5.根据权利要求2所述的基于TEE的隐私保护分布式账本审计方法，其特征在于，步骤S3具体为：5. According to the privacy protection distributed ledger auditing method based on TEE according to claim 2, it is characterized in that step S3 specifically comprises:用户向监管者发送位于所属叶子结点至默克尔树M根结点路径上的任意结点编号v，监管者向用户返回v到e的路径上的所有结点及其兄弟结点与位于v结点下的所有叶子结点所构成的集合，用户据此还原出其完整的存在性证明，即身份证明proof；The user sends the supervisor any node number v on the path from the leaf node to the root node of the Merkle tree M. The supervisor returns to the user the set of all nodes on the path from v to e, their sibling nodes, and all leaf nodes under node v. The user can restore its complete existence proof, i.e., proof of identity.当用户向服务商查询可用可信执行环境TEE时，服务商向其返回启动交易验证程序时所得输出(spk，σ_TEE)；When the user queries the service provider for an available trusted execution environment TEE, the service provider returns the output (spk, σ_TEE ) obtained when starting the transaction verification program;用户通过所持有的解密密钥解密字段c_p，m_p＝SE.Dec(K，c_p)或m_p＝AE.Dec(esk，c_p)，通过解密内容m_p的合法性判断自身是否为交易的参与方并获取私密内容，用户生成业务请求txReq；The user decrypts the field c_p using the decryption key he holds,_mp = SE.Dec(K, c_p ) or_mp = AE.Dec(esk, c_p ), determines whether he is a participant in the transaction and obtains private content based on the legitimacy of the decrypted content_mp , and generates a service request txReq;其中，∑_TEE为可信执行环境使用的签名方案，SE代表对称加密方案，AE代表非对称加密方案，Dec代表解密算法，spk_TEE为可信执行环境TEE所持验证签名公钥。Among them, ∑_TEE is the signature scheme used by the trusted execution environment, SE represents the symmetric encryption scheme, AE represents the asymmetric encryption scheme, Dec represents the decryption algorithm, and spk_TEE is the verification signature public key held by the trusted execution environment TEE.6.根据权利要求5所述的基于TEE的隐私保护分布式账本审计方法，其特征在于，步骤S4具体为：6. According to the privacy protection distributed ledger auditing method based on TEE according to claim 5, it is characterized in that step S4 specifically comprises:用户选择任意可信执行环境TEE，验证∑_TEE.Vf(spk_TEE，spk，σ_TEE)＝1完成对交易验证程序vfProg及所生成spk的远程鉴证，随后向其发送最新身份证明proof及业务请求txReq；The user selects any trusted execution environment TEE, verifies that ∑_TEE .Vf(spk_TEE , spk, σ_TEE )=1 to complete the remote authentication of the transaction verification program vfProg and the generated spk, and then sends the latest identity proof and business request txReq to it;用户从分布式账本上读取最新状态，用户通过所持有的解密密钥解密字段c_p，m_p＝SE.Dec(K，c_p)或m_p＝AE.Dec(esk，c_p)，以判断该交易是否为所提交交易，确认业务请求是否已生效。The user reads the latest status from the distributed ledger and decrypts the field c_p ,_mp = SE.Dec(K, c_p ) or_mp = AE.Dec(esk, c_p ) using the decryption key held by the user to determine whether the transaction is the submitted transaction and confirm whether the business request has taken effect.7.根据权利要求6所述的基于TEE的隐私保护分布式账本审计方法，其特征在于，步骤S5具体为：7. The privacy-preserving distributed ledger auditing method based on TEE according to claim 6 is characterized in that step S5 specifically comprises:审计师通过ktag判断所审计用户是否可能涉及某一特定交易；Auditors use ktags to determine whether the audited user may be involved in a specific transaction;审计师将程序代码audProg发予任意服务商，同时，将代表审计任务的可执行代码audProg及待审计内容{c_a}发予监管者进行审核；The auditor sends the program code audProg to any service provider, and at the same time, sends the executable code audProg representing the audit task and the content to be audited {c_a } to the regulator for review;若审核失败且复议无效，监管者中止流程并对审计师进行警告或惩罚；If the audit fails and the reconsideration is ineffective, the regulator will terminate the process and warn or punish the auditor;若审核通过且服务商当前可接受审计任务，则在其部署的可信执行环境内运行audProg，audProg向监管者作远程鉴证。If the audit is passed and the service provider is currently able to accept audit tasks, audProg will be run in the trusted execution environment deployed by it, and audProg will provide remote authentication to the regulator.8.根据权利要求1所述的基于TEE的隐私保护分布式账本审计方法，其特征在于，步骤S6具体为：8. The privacy protection distributed ledger auditing method based on TEE according to claim 1 is characterized in that step S6 specifically comprises:鉴证成功后监管者向可信执行环境TEE发送解密密钥K及待审计内容{c_a}，audProg利用解密密钥K解密c_a获得m_a＝SE.Dec(K，c_a)，完成密文审计工作，输出审计结果result与h＝H({c_a})，令outp′＝AE.Enc(epk，(result，h))，audProg将密文与远程鉴证签名σ_TEE＝∑_TEE.Sig(ssk_TEE，outp′)一并输出给服务商，由其转发审计师；After the authentication is successful, the supervisor sends the decryption key K and the audit content {c_a } to the trusted execution environment TEE. audProg uses the decryption key K to decrypt c_a to obtain_ma = SE.Dec(K, c_a ), completes the ciphertext audit, and outputs the audit results result and h = H({c_a }). Let outp′ = AE.Enc(epk, (result, h)). audProg outputs the ciphertext and the remote authentication signature σ_TEE = ∑_TEE .Sig(ssk_TEE , outp′) to the service provider, who forwards it to the auditor.其中，∑_TEE为可信执行环境使用的签名方案，Sig为签名算法，SE代表对称加密方案，AE代表非对称加密方案，Enc代表加密算法，Dec代表解密算法，H为抗碰撞哈希函数，ssk_TEE为可信执行环境TEE所持签名私钥；Where ∑_TEE is the signature scheme used by the trusted execution environment, Sig is the signature algorithm, SE represents the symmetric encryption scheme, AE represents the asymmetric encryption scheme, Enc represents the encryption algorithm, Dec represents the decryption algorithm, H is the collision-resistant hash function, and ssk_TEE is the signature private key held by the trusted execution environment TEE;审计师从服务商收到(outp′，σ_TEE)，进行远程鉴证，即验证∑_TEE.Vf(spk_TEE，outp′，σ_TEE)＝1，并用解密密钥esk解密outp′，即(result，h)＝AE.Dec(esk，outp′)，审计师验证h＝H({c_a})以确认审计结果的正确性；The auditor receives (outp′, σ_TEE ) from the service provider and performs remote authentication, i.e., verifies ∑_TEE .Vf(spk_TEE , outp′, σ_TEE ) = 1, and decrypts outp′ with the decryption key esk, i.e., (result, h) = AE.Dec(esk, outp′). The auditor verifies h = H({c_a }) to confirm the correctness of the audit result;其中，Vf()为签名验证算法，spk_TEE为可信执行环境TEE所持验证签名公钥。Among them, Vf() is the signature verification algorithm, and spk_TEE is the verification signature public key held by the trusted execution environment TEE.9.根据权利要求8所述的基于TEE的隐私保护分布式账本审计方法，其特征在于，程序代码audProg具体包括：9. The privacy-preserving distributed ledger auditing method based on TEE according to claim 8, wherein the program code audProg specifically comprises:可信执行环境TEE向监管者完成远程鉴证并请求解密密钥与待审计交易，审计内容为交易的字段c_a，解密用对称密钥K与待审计内容一并发送至可信执行环境TEE；The trusted execution environment TEE completes remote authentication to the regulator and requests the decryption key and the transaction to be audited. The audit content is the transaction field c_a . The decryption symmetric key K is sent to the trusted execution environment TEE together with the content to be audited.在隐私保护的审计环节中，可信执行环境TEE使用对称密钥K解密待审计内容，m_a＝SE.Dec(K，c_a)，并对其明文执行审计代码，获得计算结果的明文result；In the privacy protection audit phase, the trusted execution environment TEE uses the symmetric key K to decrypt the content to be audited,_ma = SE.Dec(K, c_a ), and executes the audit code on its plaintext to obtain the plaintext result of the calculation result;可信执行环境TEE利用嵌入代码中的审计师加密公钥加密运算结果result与审计内容哈希值获得outp′，将密文与远程鉴证签名σ_TEE＝∑_TEE.Sig(ssk_TEE，outp′)一并输出给服务商。The trusted execution environment TEE uses the auditor's encrypted public key embedded in the code to encrypt the operation result result and the audit content hash value to obtain outp′, and outputs the ciphertext and the remote authentication signature σ_TEE =∑_TEE .Sig(ssk_TEE ,outp′) to the service provider.10.一种基于可信执行环境TEE的隐私保护分布式账本审计系统，其特征在于，系统应用权利要求1-9任一项所述方法，包括注册模块、处理授权模块、业务模块、审计授权模块以及审计模块：10. A privacy-preserving distributed ledger audit system based on a trusted execution environment (TEE), characterized in that the system applies the method described in any one of claims 1 to 9, including a registration module, a processing authorization module, a business module, an audit authorization module, and an audit module:注册模块，用于在用户、服务商及监管者的协作之下完成用户注册流程；The registration module is used to complete the user registration process with the collaboration of users, service providers and regulators;处理授权模块，用于完成监管者对服务商启动交易验证程序的授权；Processing authorization module, used to complete the regulator's authorization to the service provider to initiate the transaction verification procedure;业务模块，运行于服务商部署的可信执行环境TEE内，负责接受用户的业务请求，验证业务请求的有效性，并生成业务记录及用于证明交易已正确验证的远程鉴证签名，该模块向分布式账本的维护者发送生成的交易及远程鉴证签名；The business module runs in the trusted execution environment TEE deployed by the service provider. It is responsible for accepting the user's business request, verifying the validity of the business request, and generating business records and remote authentication signatures to prove that the transaction has been correctly verified. This module sends the generated transaction and remote authentication signature to the maintainer of the distributed ledger;审计授权模块，用于完成监管者对审计师审计任务的授权；Audit authorization module, used to complete the regulator's authorization of auditors' audit tasks;审计模块，根据可执行代码的要求完成审计任务。Audit module, completes audit tasks according to the requirements of executable code.