WO2021184882A1 - Method and apparatus for verifying contract - Google Patents

Abstract

A method and apparatus for verifying a contract. The method comprises: a client obtains a remote attestation report of an off-chain trusted execution environment that is created for an off-chain privacy calculation node (702); in the case that the off-chain trusted execution environment is determined, according to the remote attestation report, to be trustworthy, the client obtains the contract information to be verified of a target off-chain contract that is deployed at the off-chain privacy calculation node (704); and the client uses the identity public key of the off-chain privacy calculation node to perform signature verification on the contract information to be verified, verifies, according to the contract information of the target off-chain contract, the contract information to be verified, and in the case that the signature verification and the contract information verification are successful, determines that the target off-chain contract is executed by the off-chain privacy calculation node in the off-chain trusted execution environment when the client initiates the invoking of the target off-chain contract by means of the oracle machine mechanism of a blockchain node (706). The method can ensure data security and privacy protection.

Description

Translated fromChinese

验证合约的方法及装置Method and device for verifying contract技术领域Technical field

本说明书一个或多个实施例涉及可验证计算技术领域，尤其涉及一种验证合约的方法及装置。One or more embodiments of this specification relate to the field of verifiable computing technology, and more particularly to a method and device for verifying contracts.

背景技术Background technique

在相关技术中，针对各种场景下的隐私需求，一种方式是通过同态加密(Homomorphic encryption)和零知识证明(Zero-knowledge proof)等加密技术实现隐私保护，但也随之带来了严重的性能损失。可信执行环境(Trusted Execution Environment,TEE)是另一种解决方式。TEE可以起到硬件中的黑箱作用，在TEE中执行的代码和数据操作系统层都无法偷窥，只有代码中预先定义的接口才能对其进行操作。在效率方面，由于TEE的黑箱性质，在TEE中进行运算的是明文数据，而不是同态加密中的复杂密码学运算，计算过程效率没有损失。In related technologies, for privacy requirements in various scenarios, one way is to achieve privacy protection through encryption technologies such as Homomorphic encryption and Zero-knowledge proof. Serious performance loss. Trusted Execution Environment (TEE) is another solution. TEE can play the role of a black box in the hardware. Neither the code executed in the TEE nor the data operating system layer can be peeped, and only the pre-defined interface in the code can operate on it. In terms of efficiency, due to the black-box nature of TEE, plaintext data is calculated in TEE instead of complex cryptographic operations in homomorphic encryption, and there is no loss in the efficiency of the calculation process.

发明内容Summary of the invention

有鉴于此，本说明书一个或多个实施例提供一种验证合约的方法及装置，能够在链下环境内安全实现验证合约的操作。In view of this, one or more embodiments of this specification provide a method and device for verifying a contract, which can safely implement the operation of verifying a contract in an off-chain environment.

为实现上述目的，本说明书一个或多个实施例提供技术方案如下。In order to achieve the foregoing objectives, one or more embodiments of the present specification provide the following technical solutions.

根据本说明书一个或多个实施例的第一方面，提出了一种验证合约的方法，包括：客户端获取针对链下隐私计算节点创建的链下可信执行环境的远程证明报告，所述远程证明报告由认证服务器对所述链下隐私计算节点针对所述链下可信执行环境产生的自荐信息进行验证后生成；所述客户端在根据所述远程证明报告确定所述链下可信执行环境可信的情况下，获取部署于所述链下隐私计算节点处的目标链下合约的待验证合约信息，所述待验证合约信息被所述链下隐私计算节点在所述链下可信执行环境内采用所述链下隐私计算节点的节点身份私钥进行签名，所述节点身份私钥由所述链下隐私计算节点在所述链下可信执行环境内生成；所述客户端采用所述链下隐私计算节点的节点身份公钥对所述待验证合约信息进行签名验证，以及根据所述目标链下合约的合约信息对所述待验证合约信息进行合约信息验证，并在签名验证和合约信息验证通过的情况下，确定所述客户端在通过区块链节点的预言机机制对所述目标链下合约发起调用时，所述目标链下合约由所述链下隐私计算节点在所述链下可信执行环境中执行。According to the first aspect of one or more embodiments of this specification, a method for verifying a contract is proposed, which includes: a client obtains a remote attestation report for an off-chain trusted execution environment created by an off-chain private computing node, and the remote The attestation report is generated by the authentication server after verifying the self-recommended information generated by the off-chain private computing node for the off-chain trusted execution environment; the client determines that the off-chain trusted execution is based on the remote attestation report In the case of a credible environment, obtain the to-be-verified contract information of the target off-chain contract deployed at the off-chain private computing node, and the to-be-verified contract information is trusted off-chain by the off-chain private computing node The execution environment uses the node identity private key of the off-chain private computing node to sign, and the node identity private key is generated by the off-chain private computing node in the off-chain trusted execution environment; the client uses The node identity public key of the off-chain privacy computing node performs signature verification on the to-be-verified contract information, and performs contract information verification on the to-be-verified contract information according to the contract information of the target chain off-chain contract, and performs the signature verification In the case that the verification of the contract information is passed, it is determined that when the client initiates a call to the target chain contract through the oracle mechanism of the blockchain node, the target chain contract is registered by the off-chain privacy computing node. Execute in the trusted execution environment under the chain.

根据本说明书一个或多个实施例的第二方面，提出了一种验证合约的方法，包括：链下隐私计算节点向客户端提供针对所述链下隐私计算节点创建的链下可信执行环境的远程证明报告，所述远程证明报告由认证服务器对所述链下隐私计算节点针对所述链下可信执行环境产生的自荐信息进行验证后生成；所述链下隐私计算节点向所述客户端提供部署于所述链下隐私计算节点处的目标链下合约的待验证合约信息，所述待验证合约信息被所述链下隐私计算节点在所述链下可信执行环境内采用所述链下隐私计算节 点的节点身份私钥进行签名，所述节点身份私钥由所述链下隐私计算节点在所述链下可信执行环境内生成；所述待验证合约信息由所述客户端在根据所述远程证明报告确定所述链下可信执行环境可信的情况下，采用所述链下隐私计算节点的节点身份公钥对所述待验证合约信息进行签名验证，以及根据所述目标链下合约的合约信息对所述待验证合约信息进行合约信息验证，并在签名验证和合约信息验证通过的情况下，确定所述客户端在通过区块链节点的预言机机制对所述目标链下合约发起调用时，所述目标链下合约由所述链下隐私计算节点在所述链下可信执行环境中执行。According to the second aspect of one or more embodiments of this specification, a method for verifying a contract is proposed, including: an off-chain private computing node provides a client with an off-chain trusted execution environment created for the off-chain private computing node The remote attestation report is generated by the authentication server after verifying the self-recommended information generated by the off-chain private computing node for the off-chain trusted execution environment; the off-chain private computing node reports to the client The terminal provides the to-be-verified contract information of the target off-chain contract deployed at the off-chain private computing node, and the to-be-verified contract information is used by the off-chain private computing node in the off-chain trusted execution environment. The node identity private key of the off-chain private computing node is signed, and the node identity private key is generated by the off-chain private computing node in the off-chain trusted execution environment; the contract information to be verified is generated by the client In the case that the off-chain trusted execution environment is determined to be credible according to the remote attestation report, the node identity public key of the off-chain private computing node is used to perform signature verification on the contract information to be verified, and according to the The contract information of the contract under the target chain performs contract information verification on the contract information to be verified, and if the signature verification and contract information verification are passed, it is determined that the client is performing the verification of the contract information through the oracle mechanism of the blockchain node. When the off-chain contract of the target chain is invoked, the off-chain contract is executed by the off-chain private computing node in the off-chain trusted execution environment.

根据本说明书一个或多个实施例的第三方面，提出了一种验证合约的方法，包括：客户端获取针对隐私计算节点创建的可信执行环境的远程证明报告，所述远程证明报告由认证服务器对所述隐私计算节点针对所述可信执行环境产生的自荐信息进行验证后生成；所述客户端在根据所述远程证明报告确定所述可信执行环境可信的情况下，获取部署于所述隐私计算节点处的目标智能合约的待验证合约信息，所述待验证合约信息被所述隐私计算节点在所述可信执行环境内采用所述隐私计算节点的身份私钥进行签名，所述身份私钥由所述隐私计算节点在所述可信执行环境内维护；所述客户端采用所述隐私计算节点的身份公钥对所述待验证合约信息进行签名验证，以及根据所述目标智能合约的合约信息对所述待验证合约信息进行合约信息验证，并在签名验证和合约信息验证通过的情况下，确定所述客户端在对所述目标智能合约发起调用时，所述目标智能合约由所述隐私计算节点在所述可信执行环境中执行。According to the third aspect of one or more embodiments of this specification, a method for verifying a contract is proposed, including: a client obtains a remote certification report for a trusted execution environment created by a private computing node, and the remote certification report is authenticated The server verifies the self-recommendation information generated by the private computing node for the trusted execution environment and generates it; when the client determines that the trusted execution environment is credible according to the remote attestation report, obtains and deploys The to-be-verified contract information of the target smart contract at the private computing node, and the to-be-verified contract information is signed by the private computing node in the trusted execution environment using the private key of the private computing node’s identity, so The identity private key is maintained by the private computing node in the trusted execution environment; the client uses the identity public key of the private computing node to perform signature verification on the contract information to be verified, and according to the target The contract information of the smart contract performs contract information verification on the contract information to be verified, and when the signature verification and contract information verification pass, it is determined that when the client initiates a call to the target smart contract, the target smart contract The contract is executed by the privacy computing node in the trusted execution environment.

根据本说明书一个或多个实施例的第四方面，提出了一种验证合约的方法，包括：隐私计算节点向客户端提供针对所述隐私计算节点创建的可信执行环境的远程证明报告，所述远程证明报告由认证服务器对所述隐私计算节点针对所述可信执行环境产生的自荐信息进行验证后生成；所述隐私计算节点向所述客户端提供部署于所述隐私计算节点处的目标智能合约的待验证合约信息，所述待验证合约信息被所述隐私计算节点在所述可信执行环境内采用所述隐私计算节点的身份私钥进行签名，所述身份私钥由所述隐私计算节点在所述可信执行环境内维护；所述待验证合约信息由所述客户端在根据所述远程证明报告确定所述可信执行环境可信的情况下，采用所述隐私计算节点的身份公钥对所述待验证合约信息进行签名验证，以及根据所述目标智能合约的合约信息对所述待验证合约信息进行合约信息验证，并在签名验证和合约信息验证通过的情况下，确定所述客户端在对所述目标智能合约发起调用时，所述目标智能合约由所述隐私计算节点在所述可信执行环境中执行。According to the fourth aspect of one or more embodiments of this specification, a method for verifying a contract is proposed, which includes: a private computing node provides a client with a remote attestation report for the trusted execution environment created by the private computing node, so The remote certification report is generated by the authentication server after verifying the self-recommended information generated by the private computing node for the trusted execution environment; the private computing node provides the client with the target deployed at the private computing node The to-be-verified contract information of the smart contract, the to-be-verified contract information is signed by the private computing node in the trusted execution environment using the private identity key of the private computing node, and the identity private key is signed by the private The computing node is maintained in the trusted execution environment; when the client terminal determines that the trusted execution environment is credible according to the remote attestation report, the contract information to be verified is maintained in the trusted execution environment. The identity public key performs signature verification on the contract information to be verified, and performs contract information verification on the contract information to be verified according to the contract information of the target smart contract, and confirms if the signature verification and contract information verification pass When the client initiates a call to the target smart contract, the target smart contract is executed by the private computing node in the trusted execution environment.

根据本说明书一个或多个实施例的第五方面，提出了一种验证合约的装置，包括：报告获取单元，使客户端获取针对链下隐私计算节点创建的链下可信执行环境的远程证明报告，所述远程证明报告由认证服务器对所述链下隐私计算节点针对所述链下可信执行环境产生的自荐信息进行验证后生成；合约信息获取单元，使所述客户端在根据所述远程证明报告确定所述链下可信执行环境可信的情况下，获取部署于所述链下隐私计算节点处的目标链下合约的待验证合约信息，所述待验证合约信息被所述链下隐私计算节点在所述链下可信执行环境内采用所述链下隐私计算节点的节点身份私钥进行签名，所述节点身份私钥由所述链下隐私计算节点在所述链下可信执行环境内生成；验证单元，使所述客户端采用所述链下隐私计算节点的节点身份公钥对所述待验证合约信息进行 签名验证，以及根据所述目标链下合约的合约信息对所述待验证合约信息进行合约信息验证，并在签名验证和合约信息验证通过的情况下，确定所述客户端在通过区块链节点的预言机机制对所述目标链下合约发起调用时，所述目标链下合约由所述链下隐私计算节点在所述链下可信执行环境中执行。According to the fifth aspect of one or more embodiments of this specification, a device for verifying a contract is proposed, which includes: a report obtaining unit that enables the client to obtain remote certification for the off-chain trusted execution environment created by the off-chain private computing node The remote attestation report is generated by the authentication server after verifying the self-recommendation information generated by the off-chain private computing node for the off-chain trusted execution environment; the contract information acquisition unit enables the client to be based on the If the remote attestation report confirms that the off-chain trusted execution environment is credible, obtain the to-be-verified contract information of the target off-chain contract deployed at the off-chain privacy computing node, and the to-be-verified contract information is used by the chain The next private computing node uses the node identity private key of the off-chain private computing node to sign in the off-chain trusted execution environment, and the node identity private key is available to the off-chain private computing node in the chain. The verification unit enables the client to use the node identity public key of the off-chain private computing node to perform signature verification on the contract information to be verified, and pair the contract information according to the target chain off-chain contract information The contract information to be verified is subjected to contract information verification, and when the signature verification and contract information verification pass, it is determined that when the client initiates a call to the target chain contract through the oracle mechanism of the blockchain node, The target off-chain contract is executed by the off-chain privacy computing node in the off-chain trusted execution environment.

根据本说明书一个或多个实施例的第六方面，提出了一种验证合约的装置，包括：报告提供单元，使链下隐私计算节点向客户端提供针对所述链下隐私计算节点创建的链下可信执行环境的远程证明报告，所述远程证明报告由认证服务器对所述链下隐私计算节点针对所述链下可信执行环境产生的自荐信息进行验证后生成；合约信息提供单元，使所述链下隐私计算节点向所述客户端提供部署于所述链下隐私计算节点处的目标链下合约的待验证合约信息，所述待验证合约信息被所述链下隐私计算节点在所述链下可信执行环境内采用所述链下隐私计算节点的节点身份私钥进行签名，所述节点身份私钥由所述链下隐私计算节点在所述链下可信执行环境内生成；所述待验证合约信息由所述客户端在根据所述远程证明报告确定所述链下可信执行环境可信的情况下，采用所述链下隐私计算节点的节点身份公钥对所述待验证合约信息进行签名验证，以及根据所述目标链下合约的合约信息对所述待验证合约信息进行合约信息验证，并在签名验证和合约信息验证通过的情况下，确定所述客户端在通过区块链节点的预言机机制对所述目标链下合约发起调用时，所述目标链下合约由所述链下隐私计算节点在所述链下可信执行环境中执行。According to the sixth aspect of one or more embodiments of this specification, a device for verifying a contract is proposed, including: a report providing unit, which enables the off-chain private computing node to provide the client with the chain created for the off-chain private computing node The remote attestation report of the trusted execution environment is generated by the authentication server after verifying the self-recommended information generated by the off-chain private computing node for the off-chain trusted execution environment; the contract information providing unit makes The off-chain privacy computing node provides the client with the to-be-verified contract information of the target off-chain contract deployed at the off-chain privacy computing node, and the to-be-verified contract information is stored by the off-chain privacy computing node. The off-chain trusted execution environment is signed using the node identity private key of the off-chain private computing node, and the node identity private key is generated by the off-chain private computing node in the off-chain trusted execution environment; For the contract information to be verified, the client uses the node identity public key of the off-chain private computing node to pair the to-be-verified under the condition that the off-chain trusted execution environment is determined to be credible according to the remote attestation report. Verify the contract information for signature verification, and perform contract information verification on the contract information to be verified according to the contract information of the contract under the target chain, and if the signature verification and contract information verification are passed, it is determined that the client is passing When the oracle mechanism of the blockchain node initiates a call to the target chain contract, the target chain contract is executed by the chain privacy computing node in the trusted execution environment of the chain.

根据本说明书一个或多个实施例的第七方面，提出了一种验证合约的装置，包括：报告获取单元，使客户端获取针对隐私计算节点创建的可信执行环境的远程证明报告，所述远程证明报告由认证服务器对所述隐私计算节点针对所述可信执行环境产生的自荐信息进行验证后生成；合约信息获取单元，使所述客户端在根据所述远程证明报告确定所述可信执行环境可信的情况下，获取部署于所述隐私计算节点处的目标智能合约的待验证合约信息，所述待验证合约信息被所述隐私计算节点在所述可信执行环境内采用所述隐私计算节点的身份私钥进行签名，所述身份私钥由所述隐私计算节点在所述可信执行环境内维护；验证单元，使所述客户端采用所述隐私计算节点的身份公钥对所述待验证合约信息进行签名验证，以及根据所述目标智能合约的合约信息对所述待验证合约信息进行合约信息验证，并在签名验证和合约信息验证通过的情况下，确定所述客户端在对所述目标智能合约发起调用时，所述目标智能合约由所述隐私计算节点在所述可信执行环境中执行。According to the seventh aspect of one or more embodiments of the present specification, a device for verifying a contract is proposed, including: a report obtaining unit, which enables the client to obtain a remote attestation report for a trusted execution environment created by a private computing node. The remote attestation report is generated by the authentication server after verifying the self-recommendation information generated by the private computing node for the trusted execution environment; the contract information acquisition unit enables the client to determine the authenticity according to the remote attestation report In the case of a credible execution environment, obtain the contract information to be verified of the target smart contract deployed at the private computing node, and the contract information to be verified is used by the private computing node in the trusted execution environment The identity private key of the private computing node is signed, and the identity private key is maintained by the private computing node in the trusted execution environment; the verification unit enables the client to use the identity public key pair of the private computing node Perform signature verification on the contract information to be verified, and perform contract information verification on the contract information to be verified according to the contract information of the target smart contract, and determine the client terminal if the signature verification and contract information verification pass When invoking the target smart contract, the target smart contract is executed by the private computing node in the trusted execution environment.

根据本说明书一个或多个实施例的第八方面，提出了一种验证合约的装置，包括：报告提供单元，使隐私计算节点向客户端提供针对所述隐私计算节点创建的可信执行环境的远程证明报告，所述远程证明报告由认证服务器对所述隐私计算节点针对所述可信执行环境产生的自荐信息进行验证后生成；合约信息提供单元，使所述隐私计算节点向所述客户端提供部署于所述隐私计算节点处的目标智能合约的待验证合约信息，所述待验证合约信息被所述隐私计算节点在所述可信执行环境内采用所述隐私计算节点的身份私钥进行签名，所述身份私钥由所述隐私计算节点在所述可信执行环境内维护；所述待验证合约信息由所述客户端在根据所述远程证明报告确定所述可信执行环境可信的情况下，采用所述隐私计算节点的身份公钥对所述待验证合约信息进行签名验证，以及 根据所述目标智能合约的合约信息对所述待验证合约信息进行合约信息验证，并在签名验证和合约信息验证通过的情况下，确定所述客户端在对所述目标智能合约发起调用时，所述目标智能合约由所述隐私计算节点在所述可信执行环境中执行。According to the eighth aspect of one or more embodiments of the present specification, a device for verifying a contract is proposed, including: a report providing unit, which enables a private computing node to provide a client with a trusted execution environment created by the private computing node The remote attestation report is generated by the authentication server after verifying the self-recommended information generated by the private computing node for the trusted execution environment; the contract information providing unit enables the private computing node to report to the client Provides the contract information to be verified of the target smart contract deployed at the private computing node, and the contract information to be verified is performed by the private computing node in the trusted execution environment using the private key of the private computing node's identity Signature, the identity private key is maintained by the privacy computing node in the trusted execution environment; the contract information to be verified is determined by the client according to the remote attestation report that the trusted execution environment is trustworthy In the case of, the identity public key of the privacy computing node is used to perform signature verification on the contract information to be verified, and the contract information to be verified is verified according to the contract information of the target smart contract, and the signature In the case where the verification and contract information verification pass, it is determined that when the client initiates a call to the target smart contract, the target smart contract is executed by the private computing node in the trusted execution environment.

根据本说明书一个或多个实施例的第九方面，提出了一种电子设备，包括：处理器；According to a ninth aspect of one or more embodiments of this specification, an electronic device is proposed, including: a processor;

用于存储处理器可执行指令的存储器；其中，所述处理器通过运行所述可执行指令以实现如第一方面、第二方面、第三方面或第四方面所述的方法。A memory for storing executable instructions of a processor; wherein the processor executes the executable instructions to implement the method according to the first, second, third or fourth aspect.

根据本说明书一个或多个实施例的第十方面，提出了一种计算机可读存储介质，其上存储有计算机指令，该指令被处理器执行时实现如第一方面、第二方面、第三方面或第四方面所述方法的步骤。According to the tenth aspect of one or more embodiments of the present specification, a computer-readable storage medium is provided with computer instructions stored thereon. When the instructions are executed by a processor, the first aspect, the second aspect, and the third aspect are implemented. Aspect or the steps of the method of the fourth aspect.

综上所述，本说明书通过在链下隐私计算节点上实现链下可信执行环境，使得链下隐私计算节点可以提供安全可靠的运行环境，并且该链下可信执行环境的可靠性可以通过远程证明予以验证，从而在签名验证和合约信息验证均通过的情况下，确定链下隐私计算节点能够安全并且忠实地调用合约以完成链下隐私计算。In summary, this manual implements an off-chain trusted execution environment on off-chain private computing nodes, so that off-chain private computing nodes can provide a safe and reliable operating environment, and the reliability of the off-chain trusted execution environment can be verified by The remote proof is verified, so that when both the signature verification and the contract information verification pass, it is determined that the off-chain privacy computing node can safely and faithfully call the contract to complete the off-chain privacy calculation.

附图说明Description of the drawings

图1是一示例性实施例提供的一种集群密钥共享方法的流程图。Fig. 1 is a flowchart of a cluster key sharing method provided by an exemplary embodiment.

图2是一示例性实施例提供的一种链下隐私计算节点之间形成集群身份的示意图。Fig. 2 is a schematic diagram of forming a cluster identity between off-chain privacy computing nodes according to an exemplary embodiment.

图3是一示例性实施例提供的一种实现远程证明的场景示意图。Fig. 3 is a schematic diagram of a scenario for realizing remote certification provided by an exemplary embodiment.

图4是一示例性实施例提供的另一种实现远程证明的场景示意图。Fig. 4 is a schematic diagram of another scenario for realizing remote certification provided by an exemplary embodiment.

图5是一示例性实施例提供的一种部署链下合约的场景示意图。Fig. 5 is a schematic diagram of a scenario for deploying an off-chain contract according to an exemplary embodiment.

图6是一示例性实施例提供的另一种部署链下合约的场景示意图。Fig. 6 is a schematic diagram of another scenario for deploying an off-chain contract according to an exemplary embodiment.

图7是一示例性实施例提供的一种客户端侧的验证合约的流程图。Fig. 7 is a flowchart of a client-side verification contract provided by an exemplary embodiment.

图8是一示例性实施例提供的一种验证链下合约的示意图。Fig. 8 is a schematic diagram of verifying an off-chain contract according to an exemplary embodiment.

图9是一示例性实施例提供的另一种验证链下合约的示意图。Fig. 9 is a schematic diagram of another verification off-chain contract provided by an exemplary embodiment.

图10是一示例性实施例提供的一种调用链下合约的场景示意图。Fig. 10 is a schematic diagram of a scenario for invoking an off-chain contract according to an exemplary embodiment.

图11是一示例性实施例提供的一种链下隐私计算节点侧的验证合约的流程图。Fig. 11 is a flowchart of a verification contract on the side of an off-chain privacy computing node provided by an exemplary embodiment.

图12是一示例性实施例提供的另一种客户端侧的验证合约的流程图。Fig. 12 is a flowchart of another client-side verification contract provided by an exemplary embodiment.

图13是一示例性实施例提供的另一种隐私计算节点侧的验证合约的流程图。Fig. 13 is a flowchart of another verification contract on the side of a privacy computing node provided by an exemplary embodiment.

图14是一示例性实施例提供的一种设备的结构示意图。Fig. 14 is a schematic structural diagram of a device provided by an exemplary embodiment.

图15是一示例性实施例提供的一种客户端侧的验证链下合约的装置的框图。Fig. 15 is a block diagram of an apparatus for verifying an off-chain contract on the client side according to an exemplary embodiment.

图16是一示例性实施例提供的一种链下隐私计算节点侧的验证链下合约的装置的框图。Fig. 16 is a block diagram of a device for verifying an off-chain contract on the side of an off-chain privacy computing node provided by an exemplary embodiment.

图17是一示例性实施例提供的一种客户端侧的验证合约的装置的框图。Fig. 17 is a block diagram of an apparatus for verifying a contract on the client side according to an exemplary embodiment.

图18是一示例性实施例提供的一种隐私计算节点侧的验证合约的装置的框图。Fig. 18 is a block diagram of an apparatus for verifying a contract on the side of a privacy computing node provided by an exemplary embodiment.

具体实施方式Detailed ways

这里将详细地对示例性实施例进行说明，其示例表示在附图中。下面的描述涉及附图时，除非另有表示，不同附图中的相同数字表示相同或相似的要素。以下示例性实施例中所描述的实施方式并不代表与本说明书一个或多个实施例相一致的所有实施方式。相反，它们仅是与如所附权利要求书中所详述的、本说明书一个或多个实施例的一些方面相一致的装置和方法的例子。The exemplary embodiments will be described in detail here, and examples thereof are shown in the accompanying drawings. When the following description refers to the accompanying drawings, unless otherwise indicated, the same numbers in different drawings represent the same or similar elements. The implementation manners described in the following exemplary embodiments do not represent all implementation manners consistent with one or more embodiments of this specification. Rather, they are merely examples of devices and methods consistent with some aspects of one or more embodiments of this specification as detailed in the appended claims.

需要说明的是：在其他实施例中并不一定按照本说明书示出和描述的顺序来执行相应方法的步骤。在一些其他实施例中，其方法所包括的步骤可以比本说明书所描述的更多或更少。此外，本说明书中所描述的单个步骤，在其他实施例中可能被分解为多个步骤进行描述；而本说明书中所描述的多个步骤，在其他实施例中也可能被合并为单个步骤进行描述。应当理解，尽管在本说明书可能采用术语第一、第二、第三等来描述各种信息，但这些信息不应限于这些术语。这些术语仅用来将同一类型的信息彼此区分开。例如，在不脱离本说明书范围的情况下，第一信息也可以被称为第二信息，类似地，第二信息也可以被称为第一信息。取决于语境，如在此所使用的词语“如果”可以被解释成为“在……时”或“当……时”或“响应于确定”。It should be noted that in other embodiments, the steps of the corresponding method may not be executed in the order shown and described in this specification. In some other embodiments, the method may include more or fewer steps than described in this specification. In addition, a single step described in this specification may be decomposed into multiple steps for description in other embodiments; and multiple steps described in this specification may also be combined into a single step in other embodiments. describe. It should be understood that although the terms first, second, third, etc. may be used in this specification to describe various information, the information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other. For example, without departing from the scope of this specification, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information. Depending on the context, the word "if" as used herein can be interpreted as "when" or "when" or "in response to determination".

区块链一般被划分为三种类型：公有链(Public Blockchain)，私有链(Private Blockchain)和联盟链(Consortium Blockchain)。此外，还有多种类型的结合，比如私有链+联盟链、联盟链+公有链等不同组合形式。其中去中心化程度最高的是公有链。公有链以比特币、以太坊为代表，加入公有链的参与者可以读取链上的数据记录、参与交易以及竞争新区块的记账权等，且各参与者(即节点)可自由加入以及退出网络。私有链则相反，该网络的数据写入权限由某个组织或者机构控制，数据读取权限受组织规定；简单来说，私有链可以为一个弱中心化系统，参与节点具有严格限制且少，因而私有链更适合于特定机构内部使用。联盟链则是介于公有链以及私有链之间的区块链，可实现“部分去中心化”。联盟链中各个节点通常有与之相对应的实体机构或者组织，参与者通过授权加入网络并组成利益相关联盟，共同维护区块链运行。Blockchain is generally divided into three types: Public Blockchain, Private Blockchain and Consortium Blockchain. In addition, there are many types of combinations, such as private chain + alliance chain, alliance chain + public chain and other different combinations. Among them, the most decentralized one is the public chain. The public chain is represented by Bitcoin and Ethereum. Participants who join the public chain can read the data records on the chain, participate in transactions, and compete for the accounting rights of new blocks, etc., and each participant (ie, node) can freely join and Exit the network. The private chain is the opposite. The network's data write permission is controlled by an organization or institution, and the data read permission is regulated by the organization; in simple terms, the private chain can be a weakly centralized system with strict restrictions and few participating nodes. Therefore, the private chain is more suitable for internal use by specific institutions. Consortium chain is a block chain between public chain and private chain, which can realize "partial decentralization". Each node in the alliance chain usually has a corresponding entity or organization, and participants are authorized to join the network and form a stakeholder alliance to jointly maintain the operation of the blockchain.

在区块链网络中，通过向区块链节点提交相应的区块链交易(简称交易)，并由区块链节点执行区块链交易，以实现相应的操作目的。对于上述任何类型的区块链而言，区块链节点均可以通过创建TEE，并将TEE实现为区块链交易的安全执行环境。TEE是基于CPU硬件的安全扩展，且与外部完全隔离的可信执行环境。TEE最早是由Global Platform提出的概念，用于解决移动设备上资源的安全隔离，平行于操作系统为应用程序提供可信安全的执行环境。目前工业界十分关注TEE的方案，几乎所有主流的芯片和软件联盟都有自己的TEE解决方案，比如软件方面的TPM(Trusted Platform Module，可信赖平台模块)以及硬件方面的Intel SGX(Software Guard Extensions,软件保护扩展)、ARM Trustzone(信任区)和AMD PSP(Platform Security Processor，平台安全处理器)等。In the blockchain network, by submitting the corresponding blockchain transaction (transaction for short) to the blockchain node, and the blockchain node executes the blockchain transaction to achieve the corresponding operation purpose. For any of the above types of blockchains, blockchain nodes can create a TEE and realize the TEE as a secure execution environment for blockchain transactions. TEE is a secure extension based on CPU hardware and a trusted execution environment that is completely isolated from the outside. TEE was first proposed by Global Platform to solve the security isolation of resources on mobile devices, and parallel to the operating system to provide a trusted and secure execution environment for applications. At present, the industry is very concerned about TEE solutions. Almost all mainstream chip and software alliances have their own TEE solutions, such as TPM (Trusted Platform Module) in software and Intel SGX (Software Guard Extensions) in hardware. , Software Protection Extension), ARM Trustzone (trust zone) and AMD PSP (Platform Security Processor, platform security processor), etc.

以Intel SGX(以下简称SGX)技术为例。区块链节点可以基于SGX技术创建enclave (围圈或飞地)，以作为用于执行区块链交易的TEE。其中，区块链节点利用CPU中新增的处理器指令，在内存中可以分配一部分区域EPC(Enclave Page Cache，围圈页面缓存或飞地页面缓存)，以用于驻留上述的enclave。上述EPC对应的内存区域被CPU内部的内存加密引擎MEE(Memory Encryption Engine)加密，该内存区域中的内容(enclave中的代码和数据)只有在CPU内核中才能够被解密，且用于加解密的密钥只有在EPC启动时生成并存储在CPU中。可见，enclave的安全边界只包含其自身和CPU，无论是特权或非特权软件都无法访问enclave，即便是操作系统管理员和VMM(virtual machine monitor，虚拟机监视器；或称为，Hypervisor)也无法影响enclave中的代码和数据，因而具有极高的安全性，并且在上述安全性保障的前提下，CPU能够在enclave中对明文形式的区块链交易进行处理，具有极高的运算效率，从而兼顾了数据安全性和计算效率。Take Intel SGX (hereinafter referred to as SGX) technology as an example. Blockchain nodes can create enclaves (enclaves or enclaves) based on SGX technology to serve as TEEs for executing blockchain transactions. Among them, the blockchain node uses the newly added processor instructions in the CPU to allocate a part of the area EPC (Enclave Page Cache, enclave page cache or enclave page cache) in the memory to reside in the above-mentioned enclave. The memory area corresponding to the above EPC is encrypted by the memory encryption engine MEE (Memory Encryption Engine) inside the CPU. The content in the memory area (code and data in the enclave) can only be decrypted in the CPU core and used for encryption and decryption. The key is only generated and stored in the CPU when the EPC is started. It can be seen that the security boundary of the enclave only includes itself and the CPU, and neither privileged or non-privileged software can access the enclave, even the operating system administrator and VMM (virtual machine monitor, or Hypervisor). Can not affect the code and data in the enclave, so it has extremely high security, and under the premise of the above-mentioned security guarantee, the CPU can process the block chain transaction in the form of plain text in the enclave, and has extremely high computational efficiency. Thus, both data security and computing efficiency are taken into consideration.

基于区块链网络的去中心化架构，使得区块链上的每笔区块链交易都需要在区块链网络内的所有区块链节点上执行，以确保每个区块链节点所维护的区块链账本数据一致。如果交易逻辑较为简单，比如以比特币为例，区块链交易仅用于实现转账操作，此时即便区块链交易需要在所有区块链节点都执行，也不会导致过多的资源消耗。但是，如果区块链提供了智能合约的功能，而区块链交易调用了智能合约，那么情况可能大不相同。区块链上的智能合约是在区块链系统上可以被交易触发执行的合约，智能合约可以通过代码的形式定义。Based on the decentralized architecture of the blockchain network, every blockchain transaction on the blockchain needs to be executed on all blockchain nodes in the blockchain network to ensure that each blockchain node is maintained The blockchain ledger data is consistent. If the transaction logic is relatively simple, such as Bitcoin as an example, the blockchain transaction is only used to realize the transfer operation. At this time, even if the blockchain transaction needs to be executed on all blockchain nodes, it will not cause excessive resource consumption. . However, if the blockchain provides the function of a smart contract, and the blockchain transaction calls the smart contract, then the situation may be quite different. A smart contract on the blockchain is a contract that can be triggered by a transaction to execute on the blockchain system, and the smart contract can be defined in the form of code.

以以太坊为例，支持用户在以太坊网络中创建并调用一些复杂的逻辑，这是以太坊区别于比特币区块链技术的最大挑战。以太坊作为一个可编程区块链的核心是以太坊虚拟机(EVM)，每个以太坊节点都可以运行EVM。EVM是一个图灵完备的虚拟机，这意味着可以通过它实现各种复杂的逻辑。用户在以太坊中发布和调用智能合约就是在EVM上运行的。实际上，虚拟机直接运行的是虚拟机代码(虚拟机字节码，下简称“字节码”)。智能合约分为部署和调用两个阶段。Taking Ethereum as an example, it supports users to create and call some complex logic in the Ethereum network. This is the biggest challenge that distinguishes Ethereum from Bitcoin blockchain technology. The core of Ethereum as a programmable blockchain is the Ethereum Virtual Machine (EVM), and every Ethereum node can run EVM. EVM is a Turing complete virtual machine, which means that various complex logic can be implemented through it. Users who publish and call smart contracts in Ethereum run on the EVM. In fact, what the virtual machine directly runs is virtual machine code (virtual machine bytecode, hereinafter referred to as "bytecode"). The smart contract is divided into two stages: deployment and invocation.

在部署阶段，用户将一个包含创建智能合约信息的交易发送至以太坊网络，该交易的data字段包含智能合约的代码(如字节码)，该交易的to字段为空。以太坊网络中的各个节点分别通过EVM执行这个交易，并生成对应的合约实例。在节点间通过共识机制达成一致后，上述交易对应的智能合约创建成功，区块链上出现一个与该智能合约对应的合约账户，该合约账户拥有一个特定的合约地址，合约代码(即智能合约的代码)或合约代码的哈希值保存在该合约账户中，该合约代码用于控制相应的智能合约的行为。In the deployment phase, the user sends a transaction containing information about creating a smart contract to the Ethereum network. The data field of the transaction contains the code (such as bytecode) of the smart contract, and the to field of the transaction is empty. Each node in the Ethereum network executes this transaction through the EVM and generates a corresponding contract instance. After the nodes reach an agreement through the consensus mechanism, the smart contract corresponding to the above transaction is successfully created, and a contract account corresponding to the smart contract appears on the blockchain. The contract account has a specific contract address and contract code (i.e., smart contract). The code) or the hash value of the contract code is stored in the contract account, and the contract code is used to control the behavior of the corresponding smart contract.

在调用阶段，用户(可以与部署智能合约的用户相同或不同)将一个用于调用智能合约的交易发送到以太坊网络，该交易的from字段是该用户对应的外部账户的地址，to字段是所需调用的智能合约的合约地址，data字段包含调用智能合约的方法和参数。在节点间通过共识机制达成一致后，上述交易声明调用的智能合约以规定的方式在以太坊网络的每个节点上独立执行，所有执行记录和数据都保存在区块链上，所以当交易完成后，区块链上就保存了无法篡改、不会丢失的交易凭证。In the invocation phase, the user (which can be the same or different from the user who deployed the smart contract) sends a transaction for invoking the smart contract to the Ethereum network. The from field of the transaction is the address of the external account corresponding to the user, and the to field is The contract address of the smart contract to be called. The data field contains the method and parameters for calling the smart contract. After the nodes reach an agreement through the consensus mechanism, the smart contract called by the above transaction statement is executed independently on each node of the Ethereum network in a prescribed manner. All execution records and data are stored on the blockchain, so when the transaction is completed Later, the transaction vouchers that cannot be tampered with and will not be lost are stored on the blockchain.

如前所述，EVM是一个图灵完备的虚拟机；类似地，其他区块链也可以采用其他类型的虚拟机，比如WASM(WebAssembly)虚拟机等。总之，当交易调用的智能合约用 于实现相对复杂的逻辑时，节点通过虚拟机执行该智能合约的代码的过程会消耗相对较多的计算资源，并且由于区块链网络内的所有节点都需要执行该智能合约的代码，因此随着节点数量的增加会导致计算资源的消耗量成倍增长。因此，虽然结合TEE技术可以相对减少单个区块链节点的资源消耗、加快交易执行效率，但就整个区块链网络而言，仍然会造成极大的资源消耗和浪费。As mentioned earlier, EVM is a Turing complete virtual machine; similarly, other blockchains can also use other types of virtual machines, such as WASM (WebAssembly) virtual machines. In short, when the smart contract invoked by the transaction is used to implement relatively complex logic, the process of executing the code of the smart contract by the node through the virtual machine consumes relatively more computing resources, and because all nodes in the blockchain network need The code that executes the smart contract, so as the number of nodes increases, the consumption of computing resources will increase exponentially. Therefore, although the combination of TEE technology can relatively reduce the resource consumption of a single blockchain node and speed up transaction execution efficiency, it will still cause great resource consumption and waste for the entire blockchain network.

为此，本说明书提出了在链下部署隐私计算节点(即链下隐私计算节点)，可以将原本需要在所有区块链节点上执行的计算操作转移至链下隐私计算节点处执行，区块链节点只需要从链下隐私计算节点处获取计算结果并基于该计算结果更新区块链账本数据即可，并且可以基于可验证计算(Verifiable Computation)技术证明上述的计算结果确实是在可信执行环境内按照预期执行，从而在确保可靠性的同时，极大地降低了链上的资源消耗。For this reason, this manual proposes to deploy private computing nodes (ie, off-chain private computing nodes) under the chain, which can transfer the computing operations that originally needed to be performed on all blockchain nodes to the off-chain private computing nodes for execution. The chain node only needs to obtain the calculation result from the off-chain private computing node and update the blockchain ledger data based on the calculation result, and can prove that the above calculation result is indeed in a credible execution based on the verifiable computation (Verifiable Computation) technology The environment is executed as expected, which greatly reduces the resource consumption on the chain while ensuring reliability.

如前所述，通过在区块链节点部署智能合约，使得区块链节点可以执行该智能合约的代码以实现相应的计算需求；类似地，可以将用于执行计算任务的代码部署在链下隐私计算节点处，使得链下隐私计算节点可以执行代码以实现相应的计算需求。为了便于理解，本说明书中将部署于区块链节点的合约称为链上合约、将部署于链下隐私计算节点的合约称为链下合约；当然，无论是链上合约还是链下合约，其本质都是一段可以在虚拟机内执行的代码。As mentioned earlier, by deploying a smart contract on a blockchain node, the blockchain node can execute the code of the smart contract to achieve corresponding computing requirements; similarly, the code for performing computing tasks can be deployed off-chain At the private computing node, the off-chain private computing node can execute code to achieve corresponding computing requirements. For ease of understanding, in this manual, the contract deployed on the blockchain node is called the on-chain contract, and the contract deployed on the off-chain privacy computing node is called the off-chain contract; of course, whether it is an on-chain contract or an off-chain contract, Its essence is a piece of code that can be executed in a virtual machine.

与上述区块链节点类似，可在链下隐私计算节点上创建链下TEE(即链下可信执行环境)，该链下TEE基于CPU硬件实现的与外部完全隔离的可信执行环境。链下隐私计算节点通过创建链下TEE，可以通过该链下TEE实现对链下合约的部署操作以及部署后的调用执行操作，并确保操作过程中的数据安全和隐私保护。举例而言，可在链下隐私计算节点上部署链下合约，并在该链下隐私计算节点创建的链下TEE内部署WASM虚拟机。那么当用户向链下隐私计算节点发起一基于WASM程序的计算任务时，链下隐私计算节点可将链下合约读入链下TEE内并编译成WASM字节码，以WASM虚拟机作为执行引擎，将编译得到的WASM字节码在WASM虚拟机中执行。Similar to the above-mentioned blockchain nodes, off-chain TEE (ie, off-chain trusted execution environment) can be created on off-chain private computing nodes. The off-chain TEE is based on a trusted execution environment implemented by CPU hardware that is completely isolated from the outside. By creating an off-chain TEE, the off-chain privacy computing node can implement the deployment operation of the off-chain contract and the call execution operation after deployment through the off-chain TEE, and ensure data security and privacy protection during the operation. For example, an off-chain contract can be deployed on an off-chain private computing node, and a WASM virtual machine can be deployed in an off-chain TEE created by the off-chain private computing node. Then when the user initiates a WASM program-based computing task to the off-chain private computing node, the off-chain private computing node can read the off-chain contract into the off-chain TEE and compile it into WASM bytecode, using the WASM virtual machine as the execution engine , And execute the compiled WASM bytecode in the WASM virtual machine.

可配置单节点形式的链下隐私计算节点来执行计算任务；或者，可通过链下隐私计算集群的形式向用户提供高并发和高可用的隐私计算服务，从而解决节点的负载均衡、故障转移、动态扩展缩容等问题。其中，该链下隐私计算集群可以包含一控制节点和多个链下隐私计算节点，各节点用于部署相同的链下合约(至少一个)以执行计算任务，并由该控制节点对集群内的所有链下隐私计算节点进行统一管理。下面对控制节点管理链下隐私计算节点请求加入集群的过程进行说明。A single-node form of off-chain private computing nodes can be configured to perform computing tasks; alternatively, users can be provided with high-concurrency and highly available private computing services in the form of off-chain private computing clusters, thereby solving node load balancing, failover, and Issues such as dynamic expansion and shrinkage. Among them, the off-chain privacy computing cluster may include a control node and multiple off-chain privacy computing nodes, each node is used to deploy the same off-chain contract (at least one) to perform computing tasks, and the control node will All off-chain privacy computing nodes are managed uniformly. The following describes the process of the private computing node under the control node management chain requesting to join the cluster.

当任一链下隐私计算节点请求加入链下隐私计算集群时，控制节点可以向该节点发起挑战，并接收该节点返回的远程证明报告。远程证明报告产生于针对链下隐私计算节点上的链下TEE的远程证明过程。远程证明报告由认证服务器对链下隐私计算节点产生的自荐信息进行验证后生成，该自荐信息与链下隐私计算节点上创建的链下TEE相关。链下隐私计算节点通过产生与链下TEE相关的自荐信息，并由认证服务器对该自荐信息进行验证后产生远程证明报告，使得远程证明报告可以用于表明链下隐私计算节点上的链下TEE可信任。换言之，远程证明报告由认证服务器对链下隐私计算节点针 对自身的链下TEE产生的自荐信息进行验证后生成。When any off-chain privacy computing node requests to join the off-chain privacy computing cluster, the control node can initiate a challenge to the node and receive the remote attestation report returned by the node. The remote attestation report is generated from the remote attestation process for the off-chain TEE on the off-chain private computing node. The remote attestation report is generated by the authentication server after verifying the self-recommendation information generated by the off-chain private computing node, and the self-recommended information is related to the off-chain TEE created on the off-chain private computing node. The off-chain private computing node generates the self-recommended information related to the off-chain TEE, and the authentication server verifies the self-recommended information to generate a remote attestation report, so that the remote attestation report can be used to indicate the off-chain TEE on the off-chain private computing node Trustworthy. In other words, the remote attestation report is generated by the authentication server after verifying the self-recommended information generated by the off-chain private computing node for its own off-chain TEE.

例如，以Intel SGX技术为例，链下TEE为链下隐私计算节点上创建的用于实现链下隐私计算的enclave，远程证明过程还涉及到链下隐私计算节点上另一个特殊的enclave，即quoting enclave(简称QE)，QE是由英特尔提供并签名的架构型enclave(Architectural Enclave)。上述enclave首先需要生成一用于本地认证的REPORT(报告)结构，并由QE基于该REPORT结构验证该enclave是否与自身处于同一平台上，而后由QE将该REPORT结构封装为一结构体QUOTE(即自荐信息)，并使用EPID(enhanced privacy identification)密钥进行签名。EPID密钥不仅代表链下隐私计算节点这一平台，还代表链下隐私计算节点的底层硬件的可信度，还可以绑定处理器固件的版本等信息，并且只有QE才能访问到EPID密钥，以用于对上述的结构体QUOTE进行签名。在SGX技术中，上述的认证服务器可以为英特尔公司提供的IAS(Intel Attestation Service)服务器，链下隐私计算节点向IAS服务器发送经过签名的上述结构体QUOTE，使得IAS服务器可以对签名进行验证，并向链下隐私计算节点返回相应的远程证明报告。For example, taking Intel SGX technology as an example, the off-chain TEE is an enclave created on the off-chain private computing node to realize off-chain privacy computing. The remote attestation process also involves another special enclave on the off-chain private computing node, namely Quoting enclave (QE for short), QE is an architectural enclave (Architectural Enclave) provided and signed by Intel. The above enclave first needs to generate a REPORT structure for local authentication, and QE verifies whether the enclave is on the same platform as itself based on the REPORT structure, and then QE encapsulates the REPORT structure into a structure QUOTE (ie Self-recommended information), and use the EPID (enhanced privacy identification) key to sign. The EPID key not only represents the platform of the off-chain private computing node, but also represents the credibility of the underlying hardware of the off-chain private computing node. It can also bind information such as the version of the processor firmware, and only QE can access the EPID key. , To sign the above-mentioned structure QUOTE. In SGX technology, the above authentication server can be the IAS (Intel Attestation Service) server provided by Intel. The off-chain privacy computing node sends the signed structure QUOTE to the IAS server, so that the IAS server can verify the signature and Return the corresponding remote certification report to the off-chain privacy computing node.

控制节点在获得链下隐私计算节点的远程证明报告之后，可以根据该远程证明报告来验证相应的链下隐私计算节点是否可信，具体指验证该链下隐私计算节点上部署的链下TEE是否可信，并在确定链下TEE可信的情况下通过链下隐私计算节点加入链下隐私计算集群的请求，将该链下隐私计算节点作为该链下隐私计算集群的成员节点。After the control node obtains the remote attestation report of the off-chain private computing node, it can verify whether the corresponding off-chain private computing node is credible according to the remote attestation report, which specifically refers to verifying whether the off-chain TEE deployed on the off-chain private computing node is Trusted, and when the off-chain TEE is determined to be trusted, the off-chain private computing node is requested to join the off-chain private computing cluster, and the off-chain private computing node is regarded as a member node of the off-chain private computing cluster.

具体而言，链下隐私计算节点在创建链下TEE后，产生用于实现远程证明的自荐信息，该自荐信息可以用于锚定和固化链下TEE的信息，使得最终得到的包含该自荐信息的远程证明报告可以用于表征链下TEE的状态，并用于验证该链下TEE是否可信。例如，自荐信息中可以包含第一待检验哈希值，该第一待检验哈希值为链下TEE中预设信息的哈希值，比如该预设信息可以包括链下TEE内部署的所有代码、该链下TEE的开发者的公钥等。以Intel SGX技术为例，对应于链下TEE内部署的所有代码所生成的哈希值为MREnclave，对应于链下TEE的开发者的公钥所生成的哈希值为MRSigner，即第一待检验哈希值可以包括MREnclave和MRSigner。Specifically, after the off-chain private computing node creates the off-chain TEE, it generates self-recommendation information for remote attestation. The self-recommendation information can be used to anchor and solidify the information of the off-chain TEE, so that the final result contains the self-recommendation information. The remote attestation report can be used to characterize the status of the off-chain TEE and to verify whether the off-chain TEE is trustworthy. For example, the self-recommendation information may include the first hash value to be verified, and the first hash value to be verified is the hash value of the preset information in the off-chain TEE. For example, the preset information may include all deployed in the off-chain TEE. The code, the public key of the developer of the TEE under the chain, etc. Taking Intel SGX technology as an example, the hash value generated by all codes deployed in the off-chain TEE is MREnclave, and the hash value generated by the developer’s public key corresponding to the off-chain TEE is MRSigner, which is the first waiting The verification hash value can include MREnclave and MRSigner.

仍以Intel SGX技术为例。如前所述，链下隐私计算节点向IAS服务器发送经过签名的结构体QUOTE后，由IAS服务器根据所维护的公钥集合进行签名验证，并向链下隐私计算节点返回远程证明报告(即AVR报告)，该远程证明报告中包含：结构体QUOTE和签名验证结果，并且IAS服务器采用自身持有的私钥对该远程证明报告进行签名。Still take Intel SGX technology as an example. As mentioned earlier, after the off-chain privacy computing node sends the signed structure QUOTE to the IAS server, the IAS server performs signature verification based on the maintained public key set, and returns a remote certification report (that is, AVR) to the off-chain privacy computing node. Report), the remote attestation report contains: the structure QUOTE and the signature verification result, and the IAS server uses its own private key to sign the remote attestation report.

相应地，控制节点在获取远程证明报告后，可以首先根据IAS服务器的公钥对该远程证明报告进行签名验证，如果验证通过则表明该远程证明报告确实由IAS服务器生成，且在数据传输过程中未被篡改或丢失数据。控制节点可以通过任意途径获得IAS服务器的公钥，譬如远程证明报告被提供至控制节点时，还可以关联提供IAS的证书链，使得控制节点可以从该证书链中提取IAS服务器的公钥。然后，控制节点可以从远程证明报告中提取结构体QUOTE和签名验证结果。控制节点可以首先查看签名验证结果，如果签名验证结果为通过验证，表明链下隐私计算节点的CPU持有由Intel提供的私钥，因 而链下TEE建立在可靠的硬件平台上，可以继续执行其他验证操作；如果签名验证结果为未通过验证，控制节点可以判定链下隐私计算平台不可靠，无需继续其他验证操作。然后，控制节点可以从结构体QUOTE内提取上述的哈希值MREnclave和MRSigner，即待检验MREnclave和待检验MRSigner；同时，控制节点预先获得了链下TEE的上述预设信息的第一标准哈希值，比如为MREnclave和MRSigner的可信值(以下称之为可信MREnclave和可信MRSigner)，并将待检验MREnclave与可信MREnclave进行比较、将待检验MRSigner与可信MRSigner进行比较。那么，控制节点可以将“待检验MREnclave与可信MREnclave一致，且待检验MRSigner与可信MRSigner一致”作为确认链下TEE可信的前提条件；换言之，如果待检验MREnclave与可信MREnclave不一致，或者待检验MRSigner与可信MRSigner不一致，控制节点就判定该链下隐私计算节点的链下TEE不可信，而如果控制节点设定的所有前提条件都被满足，就可以确认该链下隐私计算节点的链下TEE可信。此外，控制节点对于签名验证结果进行验证的操作，与针对待检验MREnclave和待检验MRSigner进行验证的操作之间，并不存在必然的先后顺序，两者之间可以完全独立。Correspondingly, after the control node obtains the remote certification report, it can first perform signature verification on the remote certification report according to the public key of the IAS server. If the verification is passed, it indicates that the remote certification report is indeed generated by the IAS server, and during the data transmission process No data has been tampered with or lost. The control node can obtain the public key of the IAS server through any means. For example, when the remote certification report is provided to the control node, it can also associate the certificate chain that provides the IAS, so that the control node can extract the public key of the IAS server from the certificate chain. Then, the control node can extract the structure QUOTE and the signature verification result from the remote certification report. The control node can first view the signature verification result. If the signature verification result is passed verification, it indicates that the CPU of the private computing node under the chain holds the private key provided by Intel. Therefore, the off-chain TEE is established on a reliable hardware platform and can continue to execute other operations. Verification operation; if the signature verification result is that the verification is not passed, the control node can determine that the off-chain privacy computing platform is unreliable, and there is no need to continue other verification operations. Then, the control node can extract the above-mentioned hash values MREnclave and MRSigner from the structure QUOTE, that is, the MREnclave to be verified and the MRSigner to be verified; at the same time, the control node obtains the first standard hash of the above-mentioned preset information of the off-chain TEE in advance. The value, for example, is the trusted value of MREnclave and MRSigner (hereinafter referred to as trusted MREnclave and trusted MRSigner), and compares the MREnclave to be tested with the trusted MRSigner, and compares the MRSigner to be tested with the trusted MRSigner. Then, the control node can use "the MREnclave to be tested is consistent with the trusted MREnclave, and the MRSigner to be tested is consistent with the trusted MRSigner" as a prerequisite for the authenticity of the TEE under the confirmation chain; in other words, if the MREnclave to be tested is inconsistent with the trusted MREnclave, or If the MRSigner to be checked is inconsistent with the trusted MRSigner, the controlling node will determine that the off-chain TEE of the off-chain private computing node is not trusted, and if all the preconditions set by the controlling node are met, the off-chain private computing node can be confirmed. The off-chain TEE is credible. In addition, there is no inevitable sequence between the operation of the control node to verify the signature verification result and the operation of verifying the MREnclave to be verified and the MRSigner to be verified, and the two can be completely independent.

除了MREnclave和MRSigner之外，控制节点还可以通过其他的前提条件对链下隐私计算节点的可信度进行验证。例如，链下隐私计算节点在创建链下TEE后，可以在链下TEE内生成代表自身的身份信息的密钥对，并且链下隐私计算节点在链下TEE中创建自身的节点身份信息，该节点身份信息与上述对应于身份信息的密钥对相关，比如该节点身份信息可以包含该密钥对中的公钥(即节点身份公钥)。其中，代表身份信息的密钥对可以存在一组或多组，比如一组密钥对为用于签名与验签的密钥对(即签名密钥对)，一组密钥对为用于加密与解密的密钥对(即加密密钥对)，则节点身份信息可以包括签名密钥对中的签名公钥和加密密钥对中的加密公钥。在一组密钥对中，对应于不同的加密算法，可能同时存在多个公钥，这些公钥均被包含于上述的节点身份信息中。此外，节点身份信息还可以包含其他与链下隐私计算节点相关的信息(即其他身份信息)，比如软件版本、所在域名、所在分区名等，本说明书并不对此进行限制。那么，链下隐私计算节点在自身的链下TEE内生成节点身份信息(比如在链下TEE初始化时生成)后，可对生成的节点身份信息进行哈希计算得到第二标准哈希值。而链下隐私计算节点在生成结构体QUOTE时，可以将该第二标准哈希值添加至结构体QUOTE中。In addition to MREnclave and MRSigner, the control node can also verify the credibility of the off-chain private computing node through other preconditions. For example, after an off-chain private computing node creates an off-chain TEE, it can generate a key pair representing its own identity information in the off-chain TEE, and the off-chain private computing node creates its own node identity information in the off-chain TEE. The node identity information is related to the aforementioned key pair corresponding to the identity information. For example, the node identity information may include the public key in the key pair (ie, the node identity public key). Among them, the key pair representing the identity information can exist in one or more groups. Encryption and decryption key pair (ie, encryption key pair), the node identity information may include the signature public key in the signature key pair and the encryption public key in the encryption key pair. In a set of key pairs, corresponding to different encryption algorithms, there may be multiple public keys at the same time, and these public keys are all included in the above-mentioned node identity information. In addition, the node identity information may also include other information related to the off-chain private computing node (ie, other identity information), such as software version, domain name, partition name, etc. This specification does not limit this. Then, after the off-chain privacy computing node generates node identity information in its own off-chain TEE (for example, generated when the off-chain TEE is initialized), the generated node identity information can be hashed to obtain the second standard hash value. When the off-chain privacy computing node generates the structure QUOTE, the second standard hash value can be added to the structure QUOTE.

相应的，控制节点在收到远程证明报告后，可以从该远程证明报告进行签名验证。在签名验证通过的情况下，控制节点可以提取远程证明报告所含的签名验证结果和第二标准哈希值，并验证签名验证结果，以及利用第二标准哈希值验证链下隐私计算节点的节点身份信息是否正确，且两验证步骤之间并不存在必然的先后顺序，两者之间可以完全独立。假定控制节点首先验证签名验证结果，并在签名验证结果为通过验证的情况下，继续利用第二标准哈希值对链下隐私计算节点的节点身份信息进行验证。为了对链下隐私计算节点的节点身份信息进行验证，控制节点需要获取链下隐私计算节点的节点身份信息，比如远程证明报告被提供至控制节点的同时，可以关联提供节点身份信息，当然控制节点也可以通过其他方式或在其他时刻获得该节点身份信息。然后，控制节点可以对获得的节点身份信息进行哈希计算得到第二待校验哈希值，将计算得到的第二待校验哈希值与上述的第二标准哈希值进行比较，并将比较结果一致作为确认链下隐私计算节 点可信的前提条件。如果第二待检验哈希值通过验证，可以证明获得的节点身份信息正是链下隐私计算节点在自身的链下TEE内生成的节点身份信息。那么，上述代表身份信息的密钥对中的私钥仅由链下隐私计算节点所拥有，且该链下隐私计算节点能够完成签名、加密通讯等操作。Correspondingly, after receiving the remote certification report, the control node can perform signature verification from the remote certification report. In the case that the signature verification is passed, the control node can extract the signature verification result and the second standard hash value contained in the remote certification report, and verify the signature verification result, and use the second standard hash value to verify the private computing node under the chain. Whether the node identity information is correct, and there is no inevitable sequence between the two verification steps, and the two can be completely independent. It is assumed that the control node first verifies the signature verification result, and when the signature verification result is passed, it continues to use the second standard hash value to verify the node identity information of the off-chain private computing node. In order to verify the node identity information of the off-chain private computing node, the control node needs to obtain the node identity information of the off-chain private computing node. For example, when the remote certification report is provided to the control node, the node identity information can be provided in association. Of course, the control node The node identity information can also be obtained in other ways or at other times. Then, the control node may perform a hash calculation on the obtained node identity information to obtain a second to-be-verified hash value, and compare the calculated second to-be-verified hash value with the above-mentioned second standard hash value, and The consistency of the comparison results is used as a prerequisite for confirming the trustworthiness of the private computing nodes under the chain. If the second hash value to be verified passes the verification, it can be proved that the obtained node identity information is exactly the node identity information generated by the off-chain privacy computing node in its own off-chain TEE. Then, the private key in the key pair representing the identity information is only owned by the off-chain private computing node, and the off-chain private computing node can complete operations such as signing and encrypting communication.

以上列举了两种针对链下隐私计算节点进行验证时采用的判断条件，即针对第一待检验哈希值的验证、针对节点身份信息的验证。还可以采用其他的判断条件，此处不再一一列举。在针对链下隐私计算节点进行可信验证时，可以选用上述的一个或多个判断条件。例如，可以同时针对第一待检验哈希值和节点身份信息进行验证；或者，在一些情况下，可以仅验证节点身份信息，而对第一待检验哈希值可以不验证或者部分验证。例如，控制节点上可以设置信任等级，并根据信任等级确定是否验证或部分验证第一待检验哈希值，比如信任等级为0时，不需要验证第一待检验哈希值，信任等级为1时，验证第一待检验哈希值中的MRSigner，信任等级为2时，验证第一待检验哈希值中的MREnclave等。The above lists two judgment conditions for verification of off-chain private computing nodes, namely, verification of the first to-be-verified hash value and verification of node identity information. Other judgment conditions can also be used, which will not be listed here. When performing trusted verification for off-chain private computing nodes, one or more of the above judgment conditions can be selected. For example, the first hash value to be verified and the node identity information may be verified at the same time; or, in some cases, only the node identity information may be verified, and the first hash value to be verified may not be verified or partially verified. For example, the control node can set a trust level, and determine whether to verify or partially verify the first hash value to be verified according to the trust level. For example, when the trust level is 0, there is no need to verify the first hash value to be verified, and the trust level is 1. When verifying the MRSigner in the first hash value to be verified, and when the trust level is 2, verify the MEnclave in the first hash value to be verified.

在上述实施例中，节点身份信息包含了链下隐私计算节点的身份相关的信息，比如代表节点身份的节点身份公钥等。节点身份信息还可以包含与链下TEE相关的信息，那么链下隐私计算节点在自身的链下TEE内生成节点身份信息后，对生成的节点身份信息进行哈希计算得到哈希值，并将该哈希值添加至结构体QUOTE时，该哈希值相当于同时实现了上述第一待检验哈希值和第二标准哈希值的作用。例如，节点身份信息除了包含签名公钥和加密公钥等信息之外，还可以包含MREnclave和MRSigner的值，使得对该节点身份信息进行哈希计算得到的哈希值，同时与链下隐私计算节点的身份、链下TEE相关。相应的，控制节点在收到远程证明报告后，可以从该远程证明报告进行签名验证。在签名验证通过的情况下，控制节点可以提取远程证明报告所含的签名验证结果和该哈希值，并验证签名验证结果，以及利用该哈希值验证链下隐私计算节点的节点身份信息是否正确，且两验证步骤之间并不存在必然的先后顺序，两者之间可以完全独立。假定控制节点首先验证签名验证结果，并在签名验证结果为通过验证的情况下，继续利用该哈希值对链下隐私计算节点的节点身份信息进行验证。为了对链下隐私计算节点的节点身份信息进行验证，控制节点需要获取链下隐私计算节点的节点身份信息，此处不再赘述。然后，控制节点可以对获得的节点身份信息进行哈希计算得到待校验哈希值，将计算得到的待校验哈希值与上述远程证明报告所含的哈希值进行比较，并将比较结果一致作为确认链下隐私计算节点可信的前提条件。可见，本实施例仅需一次比较，即可实现前文中两方面的验证，有助于提升验证效率。In the foregoing embodiment, the node identity information includes information related to the identity of the off-chain private computing node, such as the node identity public key representing the identity of the node. The node identity information can also include information related to the off-chain TEE. Then, after the off-chain privacy computing node generates the node identity information in its own off-chain TEE, the generated node identity information is hashed to obtain the hash value, and When the hash value is added to the structure QUOTE, the hash value is equivalent to simultaneously realizing the functions of the first hash value to be checked and the second standard hash value. For example, in addition to the signature public key and encryption public key, the node identity information can also include the values of MREnclave and MRSigner, so that the hash value obtained by the hash calculation of the node identity information is also related to the off-chain privacy calculation. The identity of the node is related to the off-chain TEE. Correspondingly, after receiving the remote certification report, the control node can perform signature verification from the remote certification report. In the case that the signature verification is passed, the control node can extract the signature verification result and the hash value contained in the remote certification report, and verify the signature verification result, and use the hash value to verify whether the node identity information of the private computing node under the chain is verified It is correct, and there is no inevitable sequence between the two verification steps, and the two can be completely independent. It is assumed that the control node first verifies the signature verification result, and if the signature verification result is passed, it continues to use the hash value to verify the node identity information of the off-chain private computing node. In order to verify the node identity information of the off-chain private computing node, the control node needs to obtain the node identity information of the off-chain private computing node, which will not be repeated here. Then, the control node can perform a hash calculation on the obtained node identity information to obtain a hash value to be verified, compare the calculated hash value to be verified with the hash value contained in the above remote certification report, and compare Consistency of the results is used as a prerequisite for confirming the trustworthiness of the off-chain private computing nodes. It can be seen that this embodiment only needs one comparison to realize the verification in the two aspects mentioned above, which helps to improve the verification efficiency.

需要说明的是，控制节点对远程证明报告的验证过程，还可以包括其他操作，比如根据远程证明报告的内容确定链下TEE是否运行于测试模式(测试模式下存在数据泄露的风险)等，此处不再一一赘述。It should be noted that the verification process of the remote attestation report by the control node can also include other operations, such as determining whether the off-chain TEE is running in test mode (there is a risk of data leakage in test mode) based on the content of the remote attestation report, etc. I will not repeat them one by one.

基于上述验证链下隐私计算节点的方式，控制节点可将验证通过的节点加入链下隐私计算集群，从而建立一包含多个链下隐私计算节点的链下隐私计算集群。而在完成对链下隐私计算集群的建立后，需要为这些链下隐私计算节点生成统一的身份信息，比如称为集群身份密钥。集群身份密钥可以包括集群加密密钥对和集群签名密钥对，上述的各个链下隐私计算节点均需在各自的链下TEE内维护集群加密私钥、集群签名私钥。 通过为链下隐私计算集群中的各个节点生成统一的身份信息，与链下隐私计算集群对接的外部对象并不需要关注对方为单个链下隐私计算节点或者链下隐私计算集群，只需要将其作为一个对象并与该对象进行交互即可，无需关注于背后的节点或集群的细节。Based on the above method of verifying the off-chain private computing nodes, the control node can add the verified nodes to the off-chain private computing cluster, thereby establishing an off-chain private computing cluster that includes multiple off-chain private computing nodes. After completing the establishment of the off-chain private computing cluster, it is necessary to generate unified identity information for these off-chain private computing nodes, such as a cluster identity key. The cluster identity key may include a cluster encryption key pair and a cluster signature key pair. Each of the above-mentioned privacy computing nodes under the chain needs to maintain the cluster encryption private key and the cluster signature private key in their respective chain TEEs. By generating unified identity information for each node in the off-chain private computing cluster, external objects that connect to the off-chain private computing cluster do not need to pay attention to whether the other party is a single off-chain private computing node or an off-chain private computing cluster. As an object and interact with the object, you don’t need to pay attention to the details of the nodes or clusters behind it.

图1是一示例性实施例提供的一种集群密钥共享方法的流程图。如图1所示，该方法可以包括以下步骤102至步骤106。Fig. 1 is a flowchart of a cluster key sharing method provided by an exemplary embodiment. As shown in FIG. 1, the method may include the followingsteps 102 to 106.

步骤102，链下隐私计算集群中的任一节点获取所述链下隐私计算集群中其他节点发送的第一远程证明报告，所述第一远程证明报告由认证服务器对所述其他节点针对创建的第一链下可信执行环境产生的第一自荐信息进行验证后生成。Step 102: Any node in the off-chain privacy computing cluster obtains a first remote attestation report sent by other nodes in the off-chain privacy computing cluster. The first remote attestation report is created by the authentication server for the other nodes. The first self-recommendation information generated by the trusted execution environment under the first chain is generated after verification.

在本实施例中，针对所述其他节点的第一远程证明报告和产生的第一自荐信息，可参考前述内容中的解释，在此不再赘述。而在获取第一远程证明报告后，所述任一节点可根据第一远程证明报告确定所述其他节点创建的第一链下可信执行环境是否可信。具体而言，可根据认证服务器的公钥对第一远程证明报告进行签名验证，并在签名验证通过且第一远程证明报告包含的远程认证结果为通过认证的情况下，从第一远程证明报告携带的第一自荐信息内提取出第一待检验哈希值，该第一待检验哈希值为第一链下可信执行环境中预设信息的哈希值。在提取出第一待检验哈希值后，将预先获得的针对所述预设信息的第一标准哈希值与所述第一待检验哈希值进行比较，并将比较结果一致作为确认所述第一链下可信执行环境可信的前提条件。类似的，确定第一链下可信执行环境是否可信的操作的具体过程，可参考上述控制节点确定待加入接点的链下可信执行环境是否可信的过程，在此不再赘述。In this embodiment, for the first remote attestation report of the other nodes and the generated first self-recommendation information, please refer to the explanation in the foregoing content, which will not be repeated here. After obtaining the first remote attestation report, any node can determine whether the first off-chain trusted execution environment created by the other nodes is credible according to the first remote attestation report. Specifically, the first remote attestation report can be signed and verified according to the public key of the authentication server, and if the signature verification is passed and the remote attestation result contained in the first remote attestation report is certified, the first remote attestation report The first to-be-verified hash value is extracted from the carried first self-recommendation information, and the first to-be-verified hash value is the hash value of the preset information in the trusted execution environment under the first chain. After extracting the first hash value to be checked, the first standard hash value obtained in advance for the preset information is compared with the first hash value to be checked, and the comparison result is consistent as the confirmation point. The prerequisites for the credibility of the trusted execution environment under the first chain are described. Similarly, the specific process of determining whether the trusted execution environment under the first chain is trusted can refer to the above-mentioned process for the control node to determine whether the trusted execution environment under the chain to be added to the contact is trusted, which will not be repeated here.

步骤104，所述任一节点获取对应于所述链下隐私计算集群的集群身份密钥，所述集群身份密钥在所述任一节点创建的第二链下可信执行环境内生成，在区块链节点与所述链下隐私计算集群中的各节点进行交互以部署或调用链下合约的过程中，所述集群身份密钥用于对交互数据进行加密解密和/或签名验签。Step 104: The any node obtains a cluster identity key corresponding to the off-chain privacy computing cluster, and the cluster identity key is generated in a second chain trusted execution environment created by any node, and In the process of a blockchain node interacting with each node in the off-chain privacy computing cluster to deploy or call an off-chain contract, the cluster identity key is used to encrypt and decrypt interactive data and/or signature verification.

在本实施例中，在需要生成集群身份时，控制节点可以将某一链下隐私计算节点选取为主节点、其他的链下隐私计算节点为从节点，由主节点生成代表集群身份的密钥对(集群身份密钥)，并进而将该密钥对分享至各个从节点，最终使得所有链下隐私计算节点都维护了统一的、代表集群身份的密钥对。例如，在链下隐私计算集群内的各个节点均已生成自身的节点身份信息之后，控制节点选取上述步骤104中的“任一节点”作为主节点，在自身创建的链下TEE内生成对应于链下隐私计算集群的集群身份密钥，进而在需要向其他节点共享集群身份密钥时，获取生成的集群身份密钥实施共享操作。In this embodiment, when a cluster identity needs to be generated, the control node can select a certain off-chain private computing node as a master node, and other off-chain private computing nodes as slave nodes, and the master node generates a key representing the cluster identity Pair (cluster identity key), and then share the key pair to each slave node, so that all off-chain private computing nodes maintain a unified key pair that represents the cluster identity. For example, after each node in the off-chain privacy computing cluster has generated its own node identity information, the control node selects "any node" instep 104 as the master node, and generates the corresponding node in the off-chain TEE created by itself. The cluster identity key of the off-chain privacy computing cluster, and then when the cluster identity key needs to be shared with other nodes, the generated cluster identity key is obtained to implement the sharing operation.

步骤106，所述任一节点在根据所述第一远程证明报告确定所述第一链下可信执行环境可信的情况下，向所述其他节点发送所述集群身份密钥和第二远程证明报告，在所述第二远程证明报告表明所述第二链下可信执行环境可信的情况下，所述集群身份密钥被所述其他节点认可，所述第二远程证明报告由认证服务器对所述任一节点针对所述第二链下可信执行环境产生的第二自荐信息进行验证后生成。Step 106: In the case that the any node determines that the trusted execution environment under the first chain is credible according to the first remote certification report, send the cluster identity key and the second remote to the other nodes Attestation report, when the second remote attestation report indicates that the trusted execution environment under the second chain is trustworthy, the cluster identity key is recognized by the other nodes, and the second remote attestation report is certified by The server verifies the second self-recommendation information generated by any node against the trusted execution environment under the second chain and generates it.

在本实施例中，所述其他节点在确定出第二远程证明报告表明第二链下可信执行环境可信的情况下认可集群身份密钥，从而在自身的第一链下可信执行环境内维护集群身份密钥。In this embodiment, the other node recognizes the cluster identity key under the condition that the second remote attestation report indicates that the trusted execution environment under the second chain is trustworthy, so that the trusted execution environment under the first chain of its own The cluster identity key is maintained within.

而所述任一节点在向所述其他节点发送所述集群身份密钥之前，可先对所述其他节点的第一节点身份信息进行验证。进一步的，由于第一节点身份信息中包含所述其他节点的节点身份公钥，可在验证通过的情况下获取第一节点身份信息中包含的节点身份公钥以对集群身份密钥进行加密，使得只有所述其他节点通过自身的节点身份私钥才可对集群身份密钥进行解密，从而保证了所述任一节点向所述其他节点共享集群身份密钥的安全性。具体而言，所述任一节点可获取所述其他节点提供的第一节点身份信息(比如，所述其他节点可将第一节点身份信息与第一远程证明报告关联发送至所述任一节点)，并对获取到的第一节点身份信息进行哈希计算以得到第二待校验哈希值，所述第一节点身份信息包含所述其他节点的节点身份公钥和所述其他节点的其他身份信息。同时，所述任一节点获取所述其他节点提供的第二标准哈希值(比如，第二标准哈希值可包含在第一远程证明报告中)，所述第二标准哈希值由所述其他节点在所述第一链下可信执行环境内生成自身的节点身份信息后对生成的节点身份信息进行哈希计算得到。进一步的，所述任一节点将第二待校验哈希值与第二标准哈希值进行比较，并在比较结果一致的情况下获取所述其他节点的节点身份信息中包含的节点身份公钥，从而采用所述任一节点的节点身份私钥对所述集群身份密钥进行签名，并采用所述其他节点的节点身份公钥对签名后的集群身份密钥进行加密。所述任一节点在向所述其他节点共享加密后的集群身份密钥时，将自身的第二远程证明报告与加密后的集群身份密钥关联发送至所述其他节点以证明身份。那么，所述其他节点在根据第二远程证明报告确定所述任一节点创建的第二链下可信执行环境可信的情况下，采用所述其他节点的节点身份私钥对接收到的集群身份密钥进行解密，以及采用所述任一节点的节点身份信息中包含的节点身份公钥验证所述集群身份密钥的签名，并在签名验证通过的情况下在所述第一链下可信执行环境内维护所述集群身份密钥。Before sending the cluster identity key to the other node, any node may first verify the first node identity information of the other node. Further, since the identity information of the first node includes the node identity public key of the other nodes, the node identity public key contained in the identity information of the first node can be obtained if the verification is passed to encrypt the cluster identity key, Therefore, only the other node can decrypt the cluster identity key through its own node identity private key, thereby ensuring the security of any node sharing the cluster identity key with the other nodes. Specifically, the any node may obtain the first node identity information provided by the other node (for example, the other node may associate the first node identity information with the first remote attestation report and send it to the any node ), and perform a hash calculation on the acquired identity information of the first node to obtain a second hash value to be verified. The first node identity information includes the node identity public key of the other node and the identity public key of the other node Other identifying information. At the same time, the any node obtains the second standard hash value provided by the other nodes (for example, the second standard hash value may be included in the first remote attestation report), and the second standard hash value is determined by the The other nodes generate their own node identity information in the trusted execution environment under the first chain and then hash the generated node identity information. Further, the any node compares the second hash value to be verified with the second standard hash value, and obtains the node identity information contained in the node identity information of the other nodes when the comparison result is consistent. Therefore, the node identity private key of any node is used to sign the cluster identity key, and the node identity public key of the other node is used to encrypt the signed cluster identity key. When any node shares the encrypted cluster identity key with the other nodes, it associates its second remote attestation report with the encrypted cluster identity key and sends it to the other node to prove its identity. Then, when the other node determines that the trusted execution environment under the second chain created by any node is credible according to the second remote certification report, the node identity private key of the other node is used to pair the received cluster The identity key is decrypted, and the node identity public key contained in the node identity information of any node is used to verify the signature of the cluster identity key, and if the signature verification is passed, it can be accessed under the first chain. The cluster identity key is maintained in the trust execution environment.

而针对获取所述任一节点的节点身份公钥的方式，与所述任一节点获取所述其他节点的节点身份公钥的方式类似。具体而言，所述任一节点可向所述其他节点提供第二节点身份信息(比如，所述任一节点可将第二节点身份信息与第二远程证明报告关联发送至所述其他节点)，第二节点身份信息包含所述任一节点的节点身份公钥和所述任一节点的其他身份信息。同时，所述任一节点向所述其他节点提供第三标准哈希值(比如，第三标准哈希值可包含在第二远程证明报告中)，所述第三标准哈希值由所述任一节点在所述第二链下可信执行环境内生成自身的节点身份信息后对生成的节点身份信息进行哈希计算得到。那么，所述其他节点在对第二节点身份信息进行哈希计算得到的第三待校验哈希值与第三标准哈希值一致的情况下，采用所述其他节点的节点身份私钥对接收到的集群身份密钥进行解密，以及采用所述任一节点的节点身份信息中包含的节点身份公钥验证所述集群身份密钥的签名，并在签名验证通过的情况下在所述第一链下可信执行环境内维护所述集群身份密钥。The method for obtaining the node identity public key of any node is similar to the method for obtaining the node identity public key of the other node by any node. Specifically, the any node may provide the second node identity information to the other node (for example, the any node may associate the second node identity information with the second remote attestation report and send it to the other node) The second node identity information includes the node identity public key of any node and other identity information of any node. At the same time, the any node provides a third standard hash value to the other nodes (for example, the third standard hash value may be included in the second remote attestation report), and the third standard hash value is determined by the After any node generates its own node identity information in the second chain trusted execution environment, it is obtained by hashing the generated node identity information. Then, when the third hash value to be verified obtained by hashing the identity information of the second node is consistent with the third standard hash value, the other node adopts the node identity private key pair of the other node The received cluster identity key is decrypted, and the node identity public key contained in the node identity information of any node is used to verify the signature of the cluster identity key. The cluster identity key is maintained in an off-chain trusted execution environment.

由此可见，所述任一节点在向所述其他节点共享集群身份密钥之前，需对所述其他节点进行验证，而所述其他节点在接收到所述任一节点共享的集群身份密钥之后，同样也需要对所述任一节点进行验证，从而保证共享集群身份密钥的安全性。It can be seen that, before any node shares the cluster identity key with the other nodes, it needs to verify the other nodes, and the other nodes receive the cluster identity key shared by any node. After that, it is also necessary to verify any of the nodes, so as to ensure the security of the shared cluster identity key.

如图2所示，假定链下隐私计算集群中包括节点20、节点21、节点22等若干链下隐私计算节点，需要在这些节点之间建立统一的集群身份。首先，每个链下隐私计算节 点分别创建链下TEE，并分别在各自的链下TEE内创建节点身份，比如节点20创建了TEE1，并在TEE1内创建了代表自身节点身份的密钥对Key-0，节点21创建了TEE2，并在TEE1内创建了代表自身节点身份的密钥对Key-1、节点22创建了TEE3，并在TEE1内创建了代表自身节点身份的密钥对Key-2等。各个链下隐私计算节点加入集群的时机往往不同，因而创建链下TEE和节点身份的时机也不同。通常，节点需要向链下隐私集群的控制节点发起申请，而控制节点会向发出申请的节点发起挑战，以验证该节点的硬件环境、链下TEE内运行的软件等，并在验证通过后将该节点加入链下隐私计算集群，使得该节点成为链下隐私计算节点。As shown in Figure 2, it is assumed that the off-chain privacy computing cluster includes several off-chain privacy computing nodes such asnode 20,node 21, andnode 22, and a unified cluster identity needs to be established between these nodes. First, each off-chain privacy computing node creates an off-chain TEE, and creates a node identity in the respective off-chain TEE. For example,node 20 creates TEE1, and creates a key pair Key representing its own node identity in TEE1 -0,node 21 creates TEE2, creates a key pair Key-1 representing its own node identity in TEE1,node 22 creates TEE3, and creates a key pair Key-2 representing its own node identity in TEE1 Wait. The timing of each off-chain private computing node joining the cluster is often different, so the timing of creating the off-chain TEE and node identity is also different. Usually, a node needs to initiate an application to the control node of the privacy cluster under the chain, and the control node will initiate a challenge to the node that made the application to verify the hardware environment of the node, the software running in the off-chain TEE, etc., and after the verification is passed, The node joins the off-chain privacy computing cluster, making the node become an off-chain privacy computing node.

在需要生成集群身份时，控制节点可以将某一链下隐私计算节点选取为主节点、其他的链下隐私计算节点为从节点，由主节点生成代表集群身份的密钥对，并进而将该密钥对分享至各个从节点，最终使得所有链下隐私计算节点都维护了统一的、代表集群身份的密钥对。如图2所示，假定节点20被选取为主节点、节点21-22等为从节点。首先，节点20在TEE1内生成代表集群身份的密钥对，即集群身份密钥对C-Key。然后，节点20分别向各个从节点发起挑战，使得节点21、节点22等从节点分别生成远程证明报告，该过程可以参考前文所述，此处不再赘述。在远程证明报告内可以包含MREnclave、MRSigner、节点身份信息的哈希值等信息。节点20分别接收各个从节点返回的远程证明报告和节点身份信息，并通过如前文所述的方式进行验证，以确定各个从节点是否可信。When a cluster identity needs to be generated, the control node can select a certain off-chain private computing node as the master node, and other off-chain private computing nodes as slave nodes. The master node generates a key pair representing the cluster identity, and then The key pair is shared to each slave node, and finally all the private computing nodes under the chain maintain a unified key pair that represents the identity of the cluster. As shown in Fig. 2, it is assumed thatnode 20 is selected as a master node, and nodes 21-22, etc., as slave nodes. First, thenode 20 generates a key pair representing the cluster identity in TEE1, that is, the cluster identity key pair C-Key. Then, thenode 20 respectively initiates a challenge to each slave node, so that the slave nodes such as thenode 21 and thenode 22 respectively generate remote certification reports. For this process, please refer to the foregoing description and will not be repeated here. The remote attestation report can include information such as MREnclave, MRSigner, and hash value of node identity information. Thenode 20 receives the remote certification report and node identity information returned by each slave node, and verifies it in the manner described above to determine whether each slave node is trustworthy.

以节点21为例，假定节点20通过远程证明的方式确定该节点21可信。在上述代表节点20身份的密钥对Key-0中，譬如包含一组签名密钥对Key-0-S和一组加密密钥对Key-0-T，节点20可以采用签名密钥对Key-0-S中的签名私钥对上述的集群身份密钥对C-Key进行签名。同时，在节点21向节点20提供的节点身份信息中，包含代表节点21身份的密钥对Key-1中的公钥，比如签名密钥对Key-1-S中的签名公钥、加密密钥对Key-1-T中的加密公钥。因此，节点20可以采用加密密钥对Key-1-T中的加密公钥，对上述的集群身份密钥对C-Key及其签名数据进行加密，得到加密后密钥对，并发送至节点21。Taking thenode 21 as an example, it is assumed that thenode 20 determines that thenode 21 is trustworthy by means of remote certification. In the above-mentioned key pair Key-0 representing the identity of thenode 20, for example, it contains a set of signature key pair Key-0-S and a set of encryption key pair Key-0-T, and thenode 20 can use the signature key pair Key The signature private key in -0-S signs the above-mentioned cluster identity key pair C-Key. At the same time, the node identity information provided bynode 21 tonode 20 includes the public key in the key pair Key-1 representing the identity ofnode 21, such as the signature public key and encryption key in the signature key pair Key-1-S. The encryption public key in Key-1-T. Therefore, thenode 20 can use the encryption key to encrypt the public key in Key-1-T, encrypt the above-mentioned cluster identity key to C-Key and its signature data, obtain the encrypted key pair, and send it to the node twenty one.

节点20也基于前文所述的方式，触发获得针对自身创建的TEE1而生成的远程证明报告，而节点20除了向节点21发送上述的加密后密钥对之外，还将该远程证明报告以及节点20自身的节点身份信息发送至节点21，以供节点21对该节点20进行验证。而节点21在验证确定节点20可信的情况下，通过自身维护的加密密钥对Key-1-T中的加密私钥对收到的加密后密钥对进行解密，得到集群身份密钥对C-Key及其签名数据；以及，节点21从节点20的节点身份信息中提取出签名密钥对Key-0-S中的签名公钥，并针对上述解密得到的签名数据进行验证，如果签名验证成功，则节点21认定解密得到的集群身份密钥对C-Key有效，确定该密钥对C-Key可以代表链下隐私计算集群的集群身份。类似地，通过上述方式，主节点可以将集群身份密钥对C-Key共享至各个从节点，最终使得链下隐私计算集群中的所有链下隐私计算节点均获得该集群身份密钥对C-Key。Thenode 20 also triggers to obtain the remote certification report generated for the TEE1 created by itself based on the method described above. In addition to sending the encrypted key pair to thenode 21, thenode 20 also sends the remote certification report and the node The node identity information of 20 itself is sent to thenode 21 for thenode 21 to verify thenode 20. When thenode 21 verifies that thenode 20 is credible, it uses the encryption key maintained by itself to decrypt the encrypted private key in Key-1-T to obtain the cluster identity key pair C-Key and its signature data; and, thenode 21 extracts the signature public key in Key-0-S from the node identity information of thenode 20, and verifies the signature data obtained by decryption. If the signature is If the verification is successful, thenode 21 determines that the decrypted cluster identity key pair C-Key is valid, and determines that the key pair C-Key can represent the cluster identity of the off-chain privacy computing cluster. Similarly, through the above method, the master node can share the cluster identity key pair C-Key to each slave node, so that all off-chain privacy computing nodes in the off-chain privacy computing cluster can obtain the cluster identity key pair C- Key.

无论是针对单节点形式的链下隐私计算节点，还是链下隐私计算集群的形式，链下合约的部署方均可在链下隐私计算节点中部署链下合约，以供后续调用执行计算任务。Regardless of whether it is for a single-node off-chain private computing node or in the form of an off-chain private computing cluster, the deployer of an off-chain contract can deploy an off-chain contract in the off-chain private computing node for subsequent calls to perform computing tasks.

部署方的客户端可以向链下隐私计算节点发起挑战，并接收链下隐私计算节点返回的远程证明报告。例如，客户端可以向链下隐私计算节点发起链下挑战，即发起挑战的过程与区块链网络无关，这样可以跳过区块链节点之间的共识过程、减少链上链下的交互操作，使得客户端向链下隐私计算节点的挑战具有更高的操作效率。再例如，客户端可以采用链上挑战的形式，比如客户端可以向区块链节点提交挑战交易，该挑战交易所含的挑战信息可由区块链节点通过预言机机制传输至链下隐私计算节点，且该挑战信息用于向链下隐私计算节点发起挑战。The client of the deploying party can initiate a challenge to the off-chain private computing node and receive the remote attestation report returned by the off-chain private computing node. For example, the client can initiate an off-chain challenge to the off-chain private computing node, that is, the process of initiating the challenge has nothing to do with the blockchain network, so that the consensus process between blockchain nodes can be skipped and the interaction between on-chain and off-chain can be reduced. , So that the client's challenge to the off-chain private computing node has a higher operational efficiency. For another example, the client can take the form of an on-chain challenge. For example, the client can submit a challenge transaction to a blockchain node. The challenge information contained in the challenge transaction can be transmitted by the blockchain node to the off-chain private computing node through the oracle mechanism. , And the challenge information is used to initiate a challenge to the off-chain private computing node.

以如图3所示的场景为例。一种情况下，客户端31可以通过链下渠道直接向链下隐私计算节点32发起挑战，即客户端31向链下隐私计算节点32发起链下挑战。另一种情况下，客户端31可以通过区块链网络33向链下隐私计算节点32发起挑战，即客户端31向链下隐私计算节点33发起链上挑战。链上挑战的发起过程可以包括三个步骤：步骤①，客户端31向区块链网络33提交一笔用于发起挑战的交易，比如称之为挑战交易，该挑战交易可由区块链网络33内的某一节点33n接收和执行；步骤②，节点33n调用预先部署的预言机智能合约(简称预言机合约)，该预言机合约可以将上述挑战交易所含的挑战信息传递至链下的预言机服务器34，比如预言机合约可以产生包含该挑战信息的事件，而预言机服务器34可以通过监听预言机合约产生的事件，从而获取上述的挑战信息；步骤③，预言机服务器34将挑战信息通过链下渠道发送至链下隐私计算节点32。Take the scenario shown in Figure 3 as an example. In one case, theclient 31 can directly initiate a challenge to the off-chainprivate computing node 32 through an off-chain channel, that is, theclient 31 initiates an off-chain challenge to the off-chainprivate computing node 32. In another case, theclient 31 may initiate a challenge to the off-chainprivate computing node 32 through theblockchain network 33, that is, theclient 31 initiates an on-chain challenge to the off-chainprivate computing node 33. The process of initiating a challenge on the chain can include three steps:Step ①, theclient 31 submits a transaction for initiating a challenge to theblockchain network 33, such as a challenge transaction, which can be used by the blockchain network 33 Acertain node 33n in the network receives and executes;step ②,node 33n invokes the pre-deployed oracle smart contract (referred to as the oracle contract), which can transmit the challenge information contained in the above-mentioned challenge exchange to the off-chain prediction Theoracle server 34, for example, the oracle contract can generate events containing the challenge information, and theoracle server 34 can obtain the above-mentioned challenge information by monitoring the events generated by the oracle contract; step ③, theoracle server 34 passes the challenge information through The off-chain channel is sent to the off-chainprivacy computing node 32.

客户端31通过链上渠道向链下隐私计算节点32发起挑战时，涉及到区块链网络33与链下隐私计算节点32之间的数据交互，即链上、链下的数据交互，该数据交互过程可以由预言机合约与预言机服务器34通过上述的步骤②配合实现，该预言机合约与预言机服务器34之间的配合机制即为预言机机制。其中，客户端31向节点33n提交的交易应当直接或间接调用上述的预言机合约，以触发预言机机制。其中，如果将预言机合约的合约地址填入该交易的to字段，表明该交易直接调用了预言机合约；如果将某一链上合约的合约地址填入该交易的to字段，且该链上合约调用了预言机合约，表明该交易间接调用了预言机合约。链上合约调用预言机合约，一种情况下可以是在链上合约的字节码中预先写入了预言机合约的合约地址，另一种情况下可以是将预言机合约的合约地址作为调用该链上合约时的入参，并将该入参填入上述交易的data字段。除了将挑战信息或其他数据从链上传递至链下，预言机机制还可以将数据从链下传递至链上，具体可由预言机服务器34将链下数据传递至预言机合约，然后由预言机合约将链下数据传递至数据需求方，比如这里的链下数据可以包括远程证明报告或者调用链下合约所产生的隐私计算结果等。在上述的预言机机制中，将数据从链上传递至链下可以视为“请求”过程，将数据从链下传递至链上可以视为“响应”过程，这两个过程通常成对出现。When theclient 31 initiates a challenge to the off-chainprivate computing node 32 through the on-chain channel, it involves the data interaction between theblockchain network 33 and the off-chainprivate computing node 32, that is, the data interaction on and off the chain. The interaction process can be realized by the oracle contract and theoracle server 34 through theaforementioned step ②. The coordination mechanism between the oracle contract and theoracle server 34 is the oracle mechanism. Among them, the transaction submitted by theclient 31 to thenode 33n should directly or indirectly call the aforementioned oracle contract to trigger the oracle mechanism. Among them, if the contract address of the oracle contract is filled in the to field of the transaction, it indicates that the transaction directly calls the oracle contract; if the contract address of a certain chain contract is filled in the to field of the transaction, and the chain is on The contract calls the oracle contract, indicating that the transaction indirectly calls the oracle contract. The contract on the chain calls the oracle contract. In one case, the contract address of the oracle contract is pre-written in the bytecode of the on-chain contract. In another case, the contract address of the oracle contract can be used as the call. Enter the parameters of the contract on the chain, and fill the entered parameters into the data field of the above transaction. In addition to transmitting challenge information or other data from the chain to the chain, the oracle mechanism can also transmit data from the chain to the chain. Specifically, theoracle server 34 can transmit the data to the oracle contract, and then theoracle server 34 can transmit the data to the oracle contract. The contract transmits off-chain data to the data demander. For example, the off-chain data here can include remote certification reports or privacy calculation results generated by invoking the off-chain contract. In the aforementioned oracle mechanism, transferring data from the chain to the chain can be regarded as a "request" process, and transferring data from the chain to the chain can be regarded as a "response" process. These two processes usually appear in pairs. .

无论是链下挑战或链上挑战，链下隐私计算节点在收到客户端发起的挑战后，均可以临时触发如前文所述的远程证明过程并产生相应的远程证明报告，然后将远程证明报告反馈至客户端。或者，链下隐私计算节点在收到客户端发起的挑战时，如果本地已经存在预先生成的远程证明报告，那么链下隐私计算节点将该远程证明报告提供至客户端，而无需临时触发远程证明过程。其中，链下隐私计算节点本地存在的远程证明报告，可以是该链下隐私计算节点响应于除客户端之外的其他挑战者的挑战而触发产生，比如该 其他挑战者可以包括其他客户端、链下隐私计算节点所处的链下隐私计算集群中的控制节点、KMS服务器等，本说明书并不对此进行限制。因此，链下隐私计算节点在收到客户端发起的挑战后，可以首先查看本地是否存在先前生成的远程证明报告，如果存在则将该远程证明报告反馈至客户端，否则临时触发远程证明过程。其中，远程证明报告可以具有一定的时限性，比如30分钟或其他时长，超时的远程证明报告可以被客户端认定为失效，链下隐私计算节点也可以主动清除已失效的远程证明报告以避免反馈至客户端。Whether it is an off-chain challenge or an on-chain challenge, after receiving the challenge initiated by the client, the off-chain private computing node can temporarily trigger the remote attestation process as described above and generate the corresponding remote attestation report, and then report the remote attestation Feedback to the client. Or, when the off-chain private computing node receives a challenge initiated by the client, if a pre-generated remote attestation report already exists locally, the off-chain private computing node provides the remote attestation report to the client without temporarily triggering remote attestation process. Among them, the remote attestation report of the off-chain private computing node can be triggered by the off-chain private computing node in response to the challenge of other challengers except the client. For example, the other challenger may include other clients, This manual does not limit the control node and KMS server in the off-chain privacy computing cluster where the off-chain privacy computing node is located. Therefore, after receiving the challenge initiated by the client, the off-chain private computing node can first check whether there is a previously generated remote attestation report locally, and if there is, the remote attestation report is fed back to the client, otherwise the remote attestation process is temporarily triggered. Among them, the remote attestation report can have a certain time limit, such as 30 minutes or other duration. The timed out remote attestation report can be deemed invalid by the client, and the off-chain privacy computing node can also actively clear the invalid remote attestation report to avoid feedback To the client.

客户端向链下隐私计算节点发起挑战的过程中，或者链下隐私计算节点向客户端反馈远程证明报告的过程中，涉及到设备之间的数据交互。以图3所示的场景为例，所涉及的数据交互可以包括：客户端31与链下隐私计算节点32之间的数据交互(客户端31向链下隐私计算节点32发起链下挑战，链下隐私计算节点32向客户端31返回远程证明报告)、客户端31与节点33n之间的数据交互(客户端31向节点33n发送挑战交易、节点33n向客户端31返回远程证明报告)、节点33n与预言机服务器34之间的数据交互(预言机服务器34从节点33n读取挑战信息、预言机服务器34向节点33n反馈远程证明报告)、预言机服务器34与链下隐私计算节点32之间的数据交互(预言机服务器34向链下隐私计算节点32发送挑战信息、链下隐私计算节点32向预言机服务器34返回远程证明报告)等。在实现上述任一数据交互的过程中，数据发送方与数据接收方之间传输的数据存在泄漏的可能性，并且节点33n会将挑战交易上链导致该挑战交易被公开，因此可以通过对数据进行加密传输的方式，避免造成信息泄露。When the client initiates a challenge to the off-chain private computing node, or when the off-chain private computing node feeds back a remote attestation report to the client, data interaction between devices is involved. Taking the scenario shown in Figure 3 as an example, the data interaction involved may include: data interaction between theclient 31 and the off-chain private computing node 32 (theclient 31 initiates an off-chain challenge to the off-chainprivate computing node 32, The lowerprivacy computing node 32 returns a remote certification report to the client 31), the data interaction between theclient 31 and thenode 33n (theclient 31 sends a challenge transaction to thenode 33n, and thenode 33n returns a remote certification report to the client 31), the node Data interaction between theoracle server 34 and the oracle server 34 (theoracle server 34 reads the challenge information from thenode 33n, and theoracle server 34 feeds back the remote certification report to thenode 33n), between theoracle server 34 and the off-chainprivacy computing node 32 Data interaction (theoracle server 34 sends challenge information to the off-chainprivate computing node 32, and the off-chainprivate computing node 32 returns a remote certification report to the oracle server 34), etc. In the process of realizing any of the above data interactions, the data transmitted between the data sender and the data receiver may leak, and thenode 33n will link the challenge transaction to the chain to cause the challenge transaction to be disclosed, so the data can be exchanged The method of encrypted transmission avoids information leakage.

以客户端31向节点33n提交挑战交易为例。通过挑战交易向链下隐私计算节点32发起链上挑战，使得节点33n可以将客户端31提交的挑战交易与其他节点进行共识后上链，对客户端31的挑战行为进行存证。但是，如果客户端31并不希望自己的挑战行为被其他用户随意获知，可以对挑战交易进行隐私保护。客户端31可以对挑战交易进行加密，而节点33n可以接收经过加密的挑战交易，这样可以确保传输过程中不会造成挑战交易的内容泄露。节点33n处可以部署链上TEE，并且节点33n可以将经过加密的挑战交易读入该链上TEE后，在链上TEE内解密，可以确保解密得到的挑战交易仅存在于链上TEE内、不会外泄。节点33n直接将经过加密的挑战交易上链，并且通过对加密数据的查看权限进行管理，可以限制能够查看挑战交易的用户，而其他用户直接查看区块链数据时仅能够获得加密后的挑战交易。实际上，节点33n可以确保需要隐私保护的数据仅在链上TEE内能够被解密为明文形式，一旦离开链上TEE均采用密文形式。Take theclient 31 submitting a challenge transaction to thenode 33n as an example. Through the challenge transaction, an on-chain challenge is initiated to the off-chainprivate computing node 32, so that thenode 33n can perform a consensus on the challenge transaction submitted by theclient 31 with other nodes and then upload it to the chain to record the challenge behavior of theclient 31. However, if theclient 31 does not want its own challenge behavior to be arbitrarily known by other users, the challenge transaction can be protected for privacy. Theclient 31 can encrypt the challenge transaction, and thenode 33n can receive the encrypted challenge transaction, which can ensure that the content of the challenge transaction will not be leaked during the transmission process.Node 33n can deploy the on-chain TEE, andnode 33n can read the encrypted challenge transaction into the on-chain TEE and decrypt it in the on-chain TEE to ensure that the decrypted challenge transaction only exists in the on-chain TEE. It will leak.Node 33n directly uploads encrypted challenge transactions to the chain and manages the viewing authority of encrypted data to limit users who can view challenge transactions, while other users can only obtain encrypted challenge transactions when directly viewing blockchain data . In fact, thenode 33n can ensure that the data that needs privacy protection can only be decrypted into plain text in the on-chain TEE, and once it leaves the on-chain TEE, it will be in cipher text.

针对挑战交易的加密传输，可以采用对称加密或非对称加密的形式。当采用对称加密时，客户端31和节点33n分别维护有相同的对称密钥，比如该对称密钥可由客户端31与节点33n通过诸如DH(Diffie-Hellman)或ECDH(Elliptic Curve Diffie–Hellman)等算法协商得到，或者由KMS(Key Management Service，密钥管理服务)服务器分发至客户端31和节点33n，本说明书并不限制密钥来源。当密钥由KMS服务器分发时，KMS服务器可以通过远程证明的方式确定节点33n处的链上TEE可信，然后将密钥加密传输至该链上TEE内，远程证明的方式与客户端31对链下隐私计算节点32的远程证明过程类似，此处暂不赘述。那么，客户端31可以通过上述的对称密钥对挑战交易进行加密，而节点33n将对称密钥维护于链上TEE中，因而将经过加密的挑战交易读 入链上TEE内，并通过该对称密钥执行解密操作得到上述的挑战交易。对称加密采用的加密算法，例如可以包括DES算法，3DES算法，TDEA算法，Blowfish算法，RC5算法，IDEA算法等。For the encrypted transmission of the challenge transaction, the form of symmetric encryption or asymmetric encryption can be adopted. When symmetric encryption is used, theclient 31 and thenode 33n maintain the same symmetric key respectively. For example, the symmetric key can be used by theclient 31 and thenode 33n through DH (Diffie-Hellman) or ECDH (Elliptic Curve Diffie-Hellman). It may be obtained through algorithm negotiation or distributed by a KMS (Key Management Service) server to theclient 31 and thenode 33n. This specification does not limit the source of the key. When the key is distributed by the KMS server, the KMS server can determine the trustworthiness of the TEE on the chain atnode 33n through remote attestation, and then encrypt the key and transmit it to the TEE on the chain. The remote attestation method is paired with theclient 31 The remote certification process of the off-chainprivacy computing node 32 is similar, and will not be repeated here. Then, theclient 31 can encrypt the challenge transaction through the above-mentioned symmetric key, and thenode 33n maintains the symmetric key in the on-chain TEE, and thus reads the encrypted challenge transaction into the on-chain TEE, and passes the symmetric key. The key performs a decryption operation to obtain the above-mentioned challenge transaction. The encryption algorithm used by the symmetric encryption may include, for example, the DES algorithm, the 3DES algorithm, the TDEA algorithm, the Blowfish algorithm, the RC5 algorithm, and the IDEA algorithm.

当采用非对称加密时，节点33n维护有非对称密钥的私钥，比如称之为节点私钥，而客户端31可以获得该节点私钥对应的节点公钥。非对称密钥可由节点33n在链上TEE内生成，或者由KMS服务器分发至该节点33n，本说明书并不限制密钥来源。类似地，当密钥由KMS服务器分发时，KMS服务器可以通过远程证明的方式确定节点33n处的链上TEE可信，然后将密钥加密传输至该链上TEE内。那么，客户端31可以通过节点公钥对挑战交易进行加密，而节点33n将节点私钥维护于链上TEE中，因而将经过加密的挑战交易读入链上TEE内，并通过节点私钥执行解密操作得到上述的挑战交易。非对称加密采用的非对称加密算法，例如可以包括RSA、Elgamal、背包算法、Rabin、D-H、ECC(椭圆曲线加密算法)等。When asymmetric encryption is used, thenode 33n maintains a private key with an asymmetric key, such as a node private key, and theclient 31 can obtain the node public key corresponding to the node private key. The asymmetric key can be generated by thenode 33n in the TEE on the chain, or distributed to thenode 33n by the KMS server. This specification does not limit the source of the key. Similarly, when the key is distributed by the KMS server, the KMS server can determine the trustworthiness of the TEE on the chain at thenode 33n by means of remote certification, and then encrypt and transmit the key to the TEE on the chain. Then, theclient 31 can encrypt the challenge transaction through the node public key, and thenode 33n maintains the node private key in the on-chain TEE, and thus reads the encrypted challenge transaction into the on-chain TEE and executes it through the node’s private key. The decryption operation obtains the above-mentioned challenge transaction. The asymmetric encryption algorithm used in the asymmetric encryption may include, for example, RSA, Elgamal, knapsack algorithm, Rabin, D-H, ECC (elliptic curve encryption algorithm), etc.

针对挑战交易的加密传输，还可以采用对称加密与非对称加密相结合的形式。客户端31可以维护一对称密钥，比如该对称密钥可由客户端31随机生成，且客户端31可以获得上述非对称密钥中的公钥。客户端31可以通过对称密钥对挑战交易进行加密、得到加密后挑战交易，并通过非对称密钥加密该对称密钥、得到加密后密钥，然后客户端31同时将加密后挑战交易与加密后密钥传输至节点33n。相应的，节点33n将加密后挑战交易与加密后密钥读入链上TEE内，首先通过节点私钥对加密后密钥进行解密、得到对称密钥，然后通过对称密钥对加密后挑战交易进行解密。相比较而言，对称加密的加解密效率相对更高、但安全性相对较低，而非对称加密的加解密效率相对较低、但安全性相对更高，因此基于对称加密与非对称加密相结合的形式，可以兼顾加解密效率与安全性。For the encrypted transmission of challenge transactions, a combination of symmetric encryption and asymmetric encryption can also be used. Theclient 31 can maintain a symmetric key. For example, the symmetric key can be randomly generated by theclient 31, and theclient 31 can obtain the public key in the aforementioned asymmetric key. Theclient 31 can encrypt the challenge transaction with a symmetric key, obtain the encrypted challenge transaction, and encrypt the symmetric key with an asymmetric key to obtain the encrypted key, and then theclient 31 simultaneously encrypts the encrypted challenge transaction with the encrypted challenge transaction. The key is then transmitted to thenode 33n. Correspondingly, thenode 33n reads the encrypted challenge transaction and the encrypted key into the TEE on the chain, first decrypts the encrypted key with the node's private key to obtain the symmetric key, and then encrypts the challenge transaction with the symmetric key Decrypt. In comparison, the encryption and decryption efficiency of symmetric encryption is relatively higher, but the security is relatively low, while the encryption and decryption efficiency of asymmetric encryption is relatively low, but the security is relatively higher. Therefore, based on the comparison between symmetric encryption and asymmetric encryption The combined form can take into account the efficiency and security of encryption and decryption.

类似地，在其他数据交互的过程中，通过使得数据发送方与数据接收方之间维护相同的对称密钥，或者使得数据发送方维护有非对称密钥的公钥、数据接收方维护有非对称密钥的私钥，或者结合对称加密与非对称加密的形式，可以实现任意的数据发送方与数据接收方之间的数据加密传输，此处不再赘述。Similarly, in the process of other data interactions, the data sender and the data receiver maintain the same symmetric key, or the data sender maintains the public key of the asymmetric key, and the data receiver maintains the non-symmetric key. The private key of the symmetric key, or the combination of symmetric encryption and asymmetric encryption, can realize the encrypted transmission of data between any data sender and data receiver, which will not be repeated here.

链下隐私计算节点可能属于链下隐私计算集群，该链下隐私计算集群包含多个链下隐私计算节点。如果各个链下隐私计算节点之间完全独立，那么客户端与单个链下隐私计算节点之间的交互过程可以参考上文所述的实施例。而另一种方式下，链下隐私计算集群可以包含一控制节点，并由该控制节点对集群内的所有链下隐私计算节点进行统一管理。比如，客户端可以向控制节点发起挑战，并接收控制节点返回的上述链下隐私计算节点的远程证明报告。与前述实施例相类似的，客户端可以向控制节点发起链下挑战，或者客户端可以向区块链节点提交挑战交易，该挑战交易所含的挑战信息由区块链节点通过预言机机制传输至控制节点，使得控制节点向客户端返回链下隐私计算节点的远程证明报告。An off-chain private computing node may belong to an off-chain private computing cluster, and the off-chain private computing cluster includes multiple off-chain private computing nodes. If the privacy computing nodes under each chain are completely independent, then the interaction process between the client and a single privacy computing node under the chain can refer to the above-mentioned embodiments. In another way, the off-chain privacy computing cluster may include a control node, and the control node will uniformly manage all off-chain privacy computing nodes in the cluster. For example, the client can initiate a challenge to the control node, and receive the remote certification report of the off-chain privacy computing node returned by the control node. Similar to the previous embodiment, the client can initiate an off-chain challenge to the control node, or the client can submit a challenge transaction to the blockchain node, and the challenge information contained in the challenge transaction is transmitted by the blockchain node through the oracle mechanism To the control node, the control node returns the remote certification report of the off-chain privacy computing node to the client.

以如图4所示的场景为例。一种情况下，客户端41可以通过链下渠道直接向控制节点42发起挑战，即客户端41向控制节点42发起链下挑战。另一种情况下，客户端41可以通过区块链网络43向控制节点42发起挑战，即客户端41向控制节点42发起链上 挑战。链上挑战的发起过程可以包括三个步骤：步骤①，客户端41向区块链网络43提交一笔用于发起挑战的交易，比如称之为挑战交易，该挑战交易可由区块链网络43内的某一节点43n接收和执行；步骤②，节点43n调用预先部署的预言机智能合约(简称预言机合约)，该预言机合约可以将上述挑战交易所含的挑战信息传递至链下的预言机服务器44，比如预言机合约可以产生包含该挑战信息的事件，而预言机服务器44可以通过监听预言机合约产生的事件，从而获取上述的挑战信息；步骤③，预言机服务器44将挑战信息通过链下渠道发送至控制节点42。Take the scenario shown in Figure 4 as an example. In one case, theclient 41 can directly initiate a challenge to thecontrol node 42 through an off-chain channel, that is, theclient 41 initiates an off-chain challenge to thecontrol node 42. In another case, theclient 41 may initiate a challenge to thecontrol node 42 through theblockchain network 43, that is, theclient 41 initiates an on-chain challenge to thecontrol node 42. The process of initiating a challenge on the chain can include three steps:Step ①, theclient 41 submits a transaction for initiating a challenge to theblockchain network 43, such as a challenge transaction, which can be used by the blockchain network 43 Acertain node 43n in the network receives and executes;step ②,node 43n calls the pre-deployed oracle smart contract (referred to as the oracle contract), which can transmit the challenge information contained in the above-mentioned challenge exchange to the off-chain prediction Theoracle server 44, for example, the oracle contract can generate events containing the challenge information, and theoracle server 44 can obtain the above-mentioned challenge information by monitoring the events generated by the oracle contract; step ③, theoracle server 44 passes the challenge information through The off-chain channel is sent to thecontrol node 42.

客户端41向控制节点42发起挑战时，可以将挑战目标设定为控制节点42所处集群内的某一链下隐私计算节点，比如链下隐私计算节点42n，那么控制节点42会根据收到的挑战，向客户端41返回链下隐私计算节点42n对应的远程证明报告。客户端41也可以不设定挑战目标，那么控制节点42收到挑战后，从链下隐私计算集群中进行选择，比如在选取了链下隐私计算节点42n的情况下，向客户端41返回该链下隐私计算节点42n对应的远程证明报告。When theclient 41 initiates a challenge to thecontrol node 42, the challenge target can be set to a certain off-chain private computing node in the cluster where thecontrol node 42 is located, such as off-chainprivate computing node 42n, then thecontrol node 42 will receive The challenge is to return the remote certification report corresponding to the off-chainprivacy computing node 42n to theclient 41. Theclient 41 may not set a challenge target. After receiving the challenge, thecontrol node 42 selects from the off-chain private computing cluster. For example, if the off-chainprivate computing node 42n is selected, it will return this to theclient 41. The remote certification report corresponding to the off-chainprivacy computing node 42n.

其中，控制节点42在收到客户端41发起的挑战后，可以将该挑战转发至链下隐私计算节点42n，使得链下隐私计算节点42n临时触发远程证明过程，以产生相应的远程证明报告，然后通过控制节点42反馈至客户端41。或者，控制节点42在收到客户端41发起的挑战后，可以将该挑战转发至链下隐私计算节点42n，而如果链下隐私计算节点42n上已经存在预先生成的远程证明报告，那么链下隐私计算节点42n将该远程证明报告返回控制节点42，由控制节点42提供至客户端41，而无需临时触发远程证明过程。或者，控制节点42在收到客户端41发起的挑战后，如果本地已经存在预先生成的对应于链下隐私计算节点42n的远程证明报告，那么链下隐私计算节点42n将该远程证明报告提供至客户端41，而无需向链下隐私计算节点42n转发挑战，也无需链下隐私计算节点42n因此临时触发远程证明过程。其中，链下隐私计算节点42n本地存在的远程证明报告，可以是该链下隐私计算节点42n响应于除客户端41之外的其他挑战者的挑战而触发产生，比如该其他挑战者可以包括其他客户端、控制节点42、KMS服务器等，本说明书并不对此进行限制。而链下隐私计算节点42n通过控制节点42将远程证明报告提供至上述的其他挑战者时，控制节点42可以对收到的远程证明报告进行缓存。因此，控制节点42在收到客户端41发起的挑战后，可以首先查看查看本地是否存在先前获得的远程证明报告，如果存在则将该远程证明报告反馈至客户端41，否则将挑战转发至链下隐私计算节点42n；以及，链下隐私计算节点42n在收到挑战后，可以首先查看查看本地是否存在先前获得的远程证明报告，如果存在则将该远程证明报告反馈至控制节点42，否则临时触发远程证明过程。其中，远程证明报告可以具有一定的时限性，比如40分钟或其他时长，超时的远程证明报告可以被客户端41认定为失效，控制节点42或链下隐私计算节点42n也可以主动清除已失效的远程证明报告以避免反馈至客户端41。Among them, after thecontrol node 42 receives the challenge initiated by theclient 41, it can forward the challenge to the off-chainprivacy computing node 42n, so that the off-chainprivacy computing node 42n temporarily triggers the remote attestation process to generate a corresponding remote attestation report. Then feedback to theclient 41 through thecontrol node 42. Alternatively, after thecontrol node 42 receives the challenge initiated by theclient 41, it can forward the challenge to the off-chainprivacy computing node 42n, and if there is already a pre-generated remote attestation report on the off-chainprivacy computing node 42n, then the off-chain Theprivacy computing node 42n returns the remote certification report to thecontrol node 42, and thecontrol node 42 provides it to theclient 41 without temporarily triggering the remote certification process. Alternatively, after thecontrol node 42 receives the challenge initiated by theclient 41, if there is a pre-generated remote certification report corresponding to the off-chainprivate computing node 42n, then the off-chainprivacy computing node 42n provides the remote certification report to Theclient 41 does not need to forward the challenge to the off-chainprivate computing node 42n, nor does it need the off-chainprivate computing node 42n to temporarily trigger the remote attestation process. Among them, the remote attestation report of the off-chainprivate computing node 42n can be triggered by the off-chainprivate computing node 42n in response to challenges from other challengers except theclient 41. For example, the other challengers may include other challengers. The client,control node 42, KMS server, etc. are not restricted in this specification. When the off-chainprivacy computing node 42n provides the remote certification report to the aforementioned other challengers through thecontrol node 42, thecontrol node 42 may cache the received remote certification report. Therefore, after thecontrol node 42 receives the challenge initiated by theclient 41, it can first check whether there is a previously obtained remote certification report locally, and if it exists, the remote certification report will be fed back to theclient 41, otherwise the challenge will be forwarded to the chain Under theprivate computing node 42n; and, after receiving the challenge, the off-chainprivate computing node 42n can first check whether there is a previously obtained remote certification report locally, and if it exists, the remote certification report will be fed back to thecontrol node 42, otherwise temporarily Trigger the remote attestation process. Among them, the remote attestation report can have a certain time limit, such as 40 minutes or other duration. The timed out remote attestation report can be deemed invalid by theclient 41, and thecontrol node 42 or the off-chainprivacy computing node 42n can also actively clear the invalid Remote attestation report to avoid feedback to theclient 41.

在图4所示的实施例中，客户端41与控制节点42之间、控制节点42与链下隐私计算节点42n之间、客户端41与节点43n之间、节点43n与预言机服务器44之间、预言机服务器44与控制节点42之间等，均可能产生数据交互。对于任意的数据交互过程，均可以采用如前文所述的加密数据传输方案，包括对称加密、非对称加密或两者结合的形式，此处不再赘述。In the embodiment shown in FIG. 4, between theclient 41 and thecontrol node 42, between thecontrol node 42 and the off-chainprivacy computing node 42n, between theclient 41 and thenode 43n, and between thenode 43n and theoracle server 44 Data interaction may occur between time,oracle server 44 andcontrol node 42, etc. For any data interaction process, the encrypted data transmission scheme described above can be adopted, including symmetric encryption, asymmetric encryption, or a combination of the two, which will not be repeated here.

或者，针对链下隐私计算集群的情况，基于各个链下隐私计算节点在各自的链下TEE内均维护有集群身份密钥，可将链下隐私计算集群视为一个整体，由控制节点在选取响应客户端的节点，链下隐私计算集群中各节点在与外界设备(比如区块链节点、客户端等)进行交互的过程中，并非采用自身的节点身份密钥，而是采用集群身份密钥对交互数据进行加密与解密，或者生成与验证签名。其中，采用集群身份密钥进行加密与解密，或者生成与验证签名的方式与上述采用节点身份密钥的过程类似，在此不再赘述。Or, in the case of off-chain private computing clusters, based on the fact that each off-chain private computing node maintains a cluster identity key in their respective off-chain TEE, the off-chain private computing cluster can be regarded as a whole, which is selected by the control node In response to the client's node, each node in the off-chain privacy computing cluster interacts with external devices (such as blockchain nodes, clients, etc.) instead of using its own node identity key, but the cluster identity key Encrypt and decrypt interactive data, or generate and verify signatures. Among them, the method of using the cluster identity key for encryption and decryption, or generating and verifying the signature is similar to the above-mentioned process of using the node identity key, and will not be repeated here.

基于上述方案，部署方通过客户端在确定链下隐私计算节点可信的情况下，可以向链下隐私计算节点部署链下合约。链下合约与区块链节点所执行的链上合约类似，均可以为运行于虚拟机中的字节码，此处不再赘述。通过对链下合约的字节码进行加密传输，可以避免在传输过程中发生数据泄露或修改等，确保隐私性和安全性。Based on the above solution, the deployer can deploy an off-chain contract to the off-chain private computing node under the condition that the off-chain private computing node is determined to be trustworthy through the client. The off-chain contract is similar to the on-chain contract executed by the blockchain node, and both can be bytecodes running in a virtual machine, so I won’t repeat them here. By encrypting and transmitting the bytecode of the off-chain contract, data leakage or modification can be avoided during the transmission process, and privacy and security can be ensured.

与前述的挑战过程相类似的，客户端可以通过链下途径将链下合约的字节码加密传输至链下隐私计算节点，即针对字节码的传输过程与区块链网络无关，这样可以跳过区块链节点之间的共识过程、减少链上链下的交互操作，使得字节码的传输效率更高。或者，客户端可以通过链上途径将链下合约的字节码加密传输至链下隐私计算节点，比如客户端生成链下合约部署交易，该链下合约部署交易中包含对字节码进行加密得到的字节码密文，客户端将链下合约部署交易加密后提交至区块链节点，加密后的链下合约部署交易可在区块链节点处创建的链上TEE内被解密、得到字节码密文，然后由区块链节点通过预言机机制将该字节码密文传输至链下隐私计算节点。Similar to the aforementioned challenge process, the client can encrypt and transmit the bytecode of the off-chain contract to the off-chain private computing node through the off-chain channel, that is, the transmission process for the bytecode has nothing to do with the blockchain network, so that it can be Skip the consensus process between blockchain nodes and reduce the interactive operations on and off the chain, making bytecode transmission more efficient. Alternatively, the client can encrypt and transmit the bytecode of the off-chain contract to the off-chain private computing node through the on-chain channel. For example, the client generates an off-chain contract deployment transaction, and the off-chain contract deployment transaction includes the encryption of the bytecode. The obtained bytecode ciphertext, the client encrypts the off-chain contract deployment transaction and submits it to the blockchain node. The encrypted off-chain contract deployment transaction can be decrypted and obtained in the on-chain TEE created at the blockchain node. The bytecode ciphertext is then transmitted to the off-chain privacy computing node by the blockchain node through the oracle mechanism.

以如图5所示的场景为例。一种情况下，客户端51可以通过链下渠道直接向链下隐私计算节点52加密传输字节码，即客户端51向链下隐私计算节点52链下传输加密后的字节码密文。另一种情况下，客户端51可以通过区块链网络53向链下隐私计算节点52加密传输字节码，即客户端51向链下隐私计算节点52链上传输加密后的字节码密文。链上加密传输的过程可以包括三个步骤：步骤①，客户端51向区块链网络53提交一笔用于部署链下合约的交易，即链下合约部署交易，该链下合约部署交易可由区块链网络53内的某一节点53n接收和执行；步骤②，节点53n调用预言机合约，该预言机合约可以将上述链下合约部署交易所含的字节码传递至链下的预言机服务器55，比如预言机合约可以产生包含该字节码的事件，而预言机服务器55可以通过监听预言机合约产生的事件，从而获取上述的字节码；步骤③，预言机服务器55将字节码通过链下渠道发送至链下隐私计算节点52。Take the scenario shown in Figure 5 as an example. In one case, theclient 51 can directly transmit the bytecode encrypted to the off-chainprivacy computing node 52 through the off-chain channel, that is, theclient 51 transmits the encrypted bytecode ciphertext to the off-chainprivacy computing node 52 off-chain. In another case, theclient 51 can encrypt and transmit the bytecode to the off-chainprivacy computing node 52 through theblockchain network 53, that is, theclient 51 transmits the encrypted bytecode to the off-chainprivacy computing node 52 on the chain. Arts. The process of encrypted transmission on the chain can include three steps:Step ①, theclient 51 submits to the blockchain network 53 a transaction for deploying an off-chain contract, that is, an off-chain contract deployment transaction. The off-chain contract deployment transaction can be A certain node 53n in theblockchain network 53 receives and executes;step ②, the node 53n calls the oracle contract, which can transfer the bytecode contained in the above-mentioned off-chain contract deployment transaction to the off-chain oracle The server 55, for example, the oracle contract can generate an event containing the bytecode, and the oracle server 55 can obtain the above bytecode by listening to the event generated by the oracle contract; step ③, the oracle server 55 transfers the bytecode The code is sent to the off-chainprivacy computing node 52 through the off-chain channel.

在链下加密传输的过程中，仅涉及到客户端51与链下隐私计算节点52之间的数据交互，可以采用如前文所述的对称加密、非对称加密或两者结合的加密传输方案，此处不再赘述。在链上加密传输的过程中，涉及到多个对象之间的数据交互，需要确保字节码始终处于加密状态。例如，在客户端51向节点53n提交链下合约部署交易时，可以通过如前文所述的对称加密、非对称加密或两者结合的加密传输方案对该链下合约部署交易进行加密传输，使得链下合约部署交易所含的字节码处于加密保护状态。其中，链下合约部署交易所含的字节码可能处于明文状态或密文状态。如果处于密文状态，表明客户端51对字节码进行加密后，将字节码密文添加至链下合约部署交易的data字段，并且客户端51应当确保该字节码密文仅最终环节的链下隐私计算节点52能够解密，而其他的节点53n、预言机服务器55等均无法解密，那么节点53n在自身创建的链上TEE 内对链下合约部署交易进行解密后得到字节码密文后，预言机服务器55可以直接读取该字节码密文，然后由预言机服务器55将该字节码密文传输至链下隐私计算节点52。如果处于明文状态，表明客户端51直接将明文的字节码添加至链下合约部署交易的data字段，而该链下合约部署交易可以调用一链上合约，那么节点53n在链上TEE内对链下合约部署交易进行解密后得到明文的字节码后，可以通过链上TEE内部署的虚拟机执行上述链上合约，从而在链上TEE内将字节码加密为相应的字节码密文，并确保该字节码密文仅能够由链下隐私计算节点52能够解密，然后由预言机服务器55读取该字节码密文，并进而将该字节码密文传输至链下隐私计算节点52。In the process of off-chain encrypted transmission, only the data interaction between theclient 51 and the off-chainprivacy computing node 52 is involved. The symmetric encryption, asymmetric encryption, or a combination of the two encryption transmission schemes described above can be used. I won't repeat them here. In the process of encrypted transmission on the chain, data interaction between multiple objects is involved, and it is necessary to ensure that the bytecode is always in an encrypted state. For example, when theclient 51 submits an off-chain contract deployment transaction to the node 53n, the off-chain contract deployment transaction can be encrypted and transmitted through the encrypted transmission scheme of symmetric encryption, asymmetric encryption, or a combination of the two as described above, so that The bytecode contained in the off-chain contract deployment exchange is encrypted and protected. Among them, the bytecode contained in the off-chain contract deployment exchange may be in a plaintext state or a ciphertext state. If it is in the ciphertext state, it means that after theclient 51 encrypts the bytecode, it adds the bytecode ciphertext to the data field of the off-chain contract deployment transaction, and theclient 51 should ensure that the bytecode ciphertext is only the final link The off-chainprivacy computing node 52 can decrypt, but other nodes 53n, oracle server 55 cannot decrypt, then node 53n decrypts the off-chain contract deployment transaction in the on-chain TEE created by itself to obtain the bytecode secret After the text, the oracle server 55 can directly read the bytecode ciphertext, and then the oracle server 55 transmits the bytecode ciphertext to the off-chainprivacy computing node 52. If it is in the clear text state, it indicates that theclient 51 directly adds the bytecode of the clear text to the data field of the off-chain contract deployment transaction, and the off-chain contract deployment transaction can call an on-chain contract, then the node 53n will perform the pairing in the on-chain TEE After the off-chain contract deployment transaction is decrypted and the plaintext bytecode is obtained, the virtual machine deployed in the on-chain TEE can execute the above-mentioned on-chain contract, thereby encrypting the bytecode into the corresponding bytecode in the on-chain TEE And ensure that the bytecode ciphertext can only be decrypted by the off-chainprivacy computing node 52, and then the oracle server 55 reads the bytecode ciphertext, and then transmits the bytecode ciphertext to the off-chainPrivacy computing node 52.

针对字节码进行加密时，可以采用对称加密、非对称加密或两者结合的方式，本说明书并不对此进行限制。当采用非对称加密或者对称加密与非对称加密结合的方式时，涉及到一组非对称密钥对，客户端51或节点53n需要获知该非对称密钥对的公钥，且该非对称密钥对的私钥需要由链下隐私计算节点52所维护，使得该链下隐私计算节点52可以基于该私钥对收到的字节码密文进行解密。例如，该非对称密钥对可以为前文所述的、链下隐私计算节点52在链下TEE中产生的加密密钥对；相应地，链下隐私计算节点52在收到字节码密文后，将该字节码密文读入链下TEE中，并基于加密私钥对该字节码密文进行解密，从而得到明文的字节码。When encrypting bytecode, symmetric encryption, asymmetric encryption or a combination of the two can be used, and this specification does not limit this. When asymmetric encryption or a combination of symmetric encryption and asymmetric encryption is used, a set of asymmetric key pairs is involved, and theclient 51 or node 53n needs to know the public key of the asymmetric key pair, and the asymmetric encryption The private key of the key pair needs to be maintained by the off-chainprivacy computing node 52, so that the off-chainprivacy computing node 52 can decrypt the received bytecode ciphertext based on the private key. For example, the asymmetric key pair may be the aforementioned encryption key pair generated by the off-chainprivacy computing node 52 in the off-chain TEE; accordingly, the off-chainprivacy computing node 52 receives the bytecode ciphertext Afterwards, the bytecode ciphertext is read into the off-chain TEE, and the bytecode ciphertext is decrypted based on the encrypted private key to obtain the bytecode of the plaintext.

链下隐私计算节点52在链下TEE中解密得到明文的字节码后，可以在链下TEE中对字节码进行重新加密后，存储至链下TEE之外的存储空间，比如链下隐私计算节点52的硬盘中，从而完成对链下合约的部署。此处，链下隐私计算节点52通常采用一对称密钥，通过对称加密的方式对字节码进行加密并存储，这样在后续调用该字节码时，相比于采用非对称加密的形式而言，可以更快地完成解密操作。该对称密钥可由链下隐私计算节点52在链下TEE中生成，或者由其他对象通过加密传输的方式分发至链下隐私计算节点52。例如，可由KMS服务器对链下隐私计算节点52发起挑战，并通过远程证明验证该链下隐私计算节点52可信的情况下，向该链下隐私计算节点52分发上述的对称密钥。链下隐私计算节点52可以将KMS服务器分发的对称密钥作为根密钥，并将基于该根密钥派生得到的衍生密钥应用于针对字节码的加密存储。再例如，基于Intel SGX技术，上述对称密钥可以为烧录于链下隐私计算节点52的CPU内e-fuses存储电路中的RSK(Root Seal Key)密钥，或者该RSK密钥派生得到的衍生密钥(即Seal Key)。当然，链下隐私计算节点52也可以采用非对称加密或者对称加密与非对称加密结合的方式，对字节码进行加密存储，本说明书并不对此进行限制。After the off-chainprivacy computing node 52 decrypts the plaintext bytecode in the off-chain TEE, it can re-encrypt the bytecode in the off-chain TEE and store it in a storage space outside the off-chain TEE, such as off-chain privacy In the hard disk of thecomputing node 52, the deployment of the off-chain contract is thus completed. Here, the off-chainprivacy computing node 52 usually uses a symmetric key to encrypt and store the bytecode through symmetric encryption, so that when the bytecode is subsequently invoked, it is less expensive than using asymmetric encryption. In other words, the decryption operation can be completed faster. The symmetric key can be generated by the off-chainprivacy computing node 52 in the off-chain TEE, or distributed to the off-chainprivacy computing node 52 by other objects through encrypted transmission. For example, the KMS server can initiate a challenge to the off-chainprivate computing node 52, and in the case where the off-chainprivate computing node 52 is verified to be trusted through remote certification, the above-mentioned symmetric key is distributed to the off-chainprivate computing node 52. The off-chainprivacy computing node 52 can use the symmetric key distributed by the KMS server as the root key, and apply the derived key derived from the root key to the encrypted storage of the bytecode. For another example, based on Intel SGX technology, the above-mentioned symmetric key may be an RSK (Root Seal Key) key burned in the e-fuses storage circuit in the CPU of the off-chainprivacy computing node 52, or derived from the RSK key Derived key (ie Seal Key). Of course, the off-chainprivacy computing node 52 can also use asymmetric encryption or a combination of symmetric encryption and asymmetric encryption to encrypt and store the bytecode, which is not limited in this specification.

除了在链下隐私计算节点52处安全存储链下合约的字节码之外，客户端51还可以向链下隐私计算节点52指明用于执行该字节码的执行引擎。例如，在链下隐私计算节点52处创建的链下TEE中，可以部署有若干执行引擎，比如EVM、WASM虚拟机等中的一个或多个，尤其是在同时部署了多种执行引擎的情况下，客户端51可以向链下隐私计算节点52发送与上述字节码相关联的执行引擎指定信息，该执行引擎指定信息向链下隐私计算节点52指示用于执行上述字节码的执行引擎，比如采用EVM还是WSAM虚拟机等。例如，可以将字节码与执行引擎指定信息打包加密后，一并传输至链下隐私计算节点52；也可以分别对字节码和执行引擎指定信息进行加密传输，此时执行引擎指定信息应当包含相应的字节码或者链下合约的信息，比如字节码的哈希值等， 以便于据此确定执行引擎指定信息对应于哪个链下合约。相应的，链下隐私计算节点52在部署链下合约时，除了对字节码进行加密存储之外，还需标注出字节码所需采用的执行引擎的信息，从而在后续的调用过程中据此选用恰当的虚拟机，以作为处理相应字节码的执行引擎。In addition to securely storing the bytecode of the off-chain contract at the off-chainprivate computing node 52, theclient 51 can also indicate to the off-chainprivate computing node 52 an execution engine for executing the bytecode. For example, in the off-chain TEE created at the off-chainprivacy computing node 52, several execution engines, such as one or more of EVM, WASM virtual machine, etc., can be deployed, especially when multiple execution engines are deployed at the same time Next, theclient 51 can send the execution engine designation information associated with the above-mentioned bytecode to the off-chainprivate computing node 52, and the execution engine designation information indicates to the off-chainprivate computing node 52 the execution engine used to execute the above-mentioned bytecode. , Such as using EVM or WSAM virtual machine. For example, the bytecode and the execution engine specified information can be packaged and encrypted, and then transmitted to the off-chainprivacy computing node 52; or the bytecode and execution engine specified information can be encrypted and transmitted separately. In this case, the execution engine specified information should Contains the corresponding bytecode or the information of the off-chain contract, such as the hash value of the bytecode, so as to determine which off-chain contract the execution engine specified information corresponds to. Correspondingly, when the off-chainprivacy computing node 52 deploys an off-chain contract, in addition to encrypting and storing the bytecode, it also needs to mark the information of the execution engine that the bytecode needs to use, so that it can be used in subsequent calls. Based on this, an appropriate virtual machine is selected as the execution engine for processing the corresponding bytecode.

通过上述方式，客户端51可以向链下隐私计算节点52部署更多的链下合约；类似地，其他客户端也可以向链下隐私计算节点52部署链下合约。为了便于管理，以及便于后续对链下合约进行调用，链下隐私计算节点52可以为部署的链下合约生成相应的合约ID，链下合约与合约ID之间一一对应。例如，在完成针对链下合约的部署操作后，链下隐私计算节点52可以对该链下合约的字节码进行哈希运算，得到第一哈希值，并将该第一哈希值作为该链下合约的合约ID。当然，链下隐私计算节点52也可以通过其他方式生成合约ID，本说明书并不对此进行限制。In the above manner, theclient 51 can deploy more off-chain contracts to the off-chainprivacy computing node 52; similarly, other clients can also deploy off-chain contracts to the off-chainprivacy computing node 52. In order to facilitate management and facilitate subsequent calls to the off-chain contract, the off-chainprivacy computing node 52 may generate a corresponding contract ID for the deployed off-chain contract, and there is a one-to-one correspondence between the off-chain contract and the contract ID. For example, after completing the deployment operation for the off-chain contract, the off-chainprivacy computing node 52 may perform a hash operation on the bytecode of the off-chain contract to obtain the first hash value, and use the first hash value as The contract ID of the off-chain contract. Of course, the off-chainprivacy computing node 52 can also generate the contract ID in other ways, and this specification does not limit this.

如果将上述的第一哈希值作为链下合约的合约ID，那么该第一哈希值还可以具有其他作用。在完成部署后，链下隐私计算节点52可以向客户端51反馈部署结果信息，该部署结果信息包含上述的第一哈希值，而客户端51还可以对自己发出的字节码进行哈希计算得到第二哈希值，并将第一哈希值与第二哈希值进行比较：如果两者一致，表明链下隐私计算节点52部署的字节码正确无误，没有在传输过程中被替换或者发生其他意外，客户端51可以确认链下合约在链下隐私计算节点52处部署成功；而如果两者不一致，客户端51可以认为链下合约部署失败，或者已部署的链下合约存在风险。客户端51可以将成功部署的链下合约标记为可信合约，将未成功部署的链下合约标记为不可信合约或不维护，从而在后续过程中仅针对可信合约进行调用。如果客户端51将字节码通过链下途径传输至链下隐私计算节点52，那么链下隐私计算节点52同样通过链下途径将部署结果信息返回至客户端51；如果客户端51将字节码通过链上途径传输至链下隐私计算节点52，那么链下隐私计算节点52同样通过链上途径将部署结果信息反馈至客户端51。If the above-mentioned first hash value is used as the contract ID of the off-chain contract, the first hash value may also have other functions. After the deployment is completed, the off-chainprivacy computing node 52 can feed back deployment result information to theclient 51. The deployment result information includes the above-mentioned first hash value, and theclient 51 can also hash the bytecode sent by itself. The second hash value is calculated, and the first hash value is compared with the second hash value: if the two are the same, it indicates that the bytecode deployed by the off-chainprivacy computing node 52 is correct and has not been transmitted during transmission. Replacement or other accidents occur, theclient 51 can confirm that the off-chain contract is successfully deployed at the off-chainprivacy computing node 52; and if the two are inconsistent, theclient 51 can think that the off-chain contract deployment failed, or the deployed off-chain contract exists risk. Theclient 51 may mark the successfully deployed off-chain contract as a trusted contract, and the unsuccessfully deployed off-chain contract as an untrusted contract or unmaintained, so that only the trusted contract is called in the subsequent process. If theclient 51 transmits the bytecode to the off-chainprivacy computing node 52 through the off-chain channel, the off-chainprivacy computing node 52 also returns the deployment result information to theclient 51 through the off-chain channel; if theclient 51 sends the byte code The code is transmitted to the off-chainprivacy computing node 52 through the on-chain channel, and the off-chainprivacy computing node 52 also feeds back the deployment result information to theclient 51 through the on-chain channel.

当链下隐私计算节点属于链下隐私计算集群时，由控制节点对集群内的所有链下隐私计算节点进行统一管理，那么客户端在部署链上合约的过程中，首先将字节码加密传输至控制节点，然后由控制节点转发至集群内的一个或多个链下隐私计算节点，从而将链上合约的字节码部署至集群内的一个或多个链下隐私计算节点。如果部署至多个链下隐私计算节点，那么这些链下隐私计算节点可以同时向外提供针对同一链下合约的调用能力，从而实现并行的链下隐私计算，还可以在多个链下隐私计算节点之间实现负载均衡。When the off-chain private computing node belongs to the off-chain private computing cluster, the control node will uniformly manage all the off-chain private computing nodes in the cluster, then the client first encrypts the bytecode transmission during the process of deploying the on-chain contract To the control node, the control node forwards it to one or more off-chain private computing nodes in the cluster, so as to deploy the bytecode of the on-chain contract to one or more off-chain private computing nodes in the cluster. If deployed to multiple off-chain private computing nodes, then these off-chain private computing nodes can provide the ability to call the same off-chain contract at the same time, so as to realize parallel off-chain private computing, and it can also be used in multiple off-chain private computing nodes. Achieve load balancing between.

以如图6所示的场景为例。一种情况下，客户端61可以通过链下渠道直接向控制节点62发送字节码密文，即客户端61向控制节点62链下加密传输字节码，进而由控制节点62转发至集群内的一个或多个链下隐私计算节点。另一种情况下，客户端61可以通过区块链网络63向控制节点62加密传输字节码，即客户端61向控制节点62链上传输加密后的字节码密文。链上加密传输的过程可以包括三个步骤：步骤①，客户端61向区块链网络63提交一笔用于部署链下合约的交易，即链下合约部署交易，该链下合约部署交易可由区块链网络63内的某一节点63n接收和执行；步骤②，节点63n调用预言机合约，该预言机合约可以将上述链下合约部署交易所含的字节码传递至链下的 预言机服务器64，比如预言机合约可以产生包含该字节码的事件，而预言机服务器64可以通过监听预言机合约产生的事件，从而获取上述的字节码；步骤③，预言机服务器64将字节码通过链下渠道发送至控制节点62，并进而由控制节点62转发至集群内的一个或多个链下隐私计算节点。Take the scenario shown in Figure 6 as an example. In one case, theclient 61 can directly send the bytecode ciphertext to thecontrol node 62 through the off-chain channel, that is, theclient 61 encrypts and transmits the bytecode under the chain to thecontrol node 62, and then forwards the bytecode to the cluster by thecontrol node 62 One or more private computing nodes under the chain. In another case, theclient 61 can transmit the bytecode encrypted to thecontrol node 62 through theblockchain network 63, that is, theclient 61 transmits the encrypted bytecode ciphertext to thecontrol node 62 chain. The process of encrypted transmission on the chain can include three steps:Step ①, theclient 61 submits to the blockchain network 63 a transaction for deploying an off-chain contract, that is, an off-chain contract deployment transaction. The off-chain contract deployment transaction can be A certain node 63n in theblockchain network 63 receives and executes;step ②, the node 63n calls the oracle contract, which can transfer the bytecode contained in the above-mentioned off-chain contract deployment transaction to the off-chain oracle Theserver 64, for example, the oracle contract can generate an event containing the bytecode, and theoracle server 64 can obtain the above bytecode by monitoring the event generated by the oracle contract; step ③, theoracle server 64 can generate the bytecode The code is sent to thecontrol node 62 through the off-chain channel, and then forwarded by thecontrol node 62 to one or more off-chain privacy computing nodes in the cluster.

如果仅需部署至一个链下隐私计算节点，比如图6所示的链下隐私计算节点62n，那么与图5所示实施例相类似的，客户端61或节点63n在针对字节码进行加密时，只需要确保该链下隐私计算节点62n能够解密即可。例如，可以采用该链下隐私计算节点62n在链下TEE内生成的加密公钥对字节码进行加密，而链下隐私计算节点62n在收到字节码密文后，可以在链下TEE内通过加密私钥对该字节码密文进行解密，从而获得明文的字节码。同时，客户端61可以携带部署目标指示信息，控制节点62可以根据该部署目标指示信息确定相应的部署目标为链下隐私计算节点62n，从而将字节码密文准确转发至该链下隐私计算节点62n，而无需转发至集群内其他的链下隐私计算节点。如果客户端61并未携带部署目标指示信息，控制节点62可以将字节码密文转发至集群内的所有链下隐私计算节点，但只有链下隐私计算节点62n能够成功解密并完成部署。If it only needs to be deployed to one off-chain private computing node, such as the off-chainprivate computing node 62n shown in FIG. 6, then similar to the embodiment shown in FIG. 5, theclient 61 or node 63n is encrypting the bytecode At this time, it is only necessary to ensure that the off-chainprivate computing node 62n can decrypt. For example, the encryption public key generated by the off-chainprivacy computing node 62n in the off-chain TEE can be used to encrypt the bytecode, and the off-chainprivacy computing node 62n can use the off-chain TEE after receiving the bytecode ciphertext. The bytecode ciphertext is decrypted by encrypting the private key to obtain the bytecode of the plaintext. At the same time, theclient 61 can carry deployment target indication information, and thecontrol node 62 can determine that the corresponding deployment target is the off-chainprivacy computing node 62n according to the deployment target indication information, so as to accurately forward the bytecode ciphertext to the off-chain privacy computing Thenode 62n does not need to be forwarded to other off-chain privacy computing nodes in the cluster. If theclient 61 does not carry the deployment target indication information, thecontrol node 62 can forward the bytecode ciphertext to all the off-chain private computing nodes in the cluster, but only the off-chainprivate computing node 62n can successfully decrypt and complete the deployment.

如果需要部署至集群内的多个链下隐私计算节点，除了独立部署的方式之外，本说明书中还可以将链下合约同时向多个链下隐私计算节点进行安全部署。如前所述，每个链下隐私计算节点都存在各自的节点身份信息，且节点身份信息涉及到每个链下隐私计算节点在各自的链下TEE内创建的密钥对，比如加密密钥对和签名密钥对，或者兼顾加密与签名功能的密钥对。下面以加密密钥对和签名密钥对为例进行说明。基于各个链下隐私计算节点在各自的链下TEE内均维护有集群身份密钥，可将链下隐私计算集群视为一个整体，利用上述在各个节点共享的集群身份密钥将链下合约同时向多个链下隐私计算节点进行安全部署，从而确保多个链下隐私计算节点都能够顺利解密收到的字节码密文。其中，集群身份密钥可以包括集群加密密钥对和集群签名密钥对，经上述共享集群身份密钥的过程，各个链下隐私计算节点在各自的链下TEE内均维护有集群加密私钥、集群签名私钥，那么客户端61或节点63n只要使用集群加密公钥对字节码进行加密，即可确保上述的各个链下隐私计算节点均能够在各自的链下TEE内通过集群加密私钥进行解密，从而获得字节码并完成部署。当然，即便仅部署至单个链下隐私计算节点，也可以采用上述的集群加密公钥对字节码进行加密，只要相应的链下隐私计算节点能够顺利解密即可。实际上，基于集群身份，客户端61并不需要关注对方为单个链下隐私计算节点或者链下隐私计算集群，只需要将其作为一个对象并与该对象进行交互即可，无需关注于背后的节点或集群的细节。If it needs to be deployed to multiple off-chain private computing nodes in the cluster, in addition to independent deployment, in this manual, off-chain contracts can also be safely deployed to multiple off-chain private computing nodes at the same time. As mentioned earlier, each off-chain private computing node has its own node identity information, and the node identity information relates to the key pair created by each off-chain private computing node in its respective off-chain TEE, such as an encryption key Pair and signature key pair, or a key pair that takes into account both encryption and signature functions. The following takes the encryption key pair and the signature key pair as an example for description. Based on the fact that each off-chain private computing node maintains a cluster identity key in its own off-chain TEE, the off-chain private computing cluster can be regarded as a whole, and the above-mentioned cluster identity key shared by each node can be used to simultaneously hold the off-chain contract. Secure deployment to multiple off-chain private computing nodes to ensure that multiple off-chain private computing nodes can smoothly decrypt the received bytecode ciphertext. Among them, the cluster identity key may include a cluster encryption key pair and a cluster signature key pair. After the above process of sharing the cluster identity key, each off-chain privacy computing node maintains a cluster encryption private key in its own off-chain TEE. , Cluster signature private key, thenclient 61 or node 63n only needs to use the cluster encryption public key to encrypt the bytecode, to ensure that the above-mentioned private off-chain computing nodes can all be encrypted privately through the cluster in their respective off-chain TEEs. The key is decrypted to obtain the bytecode and complete the deployment. Of course, even if it is only deployed to a single off-chain private computing node, the above-mentioned cluster encryption public key can also be used to encrypt the bytecode, as long as the corresponding off-chain private computing node can successfully decrypt it. In fact, based on the cluster identity, theclient 61 does not need to pay attention to whether the other party is a single off-chain private computing node or off-chain private computing cluster. It only needs to use it as an object and interact with the object. Details of the node or cluster.

以图1实施例中的所述任一节点为例，部署方在向所述任一节点部署目标链下合约之前，可向所述任一节点发起挑战，那么所述任一节点可响应于部署方发起的挑战，向部署方提供自身的远程证明报告，即第二远程证明报告。其中，部署方可在根据第二远程证明报告确定第二链下可信执行环境(即所述任一节点创建的链下可信执行环境)可信的情况下发送加密后的目标链下合约。比如，可采用集群身份密钥中的集群身份公钥对目标链下合约的字节码进行加密，再将加密后的字节码发送至所述任一节点。所述任一节点在接收到被加密的目标链下合约后，在第二链下可信执行环境中通过集群身份密钥中的集群身份私钥解密目标链下合约并进行部署。而在完成对目标链下合约的部署 之后，在区块链节点通过预言机机制对所述目标链下合约发起调用的情况下，所述任一节点可在第二链下可信执行环境中执行目标链下合约，并通过预言机机制将执行结果反馈至区块链节点。Taking any node in the embodiment of FIG. 1 as an example, before deploying the target off-chain contract to any node, the deployer can initiate a challenge to any node, and then any node can respond to The challenge initiated by the deployer provides the deployer with its own remote attestation report, that is, the second remote attestation report. Among them, the deployer can send the encrypted target off-chain contract under the condition that the second chain trusted execution environment (that is, the off-chain trusted execution environment created by any node) is credible according to the second remote attestation report . For example, the cluster identity public key in the cluster identity key can be used to encrypt the bytecode of the contract under the target chain, and then the encrypted bytecode can be sent to any node. After receiving the encrypted target chain contract, any node decrypts the target chain contract and deploys it in the second chain trusted execution environment through the cluster identity private key in the cluster identity key. After the deployment of the contract under the target chain is completed, when the blockchain node initiates a call to the contract under the target chain through the oracle mechanism, any node can be in the trusted execution environment under the second chain The contract under the target chain is executed, and the execution result is fed back to the blockchain node through the oracle mechanism.

此外，在前文所述的挑战过程中，如果需要将挑战发送至链下隐私计算节点，而非由控制节点直接反馈远程证明报告，那么也可以采用集群加密公钥对挑战信息进行加密，只要相应的链下隐私计算节点能够顺利解密即可。但是，如果希望控制节点直接反馈远程证明报告(预先获得的远程证明报告，或者由控制节点向链下隐私计算节点发起挑战而得到)，则应当采用控制节点的身份公钥对挑战信息进行加密，确保控制节点能够在自身创建的TEE内通过身份私钥实现解密。In addition, in the challenge process described above, if the challenge needs to be sent to the off-chain private computing node instead of the control node directly feeding back the remote certification report, then the cluster encryption public key can also be used to encrypt the challenge information, as long as the corresponding The off-chain private computing node can decrypt successfully. However, if you want the control node to directly feed back the remote certification report (pre-obtained remote certification report, or obtained by the control node initiating a challenge to the off-chain private computing node), the challenge information should be encrypted with the control node’s identity public key. Ensure that the control node can achieve decryption through the identity private key in the TEE created by itself.

在如图6所示的实施例中，客户端61可以发送执行引擎指定信息，使得部署了链下合约的链下隐私计算节点可以据此获知用于执行上述字节码的执行引擎，此处不再赘述，可以参考图5所示的实施例。另外，客户端61可以收到部署结果信息，该部署结果信息包含链下合约的哈希值，比如第一哈希值，使得客户端61可以将该第一哈希值与自己发出的字节码对应的第二哈希值进行比较，从而确定链下隐私计算节点是否成功部署了上述的链上合约，此处不再赘述，可以参考图5所示的实施例。如果链上合约被部署至多个链下隐私计算节点，控制节点62只需要确保所有链下隐私计算节点反馈的部署结果信息都一致，并将任意一个链下隐私计算节点反馈的部署结果信息传输至客户端61即可。In the embodiment shown in FIG. 6, theclient 61 can send execution engine designation information, so that the off-chain privacy computing node deployed with the off-chain contract can learn the execution engine used to execute the above-mentioned bytecode. It will not be repeated, and reference may be made to the embodiment shown in FIG. 5. In addition, theclient 61 may receive deployment result information, which includes the hash value of the off-chain contract, such as the first hash value, so that theclient 61 can compare the first hash value with the byte sent by itself. The second hash value corresponding to the code is compared to determine whether the off-chain privacy computing node successfully deploys the above-mentioned on-chain contract, which will not be repeated here, and the embodiment shown in FIG. 5 can be referred to. If the on-chain contract is deployed to multiple off-chain private computing nodes, thecontrol node 62 only needs to ensure that the deployment result information fed back by all off-chain private computing nodes are consistent, and transmit the deployment result information fed back by any off-chain private computing node toClient 61 is fine.

基于上述实施例，本说明书可以基于远程证明的方式对链下隐私计算节点的硬件安全性、链下TEE的软件正确性等方面进行有效验证，从而在验证链下隐私计算节点可信的情况下，将链下合约通过加密传输的方式安全部署至链下隐私计算节点，并且该链下合约仅在链下隐私计算节点创建的链下TEE内执行，具有极高的安全性，可以承担区块链节点分配的链下隐私计算任务，并确保该链下隐私技术任务安全、可靠、高效地执行。同时，由于计算任务在链下隐私计算节点上执行时，并不涉及到节点之间的共识机制，因而只需要在单个链下隐私计算节点上执行该计算任务即可，相比于受共识机制的限制而使得所有区块链节点都需要执行的链上合约而言，能够极大地节省执行计算任务所带来的资源消耗。Based on the above-mentioned embodiments, this specification can effectively verify the hardware security of the off-chain private computing nodes and the software correctness of the off-chain TEE based on remote certification, so as to verify the trustworthiness of the off-chain private computing nodes. , The off-chain contract is safely deployed to the off-chain private computing node through encrypted transmission, and the off-chain contract is only executed in the off-chain TEE created by the off-chain private computing node, which has extremely high security and can bear the block The off-chain privacy computing tasks assigned by the chain nodes, and to ensure that the off-chain privacy technical tasks are executed safely, reliably, and efficiently. At the same time, since the computing task is executed on the off-chain private computing node, the consensus mechanism between nodes is not involved, so it only needs to execute the computing task on a single off-chain private computing node, which is compared with the consensus mechanism. As far as the on-chain contract is required to be executed by all blockchain nodes, it can greatly save the resource consumption caused by the execution of computing tasks.

在本说明书的技术方案中，除了链下隐私计算节点可以存在统一的集群身份之外，可以为链下隐私计算节点上部署的链下合约生成合约身份。当集群内存在多个链下隐私计算节点时，每个链下隐私计算节点可以为自身已部署的链下合约建立合约身份，且不同链下隐私计算节点针对同一链下合约生成的合约身份相同。In the technical solution of this specification, in addition to the existence of a unified cluster identity for off-chain private computing nodes, contract identities can be generated for off-chain contracts deployed on off-chain private computing nodes. When there are multiple off-chain privacy computing nodes in the cluster, each off-chain privacy computing node can establish a contract identity for its deployed off-chain contract, and the contract identities generated by different off-chain privacy computing nodes for the same off-chain contract are the same .

以上述在各个节点处部署目标链下合约为例，当在链下隐私计算集群中的任一节点中部署目标链下合约时，该任一节点可针对目标链下合约生成合约身份密钥。作为一示例性实施例，该任一节点在创建的链下可信执行环境内采用链下隐私计算集群内各节点之间共用的密钥生成算法，基于链下隐私计算集群内各节点的共用因子和目标链下合约的全局标识信息(隐私计算集群中各节点部署的链下合约相同，且各节点部署的同一链下合约的全局标识信息相同)，生成对应于目标链下合约的合约身份密钥。其中，目标链下合约在区块链节点通过预言机机制对部署于该任一节点的目标链下合约发起 调用的情况下在该任一节点的链下可信执行环境内执行，且执行结果在该任一节点的链下可信执行环境内被采用合约身份密钥进行签名，经签名后的执行结果可通过预言机机制反馈至区块链节点。可见，各个链下隐私计算节点通过上述方式来为自身已部署的链下合约生成合约身份密钥，可以保证各个节点针对同一链下合约生成的合约身份密钥也相同。同时，相比于由任一节点来统一生成合约身份密钥再向其他节点共享的方式，合约身份密钥由各个节点自身生成的效率更高。需要说明的是，密钥生成算法可根据实际情况灵活选取，比如bcrypt算法、scrypt算法、PBKDF2等。Taking the deployment of the target off-chain contract at each node as an example, when the target off-chain contract is deployed in any node in the off-chain privacy computing cluster, the any node can generate a contract identity key for the target off-chain contract. As an exemplary embodiment, any node in the created off-chain trusted execution environment uses the key generation algorithm shared between the nodes in the off-chain privacy computing cluster, based on the sharing of the nodes in the off-chain privacy computing cluster. The factor and the global identification information of the contract under the target chain (the off-chain contract deployed by each node in the privacy computing cluster is the same, and the global identification information of the same off-chain contract deployed by each node is the same), and the contract identity corresponding to the contract under the target chain is generated Key. Among them, the target chain contract is executed in the trusted execution environment of any node in the chain trusted execution environment of any node when the blockchain node initiates a call to the target chain contract deployed on any node through the oracle mechanism, and the execution result The contract identity key is used to sign in the trusted execution environment of any node under the chain, and the signed execution result can be fed back to the blockchain node through the oracle mechanism. It can be seen that each off-chain privacy computing node generates a contract identity key for its deployed off-chain contract through the above method, which can ensure that the contract identity key generated by each node for the same off-chain contract is also the same. At the same time, compared to the way that any node generates the contract identity key uniformly and then shares it with other nodes, the contract identity key generated by each node itself is more efficient. It should be noted that the key generation algorithm can be flexibly selected according to the actual situation, such as bcrypt algorithm, scrypt algorithm, PBKDF2, etc.

在一种情况下，共用因子可由控制节点生成，并由控制节点在各个节点加入集群时统一下发，那么加入集群的每个节点均可维护该共用因子。在另一种情况下，共用因子包括对应于隐私计算集群的集群身份密钥，该集群身份密钥用于在区块链节点与所述链下隐私计算集群中的各节点进行交互以部署或调用链下合约的过程中，对交互数据进行加密解密和/或签名验签。In one case, the sharing factor can be generated by the control node and issued uniformly by the control node when each node joins the cluster, so each node that joins the cluster can maintain the sharing factor. In another case, the sharing factor includes a cluster identity key corresponding to the privacy computing cluster, and the cluster identity key is used to interact with each node in the off-chain privacy computing cluster for deployment or In the process of invoking the off-chain contract, the interactive data is encrypted and decrypted and/or signature verification is performed.

举例而言，合约身份密钥可以包括合约加密密钥对和合约签名密钥对；其中，合约身份公钥包含合约加密密钥对中的公钥和合约签名密钥对中的公钥，合约身份私钥包含合约加密密钥对中的私钥和合约签名密钥对中的私钥。那么，客户端或区块链节点除了采用集群身份公钥对调用请求进行加密之外，还可以采用合约加密公钥对调用请求内所含的入参数据的信息进行加密。链下隐私计算节点在收到针对某一链下合约的调用请求后，采用该链下合约对应的合约加密私钥对调用请求内加密后的入参数据的信息进行解密，从而确保入参数据的信息只能由被调用的链下合约所获得，而不会被其他链下合约获得。以及，在得到目标链下合约的执行结果后，链下隐私计算节点在通过预言机机制将执行结果反馈至区块链节点之前，在自身的链下可信执行环境内采用目标链下合约的合约身份私钥对执行结果进行签名，那么，签名后的执行结果在采用目标链下合约的合约身份公钥对执行结果进行签名验证且通过签名验证的情况下，被判定由目标链下合约生成。换言之，链下隐私计算节点可以通过被调用的链下合约的合约签名私钥对执行结果进行签名，而客户端或节点可以通过合约签名公钥进行验签，从而确定该执行结果确实是由被调用的链下合约所产生For example, the contract identity key can include a contract encryption key pair and a contract signing key pair; among them, the contract identity public key includes the public key in the contract encryption key pair and the public key in the contract signing key pair. The identity private key includes the private key in the contract encryption key pair and the private key in the contract signature key pair. Then, in addition to using the cluster identity public key to encrypt the call request, the client or blockchain node can also use the contract encryption public key to encrypt the information of the input data contained in the call request. After the off-chain privacy computing node receives a call request for a certain off-chain contract, it uses the contract encryption private key corresponding to the off-chain contract to decrypt the encrypted input data information in the call request, thereby ensuring the input data The information of can only be obtained by the called off-chain contract, and will not be obtained by other off-chain contracts. And, after obtaining the execution result of the contract off the target chain, the off-chain privacy computing node uses the target chain contract in its own off-chain trusted execution environment before feeding back the execution result to the blockchain node through the oracle mechanism. The contract identity private key signs the execution result, then the signed execution result is determined to be generated by the target chain contract when the execution result is signed and verified by the contract identity public key of the target chain contract and the signature verification is passed. . In other words, the off-chain privacy computing node can sign the execution result through the contract signature private key of the called off-chain contract, and the client or node can verify the execution result through the contract signature public key to determine that the execution result is indeed Generated by the called off-chain contract

链下隐私计算节点可以选取统一的集群身份密钥和链下合约的合约ID，并采用密钥衍生算法对集群身份密钥和合约ID进行衍生以得到相应的合约身份密钥，由于集群身份密钥相同、而不同链下合约的合约ID必然不同，因而可以确保：同一链下隐私计算节点上部署的不同链下合约存在不同的合约身份，而不同链下隐私计算节点上部署的同一链下合约存在相同的合约身份。相应地，控制节点在分配收到的调用请求时，只需要关注于集群内的各个链下隐私计算节点的空闲程度，并基于空闲程度进行任务分配，而无需关注其他信息。其中，密钥衍生算法可根据实际情况灵活选取，比如可以采用PBKDF2密钥衍生算法，当然本说明书并不对此进行限制。The off-chain privacy computing node can select a unified cluster identity key and the contract ID of the off-chain contract, and use a key derivation algorithm to derive the cluster identity key and contract ID to obtain the corresponding contract identity key. The key is the same, but the contract IDs of different off-chain contracts must be different, so it can be ensured that different off-chain contracts deployed on the same chain of private computing nodes have different contract identities, and different off-chain private computing nodes are deployed on the same chain of off-chain The contracts have the same contract identity. Correspondingly, when the control node allocates the received call request, it only needs to pay attention to the idleness of each off-chain privacy computing node in the cluster, and perform task assignment based on the idleness without paying attention to other information. Among them, the key derivation algorithm can be flexibly selected according to the actual situation, for example, the PBKDF2 key derivation algorithm can be used, of course, this specification does not limit this.

基于上述实施例，本说明书可以基于远程证明的方式对链下隐私计算节点的硬件安全性、链下TEE的软件正确性等方面进行有效验证，从而在验证链下隐私计算节点可信的情况下，将链下合约通过加密传输的方式安全部署至链下隐私计算节点，并且该链下合约仅在链下隐私计算节点创建的链下TEE内执行，具有极高的安全性，可以承担区块链节点分配的链下隐私计算任务，并确保该链下隐私技术任务安全、可靠、高 效地执行。同时，由于计算任务在链下隐私计算节点上执行时，并不涉及到节点之间的共识机制，因而只需要在单个链下隐私计算节点上执行该计算任务即可，相比于受共识机制的限制而使得所有区块链节点都需要执行的链上合约而言，能够极大地节省执行计算任务所带来的资源消耗。Based on the above-mentioned embodiments, this specification can effectively verify the hardware security of the off-chain private computing nodes and the software correctness of the off-chain TEE based on remote certification, so as to verify the trustworthiness of the off-chain private computing nodes. , The off-chain contract is safely deployed to the off-chain private computing node through encrypted transmission, and the off-chain contract is only executed in the off-chain TEE created by the off-chain private computing node, which has extremely high security and can bear the block The off-chain privacy computing tasks assigned by the chain nodes, and to ensure that the off-chain privacy technical tasks are executed safely, reliably, and efficiently. At the same time, since the computing task is executed on the off-chain private computing node, the consensus mechanism between nodes is not involved, so it only needs to execute the computing task on a single off-chain private computing node, which is compared with the consensus mechanism. As far as the on-chain contract is required to be executed by all blockchain nodes, it can greatly save the resource consumption caused by the execution of computing tasks.

基于本说明书的链下合约部署方案，区块链节点可以将计算任务分配至链下隐私计算节点，并调用链下隐私计算节点上部署的链下合约，通过在链下隐私计算节点创建的链下TEE内执行该链下合约，以完成上述的计算任务。通过远程证明、加密传输、基于签名的身份验证等技术，可以确保链下隐私计算节点得到的计算结果可靠，并且在计算过程中不会造成数据泄露，具有极高的安全性。在计算完成后，区块链节点可以根据计算结果对区块链账本数据进行更新，可以对计算结果进行固化存证，而且可以支持针对该计算结果的后期验证。同时，相比于区块链节点在执行链上合约后所产生的上链数据而言，基于链下合约产生的计算结果本身相对更加简短，因而将该计算结果上链时，有助于节省链上存储空间。Based on the off-chain contract deployment plan in this manual, blockchain nodes can distribute computing tasks to off-chain private computing nodes, and call the off-chain contracts deployed on the off-chain private computing nodes, through the chain created by the off-chain private computing nodes The off-chain contract is executed in the TEE to complete the above-mentioned calculation tasks. Through remote certification, encrypted transmission, signature-based identity verification and other technologies, it is possible to ensure that the calculation results obtained by the off-chain private computing nodes are reliable, and will not cause data leakage during the calculation process, which has extremely high security. After the calculation is completed, the blockchain node can update the blockchain ledger data according to the calculation result, can solidify the calculation result, and can support the later verification of the calculation result. At the same time, compared to the on-chain data generated by the blockchain node after the on-chain contract is executed, the calculation result generated based on the off-chain contract is relatively shorter. Therefore, when the calculation result is uploaded to the chain, it is helpful to save Storage space on the chain.

用户通过客户端调用目标链下合约之前，可对链下隐私计算节点中部署的目标链下合约发起挑战，以确保链下隐私计算节点中部署的目标链下合约可信，进而按照用户预期执行计算任务。Before the user calls the target chain contract through the client, he can challenge the target chain contract deployed in the off-chain private computing node to ensure that the target off-chain contract deployed in the off-chain private computing node is credible, and then executes according to the user's expectations Computing tasks.

图7是一示例性实施例提供的一种客户端侧的验证合约方法的流程图。如图7所示，该方法可以包括以下步骤702至步骤706。Fig. 7 is a flowchart of a method for verifying a contract on the client side according to an exemplary embodiment. As shown in FIG. 7, the method may include the followingsteps 702 to 706.

步骤702，客户端获取针对链下隐私计算节点创建的链下可信执行环境的远程证明报告，所述远程证明报告由认证服务器对所述链下隐私计算节点针对所述链下可信执行环境产生的自荐信息进行验证后生成。Step 702: The client obtains a remote certification report for the off-chain trusted execution environment created by the off-chain private computing node. The remote certification report is reported by the authentication server to the off-chain private computing node for the off-chain trusted execution environment The generated self-recommendation information is generated after verification.

在本实施例中，包含单节点和链下隐私计算集群两种形式。其中，针对单节点形式，链下隐私计算节点的身份信息为该链下隐私计算节点的节点身份信息，链下隐私计算节点的身份私钥为该链下隐私计算节点的节点身份私钥，链下隐私计算节点的身份公钥为该链下隐私计算节点的节点身份公钥。针对链下隐私计算集群的形式，在链下隐私计算节点属于链下隐私计算集群的情况下，链下隐私计算节点代表链下隐私计算集群与外部对象交互。因此，链下隐私计算节点的身份信息为该链下隐私计算集群的集群身份信息，链下隐私计算节点的身份公钥为该链下隐私计算集群的集群身份密钥中的集群身份公钥，链下隐私计算节点的身份私钥为集群身份密钥中的集群身份私钥。其中，在区块链节点与链下隐私计算集群中的各节点进行交互以部署或调用链下合约的过程中，集群身份密钥用于对交互数据进行加密解密和/或签名验签。In this embodiment, there are two forms of single node and off-chain privacy computing cluster. Among them, for the single-node form, the identity information of the private computing node under the chain is the node identity information of the private computing node under the chain, and the identity private key of the private computing node under the chain is the node identity private key of the private computing node under the chain. The identity public key of the next private computing node is the node identity public key of the private computing node under the chain. Regarding the form of the off-chain privacy computing cluster, when the off-chain private computing node belongs to the off-chain private computing cluster, the off-chain private computing node interacts with external objects on behalf of the off-chain private computing cluster. Therefore, the identity information of the off-chain private computing node is the cluster identity information of the off-chain private computing cluster, and the identity public key of the off-chain private computing node is the cluster identity public key in the cluster identity key of the off-chain private computing cluster. The identity private key of the off-chain privacy computing node is the cluster identity private key in the cluster identity key. Among them, in the process of the blockchain node interacting with each node in the off-chain privacy computing cluster to deploy or call the off-chain contract, the cluster identity key is used to encrypt and decrypt the interactive data and/or signature verification.

以第一身份信息为例，针对单节点形式，链下隐私计算节点提供的第一身份信息为该链下隐私计算节点的节点身份信息(不包含节点身份私钥)，身份公钥为该链下隐私计算节点的节点身份公钥，其他身份信息(身份信息中除身份公钥以外的其他身份信息)为链下隐私计算节点的其他节点身份信息，即节点身份信息中除节点身份公钥以外的其他节点身份信息。针对链下隐私计算集群的形式，链下隐私计算节点提供的第一身份信息为链下隐私计算集群的集群身份信息，身份公钥为链下隐私计算集群的集群身份公钥，其他身份信息(身份信息中除身份公钥以外的其他身份信息)为上述其他节点 身份信息。而针对链下隐私计算节点提供的第二身份信息，在第一身份信息的基础上，还包含链下可信执行环境的预设信息的哈希值，包含的其他内容相同，在此不再赘述。Taking the first identity information as an example, for the single node form, the first identity information provided by the private computing node under the chain is the node identity information of the private computing node under the chain (not including the node identity private key), and the identity public key is the chain The node identity public key of the private computing node, other identity information (other identity information other than the identity public key in the identity information) is the identity information of other nodes of the private computing node under the chain, that is, the node identity information except the node identity public key The identity information of other nodes. Regarding the form of the off-chain private computing cluster, the first identity information provided by the off-chain private computing node is the cluster identity information of the off-chain private computing cluster, the identity public key is the cluster identity public key of the off-chain private computing cluster, and other identity information ( The other identity information (except the identity public key) in the identity information is the above-mentioned other node identity information. For the second identity information provided by the off-chain private computing node, on the basis of the first identity information, it also contains the hash value of the preset information of the off-chain trusted execution environment, and the other content is the same, so I will not be here anymore. Go into details.

步骤704，所述客户端在根据所述远程证明报告确定所述链下可信执行环境可信的情况下，获取部署于所述链下隐私计算节点处的目标链下合约的待验证合约信息，所述待验证合约信息被所述链下隐私计算节点在所述链下可信执行环境内采用所述链下隐私计算节点的身份私钥进行签名，所述身份私钥由所述链下隐私计算节点在所述链下可信执行环境内维护。Instep 704, the client obtains the to-be-verified contract information of the target off-chain contract deployed at the off-chain privacy computing node under the condition that the off-chain trusted execution environment is determined to be credible according to the remote attestation report , The contract information to be verified is signed by the off-chain private computing node in the off-chain trusted execution environment using the identity private key of the off-chain private computing node, and the identity private key is signed by the off-chain The private computing node is maintained in the trusted execution environment under the chain.

步骤706，所述客户端采用所述链下隐私计算节点的节点身份公钥对所述待验证合约信息进行签名验证，以及根据所述目标链下合约的合约信息对所述待验证合约信息进行合约信息验证，并在签名验证和合约信息验证通过的情况下，确定所述客户端在通过区块链节点的预言机机制对所述目标链下合约发起调用时，所述目标链下合约由所述链下隐私计算节点在所述链下可信执行环境中执行。Step 706, the client uses the node identity public key of the off-chain privacy computing node to perform signature verification on the contract information to be verified, and perform signature verification on the contract information to be verified according to the contract information of the target chain off-chain contract. Contract information verification, and when the signature verification and contract information verification pass, it is determined that when the client initiates a call to the target chain contract through the oracle mechanism of the blockchain node, the target chain contract is determined by The off-chain private computing node executes in the off-chain trusted execution environment.

下面结合图8针对单节点形式的挑战过程进行说明。如图8所示，针对单节点的形式，与图3所示实施例类似，客户端81可向链下隐私计算节点82发起链下挑战或者链上挑战。链上挑战的发起过程可以包括三个步骤：步骤①，客户端81向区块链网络83提交一笔用于向目标链下合约发起挑战的交易，比如称之为挑战交易，该挑战交易可由区块链网络83内的某一节点83n接收和执行；步骤②，节点83n调用预先部署的预言机合约，该预言机合约可以将上述挑战交易所含的挑战信息传递至链下的预言机服务器84，比如预言机合约可以产生包含该挑战信息的事件，而预言机服务器84可以通过监听预言机合约产生的事件，从而获取上述的挑战信息；步骤③，预言机服务器84将挑战信息通过链下渠道发送至控制节点82。The challenge process in the form of a single node will be described below in conjunction with FIG. 8. As shown in FIG. 8, for the form of a single node, similar to the embodiment shown in FIG. 3, theclient 81 can initiate an off-chain challenge or an on-chain challenge to the off-chainprivacy computing node 82. The process of initiating a challenge on the chain can include three steps:Step ①, theclient 81 submits to the blockchain network 83 a transaction for initiating a challenge to the target chain contract, such as a challenge transaction, which can be Acertain node 83n in theblockchain network 83 receives and executes;step ②, thenode 83n calls the pre-deployed oracle contract, which can transmit the challenge information contained in the above-mentioned challenge transaction to the oracle server under thechain 84. For example, the oracle contract can generate events containing the challenge information, and theoracle server 84 can obtain the above-mentioned challenge information by monitoring the events generated by the oracle contract; step ③, theoracle server 84 passes the challenge information through the off-chain The channel is sent to thecontrol node 82.

通过对链下隐私计算节点82部署的目标链下合约发起挑战，客户端81可获取针对链下隐私计算节点82创建的链下TEE的远程证明报告，该远程证明报告由认证服务器对链下隐私计算节点82针对链下TEE产生的自荐信息进行验证后生成。在一种情况下，由客户端81向链下隐私计算节点82发起挑战，挑战目标为链下隐私计算节点82部署的目标链下合约，进而接收链下隐私计算节点82响应于该挑战返回的所述远程证明报告和所述待验证合约信息，即链下隐私计算节点82响应于该挑战，将所述远程证明报告和所述待验证合约信息一次性返回至客户端81。在另一种情况下，由客户端81向链下隐私计算节点82发起挑战，挑战目标为链下隐私计算节点82创建的链下TEE，进而接收链下隐私计算节点82返回的远程证明报告，并在根据所述远程证明报告确定所述链下TEE可信的情况下，向链下隐私计算节点82发送针对部署于链下隐私计算节点82处的目标链下合约的合约信息的获取请求，接收链下隐私计算节点82响应于所述获取请求返回的待验证合约信息。而在根据所述远程证明报告确定所述链下TEE不可信的情况下，则无需再向链下隐私计算节点82请求获取目标链下合约的合约信息(即待验证合约信息)。By challenging the target off-chain contract deployed by the off-chainprivacy computing node 82, theclient 81 can obtain the remote attestation report for the off-chain TEE created by the off-chainprivacy computing node 82. The remote attestation report is verified by the authentication server on the off-chain privacy Thecomputing node 82 is generated after verifying the self-recommendation information generated by the off-chain TEE. In one case, theclient 81 initiates a challenge to the off-chainprivate computing node 82, and the challenge target is the target off-chain contract deployed by the off-chainprivate computing node 82, and then receives the off-chainprivate computing node 82 in response to the challenge. The remote certification report and the contract information to be verified, that is, the off-chainprivacy computing node 82 responds to the challenge, and returns the remote certification report and the contract information to be verified to theclient 81 at one time. In another case, theclient 81 initiates a challenge to the off-chainprivate computing node 82. The challenge target is the off-chain TEE created by the off-chainprivate computing node 82, and then receives the remote attestation report returned by the off-chainprivate computing node 82. And in the case that the off-chain TEE is determined to be credible according to the remote attestation report, the off-chainprivacy computing node 82 is sent to the off-chainprivacy computing node 82 an acquisition request for the contract information of the target off-chain contract deployed at the off-chainprivacy computing node 82, Receive the contract information to be verified returned by the off-chainprivacy computing node 82 in response to the acquisition request. However, if the off-chain TEE is determined to be untrustworthy according to the remote attestation report, there is no need to request the off-chainprivacy computing node 82 to obtain contract information of the target off-chain contract (that is, the contract information to be verified).

其中，客户端81可通过链上挑战向挑战目标发起挑战。比如，向区块链节点83n提交针对挑战目标的挑战交易，该挑战交易包含的挑战信息由区块链节点83n通过预言机机制传输至链下隐私计算节点82，所述挑战信息用于向挑战目标发起挑战。或者，客 户端81直接向链下隐私计算节点82中的挑战目标发起链下挑战。Among them, theclient 81 can initiate a challenge to the challenge target through an on-chain challenge. For example, submit a challenge transaction for the challenge target to theblockchain node 83n, and the challenge information contained in the challenge transaction is transmitted to the off-chainprivacy computing node 82 by theblockchain node 83n through the oracle mechanism. The challenge information is used to challenge The goal initiates a challenge. Alternatively, theclient 81 directly initiates an off-chain challenge to the challenge target in the off-chainprivacy computing node 82.

在本实施例中，客户端81根据远程证明报告对链下隐私计算节点82的链下TEE进行验证的操作可以包括：根据认证服务器的公钥对远程证明报告进行签名验证，并在签名验证通过且远程证明报告包含的远程认证结果为通过认证的情况下，从远程证明报告携带的自荐信息内提取出第一待检验哈希值，第一待检验哈希值为链下TEE的预设信息的哈希值，再将预先获得的针对该链下TEE的第一标准哈希值与第一待检验哈希值进行比较。其中，将比较结果一致作为确认该链下TEE可信的前提条件。需要说明的是，此部分内容可参考前述控制节点验证待加入节点的过程，在此不再赘述。In this embodiment, the operation of theclient 81 to verify the off-chain TEE of the off-chainprivacy computing node 82 according to the remote attestation report may include: verifying the remote attestation report according to the public key of the authentication server, and after the signature verification is passed And if the remote authentication result contained in the remote attestation report is certified, the first to-be-verified hash value is extracted from the self-recommendation information carried in the remote attestation report, and the first to-be-verified hash value is the preset information of the off-chain TEE Then compare the pre-obtained first standard hash value for the off-chain TEE with the first hash value to be verified. Among them, the consistency of the comparison results is used as a prerequisite for confirming the authenticity of the TEE under the chain. It should be noted that this part of the content can refer to the aforementioned process of the control node verifying the node to be added, which will not be repeated here.

如图8所示，在一实施例中，链下隐私计算节点82在链下TEE内生成自身的节点身份信息后，可对生成的节点身份信息进行哈希计算得到第二标准哈希值；其中，所生成的节点身份信息中包含链下隐私计算节点82的节点身份公钥和链下隐私计算节点82的其他身份信息。那么，客户端81可利用第二标准哈希值验证链下隐私计算节点82提供的第一节点身份信息(即声明的节点身份信息，包含链下隐私计算节点82的节点身份公钥和链下隐私计算节点82的其他身份信息，不一定为真实数据，此时可理解为待验证身份信息)，并在验证通过的情况下获取可验证链下隐私计算节点82的节点身份信息中包含的节点身份公钥，从而利用该节点身份公钥完成后续对目标链下合约的验证。比如，客户端对获取到的第一节点身份信息进行哈希计算以得到第二待校验哈希值，并将第二待校验哈希值与链下隐私计算节点82提供的第二标准哈希值进行比较，从而在比较结果一致的情况下判定节点身份信息验证通过。由于节点身份信息由链下隐私计算节点82在链下TEE内生成并计算得到第二标准哈希值，那么在根据远程证明报告判定链下TEE可信后，若第二待校验哈希值与第二标准哈希值相同，则说明隐私计算节点82提供的第一节点身份信息为在链下TEE内生成的节点身份信息，从而其中包含的节点身份公钥为隐私计算节点82实际的节点身份公钥，而隐私计算节点82实际的节点身份公钥可用于验证隐私计算节点82的签名。其中，链下隐私计算节点82可将第二标准哈希值、远程证明报告、第一节点身份信息一同发送至客户端81。需要说明的是，此部分内容可参考前述控制节点验证待加入节点的过程，在此不再赘述。As shown in FIG. 8, in an embodiment, after the off-chainprivacy computing node 82 generates its own node identity information in the off-chain TEE, the generated node identity information can be hashed to obtain the second standard hash value; Among them, the generated node identity information includes the node identity public key of the off-chainprivate computing node 82 and other identity information of the off-chainprivate computing node 82. Then, theclient 81 can use the second standard hash value to verify the first node identity information provided by the off-chain private computing node 82 (that is, the declared node identity information, including the node identity public key of the off-chainprivate computing node 82 and the off-chain The other identity information of theprivate computing node 82 may not necessarily be real data, at this time it can be understood as the identity information to be verified), and if the verification is passed, the node contained in the node identity information of the verifiable off-chainprivate computing node 82 is obtained. The identity public key is used to complete the subsequent verification of the contract under the target chain by using the node’s identity public key. For example, the client performs a hash calculation on the acquired identity information of the first node to obtain the second hash value to be verified, and compares the second hash value to be verified with the second standard provided by the off-chainprivacy computing node 82 The hash values are compared, so that if the comparison results are consistent, it is determined that the node identity information has passed the verification. Since the node identity information is generated by the off-chainprivacy computing node 82 in the off-chain TEE and calculated to obtain the second standard hash value, after determining the authenticity of the off-chain TEE according to the remote attestation report, if the second hash value to be verified The same as the second standard hash value, it means that the first node identity information provided by theprivate computing node 82 is the node identity information generated in the off-chain TEE, and the node identity public key contained therein is the actual node of theprivate computing node 82 The identity public key, and the actual node identity public key of theprivate computing node 82 can be used to verify the signature of theprivate computing node 82. Among them, the off-chainprivacy computing node 82 can send the second standard hash value, the remote certification report, and the identity information of the first node to theclient 81 together. It should be noted that this part of the content can refer to the aforementioned process of the control node verifying the node to be added, which will not be repeated here.

如图8所示，在另一实施例中，链下隐私计算节点82在链下TEE内生成自身的节点身份信息包含链下隐私计算节点82的节点身份公钥、链下隐私计算节点82的其他身份信息和链下TEE的预设信息的哈希值，那么链下隐私计算节点82在自身的链下TEE内生成节点身份信息后，对生成的节点身份信息进行哈希计算得到第三标准哈希值，那么第三标准哈希值相当于同时实现了上述第一待检验哈希值和第二标准哈希值的作用。具体而言，链下隐私计算节点82可向客户端81提供远程证明报告、第三标准哈希值和第二节点身份信息(此时可理解为待验证身份信息)。其中，第二节点身份信息包含链下隐私计算节点82的节点身份公钥、链下隐私计算节点82的其他身份信息和第四待校验哈希值，第四待校验哈希值为链下TEE的预设信息的哈希值；同时，第二节点身份信息为声明的节点身份信息，并不一定为链下隐私计算节点82的真实节点身份信息。那么，客户端81在根据认证服务器的公钥对远程证明报告进行签名验证并在签名验证通过且所述远程证明报告包含的远程认证结果为通过认证的情况下，对获取到的第二节点身份信息进行哈希计算以得到第三待校验哈希值，并将第三待校验哈希值与第三 标准哈希值进行比较。当比较结果为一致时，说明隐私计算节点82提供的第二节点身份信息为在链下TEE内生成的节点身份信息，也即其中包含的第四待校验哈希值为链下TEE的实际预设信息的哈希值。因此，进一步将预先获得的针对所述链下TEE预设信息的第四标准哈希值与第四待检验哈希值进行比较，并将比较结果一致作为确认所述链下TEE可信的前提条件。同时，第二节点身份信息包含的节点身份公钥可判定为隐私计算节点82实际的节点身份公钥，可用于对待验证合约信息进行签名验证。其中，链下隐私计算节点82可将第三标准哈希值、远程证明报告、第二节点身份信息一同发送至客户端81。需要说明的是，此部分内容可参考前述控制节点验证待加入节点的过程，在此不再赘述。As shown in FIG. 8, in another embodiment, the off-chainprivate computing node 82 generates its own node identity information in the off-chain TEE, including the node identity public key of the off-chainprivate computing node 82 and the off-chainprivate computing node 82 Other identity information and the hash value of the preset information of the off-chain TEE, then the off-chainprivacy computing node 82 generates the node identity information in its own off-chain TEE, and then hashes the generated node identity information to obtain the third standard Hash value, then the third standard hash value is equivalent to simultaneously achieving the functions of the first to-be-checked hash value and the second standard hash value. Specifically, the off-chainprivacy computing node 82 can provide theclient 81 with a remote certification report, a third standard hash value, and second node identity information (this can be understood as the identity information to be verified). Among them, the second node identity information includes the node identity public key of the off-chainprivacy computing node 82, other identity information of the off-chainprivacy computing node 82, and the fourth hash value to be verified, and the fourth hash value to be verified is the chain The hash value of the preset information of the lower TEE; at the same time, the second node identity information is the declared node identity information, not necessarily the real node identity information of the off-chainprivacy computing node 82. Then, theclient 81 performs signature verification on the remote certification report according to the public key of the authentication server, and when the signature verification is passed and the remote certification result contained in the remote certification report is certified, the acquired second node identity The information is hashed to obtain the third hash value to be verified, and the third hash value to be verified is compared with the third standard hash value. When the comparison result is consistent, it means that the second node identity information provided by theprivacy computing node 82 is the node identity information generated in the off-chain TEE, that is, the fourth hash value to be verified is the actual value of the off-chain TEE. The hash value of the preset information. Therefore, the pre-obtained fourth standard hash value for the preset information of the off-chain TEE is further compared with the fourth hash value to be verified, and the comparison result is consistent as a prerequisite for confirming the authenticity of the off-chain TEE condition. At the same time, the node identity public key included in the second node identity information can be determined as the actual node identity public key of theprivacy computing node 82, which can be used to perform signature verification on the contract information to be verified. Among them, the off-chainprivacy computing node 82 can send the third standard hash value, the remote certification report, and the identity information of the second node to theclient 81 together. It should be noted that this part of the content can refer to the aforementioned process of the control node verifying the node to be added, which will not be repeated here.

客户端81在根据远程证明报告确定链下TEE可信的情况下，获取部署于链下隐私计算节点82处的目标链下合约的待验证合约信息，待验证合约信息被链下隐私计算节点82在链下TEE内采用自身的节点身份私钥进行签名，节点身份私钥由链下隐私计算节点82在链下TEE内生成。比如，链下隐私计算节点82可将部署的目标链下合约读入链下TEE内并采用自身的节点身份私钥进行签名。Theclient 81 obtains the to-be-verified contract information of the target off-chain contract deployed at the off-chainprivacy computing node 82 when it determines that the off-chain TEE is credible according to the remote attestation report, and the to-be-verified contract information is used by the off-chainprivacy computing node 82 The node identity private key is used to sign in the off-chain TEE, and the node identity private key is generated by the off-chainprivacy computing node 82 in the off-chain TEE. For example, the off-chainprivacy computing node 82 can read the deployed target off-chain contract into the off-chain TEE and sign it with its own node identity private key.

客户端81采用链下隐私计算节点82的节点身份公钥对待验证合约信息进行签名验证，以及根据目标链下合约的合约信息对待验证合约信息进行合约信息验证。其中，节点身份公钥处于公开状态，比如链下隐私计算节点82向外公开发布节点身份公钥以由客户端81获取。或者，客户端81通过上述验证链下隐私计算节点82的节点身份信息的方式获取。同时，目标链下合约的合约信息也可处于公开状态，比如目标链下合约的部署方向外公开发布合约信息以由客户端81获取。其中，合约信息可以包括链下合约的名称、描述、版本号、字节码哈希值、合约身份公钥等信息，本说明书并不对此进行限制。Theclient 81 uses the node identity public key of the off-chainprivate computing node 82 to perform signature verification on the contract information to be verified, and to perform contract information verification on the contract information to be verified based on the contract information of the contract under the target chain. Among them, the node identity public key is in a public state, for example, the off-chainprivacy computing node 82 publicly releases the node identity public key to theclient 81 to obtain it. Alternatively, theclient 81 obtains the node identity information of theprivate computing node 82 under the above-mentioned verification chain. At the same time, the contract information of the contract under the target chain may also be in a public state, for example, the deployment direction of the contract under the target chain is publicly released for theclient 81 to obtain the contract information. Among them, the contract information may include the name, description, version number, bytecode hash value, contract identity public key and other information of the off-chain contract, which is not restricted in this specification.

在签名验证和合约信息验证通过的情况下，客户端81可确定客户端81在通过区块链节点的预言机机制对目标链下合约发起调用时，该目标链下合约由链下隐私计算节点82在链下TEE可信执行环境中执行。本说明书中验证链下合约的过程为先验证链下隐私计算节点82的链下TEE可信，那么在验证链下隐私计算节点82的链下TEE可信的情况下，若验证签名得到链下隐私计算节点82提供的待验证合约信息确实由链下隐私计算节点82的节点身份私钥(维护在链下TEE内)签名，则可确定出当前挑战的链下合约为运行在链下隐私计算节点82的链下TEE内的目标链下合约，即确保链下隐私计算节点82中部署的目标链下合约可信，可按照用户预期执行计算任务。In the case that the signature verification and contract information verification are passed, theclient 81 can determine that when theclient 81 initiates a call to the target chain contract through the oracle mechanism of the blockchain node, the target chain contract is controlled by the off-chainprivacy computing node 82 is executed in an off-chain TEE trusted execution environment. The process of verifying the off-chain contract in this manual is to first verify that the off-chain TEE of the off-chainprivate computing node 82 is trustworthy. Then, if the off-chain TEE of the off-chainprivate computing node 82 is trusted, if the signature is verified to be off-chain The contract information to be verified provided by theprivacy computing node 82 is indeed signed by the node identity private key (maintained in the off-chain TEE) of the off-chainprivacy computing node 82, and it can be determined that the currently challenged off-chain contract is running in off-chain privacy computing The target off-chain contract in the off-chain TEE of thenode 82 ensures that the target off-chain contract deployed in the off-chainprivacy computing node 82 is credible and can perform computing tasks as expected by the user.

下面结合图9针对集群形式的挑战过程进行说明。如图9所示，针对链下隐私计算集群的形式，与图4所示实施例类似，客户端91可向控制节点92发起链下挑战或者链上挑战。链上挑战的发起过程可以包括三个步骤：步骤①，客户端91向区块链网络93提交一笔用于向目标链下合约发起挑战的交易，比如称之为挑战交易，该挑战交易可由区块链网络93内的某一节点93n接收和执行；步骤②，节点93n调用预先部署的预言机合约，该预言机合约可以将上述挑战交易所含的挑战信息传递至链下的预言机服务器94，比如预言机合约可以产生包含该挑战信息的事件，而预言机服务器94可以通过监听预言机合约产生的事件，从而获取上述的挑战信息；步骤③，预言机服务器94将挑战信息通过链下渠道发送至控制节点92。The challenge process in the form of a cluster will be described below in conjunction with FIG. 9. As shown in FIG. 9, for the form of an off-chain privacy computing cluster, similar to the embodiment shown in FIG. 4, theclient 91 can initiate an off-chain challenge or an on-chain challenge to thecontrol node 92. The initiation process of an on-chain challenge can include three steps:Step ①, theclient 91 submits to the blockchain network 93 a transaction for initiating a challenge to the target off-chain contract, such as a challenge transaction, which can be Acertain node 93n in theblockchain network 93 receives and executes;step ②, thenode 93n calls the pre-deployed oracle contract, which can transmit the challenge information contained in the above-mentioned challenge transaction to the oracle server under thechain 94. For example, the oracle contract can generate events containing the challenge information, and theoracle server 94 can obtain the above-mentioned challenge information by monitoring the events generated by the oracle contract; step ③, theoracle server 94 passes the challenge information through the off-chain The channel is sent to thecontrol node 92.

链下隐私计算集群作为一个整体向外提供执行计算任务的功能。其中，集群内各个节点均部署有相同的链下合约，那么各个节点均可以代表集群来执行计算任务，比如，计算任务可由控制节点来分配。因此，各个节点在代表集群与外部进行数据交互时，使用代表集群身份的集群身份密钥来对与外部交互的数据进行解密或签名，而非使用节点自身的节点身份密钥。相应的，外部对象在通过客户端与集群进行交互时，将集群视为一个整体而无需关心集群内部的结构，因此采用集群身份密钥进行加密或验证签名。The off-chain privacy computing cluster as a whole provides the function of performing computing tasks. Among them, each node in the cluster is deployed with the same off-chain contract, then each node can perform computing tasks on behalf of the cluster, for example, the computing tasks can be distributed by the control node. Therefore, when each node interacts with the outside on behalf of the cluster, it uses the cluster identity key representing the identity of the cluster to decrypt or sign the data interacting with the outside, instead of using the node identity key of the node itself. Correspondingly, when an external object interacts with the cluster through the client, it regards the cluster as a whole and does not need to care about the internal structure of the cluster, so the cluster identity key is used for encryption or signature verification.

如图9所示，用户在通过客户端91调用集群中的目标链下合约之前，可通过客户端91对集群中部署的目标链下合约发起挑战。控制节点92在接收到挑战后，可选取集群中的任意节点来响应该挑战。比如，可选取上述用于生成集群身份密钥的主节点，或者选取集群中的从节点，本说明书并不对选取响应挑战的节点的方式进行限制。以节点92n响应挑战为例进行说明。控制节点92选取节点92n来代表集群响应挑战，向挑战方提供代表集群的集群远程证明报告。其中，集群远程证明报告由认证服务器对节点92n针对自身的链下TEE产生的自荐信息进行验证后生成，即集群远程证明报告为对应于节点92n的链下TEE的远程证明报告。具体而言，集群远程证明报告携带的自荐信息内包含第一待检验哈希值，该第一待检验哈希值为节点92n的链下TEE的预设信息的哈希值，该第一待检验哈希值用于挑战方在根据认证服务器的公钥对集群远程证明报告进行签名验证并签名验证通过，且集群远程证明报告包含的远程认证结果为通过认证的情况下，与预先获得的针对链下TEE的第一标准哈希值(比如，为链下TEE的上述预设信息的可信哈希值)进行比较，且比较结果一致被作为挑战方确认链下TEE可信的前提条件。其中，挑战方根据集群远程证明报告验证链下TEE的过程可参考前述控制节点验证待加入节点的链下TEE的内容，在此不再赘述。实际上，挑战方根据集群远程证明报告验证的链下TEE为节点92n的链下TEE。As shown in FIG. 9, the user can initiate a challenge to the target chain contract deployed in the cluster through theclient 91 before calling the target chain contract in the cluster through theclient 91. After receiving the challenge, thecontrol node 92 can select any node in the cluster to respond to the challenge. For example, the master node used to generate the cluster identity key can be selected, or the slave node in the cluster can be selected. This specification does not limit the method of selecting the node that responds to the challenge. Take thenode 92n responding to the challenge as an example for description. Thecontrol node 92 selects thenode 92n to respond to the challenge on behalf of the cluster, and provides the challenger with a cluster remote certification report on behalf of the cluster. The cluster remote attestation report is generated by the authentication server after verifying the self-recommendation information generated by thenode 92n for its own off-chain TEE, that is, the cluster remote attestation report is a remote attestation report corresponding to the off-chain TEE ofnode 92n. Specifically, the self-recommendation information carried in the cluster remote certification report contains the first to-be-verified hash value. The first to-be-verified hash value is the hash value of the preset information of the off-chain TEE ofnode 92n. The verification hash value is used by the challenger to verify the signature of the cluster remote attestation report according to the public key of the authentication server, and the signature verification is passed, and the remote attestation result contained in the cluster remote attestation report is certified. The first standard hash value of the off-chain TEE (for example, the trusted hash value of the above-mentioned preset information of the off-chain TEE) is compared, and the comparison result is consistent as a prerequisite for the challenger to confirm the authenticity of the off-chain TEE. Among them, the process of the challenger verifying the off-chain TEE according to the cluster remote certification report can refer to the content of the aforementioned control node to verify the off-chain TEE of the node to be added, which will not be repeated here. In fact, the off-chain TEE verified by the challenger according to the cluster remote attestation report is the off-chain TEE ofnode 92n.

如图9所示，在一实施例中，节点92n在链下TEE内生成自身的节点身份信息时，还可在链下TEE内生成代表集群的集群身份信息，并对生成的集群身份信息进行哈希计算得到第二标准哈希值；其中，所生成的集群身份信息中包含集群身份公钥和节点92n的节点身份信息中除节点身份公钥以外的其他身份信息。换言之，基于通过节点92n来代表集群，节点92n的节点身份信息与集群身份信息之间的差异在于：节点身份信息中记录的公钥为节点身份公钥，集群身份信息中记录的公钥为集群身份公钥；持此之外，其他身份信息相同。那么，客户端91可利用第二标准哈希值验证节点92n提供的第一集群身份信息(即声明的集群身份信息，包含集群身份公钥和节点92n的其他身份信息，不一定为真实数据，此时可理解为待验证身份信息)，并在验证通过的情况下获取集群身份信息中包含的集群身份公钥，从而利用该集群身份公钥完成后续对目标链下合约的验证。比如，客户端对获取到的第一集群身份信息进行哈希计算以得到第二待校验哈希值，并将第二待校验哈希值与节点92n提供的第二标准哈希值进行比较，从而在比较结果一致的情况下判定集群身份验证通过。由于集群身份信息由节点92n在链下TEE内生成并计算得到第二标准哈希值，那么在根据远程证明报告判定链下TEE可信后，若第二待校验哈希值与第二标准哈希值相同，则说明隐私计算节点92提供的第一集群身份信息为在链下TEE内生成的集群身份信息，从而其中包含的集群身份公钥为隐私计算节点92实际维护的对应于集群的集群身份公钥，而隐私计算节点92实际维护 的集群身份公钥可用于验证隐私计算节点92的签名。其中，节点92n可通过控制节点92将第二标准哈希值、远程证明报告、第一集群身份信息一同发送至客户端91。需要说明的是，此部分内容可参考前述控制节点验证待加入节点的过程，在此不再赘述。As shown in Fig. 9, in one embodiment, whennode 92n generates its own node identity information in the off-chain TEE, it can also generate cluster identity information representing the cluster in the off-chain TEE, and perform a check on the generated cluster identity information. The hash calculation obtains the second standard hash value; wherein the generated cluster identity information includes the cluster identity public key and the node identity information of thenode 92n other than the node identity public key. In other words, based on thenode 92n representing the cluster, the difference between the node identity information of thenode 92n and the cluster identity information is: the public key recorded in the node identity information is the node identity public key, and the public key recorded in the cluster identity information is the cluster Identity public key; other than this, other identity information is the same. Then, theclient 91 can use the second standard hash value to verify the first cluster identity information provided by thenode 92n (that is, the declared cluster identity information, including the cluster identity public key and other identity information of thenode 92n, not necessarily real data, At this time, it can be understood as the identity information to be verified), and if the verification is passed, the cluster identity public key included in the cluster identity information is obtained, so as to use the cluster identity public key to complete subsequent verification of the contract under the target chain. For example, the client performs a hash calculation on the acquired first cluster identity information to obtain the second hash value to be verified, and performs the second hash value to be verified with the second standard hash value provided by thenode 92n Compare, and determine that the cluster identity verification is passed if the comparison results are consistent. Since the cluster identity information is generated by thenode 92n in the off-chain TEE and calculated to obtain the second standard hash value, after determining the authenticity of the off-chain TEE according to the remote attestation report, if the second hash value to be verified is consistent with the second standard If the hash value is the same, it means that the first cluster identity information provided by theprivacy computing node 92 is the cluster identity information generated in the off-chain TEE, so that the cluster identity public key contained therein is the actual maintenance of theprivacy computing node 92 corresponding to the cluster identity information. The cluster identity public key, and the cluster identity public key actually maintained by theprivate computing node 92 can be used to verify the signature of theprivate computing node 92. Among them, thenode 92n can send the second standard hash value, the remote certification report, and the first cluster identity information to theclient 91 through thecontrol node 92. It should be noted that this part of the content can refer to the aforementioned process of the control node verifying the node to be added, which will not be repeated here.

如图9所示，在另一实施例中，节点92n在链下TEE内生成的集群身份信息可包含集群身份公钥、节点92n的节点身份信息中除节点身份公钥以外的其他身份信息和链下TEE的预设信息的哈希值，那么节点92n在自身的链下TEE内生成集群身份信息后，对生成的集群身份信息进行哈希计算得到第三标准哈希值，那么第三标准哈希值相当于同时实现了上述第一待检验哈希值和第二标准哈希值的作用。具体而言，节点92n可向客户端91提供远程证明报告、第三标准哈希值和第二集群身份信息(此时可理解为待验证身份信息)。其中，第二集群身份信息包含集群身份公钥、节点92n的其他身份信息和第四待校验哈希值，第四待校验哈希值为链下TEE的预设信息的哈希值；同时，第二集群身份信息为声明的集群身份信息，并不一定为节点92n提供的真实集群身份信息。那么，客户端91在根据认证服务器的公钥对远程证明报告进行签名验证并在签名验证通过且所述远程证明报告包含的远程认证结果为通过认证的情况下，对获取到的第二集群身份信息进行哈希计算以得到第三待校验哈希值，并将第三待校验哈希值与第三标准哈希值进行比较。当比较结果为一致时，说明隐私计算节点92提供的第二集群身份信息为在链下TEE内生成的集群身份信息，也即其中包含的第四待校验哈希值为链下TEE的实际预设信息的哈希值。因此，进一步将预先获得的针对所述链下TEE预设信息的第四标准哈希值与第四待检验哈希值进行比较，并将比较结果一致作为确认所述链下TEE可信的前提条件。同时，第二集群身份信息包含的集群身份公钥可判定为隐私计算节点92实际维护的集群身份公钥，可用于对待验证合约信息进行签名验证。其中，节点92n可通过控制节点92将第三标准哈希值、远程证明报告、第二集群身份信息一同发送至客户端91。需要说明的是，此部分内容可参考前述控制节点验证待加入节点的过程，在此不再赘述。As shown in Figure 9, in another embodiment, the cluster identity information generated by thenode 92n in the off-chain TEE may include the cluster identity public key, other identity information other than the node identity public key in the node identity information of thenode 92n, and The hash value of the preset information of the off-chain TEE, after thenode 92n generates the cluster identity information in its own off-chain TEE, the generated cluster identity information is hashed to obtain the third standard hash value, then the third standard The hash value is equivalent to simultaneously achieving the functions of the first hash value to be checked and the second standard hash value. Specifically, thenode 92n can provide theclient 91 with a remote certification report, a third standard hash value, and second cluster identity information (this can be understood as the identity information to be verified). Wherein, the second cluster identity information includes the cluster identity public key, other identity information of thenode 92n, and a fourth hash value to be verified, and the fourth hash value to be verified is the hash value of the preset information of the off-chain TEE; At the same time, the second cluster identity information is the declared cluster identity information, and not necessarily the real cluster identity information provided by thenode 92n. Then, theclient 91 performs signature verification on the remote certification report according to the public key of the authentication server, and when the signature verification is passed and the remote certification result contained in the remote certification report is certified, the acquired second cluster identity The information is hashed to obtain the third hash value to be verified, and the third hash value to be verified is compared with the third standard hash value. When the comparison result is consistent, it means that the second cluster identity information provided by theprivacy computing node 92 is the cluster identity information generated in the off-chain TEE, that is, the fourth hash value to be verified is the actual value of the off-chain TEE. The hash value of the preset information. Therefore, the pre-obtained fourth standard hash value for the preset information of the off-chain TEE is further compared with the fourth hash value to be verified, and the comparison result is consistent as a prerequisite for confirming the authenticity of the off-chain TEE condition. At the same time, the cluster identity public key included in the second cluster identity information can be determined as the cluster identity public key actually maintained by theprivacy computing node 92, which can be used to perform signature verification on the contract information to be verified. Among them, thenode 92n can send the third standard hash value, the remote certification report, and the second cluster identity information to theclient 91 through thecontrol node 92. It should be noted that this part of the content can refer to the aforementioned process of the control node verifying the node to be added, which will not be repeated here.

与上述图8所示的实施例类似，集群远程证明报告和待验证合约信息由节点92n发送至控制节点92，再由控制节点92转发至客户端91。控制节点92可一并向客户端91提供集群远程证明报告和待验证合约信息，也可先提供集群远程证明报告，并在客户端91根据集群远程证明报告验证通过后再向节点92n获取待验证合约信息以向客户端91提供待验证合约信息。其中，待验证合约信息为部署在节点92n处的目标链下合约的合约信息，并由节点92n在节点92n的链下TEE内采用集群身份私钥(维护在节点92n的链下TEE内)进行签名。比如，节点92n将部署在节点92n处的目标链下合约读入链下TEE内，并采用集群身份私钥进行签名。Similar to the embodiment shown in FIG. 8 above, the cluster remote certification report and the contract information to be verified are sent by thenode 92n to thecontrol node 92, and then forwarded by thecontrol node 92 to theclient 91. Thecontrol node 92 can provide theclient 91 with the cluster remote certification report and the contract information to be verified together, or it can provide the cluster remote certification report first, and obtain the pending verification from thenode 92n after theclient 91 passes the verification according to the cluster remote certification report. Contract information to provide theclient 91 with contract information to be verified. Among them, the contract information to be verified is the contract information of the target off-chain contract deployed at thenode 92n, and is performed by thenode 92n in the off-chain TEE of thenode 92n using the cluster identity private key (maintained in the off-chain TEE of thenode 92n) sign. For example, thenode 92n reads the target off-chain contract deployed at thenode 92n into the off-chain TEE, and uses the cluster identity private key to sign.

客户端91在根据集群远程证明报告确定链下TEE可信(即节点92n的链下TEE，由节点92n代表集群，用户感知不到集群内的其他节点)的情况下，采用集群身份公钥对待验证合约信息进行签名验证，以及根据目标链下合约的合约信息对待验证合约信息进行合约信息验证。其中，集群身份公钥处于公开状态，比如控制节点91向外公开发布集群身份公钥以由客户端91获取。或者，客户端91通过上述验证集群身份信息的方式获取。同时，目标链下合约的合约信息也可处于公开状态，比如目标链下合约的部署方向外公开发布合约信息以由客户端91获取。其中，合约信息可以包括链下合约的名 称、描述、版本号、字节码哈希值、合约身份公钥等信息，本说明书并不对此进行限制。In the case that theclient 91 determines that the off-chain TEE is trustworthy according to the cluster remote certification report (ie, the off-chain TEE ofnode 92n, the cluster is represented bynode 92n, and the user cannot perceive other nodes in the cluster), it uses the cluster identity public key to treat Verify the contract information for signature verification, and verify the contract information to be verified based on the contract information of the contract under the target chain. The cluster identity public key is in a public state, for example, thecontrol node 91 publicly releases the cluster identity public key to theclient 91 to obtain it. Alternatively, theclient 91 obtains the cluster identity information through the above-mentioned method of verifying cluster identity information. At the same time, the contract information of the contract under the target chain may also be in a public state. For example, the deployment direction of the contract under the target chain publicly releases the contract information to be obtained by theclient 91. Among them, the contract information can include the name, description, version number, bytecode hash value, contract identity public key and other information of the off-chain contract, which is not restricted in this manual.

与上述单节点形式中验证目标链下合约的原理类似，在签名验证和合约信息验证通过的情况下，客户端91可确定客户端91在通过区块链节点的预言机机制对目标链下合约发起调用时，该目标链下合约由节点92n在链下TEE可信执行环境中执行，即确保节点92n中部署的目标链下合约可信，可按照用户预期执行计算任务。Similar to the principle of verifying the target chain contract in the above single node form, in the case that the signature verification and contract information verification pass, theclient 91 can determine that theclient 91 is verifying the target chain contract through the oracle mechanism of the blockchain node. When the call is initiated, the target off-chain contract is executed by thenode 92n in the off-chain TEE trusted execution environment, that is, it is ensured that the target off-chain contract deployed in thenode 92n is credible and can perform computing tasks as expected by the user.

需要说明的是，在链下隐私计算集群的形式中，各类远程证明报告可以具有一定的时限性，比如30分钟或其他时长，超时的远程证明报告被判定为失效。比如，共享集群身份密钥过程中涉及的远程证明报告均由节点实时向认证服务器控制节点获取，而集群远程证明报告可由控制节点在本地缓存并设定老化时长。It should be noted that in the form of off-chain privacy computing clusters, various remote attestation reports can have a certain time limit, such as 30 minutes or other durations, and the time-out remote attestation report is judged to be invalid. For example, the remote certification report involved in the process of sharing the cluster identity key is obtained by the node from the authentication server control node in real time, and the cluster remote certification report can be cached locally by the control node and the aging time can be set.

区块链节点根据计算结果更新区块链账本数据，或者称为对计算结果进行上链，其方式可以包括：生成一笔区块链交易，将计算结果添加至交易的data字段，当该区块链交易通过共识后，可被各个区块链节点添加至最新区块的区块体中，从而实现了区块链账本数据的更新，亦即完成了对该计算结果的上链；或者，区块链节点根据计算结果对相关账户的状态进行更新，该相关账户譬如可以为用户对应的外部账户或者链上合约对应的合约账户，该相关账户的状态更新会导致状态树(state tree)的树根发生取值变化，而该状态树的树根会被包含于最新区块的区块头，从而实现了区块链账本数据的更新，亦即相当于将该计算结果上链。The blockchain node updates the blockchain ledger data according to the calculation result, or it is called uploading the calculation result to the chain. The method can include: generating a blockchain transaction and adding the calculation result to the data field of the transaction. After the block chain transaction has passed the consensus, it can be added by each block chain node to the block body of the latest block, thereby realizing the update of the block chain ledger data, that is, completing the chaining of the calculation result; or, The blockchain node updates the state of the related account according to the calculation result. The related account can be, for example, the external account corresponding to the user or the contract account corresponding to the contract on the chain. The update of the state of the related account will cause the state tree to change. The value of the root of the tree changes, and the root of the state tree will be included in the block header of the latest block, thereby realizing the update of the blockchain ledger data, which is equivalent to uploading the calculation result to the chain.

本说明书中的链下合约，可以实现用户定义的任何计算逻辑。例如，链下合约可以用于验证区块链上存储的加密订单数据的金额是否正确，并将验证结果反馈至链上；再例如，链下合约可以用于根据预设算法对多方数据进行安全计算，即安全多方计算，并将计算结果反馈至链上等，此处不再一一赘述。The off-chain contract in this manual can implement any calculation logic defined by the user. For example, the off-chain contract can be used to verify whether the amount of encrypted order data stored on the blockchain is correct, and the verification result is fed back to the chain; for another example, the off-chain contract can be used to secure multi-party data according to a preset algorithm Calculations are safe multi-party calculations, and the calculation results are fed back to the chain, etc., so I won’t repeat them here.

如图10所示，假定客户端1001希望对已部署的链下合约进行调用(比如在验证目标链下合约通过之后)。客户端1001可以通过链下渠道向控制节点1002发送调用请求，该调用请求采用集群身份公钥进行加密，控制节点1002可以基于负载均衡算法将该调用请求分配至集群内的某个链下隐私计算节点，比如节点1002n，由该节点1002n对调用请求进行响应。节点1002n在自身创建的链下TEE中通过集群身份私钥解密调用请求，获得调用请求中包含的合约ID、函数名和入参数据的信息。合约ID譬如可以为链下合约的字节码的哈希值，使得节点1002n可以据此找到相应的已部署的链下合约的字节码。链下合约可能包含多个函数，因而函数名可以指明客户端1001希望调用的函数；如果链下合约仅包含一个函数，或者客户端1001希望调用链下合约中的所有函数，那么调用请求中也可以省去函数名的信息。入参数据的信息可以为入参数据本身，或者入参数据的描述信息，比如该描述信息可以为存储地址等，使得节点1002n可以据此获取入参数据，尤其是当客户端1001本身并非数据拥有者的情况下，可以省去客户端1001与数据拥有者之间的交互，还可以降低调用请求的数据量、加快其传输速度。然后，节点1002n可以在链下TEE中执行链下合约的字节码，以针对入参数据进行处理，从而得到相应的调用结果。节点1002n可以在链下TEE中对该调用结果进行加密后，经由控制节点1002反馈至客户端1001。As shown in Figure 10, suppose that theclient 1001 wants to call the deployed off-chain contract (for example, after the verification target off-chain contract is passed). Theclient 1001 can send a call request to thecontrol node 1002 through the off-chain channel. The call request is encrypted with the cluster identity public key. Thecontrol node 1002 can allocate the call request to an off-chain privacy calculation in the cluster based on the load balancing algorithm. For a node, such asnode 1002n, thenode 1002n responds to the call request. Thenode 1002n decrypts the call request through the cluster identity private key in the off-chain TEE created by itself, and obtains the contract ID, function name, and input data information contained in the call request. The contract ID may be, for example, the hash value of the bytecode of the off-chain contract, so that thenode 1002n can find the corresponding bytecode of the deployed off-chain contract. The off-chain contract may contain multiple functions, so the function name can indicate the function that theclient 1001 wants to call; if the off-chain contract only contains one function, or theclient 1001 wants to call all functions in the off-chain contract, then the call request is also You can omit the function name information. The information of the input parameter data may be the input parameter data itself, or the description information of the input parameter data. For example, the description information may be a storage address, etc., so that thenode 1002n can obtain the input parameter data accordingly, especially when theclient 1001 itself is not data In the case of the owner, the interaction between theclient 1001 and the data owner can be omitted, and the amount of data requested by the call can also be reduced, and the transmission speed can be accelerated. Then, thenode 1002n can execute the bytecode of the off-chain contract in the off-chain TEE to process the input parameter data, so as to obtain the corresponding call result. Thenode 1002n may encrypt the call result in the off-chain TEE, and then feed it back to theclient 1001 via thecontrol node 1002.

客户端1001可以通过链上渠道向控制节点1002发送调用请求。客户端1001可 以向区块链网络1003提交链下合约调用交易，该链下合约调用交易中包含调用请求，该调用请求由客户端1001采用集群身份公钥进行加密。当然，链下合约调用交易本身也可以是加密传输的，比如采用集群身份公钥对调用交易进行加密，或者其他加密方式，这可以参考前文所述的数据加密传输的内容，此处不再赘述。链下合约调用交易可以调用预言机合约，使得预言机合约针对该交易所含的调用请求产生相应的合约事件，该合约事件被预言机服务器1004监听到之后，由预言机服务器1004获取调用请求并传输至控制节点1002。然后，控制节点1002将调用请求分配至诸如链下隐私计算节点1002n进行响应。以及，控制节点1002可以通过预言机机制将调用结果反馈至链上，而节点1003n可以主动发起一笔交易，将该调用结果上链，或者节点1003n可以将调用结果反馈至客户端1001，由客户端1001重新发起一笔交易将该调用结果上链。Theclient 1001 can send a call request to thecontrol node 1002 through an on-chain channel. Theclient 1001 can submit an off-chain contract invocation transaction to theblockchain network 1003. The off-chain contract invocation transaction includes a invocation request, and the invocation request is encrypted by theclient 1001 using the cluster identity public key. Of course, the off-chain contract call transaction itself can also be encrypted transmission, such as using the cluster identity public key to encrypt the call transaction, or other encryption methods. For this, please refer to the content of data encryption transmission described above, which will not be repeated here. . The off-chain contract call transaction can call the oracle contract, so that the oracle contract generates a corresponding contract event for the call request contained in the exchange. After the contract event is monitored by theoracle server 1004, theoracle server 1004 obtains the call request and Transmitted to thecontrol node 1002. Then, thecontrol node 1002 distributes the call request to, for example, the off-chainprivacy computing node 1002n to respond. And, thecontrol node 1002 can feed back the call result to the chain through the oracle mechanism, and the node 1003n can actively initiate a transaction to upload the call result to the chain, or the node 1003n can feed back the call result to theclient 1001, and the client The terminal 1001 re-initiates a transaction to upload the result of the call to the chain.

如果入参数据为区块链数据，客户端1001可以向区块链网络1003提交加密后的链下合约调用交易，该链下合约调用交易中包含合约ID、函数名和入参数据的信息，并且该链下合约调用交易调用了用于获取入参数据的链上合约。节点1003n收到加密后的链下合约调用交易后，在节点1003n创建的链上TEE中进行解密，然后通过链上TEE内部署的虚拟机执行被调用的链上合约，以获取被作为入参数据的区块链数据，该区块链数据通常处于加密状态，节点1003n可以在链上TEE内解密为明文，然后将该明文的区块链数据与链下合约调用交易所含的合约ID、函数名打包为调用请求，并在链上TEE内采用集群身份公钥对该调用请求进行加密，而后基于预言机机制传输至控制节点1002，由控制节点1002将调用请求分配至诸如链下隐私计算节点1002n进行响应。以及，控制节点1002可以通过预言机机制将调用结果反馈至链上，而节点1003n可以将该调用结果上链。If the input data is blockchain data, theclient 1001 can submit an encrypted off-chain contract call transaction to theblockchain network 1003. The off-chain contract call transaction includes the contract ID, function name, and input data information, and The off-chain contract call transaction calls the on-chain contract used to obtain input parameter data. After node 1003n receives the encrypted off-chain contract call transaction, it decrypts it in the on-chain TEE created by node 1003n, and then executes the called on-chain contract through the virtual machine deployed in the on-chain TEE to obtain the input parameters The block chain data of the data, the block chain data is usually in an encrypted state, the node 1003n can be decrypted into plain text in the on-chain TEE, and then the plain text block chain data and the off-chain contract call the contract ID contained in the exchange, The function name is packaged into a call request, and the call request is encrypted using the cluster identity public key in the on-chain TEE, and then transmitted to thecontrol node 1002 based on the oracle mechanism, and thecontrol node 1002 distributes the call request to such as off-chain privacy computing Thenode 1002n responds. And, thecontrol node 1002 can feed the call result back to the chain through the oracle mechanism, and the node 1003n can upload the call result to the chain.

客户端1001或节点1003n除了采用集群身份公钥对调用请求进行加密之外，还可以采用合约加密公钥对调用请求内所含的入参数据的信息进行加密。链下隐私计算节点1002n在收到针对某一链下合约的调用请求后，采用该链下合约对应的合约加密私钥对调用请求内加密后的入参数据的信息进行解密，从而确保入参数据的信息只能由被调用的链下合约所获得，而不会被其他链下合约获得。以及，在得到调用结果(即执行链下合约得到的执行结果)后，链下隐私计算节点1002n可以通过被调用的链下合约的合约签名私钥对调用结果进行签名，而客户端1001或节点1003n可以通过合约签名公钥进行验签，从而确定该调用结果确实是由被调用的链下合约所产生。In addition to using the cluster identity public key to encrypt the call request, theclient 1001 or the node 1003n may also use the contract encryption public key to encrypt the information of the input data contained in the call request. After the off-chainprivacy computing node 1002n receives a call request for a certain off-chain contract, it uses the contract encryption private key corresponding to the off-chain contract to decrypt the encrypted input data information in the call request, thereby ensuring the entry of parameters Data information can only be obtained by the called off-chain contract, but not by other off-chain contracts. And, after obtaining the call result (that is, the execution result obtained by executing the off-chain contract), the off-chainprivacy computing node 1002n can sign the calling result through the contract signature private key of the called off-chain contract, and theclient 1001 or node 1003n can use the contract signature public key to verify the signature, so as to confirm that the call result is indeed generated by the called off-chain contract.

在图10所示实施例中，以链下隐私计算集群为例进行描述。实际上，客户端1001也可以直接与单个链下隐私计算节点进行交互，以调用该链下隐私计算节点上部署的链下合约，此处不再赘述。In the embodiment shown in FIG. 10, an off-chain privacy computing cluster is taken as an example for description. In fact, theclient 1001 can also directly interact with a single off-chain private computing node to invoke the off-chain contract deployed on the off-chain private computing node, which will not be repeated here.

需要说明的是，本说明书中加密与解密，生成签名与验证签名，可采用同一组密钥对，或者分别配置一组加密密钥对和一组签名密钥对。其中，在一组密钥对中，对应于不同的加密算法，可能同时存在多个公钥和相应的私钥。下面以节点身份密钥为例进行说明，集群身份密钥和合约身份密钥与此类似。It should be noted that the encryption and decryption in this manual, the generation of signatures and the verification of signatures, can use the same set of key pairs, or configure a set of encryption key pairs and a set of signature key pairs separately. Among them, in a group of key pairs, corresponding to different encryption algorithms, there may be multiple public keys and corresponding private keys at the same time. The following takes the node identity key as an example for description. The cluster identity key and contract identity key are similar.

在一种情况下，节点身份密钥为一组密钥对，包含节点身份公钥和节点身份私钥。其中，节点身份公钥可用于对数据进行加密，那么可采用节点身份私钥对该数据进 行解密；节点身份私钥可用于对数据进行签名，那么可采用节点身份公钥对该数据进行签名验证。在另一种情况下，可配置两组密钥对，分别为节点加密密钥对和节点签名密钥对。其中，节点加密密钥对用于对数据进行加密与解密，节点签名密钥对用于对数据进行签名与验证签名。In one case, the node identity key is a set of key pairs, including the node identity public key and the node identity private key. Among them, the node identity public key can be used to encrypt data, then the node identity private key can be used to decrypt the data; the node identity private key can be used to sign the data, then the node identity public key can be used to sign and verify the data . In another case, two sets of key pairs can be configured, namely a node encryption key pair and a node signature key pair. Among them, the node encryption key pair is used to encrypt and decrypt data, and the node signature key pair is used to sign data and verify the signature.

对应于上述客户端侧的实施例，本说明书还提出了链下隐私计算节点侧的实施例，在客户端侧实施例中所涉及的描述同样可以适用于链下隐私计算节点侧的实施例，下文中不再对此进行赘述。Corresponding to the above-mentioned embodiment on the client side, this specification also proposes an embodiment on the side of the off-chain privacy computing node. The description involved in the embodiment on the client side can also be applied to the embodiment on the side of the off-chain privacy computing node. This will not be repeated in the following.

相应地，图11是一示例性实施例提供的一种链下隐私计算节点侧的验证合约的方法的流程图。如图11所示，该方法可以包括步骤1102和步骤1104。Correspondingly, FIG. 11 is a flowchart of a method for verifying a contract on the side of an off-chain privacy computing node provided by an exemplary embodiment. As shown in FIG. 11, the method may includestep 1102 and step 1104.

步骤1102，链下隐私计算节点向客户端提供针对所述链下隐私计算节点创建的链下可信执行环境的远程证明报告，所述远程证明报告由认证服务器对所述链下隐私计算节点针对所述链下可信执行环境产生的自荐信息进行验证后生成。Step 1102, the off-chain private computing node provides the client with a remote attestation report for the off-chain trusted execution environment created by the off-chain private computing node. The remote attestation report is directed by the authentication server to the off-chain private computing node. The self-recommendation information generated by the off-chain trusted execution environment is generated after verification.

如前所述，所述链下隐私计算节点向客户端提供针对所述链下隐私计算节点创建的链下可信执行环境的远程证明报告的操作可以包括：接收所述客户端向所述链下隐私计算节点发起的挑战，向所述客户端返回所述远程证明报告；或者，在所述链下隐私计算节点属于链下隐私计算集群的情况下，在所述链下隐私计算集群的控制节点接收到所述客户端发起的挑战后，向所述控制节点发送所述远程证明报告，所述远程证明报告由所述控制节点返回至所述客户端。As mentioned above, the operation of the off-chain private computing node to provide the client with a remote attestation report for the off-chain trusted execution environment created by the off-chain private computing node may include: The remote attestation report is returned to the client for the challenge initiated by the next private computing node; or, in the case that the off-chain private computing node belongs to the off-chain private computing cluster, under the control of the off-chain private computing cluster After receiving the challenge initiated by the client, the node sends the remote certification report to the control node, and the remote certification report is returned by the control node to the client.

如前所述，所述远程证明报告携带的所述自荐信息内包含第一待检验哈希值，所述第一待检验哈希值为所述链下可信执行环境的预设信息的哈希值，所述第一待检验哈希值用于所述客户端在根据所述认证服务器的公钥对所述远程证明报告进行签名验证并签名验证通过且所述远程证明报告包含的远程认证结果为通过认证的情况下，与预先获得的针对所述链下可信执行环境的第一标准哈希值进行比较，且比较结果一致被作为所述客户端确认所述链下可信执行环境可信的前提条件。As mentioned above, the self-recommendation information carried in the remote attestation report contains the first hash value to be verified, and the first hash value to be verified is the hash value of the preset information of the trusted execution environment under the chain. Hopefully, the first hash value to be verified is used by the client to verify the signature of the remote attestation report according to the public key of the authentication server, and the remote attestation report contains the remote attestation. If the result is authenticated, it is compared with the pre-obtained first standard hash value for the off-chain trusted execution environment, and the comparison result is consistent as the client confirms the off-chain trusted execution environment A credible prerequisite.

步骤1104，所述链下隐私计算节点向所述客户端提供部署于所述链下隐私计算节点处的目标链下合约的待验证合约信息，所述待验证合约信息被所述链下隐私计算节点在所述链下可信执行环境内采用所述链下隐私计算节点的身份私钥进行签名，所述身份私钥由所述链下隐私计算节点在所述链下可信执行环境内维护。Step 1104, the off-chain privacy computing node provides the client with the to-be-verified contract information of the target off-chain contract deployed at the off-chain privacy computing node, and the to-be-verified contract information is calculated by the off-chain privacy The node uses the identity private key of the off-chain private computing node to sign in the off-chain trusted execution environment, and the identity private key is maintained by the off-chain private computing node in the off-chain trusted execution environment .

所述待验证合约信息由所述客户端在根据所述远程证明报告确定所述链下可信执行环境可信的情况下，采用所述链下隐私计算节点的身份公钥对所述待验证合约信息进行签名验证，以及根据所述目标链下合约的合约信息对所述待验证合约信息进行合约信息验证，并在签名验证和合约信息验证通过的情况下，确定所述客户端在通过区块链节点的预言机机制对所述目标链下合约发起调用时，所述目标链下合约由所述链下隐私计算节点在所述链下可信执行环境中执行。When the contract information to be verified is determined by the client according to the remote attestation report that the off-chain trusted execution environment is credible, the identity public key of the off-chain private computing node is used to authenticate the to-be-verified Perform signature verification on the contract information, and perform contract information verification on the contract information to be verified based on the contract information of the contract under the target chain, and if the signature verification and contract information verification pass, it is determined that the client is in the pass zone When the oracle mechanism of the block chain node initiates a call to the target chain contract, the target chain contract is executed by the chain privacy computing node in the trusted execution environment of the chain.

在一实施例中，所述链下隐私计算节点向所述客户端提供第一身份信息，所述第一身份信息包含所述链下隐私计算节点的身份公钥和所述链下隐私计算节点的其他身份信息，所述第一身份信息被所述客户端进行哈希计算以得到第二待校验哈希值；所 述链下隐私计算节点向所述客户端提供第二标准哈希值，所述第二标准哈希值由所述链下隐私计算节点在所述链下可信执行环境内生成自身的身份信息后对生成的身份信息进行哈希计算得到；所述第二标准哈希值用于与所述第二待校验哈希值进行比较，且所述客户端在比较结果一致的情况下获取所述隐私计算节点的第一身份信息中包含的所述身份公钥。In an embodiment, the off-chain private computing node provides first identity information to the client, and the first identity information includes the identity public key of the off-chain private computing node and the off-chain private computing node The first identity information is hashed by the client to obtain the second hash value to be verified; the off-chain privacy computing node provides the second standard hash value to the client The second standard hash value is obtained by hashing the generated identity information after the off-chain privacy computing node generates its own identity information in the off-chain trusted execution environment; the second standard Ha The hope value is used for comparison with the second hash value to be verified, and the client obtains the identity public key included in the first identity information of the privacy computing node when the comparison result is consistent.

在另一实施例中，所述链下隐私计算节点向所述客户端提供自身的第二身份信息，所述第二身份信息包含所述链下隐私计算节点的身份公钥、所述链下隐私计算节点的其他身份信息和第四待校验哈希值，所述第四待校验哈希值为所述链下可信执行环境的预设信息的哈希值；所述链下隐私计算节点向所述客户端提供第三标准哈希值，所述第三标准哈希值由所述链下隐私计算节点在所述链下可信执行环境内生成自身的身份信息后对生成的身份信息进行哈希计算得到；所述第二身份信息在所述客户端根据所述认证服务器的公钥对所述远程证明报告进行签名验证并在签名验证通过且所述远程证明报告包含的远程认证结果为通过认证的情况下，被所述客户端进行哈希计算以得到第三待校验哈希值；其中，确认所述链下可信执行环境可信的前提条件包含在所述第三待校验哈希值与所述第三标准哈希值一致的情况下，所述第四待校验哈希值与所述客户端预先获得的针对所述链下可信执行环境的第四标准哈希值一致；所述第二身份信息包含的所述身份公钥用于对所述待验证合约信息进行签名验证。In another embodiment, the off-chain privacy computing node provides its second identity information to the client, and the second identity information includes the identity public key of the off-chain privacy computing node, and the off-chain Other identity information of the privacy computing node and a fourth hash value to be verified, where the fourth hash value to be verified is a hash value of the preset information of the trusted execution environment off-chain; the off-chain privacy The computing node provides a third standard hash value to the client. The third standard hash value is generated by the off-chain private computing node after generating its own identity information in the off-chain trusted execution environment. The identity information is obtained by hash calculation; the second identity information is signed and verified on the remote attestation report on the client according to the public key of the authentication server, and the remote attestation report is included in the remote attestation report after the signature verification is passed. If the authentication result is that the authentication is passed, the client performs a hash calculation to obtain the third hash value to be verified; wherein, the precondition for confirming that the off-chain trusted execution environment is trustworthy is included in the first When the three hash values to be verified are consistent with the third standard hash value, the fourth hash values to be verified are the same as the first obtained by the client in advance for the trusted off-chain execution environment. The hash values of the four standards are consistent; the identity public key included in the second identity information is used to perform signature verification on the contract information to be verified.

如前所述，所述链下隐私计算节点的身份信息为所述链下隐私计算节点的节点身份信息，所述身份私钥为所述链下隐私计算节点的节点身份私钥，所述身份公钥为所述链下隐私计算节点的节点身份公钥；或者，在所述链下隐私计算节点属于链下隐私计算集群的情况下，所述身份信息为所述链下隐私计算集群的集群身份信息，所述身份公钥为所述链下隐私计算集群的集群身份密钥中的集群身份公钥，所述身份私钥为所述集群身份密钥中的集群身份私钥；其中，在区块链节点与所述链下隐私计算集群中的各节点进行交互以部署或调用链下合约的过程中，所述集群身份密钥用于对交互数据进行加密解密和/或签名验签。As mentioned above, the identity information of the off-chain private computing node is the node identity information of the off-chain private computing node, and the identity private key is the node identity private key of the off-chain private computing node, and the identity The public key is the node identity public key of the off-chain private computing node; or, in the case that the off-chain private computing node belongs to the off-chain private computing cluster, the identity information is the cluster of the off-chain private computing cluster Identity information, the identity public key is the cluster identity public key in the cluster identity key of the off-chain privacy computing cluster, and the identity private key is the cluster identity private key in the cluster identity key; where In the process of a blockchain node interacting with each node in the off-chain privacy computing cluster to deploy or call an off-chain contract, the cluster identity key is used to encrypt and decrypt interactive data and/or signature verification.

如前所述，所述链下隐私计算节点响应于区块链节点通过预言机机制对部署的所述目标链下合约发起的调用，执行所述目标链下合约；所述区块链节点对所述目标链下合约发起的调用由所述客户端提交的针对所述目标链下合约的调用交易触发。As mentioned earlier, the off-chain privacy computing node executes the target off-chain contract in response to the call initiated by the blockchain node to the deployed off-chain contract through the oracle mechanism; the pair of blockchain nodes The call initiated by the contract under the target chain is triggered by a call transaction submitted by the client for the contract under the target chain.

如前所述，所述链下隐私计算节点通过所述预言机机制向区块链节点反馈执行结果，所述执行结果由所述目标链下合约响应于所述区块链节点的调用生成，并在所述链下可信执行环境内被通过所述目标链下合约的合约身份私钥进行签名；其中，在采用所述目标链下合约的合约身份公钥对所述执行结果进行签名验证且通过签名验证的情况下，所述执行结果被判定为由所述目标链下合约生成。As mentioned above, the off-chain privacy computing node feeds back the execution result to the blockchain node through the oracle mechanism, and the execution result is generated by the target off-chain contract in response to the invocation of the blockchain node, And is signed by the contract identity private key of the target chain contract in the off-chain trusted execution environment; wherein, the execution result is signed and verified by using the contract identity public key of the target chain contract And if the signature verification is passed, the execution result is determined to be generated by the target chain contract.

如前所述，所述合约信息包含所述目标链下合约的合约身份公钥，在所述客户端通过区块链节点的预言机机制对所述目标链下合约发起调用的情况下，所述合约身份公钥用于对调用所述目标链下合约时所采用的入参数据进行加密，加密后的入参数据由所述目标链下合约的合约身份私钥解密。As mentioned above, the contract information includes the contract identity public key of the target chain contract. When the client initiates a call to the target chain contract through the oracle mechanism of the blockchain node, The contract identity public key is used to encrypt the input parameter data used when invoking the target chain contract, and the encrypted input parameter data is decrypted by the contract identity private key of the target chain contract.

在本说明书的技术方案中，还可由客户端直接与隐私计算节点进行交互以完成 在隐私计算节点上部署智能合约、向智能合约发起挑战、验证智能合约和调用智能合约等操作，而无需通过区块链的预言机机制来完成上述操作，同时调用部署于隐私计算节点的智能合约得到的计算结果也无需反馈至区块链。在该情况下，由于不涉及链上和链下的区分，下文将“链下隐私计算节点”称为“隐私计算节点”，将“链下可信执行环境”称为“可信执行环境”，将“目标链下合约”称为“目标智能合约”。但是，技术方案的原理与上述实施例类似，所涉及的实施细节同样可参考上述实施例，因此下文不再进行详细描述。In the technical solution of this specification, the client can also directly interact with the private computing node to complete operations such as deploying smart contracts on the private computing node, initiating challenges to the smart contract, verifying the smart contract, and invoking the smart contract without passing through the zone. The oracle mechanism of the block chain completes the above operations, and at the same time, the calculation results obtained by invoking the smart contract deployed on the privacy computing node do not need to be fed back to the block chain. In this case, since the distinction between on-chain and off-chain is not involved, “off-chain private computing nodes” will be referred to as “private computing nodes”, and “off-chain trusted execution environment” will be referred to as “trusted execution environment”. , The "target chain contract" is called the "target smart contract". However, the principle of the technical solution is similar to the foregoing embodiment, and the involved implementation details can also refer to the foregoing embodiment, so the detailed description will not be given below.

图12是一示例性实施例提供的另一种客户端侧的验证合约的方法的流程图。如图12所示，该方法可以包括以下步骤1202至步骤1206。Fig. 12 is a flowchart of another method for verifying a contract on the client side according to an exemplary embodiment. As shown in FIG. 12, the method may include the followingsteps 1202 to 1206.

步骤1202，客户端获取针对隐私计算节点创建的可信执行环境的远程证明报告，所述远程证明报告由认证服务器对所述隐私计算节点针对所述可信执行环境产生的自荐信息进行验证后生成。Step 1202: The client obtains a remote attestation report for the trusted execution environment created by the private computing node. The remote attestation report is generated by the authentication server after verifying the self-recommended information generated by the private computing node for the trusted execution environment. .

步骤1204，所述客户端在根据所述远程证明报告确定所述可信执行环境可信的情况下，获取部署于所述隐私计算节点处的目标智能合约的待验证合约信息，所述待验证合约信息被所述隐私计算节点在所述可信执行环境内采用所述隐私计算节点的身份私钥进行签名，所述身份私钥由所述隐私计算节点在所述可信执行环境内维护。Step 1204: The client obtains the to-be-verified contract information of the target smart contract deployed at the private computing node in the case that the trusted execution environment is determined to be credible according to the remote attestation report, and the to-be-verified The contract information is signed by the private computing node in the trusted execution environment using the private identity key of the private computing node, and the private identity key is maintained by the private computing node in the trusted execution environment.

如前所述，客户端根据所述认证服务器的公钥对所述远程证明报告进行签名验证；在签名验证通过且所述远程证明报告包含的远程认证结果为通过认证的情况下，从所述远程证明报告携带的所述自荐信息内提取出第一待检验哈希值，所述第一待检验哈希值为所述可信执行环境的预设信息的哈希值；将预先获得的针对所述可信执行环境的第一标准哈希值与所述第一待检验哈希值进行比较，并将比较结果一致作为确认所述可信执行环境可信的前提条件。As mentioned above, the client performs signature verification on the remote certification report according to the public key of the authentication server; if the signature verification is passed and the remote certification result contained in the remote certification report is certified, The first to-be-verified hash value is extracted from the self-recommendation information carried in the remote attestation report, and the first to-be-verified hash value is the hash value of the preset information of the trusted execution environment; The first standard hash value of the trusted execution environment is compared with the first hash value to be checked, and the comparison result is consistent as a prerequisite for confirming that the trusted execution environment is trustworthy.

步骤1206，所述客户端采用所述隐私计算节点的身份公钥对所述待验证合约信息进行签名验证，以及根据所述目标智能合约的合约信息对所述待验证合约信息进行合约信息验证，并在签名验证和合约信息验证通过的情况下，确定所述客户端在对所述目标智能合约发起调用时，所述目标智能合约由所述隐私计算节点在所述可信执行环境中执行。Step 1206: The client uses the identity public key of the privacy computing node to perform signature verification on the contract information to be verified, and performs contract information verification on the contract information to be verified according to the contract information of the target smart contract, And when the signature verification and contract information verification pass, it is determined that when the client initiates a call to the target smart contract, the target smart contract is executed by the private computing node in the trusted execution environment.

如前所述，所述客户端获取所述隐私计算节点提供的第一身份信息，并对获取到的第一身份信息进行哈希计算以得到第二待校验哈希值，所述第一身份信息包含所述隐私计算节点的身份公钥和所述隐私计算节点的其他身份信息；所述客户端获取所述隐私计算节点提供的第二标准哈希值，所述第二标准哈希值由所述隐私计算节点在所述可信执行环境内生成自身的身份信息后对生成的身份信息进行哈希计算得到；所述客户端将所述第二待校验哈希值与所述第二标准哈希值进行比较，并在比较结果一致的情况下获取所述隐私计算节点的第一身份信息中包含的所述身份公钥。As mentioned above, the client obtains the first identity information provided by the privacy computing node, and performs a hash calculation on the obtained first identity information to obtain the second hash value to be verified. The identity information includes the identity public key of the private computing node and other identity information of the private computing node; the client obtains a second standard hash value provided by the private computing node, the second standard hash value After the privacy computing node generates its own identity information in the trusted execution environment, it is obtained by hashing the generated identity information; the client side compares the second to-be-verified hash value with the first The two standard hash values are compared, and the identity public key included in the first identity information of the privacy computing node is obtained if the comparison result is consistent.

如前所述，所述客户端根据所述认证服务器的公钥对所述远程证明报告进行签名验证并在签名验证通过且所述远程证明报告包含的远程认证结果为通过认证的情况下，获取所述隐私计算节点提供的第二身份信息，并对获取到的第二身份信息进行哈希计算以得到第三待校验哈希值，所述第二身份信息包含所述隐私计算节点的身份公钥、 所述隐私计算节点的其他身份信息和第四待校验哈希值，所述第四待校验哈希值为所述可信执行环境的预设信息的哈希值；获取所述隐私计算节点提供的第三标准哈希值，并将所述第三待校验哈希值与第三标准哈希值进行比较，所述第三标准哈希值由所述隐私计算节点在所述可信执行环境内生成自身的身份信息后对生成的身份信息进行哈希计算得到；在所述第三待校验哈希值与所述第三标准哈希值一致的情况下，将预先获得的针对所述可信执行环境的第四标准哈希值与所述第四待检验哈希值进行比较，并将比较结果一致作为确认所述可信执行环境可信的前提条件；其中，所述第二身份信息包含的所述身份公钥用于对所述待验证合约信息进行签名验证。As mentioned above, the client performs signature verification on the remote attestation report according to the public key of the authentication server, and obtains if the signature verification is passed and the remote attestation result contained in the remote attestation report is certified The second identity information provided by the privacy computing node, and performing a hash calculation on the acquired second identity information to obtain a third hash value to be verified, and the second identity information includes the identity of the privacy computing node Public key, other identity information of the privacy computing node, and a fourth hash value to be verified, where the fourth hash value to be verified is a hash value of preset information of the trusted execution environment; The third standard hash value provided by the privacy computing node is compared, and the third hash value to be verified is compared with a third standard hash value. The third standard hash value is stored by the privacy computing node After generating its own identity information in the trusted execution environment, the generated identity information is hashed to obtain; if the third hash value to be verified is consistent with the third standard hash value, the The pre-obtained fourth standard hash value for the trusted execution environment is compared with the fourth hash value to be checked, and the comparison result is consistent as a prerequisite for confirming that the trusted execution environment is trustworthy; where , The identity public key included in the second identity information is used to perform signature verification on the contract information to be verified.

如前所述，所述隐私计算节点的身份信息为所述隐私计算节点的节点身份信息，所述身份私钥为所述隐私计算节点的节点身份私钥，所述身份公钥为所述隐私计算节点的节点身份公钥；或者，在所述隐私计算节点属于链下隐私计算集群的情况下，所述身份信息为所述链下隐私计算集群的集群身份信息，所述身份公钥为所述链下隐私计算集群的集群身份密钥中的集群身份公钥，所述身份私钥为所述集群身份密钥中的集群身份私钥；其中，在所述客户端与所述链下隐私计算集群中的各节点进行交互以部署或调用智能合约的过程中，所述集群身份密钥用于对交互数据进行加密解密和/或签名验签。As mentioned above, the identity information of the private computing node is the node identity information of the private computing node, the identity private key is the node identity private key of the private computing node, and the identity public key is the privacy The node identity public key of the computing node; or, in the case that the private computing node belongs to an off-chain private computing cluster, the identity information is the cluster identity information of the off-chain private computing cluster, and the identity public key is all The cluster identity public key in the cluster identity key of the off-chain privacy computing cluster, where the identity private key is the cluster identity private key in the cluster identity key; wherein, the client and the off-chain privacy When each node in the computing cluster interacts to deploy or invoke a smart contract, the cluster identity key is used to encrypt and decrypt interactive data and/or signature verification.

如前所述，所述客户端获取所述隐私计算节点反馈的执行结果，所述执行结果由所述目标智能合约响应于所述客户端的调用生成，并在所述可信执行环境内被通过所述目标智能合约的合约身份私钥进行签名；所述客户端在采用所述目标智能合约的合约身份公钥对所述执行结果进行签名验证且通过签名验证的情况下，判定所述执行结果由所述目标智能合约生成。As mentioned above, the client obtains the execution result fed back by the privacy computing node, and the execution result is generated by the target smart contract in response to the client's call, and is passed in the trusted execution environment The contract identity private key of the target smart contract is used for signing; the client terminal uses the contract identity public key of the target smart contract to perform signature verification on the execution result and passes the signature verification to determine the execution result Generated by the target smart contract.

如前所述，所述合约信息包含所述目标智能合约的合约身份公钥，在所述客户端对所述目标智能合约发起调用的情况下，所述合约身份公钥用于对调用所述目标智能合约时所采用的入参数据进行加密，加密后的入参数据由所述目标智能合约的合约身份私钥解密。As mentioned above, the contract information includes the contract identity public key of the target smart contract. In the case that the client initiates a call to the target smart contract, the contract identity public key is used to call the target smart contract. The input parameter data used in the target smart contract is encrypted, and the encrypted input parameter data is decrypted by the contract identity private key of the target smart contract.

相应的，图13是一示例性实施例提供的另一种隐私计算节点侧的验证合约的方法的流程图。如图13所示，该方法可以包括步骤1302和步骤1304。Correspondingly, FIG. 13 is a flowchart of another method for verifying a contract on the side of a privacy computing node provided by an exemplary embodiment. As shown in FIG. 13, the method may includestep 1302 andstep 1304.

步骤1302，隐私计算节点向客户端提供针对所述隐私计算节点创建的可信执行环境的远程证明报告，所述远程证明报告由认证服务器对所述隐私计算节点针对所述可信执行环境产生的自荐信息进行验证后生成。Step 1302: The private computing node provides the client with a remote attestation report for the trusted execution environment created by the private computing node. The remote attestation report is generated by the authentication server on the private computing node for the trusted execution environment. Self-recommendation information is generated after verification.

如前所述，所述远程证明报告携带的所述自荐信息内包含第一待检验哈希值，所述第一待检验哈希值为所述可信执行环境的预设信息的哈希值，所述第一待检验哈希值用于所述客户端在根据所述认证服务器的公钥对所述远程证明报告进行签名验证并签名验证通过且所述远程证明报告包含的远程认证结果为通过认证的情况下，与预先获得的针对所述可信执行环境的第一标准哈希值进行比较，且比较结果一致被作为所述客户端确认所述可信执行环境可信的前提条件。As mentioned above, the self-recommendation information carried in the remote attestation report contains the first hash value to be verified, and the first hash value to be verified is the hash value of the preset information of the trusted execution environment The first hash value to be verified is used by the client to verify the signature of the remote certification report according to the public key of the authentication server, and the signature verification is passed, and the remote certification result contained in the remote certification report is If the authentication is passed, it is compared with the first standard hash value for the trusted execution environment obtained in advance, and the comparison result is consistent as a prerequisite for the client to confirm that the trusted execution environment is trustworthy.

步骤1304，所述隐私计算节点向所述客户端提供部署于所述隐私计算节点处的目标智能合约的待验证合约信息，所述待验证合约信息被所述隐私计算节点在所述可信执行环境内采用所述隐私计算节点的身份私钥进行签名，所述身份私钥由所述隐私计算 节点在所述可信执行环境内维护。Instep 1304, the private computing node provides the client with the to-be-verified contract information of the target smart contract deployed at the private computing node, and the to-be-verified contract information is executed by the private computing node in the trusted execution The identity private key of the private computing node is used for signing in the environment, and the private identity key is maintained by the private computing node in the trusted execution environment.

如前所述，所述待验证合约信息由所述客户端在根据所述远程证明报告确定所述可信执行环境可信的情况下，采用所述隐私计算节点的身份公钥对所述待验证合约信息进行签名验证，以及根据所述目标智能合约的合约信息对所述待验证合约信息进行合约信息验证，并在签名验证和合约信息验证通过的情况下，确定所述客户端在对所述目标智能合约发起调用时，所述目标智能合约由所述隐私计算节点在所述可信执行环境中执行。As mentioned above, the client terminal uses the identity public key of the private computing node to verify the trustworthiness of the trusted execution environment based on the remote attestation report. Verify the contract information for signature verification, and perform contract information verification on the contract information to be verified based on the contract information of the target smart contract, and if the signature verification and contract information verification pass, determine that the client is When the target smart contract initiates a call, the target smart contract is executed by the privacy computing node in the trusted execution environment.

如前所述，所述隐私计算节点向所述客户端提供第一身份信息，所述第一身份信息包含所述隐私计算节点的身份公钥和所述隐私计算节点的其他身份信息，所述第一身份信息被所述客户端进行哈希计算以得到第二待校验哈希值；所述隐私计算节点向所述客户端提供第二标准哈希值，所述第二标准哈希值由所述隐私计算节点在所述可信执行环境内生成自身的身份信息后对生成的身份信息进行哈希计算得到；所述第二标准哈希值用于与所述第二待校验哈希值进行比较，且所述客户端在比较结果一致的情况下获取所述隐私计算节点的第一身份信息中包含的所述身份公钥。As mentioned above, the private computing node provides first identity information to the client, and the first identity information includes the private identity public key of the private computing node and other identity information of the private computing node. The first identity information is hashed by the client to obtain a second hash value to be verified; the privacy calculation node provides a second standard hash value to the client, the second standard hash value It is obtained by hashing the generated identity information after the privacy computing node generates its own identity information in the trusted execution environment; the second standard hash value is used to compare with the second to-be-verified Ha It is hoped that the comparison is performed, and the client obtains the identity public key included in the first identity information of the privacy computing node when the comparison results are consistent.

如前所述，所述隐私计算节点向所述客户端提供自身的第二身份信息，所述第二身份信息包含所述隐私计算节点的身份公钥、所述隐私计算节点的其他身份信息和第四待校验哈希值，所述第四待校验哈希值为所述可信执行环境的预设信息的哈希值；所述隐私计算节点向所述客户端提供第三标准哈希值，所述第三标准哈希值由所述隐私计算节点在所述可信执行环境内生成自身的身份信息后对生成的身份信息进行哈希计算得到；所述第二身份信息在所述客户端根据所述认证服务器的公钥对所述远程证明报告进行签名验证并在签名验证通过且所述远程证明报告包含的远程认证结果为通过认证的情况下，被所述客户端进行哈希计算以得到第三待校验哈希值；其中，确认所述可信执行环境可信的前提条件包含在所述第三待校验哈希值与所述第三标准哈希值一致的情况下，所述第四待校验哈希值与所述客户端预先获得的针对所述可信执行环境的第四标准哈希值一致；所述第二身份信息包含的所述身份公钥用于对所述待验证合约信息进行签名验证。As mentioned above, the private computing node provides its own second identity information to the client, and the second identity information includes the identity public key of the private computing node, other identity information of the private computing node, and A fourth hash value to be verified, where the fourth hash value to be verified is a hash value of preset information of the trusted execution environment; the privacy computing node provides a third standard ha Hopefully, the third standard hash value is obtained by hashing the generated identity information after the privacy computing node generates its own identity information in the trusted execution environment; the second identity information is in the The client performs signature verification on the remote certification report according to the public key of the authentication server, and if the signature verification is passed and the remote certification result contained in the remote certification report is certified, the client performs the authentication process. It is desired to calculate to obtain the third hash value to be verified; wherein, the precondition for confirming that the trusted execution environment is credible includes that the third hash value to be verified is consistent with the third standard hash value In this case, the fourth hash value to be verified is consistent with the fourth standard hash value for the trusted execution environment obtained in advance by the client; the identity public key included in the second identity information It is used to perform signature verification on the contract information to be verified.

如前所述，所述隐私计算节点的身份信息为所述隐私计算节点的节点身份信息，所述身份私钥为所述隐私计算节点的节点身份私钥，所述身份公钥为所述隐私计算节点的节点身份公钥；或者，在所述隐私计算节点属于链下隐私计算集群的情况下，所述身份信息为所述链下隐私计算集群的集群身份信息，所述身份公钥为所述链下隐私计算集群的集群身份密钥中的集群身份公钥，所述身份私钥为所述集群身份密钥中的集群身份私钥；其中，在所述客户端与所述链下隐私计算集群中的各节点进行交互以部署或调用智能合约的过程中，所述集群身份密钥用于对交互数据进行加密解密和/或签名验签。As mentioned above, the identity information of the private computing node is the node identity information of the private computing node, the identity private key is the node identity private key of the private computing node, and the identity public key is the privacy The node identity public key of the computing node; or, in the case that the private computing node belongs to the off-chain private computing cluster, the identity information is the cluster identity information of the off-chain private computing cluster, and the identity public key is all The cluster identity public key in the cluster identity key of the off-chain privacy computing cluster, where the identity private key is the cluster identity private key in the cluster identity key; wherein, the client and the off-chain privacy When each node in the computing cluster interacts to deploy or invoke a smart contract, the cluster identity key is used to encrypt and decrypt interactive data and/or signature verification.

如前所述，所述隐私计算节点向所述客户端反馈执行结果，所述执行结果由所述目标智能合约响应于所述区块链节点的调用生成，并在所述可信执行环境内被通过所述目标智能合约的合约身份私钥进行签名；其中，在采用所述目标智能合约的合约身份公钥对所述执行结果进行签名验证且通过签名验证的情况下，所述执行结果被判定为由所述目标智能合约生成。As mentioned above, the privacy computing node feeds back the execution result to the client. The execution result is generated by the target smart contract in response to the invocation of the blockchain node, and is in the trusted execution environment. Is signed by the contract identity private key of the target smart contract; wherein, when the execution result is signed and verified by the contract identity public key of the target smart contract and the signature verification is passed, the execution result is It is determined to be generated by the target smart contract.

如前所述，所述合约信息包含所述目标智能合约的合约身份公钥，在所述客户端对所述目标智能合约发起调用的情况下，所述合约身份公钥用于对调用所述目标智能合约时所采用的入参数据进行加密，加密后的入参数据由所述目标智能合约的合约身份私钥解密。与上述方法实施例相对应，本说明书还提供了一种验证合约的装置的实施例。As mentioned above, the contract information includes the contract identity public key of the target smart contract. In the case that the client initiates a call to the target smart contract, the contract identity public key is used to call the target smart contract. The input parameter data used in the target smart contract is encrypted, and the encrypted input parameter data is decrypted by the contract identity private key of the target smart contract. Corresponding to the above method embodiment, this specification also provides an embodiment of a device for verifying a contract.

本说明书验证合约的装置的实施例可以应用在电子设备上。装置实施例可以通过软件实现，也可以通过硬件或者软硬件结合的方式实现。以软件实现为例，作为一个逻辑意义上的装置，是通过其所在电子设备的处理器将非易失性存储器中对应的计算机程序指令读取到内存中运行形成的。The embodiments of the apparatus for verifying contracts in this specification can be applied to electronic equipment. The device embodiments can be implemented by software, or can be implemented by hardware or a combination of software and hardware. Taking software implementation as an example, as a logical device, it is formed by reading the corresponding computer program instructions in the non-volatile memory into the memory through the processor of the electronic device where it is located.

从硬件层面而言，请参考图14，图14是一示例性实施例提供的一种设备的示意结构图。如图14所示，在硬件层面，该设备包括处理器1402、内部总线1404、网络接口1406、内存1408以及非易失性存储器1410，当然还可能包括其他业务所需要的硬件。处理器1402从非易失性存储器1410中读取对应的计算机程序到内存1408中然后运行，在逻辑层面上形成验证合约的装置。当然，除了软件实现方式之外，本说明书一个或多个实施例并不排除其他实现方式，比如逻辑器件抑或软硬件结合的方式等等，也就是说以下处理流程的执行主体并不限定于各个逻辑单元，也可以是硬件或逻辑器件。From a hardware perspective, please refer to FIG. 14, which is a schematic structural diagram of a device provided by an exemplary embodiment. As shown in FIG. 14, at the hardware level, the device includes aprocessor 1402, aninternal bus 1404, anetwork interface 1406, amemory 1408, and anon-volatile memory 1410. Of course, it may also include hardware required for other services. Theprocessor 1402 reads the corresponding computer program from thenon-volatile memory 1410 to thememory 1408 and then runs it, forming a device for verifying the contract on a logical level. Of course, in addition to software implementation, one or more embodiments of this specification do not exclude other implementations, such as logic devices or a combination of software and hardware, and so on. That is to say, the execution subject of the following processing flow is not limited to each The logic unit can also be a hardware or a logic device.

请参考图15，在一种软件实施方式中，该客户端侧的验证合约的装置可以包括以下单元。Please refer to FIG. 15. In a software implementation, the device for verifying a contract on the client side may include the following units.

报告获取单元1501，使客户端获取针对链下隐私计算节点创建的链下可信执行环境的远程证明报告，所述远程证明报告由认证服务器对所述链下隐私计算节点针对所述链下可信执行环境产生的自荐信息进行验证后生成。The report obtaining unit 1501 enables the client to obtain a remote certification report for the off-chain trusted execution environment created by the off-chain private computing node. The self-recommendation information generated by the letter execution environment is generated after verification.

合约信息获取单元1502，使所述客户端在根据所述远程证明报告确定所述链下可信执行环境可信的情况下，获取部署于所述链下隐私计算节点处的目标链下合约的待验证合约信息，所述待验证合约信息被所述链下隐私计算节点在所述链下可信执行环境内采用所述链下隐私计算节点的身份私钥进行签名，所述身份私钥由所述链下隐私计算节点在所述链下可信执行环境内维护。The contract information obtaining unit 1502 enables the client to obtain the target off-chain contract deployed at the off-chain private computing node under the condition that the off-chain trusted execution environment is determined to be credible according to the remote attestation report The contract information to be verified is signed by the off-chain private computing node in the off-chain trusted execution environment using the identity private key of the off-chain private computing node, and the identity private key is The off-chain private computing node is maintained in the off-chain trusted execution environment.

验证单元1503，使所述客户端采用所述链下隐私计算节点的身份公钥对所述待验证合约信息进行签名验证，以及根据所述目标链下合约的合约信息对所述待验证合约信息进行合约信息验证，并在签名验证和合约信息验证通过的情况下，确定所述客户端在通过区块链节点的预言机机制对所述目标链下合约发起调用时，所述目标链下合约由所述链下隐私计算节点在所述链下可信执行环境中执行。The verification unit 1503 enables the client to use the identity public key of the off-chain privacy computing node to perform signature verification on the contract information to be verified, and to verify the contract information to be verified according to the contract information of the target chain off-chain contract Perform contract information verification, and if the signature verification and contract information verification are passed, it is determined that when the client initiates a call to the target chain contract through the oracle mechanism of the blockchain node, the target chain contract is It is executed by the off-chain private computing node in the off-chain trusted execution environment.

可选的，所述报告获取单元1501还用于：使所述客户端向所述链下隐私计算节点发起挑战，并接收所述链下隐私计算节点返回的远程证明报告；或者，在所述链下隐私计算节点属于链下隐私计算集群的情况下，使所述客户端向所述链下隐私计算集群的控制节点发起挑战，并接收所述控制节点返回的远程证明报告。Optionally, the report obtaining unit 1501 is further configured to: enable the client to initiate a challenge to the off-chain privacy computing node, and receive a remote attestation report returned by the off-chain privacy computing node; or, in the When the off-chain privacy computing node belongs to the off-chain privacy computing cluster, the client is caused to initiate a challenge to the control node of the off-chain privacy computing cluster, and receive a remote certification report returned by the control node.

可选的，所述报告获取单元1501进一步用于：使所述客户端向区块链节点提交挑战交易，所述挑战交易所含的挑战信息可由所述区块链节点通过预言机机制传输至所述链下隐私计算节点或所述控制节点；或者，使所述客户端向所述链下隐私计算节点或 所述控制节点发起链下挑战。Optionally, the report obtaining unit 1501 is further configured to: enable the client to submit a challenge transaction to a blockchain node, and the challenge information contained in the challenge transaction may be transmitted to the blockchain node through an oracle mechanism The off-chain private computing node or the control node; or, the client is caused to initiate an off-chain challenge to the off-chain private computing node or the control node.

可选的，所述报告获取单元1501进一步用于：使所述客户端向所述控制节点发起挑战且挑战目标被设定为所述链下隐私计算节点，使所述控制节点返回所述链下隐私计算节点的远程证明报告；或者，使所述客户端向所述控制节点发起挑战且挑战目标未设定，使所述控制节点从所述链下隐私计算集群中选取所述链下隐私计算节点并返回所述链下隐私计算节点的远程证明报告。Optionally, the report obtaining unit 1501 is further configured to: enable the client to initiate a challenge to the control node and the challenge target is set to the off-chain privacy computing node, so that the control node returns to the chain Remote attestation report of a private computing node; or, the client is asked to initiate a challenge to the control node and the challenge goal is not set, so that the control node selects the off-chain privacy from the off-chain privacy computing cluster Compute the node and return the remote certification report of the off-chain private computing node.

可选的，所述合约信息获取单元1502还用于：根据所述认证服务器的公钥对所述远程证明报告进行签名验证；在签名验证通过且所述远程证明报告包含的远程认证结果为通过认证的情况下，从所述远程证明报告携带的所述自荐信息内提取出第一待检验哈希值，所述第一待检验哈希值为所述链下可信执行环境的预设信息的哈希值；将预先获得的针对所述链下可信执行环境的第一标准哈希值与所述第一待检验哈希值进行比较，并将比较结果一致作为确认所述链下可信执行环境可信的前提条件。Optionally, the contract information obtaining unit 1502 is further configured to: perform signature verification on the remote attestation report according to the public key of the authentication server; In the case of authentication, the first to-be-verified hash value is extracted from the self-recommendation information carried in the remote attestation report, and the first to-be-verified hash value is the preset information of the trusted execution environment under the chain The first standard hash value for the trusted execution environment under the chain obtained in advance is compared with the first hash value to be verified, and the comparison result is consistent as the confirmation that the off-chain can be Trust the prerequisites for a credible execution environment.

可选的，所述合约信息获取单元1502还用于：使所述客户端获取所述链下隐私计算节点提供的第一身份信息，并对获取到的第一身份信息进行哈希计算以得到第二待校验哈希值，所述第一身份信息包含所述链下隐私计算节点的身份公钥和所述链下隐私计算节点的其他身份信息；使所述客户端获取所述链下隐私计算节点提供的第二标准哈希值，所述第二标准哈希值由所述链下隐私计算节点在所述链下可信执行环境内生成自身的身份信息后对生成的身份信息进行哈希计算得到；使所述客户端将所述第二待校验哈希值与所述第二标准哈希值进行比较，并在比较结果一致的情况下获取所述隐私计算节点的第一身份信息中包含的所述身份公钥。Optionally, the contract information obtaining unit 1502 is further configured to: enable the client to obtain the first identity information provided by the off-chain privacy computing node, and perform a hash calculation on the obtained first identity information to obtain The second hash value to be verified, the first identity information includes the identity public key of the off-chain private computing node and other identity information of the off-chain private computing node; enabling the client to obtain the off-chain The second standard hash value provided by the privacy computing node, the second standard hash value is generated by the off-chain privacy computing node after generating its own identity information in the off-chain trusted execution environment Hash calculation; enable the client to compare the second hash value to be verified with the second standard hash value, and if the comparison result is consistent, obtain the first value of the privacy computing node The identity public key included in the identity information.

可选的，所述合约信息获取单元1502还用于：使所述客户端根据所述认证服务器的公钥对所述远程证明报告进行签名验证并在签名验证通过且所述远程证明报告包含的远程认证结果为通过认证的情况下，获取所述链下隐私计算节点提供的第二身份信息，并对获取到的第二身份信息进行哈希计算以得到第三待校验哈希值，所述第二身份信息包含所述链下隐私计算节点的身份公钥、所述链下隐私计算节点的其他身份信息和第四待校验哈希值，所述第四待校验哈希值为所述链下可信执行环境的预设信息的哈希值；使所述客户端获取所述链下隐私计算节点提供的第三标准哈希值，并将所述第三待校验哈希值与第三标准哈希值进行比较，所述第三标准哈希值由所述链下隐私计算节点在所述链下可信执行环境内生成自身的身份信息后对生成的身份信息进行哈希计算得到；使所述客户端在所述第三待校验哈希值与所述第三标准哈希值一致的情况下，将预先获得的针对所述链下可信执行环境的第四标准哈希值与所述第四待检验哈希值进行比较，并将比较结果一致作为确认所述链下可信执行环境可信的前提条件；其中，所述第二身份信息包含的所述身份公钥用于对所述待验证合约信息进行签名验证。Optionally, the contract information obtaining unit 1502 is further configured to: enable the client to perform signature verification on the remote certification report according to the public key of the authentication server, and verify the signature of the remote certification report after the signature verification is passed and the remote certification report contains If the remote authentication result is that the authentication is passed, the second identity information provided by the off-chain privacy computing node is obtained, and the obtained second identity information is hashed to obtain the third hash value to be verified, so The second identity information includes the identity public key of the off-chain privacy computing node, other identity information of the off-chain privacy computing node, and a fourth hash value to be verified, and the fourth hash value to be verified The hash value of the preset information of the off-chain trusted execution environment; enable the client to obtain the third standard hash value provided by the off-chain privacy computing node, and hash the third to-be-verified The value is compared with a third standard hash value. The third standard hash value is generated by the off-chain privacy computing node after generating its own identity information in the off-chain trusted execution environment. It is hoped that it can be calculated; if the third hash value to be verified is consistent with the third standard hash value, the client will pre-obtain the fourth value for the trusted off-chain execution environment The standard hash value is compared with the fourth hash value to be checked, and the comparison result is consistent as a prerequisite for confirming the trustworthiness of the off-chain trusted execution environment; wherein, the second identity information contains the The identity public key is used to perform signature verification on the contract information to be verified.

可选的，所述链下隐私计算节点的身份信息为所述链下隐私计算节点的节点身份信息，所述身份私钥为所述链下隐私计算节点的节点身份私钥，所述身份公钥为所述链下隐私计算节点的节点身份公钥；或者，在所述链下隐私计算节点属于链下隐私计算集群的情况下，所述身份信息为所述链下隐私计算集群的集群身份信息，所述身份公钥为所述链下隐私计算集群的集群身份密钥中的集群身份公钥，所述身份私钥为所述集群 身份密钥中的集群身份私钥；其中，在区块链节点与所述链下隐私计算集群中的各节点进行交互以部署或调用链下合约的过程中，所述集群身份密钥用于对交互数据进行加密解密和/或签名验签。Optionally, the identity information of the off-chain private computing node is the node identity information of the off-chain private computing node, the identity private key is the node identity private key of the off-chain private computing node, and the identity public The key is the node identity public key of the off-chain private computing node; or, in the case that the off-chain private computing node belongs to the off-chain private computing cluster, the identity information is the cluster identity of the off-chain private computing cluster Information, the identity public key is the cluster identity public key in the cluster identity key of the off-chain privacy computing cluster, and the identity private key is the cluster identity private key in the cluster identity key; In the process of a blockchain node interacting with each node in the off-chain privacy computing cluster to deploy or invoke an off-chain contract, the cluster identity key is used to encrypt and decrypt interactive data and/or signature verification.

可选的，还包括调用单元1504，使所述客户端向区块链节点提交针对所述目标链下合约的调用交易，所述调用交易用于指示所述区块链节点通过预言机机制对所述链下隐私计算节点部署的所述目标链下合约发起调用。Optionally, it further includes a calling unit 1504, which enables the client to submit a calling transaction for the contract under the target chain to a blockchain node, where the calling transaction is used to instruct the blockchain node to perform an oracle mechanism The target off-chain contract deployed by the off-chain privacy computing node initiates a call.

可选的，还包括：结果获取单元1505，使所述客户端获取所述链下隐私计算节点通过所述预言机机制反馈至所述区块链节点的执行结果，所述执行结果由所述目标链下合约响应于所述区块链节点的调用生成，并在所述链下可信执行环境内被通过所述目标链下合约的合约身份私钥进行签名；判定单元1506，使所述客户端在采用所述目标链下合约的合约身份公钥对所述执行结果进行签名验证且通过签名验证的情况下，判定所述执行结果由所述目标链下合约生成。Optionally, it further includes: a result obtaining unit 1505, which enables the client to obtain the execution result of the off-chain privacy computing node that is fed back to the blockchain node through the oracle mechanism, and the execution result is determined by the The target chain contract is generated in response to the call of the blockchain node, and is signed by the contract identity private key of the target chain contract in the trusted execution environment of the chain; the determination unit 1506 makes the When the client uses the contract identity public key of the target chain contract to perform signature verification on the execution result and the signature verification is passed, the client determines that the execution result is generated by the target chain contract.

可选的，所述合约信息包含所述目标链下合约的合约身份公钥，在所述客户端通过区块链节点的预言机机制对所述目标链下合约发起调用的情况下，所述合约身份公钥用于对调用所述目标链下合约时所采用的入参数据进行加密，加密后的入参数据由所述目标链下合约的合约身份私钥解密。Optionally, the contract information includes the contract identity public key of the target chain contract. When the client initiates a call to the target chain contract through the oracle mechanism of the blockchain node, the The contract identity public key is used to encrypt the input parameter data used when invoking the target chain contract, and the encrypted input parameter data is decrypted by the contract identity private key of the target chain contract.

请参考图16，在一种软件实施方式中，该链下隐私计算节点侧的验证合约的装置可以包括以下单元。Referring to FIG. 16, in a software implementation, the device for verifying the contract on the side of the off-chain privacy computing node may include the following units.

报告提供单元1601，使链下隐私计算节点向客户端提供针对所述链下隐私计算节点创建的链下可信执行环境的远程证明报告，所述远程证明报告由认证服务器对所述链下隐私计算节点针对所述链下可信执行环境产生的自荐信息进行验证后生成。The report providing unit 1601 enables the off-chain private computing node to provide the client with a remote certification report for the off-chain trusted execution environment created by the off-chain private computing node. The remote certification report is verified by the authentication server on the off-chain privacy The computing node is generated after verifying the self-recommended information generated by the trusted execution environment under the chain.

信息提供单元1602，使所述链下隐私计算节点向所述客户端提供部署于所述链下隐私计算节点处的目标链下合约的待验证合约信息，所述待验证合约信息被所述链下隐私计算节点在所述链下可信执行环境内采用所述链下隐私计算节点的身份私钥进行签名，所述身份私钥由所述链下隐私计算节点在所述链下可信执行环境内维护。The information providing unit 1602 enables the off-chain privacy computing node to provide the client with the to-be-verified contract information of the target off-chain contract deployed at the off-chain privacy computing node, and the to-be-verified contract information is used by the chain The lower private computing node uses the identity private key of the off-chain private computing node to sign in the off-chain trusted execution environment, and the identity private key is trusted by the off-chain private computing node to execute under the chain Maintenance within the environment.

所述待验证合约信息由所述客户端在根据所述远程证明报告确定所述链下可信执行环境可信的情况下，采用所述链下隐私计算节点的身份公钥对所述待验证合约信息进行签名验证，以及根据所述目标链下合约的合约信息对所述待验证合约信息进行合约信息验证，并在签名验证和合约信息验证通过的情况下，确定所述客户端在通过区块链节点的预言机机制对所述目标链下合约发起调用时，所述目标链下合约由所述链下隐私计算节点在所述链下可信执行环境中执行。When the contract information to be verified is determined by the client according to the remote attestation report that the off-chain trusted execution environment is credible, the identity public key of the off-chain private computing node is used to authenticate the to-be-verified Perform signature verification on the contract information, and perform contract information verification on the contract information to be verified based on the contract information of the contract under the target chain, and if the signature verification and contract information verification pass, it is determined that the client is in the pass zone When the oracle mechanism of the block chain node initiates a call to the target chain contract, the target chain contract is executed by the chain privacy computing node in the trusted execution environment of the chain.

可选的，所述报告提供单元1601还用于：使所述链下隐私计算节点接收所述客户端向所述链下隐私计算节点发起的挑战，向所述客户端返回所述远程证明报告；或者，在所述链下隐私计算节点属于链下隐私计算集群的情况下，在所述链下隐私计算集群的控制节点接收到所述客户端发起的挑战后，使所述链下隐私计算节点向所述控制节点发送所述远程证明报告，所述远程证明报告由所述控制节点返回至所述客户端。Optionally, the report providing unit 1601 is further configured to: enable the off-chain privacy computing node to receive the challenge initiated by the client to the off-chain privacy computing node, and return the remote attestation report to the client Or, in the case that the off-chain privacy computing node belongs to the off-chain privacy computing cluster, after the control node of the off-chain privacy computing cluster receives the challenge initiated by the client, the off-chain privacy computing The node sends the remote certification report to the control node, and the remote certification report is returned by the control node to the client.

可选的，所述远程证明报告携带的所述自荐信息内包含第一待检验哈希值，所 述第一待检验哈希值为所述链下可信执行环境的预设信息的哈希值，所述第一待检验哈希值用于所述客户端在根据所述认证服务器的公钥对所述远程证明报告进行签名验证并签名验证通过且所述远程证明报告包含的远程认证结果为通过认证的情况下，与预先获得的针对所述链下可信执行环境的第一标准哈希值进行比较，且比较结果一致被作为所述客户端确认所述链下可信执行环境可信的前提条件。Optionally, the self-recommendation information carried in the remote attestation report includes a first to-be-verified hash value, and the first to-be-verified hash value is a hash of preset information of the off-chain trusted execution environment Value, the first hash value to be verified is used by the client to verify the signature of the remote certification report according to the public key of the authentication server, and the remote certification report contains the remote certification result. In the case of passing the authentication, it is compared with the pre-obtained first standard hash value for the off-chain trusted execution environment, and the comparison result is consistent as the client confirms that the off-chain trusted execution environment can be A prerequisite for the letter.

可选的，所述信息提供单元1602还用于：使所述链下隐私计算节点向所述客户端提供第一身份信息，所述第一身份信息包含所述链下隐私计算节点的身份公钥和所述链下隐私计算节点的其他身份信息，所述第一身份信息被所述客户端进行哈希计算以得到第二待校验哈希值；使所述链下隐私计算节点向所述客户端提供第二标准哈希值，所述第二标准哈希值由所述链下隐私计算节点在所述链下可信执行环境内生成自身的身份信息后对生成的身份信息进行哈希计算得到；所述第二标准哈希值用于与所述第二待校验哈希值进行比较，且所述客户端在比较结果一致的情况下获取所述隐私计算节点的第一身份信息中包含的所述身份公钥。Optionally, the information providing unit 1602 is further configured to: enable the off-chain private computing node to provide first identity information to the client, where the first identity information includes the identity publicity of the off-chain private computing node Key and other identity information of the off-chain privacy computing node. The first identity information is hashed by the client to obtain the second hash value to be verified; and the off-chain privacy computing node is sent to the The client provides a second standard hash value, and the second standard hash value is generated by the off-chain privacy computing node after generating its own identity information in the off-chain trusted execution environment. Greek calculation; the second standard hash value is used for comparison with the second hash value to be verified, and the client obtains the first identity of the privacy computing node when the comparison result is consistent The identity public key contained in the information.

可选的，所述信息提供单元1602还用于：使所述链下隐私计算节点向所述客户端提供自身的第二身份信息，所述第二身份信息包含所述链下隐私计算节点的身份公钥、所述链下隐私计算节点的其他身份信息和第四待校验哈希值，所述第四待校验哈希值为所述链下可信执行环境的预设信息的哈希值；使所述链下隐私计算节点向所述客户端提供第三标准哈希值，所述第三标准哈希值由所述链下隐私计算节点在所述链下可信执行环境内生成自身的身份信息后对生成的身份信息进行哈希计算得到；所述第二身份信息在所述客户端根据所述认证服务器的公钥对所述远程证明报告进行签名验证并在签名验证通过且所述远程证明报告包含的远程认证结果为通过认证的情况下，被所述客户端进行哈希计算以得到第三待校验哈希值；其中，确认所述链下可信执行环境可信的前提条件包含在所述第三待校验哈希值与所述第三标准哈希值一致的情况下，所述第四待校验哈希值与所述客户端预先获得的针对所述链下可信执行环境的第四标准哈希值一致；所述第二身份信息包含的所述身份公钥用于对所述待验证合约信息进行签名验证。Optionally, the information providing unit 1602 is further configured to: enable the off-chain private computing node to provide its second identity information to the client, where the second identity information includes the off-chain private computing node The identity public key, other identity information of the off-chain privacy computing node, and a fourth hash value to be verified, where the fourth hash value to be verified is the hash value of the preset information of the trusted execution environment off the chain Hope value; make the off-chain private computing node provide the client with a third standard hash value, and the third standard hash value is determined by the off-chain private computing node in the off-chain trusted execution environment After generating its own identity information, it is obtained by hashing the generated identity information; the second identity information performs signature verification on the remote certification report on the client side according to the public key of the authentication server and passes the signature verification And if the remote authentication result contained in the remote attestation report is passed authentication, the client performs a hash calculation to obtain the third hash value to be verified; wherein, it is confirmed that the off-chain trusted execution environment can be verified. The prerequisite of the letter includes that when the third hash value to be verified is consistent with the third standard hash value, the fourth hash value to be verified is the same as that obtained in advance by the client. The fourth standard hash value of the trusted execution environment under the chain is consistent; the identity public key included in the second identity information is used to perform signature verification on the contract information to be verified.

可选的，所述链下隐私计算节点的身份信息为所述链下隐私计算节点的节点身份信息，所述身份私钥为所述链下隐私计算节点的节点身份私钥，所述身份公钥为所述链下隐私计算节点的节点身份公钥；或者，在所述链下隐私计算节点属于链下隐私计算集群的情况下，所述身份信息为所述链下隐私计算集群的集群身份信息，所述身份公钥为所述链下隐私计算集群的集群身份密钥中的集群身份公钥，所述身份私钥为所述集群身份密钥中的集群身份私钥；其中，在区块链节点与所述链下隐私计算集群中的各节点进行交互以部署或调用链下合约的过程中，所述集群身份密钥用于对交互数据进行加密解密和/或签名验签。Optionally, the identity information of the off-chain private computing node is the node identity information of the off-chain private computing node, the identity private key is the node identity private key of the off-chain private computing node, and the identity public The key is the node identity public key of the off-chain private computing node; or, in the case that the off-chain private computing node belongs to the off-chain private computing cluster, the identity information is the cluster identity of the off-chain private computing cluster Information, the identity public key is the cluster identity public key in the cluster identity key of the off-chain privacy computing cluster, and the identity private key is the cluster identity private key in the cluster identity key; In the process of a blockchain node interacting with each node in the off-chain privacy computing cluster to deploy or invoke an off-chain contract, the cluster identity key is used to encrypt and decrypt interactive data and/or signature verification.

可选的，还包括：执行单元1603，使所述链下隐私计算节点响应于区块链节点通过预言机机制对部署的所述目标链下合约发起的调用，执行所述目标链下合约；所述区块链节点对所述目标链下合约发起的调用由所述客户端提交的针对所述目标链下合约的调用交易触发。Optionally, it further includes: an execution unit 1603, which enables the off-chain privacy computing node to execute the target off-chain contract in response to a call initiated by a blockchain node to the deployed target off-chain contract through the oracle mechanism; The call initiated by the blockchain node to the contract under the target chain is triggered by a call transaction submitted by the client for the contract under the target chain.

可选的，还包括：反馈单元1604，使所述链下隐私计算节点通过所述预言机机 制向区块链节点反馈执行结果，所述执行结果由所述目标链下合约响应于所述区块链节点的调用生成，并在所述链下可信执行环境内被通过所述目标链下合约的合约身份私钥进行签名；其中，在采用所述目标链下合约的合约身份公钥对所述执行结果进行签名验证且通过签名验证的情况下，所述执行结果被判定为由所述目标链下合约生成。Optionally, it further includes: a feedback unit 1604, which enables the off-chain privacy computing node to feed back an execution result to the blockchain node through the oracle mechanism, and the execution result is determined by the target off-chain contract in response to the zone The block chain node is called and generated, and is signed by the contract identity private key of the target chain contract in the off-chain trusted execution environment; wherein, the contract identity public key pair of the target chain contract is used In the case where the execution result is subjected to signature verification and the signature verification is passed, the execution result is determined to be generated by the target chain contract.

可选的，所述合约信息包含所述目标链下合约的合约身份公钥，在所述客户端通过区块链节点的预言机机制对所述目标链下合约发起调用的情况下，所述合约身份公钥用于对调用所述目标链下合约时所采用的入参数据进行加密，加密后的入参数据由所述目标链下合约的合约身份私钥解密。Optionally, the contract information includes the contract identity public key of the target chain contract. When the client initiates a call to the target chain contract through the oracle mechanism of the blockchain node, the The contract identity public key is used to encrypt the input parameter data used when invoking the target chain contract, and the encrypted input parameter data is decrypted by the contract identity private key of the target chain contract.

请参考图17，在另一种软件实施方式中，该客户端侧的验证合约的装置可以包括：报告获取单元1701，使客户端获取针对隐私计算节点创建的可信执行环境的远程证明报告，所述远程证明报告由认证服务器对所述隐私计算节点针对所述可信执行环境产生的自荐信息进行验证后生成；合约信息获取单元1702，使所述客户端在根据所述远程证明报告确定所述可信执行环境可信的情况下，获取部署于所述隐私计算节点处的目标智能合约的待验证合约信息，所述待验证合约信息被所述隐私计算节点在所述可信执行环境内采用所述隐私计算节点的身份私钥进行签名，所述身份私钥由所述隐私计算节点在所述可信执行环境内维护；验证单元1703，使所述客户端采用所述隐私计算节点的身份公钥对所述待验证合约信息进行签名验证，以及根据所述目标智能合约的合约信息对所述待验证合约信息进行合约信息验证，并在签名验证和合约信息验证通过的情况下，确定所述客户端在对所述目标智能合约发起调用时，所述目标智能合约由所述隐私计算节点在所述可信执行环境中执行。Referring to FIG. 17, in another software implementation, the device for verifying the contract on the client side may include: a report obtaining unit 1701, which enables the client to obtain a remote certification report for a trusted execution environment created by a private computing node, The remote attestation report is generated by the authentication server after verifying the self-recommendation information generated by the private computing node for the trusted execution environment; the contract information acquisition unit 1702 enables the client to determine the information based on the remote attestation report In the case that the trusted execution environment is credible, obtain the contract information to be verified of the target smart contract deployed at the private computing node, and the contract information to be verified is used by the private computing node in the trusted execution environment The identity private key of the private computing node is used for signing, and the private identity key is maintained by the private computing node in the trusted execution environment; the verification unit 1703 enables the client to use the private computing node’s The identity public key performs signature verification on the contract information to be verified, and performs contract information verification on the contract information to be verified according to the contract information of the target smart contract, and confirms if the signature verification and contract information verification pass When the client initiates a call to the target smart contract, the target smart contract is executed by the private computing node in the trusted execution environment.

可选的，合约信息获取单元1702具体用于：根据所述认证服务器的公钥对所述远程证明报告进行签名验证；在签名验证通过且所述远程证明报告包含的远程认证结果为通过认证的情况下，从所述远程证明报告携带的所述自荐信息内提取出第一待检验哈希值，所述第一待检验哈希值为所述可信执行环境的预设信息的哈希值；将预先获得的针对所述可信执行环境的第一标准哈希值与所述第一待检验哈希值进行比较，并将比较结果一致作为确认所述可信执行环境可信的前提条件。Optionally, the contract information obtaining unit 1702 is specifically configured to: perform signature verification on the remote certification report according to the public key of the certification server; In this case, the first to-be-verified hash value is extracted from the self-recommendation information carried in the remote attestation report, and the first to-be-verified hash value is the hash value of the preset information of the trusted execution environment ; Compare the pre-obtained first standard hash value for the trusted execution environment with the first hash value to be verified, and make the comparison result consistent as a prerequisite for confirming that the trusted execution environment is trustworthy .

可选的，验证单元1703具体用于：所述客户端获取所述隐私计算节点提供的第一身份信息，并对获取到的第一身份信息进行哈希计算以得到第二待校验哈希值，所述第一身份信息包含所述隐私计算节点的身份公钥和所述隐私计算节点的其他身份信息；所述客户端获取所述隐私计算节点提供的第二标准哈希值，所述第二标准哈希值由所述隐私计算节点在所述可信执行环境内生成自身的身份信息后对生成的身份信息进行哈希计算得到；Optionally, the verification unit 1703 is specifically configured to: the client obtains the first identity information provided by the privacy computing node, and performs a hash calculation on the obtained first identity information to obtain a second hash to be verified Value, the first identity information includes the identity public key of the private computing node and other identity information of the private computing node; the client obtains the second standard hash value provided by the private computing node, the The second standard hash value is obtained by hashing the generated identity information after the privacy computing node generates its own identity information in the trusted execution environment;

所述客户端将所述第二待校验哈希值与所述第二标准哈希值进行比较，并在比较结果一致的情况下获取所述隐私计算节点的第一身份信息中包含的所述身份公钥。The client compares the second hash value to be verified with the second standard hash value, and if the comparison result is consistent, obtains all the information contained in the first identity information of the privacy computing node. The public key of the identity.

可选的，验证单元1703具体用于：根据所述认证服务器的公钥对所述远程证明报告进行签名验证并在签名验证通过且所述远程证明报告包含的远程认证结果为通过认证的情况下，获取所述隐私计算节点提供的第二身份信息，并对获取到的第二身份信息进行哈希计算以得到第三待校验哈希值，所述第二身份信息包含所述隐私计算节点的 身份公钥、所述隐私计算节点的其他身份信息和第四待校验哈希值，所述第四待校验哈希值为所述可信执行环境的预设信息的哈希值；获取所述隐私计算节点提供的第三标准哈希值，并将所述第三待校验哈希值与第三标准哈希值进行比较，所述第三标准哈希值由所述隐私计算节点在所述可信执行环境内生成自身的身份信息后对生成的身份信息进行哈希计算得到；在所述第三待校验哈希值与所述第三标准哈希值一致的情况下，将预先获得的针对所述可信执行环境的第四标准哈希值与所述第四待检验哈希值进行比较，并将比较结果一致作为确认所述可信执行环境可信的前提条件；其中，所述第二身份信息包含的所述身份公钥用于对所述待验证合约信息进行签名验证。Optionally, the verification unit 1703 is specifically configured to: perform signature verification on the remote certification report according to the public key of the certification server, and when the signature verification is passed and the remote certification result contained in the remote certification report is certified , Acquiring the second identity information provided by the privacy computing node, and performing a hash calculation on the acquired second identity information to obtain a third hash value to be verified, where the second identity information includes the privacy computing node The identity public key of the private computing node, other identity information of the privacy computing node, and a fourth hash value to be verified, where the fourth hash value to be verified is a hash value of preset information of the trusted execution environment; Obtain a third standard hash value provided by the privacy computing node, and compare the third hash value to be verified with a third standard hash value, the third standard hash value being calculated by the privacy After the node generates its own identity information in the trusted execution environment, it hashes the generated identity information; in the case that the third hash value to be verified is consistent with the third standard hash value , Compare the pre-obtained fourth standard hash value for the trusted execution environment with the fourth hash value to be checked, and use the consistency of the comparison result as a prerequisite for confirming that the trusted execution environment is trustworthy ; Wherein, the identity public key included in the second identity information is used to perform signature verification on the contract information to be verified.

可选的，所述隐私计算节点的身份信息为所述隐私计算节点的节点身份信息，所述身份私钥为所述隐私计算节点的节点身份私钥，所述身份公钥为所述隐私计算节点的节点身份公钥；或者，在所述隐私计算节点属于链下隐私计算集群的情况下，所述身份信息为所述链下隐私计算集群的集群身份信息，所述身份公钥为所述链下隐私计算集群的集群身份密钥中的集群身份公钥，所述身份私钥为所述集群身份密钥中的集群身份私钥；其中，在所述客户端与所述链下隐私计算集群中的各节点进行交互以部署或调用智能合约的过程中，所述集群身份密钥用于对交互数据进行加密解密和/或签名验签。Optionally, the identity information of the private computing node is the node identity information of the private computing node, the identity private key is the node identity private key of the private computing node, and the identity public key is the private computing node The node identity public key of the node; or, in the case that the private computing node belongs to the off-chain private computing cluster, the identity information is the cluster identity information of the off-chain private computing cluster, and the identity public key is the The cluster identity public key in the cluster identity key of the off-chain privacy computing cluster, where the identity private key is the cluster identity private key in the cluster identity key; wherein, the client and the off-chain privacy calculation In the process of each node in the cluster interacting to deploy or invoke smart contracts, the cluster identity key is used to encrypt and decrypt interactive data and/or signature verification.

可选的，验证单元1703还用于：所述客户端获取所述隐私计算节点反馈的执行结果，所述执行结果由所述目标智能合约响应于所述客户端的调用生成，并在所述可信执行环境内被通过所述目标智能合约的合约身份私钥进行签名；所述客户端在采用所述目标智能合约的合约身份公钥对所述执行结果进行签名验证且通过签名验证的情况下，判定所述执行结果由所述目标智能合约生成。Optionally, the verification unit 1703 is further configured to: the client obtains the execution result fed back by the privacy computing node, the execution result is generated by the target smart contract in response to the client's invocation, and is displayed in the The execution environment is signed by the contract identity private key of the target smart contract; when the client uses the contract identity public key of the target smart contract to verify the execution result and pass the signature verification , It is determined that the execution result is generated by the target smart contract.

可选的，所述合约信息包含所述目标智能合约的合约身份公钥，在所述客户端对所述目标智能合约发起调用的情况下，所述合约身份公钥用于对调用所述目标智能合约时所采用的入参数据进行加密，加密后的入参数据由所述目标智能合约的合约身份私钥解密。Optionally, the contract information includes the contract identity public key of the target smart contract, and when the client initiates a call to the target smart contract, the contract identity public key is used to call the target smart contract. The input parameter data used in the smart contract is encrypted, and the encrypted input parameter data is decrypted by the contract identity private key of the target smart contract.

请参考图18，在另一种软件实施方式中，该隐私计算节点侧的验证合约的装置可以包括：报告提供单元1801，使隐私计算节点向客户端提供针对所述隐私计算节点创建的可信执行环境的远程证明报告，所述远程证明报告由认证服务器对所述隐私计算节点针对所述可信执行环境产生的自荐信息进行验证后生成；合约信息提供单元1802，使所述隐私计算节点向所述客户端提供部署于所述隐私计算节点处的目标智能合约的待验证合约信息，所述待验证合约信息被所述隐私计算节点在所述可信执行环境内采用所述隐私计算节点的身份私钥进行签名，所述身份私钥由所述隐私计算节点在所述可信执行环境内维护；其中，所述待验证合约信息由所述客户端在根据所述远程证明报告确定所述可信执行环境可信的情况下，采用所述隐私计算节点的身份公钥对所述待验证合约信息进行签名验证，以及根据所述目标智能合约的合约信息对所述待验证合约信息进行合约信息验证，并在签名验证和合约信息验证通过的情况下，确定所述客户端在对所述目标智能合约发起调用时，所述目标智能合约由所述隐私计算节点在所述可信执行环境中执行。Please refer to FIG. 18, in another software implementation, the device for verifying the contract on the side of the private computing node may include: a report providing unit 1801, which enables the private computing node to provide the client with the trusted computing node created for the private computing node. The remote attestation report of the execution environment, the remote attestation report is generated by the authentication server after verifying the self-recommended information generated by the private computing node for the trusted execution environment; the contract information providing unit 1802 makes the private computing node send The client provides the contract information to be verified of the target smart contract deployed at the private computing node, and the contract information to be verified is used by the private computing node in the trusted execution environment by the private computing node. The identity private key is signed, and the identity private key is maintained by the privacy computing node in the trusted execution environment; wherein, the contract information to be verified is determined by the client according to the remote attestation report. When the trusted execution environment is credible, the identity public key of the private computing node is used to perform signature verification on the contract information to be verified, and the contract information to be verified is contracted based on the contract information of the target smart contract Information verification, and when the signature verification and contract information verification pass, it is determined that when the client initiates a call to the target smart contract, the target smart contract is used by the private computing node in the trusted execution environment Executed.

可选的，所述远程证明报告携带的所述自荐信息内包含第一待检验哈希值，所 述第一待检验哈希值为所述可信执行环境的预设信息的哈希值，所述第一待检验哈希值用于所述客户端在根据所述认证服务器的公钥对所述远程证明报告进行签名验证并签名验证通过且所述远程证明报告包含的远程认证结果为通过认证的情况下，与预先获得的针对所述可信执行环境的第一标准哈希值进行比较，且比较结果一致被作为所述客户端确认所述可信执行环境可信的前提条件。Optionally, the self-recommendation information carried in the remote attestation report includes a first to-be-verified hash value, and the first to-be-verified hash value is a hash value of preset information of the trusted execution environment, The first hash value to be verified is used by the client to verify the signature of the remote certification report according to the public key of the authentication server and the signature verification is passed, and the remote certification result contained in the remote certification report is passed In the case of authentication, a comparison is made with the pre-obtained first standard hash value for the trusted execution environment, and the comparison result is consistent as a prerequisite for the client to confirm that the trusted execution environment is trustworthy.

可选的，报告提供单元1801具体用于：所述隐私计算节点向所述客户端提供第一身份信息，所述第一身份信息包含所述隐私计算节点的身份公钥和所述隐私计算节点的其他身份信息，所述第一身份信息被所述客户端进行哈希计算以得到第二待校验哈希值；所述隐私计算节点向所述客户端提供第二标准哈希值，所述第二标准哈希值由所述隐私计算节点在所述可信执行环境内生成自身的身份信息后对生成的身份信息进行哈希计算得到；所述第二标准哈希值用于与所述第二待校验哈希值进行比较，且所述客户端在比较结果一致的情况下获取所述隐私计算节点的第一身份信息中包含的所述身份公钥。Optionally, the report providing unit 1801 is specifically configured to: the private computing node provides first identity information to the client, where the first identity information includes the identity public key of the private computing node and the private computing node The first identity information is hashed by the client to obtain the second hash value to be verified; the privacy calculation node provides the second standard hash value to the client, so The second standard hash value is obtained by hashing the generated identity information after the privacy computing node generates its own identity information in the trusted execution environment; the second standard hash value is used to communicate with all The second hash value to be verified is compared, and the client obtains the identity public key included in the first identity information of the privacy computing node when the comparison result is consistent.

可选的，报告提供单元1801具体用于：所述隐私计算节点向所述客户端提供自身的第二身份信息，所述第二身份信息包含所述隐私计算节点的身份公钥、所述隐私计算节点的其他身份信息和第四待校验哈希值，所述第四待校验哈希值为所述可信执行环境的预设信息的哈希值；所述隐私计算节点向所述客户端提供第三标准哈希值，所述第三标准哈希值由所述隐私计算节点在所述可信执行环境内生成自身的身份信息后对生成的身份信息进行哈希计算得到；所述第二身份信息在所述客户端根据所述认证服务器的公钥对所述远程证明报告进行签名验证并在签名验证通过且所述远程证明报告包含的远程认证结果为通过认证的情况下，被所述客户端进行哈希计算以得到第三待校验哈希值；其中，确认所述可信执行环境可信的前提条件包含在所述第三待校验哈希值与所述第三标准哈希值一致的情况下，所述第四待校验哈希值与所述客户端预先获得的针对所述可信执行环境的第四标准哈希值一致；所述第二身份信息包含的所述身份公钥用于对所述待验证合约信息进行签名验证。Optionally, the report providing unit 1801 is specifically configured to: the private computing node provides its own second identity information to the client, where the second identity information includes the identity public key of the private computing node, and the privacy Other identity information of the computing node and a fourth hash value to be verified, where the fourth hash value to be verified is a hash value of preset information of the trusted execution environment; The client provides a third standard hash value, and the third standard hash value is obtained by hashing the generated identity information after the privacy computing node generates its own identity information in the trusted execution environment; The second identity information is when the client performs signature verification on the remote certification report according to the public key of the certification server, and when the signature verification is passed and the remote certification result contained in the remote certification report is certified, Hash calculation is performed by the client to obtain a third hash value to be verified; wherein the precondition for confirming that the trusted execution environment is credible is included in the third hash value to be verified and the first When the three standard hash values are consistent, the fourth hash value to be verified is consistent with the fourth standard hash value for the trusted execution environment obtained in advance by the client; the second identity information The included identity public key is used to perform signature verification on the contract information to be verified.

可选的，所述隐私计算节点的身份信息为所述隐私计算节点的节点身份信息，所述身份私钥为所述隐私计算节点的节点身份私钥，所述身份公钥为所述隐私计算节点的节点身份公钥；或者，在所述隐私计算节点属于链下隐私计算集群的情况下，所述身份信息为所述链下隐私计算集群的集群身份信息，所述身份公钥为所述链下隐私计算集群的集群身份密钥中的集群身份公钥，所述身份私钥为所述集群身份密钥中的集群身份私钥；其中，在所述客户端与所述链下隐私计算集群中的各节点进行交互以部署或调用智能合约的过程中，所述集群身份密钥用于对交互数据进行加密解密和/或签名验签。Optionally, the identity information of the private computing node is the node identity information of the private computing node, the identity private key is the node identity private key of the private computing node, and the identity public key is the private computing node The node identity public key of the node; or, in the case that the private computing node belongs to the off-chain private computing cluster, the identity information is the cluster identity information of the off-chain private computing cluster, and the identity public key is the The cluster identity public key in the cluster identity key of the off-chain privacy computing cluster, where the identity private key is the cluster identity private key in the cluster identity key; wherein, the client and the off-chain privacy calculation In the process of each node in the cluster interacting to deploy or invoke smart contracts, the cluster identity key is used to encrypt and decrypt interactive data and/or signature verification.

可选的，合约信息提供单元1802还用于：使所述隐私计算节点向所述客户端反馈执行结果，所述执行结果由所述目标智能合约响应于所述区块链节点的调用生成，并在所述可信执行环境内被通过所述目标智能合约的合约身份私钥进行签名；其中，在采用所述目标智能合约的合约身份公钥对所述执行结果进行签名验证且通过签名验证的情况下，所述执行结果被判定为由所述目标智能合约生成。Optionally, the contract information providing unit 1802 is further configured to: enable the privacy computing node to feed back an execution result to the client, and the execution result is generated by the target smart contract in response to the invocation of the blockchain node, And is signed by the contract identity private key of the target smart contract in the trusted execution environment; wherein, the execution result is signed and verified by the contract identity public key of the target smart contract and the signature verification is passed In the case of, the execution result is determined to be generated by the target smart contract.

可选的，所述合约信息包含所述目标智能合约的合约身份公钥，在所述客户端 对所述目标智能合约发起调用的情况下，所述合约身份公钥用于对调用所述目标智能合约时所采用的入参数据进行加密，加密后的入参数据由所述目标智能合约的合约身份私钥解密。Optionally, the contract information includes the contract identity public key of the target smart contract, and when the client initiates a call to the target smart contract, the contract identity public key is used to call the target smart contract. The input parameter data used in the smart contract is encrypted, and the encrypted input parameter data is decrypted by the contract identity private key of the target smart contract.

上述实施例阐明的系统、装置、模块或单元，具体可以由计算机芯片或实体实现，或者由具有某种功能的产品来实现。一种典型的实现设备为计算机。具体的，计算机例如可以为个人计算机、膝上型计算机、蜂窝电话、相机电话、智能电话、个人数字助理、媒体播放器、导航设备、电子邮件设备、游戏控制台、平板计算机、可穿戴设备或者这些设备中的任何设备的组合。The systems, devices, modules, or units illustrated in the above embodiments may be specifically implemented by computer chips or entities, or implemented by products with certain functions. A typical implementation device is a computer. Specifically, the computer may be, for example, a personal computer, a laptop computer, a cell phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or Any combination of these devices.

为了描述的方便，描述以上装置时以功能分为各种单元分别描述。当然，在实施本说明书时可以把各单元的功能在同一个或多个软件和/或硬件中实现。For the convenience of description, when describing the above device, the functions are divided into various units and described separately. Of course, when implementing this specification, the functions of each unit can be implemented in the same or multiple software and/or hardware.

本领域内的技术人员应明白，本说明书的实施例可提供为方法、系统、或计算机程序产品。因此，本说明书可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且，本说明书可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of this specification can be provided as a method, a system, or a computer program product. Therefore, this specification may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, this specification can take the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes.

本说明书是参照根据本说明书实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器，使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。This specification is described with reference to flowcharts and/or block diagrams of methods, devices (systems), and computer program products according to the embodiments of this specification. It should be understood that each process and/or block in the flowchart and/or block diagram, and the combination of processes and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions can be provided to the processor of a general-purpose computer, a special-purpose computer, an embedded processor, or other programmable data processing equipment to produce a machine, so that the instructions executed by the processor of the computer or other programmable data processing equipment can be used to generate It is a device that realizes the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.

本说明书可以在由计算机执行的计算机可执行指令的一般上下文中描述，例如程序模块。一般地，程序模块包括执行特定任务或实现特定抽象数据类型的例程、程序、对象、组件、数据结构等等。也可以在分布式计算环境中实践本说明书，在这些分布式计算环境中，由通过通信网络而被连接的远程处理设备来执行任务。在分布式计算环境中，程序模块可以位于包括存储设备在内的本地和远程计算机存储介质中。This specification may be described in the general context of computer-executable instructions executed by a computer, such as program modules. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform specific tasks or implement specific abstract data types. This specification can also be practiced in distributed computing environments where tasks are performed by remote processing devices connected through a communication network. In a distributed computing environment, program modules can be located in local and remote computer storage media including storage devices.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中，使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品，该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions can also be stored in a computer-readable memory that can direct a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device. The device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上，使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理，从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。在一个典型的配置中，计算机包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment. The instructions provide steps for implementing the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram. In a typical configuration, the computer includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.

内存可能包括计算机可读介质中的非永久性存储器，随机存取存储器(RAM) 和/或非易失性内存等形式，如只读存储器(ROM)或闪存(flash RAM)。内存是计算机可读介质的示例。The memory may include non-permanent memory in a computer-readable medium, random access memory (RAM) and/or non-volatile memory, etc., such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer readable media.

计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括，但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带、磁盘存储、量子存储器、基于石墨烯的存储介质或其他磁性存储设备或任何其他非传输介质，可用于存储可以被计算设备访问的信息。按照本文中的界定，计算机可读介质不包括暂存电脑可读媒体(transitory media)，如调制的数据信号和载波。Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology. The information can be computer-readable instructions, data structures, program modules, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, disk storage, quantum memory, graphene-based storage media or other magnetic storage devices, or any other non-transmission media, can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.

还需要说明的是，术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含，从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素，而且还包括没有明确列出的其他要素，或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下，由语句“包括一个……”限定的要素，并不排除在包括所述要素的过程、方法、商品或者设备中还存在另外的相同要素。It should also be noted that the terms "include", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, commodity or equipment including a series of elements not only includes those elements, but also includes Other elements that are not explicitly listed, or also include elements inherent to such processes, methods, commodities, or equipment. If there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other identical elements in the process, method, commodity, or equipment that includes the element.

上述对本说明书特定实施例进行了描述。其它实施例在所附权利要求书的范围内。在一些情况下，在权利要求书中记载的动作或步骤可以按照不同于实施例中的顺序来执行并且仍然可以实现期望的结果。另外，在附图中描绘的过程不一定要求示出的特定顺序或者连续顺序才能实现期望的结果。在某些实施方式中，多任务处理和并行处理也是可以的或者可能是有利的。The foregoing describes specific embodiments of this specification. Other embodiments are within the scope of the appended claims. In some cases, the actions or steps described in the claims can be performed in a different order than in the embodiments and still achieve desired results. In addition, the processes depicted in the drawings do not necessarily require the specific order or sequential order shown in order to achieve the desired results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.

在本说明书一个或多个实施例使用的术语是仅仅出于描述特定实施例的目的，而非旨在限制本说明书一个或多个实施例。在本说明书一个或多个实施例和所附权利要求书中所使用的单数形式的“一种”、“所述”和“该”也旨在包括多数形式，除非上下文清楚地表示其他含义。还应当理解，本文中使用的术语“和/或”是指并包含一个或多个相关联的列出项目的任何或所有可能组合。The terms used in one or more embodiments of this specification are only for the purpose of describing specific embodiments, and are not intended to limit one or more embodiments of this specification. The singular forms "a", "said" and "the" used in one or more embodiments of this specification and the appended claims are also intended to include plural forms, unless the context clearly indicates other meanings. It should also be understood that the term "and/or" as used herein refers to and includes any or all possible combinations of one or more associated listed items.

应当理解，尽管在本说明书一个或多个实施例可能采用术语第一、第二、第三等来描述各种信息，但这些信息不应限于这些术语。这些术语仅用来将同一类型的信息彼此区分开。例如，在不脱离本说明书一个或多个实施例范围的情况下，第一信息也可以被称为第二信息，类似地，第二信息也可以被称为第一信息。取决于语境，如在此所使用的词语“如果”可以被解释成为“在……时”或“当……时”或“响应于确定”。It should be understood that although the terms first, second, third, etc. may be used to describe various information in one or more embodiments of this specification, the information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other. For example, without departing from the scope of one or more embodiments of this specification, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information. Depending on the context, the word "if" as used herein can be interpreted as "when" or "when" or "in response to determination".

以上所述仅为本说明书一个或多个实施例的较佳实施例而已，并不用以限制本说明书一个或多个实施例，凡在本说明书一个或多个实施例的精神和原则之内，所做的任何修改、等同替换、改进等，均应包含在本说明书一个或多个实施例保护的范围之内。The above descriptions are only preferred embodiments of one or more embodiments of this specification, and are not intended to limit one or more embodiments of this specification. All within the spirit and principle of one or more embodiments of this specification, Any modification, equivalent replacement, improvement, etc. made should be included in the protection scope of one or more embodiments of this specification.

Claims (40)

Translated fromChinese

一种验证合约的方法，包括：A method of verifying contracts, including:客户端获取针对链下隐私计算节点创建的链下可信执行环境的远程证明报告，所述远程证明报告由认证服务器对所述链下隐私计算节点针对所述链下可信执行环境产生的自荐信息进行验证后生成；The client obtains a remote certification report for the off-chain trusted execution environment created by the off-chain private computing node. The remote certification report is self-recommended by the authentication server for the off-chain private computing node for the off-chain trusted execution environment. The information is generated after verification;所述客户端在根据所述远程证明报告确定所述链下可信执行环境可信的情况下，获取部署于所述链下隐私计算节点处的目标链下合约的待验证合约信息，所述待验证合约信息被所述链下隐私计算节点在所述链下可信执行环境内采用所述链下隐私计算节点的身份私钥进行签名，所述身份私钥由所述链下隐私计算节点在所述链下可信执行环境内维护；When the client determines that the off-chain trusted execution environment is credible according to the remote attestation report, the client obtains the to-be-verified contract information of the target off-chain contract deployed at the off-chain privacy computing node, and The contract information to be verified is signed by the off-chain private computing node in the off-chain trusted execution environment using the identity private key of the off-chain private computing node, and the identity private key is used by the off-chain private computing node Maintain in the trusted execution environment under the chain;所述客户端采用所述链下隐私计算节点的身份公钥对所述待验证合约信息进行签名验证，以及根据所述目标链下合约的合约信息对所述待验证合约信息进行合约信息验证，并在签名验证和合约信息验证通过的情况下，确定所述客户端在通过区块链节点的预言机机制对所述目标链下合约发起调用时，所述目标链下合约由所述链下隐私计算节点在所述链下可信执行环境中执行。The client uses the identity public key of the off-chain privacy computing node to perform signature verification on the to-be-verified contract information, and perform contract information verification on the to-be-verified contract information according to the contract information of the target chain off-chain contract, And in the case that the signature verification and the contract information verification pass, it is determined that when the client initiates a call to the target chain contract through the oracle mechanism of the blockchain node, the target chain contract is controlled by the target chain. The private computing node executes in the trusted off-chain execution environment.根据权利要求1所述的方法，所述客户端获取针对链下隐私计算节点创建的链下可信执行环境的远程证明报告，包括：The method according to claim 1, wherein the client obtains a remote attestation report for an off-chain trusted execution environment created by an off-chain private computing node, including:所述客户端向所述链下隐私计算节点发起挑战，并接收所述链下隐私计算节点返回的远程证明报告；或者，The client initiates a challenge to the off-chain private computing node, and receives the remote attestation report returned by the off-chain private computing node; or,在所述链下隐私计算节点属于链下隐私计算集群的情况下，所述客户端向所述链下隐私计算集群的控制节点发起挑战，并接收所述控制节点返回的远程证明报告。In the case that the off-chain privacy computing node belongs to the off-chain privacy computing cluster, the client initiates a challenge to the control node of the off-chain privacy computing cluster, and receives a remote attestation report returned by the control node.根据权利要求2所述的方法，所述客户端向所述链下隐私计算节点或所述控制节点发起挑战，包括：The method according to claim 2, wherein the client initiates a challenge to the off-chain privacy computing node or the control node, including:所述客户端向区块链节点提交挑战交易，所述挑战交易所含的挑战信息可由所述区块链节点通过预言机机制传输至所述链下隐私计算节点或所述控制节点；或者，The client submits a challenge transaction to a blockchain node, and the challenge information contained in the challenge transaction can be transmitted by the blockchain node to the off-chain privacy computing node or the control node through the oracle mechanism; or,所述客户端向所述链下隐私计算节点或所述控制节点发起链下挑战。The client initiates an off-chain challenge to the off-chain privacy computing node or the control node.根据权利要求2所述的方法，所述客户端向所述链下隐私计算集群的控制节点发起挑战，包括：The method according to claim 2, wherein the client initiates a challenge to the control node of the off-chain privacy computing cluster, including:所述客户端向所述控制节点发起挑战且挑战目标被设定为所述链下隐私计算节点，使所述控制节点返回所述链下隐私计算节点的远程证明报告；或者，The client initiates a challenge to the control node and the challenge target is set to the off-chain private computing node, so that the control node returns the remote attestation report of the off-chain private computing node; or,所述客户端向所述控制节点发起挑战且挑战目标未设定，使所述控制节点从所述链下隐私计算集群中选取所述链下隐私计算节点并返回所述链下隐私计算节点的远程证明报告。The client initiates a challenge to the control node and the challenge goal is not set, so that the control node selects the off-chain privacy computing node from the off-chain privacy computing cluster and returns to the off-chain privacy computing node Remote attestation report.根据权利要求1所述的方法，所述客户端根据所述远程证明报告对所述链下可信执行环境进行验证，包括：The method according to claim 1, wherein the client verifies the off-chain trusted execution environment according to the remote attestation report, comprising:根据所述认证服务器的公钥对所述远程证明报告进行签名验证；Perform signature verification on the remote attestation report according to the public key of the authentication server;在签名验证通过且所述远程证明报告包含的远程认证结果为通过认证的情况下，从所述远程证明报告携带的所述自荐信息内提取出第一待检验哈希值，所述第一待检验哈希值为所述链下可信执行环境的预设信息的哈希值；In the case where the signature verification is passed and the remote authentication result contained in the remote attestation report is certified, the first to-be-verified hash value is extracted from the self-recommendation information carried in the remote attestation report, and the first to be verified Verifying that the hash value is the hash value of the preset information of the trusted execution environment under the chain;将预先获得的针对所述链下可信执行环境的第一标准哈希值与所述第一待检验哈 希值进行比较，并将比较结果一致作为确认所述链下可信执行环境可信的前提条件。The pre-obtained first standard hash value for the off-chain trusted execution environment is compared with the first to-be-verified hash value, and the comparison result is consistent as confirmation that the off-chain trusted execution environment is credible Prerequisites.根据权利要求1所述的方法，还包括：The method according to claim 1, further comprising:所述客户端获取所述链下隐私计算节点提供的第一身份信息，并对获取到的第一身份信息进行哈希计算以得到第二待校验哈希值，所述第一身份信息包含所述链下隐私计算节点的身份公钥和所述链下隐私计算节点的其他身份信息；The client obtains the first identity information provided by the off-chain privacy computing node, and performs a hash calculation on the obtained first identity information to obtain a second hash value to be verified, and the first identity information includes The identity public key of the off-chain private computing node and other identity information of the off-chain private computing node;所述客户端获取所述链下隐私计算节点提供的第二标准哈希值，所述第二标准哈希值由所述链下隐私计算节点在所述链下可信执行环境内生成自身的身份信息后对生成的身份信息进行哈希计算得到；The client obtains a second standard hash value provided by the off-chain privacy computing node, and the second standard hash value is generated by the off-chain privacy computing node in the off-chain trusted execution environment. After the identity information is hashed, the generated identity information is calculated;所述客户端将所述第二待校验哈希值与所述第二标准哈希值进行比较，并在比较结果一致的情况下获取所述隐私计算节点的第一身份信息中包含的所述身份公钥。The client compares the second hash value to be verified with the second standard hash value, and if the comparison result is consistent, obtains all the information contained in the first identity information of the privacy computing node. The public key of the identity.根据权利要求1所述的方法，所述客户端根据所述远程证明报告对所述链下可信执行环境进行验证，包括：The method according to claim 1, wherein the client verifies the off-chain trusted execution environment according to the remote attestation report, comprising:根据所述认证服务器的公钥对所述远程证明报告进行签名验证并在签名验证通过且所述远程证明报告包含的远程认证结果为通过认证的情况下，获取所述链下隐私计算节点提供的第二身份信息，并对获取到的第二身份信息进行哈希计算以得到第三待校验哈希值，所述第二身份信息包含所述链下隐私计算节点的身份公钥、所述链下隐私计算节点的其他身份信息和第四待校验哈希值，所述第四待校验哈希值为所述链下可信执行环境的预设信息的哈希值；Perform signature verification on the remote attestation report according to the public key of the authentication server, and if the signature verification is passed and the remote attestation result contained in the remote attestation report is certified, obtain the information provided by the off-chain privacy computing node Second identity information, and perform a hash calculation on the acquired second identity information to obtain a third hash value to be verified. The second identity information includes the identity public key of the off-chain privacy computing node, the Other identity information of the off-chain privacy computing node and a fourth to-be-verified hash value, where the fourth to-be-verified hash value is a hash value of preset information of the off-chain trusted execution environment;获取所述链下隐私计算节点提供的第三标准哈希值，并将所述第三待校验哈希值与第三标准哈希值进行比较，所述第三标准哈希值由所述链下隐私计算节点在所述链下可信执行环境内生成自身的身份信息后对生成的身份信息进行哈希计算得到；Obtain the third standard hash value provided by the off-chain privacy computing node, and compare the third hash value to be verified with a third standard hash value, and the third standard hash value is determined by the The off-chain privacy computing node generates its own identity information in the off-chain trusted execution environment and then hashes the generated identity information;在所述第三待校验哈希值与所述第三标准哈希值一致的情况下，将预先获得的针对所述链下可信执行环境的第四标准哈希值与所述第四待检验哈希值进行比较，并将比较结果一致作为确认所述链下可信执行环境可信的前提条件；其中，所述第二身份信息包含的所述身份公钥用于对所述待验证合约信息进行签名验证。In the case that the third hash value to be verified is consistent with the third standard hash value, the fourth standard hash value for the off-chain trusted execution environment obtained in advance is compared with the fourth standard hash value. The hash values to be verified are compared, and the comparison result is consistent as a prerequisite for confirming the trustworthiness of the off-chain trusted execution environment; wherein, the identity public key contained in the second identity information is used to compare the Verify the contract information for signature verification.根据权利要求6或7所述的方法，所述链下隐私计算节点的身份信息为所述链下隐私计算节点的节点身份信息，所述身份私钥为所述链下隐私计算节点的节点身份私钥，所述身份公钥为所述链下隐私计算节点的节点身份公钥；或者，The method according to claim 6 or 7, the identity information of the off-chain private computing node is the node identity information of the off-chain private computing node, and the identity private key is the node identity of the off-chain private computing node Private key, the identity public key is the node identity public key of the off-chain private computing node; or,在所述链下隐私计算节点属于链下隐私计算集群的情况下，所述身份信息为所述链下隐私计算集群的集群身份信息，所述身份公钥为所述链下隐私计算集群的集群身份密钥中的集群身份公钥，所述身份私钥为所述集群身份密钥中的集群身份私钥；其中，在区块链节点与所述链下隐私计算集群中的各节点进行交互以部署或调用链下合约的过程中，所述集群身份密钥用于对交互数据进行加密解密和/或签名验签。In the case that the off-chain privacy computing node belongs to the off-chain privacy computing cluster, the identity information is the cluster identity information of the off-chain privacy computing cluster, and the identity public key is the cluster of the off-chain privacy computing cluster The cluster identity public key in the identity key, the identity private key is the cluster identity private key in the cluster identity key; wherein the blockchain node interacts with each node in the off-chain privacy computing cluster In the process of deploying or invoking an off-chain contract, the cluster identity key is used to encrypt and decrypt interactive data and/or signature verification.根据权利要求1所述的方法，还包括：The method according to claim 1, further comprising:所述客户端向区块链节点提交针对所述目标链下合约的调用交易，所述调用交易用于指示所述区块链节点通过预言机机制对所述链下隐私计算节点部署的所述目标链下合约发起调用。The client submits a call transaction for the off-chain contract of the target chain to the blockchain node, and the call transaction is used to instruct the blockchain node to deploy the off-chain privacy computing node through the oracle mechanism. The contract under the target chain initiates a call.根据权利要求1所述的方法，还包括：The method according to claim 1, further comprising:所述客户端获取所述链下隐私计算节点通过所述预言机机制反馈至所述区块链节点的执行结果，所述执行结果由所述目标链下合约响应于所述区块链节点的调用生成， 并在所述链下可信执行环境内被通过所述目标链下合约的合约身份私钥进行签名；The client obtains the execution result of the off-chain privacy computing node fed back to the blockchain node through the oracle mechanism, and the execution result is determined by the target off-chain contract in response to the blockchain node’s Call generation, and be signed by the contract identity private key of the target chain contract in the off-chain trusted execution environment;所述客户端在采用所述目标链下合约的合约身份公钥对所述执行结果进行签名验证且通过签名验证的情况下，判定所述执行结果由所述目标链下合约生成。When the client uses the contract identity public key of the target chain contract to perform signature verification on the execution result and the signature verification is passed, the client determines that the execution result is generated by the target chain contract.根据权利要求1所述的方法，所述合约信息包含所述目标链下合约的合约身份公钥，在所述客户端通过区块链节点的预言机机制对所述目标链下合约发起调用的情况下，所述合约身份公钥用于对调用所述目标链下合约时所采用的入参数据进行加密，加密后的入参数据由所述目标链下合约的合约身份私钥解密。The method according to claim 1, wherein the contract information includes the contract identity public key of the target chain contract, and the client initiates a call to the target chain contract through the oracle mechanism of the blockchain node In this case, the contract identity public key is used to encrypt the input parameter data used when invoking the target chain contract, and the encrypted input parameter data is decrypted by the contract identity private key of the target chain contract.一种验证合约的方法，包括：A method of verifying contracts, including:链下隐私计算节点向客户端提供针对所述链下隐私计算节点创建的链下可信执行环境的远程证明报告，所述远程证明报告由认证服务器对所述链下隐私计算节点针对所述链下可信执行环境产生的自荐信息进行验证后生成；The off-chain private computing node provides the client with a remote attestation report for the off-chain trusted execution environment created by the off-chain private computing node. The self-recommendation information generated by the trusted execution environment is generated after verification;所述链下隐私计算节点向所述客户端提供部署于所述链下隐私计算节点处的目标链下合约的待验证合约信息，所述待验证合约信息被所述链下隐私计算节点在所述链下可信执行环境内采用所述链下隐私计算节点的身份私钥进行签名，所述身份私钥由所述链下隐私计算节点在所述链下可信执行环境内维护；The off-chain privacy computing node provides the client with the to-be-verified contract information of the target off-chain contract deployed at the off-chain privacy computing node, and the to-be-verified contract information is stored by the off-chain privacy computing node. Using the identity private key of the off-chain private computing node to sign in the off-chain trusted execution environment, and the identity private key is maintained by the off-chain private computing node in the off-chain trusted execution environment;所述待验证合约信息由所述客户端在根据所述远程证明报告确定所述链下可信执行环境可信的情况下，采用所述链下隐私计算节点的身份公钥对所述待验证合约信息进行签名验证，以及根据所述目标链下合约的合约信息对所述待验证合约信息进行合约信息验证，并在签名验证和合约信息验证通过的情况下，确定所述客户端在通过区块链节点的预言机机制对所述目标链下合约发起调用时，所述目标链下合约由所述链下隐私计算节点在所述链下可信执行环境中执行。When the contract information to be verified is determined by the client according to the remote attestation report that the off-chain trusted execution environment is credible, the identity public key of the off-chain private computing node is used to authenticate the to-be-verified Perform signature verification on the contract information, and perform contract information verification on the contract information to be verified based on the contract information of the contract under the target chain, and if the signature verification and contract information verification pass, it is determined that the client is in the pass zone When the oracle mechanism of the block chain node initiates a call to the target chain contract, the target chain contract is executed by the chain privacy computing node in the trusted execution environment of the chain.根据权利要求12所述的方法，所述链下隐私计算节点向客户端提供针对所述链下隐私计算节点创建的链下可信执行环境的远程证明报告，包括：The method according to claim 12, wherein the off-chain private computing node provides the client with a remote attestation report for the off-chain trusted execution environment created by the off-chain private computing node, including:接收所述客户端向所述链下隐私计算节点发起的挑战，向所述客户端返回所述远程证明报告；或者，Receive the challenge initiated by the client to the off-chain privacy computing node, and return the remote attestation report to the client; or,在所述链下隐私计算节点属于链下隐私计算集群的情况下，在所述链下隐私计算集群的控制节点接收到所述客户端发起的挑战后，向所述控制节点发送所述远程证明报告，所述远程证明报告由所述控制节点返回至所述客户端。In the case that the off-chain privacy computing node belongs to the off-chain privacy computing cluster, after the control node of the off-chain privacy computing cluster receives the challenge initiated by the client, the remote attestation is sent to the control node Report, the remote attestation report is returned by the control node to the client.根据权利要求12所述的方法，所述远程证明报告携带的所述自荐信息内包含第一待检验哈希值，所述第一待检验哈希值为所述链下可信执行环境的预设信息的哈希值，所述第一待检验哈希值用于所述客户端在根据所述认证服务器的公钥对所述远程证明报告进行签名验证并签名验证通过且所述远程证明报告包含的远程认证结果为通过认证的情况下，与预先获得的针对所述链下可信执行环境的第一标准哈希值进行比较，且比较结果一致被作为所述客户端确认所述链下可信执行环境可信的前提条件。The method according to claim 12, the self-recommendation information carried in the remote attestation report contains a first hash value to be verified, and the first hash value to be verified is a prediction of the off-chain trusted execution environment. Set the hash value of the information, the first hash value to be verified is used by the client to verify the signature of the remote certification report according to the public key of the authentication server, and the signature verification is passed and the remote certification report If the included remote authentication result is passed authentication, it is compared with the pre-obtained first standard hash value for the trusted execution environment of the off-chain, and the comparison result is consistent as the client confirms the off-chain A prerequisite for a credible execution environment.根据权利要求12所述的方法，还包括：The method according to claim 12, further comprising:所述链下隐私计算节点向所述客户端提供第一身份信息，所述第一身份信息包含所述链下隐私计算节点的身份公钥和所述链下隐私计算节点的其他身份信息，所述第一身份信息被所述客户端进行哈希计算以得到第二待校验哈希值；The off-chain private computing node provides first identity information to the client, and the first identity information includes the identity public key of the off-chain private computing node and other identity information of the off-chain private computing node, so The first identity information is hashed by the client to obtain a second hash value to be verified;所述链下隐私计算节点向所述客户端提供第二标准哈希值，所述第二标准哈希值由所述链下隐私计算节点在所述链下可信执行环境内生成自身的身份信息后对生成的身 份信息进行哈希计算得到；The off-chain private computing node provides a second standard hash value to the client, and the second standard hash value is generated by the off-chain private computing node in the off-chain trusted execution environment. After the information is obtained, the generated identity information is hashed;所述第二标准哈希值用于与所述第二待校验哈希值进行比较，且所述客户端在比较结果一致的情况下获取所述隐私计算节点的第一身份信息中包含的所述身份公钥。The second standard hash value is used to compare with the second hash value to be verified, and if the comparison result is consistent, the client obtains the information contained in the first identity information of the privacy computing node The identity public key.根据权利要求12所述的方法，还包括：The method according to claim 12, further comprising:所述链下隐私计算节点向所述客户端提供自身的第二身份信息，所述第二身份信息包含所述链下隐私计算节点的身份公钥、所述链下隐私计算节点的其他身份信息和第四待校验哈希值，所述第四待校验哈希值为所述链下可信执行环境的预设信息的哈希值；The off-chain private computing node provides its second identity information to the client, and the second identity information includes the identity public key of the off-chain private computing node and other identity information of the off-chain private computing node And a fourth hash value to be verified, where the fourth hash value to be verified is a hash value of preset information of the trusted execution environment under the chain;所述链下隐私计算节点向所述客户端提供第三标准哈希值，所述第三标准哈希值由所述链下隐私计算节点在所述链下可信执行环境内生成自身的身份信息后对生成的身份信息进行哈希计算得到；The off-chain private computing node provides a third standard hash value to the client, and the third standard hash value is generated by the off-chain private computing node in the off-chain trusted execution environment. After the information is obtained, the generated identity information is hashed;所述第二身份信息在所述客户端根据所述认证服务器的公钥对所述远程证明报告进行签名验证并在签名验证通过且所述远程证明报告包含的远程认证结果为通过认证的情况下，被所述客户端进行哈希计算以得到第三待校验哈希值；其中，确认所述链下可信执行环境可信的前提条件包含在所述第三待校验哈希值与所述第三标准哈希值一致的情况下，所述第四待校验哈希值与所述客户端预先获得的针对所述链下可信执行环境的第四标准哈希值一致；所述第二身份信息包含的所述身份公钥用于对所述待验证合约信息进行签名验证。The second identity information is when the client performs signature verification on the remote certification report according to the public key of the certification server, and when the signature verification is passed and the remote certification result contained in the remote certification report is certified , The client performs a hash calculation to obtain the third to-be-verified hash value; wherein, the precondition for confirming that the off-chain trusted execution environment is trustworthy is included in the third to-be-verified hash value and In the case that the third standard hash value is consistent, the fourth hash value to be verified is consistent with the fourth standard hash value for the off-chain trusted execution environment obtained in advance by the client; The identity public key included in the second identity information is used to perform signature verification on the contract information to be verified.根据权利要求15或16所述的方法，所述链下隐私计算节点的身份信息为所述链下隐私计算节点的节点身份信息，所述身份私钥为所述链下隐私计算节点的节点身份私钥，所述身份公钥为所述链下隐私计算节点的节点身份公钥；或者，The method according to claim 15 or 16, wherein the identity information of the off-chain private computing node is the node identity information of the off-chain private computing node, and the identity private key is the node identity of the off-chain private computing node Private key, the identity public key is the node identity public key of the off-chain private computing node; or,在所述链下隐私计算节点属于链下隐私计算集群的情况下，所述身份信息为所述链下隐私计算集群的集群身份信息，所述身份公钥为所述链下隐私计算集群的集群身份密钥中的集群身份公钥，所述身份私钥为所述集群身份密钥中的集群身份私钥；其中，在区块链节点与所述链下隐私计算集群中的各节点进行交互以部署或调用链下合约的过程中，所述集群身份密钥用于对交互数据进行加密解密和/或签名验签。In the case that the off-chain privacy computing node belongs to the off-chain privacy computing cluster, the identity information is the cluster identity information of the off-chain privacy computing cluster, and the identity public key is the cluster of the off-chain privacy computing cluster The cluster identity public key in the identity key, the identity private key is the cluster identity private key in the cluster identity key; wherein the blockchain node interacts with each node in the off-chain privacy computing cluster In the process of deploying or invoking an off-chain contract, the cluster identity key is used to encrypt and decrypt interactive data and/or signature verification.根据权利要求12所述的方法，还包括：The method according to claim 12, further comprising:所述链下隐私计算节点响应于区块链节点通过预言机机制对部署的所述目标链下合约发起的调用，执行所述目标链下合约；所述区块链节点对所述目标链下合约发起的调用由所述客户端提交的针对所述目标链下合约的调用交易触发。The off-chain privacy computing node executes the target off-chain contract in response to the call initiated by the blockchain node to the deployed off-chain contract through the oracle mechanism; the blockchain node makes a request to the off-chain target The call initiated by the contract is triggered by the call transaction submitted by the client for the contract under the target chain.根据权利要求12所述的方法，还包括：The method according to claim 12, further comprising:所述链下隐私计算节点通过所述预言机机制向区块链节点反馈执行结果，所述执行结果由所述目标链下合约响应于所述区块链节点的调用生成，并在所述链下可信执行环境内被通过所述目标链下合约的合约身份私钥进行签名；The off-chain privacy computing node feeds back the execution result to the blockchain node through the oracle mechanism. The execution result is generated by the target off-chain contract in response to the invocation of the blockchain node, and the execution result is generated in the chain Signed by the contract identity private key of the contract under the target chain in the trusted execution environment;其中，在采用所述目标链下合约的合约身份公钥对所述执行结果进行签名验证且通过签名验证的情况下，所述执行结果被判定为由所述目标链下合约生成。Wherein, in the case where the execution result is signed and verified by the contract identity public key of the target chain contract and the signature verification is passed, the execution result is determined to be generated by the target chain contract.根据权利要求12所述的方法，所述合约信息包含所述目标链下合约的合约身份公钥，在所述客户端通过区块链节点的预言机机制对所述目标链下合约发起调用的情况下，所述合约身份公钥用于对调用所述目标链下合约时所采用的入参数据进行加密，加密后的入参数据由所述目标链下合约的合约身份私钥解密。The method according to claim 12, the contract information includes the contract identity public key of the target chain contract, and the client initiates a call to the target chain contract through the oracle mechanism of the blockchain node In this case, the contract identity public key is used to encrypt the input parameter data used when invoking the target chain contract, and the encrypted input parameter data is decrypted by the contract identity private key of the target chain contract.一种验证合约的方法，包括：A method of verifying contracts, including:客户端获取针对隐私计算节点创建的可信执行环境的远程证明报告，所述远程证明报告由认证服务器对所述隐私计算节点针对所述可信执行环境产生的自荐信息进行验证后生成；The client obtains a remote certification report for the trusted execution environment created by the private computing node, and the remote certification report is generated by the authentication server after verifying the self-recommended information generated by the private computing node for the trusted execution environment;所述客户端在根据所述远程证明报告确定所述可信执行环境可信的情况下，获取部署于所述隐私计算节点处的目标智能合约的待验证合约信息，所述待验证合约信息被所述隐私计算节点在所述可信执行环境内采用所述隐私计算节点的身份私钥进行签名，所述身份私钥由所述隐私计算节点在所述可信执行环境内维护；The client terminal obtains the to-be-verified contract information of the target smart contract deployed at the privacy computing node under the condition that the trusted execution environment is determined to be credible according to the remote attestation report, and the to-be-verified contract information is The private computing node uses the identity private key of the private computing node to sign in the trusted execution environment, and the private identity key is maintained by the private computing node in the trusted execution environment;所述客户端采用所述隐私计算节点的身份公钥对所述待验证合约信息进行签名验证，以及根据所述目标智能合约的合约信息对所述待验证合约信息进行合约信息验证，并在签名验证和合约信息验证通过的情况下，确定所述客户端在对所述目标智能合约发起调用时，所述目标智能合约由所述隐私计算节点在所述可信执行环境中执行。The client uses the identity public key of the privacy computing node to perform signature verification on the contract information to be verified, and performs contract information verification on the contract information to be verified according to the contract information of the target smart contract, and signs In the case where the verification and contract information verification pass, it is determined that when the client initiates a call to the target smart contract, the target smart contract is executed by the private computing node in the trusted execution environment.根据权利要求21所述的方法，所述客户端根据所述远程证明报告对所述可信执行环境进行验证，包括：The method according to claim 21, wherein the client verifies the trusted execution environment according to the remote attestation report, comprising:根据所述认证服务器的公钥对所述远程证明报告进行签名验证；Perform signature verification on the remote attestation report according to the public key of the authentication server;在签名验证通过且所述远程证明报告包含的远程认证结果为通过认证的情况下，从所述远程证明报告携带的所述自荐信息内提取出第一待检验哈希值，所述第一待检验哈希值为所述可信执行环境的预设信息的哈希值；In the case where the signature verification is passed and the remote authentication result contained in the remote attestation report is certified, the first to-be-verified hash value is extracted from the self-recommendation information carried in the remote attestation report, and the first to be verified Verifying that the hash value is the hash value of the preset information of the trusted execution environment;将预先获得的针对所述可信执行环境的第一标准哈希值与所述第一待检验哈希值进行比较，并将比较结果一致作为确认所述可信执行环境可信的前提条件。The pre-obtained first standard hash value for the trusted execution environment is compared with the first hash value to be checked, and the comparison result is consistent as a prerequisite for confirming that the trusted execution environment is trustworthy.根据权利要求21所述的方法，还包括：The method of claim 21, further comprising:所述客户端获取所述隐私计算节点提供的第一身份信息，并对获取到的第一身份信息进行哈希计算以得到第二待校验哈希值，所述第一身份信息包含所述隐私计算节点的身份公钥和所述隐私计算节点的其他身份信息；The client obtains the first identity information provided by the privacy computing node, and performs a hash calculation on the obtained first identity information to obtain a second hash value to be verified, and the first identity information includes the The identity public key of the private computing node and other identity information of the private computing node;所述客户端获取所述隐私计算节点提供的第二标准哈希值，所述第二标准哈希值由所述隐私计算节点在所述可信执行环境内生成自身的身份信息后对生成的身份信息进行哈希计算得到；The client obtains a second standard hash value provided by the private computing node, and the second standard hash value is generated by the private computing node after generating its own identity information in the trusted execution environment. The identity information is obtained by hash calculation;所述客户端将所述第二待校验哈希值与所述第二标准哈希值进行比较，并在比较结果一致的情况下获取所述隐私计算节点的第一身份信息中包含的所述身份公钥。The client compares the second hash value to be verified with the second standard hash value, and if the comparison result is consistent, obtains all the information contained in the first identity information of the privacy computing node. The public key of the identity.根据权利要求21所述的方法，所述客户端根据所述远程证明报告对所述可信执行环境进行验证，包括：The method according to claim 21, wherein the client verifies the trusted execution environment according to the remote attestation report, comprising:根据所述认证服务器的公钥对所述远程证明报告进行签名验证并在签名验证通过且所述远程证明报告包含的远程认证结果为通过认证的情况下，获取所述隐私计算节点提供的第二身份信息，并对获取到的第二身份信息进行哈希计算以得到第三待校验哈希值，所述第二身份信息包含所述隐私计算节点的身份公钥、所述隐私计算节点的其他身份信息和第四待校验哈希值，所述第四待校验哈希值为所述可信执行环境的预设信息的哈希值；Perform signature verification on the remote attestation report according to the public key of the authentication server, and if the signature verification is passed and the remote attestation result contained in the remote attestation report is certified, obtain the second certificate provided by the privacy computing node. Identity information, and perform a hash calculation on the acquired second identity information to obtain a third hash value to be verified. The second identity information includes the identity public key of the privacy computing node and the privacy computing node. Other identity information and a fourth hash value to be verified, where the fourth hash value to be verified is a hash value of preset information of the trusted execution environment;获取所述隐私计算节点提供的第三标准哈希值，并将所述第三待校验哈希值与第三标准哈希值进行比较，所述第三标准哈希值由所述隐私计算节点在所述可信执行环境内生成自身的身份信息后对生成的身份信息进行哈希计算得到；Obtain a third standard hash value provided by the privacy computing node, and compare the third hash value to be verified with a third standard hash value, the third standard hash value being calculated by the privacy After the node generates its own identity information in the trusted execution environment, it is obtained by hashing the generated identity information;在所述第三待校验哈希值与所述第三标准哈希值一致的情况下，将预先获得的针对 所述可信执行环境的第四标准哈希值与所述第四待检验哈希值进行比较，并将比较结果一致作为确认所述可信执行环境可信的前提条件；其中，所述第二身份信息包含的所述身份公钥用于对所述待验证合约信息进行签名验证。When the third hash value to be verified is consistent with the third standard hash value, the fourth standard hash value for the trusted execution environment obtained in advance is combined with the fourth standard hash value to be verified. The hash value is compared, and the comparison result is consistent as a prerequisite for confirming the credibility of the trusted execution environment; wherein the identity public key included in the second identity information is used to perform the verification on the contract information to be verified Signature verification.根据权利要求23或24所述的方法，所述隐私计算节点的身份信息为所述隐私计算节点的节点身份信息，所述身份私钥为所述隐私计算节点的节点身份私钥，所述身份公钥为所述隐私计算节点的节点身份公钥；或者，According to the method of claim 23 or 24, the identity information of the private computing node is the node identity information of the private computing node, the identity private key is the node identity private key of the private computing node, and the identity The public key is the node identity public key of the privacy computing node; or,在所述隐私计算节点属于链下隐私计算集群的情况下，所述身份信息为所述链下隐私计算集群的集群身份信息，所述身份公钥为所述链下隐私计算集群的集群身份密钥中的集群身份公钥，所述身份私钥为所述集群身份密钥中的集群身份私钥；其中，在所述客户端与所述链下隐私计算集群中的各节点进行交互以部署或调用智能合约的过程中，所述集群身份密钥用于对交互数据进行加密解密和/或签名验签。In the case that the privacy computing node belongs to an off-chain privacy computing cluster, the identity information is the cluster identity information of the off-chain privacy computing cluster, and the identity public key is the cluster identity secret of the off-chain privacy computing cluster. The cluster identity public key in the key, the identity private key is the cluster identity private key in the cluster identity key; wherein, the client interacts with each node in the off-chain privacy computing cluster for deployment Or in the process of invoking the smart contract, the cluster identity key is used to encrypt and decrypt interactive data and/or signature verification.根据权利要求21所述的方法，还包括：The method of claim 21, further comprising:所述客户端获取所述隐私计算节点反馈的执行结果，所述执行结果由所述目标智能合约响应于所述客户端的调用生成，并在所述可信执行环境内被通过所述目标智能合约的合约身份私钥进行签名；The client obtains the execution result fed back by the privacy computing node, the execution result is generated by the target smart contract in response to the client's call, and is passed through the target smart contract in the trusted execution environment Signed with the private key of the contract identity;所述客户端在采用所述目标智能合约的合约身份公钥对所述执行结果进行签名验证且通过签名验证的情况下，判定所述执行结果由所述目标智能合约生成。When the client uses the contract identity public key of the target smart contract to perform signature verification on the execution result and the signature verification is passed, the client determines that the execution result is generated by the target smart contract.根据权利要求21所述的方法，所述合约信息包含所述目标智能合约的合约身份公钥，在所述客户端对所述目标智能合约发起调用的情况下，所述合约身份公钥用于对调用所述目标智能合约时所采用的入参数据进行加密，加密后的入参数据由所述目标智能合约的合约身份私钥解密。The method according to claim 21, the contract information includes the contract identity public key of the target smart contract, and when the client initiates a call to the target smart contract, the contract identity public key is used for The input parameter data used when invoking the target smart contract is encrypted, and the encrypted input parameter data is decrypted by the contract identity private key of the target smart contract.一种验证合约的方法，包括：A method of verifying contracts, including:隐私计算节点向客户端提供针对所述隐私计算节点创建的可信执行环境的远程证明报告，所述远程证明报告由认证服务器对所述隐私计算节点针对所述可信执行环境产生的自荐信息进行验证后生成；The private computing node provides the client with a remote certification report for the trusted execution environment created by the private computing node. The remote certification report is performed by the authentication server on the self-recommended information generated by the private computing node for the trusted execution environment. Generated after verification;所述隐私计算节点向所述客户端提供部署于所述隐私计算节点处的目标智能合约的待验证合约信息，所述待验证合约信息被所述隐私计算节点在所述可信执行环境内采用所述隐私计算节点的身份私钥进行签名，所述身份私钥由所述隐私计算节点在所述可信执行环境内维护；The private computing node provides the client with the to-be-verified contract information of the target smart contract deployed at the private computing node, and the to-be-verified contract information is used by the private computing node in the trusted execution environment Signing the identity private key of the private computing node, and the identity private key is maintained by the private computing node in the trusted execution environment;所述待验证合约信息由所述客户端在根据所述远程证明报告确定所述可信执行环境可信的情况下，采用所述隐私计算节点的身份公钥对所述待验证合约信息进行签名验证，以及根据所述目标智能合约的合约信息对所述待验证合约信息进行合约信息验证，并在签名验证和合约信息验证通过的情况下，确定所述客户端在对所述目标智能合约发起调用时，所述目标智能合约由所述隐私计算节点在所述可信执行环境中执行。The contract information to be verified is used by the client to sign the contract information to be verified using the identity public key of the private computing node in the case that the trusted execution environment is determined to be credible according to the remote attestation report Verification, and perform contract information verification on the contract information to be verified according to the contract information of the target smart contract, and if the signature verification and contract information verification pass, determine that the client is initiating the target smart contract When called, the target smart contract is executed by the private computing node in the trusted execution environment.根据权利要求28所述的方法，所述远程证明报告携带的所述自荐信息内包含第一待检验哈希值，所述第一待检验哈希值为所述可信执行环境的预设信息的哈希值，所述第一待检验哈希值用于所述客户端在根据所述认证服务器的公钥对所述远程证明报告进行签名验证并签名验证通过且所述远程证明报告包含的远程认证结果为通过认证的情况下，与预先获得的针对所述可信执行环境的第一标准哈希值进行比较，且比较结果一致被作为所述客户端确认所述可信执行环境可信的前提条件。The method according to claim 28, wherein the self-recommendation information carried in the remote certification report includes a first hash value to be verified, and the first hash value to be verified is preset information of the trusted execution environment The first to-be-verified hash value is used by the client to verify the signature of the remote attestation report according to the public key of the authentication server and the signature verification is passed and the remote attestation report contains If the remote authentication result is passed authentication, it is compared with the pre-obtained first standard hash value for the trusted execution environment, and the comparison result is consistent as the client confirms that the trusted execution environment is trustworthy Prerequisites.根据权利要求28所述的方法，还包括：The method of claim 28, further comprising:所述隐私计算节点向所述客户端提供第一身份信息，所述第一身份信息包含所述隐私计算节点的身份公钥和所述隐私计算节点的其他身份信息，所述第一身份信息被所述客户端进行哈希计算以得到第二待校验哈希值；The private computing node provides first identity information to the client, where the first identity information includes the identity public key of the private computing node and other identity information of the private computing node, and the first identity information is The client performs a hash calculation to obtain the second hash value to be verified;所述隐私计算节点向所述客户端提供第二标准哈希值，所述第二标准哈希值由所述隐私计算节点在所述可信执行环境内生成自身的身份信息后对生成的身份信息进行哈希计算得到；The private computing node provides a second standard hash value to the client, and the second standard hash value is determined by the private computing node after generating its own identity information in the trusted execution environment. Information is obtained by hash calculation;所述第二标准哈希值用于与所述第二待校验哈希值进行比较，且所述客户端在比较结果一致的情况下获取所述隐私计算节点的第一身份信息中包含的所述身份公钥。The second standard hash value is used to compare with the second hash value to be verified, and if the comparison result is consistent, the client obtains the information contained in the first identity information of the privacy computing node The identity public key.根据权利要求28所述的方法，还包括：The method of claim 28, further comprising:所述隐私计算节点向所述客户端提供自身的第二身份信息，所述第二身份信息包含所述隐私计算节点的身份公钥、所述隐私计算节点的其他身份信息和第四待校验哈希值，所述第四待校验哈希值为所述可信执行环境的预设信息的哈希值；The private computing node provides its own second identity information to the client, and the second identity information includes the private identity public key of the private computing node, other identity information of the private computing node, and a fourth to-be-verified A hash value, where the fourth hash value to be verified is a hash value of preset information of the trusted execution environment;所述隐私计算节点向所述客户端提供第三标准哈希值，所述第三标准哈希值由所述隐私计算节点在所述可信执行环境内生成自身的身份信息后对生成的身份信息进行哈希计算得到；The private computing node provides a third standard hash value to the client, and the third standard hash value is determined by the private computing node after generating its own identity information in the trusted execution environment. Information is obtained by hash calculation;所述第二身份信息在所述客户端根据所述认证服务器的公钥对所述远程证明报告进行签名验证并在签名验证通过且所述远程证明报告包含的远程认证结果为通过认证的情况下，被所述客户端进行哈希计算以得到第三待校验哈希值；其中，确认所述可信执行环境可信的前提条件包含在所述第三待校验哈希值与所述第三标准哈希值一致的情况下，所述第四待校验哈希值与所述客户端预先获得的针对所述可信执行环境的第四标准哈希值一致；所述第二身份信息包含的所述身份公钥用于对所述待验证合约信息进行签名验证。The second identity information is when the client performs signature verification on the remote certification report according to the public key of the certification server, and when the signature verification is passed and the remote certification result contained in the remote certification report is certified , The client performs a hash calculation to obtain a third hash value to be verified; wherein the precondition for confirming that the trusted execution environment is credible is included in the third hash value to be verified and the When the third standard hash value is consistent, the fourth hash value to be verified is consistent with the fourth standard hash value for the trusted execution environment obtained in advance by the client; the second identity The identity public key included in the information is used to perform signature verification on the contract information to be verified.根据权利要求30或31所述的方法，所述隐私计算节点的身份信息为所述隐私计算节点的节点身份信息，所述身份私钥为所述隐私计算节点的节点身份私钥，所述身份公钥为所述隐私计算节点的节点身份公钥；或者，The method according to claim 30 or 31, the identity information of the private computing node is the node identity information of the private computing node, the identity private key is the node identity private key of the private computing node, and the identity The public key is the node identity public key of the privacy computing node; or,在所述隐私计算节点属于链下隐私计算集群的情况下，所述身份信息为所述链下隐私计算集群的集群身份信息，所述身份公钥为所述链下隐私计算集群的集群身份密钥中的集群身份公钥，所述身份私钥为所述集群身份密钥中的集群身份私钥；其中，在所述客户端与所述链下隐私计算集群中的各节点进行交互以部署或调用智能合约的过程中，所述集群身份密钥用于对交互数据进行加密解密和/或签名验签。In the case that the privacy computing node belongs to an off-chain privacy computing cluster, the identity information is the cluster identity information of the off-chain privacy computing cluster, and the identity public key is the cluster identity secret of the off-chain privacy computing cluster. The cluster identity public key in the key, the identity private key is the cluster identity private key in the cluster identity key; wherein, the client interacts with each node in the off-chain privacy computing cluster for deployment Or in the process of invoking the smart contract, the cluster identity key is used to encrypt and decrypt interactive data and/or signature verification.根据权利要求28所述的方法，还包括：The method of claim 28, further comprising:所述隐私计算节点向所述客户端反馈执行结果，所述执行结果由所述目标智能合约响应于区块链节点的调用生成，并在所述可信执行环境内被通过所述目标智能合约的合约身份私钥进行签名；The privacy computing node feeds back the execution result to the client. The execution result is generated by the target smart contract in response to the call of the blockchain node, and is passed through the target smart contract in the trusted execution environment Signed with the private key of the contract identity;其中，在采用所述目标智能合约的合约身份公钥对所述执行结果进行签名验证且通过签名验证的情况下，所述执行结果被判定为由所述目标智能合约生成。Wherein, in the case where the execution result is signed and verified by the contract identity public key of the target smart contract and the signature verification is passed, the execution result is determined to be generated by the target smart contract.根据权利要求28所述的方法，所述合约信息包含所述目标智能合约的合约身份公钥，在所述客户端对所述目标智能合约发起调用的情况下，所述合约身份公钥用于对调用所述目标智能合约时所采用的入参数据进行加密，加密后的入参数据由所述目标 智能合约的合约身份私钥解密。The method according to claim 28, wherein the contract information includes the contract identity public key of the target smart contract, and when the client initiates a call to the target smart contract, the contract identity public key is used for The input parameter data used when invoking the target smart contract is encrypted, and the encrypted input parameter data is decrypted by the contract identity private key of the target smart contract.一种验证合约的装置，包括：A device for verifying contracts, including:报告获取单元，使客户端获取针对链下隐私计算节点创建的链下可信执行环境的远程证明报告，所述远程证明报告由认证服务器对所述链下隐私计算节点针对所述链下可信执行环境产生的自荐信息进行验证后生成；The report obtaining unit enables the client to obtain a remote certification report for the off-chain trusted execution environment created by the off-chain private computing node. The self-recommended information generated by the execution environment is generated after verification;合约信息获取单元，使所述客户端在根据所述远程证明报告确定所述链下可信执行环境可信的情况下，获取部署于所述链下隐私计算节点处的目标链下合约的待验证合约信息，所述待验证合约信息被所述链下隐私计算节点在所述链下可信执行环境内采用所述链下隐私计算节点的身份私钥进行签名，所述身份私钥由所述链下隐私计算节点在所述链下可信执行环境内维护；The contract information obtaining unit enables the client to obtain the pending contract of the target off-chain contract deployed at the off-chain private computing node when the off-chain trusted execution environment is determined to be credible according to the remote attestation report. The contract information to be verified is signed by the off-chain private computing node in the off-chain trusted execution environment using the off-chain private computing node’s identity private key, and the identity private key is signed by the off-chain private computing node in the trusted execution environment. The off-chain private computing nodes are maintained in the off-chain trusted execution environment;验证单元，使所述客户端采用所述链下隐私计算节点的身份公钥对所述待验证合约信息进行签名验证，以及根据所述目标链下合约的合约信息对所述待验证合约信息进行合约信息验证，并在签名验证和合约信息验证通过的情况下，确定所述客户端在通过区块链节点的预言机机制对所述目标链下合约发起调用时，所述目标链下合约由所述链下隐私计算节点在所述链下可信执行环境中执行。The verification unit enables the client to use the identity public key of the off-chain privacy computing node to perform signature verification on the to-be-verified contract information, and perform signature verification on the to-be-verified contract information according to the contract information of the target chain off-chain contract Contract information verification, and when the signature verification and contract information verification pass, it is determined that when the client initiates a call to the target chain contract through the oracle mechanism of the blockchain node, the target chain contract is determined by The off-chain private computing node executes in the off-chain trusted execution environment.一种验证合约的装置，包括：A device for verifying contracts, including:报告提供单元，使链下隐私计算节点向客户端提供针对所述链下隐私计算节点创建的链下可信执行环境的远程证明报告，所述远程证明报告由认证服务器对所述链下隐私计算节点针对所述链下可信执行环境产生的自荐信息进行验证后生成；The report providing unit enables the off-chain private computing node to provide the client with a remote attestation report for the off-chain trusted execution environment created by the off-chain private computing node. The remote attestation report is calculated by the authentication server on the off-chain privacy calculation. The node generates after verifying the self-recommended information generated by the trusted execution environment under the chain;信息提供单元，使所述链下隐私计算节点向所述客户端提供部署于所述链下隐私计算节点处的目标链下合约的待验证合约信息，所述待验证合约信息被所述链下隐私计算节点在所述链下可信执行环境内采用所述链下隐私计算节点的身份私钥进行签名，所述身份私钥由所述链下隐私计算节点在所述链下可信执行环境内维护；The information providing unit enables the off-chain privacy computing node to provide the client with the to-be-verified contract information of the target off-chain contract deployed at the off-chain privacy computing node, and the to-be-verified contract information is used by the off-chain The private computing node uses the identity private key of the off-chain private computing node to sign in the off-chain trusted execution environment, and the identity private key is used by the off-chain private computing node in the off-chain trusted execution environment Internal maintenance所述待验证合约信息由所述客户端在根据所述远程证明报告确定所述链下可信执行环境可信的情况下，采用所述链下隐私计算节点的身份公钥对所述待验证合约信息进行签名验证，以及根据所述目标链下合约的合约信息对所述待验证合约信息进行合约信息验证，并在签名验证和合约信息验证通过的情况下，确定所述客户端在通过区块链节点的预言机机制对所述目标链下合约发起调用时，所述目标链下合约由所述链下隐私计算节点在所述链下可信执行环境中执行。When the contract information to be verified is determined by the client according to the remote attestation report that the off-chain trusted execution environment is credible, the identity public key of the off-chain private computing node is used to authenticate the to-be-verified Perform signature verification on the contract information, and perform contract information verification on the contract information to be verified based on the contract information of the contract under the target chain, and if the signature verification and contract information verification pass, it is determined that the client is in the pass zone When the oracle mechanism of the block chain node initiates a call to the target chain contract, the target chain contract is executed by the chain privacy computing node in the trusted execution environment of the chain.一种验证合约的装置，包括：A device for verifying contracts, including:报告获取单元，使客户端获取针对隐私计算节点创建的可信执行环境的远程证明报告，所述远程证明报告由认证服务器对所述隐私计算节点针对所述可信执行环境产生的自荐信息进行验证后生成；The report obtaining unit enables the client to obtain the remote certification report for the trusted execution environment created by the private computing node, and the remote certification report is verified by the authentication server on the self-recommended information generated by the private computing node for the trusted execution environment After generation;合约信息获取单元，使所述客户端在根据所述远程证明报告确定所述可信执行环境可信的情况下，获取部署于所述隐私计算节点处的目标智能合约的待验证合约信息，所述待验证合约信息被所述隐私计算节点在所述可信执行环境内采用所述隐私计算节点的身份私钥进行签名，所述身份私钥由所述隐私计算节点在所述可信执行环境内维护；The contract information acquisition unit enables the client to acquire the to-be-verified contract information of the target smart contract deployed at the privacy computing node under the condition that the trusted execution environment is determined to be credible according to the remote attestation report, so The contract information to be verified is signed by the private computing node in the trusted execution environment using the private identification key of the private computing node, and the private identification key is used by the private computing node in the trusted execution environment Internal maintenance验证单元，使所述客户端采用所述隐私计算节点的身份公钥对所述待验证合约信息进行签名验证，以及根据所述目标智能合约的合约信息对所述待验证合约信息进行合约信息验证，并在签名验证和合约信息验证通过的情况下，确定所述客户端在对所述目标 智能合约发起调用时，所述目标智能合约由所述隐私计算节点在所述可信执行环境中执行。The verification unit enables the client to use the identity public key of the privacy computing node to perform signature verification on the contract information to be verified, and to perform contract information verification on the contract information to be verified according to the contract information of the target smart contract , And when the signature verification and contract information verification pass, it is determined that when the client initiates a call to the target smart contract, the target smart contract is executed by the private computing node in the trusted execution environment .一种验证合约的装置，包括：A device for verifying contracts, including:报告提供单元，使隐私计算节点向客户端提供针对所述隐私计算节点创建的可信执行环境的远程证明报告，所述远程证明报告由认证服务器对所述隐私计算节点针对所述可信执行环境产生的自荐信息进行验证后生成；The report providing unit enables the private computing node to provide the client with a remote certification report for the trusted execution environment created by the private computing node. The remote certification report is reported by the authentication server to the private computing node against the trusted execution environment. The generated self-recommendation information is generated after verification;合约信息提供单元，使所述隐私计算节点向所述客户端提供部署于所述隐私计算节点处的目标智能合约的待验证合约信息，所述待验证合约信息被所述隐私计算节点在所述可信执行环境内采用所述隐私计算节点的身份私钥进行签名，所述身份私钥由所述隐私计算节点在所述可信执行环境内维护；The contract information providing unit enables the private computing node to provide the client with the to-be-verified contract information of the target smart contract deployed at the private computing node, and the to-be-verified contract information is used by the private computing node in the Signing in a trusted execution environment using the identity private key of the private computing node, and the identity private key is maintained by the private computing node in the trusted execution environment;所述待验证合约信息由所述客户端在根据所述远程证明报告确定所述可信执行环境可信的情况下，采用所述隐私计算节点的身份公钥对所述待验证合约信息进行签名验证，以及根据所述目标智能合约的合约信息对所述待验证合约信息进行合约信息验证，并在签名验证和合约信息验证通过的情况下，确定所述客户端在对所述目标智能合约发起调用时，所述目标智能合约由所述隐私计算节点在所述可信执行环境中执行。The contract information to be verified is used by the client to sign the contract information to be verified using the identity public key of the private computing node under the condition that the trusted execution environment is determined to be credible according to the remote attestation report Verification, and perform contract information verification on the contract information to be verified according to the contract information of the target smart contract, and if the signature verification and contract information verification pass, determine that the client is initiating the target smart contract When called, the target smart contract is executed by the private computing node in the trusted execution environment.一种电子设备，包括：An electronic device including:处理器；processor;用于存储处理器可执行指令的存储器；A memory for storing processor executable instructions;其中，所述处理器通过运行所述可执行指令以实现如权利要求1-34中任一项所述的方法。Wherein, the processor implements the method according to any one of claims 1-34 by running the executable instruction.一种计算机可读存储介质，其上存储有计算机指令，该指令被处理器执行时实现如权利要求1-34中任一项所述方法的步骤。A computer-readable storage medium having computer instructions stored thereon, which, when executed by a processor, implements the steps of the method according to any one of claims 1-34.

Images