WO2021057182A1 - Procédé et appareil de mise à jour de confiance pour logique fpga - Google Patents

Procédé et appareil de mise à jour de confiance pour logique fpga Download PDF

Info

Publication number
WO2021057182A1
WO2021057182A1 PCT/CN2020/100935 CN2020100935W WO2021057182A1 WO 2021057182 A1 WO2021057182 A1 WO 2021057182A1 CN 2020100935 W CN2020100935 W CN 2020100935W WO 2021057182 A1 WO2021057182 A1 WO 2021057182A1
Authority
WO
WIPO (PCT)
Prior art keywords
configuration file
fpga
circuit logic
logic configuration
new version
Prior art date
Application number
PCT/CN2020/100935
Other languages
English (en)
Chinese (zh)
Inventor
魏长征
潘国振
闫莺
Original Assignee
支付宝(杭州)信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 支付宝(杭州)信息技术有限公司 filed Critical 支付宝(杭州)信息技术有限公司
Publication of WO2021057182A1 publication Critical patent/WO2021057182A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects

Definitions

  • One or more embodiments of this specification relate to the field of blockchain technology, and in particular, to a trusted update method and device for FPGA logic.
  • Blockchain technology is built on a transmission network (such as a peer-to-peer network).
  • the network nodes in the transmission network use chained data structures to verify and store data, and use distributed node consensus algorithms to generate and update data.
  • TEE Trusted Execution Environment
  • TEE can play the role of a black box in the hardware. Neither the code executed in the TEE nor the data operating system layer can be peeped, and only the pre-defined interface in the code can operate on it.
  • plaintext data is calculated in TEE instead of complex cryptographic operations in homomorphic encryption. There is no loss of efficiency in the calculation process. Therefore, the combination with TEE can achieve less performance loss. Under the premise, the security and privacy of the blockchain are greatly improved. At present, the industry is very concerned about the TEE solution.
  • TEE solutions including TPM (Trusted Platform Module) in software and Intel SGX (Software Guard Extensions) in hardware. , Software Protection Extension), ARM Trustzone (trust zone) and AMD PSP (Platform Security Processor, platform security processor).
  • one or more embodiments of this specification provide a trusted update method and device for FPGA logic.
  • a trusted update method of FPGA logic which includes: the FPGA structure receives an encrypted new version of the circuit logic configuration file from a client, the FPGA structure includes an FPGA chip; The FPGA structure reads the encrypted new version of the circuit logic configuration file into the decryption module on the FPGA chip for decryption, and the decryption module is based on the old version of the circuit logic configuration file deployed on the FPGA structure by the FPGA chip. Formed; the FPGA structure is updated and deployed based on the new version of the circuit logic configuration file obtained by decryption, so that the FPGA structure is implemented as a trusted execution environment on the blockchain node to which it belongs.
  • a trusted update device for FPGA logic which includes: a receiving unit that enables the FPGA structure to receive the encrypted new version of the circuit logic configuration file from the client.
  • the FPGA structure Contains an FPGA chip; a decryption unit that causes the FPGA structure to read the encrypted new version of the circuit logic configuration file into the decryption module on the FPGA chip for decryption, and the decryption module is based on the FPGA structure by the FPGA chip
  • the deployed old version of the circuit logic configuration file is formed; the update unit enables the FPGA structure to be updated and deployed based on the new version of the circuit logic configuration file obtained by decryption, so that the FPGA structure is implemented as a trusted blockchain node. Execution environment.
  • an electronic device including: a processor; a memory for storing executable instructions of the processor; wherein the processor runs the executable instructions In order to realize the method as described in the first aspect.
  • a computer-readable storage medium on which computer instructions are stored, and when the instructions are executed by a processor, the steps of the method described in the first aspect are implemented.
  • Fig. 1 is a flowchart of a trusted update method of FPGA logic provided by an exemplary embodiment.
  • Fig. 2 is a schematic structural diagram of a blockchain node provided by an exemplary embodiment.
  • Fig. 3 is a schematic diagram of forming a functional module on an FPGA chip provided by an exemplary embodiment.
  • Fig. 4 is a schematic diagram of newly updateable FPGA board provided by an exemplary embodiment.
  • Fig. 5 is a block diagram of a trusted update device for FPGA logic provided by an exemplary embodiment.
  • the steps of the corresponding method are not necessarily executed in the order shown and described in this specification.
  • the method may include more or fewer steps than described in this specification.
  • a single step described in this specification may be decomposed into multiple steps for description in other embodiments; and multiple steps described in this specification may also be combined into a single step in other embodiments. description.
  • Blockchain is generally divided into three types: Public Blockchain, Private Blockchain and Consortium Blockchain.
  • the public chain is represented by Bitcoin and Ethereum. Participants who join the public chain can read the data records on the chain, participate in transactions, and compete for the accounting rights of new blocks. Moreover, each participant (ie, node) can freely join and exit the network, and perform related operations.
  • the private chain is the opposite.
  • the write permission of the network is controlled by an organization or institution, and the data read permission is regulated by the organization.
  • the private chain can be a weakly centralized system with strict restrictions and few participating nodes.
  • This type of blockchain is more suitable for internal use by specific institutions.
  • Consortium chain is a block chain between public chain and private chain, which can realize "partial decentralization".
  • Each node in the alliance chain usually has a corresponding entity or organization; participants are authorized to join the network and form a stakeholder alliance to jointly maintain the operation of the blockchain.
  • the nodes in the blockchain network may use a solution that combines the blockchain and the TEE (Trusted Execution Environment).
  • TEE Trusted Execution Environment
  • TEE is a secure extension based on CPU hardware and a trusted execution environment that is completely isolated from the outside.
  • TEE was first proposed by Global Platform to solve the security isolation of resources on mobile devices, and parallel to the operating system to provide a trusted and secure execution environment for applications.
  • ARM's Trust Zone technology is the first to realize the real commercial TEE technology. With the rapid development of the Internet, security requirements are getting higher and higher. Not only mobile devices, cloud devices, and data centers have put forward more demands on TEE.
  • TEE has also been rapidly developed and expanded. Compared with the originally proposed concept, the TEE referred to now is a more generalized TEE.
  • server chip manufacturers Intel and AMD have successively introduced hardware-assisted TEE and enriched the concepts and features of TEE, which has been widely recognized in the industry.
  • the TEE mentioned now usually refers more to this kind of hardware-assisted TEE technology.
  • SGX provides an enclave (also known as an enclave), which is an encrypted trusted execution area in the memory, and the CPU protects data from being stolen.
  • enclave also known as an enclave
  • the CPU protects data from being stolen.
  • a part of the area EPC Enclave Page Cache, enclave page cache or enclave page cache
  • the encryption engine MEE Memory Encryption Engine
  • the first step in using TEE is to confirm the authenticity of TEE.
  • the related technology provides a remote certification mechanism for the above-mentioned SGX technology to prove that the SGX platform on the target device and the challenger have deployed the same configuration file.
  • the TEE technology in the related technology is implemented by software or a combination of software and hardware, even if the remote attestation method can indicate to a certain extent that the configuration file deployed in the TEE has not been tampered with, the TEE itself depends on the operation The environment cannot be verified.
  • a virtual machine for executing smart contracts needs to be configured in the TEE.
  • the instructions executed by the virtual machine are not directly executed, but actually executed corresponding X86 instructions (Assuming that the target device adopts the X86 architecture), which poses a certain degree of security risk.
  • this specification proposes a hardware TEE technology based on FPGA implementation.
  • FPGA implements hardware TEE by loading circuit logic configuration files. Because the content of the circuit logic configuration file can be checked and verified in advance, and the FPGA is configured and operated completely based on the logic recorded in the circuit logic configuration file, it can be ensured that the hardware TEE implemented by the FPGA has relatively higher security.
  • the related technology does not provide a corresponding preventive mechanism to avoid intentionally or unintentionally untrusted update operations for the circuit logic configuration files in the FPGA.
  • Fig. 1 is a flowchart of a trusted update method of FPGA logic provided by an exemplary embodiment. As shown in Figure 1, the method is applied to the FPGA structure and may include steps 102-106.
  • Step 102 The FPGA structure receives the encrypted new version of the circuit logic configuration file from the client, and the FPGA structure includes the FPGA chip.
  • the user can provide the encrypted new version of the circuit logic configuration file to the FPGA structure through the client.
  • the user can be an individual or a group (such as an enterprise), and this manual does not limit this.
  • the client can remotely send the encrypted new version of the circuit logic configuration file to the FPGA structure; or, the client can be located at the same place as the FPGA structure to realize the transmission of the encrypted new version of the circuit logic configuration file locally or in a local area network.
  • the client can directly establish a connection with the FPGA structure, and send the encrypted new version of the circuit logic file directly to the FPGA structure.
  • the client can establish a connection with the blockchain node to which the FPGA structure belongs (equivalent to the Host host corresponding to the FPGA structure), and send the encrypted new version of the circuit logic file to the blockchain node. Provided to FPGA structure.
  • Step 104 The FPGA structure reads the encrypted new version of the circuit logic configuration file into the decryption module on the FPGA chip for decryption.
  • the decryption module is based on the old version of the circuit deployed on the FPGA structure by the FPGA chip. Logical configuration files are formed.
  • the FPGA chip contains a number of editable hardware logic units. After these hardware logic units are configured via a circuit logic configuration file, they can be implemented as corresponding functional modules to implement corresponding logic functions. Specifically, the circuit logic configuration file can be burned to the FPGA structure based on the form of a bit stream. For example, the above-mentioned decryption module is formed by the old version of the circuit logic configuration file, and by further deploying and forming functional modules for realizing encryption, virtual machine and other logic, the FPGA structure can be configured as a hardware TEE on a blockchain node.
  • the old version of the circuit logic configuration file refers to the pre-deployed circuit logic configuration file on the FPGA structure. Compared with the above-mentioned new version of the circuit logic configuration file, since the time when the old version of the circuit logic configuration file is configured in the FPGA structure is relatively earlier, it is distinguished by "new version” and "old version” instead of indicating the corresponding circuit logic configuration The logic or function implemented by the file must achieve version iteration.
  • the new version of the circuit logic configuration file can be encrypted by the client based on the configuration file deployment key to obtain the above-mentioned encrypted new version of the circuit logic configuration file.
  • the aforementioned decryption module can decrypt the encrypted new version of the circuit logic configuration file based on the configuration file deployment key to obtain the aforementioned new version of the circuit logic configuration file.
  • the configuration file deployment key can be generated in advance and then deployed on the client and FPGA structure respectively.
  • the configuration file deployment key can be obtained through remote negotiation between the client and the blockchain node, and then the blockchain node transmits the negotiated configuration file deployment key to the FPGA structure, which is maintained by the FPGA structure; Higher security requirements, to prevent the configuration file deployment key from being obtained by the blockchain node, and the FPGA structure can directly negotiate with the client remotely.
  • the remote negotiation process can use SM2 or other algorithms, which is not limited in this manual.
  • the client and the FPGA structure need to implement at least one information exchange during the negotiation process. For example, the client can generate a key Ka-1 locally, the FPGA structure can generate a key Kb-1 locally, and the client can be based on the secret key.
  • the key Ka-1 is calculated to obtain the key agreement information Ka-2
  • the FPGA structure can be calculated based on the key Kb-1 to obtain the key agreement information Kb-2
  • the client sends the key agreement information Ka-2 to the FPGA structure
  • FPGA The structure sends the key agreement information Kb-2 to the client, so that the client can generate a secret value (or master key) based on the key Ka-1 and the key agreement information Kb-2
  • the FPGA structure can be based on The key Kb-1 and the key agreement information Ka-2 generate the same secret value.
  • the above-mentioned configuration file deployment key can be the secret value; or, the configuration file deployment key can be derived from the above-mentioned secret value by the client and FPGA structure respectively through the Key Derivation Function (KDF) .
  • KDF Key Derivation Function
  • An authentication root key may be pre-deployed on the FPGA structure, and the authentication root key may be preset in the FPGA structure, or the authentication root key may be deployed into the FPGA structure by the client or other objects in an offline security environment.
  • the authentication root key is an asymmetric key. Then, in the process of remotely negotiating the above configuration file deployment key between the client and the FPGA structure, the FPGA structure can use the authentication root key to sign the information sent by itself (such as the above key agreement information Kb-2, etc.). The client can verify the signature to determine whether the received information actually comes from the FPGA structure and has not been tampered with during transmission, and the information that has not passed the signature verification will not be trusted and adopted by the client.
  • the public key of the authentication root key can be managed by the authentication server and not made public, then the client can send the received information to the authentication server, and the authentication server can perform signature verification with the maintained public key; then, the authentication The server can provide the client with the verification result, the verification result is signed by the verification server, and the verification result contains the certificate of the verification server or the public key of the verification server can be made public, so that the client can verify the signature to determine the validity of the verification result Sex.
  • the public key of the authentication root key can be made public, so that the client can perform signature verification on the information from the FPGA structure based on the public key without going through the authentication server, which can reduce the interactive links in the signature verification process. Thereby improving the efficiency of verification and reducing the security risks caused by more interactive links.
  • the above authentication root key can be deployed to the FPGA structure based on the old version of the circuit logic configuration file. Then, especially when the old version of the circuit logic configuration file and the new version of the circuit logic configuration file are not generated and deployed by the same user, the old version of the circuit logic configuration file may be viewed or verified by other users before burning to the FPGA structure, resulting in the old version of the circuit logic
  • the authentication root key contained in the configuration file is known to other users, which poses a certain security risk. Therefore, the new version of the circuit logic configuration file can contain the new version of the authentication root key to update the authentication root key deployed on the FPGA structure to ensure that the new version of the authentication root key is only known to the deployed user to eliminate the above Security risks. And, the subsequent configuration file deployment key or other keys can be negotiated with the client based on the new version of the authentication root key, and sufficient security of these keys can be ensured.
  • the FPGA structure can avoid taking the authentication root key from the corresponding circuit logic configuration file, so that the FPGA structure can obtain the corresponding authentication root key after loading the circuit logic configuration file to the FPGA chip.
  • the FPGA structure can include a key management chip independent of the FPGA chip, and the FPGA structure can take the authentication root key out of the circuit logic configuration file to which it belongs and maintain it in the key management chip, so that only the authentication root key exists In the key management chip, it will no longer appear in the circuit logic configuration file deployed on the FPGA structure to improve the security of the authentication root key.
  • Step 106 The FPGA structure is updated and deployed based on the new version of the circuit logic configuration file obtained by decryption, so that the FPGA structure is implemented as a trusted execution environment on the blockchain node to which it belongs.
  • the decryption module formed on the FPGA chip based on the old version of the circuit logic configuration file, and the configuration file deployment key maintained on the FPGA structure, so that only users who know the configuration file deployment key can configure the old version of the circuit logic on the FPGA structure
  • the file is updated to ensure that the update operation implemented for the old version of the circuit logic configuration file is a trusted update operation.
  • the public key or preset certificate corresponding to the client can be deployed on the FPGA structure.
  • the client can sign the new version of the circuit logic configuration file and send it to the FPGA structure, so that the FPGA structure can perform signature verification for the received new version of the circuit logic configuration file, and use the signature verification as a condition for allowing the deployment of the new version of the circuit logic configuration file one.
  • the public key or certificate corresponding to the client can be deployed in the FPGA structure by the old version of the circuit logic configuration file. Therefore, based on the signature verification of the new version of the circuit logic configuration file, the credibility of the new version of the circuit logic configuration file can be further improved to ensure the credible update of the circuit logic configuration file on the FPGA structure.
  • the FPGA structure can read the encrypted new version of the circuit logic configuration file into the verification module on the FPGA chip for signature verification. Similar to the aforementioned decryption module, the verification module can be formed by the FPGA chip based on the old version of the circuit logic configuration file.
  • the circuit logic configuration file can be directly read and configured in the FPGA chip.
  • the FPGA chip is volatile, and the circuit logic configuration file deployed after the power is off will be lost, so that the client needs to re-deploy the circuit logic configuration file after power on.
  • the FPGA structure can further include a memory, which is connected to the FPGA chip, so that the circuit logic configuration file is deployed in the memory, and the FPGA chip reads the circuit logic configuration file from the memory to implement related functions ;
  • the memory is non-volatile, even if the power is off, the circuit logic configuration file can still be saved, and after the power is turned on, it is only necessary to read the FPGA chip from the memory again, without the client re-deployment.
  • the memory may have various forms, such as a non-volatile memory that can be re-erasable, such as flash memory, and a non-re-erasable memory, such as a fuse memory, which is not limited in this specification. Therefore, when the old version of the circuit logic configuration file is deployed in the memory, the FPGA structure can update the memory based on the new version of the circuit logic configuration file, so that the old version of the circuit logic configuration file deployed in the memory is updated to the new version of the circuit logic configuration file.
  • the FPGA structure can generate an authentication result for the new version of the circuit logic configuration file that is updated and deployed, and the authentication result includes content related to the new version of the circuit logic configuration file. Then, the FPGA structure can sign the authentication result based on the new version of the authentication root key that was updated and deployed, and return the signed authentication result to the client.
  • the client can verify the signature of the received authentication result, and the client can generate related content based on the new version of the circuit logic file maintained by itself, then: the authentication result has passed the signature verification and the authentication result contains the "and the new version of the circuit logic configuration"
  • the client can confirm that the new version of the circuit logic configuration file is successfully deployed on the FPGA structure.
  • the foregoing content related to the new version of the circuit logic configuration file may be a hash value of the new version of the circuit logic configuration file or a derivative value of the hash value.
  • the FPGA structure can renegotiate the new version of the configuration file deployment key based on the new version of the authentication root key, and the FPGA structure can generate the hash value of the new version of the circuit logic configuration file and the hash value of the new version of the configuration file deployment key.
  • the client can determine based on the authentication result: the new version The circuit logic configuration file was successfully deployed on the FPGA structure, and the new version of the configuration file deployment key was successfully negotiated between the client and the FPGA structure.
  • Fig. 2 is a schematic structural diagram of a blockchain node provided by an exemplary embodiment.
  • an FPGA structure can be added to the blockchain node to implement hardware TEE.
  • the FPGA structure can be an FPGA board as shown in FIG. 2.
  • the FPGA board can be connected to the blockchain node through the PCIE interface to realize the data interaction between the FPGA board and the blockchain node.
  • FPGA boards can include FPGA chips, Flash (flash memory) chips, and dense tube chips; of course, in addition to FPGA chips in some embodiments, they may only include parts of the remaining Flash chips and dense tube chips. , Or may contain more structures, here are just examples.
  • no user-defined logic is programmed on the FPGA chip, which is equivalent to the FPGA chip in a blank state.
  • Users can burn circuit logic configuration files on the FPGA chip to form corresponding functions or logic on the FPGA chip.
  • the FPGA board does not have the capability of security protection, so it usually needs to provide an external security environment.
  • users can implement the programming of the circuit logic configuration file in an offline environment to achieve physical security isolation. Instead of implementing remote programming online.
  • the corresponding logic code can be formed through FPGA hardware language, and then the logic code can be mirrored to obtain the above-mentioned circuit logic configuration file.
  • the user can check the above-mentioned logic code. Especially, when multiple users are involved at the same time, multiple users can check the above logic code separately to ensure that the FPGA board can finally meet the needs of all users and prevent security risks, logic errors, fraud and other abnormalities. problem.
  • the user can burn the circuit logic configuration file to the FPGA board in the above-mentioned offline environment.
  • the circuit logic configuration file is transferred from the blockchain node to the FPGA board, and then deployed to the Flash chip as shown in Figure 2, so that even if the FPGA board is powered off, the Flash chip can still save the above-mentioned circuit logic. Configuration file.
  • Fig. 3 is a schematic diagram of forming a functional module on an FPGA chip provided by an exemplary embodiment.
  • the hardware logic unit contained in the FPGA chip can be configured to form corresponding functional modules on the FPGA chip.
  • the formed functional modules can include such The key agreement module, decryption verification module, encryption and decryption module, plaintext calculation module, etc. shown in FIG. 3.
  • the circuit logic configuration file can also be used to transmit the information that needs to be stored to the FPGA board.
  • the preset certificate can be stored on the FPGA chip, and the authentication root key can be stored in the secret tube chip (the authentication root key can also be Stored on the FPGA chip) and so on.
  • the FPGA board can realize remote key agreement with the user.
  • the key agreement process can use related technologies. Any algorithm or standard can be implemented, and this specification does not limit it.
  • the key agreement process can include: the user can generate a key Ka-1 at the local client, the key agreement module can generate a key Kb-1 locally, and the client can generate a key Kb-1 based on the key Ka- 1 Calculate the key agreement information Ka-2, the key agreement module can calculate the key agreement information Kb-2 based on the key Kb-1, and then the client sends the key agreement information Ka-2 to the key agreement module, The key agreement module sends the key agreement information Kb-2 to the client, so that the client can generate a secret value based on the key Ka-1 and the key agreement information Kb-2, and the key agreement module can be based on the key Kb -1 generates the same secret value as the key agreement information Ka-2, and finally the client and the key agreement module respectively derive the same
  • the key agreement information Ka-2 and key agreement information Kb-2 are transmitted between the client and the key agreement module via the blockchain node
  • the key Ka-1 is controlled by the client
  • the key Kb-1 is controlled by the key agreement module, so it can ensure that the blockchain node cannot know the final secret value and the configuration file deployment key, so as to avoid possible security risks.
  • the secret value is also used to derive the business secret deployment key; for example, the secret value can be derived as a 32-bit value, the first 16 bits can be used as the configuration file deployment key, and the last 16 bits can be used as the business secret deployment Key.
  • the user can deploy the service key to the FPGA board through the service secret deployment key.
  • the service key may include the node private key and the service root key.
  • the user can use the business secret deployment key on the client to sign, encrypt the node private key or the business root key, and send it to the FPGA board, so that after the FPGA board is decrypted and verified through the decryption verification module, Deploy the obtained node private key or service root key.
  • the FPGA board can be implemented as a TEE on the blockchain node to meet privacy requirements. For example, when a blockchain node receives a transaction, if the transaction is a plaintext transaction, the blockchain node can directly process the plaintext transaction, if the transaction is a private transaction, the blockchain node transmits the private transaction to the FPGA The board is processed.
  • the transaction content of a plaintext transaction is in plaintext form, and the contract status generated after the transaction is executed is also stored in plaintext form.
  • the transaction content of a private transaction is in the form of cipher text, which is obtained by encrypting the content of the transaction in plain text by the transaction initiator, and the contract state generated after the transaction is executed needs to be stored in the form of cipher text to ensure the protection of transaction privacy.
  • the transaction initiator can generate a symmetric key randomly or based on other methods.
  • the business public key corresponding to the above-mentioned business private key is disclosed, then the transaction initiator can perform transaction content in plaintext based on the symmetric key and the business public key.
  • the transaction initiator encrypts the plaintext transaction content with a symmetric key, and encrypts the symmetric key with the business public key.
  • the two parts obtained are included in the above-mentioned private transaction; in other words, the private transaction includes Two parts of content: the content of the transaction in plaintext encrypted with a symmetric key, and the symmetric key encrypted with the business public key.
  • the encryption and decryption module can use the business private key to decrypt the symmetric key encrypted with the business public key to obtain the symmetric key, and then the encryption and decryption module
  • the symmetric key is used to decrypt the plaintext transaction content encrypted with the symmetric key to obtain the plaintext transaction content.
  • Private transactions can be used to deploy smart contracts, then the data field of the plaintext transaction content can contain the contract code of the smart contract to be deployed; or, the privacy transaction can be used to call the smart contract, then the to field of the plaintext transaction content can contain the called The contract address of the smart contract, and the FPGA board can retrieve the corresponding contract code based on the contract address.
  • the plaintext calculation module formed on the FPGA chip is used to implement virtual machine logic in related technologies, that is, the plaintext calculation module is equivalent to the "hardware virtual machine" on the FPGA board. Therefore, after the contract code is determined based on the foregoing plaintext transaction content, the contract code can be passed into the plaintext calculation module, so that the plaintext calculation module executes the contract code. After the execution is completed, the state of the contract involved in the contract code may be updated.
  • the encryption and decryption module can encrypt the updated contract state through the aforementioned business root key or its derivative key, and store the encrypted contract state to ensure privacy
  • the transaction-related data is only in the clear text state in the FPGA chip and in the cipher text state outside the FPGA chip, so as to ensure the security of the data.
  • the user may want to update the version of the circuit logic configuration file deployed on the FPGA board.
  • the authentication root key contained in the circuit logic configuration file may be known by risky users, or the user wants to update the version on the FPGA board.
  • the deployed functional modules are upgraded, etc. This manual does not limit this.
  • the circuit logic configuration file that has been deployed in the above process can be referred to as the old version of the circuit logic configuration file, and the circuit logic configuration file that needs to be deployed is referred to as the new version of the circuit logic configuration file.
  • the user can generate a new version of the circuit logic configuration file through the process of writing code and mirroring. Further, the user can sign the new version of the circuit logic configuration file with his own private key, and then encrypt the signed new version of the circuit logic configuration file with the configuration file deployment key negotiated above to obtain the encrypted new version of the circuit Logical configuration file. In some cases, there may be multiple users at the same time, so the old version of the circuit logic configuration file needs to deploy the preset certificates corresponding to these users to the FPGA board, and these users need to use their own private keys to pair the new version of the circuit. Sign the logical configuration file.
  • Fig. 4 is a schematic diagram of newly updateable FPGA board provided by an exemplary embodiment.
  • the decryption verification module formed on the FPGA chip in the foregoing process is located on the transmission path between the PCIE interface and the Flash chip, so that the new version of the circuit logic configuration file after encryption must first pass the decryption verification module. After processing, it can be transferred to the Flash chip to achieve a credible update, and the Flash chip cannot be updated directly without bypassing the decryption and verification process.
  • the decryption verification module After the decryption verification module receives the encrypted new version of the circuit logic configuration file, it first decrypts it with the configuration file deployment key deployed on the FPGA board. If the decryption is successful, the decryption verification module is further based on the preset certificate deployed on the FPGA chip , To perform signature verification on the decrypted new version of the circuit logic configuration file.
  • the decryption and signature verification module will trigger the termination of the update operation; and if the decryption is successful and the signature verification is passed, you can It is determined that the obtained new version of the circuit logic configuration file is from the aforementioned user and has not been tampered with during the transmission process.
  • the new version of the circuit logic configuration file can be further transmitted to the Flash chip to update and deploy the old version of the circuit logic configuration file in the Flash chip.
  • the above-mentioned key agreement module, decryption and verification module can also be formed on the FPGA chip, and the pre-set certificate and authentication can be stored in the FPGA chip. Root key and other information.
  • the formed key agreement module, decryption verification module, etc., the implemented functional logic can be changed and upgraded, and the information stored in the deployed preset certificate, authentication root key and other information may also be different from the information before the update .
  • the FPGA board can remotely negotiate with the user to obtain a new configuration file deployment key based on the updated key agreement module, authentication root key, etc., and the configuration file deployment key can be used for the next renewal Update process. Similarly, a reliable update operation for FPGA boards can be continuously implemented accordingly.
  • the FPGA board can generate certification results for the new version of the circuit logic configuration file.
  • the above-mentioned key agreement module can calculate the hash value of the new version of the circuit logic configuration file and the hash value of the configuration file deployment key negotiated based on the new version of the circuit logic configuration file through an algorithm such as sm3 or other algorithms.
  • the calculation result can be used as the above-mentioned authentication result, and the key agreement module sends the authentication result to the user.
  • the user can verify the authentication result on the client based on the maintained new version of the circuit logic configuration file and the configuration file deployment key negotiated accordingly. If the verification is successful, it indicates that the new version of the circuit logic configuration file is successful on the FPGA board. Deployed, and the user and the FPGA board successfully negotiated accordingly to obtain a consistent configuration file deployment key, thereby confirming the successful completion of the circuit logic configuration file update deployment.
  • Fig. 5 is a schematic structural diagram of a trusted update device for FPGA logic provided by an exemplary embodiment.
  • the trusted update device for FPGA logic may include: a receiving unit 501, which enables the FPGA structure to receive the encrypted new version of the circuit logic configuration file from the client, and the FPGA structure includes the FPGA chip; Unit 502, enabling the FPGA structure to read the encrypted new version of the circuit logic configuration file into the decryption module on the FPGA chip for decryption.
  • the decryption module is based on the FPGA chip based on the old version deployed on the FPGA structure.
  • the circuit logic configuration file is formed; the update unit 503 enables the FPGA structure to be updated and deployed based on the new version of the circuit logic configuration file obtained by decryption, so that the FPGA structure is implemented as a trusted execution environment on the blockchain node to which it belongs.
  • a negotiation unit 504 which enables the FPGA structure to perform remote negotiation with the client based on the deployed authentication root key to negotiate a configuration file deployment key; wherein, the encrypted new version of the circuit
  • the logic configuration file is decrypted in the decryption module by the FPGA structure based on the configuration file deployment key.
  • the deployed authentication root key is deployed to the FPGA structure based on the old version of the circuit logic configuration file.
  • the deployed authentication root key is maintained in a key management chip included in the FPGA structure.
  • the new version of the circuit logic configuration file includes: a new version of the authentication root key for updating the deployed authentication root key.
  • it further includes: a signing unit 505 for enabling the FPGA structure to sign the authentication result through the new version of the authentication root key, the authentication result including content related to the new version of the circuit logic configuration file; a returning unit 506 , Enabling the FPGA structure to return the signed authentication result to the client, so that the client passes the signature verification on the authentication result and the authentication result contains information related to the new version of the circuit logic configuration file In the case of content, it is confirmed that the new version of the circuit logic configuration file is successfully deployed on the FPGA structure.
  • a signing unit 505 for enabling the FPGA structure to sign the authentication result through the new version of the authentication root key, the authentication result including content related to the new version of the circuit logic configuration file
  • a returning unit 506 Enabling the FPGA structure to return the signed authentication result to the client, so that the client passes the signature verification on the authentication result and the authentication result contains information related to the new version of the circuit logic configuration file In the case of content, it is confirmed that the new version of the circuit logic configuration file is successfully deployed on
  • it further includes: a verification unit 507 that enables the FPGA structure to read the encrypted new version of the circuit logic configuration file into the verification module on the FPGA chip for signature verification, and the verification module is used by the FPGA The chip is formed based on the old version of the circuit logic configuration file, and the preset certificate corresponding to the client has been deployed on the FPGA structure; the update unit 503 is specifically configured to: enable the FPGA structure to successfully verify the signature Next, update deployment based on the new version of the circuit logic configuration file.
  • the FPGA structure further includes a memory other than the FPGA chip; the update unit 503 is specifically configured to: enable the FPGA structure to update and deploy the memory based on the new version of the circuit logic configuration file.
  • a typical implementation device is a computer.
  • the specific form of the computer can be a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email receiving and sending device, and a game control A console, a tablet computer, a wearable device, or a combination of any of these devices.
  • the computer includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.
  • processors CPU
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • the memory may include non-permanent memory in a computer readable medium, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer readable media.
  • RAM random access memory
  • ROM read-only memory
  • flash RAM flash memory
  • Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology.
  • the information can be computer-readable instructions, data structures, program modules, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, disk storage, quantum memory, graphene-based storage media or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
  • first, second, third, etc. may be used to describe various information in one or more embodiments of this specification, the information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other.
  • first information may also be referred to as second information, and similarly, the second information may also be referred to as first information.
  • word “if” as used herein can be interpreted as "when” or “when” or "in response to determination”.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé et un appareil de mise à jour de confiance pour logique FPGA. Le procédé peut comprendre les étapes suivantes : une structure FPGA reçoit une nouvelle version cryptée de fichier de configuration de logique de circuit de la part d'un client, la structure FPGA comprenant une puce FPGA (102) ; la structure FPGA lit la nouvelle version cryptée du fichier de configuration de logique de circuit dans un module de décryptage sur la puce FPGA en vue du décryptage, le module de décryptage étant formé par la puce FPGA sur la base d'une ancienne version du fichier de configuration logique de circuit déployé sur la structure FPGA (104) ; la structure FPGA effectue une mise à jour du déploiement sur la base de la nouvelle version décryptée du fichier de configuration de logique de circuit, de sorte que la structure FPGA est mise en œuvre sous la forme d'un environnement d'exécution de confiance sur un nœud de chaîne de blocs auquel appartient la structure FPGA (106).
PCT/CN2020/100935 2019-09-25 2020-07-08 Procédé et appareil de mise à jour de confiance pour logique fpga WO2021057182A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910914123.9 2019-09-25
CN201910914123.9A CN110716728B (zh) 2019-09-25 2019-09-25 Fpga逻辑的可信更新方法及装置

Publications (1)

Publication Number Publication Date
WO2021057182A1 true WO2021057182A1 (fr) 2021-04-01

Family

ID=69210929

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/100935 WO2021057182A1 (fr) 2019-09-25 2020-07-08 Procédé et appareil de mise à jour de confiance pour logique fpga

Country Status (2)

Country Link
CN (1) CN110716728B (fr)
WO (1) WO2021057182A1 (fr)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110716728B (zh) * 2019-09-25 2020-11-10 支付宝(杭州)信息技术有限公司 Fpga逻辑的可信更新方法及装置
CN112765586A (zh) * 2021-01-12 2021-05-07 湖北宸威玺链信息技术有限公司 一种基于区块链的部署文件分发方法、设备和存储介质
US11379125B1 (en) 2021-03-31 2022-07-05 International Business Machines Corporation Trusted field programmable gate array
CN114756880B (zh) * 2022-04-14 2023-03-14 电子科技大学 一种基于fpga的信息隐藏方法及***

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060265603A1 (en) * 2005-03-24 2006-11-23 Sony United Kingdom Limited Programmable logic device
CN101272240A (zh) * 2007-03-21 2008-09-24 华为技术有限公司 一种会话密钥的生成方法、***和通信设备
US20180203629A1 (en) * 2017-01-19 2018-07-19 Intel Corporation Mrc training in fpga-in-memory-controller
CN109543435A (zh) * 2018-11-29 2019-03-29 郑州云海信息技术有限公司 一种fpga加密保护方法、***及服务器
WO2019120315A2 (fr) * 2019-03-26 2019-06-27 Alibaba Group Holding Limited Environnement d'exécution sécurisé basé sur un réseau prédiffusé programmable par l'utilisateur destiné à être utilisé dans un réseau de chaîne de blocs
CN110086659A (zh) * 2019-04-12 2019-08-02 苏州浪潮智能科技有限公司 一种fpga配置文件的安全更新***与方法
CN110716728A (zh) * 2019-09-25 2020-01-21 支付宝(杭州)信息技术有限公司 Fpga逻辑的可信更新方法及装置

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10528765B2 (en) * 2016-09-16 2020-01-07 Intel Corporation Technologies for secure boot provisioning and management of field-programmable gate array images
US9942094B1 (en) * 2016-12-28 2018-04-10 T-Mobile Usa, Inc. Trusted execution environment-based UICC update
CN209086901U (zh) * 2018-12-07 2019-07-09 苏州中科安源信息技术有限公司 安全在线多重配置信号处理板卡

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060265603A1 (en) * 2005-03-24 2006-11-23 Sony United Kingdom Limited Programmable logic device
CN101272240A (zh) * 2007-03-21 2008-09-24 华为技术有限公司 一种会话密钥的生成方法、***和通信设备
US20180203629A1 (en) * 2017-01-19 2018-07-19 Intel Corporation Mrc training in fpga-in-memory-controller
CN109543435A (zh) * 2018-11-29 2019-03-29 郑州云海信息技术有限公司 一种fpga加密保护方法、***及服务器
WO2019120315A2 (fr) * 2019-03-26 2019-06-27 Alibaba Group Holding Limited Environnement d'exécution sécurisé basé sur un réseau prédiffusé programmable par l'utilisateur destiné à être utilisé dans un réseau de chaîne de blocs
CN110086659A (zh) * 2019-04-12 2019-08-02 苏州浪潮智能科技有限公司 一种fpga配置文件的安全更新***与方法
CN110716728A (zh) * 2019-09-25 2020-01-21 支付宝(杭州)信息技术有限公司 Fpga逻辑的可信更新方法及装置

Also Published As

Publication number Publication date
CN110716728A (zh) 2020-01-21
CN110716728B (zh) 2020-11-10

Similar Documents

Publication Publication Date Title
WO2021179743A1 (fr) Procédé et appareil d'interrogation d'informations de confidentialité de compte dans une chaîne de blocs
WO2020238255A1 (fr) Procédé et appareil de gestion de contrat intelligent en fonction d'une chaîne de blocs et dispositif électronique
WO2021103794A1 (fr) Procédé permettant de réaliser une transaction de préservation de la vie privée hautement efficace dans une chaîne de blocs, et dispositif
WO2021057181A1 (fr) Procédé et dispositif de négociation de clés à base de fpga
WO2021057182A1 (fr) Procédé et appareil de mise à jour de confiance pour logique fpga
CN111541724B (zh) 区块链一体机及其节点自动加入方法、装置
WO2021057180A1 (fr) Procédé et dispositif de mise en œuvre de chaîne de blocs de confidentialité basée sur fpga, et dispositif
CN111541552B (zh) 区块链一体机及其节点自动加入方法、装置
WO2020233623A1 (fr) Procédé de stockage de reçu et nœud combinant un type de transaction et un état d'évaluation
WO2020233631A1 (fr) Procédé et nœud de stockage de reçu basés sur le type de transaction
WO2021057168A1 (fr) Procédé et appareil permettant de réaliser une opération de machine virtuelle sur la base d'un réseau fpga
WO2020233626A1 (fr) Procédé et nœud de stockage de reçu combinés à une limitation conditionnelle de types de transactions et d'utilisateurs
WO2020233630A1 (fr) Procédé et nœud de mémorisation de reçus en fonction du type d'utilisateur
WO2020233619A1 (fr) Procédé et nœud de stockage de reçu en combinaison avec un type d'utilisateur et un type de transaction
WO2020233625A1 (fr) Procédé de stockage de reçus combinant un type d'utilisateur, des conditions de détermination et un nœud
WO2021057166A1 (fr) Procédé et appareil pour mettre en œuvre un appel externe dans un fpga
WO2020233624A1 (fr) Procédé de mémorisation de reçus et nœud utilisant un type de transaction en combinaison avec un type de fonction d'événement
WO2020238955A1 (fr) Procédé et appareil pour réaliser un cryptage dynamique sur la base d'un décalage de transaction
WO2020233627A1 (fr) Procédé et nœud de stockage de reçu basés sur de multiples types de dimensions
WO2021057124A1 (fr) Procédé et dispositif de mise en œuvre de chaîne de blocs de confidentialité à base de fpga
WO2020233633A1 (fr) Procédé de stockage de reçus et nœud basé sur une condition de détermination
WO2021057167A1 (fr) Procédé et dispositif de traitement de transaction pour processeur de contrat intelligent sécurisé à base de fpga
WO2021057221A1 (fr) Procédé et appareil pour réaliser une mise à jour d'état sur la base d'un fpga
WO2021057272A1 (fr) Procédé et appareil pour mettre en œuvre une invocation de contrat basée sur fpga
WO2021057273A1 (fr) Procédé et appareil pour réaliser un appel de contrat efficace sur un fpga

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20870117

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20870117

Country of ref document: EP

Kind code of ref document: A1