WO2021057221A1 - Procédé et appareil pour réaliser une mise à jour d'état sur la base d'un fpga - Google Patents

Procédé et appareil pour réaliser une mise à jour d'état sur la base d'un fpga Download PDF

Info

Publication number
WO2021057221A1
WO2021057221A1 PCT/CN2020/103589 CN2020103589W WO2021057221A1 WO 2021057221 A1 WO2021057221 A1 WO 2021057221A1 CN 2020103589 W CN2020103589 W CN 2020103589W WO 2021057221 A1 WO2021057221 A1 WO 2021057221A1
Authority
WO
WIPO (PCT)
Prior art keywords
fpga
contract
chip
blockchain node
local space
Prior art date
Application number
PCT/CN2020/103589
Other languages
English (en)
Chinese (zh)
Inventor
潘国振
魏长征
闫莺
Original Assignee
支付宝(杭州)信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 支付宝(杭州)信息技术有限公司 filed Critical 支付宝(杭州)信息技术有限公司
Publication of WO2021057221A1 publication Critical patent/WO2021057221A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/76Architectures of general purpose stored program computers
    • G06F15/78Architectures of general purpose stored program computers comprising a single central processing unit
    • G06F15/7807System on chip, i.e. computer system on a single chip; System in package, i.e. computer system on one or more chips in a single package
    • G06F15/781On-chip cache; Off-chip memory
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • G06F8/63Image based installation; Cloning; Build to order

Definitions

  • One or more embodiments of this specification relate to the field of blockchain technology, and in particular, to a method and device for implementing status updates based on FPGA.
  • Blockchain technology is built on a transmission network (such as a peer-to-peer network).
  • the network nodes in the transmission network use chained data structures to verify and store data, and use distributed node consensus algorithms to generate and update data.
  • TEE Trusted Execution Environment
  • TEE can play the role of a black box in the hardware. Neither the code executed in the TEE nor the data operating system layer can be peeped, and only the pre-defined interface in the code can operate on it.
  • plaintext data is calculated in TEE instead of complex cryptographic operations in homomorphic encryption. There is no loss of efficiency in the calculation process. Therefore, the combination with TEE can achieve less performance loss. Under the premise, the security and privacy of the blockchain are greatly improved. At present, the industry is very concerned about the TEE solution.
  • TEE solutions including TPM (Trusted Platform Module) in software and Intel SGX (Software Guard Extensions) in hardware. , Software Protection Extension), ARM Trustzone (trust zone) and AMD PSP (Platform Security Processor, platform security processor).
  • one or more embodiments of this specification provide a method and device for implementing status update based on FPGA.
  • a method for implementing state update based on FPGA includes: the FPGA structure loads the deployed circuit logic configuration file to the FPGA chip contained in the FPGA structure, so that the An on-chip processor for realizing virtual machine logic is formed on the chip; the FPGA structure reads the code program of the smart contract and the contract state related to the code program into the on-chip processor, so that the on-chip processor runs all
  • the code program is used to update the value of the contract state, the smart contract is related to the transaction received by the blockchain node to which the FPGA structure belongs; the FPGA structure caches the updated value of the contract state in Local space to further synchronize from the local space to the blockchain node.
  • an apparatus for implementing state update based on FPGA which includes: a loading unit, which enables the FPGA structure to load the deployed circuit logic configuration file to the FPGA chip contained in itself, so as to An on-chip processor for realizing virtual machine logic is formed on the FPGA chip; a reading unit enables the FPGA structure to read the code program of the smart contract and the contract state involved in the code program into the on-chip processor , Enabling the on-chip processor to run the code program to update the value of the contract state, the smart contract is related to the transaction received by the blockchain node to which the FPGA structure belongs; a cache unit, enabling the FPGA The structure caches the updated value of the contract state in the local space, so as to further synchronize from the local space to the blockchain node.
  • an electronic device including: a processor; a memory for storing executable instructions of the processor; wherein the processor runs the executable instructions In order to realize the method as described in the first aspect.
  • a computer-readable storage medium on which computer instructions are stored, and when the instructions are executed by a processor, the steps of the method described in the first aspect are implemented.
  • Fig. 1 is a flowchart of a method for implementing status update based on FPGA provided by an exemplary embodiment.
  • Fig. 2 is a schematic structural diagram of a blockchain node provided by an exemplary embodiment.
  • Fig. 3 is a schematic diagram of forming a functional module on an FPGA chip provided by an exemplary embodiment.
  • Fig. 4 is a schematic structural diagram of another blockchain node provided by an exemplary embodiment.
  • Fig. 5 is a block diagram of a device for implementing status update based on FPGA provided by an exemplary embodiment.
  • the steps of the corresponding method are not necessarily executed in the order shown and described in this specification.
  • the method may include more or fewer steps than described in this specification.
  • a single step described in this specification may be decomposed into multiple steps for description in other embodiments; and multiple steps described in this specification may also be combined into a single step in other embodiments. description.
  • Block chains are generally divided into three types: Public Blockchain, Private Blockchain and Consortium Blockchain.
  • the public chain is represented by Bitcoin and Ethereum. Participants who join the public chain can read the data records on the chain, participate in transactions, and compete for the accounting rights of new blocks. Moreover, each participant (ie, node) can freely join and exit the network, and perform related operations.
  • the private chain is the opposite.
  • the write permission of the network is controlled by an organization or institution, and the data read permission is regulated by the organization.
  • the private chain can be a weakly centralized system with strict restrictions and few participating nodes.
  • This type of blockchain is more suitable for internal use by specific institutions.
  • Consortium chain is a block chain between public chain and private chain, which can realize "partial decentralization".
  • Each node in the alliance chain usually has a corresponding entity or organization; participants are authorized to join the network and form a stakeholder alliance to jointly maintain the operation of the blockchain.
  • the nodes in the blockchain network may use a solution that combines the blockchain and the TEE (Trusted Execution Environment).
  • TEE Trusted Execution Environment
  • TEE is a secure extension based on CPU hardware and a trusted execution environment that is completely isolated from the outside.
  • TEE was first proposed by Global Platform to solve the security isolation of resources on mobile devices, and parallel to the operating system to provide a trusted and secure execution environment for applications.
  • ARM's Trust Zone technology is the first to realize the real commercial TEE technology. With the rapid development of the Internet, security requirements are getting higher and higher. Not only mobile devices, cloud devices, and data centers have put forward more demands on TEE.
  • TEE has also been rapidly developed and expanded. Compared with the originally proposed concept, the TEE referred to now is a more generalized TEE.
  • server chip manufacturers Intel and AMD have successively introduced hardware-assisted TEE and enriched the concepts and features of TEE, which has been widely recognized in the industry.
  • the TEE mentioned now usually refers more to this kind of hardware-assisted TEE technology.
  • SGX provides an enclave (also known as an enclave), which is an encrypted trusted execution area in the memory, and the CPU protects data from being stolen.
  • enclave also known as an enclave
  • the CPU protects data from being stolen.
  • a part of the area EPC Enclave Page Cache, enclave page cache or enclave page cache
  • the encryption engine MEE Memory Encryption Engine
  • the first step in using TEE is to confirm the authenticity of TEE.
  • the related technology provides a remote certification mechanism for the above-mentioned SGX technology to prove that the SGX platform on the target device and the challenger have deployed the same configuration file.
  • the TEE technology in the related technology is implemented by software or a combination of software and hardware, even if the remote attestation method can indicate to a certain extent that the configuration file deployed in the TEE has not been tampered with, the TEE itself depends on the operation The environment cannot be verified.
  • a virtual machine for executing smart contracts needs to be configured in the TEE.
  • the instructions executed by the virtual machine are not directly executed, but actually executed corresponding X86 instructions (Assuming that the target device adopts the X86 architecture), which poses a certain degree of security risk.
  • this specification proposes a hardware TEE technology based on FPGA implementation.
  • FPGA implements hardware TEE by loading circuit logic configuration files. Because the content of the circuit logic configuration file can be checked and verified in advance, and the FPGA is configured and operated completely based on the logic recorded in the circuit logic configuration file, it can be ensured that the hardware TEE implemented by the FPGA has relatively higher security. However, FPGA needs to frequently synchronize the state of the contract with the blockchain node, which consumes a lot of resources.
  • the following describes a method for implementing status updates based on FPGA provided in this specification in conjunction with embodiments, so as to reduce the number of data interactions.
  • Fig. 1 is a flowchart of a method for implementing status update based on FPGA provided by an exemplary embodiment. As shown in Figure 1, the method is applied to the FPGA structure and may include steps 102-106.
  • Step 102 The FPGA structure loads the deployed circuit logic configuration file to the FPGA chip contained in the FPGA structure to form an on-chip processor for realizing virtual machine logic on the FPGA chip.
  • the FPGA chip contains a number of editable hardware logic units. After these hardware logic units are configured via a circuit logic configuration file, they can be implemented as corresponding functional modules to implement corresponding logic functions. Specifically, the circuit logic configuration file can be burned to the FPGA structure based on the form of a bit stream. For example, the above-mentioned on-chip processor is formed by the deployed circuit logic configuration file, and by further deploying other related functional modules, the FPGA structure can be configured as a hardware TEE on the blockchain node. Since these functional modules are completely configured by the circuit logic configuration file, it is possible to determine the logic and other aspects of the information realized by the functional module configured by checking the circuit logic configuration file to ensure that the functional module can be configured according to the complete user’s requirements. Needs to be formed and run.
  • the circuit logic configuration file can be deployed locally to the FPGA structure.
  • the deployment operation can be implemented in an offline environment to ensure safety.
  • the user can remotely deploy the circuit logic configuration file to the FPGA structure.
  • Step 104 The FPGA structure reads the code program of the smart contract and the state of the contract involved in the code program into the on-chip processor, and makes the on-chip processor run the code program to update the contract status.
  • the smart contract is related to the transaction received by the blockchain node to which the FPGA structure belongs.
  • the blockchain node After the blockchain node receives the transaction initiated by the transaction initiator, it can transmit the transaction to the FPGA structure to obtain the code program of the smart contract involved in the transaction from the FPGA structure. For example, when the transaction is used to deploy a smart contract, the FPGA structure can obtain the code program from the data field of the transaction; when the transaction is used to call a smart contract, the FPGA structure can obtain the called smart contract from the to field of the transaction And obtain the deployed code program based on the contract address, where the code program can be deployed at the blockchain node or in the local space of the FPGA structure.
  • a node private key can be deployed on the FPGA structure, and the node public key corresponding to the node private key is in a public state.
  • the above transaction can be encrypted and generated by the transaction initiator based on the symmetric key and node public key maintained by itself (for example, randomly generated for each transaction) using a digital envelope method: the transaction initiator encrypts the plaintext transaction content through the symmetric key to obtain The ciphertext transaction content, and the above-mentioned symmetric key is encrypted by the node public key to obtain the ciphertext symmetric key, and the above-mentioned transaction includes the ciphertext transaction content and the ciphertext symmetric key.
  • the FPGA structure can form a decryption module on the FPGA chip through the deployed circuit logic configuration file, and decrypt the above-mentioned transaction through the decryption module.
  • the decryption module first decrypts the ciphertext symmetric key based on the node's private key to obtain the above-mentioned symmetric key, and then the decryption module decrypts the ciphertext transaction content based on the symmetric key to obtain the above-mentioned plaintext transaction content, and then based on The data field or to field of the plaintext transaction content obtains the above-mentioned code program.
  • the contract state involved in the code program can be stored at the blockchain node or in the local space of the FPGA structure.
  • the FPGA structure can access the local space first. If it is found in the local space, it can avoid the relatively higher overhead caused by accessing the blockchain node, and it can also improve the efficiency of obtaining the contract state; of course, the above code program is not included in the local space.
  • the FPGA structure needs to request the blockchain node to obtain the contract status involved in the code program.
  • Step 106 The FPGA structure caches the updated value of the contract state in a local space, so as to further synchronize from the local space to the blockchain node.
  • the FPGA structure can directly read the value of the contract state from the local space, avoiding access to the blockchain node This causes relatively higher overhead and improves the efficiency of reading the value of the contract state.
  • the updated value of the contract state cached in the local space is synchronized to the blockchain node by periodically or triggering to ensure that the blockchain node can update the world state maintained in a timely manner.
  • the local space of the FPGA structure may include: on-chip storage space of the FPGA chip, or external storage space of the FPGA chip (for example, external DDR, etc.), or both. Since the inside of the FPGA chip is considered to be in the security range and the outside of the FPGA chip is considered to be a security risk, when the value of the contract state is updated and cached in the on-chip storage space, it can be directly stored in plaintext form, and when the contract state is updated When the value is cached in the external storage space, the updated value of the contract state needs to be encrypted by the encryption module on the FPGA chip to realize the cache.
  • the encryption module is formed by loading the aforementioned deployed circuit logic configuration file by the FPGA chip.
  • the value of the contract state can be directly read from the on-chip cache space and read in On-chip processor, if the value of the contract state is cached in the external storage space, the decryption module on the FPGA chip needs to decrypt the encrypted contract state read from the external storage space, and the decrypted contract state The value is read into the on-chip processor.
  • the FPGA structure needs to synchronize the data in the on-chip storage space to the blockchain node, since the data in the on-chip storage space is in plaintext state, it is necessary to encrypt the data in the on-chip storage space through the aforementioned encryption module After that, it is synchronized to the blockchain node.
  • the FPGA structure needs to synchronize the data in the external storage space to the blockchain node, since the data in the external storage space is encrypted, the data in the external storage space can be directly synchronized to the blockchain node.
  • the FPGA structure synchronizes the updated value of the contract state cached in the local space to the blockchain node, so that the blockchain node can update the world state.
  • the FPGA structure caches the updated value of the contract state in the local space before the code program is executed, and after the code program is executed, the updated value of the contract state cached in the local space is synchronized in batches To the blockchain node. Since the value of the contract state may be in an intermediate state before the code execution is completed, and there is a possibility of change, the implementation of batch synchronization after the execution of the code program can reduce the data interaction between the local space and the blockchain node. In order to reduce the corresponding resource consumption.
  • the FPGA structure can take the updated value of the contract state cached in the local space, and the updated value of the contract state involved in other smart contracts cached in the local space, and synchronize them to the blockchain. Node; among them, the cumulative number of smart contracts and other smart contracts is not less than the preset value.
  • synchronization is implemented after each smart contract is executed.
  • batch synchronization can be implemented for the execution results of multiple smart contracts, so there is no dependency between these smart contracts. This can not only ensure the correct execution of the code program, but also further reduce the data interaction between the local space and the blockchain node, so as to reduce the corresponding resource consumption.
  • the local space of the FPGA structure can also cache world state data.
  • the FPGA structure can update the world state data based on the updated value of the contract state obtained above, and then synchronize the latest world state data in the local space to the blockchain node. Since the world state data is in the local space of the FPGA structure, when the value of the contract state is updated in the FPGA structure, compared to the aforementioned update of the contract state, the value is synchronized to the blockchain node and the blockchain node Actively update the world state, which can update the world state data in the local space relatively earlier or even in real time (or quasi real time),
  • the above-mentioned world state data cached in the local space may include the full amount of world state data, that is, both the local space and the blockchain node maintain the full amount of world state data.
  • the world state data cached in the above-mentioned local space may include hot world state data, that is, only a part of the world state data is cached in the local space, which is different from the full amount of world state data maintained by the blockchain node.
  • Hot world state data refers to world state data with a relatively higher update frequency or update probability, that is, hot data in world state data, which is different from cold data in world state data that is not updated for a long time and has a relatively lower update frequency.
  • the hotspot world state data may include, for example, the world state data related to the most recent one or more blocks, or the world state data corresponding to the hotspot account, etc. This specification does not limit this.
  • Fig. 2 is a schematic structural diagram of a blockchain node provided by an exemplary embodiment.
  • an FPGA structure can be added to the blockchain node to implement hardware TEE.
  • the FPGA structure can be an FPGA board as shown in FIG. 2.
  • the FPGA board can be connected to the blockchain node through the PCIE interface to realize the data interaction between the FPGA board and the blockchain node.
  • FPGA boards can include FPGA chips, Flash (flash memory) chips, and dense tube chips; of course, in addition to FPGA chips in some embodiments, they may only include parts of the remaining Flash chips and dense tube chips. , Or may contain more structures, here are just examples.
  • no user-defined logic is programmed on the FPGA chip, which is equivalent to the FPGA chip in a blank state.
  • Users can burn circuit logic configuration files on the FPGA chip to form corresponding functions or logic on the FPGA chip.
  • the FPGA board does not have the capability of security protection, so it usually needs to provide an external security environment.
  • users can implement the programming of the circuit logic configuration file in an offline environment to achieve physical security isolation. Instead of implementing remote programming online.
  • the corresponding logic code can be formed through FPGA hardware language, and then the logic code can be mirrored to obtain the above-mentioned circuit logic configuration file.
  • the user can check the above-mentioned logic code. Especially, when multiple users are involved at the same time, multiple users can check the above logic code separately to ensure that the FPGA board can finally meet the needs of all users and prevent security risks, logic errors, fraud and other abnormalities. problem.
  • the user can burn the circuit logic configuration file to the FPGA board in the above-mentioned offline environment.
  • the circuit logic configuration file is transferred from the blockchain node to the FPGA board, and then deployed to the Flash chip as shown in Figure 2, so that even if the FPGA board is powered off, the Flash chip can still save the above-mentioned circuit logic. Configuration file.
  • Fig. 3 is a schematic diagram of forming a functional module on an FPGA chip provided by an exemplary embodiment.
  • the hardware logic unit contained in the FPGA chip can be configured to form corresponding functional modules on the FPGA chip.
  • the formed functional modules can include such Figure 3 shows the on-chip cache module, plaintext calculation module, key agreement module, decryption verification module, encryption and decryption module, etc.
  • the circuit logic configuration file can also be used to transmit the information that needs to be stored to the FPGA board.
  • the preset certificate can be stored on the FPGA chip, and the authentication root key can be stored in the secret tube chip (the authentication root key can also be Stored on the FPGA chip) and so on.
  • the FPGA board can realize remote key agreement with the user.
  • the key agreement process can use related technologies. Any algorithm or standard can be implemented, and this specification does not limit it.
  • the key agreement process can include: the user can generate a key Ka-1 at the local client, the key agreement module can generate a key Kb-1 locally, and the client can generate a key Kb-1 based on the key Ka- 1 Calculate the key agreement information Ka-2, the key agreement module can calculate the key agreement information Kb-2 based on the key Kb-1, and then the client sends the key agreement information Ka-2 to the key agreement module, The key agreement module sends the key agreement information Kb-2 to the client, so that the client can generate a secret value based on the key Ka-1 and the key agreement information Kb-2, and the key agreement module can be based on the key Kb -1 generates the same secret value as the key agreement information Ka-2, and finally the client and the key agreement module respectively derive the same
  • the key agreement information Ka-2 and key agreement information Kb-2 are transmitted between the client and the key agreement module via the blockchain node
  • the key Ka-1 is controlled by the client
  • the key Kb-1 is controlled by the key agreement module, so it can ensure that the blockchain node cannot know the final secret value and the configuration file deployment key, so as to avoid possible security risks.
  • the secret value is also used to derive the business secret deployment key; for example, the secret value can be derived as a 32-bit value, the first 16 bits can be used as the configuration file deployment key, and the last 16 bits can be used as the business secret deployment Key.
  • the user can deploy the service key to the FPGA board through the service secret deployment key.
  • the service key may include the node private key and the service root key.
  • the user can use the business secret deployment key on the client to sign, encrypt the node private key or the business root key, and send it to the FPGA board, so that after the FPGA board is decrypted and verified through the decryption verification module, Deploy the obtained node private key or service root key.
  • the FPGA board can be implemented as a TEE on the blockchain node to meet privacy requirements. For example, when a blockchain node receives a transaction, if the transaction is a plaintext transaction, the blockchain node can directly process the plaintext transaction, if the transaction is a private transaction, the blockchain node transmits the private transaction to the FPGA The board is processed.
  • the transaction content of a plaintext transaction is in plaintext form, and the contract status generated after the transaction is executed is also stored in plaintext form.
  • the transaction content of a private transaction is in the form of cipher text, which is obtained by encrypting the content of the transaction in plain text by the transaction initiator, and the contract state generated after the transaction is executed needs to be stored in the form of cipher text to ensure the protection of transaction privacy.
  • the transaction initiator can generate a symmetric key randomly or based on other methods.
  • the business public key corresponding to the above-mentioned business private key is disclosed, then the transaction initiator can perform transaction content in plaintext based on the symmetric key and the business public key.
  • the transaction initiator encrypts the plaintext transaction content with a symmetric key, and encrypts the symmetric key with the business public key.
  • the two parts obtained are included in the above-mentioned private transaction; in other words, the private transaction includes Two parts of content: the content of the transaction in plaintext encrypted with a symmetric key, and the symmetric key encrypted with the business public key.
  • the encryption and decryption module can use the business private key to decrypt the symmetric key encrypted with the business public key to obtain the symmetric key, and then the encryption and decryption module
  • the symmetric key is used to decrypt the plaintext transaction content encrypted with the symmetric key to obtain the plaintext transaction content.
  • Private transactions can be used to deploy smart contracts, then the data field of the plaintext transaction content can contain the contract code of the smart contract to be deployed; or, the privacy transaction can be used to call the smart contract, then the to field of the plaintext transaction content can contain the called The contract address of the smart contract, and the FPGA board can retrieve the corresponding contract code based on the contract address.
  • the plaintext calculation module formed on the FPGA chip is used to implement virtual machine logic in related technologies, that is, the plaintext calculation module is equivalent to the "hardware virtual machine" on the FPGA board. Therefore, after the contract code is determined based on the foregoing plaintext transaction content, the contract code can be passed into the plaintext calculation module, so that the plaintext calculation module executes the contract code.
  • the plaintext calculation module is equivalent to the on-chip processor formed on the FPGA chip in this specification.
  • the contract code involves one or more contract states.
  • the on-chip processor needs to read the historical value (recent value) of these contract states during the execution of the contract code, and the execution of the contract code may cause at least part of the contract state The value of has changed.
  • the on-chip processor can store the value of the contract state involved in the on-chip cache module on the FPGA chip; accordingly, the on-chip processor executes the contract code of each smart contract. , Will first look up the value of the contract state involved in the contract code from the on-chip cache module.
  • the on-chip processor directly reads the value from the on-chip cache module; if the value of the required contract state is not stored in the on-chip cache module, it is processed on-chip The device then obtains the value of the required contract state from the blockchain node. But obviously, compared to obtaining the value of the contract state from the blockchain node, the on-chip processor consumes less resources and the reading speed is relatively faster to read the value of the contract state from the on-chip cache module.
  • the value of the contract state stored in the on-chip cache module is in the clear text state, and the contract state maintained at the blockchain node
  • the value of is in the ciphertext state, so the value of the contract state read by the on-chip processor from the on-chip cache module can directly participate in the execution of the corresponding contract code, while the on-chip processor fetches the contract state obtained from the blockchain node
  • the value needs to be decrypted by the encryption and decryption module before it can participate in the execution of the contract code by the on-chip processor. Therefore, compared to the value obtained from the blockchain node for the contract state, the on-chip processor obtains the value from the on-chip cache module. Reading the value of the contract state consumes less resources and the reading speed is relatively faster.
  • the on-chip processor executes the contract code
  • the updated value can be stored in the on-chip cache module for subsequent direct access from the on-chip cache module Read these values.
  • the updated value of the contract state stored in the on-chip cache module can be synchronized to the blockchain node for the blockchain node to update the world state maintained.
  • the synchronized data needs to be encrypted by the encryption and decryption module, so that the blockchain node can only receive the ciphertext data.
  • the on-chip cache module can also be used to maintain the state of the world.
  • the on-chip cache module can maintain full world state data or hotspot world state data.
  • the on-chip processor executes the contract code
  • the updated value of the contract state can be stored in the on-chip cache module in real time, so that the on-chip cache module can update the maintained world state in real time; of course, after the contract state is updated
  • the value needs to be encrypted by the encryption and decryption module before participating in the update process for the world state.
  • the on-chip cache module synchronizes the maintained world state to the blockchain node, so that the blockchain node updates the world state maintained by itself.
  • the value of the cached contract state can be directly synchronized to the blockchain node, so that the blockchain node can synchronize the world state, and it can also be used in the on-chip cache module.
  • the world state is updated, and the updated world state is synchronized to the blockchain node.
  • FIG. 4 is a schematic structural diagram of a blockchain node provided by an exemplary embodiment.
  • the FPGA board may further include an external DDR, and the external DDR can implement data interaction with the FPGA chip. Then, the external DDR can implement the above-mentioned related functions of the on-chip cache module, such as caching the value of the contract state, or caching the world state.
  • the external DDR is not on the FPGA chip
  • the data on the FPGA chip needs to be encrypted by the encryption and decryption module before being transmitted to the external DDR to ensure that only ciphertext data exists on the external DDR
  • the data on the external DDR also needs
  • the obtained plaintext data can be applied to processing operations such as on-chip processors.
  • the external DDR involves data encryption and decryption and the data transmission efficiency is relatively lower, but it is relatively better than the data transmission efficiency between the FPGA board and the blockchain node.
  • the storage space of the external DDR is often larger or even much larger than the storage space of the on-chip cache module, so the external DDR can help to achieve more data cache.
  • the FPGA board can include an on-chip cache module and an external DDR at the same time.
  • the value of the contract state can be cached in the on-chip cache module, and the world state can be maintained in the external DDR.
  • the user may want to update the version of the circuit logic configuration file deployed on the FPGA board.
  • the authentication root key contained in the circuit logic configuration file may be known by risky users, or the user wants to update the version on the FPGA board.
  • the deployed functional modules are upgraded, etc. This manual does not limit this.
  • the circuit logic configuration file that has been deployed in the above process can be referred to as the old version of the circuit logic configuration file, and the circuit logic configuration file that needs to be deployed is referred to as the new version of the circuit logic configuration file.
  • the user can generate a new version of the circuit logic configuration file through the process of writing code and mirroring. Further, the user can sign the new version of the circuit logic configuration file with his own private key, and then encrypt the signed new version of the circuit logic configuration file with the configuration file deployment key negotiated above to obtain the encrypted new version of the circuit Logical configuration file. In some cases, there may be multiple users at the same time, so the old version of the circuit logic configuration file needs to deploy the preset certificates corresponding to these users to the FPGA board, and these users need to use their own private keys to pair the new version of the circuit. Sign the logical configuration file.
  • the user can remotely send the encrypted new version of the circuit logic configuration file to the blockchain node through the client, and the blockchain node will further transfer it to the FPGA board.
  • the decryption verification module formed on the FPGA chip in the foregoing process is located on the transmission path between the PCIE interface and the Flash chip, so that the encrypted new version of the circuit logic configuration file must first be successfully processed by the decryption verification module before it can be
  • the Flash chip is passed in to achieve a credible update, and the Flash chip cannot be updated directly without bypassing the process of decryption and verification.
  • the decryption verification module After the decryption verification module receives the encrypted new version of the circuit logic configuration file, it first decrypts it with the configuration file deployment key deployed on the FPGA board. If the decryption is successful, the decryption verification module is further based on the preset certificate deployed on the FPGA chip , To perform signature verification on the decrypted new version of the circuit logic configuration file.
  • the decryption and signature verification module will trigger the termination of the update operation; and if the decryption is successful and the signature verification is passed, you can It is determined that the obtained new version of the circuit logic configuration file is from the aforementioned user and has not been tampered with during the transmission process.
  • the new version of the circuit logic configuration file can be further transmitted to the Flash chip to update and deploy the old version of the circuit logic configuration file in the Flash chip.
  • the above-mentioned plaintext calculation module, on-chip cache module, key agreement module, encryption and decryption module, decryption verification module, and storage in the FPGA chip can also be formed on the FPGA chip. Enter the preset certificate, and store the authentication root key to the secret management chip and other information.
  • the formed plaintext calculation module, on-chip cache module, key agreement module, encryption/decryption module, decryption and signature verification module, etc., the implemented functional logic can be changed and upgraded, and stored in the deployed preset certificate, authentication root Information such as keys may also be different from the information before the update.
  • the FPGA board can remotely negotiate with the user to obtain a new configuration file deployment key based on the updated key agreement module, authentication root key, etc., and the configuration file deployment key can be used for the next renewal Update process. Similarly, a reliable update operation for FPGA boards can be continuously implemented accordingly.
  • the FPGA board can generate certification results for the new version of the circuit logic configuration file.
  • the above-mentioned key agreement module can calculate the hash value of the new version of the circuit logic configuration file and the hash value of the configuration file deployment key negotiated based on the new version of the circuit logic configuration file through an algorithm such as sm3 or other algorithms.
  • the calculation result can be used as the above-mentioned authentication result, and the key agreement module sends the authentication result to the user.
  • the user can verify the authentication result on the client based on the maintained new version of the circuit logic configuration file and the configuration file deployment key negotiated accordingly. If the verification is successful, it indicates that the new version of the circuit logic configuration file is successful on the FPGA board. Deployed, and the user and the FPGA board successfully negotiated accordingly to obtain a consistent configuration file deployment key, thereby confirming the successful completion of the circuit logic configuration file update deployment.
  • Fig. 5 is a schematic structural diagram of a device for implementing status update based on FPGA provided by an exemplary embodiment.
  • the device for implementing status update based on FPGA may include: a loading unit 501, which causes the FPGA structure to load the deployed circuit logic configuration file to the FPGA chip contained in the FPGA chip, so as to load the deployed circuit logic configuration file on the FPGA chip.
  • An on-chip processor used to implement the logic of the virtual machine is formed on the above; the reading unit 502 enables the FPGA structure to read the code program of the smart contract and the contract state involved in the code program into the on-chip processor, so that the The on-chip processor runs the code program to update the value of the contract state, and the smart contract is related to the transaction received by the blockchain node to which the FPGA structure belongs; the cache unit 503 makes the FPGA structure store all The updated value of the contract state is cached in the local space to further synchronize from the local space to the blockchain node.
  • the reading unit 502 is specifically configured to: enable the FPGA structure to preferentially access the local space;
  • the FPGA structure is made to request the blockchain node to obtain the contract state involved in the code program.
  • a contract state synchronization unit 504 which enables the FPGA structure to synchronize the updated value of the contract state cached in the local space to the blockchain node so that the block The chain node updates the world state.
  • the contract state synchronization unit 504 is specifically configured to: enable the FPGA structure to cache the updated value of the contract state in the local space before the execution of the code program is completed; After the execution of the code program is completed, the updated value of the contract state cached in the local space is synchronized to the blockchain node in batches.
  • the contract state synchronization unit 504 is specifically configured to: enable the FPGA structure to obtain the updated value of the contract state cached in the local space, and other smart contract locations cached in the local space The updated value of the involved contract status is synchronized to the blockchain node together; wherein, the cumulative number of contracts of the smart contract and the other smart contracts is not less than a preset value.
  • a world state synchronization unit 505 which enables the FPGA structure to perform data on the world state data based on the updated value of the contract state when the world state data is cached in the local space. Update; enable the FPGA structure to synchronize the latest world state data in the local space to the blockchain node.
  • the world state data cached in the local space includes: full world state data or hotspot world state data.
  • the hotspot world state data includes: world state data related to one or more recent blocks, or world state data corresponding to a hotspot account.
  • the local space includes: on-chip storage space of the FPGA chip, and/or external storage space of the FPGA chip.
  • the caching unit 503 is specifically configured to: enable the FPGA structure to cache the updated value of the contract state in the on-chip storage space in plain text; enable the FPGA structure to pair with the encryption module on the FPGA chip The updated value of the contract state is encrypted and then cached in the external storage space; wherein the encryption module is formed by loading the deployed circuit logic configuration file by the FPGA chip.
  • it further includes: an encryption unit 506, which enables the FPGA structure to encrypt data in the on-chip storage space through the encryption module, and then synchronizes the data to the blockchain node; a data synchronization unit 507 enables all The FPGA structure synchronizes the data in the external storage space to the blockchain node.
  • a typical implementation device is a computer.
  • the specific form of the computer can be a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email receiving and sending device, and a game control A console, a tablet computer, a wearable device, or a combination of any of these devices.
  • the computer includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.
  • processors CPU
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • the memory may include non-permanent memory in a computer readable medium, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer readable media.
  • RAM random access memory
  • ROM read-only memory
  • flash RAM flash memory
  • Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology.
  • the information can be computer-readable instructions, data structures, program modules, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, disk storage, quantum memory, graphene-based storage media or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
  • first, second, third, etc. may be used to describe various information in one or more embodiments of this specification, the information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other.
  • first information may also be referred to as second information, and similarly, the second information may also be referred to as first information.
  • word “if” as used herein can be interpreted as "when” or “when” or "in response to determination”.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computing Systems (AREA)
  • Medical Informatics (AREA)
  • Data Mining & Analysis (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)

Abstract

Un ou plusieurs modes de réalisation de la présente invention concernent un procédé et un appareil pour réaliser une mise à jour d'état sur la base d'un FPGA. Le procédé comprend les étapes suivantes : une structure FPGA charge un fichier de configuration logique de circuit déployé dans une puce FPGA contenue dans celle-ci, de telle sorte qu'un processeur sur puce utilisé pour réaliser une logique de machine virtuelle soit formé sur la puce FPGA ; la structure FPGA lit un programme de code d'un contrat intelligent et un état de contrat associé au programme de code dans le processeur sur puce, de sorte que le processeur sur puce exécute le programme de code pour mettre à jour la valeur de l'état de contrat, le contrat intelligent étant associé à une transaction reçue par un nœud de chaîne de blocs auquel appartient la structure FPGA ; et la structure FPGA met en cache la valeur mise à jour de l'état de contrat dans un espace local pour synchroniser davantage la valeur mise à jour de l'état de contrat, de l'espace local au nœud de chaîne de blocs.
PCT/CN2020/103589 2019-09-25 2020-07-22 Procédé et appareil pour réaliser une mise à jour d'état sur la base d'un fpga WO2021057221A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910913487.5 2019-09-25
CN201910913487.5A CN110688651A (zh) 2019-09-25 2019-09-25 基于fpga实现状态更新的方法及装置

Publications (1)

Publication Number Publication Date
WO2021057221A1 true WO2021057221A1 (fr) 2021-04-01

Family

ID=69110284

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/103589 WO2021057221A1 (fr) 2019-09-25 2020-07-22 Procédé et appareil pour réaliser une mise à jour d'état sur la base d'un fpga

Country Status (2)

Country Link
CN (1) CN110688651A (fr)
WO (1) WO2021057221A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110688651A (zh) * 2019-09-25 2020-01-14 支付宝(杭州)信息技术有限公司 基于fpga实现状态更新的方法及装置
CN112564924B (zh) * 2020-11-12 2023-01-03 深圳宏芯宇电子股份有限公司 计算机扩展卡及区块链终端设备

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019090005A1 (fr) * 2017-11-01 2019-05-09 Clause, Inc. Système et procédé pour un réseau à base de chaîne de blocs ayant subi une transition par un contrat juridique
CN109831298A (zh) * 2019-01-31 2019-05-31 阿里巴巴集团控股有限公司 区块链中安全更新密钥的方法及节点、存储介质
CN110020856A (zh) * 2019-01-31 2019-07-16 阿里巴巴集团控股有限公司 区块链中实现混合交易的方法、节点和存储介质
CN110688651A (zh) * 2019-09-25 2020-01-14 支付宝(杭州)信息技术有限公司 基于fpga实现状态更新的方法及装置
CN110738567A (zh) * 2019-09-25 2020-01-31 支付宝(杭州)信息技术有限公司 基于fpga的安全智能合约处理器的交易处理方法及装置

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110008735B (zh) * 2019-01-31 2020-05-19 阿里巴巴集团控股有限公司 区块链中实现合约调用的方法及节点、存储介质
CN109829325A (zh) * 2019-03-06 2019-05-31 苏州浪潮智能科技有限公司 一种部分重配置文件加密方法、***、fpga及可读存储介质

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019090005A1 (fr) * 2017-11-01 2019-05-09 Clause, Inc. Système et procédé pour un réseau à base de chaîne de blocs ayant subi une transition par un contrat juridique
CN109831298A (zh) * 2019-01-31 2019-05-31 阿里巴巴集团控股有限公司 区块链中安全更新密钥的方法及节点、存储介质
CN110020856A (zh) * 2019-01-31 2019-07-16 阿里巴巴集团控股有限公司 区块链中实现混合交易的方法、节点和存储介质
CN110688651A (zh) * 2019-09-25 2020-01-14 支付宝(杭州)信息技术有限公司 基于fpga实现状态更新的方法及装置
CN110738567A (zh) * 2019-09-25 2020-01-31 支付宝(杭州)信息技术有限公司 基于fpga的安全智能合约处理器的交易处理方法及装置

Also Published As

Publication number Publication date
CN110688651A (zh) 2020-01-14

Similar Documents

Publication Publication Date Title
WO2021179743A1 (fr) Procédé et appareil d'interrogation d'informations de confidentialité de compte dans une chaîne de blocs
US10839107B2 (en) Managing a smart contract on a blockchain
WO2021103794A1 (fr) Procédé permettant de réaliser une transaction de préservation de la vie privée hautement efficace dans une chaîne de blocs, et dispositif
WO2020238255A1 (fr) Procédé et appareil de gestion de contrat intelligent en fonction d'une chaîne de blocs et dispositif électronique
WO2021057181A1 (fr) Procédé et dispositif de négociation de clés à base de fpga
WO2020233623A1 (fr) Procédé de stockage de reçu et nœud combinant un type de transaction et un état d'évaluation
WO2020233625A1 (fr) Procédé de stockage de reçus combinant un type d'utilisateur, des conditions de détermination et un nœud
WO2020233630A1 (fr) Procédé et nœud de mémorisation de reçus en fonction du type d'utilisateur
WO2020233631A1 (fr) Procédé et nœud de stockage de reçu basés sur le type de transaction
WO2021057182A1 (fr) Procédé et appareil de mise à jour de confiance pour logique fpga
WO2020233635A1 (fr) Procédé de stockage de reçu combinant des restrictions conditionnelles de multiples types de dimensions et nœud
WO2021057180A1 (fr) Procédé et dispositif de mise en œuvre de chaîne de blocs de confidentialité basée sur fpga, et dispositif
WO2020233626A1 (fr) Procédé et nœud de stockage de reçu combinés à une limitation conditionnelle de types de transactions et d'utilisateurs
WO2020233619A1 (fr) Procédé et nœud de stockage de reçu en combinaison avec un type d'utilisateur et un type de transaction
WO2021057168A1 (fr) Procédé et appareil permettant de réaliser une opération de machine virtuelle sur la base d'un réseau fpga
WO2020233615A1 (fr) Procédé de stockage de reçu combinant un type d'utilisateur et un type de fonction d'événement et nœud
WO2021057166A1 (fr) Procédé et appareil pour mettre en œuvre un appel externe dans un fpga
WO2020233624A1 (fr) Procédé de mémorisation de reçus et nœud utilisant un type de transaction en combinaison avec un type de fonction d'événement
WO2020233628A1 (fr) Procédé et nœud de stockage de reçu basés sur une combinaison d'un type de fonction d'événement et d'une condition d'évaluation
WO2020233627A1 (fr) Procédé et nœud de stockage de reçu basés sur de multiples types de dimensions
WO2020233632A1 (fr) Procédé et nœud de stockage de reçu basés sur un type de fonction d'événement
WO2020233634A1 (fr) Procédé et noeud destinés à une mémoire de réception associant des restrictions de condition de type de transaction et d'événement
WO2020233633A1 (fr) Procédé de stockage de reçus et nœud basé sur une condition de détermination
WO2021057124A1 (fr) Procédé et dispositif de mise en œuvre de chaîne de blocs de confidentialité à base de fpga
WO2021057167A1 (fr) Procédé et dispositif de traitement de transaction pour processeur de contrat intelligent sécurisé à base de fpga

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20870231

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20870231

Country of ref document: EP

Kind code of ref document: A1