Method and device for accessing external data
Technical field:
Field involved: This document relates to the field of verifiable computing technology, especially the application of blockchain and privacy protection technology.
Technical background: Privacy protection is achieved through encryption technologies such as homomorphic encryption and zero-knowledge proof, but these technologies bring performance loss. Trusted execution environment (TEE) is another solution that ensures data security and privacy through hardware isolation.
Invention content:
Method for accessing external data: When the off-chain privacy computing node executes the off-chain contract called by the blockchain node in the trusted execution environment, it securely accesses the remote server data through the oracle.
Method steps: including generating an external data access request, encrypting and transmitting it to the oracle, receiving the encrypted external data request response, decrypting and completing the off-chain contract execution based on the response.
Data security and privacy protection: During the whole process, the data is processed in plain text in TEE to ensure efficient computing while protecting data privacy.
Oracle role:
Oracle function: Receive the encrypted external data access request of the off-chain privacy computing node, access the remote server, and return the encrypted external data request response.
Security mechanism: The oracle processes data in a trusted execution environment to ensure the security and reliability of data access and response.
Oracle cluster: In the oracle cluster scenario, the control node is responsible for receiving requests, allocating oracle nodes and forwarding responses to improve the fault tolerance and scalability of the system.
Encryption and decryption:
Data encryption: The off-chain privacy computing node uses the encryption public key of the oracle to encrypt external data access requests, and the oracle uses the public key of the off-chain node to encrypt external data request responses.
Data decryption: The receiver uses the corresponding private key to decrypt the data to ensure the security of the data transmission process.
Remote attestation:
Remote attestation process: The off-chain privacy computing node and the oracle verify each other's trusted execution environment through the remote attestation mechanism to ensure the credibility of both parties.
Attestation report: The remote attestation report is generated by the authentication server and contains relevant verification information of the TEE, which is used to prove the credibility of the TEE.
Access control and data format conversion:
Access control: The off-chain privacy computing node performs access control on external data access requests, such as IP address whitelist, field restrictions, etc.
Data format conversion: supports conversion between different data formats to ensure smooth interaction of data between off-chain privacy computing nodes and oracles.
Application scenarios and device implementation:
Application scenarios: This method is suitable for off-chain privacy computing scenarios in blockchain environments, and supports smart contracts to securely access external data during execution.
Device implementation: provides device implementation solutions for off-chain privacy computing nodes, oracles, oracles control nodes, and privacy computing nodes to ensure the feasibility and practicality of the technical solution.
The following are short-answer questions and answers designed based on the content of document WO2021184973A1:
Which technical field does this document mainly involve?
Answer: This document mainly involves the field of verifiable computing technology, especially the application of blockchain and privacy protection technology.
What are the problems with traditional privacy protection methods such as homomorphic encryption and zero-knowledge proof?
Answer: Although traditional privacy protection methods such as homomorphic encryption and zero-knowledge proof can achieve privacy protection, they will bring serious performance losses.
What role does the trusted execution environment (TEE) play in this technical solution?
Answer: The trusted execution environment (TEE) plays a role of hardware isolation in this technical solution, ensuring the security of data and code processed in the TEE, while avoiding complex cryptographic operations and improving computing efficiency.
Briefly describe the process of off-chain privacy computing nodes accessing external data.
Answer: When the off-chain privacy computing node executes the off-chain contract called by the blockchain node in the trusted execution environment, it generates an external data access request, which is encrypted and transmitted to the oracle; the oracle decrypts the request to access the remote server, generates an encrypted external data request response and returns it to the off-chain privacy computing node; the off-chain privacy computing node decrypts the response and completes the off-chain contract execution.
What role does the oracle play in this technical solution?
Answer: The oracle plays an intermediary role in this technical solution, responsible for receiving the encrypted external data access request from the off-chain privacy computing node, accessing the remote server to obtain data, and returning the encrypted external data request response to the off-chain privacy computing node.
What is the remote attestation mechanism? What role does it play in this technical solution?
Answer: The remote attestation mechanism is a process of verifying the credibility of the other party's trusted execution environment. In this technical solution, the off-chain privacy computing node and the oracle verify each other's TEE through a remote proof mechanism to ensure the credibility of both parties.
How is encryption and decryption applied in this technical solution?
Answer: In this technical solution, the off-chain privacy computing node uses the encryption public key of the oracle to encrypt the external data access request, and the oracle uses the public key of the off-chain node to encrypt the external data request response. The receiver uses the corresponding private key to decrypt the data to ensure the security of the data transmission process.
Briefly describe the working method of the oracle cluster.
Answer: In the oracle cluster, the control node is responsible for receiving the encrypted external data access request from the off-chain privacy computing node. After decryption, the oracle node is assigned to process according to the load balancing principle. The oracle node accesses the remote server and returns the encrypted external data request response to the control node, which is then encrypted and returned to the off-chain privacy computing node.
How does the off-chain privacy computing node control external data access?
Answer: The off-chain privacy computing node controls access to external data access requests through access control mechanisms such as IP address whitelists, field restrictions, and content restrictions to ensure that only requests that meet the requirements can be initiated.
What are the application scenarios of this technical solution?
Answer: This technical solution is applicable to off-chain privacy computing scenarios in the blockchain environment, supports smart contracts to securely access external data during execution, and has important technical value and practical application prospects.