Method and device for calling contracts

Method and device for calling contracts

Off-chain privacy computing nodes and contract calls:

Off-chain privacy computing nodes: responsible for receiving encrypted call requests, decrypting in the off-chain trusted execution environment, and executing the bytecode of the off-chain contract to complete privacy computing.

Call request content: contains the identification information of the off-chain contract and the information of the input data, which is used to instruct the off-chain privacy computing node how to execute the corresponding contract.

Trusted Execution Environment (TEE):

The role of TEE: Provide a trusted execution environment that is completely isolated from the outside to ensure the security and privacy of code and data during execution.

Implementation method: TEE can create enclave as a secure execution environment based on the security extension of CPU hardware, such as Intel SGX technology.

Encryption and decryption mechanism:

Encrypted transmission: The call request is encrypted during transmission to ensure the security of information when it is transmitted on and off the chain.

Combination of asymmetric encryption and symmetric encryption: The call request is encrypted using an asymmetric key and decrypted in the off-chain TEE using a symmetric key, taking into account both encryption efficiency and security.

Remote proof and verification:

Remote proof report: The off-chain privacy computing node generates a remote proof report, which is generated after verification by the authentication server and is used to prove the credibility of the off-chain TEE.

Verification process: The client confirms the credibility of the off-chain privacy computing node by verifying the signature and hash value in the remote proof report.

Execution and result feedback of off-chain contracts:

Execution engine: An execution engine (such as EVM, WASM virtual machine) is deployed in the off-chain TEE to execute the bytecode of the off-chain contract.

Result encryption and feedback: The off-chain privacy computing results are encrypted in the off-chain TEE and then fed back to ensure the security of the results.

Multiple calling methods:

Direct client call: The client directly sends an encrypted call request to the off-chain privacy computing node.

Blockchain node call: The blockchain node transmits the encrypted call request to the off-chain privacy computing node through the oracle mechanism.

Control node forwarding: In the off-chain privacy computing cluster, the control node is responsible for receiving the call request and forwarding it to the selected off-chain privacy computing node.

Application scenarios and advantages:

Application scenarios: Applicable to computing scenarios that require privacy protection, such as financial transactions, medical data processing, etc.

Advantages: By performing privacy computing off-chain, the on-chain resource consumption is reduced, and the computing efficiency and privacy protection level are improved.

Answers to short-answer questions:

What is the main function of the off-chain privacy computing node?

The main function of the off-chain privacy computing node is to receive encrypted call requests, decrypt these requests in the off-chain trusted execution environment, and call the pre-deployed off-chain contract bytecode according to the identification information in the request, execute the bytecode through the virtual machine deployed in the environment to complete the off-chain privacy computing, and finally encrypt and feedback the calculation results.

What is a trusted execution environment (TEE) and what role does it play in this method?

A trusted execution environment (TEE) is a trusted execution environment that is completely isolated from the outside world, which can ensure the security and privacy of code and data during execution. In this method, TEE is used to create an off-chain secure execution environment to protect the bytecode and input parameter data of the off-chain contract from external access and ensure the reliability of the calculation results.

Briefly describe the application of encryption and decryption mechanisms in this method.

In this method, encryption and decryption mechanisms are widely used in data transmission and storage. The call request is encrypted before transmission to ensure the security of information when it is transmitted on and off the chain. At the off-chain privacy computing node, asymmetric keys or combined with symmetric keys are used for decryption to ensure that only authorized nodes can access and process the data. The calculation results are also encrypted before feedback to protect the results from being viewed by unauthorized users.

What is the purpose of remote attestation and verification? How to achieve it?

The purpose of remote attestation and verification is to ensure the credibility of off-chain privacy computing nodes, that is, to confirm that the TEE environment on the node is secure and has not been tampered with. The implementation process includes the off-chain privacy computing node generating a remote attestation report, which is generated after verification by the authentication server and contains relevant information about the TEE. The client confirms the credibility of the off-chain privacy computing node by verifying information such as the signature and hash value in the report.

Briefly describe the execution process of the off-chain contract.

The execution process of the off-chain contract includes the following steps: First, the off-chain privacy computing node receives the encrypted call request and decrypts it in the off-chain trusted execution environment to obtain the identification information and input parameter data of the off-chain contract; then, the pre-deployed off-chain contract bytecode is called according to the identification information, and the bytecode is executed through the virtual machine deployed in the environment to complete the off-chain privacy calculation; finally, the calculation result is encrypted and the encrypted result is fed back to the requester in a specified manner.