Method and device for deploying contracts
Method for deploying contracts:
Method overview: A method for deploying contracts on off-chain privacy computing nodes is proposed, which includes obtaining remote attestation reports, encrypting and transmitting contract bytecodes to off-chain privacy computing nodes, and decrypting and deploying contract bytecodes in an off-chain trusted execution environment.
Remote attestation report: generated by the authentication server after verifying the self-recommendation information generated by the off-chain privacy computing node, used to confirm the credibility of the off-chain privacy computing node.
Encrypted transmission: After confirming that the off-chain privacy computing node is credible, the client encrypts and transmits the contract bytecode to the node to ensure privacy security during data transmission.
Off-chain trusted execution environment (TEE):
TEE definition: TEE is a trusted execution environment based on CPU hardware security extensions that is completely isolated from the outside, in which code can be securely executed and data can be processed.
Intel SGX technology: Taking Intel SGX as an example, the off-chain privacy computing node creates an enclave as a TEE, and protects the data in the enclave through the memory encryption engine inside the CPU, ensuring that only the CPU core can decrypt and execute the code and data therein.
Oracle mechanism:
Oracle definition: The oracle mechanism is used to exchange data between the blockchain network and the off-chain environment to achieve information transmission between the chain and the off-chain.
Data transmission: The client can challenge or deploy contract requests to the off-chain privacy computing node through the blockchain network. The blockchain node transmits these requests to the off-chain privacy computing node through the oracle mechanism and feeds back the execution results to the blockchain node.
Cluster management of off-chain privacy computing nodes:
Cluster definition: Off-chain privacy computing nodes can form a cluster and be managed uniformly through the control node.
Cluster identity: All off-chain privacy computing nodes in the cluster can share a unified cluster identity, which makes it easier for the client to interact with the cluster through a single interface to achieve parallel deployment and load balancing of contracts.
Deployment and execution of contracts:
Deployment process: After obtaining the remote proof report and confirming that the off-chain privacy computing node is credible, the client transmits the encrypted contract bytecode to the off-chain privacy computing node, and the node decrypts and deploys the contract in the TEE.
Execution process: When a blockchain node calls an off-chain contract through the oracle mechanism, the contract is executed in the off-chain TEE, and the execution result is fed back to the blockchain node through the oracle mechanism and recorded on the blockchain.
Security and efficiency:
Security: Through remote proof, encrypted transmission and TEE technology, the credibility of off-chain privacy computing nodes and the security of the computing process are ensured to prevent data leakage.
Efficiency: The computing tasks that originally need to be executed on all blockchain nodes are transferred to off-chain privacy computing nodes, reducing on-chain resource consumption and improving computing efficiency.
Implementation and device:
Implementation description: The document provides multiple implementations, which describe in detail the specific steps and interaction methods of the client, off-chain privacy computing nodes, blockchain nodes and control nodes in the process of deploying contracts.
Device architecture: The device architecture for deploying contracts is proposed, including a verification unit, a deployment unit, a report providing unit, a contract receiving unit, etc., which are used to implement the various functional modules in the above method.
Short answer to the question:
What is an off-chain privacy computing node?
Off-chain privacy computing nodes refer to computing nodes located outside the blockchain network. They securely perform computing tasks and process data by creating an off-chain trusted execution environment (TEE). These nodes can complete complex computing logic without exposing sensitive data, ensuring privacy protection.
What is the role of remote attestation reports?
Remote attestation reports are generated by the authentication server to verify the credibility of off-chain privacy computing nodes. The report is based on the self-recommendation information generated by the off-chain privacy computing node and is generated after verification by the authentication server. The client can use the report to confirm whether the off-chain privacy computing node is trustworthy, so as to safely interact with it and deploy contracts.
What is the oracle mechanism?
The oracle mechanism is a mechanism for data interaction between the blockchain network and the off-chain environment. It allows blockchain nodes to transmit on-chain requests (such as challenges or contract deployment requests) to the off-chain environment through oracle contracts, and feedback the off-chain execution results to the blockchain network. The oracle mechanism realizes the information bridging between on-chain and off-chain to ensure the trusted transmission of data.
How does the off-chain trusted execution environment (TEE) protect data security?
The off-chain trusted execution environment (TEE) provides an execution environment that is completely isolated from the outside through a security extension based on CPU hardware. The code and data executed in the TEE are protected and cannot be accessed by the operating system or other privileged software. Taking Intel SGX technology as an example, the data and code in the TEE are encrypted by the memory encryption engine inside the CPU to ensure that only the CPU core can decrypt and execute the content, thereby protecting data security.
What are the main steps in the method of deploying a contract?
The method of deploying a contract mainly includes the following steps: First, the client obtains a remote proof report for the off-chain privacy computing node and confirms that the node is trustworthy; then, the client encrypts the bytecode of the contract and transmits it to the off-chain privacy computing node; then, the off-chain privacy computing node decrypts the bytecode in the off-chain trusted execution environment and deploys the contract; finally, when the blockchain node initiates a call to the off-chain contract through the oracle mechanism, the deployed bytecode is executed in the off-chain trusted execution environment, and the execution result is fed back to the blockchain node through the oracle mechanism.