Privacy Data Query Method for Blockchain Accounts
Glossary
Term DefinitionsBlockchain is a decentralized distributed ledger technology used to record transaction data, which has the characteristics of transparency, security, and immutability. Smart Contract is a piece of code deployed on the blockchain that can automatically execute pre-set rules and terms. Trusted Execution Environment (TEE) is a secure area provided in hardware that can protect the confidentiality and integrity of code and data. Privacy Data refers to data related to the user's personal identity or sensitive information, which requires special protection. Query Permission refers to the setting of whether the user has the right to view specific privacy data. Blockchain Node is a participant in the blockchain network, responsible for verifying and storing transaction data. Transaction is an operation on the blockchain, such as transferring money, calling smart contracts, etc. Transaction ID is an identifier used to uniquely identify a transaction, usually the hash value of the transaction. Initiator refers to the user who initiates a transaction. Querier refers to the user who queries privacy data. Digital Envelope is an encryption method that combines symmetric encryption and asymmetric encryption to protect the confidentiality of data. Historical Transaction refers to transactions that have occurred and are recorded on the blockchain. Business Contract refers to a smart contract used to implement specific business logic. Transaction Receipt records the results of transaction execution, such as whether the transaction is successful, the gas value consumed, etc. Account Attribute Information refers to information related to user accounts, such as account balance, account status, etc. Contract Code refers to the code of the smart contract. Contract State Data refers to the data generated by the smart contract during execution. Whitelist refers to a list of users who are allowed to access specific resources. Query Condition refers to the conditions that users need to meet to query private data. Distribution Contract is a special smart contract used to distribute query transactions to corresponding business contracts. Permission Control Code is a code defined in a business contract to control the query permission of private data. Contract Address Unique identifier of smart contracts on the blockchain. SGX (Software Guard Extensions) A TEE technology introduced by Intel that can create an encrypted trusted execution area in memory. Enclave An encrypted trusted execution area provided in SGX, also known as an enclave.
Short answer questions
Briefly describe the privacy and performance challenges faced by blockchain technology, and explain the shortcomings of traditional encryption technology.
Explain how the trusted execution environment (TEE) solves the privacy problem of blockchain, and list some mainstream TEE solutions.
In the blockchain, how to use digital envelope technology to protect the privacy of transactions?
Why does the traditional transaction receipt storage method lack privacy protection, and how to improve it?
Explain how to set the query permission of private data in the blockchain account structure.
How to use the whitelist mechanism to control the access rights to private data?
How to use the query condition mechanism to control the access rights to private data?
Briefly describe how SGX technology ensures the security of data in TEE.
Explain the role of the distribution contract in the private data query process.
How to implement permission control for private data in business contracts?
Answer
Blockchain technology faces the dual challenges of privacy and performance. Traditional encryption technologies such as homomorphic encryption and zero-knowledge proof have problems such as high complexity, poor versatility and severe performance loss, making it difficult to meet privacy and performance requirements at the same time.
Trusted Execution Environment (TEE) solves the blockchain privacy problem by creating a secure area in hardware to protect code and data from external access. Mainstream TEE solutions include Intel SGX, ARM Trustzone and AMD PSP.
Use digital envelope technology to protect transaction privacy. First, use a symmetric encryption algorithm to encrypt the transaction content, and then use the public key of an asymmetric encryption algorithm to encrypt the symmetric key to form a digital envelope to ensure that only users with private keys can decrypt the transaction content.
The traditional transaction receipt storage method stores all data in plain text and lacks privacy protection. The improvement method is to encrypt and store only sensitive data, and other non-sensitive data can be selected to be public or protected by other methods.
Existing fields can be extended or new fields can be added in the blockchain account structure to record the query permissions set by users, such as using the Code field or adding a permission field to record the query permissions.
Users can configure a whitelist in their blockchain account. Only users in the whitelist are allowed to query the user's private data, thereby achieving access control over private data.
Users can set query conditions for private data in their blockchain account, such as credit score, team, etc. Only users who meet the query conditions are allowed to query the corresponding private data.
SGX technology creates an encrypted trusted execution area (enclosure) in memory and uses the encryption engine inside the CPU to encrypt data. Only after entering the enclosure will it be decrypted into plain text, thereby ensuring data security.
The distribution contract can identify query transactions and distribute query transactions to corresponding business contracts based on the information contained in the query transaction, thereby achieving permission control for different types of private data.
In the business contract, permission control codes can be defined. For example, according to the identity information of the query party, the initiator information of historical transactions, etc., it is determined whether the query party has query permission and returns the corresponding query results.
Discussion question
Discuss in detail the method of using TEE technology to protect private data in blockchain, and analyze its advantages and disadvantages.
Explore how to design a private data query mechanism based on blockchain accounts to meet the needs of different application scenarios, and analyze its implementation difficulties.
Compare and contrast the privacy data access control mechanisms based on whitelist and query conditions, and analyze their applicable scenarios.
Explore how to apply distribution contracts to more complex privacy data query scenarios, such as privacy data sharing involving multiple parties.
Analyze the security risks that may exist in the process of blockchain privacy data query, and propose corresponding preventive measures.