ConfidentialitySupportoverFinancialGradeconsortiumblockchain.pdf资源-CSDN文库

需积分: 50 43 浏览量 2020-08-21 18:59:59 上传评论收藏 2.7MB PDF 举报

资源推荐

资源详情

资源评论

Confidentiality Support over Financial Grade

Consortium Blockchain

Ying Yan, Changzheng Wei, Xuepeng Guo, Xuming Lu, Xiaofu Zheng, Qi Liu,

Chenhui Zhou, Xuyang Song, Boran Zhao, Hui Zhang, Guofei Jiang

Blockchain Platform Division, Ant Financial Services Group

ABSTRACT

Condentiality is an indispensable requirement in nancial

applications of blockchain technology, and supporting it

along with high performance and friendly programmability

is technically challenging. In this paper, we present a system

design called CONFIDE to support on-chain condentiality

by leveraging Trust Execution Environment (TEE). CON-

FIDE’s secure data transmission protocol and data encryp-

tion protocol, together with a highly ecient virtual machine

run in TEE, guarantee the condentiality in the life cycle of

a transaction from end to end. CONFIDE proposes a secure

data model along with an application-driven secure protocol

to guarantee data condentiality and integrity. Its smart con-

tract language extension oers users the exibility to dene

complex condentiality models. CONFIDE is implemented as

a plugin module to Antn Blockchain’s proprietary platform,

and can be plugged into other blockchain platforms as well

with its universal interface design. Nowadays, CONFIDE is

supporting millions of commercial transactions daily on con-

sortium blockchain running nancial applications including

supply chain nance [

], ABS, commodity provenance, and

cold-chain logistics.

CCS CONCEPTS

• Information systems → Distributed database trans-

actions; • Security and privacy → Access control.

KEYWORDS

Blockchain; Condentiality; Trusted Execution Environment

Permission to make digital or hard copies of all or part of this work for

personal or classroom use is granted without fee provided that copies are not

made or distributed for prot or commercial advantage and that copies bear

this notice and the full citation on the rst page. Copyrights for components

of this work owned by others than ACM must be honored. Abstracting with

credit is permitted. To copy otherwise, or republish, to post on servers or to

redistribute to lists, requires prior specic permission and/or a fee. Request

permissions from permissions@acm.org.

SIGMOD’20, June 14–19, 2020, Portland, OR, USA

ACM ISBN 978-1-4503-6735-6/20/06. .. $15.00

https://doi.org/10.1145/3318464.3386127

ACM Reference Format:

Ying Yan, Changzheng Wei, Xuepeng Guo, Xuming Lu, Xiaofu

Zheng, Qi Liu, Chenhui Zhou, Xuyang Song, Boran Zhao, Hui

Zhang, Guofei Jiang. 2020. Condentiality Support over Financial

Grade Consortium Blockchain. In Proceedings of the 2020 ACM SIG-

MOD International Conference on Management of Data (SIGMOD’20),

June 14–19, 2020, Portland, OR, USA. ACM, New York, NY, USA,

14 pages. https://doi.org/10.1145/3318464.3386127

1 INTRODUCTION

Blockchain is gaining technology adoption in nancial ser-

vices. Its transparency, traceability, immutability and ver-

iability features are valuable in multi-party business col-

laborations, such as Supply Chain Finance (SCF) [

]. In

SCF, nancial institutions make money lending conserva-

tively towards small and medium suppliers because of chal-

lenges in risk control. On the other hand, majority of small

and medium-sized rms’ suppliers are in need of aordable

nancing. With blockchain system as shown in Figure 1,

each pivotal step in the business process, such as creditwor-

thiness, purchase orders and invoices, payment history, is

timely consensused and cannot be tampered with. As the

blockchain records collectively verifable history, it enables

trading record assessment based on trustable data, hence

reduces counterparty risks that banks concern about.

Figure 1: Supply Chain Finance on Blockchain

Transaction condentiality is indispensable in blockchain

nancial applications on a shared ledger. In the example

of SCF, transactions from one bank should be strictly kept

condential and inaccessible without permission to other

banks.

Industry 4: Advanced Functionality

SIGMOD ’20, June 14–19, 2020, Portland, OR, USA

2227

A nancial transaction often involves execution of multi-

ple smart contracts, in the mean time requires low processing

latency. A exible and congurable condentiality model

is also necessary, for instance, a transaction can be cong-

ured as public or private, or part of a transaction output is

condential.

Many eorts have been taken to address the condential-

ity problem on blockchains. However, solving the conden-

tiality problem in nancial scenarios remains a challenge.

Solutions introduced in [

] are based on cryp-

tographic primitive zero knowledge proof. However, these

solutions suer from low performance and limited general-

ity. Trusted Execution Environment (TEE) such as Intel SGX

has been introduced in some blockchain systems to provide

data condentiality[

]. Microsoft CCF [

] proposes a

blockchain architecture to solve the performance problem

by loading all the key components into TEE. However, con-

sortium blockchain is usually designed with modularization

to adapt for dierent scenarios, for example, storage module

may be loosely coupled with computation and consensus

modules to allow users choose their own KV stores. Load-

ing all modules into TEE is often a hard choice in many

blockchains. Ekiden [

] is another related work. It ooads

smart contract computation from blockchain, and decouples

consensus module with computation module. The whole

contract states have to be loaded into TEE to guarantee the

data integrity before transaction execution. This works well

for simple and small smart contracts in public blockchains.

However, in our scenario, nancial service smart contracts

are complicated and have large bytesize with the state data,

for example, the total size of an SCF smart contract for one-

month execution can be larger than the SGX physical mem-

ory limit.

In this paper, we introduce a system to support on-chain

con

dentiality in



nancial gra

blockchain (CONFIDE) sce-

narios by leveraging TEE technology. CONFIDE has been

implemented as a plugin module to Antn Blockchain

. With

its open interface design, CONFIDE design can be easily

adopted by other blockchain platforms as well.

Our contributions are as follows:

•

We identify the blockchain condentiality require-

ments in nancial blockchain applications and pro-

pose a solution - CONFIDE, which provides the full

life cycle privacy protection of complex transactions

with high performance and easy-to-congure con-

dentiality models.

•

We introduce a condential primitive to support ne-

grained condentiality specications in smart contract

programming.

Antn Blockchain is a proprietary consortium blockchain designed by Ant

Financial Blockchain Platform Division.

•

We implement CONFIDE with multiple performance

optimizations. The production system is online and

hosting multiple nancial applications such as supply

chain nance, ABS issuing, commodity provenance,

and cold-chain logistics. Comprehensive evaluations

are conducted with real workloads and demonstrated

its eectiveness and eciency.

The rest of the paper is organized as follows: In Section

2, we present the preliminary introduction to blockchain,

trusted computing technology and the denition of blockchain

condentiality. Next, we propose our solution –CONFIDE

together with its architecture description in Section 3. The

condential smart contract language extension is proposed in

Section 4 which enables ne-grained condential model. Sec-

tion 5 introduces CONFIDE’s implementation and optimiza-

tion details followed by the evaluations with real workloads

in Section 6. Other related works are discussed in Section 7.

Finally, our work is concluded in Section 8.

2 PRELIMINARY

2.1 Transaction and Smart Contract

Traditionally, a contract exists as printed paper or a digital

copy of scan. Transaction, a business action based on con-

tract is often initiated and fullled with human involvement.

With blockchain technology, the contract can be composed

in a certain computer programming language and executed

automatically on blockchain nodes without human involve-

ment, e.g. depositing the money to an account once the pre-

dened condition is met. Such computer-based contract is

also known as smart contract. To some extent, the execution

of smart contract involves handling the input information

with programmed business logic, reaching consensus with

nodes and then uplifting the chain to a new state, a trans-

action is fullled during this process. In practice, the smart

contract is programmed in high level language and then com-

piled to native code or some sort of bytecode, resulting in

docker-based execution or virtual-machine-based execution,

respectively. The reason that avoids running smart contract

natively is mainly for the sake of the safety of the whole

blockchain platform. The pitfalls in smart contract should be

properly handled to avoid breaking the belonged platform.

We give out an informal denition about smart contract and

its related terminologies in blockchain context.

• Smart contract.

Smart contract is a piece of computer

code which can be executed in a specic environment

on blockchain system. A smart contract is composited

of method and data like a “Class” in object-oriented

programming language. The data of a contract is usu-

ally named as “state” in a smart contract’s context.

• Transaction.

Transactions are initiated from a client

to blockchain node, which are mainly composed of

Industry 4: Advanced Functionality

SIGMOD ’20, June 14–19, 2020, Portland, OR, USA

2228

account information and transaction input informa-

tion. Account information indicates the initiator ad-

dress and a contract address on blockchain. Trans-

action information contains smart contract method

along with values for its arguments. Note that dier-

ent from public blockchain, all the on-chain business

activities are encoded into smart contracts in a con-

sortium blockchain. The transactions we considered

are smart contract transactions which take actions on

smart contracts. Other transactions without accessing

a smart contract are not our focus.

2.2 Blockchain Virtual Machine

Based on the supported instruction set format, the virtual

machines can be classied into two kinds: the register-based

and the stack-based. The former is assuming the instruction

operands are either in register or in memory and hence more

hardware-related and can yield a better performance with

a sophisticated ne-tuning toolchain, while the latter is as-

suming the instruction operands are in a virtual stack and

hence hardware agnostic and very easy to implement(the

corresponding toolchain is simple as well). As for executing

smart contract in blockchain, it is much more important to

maintain the result consistency across the nodes in the net-

work. Thus the portable stack-based virtual machine is the

rst choice for the most cases. The Ethereum Virtual Ma-

chine (EVM)[

] is a typically stack based virtual machine

released by Ethereum project, using Solidity[

] as its pri-

mary programming language. It is known for its simplicity

and easy to use. One with few programming experience can

quickly come up with a DApp[

] in Solidity. Furthermore,

the EVM and Solidity are quite popular in academia because

it is good enough to support realistic application while easy

enough to be studied for eye-catching topics like security,

formal verication and etc. In general, the EVM has better

ecosystem for scenarios with less care on performance.

On the contrary, the WebAssembly (Wasm)[

] is target-

ing for a better performance. Its binary instruction format

is carefully designed to be hardware-agnostic yet hardware-

friend. This enables a Wasm virtual machine executes Wasm

program in a decent speed via interpreting or in a near-native

speed via JIT. More and more high level languages like C++,

Rust and Go can be compiled into Wasm. Compared to So-

lidity language used in EVM, those high level languages

allow users to program complicated business logic in smart

contract in a much more convenient way. The strength of

programming languages and the Wasm instruction format

make the Wasm-based virtual machine an ideal solution for

complicated performance-demanding applications.

2.3 Trusted Execution Environment

A Trusted Execution Environment (TEE)[

] is a secure area

in the processor and it can guarantee the condentiality and

integrity of the code and data inside. Intel Software Guard

Extensions (SGX)[

] is a widely used TEE implementation

based on Intel CPU. Intel SGX provides application level code

and data isolation, and guarantees data condentiality and

integrity in memory. The TEE of Intel SGX is an embedded

“enclave” inside Intel CPU. In the enclave, the code and data

are measured at the startup stage and the measurement is

signed into an attestation report based on a hardware-based

root of trust. The report can be veried to show the unmod-

ied enclave code logical, by which users can conrm the

security of enclave and provision the secret into the enclave

at runtime, which is called remote attestation protocol.

2.4 Blockchain Condentiality

Blockchain condentiality refers to sensitive information

that is broadcasted, veried and stored in a blockchain. Con-

dentiality on a blockchain is a mechanism to provide the

control of permissions to the parties hosting the blockchain

and users who can access the information on the blockchain.

The information on the blockchain which needs conden-

tiality support includes:

• Raw transaction

. The content of a raw transaction

contains most of the information of a business action.

The condentiality of a transaction from it entering

the network to its storage should be supported.

• Smart contract

. The smart contract code sometimes

is also sensitive. E.g.

parties have a smart contract

deployed on a blockchain hosted by

parties (

m < n

) .

The smart contract code should be kept private to

parties only. We should have the ability to support the

condentiality (congurable) of smart contract code,

runtime information and results.

• Storage

. The information on a blockchain’s storage

includes the raw transaction, smart contract states,

indexes, block headers and so on.

Based on the discussion in the above sections, to solve

the challenges of condentiality in nancial consortium

blockchain scenarios, the design of our proposed solution

follows the following four principles:

• Minimizing TCB in the enclave

. The importance of

minimizing the trusted computing base (TCB) comes

from two folds. One is for small attack interface, and

the other for the limited physical memory space of

SGX which currently is commercial available. In order

to minimize the TCB, we should minimize the compo-

nents to be put into the TEE.

• Loosely coupling with blockchain platform

. To

be optimized for dierent applications, consortium

Industry 4: Advanced Functionality

SIGMOD ’20, June 14–19, 2020, Portland, OR, USA

2229

剩余13页未读，继续阅读

评论收藏

内容反馈

链巨人

粉丝: 1w+
资源: 31

Confidentiality Support over Financial Grade consortium blockch...

最新资源

Confidentiality Support over Financial Grade consortium blockch...

Confidentiality Support over Financial Grade Consortium Blockchain

3GPP中的数据加密算法：f8算法

第13周-刘佳恒-工作日志1

SIGMOD 2009 全部论文（2。后12篇）

解决grade版本冲突

SIGMOD2010 best paper FAST 中文翻译与阅读报告

软件测试相关论文-英文原文82篇

NIST SP800-56A.pdf

NIST SP800-56Br2.pdf

Springer.The.Developer’s.Guide.to.Debugging.2008.pdf

NIST SP800-56Ar3.pdf

hyperledger-fabricdocs+Documentation+(Feb+19,+2018)-hyperledger(2018)（100+页完整文档）

NIST SP800-53A rev1.pdf

NIST SP800-21.pdf

NIST SP800-38C.pdf

NIST SP800-29.pdf

NIST SP800-52.pdf

NIST SP800-39.pdf

NIST SP800-98_RFID-2007.pdf

NIST SP800-88r1.pdf

NIST SP800-122.pdf

Cryptography - Wikipedia.pdf

5G MEC白皮书.pdf

JDK 1.8 64位.rar

SoftCnKiller2.54.zip（因为要下载码，弃用不更新了）

编译好的64位pycdc.exe(支持python3.10和python3.11)

常用3D点云数据免费下载.rar

工程伦理的期末考试题库

ISO26262标准(中文版)下载.pdf

最新资源