基于SGX的区块链交易隐私安全保护方法

doi:10.3969/j.issn.0255-8297.2021.01.002

应用科学学报 ›› 2021, Vol. 39 ›› Issue (1): 17-28.doi: 10.3969/j.issn.0255-8297.2021.01.002

• 区块链 • 上一篇

基于SGX的区块链交易隐私安全保护方法

范俊松¹, 陈建海¹, 沈睿¹, 刘振广³, 何钦铭¹, 黄步添^1,2

1. 浙江大学计算机科学与技术学院, 浙江杭州 310027;
2. 杭州云象网络技术有限公司, 浙江杭州 310012;
3. 浙江工商大学计算机与信息工程学院, 浙江杭州

收稿日期:2020-11-12 发布日期:2021-02-04
通信作者: 陈建海,副教授,研究方向为区块链安全。E-mail:chenjh919@zju.edu.cn E-mail:chenjh919@zju.edu.cn
基金资助:
国家重点研发计划基金（No.2017YFB1401304）；浙江省重点研发计划基金（No.2019C01055）资助

SGX-Based Approach for Blockchain Transactions Security and Privacy Protection

FAN Junsong¹, CHEN Jianhai¹, SHEN Rui¹, LIU Zhenguang³, HE Qinming¹, HUANG Butian^1,2

1. College of Computer Science and Technology, Zhejiang University, Hangzhou 310027, Zhejiang, China;
2. Hangzhou Yunphant Network Technology Co. Ltd., Hangzhou 310012, Zhejiang, China;
3. School of Computer and Information Engineering, Zhejiang Gongshang University, Hangzhou 310018, Zhejiang, China

Received:2020-11-12 Published:2021-02-04

摘要/Abstract

摘要： 与传统支付方式相比，区块链具有去中心化和隐私保护的优势，但涉及轻量型客户端交易的隐私安全性和用户友好性时仍存在问题。为此，提出了一种可以为区块链交易过程提供隐私保护的系统——SGXTrans。SGXTrans在轻量型客户端的设计框架上运用因特尔的软件防护扩展（software guard executions，SGX）技术，将用户密钥、生成用户地址等密码学数据和操作以及区块链交易过程中敏感的隐私信息处理过程放置于SGX安全区加以保护。为了隐藏本地数据存储过程的数据访问模式，SGXTrans还引入了茫然随机访问机算法以防止隐私信息被恶意攻击者间接推断。基于现有区块链网络进行的实验结果表明：SGXTrans能在低于10%的性能开销下确保隐私安全性与用户友好性。

关键词: 区块链, 可信执行环境, 软件防护扩展, 隐私和安全

Abstract: Compared to traditional payment, blockchain has the advantages of decentralization and privacy protection, while there are still issues with the privacy and security of transactions involving lightweight clients and with the user-friendliness of blockchain systems. This paper proposes SGXTrans, a system that can provide privacy protection for blockchain transaction. On the framework of lightweight clients, as SGXTrans creates a service, it uses Intel software guard extensions (SGX) to protect sensitive privacy information by putting them into the SGX enclave, including cryptographic data and operations such as the user key, the generation of user addresses, and the process of blockchain transactions. To hide the access patterns of local data storage processes, SGXTrans also introduces oblivious random access machine (ORAM) algorithm to prevent privacy information from being indirectly inferred by malicious attackers. Experiments based on the existing blockchain networks show that SGXTrans can provide better user-friendliness and higher security with a performance overhead less than 10%.

Key words: blockchain, trust execution environment, software guard executions (SGX), privacy and security

中图分类号:

TP309.2

范俊松, 陈建海, 沈睿, 刘振广, 何钦铭, 黄步添. 基于SGX的区块链交易隐私安全保护方法[J]. 应用科学学报, 2021, 39(1): 17-28.

FAN Junsong, CHEN Jianhai, SHEN Rui, LIU Zhenguang, HE Qinming, HUANG Butian. SGX-Based Approach for Blockchain Transactions Security and Privacy Protection[J]. Journal of Applied Sciences, 2021, 39(1): 17-28.

参考文献

[1] Nakamoto S. Bitcoin:a per-to-per electronic cash system[EB/OL].[2020-06-20]. https://bitcoin.org/bitcoin.pdf, 2008.
[2] Vitalik B, Gavin W. Ethereum[EB/OL].[2020-06-20]. https://www.ethereum.org/.
[3] Brian B. Hyperledger Fabric[EB/OL].[2020-06-20]. https://www.hyperledger.org/use/fabric.
[4] Hearn M, Corallo M. Connection bloom filtering[EB/OL].[2020-06-20]. https://github.com/bitcoin/bips/blob/master/bip-0037.mediawiki.
[5] Osuntokun O, Akselrod A, Posen J. Client side block filtering[EB/OL].[2020-06-20]. https://github.com/bitcoin/bips/blob/master/bip-0157.mediawiki.
[6] Matetic S, Wüst K, Schneider M, et al. BITE:Bitcoin lightweight client privacy using trusted execution[C]//The 28th USENIX Security Symposium, 2019:783-800.
[7] Gervals A, Capkun S, Karame G, et al. On the privacy provisions of bloom filters in lightweight Bitcoin clients[C]//Proceedings of the 30th Annual Computer Security Applications Conference, 2014:326-335.
[8] Wuille P. Hierarchical deterministic wallets[EB/OL].[2020-06-20]. https://github.com/bitcoin/bips/wiki/Comments:BIP-0032.
[9] Costan V, Devadas S. Intel SGX explained[J]. Cryptology ePrint Archive, 2016(86):1-118.
[10] Goldreich O, Ostrovsky R. Software protection and simulation on oblivious rams[J]. Journal of the ACM, 1996, 43(3):431-473.
[11] Chang Z, Xie D, Li F. Oblivious RAM:a dissection and experimental evaluation[J]. Proceedings of the Very Large Data Bases Endowment, 2016, 9(12):1113-1124.
[12] Stefanov E, Van D M, Shi E, et al. Path ORAM:an extremely simple oblivious RAM protocol[C]//ACM Conference on Computer and Communications Security, 2013:299-310.
[13] Mishra P, Poddar R, Chen J, et al. Oblix:an efficient oblivious search index[C]//Proceedings of the 39th IEEE Symposium on Security and Privacy, 2018:279-296.
[14] Sasy S, Gorbunov S, Letcher C. ZeroTrace:oblivious memory primitives from Intel SGX[C]//Network and Distributed System Security Symposium, 2018(42):1-15.
[15] Ahmad A, Kim K, Sarfaraz M I, et al. OBLIVIATE:a data oblivious file system for Intel SGX[C]//Network and Distributed System Security Symposium, 2018(84):1-15.
[16] Huang B, Zhou F, Liu Z, et al. VNTChain[EB/OL].[2020-06-20]. http://www.vntchain.io/.

基于SGX的区块链交易隐私安全保护方法

SGX-Based Approach for Blockchain Transactions Security and Privacy Protection

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

本文评价

[1]	赵颖琪, 朱雪阳, 李广元, 高雅, 包玉龙. 带时间约束的智能合约验证[J]. 应用科学学报, 2021, 39(1): 1-16.
[2]	方俊杰, 雷凯. 面向边缘人工智能计算的区块链技术综述[J]. 应用科学学报, 2020, 38(1): 1-21.
[3]	何正源, 段田田, 张颖, 张瀚文, 孙毅. 物联网中区块链技术的应用与挑战[J]. 应用科学学报, 2020, 38(1): 22-33.
[4]	李忠诚, 黄建华, 唐瑞琮, 胡庆春, 夏旭. 一种基于权益代表的可扩展共识协议[J]. 应用科学学报, 2020, 38(1): 51-64.
[5]	邹秀清, 罗得寸, 林平, 沈世平, 谢振平, 王玉珏, 丁勇. 基于区块链的河长制水质信息存证系统[J]. 应用科学学报, 2020, 38(1): 65-80.
[6]	苑陈娟, 孙国梓, 李华康, 王纪涛. 牌类游戏可信存证链系统[J]. 应用科学学报, 2020, 38(1): 81-92.
[7]	江云超, 何小卫, 崔一举. 区块链节点存储优化方案[J]. 应用科学学报, 2020, 38(1): 119-126.
[8]	潘恒, 潘磊, 姚中原, 斯雪明. 一种病人可控的电子病历安全访问方案[J]. 应用科学学报, 2020, 38(1): 127-138.
[9]	佘维, 陈建森, 顾志豪, 田钊, 徐力, 刘炜. 基于区块链的物联网节点位置隐私保护模型[J]. 应用科学学报, 2020, 38(1): 139-151.
[10]	雷凯, 黄硕康, 方俊杰, 黄济乐, 谢英英, 彭波. 智能生态网络:知识驱动的未来价值互联网基础设施[J]. 应用科学学报, 2020, 38(1): 152-172.
[11]	张利华, 胡方舟, 黄阳, 万源华, 李晶晶. 基于联盟链的微电网身份认证协议[J]. 应用科学学报, 2020, 38(1): 173-183.
[12]	张逸飞, 曹少中, 祁德力, 王亮, 杨彦红. 基于区块链的图书侵权记录存证平台[J]. 应用科学学报, 2020, 38(1): 184-196.
[13]	任鹏, 徐晶晶, 王意, 马小峰. 基于区块链和车联网的汽车租赁联盟的研究与实现[J]. 应用科学学报, 2019, 37(6): 851-858.
[14]	范贤丽, 范春晓, 吴岳辛. 基于区块链和IPFS技术实现粮食供应链隐私信息保护[J]. 应用科学学报, 2019, 37(2): 179-190.
[15]	李博, 郑博, 郭子阳, 王宏志. 区块链技术在金融方向应用的发展及展望[J]. 应用科学学报, 2019, 37(2): 151-163.