Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for processing blockchain data under a trusted execution environment (TEE). One of the methods includes receiving, by a blockchain node, a request to execute one or more software instructions in a TEE executing on the blockchain node; determining, by a virtual machine in the TEE, data associated with one or more blockchain accounts to execute the one or more software instructions based on the request; traversing, by the virtual machine, an internal cache hash table stored in the TEE to determine whether the data are included in the internal cache hash table; and in response to determining that the data is included in the internal cache hash table, executing, by the virtual machine, the one or more software instructions by retrieving the data from the internal cache hash table.

Abstract: Disclosed herein are methods, systems, and apparatus for securely executing smart contract operations in a trusted execution environment (TEE). One of the methods includes receiving, by a blockchain node participating in a blockchain network, a request to execute one or more software instructions in a service TEE hosted by the blockchain node, wherein the request is encrypted by a public key associated with the service TEE; decrypting the request with a first private key associated with the service TEE, wherein the first private key is paired with the public key; in response to decrypting the request, executing the one or more software instructions to produce an execution result; encrypting the execution result with a client encryption key associated with the service TEE to produce an encrypted result; and signing the encrypted result using a second private key associated with the TEE to produce a signed encrypted result.

Abstract: A computer-implemented method includes: in response to a first client device invoking a transaction with respect to a target smart contract, obtaining, by a blockchain node device in a blockchain, encrypted contract codes of the target smart contract; transmitting the encrypted contract codes of the target smart contract to a trusted execution environment; in response to determining that the target smart contract is not a managed smart contract, extracting a decryption key stored in the trusted execution environment, in which the decryption key corresponds to the encrypted contract codes of the target smart contract; decrypting the encrypted contract codes of the target smart contract; executing the decrypted contract codes of the target smart contract in the trusted execution environment; encrypting the execution result; and transmitting the encrypted execution result to the distributed ledgers of the blockchain for storage.

Abstract: Disclosed herein are methods, systems, and apparatus for securely executing smart contract operations in a trusted execution environment (TEE). One of the methods includes receiving, by a blockchain node participating in a blockchain network, a request to execute one or more software instructions in a service TEE hosted by the blockchain node, wherein the request is encrypted by a public key associated with the service TEE; decrypting the request with a first private key associated with the service TEE, wherein the first private key is paired with the public key; in response to decrypting the request, executing the one or more software instructions to produce an execution result; encrypting the execution result with a client encryption key associated with the service TEE to produce an encrypted result; and signing the encrypted result using a second private key associated with the TEE to produce a signed encrypted result.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for processing blockchain data under a trusted execution environment (TEE). One of the methods includes receiving, by a blockchain node, a request to execute one or more software instructions in a TEE executing on the blockchain node; determining, by a virtual machine in the TEE, data associated with one or more blockchain accounts to execute the one or more software instructions based on the request; traversing, by the virtual machine, a global state of a blockchain stored in the TEE to locate the data; and executing, by the virtual machine, the one or more software instructions based on the data.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for processing blockchain data under a trusted execution environment (TEE). One of the methods includes receiving, by a blockchain node, a request to execute one or more software instructions in a TEE executing on the blockchain node; determining, by a virtual machine in the TEE, data associated with one or more blockchain accounts to execute the one or more software instructions based on the request; traversing, by the virtual machine, an internal cache hash table stored in the TEE to determine whether the data are included in the internal cache hash table; and in response to determining that the data is included in the internal cache hash table, executing, by the virtual machine, the one or more software instructions by retrieving the data from the internal cache hash table.

Abstract: Disclosed herein are methods, systems, and apparatus, for securely executing smart contract operations in a trusted execution environment (TEE). One of the methods includes establishing, by a key management (KM) TEE of a KM node, a trust relationship with a plurality of KM TEEs in a plurality of KM nodes based on performing mutual attestations with the plurality of KM TEEs; initiating a consensus process with the plurality of KM TEEs for reaching consensus on providing one or more encryption keys to a service TEE of the KM node; in response to reaching the consensus with the plurality of KM TEEs, initiating a local attestation process with a service TEE in the KM node; determining that the local attestation process is successful; and in response to determining that the local attestation process is successful, providing one or more encryption keys to the TEE executing on the computing device.

Abstract: Technologies for hybrid acceleration of code include a computing device (100) having a processor (120), a field-programmable gate array (FPGA) (130), and an application-specific integrated circuit (ASIC) (132). The computing device (100) offloads a service request, such as a cryptographic request or a packet processing request, to the FPGA (130). The FPGA (130) performs one or more algorithmic tasks of an algorithm to perform the service request. The FPGA (130) determines one or more primitive tasks associated with an algorithm task and encapsulates each primitive task in a buffer that is accessible by the ASIC (132). The ASIC (132) performs the primitive tasks in response to encapsulation in the buffer, and the FPGA (130) returns results of the algorithm. The primitive operations may include cryptographic primitives such as modular exponentiation, modular multiplicative inverse, and modular multiplication.

Abstract: Disclosed herein are methods, systems, and apparatus, for securely executing smart contract operations in a trusted execution environment (TEE). One of the methods includes establishing, by a key management (KM) TEE of a KM node, a trust relationship with a plurality of KM TEEs in a plurality of KM nodes based on performing mutual attestations with the plurality of KM TEEs; initiating a consensus process with the plurality of KM TEEs for reaching consensus on providing one or more encryption keys to a service TEE of the KM node; in response to reaching the consensus with the plurality of KM TEEs, initiating a local attestation process with a service TEE in the KM node; determining that the local attestation process is successful; and in response to determining that the local attestation process is successful, providing one or more encryption keys to the TEE executing on the computing device.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for processing blockchain data under a trusted execution environment (TEE). One of the methods includes receiving, by a blockchain node, a request to execute one or more software instructions in a TEE executing on the blockchain node; determining, by a virtual machine in the TEE, data associated with one or more blockchain accounts to execute the one or more software instructions based on the request; traversing, by the virtual machine, an internal cache hash table stored in the TEE to determine whether the data are included in the internal cache hash table; and in response to determining that the data is included in the internal cache hash table, executing, by the virtual machine, the one or more software instructions by retrieving the data from the internal cache hash table.

Abstract: A computer-implemented method, non-transitory, computer-readable medium, and computer-implemented system are provided for data transmission in a trusted execution environment (TEE) system. The method can be executed by a thread on a TEE side of the TEE system. The method includes obtaining first data; calling a predetermined function using the first data as an input parameter to switch to a non-TEE side; obtaining a write offset address by reading a first address; obtaining a read offset address by reading a second address; determining whether a quantity of bytes of the first data is less than or equal to a quantity of writable bytes; if so, writing the first data into third addresses starting from the write offset address; updating the write offset address in the first address; and returning to the TEE side.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for providing blockchain-based data authorization. One of the methods includes receiving, by a blockchain node, a data acquisition transaction submitted by a data user for obtaining target data possessed by a data owner, determining, by the blockchain node, that the data user has obtained authorization of the target data, and executing, by the blockchain node, a smart contract invoked by the data acquisition transaction to issue an authorization token to the data user in response to determining that the data user has authorization of the target data, where the authorization token is sent to a privacy computing platform to indicate the privacy computing platform to obtain the target data and send one or more of the target data and a computational result of one or more predetermined computational operations performed based on the target data to the data user.

Abstract: One or more implementations of the present specification provide a blockchain-based data authorization method and apparatus. The method can include receiving, by a blockchain node, an authentication transaction submitted by a privacy computing platform, where the authentication transaction queries whether a data user has obtained authorization of target data possessed by a data owner, and in response to determining that the data user has obtained authorization of the target data, executing, by the blockchain node, a smart contract invoked by the authentication transaction to provide an authorization token to the privacy computing platform that instructs the privacy computing platform to obtain the target data, and send a computational result of one or more predetermined computational operations based on the target data to the data user.

Abstract: A computer-implemented method includes: in response to a first client device invoking a transaction with respect to a target smart contract, obtaining, by a blockchain node device in a blockchain, encrypted contract codes of the target smart contract; transmitting the encrypted contract codes of the target smart contract to a trusted execution environment; in response to determining that the target smart contract is not a managed smart contract, extracting a decryption key stored in the trusted execution environment, in which the decryption key corresponds to the encrypted contract codes of the target smart contract; decrypting the encrypted contract codes of the target smart contract; executing the decrypted contract codes of the target smart contract in the trusted execution environment; encrypting the execution result; and transmitting the encrypted execution result to the distributed ledgers of the blockchain for storage.

Abstract: Examples of a data transmission method and apparatus in TEE systems are described. One example of the method includes: obtaining first data; obtaining a write offset address by reading a first address; obtaining a read offset address by reading a second address; determining whether the number of bytes in the first data is less than or equal to the number of writable bytes, where the number of writable bytes is determined based on the write offset address and the read offset address, and each address corresponds to one byte; when the number of bytes in the first data is less than or equal to the number of writable bytes, writing the first data into third addresses starting from the write offset address; and updating the write offset address in the first address.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for providing blockchain-based data authorization. One of the methods includes receiving, by a blockchain node, a data acquisition transaction submitted by a data user for obtaining target data possessed by a data owner, determining, by the blockchain node, that the data user has obtained authorization of the target data, and executing, by the blockchain node, a smart contract invoked by the data acquisition transaction to provide one or more of the target data and a computational result of one or more predetermined computational operations performed based on the target data to the data user.

Abstract: One or more implementations of the present specification provide a blockchain-based data authorization method and apparatus. The method can include receiving, by a blockchain node, an authentication transaction submitted by a privacy computing platform, where the authentication transaction queries whether a data user has obtained authorization of target data possessed by a data owner, and in response to determining that the data user has obtained authorization of the target data, executing, by the blockchain node, a smart contract invoked by the authentication transaction to provide an authorization token to the privacy computing platform that instructs the privacy computing platform to obtain the target data, and send a computational result of one or more predetermined computational operations based on the target data to the data user.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for configuring a field programmable gate array (FPGA) based trusted execution environment (TEE) for use in a blockchain network. One of the methods includes storing a device identifier (ID), a first random number, and a first encryption key in a field programmable gate array (FPGA) device; sending an encrypted bitstream to the FPGA device, wherein the encrypted bitstream can be decrypted by the first key into a decrypted bitstream comprising a second random number; receiving an encrypted message from the FPGA device; decrypting the encrypted message from the FPGA device using a third key to produce a decrypted message; in response to decrypting the encrypted message: determining a third random number in the decrypted message; encrypting keys using the third random number; and sending the keys to the FPGA device.

Abstract: Technologies for demoting cache lines to a shared cache include a compute device with at least one processor having multiple cores, a cache memory with a core-local cache and a shared cache, and a cache line demote device. A processor core of a processor of the compute device is configured to retrieve at least a portion of data of a received network packet and move the data into one or more core-local cache lines of the core-local cache. The processor core is further configured to perform a processing operation on the data and transmit a cache line demotion command to the cache line demote device subsequent to having completed the processing operation. The cache line demote device is configured to perform a cache line demotion operation to demote the data from the core-local cache lines to shared cache lines of the shared cache. Other embodiments are described herein.

Abstract: Examples described herein provide for a first core to map a measurement of packet processing activity and operating parameters so that a second core can access the measurement of packet processing activity and potentially modify an operating parameter of the first core. The second core can modify operating parameters of the first core based on the measurement of packet processing activity. The first and second cores can be provisioned on start-up with a common key. The first and second cores can use the common key to encrypt or decrypt measurement of packet processing activity and operating parameters that are shared between the first and second cores. Accordingly, operating parameters of the first core can be modified by a different core while providing for secure modification of operating parameters.