Design And Implementation Of A Confidential Computing Framework Based On Trusted Execution Environment

The total amount of data has been growing explosively across the world.As new applications based on data has gradually proven their value,data is treated as the new oil of the digital economy.Meanwhile,preserving ownership,right to use,privacy and right to share profitability of data has become a new research hotspot.Blockchain technology is an innovative solution for data management in a decentralized environment.Blockchain achieves trustworthy computing by putting all states on a ledger publicly through smart contracts.However,storing privacy or business secrets on a blockchain will inevitably damage confidentiality of data.Realizing confidential computing on top of blockchain is a key requirement in order to achieve further application of blockchain.Trusted execution environment(TEE)is a novel technology which can effectively protect data in use through isolation based on hardware.Towards confidential computing use cases,safety and access transparency are the core requirements that need to considered.For safety,computing of confidential data should be tamper-proof and invisible to anyone;For access transparency,developing a smart contract to access confidential data should be transparent to developers and as easy as writing an ordinary smart contract.To achieve confidential computing on blockchain,this thesis designs and implements a confidential computing framework,Teetract.First,Teetract provides a confidential contract executor based on TEE.With a secure key transmission and confidential data encryption/decryption mechanism,as well as supported by a toolchain designed for the smart contract engine,confidential data from multiple parties can be decrypted,used,and encrypted in the confidential contract executor,which satisfies the safety requirement for the framework.Also,Teetract provides a programming framework for writing confidential smart contracts for the confidential contract executor.Developers only need to make minimal changes to existing contracts to create confidential ones.Developers are enabled to annotate methods returning confidential data with configurable cryptographic algorithms,and transparently use the data in another annotated method,which satisfies the requirement for access transparency.The case studies and performance tests are conducted and show that the framework satisfies functional and performance requirements.