基于SGX的区块链交易隐私安全保护方法

与传统支付方式相比，区块链具有去中心化和隐私保护的优势，但涉及轻量型客户端交易的隐私安全性和用户友好性时仍存在问题。为此，提出了一种可以为区块链交易过程提供隐私保护的系统——SGXTrans。SGXTrans在轻量型客户端的设计框架上运用因特尔的软件防护扩展（software guard executions，SGX）技术，将用户密钥、生成用户地址等密码学数据和操作以及区块链交易过程中敏感的隐私信息处理过程放置于SGX安全区加以保护。为了隐藏本地数据存储过程的数据访问模式，SGXTrans还引入了茫然随机访问机算法以防止隐私信息被恶意攻击者间接推断。基于现有区块链网络进行的实验结果表明：SGXTrans能在低于10%的性能开销下确保隐私安全性与用户友好性。

SGX-Based Approach for Blockchain Transactions Security and Privacy Protection

Compared to traditional payment, blockchain has the advantages of decentralization and privacy protection, while there are still issues with the privacy and security of transactions involving lightweight clients and with the user-friendliness of blockchain systems. This paper proposes SGXTrans, a system that can provide privacy protection for blockchain transaction. On the framework of lightweight clients, as SGXTrans creates a service, it uses Intel software guard extensions (SGX) to protect sensitive privacy information by putting them into the SGX enclave, including cryptographic data and operations such as the user key, the generation of user addresses, and the process of blockchain transactions. To hide the access patterns of local data storage processes, SGXTrans also introduces oblivious random access machine (ORAM) algorithm to prevent privacy information from being indirectly inferred by malicious attackers. Experiments based on the existing blockchain networks show that SGXTrans can provide better user-friendliness and higher security with a performance overhead less than 10%.