摘要:区块链技术将搭建完全可信任的互联网，使得“信息互联网”逐步迈向“价 值互联网”，实现真正意义上的万物互联。本报告分为八章，从区块链技术的起 源发展、全球区块链生态、国内区块链技术的布局、江苏省区块链产业情况和案 例、区块链技术发展的瓶颈等方面来进行描述，还原目前最为真实的区块链技术 的发展情况。

摘要:We present HotStuff, a leader-based Byzantine fault-tolerant replication protocol for the partially synchronous model. Once network communication becomes synchronous, HotStuff enables a correct leader to drive the protocol to consensus at the pace of actual (vs. maximum) network delay--a property called responsiveness--and with communication complexity that is linear in the number of replicas. To our knowledge, HotStuff is the first partially synchronous BFT replication protocol exhibiting these combined properties. HotStuff is built around a novel framework that forms a bridge between classical BFT foundations and blockchains. It allows the expression of other known protocols (DLS, PBFT, Tendermint, Casper), and ours, in a common framework. Our deployment of HotStuff over a network with over 100 replicas achieves throughput and latency comparable to that of BFT-SMaRt, while enjoying linear communication footprint during leader failover (vs. quadratic with BFT-SMaRt).

摘要:针对物联网中设备资源受限、连接数量大、动态性强等特点，传统的集中式访问控制技术已不完 全适用，如何在物联网环境中实现安全高效的访问控制授权成为亟待解决的关键问题．对此，提出一种 基于层级区块链的物联网分布式体系架构（ｄｉｓｔｒｉｂｕｔｅｄ　ａｒｃｈｉｔｅｃｔｕｒｅ　ｂａｓｅｄ　ｏｎ　ｈｉｅｒａｒｃｈｉｃａｌ　ｂｌｏｃｋｃｈａｉｎ　ｆｏｒ Ｉｎｔｅｒｎｅｔ　ｏｆ　ｔｈｉｎｇｓ，ＤＡＨＢ）．在该架构中以基于属性的访问控制（ａｔｔｒｉｂｕｔｅ－ｂａｓｅｄ　ａｃｃｅｓｓ　ｃｏｎｔｒｏｌ， ＡＢＡＣ）模型为基础，采用智能合约的方式实现对物联网设备基于属性的域内和跨域的灵活、动态、自动 化的访问控制．同时，在属性度量中增加信任值与诚实度动态评估不同域间和设备间的信任关系，保证实体能够履行合约的信用能力和稳定性．理论分析和实验结果表明：该方案比现有方案更有效解决物联 网访问控制中存在的轻量级、灵活性、细粒度和安全性问题．

摘要:使用基于区块链智能合约的物联网数据资产化方法解决物联网系统中个人数据难以确权、数据资产的量 化跟踪和价值转移无法高效完成等问题. 借助区块链数字指纹将数据所有权和控制权从设备生产商转移至用 户，为个人数据确权；通过全生命周期管理和数字签名等技术，将设备状态和数据哈希值存储至区块链，保证数 据的可靠性；使用智能合约构建去第三方数据交易平台，保证数据共享的安全性，便捷地完成数据变现和数据价 值转移. 攻击可能性和攻击成功概率的量化分析结果表明，区块链智能合约技术可以为数据提供防篡改性，消除 数据交易过程中的信任问题. 借助区块链智能合约技术能够初步实现物联网数据的资产化，促进物联网设备的 数据价值转移和共享.

摘要:This paper describes BigchainDB. BigchainDB fills a gap in the decentralization ecosystem: a decentralized database, at scale. It points to performance of 1 million writes per second throughput, storing petabytes of data, and sub-second latency. The BigchainDB design starts with a distributed database (DB), and through a set of innovations adds blockchain characteristics: decentralized control, immutability, and creation & movement of digital assets. BigchainDB inherits characteristics of modern distributed databases: linear scaling in throughput and capacity with the number of nodes, a fullfeatured NoSQL query language, efficient querying, and permissioning. Being built on an existing distributed DB, it also inherits enterprise-hardened code for most of its codebase.

摘要:区块链即服务（BaaS）平台的核心在于如何将区块链网络部署在云计算平台上。Fabric部署可以按照组 件启动时间分为静态组件和动态链码两部分，链码部署是 Fabric 云化最核心、最复杂的部分。Fabric 本身没有针对 Kubernetes开发接口，所以业界当前的方案均是通过一系列辅助技术实现链码部署的，但这些方案并没有将链码随静 态组件一起纳入到 Kubernetes管理环境中。针对当前 BaaS方案的问题，主要做了如下几项工作：1）比较全面地研究 了底层基础设施，尤其是生产环境下Kubernetes平台的高可用；2）设计并实现了Fabric在Kubernetes上的云化部署，尤 其是链码部分，通过一个全新的容器控制插件，实现了对 Kubernetes 在代码级别上的支持，完成了将链码纳入 Kubernetes环境管理的目标；3）探索函数计算服务管理Fabric链码，实现了一个全新的链码执行模式：从“启动-等待- 调用-等待”的模式改变为“启动-调用-退出”的模式。本文在Fabric云化部署尤其是链码部署管理方面的工作，对基于 Fabric和Kubernetes的BaaS平台优化，有一定的参考价值。

摘要:Smart contracts enable the creation of decentralized applications which often handle assets of large value. These decentralized applications are frequently built on multiple interacting contracts. While the underlying platform ensures the correctness of smart contract execution, today developers continue struggling to create functionally correct contracts, as evidenced by a number of security incidents in the recent past. Even though these incidents often exploit contract interaction, prior work on smart contract verification, vulnerability discovery, and secure development typically considers only individual contracts. This paper proposes an approach for the correct-by-design development and deployment of multiple interacting smart contracts by introducing a graphical notation (called deployment diagrams) for specifying possible interactions between contract types. Based on this notation, it later presents a framework for the automated verification, generation, and deployment of interacting contracts that conform to a deployment diagram. As an added benefit, the proposed framework provides a clear separation of concerns between the internal contract behavior and contract interaction, which allows one to compositionally model and analyze systems of interacting smart contracts efficiently.

摘要:Smart contracts on a blockchain behave exactly as specified by their code. To be sure that a smart contract behaves as expected, the end-user has to either analyze its code or trust a potentially anonymous developer or auditor to do so. This approach proposes a smart contract deployment and management platform that can execute development tools and code quality tools in a trusted way and uses this to reduce the trust required into the smart contract developer or auditor. Additionally, such a platform can provide new capabilities for developers aiding them in the creation of smart contracts.

摘要:Ethereum is still the most prominent platform for smart contracts. For the deployment of contracts on its blockchain, the so-called deployment code is executed by Ethereum’s virtual machine. As it turns out, deployment code can do a lot more than merely deploying a contract. This paper identifies less-anticipated uses of contract deployment in Ethereum by analyzing the available blockchain data. In particular, we analyze the specifics of deployment code used beyond actually deploying a contract in a quantitative and qualitative manner. To this end, we identify code patterns in deployment code by distilling recurring code skeletons from all external transactions and internal messages that contain deployment code. Tracking the use of these patterns reveals a set of vulnerabilities in contracts targeted by skillfully crafted deployment code. We summarize the encountered exploitative cases of collateral use of deployment code and report respective quantities. Example scenarios illustrate the recent usage. Collateral use of deployment code starts to appear in the middle of 2018 and becomes dominant among contract creations in autumn of 2018. We intend to raise awareness about the less obvious uses of deployment code and its potential security issues.

摘要:Hyperledger Fabric (HLF) is a modular and extensible permissioned blockchain platform. The platform’s design exhibits principles required by enterprise-grade business applications, such as supply chains, financial transactions, asset management, etc. For that end, HLF introduces several innovations, two of which are smart contracts in general-purpose languages (chaincode in HLF), and flexible endorsement policies, which govern whether a transaction is considered valid. Typical blockchain applications comprise two tiers: The “platform” tier defines the data schema and embedding of business rules by means of chaincode and endorsement policies; the “client-side” tier uses the HLF software development kit (SDK) to implement client application logic. The client side should be aware of the deployment address of chaincode and endorsement policies within the platform. In past releases, this was statically configured into the client side. As of HLF v1.2, a new feature called service discovery, presented in this paper, provides APIs that allow dynamic discovery of the configuration required for the client SDK to interact with the platform. This enables the client to rapidly adapt to changes in the platform, thus improving the reliability of the application layer and making the HLF platform more consumable.

摘要:区块链是一种全新的分布式基础架构与计算范式，利用有序的链式数据结构存储数据，利用 共识算法更新数据，利用密码学技术保障数据安全。区块链2． 0 的最大特性就是引入了智能合约， 可以基于其架构开发各种用途的区块链应用。智能合约是一种计算机协议，能够以信息化方式传 播、验证或执行合同，这些交易在没有可信第三方情况下执行、可追踪且不可逆转。但目前智能合 约存在各种各样的安全和隐私保护问题，为用户带来严重的经济损失和困扰。文中分析了智能合 约安全挑战与隐私威胁，整理了智能合约中安全与隐私保护关键技术，最后给出了智能合约未来的 研究方向。

摘要:区块链技术的核心特征是“去中心化”和“去信任化”，作为分布式总账技术、智能合约基础平台、 分布式新型计算范式，可以有效构建可编程货币、可编程金融和可编程社会，势必将对金融及其他领域 带来深远影响，并驱动新一轮技术变革和应用变革．但是区块链技术在提高效率、降低成本、提高数据安全性的同时，也面临严重的隐私泄露问题，得到研究者的广泛关注．将介绍区块链技术架构，定义区块链 技术中身份隐私和交易隐私的概念，分析区块链技术在隐私保护方面存在的优势和不足，并分类描述现 有研究中针对区块链隐私的攻击方法，例如交易溯源技术和账户聚类技术；然后详细介绍针对区块链网 络层、交易层和应用层的隐私保护机制，包括网络层恶意节点检测和限制接入技术、区块链交易层的混 币技术、加密技术和限制发布技术，以及针对区块链应用的防御机制；最后，分析了现有区块链隐私保护 技术存在的缺陷，展望了未来发展方向．此外，还讨论针对恶意使用区块链技术的监管方法．

摘要:In this paper, we consider the problem of fair scheduling of transactions of multiple types that are submitted to a permissioned blockchain system. Permissioned blockchains are being increasingly used for enterprise applications and by design are heterogeneous in nature, with different peer organizations performing different business functions. Transactions execute different smart contract operations that may have widely varying business importance. In such a setting, we argue that the typically adopted FirstIn-First-Out ordering mechanism for transactions in a blockchain system, which is a performance-limited resource, is inefficient and unfair. We propose a weighted fair queueing strategy for ordering transactions that can support differentiated quality of service for submitted transactions on the blockchain. The main challenge we address in this paper is to support fair allocation and differentiation in a decentralized manner, as there is no single authority that can facilitate this as in traditional systems. We demonstrate such a fair scheduling strategy and support multiple transaction types with different priorities on Hyperledger Fabric

摘要:Hyperledger Fabric is a “permissioned” blockchain architecture, providing a consistent distributed ledger, shared by a set of “peers.” As with every blockchain architecture, the core principle of Hyperledger Fabric is that all the peers must have the same view of the shared ledger, making it challenging to support private data for the different peers. Extending Hyperledger Fabric to support private data (that can influence transactions) would open the door to many exciting new applications, in areas from healthcare to commerce, insurance, finance, and more. In this work we explored adding private-data support to Hyperledger Fabric using secure multiparty computation (MPC). Specifically, in our solution the peers store on the chain encryption of their private data, and use secure MPC whenever such private data is needed in a transaction. This solution is very general, allowing in principle to base transactions on any combination of public and private data. We created a demo of our solution over Hyperledger Fabric v1.0, implementing a bidding system where sellers can list assets on the ledger with a secret reserve price, and bidders publish their bids on the ledger but keep secret the bidding price itself.We implemented a smart contract (aka “chaincode”) that runs the auction on this secret data, using a simple secure-MPC protocol that was built using the EMP-toolkit library. The chaincode itself was written in Go, and we used the SWIG library to make it possible to call our protocol implementation in C++. We identified two basic services that should be added to Hyperledger Fabric to support our solution, and are now working on implementing them.

摘要:Blockchain, as a decentralized and distributed public ledger technology in peer-to-peer network, has received considerable attention recently. It applies a linked block structure to verify and store data, and applies the trusted consensus mechanism to synchronize changes in data, which makes it possible to create a tamper-proof digital platform for storing and sharing data. It is believed that blockchain can be applied to diverse Internet interactive systems (e.g., Internet of Things, supply chain systems, identity management, and so on). However, there are some privacy challenges that may hinder the wide application of blockchain. The goal of this survey is to provide some insights into the privacy issues associated with blockchain. We analyze the privacy threats in blockchain and discuss existing cryptographic defense mechanisms, i.e., anonymity and transaction privacy preservation. Furthermore, we summarize some typical implementations in blockchain and explore future research challenges that still need to be addressed in order to preserve privacy when blockchain is used.