近年来研究者提出了许多基于区块链智能合约的隐私计算方案，利用零知识证明、同态加密、安全多方计算等密码学技术为区块链智能合约添加新的特性使得它们适应隐私计算的需要。然而密码学方案不仅存在固有的计算性能瓶颈，而且往往需要针对应用场景设计特定算法，以及需要依赖可信第三方提供验证证明，因此研究者开始寻找其他替代方案。相比于密码学方案，将可信执行环境应用于区块链智能合约不会引入大量的密码学计算，且无需针对应用场景设计特定算法。然而，目前基于可信执行环境的智能合约隐私计算研究仍然处于起步阶段，主流的研究方案仅支持利用单方数据进行计算，而无法支持基于多方数据的链上协作。其中的难点主要在于如何不使用实际硬件物理机也允许参与者参与计算和共识以及如何降低明文账本的隐私数据泄漏风险。一方面，可信执行环境部署和使用成本较高；另一方面，隐私数据存储上链存在安全隐患。此外，针对可信执行环境的侧信道攻击有可能导致关键的隐私和密钥数据的泄露。针对已有研究工作的不足，本文提出了基于容器化可信执行环境的区块链智能合约隐私计算框架 DTS（Dockerized TEE-based Separate Data Blockchain）。该框架首先对可信执行环境进行容器化，以降低可信执行环境的使用成本，同时通过链下隔离存储技术来保护数据持有者对隐私数据的控制权。除此之外，本文还针对可信执行环境的侧信道攻击提出了区块链架构级别的防御方法。基于上述贡献，本文提出的框架将智能合约隐私计算从仅支持单一参与方扩展到多方协作的场景，使得参与者能够享受低成本、低风险、高性能的隐私计算。本文将上述研究成果进行了系统实现并集成至开源区块链平台 Hyperledger Fabric。

Recently huge amount of research have been proposed which brought up the solutionfor smart contract based confidential computing. Most of the research add new features tothe smart contracts. Most of them are cryptography-based solutions using cryptographyteniques such as zero knowledger proof, secure multi parties computation and homomorphic encryption.Cryptography-based solutions has calculation bottleneck. And algorithms need exactscenarios and a trusted third party. Hardware-based solutions such as TEE arise.TEE-based solutions remove the bottleneck, and TEE-basaed solutions no longerneed exact scenarios. The hardware-based solutions is in an early stage based on thesingle party instead of multy parties. TEE-based solutions face difficulties including highcost applying TEE, high risk of on-chain data store, with the side channel attack escalatingthe risk. Participants will face higher cost and risk to adapt the systems.We proposed a dockerlized TEE-based smart contracts confidential computing system which is called DTS(Dockerized TEE-based Separate Blockchain), which using dockerlization to lower the applying cost of TEE, and we enable an off-chain store of privatedata which grant back the control priviledges of data to the owners, moreover we defendthe side-channel attacks of TEE on the blockchain implementation level. Hence we promote the blockchain from single parties privacy-preserving computing system to a multiparties confidentail computing system.We implemented the proposed system by adapting the design to an open source consortium blockchain Hyperledger Fabric. We modify the Hyperledger Fabric to be a dockerlized TEE-based consortium blockchain, and we take advantage of the pluggable andconfigurable features of Hyperledger Fabric, enbale the users of Hyperledger Fabric canuse both private smart contracts and non-private smart contracts.Finally, we proposed a new indication standing for the data privacy and we use itcombined with tps and latency indications to prove that our system is lower cost, lowerrisk and better performance, and that out system can support applications such as federatedlearning, data analysis and secure multy parties computation well.