TEE: with Blockchain
Layer1
Proof-of-X
REM achieves security guarantees similar to PoW, but leverages the partially decentralized trust model inherent in SGX to achieve a fraction of the waste of PoW.
Mitar Milutinovic, Warren He, Howard Wu, Maxinder Kanwal (UC Berkeley)
SysTEX ’16
For block proposer election, TEE provides randomness and wait-time
Sébastien Andreina, Jens-Matthias Bohli, Wenting Li, Ghassan O. Karame, Giorgia Azzurra Marson (NEC Laboratories)
Prevent nothing-at-stake, grinding attacks, posterior corruption in PoS
Proof-of-Elapsed-Time
BFT
Jian Liu, Wenting Li,Ghassan O. Karame, and N. Asokan, Fellow
Message aggregation technique that combines TEEs with lightweight secret sharing + optimistic execution, tree topology and failure detection
Johannes Behl, Tobias Distler, Rudiger Kapitza
EuroSys'17
Hybrid BFT model with TEE to achieve 2f + 1, also allowing parallelization
Adopt PBFT/Hybster
Rihong Wang, Na Li, Quanqing Xu, Lifeng Zhang and Congying Xing
2f + 1, only two phase, linear prepare phaase
PoET, RNG inside enclave for shard shuffling, removing equivocation from PBFT. HyperledgerLabs MinBFT
IEEE Transactions on Computers, 2013
Off-chain
Light clients
Siniša Matetić (ETH Zurich), Karl Wüst (ETH Zurich), Moritz Schneider (ETH Zurich), Kari Kostiainen (ETH Zurich), Ghassan Karame (NEC Labs) Srdjan Čapkun (ETH Zurich)
Enclaves on full nodes serve privacy-preserving requests from light clients
Karl W¨ust, Sinisa Matetic, Moritz Schneider (ETH Zurich), Ian Miers, KariKostiainen, and Srdjan Capkun
Payment channel
Joshua Lind, Oded Naor, Ittay Eyal, Florian Kelbert, Peter Pietzuch, Emin Gun Sirer
SOSP'19
Payment channel (for Bitcoin) with a committee of TEEs (w/ on-chain multi-sig) for TEE failures
Against roll-back and state forking Ref Use chain replication, instead of normal SMR for communication efficiency in P2P network
Dynamic depsits, Asynchronous blockchain access (i.e. safety doesn't depend on a challenge period)
Oracle
Fan Zhang, Ethan Cecchetti, Kyle Croman, Ari Juels, Elaine Shi (IC3)
Authenticated data feed system SGX to scrape HTTPS enabled websites
UC Proofs
Example: Oracle for flight Insurance contract
A client creating or relying on a contract that uses T_on is responsible for ensuring that this hardcoded pk_off has an appropriate SGX attestation before interacting with T_on.
Bribing
Trust minimization for bribers (vote buyers)
Towards Free Will in Cryptographic Systems
Privacy
Ledger
Euro S&P'19
Microsoft
Computation
Mic Bowman, Andrea Miele, Michael Steiner, Bruno Vavala (Intel Labs)
A technology that enables mutually untrusted parties to run smart contracts over private data
Enclaves are stateless and not contract-specific
Developed under Hyperledger Labs: GitHub Hyperledger Sawtooth, Microsoft CCF (WIP)
Marcus Brandenburger (IBM), Christian Cachin (TU Braunschweig), Rüdiger Kapitza (IBM), Alessandro Sorniotti
Notes on Private Data Objects: an Overview:
Similarly to PDOs, only the contract code runs in the chaincode enclave
Differently from PDOs, it uses a ledger enclave to maintain (hashes of) the ledger state. Although it allows to verify the latest ledger state (assuming final consensus), it has to implement part of the Fabric peer and manage a possibly large state.
Rohit Sinha, Sivanarayana Gaddam, Ranjit Kumaresan (Visa/Visa Research)
Mixing
Muoi Tran, Loi Luu, Min Suk Kang, Iddo Bentov, and Prateek Saxena
Others
Hisham S. Galal and Amr M. Youssef (Concordia University)
WTSC'19
Tutorials
Can blockchains be made better using hardware-assisted security? Slide Teechain, FastBFT, PoET, etc.