Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Workshop on Blockchain Technology and Theory – October 16, 2017
Ittay EyalTechnion, EE and IC3
Resource-Efficient Mining (REM) withProofs of Useful Work (PoUW)
with Fan Zhang, Robert Escriva. Ari Juels, and Robbert van Renesse
2
Fintech Blockchain / DLT Vision
• Bank to bank transactions (money, securities) • Smart contracts infrastructure • Security structuring • Insurance • Provenance (supply chain, art, fair trade) • IoT micropayments
3
The Blockchain
Log Blockchain
block
header
4
The Blockchain
Log Blockchain
block
header
5
The Blockchain
Log Blockchain
hash( ) < target*
* target: a deterministic function of previous blocks
6
The Blockchain
7
The Blockchain
8
The Blockchain
Block validation: Proof of work Ok – one hash function(and transactions Ok)
9
PoW Requirements
• Memoryless random distribution • Tunable difficulty • O(1) validation • All data on the blockchain
10
Fork Resolution
Longest chain wins
Minority attacker cannot out-run honest parties
11
Mining Farms
12
PoW: Proof of Waste?
Block proves (statistically) real-world waste • Capital expenditure • Operational expenditure
Attacker must similarly waste resources
13
PoW: Proof of Waste?
Block proves (statistically) real-world waste • Capital expenditure • Operational expenditure
Attacker must similarly waste resources
That’s not waste!
14
Environment-Friendly Alternatives
Permissioned system (BFT)• Centralized
Internal waste – Proof of Stake • Different properties
“Useful” resources (storage, prime numbers) • Useful? • For whom? Unfair
15
Partially Decentralized
Guarantees• Similar to PoW
Assumptions • Permissionless• Trust secure-hardware manufacturer
16
Software Guard Extensions (SGX)
Untrusted Operating System & Hypervisor
Untrusted Application Code
Code & Data
Untrusted Hardware
TrustedProcessor
Attestation: • Output • Fingerprint • signature
B
1. Confidentiality (incl. SRNG)2. Integrity 3. Remote attestation
output
17
Intel’s Proof of Elapsed Time (PoET)
Model: Partially decentralized
Idea: Simulate PoW by sleeping.
Pros: • PoW-like guarantees • Energy-waste-free
18
Intel’s Proof of Elapsed Time
Mining power not proportional to CPU value
The Stale Chips Problem: • Build a mining farm • Old useless CPUs
Waste hardware rather than power
19
Intel’s Proof of Elapsed Time
Individual CPUs can be compromised
The Broken Chips Problem
Intel proposes a simple statistical test. But 1. What is the adversary’s advantage? 2. What is the cost of this test?
Proof of Useful Work
21
Proof of Useful Work
Dedicate useful work rather than useless
How to measure and prove?
• Memoryless random distribution • Tunable difficulty • O(1) validation • All data on the blockchain
22
Proof of Useful Work
Proof of
Useful Work
Useful
Work
ResultInstruction
count 𝑛
Useful work, block header
SGX
Enclave
Simulate 𝑛Bernoulli tests
Run
Useful
Work
If success
23
Hierarchical Attestation
Only predefined programs?
Alice’s Enclave
Bob’sEnclave
Carols’sEnclave
output
24
Hierarchical Attestation
Only predefined programs?
Hierarchical attestation!
Compliance Checker
Alice’s Enclave
Bob’sEnclave
Carols’sEnclave
output:
output
25
Hierarchical Attestation
Only predefined programs?
Hierarchical attestation! Add instruction counting
Return count
26
State
New block
Block-chainagent
Block template
PoUW
Miner
PoUWEnclave
Blockchain PNetwork
TEE
Useful tasks
Useful results
1
2
2
3 45
Useful Workclient
27
State
New block
Blockchain P2P Network
State
Blockchain Agent
Content
Compliance
Effort
Verifiers1
5
6
28
Performance
29
SGX Compromise
Individual SGX instances might be broken • Compromised SGX will attest to anything • Compromise does not allow key forgery
The Broken Chip problem
30
The Broken Chip Problem
Statistically test likelihood of blocks from same CPU. Reject if unlikely.
Too permissive: Attacker gains
Too restrictive: Lose mining power
31
Attacker’s Advantage
Blo
ck C
ou
nt
Att
acke
r’s
Ad
van
tage
32
Wasted Proof of Work
Blo
ck C
ou
nt
Was
te
33
ConclusionBlockchain security in partially-decentralized model
Proof of Useful Work with TEE (SGX)
PoCtool-chain
Hierarchical Attestation
Practical Performance
Broken Chip Resilience
Zhang, Eyal, Escriva, Juels, van Renesse. USENIX Security 2017