okx

冷钱包币种及区块链是否拒绝硬件存储

时间:2023-08-07|浏览:206

Should We Kick Hardware out of Blockchain?

Author: Yin Hang, Co-founder & Chief Developer at Phala

You may think that hardware and blockchain have nothing to do with each other. After all, from Bitcoin to Ethereum, blockchain is dominated by software, and hardware-based solutions often have a centralized suspicion. However, in terms of privacy protection, introducing hardware is a common practice. Hardware is the basis for practicality, and the combination of software and hardware can achieve a greater effect than the sum of its parts. Through clever combinations, Phala can achieve an excellent balance between decentralization, scalability, and confidentiality.

#1 TEE-based Blockchain Confidentiality

Phala Network uses confidential smart contracts to achieve blockchain confidentiality. Unlike traditional contracts, it runs in a special hardware area (Trusted Execution Environment) inside the CPU. This area is highly isolated from other components, and any attempts to read TEE data, including malicious attacks, are futile.

The program running in TEE is called pRuntime. pRuntime maintains the operation of miners and Gatekeeper nodes in TEE and is responsible for handling TEE remote attestation, on-chain registration, key management, and confidential contract execution.

However, how can we make users trust that smart contracts are running in pRuntime and not just a forged TEE environment? At this time, we need to understand what "Remote Attestation" is.

"An application that hosts an enclave can also ask the enclave to produce a report and then pass this report to a platform service to produce a type of credential that reflects enclave and platform state. This credential is known as a quote. This quote can then be passed to entities off of the platform and verified…" - Source

Remote attestation is the key to ensuring the security and trustworthiness of the TEE system. Quoting from Intel can prove that the code (determined by the hash value) and certain data necessary for the execution are indeed running in the latest version of the SGX enclave.

#2 Secret Provisioning

Remote attestation is the soul of confidential smart contracts. However, if we cannot establish end-to-end encrypted communication between TEE and third parties, the application scope will be limited. Therefore, Intel SGX also uses the Secret Provisioning protocol to elegantly solve this problem.

With the Secret Provisioning protocol, we can establish a trust chain from users to pRuntime:

  1. The blockchain publicly displays the hash of the legitimate pRuntime code.
  2. pRuntime runs a remote attestation protocol, obtains a remote attestation report that includes the hash value of the proven code (pRuntime itself), and the public key of the identity authentication key pair (with timeliness).
  3. The remote attestation report is submitted and verified on the blockchain.
  4. The blockchain compares the hash value returned by the remote report (aiming to prove that the participant is indeed a legitimate pRuntime running in TEE).
  5. The identity authentication public key is registered on the blockchain (only the currently running pRuntime can use this key pair).

Once registration is completed, any message signed with this identity will be generated exclusively by this pRuntime. Users can further establish a TLS-like connection with pRuntime using the registered identity public key.

When communication with TEE is required, users can obtain the registered pRuntime public key from the blockchain and use their Substrate account and public key to perform ECDH Diffie-Hellman protocol key agreement and obtain the key for communication with pRuntime.

After the trust chain is established, the identity key uniquely represents the identity of pRuntime. In theory, as long as TEE has no hardware vulnerabilities (which we will continue to discuss in the following sections), a successful remote attestation can ensure that all communications with pRuntime are secure and trustworthy.

#3 On-chain Upgrades

On-chain upgrades can greatly reduce the risks posed by hardware upgrades and hard forks, making them crucial. Substrate inherently supports runtime on-chain upgrades, which can be completed in the governance module. Similarly, the runtime in TEE can also be upgraded.

When upgrading pRuntime, the new hash needs to be submitted to the blockchain. Subsequently, the community can review the code, discuss it, and vote in favor of the upgrade through an on-chain governance process similar to Substrate.

Once there is an upgrade on the chain, Phala's Gatekeepers and miners must upgrade pRuntime as soon as possible. This process is relatively easier for miners because they do not need to be online 24/7. They simply need to pause mining, upgrade, and then continue mining. Gatekeepers, on the other hand, bear the responsibility of availability and need to be online as

热点:冷钱包 区块链 钱包

欧易

欧易(OKX)

用戶喜愛的交易所

币安

币安(Binance)

已有账号登陆后会弹出下载

« 上一条| 下一条 »
区块链交流群
数藏交流群

合作伙伴

非小号交易所排名-专业的交易行情资讯门户网站,提供区块链比特币行情查询、比特币价格、比特币钱包、比特币智能合约、比特币量化交易策略分析,狗狗币以太坊以太币玩客币雷达币波场环保币柚子币莱特币瑞波币公信宝等虚拟加密电子数字货币价格查询汇率换算,币看比特儿火币网币安网欧易虎符抹茶XMEX合约交易所APP,比特币挖矿金色财经巴比特范非小号资讯平台。
非小号行情 yonghaoka.cn 飞鸟用好卡 ©2020-2024版权所有 桂ICP备18005582号-1