Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts

Smart contracts are applications that execute on blockchains. Today they manage billions of dollars in value and motivate visionary plans for pervasive blockchain deployment. While smart contracts inherit the availability and other security assurances of blockchains, however, they are impeded by blockchains' lack of confidentiality and poor performance. We present Ekiden, a system that addresses these critical gaps by combining blockchains with Trusted Execution Environments (TEEs). Ekiden leverages a novel architecture that separates consensus from execution, enabling efficient TEE-backed confidentiality-preserving smart-contracts and high scalability. Our prototype (with Tendermint as the consensus layer) achieves example performance of 600x more throughput and 400x less latency at 1000x less cost than the Ethereum mainnet. Another contribution of this paper is that we systematically identify and treat the pitfalls arising from harmonizing TEEs and blockchains. Treated separately, both TEEs and blockchains provide powerful guarantees, but hybridized, though, they engender new attacks. For example, in naïve designs, privacy in TEE-backed contracts can be jeopardized by forgery of blocks, a seemingly unrelated attack vector. We believe the insights learned from Ekiden will prove to be of broad importance in hybridized TEE-blockchain systems.

[1]  Mic Bowman,et al.  Private Data Objects: an Overview , 2018, ArXiv.

[2]  Dawn Xiaodong Song,et al.  Practical Differential Privacy for SQL Queries Using Elastic Sensitivity , 2017, ArXiv.

[3]  Sebastian Nowozin,et al.  Oblivious Multi-Party Machine Learning on Trusted Processors , 2016, USENIX Security Symposium.

[4]  Tsz Hon Yuen,et al.  RingCT 2.0: A Compact Accumulator-Based (Linkable Ring Signature) Protocol for Blockchain Cryptocurrency Monero , 2017, ESORICS.

[5]  Jason Teutsch,et al.  A scalable verification solution for blockchains , 2019, ArXiv.

[6]  Shay Gueron,et al.  A Memory Encryption Engine Suitable for General Purpose Processors , 2016, IACR Cryptol. ePrint Arch..

[7]  Christos Gkantsidis,et al.  VC3: Trustworthy Data Analytics in the Cloud Using SGX , 2015, 2015 IEEE Symposium on Security and Privacy.

[8]  Srdjan Capkun,et al.  ROTE: Rollback Protection for Trusted Execution , 2017, USENIX Security Symposium.

[9]  Insik Shin,et al.  SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs , 2017, NDSS.

[10]  Jiangtao Li,et al.  Enhanced Privacy ID from Bilinear Pairing for Hardware Authentication and Attestation , 2010, 2010 IEEE Second International Conference on Social Computing.

[11]  Matthew Green,et al.  Zerocoin: Anonymous Distributed E-Cash from Bitcoin , 2013, 2013 IEEE Symposium on Security and Privacy.

[12]  Carl A. Gunter,et al.  Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX , 2017, CCS.

[13]  Nancy A. Lynch,et al.  Consensus in the presence of partial synchrony , 1988, JACM.

[14]  Johan A. K. Suykens,et al.  Benchmarking state-of-the-art classification algorithms for credit scoring , 2003, J. Oper. Res. Soc..

[15]  Andrew Miller,et al.  Instantaneous Decentralized Poker , 2017, ASIACRYPT.

[16]  Brent Byunghoon Kang,et al.  Hacking in Darkness: Return-oriented Programming against Secure Enclaves , 2017, USENIX Security Symposium.

[17]  Berry Schoenmakers,et al.  A Simple Publicly Verifiable Secret Sharing Scheme and Its Application to Electronic , 1999, CRYPTO.

[18]  Marcus Peinado,et al.  Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems , 2015, 2015 IEEE Symposium on Security and Privacy.

[19]  Elaine Shi,et al.  Step by Step Towards Creating a Safe Smart Contract: Lessons and Insights from a Cryptocurrency Lab , 2016, Financial Cryptography Workshops.

[20]  Rüdiger Kapitza,et al.  AsyncShock: Exploiting Synchronisation Bugs in Intel SGX Enclaves , 2016, ESORICS.

[21]  Srdjan Capkun,et al.  Software Grand Exposure: SGX Cache Attacks Are Practical , 2017, WOOT.

[22]  Long Li,et al.  POSTER: Rust SGX SDK: Towards Memory Safety in Intel SGX Enclave , 2017, CCS.

[23]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[24]  Adi Shamir,et al.  Quantitative Analysis of the Full Bitcoin Transaction Graph , 2013, Financial Cryptography.

[25]  Ashay Rane,et al.  Raccoon: Closing Digital Side-Channels through Obfuscated Execution , 2015, USENIX Security Symposium.

[26]  Moni Naor,et al.  Distributed Pseudo-random Functions and KDCs , 1999, EUROCRYPT.

[27]  Elaine Shi,et al.  Formal Abstractions for Attested Execution Secure Processors , 2017, EUROCRYPT.

[28]  Fan Zhang,et al.  Sealed-Glass Proofs: Using Transparent Enclaves to Prove and Sell Knowledge , 2017, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).

[29]  A. D. Irving,et al.  Least squares parameter estimation of a reduced order thermal model of an experimental building , 1993 .

[30]  Juan del Cuvillo,et al.  Using innovative instructions to create trustworthy software solutions , 2013, HASP '13.

[31]  Sanjit A. Seshia,et al.  A compiler and verifier for page access oblivious computation , 2017, ESEC/SIGSOFT FSE.

[32]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[33]  Srinivas Devadas,et al.  Sanctum: Minimal Hardware Extensions for Strong Software Isolation , 2016, USENIX Security Symposium.

[34]  Kartik Nayak,et al.  HOP: Hardware makes Obfuscation Practical , 2017, NDSS.

[35]  Rainer Böhme,et al.  The price of anonymity: empirical evidence from a market for Bitcoin anonymization , 2017, J. Cybersecur..

[36]  Fan Zhang,et al.  REM: Resource-Efficient Mining for Blockchains , 2017, IACR Cryptol. ePrint Arch..

[37]  Raef Bassily,et al.  Differentially Private Empirical Risk Minimization: Efficient Algorithms and Tight Error Bounds , 2014, 1405.7085.

[38]  Hugo Krawczyk,et al.  Proactive Secret Sharing Or: How to Cope With Perpetual Leakage , 1995, CRYPTO.

[39]  Jason Teutsch,et al.  Interactive coin offerings , 2019, ArXiv.

[40]  Hugo Krawczyk,et al.  Secure Distributed Key Generation for Discrete-Log Based Cryptosystems , 1999, Journal of Cryptology.

[41]  Michael K. Reiter,et al.  Detecting Privileged Side-Channel Attacks in Shielded Execution with Déjà Vu , 2017, AsiaCCS.

[42]  Emmett Witchel,et al.  Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data , 2016, OSDI.

[43]  Elaine Shi,et al.  Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[44]  Fan Zhang,et al.  The Ekiden Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts , 2020, IEEE Security & Privacy.

[45]  Ittai Anati,et al.  Innovative Technology for CPU Based Attestation and Sealing , 2013 .

[46]  Stefan Mangard,et al.  Malware Guard Extension: Using SGX to Conceal Cache Attacks , 2017, DIMVA.

[47]  S A R A H M E I K L E J O H N,et al.  A Fistful of Bitcoins Characterizing Payments Among Men with No Names , 2013 .

[48]  Taesoo Kim,et al.  SGX-Bomb: Locking Down the Processor via Rowhammer Attack , 2017, SysTEX@SOSP.

[49]  Christof Fetzer,et al.  SGXBOUNDS: Memory Safety for Shielded Execution , 2017, EuroSys.

[50]  Jason Teutsch,et al.  Demystifying Incentives in the Consensus Computer , 2015, CCS.

[51]  Matthew Green,et al.  Giving State to the Stateless: Augmenting Trustworthy Computation with Ledgers , 2019, NDSS.

[52]  Marcus Peinado,et al.  High-Resolution Side Channels for Untrusted Operating Systems , 2017, USENIX Annual Technical Conference.

[53]  Beng Chin Ooi,et al.  M2R: Enabling Stronger Privacy in MapReduce Computation , 2015, USENIX Security Symposium.

[54]  Marcus Peinado,et al.  T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs , 2017, NDSS.

[55]  Tanja Lange,et al.  The Security Impact of a New Cryptographic Library , 2012, LATINCRYPT.

[56]  Vitaly Shmatikov,et al.  Membership Inference Attacks Against Machine Learning Models , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[57]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[58]  Paul Sajda,et al.  Machine learning for detection and diagnosis of disease. , 2006, Annual review of biomedical engineering.

[59]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[60]  Joseph Bonneau,et al.  Proofs-of-delay and randomness beacons in Ethereum , 2017 .

[61]  Shweta Shinde,et al.  Preventing Page Faults from Telling Your Secrets , 2016, AsiaCCS.

[62]  Iddo Bentov,et al.  Amortizing Secure Computation with Penalties , 2016, CCS.

[63]  Ion Stoica,et al.  Opaque: An Oblivious and Encrypted Distributed Analytics Platform , 2017, NSDI.

[64]  Fergal Reid,et al.  An Analysis of Anonymity in the Bitcoin System , 2011, PASSAT 2011.

[65]  Paul Feldman,et al.  A practical scheme for non-interactive verifiable secret sharing , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[66]  Matthew Green,et al.  Fairness in an Unfair World: Fair Multiparty Computation from Public Bulletin Boards , 2017, CCS.

[67]  Josep Domingo-Ferrer,et al.  Dropout-Tolerant TTP-Free Mental Poker , 2005, TrustBus.

[68]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[69]  Johannes Götzfried,et al.  Cache Attacks on Intel SGX , 2017, EUROSEC.

[70]  P Ping Chen,et al.  Secure multiparty computation for privacy preserving data mining , 2012 .

[71]  Iddo Bentov,et al.  How to Use Bitcoin to Play Decentralized Poker , 2015, CCS.

[72]  Marcus Peinado,et al.  Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing , 2016, USENIX Security Symposium.

[73]  Fan Zhang,et al.  Solidus: Confidential Distributed Ledger Transactions via PVORM , 2017, CCS.

[74]  Dawn Xiaodong Song,et al.  Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contract Execution , 2018, ArXiv.

[75]  Fan Zhang,et al.  Tesseract: Real-Time Cryptocurrency Exchange using Trusted Hardware , 2017, IACR Cryptol. ePrint Arch..

[76]  Yi Zhou,et al.  Erays: Reverse Engineering Ethereum's Opaque Smart Contracts , 2018, USENIX Security Symposium.

[77]  Fan Zhang,et al.  Stealing Machine Learning Models via Prediction APIs , 2016, USENIX Security Symposium.

[78]  Vipul Goyal,et al.  Overcoming Cryptographic Impossibility Results Using Blockchains , 2017, TCC.

[79]  Gorka Irazoqui Apecechea,et al.  CacheZoom: How SGX Amplifies The Power of Cache Attacks , 2017, CHES.

[80]  Marcin Andrychowicz,et al.  Secure Multiparty Computations on Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[81]  Jae Kwon,et al.  Tendermint : Consensus without Mining , 2014 .

[82]  Kartik Nayak,et al.  ObliVM: A Programming Framework for Secure Computation , 2015, 2015 IEEE Symposium on Security and Privacy.

[83]  Moses D. Liskov,et al.  MPSS: Mobile Proactive Secret Sharing , 2010, TSEC.

[84]  A. Saunders,et al.  Credit risk measurement: Developments over the last 20 years , 1997 .

[85]  Dan Boneh,et al.  IRON: Functional Encryption using Intel SGX , 2017, CCS.