Today, only the lazy has not written about blockchain technology, cryptocurrencies and how cool it is. But this article will not praise this technology, we will just talk about its shortcomings and ways to eliminate them.

While working on one of the projects at Altirix Systems, the task of secure, censorship-resistant confirmation of data from a source external to the blockchain appeared. It was necessary to confirm the changes in the records of the third system and, based on these changes, execute one or another branch in the logic of the smart contract. At first glance, the task is quite trivial, but when the financial condition of one of the parties participating in the process depends on the result of its implementation, additional requirements appear. First of all, it is all-round confidence in such a validation mechanism. But first things first.

, , , - . - (flight delay, ..). -, , , . , Town Crier DECO. - -, , .

, - 0.001 btc bitcoin- . , - , , : , - , , - ?

2 : - -, — , . , , , Oraclize, TLSNotary ( TLS ). Oraclize , , , : Town Crier DECO. , .

Town Crier

Town Crier (TC) IC3 (The Initiative for CryptoCurrencies and Contracts) 2016 CCS’16. TC: - , , TC , . TC TEE (Trusted Execution Environment) . TC Intel SGX.

Town Crier — TC Server.



TC Contract front end TC. C_U (- ) TC Server. TC Server Relay, ( ) . Enclave prog_encl, , , prog_encl - .

Intel SGX , API, ecall. Ecall . , , . , , ocall. Ocall . ocall .



Enclave secure channel -, TLS handshake . TLS (mbedTLS) HTTP- SGX. , Enclave root CA certificates ( ), . Request Handler datagram , Ethereum, . Ethereum, requested datagram, sk_TC Relay.

Relay Client Interface, TCP, Blockchain Interface. Client Interface . ecall timestamp, sk_TC att ( ), att Intel Attestation Service (IAS), timestamp time service. Blockchain Interface datagrams. Geth — Ethereum Relay RPC calls.

TEE, TC , 3 . 15 tx/sec, 20 65 tx/sec, , Bitcoin — 26 tx/sec.

DECO

DECO (Decentralized Oracles for TLS) CCS’20, , TLS . .

DECO c TLS , - , , , TLS. DECO prover (-), verifier () web-server ( ).

DECO , (prover) D (verifier), D TLS- S. , TLS TLS- , (provenance difficulty).

DECO K_Enc K_Mac. Q -, R , K_Mac, TLS . DECO , «» K_Mac (prover), . K_Mac prover verifier — K_p^Mac K_v^Mac. K_Mac K_p^Mac ⊕ K_v^Mac = K_Mac.

, .



, Chainlink, , Ethereum, Bitcoin Hyperledger, : . , Chainlink , , ( ). , . .

Chainlink PoC DECO , Mixicles. Forbes, , Chainlink DECO Cornell University.

, Town Crier:

1. Rogue smart-contact code injection on TEE nodes.
   
   : TEE -, , , , () - . private key, /.
   
   , . , .

   
   
   

2. Contract state ciphertext changes leak.
   
   : , -, contract state . , , contact state , - , - .
   
   .

   
   
   

3. Side-channel attacks.
   
   , . — Prime and Probe.
   
   
   
   :

   
   
   
   • t₀: .
   • t₁: , ( ). cache line keybit. , keybit = 0 X cache line 2. , X, , , .
   • t₂: , — , . . keybit, .
   
   
   

: Intel SGX side-channel attacks, , , Prime and Probe , .



, .

Spectre Foreshadow (L1TF), Prime and Probe. - . Spectre-v2, .

DECO, :

1. Prover Integrity: prover server server . server prover.
2. Verifier Integrity: verifier prover .
3. : verifier (, ).

DECO , . , verifier fresh nonce. , verifier (IP-). , verifier server . Proxy.

Town Crier , DECO . : , , .

: DECO , LAN 0.37 , 2PC-HMAC (0,13 ). DECO TLS, . IC3: LAN 10,50 . , Town Crier 0,6 , 20 , DECO. , TC .

: Intel SGX (side-channel attacks) -. DECO , , proxy . DECO .

: , Intel SGX DECO. TC .

: Town Crier , TEE. , Intel SGX Intel Core 6- . DECO , DECO TEE. DECO , hardware TC, DECO .

, , Town Crier DECO . DECO , , , , . TC DECO, , side-channel attack . , DECO 2020 , , . Town Crier 4 , .