Masiku ano, ndi aulesi okha omwe sanalembe zaukadaulo wa blockchain, ma cryptocurrencies ndi momwe zimakhalira bwino. Koma nkhaniyi sidzayamika teknoloji iyi; tikambirana za zofooka zake ndi njira zothetsera izo.
Ndikugwira ntchito pa imodzi mwama projekiti ku Altirix Systems, ntchitoyi idadzuka yotsimikizika, yoletsa kutsimikizira kwa data kuchokera kugwero lakunja kupita ku blockchain. Zinali zofunikira kutsimikizira kusintha kwa zolemba za dongosolo lachitatu ndipo, kutengera kusintha kumeneku, perekani nthambi imodzi kapena ina mu malingaliro anzeru a mgwirizano. Ntchitoyi poyang'ana koyamba ndi yaying'ono, koma pamene chuma cha m'modzi mwa omwe akuchita nawo ntchitoyi chimadalira zotsatira za kukhazikitsidwa kwake, zofunikira zina zimawonekera. Choyamba, uku ndikudalira kwathunthu pamakina otsimikizira ngati amenewa. Koma zinthu zoyamba choyamba.
Vuto ndiloti blockchain palokha ndi yodziyimira payokha, yotsekedwa, kotero mapangano anzeru mkati mwa blockchain samadziwa kanthu zakunja. Panthawi imodzimodziyo, mawu a mgwirizano wanzeru nthawi zambiri amakhudzana ndi chidziwitso cha zinthu zenizeni (kuchedwa kwa ndege, mitengo yosinthanitsa, etc.). Kuti mapangano anzeru agwire bwino ntchito, zidziwitso zolandilidwa kuchokera kunja kwa blockchain ziyenera kukhala zodalirika komanso zotsimikizika. Vutoli limathetsedwa pogwiritsa ntchito mawu monga Town Crier ndi DECO. Maulalo awa amalola mgwirizano wanzeru pa netiweki ya blockchain kudalira zambiri kuchokera pa seva yodalirika; titha kunena kuti awa ndi omwe amapereka zidziwitso zodalirika.
Oracles
Tangoganizani kuti mgwirizano wanzeru umasamutsa 0.001 btc kupita ku chikwama chanu cha bitcoin ngati kalabu yomwe mumakonda ipambana Cup yaku Russia. Pakachitika chigonjetso chenicheni, mgwirizano wanzeru uyenera kusamutsa zambiri za kalabu yomwe idapambana, ndipo pali mavuto angapo apa: komwe mungapeze chidziwitsochi, momwe mungasamutsire ku mgwirizano wanzeru komanso momwe mungatsimikizire kuti chidziwitsocho. zolandiridwa mu mgwirizano wanzeru ndi zomveka zimagwirizana ndi zenizeni?
Zikafika pa gwero la chidziwitso, patha kukhala zochitika za 2: kulumikiza mgwirizano wanzeru ku tsamba lodalirika pomwe chidziwitso chokhudza zotsatira zamasewera chimasungidwa pakati, ndipo njira yachiwiri ndikulumikiza masamba angapo nthawi imodzi ndikusankha zambiri kuchokera kuzinthu zambiri. zomwe zimapereka deta yomweyo. Pofuna kutsimikizira kulondola kwa chidziwitsocho, maulalo amagwiritsidwa ntchito, mwachitsanzo Oraclize, yomwe imagwiritsa ntchito TLSNotary (TLS Notary Modification to Prove the Authenticity of Data). Koma pali zambiri zambiri pa Google za Oraclize, ndipo pali zolemba zingapo za HabrΓ© Lero ndilankhula za oracles omwe amagwiritsa ntchito njira yosiyana pang'ono yotumizira uthenga: Town Crier ndi DECO. Nkhaniyi ikufotokoza za mfundo zogwirira ntchito za maulalo onse awiri, komanso kuyerekezera mwatsatanetsatane.
Town Crier
Town Crier (TC) idayambitsidwa ndi IC3 (The Initiative for CryptoCurrencies and Contracts) mu 2016 ku CCS'16. Lingaliro lalikulu la TC: kusamutsa zambiri kuchokera patsamba kupita ku mgwirizano wanzeru ndikuwonetsetsa kuti chidziwitso choperekedwa ndi TC ndichofanana ndi patsamba. TC imagwiritsa ntchito TEE (Trusted Execution Environment) kutsimikizira umwini wa data. Mtundu woyambirira wa TC umafotokoza momwe mungagwirire ntchito ndi Intel SGX.
Town Crier imakhala ndi gawo mkati mwa blockchain ndi gawo mkati mwa OS yokha - TC Server.
TC Contract ili pa blockchain ndipo imakhala ngati kutsogolo kwa TC. Imavomereza zopempha kuchokera ku CU (mgwirizano wanzeru wa ogwiritsa ntchito) ndikubweza yankho kuchokera ku TC Server. Mkati mwa Seva ya TC pali Relay, yomwe imakhazikitsa kugwirizana pakati pa enclave ndi intaneti (magalimoto a bidirectional) ndikugwirizanitsa enclave ndi blockchain. Enclave ili ndi progencl, yomwe ndi code yomwe imapanga zopempha kuchokera ku blockchain ndikubwezera mauthenga ku blockchain ndi siginecha ya digito, progencl ili ndi gawo la ndondomeko ya mgwirizano wanzeru ndipo imagwira ntchito zina.
Intel SGX enclave imatha kuganiziridwa ngati laibulale yogawana ndi API yomwe ikuyenda kudzera pa ecall. Ecall amasamutsira ulamuliro ku enclave. Enclave imapanga code yake mpaka itachoka kapena mpaka zitachitika. ocall amagwiritsidwa ntchito kuitana ntchito zomwe zafotokozedwa kunja kwa enclave. Ocall amaphedwa kunja kwa enclave ndipo amawonedwa ngati kuyimba kosadalirika ndi iyo. Pambuyo pa ocall kuchitidwa, kuwongolera kumabwezeretsedwa ku enclave.
Mu gawo la Enclave, njira yotetezeka imakonzedwa ndi seva yapaintaneti, enclaveyo imagwirana chanza ndi TLS ndi seva yomwe mukufuna ndipo imagwira ntchito zonse za cryptographic mkati. Laibulale ya TLS (mbedTLS) ndi code yochepetsedwa ya HTTP yatumizidwa ku chilengedwe cha SGX. Komanso, Enclave ili ndi ziphaso za mizu za CA (zosonkhanitsira satifiketi) kuti zitsimikizire ziphaso za ma seva akutali. Funsani Handler amavomereza pempho la datagram mumtundu woperekedwa ndi Ethereum, amachichotsa ndikuchigawa. Kenako imapanga malonda a Ethereum omwe ali ndi datagram yofunsidwa, amasayina ndi skTC ndikutumiza ku Relay.
Gawo la Relay limaphatikizapo Client Interface, TCP, Blockchain Interface. Client Interface ndiyofunikira kuti mutsimikizire nambala ya enclave ndikulumikizana ndi kasitomala. Makasitomala amatumiza pempho lochitira umboni pogwiritsa ntchito ecall ndikulandila chidindo chosainidwa ndi skTC limodzi ndi att (siginecha yaumboni), ndiye kuti att imatsimikiziridwa pogwiritsa ntchito Intel Attestation Service (IAS), ndipo sitampu yanthawi imatsimikiziridwa ndi ntchito yodalirika yanthawi. Blockchain Interface imatsimikizira zopempha zomwe zikubwera ndikuyika zochitika pa blockchain kuti apereke ma datagram. Geth ndi kasitomala wovomerezeka wa Ethereum ndipo amalola Relay kuyanjana ndi blockchain kudzera pa mafoni a RPC.
Kugwira ntchito ndi TEE, TC imakupatsani mwayi woyendetsa ma enclaves angapo mofananira, potero mukuwonjezera kuthamanga kwa chidziwitso ndi nthawi zitatu. Ngati ndi enclave imodzi yothamanga, liwiro linali 3 tx / sec, ndiye kuti ndi 15 yothamanga yofanana, liwiro limawonjezeka kufika 20 tx / sec; poyerekeza, kuthamanga kwakukulu kwa Bitcoin blockchain ndi 65 tx / sec.
DECO
DECO (Decentralized Oracles for TLS) idaperekedwa ku CCS'20, imagwira ntchito ndi masamba omwe amathandizira kulumikizana kwa TLS. Imatsimikizira chinsinsi komanso kukhulupirika kwa data.
DECO yokhala ndi TLS imagwiritsa ntchito symmetric encryption, kotero kasitomala ndi seva yapaintaneti ali ndi makiyi obisa, ndipo kasitomala amatha kupanga data ya gawo la TLS ngati akufuna. Kuti athetse vutoli, DECO imagwiritsa ntchito njira zitatu zogwirana chanza pakati pa prover (smart contract), verifier (oracle) ndi web-server (data source).
Momwe DECO imagwirira ntchito ndikuti wotsimikizira amalandira chidutswa cha data D ndikutsimikizira kwa wotsimikizira kuti D adachokera ku seva ya TLS S. Vuto lina ndilakuti TLS sisayina deta ndipo zimakhala zovuta kuti kasitomala wa TLS atsimikizire kuti deta idalandiridwa kuchokera ku seva yoyenera (zovuta za provence).
Protocol ya DECO imagwiritsa ntchito makiyi a KEnc ndi KMac encryption. Makasitomala amatumiza chopempha Q ku seva yapaintaneti, yankho lochokera ku seva R limabwera mwachinsinsi, koma kasitomala ndi seva ali ndi KMac yomweyo, ndipo kasitomala amatha kupanga uthenga wa TLS. Yankho la DECO ndi "kubisa" KMac kwa kasitomala (prover) mpaka atayankha pempho. Tsopano KMac yagawidwa pakati pa prover ndi verifier - KpMac ndi KvMac. Seva imalandira KMac kuti ibisire yankho pogwiritsa ntchito gawo lofunikira KpMac β KvMac = KMac.
Mwa kukhazikitsa kugwirana chanza katatu, kusinthana kwa deta pakati pa kasitomala ndi seva kudzachitidwa ndi chitsimikizo cha chitetezo.
Polankhula za dongosolo decentralized oracle, munthu sangalephere kutchula Chainlink, amene cholinga kulenga decentralized maukonde oracle mfundo n'zogwirizana ndi Ethereum, Bitcoin ndi Hyperledger, poganizira modularity: mbali iliyonse ya dongosolo akhoza kusinthidwa. Panthawi imodzimodziyo, kuti atsimikizire chitetezo, Chainlink amapereka oracle iliyonse yomwe ikugwira nawo ntchitoyi kuti ipereke makiyi ophatikizana (pagulu ndi payekha). Kiyi yachinsinsi imagwiritsidwa ntchito kupanga siginecha yapang'ono yomwe ili ndi lingaliro lawo pazofunsa za data. Kuti mupeze yankho, ndikofunikira kuphatikiza ma signature onse apang'onopang'ono a maukonde a netiweki.
Chainlink ikukonzekera kupanga PoC DECO yoyambirira ndikuyang'ana kwambiri ntchito zachuma monga Mixicles. Panthawi yolemba, nkhani zidatuluka ku Forbes kuti Chainlink adapeza DECO kuchokera ku Cornell University.
Kuwukira kwa olankhulira
Kuchokera pamalingaliro achitetezo azidziwitso, ziwopsezo zotsatirazi za Town Crier zidaganiziridwa:
-
Jakisoni wamakhodi anzeru pamakina a TEE.
Chofunikira pakuwukira: kutumizira dala dala code yanzeru yanzeru ku TEE, motero, wowukira yemwe adapeza mwayi wopeza nodiyo atha kupanga mgwirizano wake wanzeru (wachinyengo) pazomwe zasungidwa. Komabe, zobwezazo zidzasungidwa ndi kiyi yachinsinsi, ndipo njira yokhayo yopezera deta yotere ndikutulutsa mawu achinsinsi pakubweza/kutulutsa.
Chitetezo ku chiwonongekochi chimakhala ndi enclave yomwe imayang'ana kulondola kwa code yomwe ili pa adilesi yamakono. Izi zitha kutheka pogwiritsa ntchito ma adilesi pomwe adilesi ya mgwirizano imatsimikiziridwa ndi hashing code code. -
Contract state ciphertext kusintha kutayikira.
Zomwe zidachitikazi: Eni ma node pomwe ma contract anzeru amagwirirapo ntchito ali ndi mwayi wopeza mgwirizano mu mawonekedwe obisika kunja kwa enclave. Wowukirayo, atayamba kulamulira node, akhoza kufananiza malo olumikizana nawo asanayambe komanso atatha kuchitapo kanthu ndipo amatha kudziwa kuti ndi mfundo ziti zomwe zidalowetsedwa komanso njira yanzeru yomwe idagwiritsidwa ntchito, popeza kachidindo kanzeru komweko komanso mawonekedwe ake aukadaulo amapezeka poyera.
Chitetezo pakuwonetsetsa kudalirika kwa node yokha. -
Kuukira kwapambali.
Kuwukira kwapadera komwe kumagwiritsa ntchito kuyang'anira kukumbukira kwa enclave ndi mwayi wofikira pa cache muzochitika zosiyanasiyana. Chitsanzo cha kuukira koteroko ndi Prime ndi Probe.
Kuwukira:- t0: Wowukirayo amadzaza nkhokwe yonse ya wozunzidwayo.
- t1: Wozunzidwayo amalemba ma code okhala ndi zokumbukira zomwe zimadalira chidziwitso cha wozunzidwayo (makiyi a cryptographic). Mzere wa cache umasankhidwa kutengera mtengo wa keybit. Mu chitsanzo mu chithunzi, keybit = 0 ndi adiresi X mu cache line 2. Deta yosungidwa mu X imayikidwa mu cache, kuchotsa deta yomwe inalipo kale.
- t2: Wowukirayo amayang'ana kuti ndi mizere iti yomwe yachotsedwa - mizere yogwiritsidwa ntchito ndi wozunzidwayo. Izi zimachitika poyesa nthawi yofikira. Pobwereza izi pa kiyibodi iliyonse, wowukirayo amapeza kiyi yonse.
Chitetezo cha Attack: Intel SGX ili ndi chitetezo kumayendedwe am'mbali omwe amalepheretsa kuyang'anira zochitika zokhudzana ndi cache, koma kuwukira kwa Prime ndi Probe kudzagwirabe ntchito chifukwa wowukirayo amayang'anira zochitika zomwe adachita ndikugawana cache ndi wozunzidwayo.
Choncho, pakali pano palibe chitetezo chodalirika pa kuukira kumeneku.
Zowukira monga Specter ndi Foreshadow (L1TF), zofanana ndi Prime ndi Probe, zimadziwikanso. Amakulolani kuti muwerenge deta kuchokera ku cache memory kudzera pa njira yachitatu. Chitetezo ku chiopsezo cha Specter-v2 chimaperekedwa, chomwe chimagwira ntchito ziwiri mwazomwezi.
Pokhudzana ndi DECO, kugwirana chanza kwanjira zitatu kumapereka chitsimikizo chachitetezo:
- Prover Integrity: Wotsutsa wobera sanganamizire zomwe zidachokera pa seva ndipo sizingapangitse seva kuvomera zopempha zolakwika kapena kuyankha molakwika pazopempha zovomerezeka. Izi zimachitika kudzera muzopempha pakati pa seva ndi prover.
- Chitsimikizo Chotsimikizika: Chotsimikizira chobedwa sichingapangitse wotsimikizira kuti alandire mayankho olakwika.
- Zazinsinsi: Wotsimikizira wobedwa amangoyang'ana zidziwitso za anthu (pempho, dzina la seva).
Mu DECO, chiwopsezo chokha cha jakisoni wamagalimoto ndizotheka. Choyamba, ndikugwirana chanza kwanjira zitatu, wotsimikizirayo amatha kuzindikira seva pogwiritsa ntchito nonce yatsopano. Komabe, mutatha kugwirana chanza, wotsimikizirayo ayenera kudalira zizindikiro zosanjikiza maukonde (ma adilesi a IP). Chifukwa chake, kulumikizana pakati pa wotsimikizira ndi seva kuyenera kutetezedwa ku jakisoni wamagalimoto. Izi zimatheka pogwiritsa ntchito Proxy.
Kuyerekeza kwa oracles
Town Crier yakhazikitsidwa pakugwira ntchito ndi enclave mu gawo la seva, pomwe DECO imakulolani kutsimikizira zowona za chiyambi cha deta pogwiritsa ntchito njira zitatu ndi kubisa deta ndi makiyi a cryptographic. Kuyerekeza kwa maulalikiwa kunkachitika motsatira ndondomeko zotsatirazi: ntchito, chitetezo, mtengo ndi zothandiza.
Town Crier
DECO
ntchito
Mofulumira (0.6s kuti amalize)
Pang'onopang'ono (10.50s kuti amalize protocol)
chitetezo
Zotetezedwa zochepa
Otetezeka kwambiri
mtengo wa
Zokwera mtengo kwambiri
Kutsika mtengo
kuchita
Pamafunika zida zapadera
Imagwira ndi seva iliyonse yomwe imathandizira TLS
Kachitidwe: Kuti mugwire ntchito ndi DECO, kugwirana chanza katatu kumafunika, pokhazikitsa kudzera pa LAN kumatenga masekondi a 0.37, kuti mugwirizane pambuyo poti kugwirizana kukhazikitsidwe, 2PC-HMAC ndi yothandiza (0,13 s polemba). Kuchita kwa DECO kumadalira ma TLS cipher suites omwe alipo, kukula kwa data yachinsinsi, ndi zovuta za umboni wa ntchito inayake. Kugwiritsa ntchito njira ya binary kuchokera ku IC3 mwachitsanzo: kumaliza protocol kudzera pa LAN kumatenga pafupifupi masekondi 10,50. Poyerekeza, Town Crier imatenga pafupifupi masekondi 0,6 kuti amalize ntchito yofananira, yomwe ili pafupifupi 20 mwachangu kuposa DECO. Zinthu zonse kukhala zofanana, TC idzakhala yachangu.
Chitetezo: Kuukira kwa Intel SGX enclave (kuukira kwa njira) kumagwira ntchito ndipo kungayambitse kuwonongeka kwenikweni kwa omwe atenga nawo mbali pa mgwirizano wanzeru. Pankhani ya DECO, kuwukira kokhudzana ndi jakisoni wamagalimoto ndikotheka, koma kugwiritsa ntchito proxy kumachepetsa kuukira kotere. Chifukwa chake DECO ndiyotetezeka.
mtengo: Mtengo wa zida zomwe zimathandizira Intel SGX ndizokwera kuposa mtengo wokhazikitsa protocol mu DECO. Ndicho chifukwa chake TC ndiyokwera mtengo kwambiri.
ChizoloΕ΅ezi: Kuti mugwire ntchito ndi Town Crier, zida zapadera zomwe zimathandizira TEE zimafunikira. Mwachitsanzo, Intel SGX imathandizidwa pa 6th generation Intel Core processor family and later. DECO imakupatsani mwayi wogwira ntchito ndi zida zilizonse, ngakhale pali mawonekedwe a DECO pogwiritsa ntchito TEE. Malinga ndi dongosolo lokhazikitsira, kugwirana chanza kwa njira zitatu za DECO kungatenge nthawi, koma izi sizili kanthu poyerekeza ndi kuchepa kwa hardware kwa TC, kotero DECO ndiyothandiza kwambiri.
Pomaliza
Kuyang'ana maulalo awiriwa mosiyana ndikufanizira pazifukwa zinayi, zikuwonekeratu kuti Town Crier ndi yotsika kwa DECO pa mfundo zitatu mwa zinayi. DECO ndi yodalirika kwambiri kuchokera kumalo otetezera chidziwitso, otsika mtengo komanso othandiza, ngakhale kukhazikitsa ndondomeko yamagulu atatu kungatenge nthawi ndipo kumakhala ndi zovuta zake, mwachitsanzo, ntchito zowonjezera ndi makiyi obisala. TC ndiyothamanga kuposa DECO, koma zowukira zam'mbali zimachititsa kuti izi zitheke kusungidwa chinsinsi. Ziyenera kuganiziridwa kuti DECO idayambitsidwa mu Januware 2020, ndipo sipanapite nthawi yokwanira kuti ikhale yotetezeka. Town Crier yakhala ikuwukiridwa kwa zaka 4 ndipo yadutsa mayeso ambiri, chifukwa chake kugwiritsidwa ntchito kwake pama projekiti ambiri ndikoyenera.
Source: www.habr.com