Namhlanje, amavila kuphela angazange abhale ngeteknoloji ye-blockchain, i-cryptocurrencies kunye nendlela epholile ngayo. Kodwa eli nqaku aliyi kuncoma le teknoloji, siza kuthetha ngeentsilelo zayo kunye neendlela zokuphelisa.
Ngelixa usebenza kwenye yeeprojekthi kwiiNkqubo ze-Altirix, umsebenzi wavela ngokukhuselekileyo, ukuqinisekiswa kwe-censorship-resistant yedatha evela kumthombo wangaphandle kwi-blockchain. Kwakuyimfuneko ukuqinisekisa utshintsho kwiirekhodi zenkqubo yesithathu kwaye, ngokusekelwe kolu tshintsho, yenze enye okanye enye isebe kwi-smart contract logic. Umsebenzi ekuboneni kuqala uncinci, kodwa xa imeko yezemali yomnye wamaqela athatha inxaxheba kwinkqubo ixhomekeke kwisiphumo sokuphunyezwa kwayo, iimfuno ezongezelelweyo ziyavela. Okokuqala, oku kukuthembela okupheleleyo kwindlela yokuqinisekisa. Kodwa izinto zokuqala kuqala.
Ingxaki kukuba i-blockchain ngokwayo yinto ezimeleyo, evaliweyo, ngoko ke iikontraki ezihlakaniphile ngaphakathi kwebhloko azazi nto malunga nehlabathi langaphandle. Ngexesha elifanayo, imimiselo yeekontrakthi ezihlakaniphile zihlala zihambelana nolwazi malunga nezinto zangempela (ukulibaziseka kwendiza, amazinga otshintshiselwano, njl.). Ukuze izivumelwano ezihlakaniphile zisebenze ngokufanelekileyo, ulwazi olufunyenwe ngaphandle kwe-blockchain kufuneka luthembeke kwaye luqinisekiswe. Le ngxaki isonjululwa ngokusebenzisa izihlabo ezifana ne-Town Crier kunye ne-DECO. La ma-oracles avumela inkontileka ehlakaniphile kwinethiwekhi ye-blockchain ukuthemba ulwazi oluvela kumncedisi wewebhu othembekileyo sinokuthi aba baboneleli bolwazi oluthembekileyo.
IziBhalo
Khawufane ucinge ukuba ikhontrakthi ehlakaniphile idlulisela i-0.001 btc kwi-wallet yakho ye-bitcoin ukuba iklabhu yakho yebhola ekhatywayo oyithandayo iphumelele iNdebe yaseRashiya. Kwimeko yoloyiso lokwenene, ikhontrakthi ehlakaniphile idinga ukudlulisa ulwazi malunga nokuba yeyiphi iklabhu ephumeleleyo, kwaye kukho iingxaki ezininzi apha: apho unokufumana khona olu lwazi, indlela yokudlulisela ngokukhuselekileyo kwinkontileka ehlakaniphile kunye nendlela yokuqinisekisa ukuba ulwazi. efunyenwe kwikhontrakthi ehlakaniphile iyasebenza ngokwenene ihambelana nenyani?
Xa kuziwa kumthombo wolwazi, kunokubakho iimeko ezi-2: ukudibanisa inkontileka ehlakaniphile kwiwebhusayithi ethembekileyo apho ulwazi malunga neziphumo zomdlalo lugcinwe kwindawo ephakathi, kwaye ukhetho lwesibini kukudibanisa iisayithi ezininzi ngexesha elinye kwaye ukhethe ulwazi kwimithombo emininzi. ezibonelela ngedatha efanayo. Ukuze kuqinisekiswe ukuchaneka kolwazi, ii-oracles zisetyenziswa, umzekelo i-Oraclize, esebenzisa i-TLSNotary (TLS Notary Modification to Prove the Authenticity of Data). Kodwa kukho ulwazi olwaneleyo kuGoogle malunga ne-Oraclize, kwaye kukho amanqaku amaninzi kwi-Habré Namhlanje ndiza kuthetha ngee-oracles ezisebenzisa indlela eyahlukileyo yokuhambisa ulwazi: I-Crier yeDolophu kunye ne-DECO. Eli nqaku linika inkcazo yemigaqo yokusebenza ye-oracles zombini, kunye nothelekiso olucacileyo.
Town Crier
I-Town Crier (TC) yaziswa yi-IC3 (Inyathelo le-CryptoCurrencies kunye neeKhontrakthi) ngo-2016 kwi-CCS'16. Ingcamango ephambili ye-TC: ukudlulisa ulwazi kwiwebhusayithi ukuya kwikhontrakthi ehlakaniphile kwaye uqinisekise ukuba ulwazi olunikezelwa yi-TC lufana newebhusayithi. I-TC isebenzisa i-TEE (i-Trusted Execution Environment) ukuze iqinisekise ubunini bedatha. Inguqulelo yokuqala ye-TC ichaza indlela yokusebenza ne-Intel SGX.
I-Crier yeDolophu iqulethe inxalenye ngaphakathi kwebhloko kunye nenxalenye ngaphakathi kwe-OS ngokwayo - i-TC Server.
Ikhontrakthi ye-TC ikwi-blockchain kwaye isebenza njengesiphelo sangaphambili se-TC. Yamkela izicelo ezivela kwi-CU (inkontileka yomsebenzisi ehlakaniphile) kwaye ibuyisela impendulo evela kwi-TC Server. Ngaphakathi kwi-Server ye-TC kukho i-Relay, ebeka uxhulumaniso phakathi kwe-enclave kunye ne-intanethi (i-traffic traffic) kwaye idibanisa i-enclave kunye ne-blockchain. I-Enclave iqulethe i-progencl, eyikhowudi eyenza izicelo kwi-blockchain kwaye ibuyisela imiyalezo kwi-blockchain kunye nesignesha yedijithali, i-progencl iqulethe inxalenye yekhowudi yekhontrakthi ehlakaniphile kwaye ngokubalulekileyo yenza eminye yemisebenzi yayo.
I-Intel SGX enclave inokucingelwa njengelayibrari ekwabelwana ngayo kunye ne-API eqhuba nge-ecall. I-Ecall idlulisela ulawulo kwi-enclave. I-enclave iphumeza ikhowudi yayo ide iphume okanye de kwenzeke okuchaseneyo. i-ocall isetyenziselwa ukubiza imisebenzi echazwe ngaphandle kwe-enclave. I-Ocall ibulawa ngaphandle kwe-enclave kwaye iphathwa njengefowuni engathembekanga yiyo. Emva kokuba i-ocall yenziwe, ulawulo lubuyiselwa kwi-enclave.
Kwinxalenye ye-Enclave, itshaneli ekhuselekileyo iqwalaselwe kunye nomncedisi wewebhu, i-enclave ngokwayo yenza i-TLS yokuxhawulana kunye nomncedisi ojoliswe kuyo kwaye yenza yonke imisebenzi ye-cryptographic ngaphakathi. Ithala leencwadi le-TLS (i-mbedTLS) kunye nekhowudi ye-HTTP encitshisiweyo ithunyelwe kumazwe angaphandle kwindawo ye-SGX. Kwakhona, i-Enclave iqulethe ingcambu yezatifikethi ze-CA (ingqokelela yezatifikethi) zokuqinisekisa izatifikethi zeeseva ezikude. Isicelo se-Handler samkela isicelo se-datagram kwifomathi enikezelwe ngu-Ethereum, uyikhuphe kwaye uyicazulule. Emva koko ivelisa i-Ethereum transaction equkethe i-datagram eceliwe, isayine kunye ne-skTC kwaye iyithumele kwi-Relay.
Inxalenye ye-Relay ibandakanya i-Client Interface, i-TCP, i-Blockchain Interface. I-Client Interface iyafuneka ukuqinisekisa ikhowudi enclave kunye nokunxibelelana nomxhasi. Umxhasi uthumela isicelo sobungqina esebenzisa i-ecall kwaye ufumana isitampu sexesha esisayinwe yi-skTC kunye ne-att (isiginitsha yobungqina), emva koko i-att iqinisekiswa kusetyenziswa i-Intel Attestation Service (IAS), kwaye isitampu sexesha siqinisekiswa yinkonzo yexesha elithembekileyo. I-Blockchain Interface iqinisekisa izicelo ezingenayo kunye neendawo zokuthengiselana kwi-blockchain yokuhanjiswa kweedathagram. I-Geth ngumthengi osemthethweni we-Ethereum kwaye ivumela i-Relay ukusebenzisana ne-blockchain ngeefowuni ze-RPC.
Ukusebenzisana ne-TEE, i-TC ikuvumela ukuba uqhube ii-enclaves ezininzi ngokuhambelanayo, ngaloo ndlela ukwandisa isantya sokulungiswa kolwazi ngamaxesha angama-3. Ukuba kunye ne-enclave esebenzayo isantya sasiyi-15 tx / sec, ngoko nge-20 parallel running enclaves ukunyuka kwesantya ukuya kwi-65 tx / sec;
Deco
I-DECO (i-Decentralized Oracles ye-TLS) yaboniswa e-CCS'20, isebenza neziza ezixhasa uqhagamshelwano lwe-TLS. Uqinisekisa ubumfihlo bedatha kunye nokuthembeka.
I-DECO ene-TLS isebenzisa i-symmetric encryption, ngoko umxhasi kunye nomncedisi wewebhu banezitshixo ze-encryption, kwaye umxhasi unokukhohlisa idatha yeseshoni ye-TLS ukuba ufuna. Ukusombulula le ngxaki, i-DECO isebenzisa i-protocol ye-handshake yeendlela ezintathu phakathi kweprover (inkontileka ye-smart), i-verifier (i-oracle) kunye ne-web-server (umthombo wedatha).
Indlela i-DECO esebenza ngayo kukuba umqinisekisi ufumana iqhekeza ledatha D kwaye uqinisekisa kumqinisekisi ukuba i-D ivela kwi-TLS iseva S. Enye ingxaki kukuba i-TLS ayisayini idatha kwaye kunzima kumxhasi we-TLS ukubonisa ukuba idatha ifunyenwe kumncedisi ochanekileyo (ubunzima beprovenance).
Iprotokholi ye-DECO isebenzisa amaqhosha okubethela i-KEnc kunye ne-KMac. Umthengi uthumela isicelo u-Q ku iseva yewebhuImpendulo evela kwiseva u-R ifika ibhalwe ngekhowudi, kodwa umthengi kunye neseva babelana nge-KMac efanayo, kwaye umthengi angaguqula umyalezo we-TLS. Isisombululo se-DECO "kukufihla" i-KMac kwiklayenti (i-prover) ide iphendule kwisicelo. Ngoku i-KMac yahlulwe phakathi kwe-prover kunye ne-verifier—i-KpMac kunye ne-KvMac. Iseva ifumana i-KMac ukuze ibhale ngekhowudi impendulo isebenzisa umsebenzi wokwahlulahlula izitshixo KpMac ⊕ KvMac = KMac.
Ngokumisela i-handshake yeendlela ezintathu, ukutshintshiselana kwedatha phakathi komxhasi kunye nomncedisi kuya kuqhutywa ngesiqinisekiso sokhuseleko.
Xa uthetha ngenkqubo ye-oracle ye-decentralized, umntu akanako ukusilela ukukhankanya i-Chainlink, ejolise ekudaleni inethiwekhi ye-oracle ye-oracle ehambelana ne-Ethereum, i-Bitcoin kunye ne-Hyperledger, ngokuqwalasela i-modularity: yonke inxalenye yenkqubo inokuhlaziywa. Ngexesha elifanayo, ukuqinisekisa ukhuseleko, i-Chainlink inikezela nge-oracle nganye ethatha inxaxheba kumsebenzi wokukhupha udibaniso lwezitshixo (kuluntu kunye nabucala). Iqhosha labucala lisetyenziselwa ukwenza utyikityo olungaphelelanga oluqulathe isigqibo sabo kwisicelo sedatha. Ukufumana impendulo, kuyimfuneko ukudibanisa zonke iisignesha ezingaphelelanga zee-oracle zenethiwekhi.
I-Chainlink iceba ukuqhuba i-PoC DECO yokuqala ngokugxila kwizicelo zezemali ezinatyisiweyo ezifana neMixube. Ngexesha lokubhalwa, iindaba zaphuma kwiForbes ukuba uChainlink wafumana iDECO kwiYunivesithi yaseCornell.
Ukuhlaselwa kwizihlabo
Ngokwembono yokhuseleko lolwazi, olu hlaselo lulandelayo kwiTown Crier luqwalaselwe:
Isitofu sekhowudi yoqhagamshelwano ekhohlakeleyo kwiindawo zeTEE.
Ingundoqo yokuhlaselwa: ukuhambisa ikhowudi yekhontrakthi engalunganga ngamabomu kwi-TEE, ngoko ke, umhlaseli oye wafumana ukufikelela kwi-node uya kukwazi ukwenza isivumelwano sakhe (sobuqhetseba) kwi-data efihliweyo. Nangona kunjalo, amaxabiso embuyekezo aya kuguqulelwa ngokuntsonkothileyo ngesitshixo sabucala, kwaye ekuphela kwendlela yokufikelela kwidatha enjalo kukuvuza i-ciphertext ekubuyiseni/kwisiphumo.
Ukukhuselwa kolu hlaselo kubandakanya i-enclave ejonga ukuchaneka kwekhowudi ebekwe kwidilesi yangoku. Oku kunokufezekiswa kusetyenziswa iskimu sokuthumela idilesi apho idilesi yekhontrakthi imiselwa ngokurhashaza ikhowudi yekhontrakthi.Imeko yekhontrakthi i-ciphertext itshintsha ukuvuza.
Undoqo wohlaselo: Abanini beendawo ekuphunyezwa kuzo iikhontrakthi ezikrelekrele banokufikelela kwimo yekhontrakthi ngendlela efihliweyo ngaphandle kwendawo ebiyelweyo. Umhlaseli, emva kokuba efumene ulawulo lwe-node, unokuthelekisa imeko yoqhagamshelwano ngaphambi nangemva kokuthengiselana kwaye unokugqiba ukuba zeziphi iingxabano ezifakwe kunye nendlela yekhontrakthi ehlakaniphile esetyenzisiweyo, ekubeni ikhowudi yekhontrakthi ehlakaniphile ngokwayo kunye neenkcukacha zayo zobugcisa zifumaneka esidlangalaleni.
Ukukhuselwa ekuqinisekiseni ukuthembeka kwe-node ngokwayo.Uhlaselo lwesitishi esisecaleni.
Uhlobo olukhethekileyo lohlaselo olusebenzisa ukubeka iliso kwimemori enclave kunye nokufikelela kwi-cache kwiimeko ezahlukeneyo. Umzekelo wohlaselo olunjalo yiNkulumbuso kunye neProbe.
Umyalelo wohlaselo:- t0: Umhlaseli ugcwalisa yonke i-cache yedatha yenkqubo yexhoba.
- t1: Ixhoba liphumeza ikhowudi ngokufikelela kwimemori exhomekeke kwidatha ebuthathaka yexhoba (izitshixo ze-cryptographic). Umgca we-cache ukhethwa ngokusekelwe kwixabiso lebitbit. Kumzekelo kumfanekiso, i-keybit = 0 kunye nedilesi X kumgca we-cache 2 ifundwe idatha egcinwe kwi-X ilayishwe kwi-cache, isusa idatha eyayikho ngaphambili.
- t2: Umhlaseli uhlola ukuba yeyiphi imigca ye-cache yakhe ekhutshiweyo-imigca esetyenziswa lixhoba. Oku kwenziwa ngokulinganisa ixesha lofikelelo. Ngokuphinda lo msebenzi kwi-keybit nganye, umhlaseli ufumana isitshixo sonke.
Ukukhuselwa kohlaselo: I-Intel SGX inokukhusela ekuhlaselweni kwe-channel-channel evimbela ukujongwa kweziganeko ezinxulumene ne-cache, kodwa uhlaselo lwe-Prime kunye neProbe luya kusebenza kuba umhlaseli ubeka iliso kwi-cache yenkqubo yakhe kwaye wabelane nge-cache kunye nexhoba.
Ngaloo ndlela, okwangoku akukho khuselo oluthembekileyo malunga nolu hlaselo.
Uhlaselo olunje ngeSpecter kunye neForeshadow (L1TF), efana nePrime kunye neProbe, nayo iyaziwa. Bakuvumela ukuba ufunde idatha kwimemori ye-cache ngokusebenzisa itshaneli yomntu wesithathu. Ukukhuselwa kwi-Specter-v2 semngciphekweni kunikezelwe, okusebenza ngokuchasene nolu hlaselo.
Ngokuphathelele kwi-DECO, ukuxhawula izandla ngeendlela ezintathu kunika isiqinisekiso sokhuseleko:
- Iprover Integrity: Iprover egqekeziweyo ayinakuxoka imvelaphi yolwazi kwaye ayinakubangela umncedisi ukuba amkele izicelo ezingasebenziyo okanye aphendule ngokungalunganga kwizicelo ezisebenzayo. Oku kwenziwa ngeepateni zesicelo phakathi komncedisi kunye neprover.
- Umqinisekisi weMfezeko: Isiqinisekisi esigqekeziweyo asinakubangela ukuba iprover ifumane iimpendulo ezingachanekanga.
- Ubungasese: Umqinisekisi ogqekeziweyo uhlola ulwazi lukawonke-wonke kuphela (isicelo, igama leseva).
Kwi-DECO, kuphela ubuthathaka bokungena kwethrafikhi obunokwenzeka. Ekuqaleni, ngexesha lokuxhawulana ngeendlela ezintathu, umqinisekisi unokumisela ubuwena beseva esebenzisa i-nonce entsha. Nangona kunjalo, emva kokuxhawulana, umqinisekisi kufuneka axhomekeke kwizalathisi zenethiwekhi (Iidilesi ze-IP). Ke ngoko, unxibelelwano phakathi komqinisekisi kunye neseva kufuneka lukhuselwe ekungeneni kwethrafikhi. Oku kufezekiswa ngokusebenzisa iproksi.
Ukuthelekiswa kwezihlabo
I-Town Crier isekelwe ekusebenzeni kunye ne-enclave kwinxalenye yomncedisi, ngelixa i-DECO ikuvumela ukuba uqinisekise ubunyani bemvelaphi yedatha usebenzisa i-handshake yeendlela ezintathu kunye ne-encryption yedatha kunye nezitshixo ze-cryptographic. Ukuthelekiswa kwala ma-oracles kwenziwa ngokwemiqathango elandelayo: ukusebenza, ukhuseleko, iindleko kunye nokusebenza.
Town Crier
Deco
ukusebenza
Ngokukhawuleza (0.6s ukugqiba)
Kancinci (10.50s ukugqiba iprotocol)
ukhuseleko
Ukhuseleko oluncinci
Ikhuseleke ngakumbi
iindleko
Ebiza kakhulu
Ixabiso eliphantsi
ukusebenza
Ifuna i-hardware ekhethekileyo
Isebenza nayo nayiphi na iseva exhasa i-TLS
Intsebenzo: Ukuze usebenze kunye ne-DECO, i-handshake yeendlela ezintathu iyadingeka, xa kusekwa nge-LAN kuthatha imizuzwana ye-0.37, ukusebenzisana emva kokuba uxhulumaniso lusekwe, i-2PC-HMAC iyasebenza (0,13 s ngokubhala). Ukusebenza kwe-DECO kuxhomekeke kwii-TLS ze-cipher suites ezikhoyo, ubungakanani bedatha yangasese, kunye nobunzima bobungqina besicelo esithile. Ukusebenzisa i-binary option isicelo esivela kwi-IC3 njengomzekelo: ukugqiba iprotocol nge-LAN kuthatha malunga nemizuzwana eyi-10,50. Ngokuthelekisa, iTown Crier ithatha malunga nemizuzwana eyi-0,6 ukugqiba isicelo esifanayo, esiphantse sibe ngama-20 ngokukhawuleza kune-DECO. Zonke izinto zilingana, i-TC iya kukhawuleza.
Khu seleko: Ukuhlaselwa kwe-Intel SGX enclave (ukuhlaselwa kwe-channel-channel) kusebenza kwaye kunokubangela umonakalo wangempela kubathathi-nxaxheba bekhontrakthi ehlakaniphile. Ngokumalunga ne-DECO, uhlaselo olunxulumene nenaliti yezithuthi lunokwenzeka, kodwa ukusetyenziswa kommeleli kunciphisa uhlaselo olunjalo. Ke ngoko i-DECO ikhuselekile.
iindleko: Iindleko zezixhobo ezixhasa i-Intel SGX ziphezulu kuneendleko zokumisela iprotocol kwi-DECO. Yiyo loo nto i-TC ibiza kakhulu.
Ukuziphatha: Ukusebenza neTown Crier, izixhobo ezikhethekileyo ezixhasa iTEE ziyafuneka. Umzekelo, i-Intel SGX ixhaswa kwisizukulwana se-6 sentsapho ye-Intel Core processor kwaye kamva. I-DECO ikuvumela ukuba usebenze nazo naziphi na izixhobo, nangona kukho i-DECO setting usebenzisa i-TEE. Ngokwenkqubo yokuseta, ukuxhawula kwe-DECO ngeendlela ezintathu kunokuthatha ixesha, kodwa oku akukho nto xa kuthelekiswa nokunciphisa i-hardware ye-TC, ngoko ke i-DECO iyasebenza ngakumbi.
isiphelo
Xa kujongwa ezi zihlabo zimbini ngokwahlukeneyo kwaye uzithelekisa kwiikhrayitheriya ezine, kuyacaca ukuba iTown Crier ingaphantsi kweDECO kumanqaku amathathu kwamane. I-DECO inokwethenjelwa ngakumbi kwimbono yokhuseleko lolwazi, ingabizi kwaye isebenziseka ngakumbi, nangona ukuseta iprotocol yamaqela amathathu kunokuthatha ixesha kwaye kunento engalunganga, umzekelo, imisebenzi eyongezelelweyo enezitshixo zokubethela. I-TC ikhawuleza kune-DECO, kodwa ubuthathaka bohlaselo lwetshaneli esecaleni buyenza ibe sesichengeni sokuphulukana nobumfihlo. Kufuneka kuthathelwe ingqalelo ukuba i-DECO yaqaliswa ngoJanuwari 2020, kwaye akukabikho xesha laneleyo lokuyijonga njengekhuselekile. I-Crier yeDolophu ihlaselwe iminyaka emi-4 kwaye idlule kwiimvavanyo ezininzi, ngoko ke ukusetyenziswa kwayo kwiiprojekthi ezininzi kufanelekile.
umthombo: www.habr.com
