Uploaded image for project: 'Fabric'
  1. Fabric
  2. FAB-9504

Support for secure chaincode execution using Intel SGX



    • Unset
    • Unset
    • Unset


      Many applications of blockchains require data confidentiality. In
      particular, financial transactions, voting on the blockchain, sealed-bid
      auctions, and many more applications come with strong requirements in
      terms of privacy and correctness. A voting system, for instance, must
      protect the confidentiality of every vote cast and must provide means to
      verify that every submitted vote has been considered in the final voting
      result. The latter can be achieved by using blockchain technologies,
      where every vote is a transaction stored on the ledger. However,
      maintaining confidentiality in an open and verifiable blockchain is a
      difficult problem (also in a permissioned, consortium blockchain). For
      example, an application for voting running on Fabric would be implemented
      by a chaincode that receives encrypted votes, records them, and decrypts
      them later, in order to compute the final voting result and take further
      actions. This system would need to keep the decryption key for the
      encrypted votes secret, since the chaincode is executed by all endorsing
      peers. Or it would need to trust all endorsers, which reduces the
      benefits of the blockchain model.

      The design should work with only one Fabric channel. Apart from using
      advanced cryptographic protocols, such as Zero-knowledge Proofs or Secure
      Multiparty Computation, no solution is available for this within Fabric
      today. In other words, maintaining confidentiality of secrets manipulated
      by a chaincode requires trust in the endorsing peers. Thus, a single
      corrupted endorsing peer may violate the confidentiality of the

      To overcome this issue trusted execution environments such as Intel SGX
      have been proposed. This document starts the design for adding support
      to securely execute chaincode using Intel SGX in Fabric. With Intel SGX,
      a peer executes chaincode in a trusted execution environment, also called
      an enclave. SGX enforces confidentiality and integrity of the chaincode
      even when the peer system is misbehaving. In order words, using SGX, a
      voting chaincode may evaluate the voting results without revealing the
      encrypted votes to the executing peer.

      However, simply running "the chaincode" in an enclave is not enough, as
      steps for ensuring consistency between the execution and the ledger state
      and for verification of the outputs by the clients are needed.

      The design document describing the model:

      A detailed design and a research prototype for this function are described in a paper released on arxiv in May 2018:  https://arxiv.org/abs/1805.08541

      Comments should be discussed here.

      The prototype code is available as a Hyperledger labs.




            bur Marcus Brandenburger
            bur Marcus Brandenburger
            2 Vote for this issue
            17 Start watching this issue