<
Solution
-
Decoupling and Dispatch
Instead of using redundant computation and global consensus mechanism, TEEX adopts TEE-based verifiable execution to guarantee the integrity and irreversibility of execution. And it completely decouples the execution from the consensus layer and introduces the dispatcher to dispatch computing tasks to workers, which means workers could contribute computing power to different tasks without redundant computation. As a result, the more workers in, the higher the throughput TEEX network can achieve.
-
TEE-based Privacy Protection
TEEX delegates the execution down to offchain Trusted Execution Environments(TEE)(e.g. Intel SGX) which can guarantee the confidentiality of data and execution flow inside it by hardware. Besides, TEE ensures that behaviors inside hardware enclaves can be attested remotely and allows building secure channel with remote enclaves. In TEEX, each worker must have a TEE-enabled computer before he/she can join the network. Then users (including service providers and service users) can authenticate the workers and send their sensitive data to them or get output from them securely.
-
Native Execution Environment
TEEX provides the off-chain execution environment which can achieve near-native performance without any runtime overhead. As mentioned above, we completely decoupled execution from the on-chain settlement, so the execution can be finished immediately without waiting for the confirmation time of the blockchain. Furthermore, we support establishing distributed computation groups among workers to provide higher performance than a single node. Besides, we provide general TEE-based development tools and near-native execution environment with complete user libraries. Users can develop programs with C/C++ and run them inside enclave easily just like in a native Linux.
-
Software/Hardware Co-design
On the basis of TEE, we use cryptography to realize the verifiability of data and control flow inside the enclave and guarantee the integrity of execution. In the TEEX network, sensitive data can only be decrypted inside enclaves, and the keys are stored in TEE-DS (TEEDistributed Storage) to preserve the privacy. For the current attacks to TEE such as side-channel attacks, we have adopted some software methods to enhance the security of hardware enclave. We also split a key into several parts and store each part in a different machine to mitigate the effects of broken nodes.
Architecture
-
Application
Application, including applications like user client, executor, dispatcher, and wallet etc, provides interfaces for end users. The applications are based on the TEEX SDK which handles complex protocols with TEEX network, blockchain or underlying TEE.
-
TEEX Network
TEEX Network consists of a large number of workers and dispatchers. Workers are running inside TEEs and responsible for the execution and maintenance of private contracts. Dispatchers receive tasks from users and dispatch the tasks to workers. And there is a TEE-based distributed storage(TEE-DS) which is used to store sensitive data (e.g., private keys of service).
-
Public Network
Public Network includes public blockchain which is mainly referred to public smart contract systems like Ethereum. The public chain is used for achieving global consensus and settlement. Since storage on Ethereum is resourceconsuming, we leverage public storage system (e.g., IPFS) to store some necessary data such as the state of contracts
Related work
| TEE approach | Privacy | Native performance |
Side-channel attack resistance |
Mutually-untrusted isolation |
Low transaction cost |
|
| Traditional Computing-power Sharing Blockchain Systems |
N.A. |  |
||||
| Other TEE+Blockchain Systems |
Intel SGX | |
|
|
||
| TEEX | Intel/AMD/ARM | |
|
|
|
|
