Before Starting
Does trusted computing have to be combined with blockchain?
Is privacy protection an artifitial demand?
Is it political right to cling on "decentralization"?
In what ways can we realize Multiple Party Computing (MPC)?
I've been thinking about these questions since 2017.
In discussions with my friends and peers, I found some questions are frequently mentioned and worth to elaborate, and decided to start writing a sery to study on similar projects, comparing their solutions, to try give answers for my friends and myself.
Today, I am introducing a highlight in blockchain field : Ekiden of Oasis Labs.
I. Oasis Labs
Oasis Labs is a smart contract network able to be confidential from computing to storage and application layer. Dawn Song, Founder and CEO of Oasis Labs, famed as "Godmother of Computer Security" by Chinese tech media, is well-known globally in data security and cryptology fields. She completed her Tsing-Hua B.S. at 1996, Carnegie Mellon M.S. at 1999, and UC Berckley Doctor's degree at 2002. Then she started to teach in computer science in CMU, later transferred to UCB.
Decorated as the top-gun and medal harvester by peers and collogues, Professor Song has achieved legendary academic success. She won the MacArthur Fellowship, and enlisted in Innovators Under 35 by MIT Technology Review. During her research in CMU, she supervised the paper which established the Dynamic Taint Analysis in networking or computer security. This literature not only became the most frequently referenced article, but also enlightened the tide of the computer safety development in real world business.
No wonder her team became a pearl in the palm in Silicon Valley. In April 2018, venture capital grapevines leak the news she was building a team and raising funds. On July 9th of the same year, Oasis Labs officially announced they completed an A round fund raising led by a16z, co-invested by Polychain and other 18 capitals.
The mission of Oasis is to build a "cloud computing platform" based on block-chain technology. It would be able to balance privacy, stability and performance. By their technology integrating hardware and software, they made it come true that compute-intensive applications such as AI could be run on blockchains for the first time. Their vision is an organic bond between Ethereum and AWS from Amazon Cloud, breakingthrough scalability paradox and privacy protection issue long-existed on public chains.
Oasis features for 4 characteristics:
- Privacy: fixing transparency problem of public chains via a full-scale all staking privacy protection from the bottom layer to the application layer;
- Safety: ensuring both on-chain security and off-chain security via a hybrid architecture combing TEE technology and blockchain;
- Scalability: largely improving efficiency via a novo architecture deviding computation and consensus execution;
- Flexibility: easily building applictaions with numerous Built-in tools and SDKs;
And Ekiden was their debut.
II. Ekiden
Ekiden is the pronunciation of posthouse relay race in Japanese: 10 people teamed up to finish runnig a half marathon.
Professor Song and other 8 members of Oasis Labs published a 20 paged article in April 2018:
《Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts》, in which they discussed about the bottlenecks, their solutions and challenges of current blockchain technology through 9 chapters.
Before Ekiden, crux of blockchain and TEE was analyzed unfolded as below:
- Deficiencies of TEE:
- Data lost or postpone in TEE caused by host transmission flaw
- Data leakage caused by external attack
- Trusted time source could be falsified
- Proof of publication problem on POW chains
- Key management in TEE
- Atomic delivery of execution results
As Professor Song concluded, Ethereum is inefficient because it put consensus, storage and computation on the same layer, which is also the reason why Ekiden's structure is devided into 4 layers:
- Application Layer
- Computation Layer
- Storage Layer
- Consensus Layer
The decoupling of computation, storage and uniformity is vital to realize high performance and security.
With such a divided structure, Ekiden solves throughput capacity and security problems by combing blockchain with off-line EVM expansion solution. Utilizing hardware-based Trusted Execution Environment (TEE) technology (say, SGX from Intel), Ekiden increases throughput capacity in a safe offchain environment. By increasing data security and throughput capacity to an utmost condition, Ekiden is aimed to build a valuble protocol for fields such as DeFi and health care, on which the features we mentioned are essential for Dapps.
The application layer, namely, the smart contract layer, is designed for shceduling. Builders could schedule contract logics on chain, or use Oasis Labs tamplate contracts, storaging confidential codes in storage layer. In addition, Oasis Labs employed privacy data analysis and deep learning in programming framwork to protect sensitive input in contracts from leak.
The computation layers executes smart contracts on nodes equipped with trusted hardwares. Developers could set a number of nodes to run his or her contracts, instead of using all of the nodes, to improve computation speed.
The storage layer is designed for storage, as the name suggests. While designing, Professor Song uses IPFS as an reference, applying encrypted storage, data cutting and high redundancy to assure data security. This layer focus on the verifying of the fidelity of the data. Dawn had publish other papers for related algorithm.
In Ekiden, it is ensured contents running in contracts are confidential and automatically encrypted with keys only known by related nodes.
Ekiden network is composed by three parts: clients, computing nodes, and consensus nodes.
Clients means users who can create new smart contract or execute existing ones.
Computing node use multiple TEEs to execute smart contracts. Within TEE, the computing node executes protocol requests from clients and generate verifiable proof of validity. Computing nodes also manage keys via key manager which will generate or search keys according to requests.
Consensus nodes maintains status update and validity of decentralized ledgers.
Superiority
Ekiden is backward compatible with the Ethereum network and will support contracts coding on Ethereum with EVM: ERC20 smart contract automatically inherits the protocol guarantee, including the status of the confidential contract and the high performance of offline operations on the compute nodes.
Any Ethereum-based Dapps could apply Ekiden as a capacity expansion solution. It is more convenient for devs to develop on Ekiden for its compatibility with Rust and EVm. That's why Ekiden owns obvious advantages in the amount fo developers and users than other high-throughput blockchains.
In the preliminary tests of Ekiden network, the team reported a 600-fold increase in throughput, 400-fold reduction in latency, and 1000-fold reduction in cost compared to the Ethereum network. Though performance could be diluted when it's serving the whole system, Ekiden will be able to adjust itself to the best by integating the incredible performance mantioned. Initial testing has also proved that Ekiden supports computationally intensive cases, such as costly machine learning applications on Ethereum network.
Its value created by scalability, security, and low-cost transactions could be applied to thousands of uses, which is not yet achievable on Ethereum at this stage. Also, Ekiden's team combines its theory and expertise. When still working at Uber, they found a startup (later acquired by Yahoo and FireEye), designed a few other products which were all successfully adopted in practicle uses.
A Flaw
World-known "Godmother of Computer Security" and her team who have worked in the privacy and security field for decades chose TEE as their solution, for it effectively relieves computation presssure on consensus layer from transaction computing which could be run on computing nodes and storage nodes. It results in increase of scalability as consesus layer focusing on results. "Scalability" is a hot issue facing by all public chains; As for Oasis Labs, though featured by confidentiality using TEE, it seems scalability is the main dish, privacy protection is yet a dessert.
Still, A flaw exists: application value is reduced due to weakened "composability". While emphasizing independent execution of contracts, Ekiden sacrifices mutual calls between contracts, for their confidential contracts can only be performed by local computation.
Take Ethereum as an example (again). In the traditional smart contract chains, each node will sequentially execute all transactions in the block. The consensus protocol ensures that each node could easily cooperate with each other for they share a complete and consistent database.
But in Ekiden, contracts are not allowed to call or access to each other, though it's efficient, secure, and robust.
To step further, Phala uses blockchain as the consensus layer for confidential contracts calls, making composability possible and realizing security shared by all nodes.
It is very similar to relay chain and parallel chain desigend by Polkadot. Data synchronization, state sequence, and communication protocols could be new challenges, on which we've been discussing with Parity team. A mature plan is about to be borned and we will share it in the near future:)
To Concluede
Oasis Labs claims to be the next in blockchain. Indeed, compared with Ethereum, its advatage is obvious -- say, supporting ERC-20 protocol -- but developers could use languages compatible with Rust and EVM to write on Ethereum.
Challenges does not exist only in development and theories. It's said their efforts on community building and product promotion are not enough to be known by the public to whom Oasis is only a name within investing news and academic papers. Fortunately, those problems could be fixed soon once they realized.
Another issue we need to concern is, perfect protocols can be built on paper, but it would be another story when it comes to business and commercialization, which should be awared and prepared by both developers and clients.
Top comments (0)