基于消逝时间量的共识机制(POET)
来自于Intel project:Hyperledger Sawtooth,目前版本 PoET 1.0
PoET 其实是属于Nakamoto consenus的一种,利用“可信执行环境”来提高当前解决方案(如工作证明)的效率。发布到Hyperledger的PoET的初始参考实现是为抽象TEE编写的,以使其对任何TEE实现都保持灵活性。
PoET stochastically elects individual peers to execute requests at a given target rate. Individual peers sample an exponentially distributed random variable and wait for an amount of time dictated by the sample. The peer with the smallest sample wins the election.
For the purpose of achieving distributed consensus efficiently, a good lottery function has several characteristics:
- Fairness: The function should distribute leader election across the broadest possible population of participants.
- Investment: The cost of controlling the leader election process should be proportional to the value gained from it.
- Verification: It should be relatively simple for all participants to verify that the leader was legitimately selected.
现使用SGX技术构建TEE,using new secure CPU instructions which are becoming widely available in consumer and enterprise processors(现在Intel自家的cpu都支持了SGX)。PoET uses these features to ensure the safety and randomness of the leader election process without requiring the costly investment of power and specialized hardware inherent in most “proof” algorithms. (这也是其卖点,具有proof-based算法的高可扩展性,同时也具有低消耗,较高性能)
它基于如下方式运行:
- Every validator requests a wait time from an enclave (a trusted function).
- The validator with the shortest wait time for a particular transaction block is elected the leader.
- One function, such as “CreateTimer”, creates a timer for a transaction block that is guaranteed to have been created by the enclave.
- Another function, such as “CheckTimer”, verifies that the timer was created by the enclave. If the timer has expired, this function creates an attestation that can be used to verify that validator did wait the allotted time before claiming the leadership role.
The PoET leader election algorithm meets the criteria for a good lottery algorithm. 分布类似于其他彩票算法提供的分配。选举的概率与所贡献的资源成比例(在这种情况下,资源是具有可信执行环境的通用处理器)。An attestation of execution provides information for verifying that the certificate was created within the enclave (and that the validator waited the allotted time). Further, the low cost of participation increases the likelihood that the population of validators will be large, increasing the robustness of the consensus algorithm.
----------------------------------------------------
enclave:其实是SGX中的术语,A protected area in an application’s address space which provides confidentiality and integrity even in the presence of privileged malware.
PPK, PSK:PoET ECC public and private key created by the PoET enclave.
关键的函数:
这里有三种情况:如果当前SGX安全时间比waitTimer中的时间要小,那么还没有到时间;如果比这个时间加Twt要大,那么该waiTimer失效了,过期(所以只能在Twt时间内处理);如果在区间内,则生成认证,并且置全局变量
WaitTimer activeWT 为NULL,该变量标识是否有可用的waitTimer对象
阶段:Sign-up Phase(包括client side 和 server side):A validator has to wait for block to be published on the distributed ledger before participating in an election.
阶段:Election Phase:
客户端开启,从disk中调取密封的数据解密封,然后调用createWaitTimer函数,等待函数产生的duration时间,到了后及时调用creatWaitCertification函数,产生waitCertificate,将(waitCertificate, signature, block, OPK, PPK) 广播出去。其它的server验证这些tuples,最后从所有合法的waitcertificate中找最小的duration为选举成功者。
(验证的过程中,好几点没看懂??还有,验证enclave产生的证书时,是在验证者的enclave中验证,还是在外部验证?)
安全考虑:设置Twt的目的是强制执行此约束以避免在一段时间内没有事务构建块的情况下,几个验证程序在等待WaitTimers的持续时间后可能会保留,并且只有在有足够的事务可用时才生成WaitCertificate。在这一点上,他们都会发出他们的WaitCertificates,产生大量流量并可能导致分叉。超时缓解了这个问题。
关于 Multi-user or Multi-ledger SGX Enclave Service:通过将用户名和分类帐输入参数设置为generateSignUpData()和unsealSignUpData(),可以为多个用户或分类帐使用相同的包围区。 然后将注册元组(用户名,分类帐,PPK,PSK,MCID)密封到磁盘,用户名和分类帐用于生成文件名。 只要用户对服务进行身份验证,后者就可以将安全区解封,并使用与该用户(和分类帐)对应的文件中的注册元组。
参考:https://sawtooth.hyperledger.org/docs/core/releases/latest/architecture/poet.html#introduction