点击蓝字关注我们
英特尔SGX和区块链
iExec端到端解决方案
iExec很荣幸地宣布即将推出首个集成英特尔SGX的端到端解决方案,用于分布式计算的安全技术应用。在2018年10月30日布拉格Devcon4会议上,iExec和英特尔将宣布重大合作新闻。
张磊,iExec安全总监介绍了英特尔SGXEnclave技术,以及如何保证参与区块链网络的用户和应用的安全问题,特别是基于区块链的分布式云技术方面。
敬请关注!
正文相关链接
IntelSGX:https://software.intel.com/en-us/sgx
Thechallenge:Howcanweguaranteesecurityondecentralizedanddistributednetworks?
Blockchain-basedapplicationsandcomputingarenotownedorcontrolledbyonespecificentitybutratherpoweredbyadistributednetworkofmultiplemachinesor‘nodes’.Thedistributednatureofdecentralizedcloudcomputingnetworkspresentachallengetoguaranteesecurityasanyrootprivilegeusermayeasilyinspectthesensitivedataandtamperwiththeapplicationrunningonthedecentralizedhost.Fortraditionalcentralizedcloudcomputingproviders,itiseasiertoemployexistingsecuritymechanismsprotecttheinvolvedapplication.
Fordecentralizedblockchain-basedclouds,asilicon-basedsecuritysolution,called‘IntelSGX’,istheonlyefficientsolutiontoprotectusersandapplicationsinvolvedinBlockchain-baseddecentralizedcomputing.
IntelSGX(IntelSoftwareGuardExtensions),isasetofCPUinstructioncodesthatenabletheexecutionofselectpiecescodeanddatainprotectedareascalledenclaves.Basically,whileyouhaveanapplicationrunningonahostmachine,SGXenclavesessentiallyactasabubble,isolatingandprotectingtheapplicationfromthehostmachine,inthisway,eventherootprivilegeadministratorofthehostmachineisnotabletopenetratethisbubbletoaccessandtamperwiththeapplication.
英特尔、戴尔和英国政府将在元宇宙中测试聚变能源系统:金色财经报道,英国原子能管理局、英特尔、戴尔和剑桥大学将在虚拟宇宙中测试开发聚变能源生产系统。他们将使用具有先进预测能力的超级计算机和人工智能技术来创建 STEP(用于能源生产的球形托卡马克)设计的数字孪生。然后,科学家和工程师将创建该设计的工业虚拟宇宙。
两家公司表示,他们将利用超级计算机和具有先进预测能力的人工智能技术,在沉浸式互联虚拟环境中创建稳健的设计,以在工业虚拟世界中复制设计。[2023/7/2 22:13:09]
AnintroductiontoIntelSGXEnclaves-iExecSecurityR&D,LeiZhang
“WhatmakesIntelSGXcompellingisthatitprovidesahardwaretrustedexecutionenvironment(TEE),allowingbetterprotectionsfordatain-use,at-restandin-transit,built-inCPUinstructionsandplatformenhancementsprovidecryptographicassertionsforthecodethatispermittedtoaccessthedata.Ifthecodeisalteredortampered,thenaccessisdeniedandtheenvironmentdisabled.”
—RickEchevarria,VicepresidentofIntel’sSoftwareandServicesGroup.
1.TheiExecE2ESGXsolution
iExecispioneeringthebuildingofablockchain-enableddecentralizedanddistributedcloudnetwork.Theyhavenowprovidedthefirsteverfullandend-to-endsolutionintegratingSGXfortheblockchain-basedcloud.SomeofourinitialworkwithintelSGXcanbereadinthisblogpostandiscoveredinthisvideopresentation.iExecpresentedthefirstphaseofworkonSGXinMarch2018attheIBMThinkConferenceinLasVegasandco-presentedalongsideIntelinMay2018atConsensusinNewYork..Thisfirstphasefocusedontheprotectionofthesecretsbuiltindecentralizedapplications:althoughtheapplicationsrunsondecentralizednodes,theinvolvedsensitivedatacannotbeinspectedoralteredwithbymaliciousattackersonthenetwork.Howeverthefirststageofworkwasbasedonsomesophisticated(raw)frameworksandthefunctionalityofthesolutionwaslimitedtoonlyprotectnativesecretsoftheapplication,furthermorethesolutioncouldbecomplicatedforappdevelopersandusers,especiallyforthosewhoarenotinthefieldofITandcomputing.
英特尔开始交付ASIC定制芯片,Argo、GRIID、HIVE为首批客户:6月30日消息,英特尔旗下AXG定制计算团队的执行副总裁Raja Koduri宣布,英特尔今日已开始交付专用于挖矿的定制芯片Intel Blockscale ASIC,Argo、GRIID、HIVE等加密货币矿企为首批客户。
此前在四月初,英特尔曾宣布全新的挖矿定制芯片Intel Blockscale ASIC将在今年第三季度发货。该芯片将支持580 GH/s的算力和26 J/TH的功率。[2022/6/30 1:40:37]
iExechastocontinuedtomakesignificantcontributions,workingdiligentlywithourpartners,topushforwardapowerfulanduser-friendlyend-to-endSGXsolution.Thissolutionisintendedtobeusedasanindustryreferencetoenhancetheoverallsecurityofdecentralizedcloudcomputing.ThisnewSGXsolution,combinedwithBlockchain,allowsforunmatchedleveloftrustforDecentralizedApplications(Dapps)andexecution/dataprocessingondecentralizednodes.TheiExecapproachspecificallyallowsBlockchaintoworkwithSGXinorderto:
ProtecttheDAppandprovidefulldataprotectionthatcannotbeaccessedbytheexecutionhost,especiallyforuser’sinputandoutputdata.
GuaranteetheintegrationoftheDapp/Data,makingsurethecorrectandexpectedDApporDataisrunningonthedecentralizednode.
Provideblockchain-basedvalidationforoff-chaincomputing,verifyingthattheDappiscorrectlyexecutedinanenclaveandisneithertamperednorinterruptedbythedecentralizednode.Asmart-contractsignatureissignedinsidethissecureenclavebeforetheverificationisdonebytheblockchainnetwork.
英特尔:Intel Blockscale ASIC比特币挖矿芯片将于三季度发货:4月4日消息,英特尔今日宣布全新比特币挖矿芯片 Intel Blockscale ASIC 将在今年三季度发货,该芯片将支持达 580 GH/s 的哈希率和高达 26 J/TH 的功率。据英特尔称,他们已经在比特币挖矿领域研究了数十年时间来提高工作量证明(PoW)的挖矿能耗效率,据英特尔加速计算系统和图形事业部区块链和商业解决方案总经理 Jose Rios 称:Intel Blockscale ASIC 芯片将帮助比特币挖矿公司在未来几年实现可持续和算力扩展目标。
不过,英特尔公司表示,只会为客户提供芯片,而不会提供完整的 ASIC 矿机,Argo Blockchain、Block, Inc.、Hive Blockchain 和 GRIID Infrastructure 是首批获得英特尔芯片的加密挖矿公司之一。(BitcoinMagazine)[2022/4/4 14:03:52]
MakesuretheexecutionandDAppresultisvalid,neithercopied,norfabricatedbymaliciousdecentralizednode.
Protecttheend-to-endprivacyofDAppresult,whichcanneverbeinspectedbyanyoneelsebuttheuser.
Afriendly-userinterface:significantsimplificationforuserstoencrypt/decrypttheinput/outputdataandtriggertheSGXapplicationexecution.
EasyusabilityisakeyelementofUserExperience;withthenewiExecE2ESGXsolution,useronlyneeds3simplestepstorunanE2ESGXapplicationandtoprovideafullprotectionofuser’sinputandoutputdata.
Let’sthinkaboutatypicalSGXapplication,sayforexampleaFinTechapplication.Theapplicationisfedbysomeuserinputdatawhichcontainssomeuser’spersonalandsensitivesecrets(e.g.bankaccountinformation,personalprivacy,etc…),theoutputresultsoftheapplicationalsocontainsomesensitivedataandareonlyintendedtouserwhotriggerstheapplication.Theinputdataandtheoutputresultsneedtobestrictlyprotectedduringthewholeprocedure.Thenon-encryptedsensitivedataneverleavesuserlocalscopeorhigh-securedtrustedexecutionenvironment:SXGenclave.Hereisagenericdescriptionofthe3simplestepsofiExec’sSGXsolution.
动态 | 英特尔联合Hyperledger发起新区块链编程项目:据福布斯报道,全球科技巨头英特尔与主要的区块链技术公司Hyperledger共同发起了新区块链编程项目Hyperledger Transact。该项目于6月27日正式发布,是一种新工具,旨在通过提供标准接口或用于智能合约执行的共享软件库来提高区块链网络的兼容性。[2019/7/4]
Step1:Useronlyneedstorunonesimplecommandwhichallowstoautomatically:
Encryptuser’sinputdata
Pushtheencrypteddatatoaremotefilesystem(i.e.theremotefilesystemcanbeanypublicfilesharingserviceandenduserisfreetochoosehis/herpreferredone,pleasenotethatthisserviceisnotprovidedbyiExec)
Updaterelatedsessiondata(i.e.eachuser’striggeringoftheapplicationisasession)toaSGXbasedsecretmanagementservice.Secretmanagementservicecanbedeployedinaflexibleway:itcanbeatuser’sside,orscheduler’sside(i.e.SGXworkpool).
Step2:UsertriggersthetargetapplicationviasimpleclicksfromtheiExecDappstoreandmarketplaceviaauser-friendlyUIinterface.
OncethetargetapplicationistriggeredatremoteSGXdecentralizednode,theapplicationwillfirstlyautomaticallypulltheencrypteduserinputdatafromremotefilesystem(i.e.pushedinstep1);retrievethesecretkeyviasecuredSGXprovisionchannel,whichisthenusedtodecrypttheuserinputdata,thedecryptionisdoneonlyinsidethehigh-securedtrustedenvironment—SGXenclave;thedecrypteddatacanthenbeusedtofeedtheapplicationexecution,assoonastheapplicationresultisavailable,asignatureisprecededbasedontheprivatekeyprotectedinsidetheSGXenclave,whichcannotbeinspectedbytheoutsideworld.TheapplicationresultisfinallyencryptedandthentheiExec’sverificationprocedure(i.e.ProofofContribution)istriggered.EverythingissecurelyhappenedinsidetheIntelSGXenclaveensuredbyIntelhardwareCPUandnosecretisabletorevealedtotheoutsideworld.
英特尔申请利用区块链技术进行基因测序的专利:英特尔的一项新专利申请表明,他们正在研究如何利用加密货币挖矿过程中耗费的能源来进行基因测序。2016年6月该专利首次提交给美国专利局和商标局,并在本周四公布了申请中的专利详情。该专利描述了一种被称为序列挖掘平台(SMP)的计算机,该专利申请指出,SMP将使用核碱基测序单元来测定样品中核碱基的顺序,然后通过区块链技术对其验证,并永久的记录在区块链上。[2017/12/15]
Thesignatureisfinallytransferredtoon-chainnetworkandverifiedbyon-chainsmartcontractviatheregisteredcorrespondingpublickey.Ifthesignatureverificationpassesandapplicationresult’strustlevelachievesagiventhreshold.Theuserwillbeinformedtodownloadtheencryptedresult.
Thewholeprocedureisdoneautomaticallyinahighsecureway,andthisprocedureistriggeredbyonlysomesimpleclicksfromuserviathefriendlyUIinterface.
Fig.1iExec’sE2ESGXworkflow
Step3:Usercandownloadtheencryptedresultpackage,andusercanjustrunonesimplecommandtodecrypttheresult.Pleasenotethatonlytheuserwhotriggersthetask(i.e.SGXapplication)isabletodownloadtheencryptedresult,andonlytheuserownsthekeytodecrypttheapplicationresult.
Pleasenotethattheprocedureisplatformindependent,andthereforeiscompatiblewithdifferentoperatingsystems:Windows,Linux,MacOS.
Inthenearfuture,wewillfurthersimplifyuser’sprocedure—allthethreestepswillbeintegratedintoonesimplestep,andcanbedonebyseveralsimpleclicksfromuserviauserfriendlyuserinterface—https://market.iex.ec/.
2.TheiExecSolutionisSGXVendorAgnostic
TheiExecplatformisopentodifferentSGXsolutionvendors.Specifically,iExechasbeencollaboratingwithSCONEandFortanixtointegratetheirSGXframeworksintoiExec’sE2ESGXsolution.WearealsointhephaseofevaluatingIntel’sPDOframework.Inthefuture,wewillalsoconsidertheSGXframeworkofGraphene/Graphene-ng.AllthemainstreamSGXsolutionswillbe100%compatiblewithiExec’splatform,andwewillleaveiExecDappdevelopersanduserstofreelychoosetheirpreferredSGXframeworks.OurobjectistopromotetheemergenceofanecosystemwhichprovidestrustedexecutionforBlockchainbasedcomputing,andthesetrustedservicecanbemonetizedviaiExec’smarketplace.
3.iExecContributionstowardsIndustryStandardization
iExecarepioneersinthefieldofblockchain-basedTrustComputing,andisveryactiveinleadingandpushingforwardtheindustrialstandardizationforinthiscontextforBlockchaintechnology.
Especially:
iExecisveryactiveinEEA(EnterpriseEthereumAlliance):iExecischairingtheTrustedComputeWorkGroup,andkeepscontributingandpushingforwardtheEEAspecifications,especiallytheOff-chainTrustedComputeSpecificationwhichistobepubliclyreleasedsoon.
iExecisactiveinIEEEaswell.iExecismemberofIEEEP2418,andisinvolvedinIEEEstandardprojectonDLT-basedFederatedIdentity,CredentialandTrustManagement.iExecleadsthestandardizationworkinseveralBlockchainbaseddomains,especiallythesecurityandTEE(TrustedExecutionEnvironment)
iExeciscollaboratingwithhardwaretrustedexecutionvendorstomoveforwardthishardwarebasedsecuritysolution(SGX)tobefullystandard-compliant,staytunedforthecomingupdatesduringDevcon4.
iExecisalsocollaboratingwithourpartnerstomoveforwardthestandardizationforBlockchainbasedFogComputinginthecontextofOpenFogconsortium.SomeresultofthefirststagecollaborationwithourpartnersonFogComputingwillbereleasedsoon,pleasestaytunedinthefollowingdays.
长按扫码关注公众号
点“阅读原文”了解更多
技术周报技术开发进展:轻钱包进展-多重签名的集成取得了进展;-轻钱包修复若干稳定性漏洞;全节点钱包进展-MVS支持BIP-68/BIP-112功能开发;-添加validatesymbolCLI命.
1900/1/1 0:00:00亲爱的用户,我们将于2018年10月13日11:00(GMT8)开通SENNO的充币服务,并于10月15日11:00(GMT8)开通SENNO的交易及提币服务.
1900/1/1 0:00:00活动时间:10月23日00:00:00-10月28日23:59:59活动奖励:5,000,000PX活动规则:1活动期间.
1900/1/1 0:00:0020180926TOMOCHAINTomoChain将于Savvycom合作亲爱的社区们:TomoChain和Savvycom很高兴地宣布,我们已经建立了战略合作伙伴关系.
1900/1/1 0:00:00波场TRON|周报为满足波场TRON全球社区爱好者阅读,本周周报共分为13种语言,请您选择阅读.
1900/1/1 0:00:00亲爱的用户:????IDAX将上线AIC。开通AIC/ETH、AIC/USDT交易。??充值开放时间:10月29日12:00(UTC08:00)??交易开放时间:10月30日12:00(UTC0.
1900/1/1 0:00:00