Current Trends in Blockchain Technology
You. We'll. Get started so this is the. Session on blockchains so welcome to the session on blockchains so. We have a bunch of interesting talks in this session so, we have the, first presentation, will be on. A work that marries. Traditional. Databases, with blockchain, the. Second, like. Work would be on exploring how we can use. Computation. Verification, in the setting of blockchain, and then, finally we have another work that explores, how we can use enclaves, to, kind of achieve better performance and confidentiality in the context of block chains. So. The first, speaker is going to be Professor. Carson burning from technical university of tam. Start he's, also an adjunct professor at, Brown. University and before, that he was an architect at SAP HANA and he's. A recipient of. Google. Faculty award and and he has a bunch of best paper up awards that I Triple E Big Data and vldb. And sigmod and he's. Been recently exploring, the entry or the overlap, between. Block, chains and. Databases. And he's going to talk about that. So. The mic should be on. So. Today, I, mentioned. I'm talking, about so, a. Database, view on cloth chains but. So, my main research is, actually in general, in distributed, databases especially. Data, distributed, Atta basis together, with with networks so I'm a database person. Just. To. Give you a quick introduction where I click where I come from so. Why. I got interested in block chains is because people. Are not using block chains for cryptocurrencies, only, but, they use block chains more and more for as, general, share. Databases, to write data into. From. One trusty domain and access. It from another trusty domain and, the. Main, reason why people are using it as a as, a as a platform for data sharing is. There. Are many different reasons and one is because, it keeps the history, of all transactions, meaning, if something, is wrong in your database you, can go back and still, look, at what went wrong and in some states in the USA they even change the. That blockchains, or, the data in blockchain counts. As evidence, in court so that which. Is a strong reason if you share data, between trust, between. Different, trusted domains, the. Second one is. Why. It's interesting is also because no tempering is possible. After the fact so once the transaction is in you, cannot modify the. List of transactions. You store in your in, your blockchain, and, even. More interesting you don't need a trusted Authority, for for, making. All these decisions so the machinery. In blockchain is designed in order to to, give you to give you the, the, two properties. That. It's those all transactions, and it's it doesn't allow tempering, without having a trusted, Authority, so. And you. See that it's. Actually used, as share databases, and there are many, applications. Outside outside, that try actually to use blockchains already as a share database and they. Range from different, or cover, different domains not data just in from. From health institutions, but also supply chains where you have different entities the supplier and manufacturer. Required. To access the same database but. Also to other use cases where you want to have decentralized. Copyright, management, so I for. Example bind, it as a copyright, management, platform, for images where, you put in the image it gets a timestamp and. Thus, it has the copyright and if somebody else at the end wants. To upload, another similar, image you, have the proof that the other image was in the database before so. The question is now, are. We done now is this the end of the talk so, our existing, blockchain systems.
As They are good enough for supporting, all the different applications that people have in mind and. When. They want to use them as a share database so. What I'm going, to do in the talk is therefore I'm first. Going quickly I think most of the people might, know the blockchain basics, but I still go quickly over the. Blockchain background, some basic, terms that, I'm not talking, about things that are out of context in the rest of the talk then, talk about the challenges why blockchains. In my eyes are not sufficient, yet to use them as a shared database and then, go towards what, we've been doing in the past year with, blockchain to be developing. A shared, our database, system on, top of blockchains that mitigates some of the problems that we've seen. Discussed. Before. Okay. So for blockchain is just the quick overview I don't want, to spend too much time so. Blockchains. At the base at the basis they use the tamper proof lecture. To store data which, I already mentioned it's a list of transactions, is its append only the, transactions, are appended, in blocks of new data is written the, new data is appended, or mined in, in blocks and. The lecture is fully replicated, and here you see already, if. Some something is mind or appended, in blocks and it's fully replicated, there, seems to be a lot of inefficiency, in the system itself and this. Is again one of the challenges, that you tackle, when you want to use it as a general-purpose database. System. The. So. For why. Why or why it's so, interesting. As a share database I already mention is if update. Happened to the shared database which is replicated, to all the peers in a blockchain. Then. Everybody, or at least the, majority depending. On what what, protocol you are using needs, to agree on the appends and there are different ways to assure that if never. Mind what you were using if you're using a public or private blockchain. If that's, what I'm also. Will. Go over in a few in a few seconds and, the. Last bit of piece of information that I'd like to introduce is the term, of smart contracts which are nothing, else than trusted procedures, that are stored in the blockchain that can modify data, it's your custom logic that you deploy in. A blockchain, for. Data based person it would be something like a stored procedure that. Can be called from from outside but, for. Smart contracts the specific, thing is that all the participants agree on the same code if you if you run they're launching. A. Second. Slide just only on the, just. To get the the, background, right so, there are two. Platforms. Or ways how how. Block, chains are deployed there, are public block, chains of means, that everybody. Every participant can can. Show in the blockchain and they usually, use more expensive, consensus. Protocols, I don't, go into, into, details for those but, just. To, make, sure that we, are on the same side there are also private blockchains which. Target. A different type of application, where not everybody is. Allowed. To, join, the blockchain but it's it's more limited, set of targeted. Towards a limited set of participants, that know each other and therefore they use a bit of less expensive contentious, protocols and this, already, increases. The performance a bit when when you use blockchains as a database system, so. The question, is that, would actually like to start my talk what are the challenges if you want, to use a blockchain as a, block, chains as a shared database system and the.
Main Challenge I already mentioned. That is clearly the. Performance, of, block. Chains and there, was a paper last, year in sigmod where, they analyzed the throughput and, the latency of different, blockchain systems, one. Is a theorem, that is pretty well known which is used which you can set up as a public but also as a private, blockchain, as, well as hyper ledger which is. The. IBM version, of the. Blockchain. System, but, what you see here is that the, throughput for, example for classical, database benchmark, so you if you use the blockchain. Just as a key value store is. Pretty low so they, reported around 4 ëthere, iam around, 300. Transactions, per second that can be executed and if, you, look carefully in the paper this is not the average transaction, rate that's the peak transaction, rate so the average. Transaction. Rate is actually. Much much lower and, so. Clearly, here you see does that the that, that the transaction, and the performance, that you get at the transaction rate the. Throughput and latency that you get out of these block chains is far from what, typical, applications, need, today even. If for example if you look at what. Reese is processing. On average so. Visa transactions, are around, 2,000. Transactions per second and if. You look into the applications, what how, people want to use block chains. They. Also. Want to store sensor data in the blockchain which even require much higher higher. Transaction, rates so. The the. Performance itself is one one, problem, the second one is if. You, today, want to use one of the blockchain systems. A shared database you, are confronted, with the Sioux of those systems and it's really, not clear which. One to use they come a with different programming and execution, models and the, question is which, one is able to at. Least, well. With, which platform, are able to implement your logic that you want here for for for, the share database where can you implement in, which can, you implement transactions. Or. The transaction logic that that, is needed for your for your for a use case and even worse because. There's, so, much development, going on you don't know what. Is the best. Blockchain. For your workload and B. Which. Ones will survive at the end because there's so much movement. In this sector and people. Are trying to come. Up with optimizations. New platforms, and it's unclear which one which, one you should build your share database application, on, the. Last one is even more severe that, block. Chains you, might assume if you deploy your code in the blockchain and. Run it you get some kind because even, procedures, run through the consensus, mechanism that multiple, nodes need to execute the same code bases and at, the end the output, of the procedure is verified, so meaning if all, the outputs are equal, but that's not true for purely, read-only. Functions. That you would implement as in, your smart contract, they are only executed, by one peer in the blockchain meaning if that one peer if that one node is malicious, and you are asking, or you sending a rich request to that one, peer you might get just a wrong, value from, from the peer and so the. The guarantees you are getting for. Four. Reads for example is. It's. Not enough from any of the share database where you want to know it's the value I've been reading actually the value that is stored in the database so. There. Are many guarantees, that you actually then want to add to your database system or to your if you use your blockchain, as a shared database and.
What. We were where what what we what we think would be nice is if you could execute. Transactions, on a shared block chain at the end verify. If the execution of the transaction meaning of all your read and write operations was. Correct, with regard to the guarantees what the database, wants. To give you and if you discover that a violation happen. Happened that you can go back to the last verified checkpoint, so, having so, the ideas of transactional, theory more into implemented. In in, blockchains. But also transactions, that are verifiable. So. How. Are we going to achieve this and this is the idea of blockchain. DB the, idea is that we build a middleware. On, top of block chains the. Idea is what the, blockchain DB, gives us is, that. It gives us a unified, API so. We tackle. The problem of having a su of those systems by, having. A unified, front and then an, exchangeable. Back and similar to what my sequel is today for, databases you get a you. Get a unified. Front and you can plug, in your storage. Engine that you that you that you like to have and which gives you the performance. Characteristics maybe. That. You that you weren't here for your application, the, second one is that you that we can apply typical database optimizations. In the middleware so, we we've, seen that, performs. Itself is a it's a major limitation and by, applying some tricks in the middleware by shouting across. Certain, block chains, we. Can achieve much higher throughput, than what the, existing, block chains give us already and the. Last one is that we want to support this, very this, notion of verifiable, transaction, so executing, read write operations, we are the blockchain, DB, and then, at the end getting the very, verification. Mechanism that tells us is, that the operation is a transaction, that we've executed it's been correct with, regard to the consistency, level for example selected. In the database system, now. You could argue okay blockchain, maybe this. Is a component that runs out of you're outside. Of your blockchain so it's an untrusted component, doesn't it make things harder I'll, come to that at, the end and I talked, a bit about how we how, we deal with verification, with. A new component, that is actually untrusted. So. What. We've actually been building in the, last year. Is not a, full database system but as a first step we've, started to build a, middleware, that, has, a, simple. Put get interface because this is already from. As, a as. A basic, building block we, think we can we can use later on to build transactions, on top and B, it gives us already proof of concept how far can we get with transaction, rates if we have just a simple put get workload so. The idea is we, have a blockchain. Key, value store that supports, at the. Beginning only the simple, put guide operations that we have here and we have black blue back ends. Inside. The blockchain in order to achieve the. Higher performance and implement, some database optimizations. We. Selected a bunch of techniques that are implemented. In the middleware bead. From sharding, the data into multiple into, multiple block chains so not using just one this, is a thing that already, some of the block chains to find, by now inside. The block chain system they support, our shouting, but not all of the system supported, so, what we can do is just black, put, that on top and support. That, way some. Data parallel execution across, block chains because if you look a bit deeper into the execution models, of block chains they are typically, fully serialize, a civilized execution, with, no parallel so, parallel execution of transactions, at all and the shouting gives us some some, way of paralyzing, and we. Implemented, a bunch of other optimizations. And I want to go just in two of them and show. You quickly what the performs and impacts are if you if you if you do that or if you implement those in, the middle where the. First one is so. The question is if you provide, food get interface so what consistency, can can we provide if we use it better if we use a block chain and in. Block. Chain key key, value so we support different notions. Of consistency. Levels or, clients like consistency levels, that, are more expensive or less expensive and the idea is that if. We give up some of the, consistency. Similar to what normal, databases also, do you can get higher performance even when we use a block chain as a back-end and the, idea here is that if.
You Use a higher consistency, level for example read your own rights. What. We do in the middle where if a right is coming in if a put is coming in its, its, first. Submitted to the trail to the blockchain but we don't wait for the committee, or that the transactions actually committed but, only that it's validated, and after. That we. Just append it to a list in our in. Our in. Middle layer meaning. That once a reed is coming in for the same key at, that moment we do lazy blocking. On on depending, on the pending transaction wait for the transaction. To be committed. Before we give back the, value so. This is, one. Technique where, you already don't, need to wait for the. Full execution, of a transaction but you still get. A. Guaranteed. Consistency, level which, many of the applications desire, or you can even go lower and, provide. Only eventual consistency, and. Even. Don't wait for the transaction. To be committed and execute discrete operations completely, on the status you are getting and, monitor if these transactions, finally, commit so if you can still guarantee liveliness, and. What you see here is that if, you implement. Just. On a, using. A 50 50 50 we're, closed officially reads. 50 percent rights and aetherium, as a back-end if you want. To provide read your own rights, semantics. You get only throughput, of 20. Put get operations, at a second and this, is so. In. Line with with. The block bench numbers if you look a bit closer they reported only numbers. As. I said for max throughput and. Not for average to see. The, eventual. Consistency gives. You already boost of a factor of 5 in in terms of transactions. Which is not not. Still not there what many of the of the of the application needs but it's. It's, already a, way of getting getting higher performance, out of your blockchain system, if. You if you if you decrease the consistency, level a second. Technique that actually is helping much more is that in. Our middleware we we implemented. Some form of batching so we don't submit puts one, by one to the blockchain because. The power, transaction, overhead of validating, transactions, is it's. Pretty high so, meaning if, he if we batch them together so, multiple puts in one blockchain. Transaction, you. Can get for, example if you block up to 500 puts in one call a transaction, rate of. 1,200. Transactions, per second after, that the, message size is or the maximum message size we, used here for. Integers, is exceeded, so there's a limit of patching that, you can, use. So. The. Plane, database, tricks. Is, one thing but, the question is now I, a. Third, point which is interest or which is important, that, is getting. Very verifiability. Of your operations, and this. Is something that we also implemented. Inside. Blockchain, in or inside. Our system and the, problem, here is or the idea of verifiable. Consistency, is that, a client can verify the. Correctness of all operations meaning. If. The puts and gets that he executed, and the, that. He sees or that that he executed adhere to the selected consistency, level so, what does it mean for eventual consistency it means for the eventually. Eventually, consistently, that a client doesn't see any fake reads so. If. You have if you think about a scenario where for example the, blockchain middleware. Or one, of the peers is. Malicious he might return just the value that is not stored in your database we want to be able to detect it detect it after the fact and if you use a blockchain system out of the box you don't get that guarantee, and the. Second one is that we want, to for example or in eventual, consistency we also want to support life in it so we want to assure, that all the puts that I executed, through blockchain Cavia actually. Are. Actually stored in the blockchain system, and not dropped again, by one of the components, so. The problem. Is that, as. I mentioned, that. All these operations are this guarantees. Could be violated, because in, our in our setup we have multiple untrusted, components, one is our blockchain. Key values or that, we are introduced. As a middleware but, there's also, the.
PS Themselves, if you look at them individually are untrusted, meaning. If, if. You just go to one of the peers we might get the problem of fake fake, reads and reads are actually executed by only one peer so it's severe or it's a problem of detecting, if you get such if, you get a fake read or if for example the. Blockchain middleware. Or the peer drops a transaction, and doesn't execute it. How. We do it is so, here just high-level overview is the ideas that we use defer to Eric, mechanism. Where. Every. Put that, is executed through the key value store, updates. The right set in, the in, the, blockchain itself and, the. Clients additionally. Lock. Their actions, their read and rights that they don't need to do it for into each individual, call but they lock the read and write set not. Using the middle the middleware layer but. Going by. Passing the middleware they lock the read their reads and write sets into the into the into the blockchain as well the, nice point, about these cause, is they don't need to be synchronous. Blocking you can just send, them as synchronously, and at. The end of of, your epoch when you are when you execute it multiple. Of the puts and gets what, you want to do is also a verification procedure, that looks into the question, if the, right set was included, that that the clients, reported, we are there recall calls is included, in the right set that the key value store was seen and, this. Is also again a non blocking operation mean, means we submit that as a blockchain transaction. So implemented. As a store procedures. Smart contract which checks if these two guarantees, are satisfied, and once. We once it's done we can just fetch the result if the epoch was correct if all the operations are have. Been correct and in. Worst case rollback in. The, transaction history to a point where no. Where. The where, the last verified. Epoch was. Was well store in the database so we can, also recover to. Two. Valid, check points. Good. So that there's, much more many. More details you need to think about if you want, to do it if a verification, with, the blockchain and there, are more details I haven't been including in the slides but this is the, general notion of how, we want to ensure that put. And gets executed. Correctly. So. What are we up to next, so, we, just as I said it's the first step what we that we implemented, there. Are many more optimizations. That we haven't implemented for example caching in the middleware but, still guaranteeing, verifiability. That's. Something we are working on at the moment but. And then, for, sure go. In the in the route of having not, just the put gate interface but supporting full database transactions, that. On. Top of our, key value store interface. So. In long term what, we what, we want, to achieve or how we think that the. Our. Middleware could be integrated into a data management status, also have, a combination, of a database that is running on premise, where, you use. The, blockchain, a database. System, to. Integrate. Something like a shared column into your database into, your local database system meaning you create a table you mark, your column as shared and. By. Getting the guarantees of. Verifiable. Transactions, and sharing. On those columns of data automatically. Written. To the blockchain and you can verify for. Those columns if transactions, on those columns have been right but. This is something. We. Haven't started, thinking about, in. Detail, with. That I'm. At the end of the talk happy. To take questions. I'm. Sure if we have time for questions at all. So. You decided a sigmod. Paper saying that even, if you set up a private environment around blockchain. And the throughput is very limited, array so. I just, intuitively, I have a hard time to understand why this case I wonder if you share some insight you mean why the transaction. Rate of block chains so. Depending. So I haven't, been going into the into. The details of the execution, models of block, chains but, for example public, block chains use, so. Consensus, protocol which, is called proof-of-work meaning. That. One was private yeah and for, them as I said so the, the complete transit so for private, transact, of private. Blockchains the. Problem is that data a the a train full. Exit or the execution of all, transactions. Is fully serialize, meaning one, node takes, a set of transactions. Execute. Them, distributes. The results to, all the, peers in the blockchain and they reacts, acute the transactions, to verify the outcome, of the sections and then if.
The Results are. If. Different peers agrees or different. Peers, or the majority decrease the, block is appended which is inherently, so. Full. Replicated, database, system that doesn't allow any concurrency, and the. Results that you are seeing is and there are many more overheads, in block chains which. Is not just the, execution but also verifying. The signatures, for each and every transactions, that's a trial. Yeah. Mike. Okay. So. Just. Curious if, you. Could give us a feel I know you didn't go into the details of the blockchain protocols. But is. There something fundamentally, different. With. Using, blockchain, as the backend for the key value, store as opposed to if you were just building a federated. Database over, a bunch of slow database. Systems, where you would be faced with with, a lot of the same challenges. So. There. Are two. Others. From my site to, your question there the first one is so, why. Not using oh why, don't we use why don't you use a database system or more, a replicated, database system from the start for, those use cases and, yeah, but that's a, valid question and so, the, the the answer, is here so, people from for me people are people, are using block chains nowadays, and. So. And, it. Has this legal notion that data, that is stored in the blockchain can, be used as evidence for court so there are already, some, mechanisms. In place that you don't have for databases so what there are reasons. Why people should use a blockchain so. Therefore. It's. It's for, some use cases even more possible to start with a database system as a. Starting point the second, one is. Regarding. The performance I think that we saw already the talk for example from Microsoft, in the morning there's a lot of a lot going on in. Or. Optimizing. The performance of, blockchain systems themselves, and, we. Just benefit from it so whatever comes next as a platform we can plug it in as a back-end and, use, it and provide, verify. Verification. Guarantees, on top and this, is what what let's, say the the, value. Of what what we provide is so you get the interface of a typical database you can verify your your, operate your, transactions, or put get operations, as if it would be your database but, at the end it's, it's. A blockchain so we. Provide a stable interface you can program. Against it from your application and, get. The advantage, advantages. From you proc chain systems. Assume, we, move from proof, of work to proof of stake and, assume, every. Block in PAC 10 some transactions. What. Would you imagine will, be the next bottleneck in terms of the improving, the performance of, dorchen transaction processing, we, haven't been, ourselves. Not looking too much into where. The bottlenecks. Of current, systems. Are there are two good papers about, that. Analyze actually the performance, bottlenecks, and where are the. Limits. Of how, far, could we push the, performance if we tweak the parameters there's, one from. A bunch of authors from ETH Cornell etc, I'm. Where. They threaten, as. The upper bound with the current protocols. I. Think, that's that's a nice a nice rate. Anyway. So and, the second one is block bench where they. Running. Already some against different systems with different consensus. Protocols, were. Close. From, my perspective, so. What I think block. Chains should do is so, the the computational. Or the execution of transactions, is inherently, inefficient as I said it's it's completely sequentialized. There's no notion of concurrency, and I think block chains can learn a lot from what. Databases, have been doing in concurrency. So executing. Transactions, as if they would be serialized see. If they if they would be serial but having actually concurrent execution and if we can get. Some ideas of those into the next into. The next generation of blockchain systems it would increase the performance and reduce. The bottleneck of what. What, what. Current, block chains have. All right I think we are like like running slightly behind schedule so, if you have other questions we might want, to do issue the break. So. The next speaker. In this session, is a Sri nut so, Shri nut is a researcher, at Microsoft Research, at, the Redmond labs and sweetness. Is an expert on you, know having. Building. Systems or on like like, verifying, of computation, our own computation verification, and in this talk is going to talk about a system called spice.
Which. Is about verifiable. State machine and this work is going to appear at OSD I this year. So. This talk is about a powerful, primitive, called verifiable. State machines and, a system that implements this primitive called spies. This. Primitive as many applications, in the context, of trustworthy. Cloud services as well as decentralized. Block chains I'll. Start by defining what this primitive is. The, verifiable, state machine is a primitive, in which there are three types of entities instead. Of clients, a stateful, service, and a set of verifiers. These. Clients, issue a set of requests to the service and get back a set of responses. Then. The service periodically. Publishes, a trace, which contains, an entry for each request, response pair. Then. Each of these very, fires run, a set of local checks, and then output accept, or reject. And. Then. We call, such, a primitive as a verifiable, state machine if it satisfies, these properties. First. If the service behaves, that, is the execution. Is equivalent to some serial execution, of, the concurrent request then. The verifiers, output, except. Second. If the service misbehaves, with the, execution, of requests, or with concurrency, control mechanisms. Then. The probability, that a verifier, outputs, accept. Should be less, than epsilon, where epsilon is varies, model. Third. The trace itself is zero knowledge that is it does not reveal anything, about the requests or, the responses, or the internal state of the service beyond, the validity of the correct request execution. Finally. Require, each entry, in this trace to be small, for example a few hundred bytes. It. Turns out there's a lot, of prior work that implicitly, implements, this verifiable. State machine abstraction. They. Do not use the state machine formalism. But it's not fundamental. The. Theory actually dates back to early, 90s, but this theory was too expensive in it could be implemented. How. There's a lot of work that reduces the cost of this theory by all 20, orders of magnitude, and these. Latter systems, so. I'd support. For stateful, computations. In those earlier, systems. For. Example they support, storage interfaces, such as key value stores and even a limited form of sequel, databases. Despite. This massive progress, all of these systems have two, key limitations. First. The storage operations, in these systems are very expensive, for example it would take tens. Of seconds or even several, minutes for for, each storage, operation. Second. Limitation, is that they only support a sequential, model of execution, for expressing, these services. As. A result of these two limitations prior work can only support, very, limited throughput even for very simple services. Our. System, which is called spies addresses, these limitations. First. It features, a new. Storage primitive, that is two orders of magnitude more efficient. Than prior instantiations. Second. It supports a concurrent, model of execution. For expressing, services. As. A result of these two are new, techniques, spice, can support thousands, of transactions, per second for many realistic. Applications. In. The rest of the stuff I'm going to well, proof or focus on three things first. I'll discuss a few applications. That can be built with verifiable, state machines. Second. I'll present some background, on prior, work and, a quick overview of spice. Finally. I'll present some experimental, results. At. A very high level we are interested, in this primitive verifiable. State machines for two reasons. First. It enables us to build cloud, services, in which we do not have to trust the cloud infrastructure. Second. It also enables, private, and efficient, blockchains both in the permission, membership, model and Commission, less membership, model, I'll. Start with the first application scenario. The. First application, is a cloud, hosted, ledger inspired. By sequence. Here. The service maintains. Balances. Of assets, owned by different, clients, and. It exposes, three types of requests. First. The issue operation, enables, an issuer which is a special, entity. In the system to issue some assets, to a client. The. Second operation is a transfer, that allows, one Cline to transfer, an asset to a different, flight. Finally. The last operation which is called retire, allows, a client to take an asset out of the system. So. In the status, quo if somebody wants to verify the correct execution of this service they, have to get a complete, trace of all the requests responses, and the internal state of the service, but. With spies, an. Auditor, can verify the correct execution of the service without access to any of the requests or the responses, and. It does not have to trust the infrastructure, on which just run which the services is running. The. Second application is, in the context, of for decentralized, block chains such as aetherium. On. Aetherium a smart contract is essentially.
A State, machine where two or more counterparties. Can issue transactions. To. Create, state transitions. So. In the status, quo all the transactions. Are actually stored on the blockchain so, this provides new confidentiality, guarantees. Anyone, on anyone in the world can inspect, the internal state of the contract, or, also look at all the state transition, say your contract, has gone through. Second. Every request from, the app must be processed by the blockchain so this limits. The. Application level, throughput, that you, can get by storing, a smart contract on a public, blockchain. Whereas. With verifiable. State machines you don't actually have to execute, those smart contracts, on the blockchain you. Can execute them outside the, blockchain and then persist. Only a sussing, zero-knowledge, trace, on the blockchain. Because. This sussing. Trace does not reveal anything, about the internal state of the requests of the responses. It. Provides very strong, confidentiality. Guarantees. And. Because, aetherium will only process, the sussing trace you can actually support, very high throughput for your applications, which, is independent, of the throughput supported, by it helium. So, in the I hope that I convinced, you that verifiable, state machines are actually useful. So. In the next part of this talk I'm going to provide, some background on a prior system called Bentley, before I provide. An overview of spies. So. Pinetree itself, extends. To, private systems called Tsar and Pinocchio to. Support a notion of state. All. These three systems are composed of a front, end and a back end this. Front end translates, a c' program into a set of algebraic, constraints, and, then the back end implements, an argument, protocol, to prove the correct execution of the c program. I'm. Not going to go into the details of how these components, work, but I'll just observe that both daughter and Pinocchio support, a large. Subset of C. This. In turn enables. Verifying. The execution, of stateless, programs. And. Then thank his support state while working in the same stateless, computational. Model by, leveraging cryptographic, hashes. I'm. Going to briefly tell you how this is done so. The, key idea in Pantry is to name data, blocks using a short, cryptographic, digest. Of those data blocks here's. A very small C program, that illustrates, the this key idea in binary it. Takes as input it digests, and then. The prover of the service, can actually supply state, of, course. Because the service is untrusted, it can support the supply any state, to this program, but. There's an assert statement that, checks if, the digest, supplied by that verifier, equals, the cryptographic. Hash, of the block supplied by the service. And. If this, server. Service, supplies the correct state just check passes otherwise this check fails. And. By using this idea Pantry. Builds, a key value store, the. Core idea is to treat hashes. Of data as pointers. To such, data then you can build a tree. And which in turn can be used to build a key value store. But. The fundamental problem in this approach is that cost of a key value store operation, is logarithmic in, the size of the state. Completely. This means it, takes several minutes of CPU time even with the million. Key value pairs in your state. Spice, addresses, these performance, problems. The. Core idea in spices, be user set, data structure, instead of a tree data structure. Within. Map, key value store operations, to operations, on a set. As. A result cost, of a storage operation, is. Constant. Time instead, of logarithmic. On an amortized, basis. Hungry. Instantiate. This idea, knively it's. Actually going to be more, expensive than the tree based approach, constants. Involved and in. The case of many, data. Sizes that we are interested, in. However. Spice, solves. This problem, it. Does this by using an efficient, instantiation. Of this. Based data structure using. Elliptic curve cryptography. Spice. Also includes new techniques, to execute, these state. Transitions, or transactions. Inexpensively. In this model. I'm. Not going to go into the details of how all of this is done but I will just present a few implementation. Details and how the system looks. The. Implement spies on top of pantry, we. Also wrote three applications, using spice but spice includes a tool chain using which you can build, many more applications. The. Pull chain takes as input a C program, which expresses, a request handler, and. Then it outputs two, executables, one for the service, and one for the verifier, and this. Request handler can include. Arbitrary, C code and it can also call in to spices storage api's.
The. Storage primitive itself, exposes, many api's first, it provides you operations. And key value stores such as get and put. Second, it allows. Mutual. Exclusion API. Such as lock and unlock so you can lock a key. Perform. An update and then unlock. It. Also provides, a restricted, form of transactions. So, you can call begin transactions, on, a set of keys it, returns the current state of those keys and you, then you can do arbitrary computation, and then you can call in, transactions. With the values that you want to write back and. All of this update happens atomically. In. The next part of this talk I'm going to present some experimental. Results. The. Two questions that I'm interested, in first. How to spice compare, with prior, state-of-the-art. Second. What is the intern performance, of applications, built with spice. To. Answer these questions we're on a set of experiments, on an azure cluster. So. For the first question we measure the, throughput of key value store operations, and their spice as well as a set of baseline systems. We. Preload the key value store with a million key, value pairs and then. We measure the throughput of the system, for. Get input operations, separately. As. You can see due to new techniques in spice, spice, can achieve up to four orders of magnitude speed-up. Compared to the baseline systems. So. To answer the second question we implemented, three applications, and this graph depicts interent. Performance, with varying, number of CPU cores and, the. X-axis you can see we, have depicted various, requests, types such as issue transfer, and retire, that. Are supported by these applications. As. We can see spice achieves a near linear speed-up, in throughput. Has been provide more CPU cores I. Did. Not depict the verifiers, throughput, but it's much. More than the provides throughput of the services throughput which is 15. Million proof verifications. Per second on the same cluster. So. To summarize the stock we believe verifiable, state machines is a key tool in in. The context, of both cloud computing, and decentralized, blockchains. Spice. Represents, a substantial progress. Towards, efficiently, implementing, verifiable, state machines. Finally. We are excited, about the, many possibilities, that this work points, to. With. That I can take it. I'm, sorry I kind of lost, the connection between spice, and the blockchain so where exactly, are. Using Spicer technology, to implement blockchains, or is it a front-end to block chains because using a code generator so I don't know exactly what the connection is. Application. The blocking here's. The scenario that I presented in the context of block chains so, instead of for running the entire smart, contract on the blockchain and then executing, the. Contract on every, node in the blockchain system, you, could run it once, and then. You. Could just persist. That sussing, zero-knowledge trace in the blockchain. So. The. Entire blocks in network would just verify, that there. Was a valid state transition, and it, does not have to really cute any transactions, and they also don't need to know, what. The. Contract, was or what, this, contract was doing so. It provides confidentiality, and, also scalability. So you're basing, like a front-end to the blockchain, yes. You, don't need to use the blockchain in the backend you could put in a database sure yeah, the fact that it's a blockchain is actually not relevant, yes. So you. Only. The verifier, is running in the blockchain but you could run that verify anywhere, right and even the service itself could be running outside the blockchain using, traditional databases. The. Trace includes all the hashes, of the state. Can you return to the slide that gave the big picture, of. Requests. Going into the blockchain, and the trace. Going to the verifiers. Yes. Could. You say what, information. The verifiers, have, access, to in order to make the decision if, this, picture depicts only an append-only trace, are they aware of other information yes.
Yes They, do know the specification. Of the service for example of. What, it means for taking, a state-transition so they know the code that represents. The. State-transition. They. Also know some. Encoding of the request and the encoding of the responses, so this trace has an entry for each request response path, so. The verifiers, are aware of something about the requests. They. Don't know the actual request plain text contents of the request but they have an assasin, encoding, which is a, commitment. To this request. Thanks. A quick. Question while we're on this slide so you've, defined, soundness, in terms of some epsilon. So. What should I think of epsilon is being like the internet is very large and there are many requests, so so, how often in practice would you expect, soundness. To be violated, yeah yeah so this epsilon is one in two power 128, so you can think of it as 128-bit, security, so, it should be very, small, like that you, should absolutely not. See very far, accepting, some incorrect statement, as correct. Except. With that one, in 1/2, power 128. Which. Is the security of many crypto primitives that we've. So. The final presentation, in the session is by professor han, seong from UC Berkeley so. She has a whole bunch of awards so she's a MacArthur, Fellow so, she's a Guggenheim. Fellow. And MIT, via, 35, award and she has like several best papers in security, and and learning conferences, and she. Also happens to be the co-founder. Of a start-up in blockchain called Oasis, labs and I. I believe that some of the work she'll be talking about is based on is is, related, to the startup as well. Okay. Great thanks, for. Being, here I'm, dancing I'm a professor, in, computer science at UC Berkeley, and also. I'm a founder and CEO of Oasis, labs so. Today I'll talk about privacy. Preserving smart, contracts, and skill a. New. Blogging platform, that we're building. Ok. So right, so as we all know data is a new oil and, our, birth data can. Really help us with, the. Valuable data analytics, and machine learning and help. Us King as said gain. Insights, in, many, different. Domains. Including. Healthcare, financial, services, and RT. However. A lot, of data is also, sensitive. And. We. Are actually facing a lot, of big, problems in. The data domain today. For. Example data breaches, and the, commonplace, now, for. Example, Equifax. One. Of the largest credit. Score companies. Had. The recent, breaches. Were, attackers. Who were able to, steal. Sensitive information, about, modern, hundred, forty million users. And. The other hand a lot of valuable, data, is also being silos, and. Because, it is sensitive. They. Couldn't really be utilized. And. Hence. A lot of data we, are, not being, able to extract. Valuable. Insights, from, other states including for example Mexico, data and financial, data and so on and. Also. At the same time users. Are losing, control of their data as. Demonstrated. In the recent Cambridge analytical. Incident. So. On the other hand we are seeing that blockchain, is. Providing. A transformative. Technology. And. Aiming. To solve a number of problems. Blood. Team aims to provide openness. And transparency and. Allow. Us to not. Rely on any central party and, provides, automatic, enforcement, of agreements. So. So far what has protein, brothers. It. Helps, with. Payments. With. A ce o--'s and. Crypto. Kiddies. So. The question, is I. Mean. In. The future we hope that blockchain, can, do even greater things can. Help us to, revolutionize. Many, different segments, in industry. Including. Again. Financial, services, healthcare. Out. In many many other domains. So. Right. So, today I want to talk about some, new technology that we have been developing that, actually helps bring, in the blockchain technology, to a broader. Domain. To enable, these, other more advanced, applications than, the ones that we have seen today and also, at the same time help, us solve some of these and the, security. And privacy problems, that I just mentioned at, the beginning. So. First let me give you one, motivating, example, how. In. Such an example, how, she helped, solve the problem and also, where we need new technologies, in blockchain. So. This motivating. Example is in the area of fraud, detection. So. For example of a bank they, need to do for our detection, to, figure out whether they should give someone, alone. Or, whether they're. Suspicious. Are, malicious. Activities. So. Typically how it works is that each, Bank. Using. Its information. Country. Is on fraud detection and, detector, and. The. Kettlepizza is sensitive. And usually, it's difficult, for different banks to collaborate, together. However. As. We all know the.
Effectiveness, Of. Of. This type of models, and. Really. Depends on the, amount of data that the model is trained on our the. The. Broad you, know news. That. The. Model actually has seen, and. Hence it. Would have been very nice if we. Can develop a technology that. Allow these different banks to collaborate together and, using, the data from, each. Of the banks together to, develop a, better machine, a new model for fraud, detection. Fortunately. Today we, don't have a technology to, enable, banks, to do this because. Because. Of privacy concerns, regulatory. Risks, and the misaligned, incentives. So. This is an example where actually, blockchain, can help in particular, a new type of technology blockchain. Technology, such, as the ones that we are developing can. Help where. We can actually develop. Smart. Contract in this case of Frau detected smart contract they, runs on top of the blockchain and. In. This case the different banks each, other and country, contribute, data to. The smart contracts, and. Together. Using. The data from this different sources and the. First. Detectives, my country can chew through our detection. Model, and. And. Hopefully. This, practically. Monitors train Tooting, and data, from different banks can, be much more effective and can really help each bank and, to deal with the fraud much better. Another. To you neighbor application, like this we. Need to solve a number of challenges, and, issues. So. First, in. A typical blockchain, actually. All data and compute, on the blockchain is public, and. In. This case we are dealing with very sensitive data and. Essentially. Users, our customers, transactions, so, we need to handle the. The. Challenge of having, sensitive, data on the. Blockchain worker. Nodes. Essentially. Protecting, the computation, process of. This, March. Contract execution, from, leaking sensitive information and. Secondly. The, computer, fraud detection model, itself can, potentially, leak sensitive, information about, the inputs because. The. Maturing. The mother here and that, is trained as training. From senses of inputs, to start with and I'll. Show a little bit later that. Our. Work has shown that even, where, information in your model if you are now careful with the privacy. Protection, the, most random machine in the mountain itself can, actually leak sensitive. Information about the inputs. And. Finally. To. This blockchain. Has. A huge scalability. Issues and to. This protein has per performance and their, high costs so.
Again In order to enable an. Application. Like this we. Really need to be able to scale. Up the blockchain and. Scalability. To, enable. A. Real-world. Applications. Like this and actually, add. At the class scale even. So. That's what our talk, about this yes so we are actually going to develop a privacy-preserving smart, rancher that can help save others. So. In order to enable application, like this and address, the challenges that I just mentioned and. Oasis we are developing a, new. Blockchain. Technology. Called. Privacy please one, of the key of a blockchain platform. Is privacy. Preserving smart, contracts, a skill. So. First we. One. Of the key provinces of our platform, is privacy, preserving smart, contracts, and. The. Privacy preserving strong, contract. Satisfies. A number, of unique, properties. And capabilities, it, enables. Automatic, enforcement. Of codified, privacy, requirements so. The privacy requirements here, is, coded. Into. The smart contract and. We. Can enforce this without relying on an essential, party and it's. Designed to scale to real-world applications, including. Heavy. Workloads such as machining and we. Design. The, technology to. Make it easy. To use and to in, to make it much easier for. Developers to. Build privacy-preserving. Applications. Without, needing. To be a privacy expert. In. Order to enable this. Privacy preserving smart, contractor, scale we, developed, a number of. Different. Technologies. And combine. Together to, build our Oasis. Blockchain, platform. The. Oasis approaching platform essentially, has you can do it as two main parts there's the platform, layer and the. Platform, component, and there's the application components. Where, the smart contract is, the. Abstraction. At the application, level, so. At the plot at the platform, level the, first. We build. Confidentiality. Preserving, man contract execution, to, protect, the, smart. Country execution, process from, leaking sensitive, information about, the inputs and. At. The application, level within. The, smart. Contracts we. Provide. Capabilities. For privacy preserving analytics. And machine learning to. Make it easy for developers to. Do analytics, emotionally, without. Needing. To worry about privacy and, to enforce, the other side privacy. Policies. And. At. The platform. Level we. Also, develop, a new architecture. For the, blockchain to enable scalable smart contract execution, in, particular for, scalability. For complex. Smart, contract execution. So. Now let me talk about each. Component. Technology. Separately. So. First let, me talk about the confidentiality, preserving. Smart contract execution. So. Typically, okay informations, so, most blotching, today the, data. And computes, our public, on the blockchain, and hence they can only have very limited use, cases. So. In, this case and the, inputs to. The smart contract is public, and. The. Smart contracts. Essentially. Then take, the inputs and, as a computation, and performs. A state transition and. Also. The states of the smart contracts in, most, of today's blockchain, platform, is also public. So. One, way to confidentiality. Presuming. Smart contracts execution, essentially. Here. Everything's. Encrypted so, the data, is encrypted and also the, states is encrypted as well. And. The. Smart contract essentially, and as, a computation, our encrypted data and to, perform the state transition, and, also. At the same time we. To ensure, that even. Though the, data and states are encrypted. We, still, want. To ensure that we can have a proof of correctness. That, the state transition, is. Correct. So. The question is how were actually enable, there's. A. Practical. Way of doing. Computation. Of encrypted, data and in particular this. Confidentiality. Preserving. Execution. So. That's essentially, we. Do this by leveraging a, composition of, different, techniques, for. Secure, computation, so. In secure computation, essentially. We. Have two main, types of approaches, the, first one is a secure, hard way the. Advantage, of secure hardware is that it's a hundred performance, it's performance, as close to native computation, and they. Can support for general-purpose computation. The. Challenge. For the. Other, types of approach is crypto, based, techniques, such, as secure multi-party computation for. The homomorphic, encryption so, on the, challenge for this type of approach is that the, performance overhead can be very high often, times it's all just a magnitude higher, than native. Computation, and hence, they can only be used for very. Limited use cases and, in. The Oasis blockchain platform we. Actually. Use a combination of, these, different techniques. And depending. On the. Actual use cases after, smart, contracts, we. Use. Different. Combinations of these, techniques, to, enable. Confidentiality. Presuming. Execution. So. Now let me just briefly say.
A Few words about the, secure hardware aspect. So. The secure Hardware here and one, abstraction, is called a trusted. Execution environment and also here we call it the secure Enclave and. The. Idea of secure Enclave is that's here, we can. Run a program, in this case asthma. Contract inside. The seeker on cliff and, the. Then. In, this case the, operating. System of the application, that runs outside of, the secure Enclave will. Not be able to tamper. With what's running inside and also, will, not be able to see what's running inside and hence the secure Enclave house provides, integrity. And confidentiality, after. Execution and. Also. At the same time the. How. Do I provide how. To replace the mechanism, for remote attestation, such. That the remote verifier, can and, remotely verify, what, has been run inside, the secure Enclave and its initial, state so. We. Have developed a, research, project called akedan, and. Leveraging. Approaches. Like. This and we. Provide. Security. Proof using, universal, composability, and we, have developed a number of sample. Applications. Including. Training machinery models in healthcare. Domain and, smart. Building domain and many other applications. So. Here. One. Of the key capabilities, that were used to enable confidentiality, preserving. Smart. Contracts accusin, is. Leveraging. The capability, of secure, enclaves, and. In fact the secure unclips can serve. As a cornerstone security, primitive even, beyond the, application, domain of blockchains. Secure. Unclips can provide strong security capabilities, and. Can. Serve as a platform for, building new security, applications, that, couldn't be built otherwise for the same practical performance. And. Over. The years so. All the hardware manufacturers, have recognized, the importance, of building secure, hardware and they all have built different solutions but. However we, still have huge challenges in. Building secure, hardware. For. Example, how secure can be and the worst hermanos. And what, would interests, with the secure hardware and the, ultimate challenge is can, we actually create, truly. Trustworthy. Secure, Enclave as a cornerstone. Security. Primitive, that, can be widely deployed, and enable. Secure systems to be build on top if, we can do this then, we can truly I. Share. The whole community, into. A new, secure. Computation era. So. What's the path towards. PT, in Chatsworth a secure Enclave so. First we need to have an open source design, open. Source design provides. Transparency that's, needed for the whole community together to analyze and verify, the security and correctness of the secure Enclave and, that. Can, enable much higher assurance, and also. Open source design helps. Build a community, and also. Ideally, we would like to provide a formal verification of. The. Secure, Enclave and, we, want to ensure, secure. Supply chain management for. Securing. The. Manufacturing. Process, so. Towards. This goal we, are. Doing. A project. Called, keystone on cliff I mean. To build our open-source, secure, Enclave on top, of. Risk. Five, trip. Which is an open-source RISC, architecture. That's, available today, and we, provide strong memory isolation, and many, other properties and, I. Would, go to enable. Open, source, secure. Enclave that can really be deployed and be used and with many fractures by any manufacturer. And be, used in the real world and. Risk. Five. Actually. Has been what. Are they adopted, in, industry, the risk five Foundation has more than a hundred members and. You. Can find out more information by Keystone, at. Our website the Keystone - unclean, dot org and. We. Have a number of goals increased, in. The project to, help us to. To, is finally, achieve the goal of beauty, open-source secure, Enclave. And. This. Is a collaboration between Berkeley.
And MIT and. With. Other, institutions. Joining. And we. Plan. To have first, release this fall, both. As. The. Deployed on FPGA, as, well as actually, on the demo chip. High, five unleashed, the. Rig's five chip. So. That's, the first, component. Technology. Confidentiality. Preserving, smart country execution, let. Me and then also quickly, talk about the second component technology, for privacy preserving and analytics emission and yeah. So. What would do this analysis, dimensionally name there is a lot of privacy risks so, for example here there, are. Two. Types, of questions one. So how many trips were taking in New York City, last, year and the, other ones how many trips did you take last week so. As you can see you one, question and reflects, a trend the, other one actually leak sensitive, information about the individual, but. To. All to and. Both. Territories you actually both need to actually, have, access to data and hence, and this, is an example showing that just having access control, as, insufficient. To. Be able to protect. Privacy. And at the same time being, able to answer queries like this. And. There. Has also been proposals, using, data and animal vision technologies, to, solve this problem. But, there's also. Insufficient. And theta. An animation can reduce the utility, of data, and also, at the same time it provides. Insufficient. Privacy, protection, there has been lots. Of research is showing that, anonymized. Data set actually one is combined with other publicly, available data, set can. Be used to re-identify. Users. And, hence. Clicking. Census. Many of our individuals. We. Were also doing the recent work showing. That you. Know when you train a different, model you actually need, to be very very careful so, the question here is to neural, networks actually remember training data and if. Years can attackers. Actually, extract, secrets in, the training data from, just simple recurring the learned models, so. In collaboration with the researchers, from Google, in. Our, recent. Paper, here. Is an example of one, of the case studies we, showed that, when. We train along with model and the email dataset in this case it's a public Enron dataset, the, email. Data says naturally. Contains. Credit. Card numbers and Social Security numbers of actual, users and. We. Demonstrated that attackers, can actually craft, attacks. To, then by just crying the language model and to be able to extract the credit. Card numbers and Social Security numbers from the original, training. Data sets and, this. Is an example demonstrating, that even when you are training a machine in your model you have to be really careful to take, the correct measure. To, protect users, privacy, so. Luckily, here, we actually have a good solution and so, instead of training and vanilla. Dip. Linear model instead. If we change our differential profits a tip, linear model that in this case both, from our, proposal, measure as well as. Attacked. Evaluation. With demonstrates, that's by, tuning a differential profits, depend on your model we can provide a much stronger, privacy. Protection, for, the users. So. I'm running out of time so I won't have time to actually go into the details about differential. Promises, or the, differential privacy at the high level is essentially. A formal. Privacy notion that. Helps. To, measure. For, an algorithm and. The, editor analytics. Algorithm. A machine learning algorithm whether, it, can, distinguish.
Whether. A particular users, data has used in. Producing. That, it analytics, results, are tuning the machine any model. So. The. Differential. Privacy provides. A very, strong. Notion, for protecting, users privacy in, data analytics and machinery. There. Has been very, limited real-world use of differential, privacy including. Google. And Apple use. Differential privacy in very limited setting, and there's, no previous real-world deployments, of differential, privacy for general-purpose analytics. And. For. There, are a number of challenges for, deploying. Differential. Privacy. In. Practice, in the real world. Equality. Usability. For non-experts broad. Support for analytics, queries and machining and also, in t is an integration with existing data environments. There. Is no previous system, that addresses are these issues in collaboration, with the Whooper we have developed, new systems. To address these, challenges. And. In. Our system, Kuras, and option, we, essentially. Develop, techniques. And tools to, automatically. Rewrite. State analysis, and machine running pipelines. To, enforce. Differential. Privacy and, as well as other, desired. Privacy. Requirements, and. Some. Of our technology has, already. Been deployed as, a blueprint for. Protecting. Privacy in, the internal, data analytics. So. Putting, together confidentiality. Preserving. Smart country execution, and privacy, preserving. Data. Analytics, a machine learning so, this enables. The. Privacy. Preserving smart, contracts, and. Now. Let me just briefly talk about the, third, component technology. Scaleable. Smart contract execution. Again. I don't have a lot of time left so let me just go over this very quickly and, so. Typically, when people talk about plotting, scalability. One thing that people immediately think about is blockchain. Shredding it's. Like you have one. Lane of cars but now you have you, know many lanes in parallel, to, improve, the circuits, after, traffic. However. This type of approach is good for high throughput of, simple transactions, and. Power. For. The the. Kind of protections that, we want to build these, are. Also. Much more complex, and so the, different smart contracts can also depend, on each other so. To. Enable, scalability. In particular, skill ability, for complex, smart contract execution, we. Have. Designed. And developed. A. Different. Protein. Architecture. Than, previous. Plug-in, architectures. And. In. Particular, by. Separating, out, execution. From consensus. By decoupling the different, function, functions, that are blockchain, and me, is. Providing. So. Our design is. Inspired. By a few key observations. Of the. Limitations, and challenges in, today's. Blockchain. Approaches. So. First a. Blockchain. Platform, essentially, provides, a 3, min and, functionalities. Consensus. Storage, and computes, unfortunately. In, most of today's blotching, platforms are the three functionalities. Are coupled, together, and. Has makes it really difficult to scale and also. Hear consensus. As the, slow operation. And as, often. The. Key bottleneck, and. When. We do shaking coordination. Also, is expensive. And. Can limit. The scalability,