一种基于SGX的轻量Fabric链码可信执行环境构建方法

A Lightweight Trusted Execution Environment Construction Method for Fabric Chaincode Based on SGX

Hyperledger Fabric是一个开源分布式账本平台,其不仅拥有公有链防篡改、分布式记账的特点,还具有身份识别、数据保密、低延迟、高吞吐率等优点。传统Fabric架构中的链码缺乏安全执行环境,其容器执行环境会带来隐私泄露风险,而现有的智能合约隐私保护方案无法适用于Go语言链码架构,且性能开销较大。因此,文章提出一种基于SGX的轻量Fabric链码可信执行环境构建方法及E-Fabric架构,搭建支持原生Go语言的可信镜像和容器,为链码创建可信执行环境,并通过远程认证协议验证链码是否可信。理论评估和数据测试结果表明,SGX Enclave的构建会适当增加开销,与原Fabric架构相比,E-Fabric的延迟升高了8%左右,吞吐率下降了4%左右,但整体性能达到原网络的94%,并且具有较小的可信计算基和更好的安全性。

Hyperledger Fabric is an open source distributed ledger platform,which not only takes advantage of the tamper-proof and distributed accounting features of the public chain,but also incorporates advantages such as identity recognition,data confidentiality,low latency and high throughput.The chaincode in the traditional Fabric architecture lacks a secure execution environment, and its container operating environment will bring the risk of privacy leakage. And the existing smart contract privacy protection scheme cannot be applied to the Go language chaincode architecture, and there are defects such as high performance overhead. Therefore, a method and framework were proposed for constructing a lightweight trusted execution environment for Fabric chaincode based on SGX-called E-Fabric, which built trusted images and containers that supported native Go language, created trusted execution environment for chaincode, and verified whether the chaincode was trusted through the remote attestation protocol. Theoretical evaluations and experimental tests show that the creating of the SGX Enclave will increase the overhead. Compared with the original Fabric network, the E-Fabric’s latency increases by about 8%, the throughput decreases by about 4%, and the overall performance can reach 94% of the original Fabric network. At the same time, E-Fabric has a small trusted computing base and stronger security.