Journal of Computer Science and Technology


Query Authentication Using Intel SGX for Blockchain Light Clients

Qi-Feng Shao1,2(邵奇峰), Member, CCF, Zhao Zhang1(张召), Member, CCF, Che-Qing Jin1,*(金澈清), Distinguished Member, CCF, and Ao-Ying Zhou1(周傲英), Fellow, CCF   

  1. 1School of Data Science and Engineering, East China Normal University, Shanghai 200062, China
    2School of Software, Zhongyuan University of Technology, Zhengzhou 450007, China

Due to limited computing and storage resources, light clients and full nodes coexist in a typical blockchain system. Any query from light clients must be forwarded to full nodes for execution, and light clients verify the integrity of query results returned. Since existing verifiable queries based on an authenticated data structure (ADS) suffer from significant network, storage and computing overheads by virtue of verification objects (VOs), an alternative way turns to the trusted execution environment (TEE), with which light clients do not need to receive or verify any VO. However, state-of-the-art TEEs cannot deal with large-scale applications conveniently due to the limited secure memory space (e.g., the size of the enclave in Intel SGX (software guard extensions), a typical TEE product, is only 128MB). Hence, we organize data hierarchically in trusted (enclave) and untrusted memory, along with hot data buffered in the enclave to reduce page swapping overhead between two kinds of memory. Cost analysis and empirical study validate the effectiveness of our proposed scheme. The VO size of our scheme is reduced by one to two orders of magnitude compared with that of the traditional scheme.


2、目的:现有Merkle-tree应用于区块链可验证查询时,其在传回查询结果时伴随着传回批量的VO。为了验证查询结果,接收且拼接这些VO会增加资源受限的轻节点的网络与计算开销。因此,本文提出基于Intel SGX可信硬件为区块链轻节点提供可验证查询,使得轻节点无需接收和处理任何VO,从而达成零代价的可验证查询。
3、方法:针对当前区块链轻节点因资源受限而无法高效验证全节点查询结果的问题,首次提出基于Intel SGX可信硬件为区块链轻节点提供可信查询服务。针对SGX Enclave空间受限的问题,提出MB-tree与SGX相结合的方案,仅将常用MB-tree结点运行于可信Enclave内。针对传统MB-tree频繁数据更新造成的连锁Hash计算开销问题,利用区块链周期性批量更新数据的特性,在Enclave内构建了基于MB-tree与Skip List的混合索引,通过Skip List缓冲多个新增区块数据,并定期将缓冲排序后的交易数据批量更新至MB-tree,减少了逐项更新MB-tree带来的重复查询及摘要更新开销。

Key words: blockchain, query authentication, MB-tree (Merkle B-tree), Intel SGX (software guard extensions)


No related articles found!
Full text



[1] Zhou Di;. A Recovery Technique for Distributed Communicating Process Systems[J]. , 1986, 1(2): 34 -43 .
[2] Li Wei;. A Structural Operational Semantics for an Edison Like Language(2)[J]. , 1986, 1(2): 42 -53 .
[3] Chen Shihua;. On the Structure of Finite Automata of Which M Is an(Weak)Inverse with Delay τ[J]. , 1986, 1(2): 54 -59 .
[4] Li Wanxue;. Almost Optimal Dynamic 2-3 Trees[J]. , 1986, 1(2): 60 -71 .
[5] Feng Yulin;. Recursive Implementation of VLSI Circuits[J]. , 1986, 1(2): 72 -82 .
[6] C.Y.Chung; H.R.Hwa;. A Chinese Information Processing System[J]. , 1986, 1(2): 15 -24 .
[7] Jin Lan; Yang Yuanyuan;. A Modified Version of Chordal Ring[J]. , 1986, 1(3): 15 -32 .
[8] Wu Enhua;. A Graphics System Distributed across a Local Area Network[J]. , 1986, 1(3): 53 -64 .
[9] Zhang Cui; Zhao Qinping; Xu Jiafu;. Kernel Language KLND[J]. , 1986, 1(3): 65 -79 .
[10] Wang Jianchao; Wei Daozheng;. An Effective Test Generation Algorithm for Combinational Circuits[J]. , 1986, 1(4): 1 -16 .

ISSN 1000-9000(Print)

CN 11-2296/TP

Editorial Board
Author Guidelines
Journal of Computer Science and Technology
Institute of Computing Technology, Chinese Academy of Sciences
P.O. Box 2704, Beijing 100190 P.R. China
  Copyright ©2015 JCST, All Rights Reserved