來自於Intel project:Hyperledger Sawtooth,目前版本 PoET 1.0
PoET 其實是屬於Nakamoto consenus的一種,利用“可信執行環境”來提高當前解決方案(如工作證明)的效率。發布到Hyperledger的PoET的初始參考實現是為抽象TEE編寫的,以使其對任何TEE實現都保持靈活性。
PoET stochastically elects individual peers to execute requests at a given target rate. Individual peers sample an exponentially distributed random variable and wait for an amount of time dictated by the sample. The peer with the smallest sample wins the election.
For the purpose of achieving distributed consensus efficiently, a good lottery function has several characteristics:
- Fairness: The function should distribute leader election across the broadest possible population of participants.
- Investment: The cost of controlling the leader election process should be proportional to the value gained from it.
- Verification: It should be relatively simple for all participants to verify that the leader was legitimately selected.
現使用SGX技術構建TEE,using new secure CPU instructions which are becoming widely available in consumer and enterprise processors(現在Intel自家的cpu都支持了SGX)。PoET uses these features to ensure the safety and randomness of the leader election process without requiring the costly investment of power and specialized hardware inherent in most “proof” algorithms. (這也是其賣點,具有proof-based算法的高可擴展性,同時也具有低消耗,較高性能)
它基於如下方式運行:
- Every validator requests a wait time from an enclave (a trusted function).
- The validator with the shortest wait time for a particular transaction block is elected the leader.
- One function, such as “CreateTimer”, creates a timer for a transaction block that is guaranteed to have been created by the enclave.
- Another function, such as “CheckTimer”, verifies that the timer was created by the enclave. If the timer has expired, this function creates an attestation that can be used to verify that validator did wait the allotted time before claiming the leadership role.
The PoET leader election algorithm meets the criteria for a good lottery algorithm. 分布類似於其他彩票算法提供的分配。選舉的概率與所貢獻的資源成比例(在這種情況下,資源是具有可信執行環境的通用處理器)。An attestation of execution provides information for verifying that the certificate was created within the enclave (and that the validator waited the allotted time). Further, the low cost of participation increases the likelihood that the population of validators will be large, increasing the robustness of the consensus algorithm.
----------------------------------------------------
enclave:其實是SGX中的術語,A protected area in an application’s address space which provides confidentiality and integrity even in the presence of privileged malware.
PPK, PSK:PoET ECC public and private key created by the PoET enclave.
關鍵的函數:
這里有三種情況:如果當前SGX安全時間比waitTimer中的時間要小,那么還沒有到時間;如果比這個時間加Twt要大,那么該waiTimer失效了,過期(所以只能在Twt時間內處理);如果在區間內,則生成認證,並且置全局變量
WaitTimer activeWT 為NULL,該變量標識是否有可用的waitTimer對象
階段:Sign-up Phase(包括client side 和 server side):A validator has to wait forblock to be published on the distributed ledger before participating in an election.
階段:Election Phase:
客戶端開啟,從disk中調取密封的數據解密封,然后調用createWaitTimer函數,等待函數產生的duration時間,到了后及時調用creatWaitCertification函數,產生waitCertificate,將(waitCertificate, signature, block, OPK, PPK) 廣播出去。其它的server驗證這些tuples,最后從所有合法的waitcertificate中找最小的duration為選舉成功者。
(驗證的過程中,好幾點沒看懂??還有,驗證enclave產生的證書時,是在驗證者的enclave中驗證,還是在外部驗證?)
安全考慮:設置Twt的目的是強制執行此約束以避免在一段時間內沒有事務構建塊的情況下,幾個驗證程序在等待WaitTimers的持續時間后可能會保留,並且只有在有足夠的事務可用時才生成WaitCertificate。在這一點上,他們都會發出他們的WaitCertificates,產生大量流量並可能導致分叉。超時緩解了這個問題。
關於 Multi-user or Multi-ledger SGX Enclave Service:通過將用戶名和分類帳輸入參數設置為generateSignUpData()和unsealSignUpData(),可以為多個用戶或分類帳使用相同的包圍區。 然后將注冊元組(用戶名,分類帳,PPK,PSK,MCID)密封到磁盤,用戶名和分類帳用於生成文件名。 只要用戶對服務進行身份驗證,后者就可以將安全區解封,並使用與該用戶(和分類帳)對應的文件中的注冊元組。
參考:https://sawtooth.hyperledger.org/docs/core/releases/latest/architecture/poet.html#introduction