Query Authentication Using Intel SGX for Blockchain Light Clients

Qi-Feng Shao; Zhao Zhang; Che-Qing Jin; Ao-Ying Zhou

doi:10.1007/s11390-022-1007-2

AI Chat Paper

Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.

Chat more with AI

| Sign up

Browse by Subject

Search for peer-reviewed journals with full access.

Journals A - Z

About Us

Discover the SciOpen Platform and Achieve Your Research Goals with Ease.

About Us

Publish with Us

Support

Journals A - Z

About Us

Publish with Us

Support

Article Link

Cite

EndNote(RIS) BibTeX

Collect

Submit Manuscript

Show Outline

Outline

Show full outline

Hide outline

Outline

Show full outline

Hide outline

Regular Paper

Query Authentication Using Intel SGX for Blockchain Light Clients

Qi-Feng Shao^{¹^,²}, Zhao Zhang^¹, Che-Qing Jin^¹(

), Ao-Ying Zhou^¹

1School of Data Science and Engineering, East China Normal University, Shanghai 200062, China

2School of Software, Zhongyuan University of Technology, Zhengzhou 450007, China

Show Author Information

Abstract

Due to limited computing and storage resources, light clients and full nodes coexist in a typical blockchain system. Any query from light clients must be forwarded to full nodes for execution, and light clients verify the integrity of query results returned. Since existing verifiable queries based on an authenticated data structure (ADS) suffer from significant network, storage and computing overheads by virtue of verification objects (VOs), an alternative way turns to the trusted execution environment (TEE), with which light clients do not need to receive or verify any VO. However, state-of-the-art TEEs cannot deal with large-scale applications conveniently due to the limited secure memory space (e.g., the size of the enclave in Intel SGX (software guard extensions), a typical TEE product, is only 128 MB). Hence, we organize data hierarchically in trusted (enclave) and untrusted memory, along with hot data buffered in the enclave to reduce page swapping overhead between two kinds of memory. The cost analysis and empirical study validate the effectiveness of our proposed scheme. The VO size of our scheme is reduced by one to two orders of magnitude compared with that of the traditional scheme.

Keywords

blockchain query authentication Merkle B-tree (MB-tree)Intel software guard extensions (SGX)

Electronic Supplementary Material

Download File(s)

JCST-2009-11007-Highlights.pdf (150 KB)

References

[1]

Pang H H, Tan K L. Authenticating query results in edge computing. In Proc. the 20th IEEE International Conference on Data Engineering, Apr. 2004, pp.560–571. DOI: 10.1109/ICDE.2004.1320027.

Crossref

[2]

Li F F, Hadjieleftheriou M, Kollios G, Reyzin L. Dynamic authenticated index structures for outsourced databases. In Proc. the 2006 ACM SIGMOD International Conference on Management of Data, Jun. 2006, pp.121–132. DOI: 10.1145/1142473.1142488.

Crossref

[3]

McKeen F, Alexandrovich I, Berenzon A, Rozas C V, Shafi H, Shanbhogue V, Savagaonkar U R. Innovative instructions and software model for isolated execution. In Proc. the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, Jun. 2013, Article No. 10. DOI: 10.1145/2487726.2488368.

Crossref

[4]

Weisse O, Bertacco V, Austin T. Regaining lost cycles with HotCalls: A fast interface for SGX secure enclaves. In Proc. the 44th ACM/IEEE Annual International Symposium on Computer Architecture, Jun. 2017, pp.81–93. DOI: 110.1145/3079856.3080208.

Crossref

[5]

Shao Q F, Pang S F, Zhang Z, Jin C Q. Authenticated range query using SGX for blockchain light clients. In Proc. the 25th International Conference on Database Systems for Advanced Applications, Aug. 2020, pp.306–321. DOI: 10.1007/978-3-030-59419-0_19.

Crossref

[6]

Li F F, Hadjieleftheriou M, Kollios G, Reyzin L. Authenticated index structures for aggregation queries. ACM Trans. Information and System Security, 2010, 13(4): 32. DOI: 10.1145/1880022.1880026.

Crossref

[7]

Merkle R C. A certified digital signature. In Proc. the 1989 Conference on the Theory and Application of Cryptology, Aug. 1989, pp.218–238. DOI: 10.1007/0-387-34805-0_21.

Crossref

[8]

Yang Y, Papadias D, Papadopoulos S, Kalnis P. Authenticated join processing in outsourced databases. In Proc. the 2009 ACM SIGMOD International Conference on Management of Data, Jun. 2009, pp.5–18. DOI: 10.1145/1559845.1559849.

Crossref

[9]

Li J W, Squicciarini A C, Lin D, Sundareswaran S, Jia C F. MMB^cloud-tree: Authenticated index for verifiable cloud service selection. IEEE Trans. Dependable and Secure Computing, 2017, 14(2): 185–198. DOI: 10.1109/TDSC.2015.2445752.

Crossref

[10]

Hu S S, Cai C J, Wang Q, Wang C, Luo X Y, Ren K. Searching an encrypted cloud meets blockchain: A decentralized, reliable and fair realization. In Proc. the 2018 IEEE Conference on Computer Communications, Apr. 2018, pp.792–800. DOI: 10.1109/INFOCOM.2018.8485890.

Crossref

[11]

Xu C, Zhang C, Xu J J. vChain: Enabling verifiable Boolean range queries over blockchain databases. In Proc. the 2019 International Conference on Management of Data, Jun. 2019, pp.141–158. DOI: 10.1145/3299869.3300083.

Crossref

[12]

Zhang C, Xu C, Xu J L, Tang Y Z, Choi B. GEM^2-tree: A gas-efficient structure for authenticated range queries in blockchain. In Proc. the 35th IEEE International Conference on Data Engineering, Apr. 2019, pp.842–853. DOI: 10.1109/ICDE.2019.00080.

Crossref

[13]

Zhu Y C, Zhang Z, Jin C Q, Zhou A Y, Yan Y. SEBDB: Semantics empowered blockChain database. In Proc. the 35th IEEE International Conference on Data Engineering, Apr. 2019, pp.1820–1831. DOI: 10.1109/ICDE.2019.00198.

Crossref

[14]

Zhang F, Cecchetti E, Croman K, Juels A, Shi E. Town crier: An authenticated data feed for smart contracts. In Proc. the 2016 ACM SIGSAC Conference on Computer and Communications Security, Oct. 2016, pp.270–282. DOI: 10.1145/2976749.2978326.

Crossref

[15]

Cheng R, Zhang F, Kos J, He W, Hynes N, Johnson N, Juels A, Miller A, Song D. Ekiden: A platform for confidentiality-preserving, trustworthy, and performant smart contracts. In Proc. the 2019 IEEE European Symposium on Security and Privacy, Jun. 2019, pp.185–200. DOI: 10.1109/EuroSP.2019.00023.

Crossref

[16]

Yan Y, Wei C Z, Guo X P, Lu X M, Zheng X F, Liu Q, Zhou C H, Song X Y, Zhao B R, Zhang H, Jiang G F. Confidentiality support over financial grade consortium blockchain. In Proc. the 2020 ACM SIGMOD International Conference on Management of Data, Jun. 2020, pp.2227–2240. DOI: 10.1145/3318464.3386127.

Crossref

[17]

Dang H, Dinh T T A, Loghin D, Chang E C, Lin Q, Ooi B C. Towards scaling blockchain systems via sharding. In Proc. the 2019 Int. Conf. Management of Data, Jun. 2019, pp.123–140. DOI: 10.1145/3299869.3319889.

Crossref

[18]

Matetic S, Wüst K, Schneider M, Kostiainen K, Karame G, Capkun S. BITE: Bitcoin lightweight client privacy using trusted execution. In Proc. the 28th USENIX Conference on Security Symposium, Aug. 2019, pp.783–800.

[19]

Gray J, Bosworth A, Lyaman A, Pirahesh H. Data cube: A relational aggregation operator generalizing GROUP-BY, CROSS-TAB, and SUB-TOTAL. In Proc. the 12th IEEE International Conference on Data Engineering, Feb. 1996, pp.152–159. DOI: 10.1109/ICDE.1996.492099.

Crossref

[20]

O'Neil E J, O'Neil P E, Weikum G. The LRU-K page replacement algorithm for database disk buffering. In Proc. the 1993 ACM SIGMOD Int. Conf. Management of Data, Jun. 1993, pp.297–306. DOI: 10.1145/170035.170081.

Crossref

[21]

Gassend B, Suh G E, Clarke D E, Van Dijk M, Devadas S. Caches and hash trees for efficient memory integrity verification. In Proc. the 9th Int. Symp. High-Performance Computer Architecture, Feb. 2003, pp.295–306. DOI: 10.1109/HPCA.2003.1183547.

Crossref

[22]

Matetic S, Ahmed M, Kostiainen K, Dhar A, Sommer D, Gervais A, Juels A, Capkun S. ROTE: Rollback protection for trusted execution. In Proc. the 26th USENIX Conference on Security Symposium, Aug. 2017, pp.1289–1306.

Journal of Computer Science and Technology

Volume 38 Issue 3,
May 2023

Pages 714-734

DOI: 10.1007/s11390-022-1007-2

Cite this article:

Shao Q-F, Zhang Z, Jin C-Q, et al. Query Authentication Using Intel SGX for Blockchain Light Clients. Journal of Computer Science and Technology, 2023, 38(3): 714-734. https://doi.org/10.1007/s11390-022-1007-2

311

Views

Crossref

Web of Science

Scopus

CSCD

Google Scholar
Citation

Altmetrics

Received: 22 September 2020

Accepted: 04 March 2022

Published: 30 May 2023