Trusted computing meets blockchain: Rollback attacks and a solution for hyperledger fabric
A smart contract on a blockchain cannot keep a secret because its data is replicated on all nodes in a network. To remedy this problem, it has been suggested combining blockchains with trusted execution environments (TEEs), such as Intel SGX, for executing applications that demand confidentiality. As a consequence, untrusted blockchain nodes cannot get access to the data and computations inside the TEE. This paper first explores issues that arise from the combination of TEEs with blockchains: Smart contracts executed inside TEEs are susceptible to rollback attacks, which should be prevented to maintain confidentiality for the application. However, in blockchains with non-final consensus protocols, such as the proof-of-work in Ethereum and others, the contract execution must handle rollbacks by design. This implies that TEEs for securing smart-contract execution cannot be directly used for such blockchains; this approach works only when the consensus decisions are final. Second, this work introduces an architecture and a prototype for smart-contract execution within Intel SGX for Hyperledger Fabric, a prominent enterprise blockchain platform. Our system resolves additional difficulties posed by the specific execute-order-validate architecture of Fabric, prevents rollback attacks on TEE-based execution as far as possible, and minimizes the trusted computing base. For increasing security, our design encapsulates each application on the blockchain within its own enclave that shields it from the host system. An evaluation shows that the overhead of moving the execution into SGX is within 10%-20% for a sealed-bid auction application.