Fabric Private Chaincode is an open source project created by IBM and Intel to enable a new form of smart contract, leveraging Intel® Software Guard Extensions (Intel® SGX) Trusted Execution Environment to help achieve confidentiality and integrity in The Linux Foundation’sHyperledger Fabric blockchains.
This new model of smart contract is well suited to many applications where it is desirable to use the well-known blockchain properties of distributed, decentralized execution and immutable ledger. This is especially true where the data being processed needs to be kept confidential even from the participants running the blockchain network. Confidentiality alone isn’t sufficient to ensure that participants can trust such a smart contract; it also requires cryptographic integrity to enable participants to be confident the smart contract is the one they agreed to use, and hasn’t been tampered with.
The Fabric Private Chaincode project is a great example of how Intel SGX can boost the value of blockchain by enabling new business models based on a new model of trust. In existing Hyperledger Fabric architectures, integrity of smart contracts is assured by having multiple peers execute the same chaincode and verify that their results match. This works well for many use cases, but not for systems that require private execution. In addition to simply enabling operations on sensitive private data such as medical or contractual information, new trust models enabled by this new technology open up the interesting possibility of designing new kinds of markets that overcome age-old problems.
In high-stakes auctions, economist Market Designers often go to great trouble to minimize incentives to game the system. It is important, for example, to limit the advantages that can be gained by watching opponent bidders’ votes before submitting one’s own vote, or attempting to conceal one’s own valuation of an asset until the opponent has revealed his or her valuation. But even a well-designed auction still relies on a model of security where the auctioneer must be trusted not to collude with a bidder.
In an auction such as a wireless spectrum auction, the stakes can be in the billions of dollars. Because such auctions are typically run by a large government agency, there are many individuals who must be trusted not to leak information to a bidder. The strong incentive of fraud combined with a security model that has a potentially large “attack surface” can add up to large insurance and legal costs for everyone involved.
Conversely, in a Fabric Private Chaincode system, it is possible to design a high-stakes auction in which the auctioneer is in fact a smart contract, for which the source code may be inspected beforehand by all parties to the auction. When the auction begins, the participants can use Intel SGX both to get a cryptographic attestation that provides evidence that the code hasn’t been modified and to limit visibility into the program while it executes. Not even the government agency running the auction can peek at the bids or tamper with the execution. This new trust model is more compatible with positive incentives to simply bid one’s true value of each asset.
Secret ballot voting systems example
Likewise, there are many ways a voting system can be gamed; for example, voting for a “spoiler candidate” to take votes away from a major party candidate in a first-past-the-post type election. Voting systems have been designed to minimize such manipulative incentives, but none is ideal for all situations. In many cases, it is desirable to allow for private voting, but again, one must trust that the person or organization that is collecting the votes is honest.
Existing systems to deal with this problem tend to be complex and expensive, with high redundancy among overseers and other safeguards. A decentralized voting system in which multiple parties can agree on the smart contract ahead of time, using Intel SGX to increase the confidence of its integrity and privacy, minimizes these incentives at very low cost. Such advanced trust architectures are applicable to many voting use cases, from public sector governmental elections to private blockchain ecosystem governance decisions.
Fabric Private Chaincode is one of an increasing number of projects leveraging the power of Intel SGX Trusted Execution Environments. These include the related Hyperledger Avalon project which will enable off-blockchain smart contract execution, and commercial offerings such as Data-in-use Protection on the IBM Cloud.
We believe that by enabling wider adoption of Trusted Execution Environment technology for high stakes use cases today, we are helping to pave the way for much more general adoption in many other use cases in the future. We hope to follow in the footsteps of HTTPS, which was adopted as a way to secure credit card purchases online; but soon after gave us the pervasive encryption that secures nearly all web traffic today.
Intel and IBM are collaborating on the Fabric Private Chaincode project to enable new and more efficient models of trust for practical high stakes, real-world blockchain applications. This is an open source project, and we welcome you to try it out and consider using it for your own pilot application, or to join us and participate in the project.