Graphene-ng demo + DEVCON4 TEEs/SGX actions recap
The week before Devcon4 was intense, we launched the first GPU integration; we open-sourced the code of Golem Unlimited and announced Joanna Rutkowska was joining us as CSO (Chief Strategy/Security Officer). This might have seemed like too much information for a single week; however, it was a conscious choice as the following week was set to be focused on one of our flagship products, Graphene-ng, our framework for SGX.
Thanks to Joanna’s and Piotr’s (our CTO) leadership on SGX, and the collaboration between ITL (Joanna’s former company) and our team; we presented our work at DEVCON4 to other groups working on TEEs (Trusted Execution Environments) our work on marrying Graphene-ng with SGX and our analysis on SGX and what needs to be done in order for this technology to operate within decentralized architectures.
Our Devcon4 TEE/SGX-oriented series of events began on Monday, September 29th, with a private workshop alongside the other teams working on this. The event was aimed to propel better coordination between the groups. As the workshop was meant to be private, Chatham House Rules were applied to it. However, Joanna has shared the presentation she gave on SGX, which you can read here.
The second day of the conference, Piotr “Viggith” Janiuk presented a comprehensive presentation on enclaves, SGX, and Graphene-ng is applied on the applications level and where it can be used within the Golem ecosystem. In addition, he introduced different use-cases that go beyond Golem where this technology can be applied. In regard to other applications for the Ethereum ecosystem — for instance, it can be used on decentralized servers implementations, atomic swaps, distributed exchanges, Minimal Viable Plasma, Hoard, and data streaming, to name a few.
Our solution is being built and it works. However, there are a number of items that are needed to work on before launch. These issues have been identified, not only by Golem but other teams as well, and are on the way to be addressed.
Some days after our SGX workshop, Intel hosted a TEEs session and panel at DEVCON, hosted by Sanjay Bakshi. The first half of the session featured presentations from the host, who explained SGX and Intel’s position; Guy Zyskind for Enigma and Noah Johnson for Oasis Labs presented Privacy Preserving Smart Contracts using enclaves; Marley Gray from Microsoft Azure explained thoroughly the work on enclave ready Ethereum Virtual Machine, a C++ implementation of the EVM that can run within a TEE; while Lei Zhang representing iExec gave a high-level explanation of SGX for trusted computations and the implementation they are conducting. Additionally, Sidd Bahsin for Weeve IoT explained their approach as well.
After these brief presentations, the panel on TEEs commenced, featuring Joanna, Thomas Bertani for Oraclize, Andreas Freund (Consensys), Marley Gray and Sanjay Bakshi once again; moderated by Tom Morris (Intel). The panel was brief yet insightful and the participants expressed their positions towards the future of decentralized architectures with TEEs.
Some of the main conclusions were:
- SGX, as it stands now, cannot be decentralized (for more information read Joanna’s conclusions on this point and more, in her presentation linked above).
- TEEs are not a silver bullet for secure computations in untrusted settings. A combination of methods needs to be implemented to get to an acceptable level of trust.
- These technologies can only offer limited protection.
- Coordination and joint work between Intel and the interested parties is necessary.
In order to provide an overview of the direction we are taking, our team has prepared a Graphene-ng SGX demo. SGX (executed on the Graphene-ng framework, in this instance) is a technology that facilitates two core cornerstones of Golem’s development: security and reliability.
Graphene-ng is an outstanding piece of technology by itself, but also, it is an environment which can be easily used to run almost any binary, as proved in the Brass Golem integration, which uses this exact technology without needing any Golem-specific tweaks.
Without further do, please enjoy our demo.