Recap: Phala Tech Talk 101— Trusted Execution Environment
This is the Q&A collection for Phala Tech Talk 101, in case you missed the live stream. Note: the following text is an excerpt, enjoy it!
Q. Is there a repository of all current use-cases designed or approved by the Phala team ?
A: We have https://app.phala.network, and it contains all the official applications of Phala Network. To my best knowledge, there are several interesting DApps under development in our on-going Hackathon, and they shall be submitted here (https://github.com/Phala-Network/Encode-Hackathon-2021/issues) as Advanced Challenges. Keep following!
Q. Tee can be vulnerable to new meltdown/spectre, exists the possibility to the nodes using these vulnerabilities, read all the transactions that are executing?
A: First, the key management infrastructure in Phala (i.e. Gatekeeper) will only run on SGX with confidential level 1~2, which is (mostly) resistant to known side channel attacks like meltdown, spectre, RIDL, LVI, e.t.c.
Second, we can mitigate the side-channel vulnerabilities in low confidential level nodes with several methods:
1. We try to shorten the attack time window with random contract deployment and key rotation mechanism. Especially the Rolling Re-encryption of Contract States (in https://wiki.phala.network/en-us/docs/spec/#rolling-re-encryption-of-contract-states) can provide strong protection since it tries to imitate one-time pad;
2. We try to limit the attack gadgets which can be utilized by attackers. Our coming contracts will be run in WASM in TEE, and the host functions are limited. Although we do not use gadget-free compiler toolchain, I think such virtualization can still reduce the potential gadgets for side channel attacks.
Also the smart contract scenarios are different from normal programs since it’s expensive to send requests to contracts. And Phala supports access control in its low-cost off-chain queries. Side-channel attacks are more perceivable in smart contracts since you will observe many suspicious probing transactions.
Q. What is the biggest advantage of Phala TEE versus the current industry standard?
A: To me, there are mainly two points.
First, we can provide a stronger security promise than raw TEE solutions since we combine blockchain with TEE and our contracts will be executed in a controlled environment (WASM in pRuntime) instead of on raw hardware.
Second, it should be more friendly to developers since we abstract out the low-level details. For example, Phala now supports SGX, and will support AMD SEV some day, while our developers need not to care about the underlying hardwares. Also we will spawn the contract instances across multiple workers to ensure availability, which is also out of their concern.
Q. How do you look at the continuity of Phala in regards to TEE updating. BIOS updates and Intel patches are scarce and hard to get for Intel SGX. Also the new 11 gen does not have SGX (Yet) and chipsets beyond 5xx have no SGX at all enabled. Even though Intel says to support SGX, what would happen if there are no (compatible) TEE devices that can support the network?
A: We had a discussion with Intel Officials and the SGX 2.0 will still be available on the new Xeon family. The BIOS updates for certain motherboards can be hard to get, while you can always get the microcode updates. Also, I myself own an old Intel NUC 8 and its firmware updates are released frequently.
Nevertheless, we are exploring the possibility to support more TEE solutions like AMD SEV and incoming ARM CCA. So this seems not to be a real problem at least in the near future.
Q. What would make Phala more accessible to businesses / individuals in the medium term? — I mean how people will see Phala Network as useful and make the jump to using the network — how will this be communicated to businesses…
Moderator: can you describe the medium term?
XXX: i think he means Phala is too complex at this time, and how Phala thinks to make it accessible on short or medium term
Moderator: yes — how to communicate its usefulness. People will understand security and privacy, but making the jump can require business case + accessible
A: Yes, the underlying technology of Phala can be really obscure to our customers and developers. That’s why we try to launch the Tech Talks: we try to explain complicated technology with plain language to the community to let people know what we are doing.
While developing on Phala blockchain should not be that hard since we will support the existing Ink! smart contracts. Also we try to provide easy-to-use applications (in https://app.phala.network/) for our customers.
Q. Can other blockchains use Phala for computational scaling?
A: Yes, of course. For now they can communicate with Phala in two ways: XCM used by Substrate-based blockchains, and providing a HTTP API for Phala contracts to access.
Q. Does Phala have plans to secure any enterprise/customer partnerships in the near term?
A: Yes. In fact, we already developed some partnerships with projects including DeFi, Metaverse, NFT, storages, and traditional industries. We will keep looking for more valuable cooperation opportunities in the future.
Here are some existing partnerships Phala already established.
https://docs.google.com/spreadsheets/d/1Wfa4zdRtxmp5M5yzDF6Ty6V6CUzoZ_7cSbcVdWlFr2A/edit#gid=0
Q. Does ARM processors offer more flexibility and scalability as compared to Intel processors (as they are more centralized) ?
A: The ARM CCA is still not available so I think it’s too early to judge.
Q. Since there was a Partnership with Seedify regarding Blockchain gaming. Will it be possible in the future to implement Cloud computing gaming seamlessly like Geforce now for example, more secure and more private of course? Play like games real life with high computation power
A: Yes, running a game server on Phala is appropriate since we support real time computation with contract Query (https://wiki.phala.network/en-us/docs/developer/your-first-confidential-contract/). This is one of the major advantages over existing smart contract platforms. Since Phala does not support GPU, the real-time rendering should be processed locally instead of in smart contracts.
Q. Does Phala envisage a future where it coexists and collaborates with AWS, Microsoft Azure, and Google Cloud? Or does it plan to disrupt/replace these current cloud computing service providers?
A: To replace these giants is too far-fetched to me. While Phala does have its advantages: It offers trustless computation since your program states and data are guarded by hardwares. It should offer a good price compared to the existing service providers since we don’t buy our own servers and all the Workers are managed automatically by the chain. Also you shall experience low latency in Phala since its P2P network nodes should be “closer” to you.
*For full version, please check the video below.
About Phala
Phala Network tackles the issue of trust in the computation cloud.
This blockchain is a trustless computation platform that enables massive cloud processing without sacrificing data confidentiality. Built around TEE-based privacy technology already embedded into modern processors, Phala Network’s distributed computing cloud is versatile and confidential. By separating the consensus mechanism from computation, Phala ensures processing power is highly scalable but not wasteful. Together, this creates the infrastructure for a powerful, secure, and scalable trustless computing cloud.
As a member parachain of the Polkadot cross-chain ecosystem, Phala will be able to provide computing power to other blockchain applications while protecting the data layer, enabling possibilities like privacy-protected DeFi trading positions and transaction history, co-computing DID confidential data, developing light-node cross-chain bridges, and more.
On-chain services currently being developed on Phala Network include Web3 Analytics: high-performance smart contracts from Phala to enable highly concurrent mass data analytics with privacy, paving the way for an alternative to Google Analytics that inherently respects individual confidentiality.
🍽 — Subscribe | Website | Twitter | Github
🥤 — Discord | Forum | Telegram |Italiano |Français | Persian
