Skip to main content
SpringerLink
Log in

Query Authentication Using Intel SGX for Blockchain Light Clients

  • Regular Paper
  • Published:
Journal of Computer Science and Technology Aims and scope Submit manuscript

Abstract

Due to limited computing and storage resources, light clients and full nodes coexist in a typical blockchain system. Any query from light clients must be forwarded to full nodes for execution, and light clients verify the integrity of query results returned. Since existing verifiable queries based on an authenticated data structure (ADS) suffer from significant network, storage and computing overheads by virtue of verification objects (VOs), an alternative way turns to the trusted execution environment (TEE), with which light clients do not need to receive or verify any VO. However, state-of-the-art TEEs cannot deal with large-scale applications conveniently due to the limited secure memory space (e.g., the size of the enclave in Intel SGX (software guard extensions), a typical TEE product, is only 128 MB). Hence, we organize data hierarchically in trusted (enclave) and untrusted memory, along with hot data buffered in the enclave to reduce page swapping overhead between two kinds of memory. The cost analysis and empirical study validate the effectiveness of our proposed scheme. The VO size of our scheme is reduced by one to two orders of magnitude compared with that of the traditional scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

References

  1. Pang H H, Tan K L. Authenticating query results in edge computing. In Proc. the 20th IEEE International Conference on Data Engineering, Apr. 2004, pp.560–571. https://doi.org/10.1109/ICDE.2004.1320027.

  2. Li F F, Hadjieleftheriou M, Kollios G, Reyzin L. Dynamic authenticated index structures for outsourced databases. In Proc. the 2006 ACM SIGMOD International Conference on Management of Data, Jun. 2006, pp.121–132. https://doi.org/10.1145/1142473.1142488.

  3. McKeen F, Alexandrovich I, Berenzon A, Rozas C V, Shafi H, Shanbhogue V, Savagaonkar U R. Innovative instructions and software model for isolated execution. In Proc. the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, Jun. 2013, Article No. 10. https://doi.org/10.1145/2487726.2488368.

  4. Weisse O, Bertacco V, Austin T. Regaining lost cycles with HotCalls: A fast interface for SGX secure enclaves. In Proc. the 44th ACM/IEEE Annual International Symposium on Computer Architecture, Jun. 2017, pp.81–93. https://doi.org/10.1145/3079856.3080208.

  5. Shao Q F, Pang S F, Zhang Z, Jin C Q. Authenticated range query using SGX for blockchain light clients. In Proc. the 25th International Conference on Database Systems for Advanced Applications, Aug. 2020, pp.306–321. https://doi.org/10.1007/978-3-030-59419-0_19.

  6. Li F F, Hadjieleftheriou M, Kollios G, Reyzin L. Authenticated index structures for aggregation queries. ACM Trans. Information and System Security, 2010, 13(4): 32. https://doi.org/10.1145/1880022.1880026.

    Article  Google Scholar 

  7. Merkle R C. A certified digital signature. In Proc. the 1989 Conference on the Theory and Application of Cryptology, Aug. 1989, pp.218–238. https://doi.org/10.1007/0-387-34805-0_21.

  8. Yang Y, Papadias D, Papadopoulos S, Kalnis P. Authenticated join processing in outsourced databases. In Proc. the 2009 ACM SIGMOD International Conference on Management of Data, Jun. 2009, pp.5–18. https://doi.org/10.1145/1559845.1559849.

  9. Li J W, Squicciarini A C, Lin D, Sundareswaran S, Jia C F. MMBcloud-tree: Authenticated index for verifiable cloud service selection. IEEE Trans. Dependable and Secure Computing, 2017, 14(2): 185–198. https://doi.org/10.1109/TDSC.2015.2445752.

    Article  Google Scholar 

  10. Hu S S, Cai C J, Wang Q, Wang C, Luo X Y, Ren K. Searching an encrypted cloud meets blockchain: A decentralized, reliable and fair realization. In Proc. the 2018 IEEE Conference on Computer Communications, Apr. 2018, pp.792–800. https://doi.org/10.1109/INFOCOM.2018.8485890.

  11. Xu C, Zhang C, Xu J J. vChain: Enabling verifiable Boolean range queries over blockchain databases. In Proc. the 2019 International Conference on Management of Data, Jun. 2019, pp.141–158. https://doi.org/10.1145/3299869.3300083.

  12. Zhang C, Xu C, Xu J L, Tang Y Z, Choi B. GEM^2-tree: A gas-efficient structure for authenticated range queries in blockchain. In Proc. the 35th IEEE International Conference on Data Engineering, Apr. 2019, pp.842–853. https://doi.org/10.1109/ICDE.2019.00080.

  13. Zhu Y C, Zhang Z, Jin C Q, Zhou A Y, Yan Y. SEBDB: Semantics empowered blockChain database. In Proc. the35th IEEE International Conference on Data Engineering, Apr. 2019, pp.1820–1831. https://doi.org/10.1109/ICDE.2019.00198.

  14. Zhang F, Cecchetti E, Croman K, Juels A, Shi E. Town crier: An authenticated data feed for smart contracts. In Proc. the 2016 ACM SIGSAC Conference on Computer and Communications Security, Oct. 2016, pp.270–282. https://doi.org/10.1145/2976749.2978326.

  15. Cheng R, Zhang F, Kos J, He W, Hynes N, Johnson N, Juels A, Miller A, Song D. Ekiden: A platform for confidentiality-preserving, trustworthy, and performant smart contracts. In Proc. the 2019 IEEE European Symposium on Security and Privacy, Jun. 2019, pp.185–200. https://doi.org/10.1109/EuroSP.2019.00023.

  16. Yan Y, Wei C Z, Guo X P, Lu X M, Zheng X F, Liu Q, Zhou C H, Song X Y, Zhao B R, Zhang H, Jiang G F. Confidentiality support over financial grade consortium blockchain. In Proc. the 2020 ACM SIGMOD International Conference on Management of Data, Jun. 2020, pp. 2227–2240. https://doi.org/10.1145/3318464.3386127.

  17. Dang H, Dinh T T A, Loghin D, Chang E C, Lin Q, Ooi B C. Towards scaling blockchain systems via sharding. In Proc. the 2019 Int. Conf. Management of Data, Jun. 2019, pp.123–140. https://doi.org/10.1145/3299869.3319889.

  18. Matetic S, Wüst K, Schneider M, Kostiainen K, Karame G, Capkun S. BITE: Bitcoin lightweight client privacy using trusted execution. In Proc. the 28th USENIX Conference on Security Symposium, Aug. 2019, pp.783–800.

  19. Gray J, Bosworth A, Lyaman A, Pirahesh H. Data cube: A relational aggregation operator generalizing GROUP-BY, CROSS-TAB, and SUB-TOTAL. In Proc. the 12th IEEE International Conference on Data Engineering, Feb. 1996, pp.152–159. https://doi.org/10.1109/ICDE.1996.492099.

  20. O’Neil E J, O’Neil P E, Weikum G. The LRU-K page replacement algorithm for database disk buffering. In Proc. the 1993 ACM SIGMOD Int. Conf. Management of Data, Jun. 1993, pp.297–306. https://doi.org/10.1145/170035.170081.

  21. Gassend B, Suh G E, Clarke D E, Van Dijk M, Devadas S. Caches and hash trees for efficient memory integrity verification. In Proc. the 9th Int. Symp. High-Performance Computer Architecture, Feb. 2003, pp.295–306. https://doi.org/10.1109/HPCA.2003.1183547.

  22. Matetic S, Ahmed M, Kostiainen K, Dhar A, Sommer D, Gervais A, Juels A, Capkun S. ROTE: Rollback protection for trusted execution. In Proc. the 26th USENIX Conference on Security Symposium, Aug. 2017, pp.1289–1306.

Download references

Author information

Authors and Affiliations

  1. School of Data Science and Engineering, East China Normal University, Shanghai, 200062, China

    Qi-Feng Shao, Zhao Zhang, Che-Qing Jin & Ao-Ying Zhou

  2. School of Software, Zhongyuan University of Technology, Zhengzhou, 450007, China

    Qi-Feng Shao

Authors
  1. Qi-Feng Shao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhao Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Che-Qing Jin
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ao-Ying Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Che-Qing Jin.

Supplementary Information

ESM 1

(PDF 149 kb)

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Shao, QF., Zhang, Z., Jin, CQ. et al. Query Authentication Using Intel SGX for Blockchain Light Clients. J. Comput. Sci. Technol. 38, 714–734 (2023). https://doi.org/10.1007/s11390-022-1007-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11390-022-1007-2

Keywords

Search

Navigation