How to Prevent Super Nodes Collude Together to Use Malicious Programs to Do Evil?
Trias held a technology sharing meetup at the University of Hong Kong on Sept. 21. Trias CTO Dr. Wei Ming delivered a speech titled ‘TEE-Based Consensus Working Method’.
According to Dr. Wei Ming, a node wants to join the Trias consensus network and become a TEE super consensus node, the whole process will go through four parts: Birth, Transmission, Ladder and Change.
First, you need to follow the Trias community’s requirements, and then you need to configure or install the environment in which you want to join the consensus node. One condition, of course, is that you have TEE’s base, such as SGX, TrustZone, TXT and so on. If none of these are available, we can provide a means of simulation, but it is not recommended because the safety factor is low. When each consensus node to be joined has installed the corresponding environment, and has access to the Trias network as required. It will be immediately added to a little game called ‘God’s dice’ temporarily. Everyone here should know that in traditional centralized systems, for each node to be secure, they need to constantly hide themselves. They can’t let others know where they are, or even through physical isolation. But in the public chain of Trias, if you want to be the super TEE consensus node in this network, you need to get everyone to agree on your security capabilities. Like the law of the jungle, you have to be better than everyone else to be the leader here. In fact, the new nodes need to be able to create fully balanced sieves with six default planes, depending on the network’s arithmetic, through the ‘God’s dice’ game. The first principle is to create a random distribution by Bayes, and then, through the random method of the mantissa, the quality of the random number of 6 screens is continuously made. Until the mass distributions on all six surfaces belong to the same Bayesian range, a fair sieve can be used.
The newly added nodes will broadcast messages randomly in the network, which represents a ‘challenge’ to request other nodes to confirm their own status. Thus, the problem of verification initiated in the network is solved. The authenticated information between nodes will be broadcasted in the whole network by gossip protocol, which propagates the trusted information of nodes.
Any node in the network may be attacked maliciously. If one of the consensus nodes in the current consensus nodes has been attacked and controlled, other nodes in the network that have verified the node will publish the problem and record it in Kernel. If the problem is found to be problematic by multiple nodes, the node will be considered malicious and will be dynamically removed from the consensus node set. At this point, the highest ranked and safest non-consensus node will be selected in order to replace the problematic node through the Ladder published in this cycle.
To change the consensus node in real time, we need to change the ValidatorSet. Currently Trias is based on Ladder to get a list of new consensus nodes. Then we construct the Validator List to request EM’s RPC Server through the RPC Client, and EM receives the request to update the in-memory Validator List. TM generates blocks and sends endblocks to EM. At the same time, EM will return the Validator List to TM, and then TM will update the local Validator List.
The finalizeCommit function of ConsensusState will be called in the final stage of consensus. ApplyBlock will get EndBlock from ValExecBlock->execBlockOnProxyApp->EndBlockSync and get validators from it. Then we update the block and validators through the SetBlockAndValidators of State. Finally, we update the new validators to ConsensusState’s validators through the updateToState of ConsensusState.
Finally, Dr. Wei Ming also demonstrated the formation process and changes of TEE ladder. He said that in most public chain projects, the operational environment security of each consensus node cannot be guaranteed, so many consensus nodes are needed to reach consensus to improve security. Then we will face several problems. First, we cannot determine the safety of the project. Second, if we increase the number of nodes, the performance of the public chain will decrease. But how do we ensure the running environment of each node? What if super nodes collude together to use malicious programs to do evil? Besides, is the determination of each super node determined only by people voting？
In the Trias environment, we are based on TEE technology. We will make it difficult for each participating consensus node to do evil by ensuring the credibility of the consensus environment. For example, here is a room with X light. Everything is transparent here. Then we have some workers working in this room, and we arrange a lot of people to stare at them. These workers can only do things like 1,2,3,4. This is all confirmed in advance. So after that, as long as they do one byte that’s not part of what we agreed on in advance. We will find him and punish him at once. We will not give him any opportunity to do evil. As an old Chinese saying goes, water can carry a boat or overturn it.
After the speech, the students of the University of Hong Kong had in-depth exchanges with Dr. Wei Ming on Trias consensus mechanism, TEE technology, nodes election and other topics. Trias team is always technology-oriented and takes it as mission to root trust in machines.