There have been many major security incidents during the development of the blockchain. For example, in August 2010, the use of integer overflow vulnerabilities creates 184.4 billion bitcoins out of thin air. The ransomware of the previous period caused huge losses. We must pay more attention to blockchain security, and make blockchain safe from classified protection. Only trusted computing can solve the security of blockchain.
How to do it?
Trusted computing may provide a solution. Everyone often hears ‘security and trustworthy.’ First, we need to distinguish between security and trustworthy. The trustworthy we are talking about here is a basic concept in trusted computing. If the behavior of the entity matches the expected behavior for a particular purpose, then the entity is said to be authentic for this purpose. But what we say ‘trustworthy’ does not mean that its behavior must be safe. For example, a computer system sometimes fails, and sometimes it is attacked. If this phenomenon occurs within our expectations, the system is still believable, but it is not necessarily safe. Therefore, credibility emphasizes whether the behavior of the entity matches the expected behavior.
Trias is to build a decentralized common platform for trusted computing to achieve a trusted software execution environment, ensuring that the right software produces the expected output with the right input; and a set of decentralized auditable and traceable trusted software development operations and maintenance systems ensure that the software’s own behavior can be verified and traced. In the end, the correct all-platform hardware environment is guaranteed to implement the correct native application, achieving the security strength of the Near Blockchain 2.0 smart contract. Further, using the pass-through economic model, Trias drives the computing power and the software to operate in an ecologically healthy, orderly and safe manner, realizing the orderly scheduling of trusted software in the trusted execution environment, and finally achieving the trustworthy and reliable all-platform programming.
Trusted Computing was proposed by the Trusted Computing Group (TCG) in order to know if the working state of the computing environment is as expected. It can be understood from the following four aspects.
1. The user’s identity authentication reflects the trust of the user, that is, whether the user is sufficiently trustworthy;
2. The correctness of the platform software and hardware configuration reflects the user’s trust in the platform operating environment, such as whether the platform runs the desired operating system;
3. The integrity and legitimacy of the application, reflecting the credibility of the application running, such as whether you are trustworthy for the application running on my system;
4. The verifiability between the platforms reflects the mutual trust between the platforms in the network environment. In the network environment, the platforms need to communicate with each other, which involves mutual trust between the platforms.
Trusted computing is also to solve the trust problem in these four aspects.
Three attributes of trusted computing are defined in the specification developed by TCG:
1. Identification: The user of the computer system can determine the identity of the object with whom they are communicating, such as whether my computer system can identify whether a user’s identity is the identity it expects;
2. Integrity: The user ensures that information can be transmitted correctly.
3. Privacy: Users believe that the system can guarantee the privacy of information and will not be easily leaked.
TCG is also hoping to start from the underlying hardware, using a trusted computing platform supported by hardware security modules in computing and communication systems to improve overall security.
The Trias blockchain fundamentally reduces and optimizes the consensus process and the node cost by using the heterogeneous consensus algorithm of trusted computing and improves the consensus speed. Through the combination of trusted computing and DevSecOps, starting from the software source phase, each time the changed behavior is based on the traceable chain analysis and deposit verification. With the trusted computing technology, the access and data access of the external chain device is based on the traditional mining software or wallet access method, and the entire users’ operating environment performs metrics and verification of trusted computing to ensure the verification of the state of the user’s operating environment in 7*24 hours. Even if there is a 1-byte non-whitelist change, the non-trusted outer chain can be found. The behavior and nodes solve the problem of the low cost of access destruction of existing blockchain technologies. With a range of technical features of trusted computing technology, Trias is able to support a wider and more versatile application scenario. For example, trusted software traceability and threat intelligence platform, intelligent manufacturing and logistics supply chain, financial big data platform, medical big data platform, entertainment video content compliance computing platform, automatic driving AI training computing platform, etc.
