Solutions for trusted and private computations in Golem and in the wider Ecosystem
DEVCON 4
PIOTR JANIUK
We need trustworthy computations
Why do we need it?
Consensus in a trustless, decentralized network
01
Decentralized services
03
Remote computation
02
And more...
04
In the context of Golem
In the context of Golem
In the context of Golem
What is Golem?
A network of heterogeneous resources that can be either used by a requestor or provided to other participants by a provider.
01
Additional layers on top of the infrastructure (e.g., economy).
02
Problem statement
Requestor wants to be sure that
01
Problem statement
Provider on the other hand
02
High-level requirements
Requestor should be able to run an arbitrary, unmodified binary efficiently
01
High-level requirements
Requestor should be able to run an arbitrary, unmodified binary efficiently
Task input data has to be the same as prepared by the requestor
02
High-level requirements
Requestor should be able to run an arbitrary, unmodified binary efficiently
Task input data has to be the same as prepared by the requestor
The binary run by a provider must be the one requestor wanted
03
High-level requirements
Requestor should be able to run an arbitrary, unmodified binary efficiently
Task input data has to be the same as prepared by the requestor
The binary run by a provider must be the one requestor wanted
The execution of the task has to be carried out without tampering
04
High-level requirements
Requestor should be able to run an arbitrary, unmodified binary efficiently
Task input data has to be the same as prepared by the requestor
The binary run by a provider must be the one requestor wanted
The execution of the task has to be carried out without tampering
Output data cannot be altered without detection
05
High-level requirements
Requestor should be able to run an arbitrary, unmodified binary efficiently
Task input data has to be the same as prepared by the requestor
The binary run by a provider must be the one requestor wanted
The execution of the task has to be carried out without tampering
Output data cannot be altered without detection
Only the requestor can see the plain text input and output data�
06
High-level requirements
Requestor should be able to run an arbitrary, unmodified binary efficiently
Task input data has to be the same as prepared by the requestor
The binary run by a provider must be the one requestor wanted
The execution of the task has to be carried out without tampering
Output data cannot be altered without detection
Only the requestor can see the plain text input and output data�
Provider has to be protected from malicious binaries
06
Meeting the requirements
Limiting the class of problems
01
By means of the infrastructure (TEEs)
Introducing external sources of trust
03
02
Hybrid approach
04
Choosing the best approach
Tradeoff
01
Focus on a single one
02
Meeting the requirements
SGX, Graphene and Graphene-ng
SGX - short recap
Overview
01
Developer perspective - an enclave
Host (Untrusted Environment)
SGX - short recap
Summary
02
Host (Untrusted Environment)
Graphene overview
Features
01
Graphene architecture
Graphene overview
Graphene vs other approaches
02
Graphene architecture
Graphene overview
With Graphene, a developer doesn’t have to
03
Default SGX enclave building process
Graphene overview
With Graphene:
04
Graphene overview
With Graphene:
05
The next step
Graphene-ng
The next step
Graphene-ng = Graphene
+ Protected files
�+ Docker support
+ Tools (scripts)
+ Bug fixes�
The next step
Graphene-ng = Graphene
+ Protected files
�+ Docker support
+ Tools (scripts)
+ Bug fixes�
Resulting in a better UX regarding interaction with the enclave for both, the developer and the end user.
Graphene-ng by example
PoC integration with Golem
Provider setup
SGX must be enabled on provider's machine��Protected Files configuration:
02
Graphene-ng Docker configuration
Provider setup
Graphene-ng Docker for Brass Golem configuration
SGX must be enabled on provider's machine��Protected Files configuration:
03
Initialization - setup and handshake
The process
01
Application POV
Requestor POV
Requestor looks for SGX nodes in a P2P network
01
Requestor POV
And connects to available nodes that offer the SGX architecture
02
Requestor POV
It can be envisioned as if the local machine had more compute resources available locally
03
And yes, it works
Benefits for Golem and the community�
01
Next steps
SGX:
01
Development:
02
Graphene-ng Use Cases
Local Verification
01
Golem Unlimited
Golem Unlimited
Two trusted actors:
01
Golem Unlimited - powerful component with SGX
02
Golem Unlimited - storing identities
03
Use Cases - other Golem integrations
Integrations with Golem by external developers
01
Graphene-ng Use Cases
02. Wider audience
Decentralized server implementation
01
Decentralized server implementation
02
Atomic swap
Cross-blockchain atomic swap
01
Logic implemented inside Enclave
Distributed exchanges
Implemented by means of cross-blockchain atomic swap
02
Storing secrets
01
Storing secrets
02
Graphene-ng Use Cases
03. In existing projects
Minimal Viable Plasma
Minimal Viable Plasma with operator
01
Minimal Viable Plasma
Plasma chain operator can be implemented in an SGX enclave
02
Minimal Viable Plasma
Plasma chain operator can be implemented in an SGX enclave
And additionally decentralised
03
Hoard
Data streaming
Thank you
GOLEM.NETWORK
PIOTR JANIUK
contact@golem.network