TEE-based Authenticated Query Processing Over Blockchain

In a blockchain system,light nodes with limited resources(such as mobile devices)cannot maintain all blockchain data,and thus they need to submit their query requests to a full node to obtain the required data.Because blockchain nodes do not trust each other,the full node usually implements verifiable queries based on Merkel trees when providing the query service,so that light nodes can verify whether the query results received are correct or not.Compared with regular query processing,verifiable query processing considers not only query efficiency,but also query integrity.Balancing query efficiency and query integrity makes verifiable query processing subject to a number of functional and performance constraints.First,resource-constrained light nodes need to additionally receive VO(Verification Object)in addition to the query results,and verify whether the query results are integrity or not.This model makes light nodes fall into tedious query verification,which obviously defeats the original design purpose of light nodes.Second,existing blockchain systems mainly use Merkle trees to implement verifiable queries.When a Merkle tree modifies a leaf node due to a data update,its digest update propagates all the way up to the root node,incurring a logarithmic update cost.Finally,the query interface of existing blockchain systems is simple and supports very limited query types.With widespread adoption of blockchains for data-intensive applications,it is clear that this does not meet the needs for multiple query types on blockchain data.Therefore,improving the function and performance of verifiable query processing in blockchain systems is the problem to be studied in this paper.In recent years,the emergence of TEE(Trusted Execution Environment)provides a new solution to enhance the trustworthiness of blockchain systems.Therefore,this paper introduces a typical TEE product,Intel SGX(Software Guard Extensions),into blockchain systems to improve verifiable query processing,and implements verifiable range queries,join queries,aggregate queries,sliding-window aggregation and key-value queries on blockchain data.However,even with Intel SGX,implementing verifiable query processing on blockchain data still requires addressing a number of challenges.First,the memory space of SGX enclave is only 128 MB,which can not directly process large capacity data.Second,blockchain systems continuously submit transactions by block,and the large number of data updates in each block incurs a high cost of maintaining authenticated data structures.Finally,for different verifiable query types,it needs to specially design optimization schemes that meet their own query characteristics.In view of the above challenges,this paper studies verifiable query processing of multiple query types on blockchain data.The main contributions are as follows.(1)We propose the verifiable query processing integrating Intel SGX and MB-tree(Merkle B-tree)and implement verifiable range,join and aggregate queries:In this paper,by integrating Intel SGX and MB-tree,the verification path of MB-trees is shortened and the hash computation overhead is reduced.It also allows light nodes,without performing query authentication,to directly trust the query results of the full node.A hierarchical cache based on enclave memory and regular memory is designed to mitigate the limitation of the memory-constrained enclave and reduce the page swapping overhead between the two types of memory.A hybrid index consisting of an MB-tree and a skip list is designed to reduce the cost of hash computation caused by Merkle tree update propagation.(2)We provide a verifiable sliding-window aggregation that separates the index structure from the verification structure:By separating the index structure and the validation structure,a verifiable sliding-window aggregation with decoupled query logic and validation logic is proposed.A bulk insertion and deletion scheme on a sliding window is designed to take advantage of the blockchain's feature of submitting transactions periodically by block.An optimization scheme based on Fi BA and SGX is proposed to further reduce the update cost of aggregate data and digest data.(3)By integrating Merkle tree with offline memory verification,we present the verifiable key-value query processing that balances throughput and latency: A hierarchical Merkle tree and the verifiable key-value query processing combining Merkle tree and offline memory verification are proposed.The non-existence proof of a query result in Merkel tree and offline memory verification are unified.Batch verification is achieved by merging multiple queries on a Merkle tree,thus complementing the batch verification of offline memory verification.A batch update scheme of Merkle tree integrated with offline memory verification is designed to alleviate the update verification cost of Merkle tree.In summary,we alleviate the functional and performance limitations of verifiable query processing in existing blockchain systems,balancing query efficiency and query integrity.First,this paper proposes the verifiable query processing integrating Intel SGX and MB-tree and implements verifiable range,join,and aggregate queries.Second,this paper provides a verifiable sliding-window aggregation where the index structure and the verification structure are separated from each other.Finally,by integrating Merkle tree and offline memory verification,this paper presents the verifiable key-value query processing balancing throughput and latency.Performance evaluation show that the proposed solutions and techniques are efficient.