Ever since Bitcoin’s inception and the recognition of its proof of work (PoW) consensus model as the mechanism for a blockchain network’s legitimacy as a distributed ledger, numerous other consensus mechanisms have been experimented with and introduced. These new consensus mechanisms are based on Byzantine Fault Tolerance and primarily focus on reducing the energy inefficiencies associated with proof of work’s mining intensive process.
Proof of Elapsed Time (PoET) is one of these consensus mechanisms, designed to improve upon proof of work consensus and provide a fresh alternative for permissioned blockchain networks.
PoET was developed by chip manufacturing giant Intel back in 2016 as an efficient consensus mechanism primarily for permissioned blockchain networks. PoET is now the consensus model of choice for Hyperledger Sawtooth’s modular framework and is a popular tool for implementing and experimenting with distributed ledger systems.
A critical component of PoET consensus is the innovative technology that it works in conjunction with to perform the way that it does, Intel’s hyped Software Guard Extensions (SGX) programming reference manual. Introduced in 2015 with Intel’s 6th generation Core Processors, SGX functions as a Trusted Execution Environment (TEE), which allows select, trusted code to run independently of the application that it runs in.
Before understanding how the overall consensus of PoET works, it is essential to understand a little bit about how SGX functions.
What is SGX?
SGX is a sophisticated technology, but at its core, it is effectively a set of instructions for a CPU that is used by applications to isolate specific, trusted regions of code and data. It provides a secure enclave for developers to protect sensitive data or code from outside interference or inspection.
Code that runs in a TEE using SGX can produce a signed attestation from within a platform or application that is rooted in the processor and provides authentication that the code has been correctly initialized in a trusted environment. This feature has significant implications for the functionality of PoET consensus, but also creates an inherent barrier to entry and limitation to its uses.
The memory where the protected code is stored in SGX is even safe from malicious users who control physical access to a platform and have the highest authentication to access its memory. As a security feature, SGX was received with significant expectations due to the potential security afforded by this ability.
In the context of PoET consensus, SGX functions as the mechanism for participants to join the network and verify that they are running the trusted code necessary for the PoET consensus execution.
How PoET Works
PoET consensus is an efficient form of proof of work that removes the need for the mining-intensive process and replaces it with a randomized timer system for network participants. Basically, each network participant is given a random timer object and the first timer to expire “wakes up” that participant who becomes the block leader and produces the new block.
In regards to Byzantine Fault Tolerance, this provides a necessary and efficiently randomized solution for the “Random Leader Selection Problem.” Essentially, this problem is how to determine the leader of a round of consensus in Byzantine Fault Tolerant systems. For instance, Practical Byzantine Fault Tolerance uses a round-robin style format while Bitcoin’s proof of work uses Nakamoto consensus, where the leader is selected by whoever solves the computationally intensive cryptographic puzzle of each block round.
PoET consensus can be broken down into 2 phases, joining the network and verification of the TEE using SGX attestations and the actual mining lottery elapsed time round.
Network Verification and SGX
This is the initial phase of the consensus and is where SGX plays an important role. As mentioned earlier, when using SGX, you can produce a signed attestation that you are running the trusted code that was correctly set up in the TEE.
In PoET, a potential participant in the network downloads the trusted code and propagates a “join” message to the network with the signed attestation from SGX, which has produced a public/private key pair. The network of nodes then either accept or reject the attestation. If accepted, the participant joins the network and can participate in the elapsed time, randomized lottery selection process.
The Elapsed Time Lottery Random Selection
This is the second and final phase of the consensus mechanism. In each round of consensus, network participants receive a signed timer object from the trusted code which is completely randomized. The idea is to mitigate any potential malicious actor from gaming the system and attempting to consistently receive a shorter timer so that they can produce more blocks.
Each participant subsequently waits for their randomized timer to expire. The network participant’s timer that is the first to expire propagates a signed certificate to the network indicating that they are the randomized block leader for that round. The message is authenticated, and the block is produced. The round then restarts.
The propagation of the signed certification actually occurs with all of the network participants, even if they did not win. This is to ensure 2 things primarily:
- Each node was actually given a randomized object timer from the trusted code.
- The node waited for the specified time period given by the object.
As you can see, the process is entirely random, and the integration with SGX technology ensures that there is no manipulation of the trusted code that the protocol runs on. There are several other security features such as an algorithm to watch for suspicious nodes winning the lottery consistently or consistently having shorter timers where a pattern emerges.
The PoET consensus mechanism is highly efficient and is capable of scaling to thousands of nodes without breaking a sweat. The concerns are that it relies heavily on SGX for the foundation of the protocol and very recently, those concerns have been amplified.
Earlier this month, the Large-Scale Data & Systems (LSDS) group at the Imperial College of London discovered a critical vulnerability in SGX known as “Foreshadow” that can be used to attack the secure enclave of SGX.
You are probably already familiar with the origin of the attack, as there were global concerns covered extensively by mainstream media about the “Spectre” vulnerability that was discovered in modern chip processors earlier this year. The Foreshadow attack was elucidated earlier this month by the LSDS team and is an adapted version of the Spectre vulnerability. Still a developing story, it is important to keep an eye on for numerous reasons, including the integrity of PoET consensus.
Advantages & Disadvantages of Using PoET
PoET is highly efficient and not nearly as resource intensive as proof of work systems, but it also has some concerns surrounding it. So what are the general advantages and disadvantages of its use as a consensus mechanism for distributed ledger networks?
PoET is a substantial improvement in the efficiency of proof of work systems. Simultaneously, it also provides a great solution to the “Random Leader Selection Problem” without being resource intensive or requiring complex staking mechanics and incentive structures necessary with proof of stake consensus.
PoET is also an excellent consensus mechanism for permissioned networks, which is why it is the go-to consensus mechanism for Hyperledger Sawtooth. On top of that, it scales efficiently and can be used as a “plug and play” model for testing environments with Hyperledger Sawtooth.
SGX is a lauded and innovative technology, but recent developments are clearly a cause for concern regarding its use with PoET consensus. Intel will likely be able to fix the issue regarding the critical vulnerability, but the disadvantage here is the obvious and necessary reliance on a specialized hardware’s security.
Not only that, but SGX is manufactured entirely by Intel, so the reliance of the consensus model extends to Intel as a company, a third party. The notion of such a reliance runs against the new paradigm that cryptocurrencies are attempting to achieve with blockchain networks, removal of trust in intermediaries.
PoET represents another crack at providing Byzantine Fault Tolerance consensus mechanisms for distributed ledger systems. It is highly efficient and works with another novel technology itself, SGX.
Moving forward, watching the developments surrounding SGX will have a major impact on PoET as a sustainable consensus model. For now, it is an excellent tool for Hyperledger Sawtooth and plays a vital role in experimentation and developments within modular blockchain frameworks.