Blockchain, the technology that digital currencies like Bitcoin are based on, ought to be ideal for business applications – if only it was fast enough and coped better with scale. Bitcoin, for example, could only cope with a fraction of the numbers of card transactions that Visa or Mastercard handle.
As a transparent, decentralized shared ledger that can’t be changed, blockchain systems should be ideal for, say, tracking products all the way through a supply chain, whether that’s car components, fruit and vegetables or pharmaceuticals, without waiting for all the updates to go through some central approval process.
“We think blockchain has huge potential across a whole set of industries,” Azure CTO Mark Russinovich told TechRadar Pro. “Typically, enterprises want to use blockchain in a consortium environment, where there are multiple parties, different organizations or different groups in the same organization who want to get rid of the friction of a centralized ledger, or a consortium where there’s no single authority that everybody trusts to maintain the source of truth.
“Blockchain, distributed ledger, gives them an opportunity to get rid of the middleman and have full transparency about the interactions between different organizations.”
But businesses that have been trying out blockchain systems have been running into some key problems that Microsoft’s new open source Coco Framework is designed to solve. The first thing is to get rid of the compute-intensive proofs of work that make Bitcoin mining use so much energy, and slow down transactions because everyone in the consortium has to calculate them all.
“If you’re using a proof of work like the open source Ethereum ledger you end up having very high latencies and low throughput and the consensus algorithms take time to converge,” Russinovich explained.
Ethereum mines blocks about every 10 seconds, so the latency is 10 to 20 seconds and the throughput only 15 or 20 transactions a second, he estimates. In practice, the latency can be close to a minute. “If you want to wait for a transition fully committed on the network, you're typically waiting for multiple blocks to be mined on top of the one you're interested in, to make sure it's not going to be undone because there was a split in the network and another longer blockchain ends up winning, invalidating the one with your transaction in.”
This is further complicated due to smart contracts that need to refer to information that changes over time – like currency rates or LIBOR – or to information from a database that’s only available inside one company, because the validation nodes calculating the same transaction won’t get the same information at the same time if they don’t have access to the database.
Managing who’s part of a blockchain consortium is also complicated, because you have to distribute keys to new members – and try to remove them from anyone who leaves.
Faster and fairer
Microsoft’s Coco Framework solves all those problems by replacing the tedious proof of work computation with trusting submissions to the ledger because they come from a ‘trusted execution environment’ (TEE) secured by silicon. After all, if you trust the secure enclave on your iPhone to store your fingerprint and use that to make credit card transactions, why not trust the same hardware encryption to protect a blockchain transaction?
“You can put code into processor-protected memory, where nothing outside, even in the processor, can see anything that's going on; it can’t see the data or the compute that’s going on in the enclave,” Russinovich explained. That lets you build a trusted network between everyone in a consortium blockchain.
He elaborates: “You put the Coco code in the secure enclave, along with the code that implements the ledger, the transaction validation and processing of the ledger, and the smart contract runtime, plus the constitution that has the rules for how new members get added to your network and how you eject members from the network.”
The constitution includes the network addresses for everyone in the consortium. Because a secure enclave can attest to what it's got configured inside it, all the nodes can trust each other because they trust the trusted environments to protect what’s inside them (and they encrypt the transactions they send to each other).
Russinovich notes: “They trust the TEE to prevent outside tampering – so a transaction processed by one of them is simply broadcast and you use a normal quorum-based algorithm for achieving consensus like any kind of distributed system.
“You don't have to worry about hostile parties, because the network is fully trusted. That removes the need for complex proof of work mining and other complex algorithms, and that gives you throughput and latency that looks like what you would get out of any distributed database.”
Note that Coco is a framework, not a ledger; in fact it uses other ledgers. Ethereum is working already, and Intel along with J P Morgan Chase are porting their ledgers to Coco – plus other blockchain ledgers will also integrate with it.
You can also choose what algorithm you want to use to achieve consensus. In one test using the Ethereum ledger in Coco, the network delivered 1,500-1,600 transactions per second with latency between 100-200 milliseconds – far faster than Ethereum itself running on the same hardware. Russinovich says Coco will also scale to networks with hundreds of thousands of participants.
Because each transaction is only calculated once, time-sensitive or restricted data isn’t a problem either. As long as you see all the same transactions on every node and there’s no double spending, it doesn’t matter what order they arrive in (so you can have the flexibility to deal with network faults and nodes that are only online during business hours, for example).
- Battle royale: Bitcoin vs distributed ledger vs Ethereum vs blockchain
Confidentiality and good conduct
Using the TEE also gives businesses the privacy and confidentiality that’s currently hard to get from a blockchain. Take a supply chain that involves multiple suppliers and multiple retailers – the transparency of blockchain addresses problems of reconciliation and avoiding fraud, but you don’t want one retailer to see what orders another retailer is placing, or one supplier to see who is ordering from their competition and what price they’re paying.
“Some ledgers use zero knowledge proofs and side chains to try to provide some privacy and confidentiality, but those are extremely complicated and resource intensive. They often require some central authority as the root of trust, for example for cryptographic keys for zero knowledge proofs, and the models of interacting with chains are very cumbersome,” Russinovich pointed out.
With Coco, the TEE just enforces the rules in the constitution and the smart contracts, which includes data access rules to give you privacy and confidentiality. “If we’re in a consortium, we can agree rules that say if a transaction is marked as private only the parties involved can see the contents. That is simply an ACL just like it would be on a file in a folder, so you don't have to jump through cryptographic hoops. If you ask for a list of transactions in the blockchain, it just omits the ones you don't have access to.”
Trusting the other members of the consortium means you can vote on undoing problematic transactions instead of having to fork the blockchain the way you do today, if it turns out there was a mistake in the smart contract, say. “You can have a blockchain that’s much more resilient to mistakes,” Russinovich observed.
Managing the membership works the same way. He noted: “When I suggest a new member comes into the consortium, we vote by executing an admin transaction to the Coco network. The Coco network looks at the constitution and sees it says if a majority say yes, then the network allows the new member to join their own TEE into the network.”
Microsoft is working on another framework called Vault that will add extra protection. “We're doing research on ways to defend against malfeasance and compromise of the code running in the enclave,” Russinovich told us. Vault will let members of a consortium monitor what other members are doing and eject someone who’s behaving badly. “They can detect a member who is doing denial of service by not allowing transactions from particular members, or when a member is trying to fork the blockchain.”
Initially Coco works with the Intel Software Guard eXtensions (SGX), but Russinovich expects it to come to other secure enclaves like the Hyper-V-protected Virtual Secure Mode that already protects the logon process and domain credentials in Windows 10. He says: “There are going to be multiple levels of secure enclaves, and different enclaves will be suitable depending on the risk profile of the consortium.”
If you’re confident a partner isn’t going to hook up a logic analyzer to try and get secrets out of the hardware, you can still trust Hyper-V to protect the network even if that partner is attacked by hackers.
Coco won’t only work on Azure. When the open source Coco code is made available later in the year, you’ll be able to create blockchain networks using your own servers too, or another public cloud.
Russinovich describes himself as having been somewhat skeptical about blockchains but Coco has changed his mind by building on the hardware security of trusted execution environments. He notes: “We view it as the missing piece in the enterprise blockchain stack.”
- Is the 'utopian' blockchain tech ultimately doomed to fail?