TZ4Fabric: Executing Smart Contracts with ARM TrustZone

39th International Symposium on Reliable Distributed Systems 2020
Shanghai, China
TZ4Fabric
Executing Smart Contracts with ARM TrustZone
Christina Müller†, Marcus Brandenburger∗, Christian Cachin†,
Pascal Felber‡, Christian Göttel‡, Valerio Schiavoni‡
†University of Bern, Cryptology and Data Security
∗IBM Research Zurich
‡University of Neuchâtel, Complex Systems
SRDS’20 22.09.2020 | CRYPTO, IBM & IIUN | Christian Göttel | christian.goettel@unine.ch
TZ4Fabric: Executing Smart Contracts with ARM TrustZone 1 / 16

Introduction
Motivating scenario
Coﬀee tracking system
Blockchain with smart contracts
Supply-chain tracing

Introduction
Motivating scenario
Problem: hardware and software integrity can
be compromised

Introduction
Motivating scenario
Problem: hardware and software integrity can
be compromised
Solution: trusted execution environments
(TEE)
hardware and software components shielding
from attacks
Based on Fabric Private Chaincode [SRDS’19]
Smart contract execution and ledger are
shielded by Intel SGX

Background
Raspberry Pi
Component Raspberry
SoC Broadcom R
VideoCore with ARM Cortex-A
Memory LPDDR
Disk microSD or HDD/SSD via USB
Ethernet Fast or Gigabit
Other Audio, BT, Camera, Display, GPIO, HDMI, WiFi

Background
ARM TrustZone
EL0
EL1 EL1
EL0
EL3 EL3
EL2
Secure Monitor
Hypervisor
OS
App
TOS
TA
EL2SPM
SMC
SMCHVCSVC
SMC
SMCHVCSVC
Normal World Secure World
A set of Arm security extensions
Hardware separation of worlds
through NS-bit
Exception level (EL)
Higher numbered EL have higher
privilege
Secure Monitor Call (SMC) to
switch worlds
Trusted execution environment (TEE)
GlobalPlatfrom (GP) TEE standard

Background
Open Portable TEE
EL0
EL1
EL2
EL3
Normal World Secure World
EL0
EL1
EL2
EL3
Secure Monitor Dispatcher
xen
Driver
OP-TEE
tee-supplicant
libteeclibc
TA
libutee
OP-TEE
OS PTA
CA
CA: client application
TA: trusted application
PTA: pseudo trusted application

Background
Hyperledger Fabric
Phase 1: Endorsement
Application sends transaction proposal to endorsing peers
Peers invoke chaincode and produce result
Peers send transaction response with endorsement back
100100010100000001
001001111010100011
101110101101110010
001001001010011110
100100010100000001
001001111010100011
101110101101110010
001001001010011110
?
?
?

Background
Hyperledger Fabric
Phase 2: Ordering
Transactions are sent to ordering service
Ordering service orders transaction responses into blocks

Background
Hyperledger Fabric
Phase 3: Validation
Orderings service broadcasts blocks to peers
Peers validate block and append it to ledger
Peers apply write set if there is no conﬂict

Architecture
100100010100000001
001001111010100011
101110101101110010
001001001010011110
Client Wrapper Proxy
Orderer
Wrapper: facilitate communication with the proxy via gRPC
Proxy: wrapper interface to chaincode running in normal world
Chaincode: smart contract executed in secure world with TZ

Evaluation
Setup
Nodes: 1× orderer, 1 − 8× peer, 1 − 8× proxy, 1 − 8× client
Server: dual socket Intel Xeon L5420 at 2.5 GHz and 8 GB RAM
Raspberry Pi 3B and 3B+ with PoE

Evaluation
Preliminary Evaluation
1 2 4 8
1
4
16
64
256
1024
Number of clients
Throughput[tx/s]
Read throughput
1 2 4 8
1
4
16
64
256
1024
Number of clients
Latency[ms]
Read latency
baseline QEMU QEMU baseline RaPi RaPi
Baseline RaPi achieves higher throughput than emulated RaPi with QEMU
Lower throughput of prototype than emulated RaPi
Throughput gets worse with increasing number of clients
Also higher latency with a single client
Possible bottleneck?

Evaluation
Latency Breakdown
create gRPC stream
chaincode_wrapper chaincode_proxy
chaincode
client
invoke
TEEC_OpenSession
GetStateResponse(ii)
GetStateRequest(ii)
InvocationResponse(iv)
return
{A}
TEEC_CloseSession
TEEC_InvokeCommand(i)
return(i)
TEEC_InvokeCommand(iii)
return(iii)
{D}
{J}
{M}
{G}
InvocationRequest(iv)
{O}
{N}
{B}
{C}
{I}
{E}
{H}
{K}
{L}
{F}
Time each segment individually
Segment B contributes 65 − 75% of
the total time
Load chaincode as TA
Before invocation
TEEC_OpenSession
All other segments contribute up to
1%
Problem identiﬁcation:
Reuse TEE context and TA session

Evaluation
Throughput
0 200 400
0
1
2
Throughput [tx/s]
Latency[s]
a) Read latency
1 2 4 8 16 32 64 128
0
200
400
Number of clients
Throughput[tx/s]
b) Transactions
0 200 400
0
200
400
600
Throughput [tx/s]
Energy[J/tx]
c) Energy
0 200 400
0
1
2
Throughput [tx/s]
Latency[s]
d) Write latency
1 2 4 8 16 32 64 128
0
200
400
Number of clients
Throughput[tx/s]
e) Transactions
0 200 400
0
200
400
600
Throughput [tx/s]
Energy[J/tx]
f) Energy

Evaluation
Energy
0 200 400
26
28
30
Throughput [tx/s]
Ordererenergy[kJ]
a) Orderer reads
0 200 400
26
27
28
29
Throughput [tx/s]
Avgpeerenergy[kJ]
b) Peer reads
0 200 400
0
10
20
30
Throughput [tx/s]
Avgproxyenergy[kJ]
c) Proxy reads
0 200 400
26
27
28
29
Throughput [tx/s]
Ordererenergy[kJ]
d) Orderer writes
0 200 400
26
27
28
Throughput [tx/s]
Avgpeerenergy[kJ]
e) Peer writes
0 200 400
0
10
20
30
Throughput [tx/s]
Avgproxyenergy[kJ]
f) Proxy writes

Conclusion & Future Work
Conclusion:
Deployment of chaincodes on TZ-enabled devices in Hyperledger Fabric
Shielding chaincode execution with TZ
TZ4Fabric prototype running on Raspberry Pi 3B and 3B+
Performance and energy trade-oﬀs
Future:
Consolidation of proxy and peer
How will performance and energy be impacted?
Reuse TEE context and TA session in prototype
Simplify the installation of chaincodes with TZ in TZ4Fabric
Attempt to shield the ledger

Thank you
Thank you for your attention!
The research leading to these results has received funding from the European
Union’s Horizon 2020 research and innovation programme under the LEGaTO
Project (legato-project.eu), grant agreement No 780681.

TZ4Fabric: Executing Smart Contracts with ARM TrustZone

More Related Content

What's hot (14)

Similar to TZ4Fabric: Executing Smart Contracts with ARM TrustZone (20)

More from LEGATO project (20)

Recently uploaded (20)

TZ4Fabric: Executing Smart Contracts with ARM TrustZone