Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature/solution skvs #766

Open
wants to merge 10 commits into
base: main
Choose a base branch
from

Conversation

chenchanglew
Copy link
Contributor

@chenchanglew chenchanglew commented Jun 11, 2024

What this PR does / why we need it:

Implement a Rollback attack protection solution for FPC: SKVS.

Single Key-Value Storage (SKVS) is a naive approach for rollback attacks. All key-value pairs are encapsulated and stored in this approach with a single call to put_state(). During execution, the enclave must load the entire state before accessing individual key-value pairs. While this approach prevents the rollback attack, applications with large states and multiple writers will experience bad performance, as the use of a single key-value pair will cause transactions to fail due to concurrent write issues.

A user can use it by changing the chain code to SVKS chaincode
ex: skvsChaincode := fpc.NewSkvsChaincode(secretChaincode)

Which issue(s) this PR fixes:
Fixes #484

Special notes for your reviewer:
Loom demonstration video: Watch here

@chenchanglew chenchanglew requested a review from a team as a code owner June 11, 2024 12:56
chenchanglew and others added 5 commits June 11, 2024 15:03
Signed-off-by: chenchanglew <[email protected]>
Signed-off-by: chenchanglew <[email protected]>
Signed-off-by: chenchanglew <[email protected]>
Signed-off-by: chenchanglew <[email protected]>
@chenchanglew chenchanglew force-pushed the feature/solution-skvs branch from 05c5cd2 to 8fb8b84 Compare June 11, 2024 13:04
Signed-off-by: chenchanglew <[email protected]>
Comment on lines 26 to 33
// chaincode := fpc.NewPrivateChaincode(secretChaincode)
skvsChaincode := fpc.NewSkvsChaincode(secretChaincode)

// start chaincode as a service
server := &shim.ChaincodeServer{
CCID: ccid,
Address: addr,
CC: chaincode,
CC: skvsChaincode,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was wondering if we want multiple main files? So we have an example to run secret keeper with and without skvs?

/samples/chaincode/secret-keeper-go/cmd/simple/main.go
/samples/chaincode/secret-keeper-go/cmd/skvs/main.go

A few words in the secret-keeper readme would be nice as well.

"github.com/pkg/errors"
)

type SkvsStubInterface struct {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the name of this file should be all small caps

return &skvsStub{enclaveStub}
}

func (e *skvsStub) ChaincodeInvoke(stub shim.ChaincodeStubInterface, chaincodeRequestMessageBytes []byte) ([]byte, error) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have the feeling that we should remove this wrapper and instead just inject a provider function for the stub that we can set externally.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no sure about this one, might need to ask more insight

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Rollback protection Extension (aka Trusted Ledger)
2 participants