Open g2flyer opened 4 years ago
[maybe off topic] Realms in es/js at tc39 (frozen realms from SES secure ecmascript) has implemented an object graph with wet/dry as observable/private membranes to stop key leakage. A great deal of research already, this PR gives succinct insight into implementation details underway. https://github.com/salesforce/observable-membrane/pull/48
Possibly add a pointer to/summary of guidelines for writing side-channel-resistant code, for most sensitive use cases
Found this article
challenges
fpc (confidentiality) specific
leakage through (publically readable!) keys and access patterns (but not data) of key/value pairs (set of accesses from ledger and sequence of accesses at peer running enclave). Note that here is some related discussion in the "Data Model on Ledger" section in the Auction Demo specification & design
commit-and-reveal
for designated peer there is an inherent fairness issue: the peer (org) hosting the single enclave can stop processing requests if it doesn't like the state of the chaincode and prevent any progress (for other endorsement strategy this is a non-issue as any peer can be used to make progress). Depending on chaincode, this can be mitigated by careful choice of the designated peer to be at a org which is doesn't have any incentive to exploit this "priviilege" ...
...
see HLGF slides (where we announced this guide :-) for more challenges/issues