Oasis Technology has the following capabilities:
* Privacy-preserving smart contracts: programmed and self-enforceable privacy protection without relying on any central party. Privacy is built into each layer from the application down to hardware.
* High-performance for real-world complex applications. Oasis believes scalability is more than just high payment transaction throughput. Oasis will scale for complex application workloads such as machine learning. They achieve scalability and integrity using architecture and protocol design without needing any trusted hardware or central party.
* Rich programming framework support such as privacy-preserving machine learning within smart contracts on their platform.
Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contract Execution (22 pages)
Abstract – Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contract Execution
Smart contracts are applications that execute on blockchains. Today they manage billions of dollars in value and motivate visionary plans for pervasive blockchain deployment. While smart contracts inherit the availability and other security assurances of blockchains, however, they are impeded by blockchains’ lack of confidentiality and poor performance.
We present Ekiden, a system that addresses these critical gaps by combining blockchains with Trusted Execution Environments (TEEs). Capable of operating on any desired blockchain, Ekiden permits concurrent, off-chain execution of smart contracts within TEE-backed compute nodes, yielding high performance, low cost, and confidentiality for sensitive data.
Ekiden enforces a strong set of security and availability properties. By maintaining on-chain state, it achieves consistency, meaning a single authoritative sequence of state transitions, and availability, meaning contracts can survive the failure of compute nodes.
Ekiden is anchored in a formal security model expressed as an ideal functionality. We prove the security of the corresponding implemented protocol in the UC framework.
Our implementation of Ekiden supports contract development in Rust and the Ethereum Virtual Machine (EVM). We present experiments for applications including machine learning models,
poker, and cryptocurrency tokens. Ekiden is designed to support multiple underlying blockchains. We have built one end-to-end instantiation of our system, Ekiden-BT, with a blockchain extending from Tendermint. Ekiden-BT achieves example performance of 600x more throughput and 400x less latency at 1000x less cost than on the Ethereum mainnet. When used with Ethereum as the backing blockchain, Ekiden still costs less than on-chain execution and supports contract confidentiality.
Ekiden uses compute nodes to perform smart contract computation over private data off chain in TEEs, then attest to their correct execution on chain. The underlying blockchain is maintained by consensus nodes, which need not use trusted hardware. Ekiden is agnostic to consensus-layer mechanics.
Oasis implemented an Ekiden prototype in 7486 lines of Rust.
Implemented Cryptokitties on Ekiden to show power and new privacy features
Cryptokitties is an Ethereum game that allows users to breed virtual cats, which are stored on chain as ERC721 tokens. Each cat has a unique set of genes that determine its appearance and therefore its value. The traits of offspring are determined by a smart contract that mixes the genes of its parents. The source code of the gene mixing contract is not publicly available: The game developers aimed to make the breeding process unpredictable.
Oasis obtained the bytecode for the gene mixing contract from the Ethereum blockchain and executed it using their Ekiden EVM port. They verified correct behavior by reproducing real transactions from the Ethereum network, ensuring that the Ekiden application returned the same genetic results given the same inputs. The contract uses blockhash of a previous block as a source of entropy, so for this experiment, they initialized our EVM state to return the
appropriate hash values from Ethereum mainnet.
This example demonstrates that Ekiden can execute an Ethereum contract even when source code is not available. Further, Ekiden can provide unique benefits for games requiring secrecy or unpredictability such as Cryptokitties. These properties are difficult to achieve with Ethereum, which makes contract code and data public. For example, the Cryptokitties gene mixing algorithm has been reverse-engineered by players seeking to maximize their chance of
breeding cats with rare traits thus undermining the game’s ecosystem. By contrast, an Ekiden contract has access to a source of randomness in hardware and allows secret elements of a game’s algorithm to be stored in encrypted state.
Future is more secure and higher performance
Ekiden can be used to implement a variety of secure decentralized applications that compute on sensitive data. In future work they plan to extend Ekiden to operate under a stronger threat model, leveraging techniques such as secure multiparty computation to protect the system’s more critical features, such as key management and coordination across compute nodes. Coordination can also facilitate parallelism in contract execution, merging concurrent output from multiple enclaves to obtain still higher performance from Ekiden.