Towards a Trusted and Privacy Preserving Membership Service in Distributed Ledger Using Intel Software Guard Extensions

  • Xueping Liang
  • Sachin Shetty
  • Deepak Tosh
  • Peter Foytik
  • Lingchen ZhangEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10631)


Distributed Ledger Technology (DLT) provides decentralized services by removing the need of trust among distributed nodes and the trust of central authority in the distributed system. Transactions across the whole network are visible to all participating nodes. However, some transactions may contain sensitive information such as business contracts and financial reports, or even personal health records. To protect user privacy, the architecture of distributed ledger with membership service as a critical component can be adopted. We make a step towards such vision by proposing a membership service architecture that combines two promising technologies, distributed ledger and Intel Software Guard Extensions (SGX). With SGX remote attestation and isolated execution features, each distributed node can be enrolled as a trusted entity. We propose security properties for membership service in distributed ledger and illustrate how SGX capabilities help to achieve these properties in each phase of membership service, including member registration, enrollment, transaction signing and verifying and transacting auditing. The SGX enabled membership service could enhance the support of privacy preservation, and defense capabilities against adversarial attacks, with scalability and cost effectiveness.


Intel SGX Distributed ledger Membership service Security Privacy Channel 



This work was supported by Office of the Assistant Secretary of Defense for Research and Engineering (OASD (R & E)) agreement FA8750-15-2-0120. The work was also supported by a grant from the National Natural Science Foundation of China (No. 61402470) and the research project of Trusted Internet Identity Management (2016YFB0800505 and 2016YFB0800501).


  1. 1.
    Hyperledger-blockchain technologies for business.
  2. 2.
    Information security - wikipedia.
  3. 3.
    Intel architecture instruction set extensions programming reference.
  4. 4.
    Introduction - sawtooth lake latest documentation.
  5. 5.
    Multichain private blockchain white paper.
  6. 6.
    Anati, I., Gueron, S., Johnson, S., Scarlata, V.: Innovative technology for CPU based attestation and sealing. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, vol. 13 (2013)Google Scholar
  7. 7.
    Cachin, C.: Architecture of the Hyperledger blockchain fabric. In: Workshop on Distributed Cryptocurrencies and Consensus Ledgers (2016)Google Scholar
  8. 8.
    Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Persiano, G., Galdi, C. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003). Scholar
  9. 9.
    Jain, P., Desai, S., Kim, S., Shih, M.W., Lee, J., Choi, C., Shin, Y., Kim, T., Kang, B.B., Han, D.: OpenSGX: an open platform for SGX research. In: Proceedings of the Network and Distributed System Security Symposium, San Diego, CA (2016)Google Scholar
  10. 10.
    Jia, X.: Auditing the auditor: secure delegation of auditing operation over cloud storage. Technical report, IACR Cryptology ePrint Archive. Accessed 10 Aug 2016
  11. 11.
    Johnson, S., Scarlata, V., Rozas, C., Brickell, E., Mckeen, F.: Intel software guard extensions: EPID provisioning and attestation services. White Paper (2016)Google Scholar
  12. 12.
    Kaptchuk, G., Miers, I., Green, M.: Managing secrets with consensus networks: fairness, ransomware and access control. IACR Cryptology ePrint Archive 2017/201 (2017)Google Scholar
  13. 13.
    Kosba, A., Miller, A., Shi, E., Wen, Z., Papamanthou, C.: Hawk: the blockchain model of cryptography and privacy-preserving smart contracts. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 839–858. IEEE (2016)Google Scholar
  14. 14.
    Liang, X., Shetty, S., Tosh, D., Kamhoua, C., Kwiat, K., Njilla, L.: ProvChain: a blockchain-based data provenance architecture in cloud environment with enhanced privacy and availability. In: International Symposium on Cluster, Cloud and Grid Computing. IEEE/ACM (2017)Google Scholar
  15. 15.
    Lind, J., Eyal, I., Pietzuch, P., Sirer, E.G.: Teechan: payment channels using trusted execution environments. arXiv preprint arXiv:1612.07766 (2016)
  16. 16.
    McKeen, F., Alexandrovich, I., Berenzon, A., Rozas, C.V., Shafi, H., Shanbhogue, V., Savagaonkar, U.R.: Innovative instructions and software model for isolated execution. In: HASP@ ISCA, p. 10 (2013)Google Scholar
  17. 17.
    Milutinovic, M., He, W., Wu, H., Kanwal, M.: Proof of luck: an efficient blockchain consensus protocol. In: Proceedings of the 1st Workshop on System Software for Trusted Execution, p. 2. ACM (2016)Google Scholar
  18. 18.
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)Google Scholar
  19. 19.
    van Renesse, R.: A blockchain based on gossip?-a position paperGoogle Scholar
  20. 20.
    Tramer, F., Zhang, F., Lin, H., Hubaux, J.P., Juels, A., Shi, E.: Sealed-glass proofs: using transparent enclaves to prove and sell knowledge. In: 2017 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 19–34. IEEE (2017)Google Scholar
  21. 21.
    Walport, M.: Distributed ledger technology: beyond blockchain. UK Gov. Off. Sci. (2016)Google Scholar
  22. 22.
    Zhang, F., Cecchetti, E., Croman, K., Juels, A., Shi, E.: Town crier: an authenticated data feed for smart contracts. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 270–282. ACM (2016)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Xueping Liang
    • 1
    • 2
    • 3
  • Sachin Shetty
    • 4
  • Deepak Tosh
    • 5
  • Peter Foytik
    • 4
  • Lingchen Zhang
    • 1
    Email author
  1. 1.Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  2. 2.School of Cyber SecurityUniversity of Chinese Academy of SciencesBeijingChina
  3. 3.College of EngineeringTennessee State UniversityNashvilleUSA
  4. 4.Virginia Modeling Analysis and Simulation CenterOld Dominion UniversityNorfolkUSA
  5. 5.Department of Computer ScienceNorfolk State UniversityNorfolkUSA

Personalised recommendations