Skip to main content
SpringerLink
Log in

Aion: Secure Transaction Ordering Using TEEs

  • Conference paper
  • First Online:
Computer Security – ESORICS 2023 (ESORICS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14347))

Included in the following conference series:

  • 308 Accesses

Abstract

In state machine replication (SMR), preventing reordering attacks by ensuring a high degree of fairness when ordering commands requires that clients broadcast their commands to all processes. This is impractical due to the impact on scalability, and thus it discourages the adoption of a fair ordering of commands. Alternative approaches to order-fairness allow clients do send their commands to only one process, but provide a weaker notion of order-fairness. In particular, they disadvantage isolated processes. In this paper, we introduce Aion, a set of order-fair protocols for SMR. We first leverage trusted execution environments (TEEs) to enable processes to compute the times when commands are broadcast by their issuers. We then integrate this information into existing consensus protocols to devise order-fair SMR protocols that are both leader-based and leaderless. To realize order-fairness, Aion only requires that a client sends its commands to a single process, while at the same time enabling precise ordering during synchronous periods.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Aion is a Hellenistic deity that symbolizes a cyclic time. The name Aion stems from the fact that our protocols rely on repeating and constant network delays.

References

  1. Alves, T.: TrustZone: integrated hardware and software security. Inf. Q. 3, 18–24 (2004)

    Google Scholar 

  2. Antoniadis, K., Desjardins, A., Gramoli, V., Guerraoui, R., Zablotchi, I.: Leaderless consensus. In: 2021 IEEE 41st International Conference on Distributed Computing Systems (ICDCS), pp. 392–402. IEEE (2021)

    Google Scholar 

  3. Antoniadis, K., Guerraoui, R., Malkhi, D., Seredinschi, D.-A.: State machine replication is more expensive than consensus. In: Schmid, U., Widder, J. (eds), 32nd International Symposium on Distributed Computing (DISC 2018), volume 121 of Leibniz International Proceedings in Informatics (LIPIcs), pp. 7:1–7:18. Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik, Dagstuhl, Germany (2018)

    Google Scholar 

  4. Anwar, F.M., Garcia, L., Han, X., Srivastava, M.: Securing time in untrusted operating systems with timeseal. In: 2019 IEEE Real-Time Systems Symposium (RTSS), pp. 80–92 (2019)

    Google Scholar 

  5. Anwar, F.M., Srivastava, M.: Applications and challenges in securing time. In: 12th USENIX Workshop on Cyber Security Experimentation and Test (CSET 19) (2019)

    Google Scholar 

  6. Arun, B., Peluso, S., Palmieri, R., Losa, G., Ravindran, B.: Speeding up consensus by chasing fast decisions. In: 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 49–60 (2017)

    Google Scholar 

  7. Back, A., et al.: Hashcash-a denial of service counter-measure (2013)

    Google Scholar 

  8. Cachin, C., Kursawe, K., Petzold, F., Shoup, V.: Secure and efficient asynchronous broadcast protocols. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 524–541. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_31

    Chapter  Google Scholar 

  9. Cachin, C., . Mićić, J., Steinhauer, N., Zanolini, L.: Quick order fairness. In: Eyal, I., Garay, J. (eds.) Financial Cryptography and Data Security. FC 2022. Lecture Notes in Computer Science, vol. 13411, pp. 316–333. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-18283-9_15

  10. Chiesa, M., Kamisiński, A., Rak, J., Retvari, G., Schmid, S.: A survey of fast-recovery mechanisms in packet-switched networks. IEEE Commun. Surv. Tutorials 23(2), 1253–1301 (2021)

    Article  Google Scholar 

  11. Daian, P., et al.: Flash boys 2.0: frontrunning in decentralized exchanges, miner extractable value, and consensus instability. In: 2020 IEEE Symposium on Security and Privacy, pp. 910–927. IEEE (2020)

    Google Scholar 

  12. Défago, X., Schiper, A., Urbán, P.: Total order broadcast and multicast algorithms: taxonomy and survey. ACM Comput. Surv. 36(4), 372–421 (2004)

    Article  Google Scholar 

  13. Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)

    Article  MathSciNet  Google Scholar 

  14. Dwork, C., Lynch, N., Stockmeyer, L.: Consensus in the presence of partial synchrony. J. ACM (JACM) 35(2), 288–323 (1988)

    Article  MathSciNet  Google Scholar 

  15. Dwork, C., Naor, M.: Pricing via processing or combatting junk mail. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 139–147. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-48071-4_10

    Chapter  Google Scholar 

  16. Eskandari, S., Moosavi, S., Clark, J.: Transparent dishonesty: front-running attacks on blockchain. In: 3rd Workshop on Trusted Smart Contracts (WTSC) (2019)

    Google Scholar 

  17. Fallah, M.: A puzzle-based defense strategy against flooding attacks using game theory. IEEE Trans. Dependable Secure Comput. 7(1), 5–19 (2008)

    Article  Google Scholar 

  18. Fitzi, M., Garay, J.A.: Efficient player-optimal protocols for strong and differential consensus. In: Proceedings of the Twenty-Second Annual Symposium on Principles of Distributed Computing, pp. 211–220 (2003)

    Google Scholar 

  19. Gelashvili, R., et al.: Block-STM: scaling blockchain execution by turning ordering curse to a performance blessing. In: Proceedings of the 28th ACM SIGPLAN Annual Symposium on Principles and Practice of Parallel Programming, pp. 232–244 (2023)

    Google Scholar 

  20. Gilad, Y., Hemo, R., Micali, S., Vlachos, G., Zeldovich, N.: Algorand: scaling byzantine agreements for cryptocurrencies. In: Proceedings of the 26th Symposium on Operating Systems Principles, pp. 51–68 (2017)

    Google Scholar 

  21. Gupta, S., Rahnama, S., Pandey, S., Crooks, N., Sadoghi, M.: Dissecting BFT consensus: in trusted components we trust! In: Proceedings of the Seventeenth European Conference on Computer Systems (EuroSys), (2023)

    Google Scholar 

  22. Heimbach, L., Wattenhofer, R.: SoK: preventing transaction reordering manipulations in decentralized Finance. In: 4th ACM Conference on Advances in Financial Technologies (2022)

    Google Scholar 

  23. Kelkar, M., Deb, S., Long, S., Juels, A., Kannan, S.: Themis: fast, strong order-fairness in byzantine consensus. In: ConsensusDays 21 (2021)

    Google Scholar 

  24. Kelkar, M., Zhang, F., Goldfeder, S., Juels, A.: Order-fairness for byzantine consensus. In: Micciancio, D., Ristenpart, T. (eds.) Advances in Cryptology – CRYPTO 2020: 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, CA, USA, August 17–21, 2020, Proceedings, Part III, pp. 451–480. Springer International Publishing, Cham (2020). https://doi.org/10.1007/978-3-030-56877-1_16

    Chapter  Google Scholar 

  25. Kiayias, A., Russell, A., David, B., Oliynykov, R.: Ouroboros: a provably secure proof-of-stake blockchain protocol. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 357–388. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_12

    Chapter  Google Scholar 

  26. Kursawe, K.: Wendy, the good little fairness widget: achieving order fairness for blockchains. In: Proceedings of the 2nd ACM Conference on Advances in Financial Technologies, pp. 25–36 (2020)

    Google Scholar 

  27. Laishun, Z., Minglei, Z., Yuanbo, G.: A client puzzle based defense mechanism to resist dos attacks in WLAN. In: 2010 International Forum on Information Technology and Applications, vol. 3, pp. 424–427. IEEE (2010)

    Google Scholar 

  28. Lamport, L.: In: Time, Clocks, and the Ordering of Events in a Distributed System, pp. 179–196. Association for Computing Machinery (2019)

    Google Scholar 

  29. Lamport, L., Shostak, R., Pease, M.: In: The Byzantine Generals Problem, pp. 203–226. Association for Computing Machinery (2019)

    Google Scholar 

  30. Lenzen, C., Sommer, P., Wattenhofer, R.: Optimal clock synchronization in networks. In: Proceedings of the 7th ACM Conference on Embedded Networked Sensor Systems, pp. 225–238 (2009)

    Google Scholar 

  31. Liao, J., Zhang, F., Sun, W., Shi, W.: Speedster: an efficient multi-party state channel via enclaves. In: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security, pp. 637–651 (2022)

    Google Scholar 

  32. Lind, J., Naor, O., Eyal, I., Kelbert, F., Sirer, E.G., Pietzuch, P.: Teechain: a secure payment network with asynchronous blockchain access. In: Proceedings of the 27th ACM Symposium on Operating Systems Principles, pp. 63–79 (2019)

    Google Scholar 

  33. Liu, J., Li, W., Karame, G.O., Asokan, N.: Scalable byzantine consensus via hardware-assisted secret sharing. IEEE Trans. Comput. 68(1), 139–151 (2018)

    Article  MathSciNet  Google Scholar 

  34. Lumezanu, C., Baden, R., Spring, N., Bhattacharjee, B.: Triangle inequality and routing policy violations in the internet. In: Moon, S.B., Teixeira, R., Uhlig, S. (eds.) PAM 2009. LNCS, vol. 5448, pp. 45–54. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00975-4_5

    Chapter  Google Scholar 

  35. Lundelius, J., Lynch, N.: A new fault-tolerant algorithm for clock synchronization. In: Proceedings of the Third Annual ACM Symposium on Principles of Distributed Computing, pp. 75–88 (1984)

    Google Scholar 

  36. Malkhi, D., Reiter, M.: Byzantine quorum systems. Distrib. Comput. 11(4), 203–213 (1998)

    Article  Google Scholar 

  37. Malkhi, D., Szalachowski, P.: Maximal extractable value (MEV) protection on a DAG. In: 4th International Conference on Blockchain Economics Security and Protocols (2022)

    Google Scholar 

  38. McKeen, F., et al.: Innovative instructions and software model for isolated execution. In: HASP 2013: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, vol. 10, p. 1 (2013)

    Google Scholar 

  39. Micali, S., Rabin, M., Vadhan, S.: Verifiable random functions. In: 40th Annual Symposium on Foundations of Computer Science (cat. No. 99CB37039), pp. 120–130. IEEE (1999)

    Google Scholar 

  40. Mouchet, M., Vaton, S., Chonavel, T.: Statistical characterization of round-trip times with nonparametric hidden Markov models. In: 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), pp. 43–48. IEEE (2019)

    Google Scholar 

  41. Mouchet, M., Vaton, S., Chonavel, T., Aben, E., Den Hertog, J.: Large-scale characterization and segmentation of internet path delays with infinite HMMs. IEEE Access 8, 16771–16784 (2020)

    Article  Google Scholar 

  42. Murdock, K., Oswald, D., Garcia, F.D., Van Bulck, J., Gruss, D., Piessens, F.: Plundervolt: software-based fault injection attacks against intel SGX. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1466–1482. IEEE (2020)

    Google Scholar 

  43. Nakamoto, S.: Bitcoin: A Peer-to-peer Electronic Cash System. Decentralized Business Review, p. 21260 (2008)

    Google Scholar 

  44. Natoli, C., Gramoli, V.: The blockchain anomaly. In: 2016 IEEE 15th International Symposium on Network Computing and Applications (NCA), pp. 310–317. IEEE (2016)

    Google Scholar 

  45. Pease, M., Shostak, R., Lamport, L.: Reaching agreement in the presence of faults. J. ACM 27(2), 228–234 (1980)

    Article  MathSciNet  Google Scholar 

  46. Qin, K., Zhou, L., Gervais, A.: Quantifying blockchain extractable value: how dark is the forest? In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 198–214 (2022)

    Google Scholar 

  47. Rezende, T.F., Sutra, P.: Leaderless state-machine replication: specification, properties, limits. In: 34th International Symposium on Distributed Computing (DISC 2020), volume 179 of Leibniz International Proceedings in Informatics (LIPIcs), pp. 24:1–24:17 (2020)

    Google Scholar 

  48. Sabt, M., Achemlal, M., Bouabdallah, A.: Trusted execution environment: what it is, and what it is not. In: 2015 IEEE Trustcom/BigDataSE/Ispa, vol. 1, pp. 57–64. IEEE (2015)

    Google Scholar 

  49. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)

    Article  MathSciNet  Google Scholar 

  50. Stathakopoulou, C., Rüsch, S., Brandenburger, M., Vukolić, M.: Adding fairness to order: preventing front-running attacks in BFT protocols using tees. In: 2021 40th International Symposium on Reliable Distributed Systems (SRDS), pp. 34–45. IEEE (2021)

    Google Scholar 

  51. Wang, X., Reiter, M.K.: Defending against denial-of-service attacks with puzzle auctions. In: 2003 Symposium on Security and Privacy, 2003, pp. 78–92. IEEE (2003)

    Google Scholar 

  52. Wood, G., et al.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Proj. Yellow Pap. 151(2014), 1–32 (2014)

    Google Scholar 

  53. Wu, Y., Zhao, Z., Bao, F., Deng, R.H.: Software puzzle: a countermeasure to resource-inflated denial-of-service attacks. IEEE Trans. Inf. Forensics Secur. 10(1), 168–177 (2014)

    Google Scholar 

  54. Yin, M., Malkhi, D., Reiter, M.K., Gueta, G.G., Abraham, I.: Hotstuff: BFT consensus with linearity and responsiveness. In: Proceedings of the 2019 ACM Symposium on Principles of Distributed Computing, pp. 347–356 (2019)

    Google Scholar 

  55. Zarbafian, P., Gramoli, V.: Lyra: fast and scalable resilience to reordering attacks in blockchains. In: 2023 IEEE International Parallel & Distributed Processing Symposium. IEEE (2023)

    Google Scholar 

  56. Zhang, J., et al.: TBFT: efficient byzantine fault tolerance using trusted execution environment. In: ICC 2022 - IEEE International Conference on Communications, pp. 1004–1009 (2022)

    Google Scholar 

  57. Zhang, Y., Zhao, M., Li, T., Han, H.: Survey of attacks and defenses against SGX. In: 2020 IEEE 5th Information Technology and Mechatronics Engineering Conference (ITOEC), pp. 1492–1496. IEEE (2020)

    Google Scholar 

  58. Zhang, Y., Setty, S., Chen, Q., Zhou, L., Alvisi, L.: Byzantine ordered consensus without byzantine oligarchy. In: Proceedings of the 14th USENIX Conference on Operating Systems Design and Implementation, pp. 633–649 (2020)

    Google Scholar 

Download references

Acknowledgements

This work is supported in part by the Australian Research Council Future Fellowship funding scheme (#180100496).

Author information

Authors and Affiliations

  1. University of Sydney, Sydney, Australia

    Pouriya Zarbafian & Vincent Gramoli

  2. Redbelly Network, Sydney, Australia

    Vincent Gramoli

Authors
  1. Pouriya Zarbafian
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vincent Gramoli
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pouriya Zarbafian .

Editor information

Editors and Affiliations

  1. University of California, Irvine, CA, USA

    Gene Tsudik

  2. University of Padua, Padua, Italy

    Mauro Conti

  3. Delft University of Technology, Delft, The Netherlands

    Kaitai Liang

  4. Delft University of Technology, Delft, The Netherlands

    Georgios Smaragdakis

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zarbafian, P., Gramoli, V. (2024). Aion: Secure Transaction Ordering Using TEEs. In: Tsudik, G., Conti, M., Liang, K., Smaragdakis, G. (eds) Computer Security – ESORICS 2023. ESORICS 2023. Lecture Notes in Computer Science, vol 14347. Springer, Cham. https://doi.org/10.1007/978-3-031-51482-1_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-51482-1_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-51481-4

  • Online ISBN: 978-3-031-51482-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation