Town Crier: An Authenticated Data Feed for Smart Contracts (eprint.iacr.org) 25 points by randombit 10y ago ↗ HN
[–] nl 10y ago ↗ It uses trusted hardware to authenticate and scrape data from HTTPS-enabled websitesIt claims to do this using SGX. However, it uses a "Relay" - a non-SGX process - to pass network data into the SGX enclave.To me that seems to make the claim of trustworthiness (in the "trustworthy computing" sense) questionable.I'm not overly familiar with SGX and I've only scanned through this proposal, but I'd love someone more knowledgeable to expand my understanding.It seems to me that the entire stack needs to be running in the SGX-enclave for it to gain the complete benefits?Nevertheless, I think this is pretty interesting. [–] niketear 10y ago ↗ No it does not. You can verify the data has not been modified given the HTPS even if it has passed through arbitrary untrusted process in the middle. Think about the ISP being outside the SGX enclave and having the same ability as Relay.
[–] niketear 10y ago ↗ No it does not. You can verify the data has not been modified given the HTPS even if it has passed through arbitrary untrusted process in the middle. Think about the ISP being outside the SGX enclave and having the same ability as Relay.
[–] tdaltonc 10y ago ↗ The interesting thing here wont be the tech, but the business model and regulatory framework.
3 comments
[ 5.0 ms ] story [ 22.9 ms ] threadIt claims to do this using SGX. However, it uses a "Relay" - a non-SGX process - to pass network data into the SGX enclave.
To me that seems to make the claim of trustworthiness (in the "trustworthy computing" sense) questionable.
I'm not overly familiar with SGX and I've only scanned through this proposal, but I'd love someone more knowledgeable to expand my understanding.
It seems to me that the entire stack needs to be running in the SGX-enclave for it to gain the complete benefits?
Nevertheless, I think this is pretty interesting.