Multisig, Trusted Enclaves, and Hybrid Consensus: Securing Blockchain

Blockchain and the cryptocurrency ecosystem often clash, yet both are essential for industry growth. The core issue blockchain aims to solve is trust in the digital world, which remains elusive until challenges such as security, performance, and consistency are fully addressed.

UCloud’s 2018 UCan afternoon‑tea salon explored blockchain and digital‑currency security under the theme “From Blockchain to Digital‑Currency Security.” Speakers discussed multisignature, trusted blockchain for data flow, virtual‑currency safety, and public‑chain construction, providing developers with practical ideas and solutions.

NEM – Multisignature Introduction

NEM, launched in 2014, offers services like payments, messaging, namespaces, asset lifecycle management, and multisignature. Co‑founder Ma Hongbin explained the current security landscape and NEM’s multisignature implementation.

Multisignature (multisig) requires multiple users to sign a digital asset. While a single‑key address follows a 1/1 model, multisig follows an m/n model where n private keys can sign and m signatures are needed to authorize a transaction, enhancing cryptocurrency security.

Traditional blockchain digital signatures derive a public key from a private key, hash it with RIPEMD‑160, then apply SHA3‑256 and Base32 encoding. While 1/1 offers direct control, loss of the private key means irrevocable loss of access.

Multisignature accounts can support up to 32 co‑signers, allowing flexible signing policies (e.g., 1‑of‑3, 2‑of‑3, or 3‑of‑3). If a signer leaves or loses a key, a new address can be added, making the system adaptable for asset ownership, notarization, and more.

Future directions include multi‑layer multisignature for scenarios such as quality‑certification where sensor data and manufacturer confirmation are required.

UCloud – Trusted Blockchain for Data Flow (Liu Yuan)

Despite cloud computing’s maturity, data security remains a major concern, especially when processing encrypted data in memory for big‑data analytics. UCloud integrates Intel SGX trusted execution environments with blockchain to create a trustworthy data‑flow platform.

Trusted Execution Environments (TEE) run isolated, hardware‑protected code, obtaining keys after remote attestation. This protects against side‑channel attacks.

Trusted blockchain combines a base blockchain with SGX nodes. Data owners, result users, platform providers, and regulators all participate, establishing smart contracts that trigger SGX enclaves to decrypt, process, and re‑encrypt data. After processing, raw data is destroyed, and only encrypted results are written back to the blockchain.

An example app shows data flowing from an untrusted part to an SGX enclave (trusted part) where code execution is protected from the OS, VMM, BIOS, and other privileged components.

The trusted blockchain platform offers four key benefits: scalable computation, decentralized trust, strong data security, and migratable tasks.

UCloud – Virtual Currency Security (Chen Shunhang)

With the rise of blockchain‑based cryptocurrencies, theft incidents have surged. In the first three months of 2018, exchanges such as NiceHash, LocalBitcoins, Coincheck, and Youbit4 suffered losses totaling approximately $864 million.

Security challenges fall into three categories: rapid industry growth lowering entry barriers, persistent traditional vulnerabilities (e.g., Parity multisig bug, phishing), and emerging threats such as 51 % attacks and eclipse attacks.

Proposed solutions include cultivating security awareness, leveraging cloud infrastructure for mature protection services, and adopting third‑party security products (e.g., firewalls, intrusion detection, vulnerability scanning).

UCloud’s security architecture deploys high‑defense services (UADS), web application firewalls (UEWAF), SSL, host intrusion detection (UHIDS), web vulnerability scanning (UWS), fraud detection, and data encryption to protect users.

ChipChain – Solving Blockchain Performance Bottlenecks (Hu Jichen)

Increasing transaction volume strains existing blockchains, leading to congestion. ChipChain’s HPB introduces a hardware‑software co‑design architecture, including a Blockchain Offload Engine (BOE) that combines CPU serial processing with FPGA/ASIC parallelism for high‑throughput, low‑latency operation.

BOE connects via 1G/10G Ethernet, handling packet processing, integrity checks, signature verification, and data sharding, while incentivizing contributors based on bandwidth usage.

Compared with other solutions, HPB’s dedicated blockchain servers integrate hardware acceleration, consensus optimization, data compression, and encryption, supporting millions of users per second.

Genaro Network – Building the Next‑Generation Public Chain (Wu Weilong)

Current mainstream consensus mechanisms are Proof‑of‑Work (PoW) and Proof‑of‑Stake (PoS). PoW offers strong fault tolerance but suffers from low performance and high resource consumption. PoS improves performance but introduces risks such as “nothing at stake” and long‑range attacks.

No stake at risk : Validators can sign conflicting blocks without penalty, threatening consensus security.

Long‑range attack : An attacker creates a fork after unlocking stakes, potentially invalidating the main chain.

Genaro introduces SPoR (Storage‑Proof‑of‑Retrievability) to select trustworthy nodes. SPoR proves data ownership by fragmenting files across nodes, making attacks costlier. The hybrid consensus combines PoS incentives with SPoR‑based node selection, preventing “nothing at stake” and mitigating long‑range threats.

Testing shows 100‑200 block‑producing nodes, with GNX token staking for block rights, PoS rewards, and storage‑lease income. Unlike EOS’s DPoS, Genaro’s committee selects nodes based on contribution, stability, stake, and storage usage, reducing the influence of pure financial power.

Upcoming Session

The next UCan afternoon‑tea will focus on “Game Publishing: Challenges and Solutions,” discussing pitfalls and strategies for taking games overseas. Interested readers can click “Read Original” to claim a free ticket for the July 21 event in Chengdu.