Nsdi '09: 6th Usenix Symposium on Networked Systems Design and Implementation Trust and Privac Y Trinc: Small Trusted Hardware for Large Distributed

Dave described how equivocation, making conflicting statements to others, is a very common and powerful tool for selfish and malicious users in distributed systems. It occurs in the Byzantine general’s problem, voting, and BitTorrent, where traditionally 3f+1 users are needed to tolerate f malicious users. By using trusted hardware, equivocation can be made impossible, and now only 2f+1 users are needed to reach consensus. To be practical, such trusted hardware needs to be small in order for it to be easily verifiable, ubiquitous via low cost, and tamper resilient. Dave then displayed a SmartCard that had TrInc, a trusted incrementer, implemented on it. TrInc consists only of a monotonically increasing counter and a key for signing attestations; a set of TrInc counters makes up what is called a trinket. There are two types of TrInc attestations: an advance attestation that increments a counter and forever binds a message to the counter’s value, and a status attestation that allows peers to determine others’ current counter values.