Welcome to Sentz!
Learn more here.

Learn

Fog: Enabling Mobile Custody with Oblivious Computing

To a Five-Year-Old Child:

Pretend that you have a glass jar of marbles. You are the owner of the jar. You can see who wants a marble and what marbles other kids pick out of the jar. But! What if Bobby wants to pick out a marble without you knowing which one it is? He wants it to be his secret only. Maybe you add a bunch of cotton around all of the marbles. Bobby can now reach into the jar and pull out a marble without you knowing which one he pulled out. Even though you own the jar of marbles, Bobby can secretly remove a marble without you knowing which one it is. You know he is taking a marble, but that is all. That is what MobileCoin Fog does. It keeps Bobby's marble choice encrypted, so no one else knows what marble he chose, not even you, the owner of the jar.

To a Grandparent:

MobileCoin Fog is similar to encrypted information retrieval. What if you want to find out about RVing in Alaska? You search on Google for campsites. The Google team keeps track of your searches. Suddenly, you start seeing ads for campers, camping gear, and camping insurance. When you use MobileCoin to send payments through your smartphone, the information is encrypted, and no one, not even the operators at Signal or any other messaging app you are using, can see what you have spent or with whom. No one can track your spending habits. MobileCoin Fog also makes this possible and practical on a mobile device.

To a First Year College Student:

Cryptocurrency is a form of online money where no trusted institution, like a bank or government, is responsible for the currency's value or stewardship. The issue with Bitcoin is that it is not encrypted. Anyone can track back your transactions to the beginning of the Bitcoin, harvest that data, and sell it to advertisers. It is also not easy to use because you must download the wallet software and understand the technology. And, finally, it is very slow. It can take anywhere from ten minutes to 60 minutes for a transaction to go through.

In cryptography, encrypted information retrieval is the ability to retrieve information from a server that you do not own without the operator of that server knowing what information you are trying to recover. Hiding the access pattern is extremely difficult to do. A technology called oblivious RAM (ORAM) helps this happen. MobileCoin Fog is the first production-grade open-source implementation of ORAM that exists today.

In addition, MobileCoin has placed the ORAM data structures inside Intel's Software Guard eXtension (SGX) secure enclaves, which means reads and writes do not correlate transactions with users, even in the event of a side-channel exploit against SGX. Fog serves queries without revealing significant transaction information and without compromising scalability.

Fog's query service provides an alternative to downloading the entire blockchain, which is critical for mobile devices. Users do not have to test every transaction using their cryptographic keys, which saves significant bandwidth and computations required for every new transaction. Fog does a form of processing of the blockchain but does it for the users without needing their private keys. Fog Ingest, the server that houses the ORAM in the SGX enclave, looks at the blockchain as it updates and decrypts part of each transaction. Fog prepares this decrypted information for the user to retrieve at a later point, so that users can make queries to Fog about their transactions, and check their balances and send transactions to others. The smartphone can make an oblivious request against the oblivious database in Fog. And no one knows what you are spending your MOB on! It is encrypted, fast, and easy to use.

MobileCoin's cryptocurrency payment system runs on Signal, an encrypted messaging app. In the past, people primarily used Pretty Good Privacy (PGP) to send encrypted messages via email. But, for the normal person, PGP was difficult to use. Signal developed a way to send an encrypted message without anyone having to think about the underlying cryptography. Similarly, MobileCoin has created a cryptocurrency that has an encrypted blockchain where you do not have to think about the underlying technology. In fact, when you use Signal, you do not send a cryptocurrency address. You just type in a phone number and hit send on your smartphone. Fog lets this happen.

To a Software Engineer:

MobileCoin Fog is a solution to the scalability problem of encryption for cryptocurrency. The scalability problem is the following: by design, no one can determine who owns a particular coin without having the owner's private keys. However, this forces all participants to download all the transactions and scan them with their private keys, which is prohibitive on mobile devices and demanding for casual users.

MobileCoin Fog is a solution to this problem, which:

  • Encrypt indexes the blockchain, so that your TxOut's have pseudo random keys that only you can predict
  • Provides a way to search the blockchain for your pseudo random keys
  • Provides a way to complete balance checks and build transactions, obviating the need to download the ledger completely.

Fog is dramatically more efficient than view-key scanning each transaction with each user's keys — it does only a small amount of work per transaction and does not do work per user and transaction so that it can scale up to a billion users.

A single Fog server currently supports hundreds of queries per second across the entire MobileCoin ledger, and speed is expected to improve as we continue to optimize it.

Fog's search functionality is based on a nascent technology called Oblivious RAM. This technology has been studied for decades but not shipped in a real production web service until MobileCoin launched Fog. Fog also makes critical use of Intel SGX enclaves and works within the SGX threat model to ensure that the Fog service operators have no insight into your transactions. This aspect of Fog was inspired in part by the Signal Contact Discovery service.

Fog ensures that even in a threat model where MobileCoin operators and Signal operators are hacking into the operating systems of their machines and attempting to scour them for evidence, they are unable to determine the amount or the recipient of your transaction without penetrating Intel SGX security guarantees.

Fog also has a forward secrecy property so that if a vulnerability is found in SGX, it recovers gracefully after the patch. Crucially, users' private keys are never inside of Fog SGX enclaves, and they always remain on your mobile device.

Architecturally, Fog consists of four scalable microservices and a database that stores a post-processed version of the blockchain (with the indexing information).

Fog Ingest:

  • This service is responsible for post-processing the blockchain and creating the indexes. The Fog Ingest SGX enclave maintains a private key and emits the public key in an SGX-signed record called the Fog Report. When sending MOB to a Fog address, MobileCoin users obtain the report and encrypt part of the address (the view public key) for Fog Ingest so that it can know who to tag the payment for. This ciphertext becomes part of the TxOut and goes into the blockchain when the TxOut is validated. Later, Fog Ingest picks it up, and the enclave is able to perform the indexing. The indexing works by creating a cryptographic PRNG for each user — these PRNGs are stored in an Oblivious RAM inside of SGX. The seed to the PRNG is created by key exchange against the user's public key, and the key exchange message gets committed to the database. This ensures that the users can always reconstruct their RNGs as long as they have their private keys. TxOut's are tagged with successive outputs of the RNGs and then committed to the database. After this, the Fog Ingest enclave deletes each TxOut's specific information to create forward secrecy.

Fog View:

  • This service is responsible for helping users find their TxOuts based on the indexing performed by Fog Ingest. Fog View makes it possible for users to find key exchange messages so that they can build their RNGs. Fog View also hosts an oblivious RAM inside of an SGX enclave into which it loads all of the post-processed TxOuts. It then supports queries based on the outputs of PRNGs so that users can download their exact TxOuts.

Fog Ledger:

  • This service is responsible for helping users perform other tasks that would otherwise require downloading the blockchain ledger. One such task is performing key-image checks, which resolves whether a TxOut you downloaded is already spent and is a critical step in balance checking. Another such task is building Merkle proofs of membership for your TxOut, which is required to submit to consensus. This is also an SGX service, and all queries like this are mediated by oblivious RAM, similar to Fog View.

Fog Report:

  • This service hosts the Fog Report — it is accessible to all users so that they can send transactions to Fog users.

Summary

Altogether, these microservices are the basis of Signal's integration with MobileCoin, providing the best-in-class mobile payments experience in terms of convenience, ease of use, speed, cost, and encryption.

Download the Whitepaper