INTRODUCTION
Game-theoretical standpoint for all actors
Trust in the network
INTRODUCTION
Strict verification requirement
Nondeterministic computations
https://truebit.io - can be used in case of deterministic computations
Monte Carlo methods
source: https://www.behance.net/gallery/21615831/Testing-render-engines
INTRODUCTION
INTRODUCTION
Concent
Intel SGX technology
Technology which can be used to implement secure remote computation
and Nondeterminism
Minilight (Python)
GOLEM TECHNOLOGY
Focus on computations / computation-centric use case
Specific renderer hardcoded in provider
(POC 0.5 - Minilight)
pbrt (C++)
GOLEM TECHNOLOGY
Focus on computations / computation-centric use case
Lack of transaction framework
No payments
Rendering as a separate task
Basic protocol
Rendering task is abstracted out and decoupled from the Golem client code. The first implementation used PBRT renderer as a rendering backend
First POC
Intranet computations
GOLEM TECHNOLOGY
Execution environment:
High level task definition
Task splitting configuration
Subtask results collector
Task configuration:
GOLEM TECHNOLOGY
GOLEM TECHNOLOGY
Physical infrastructure: Heterogenous p2p network
Logical components: Requestors, providers, (optional) concents
GOLEM TECHNOLOGY
Task sending and resource distribution
Verification
GOLEM TECHNOLOGY
Provider security
Requestor security
Results verification
Infrastructure security
no unauthorized internet access (e.g. botnet protection)
GOLEM TECHNOLOGY
New topology and requirements – P2P
Distribution of execution environments
Notion of trust – reputation of the actors
New integrations – new use-cases
Actors in the network
GOLEM TECHNOLOGY
Game-theoretical conditions for all actors
Requestor incentives
Provider incentives
Notion of trust in the network (local and global schemes)
Known verification requirements and algorithms
Open market
Wants to compute cheap, fast and get a high-quality result
Wants to compute fast and make the highest possible profit
GOLEM TECHNOLOGY
Reward scheme:
Every integration can use any custom reward scheme, as long as it is compliant with the transaction framework
Key parties are:
task creators (Requestors): how they pay for computations and software
Providers: how they are rewarded (eg. per hour? per task?)
Developers: payment for software (free? donation? per node? per use? per CPU hour
Ethereum network is used to transfer value and information between the peers
Golem Technology
NONDETERMINISM
Random number generators
Floating point encoding standards on different platforms:
NONDETERMINISM
Random number generators
Float encoding standards
on different platforms:
Multithreading:
Regular CPU multithreading
NONDETERMINISM
Random number generators
Float encoding standards
on different platforms:
Multithreading:
Regular CPU multithreading
SIMT or SMT in the case of GPUs
NONDETERMINISM
Random number generators
Float encoding standards
on different platforms:
Multithreading:
Regular CPU multithreading
SIMT or SMT in the case of GPUs
Nondeterministic implementation
of MC methods
Rendering
NONDETERMINISM
Deterministic input
Nondeterministic computation
Nondeterministic results
Machine Learning
Deterministic or randomized input
Deterministic or nondeterministic computations
Nondeterministic results
NONDETERMINISM
Proof of Work
Deterministic input
Nondeterministic amount of work required
Deterministic and efficient verification
The exact amount of performed computations is hard to verify
NONDETERMINISM
NONDETERMINISM
Nondeterministic state
Nondeterministic results cannot be directly compared
Each node may see a slightly different result
A similarity measure is required
Golem's setting
Consensus between a very small (usually two) number of nodes
Means of dealing with a dispute are implemented
NONDETERMINISM
Introduction
Probabilistic space
Probabilistic measure via density function
– domain
– probabilistic measure
MONTE CARLO METHODS
Random variable
MONTE CARLO METHODS
A random variable, usually written X, is a variable whose possible values are numerical outcomes of a random phenomenon. There are two types of random variables, discrete and continuous.
Expected value
MONTE CARLO METHODS
Variance
Vector of random variables
$$P(\mathrm{E}X = \lim_{N \rightarrow \infty} \frac{1}{N} \sum_{k=1}^{N}X_k) = 1$$
Strong law of large numbers
MONTE CARLO METHODS
Monte Carlo methods are a broad class of computational algorithms that rely on repeated random sampling to obtain numerical results.
Can be used to solve any problem having a probabilistic interpretation.
By the law of large numbers, integrals described by the expected value of some random variable can be approximated by taking the empirical mean of independent samples of the variable.
MONTE CARLO METHODS
Goal
Find the best possible approximation of the integral by sampling the integrated function at a finite set of points
MONTE CARLO METHODS
$$\int_{S}f(x)dx$$
Expected Value approximation
$$\mathrm{E}(f(x)) = \int_{\Omega} f(x)p(x) dx \approx \frac{1}{N} \sum_{k=1}^{N}f(x_k) $$
$$P(\mathrm{E}X = \lim_{N \rightarrow \infty} \frac{1}{N} \sum_{k=1}^{N}X_k) = 1$$
$$\mathrm{E}(f(x)) = \int_{\Omega} f(x)dP(x) = \int_{\Omega} f(x)p(x) dx $$
Mean of a function
$$\mu(\Omega) I = \mu(\Omega) \mathrm{E}(f(x)) \approx \mu(\Omega) \frac{1}{N} \sum_{k=1}^{N}f(x_k)$$
MONTE CARLO METHODS
Integral estimation using mean value
Integral expressed in terms of an arbitrary distribution
$$\int_{\Omega}f(x)dx = \int_{\Omega} \frac{f(x)}{p(x)}p(x) dx \approx \frac{1}{N} \sum_{k=1}^{N}\frac{f(x_k)}{p(x_k)}$$
where
independent identically distributred
MONTE CARLO METHODS
$$\mathrm{E}(f(x)) = \int_{\Omega} f(x)dP(x) = \int_{\Omega} f(x)p(x) dx $$
$$\mathrm{E}(\frac{f(x)}{p(x)}) = \int_{\Omega} \frac{f(x)}{p(x)} p(x) dx = \int_{\Omega} f(x) dx$$
Problem of diminishing return
MONTE CARLO METHODS
To halve the error the number of samples has to be quadrupled.
Variance reduction techniques
Choosing density wisely we can greatly reduce initial variance (Importance Sampling)
Problem of diminishing return
MONTE CARLO METHODS
To halve the error the number of samples has to be quadrupled.
Variance reduction techniques
Domain partitioning (Stratified Sampling)
In computer graphics, the rendering equation is an integral equation in which the equilibrium radiance leaving a point is given as the sum of emitted plus reflected radiance under a geometric optics approximation.
RENDERING EQUATION
Energy
Flux
Radiance
$$\theta$$
RENDERING EQUATION
Radiant flux per unit solid angle per unit projected area
Intuitively, radiance expresses how much power (flux) arrives at (or leaves from) a certain point on a surface, per unit solid angle, and per unit projected area
Time rate of flow of radiant energy
This quantity expresses how much total energy flows from/to/through a surface per unit time
Energy of a collection of photons
Bidirectional Reflectance Distribution Function (BRDF)
Reflected radiance
RENDERING EQUATION
$$x$$
Outgoing radiance
Rendering equation
RENDERING EQUATION
Operator formulation
Neumann Series
$$T = \sum_{k=0}^{\infty} T^kL_e$$
Renderers - black box engines
The rendering equation expressed via Neumann series expansion suggests that the final solution can be composed of independently computed results.
These partial results are computed by renderers, which can be treated as black box computation engines
RENDERING EQUATION
RENDERING EQUATION
Rendering or image synthesis is the automatic process of generating a photorealistic or non-photorealistic image from a 2D or 3D model (or models in what collectively could be called a scene file) by means of computer programs. Also, the results of displaying such a model can be called a render. A scene file contains objects in a strictly defined language or data structure; it would contain geometry, viewpoint, texture, lighting, and shading information as a description of the virtual scene. The data contained in the scene file is then passed to a rendering program to be processed and output to a digital image or raster graphics image file.
(in this context) a computer program used to generate photorealistic images from a scene file (consisting of 3D models and description of materials and lights)
RENDERING EQUATION
Path formulation
Markov Chain approach
Independent evaluation of each path
RENDERING EQUATION
Each tile is rendered independently, the final image is composed of tiles rendered with full quality
Multiple, independent full resolution images are rendered. Each one uses only a fraction of samples per pixel as compared to the final result. The final image is obtained by means of averaging these intermediate results
Verification challenges
VERIFICATION CHALLENGES
Game-theoretical approach
Verification process outline
Each rational participant wants to maximize his/her benefit
1st step - automatic verification
Classifier can be easily replaced (it is a plugin architecture)
The main classifier can consist of multiple classifiers and image comparison algorithms
2nd step - manual verification and acceptance/rejection
VERIFICATION CHALLENGES
Automatic verification
Outlier removal method
Verification based on redundant computations (probabilistic)
VERIFICATION CHALLENGES
Manual verification
The final result may be accepted or rejected manually
Requestor prepares scenes and sends them together with the resources to a render farm
Render farm splits the task and distributes computations between nodes
Nodes compute partial results which are composed into final images/animations
The results are sent back to the requestor
DECENTRALIZATION
Requestor wants a valid result for the lowest price possible in a specified timeframe:
Must carefully set the number of samples for a valid result to avoid unnecessary computation
Won't pay for invalid results
Requires fair protocol in case of invalid results
DECENTRALIZATION
Provider wants to earn as much as possible for the least possible resources provided:
Can try to generate the image of lesser quality and use fewer samples than the requestor requested
May not be paid for valid results and needs to have a way of recovering the payment
Protocol must be fair
DECENTRALIZATION
VERIFICATION - MC
Blender (Cycles renderer) use-case
Bit-by-bit verification is not viable
Each tile has to be either marked as valid or invalid by automatic verification algorithm
VERIFICATION - MC
Example of classifier implementation
Local verification
Sample rectangles are rendered with the same parameters as the main tile
Each sample must match the corresponding rectangle in the tile
Total area of sample rectangles is only a small fraction of the tile area
VERIFICATION - MC
Example of classifier implementation
Redundancy
Rendering each tile multiple times and comparing
Rendering redundantly but not necessarily duplicating all pixels
Multiple schemes are possible, which makes it harder to cheat
VERIFICATION - MC
It is probabilistic
Tunable verification thresholds
Tunable trust requirements (e.g. when SGX nodes are present)
Classifier only assists
It is adjustable
COMPARISON AND VERIFICATION
Formal problem statement
provided that we know
input bitmap
renderer
unknown parameters used to render
parameters specified by the requestor
provided that we know
but we do not want to recompute the whole
Estimation
COMPARISON AND VERIFICATION
Example approach
Two transforms
Wavelet transform
Edge enhancing transform
Two measures
SSIM (structural similarity)
MSE (mean squared error)
Similarity of images
a decent algorithm is required to help the classifier decide if two bitmaps are similar enough to be treated as the result of the same computation
COMPARISON AND VERIFICATION
Importance of the transforms
Picture w/ no transform vs Picture w/ edge enhancing transform (one SPP difference in images)
COMPARISON AND VERIFICATION
Importance of the transforms
Picture w/ no transform vs Picture w/ edge enhancing transform (one SPP difference in images)
COMPARISON AND VERIFICATION
Machine Learning
Golem can be used to find the best set of hyperparameters for a given model
Hyperparameters describe network structure, eg. number of layers, number of nodes in each layer. They are set before training
Each provider is doing a full training of a neural network but for different values of hyperparameters
Requestors can use different algorithms for searching parameter space, eg. grid search, random search, bayesian optimization search
Each dot in the picture represents one set of parameters, ie. one network trained by Provider
COMPARISON AND VERIFICATION
Machine Learning - Verification
Neural network training is a sequential algorithm
Feeding sets of batches to the network is one iteration step. After every step, the provider computes the hash of the network state and sends it to requestor
Requestor asks provider for randomly chosen states and verifies that transition to the next state was done correctly
Each rectangle represents one network state. The Requestor checks the transition between randomly chosen states
COMPARISON AND VERIFICATION
Proof of Work
$$S_1$$
$$S_K$$
$$\bigcup_{i=1}^{K}S_i = S$$
$$S_i \cap S_ j= \emptyset$$
$$i \neq j$$
for
$$\ldots$$
PoW input string
PoW hash function
PoW target
PoW intermediate target (used during verification),
Providers should be paid for calculations they do
Requestors must get proper results (honest calculations)
If something goes wrong, an optional third party may be utilized to solve the dispute
It is a web service (which ultimately may be distributed)
It is a special type of node in the Golem Network
Its purpose is to improve the fairness of transactions
It is passive
It is optional
CONCENT
Enforcing communication:
After a Requestor gives a task to a Provider and the Provider starts to compute, the communication must follow the protocol. If one party goes offline or rejects accepting proper messages, Concent can enforce the right communication, or ensure that the malicious party takes responsibility for the broken communication
CONCENT
Additional verification:
Verification is performed by Requestors. If a Requestor rejects the correct result, the Provider calls Concent which performs additional verification. It is similar to the one performed by the Requestor but stronger. If the result turns out to be correct then Concent forces the Requestor to pay
CONCENT
Enforcing payment:
If a Requestor does not pay on time for accepted results, then Concent will charge payments from the Requestor's deposit
CONCENT
Requestor sends a task to a Provider
Provider calculates the task and sends the result to the Requestor
Requestor verifies and accepts the result
If the result is correct, the Requestor pays, if not they do not pay for it
CONCENT
All Concent use-cases are meant to overcome flaws like attacks/frauds
Use-cases can be initialized by one or two parties
Use-case starts when a party does not receive a response, is not paid on time, or if their results are wrongly rejected
To use Concent, parties must agree to it at the beginning by putting deposits in GNT which are transferred to a dedicated Ethereum contract
Concent has special permissions on deposits
Concent is not a free service
CONCENT
Fairness means that Requestors do not pay for incorrect results and must always pay for correct results
Main options for ensuring fairness in transactions:
Use trusted third-party
Use blockchain and/or consensus in network
Verification is critical for defining Concent and non-Concent solutions
CONCENT
A Priori assumption: Providers and Requestors trust Concent
Under normal conditions Concent is called very rarely
Concent as a service is a single-point-of-failure and may be vulnerable to DDoS attacks
The principle is that Golem Network can calculate tasks even if Concent is down
Concent service will be more decentralized in the future
It suffices for Concent to be up 99% of time
CONCENT
In the future we plan to allow others to run valid Concent services (i.e. software developers may want to run Concent for their own applications)
Technologies like SGX provide trustworthy and non-controlled calculations that are considered decentralized and i.e. can perform additional verification
CONCENT
SGX TECHNOLOGY
SGX is a set of CPU instructions and hardware platform enhancements that enable apps to create private areas within which code and associated data can be stored safe from compromise during execution. If used correctly, this protection can prevent compromise due to attacks from privileged software and many hardware attacks
Verifiable computation:
Prevents BIOS/OS/VMM/SMM/drivers attacks
Prevents bus snooping and memory tampering
Provides hardware measurement mechanism
Provides hardware attestation (local and remote)
Provides hardware sealing (to the enclave and to the author)
Example usages:
User authentication
Sensitive data processing
Verifiable computation
SGX TECHNOLOGY
Enclaves:
Similar in spirit to a DLL, SO or Dynamic Library, plus some additional configuration data
Limited to computations only (no direct IO or OS calls allowed)
IO or OS calls available by means of OCALLs mechanism (configured statically)
Enclave
Run and hosted in an untrusted environment
Once instantiated it becomes a trusted part of the app (As there may appear attacks on SGX which cannot be foreseen today)
SGX TECHNOLOGY
TCS – THREAD CONTROL STRUCTURE
Enclave creation:
Binary payload (similar to a dll) which is run inside the enclave
Configuration data:
Stack size
Heap size
Threads (via Thread Control Structures)
Enclave author’s public key
Software version
Product id
Enclave Launch:
Currently launched by Launch Enclave provided by Intel
Enclave Usage:
Communication via ECALLs and OCALLs
SGX TECHNOLOGY
ISV
Application
Application SGX Enclave
Intel IAS
SGX TECHNOLOGY
Enclave developer; assists in attestation; for now must be registered to Intel
Launches enclave and provides access to it; untrusted
Provides measurement and mrsigner for attestation and sealing; trustworthy
Intel Attestation Service - used to verify EPID during remote attestation
Measurement
Attestation
Sealing
mrenclave – hash of vanilla enclave state including its security properties – used to prove that the enclave was instantiated correctly
Local – between enclaves on a single machine
Remote – to prove the enclave validity to a remote user/client
Used to securely store persistent data
Seal to current enclave – only the enclave with the matching measurement can unseal the data
To the author – used to unseal data in enclaves developed by the same author
SGX TECHNOLOGY
Intel presence is required to attest quotes and partially to launch enclaves
Launching an enclave with all SGX features enabled requires Launch Enclave provided by Intel
Currently the Intel Attestation Service (IAS) is necessary for the remote attestation to work
ISV requires Intel approval
Remote attestation procedure does not require IAS by design and a perfectly valid remote attestation process without IAS can be implemented (once IAS is liberated)
SGX TECHNOLOGY
How SGX can be used to the advantage of Golem
Software Developer is ISV and currently can serve as attestation service - and connect to Intel to assure correctness of the enclave in question
Once a proof for an enclave is created by IAS, the proof can be subsequently verified offline
The protocol used to communicate with IAS is not critical from a security standpoint
Requestor and Concent are "hosting" Developers code
SGX AND GOLEM
How SGX nodes can be added to Golem
Additional Concent use cases
SGX AND GOLEM
When (if) SGX is liberated, then only ISV is required to have a high reputation (from requestors' point of view)
ISV has skin in the game to provide a valid enclave, so they should be trusted with attesting enclaves
SGX in Golem - possible future
How SGX nodes can be added to Golem
The most resource consuming aspect of Concent is additional verification
Concent can delegate verification to SGX nodes increasing scalability and keeping the same level of trustworthiness. It may even happen that SGX nodes computations are considered as more trustful. This makes the most sense if SGX nodes compute noticeably slower than regular nodes
In such a setting a regular node may not be incentivized to call SGX nodes directly, but there would be a special case where an SGX node would be able to provably repeat computation and compare results with questionable ones
Other solutions
May encompass sharing logic between one group of nodes and the state and history on other nodes
SGX AND GOLEM
Computations and Verification with SGX
We can run the whole computation inside an SGX enclave (if possible) and if the result is returned - it is the result of a valid computation and no verification is needed
The aforementioned approach may result in less security guarantees than the default SGX enclaves, but should still be much more secure than computations carried out the regular way
SGX AND GOLEM
Computations and Verification with SGX
SGX enclaves are restricted to computations only, but more general platforms allowing arbitrary computations inside the enclave are being researched and developed. We closely cooperate with Invisible Things Labs, the team/company solving problems in this exact area
SGX AND GOLEM
How SGX can help with verification
We can use SGX nodes and redundancy to help verify (with tunable probability) the results from regular nodes
Just as regular redundancy, but we know that results from SGX nodes are significantly more trustworthy and can be used as reference data
Additional verification logic can be implemented and run in an enclave whereas the main computation is performed on the regular host machine, but with intermediate results being sent to the Enclave
Performance
SGX supports EPC paging (enclave's private memory protected from the host and external, physical attacks), but it may be harmful to the performance
Depending on the performance impact of SGX, an appropriate fraction of calculations should be delegated to SGX nodes, the less impact, the more subtasks can be sent to SGX nodes (possibly for higher price)
SGX AND GOLEM
Summary
In a perfect world SGX or similar technology:
Should provide mechanism for verifying that declared computations indeed took place
Should assure privacy of sensitive data
Should not impose large computational overhead
Requestors shouldn’t have to verify the results locally at all
SGX or similar technology can be used to help decentralize server solutions in a secure manner
The Golem network may consist of regular nodes, nodes with SGX and Concents using SGX
Non-SGX nodes are first class citizens but may require more mechanisms to assure valid results produced by them (e.g. local verification, redundant computations, reputation)
Such technology seems to be a perfect match for nondeterministic computations (as defined in previous sections)
SGX AND GOLEM
SUMMARY
CTO, co-founder
Golem’s speaker at Devcon-0 and Devcon-1. Previously a designer and lead developer of Black Vision, a real-time rendering engine for TV broadcasting. Implemented the fastest (at the time) software jpeg2000 codec for DCP. Also took part in a few side projects related to p2p networks.
Interested in computer graphics, digital signal processing, cryptography, compilers, virtualization, blockchain tech, parallel computing, distributed computing, trustless computing and optimization techniques.
viggith@golem.network
https://www.linkedin.com/in/viggith/
For the help with this presentation thanks to:
Substantial knowledge: Aleksandra Skrzypczak, Łukasz Gleń
Design: Jacek Muszyński, Urszula Trzaskowska (Cobaltblue)
Edit: Joanna Janiuk, Dan Horne