Search

CN-121979633-A - Method performed by a computing device and method performed by an aggregation coordinator

CN121979633ACN 121979633 ACN121979633 ACN 121979633ACN-121979633-A

Abstract

The present disclosure relates to methods performed by a computing device and methods performed by an aggregation coordinator. A method performed by a computing device that includes a trusted execution environment includes receiving a computing task specification from an aggregation coordinator, executing a computing task associated with the computing task specification in the trusted execution environment, generating device execution evidence based on execution of the computing task, and transmitting the device execution evidence to the aggregation coordinator.

Inventors

  • LI JINING

Assignees

  • 上高证券有限公司

Dates

Publication Date
20260505
Application Date
20260113

Claims (20)

  1. 1. A method performed by a computing device, the computing device comprising a trusted execution environment, the method comprising: receiving a computing task specification from an aggregation coordinator; executing a computing task associated with the computing task specification in the trusted execution environment; generating device execution evidence based on the execution of the computing task, and And sending the device execution evidence to the aggregation coordinator.
  2. 2. The method of claim 1, wherein the computing job specification is received from the syndication coordinator via an authenticated communication channel and the device execution evidence is sent to the syndication coordinator via the authenticated communication channel.
  3. 3. The method of claim 1, further comprising: determining whether a computing type associated with the computing task specification is of a computing type permitted by a local security policy of the trusted execution environment, and The computing task is executed in the trusted execution environment in the event that the computing type associated with the computing task specification is determined to be of a computing type permitted by a local security policy of the trusted execution environment.
  4. 4. The method of claim 1, wherein executing the computing task in the trusted execution environment comprises: Decrypting input data associated with the computing task in the trusted execution environment; protecting intermediate computing states associated with the computing tasks from unauthorized access, and Input data, output data, and execution parameters associated with the computing task are cryptographically hashed in the trusted execution environment.
  5. 5. The method of claim 1, wherein the device execution evidence comprises one or more of a trusted execution environment attestation report signed by a hardware trust root of the computing device, a cryptographic hash of input data, output data, and execution parameters associated with the computing task, a digital signature binding the device execution evidence to a cryptographic identity of the computing device, and time information associated with execution time of the computing task.
  6. 6. The method of claim 1, further comprising: Receiving from the syndication coordinator a syndication evidence credential indicating that the device execution evidence was used as part of a unified syndication evidence, and Calculating rewards is requested from a distributed ledger network using the aggregated evidence certificates, wherein the distributed ledger network is implemented as a blockchain network.
  7. 7. The method of claim 1, further comprising performing mutual authentication with the syndication coordinator by: Exchanging trusted execution environment credentials with the syndication coordinator; Verifying the trusted execution environment certification of the aggregation coordinator, and After the trusted execution environment attestation of the syndication coordinator passes the verification of the computing device and the trusted execution environment attestation of the computing device passes the verification of the syndication coordinator, a session key with the syndication coordinator is generated by a key exchange with the syndication coordinator in the trusted execution environment.
  8. 8. The method of claim 7, wherein the trusted execution environment attestation of any of the aggregation coordinator and the computing device comprises one or more of a device identifier, a certificate chain, a random number, a timestamp, a signature, and a device key.
  9. 9. The method of claim 7, wherein verifying the trusted execution environment attestation of the syndication coordinator comprises: Extracting a certificate chain from a trusted execution environment certificate of the aggregation coordinator; Performing verification on the certificate chain up to a trusted root certificate authority; Verifying whether the trusted execution environment of the aggregate coordinator proves that the trusted execution environment comprises a security claim indicating one or more of a secure root verification state, a debug mode not activated, a hardware key storage available, a physical tamper resistance, and If the trusted execution environment attestation of the syndication coordinator includes a security claim indicating predetermined information, determining that the trusted execution environment attestation of the syndication coordinator passes the verification of the computing device, otherwise determining that the trusted execution environment attestation of the syndication coordinator fails the verification of the computing device.
  10. 10. The method of claim 5, wherein the trusted execution environment attestation report includes one or more of a firmware measurement loaded during secure launch of the trusted execution environment, a device unique identifier derived from a hardware fuse of the computing device, a security version number indicating a patch level of application software associated with the computing task in the trusted execution environment, a signature created by a hardware trust root private key inaccessible to application software associated with the computing task in the trusted execution environment, and a timestamp binding the trusted execution environment attestation report to a particular point in time.
  11. 11. The method of claim 3, wherein the local security policy of the trusted execution environment includes one or more of a whitelist of permitted computing types signed by a private key of a device owner of the computing device, a resource limit specifying maximum central processor usage, memory allocation, and execution duration, a data access permission defining local data sources accessible during computing, a network communication constraint specifying allowed external service endpoints, and an automatic abort mechanism terminating computing if the local security policy of the trusted execution environment is violated.
  12. 12. The method of claim 1, wherein the trusted execution environment is a software-based trusted execution environment that includes a virtualization-based security module, a virtual machine monitor-enforced memory isolation mechanism, and a software attestation mechanism using code measurements, and is cryptographically bound to a hardware root of trust of the computing device.
  13. 13. A computer readable storage medium having stored therein computer executable instructions, wherein the computer executable instructions, when executed by a processor of a computing device comprising a trusted execution environment, perform the method of any of claims 1 to 12.
  14. 14. A method performed by an aggregation coordinator, comprising: receiving a task execution request to execute a computing task from a distributed application, wherein the distributed application is located on a distributed ledger network implemented as a blockchain network; Finding a plurality of computing devices available to perform the computing task, wherein each computing device of the plurality of computing devices includes a trusted execution environment; dividing the computing task into a plurality of computing sub-tasks and distributing the plurality of computing sub-tasks to the plurality of computing devices; Receiving a plurality of device execution evidence from the plurality of computing devices, wherein each device execution evidence of the plurality of device execution evidence is generated by a trusted execution environment of a respective computing device of the plurality of computing devices based on execution of a respective computing sub-task of the plurality of computing sub-tasks, and Aggregating the plurality of device execution evidence based on a cryptographic aggregation mechanism to generate unified aggregate evidence and submitting the unified aggregate evidence to the distributed ledger network.
  15. 15. The method of claim 14, further comprising executing evidence for each device of the plurality of devices executing evidence: judging whether the equipment execution evidence is effective evidence or ineffective evidence based on Bayesian fault-tolerant mechanism, and When the device execution evidence is judged to be valid evidence, the device execution evidence is used as a component part of the unified aggregation evidence, and an aggregation evidence certificate is sent to a computing device for providing the device execution evidence so that the computing device for providing the device execution evidence can request to calculate rewards from the distributed ledger network.
  16. 16. The method of claim 15, further comprising: When the device execution evidence is judged to be invalid evidence, the device execution evidence is not used as a component part of the unified aggregation evidence, and the password identity of the computing device providing the device execution evidence is recorded in a blacklist stored on the distributed ledger network.
  17. 17. The method of claim 15, wherein the device execution evidence provided by a predetermined number of the plurality of computing devices is aggregated when the device execution evidence provided by the predetermined number of computing devices is valid evidence.
  18. 18. The method of claim 14, wherein the aggregating the plurality of device execution evidence is performed using Merkle tree aggregation, BLS signature aggregation, or zero knowledge evidence aggregation.
  19. 19. The method of claim 14, further comprising: Synchronizing device clocks of the plurality of computing devices using a trusted time source, and And when the plurality of device execution evidences are aggregated, excluding the device execution evidences, of which the time indicated by the time information is outside a preset time period, from the plurality of device execution evidences.
  20. 20. The method of claim 14, wherein the syndication coordinator is implemented as a decentralized network of syndication nodes for which at least half of the syndication nodes must agree prior to submitting the unified syndication evidence to the distributed ledger network.

Description

Method performed by a computing device and method performed by an aggregation coordinator Technical Field The present disclosure relates to the field of data processing, and more particularly to methods performed by a computing device and methods performed by an aggregation coordinator. Background With the development of computer technology, software applications associated with computing tasks such as artificial intelligence model training/reasoning, three-dimensional video rendering, environmental sensor data processing, and genome sequence analysis are increasingly being applied in various fields. A single computing device, due to very limited computing resources, typically consumes a long time in executing the computing tasks of such software applications, which can limit the application scenarios of such software applications and/or degrade the user experience of such software applications. Disclosure of Invention According to some embodiments of the present disclosure, a method performed by a computing device that includes a trusted execution environment is provided that includes receiving a computing task specification from an aggregation coordinator, performing a computing task associated with the computing task specification in the trusted execution environment, generating device execution evidence based on the execution of the computing task, and sending the device execution evidence to the aggregation coordinator. According to some embodiments of the present disclosure, a method performed by an aggregation coordinator is provided that includes receiving a task execution request to execute a computing task from a distributed application, wherein the distributed application is located on a distributed ledger network implemented as a blockchain network, finding a plurality of computing devices available to execute the computing task, wherein each of the plurality of computing devices includes a trusted execution environment, dividing the computing task into a plurality of computing sub-tasks and distributing the plurality of computing sub-tasks to the plurality of computing devices, receiving a plurality of device execution evidence from the plurality of computing devices, wherein each of the plurality of device execution evidence is generated by the trusted execution environment of a respective one of the plurality of computing devices based on execution of the respective one of the plurality of computing sub-tasks, and aggregating the plurality of device execution evidence based on a cryptographic aggregation mechanism to generate a unified aggregate evidence and to the distributed ledger network. According to some embodiments of the present disclosure, there is provided a method performed by a computing device implemented as a network node of a distributed ledger network, the distributed ledger network implemented as a blockchain network and a distributed application located on the distributed ledger network, the method comprising sending a task execution request from the distributed application to an syndication coordinator to execute a computing task, and receiving unified syndication evidence from the syndication coordinator, wherein the unified syndication evidence is generated by the syndication coordinator syndication of multiple device execution evidence from multiple computing devices, each of the multiple computing devices executing a computing subtask that is part of the computing task and generating corresponding device execution evidence based on execution of the computing subtask. Drawings Embodiments of the present disclosure will now be described, by way of example and not limitation, with reference to the figures of the accompanying drawings in which like reference numerals refer to similar elements and in which: fig. 1 is a block diagram illustrating a system architecture of a distributed computing system according to an embodiment of the present disclosure. Fig. 2 is a flowchart illustrating a process performed by the computing device shown in fig. 1. Fig. 3 is a flowchart showing a process performed by the aggregation coordinator shown in fig. 1. Fig. 4 is a flowchart illustrating a process performed by a network node of the distributed ledger network shown in fig. 1. Fig. 5 is a block diagram illustrating components capable of reading instructions from a machine-readable or computer-readable medium (e.g., a non-transitory machine-readable storage medium) and performing any one or more of the processes discussed herein, according to an embodiment of the present disclosure. Detailed Description Features and exemplary embodiments of various aspects of the application are described in detail below. In the following detailed description, numerous specific details are set forth in order to provide a thorough understanding of the application. It will be apparent, however, to one skilled in the art that the present application may be practiced without some of these specific details. T