Simplifying the Coco Whitepaper

Here we’ll quickly breakdown what Coco is and the system’s consensus protocol, potential vulnerabilities, and projected future state — all straight from the whitepaper in a way we call can understand!

Here’s my annotated version of the white paper with notes for your reference!

EDIT: Found a Cool Video!

What is Coco?

The Coco Framework is an open-source system that enables high-scale, confidential blockchain networks to accelerate production enterprise adoption of blockchain technology. Is is NOT a Blockchain like Hyperledger and Quorum — rather, it is a system that those blockchains can port into. The framework focuses on the following:

  • Throughput and latency approaching database speeds.
  • Richer, more flexible, business-specific confidentiality models.
  • Network policy management through distributed governance.
  • Support for non-deterministic transactions.
  • Reduced energy consumption.

The open-source system is exclusively dependent on the use of of trusted execution environments (TEEs) such as Intel’s SGX and Windows Virtual Secure Mode (VSM), enabling the creation of a trusted network of physical nodes on which to run a distributed ledger.

Here’s more of an outline of what Coco offers:

  • Implements a consistent, distributed, persistent store (such as a key-value store) that is replicated across TEEs — containing both the application (business transaction) ledger and the Coco administrative ledger used for network policy management. While there are logically two ledgers, both are recorded within a single store to maintain relative ordering across all transactions in the network.
  • Provides secure node-to-node and application-to-node communication.
  • Enables arbitrary confidentiality models with easy-to-use primitives.
  • Provides a codified governance model to support arbitrary, distributed policy management.

So What is a Trusted Execution Environment (TTE)?

The TEE is a secure area of the main processor in a smart phone (or any connected device). It ensures that sensitive data is stored, processed and protected in an isolated, trusted environment. The TEE’s ability to offer isolated safe execution of authorized security software, known as ‘trusted applications’, enables it to provide end-to-end security by enforcing protected execution of authenticated code, confidentiality, authenticity, privacy, system integrity and data access rights. Comparative to other security environments on the device, the TEE also offers high processing speeds and a large amount of accessible memory [1].

Coco Consensus Protocol

The Coco consensus protocol is the consensus protocol of whatever Blockchain you plug into it (Ethereum, Quorum, Hyperledger, etc.). Coco relies on the specific blockchain protocol for the distributed ledger model, as well as core transaction and smart contract code processing. Here’s how that blockchain protocol fits within the broader Coco framework:

  • Network of validating nodes (VNs), each of which run the Coco Framework and the integrated blockchain protocol. VNs accept transactions and participate in the network’s consensus algorithm.
  • VNs completely trust other VNs because they can verify their identity
  • Persistent State is encrypted with a symmetric session key — which is also encrypted using an asymmetric threshold cryptosystem. The symmetric session key is itself encrypted and written to the Coco administrative ledger for persistence.

Coco Stack Architecture

All sensitive components of the system run inside the enclave and are responsible for maintaining integrity, confidentiality, and security of the ledger.

  • Coco interface (host) — the host is the interface to which the client and other VNs connect.
  • Coco core (enclave) — the interface between the host and all other functionality within the enclave.
  • Persistent store (enclave) — the single, globally ordered, on-disk representation of the application ledger and the Coco administrative ledger. (There is an in-memory copy for fast access; durability is achieved via a persistent store.)
  • Coco configuration state (enclave) — the Coco state machine implementation that supports creation of the network constitution and all subsequent updates.
  • Blockchain core and adapter (enclave) — the logic to process transactions and execute smart contract code, as well as the glue to integrate the blockchain protocol into the rest of the Coco system.

Overall, the DApp interaction stack looks like this:

Types of Users on Coco System

  • Members are the governing bodies of a consortium, with collective control over who can transact on the network and its governance — including network membership, the code that runs in the TEEs, and the definition of network policies.
  • Participants, unlike members, cannot vote and thus have no operational control over who can directly access the network or its governance.
  • Every member and participant has a private/public key pair (PrivKeyMi, PubKeyMi and PrivKeyPi, PubKeyPi, respectively) and is identified in the Coco network with an organization-wide X.509 certificate.
  • End users do not have an identity in the Coco network and cannot transact on the network directly. Instead, they interact with it through the front-end systems of members or participants.

Coco Governance Framework

Coco leverages a Network Constitution, the complete expression of network policies. At a minimum, these include the membership list, VN list, code manifest, TEE manifest, and voting policies.

  • Membership List — List of all approved actors (members and participants) in the network. Only each member’s public key certificate is uploaded into the Coco network.
  • Code Manifest — The specification of all approved code that can run within the Coco network
  • TEE Manifest —The specification of all approved trusted execution environments — hardware or software.
  • VN List — A list of all approved validating nodes in the network.
  • Constitution Changes — Any change to the network constitution, such as additions or removals to the membership or VN lists, must be done through a voting process

Drawbacks/Assumptions/Potential Vulnerabilities

  • Since VNs trust all others VNs, there’s a major assumption that VNs cannot be taken over (or act maliciously) due to that VNs human controller. In the Coco framework, there does exist a possibility that malicious VNs can submit Blockchain state updates.
  • Framework seem to only be Web 2.0 compliant, given that Coco enforces secure application-to-node and node-to-node communication channels using mutually authenticated TLS connections that terminate in the enclave

CEO of Emerging Impact, Former Head of ConsenSys Social Impact, @Goldman Alum, @Cisco Alum, @TFA Alum, Activist, Intense Autodidact