MobileCoin Fog is a new technology developed by MobileCoin, which is a service designed to support use of the MobileCoin payments network on mobile devices. MobileCoin Fog is designed so that MobileCoin and the messaging app's service operators have limited insight into users' payments. Most people understand what the Cloud is, a type of technology infrastructure that hosts an organization's network capabilities and resources in a public or private remote computing platform. Fog is similar in that it is cloud, but opaque. You cannot see what is going on inside a Fog service. It is encrypted end-to-end. How does MobileCoin use this technology to allow two people to send digital cash to each other using their smartphone?
Pretend that you have a glass jar of marbles. You are the owner of the jar. You can see who wants a marble and what marbles other kids pick out of the jar. But! What if Bobby wants to pick out a marble without you knowing which one it is? He wants it to be his secret only. Maybe, you add a bunch of cotton around all of the marbles. Bobby now can reach into the jar and pull out a marble without you knowing which one he pulled out. Even though you own the jar of marbles, Bobby can secretly remove a marble without you knowing which one it is. You know he is taking a marble, but that is all. That is what MobileCoin Fog does. It keeps Bobby's marble choice encrypted, so no one else knows, not even you, the owner of the jar, what marble he chose.
MobileCoin Fog is similar to encrypted information retrieval. What if you want to find out about RVing in Alaska? You search on Google for campsites. The Google team keeps track of your searches. All of a sudden, you start seeing ads for campers, camping gear, and camping insurance. Somebody at Google has shared your searches with advertisers. When you use MobileCoin to send payments through your smartphone, the information is encrypted and no one, not even the operators at Signal or any other messaging app that you are using, can see what you have spent or with whom. No one can track your spending habits. MobileCoin Fog makes this possible and practical on a mobile device, as well.
Cryptocurrency is a form of online money where no trusted institution, like a bank or government, is responsible for the value or the stewardship of the currency. The issue with Bitcoin is that it is not encrypted. Anyone can track back your transactions to the beginning of the Bitcoin, harvest that data, and sell it to advertisers. It is also not super easy to use because you have to download the wallet software and understand the technology. And, finally, it is very slow. It can take anywhere from ten minutes to 60 minutes for a transaction to go through.
In cryptography, the ability to retrieve information from a server that you do not own without the operator of that server knowing what information you are trying to recover, is called encrypted information retrieval. Hiding the access pattern is extremely difficult to do. A technology, called oblivious RAM (ORAM), helps this happen. MobileCoin Fog is the first production-grade open-source implementation of ORAM that exists today.
In addition, MobileCoin has placed the ORAM data structures inside Intel's Software Guard eXtension (SGX) secure enclaves, which means reads and writes do not correlate transactions with users, even in the event of a side-channel exploit against SGX. Fog serves queries without revealing significant transaction information, and without compromising scalability.
Fog's query service provides an alternative to downloading the entire blockchain, which is critical for mobile devices. Users do not have to test every transaction using their cryptographic keys, which saves significant bandwidth and computations required for every new transaction. Fog does a form of processing of the blockchain, but does it for the users and without needing their private keys. Fog ingest, the server that houses the ORAM in the SGX enclave, looks at the blockchain as it gets updated and decrypts part of each transaction. Fog prepares this decrypted information for the user to retrieve at a later point, so that users can make queries to Fog about their transactions, and check their balances and send transactions to others. The smartphone can make an oblivious request against the oblivious database in Fog. And no one knows what you are spending your MOB on! It is encrypted, fast, and easy to use.
MobileCoin's cryptocurrency payment system runs on Signal, which is an encrypted messaging app. People used to use Pretty Good Privacy (PGP) to send encrypted messages via email. But, for the normal person, PGP was difficult to use. Signal developed a way to send an encrypted message without anyone having to think about the underlying cryptography. Similarly, MobileCoin has created a cryptocurrency that has an encrypted blockchain where you do not have to think about the underlying technology. In fact, when you use Signal, you do not send a cryptocurrency address. You literally just type in a phone number and hit send on your smartphone. Fog lets this happen.
MobileCoin Fog is a solution to the scalability problem of encryption for cryptocurrency. The scalability problem is the following -- by design, no one can determine who owns a particular coin, without having the private keys of the owner. However, this forces all participants to download all the transactions and scan them with their private keys, which is prohibitive on mobile devices, and onerous for casual users.
MobileCoin Fog is a solution to this problem, which:
Encrypt indexes the blockchain, so that your TxOut's have pseudorandom keys that only you can predict
Provides a way to search the blockchain for your pseudorandom keys
Provides a way to complete balance checks and build transactions, obviating the need to download the ledger completely.
Fog is dramatically more efficient than view-key scanning each transaction with each user's keys -- it does only a small amount of work per transaction and does not do work per user and per transaction, so that it can scale up to a billion users.
A single Fog server currently supports hundreds of queries per second across the entire MobileCoin ledger, and speed is expected to improve as we continue to optimize it.
Fog's search functionality is based on a nascent technology called Oblivious RAM. This technology has been studied for decades but not shipped in a real production web service until MobileCoin launched Fog. Fog also makes critical use of Intel SGX enclaves and works within the SGX threat model to ensure that the Fog service operators have no insight into your transactions. This aspect of Fog was inspired in part by the Signal Contact Discovery service.
Fog ensures that even in a threat model where MobileCoin operators and Signal operators are hacking into the operating systems of their machines and attempting to scour them for evidence, they are unable to determine the amount or the recipient of your transaction, without penetrating Intel SGX security guarantees.
Fog also has a forward secrecy property, so that if a vulnerability is found in SGX, it recovers gracefully after the patch. Crucially, users' private keys are never inside of Fog SGX enclaves, and they always remain on your mobile device.
Architecturally, Fog consists of four scalable microservices, and a database which stores a post-processed version of the blockchain (with the indexing information).
This service is responsible for post-processing the blockchain and creating the indexes. The Fog Ingest SGX enclave maintains a private key, and emits the public key in an SGX-signed record called the Fog Report. When sending MOB to a Fog address, MobileCoin users obtain the report and encrypt part of the address (the view public key) for Fog Ingest, so that it can know who to tag the payment for. This ciphertext becomes part of the TxOut and goes into the blockchain when the TxOut is validated. Later, Fog Ingest picks it up, and the enclave is able to perform the indexing. The indexing works by creating a cryptographic PRNG for each user -- these PRNGs are stored in an Oblivious RAM inside of SGX. The seed to the PRNG is created by key exchange against the user's public key, and the key exchange message gets committed to the database. This ensures that the users can always reconstruct their RNGs as long as they have their private keys. TxOut's are tagged with successive outputs of the RNGs, and then committed to the database. After this, the Fog Ingest enclave deletes each TxOut's specific information, to create forward secrecy.
This service is responsible for helping users find their TxOut's based on the indexing performed by Fog Ingest. Fog View makes it possible for users to find key exchange messages so that they can build their RNGs. Fog View also hosts an oblivious RAM inside of an SGX enclave into which it loads all of the post-processed TxOut's. It then supports queries based on outputs of PRNGs, so that users can download exactly their TxOut's.
This service is responsible for helping users perform other tasks that would otherwise require downloading the blockchain ledger. One such task is performing key-image checks, which resolves if a TxOut that you downloaded is already spent or not, and is a critical step in balance checking. Another such task is building Merkle proofs of membership for your TxOut, which is required to submit to consensus. This is also an SGX service and all queries like this are mediated by oblivious RAM, similar to Fog View.
This service hosts the Fog Report -- it is accessible to all users, so that they can send transactions to Fog users.
All together, these microservices are the basis of Signal's integration with MobileCoin, providing the best-in-class mobile payments experience, in terms of convenience, ease of use, speed, cost, and encryption. For more information, check out: https://mobilecoin.com/beta.