Introduction

The IAS Machine, born in the 1950s, represents a new height of human intelligence. Its Von Neumann Architecture has also become the cornerstone of contemporary information technology. With the past 60 years’ rapid advancement, especially with the breakthroughs in Cloud Computing, Big Data, IoTs, and AI technologies in last 10 years, IAS will be evolving to its new form: Intelligent Autonomous Systems. The new IAS machine will become an indispensable infrastructure for human society, especially when they are carrying our daily life. Consequently, the crisis in lacking trust to them will seriously affect our society’s stability. Trusting machines will become a new fundamental need for humanity in the near future. Building the Trustworthy and Reliable IAS (TRIAS) will be the ultimate goal of project Trias.

The risks of relying on untrusted machines have become significant. However, for the most of time, we trust the machines by default:

• Computers and the Internet significantly boost the efficiency of our work. However, untrusted applications can lead to data leaking or tampering;

• Mobile phones meet our basic daily communication and entertainment needs. However, untrusted mobile apps are illegally collecting our personal data and infringing our personal privacy;

• Smart medical machines identify pathology, diagnose serious illnesses, and perform surgery with robotic arms. However, untrusted analysis and control-procedures will lead to privacy leaking and may even threaten patients’ lives;

• Smart home products play the role of housekeepers, cleaners, chefs, or pets, etc. However, untrusted systems will help intruders to peep or control our lives;

• Wearables, industrial intelligence, transportation infrastructures, and smart city infrastructures will also be machine-controlled. Untrusted systems will put our society in chaos.

Apple’s ecosystem sets a good example of implementing relatively trustworthy and reliable hardware and software systems. Apple employs secure hardware to strictly control the bootloading process of its operating system and applications. Apple devices’ operating systems are close-sourced and enforced with strict security checks. For third-party developed and maintained applications, Apple enforces a very centralized way to control the kinds of software to run on its platforms. All applications must be certified and tested by the AppStore. They are also required to develop in Apple’s programming language and implement their strictly controlled APIs. In this way, Apple mandates most critical aspects to provide customers with a secure and closed ecosystem.

The centralised controls empower Apple with the capability to govern most details of its ecosystem, but this has also created a super power who has become the ultimate dictator. Customers could only obey and believe unconditionally that their devices’ manufacturer, Apple in this case, has no intention to “do evil”.

With the development of the blockchain technologies, the decentralized computation and communication paradigm have raised a wide-range of attentions. Particularly, its second-generation, represented by the Ethereum, aiming at creating a trustworthy world-computer with a decentralized paradigm. With high-level computation redundancy and high-degree algorithmically complexity, consensus protocols ensure a piece of smart contract’s correct execution, as it would be arithmetically difficult for attackers to take control of sufficient redundant executing environments and challenge the algorithm’s complexity. On the other hand, the smart contracts are open source scripts and usually only implement very simple semantics. Therefore, their correctness is not difficult to examine.

Smart contracts pioneered a way to genuinely execute trustworthy applications. However, implementing general-purpose applications on common computation platforms, such as PCs, mobile, or IoT device, as smart contracts is a non-trivial task. Critical challenges should be considered:

• Inefficient Consensus. Reaching consensus is a high-cost task. PoW requires substantial computing powers, which is consumed by inconsequent workloads.

• Heavy Redundancy. Blockchain platform implements undeniable smart contracts operations by enforcing high redundancy. It will result in serious computation waste and network congestion, hence seriously limiting the number of programs to run in parallel.

• Restrictive Interface. Though many smart-contracts are Turing-complete, the functional library is far from enough. It will be extremely complex to implement the native applications’ service logic with the existing smart-contract APIs.

• Reconstruction and Migration. As a brand-new programming paradigm, it would be extremely complex to migrate existing native applications to the smart contract platform. Re-implementing all the existing software on this new platform is laborious, if even possible, given the restrictive interface stated above.

• Trustworthy Data Collection. The trustworthiness of the data collection procedure is critical to a blockchain-based system, as it would be meaningless to protect the integrity of tampered data. Human factors should be avoided as much as possible, but untrusted data collection application is also destructive.

• Data Privacy Preservation. Blockchain is not designed to preserve privacy. In contrary, it ensures integrity by a high-degree of openness. Therefore, enforcing privacy preserving computation on blockchains is a particular challenging task.

Trias’s vision is to build a trustworthy and reliable general-purpose computation infrastructure, where any system and software implement only expected behaviours. With Trias, we can root trust into machines with a firm assurance that the machines will deterministically “do what they are told to do”. Trias builds an all-platform-supported native-application-compatible smart contract execution platform, development framework and collaborating ecosystem. It has three subsystems:

Leviatom, a network of Trusted Execution Environments (TEEs) to achieve correct executions of general-purpose software. Leviatom implements a Heterogeneous Consensus Graph (HCGraph) algorithm, which combines heterogeneous TEE technologies (TPM, TXT, Intel SGX, ARM TrustZone, etc.) and graph computing algorithms (similar to Hashgraph or DAGs). Heterogeneous TEEs allow Leviatom to identified misbehaving nodes rapidly while eliminating the dependency on any single technology’s provider, e.g. Intel SGX-based consensus requires a strong dependency on Intel’s centralised online verification service. Meanwhile, HCGraph’s gossip protocols significantly reduces the redundant TEE verifications, while preserving a scalable and robust web-of-trust.

Prometh, a traceable development framework to achieve decentralised functional and security properties definitions for general-purpose software. Prometh genuinely records the critical information for a piece of software’s entire lifecycle on blockchain, including development, building, distributing etc. It further motivates the community to apply DevSecOps methodologies to enforce automatic or manual examinations or verifications on the recorded information for each critical step. This deduces the genuine properties of the software, which ensures any software to only implement intended behaviours.

MagCarta, a consensus-oriented programming paradigm to achieve embed and self-defined consensus strategy for high-order enterprise DApps. MagCarta contract implements invocations to the Prometh applications. It schedules the Prometh applications on Leviatom computing network to achieve high-order enterprise application logic. It also enforces self-defined consensus algorithm to determine the correctness of each invocations. With MagCarta, DApps can implement their own embed consensus strategy and ledger structure. They can also program their strategy to reward the computing infrastructures (Leviatom) or software components (Prometh) contributors.

Trias’s three subsystems implement a Separation-of-Powers model (Trias Politica). Separation-of-Powers is a political theory for social governance. It advocates that the powers of execution, legislation and judiciary should be controlled by different organisations. They exercise independently and restrict each other. In Trias, Leviatom is responsible for execution, which executes a sequence of programs; Prometh is responsible for legislation, which defines each program’s functional and security properties; MagCarta is responsible for judiciary, which determines the service quality and allocates all parties’ interests.

With the separation of powers, Trias further implements the Check-and-Balance, so that the combination of any two powers can limit the excessive expansion of the third one. The properties of the software stack that implements Leviatom protocols are defined by Prometh, and MagCarta identifies and justifies the contributions of Leviatom nodes; Prometh's own software stacks are executed on Leviatom, while MagCarta identifies and justifies the contributions of Prometh attribute-definers; MagCarta contracts’ attributes are defined by Prometh, and MagCarta virtual machine is executed by Leviatom trusted computing network.

Trias, for the first time, proposes a Separation-of-Powers-based decentralization model for the cyberspace governance. Between the fully decentralized and fully centralized governance structures, Trias disintegrates the monopoly powers of the machines’ manufacturer, while dynamically balancing the three governance powers with mutual-restrictions. It creates a new order in the decentralisation governance paradigm, aiming at forwarding one step closer to the fairness and justice in the cyberspace.

Trias aims at enabling a much wider range of usage scenarios, as it targets at bringing trust to general-purpose software platforms instead of only to the ledger-related applications:

1. Layer -1 enhancement to public blockchains. Leviatom establishes trusted relationships among the consensus nodes of existing public chains. This pre-exist trusted relationships significantly reduces the complexity for reaching consensus. It is able to help the third-party chains to achieve more than 100,000 tps for a single shard and defend near 90% malicious collaborative attacks.

2. Consensus-Oriented Enterprise Programming. MagCarta allows DApps to delegates complex business logic and data collection procedure as trusted native applications. It further implements the consensus logic and ledger format without confining to any predefined fixed strategies by the chosen any underlying public blockchain. Consensus-Oriented programming allows DApps on Trias to implement much more complex general-purpose enterprise application logics;

3. Trusted operating systems and application ecosystem. Trias eliminates easily malware and attacks, as Leviatom only allows the executions of white-listed applications and Prometh only allows the applications to implement white-listed behaviours; Therefore, Trias builds trustworthy Appstores for PCs, enterprise servers, mobile or IoT devices;

4. Trustworthy Multi-Party Computation. Trias achieves multi-party computations by exchanging applications instead of exchanging private data. Leviatom ensures the genuine executions of the third-party application, and Prometh enforces the application to implement predefined data processing contracts;

5. Trustworthy Cloud Computing Platform. Leviatom creates a union of trusted computing platforms, which can act as a global-scale cloud computing platform. Prometh implements the development framework and application distribution channel (or the Appstore) for this cloud platform, and MagCarta implements the SaaS logic to connect and schedule the Prometh apps. This ubiquitous cloud platform links the small public clouds around the world, who do not have enough scale to convince more customers. Trias provides them with trustworthiness endorsement, and further implements a cross-border unified resource sharing, scheduling and billing.