Recent advances in trusted computing make it possible to run software on a remote host without exposing sensitive data to that server’s operator, even when he or she has complete control of the remote computer’s operating system (i.e. root access). Originally designed for digital rights management, these secure enclave technologies behave like a black box that ensures confidentiality and integrity for its content.
The MobileCoin Network implements secure enclaves using Intel’s Software Guard eXtensions (SGX) to process new transactions according to the MobileCoin implementation of the Stellar Consensus Protocol. Any code that needs to observe the input rings of a new transaction executes inside the black box created by the SGX trusted execution environment. Remote attestation and end-to-end encryption are used to protect the communication channel between a user submitting a new transaction and the secure enclave running on the remote server. The operator of the remote server cannot access any data that the user submits to the secure enclave, and so cannot see the set of txos used in the transaction input ring.
Remote attestation and end-to-end encryption similarly protect the communication channels between secure enclaves running on different remote servers. When the SGX remote attestation system is functioning as Intel designed, it is not possible for any operator in the MobileCoin Network to observe the full content of transactions. Complete data is only shared between secure enclaves that safely delete the information that could otherwise be used to statistically associate payment senders to payment recipients. Further, the mutual attestation between consensus validators provides integrity that both participants are running the exact same software, preventing malicious byzantine behavior.