What is Conclave?
Conclave is a confidential computing SDK that makes it possible to build privacy-preserving solutions that securely share, pool and process sensitive customer data. Applications range from aggregating sensitive bank account data to detect sophisticated types of anti-money laundering (AML) to training AI models with sensitive datasets.
Conclave is now available for businesses to start building privacy-preserving applications with ease. Keep reading to learn the key concepts for building a Conclave solution.
Roles in deploying a Conclave application
There are three different roles to play in deploying a Conclave application:
- Clients – the parties who send and receive encrypted messages to enclaves. Clients are typically businesses that require technical assurances around how their data will be used.
- Enclave developer – the party who writes the application.
- Enclave host – the party who is responsible for hosting and running the Intel® SGX infrastructure and Conclave application. This role can be filled by the enclave developer or any other third party as long as the application code is audited (see below).
Enclaves are small pieces of code that are isolated from the rest of the computer on which they run. Enclaves assume that the computer is owned and operated by an untrusted party, and as a result, data and code can be processed without the owner of the computer getting access to it. This makes the programs resistant to physical and software attacks from the owner or operator of the computer.
Business logic and host programs
Conclave applications consist of two distinct areas of code: business logic and the host program. The distinction between the two areas of code is important because the business logic operates inside the enclave, while the host program operates in the untrusted environment. Clients will interact with both the business logic and the host program.
The business logic is the algorithm that runs inside a secure enclave and processes private data.
The host program runs in the untrusted environment and is responsible for communications.
Companies should make a clear line of separation between the business logic and the host program in Conclave applications, as this will help simplify the application development process.
Intel® SGX allows clients to process private data on a computer that is owned and operated by an untrusted party. This is great, however how does the client know that they are talking to a secure SGX-enabled machine? How do they know that the calculation that processes their data will do the computation correctly?
Intel® SGX has a feature called remote attestation which is a process through which a client develops confidence that they are talking to a genuine enclave running an algorithm with a specific fingerprint (hash of its compiled form). This allows the client to confirm that they are sending data to a secure SGX-enabled machine with the latest security patches.
Remote attestation does not provide confidence around the security of the algorithm and calculation that processes data in a secure enclave. A client can only confirm the security of the enclave by performing an audit of the enclave source code. Enclave code includes both Conclave code and business logic. An audit can be performed by the client themselves or a third party auditor to confirm the code performs exactly as intended.
R3 provides enclave developers an audit license of the Conclave code that runs inside a secure enclave. We encourage enclave developers to make the business logic source code accessible to a regulator, third party auditor or the clients for auditing. It is up to the clients and enclave developer to choose the appropriate auditor for the use case.
Once the clients have evaluated the source code, Conclave allows clients to perform a reproducible build, where they can compile the audited algorithm hash and match it to the enclave hash from the remote attestation. Once this process has been completed, the clients successfully verified that they are talking to a secure enclave with the appropriate algorithm!
Want to learn more?
Below are some helpful resources to learn more about Conclave and confidential computing: