Conclave: Secure Confidential Computing

February 11, 2021

By: Ashutosh Meher, Developer Evangelist at R3


You might have heard this phrase — “Data is the new Currency”, very true indeed. Over the past decade, we have been inventing technologies that use data to benefit humans in ways unimaginable. Thus data is precious and should be protected from misuse in all ways possible. While we have ways to protect data from unauthorized access, something that has been neglected is the misuse of data by authorized personnel. We always rely on trust in various cases on some person or organization, to be honest, and handle sensitive data in a proper way. This is not a great idea and leads to a lot of issues in many cases.

Let’s take an example of a tender processing use case. Suppose an organization issues an RFP (Request for Proposal) to invite bids for a particular project. While different interested parties submit their bids/ proposals in a confidential manner, they are still at the mercy of the person/ organization handling the entire process to keep their bids confidential. It is pretty much possible that someone having access to this confidential information might leak it for their own benefit.

This definitely seems to be a huge problem. Someone needs to have access to the data to be able to process it. The only possible way to protect data in such cases is to process it without revealing it. But is it even possible?

Yes, it is! Let me introduce you to Conclave.

What exactly is Conclave?

Conclave is an application development platform that can be used to build enclaves. In simple words, an enclave is a small piece of software that runs in an isolated region in the memory. Access to this region of memory is blocked to everyone, even privileged software like kernel and BIOS. Thus code and data on the enclave can’t be read/ tempered by anyone, not even by the owner of the computer in which it runs.

Enclaves require some hardware support, Intel SGX (Software Guard Extensions) is an implementation of enclave-oriented computing. Conclave builds on SGX to give developers a toolkit to build enclaves using high-level languages like Java.

While SGX enabled hardware is required to run apps in production, it’s not essential for development. You could run your application in simulation mode which doesn’t require an SGX hardware. Learn about different enclave modes here: http://docs.conclave.net/tutorial.html#enclave-modes

Thus multiple parties can use a conclave app to solve a multi-party compute problem, without worrying about the data being compromised. Data is encrypted and send to the enclave where its decrypted and processed and the result is sent back. Thus no one has access to the private data other than the enclave. Ans since enclaves are loaded in protected memory space which can’t be accessed, data can’t be tempered.

Getting to know a Conclave powered app

Before we start building your first application on Conclave, we first need to understand some of the basics so that we know how to design your app.

An app built on Conclave has 3 major components:

  • Enclave
  • Host
  • Client

Enclaves are the programs that are loaded in the protected memory space.

Hosts are programs that are responsible for loading the enclaves and provide resources required by the enclave. They mostly act as a proxy between the client and the enclave. Hosts are untrusted and are assumed to be malicious at all times, hence communication between host and enclaves are encrypted.

Clients send encrypted data to the enclave for processing via the host. Conclave comes with the Mail API to ease the communication between enclaves and clients.

Client’s don’t directly communicate with the enclave, They send encrypted messages to the host and the host forwards them to the enclave for processing. Enclaves have their own key-pair which is used for encryption. Thus though data is transferred via the host, the host cant tamper with it since only the enclave can decrypt the messages using its private key.

But how does a client trust that a public key actually belongs to an enclave and not something pretending to be an enclave? To handle this issue, something called remote attestation is used.

Remote Attestation

Remote attestation is a piece of data that contains important information that can be used to verify an enclave. Among other information, it contains something called a measurement. A measurement is a unique hash generated using a special tool, the hash is generated using the fat-jar that’s loaded onto the enclave. The measurement can be verified by compiling the enclave source code. Conclave takes care of the fact that the multiple builds of the same source-code produce the same measurement.

The approach however could get a little complicated across upgrades, thus a signing key could be used as an alternative. The enclaves could be signed with a specific key and its information can be included in the remote attestation.

Enclave Application Components Interaction

In addition to remote attestation, clients can also request Intel for an assessment of the enclave to verify if it is secure.


That should give you a brief idea of what Conclave is and how you could benefit from building on it.

We will look at how to build your first application on Conclave in my next blog. Stay tuned and thanks and reading!