Confidential computing is a breakthrough in secure data sharing/utilization methods. Hence, it can benefit anyone who is actively sharing and receiving data, which technically includes most of you who are reading this blog post on the internet.
What is confidential computing?
Imagine you have a piece of information that you only want to share with your dearest friend. Before you share it with your sole counterparty, the treasured information is encrypted and locked somewhere in a top-secret database. Once shared, the information is now acknowledged and in possession of this friend. But how can you continue to actively protect the information from leaking to any third party? You can sign a Non-Disclosure Agreement (NDA), but that is passive protection that would execute after the leaking happens. And that is about it.
Fortunately, confidential computing offers a whole new approach to sharing and protecting data. With confidential computing, you can now launch a program where you and your dearest friend can both utilize this piece of information, yet your friend can neither see nor own it.
Here is an example.
Let’s say you and your dearest friend want to collaboratively find out how many Hershey’s Kisses you two have put into a box. There are two types of Kisses—red and blue.
- The red Kisses represent the newly developed flavor that only a few foodies had a chance to sample from the Hershey R&D lab. The identities of these foodies are top-secret.
- The blue Kisses are just ordinary Kisses, which you can get from a local supermarket.
Fortunately for you, you are one of the lucky people who got to sample the red Kisses. Now you are wondering, how can you still participate in the game with your friend while not telling him that you are one of Hershey’s top-secret research participants?
How confidential computing can help
You will need two things:
- Some resources from each of you (this includes objects other than the Kisses)
- A confidential computing engine
First, you will put a red Hershey’s Kiss (the color is only known to you) into the confidential computing engine, leading to a total count of one. Next, your dearest friend will put his Hershey’s Kiss into the engine (again, the color is known only to him), leading to a total count of two.
Now, let’s make the process a bit more interesting. Let’s say your friend is looking to prank the system. He became aware that the confidential computing engine is like a black box where you have no visibility over what is inside. He then puts a random object into the engine. (Or, he simply made a mistake placing highly sensitive but not relevant data into the engine and actually became worried that you might have your hands on it.)
None of the above concerns will become a problem because as you can see from the diagram above, the count of the Kisses will remain at two because the program that you put into the confidential computing engine will process the random object (or data) and decide that it is not relevant.
And what is most important is that, as shown in the final output snapshot, no one will have visibility of what’s really inside. All the non-relevant information, or if you take it from a different angle, all the non-relevant but highly sensitive data, is not disclosed to anyone, not even you.
As for the result of the collaboration, the final output will be 2 kisses. And your friend will not find out that you are one of Hershey’s top-secret research participants! A happy ending for all.
In short, the confidential computing engine grants you:
- A perfect workstation that only executes what you (and your counterparties) want it to do
- A highly secure place where processed information is not visible to any participants of the process
In the next blog post, I will walk you through Conclave, R3’s confidential computing platform, and show how you can make confidential computing work for you.
Want to learn more?
Want to learn more about Conclave and confidential computing? Here are some helpful resources: