As Decentralized Confidential Computing (DeCC) gains momentum in 2024, iExec has been revolutionizing this space long before it became a trend.
Since 2018, we’ve been at the forefront of combining Confidential Computing with blockchain, partnering with Intel to launch the first-ever Trusted Compute Specification for the Ethereum Enterprise Alliance. This groundbreaking collaboration set the stage for secure data processing in Web3.
Fast forward to 2019, and iExec proudly became the first Web3 company to join the Confidential Computing Consortium, cementing our role as pioneers in decentralized data protection. Through these early innovations, we laid the groundwork for what is now known as Decentralized Confidential Computing — a game-changing approach to data privacy and security in the Web3 space.
But to fully grasp the potential of DeCC in Web3, we must explore one of its core components making it possible: Confidential Computing.
What is Confidential Computing?
When protecting data, common security measures typically protect data in two states: at rest and in transit.
Data at rest is when it is being stored and data in transit is when it moves through the network. The problem is that data must also be protected while it is being used.
Why? Because to use the data a program or an application needs to see it, this means that the data is unencrypted in the memory. Because the data is exposed, malicious actors can exploit this vulnerability.
On top of that data is getting more and more spread, it’s moving to multiple environments, from data centers to cloud to edge. This makes data breaches more common, and security more challenging. This is when Confidential Computing comes into play, Confidential Computing is a technology that isolates sensitive data or code during processing.
This new technology complements the data encryption lifecycle. Data at rest, data in transit, and data in use.
To isolate data or code, Confidential Computing uses hardware enclaves. An enclave is like a safe box inside of a CPU. It creates a trusted execution environment to process encrypted data in memory. The objective is to isolate the computing process through a physical partitioning of the memory.
Inside an enclave, you have data or code. In order to access it, each enclave has an encryption key. The encryption key will only be accessible to the authorized program or TEE platform. For anything or anyone else that doesn’t have the key the content of the enclave will be encrypted. In order to verify that the processing specifications for the data or code were met, Confidential Computing uses hardware-based attestation reports.
Attestation reports help to prove that a “specific” program is running on a valid & authorized particular hardware. Confidential Computing can help protect different types of data from an email address to machine learning algorithms to entire applications.
The Key Elements of TEEs for Confidential Computing are:
- Isolation: TEEs physically partition memory, isolating data during processing and creating a Trusted Execution Environment.
- Hardware-Based Attestation: This verifies the trustworthiness of both the execution environment and the applications running within it, ensuring data is secure.
What Confidential Computing Is Not
It’s important to differentiate Confidential Computing from other privacy technologies:
- Data Masking: Hides sensitive information to protect privacy, often used for GDPR compliance.
- Differential Privacy: Adds noise to data to protect sensitive information.
- Multi-Party Computation (MPC): Computes results collaboratively without revealing individual inputs
- Fully Homomorphic Encryption (FHE): is a software implementation enabling computation on encrypted data without decrypting it.
What is Decentralized Confidential Computing (DeCC)?
Privacy in Web3 is often misunderstood and often related to privacy coins for blockchain transactions, rather than data privacy. This is where the DeCC narrative steps in promoting a broader understanding of privacy in Web3 and inviting participation from everyone.
DeCC is a movement with diverse value propositions, offering the ecosystem a deeper understanding of privacy in Web3. It’s a transformative approach to secure data usage in Web3, offering privacy, ownership, user control, and decentralized security.
Before, blockchain technology has been synonymous with transparency, where data is instantly visible to all. This poses challenges for applications that require sensitive data handling. DeCC advocates for the narrative of leveraging decentralized networks to protect data in use:
- Data protection in use: Built on trusted hardware like TEEs, ensuring that data remains secure even during processing.
- Zero trust philosophy: Trust no one — DeCC is designed to operate under the assumption that no single entity is trustworthy.
- No Central Authority: No need for a central authority; decentralized nodes can attest and verify each other.
DeCC is about combining the best of both worlds: the security and trust of Confidential Computing with the decentralized nature of blockchain.
Confidential Computing is a powerful tool for securing data during use, but isn’t a cure-all for privacy concerns when used alone. Blockchain is needed to provide the governance layer with set, verifiable, rules for data processing. When paired with Trusted Execution Environments (TEEs), this ensures that data is processed securely and only by code that follows these rules. The result? A system that’s both secure and verifiable.
The DeCC Alliance: A United Front
We’re not in this alone. DeCC is a community movement. The DeCC Alliance has been formed as a coalition of leading projects in Confidential Computing, including iExec, united by a shared vision: to redefine how we think about secure and confidential data usage on blockchain networks.
This alliance aims to educate the public on the powerful capabilities of DeCC and promote its adoption across mature blockchain enterprises. The projects involved in this movement so far include:
- Acurast, Aleo, Aleph Zero, Automata, Aztec, COTI, Fairblock, Fhenix, Inco, Integritee, Intmax, Marlin, Mind Network, Novapolis, Oasis, Partisia Blockchain Foundation, Phala, Secret Network, Sunscreen, Swisstronik, TEN, Ternoa, Zama — and the list is growing.
Although iExec embodies DeCC in its most refined form (hardware encryption combined with blockchain), the movement isn’t confined to just one technology. It brings together various encryption methods like TEEs, Zero-Knowledge Proofs (ZKP), Multi-Party Computation (MPC), Garbled Circuits (GC), and Fully Homomorphic Encryption (FHE). Together, these technologies create a robust framework for data protection, secure and confidential computations, and verifiable computing.
Once everyone understands what DeCC is and what it can do, it won’t just be a nice-to-have; it’ll be a must-have. DeCC is inevitable for Web3.
iExec’s DeCC Mission
At the heart of DeCC is a simple but revolutionary idea: the user is the sole owner of their data.
Empower Users and Data Ownership
At iExec, our approach is the intersection of Confidential Computing and Web3. With Confidential Computing, we protect data in use and complement the data encryption lifecycle. We combine this with the benefits of Web3. This helps users regain ownership of their data. We tokenize their data and set governance rules, helping users decide how their data is protected, used, and who can benefit from it.
Our focus is on hardware-based TEEs, aligning with the zero-trust philosophy and eliminating the need for centralized authority. This approach to data protection isn’t just theoretical; it’s practical and usable. The goal is to ensure that data-in-use remains secure, highlighting our unique perspective on DeCC.
We know that it’s entirely possible to keep data encrypted at all times — during transfer, storage, and even processing. With the latest advances in cryptography, blockchain, and Trusted Execution Environments (TEEs), we can give control back to users.
We’re committed to creating an ecosystem that puts user control front and center — whether that’s in terms of data ownership, privacy, or monetization.
iExec Privacy Pass: A Real-World DeCC Example
A key example of iExec and DeCC in action is the iExec Privacy Pass, an incentive program where users earn RLC tokens by receiving marketing emails, all while their email addresses remain confidential.
Using Confidential Computing, Privacy Pass encrypts and securely processes email addresses, ensuring that the sender never exposes them. The iExec Privacy Pass showcases how DeCC empowers users, allowing them to protect their data from being revealed — even when participating in incentive-driven programs.
Simplify DeCC Integration with Advanced DevTools
Implementing Confidential Computing into DApps is complex. iExec simplifies the integration of this technology with dedicated developer tools, offering pre-packaged codebases that make DeCC implementation easier than ever. Our developer tools unlock the power of DeCC for anyone looking to build decentralized applications (DApps) that prioritize security, privacy, and user control.
Web3Mail: Enhancing Privacy and User Engagement
Imagine being able to send an email without ever knowing the recipient’s address. That’s what Web3Mail is all about. This tool lets DApps reach out to Ethereum account holders while keeping their email addresses completely private. It’s like sending a letter directly to someone’s wallet, ensuring privacy and anonymity at every step.
Why is this a game-changer? Because it respects the core values of DeCC: privacy and user control while allowing developers to enhance user engagement. Web3Mail ensures that communication is secure and private. It sends timely notifications and personalized messages, just as it should in the decentralized space.
DataProtector: Safeguarding and Monetizing Data
The iExec DataProtector is a tool that turns data into something more than just bits and bytes. It’s your all-in-one solution for building apps where data ownership and monetization are baked right in. Your digital content, such as images, code, or API keys, is safe. You have complete control over it.
DataProtector isn’t just about encryption; it’s about empowering users to manage, transfer, and even monetize their data. Want to sell, rent, or offer subscriptions? DataProtector makes it all possible while ensuring your data stays secure. It’s like having a digital vault that not only keeps your assets safe but also opens up new opportunities to generate value.
DeCC: iExec Leading the Privacy-First Evolution of Web3
Web3 has always promised to empower users, and Decentralized Confidential Computing (DeCC) is the next evolutionary step in fulfilling that promise. At iExec, we’re leading the charge by integrating cutting-edge technologies like Trusted Execution Environments (TEEs) and blockchain governance to ensure data remains private, secure, and decentralized.
Whether it’s the iExec Privacy Pass safeguarding user data or iExec DataProtector unlocking new economic models for data monetization, iExec is proving that DeCC is transformative for Web3, and more than just a trend.
As a community movement, DeCC is fundamentally changing how the Web3 ecosystem understands privacy and data control.
As development continues, it’s unlocking new opportunities for developers and users alike. iExec stands at the forefront of this transformation, guiding the next wave of Web3 development — where sensitive data becomes an asset that can be protected, monetized, and fully controlled by its rightful owners.
L'investissement dans les crypto-actifs présente un risque de perte en capitale totale ou partielle. Dehfi attire l’attention des internautes sur le fait que des services et produits décrits dans le site peuvent faire l’objet de restrictions dans certains pays ou vis-à-vis de certaines personnes.