Veracruz: Privacy-preserving multiparty computation using trusted hardware
Pia Andrews Conservatory | Mon 25 Jan 3:45 p.m.–4:30 p.m.
Presented by
-
Derek Miller is a Principal Security Researcher at Arm, Ltd. His current work focuses on practical cryptography and Trusted Execution Environments, especially as they pertain to confidential computation.
Previously he's worked as a Software and Hardware Security Architect on various projects at Arm, Amazon, Samsung, and Intel.
He has a masters degree in Electrical Engineering from the University of Texas at Austin, but decided a long time ago that he prefers software development to logic design.
Abstract
Veracruz is a privacy-preserving compute infrastructure.
The infrastructure allows secret data to be fed into secret programs, which are offloaded to third parties who host the computation, and produce secret results.
In this setting, everybody is mutually distrusting and has individual concerns:
- The data and program owners want to retain their secrets,
- The host does not want their machine to be damaged by programs they cannot audit or monitor
Veracruz uses secure enclaves as the venue for performing these computations. Trust in the enclave is established via remote attestation, which establishes a trusted public key specific to the enclave.
Secret inputs (program, data) are provisioned into the enclave using the trusted public key and TLS.
Results are retrieved by an appointed agent.
The identities of all participants and their roles are compiled in a mutually agreed upon global policy file. The participants identities are established using TLS client certificates embedded in the policy.
Programs are provided to the system in Web Assembly, which allows the enclave software to enforce sandboxing of the provided program.
Veracruz has implemented interfaces for Arm TrustZone (running on QEMU), Intel's SGX, and Amazon Nitro Enclaves. The specific details of each platform are abstracted from the parties in the computation.
Most of the project is implemented in Rust to take advantage of its improved memory safety as compared to other mainstream systems programming languages.
Veracruz is a privacy-preserving compute infrastructure. The infrastructure allows secret data to be fed into secret programs, which are offloaded to third parties who host the computation, and produce secret results. In this setting, everybody is mutually distrusting and has individual concerns: - The data and program owners want to retain their secrets, - The host does not want their machine to be damaged by programs they cannot audit or monitor Veracruz uses secure enclaves as the venue for performing these computations. Trust in the enclave is established via remote attestation, which establishes a trusted public key specific to the enclave. Secret inputs (program, data) are provisioned into the enclave using the trusted public key and TLS. Results are retrieved by an appointed agent. The identities of all participants and their roles are compiled in a mutually agreed upon global policy file. The participants identities are established using TLS client certificates embedded in the policy. Programs are provided to the system in Web Assembly, which allows the enclave software to enforce sandboxing of the provided program. Veracruz has implemented interfaces for Arm TrustZone (running on QEMU), Intel's SGX, and Amazon Nitro Enclaves. The specific details of each platform are abstracted from the parties in the computation. Most of the project is implemented in Rust to take advantage of its improved memory safety as compared to other mainstream systems programming languages.