Covalent Protocol technical deep — dive Part 1: Trusted Execution Environment

CryptoShowdown
6 min readSep 6, 2018

--

Full disclosure: This article is not intended as investment advice. It is just my personal opinion about the Covalent project. You should always do your own research. I am part of “the article group” which rewards me for writing this article and supports me for ventilating my own personal opinion.

In my two previous articles I wrote a detailed overview and discussed the potential use cases of the Covalent Protocol project. For my upcoming articles I have decided to take you on a 3-part technological deep dive series, in which we have a look at the high-tech features Covalent is trying to implement. In this first part, I will be discussing Covalent’s integration of a Trusted Execution Environment (TEE). In the second part, I will explain the Covalent Virtual Machine and in part 3, Covalent’s ecosystem and data marketplace will be discussed. However, before we dive deep into Covalent’s Trusted Execution Environment, let me briefly introduce the Covalent Protocol project.

Covalent is a privacy-protected, decentralized computing platform and protocol. Covalent’s aim is to provide a distributed network computing layer that is able to extract/analyse information from data without compromising privacy. For instance, in 2017 a whopping total of 22 zettabyte (ZB) of data was created (1 ZB equals 1,000,000,000,000 gigabytes); yet only 1% of the data was actually being utilized. One rational for why this number is so low comes from privacy concerns. Data owners are reluctant to trust third parties on regards to how they will treat the data. After sharing your data, you have relinquished control and you have no influence over what will be done with the data. Another reason why only a low percentage of the data is being utilized, is the non-existence of a value network that would compensate data owners for sharing their data.

Covalent Protocol attempts to provide a solution to these problems by revising the current internet and building what they call a decentralized web 3.0. The use of smart policies (aka smart contracts) permits smarter use of data by extracting and computing only limited information from the data, without jeopardizing one’s privacy. Considering that the use of data on the Covalent network is traceable, it allows for data owners to be adequately rewarded when the data is being used or disseminated by a third party. To achieve their goals, Covalent wants to realize the following three main features: Trusted Execution Environment (TEE), Covalent Virtual Machine (CovaVM), and a Data Marketplace.

In this first part of the series, I will try to provide a better understanding of Covalent’s trusted execution environment (TEE).

A TEE, also referred as a Trusted Enclave, is typically a separate microprocessor or a virtual instance of the main processor. The TEE is isolated from the rest of the system providing memory and I/O protection mechanisms supported by the hardware. Typically, it only offers a few security-relevant functions to reduce points of attack as well as preventing malicious applications, such as malware, direct access to the memory. The TEE particularly protects the cryptographic keys from being copied. For instance, if a device becomes infected with malware the TEE generates an asymmetric key pair and the corresponding app is granted only access to the public key. The private key can only be accessed by the TEE and data can be sent from the app to be signed by the private key through the interface. Even if the device is compromised the private key is safe and can not be easily read out. To illustrate how this works, the image below is a schematic depiction of a TEE architecture on a smartphone.

The TEE is the secure area of the main processor on the smart phone (or any other device connected to the internet) which guarantees that secretive and sensitive data is stored, processed and protected in an isolated, trusted environment. Through the TEE client API the applications get access to the sensitive data in a safe manner, without being vulnerable to malicious attacks.

Several CPU processors (e.g. AMD, Intel) support the implementation of TEE’s and Covalent has decided to use Intel’s Software Guard Extensions (SGX) to provide the TEE network for off-chain computing. As software will always be vulnerable to cyber attackers it is paramount to ensure that the Covalent protocol runs in the most secure environment. As mentioned, to facilitate the TEE, Covalent will make use of an enclave of SGX miners, which act as nodes, to make computing power available. Typically, nodes are the individual parts that form a blockchain and can consist of any active device (e.g. computer or smartphone). The role of a node is to support the network by maintaining a copy of a blockchain and validate/process transactions or perform computations.

Within the Covalent Protocol network two different types of nodes exist, namely:

- Compute nodes, which are primarily used for computing and incur a small penalty for quitting in the middle of computation. Compute nodes can either be a TEE node or a TEE controlled cloud compute node.

- Routing nodes, compared to compute nodes, need to be highly available, have a higher security deposit and come with a higher reward. These nodes are mostly used for routing, verifying and transferring computation state in the case when a compute node becomes unavailable. In total there will be 100 routing nodes per pool.

Both compute nodes and routing nodes are TEE nodes operating Intel SGX technology. The only difference is that routing nodes are selected by the community depending on their availability and higher collateral deposit. At this moment no additional information about the reward system for these nodes have been made public yet.

To recap, Covalent is planning to implement a TEE using Intel’s Software Guard Extensions (SGX) processors. By using a TEE, Covalent ensures that encrypted sensitive data is isolated from the rest of the system, preventing the data from being comprised by malicious cyber-attacks. In order for Covalent to better utilize the vast amount of data available on the internet two different nodes exist (compute and routing nodes). Miners can become one of these nodes and be incentivized in COVA tokens (the driving force behind the Covalent ecosystem) for offering their computation power to the network.

I hope this article provided a better understanding regarding Covalent’s trusted execution environment. In my next article we will be diving deeper into Covalent’s COVA virtual machine. If you have questions about Covalent’s trusted execution environment or Covalent’s other technical features, you can always send me a message.

Sources for more information on Covalent:

Website: http://covalent.ai/index.html

Whitepaper: https://docsend.com/view/dvvb75n

Telegram: https://t.me/covalentofficial

Twitter: https://twitter.com/covatoken

Blog: https://medium.com/@covatoken

Github: https://github.com/covalent-hq

Subscribe to my channels: Medium, Twitter and Steemit if you enjoy my articles and would like to be informed about blockchain, cryptocurrency projects and news. You can also read my articles on LinkedIn.

If you have any questions about this article, please comment in the comment section below. Claps are also welcome, Thank you!

CryptoShowdown

--

--

CryptoShowdown

High-quality content writer for blockchain projects / Researcher / Game developer / Polymath (Writer at Hacker Noon and Huobi Global)