In the previous article we identified that contact tracing applications can be made more useful by increasing privacy and gaining access to more data. Our proposed solution was to use a secure, distributed computing platform to (abstractly) centralize analysis of participants’ location and health data. As the data is kept private and its access auditable, there’s little barrier to contributing to a public shared dataset.
In this piece we venture into the technical details of how we use the Oasis platform for a contact tracing app.
Let’s start with what we mean by secure distributed computing platform. In abstract, it’s a piece of infrastructure that runs verified programs on users’ private data such that the data is never revealed to either the application developer or the platform. Crucially, the platform provides a way for users and developers to verify that the programs are faithfully and securely executed. Through distribution, the verification mechanism is made highly available so that no bad actor can hide its misdeeds. In essence, distribution eliminates needing to trust any single single computation provider, and security at runtime is what makes this possible. …
While cloud computing has long brought cost and ease of use, switching from an on-prem solution to cloud has traditionally come with its own inherent risks including a degradation in security and a lack of auditability. These are areas that have the potential to be solved with new emerging technologies including Web Assembly, the Web Assembly System Interface, and blockchain.
In this blogpost we propose a mechanism for trustworthy, uncensorable, and autonomous cloud computation based on the combination of three emerging technologies: Web Assembly, the Web Assembly System Interface, and blockchain.
This is a technical architecture we are currently implementing into the Oasis platform now, that we hope to have complete in the coming months. …