iExec Confidential Computing Demo (for Beginners) — Secret Email
iExec presents the latest in the series of onboarding demos: an introduction to confidential computing and privacy-preserving applications. The demo shows how easy it is to encrypt data and put it to use. The interface demonstrates that after private data is encrypted by the user, it is decrypted only when in a trusted hardware enclave (like a safe) running a trusted application, guaranteeing that no-one will ever have access to the user data unless the owner explicitly allows it.
➡️ https://confidential-computing.iex.ec — Try the demo: see how an application can protect the privacy of data-in-use.
iExec is a decentralized infrastructure for cloud computing resources. With a complete solution to run privacy-preserving executions of any application, iExec is a leader in solutions using blockchain with confidential compute. Developers and enterprises can use the iExec tools to monetize data, and make it accessible for only a select list of purposes.
Confidential Computing and Privacy-Preserving Applications for Beginners
The demo shows how a marketing company that wants to make use of a user’s private data can do so without ever having direct access to it. Within the UI, it is possible for a user to encrypt their private data. In the case of the demo, the privata data will be an email address. The user encrypts it before the data is passed into a hardware enclave. This ‘hardware enclave’ is considered a ‘Trusted Execution Environment’ and is where all processing of the data takes place. This hardware technology ensures that data remains confidential during the processing, meaning that even the owner of the hardware cannot access or tamper with the data. This guarantees that no-one will ever have access to the user data unless the owner explicitly allows it. It’s like a digital safe.
The demo introduces ‘privacy-by-design’ features in applications, where the user is able to have full control over who uses their data and what for. Many applications need to access private data to produce useful computation. In this demo, a mail app will use the email in a confidential manner. A third-party requester can use the data through this application, without being able to see the raw data. In the case of this demo, the user has the choice of whether to grant access to the demo marketing company to use the user’s encrypted private data (email) without being able to see it.
➡️ https://confidential-computing.iex.ec — Try the demo: see how an application can protect the privacy of data-in-use.
Technical Explanation: Confidential Computing with iExec
The main goal of this demo is to make sure that the marketing company could use the email address of the user (or their private data in general) without having direct access to it. This benefits both parties, the company does not need to manage confidential data and the user does not reveal their personal information. Both parties must trust the application to guarantee correct functionalities and data protection.
Technically speaking, the demonstration has two parts. In the first part, we invite the user to be the data owner (the provider). In the second part, we play the role of the marketing company (or the requester) who will make use of the private user data.
Private Data: Providers
The process starts with the user locally encrypting their private data files. The encrypted version of those files needs to be available and publicly accessible on the internet (on an FTP server for example), whereas the original file should be kept private. Then, a representation of that encrypted version is created on the blockchain, which gives the user full control over who gets to use it. The user can then grant access to entities (the marketing company in this case) to make use of this data. Only entities authorized by the user themselves can access the private data inside of the hardware enclave, (the email address in the demo case). It is important to note that everything is registered on the blockchain, so the user does not need to trust any third party. At iExec, we believe that privacy and governance go hand-in-hand.
The last step is for the user is to trigger the encryption key in the Secret Management Service (SMS) which itself, runs inside a hardware enclave. These secrets will then be accessible exclusively to authorized parties.
These three steps (among others) are handled by our confidential computing API, making the demonstration more simple and accessible.
Private Data: Users (requesters)
In the second part of the demonstration, it is the turn of the marketing company. Being previously authorized by the user, the company makes a request to send them an email. This triggers an iExec task on the agreed-upon application inside a Trusted Execution Environment (TEE), the hardware enclave.
The application is simply a docker image, that has been protected and configured to run only inside hardware vaults.
Currently, tasks may take some time to finish due to blockchain latency and some technical limitations linked to Trusted Execution Environments. We are actively working on these challenges and have multiple insights on how to improve execution time, that will be implemented in future versions.
Please note that for the sake of this demo, the email address is encrypted server-side, which is why it needs to be sent to our API. Once encrypted, the email address is instantly discarded from the server and it is never stored anywhere except in Mailjet, where it is also permanently purged. That is because the application uses Mailjet’s API to deliver the email. In-production applications will use a client-side, in-browser encryption process so the email address never leaves the user’s machine.
➡️ https://confidential-computing.iex.ec — Try the demo: see how an application can protect the privacy of data-in-use.
More from iExec:
How To Build a Data Privacy-Preserving App (in Under an Hour)
Curious to know how you can build super-secret applications of your own?
Decentralized Cloud Computing — Demo for Beginners
➡️ https://developers.iex.ec
Offering $10 of free credits, this demo has no crypto or technical requirements needed, Just log in with your Google Account and see how simple decentralized cloud computing can be:
iExec Trusted Decentralized Oracle — Demo for Beginners
➡️ https://blockchain.developers.iex.ec
A sandbox test environment, providing a comparison between standard decentralized oracles and iExec Trusted Decentralized Oracles.
💡 Want to learn more about iExec? Check out iExec Academy!
iExec Academy aggregates all content related to the project. You’ll find articles, tech documentation, videos, interactive demos, and much more! Whether you are a beginner or an expert, a developer or crypto-enthusiast, you’ll find what you are looking for on iExec Academy!
