iExec V6: Enclaves in Production Mode & Confidential Computing Upgrades
iExec has released its latest technical upgrade: iExec V6. The upgrade is focused on ‘iExec Core’, the backbone of iExec’s distributed and confidential computing technology. iExec V6 arrives ahead of the iExec Oracle Factory product release later this year.
In parallel with the product release schedule outlined in the new ‘Adoption Roadmap’, iExec is continuously seeking to improve its fundamental technical infrastructure. iExec’s version releases can include anything from middleware upgrades to UX improvements. iExec’s previous major technical version, iExec V5: ‘Interoperability Tools for DeFi’ involved updates to the smart contracts of the iExec network. This latest release, iExec V6, introduces a variety of improvements to ‘iExec Core’ — the components of the iExec tech stack that handle distributed computing and confidential computing.
What’s inside?
Get started:
iExec V6 Documentation:
📚https://docs.iex.ec/
iExec V6 SDK:
🛠 https://github.com/iExecBlockchainComputing/iexec-sdk
Enclaves in Production Mode: A huge milestone for the iExec Confidential Computing solution!
iExec allows for a variety of confidential computing use cases. Any user of the platform can remotely trigger an application that can execute on sensitive or confidential data without ever revealing it to the host machine. This feature is particularly important in a decentralized computing network like iExec, as contributing machines (iExec Workers) carrying out computation may be ‘untrusted’. In other words, the user requesting computation on their confidential data, does not necessarily know who will be executing on it.
Confidential Computing on iExec is made possible by handling data processing in a ‘Trusted Execution Environment’ called a hardware enclave. iExec uses Intel® SGX hardware enclaves. The enclave is a CPU environment that ensures data remains confidential during the processing, meaning that even the owner of the hardware cannot access or tamper with the data. It’s like a digital safe.
Since Intel® SGX technology uses low-level programming language, iExec works with SCONE, an Intel® SGX wrapper, offering the ability to execute high-level docker containers inside Intel® SGX enclaves, available in all popular coding languages.
Before, much of the hardware enclaves used in the blockchain industry have relied on enclaves running in a default ‘debug mode’. With the iExec V6 milestone, Intel® SGX enclaves will now be running in full production-mode. Running confidential applications in production mode is crucial to ensure no one can access ‘secrets’ (code or data that should not be inspected, accessed or manipulated by anyone). In production mode, any access to an enclave, including debug access, is prevented.
Public Worker Pools with TEE: iExec V6 makes this possible!
Enclaves in production mode is a particularly exciting milestone as it allows for TEE Public Worker Pools! iExec has always had the goal of rewarding individual workers for executing confidential computing tasks. This means that machines are enabled with ‘Trusted Execution Environments’ (TEE), specifically Intel® SGX. As worker pools with hardware enclave technology provide more valuable business use cases, the iExec team is eager to get these TEE public worker pools available for the community in the mid-term.
Standard Encryption: Encrypting Confidential Datasets, now easier and more efficient!
In order to guarantee the confidentiality of data, it is extremely important that any developer or data provider can encrypt their data in a way that is simple, efficient and standardized, without requiring any third party. Regarding the process of encrypting datasets on iExec, V6 brings vast improvements to both security and ease of use.
After releasing the iExec Confidential Computing ‘Secret Email’ demo UI last year, the iExec team identified areas for improvement in the terms of how developers use iExec for confidential processing of private data. Before, the iExec Confidential Computing solution used the SCONE framework for encryption. Up until now, this presented some problems:
- The previous encryption algorithm required the building of Docker images. This meant you could not encrypt on Windows OS, within a browser, or on mobile devices for example.
- The previous encryption algorithm was limited by vendor lock-in for TEE services, meaning that the encryption could only be handled by other machines running on SCONE. This presented significant challenges for iExec, especially with their goal to have fully distributed TEE public worker pools.
The solution: AES-256-CBC standard encryption
- AES = ‘Advanced Encryption Standard’ is the symmetric encryption algorithm recommended by the NSA.
- 256 = 246 bits, is the best available private key size.
- CBC = ‘Cypher Block Chaining’, is the method used for the relationship between different blocks of encrypted data, making attacks extremely difficult.
In short, AES-256-CBC encryption is: fast, secure, and used worldwide. In a standardized manner, it is now possible to encrypt data locally on any type of device. This makes life easier for developers that use the iExec solution. It also opens infinite possibilities for highly distributed confidential computing on iExec!
Improvements to the iExec Middleware
When a computational task is purchased on iExec and is are executed by iExec Workers, there are multiple middleware components that play important roles:
- The scheduler, also known as an iExec Worker Pool Manager, leads iExec workers through the different stages of task execution.
- The SMS and the post-compute application are necessary to ensure the smooth running of the tasks that use TEE technology.
- The Result-Proxy is responsible for managing the result of the execution.
Alongside the blockchain, all these services must work together to ensure the smooth running of computational tasks. In such a highly distributed system, fault tolerance for each of these components is essential.
The iExec Core team identified specific areas for improvement for the iExec middleware. See the full list of improvements here.
iExec V6 Strengthens the iExec Confidential Computing Offer
iExec has been building one of the first complete solutions for blockchain and confidential computing, since working with Intel in 2018. This led iExec to start working with the Enterprise Ethereum Alliance. iExec was then the main writer of the ‘Trusted Compute Framework’ tech specification. iExec later helped launch the Hyperledger Avalon. Since then, iExec has joined the Confidential Computing Consortium and is part of the Google Confidential Computing program. Three years later, iExec is continuing to strengthen its offer. The technical upgrades included in iExec V6 help to reinforce the iExec Trusted and Confidential computing solutions.
Get started:
iExec V6 Documentation:
📚https://docs.iex.ec/
iExec V6 SDK:
🛠 https://github.com/iExecBlockchainComputing/iexec-sdk
What’s next? The iExec Oracle Factory
The iExec team is currently getting ready for the release of a new product: The iExec Oracle Factory. This new user interface will allow anyone to create their own oracles from scratch, directly from their browser! In 5 minutes, even without any blockchain knowledge, anyone will be able to deploy a ‘trusted decentralized oracle’.
When it comes to off-chain computing and oracles, the most promising technological innovations are hardware enclaves. With the ability to create trusted oracles in minutes, the iExec Oracle Factory aims to make this technology accessible to all.
Creators on the Oracle Factory will get a unique link to share their oracle creation that can be listed in a dedicated gallery, ready for developers to deploy! iExec has various ideas for community events and competitions surrounding the Oracle Factory. Whether you are a developer or just a follower of iExec, keep an eye out for chances to get involved!
Check out the iExec Adoption Roadmap to find out more about what iExec is working on at the moment or follow iExec to be the first to know about product releases and technical developments.
💡 Want to learn more about iExec? Check out iExec Academy!
iExec Academy aggregates all content related to the project. You’ll find articles, tech documentation, videos, interactive demos, and much more! Whether you are a beginner or an expert, a developer or crypto-enthusiast, you’ll find what you are looking for on iExec Academy!
