Phala: Transparent and Private Global Computation Cloud

Phala Network
Phala Network
Published in
9 min readJan 30, 2021


As we near the launch of Phala’s mainnet it makes sense to explain what Phala is and why we believe it provides the essential next-generation cloud service to the Web and beyond.

What Exactly is Phala?

At its core, Phala is a cloud computing network, which 1) offers computing power comparable to existing cloud services, but also 2) protects the privacy of managed programs (i.e., the programs’ internal states and users’ interaction with them are not publicly visible), and 3) maintains the properties of a blockchain in being secure and trustless. It combines a P2P network of trusted hardware running verified open-source software (Phala runtime) with a blockchain for additional security assurance. All computing operations on Phala are trustless since there is no centralized executor or data controller: Phala network only acts as a mediator between computing power and users, with the blockchain keeping transactions in order and ensuring their security guarantees without revealing the substance.

Phala is more than a smart contract platform. You can run arbitrary programs on Phala, both autonomous smart contracts and regular Turing-complete programs which can be updated and maintained even after they are deployed to the network. Phala combines the best parts of Web 2.0 and Web 3.0, i.e., the performance of centralized programs and the trustless privacy of distributed apps. But there is one more dimension of Phala: it serves as the infrastructure for massive data exchanges between parties that do not need to trust each other because the data can be used (e.g. for machine learning or user identity management) without being revealed.

In a nutshell, Phala is consisted of two types of nodes:

  • TEE Workers
  • Gatekeepers

It’s as if PoW miners’ functions were divided between the processing of user transactions (TEE workers) and maintenance and validation of the blockchain (Gatekeepers).

TEE workers operate the hardware that guarantees code and data loaded inside to be protected with respect to confidentiality and integrity. The so-called TEEs (Trusted Execution Environment), tamper-proof processors, are connected from all over the world in a permissionless way. TEE workers are similar to Bitcoin and Ethereum miners in that anyone can participate by connecting to the Phala network, but different in that the hardware requirements are more hobbyist-friendly. Most retail personal computers now have a TEE capability to connect to Phala and run its code. This is an important property to maintain decentralization, which is key to making Phala operationally robust and censorship-resistant.

Over 1200 nodes running Phala in 30 cities across 3 continents. Yet so many more dots to fill on this map…

Gatekeepers run nodes that maintain the Phala blockchain. They manage the connection between users and TEE workers to ensure its security upon each interaction. Gatekeepers constantly verify that workers’ hardware and software are unmodified and secure, handle rotation of workers and replication factoring, and manage their state by recording inputs and outputs to maintain the order without revealing the contents. Yet gatekeepers don’t have access to those actual inputs and outputs, neither do the TEE workers — only the software inside TEEs does.

Phala’s blockchain is very lightweight compared to other Turing-complete blockchains like Ethereum, Tezos, or EOS since all computation happens in TEEs instead.

Why TEEs?

One of the most tempting features introduced by executing programs in TEE is that we can verify the validity of their state changes without revealing any data. At the same time, the performance of TEE is orders of magnitude better than existing smart contract platforms, since the programs are directly executed by hardware instead of a virtual machine. Such an advantage in execution speed allows Phala to run not only simple smart contracts, but also complex Web 2.0 applications, and take up workloads that were regarded only suitable for centralized cloud computing service providers such as AWS and Azure, e.g., machine learning, big data analytics, and complex simulations.

On the other hand, we are well aware that TEE is not the silver bullet for all the security risks. We connect TEE with a decentralized blockchain to overcome some of its “inborn weaknesses”, i.e., to mitigate any risks of hardware breaches (mostly theoretical) and single-points-of-failure by ensuring Phala workers run computations through provably non-malicious and open-source software with multiple replicas. The network is also collusion-proof, which means it is resistant to miners’ colluding or abusing their power in other ways. Only verified devices running the most up-to-date and un-tampered software are allowed to connect to Phala through a protocol of security check and job rotation, maintained by gatekeepers. Furthermore, we try to provide a toolchain, based on Rust and WebAssembly, for our developers to easily build reliable and efficient programs. Please refer to this article to learn more about how Phala addresses security challenges.

In summary, one can view Phala as a global computation cloud that is also privacy-preserving but doesn’t need to be trusted. We believe this is a significant step up in the functionality of public clouds that brings massive data exchange capabilities between individuals, businesses, and governments.

Why a Computation Cloud and Not Just a Smart Contract Platform?

As we have briefly covered above, Phala’s functionality is geared towards generalized computing services instead of “traditional” blockchains. This means we shouldn’t limit it to existing blockchain use cases, but try to serve broader needs for trustless execution of internet services and other forms of computation tasks.

A transparent and decentralized public/global cloud guarantees that its executors (in our case, it’s the gatekeepers and workers who run the open-sourced and auditable Phala “operating system”) cannot tamper with user workflows or data in a provable way. Everything about this decentralized cloud is transparent except for the processing of user data. Our competitors like Google, Alibaba, or Microsoft cannot promise the same properties even though they run similar TEE-based services, since their servers are hosted in centralized data centers. Thus we are confident that Phala can take them on and realize a truly privacy-preserving cloud with great potential.

The digital transformation taking shape in front of our eyes comes with huge implications for individuals, businesses, and governments. The proliferation of 5G, expansion of IoT and other artificial intelligence technologies, and transition to cloud-based solutions for business, personal, and smart devices all create significant demands for storing, tracking, connecting, exchanging, and, most important, processing massive amounts of data.

Data cannot be siloed with multiple service providers anymore, both businesses and individuals need to be able to transact in this new digital economy by using their data. Yet governments need to ensure that those transactions are compliant with local and global regulations. These generation-defining changes are happening in real time. And yet so far, no middle-ground solution exists to ensure trustless and effective use of any technology over the Web that combines business’ and individuals’ right for privacy with the need to ensure the safety of society. The world is increasingly moving into cloud and edge computing, but current infrastructure does not address the challenges it creates. Phala is the solution.

What is the Vision?

To prevent Orwellian or opposing-anarchistic scenarios of a dystopian digital future, we need technology to maintain the structure of established societal institutions, and provide checks and balances in the digital realm, rather than breaking or molding them. Phala can address these challenges. We envision multiple use-cases where individuals, businesses, and governments may use a single protocol that ensures both privacy and trust among them. Just as Bitcoin helped create verifiable digital scarcity, Phala helps create verifiably correct computations, while keeping them private.

We also want to allow the software on the Phala cloud to remain compliant with different privacy-sensitive regulations across jurisdictions while maintaining the advertised properties. For a concrete example of this expect a brief explanation of pDiem to come out soon. It is a private layer built on top of Diem (formerly Libra, proposed by Facebook) to connect it to other blockchains and allow cash-like use of its currency while remaining AML/CFT-compliant on a protocol basis.

We will release Phala’s technology stack and incentivize the network to come into existence, but it will be up to the future stakeholders to emerge and define the rules for it. Phala’s team holds only 5% of the network’s initial token supply vested over time. As a Polkadot-based network, we will have an on-chain governance system, with PHA token holders directly affecting any upgrades to the system. As members of Linux Foundation’s CCC (Confidential Computing Consortium) and Substrate Builders Program, the Phala team will help other developers learn and get excited about its capabilities.

With 2 grants from Web3 Foundation, we are also building the first two applications of Phala’s technology, planning to open-source them upon release and keep them as the network’s commons. One is Web3 Analytics — a Google Analytics-like platform that connects data providers, websites, and applications to their users or other data owners on the internet like smart devices or stand-alone databases — with different analytics tools/products.

Its core feature is to allow end-to-end channels that output results of analysis without revealing the original input data. It differs from Google Analytics in that it’s more generalized, allowing third-party data consumers or analytic service providers to define their purpose themselves while verifying that this software is not used to spy after the data providers. W3A will work with Web 2.0 infrastructure as well as decentralized Web 3.0 networks like Ethereum, IPFS, and Polkadot. Head over to this demo dashboard and read this article to learn more about it.

The second use-case is pDiem, which we touched in a couple of paragraphs above. Its core utility is to provide a basic right of financial privacy to almost 3 billion users of Facebook. More details to follow.

This is only the beginning for Phala and PHA, so stay tuned!



Economic Whitepaper:

P.S.: Our vision is too massive for one team to bring it fully to life and there is much to be gained by others building with or on top of Phala. If you want to build with us or learn more, please use the resources above and don’t shy away from reaching out via our social media channels.

About Phala

Phala Network tackles the issue of trust in the computation cloud.

This blockchain is a trustless computation platform that enables massive cloud processing without sacrificing data confidentiality. Built around TEE-based privacy technology already embedded into modern processors, Phala Network’s distributed computing cloud is versatile and confidential. By separating the consensus mechanism from computation, Phala ensures processing power is highly scalable. Together, this creates the infrastructure for a powerful, secure, and scalable trustless computing cloud.

As a member parachain of the Polkadot cross-chain ecosystem, Phala will be able to provide computing power to other blockchain applications while protecting the data layer, enabling possibilities like privacy-protected DeFi trading positions and transaction history, co-computing DID confidential data, developing light-node cross-chain bridges, and more.

On-chain services currently being developed on Phala Network include Web3 Analytics: high-performance smart contracts from Phala enable highly concurrent mass data analytics with privacy, paving the way for an alternative to Google Analytics that inherently respects individual confidentiality.

🍽 — Subscribe Us | Website | Twitter | Github
🥤 — Discord | Forum | Telegram