Making enclaves easy
We are pleased to announce the first beta release of Conclave, our new platform for building secure hardware enclaves in Java.
In this post we’ll look at what Conclave is, take a brief look at how you can use it and then look at the roadmap towards the first production release.
What is Conclave?
Modern CPUs from Intel and others include support for creating enclaves. Enclaves create a tamper-proofed space for programs to execute, so that they can process data without the owner of the physical hardware being able to inspect or interfere with it.
If you can run computations without anyone having access to them, not even people who can open the computer up and modify it, then you have a powerful tool for solving all sorts of business problems. Anywhere collaboration is needed but trust is expensive can benefit from enclave technology.
Unfortunately, enclaves can be tricky to develop. The technology is complex and it’s typical for enclaves to be written in relatively low level, low productivity languages like C or Rust. As such, virtually no line-of-business applications benefit from this technology today, even though they theoretically could.
Conclave brings secure multi-party computation (or ‘confidential computing’) to the business world with three key advantages:
- Easily write business logic in any JVM bytecode compatible language like Java, Kotlin and Scala. The JVM eliminates memory management errors that could otherwise undermine the security of the enclave, without needing complex linear type systems.
- Simplified technology, with straightforward tutorials and documentation. Build an enclave using a simple Gradle plugin. The sample app requires just a few lines of code.
- Designed with Corda in mind, R3’s distributed ledger platform.
Existing approaches to making enclaves require a great deal of expertise in a brand new technology. Conclave makes it easy for any Java developer to get started in less than an hour.
Conclave is the foundation of the SGX support we’re developing to protect Corda transaction histories. By running smart contract logic inside an enclave it becomes possible to build a private and peer to peer yet also completely consistent database.
Beta 1 and the roadmap
Today we’re announcing the availability of the first release in the Conclave beta program. Over the upcoming beta releases the feature set will be fleshed out, usability enhanced and performance upgraded. Some of the things we’re researching include:
- A higher level API for encrypted asynchronous messaging. In Beta 1 you must handle message encryption to/from enclaves using the standard Java APIs for it. In future we plan both a standalone API and integration into the Corda flow framework for authenticated, peer-to-peer inter-organizational messaging.
- Support for the Intel DCAP/FLC features, which give hardware owners direct control over which enclaves are authorized to run on their systems.
- Support for developing enclaves on Windows and macOS without the need for Docker/Linux VMs.
- Ability to fully audit the enclave contents via a source sharing license.
- Support for storing enclave signing keys in HSMs.
- Upgrades to the embedded JVM running inside the enclave.
- Even higher level APIs for modeling common business problems, such as a joint computation that occurs once per day with a threshold of participants.
- Automated mitigation of side channel attacks, including those that involve the design of your own application logic.
How to join the beta program
Conclave Beta is open to all! It only takes three steps:
- Visit https://www.r3.com/conclave-beta/ and accept the license agreement to download the SDK. If you find our ideas intriguing you might also want to subscribe to our newsletter.
- Join the conclave-discuss mailing list, where you’ll have a direct line to the Conclave development team.
- Read the documentation and write an enclave.
– Authored by Mike Hearn, Lead Platform Engineer at R3