Today, Visa has published a paper claiming to describe the first trusted execution environment (TEE) which allows fair, policy-compliant computation. A TEE partitions off some of a processor so it can work on sensitive data and keep it safe.
Unlike other TEEs, however, LucidiTEE can protect against bad actors manipulating outputs by using a shared ledger of computation history. In testing, permissioned blockchains, including Hyperledger, were used as the ledger.
The paper from Visa’s researchers introduced LucidiTEE as: “the first system to enable multiple parties to jointly compute on large-scale private data, while guaranteeing policy-compliance even when the input providers are offline, and fairness to all output recipients.”
TEEs, such as Intel SGX, are good at enabling efficient and secure computations on large encrypted datasets. But even though the environment is trusted, the storage software and network handling the data may not be. Conventional TEEs can’t prevent attackers from misusing these to perform their own computations or only send outputs to colluding network members.
Visa’s solution records what computations have taken place in each processor’s safe partition, or enclave, on the ledger, without storing the input or output data. This allows history-based policies to be enforced, where rules on data computation depend on the prior use of that data. Plus, an ‘exchange protocol’ ensures fair delivery of the outputs; if the output is sent to one recipient, then it is sent to all recipients.
The researchers give an example of LucidiTEE in use for a personal finance application, in which a couple share a joint credit report with mortgage providers. It computes aggregates of their spending history on encrypted data without revealing transaction records.
Applicants can set policies to, for instance, make sure their data is only processed once or not split by individual. Finally, with Visa’s technology, they can rest assured that their chosen providers all receive the final report.
The paper further claims LucidiTEE has an advantage over multi-party computation (MPC). While MPC can ensure the correct calculation is being processed, it requires all parties to be online. LucidiTEE allows parties to be offline since policies are enforced by checking against the immutable ledger.
TEEs are seen as a promising solution to blockchain scalability, because they allow computations to be done privately off-chain. But how can a blockchain help blockchain scalability? Visa only uses its shared ledger to enforce policies – it doesn’t store inputs or outputs, so in itself is scalable.
The Hyperledger Avalon project focuses on trusted off-chain computations, including TEEs. Ethereum’s original trusted compute spec was worked on with Intel, which presumably provided its SGX technology expertise. However, MPC and zero-knowledge proofs are becoming more popular as off-chain solutions due to security and privacy concerns. If LucidiTEE works in practice, it may just change that.