pull down to refresh

Six hard problems, one solution - Alekos Filini, Enclaviaenclavia.io/blog/six-hard-problems-one-solution/
780 sats \ 0 comments \ @Scoresby 19h tech bitcoin bitdevs

Even though this piece smelled a little of AI, I liked how Filini lays out the problems encountered in running a trusted enclave and matches each of the problems with Enclavia's solution. It's probably way above my pay grade (I don't anticipate running a trusted enclave any time soon -- although I've been using Lexe wallet lately which runs a lightning node in a trusted enclave...), but it's also something I'd like to understand better.

Here's how Filini breaks down the problems of running a trusted enclave:

  1. Executable software gets compiled from code. How do you know the software running in the trusted enclave is actually the same code as advertised?
  2. Trusted enclaves are supposed to really only do computation, no storage, no networking, no graphics. Which means you need a second virtual machine that does all the other stuff, but is unable to read or inject traffic to and from the trusted enclave.
  3. Connecting one computer to another via the internet involves a huge amount of trust. We pretend to solve some of these problems with certificates and stuff, but how do you know you are actually talking to the trusted enclave?
  4. If your trusted enclave is relying on some other machine to store its encrypted data, how does it know that the other machine isn't serving it old data (particularly relevant in the case of lightning)?
  5. Most useful things that a trusted enclave might do involve some ability to connect to the outside world. But how do you keep this ability limited so that if your enclave is compromised it still can't connect to malicious computers?
  6. When the time comes for to update the software running in the enclave, how do you handle it so that it doesn't look like a completely new deployment? (Afterall, any change to the software running in the enclave will produce a different hash, so how do you create a process that makes upgrading less dangerous?

Filini briefly describes the solutions that Enclavia has for each of these problems, but I'm not sure that I can say much of value about any of them. It was a good exercise to think through some of the challenges here, though.

I'm hoping we will convince Filini to do an AMA here sometime this summer.

write
compose
related posts