RiB Newsletter #16 – Secure Enclaves à la Crab

September 30, 2020

Welcome to the #16 edition of Rust in Blockchain, the hypest newsletter about the hypest tech. Previous: #15.

For the last few months we’ve been following new zero-knowledge proof projects in Rust. This month, with Secret Network upgrading their mainnet with secret contracts, it seems like a good opportunity to explore Rust blockchains that are using a completely different privacy-preserving technology: secure enclaves.

Secure enclaves are processes whose environment is protected from inspection by other processes, even the kernel, by special hardware. This protection particularly involves the encryption of a process’s memory. Software that wants to compute in secret can put those computations inside a secure enclave and, if everything works as expected, neither a local user, nor the hosting provider, can snoop on the computations being performed. The most notable implementation of secure enclaves is Intel’s SGX (Secure Guard Extensions).

Secure enclaves are an attractive way to perform private computation primarily because they don’t impose any limitations on what can be computed — code that runs inside SGX is more-or-less just regular x86 code, just running inside a special environment. But depending on SGX for privacy does have some special risks: software that runs in an SGX enclave must be signed (if transitively) by Intel’s own cryptographic keys, which means that Intel must approve of any software running in SGX, that Intel can revoke permission to use SGX, and that there is a risk of the signing keys being compromised; and it’s not obvious that secure enclaves are actually secure, there have already been a number of attacks against SGX. Regardless, as of now, hardware enclaves provide security features that aren’t feasible any other way.

There are two prominent Rust blockchains relying on SGX:

Secret Network is a programmable blockchain based on Cosmos / Tendermint that runs smart contracts written in Rust, and compiled to WASM, inside of secure enclaves.
MobileCoin is a private currency that aims to integrate with Signal, and that uses SGX to add additional confidentiality on top of RingCT transactions and its variant of the Stellar Consensus Protocol.

Outside of the blockchain world there are some other Rust projects using SGX, the most notable being:

Teaclave SGX SDK is an SDK for running Rust code inside SGX enclaves, developed at Baidu, and now an Apache project. MobileCoin uses a heavily modified fork.
Fortanix is a provider of various Rust+SGX services, and they provide an SGX SDK, for which mainline Rust has some built-in support.
Rust OP-TEE TrustZone SDK is an SDK for ARM TrustZone.

Whether it’s secure enclaves or zk-SNARKs, Rust blockchains are walking the bleeding edge of privacy tech.

In unrelated RiB news, we recently received two donations,

Thanks so much to our anonymous donors. We don’t often receive donations, so this was a nice surprise! We intend to put all monetary contributions to use funding events or new contributors, and we’ll let you know what we do with the funds when we spend them.

Thanks

This edition of RiB was produced with contributions from Aaron Lu, Alex Chepurnoy, kathyjah, Mike, Paulii Good, Brian Anderson, and Aimee Zhu. Thank you for your help!

RiB needs help to keep up with Rust blockchain projects. If you follow a particular project, or otherwise find information that is beneficial to the Rust & blockchain community, please contribute to the next issue. Either submit a PR to the #17 draft, or Tweet @rust_blockchain.

Project Spotlight

Each month we like to shine a light on a notable Rust blockchain project. This month that project is…

Aleo.

Aleo is a zero-knowledge blockchain, with its own zero-knowledge programming language, Leo.

We don’t have a lot to say about it, but we think it looks cool. We hope they blog more.

Interesting Things

News

Blog Posts

Papers

Projects

Acala. CrossChain StableCoin platform based on Substrate.
Anon. Substrate modules for anonymous group actions (ring signatures + merkle proofs).
Bitcoins-rs. Bitcoin-oriented dev toolboxes for native and browser apps.
Cardano-serialization-lib. A library for serialization & deserialization of data structures used in Cardano’s Haskell implementation of Shelley along with useful utility functions.
Crust. Implementation of a Crust protocol node with Substrate.
Curv has built-in support for some useful operations/primitives such as verifiable secret sharing, commitment schemes, zero-knowledge proofs, and simple two-party protocols such as ECDH and coin flip.
Edgeware. Substrate node implementing Edgeware. It’s an On-chain Governed, Proof-of-Stake (PoS) Blockchain with a WASM Runtime
ergo-utilities-rust. General utilities to make writing off-chain Ergo code in Rust simpler.
Fawkes-Crypto is a lightweight framework for building circuits in bellman, using groth16 proving system and BN254 curve.
Hacspec. A specification language for cryptography primitives.
Magical Bitcoin Library. A modern, lightweight, descriptor-based wallet library written in Rust.
Phala. Phala Network is a TEE-Blockchain hybrid architecture implementing Confidential Contract.
TezEdge. Tezos node/shell in Rust.