Cloud Enclaves and their Applications in Blockchains

Enclave Solutions

Traditionally, confidential computing means how we can trust a physical device’s hardware-software stack. It follows a bottom-up scheme:

  1. The firmware measures the OS. If it is trustable, start it.
  2. The OS measures application programs and starts only the trustable ones.
  1. Intel’s SGX technology enables enclaves on top of OSes, which contain only (a part of) one program and one process (with multi-threading).
  1. Isolation: the program(s) executing context (registers status and DRAM status) cannot be viewed or changed by any other party, even the hypervisor and/or OS under it.
  2. Data sealing: the data written to persistent storage from the programs in an enclave are encrypted and can only be decrypted in the enclave later.
  3. Attestation: after hardware-assistant measurement of the program running in an enclave, the hash digest of the measurement is signed by a key kept by hardware to convince the relying parties that it IS the predefined trustable program running.

Manipulation-proof Random Number Generator

Various blockchain applications need random numbers for fairness, such as gaming, consensus, and stochastic payment. Since blockchain is deterministic, a true random number generator (RNG) based on physical entropy cannot be used.

Improve privacy of CoinJoin

CoinJoin has long been used to improve the privacy of cryptocurrencies. It was first implemented by the Dash coin and later Bitcoin Cash also got an implementation of CoinJoin named CashShuffle.

Blackbox Execution of Pure Functions

A common scenario of blockchain applications is that you need to convince the public that you have the solution of an equation but you don’t want to reveal this solution to the public. For example, you want to prove that you know a pre-image that hashes to a given output but you do not want to show this pre-image to the public for verifying.

  1. Some public input arguments for this pure function, which can be revealed to anyone
  2. Some private input arguments for this pure function, which cannot be known by anyone else except their owner

Reliable Witnesses for Chain-Crossing

All the chain-crossing technologies need witness. To make a cross-chain transaction from Chain A to Chain B happen, Chain B must be aware of Chain A’s state change. The only trustless way for Chain B to keep track of Chain A’s state is running a full-node client of Chain A to provide information for every Chain B’s full-node client. This is a very rigorous requirement.


Major cloud computing vendors provide several enclaves solutions. Enclaves’ features of integrity, isolation, data sealing, and attestation, can help users build better blockchain applications. We the smartBCH developers will utilize them to improve the ecosystem of Bitcoin Cash.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Maximize throughput of EVM & Web3 on a sidechain of Bitcoin Cash