An industry first

Intel SGX & Oblivious RAM

A busybody and a clerk

Imagine for a moment that the CPU is a data entry Clerk whose job is to take incoming tax documents and store them into a spreadsheet. Such documents can come in sealed envelopes, or are in plain sight. Other than the clerk, there is a Busybody who is trying to peek at these documents.

Intel SGX provides a separate office (enclave) which only the clerk has access to. Sealed documents are delivered directly to the office, free from the prying eyes of the busybody. In many TEE technologies, enclave refers to the trusted execution mode created by the CPU.

Remote attestation

Remote attestation allow us to be confident that the environment is indeed what we think it is. This means sweeping the separate office for busybodies or spying devices. In TEE terms, the hardware and software running in the enclave are cryptographically verified.

Clever adversaries can still learn sensitive information from TEE enclaves by observing data access patterns. If it looks like a duck, swims like a duck, and quacks like a duck? It probably is a duck. This is the reasoning of side-channel attacks. 

Let's say the Clerk tags different coloured post-it notes to represent the tax value of the documents, with each stack placed into envelopes left outside the separate office. By observing the difference in frequency the Clerk is bringing the envelopes in, the Busybody is able to infer a salary range. 

Consider instead that the Clerk now shuffles the post-it notes stored in the envelopes after a threshold number of times he uses the envelopes. This is the idea behind Oblivious RAM,  where access to the memory becomes "oblivious" to an external observer, foiling potential attacks. 

Build with us

Make your first contribution to a privacy-first future - Write code, improve our documentation, or interact with our Discord community. 

Protocol overview

Automata Network

Protocol roles

Geode (Compute nodes)

A shielded and isolated computation environment, supported by trusted hardware (Intel SGX) and privacy-preserving algorithm (ORAM). 

Geode Provider  

Automata nodes that receive rewards from staking and hosting Geode. Data access patterns are concealed from Geode Providers. 

Geode Attestor

Ensures integrity of the execution environment with cryptographic verification of the hardware and software running in Geode. 

Validator (Staking nodes)

Maintains state under PoS consensus, and forms the control plane to safeguard and govern interactions in the protocol. 

Control Plane 

The coordinator to assign work tasks, distribute rewards and registers nodes. Also manages the marketplace for Geode. 

Compute Plane

The executor where Geodes accept and perform scheduled work tasks, submitting proof of execution for rewards.

Service Plane

Service vendors develop privacy-preserving services by utilising Geode to build tooling solutions or integrate into applications. 

An ever-growing solution stack

Automata's middleware approach presents much possibility, in particular capturing an immediate market demand for privacy-preserving DeFi applications without having to rewrite them.