Hi everyone! As you may know, our team has been developing SafeTrace for privacy-preserving contact tracing. Last week, @victor made this 10-minute video demonstrating our implementation of the storage and computation service that we’re building. More info can be found in our GitHub repository and this executive summary.
The SafeTrace API is now available for developers to use in their client-side applications. Currently, we provide a backend system running inside a trusted execution environment (TEE), which relies on Intel’s SGX technology. In other words, we deployed “subcode” which runs inside an enclave hosted in IBM Cloud. The private key of this enclave is only known inside the enclave. Developers and even people who manage/own the servers will never know that private key. Please understand our enclave is verbose for demonstration purposes, but the production version will not output any secrets.
To learn more, read this article for a good summary of practical SGX security guarantees.
node index.js to see an example of working code that submits data for two users into the enclave, and later queries for a match between the two datasets, returning one match.
This folder contains the code that provides a public-facing API that frontend applications can consume to interact with our SGX enclave. There is a live instance of this enclave and the JSON-RPC Server, which you can interact with at https://safetrace.enigma.co ~ NOTE: if you visit this URL in your browser, you will get “405 Error: Method not allowed” because it does not accept GET requests like the ones that regular browsers make. Instead, you have to POST properly formatted JSON-RPC requests.
This folder contains the code that runs inside the enclave using Intel Secure Guard Extensions (SGX). It builds on Apache’s Teaclave, and more specifically, its Rust SGX SDK. The amount of data the enclave is capable of storing encrypted (through a process known as sealing and unsealing) is currently limited to 4 KB. This is not limited by disk space, but rather by the fact that the amount of data to seal / unseal needs to fit inside the enclave memory.
Intel SGX provides a service called remote attestation. This process affirms certain things about the enclave and the code that has been deployed inside it, such as what version of SGX is being run and what code will be deployed. If any of those elements are modified, the quote used in the attestation process will need to be modified as well. The modified enclave will no longer be able to unseal data that had already been submitted, and new clients will see changes in the attestation when they connect with the enclave. This is a necessary protection to ensure that the enclave isn’t maliciously modified to run code that the user did not approve.
How to Get Involved:
We hope you enjoy learning how SafeTrace works. Our team would appreciate your feedback! Feel free to ask any questions here on the forum, and please don’t hesitate to comment on these open issues. Of course, new issues and pull requests are more than welcome. The best place to follow MVP development is this GitHub project board.
Most importantly, stay safe!