SGX Encryption / Decryption

Can someone clarify for me how the SGX Encryption / Decryption is managed and works for Enigma…

I have been reading through the code available on github in depth, and I found there is a Key Management attribute within the environment that a SecretNode will run…
This Key Management (KM) seems to be responsible only for the public key … (enclave then has Private Key)

KM uses this Keypair to sign and complete work

Am I wrong? can someone that knows more clarify this?

Otherwise how does the enclave know how to decrypt secret contracts if the server containing the enclave does not?

2 Likes

Not sure if you’ve seen this page about Key Management yet, but worth checking out and updating if needed, once it’s clearer.

3 Likes

The link @taariq provided indeed describes all the relevant types of keys in our system, but let me try to answer your question more directly.

There are two types of encrypted values in the Enigma ecosystem:

  1. Input/outputs
  2. Secret contract state

For (1), we can use a fresh key for every task (=every user interaction). The user and the relevant worker use their private/public key-pairs to agree on a shared key (using ECDH). This key can only be viewed by the user or the enclave of the executing worker.

For (2), each secret contract has its own state key that needs to be stored in the network and used for computations. Currently, these keys are derived in a special node called the KM node, which also runs inside of an enclave so these keys never see the light of day. Workers can request those keys for secret contracts they are executing, in which case a state key is transferred from one enclave to the other.

Hope this helps!

6 Likes

Thanks for the response.

This helps me understand a bit more.

1 Like

State key (symmetric): Shared AES-256 key per contract (right now everyone shares it, later on will be sharded). If it’s generated from the master key, this can be done on the fly and does not need to be stored.

What is the possibility that a state key is identifiable by a malicious node? How does Enigma force hardware SGX? Additionally, is it possible to emulate hardware SGX to obtain a state key? This question was asked on another forum without answer.

I found this which has somewhat of an explanation.

The remote computation service user verifies the attestation key used to produce the signature against an endorsement certificate created by the trusted hardware’s manufacturer.

So I guess the answer to my question is that each client verifies the node is using SGX usage by the public key provide the manufacture. The point of failure here is that Intel has the keys to the kingdom so more SGX vendors are needed for a robust solution.

2 Likes