Conclave Cloud – A Platform for Hosting Privacy-Preserving Applications

We’re excited to announce the beta release of Conclave Cloud! A new confidential computing platform for hosting privacy-preserving applications using Intel SGX. The Conclave Cloud platform will bring together a variety of services that will seamlessly integrate with each other providing a rich set of tools for implementing solutions without ever having to leave the Conclave Cloud platform.

Introducing Conclave Functions

With Conclave Functions, we’re delivering the first service of the Conclave Cloud platform. It is a serverless execution environment that allows stateless functions to be hosted, executed, and scaled on demand whilst ensuring your data is always encrypted—even during processing. Think AWS Lambda or Azure Cloud Functions but with privacy-preserving features built in, backed by Intel SGX.

Sign up for the Conclave Cloud beta release and start using Conclave Functions today!

Why Conclave Functions?

Conclave Functions differs from other similar services by using end-to-end encryption between the end user and the container that runs the function, with data-in-use encryption provided by using a Conclave Enclave to run the code. The use of an enclave ensures the integrity and privacy of the user’s data as well as providing hardware-backed assurances over the exact code that will be processing the data. 

Conclave Functions can be used to provide solutions or enhance the privacy for various types of applications, including:

• Pure data protection products such as cloud-based file storage with secure file sharing.
• Zero Knowledge Proof type applications, such as proving identity or age without providing the actual data to the verifying party.
• Multiparty computation where data is collated from multiple parties and derived into a combined result, without divulging the shared data with any other party or service.
• Private set intersection applications, such as allowing different institutions to find common data between their own private datasets and the data of other parties.

With Conclave Functions, developers can focus on writing data processing logic that will run inside an enclave. How to transfer data to and from the enclave, how to encrypt data, or how to ensure the platform integrity is maintained, is completely handled by the platform for you.

Writing your first Hello World Conclave Function in 5 easy steps

In the following tutorial, we will write, upload, and invoke a Hello World JavaScript Conclave Function.

Prerequisites

1. Sign-up for the Conclave Cloud portal here 
2. Download and install the ccl tool for your operating system by following these instructions.
   • Whichever operating system you are using you will need to ensure you have a Java 11 or greater runtime environment installed in order to be able to run the ccl tool.
   • The tool is available as an executable script. Add the directory containing the tool to your PATH environment variable. Ensure the tool is executable by running the below command.
     
     chmod +x ccl
     
   • Test if the tool is running by hitting the ccl command on the terminal.
   • Let us now see how we can create, upload, and run a function in Conclave Cloud.

Step 1: Create a new project

There are two ways to create the project.

1. Using the portal — Once you have logged in, click on the “New Project” button, enter the project name, and click on create. 
2. Using the ccl tool — Execute the create command to create a new project.

ccl projects create --name "FirstProject"

Username: [Your email address]

Password: ******

Project created:

{"projectID":"8563c04559ec837ff392adef3109cb6c2a53457ec383ce30ec73774899918719","name":"FirstProject"}

To make subsequent commands shorter, use the above projectID and set this project as the default project using the below command. 

ccl save --project 8563c04559ec837ff392adef3109cb6c2a53457ec383ce30ec73774899918719

Defaults Saved.

Step 2: Write the Hello World JavaScript Code

Create a file named simple.js and write the below code in it. This code creates a global object called cclexports which exports our sayHello function.

cclexports = {

   sayHello: (name) => {

       return "Hello " + name;

  }

}

Step 3: Upload the function to the Conclave Cloud

Next step is to upload your function to the Conclave Cloud. You do this by passing the name of the function which we exported in step 2.

ccl functions upload --name "sayHello" --code simple.js --entry "sayHello"

Step 4: Invoke the function

Execute below command to invoke the function uploaded in Conclave Cloud.

ccl functions invoke --name "sayHello" --args "[\"World\"]"

Decrypted:

{ "return": "Hello World" }

The ccl tool creates a private key for communicating with Conclave Cloud and is the only entity that can decrypt the encrypted result you can see in the data returned from the invocation. Learn more about Conclave Cloud in the documentation.

Congratulations! You’ve successfully written, deployed, and invoked your first function.

Get involved

Feedback is an essential part of ensuring that we’re building the right thing for our users. Please share your thoughts and help shape Conclave Cloud. You can do this by joining our Discord channel or subscribing to our mailing list.