Decentralized approaches

In a decentralized environment where Vistara aims to operate, ensuring the validity and integrity of computation results from virtual machines (VMs) is crucial for maintaining trust and reliability.

Checkout a blueprint to integrate secure enclaves with Vistara

Let’s explore strategies to achieve verifiability, trustlessness, and confidential computing.

1. Computation Verifiability

• Formal Verification: Using mathematical proofs and models to ensure the correctness of code and algorithms.

• Remote Attestation: Verifying the integrity of computations by validating the environment in which they run, using technologies like Intel SGX.

• References:

  • https://en.wikipedia.org/wiki/Formal_verification

  • https://www.redhat.com/en/blog/attestation-confidential-computing

2. Resource Allocation Verifiability

• TPMs and Benchmarking: Providing hardware-based attestation of resource configurations and regularly running performance benchmarks. swtpm can be used to simulate TPM functionality for hardware that doesn't natively support TPM.

• References:

  • https://github.com/cloud-hypervisor/cloud-hypervisor/blob/main/docs/tpm.md

3. Data Integrity Verifiability

• Cryptographic Hashes and Merkle Trees: Structuring data in a way that allows verification of its integrity.

4. Node Trustlessness

• Blockchain Integration: Using blockchain for transparent and tamper-proof logging of actions and transactions.

5. Execution Environment Trustlessness

• Enclave Technologies: Running sensitive computations in isolated, hardware-enforced environments like Nitro Enclaves or Intel SGX.

• References:

  • https://omnida.substack.com/p/trustless-execution-environments

6. Confidential Computing

• Data and Execution Confidentiality: Ensuring that data remains private and computations are isolated from unauthorized access.

  • References:

    • https://www.redhat.com/en/blog/attestation-confidential-computing

Technical Approach:

• Formal Verification: Ensuring the correctness and integrity of computations through blockchain and formal methods.

• Hardware-Based Attestation: Leveraging TPMs, Intel SGX, and AMD SEV.

• Cryptographic Techniques: Implementing Merkle trees and Zero-Knowledge Proofs.

• Replication and Consensus Mechanisms: Using Multi-party Computation and redundant computation across nodes.

Based on the above strategies, Vistara aims to create a robust, secure, and flexible decentralized network. This foundation not only enhances the security and reliability of the network but also fosters an ecosystem where developers and hardware providers can innovate and collaborate confidently.

What does it look like?

1. Spacecore Enclave Integration:

   • Enclave Technologies: Integrate Intel SGX, Nitro Enclave, or ARM TrustZone into Spacecores.

   • Attestation: Use remote attestation to verify enclave integrity before execution.

2. Vimana Orchestration Client:

   • Commands and Flags: Introduce flags for attested execution, integrating with attestation services.

   • Configuration Management: Handle attestation parameters and deploy enclave-enabled binaries.

3. Hypercore Attestation Service:

   • Attestation Protocol: Implement a protocol for secure communication, quote generation, and verification.

   • Storage: Use decentralized storage like IPFS or Arweave for evidence

4. Continuous Monitoring and Revocation:

   • Monitoring Mechanisms: Implement regular checks and re-attestation.

   • Revocation Process: Establish protocols for terminating compromised Spacecores.

5. Governance and Transparency:

   • Governance Model: Define transparent processes involving stakeholders.

   • Public Documentation: Maintain and share documentation on the attestation process.