Community
cancel
Showing results for 
Search instead for 
Did you mean: 
olibot2000
Beginner
130 Views

Output hash of executed code and return value of function

Jump to solution

I want to use an enclave to run a function/piece of code, lets call it F. I want to publish a proof that shows that F was executed and it gave the output/result R after execution. I suppose this will be the quote/report of the enclave, is this correct?

All examples I see contain remote attestation with a specific remote server. I however would like this quote/report to be published publicly so anyone can check its validity using the Intel Attestation Service.

Is that possible or does it have to be directed to a specific remote party?

Thanks in advance!

0 Kudos

Accepted Solutions
JesusG_Intel
Moderator
110 Views

Hello Olibot2000,


The quote or report generated by the Quoting Enclave does not provide proof that any code was executed. From Code Sample: Intel® Software Guard Extensions Remote Attestation End-to-End Example: "As part of attestation, the client's enclave proves the following:

  • Its identity
  • That it has not been tampered with
  • That it is running on a genuine platform with Intel SGX enabled
  • That it is running at the latest security level, also referred to as the Trusted Computing Base (TCB) level"


The quote generated by the enclave's platform cannot be published in such a way that just any service provider can decrypt and read it. Read the section, "Client-Server protocol" for more information. Basically, the service provider and enclave exchange a set of keys that they use to encrypt the secrets they share with each other. The service provider's public key should be hard-coded within the enclave for security purposes.


Sincerely,

Jesus G.

Intel Customer Support


View solution in original post

3 Replies
olibot2000
Beginner
114 Views

To clarify, in short:

I would like an enclave to run code F() and for an unspecific remote party to be able to verify that F() executed in enclave and that it gave a certain output R.

JesusG_Intel
Moderator
111 Views

Hello Olibot2000,


The quote or report generated by the Quoting Enclave does not provide proof that any code was executed. From Code Sample: Intel® Software Guard Extensions Remote Attestation End-to-End Example: "As part of attestation, the client's enclave proves the following:

  • Its identity
  • That it has not been tampered with
  • That it is running on a genuine platform with Intel SGX enabled
  • That it is running at the latest security level, also referred to as the Trusted Computing Base (TCB) level"


The quote generated by the enclave's platform cannot be published in such a way that just any service provider can decrypt and read it. Read the section, "Client-Server protocol" for more information. Basically, the service provider and enclave exchange a set of keys that they use to encrypt the secrets they share with each other. The service provider's public key should be hard-coded within the enclave for security purposes.


Sincerely,

Jesus G.

Intel Customer Support


View solution in original post

JesusG_Intel
Moderator
90 Views

Intel is no longer monitoring this thread. If you want a response from Intel in a follow-up question, please open a new thread.


Reply