CCMs (Confidential Computing Modules) is a blockchain-agnostic execution environment with privacy and auditability based on TEE (Trusted Execution Environment). CCMs enables flexible execution of business logic while protecting a shared state that is not desired to be revealed to the others. CCMs also provides auditability, i.e., only an auditor can read a specific part of the state. The current implementation of CCMs only supports Ethereum-based blockchains such as Quorum as the backend.
Please refer to White Paper (JP), CCMs Book(EN) / CCMs Book(JP) for more information.
Note: This is a prototype implementation and has not been tested for production.
Copy environment variables and set your SPID and SUB_KEY.
$ cp .env.sample .env
The ERC20-like application is implemented as the initial state transition functions. (Assumed your hardware supports Intel SGX.)
You can build a latest docker image and then run the container:
$ docker build -t anonify-server:latest -f docker/server.Dockerfile ./
$ docker run -v /var/run/aesmd:/var/run/aesmd --device /dev/sgx/enclave --env-file ./.env --name anonify -d --rm -it anonify-server:latest
Running nodes
$ ./scripts/start-docker.sh
$ cd anonify
$ ./scripts/env-anonify.sh // Change env vars depending on your environment
$ ./scripts/run-server.sh
You can use ccms-cli to communicate with a whole CCMs system. See the transfer tutorial section for usage.
Build CCMs's command line utilities.
$ ./scripts/build-cli.sh
If you want to build artifacts in release mode, pass a --release argument.
$ ./scripts/build-cli.sh --release
You can try to build the codebase on your local machine or test it in sgx-enabled environment.
CCMs assumes your hardware supports Intel SGX. Without such hardware, you can build it in simulation mode, which allows you to build on macOS.
$ docker run -v `pwd`:/root/anonify --rm -it osuketh/anonify:20210310-1804-1.1.3
Assumed your hardware supports Intel SGX or run it on Azure Confidential Computing, you can test the core component you built works correctly.
The very first thing you need to do is starting aesm service in a SGX-enabled environment. For more details, see: https://github.com/apache/incubator-teaclave-sgx-sdk/blob/master/documents/sgx_in_mesalock_linux.md#solution-overview
LD_LIBRARY_PATH=/opt/intel/sgx-aesm-service/aesm /opt/intel/sgx-aesm-service/aesm/aesm_service
Running intel SGX environment, and then, you can build in HW mode.
$ cd anonify
$ UID=`id -u` GID=`id -g` docker-compose up -d
$ docker-compose exec sgx_machine bash
$ ./scripts/test.sh
See docs/ to understand code-level architecture.
Currently, documents are only available in Japanese.
CCMs is primarily distributed under the terms of the [Apache License (Version 2.0)], see LICENSE for details.