Home
Secretarium icon

Secure-enclave Distributed Ledger Technology

With our cutting-edge technology that combines cryptography and secure hardware, you can get efficient, resilient and scalable cloud services that preserve your privacy.

Secretarium patternSecretarium pattern
Encrypted memory

Encrypted memory

Secure by design. Data is always encrypted in memory, even during processing

Intel SGX

Intel SGX

Intel® SGX black box automates all data processing, no human ever has access to the data

Cloud architecture

Cloud architecture

Distributed and multi-cloud architecture. Built for resilient ecosystems

Privacy-preserving

Privacy-preserving

Privacy-preserving by design. Leverages the latest privacy techniques to prevent information leakage

Connection protocol

Connection protocol

Secure connection protocol secures data during transport and provides native web/mobile integration

Flexibility

Flexibility

More flexible and orders of magnitude faster than homomorphic cryptography

Confidential Computing, the fastest Privacy-Enhancing Technology

On top of protecting data in transit and at rest, we use hardware-based Trusted Execution Environment (TEE) to protect data in use. We use Intel SGX, the most advanced TEE, to guarantee that data remains encrypted in memory throughout the process. The RAM and the CPU L1, L2 and L3 caches are encrypted. An attacker with admin rights or physical access will not be able to see the data being processed.

Intel SGX secure enclaves also prevent unauthorised access or modification of encrypted data in memory. It comes with hardware acceleration to process encrypted data without a severe impact on performance.

Data protected at rest
Data protected in transit
Data protected in use

Full verifiability with remote attestations

We enable fully verifiable services by providing cryptographic evidence of the integrity of the remote processing. We use the latest attestation service to provide verification for:

Checkmarkthe application's identity and integrity (that it has not been tampered with)
Checkmarkthe application's machine (that it is running securely within an enclave on a valid Intel SGX enabled machine)
Terminal logs

Modified Merkle Patricia Tries

Merkle Patricia Tries

Encrypted and tamper-proof data storage

We store data in tamper-proof ledgers. If an agent, or a rogue programme, attempts to modify, add or remove data from storage, it would be spotted immediately. We provide a built-in mechanism to raise alerts, and in the event of an attempted modification, the system is designed to stop rather than provide an inaccurate response.

CheckmarkLedgers are fully encrypted.
CheckmarkProtects from tampering attacks.
CheckmarkMerkle tree protection.
CheckmarkModified Merkle Patricia Tries

Verifiable remote Apps,
honest-by-design

Inspired from Blockchain's smart contracts, we wrap the business logic into easily verifiable Apps. All processing is entirely transparent, it is honest-by-design. Each App runs inside a remotely verifiable Intel SGX enclave and is isolated in memory. They have their own hardware-secured encryption keys and their own encrypted ledger.

Unique

Unique

Each App – and each enclave – has a unique thumbprint and is remotely verifiable

Packaged

Packaged

The Secretarium SDK makes creating and testing of Apps easy, with all the encryption complexity nicely wrapped in APIs

Code-is-law

Code-is-law

Ideal for business process automation, the output of anApp API can be trusted because the computation can't be tampered with

Upgradable

Upgradable

We have created the governance controls to safely update Apps with new features; without comprising the associated data

Data encryption and security

Data is encrypted on premise. Our secure connector encrypts data on the fly before transit and guarantees authenticated connection directly to the remote TEE.

Data is encrypted in memory during processing. The remote App run inside an Intel SGX secure enclave that keeps the data encrypted in memory throughout the process.

Data is stored encrypted. A secure hardware encryption key is used to encrypt data before storing it in the App's tamper-proof ledgers.

Distributed architecture for resilience and performance

To prevent single point of failure and scalability, Secretarium distributes the encrypted data over multiple secure hardware machines. Each machine runs the exact same App and holds a copy of the encrypted data.

Machines are kept synchronised using a Byzantine Fault Tolerant version of the RAFT algorithm. This greatly improves upon Blockchains and DLTs consensus mechanisms and offers better performance and flexibility.

RAFT algorithm variation

RAFT algorithm

Data collaboration and deriving intelligence from multiparty data

The Secretarium technology allows the creation of controlled insights from data, at scale, without any party getting access to other's parties data. Data collection and release is controlled by data owners. Data from multiple parties in the ledger is encrypted with a hardware-secured key.

The App business logic enforces permissioning and privacy and prevents data leakage.

Complex insights

Complex insights

Apps support advanced business logic and provide flexibility to derive complex insights on sensitive data

Control remotely

Control remotely

With Apps built on consent and permissioning, data owners are always in control and can remotely attest processing accuracy with cryptographic proofs

True defence

True defence

Offer attack protection via privacy mechanisms to defend against brute-force and other guessing techniques, even bypreviously authorised applications

A combination of encryption and privacy techniques

OneEach participant verifies and attests the remote secure enclave. An ephemeral encryption key is negotiated with the remote secure enclave for transit.
TwoData is encrypted on premise before transport and uploaded directly to the remote App secure enclave.
ThreeThe remote App receives the participants' encrypted data, decrypts it in its secure-hardware context, and applies the business logic.
FourData is stored encrypted in the App's tamper-proof ledger, using a hardware-secured encryption key.
FivePrivacy techniques guarantee that other parties' data remains private while deriving intelligence from the entire pooled dataset.

Participant privacy

Participant privacy

A tech that scales the same way internet scales

The Secretarium connection protocol supports inter-cluster communication, allowing Apps to communicate and rely on one-another. A network of inter-connected Apps can scale, in a way very similar to how the internet scales. Apps also support ledger sharding when extreme performance is required.

The trustless network

A trustless ecosystem where people don't have to establish trust between themselves but can rely on an honest-by-design system.

The network is open to any third-party developer to join and offer services. We offer ready-to-use, privacy-infused SDK to make it simple for businesses to build, deploy and run trustless-privacy Apps.

We also propose off-the-shelf components to use in their Apps as modules to further accelerate the development of Apps.

Our platform gives developers game-changing features, off-the-shelf.

Easy to use

Easy to use

Our SDK allows simple creation of confidential computing apps by automating cryptographic complexity

Trustless

Trustless

Remotely attestable with out-of-the-box cryptographic evidence of integrity

Privacy-enabling

Privacy-enabling

Guarantees that data always remains encrypted,even during processing. Not even visible to cloud engineers

Environmentally friendly

Environmentally friendly

Secretarium only uses low energy machines and only owns machines in Swiss hydroelectricity-powered data centres