Secure-enclave Distributed Ledger Technology
With our cutting-edge technology that combines cryptography and secure hardware, you can get efficient, resilient and scalable cloud services that preserve your privacy.
Secure by design. Data is always encrypted in memory, even during processing
Intel® SGX black box automates all data processing, no human ever has access to the data
Distributed and multi-cloud architecture. Built for resilient ecosystems
Privacy-preserving by design. Leverages the latest privacy techniques to prevent information leakage
Secure connection protocol secures data during transport and provides native web/mobile integration
More flexible and orders of magnitude faster than homomorphic cryptography
Confidential Computing, the fastest Privacy-Enhancing Technology
On top of protecting data in transit and at rest, we use hardware-based Trusted Execution Environment (TEE) to protect data in use. We use Intel SGX, the most advanced TEE, to guarantee that data remains encrypted in memory throughout the process. The RAM and the CPU L1, L2 and L3 caches are encrypted. An attacker with admin rights or physical access will not be able to see the data being processed.
Intel SGX secure enclaves also prevent unauthorised access or modification of encrypted data in memory. It comes with hardware acceleration to process encrypted data without a severe impact on performance.
Full verifiability with remote attestations
We enable fully verifiable services by providing cryptographic evidence of the integrity of the remote processing. We use the latest attestation service to provide verification for:
Modified Merkle Patricia Tries
Encrypted and tamper-proof data storage
We store data in tamper-proof ledgers. If an agent, or a rogue programme, attempts to modify, add or remove data from storage, it would be spotted immediately. We provide a built-in mechanism to raise alerts, and in the event of an attempted modification, the system is designed to stop rather than provide an inaccurate response.
Verifiable remote Apps,
Inspired from Blockchain's smart contracts, we wrap the business logic into easily verifiable Apps. All processing is entirely transparent, it is honest-by-design. Each App runs inside a remotely verifiable Intel SGX enclave and is isolated in memory. They have their own hardware-secured encryption keys and their own encrypted ledger.
Each App – and each enclave – has a unique thumbprint and is remotely verifiable
The Secretarium SDK makes creating and testing of Apps easy, with all the encryption complexity nicely wrapped in APIs
Ideal for business process automation, the output of anApp API can be trusted because the computation can't be tampered with
We have created the governance controls to safely update Apps with new features; without comprising the associated data
Data encryption and security
Data is encrypted on premise. Our secure connector encrypts data on the fly before transit and guarantees authenticated connection directly to the remote TEE.
Data is encrypted in memory during processing. The remote App run inside an Intel SGX secure enclave that keeps the data encrypted in memory throughout the process.
Data is stored encrypted. A secure hardware encryption key is used to encrypt data before storing it in the App's tamper-proof ledgers.
Distributed architecture for resilience and performance
To prevent single point of failure and scalability, Secretarium distributes the encrypted data over multiple secure hardware machines. Each machine runs the exact same App and holds a copy of the encrypted data.
Machines are kept synchronised using a Byzantine Fault Tolerant version of the RAFT algorithm. This greatly improves upon Blockchains and DLTs consensus mechanisms and offers better performance and flexibility.
RAFT algorithm variation
Data collaboration and deriving intelligence from multiparty data
The Secretarium technology allows the creation of controlled insights from data, at scale, without any party getting access to other's parties data. Data collection and release is controlled by data owners. Data from multiple parties in the ledger is encrypted with a hardware-secured key.
The App business logic enforces permissioning and privacy and prevents data leakage.
Apps support advanced business logic and provide flexibility to derive complex insights on sensitive data
With Apps built on consent and permissioning, data owners are always in control and can remotely attest processing accuracy with cryptographic proofs
Offer attack protection via privacy mechanisms to defend against brute-force and other guessing techniques, even bypreviously authorised applications
A combination of encryption and privacy techniques
A tech that scales the same way internet scales
The Secretarium connection protocol supports inter-cluster communication, allowing Apps to communicate and rely on one-another. A network of inter-connected Apps can scale, in a way very similar to how the internet scales. Apps also support ledger sharding when extreme performance is required.
The trustless network
A trustless ecosystem where people don't have to establish trust between themselves but can rely on an honest-by-design system.
The network is open to any third-party developer to join and offer services. We offer ready-to-use, privacy-infused SDK to make it simple for businesses to build, deploy and run trustless-privacy Apps.
We also propose off-the-shelf components to use in their Apps as modules to further accelerate the development of Apps.
Our platform gives developers game-changing features, off-the-shelf.
Easy to use
Our SDK allows simple creation of confidential computing apps by automating cryptographic complexity
Remotely attestable with out-of-the-box cryptographic evidence of integrity
Guarantees that data always remains encrypted,even during processing. Not even visible to cloud engineers
Secretarium only uses low energy machines and only owns machines in Swiss hydroelectricity-powered data centres