By entering your email address you permit us to store and use your email for the purposes of marketing and communication with you.
_
All personal data is processed according to the IntellectEU Privacy Policy. You can withdraw your permission and require removal of your personal data any time by contacting us via email privacy@intellecteu.com or by pressing link Unsubscribe in any email received from us.
IntellectEU and Secretarium present a collaborative proof of concept, demonstrating signing of digital assets via confidential computing
IntellectEU and Secretarium present their collaborative proof of concept (PoC), demonstrating signing of digital assets via confidential computing.
IntellectEU is a leader in financial innovation and integration, with nearly two decades of experience delivering technical solutions to financial enterprises. Secretarium is a confidential computing and data privacy innovator whose products provide next-generation secure data processing.
This collaboration combines IntellectEU’s DLT enablement solution, Catalyst Blockchain Manager, with Secretarium’s confidential computing platform, Klave.
The PoC leverages Hyperledger Besu® as a private, EVM-based blockchain network, managed by Catalyst Blockchain Manager, while Klave provides a secure environment for key custody and transaction signing. The solution demonstrates how confidential computing can be incorporated into digital asset transaction workflows, ensuring secure key management and providing users with guarantees of exclusive custody.
Confidential computing is a security and privacy-enhancing computational technique that protects code and data in use (during processing) in a secure, isolated environment (Trusted Execution Environment or TEE) within a CPU. Complementing traditional protection for data at rest and in transit, it ensures that data remains secure at all times, even during computation, preventing unauthorized access or tampering, even if the underlying infrastructure is compromised.
Two main types of TEEs exist: hardware-based and virtualized-based. Klave leverages hardware-based TEEs, which offer stronger security guarantees than virtualized TEEs by providing dedicated, tamper-resistant enclaves. The enclaves remain isolated from both the operating system and hypervisor, ensuring maximum protection for sensitive computations.
A simplified overview of the transaction flow
The process begins with Catalyst Blockchain Manager, which deploys a new Hyperledger Besu network and provides an authorized RPC endpoint. This ensures that only approved applications can interact with the blockchain. Once the network is operational, the Klave Platform initializes and deploys the Klave App, which is granted permission to access the Hyperledger Besu network.
A key aspect of this solution is secure key management. The Klave App generates a private key for the user, which is created, used, and managed entirely within the secure hardware enclave. This key never leaves the enclave in any form (plaintext or encrypted) ensuring it remains exclusively known to the hardware. Even when persisted, it is only stored as encrypted cryptographic shares, preventing any single entity from reconstructing it. This guarantees that all sensitive cryptographic operations are fully isolated, preserving both security and confidentiality at the highest level.
With the private key securely stored, the Klave App then constructs, signs and sends a transaction to the Hyperledger Besu network. It continuously monitors the blockchain, waiting for the transaction to be validated and finalized. To ensure safe and guaranteed execution, the Klave App verifies and validates consensus proofs, detecting and preventing any dishonest node behavior. Once successfully processed, the transaction status is updated, signaling its completion.
To maintain oversight, Catalyst Blockchain Manager monitors the wallet’s activity and balance using a block explorer, ensuring that transactions are executed as expected. This setup effectively combines blockchain infrastructure with a digital wallet secured with confidential computing, to provide a highly secure and efficient solution for managing digital assets.
Klave is a cloud platform (PaaS) for WebAssembly (WASM) applications, built on Confidential Computing and Distributed Ledgers with privacy and zero-trust at its core. It enables developers to create attestable, tamper-proof apps with guaranteed execution, protected by secure hardware and cryptography, in the cloud and without any infrastructure setup or maintenance required.
For this solution, we have developed the App in Rust by leveraging the web3 Rust library ecosystem and the Klave Rust SDK.
When deploying on Klave the App is compiled to WASM and runs from within a secure enclave.
The Klave App responsibilities go far beyond simple private key protection. Its capabilities ensure three critical security benefits:
This last point is particularly important for improving current multisig wallet security, as it ensures transactions are constructed securely within the wallet itself, rather than relying on potentially vulnerable first-signer inputs.
IntelectEU’s Catalyst Blockchain Manager is designed to streamline the deployment and management of enterprise-grade blockchain networks and applications. Catalyst provides secure and reliable automated infrastructure management capabilities to help enterprises go from concept to production in a cost efficient and streamlined manner.
The platform is designed for scale and provides operational resilience for production-grade runtime of blockchain networks and applications. The software is cloud-agnostic and can be deployed on-prem or on any cloud provider. Catalyst allows users to easily create complex, scalable, production-grade blockchain applications with a simplified process and an advanced user interface, providing the means to integrate with GitOps practices and existing systems.
Advancing Secure Digital Asset Custody
This PoC effectively demonstrates a secure and seamless method for managing transactions on a private Ethereum-based blockchain. By integrating confidential computing through the Klave Platform, the solution ensures enhanced security and trust while maintaining the flexibility and efficiency of Hyperledger Besu. By leveraging Catalyst Blockchain Manager for infrastructure management, the orchestration is dramatically streamlined and simplified.
The combination of these technologies enables enterprises to execute transactions with heightened security and reduced exposure to private key vulnerabilities. It also assures any user that they are the exclusive party with access to their wallet.
The PoC supports the security and compliance considerations of the DASCP Framework by addressing key risk prevention and mitigation controls:
Our solution demonstrates exactly how confidential computing and blockchain work together to enable a secure, scalable, and compliant digital asset transaction workflow, contributing to the evolution of digital asset securities in line with the Digital Asset Securities Control Principles.
If you are interested in discussing this or any other use case, reach out to us at: catalyst-product@intellecteu.com or jonathan.mayeur@intellecteu.com
And if you would like to learn more about the Klave App, reach out to the Secretarium team at: contact@secretarium.org.
IntellectEU and Secretarium present their collaborative proof of concept (PoC), demonstrating signing of digital assets via confidential computing.
IntellectEU is a leader in financial innovation and integration, with nearly two decades of experience delivering technical solutions to financial enterprises. Secretarium is a confidential computing and data privacy innovator whose products provide next-generation secure data processing.
This collaboration combines IntellectEU’s DLT enablement solution, Catalyst Blockchain Manager, with Secretarium’s confidential computing platform, Klave.
The PoC leverages Hyperledger Besu® as a private, EVM-based blockchain network, managed by Catalyst Blockchain Manager, while Klave provides a secure environment for key custody and transaction signing. The solution demonstrates how confidential computing can be incorporated into digital asset transaction workflows, ensuring secure key management and providing users with guarantees of exclusive custody.
Confidential computing is a security and privacy-enhancing computational technique that protects code and data in use (during processing) in a secure, isolated environment (Trusted Execution Environment or TEE) within a CPU. Complementing traditional protection for data at rest and in transit, it ensures that data remains secure at all times, even during computation, preventing unauthorized access or tampering, even if the underlying infrastructure is compromised.
Two main types of TEEs exist: hardware-based and virtualized-based. Klave leverages hardware-based TEEs, which offer stronger security guarantees than virtualized TEEs by providing dedicated, tamper-resistant enclaves. The enclaves remain isolated from both the operating system and hypervisor, ensuring maximum protection for sensitive computations.
A simplified overview of the transaction flow
The process begins with Catalyst Blockchain Manager, which deploys a new Hyperledger Besu network and provides an authorized RPC endpoint. This ensures that only approved applications can interact with the blockchain. Once the network is operational, the Klave Platform initializes and deploys the Klave App, which is granted permission to access the Hyperledger Besu network.
A key aspect of this solution is secure key management. The Klave App generates a private key for the user, which is created, used, and managed entirely within the secure hardware enclave. This key never leaves the enclave in any form (plaintext or encrypted) ensuring it remains exclusively known to the hardware. Even when persisted, it is only stored as encrypted cryptographic shares, preventing any single entity from reconstructing it. This guarantees that all sensitive cryptographic operations are fully isolated, preserving both security and confidentiality at the highest level.
With the private key securely stored, the Klave App then constructs, signs and sends a transaction to the Hyperledger Besu network. It continuously monitors the blockchain, waiting for the transaction to be validated and finalized. To ensure safe and guaranteed execution, the Klave App verifies and validates consensus proofs, detecting and preventing any dishonest node behavior. Once successfully processed, the transaction status is updated, signaling its completion.
To maintain oversight, Catalyst Blockchain Manager monitors the wallet’s activity and balance using a block explorer, ensuring that transactions are executed as expected. This setup effectively combines blockchain infrastructure with a digital wallet secured with confidential computing, to provide a highly secure and efficient solution for managing digital assets.
Klave is a cloud platform (PaaS) for WebAssembly (WASM) applications, built on Confidential Computing and Distributed Ledgers with privacy and zero-trust at its core. It enables developers to create attestable, tamper-proof apps with guaranteed execution, protected by secure hardware and cryptography, in the cloud and without any infrastructure setup or maintenance required.
For this solution, we have developed the App in Rust by leveraging the web3 Rust library ecosystem and the Klave Rust SDK.
When deploying on Klave the App is compiled to WASM and runs from within a secure enclave.
The Klave App responsibilities go far beyond simple private key protection. Its capabilities ensure three critical security benefits:
This last point is particularly important for improving current multisig wallet security, as it ensures transactions are constructed securely within the wallet itself, rather than relying on potentially vulnerable first-signer inputs.
IntelectEU’s Catalyst Blockchain Manager is designed to streamline the deployment and management of enterprise-grade blockchain networks and applications. Catalyst provides secure and reliable automated infrastructure management capabilities to help enterprises go from concept to production in a cost efficient and streamlined manner.
The platform is designed for scale and provides operational resilience for production-grade runtime of blockchain networks and applications. The software is cloud-agnostic and can be deployed on-prem or on any cloud provider. Catalyst allows users to easily create complex, scalable, production-grade blockchain applications with a simplified process and an advanced user interface, providing the means to integrate with GitOps practices and existing systems.
Advancing Secure Digital Asset Custody
This PoC effectively demonstrates a secure and seamless method for managing transactions on a private Ethereum-based blockchain. By integrating confidential computing through the Klave Platform, the solution ensures enhanced security and trust while maintaining the flexibility and efficiency of Hyperledger Besu. By leveraging Catalyst Blockchain Manager for infrastructure management, the orchestration is dramatically streamlined and simplified.
The combination of these technologies enables enterprises to execute transactions with heightened security and reduced exposure to private key vulnerabilities. It also assures any user that they are the exclusive party with access to their wallet.
The PoC supports the security and compliance considerations of the DASCP Framework by addressing key risk prevention and mitigation controls:
Our solution demonstrates exactly how confidential computing and blockchain work together to enable a secure, scalable, and compliant digital asset transaction workflow, contributing to the evolution of digital asset securities in line with the Digital Asset Securities Control Principles.
If you are interested in discussing this or any other use case, reach out to us at: catalyst-product@intellecteu.com or jonathan.mayeur@intellecteu.com
And if you would like to learn more about the Klave App, reach out to the Secretarium team at: contact@secretarium.org.
.png)
.png)