Trusted Execution Environments (Secure Enclaves)

Silhouette's core matching engine runs in an AWS Nitro Enclave on the Marlin network.

AWS Nitro Enclaves

Nitro Enclaves are secure, isolated environments that enable confidential computation. Neither AWS, nor anyone else, has access to these environments.

Verifiable execution

Code deployed to the Nitro Enclave

Deploying code to a Nitro Enclave involves building an enclave image file (.eif) that contains the application and its runtime dependencies. When this file is created, one is provided with the Platform Configuration Register 0 (PCR0) value. This is the SHA-384 hash of the .eif.

Verifying the code running in the Nitro Enclave

Nitro Enclaves are managed by the Nitro Hypervisor, which provides attestations (CBOR-encoded and COSE-signed documents) for each enclave that includes PCR0, definitively identifying the exact code running inside the enclave.

The hypervisor signatures can be verified via the certificate chain that leads to the AWS root certificate.

Reproducible builds

Silhouette will, at the appropriate time, open source the code used to create the .eif file. This will include the build system which uses Nix.

By using Nix, Silhouette is able to achieve a deterministic and reproducible build. This enables anyone in the community to rebuild the .eif running in the Nitro Enclave from source and reproduce PCR0.

Within the .eif there is an attestation server that makes it possible to request signed attestation documents. This completes the loop, allowing community members to verify that the PCR0 they produce themselves matches the AWS hypervisor-signed PCR0 from the running enclave.