TECC: A New Approach to Trusted Enclave Confidential Computing – Architecture, Security, and Performance

Background : Modern data analytics require collaboration across multiple organizations, but plaintext data exchange poses severe security risks; thus, a shift toward confidential (secret‑state) data flow is essential.

Challenges of Confidential Computing :

Complexity far exceeds traditional encryption, covering arithmetic, comparison, and machine learning on encrypted data.

Existing protocols often assume no malicious adversaries or collusion, which is unrealistic.

Potential information‑entropy leakage can reduce uncertainty about original data.

Performance overhead can be several orders of magnitude higher than plaintext computation.

System‑level vulnerabilities (software side‑channels, hardware speculative attacks, supply‑chain issues) threaten security.

TECC Technical Route :

Data is secret‑shared and distributed to multiple trusted execution environment (TEE) nodes.

Each TEE node processes only its fragment; a cryptographic protocol coordinates the fragments to produce the final result.

TEEs are protected by full‑stack hardware (TEE, TPM) and cannot be inspected by the operator.

The same role in the protocol can be parallelized across node clusters for speed.

Security Model :

Three‑layer defense: full‑stack trust, TEE protection against malicious adversaries and collusion, and secret‑state sharding to eliminate most TEE attack surfaces.

Mitigates side‑channel, branch‑prediction, micro‑architectural, and supply‑chain attacks because shards are random and never used as address or branch conditions.

Implementation Details :

Core code written in Rust, providing memory safety and preventing data races.

Non‑Rust components are formally verified to avoid specific security bugs; memory‑safety has been validated.

Hardware and supply‑chain vulnerabilities are addressed through secret‑state design.

Performance :

Lightweight cryptographic protocols, high‑bandwidth internal networks (≥25 Gbps), and parallelism bring TECC performance close to plaintext.

Cost increase is within one order of magnitude; network incurs no extra public‑internet cost.

Stability is high due to isolated internal communication.

Applicability :

Supports privacy‑preserving machine learning (e.g., TECC XGBoost) and secret‑state data analysis via a TECC‑pandas Python interface.

Offers multiple security‑cost trade‑offs and works with arbitrary numbers of participants and data partitioning schemes.

Current capabilities include processing billions of samples in under an hour for ML and ten‑minute analysis for massive datasets.

Conclusion & Outlook : TECC provides a balanced solution for secure, high‑performance confidential computing, with plans to integrate deeper into the computing ecosystem and add storage capabilities.