Confidential computing is a quiet revolution.

· Bits and Bobs 5/6/24

Confidential computing is, basically, "secure enclaves in the cloud."

Most chips being deployed today in production clouds support confidential computing modes.

They can run a VM, fully encrypted in memory, with a minor (1-2%) performance overhead.

Without confidential computing, an SRE at one of the cloud providers could theoretically peek into the memory of your running VM.

Your VM in the cloud is your turf… but the hosting authority can still peek inside.

With confidential computing, it's your turf, and the hosting authority can't peek inside.

Think of it like an embassy.

Your own sovereign territory, embedded in another context.

This guarantee is not absolute (just like the host country could theoretically forcibly enter an embassy), but it is a boundary orders of magnitude stronger than the status quo of "Keep out. Or Enter. I'm a sign, not a cop"

Perfect guarantees in the world of privacy or security can never be made.

But things that change the cost of breaking an assumption of the threat model by many orders of magnitude create a massive difference in practice.

Imperfect boundaries can be made increasingly strong over time as more effort is invested in improving them.

The amount of investment will be proportional to the value of workloads that rely on them.

Secure enclaves in phones started out as leaky and underpowered, and have gradually become significantly more hardened and powerful as more workloads have come to rely on them.

Over time, they get closer and closer to the impossible ideal of "perfection," successfully defending against ever more powerful threats.

With confidential computing, your local control extends beyond the edges of your own device into the cloud.

Before, to be private you had to be on device.

But on-device is limited by bandwidth and battery.

Now you can get privacy, bandwidth, and battery.

Confidential computing is available in all of the major clouds today as a special option.

Billions of dollars of defense-related workloads already rely on it.

Every chip being deployed today has this capability.

The H100s and their successors also have them.

Cloud fleets take ~3 years for the full fleet to turn over.

That means that in ~3 years confidential computing will be available everywhere.

Confidential computing also allows another magic trick: remote attestation.

It's possible for a service to remotely verify that another remote service is running a particular VM with a particular SHA.

For example, an unmodified open source library.

If you trust that library to have certain behavior, you can then trust that node to have that behavior, even if you don't know or trust who's running the node.

You can build a trusted fabric out of untrusted nodes, because you can verify what each node can do, remotely.

This allows assembling a heterogenous common fabric with a consistent set of laws of physics within it.

A planet-spanning common fabric with different laws of physics.

That fabric would deserve to have a "the" prepended.

More on this topic

From other episodes