Architecture

AWS Nitro Enclaves Implementation

The current implementation uses AWS Nitro Enclaves, which provide an isolated compute environment with its own kernel, memory, and CPU resources. The architecture follows a secure communication flow:

Enclave Setup:
- EC2 host establishes a proxy and TAP tunnel
- Nitriding (our security layer) sets up the enclave-internal web server
- HTTPS certificates are automatically provisioned via Let’s Encrypt
- Application servers (Web/TCP) are initialized within the enclave
Attestation Flow:
- Clients can request attestation documents with custom nonces
- Attestation verification ensures enclave authenticity
- Secure communication channels are established post-verification
Runtime Security:
- Memory isolation from EC2 instance
- Dedicated CPU resources
- Cryptographic separation
- Network isolation with controlled communication channels

Garbled Circuits

Trusted Execution Environments (TEEs)

Proxy Re-Encryption (PRE)

Homomorphic Encryption (Paillier)

AWS Nitro Enclaves Implementation

Garbled Circuits

Trusted Execution Environments (TEEs)

Proxy Re-Encryption (PRE)

Homomorphic Encryption (Paillier)

​AWS Nitro Enclaves Implementation

AWS Nitro Enclaves Implementation