Azure Confidential Compute#

Azure Confidential Compute protects the confidentiality and integrity of your data and code while it’s processed in the public cloud.

Azure DCAP#

Intel SGX Data Centre Attestation Primitives which allows SGX attestation to be used within Microsoft Azure.


Byzantine Fault Tolerance is a type of fault tolerance that expects some nodes in the network to behave maliciously. This usually requires additional messages and checks on inputs that are received from other servers since these inputs are not trusted (in contrast to CFT where the servers are expected to behave honestly but may fail). Read more on BFT here.

Consensus Protocols#

The term Consensus protocol refers to either CFT described here or BFT described here. Generic Consensus terminology will use primary node and backup node to indicate node responsibility in carrying out the protocol(s). These correspond in Raft to leader and follower. More information about consensus protocols can be found here.


JavaScript module that defines possible governance actions, and how members’ proposals are validated, resolved and applied to the service.

Commit Evidence#

A unique string produced per transaction, and included in the Merkle Tree along with the Write Set digest and the claims_digest. The reveal of that string guarantees the transaction is committed.


Crash Fault Tolerance is a type of fault tolerance that allows the system to tolerate network and node failures up to a given limit. CFT however does not account for any nodes behaving maliciously (in contrast to BFT). Read more on CFT here.


Trusted Execution Environments, allowing fully encrypted and auditable execution without direct access from the host machine.


Flexible Launch Control is a feature of the Intel SGX architecture.

Intel SGX PSW#

Intel SGX Platform SoftWare which manages SGX enclaves loading as well as communication with architectural enclaves. More details here.


Constitute the consortium governing a CCF network. Their public identity should be registered in CCF.

Merkle Tree#

Tree structure which records the hash of every transaction and guarantees the integrity of the CCF ledger.

Microsoft Azure#

Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.

Observed Reconfiguration Commit (ORC)#

A particular kind of remote procedure call submitted by a replica when it has observed the commit of a transaction that changes the network configuration. See Two-transaction Reconfiguration.

Omission Fault#

Type of failure where consensus messages exchanged between nodes are lost due to unreliable network. This may cause one or more nodes to be isolated from the rest of the network.

Open Enclave#

Open Enclave SDK is an SDK for building enclave applications in C and C++.


Are in charge of operating a CCF network (e.g. adding or removing nodes). Their identities are not registered in CCF.


QUIC is a new protocol that uses multiple UDP streams in a single TLS 1.3+ encrypted connection to achieve speed and scalability for very large and complex traffic.

Ring Buffer#

The ring buffer is a data structure that allows communication between the (unprotected) host and the enclave. Data that is written to one side can be read on the other. Only specific types of messages are supported to make sure each package that goes across is read by the right process in the right way.


Representational state transfer is a set of constraints on web APIs, usually implemented over HTTP using JSON as request and response objects exchanged between a requesting client and an implementation server.


Remote Procedure Call is a way to execute functions in remote machines. CCF uses REST host services to allow clients to execute programs inside the enclave via the ring buffer.


Intel Software Guard Extensions is a set of instructions that increases the security of application code and data, giving them more protection from disclosure or modification. Developers can partition sensitive information into enclaves, which are areas of execution in memory with more security protection.


Transmission Control Protocol is a network protocol over IP that provides sessions and ordered streams, which we use to connect between nodes and external clients.


Trusted Execution Environment is a secure area of a main processor. It guarantees code and data loaded inside to be protected with respect to confidentiality and integrity. Often referred to as “enclave”.


Transport Layer Security is an IETF cryptographic protocol standard designed to secure communications between a client and a server over a computer network.

Transaction ID#

Unique transaction identifier in CCF, composed of a View and a Sequence Number separated by a period. Sequence Numbers start from 1, and are contiguous. Views are monotonic. E.g. The transaction ID 2.15 indicates the View is 2 and the Sequence Number is 15. Sequence Numbers are also referred to as a kv::Version in the context of the Key-Value store.


Directly interact with the application running in CCF. Their public identity should be voted in by members before they are allowed to issue requests.

Write Set#

The keys and values written to during a CCF transaction. The state of the Key Value store at a given Transaction ID is logically the successive application of all write sets up to that point.