Glossary

Azure Confidential Compute

Azure Confidential Compute protects the confidentiality and integrity of your data and code while it’s processed in the public cloud.

Azure DCAP

Intel SGX Data Centre Attestation Primitives which allows SGX attestation to be used within Microsoft Azure.

Constitution

JavaScript module that defines possible governance actions, and how members’ proposals are validated, resolved and applied to the service.

Commit Evidence

A unique string produced per transaction, and included in the Merkle Tree along with the Write Set digest and the claims_digest. The reveal of that string guarantees the transaction is committed.

CFT

Crash Fault Tolerance is a type of fault tolerance that allows the system to tolerate network and node failures up to a given limit. CFT however does not account for any nodes behaving maliciously. Read more on CFT here.

Enclave

Trusted Execution Environments, allowing fully encrypted and auditable execution without direct access from the host machine.

FLC

Flexible Launch Control is a feature of the Intel SGX architecture.

Intel SGX PSW

Intel SGX Platform SoftWare which manages SGX enclaves loading as well as communication with architectural enclaves. More details here.

Members

Constitute the consortium governing a CCF network. Their public identity should be registered in CCF.

Merkle Tree

Tree structure which records the hash of every transaction and guarantees the integrity of the CCF ledger.

Microsoft Azure

Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.

Node identity

The public identity of a node in a service, represented as an X.509 certificate containing an endorsement from the Service Identity. It is used to issue transaction receipts. See here for more detail.

Omission Fault

Type of failure where consensus messages exchanged between nodes are lost due to unreliable network. This may cause one or more nodes to be isolated from the rest of the network.

Open Enclave

Open Enclave SDK is an SDK for building enclave applications in C and C++.

Operators

Are in charge of operating a CCF network (e.g. adding or removing nodes). Their identities are not registered in CCF.

QUIC

QUIC is a new protocol that uses multiple UDP streams in a single TLS 1.3+ encrypted connection to achieve speed and scalability for very large and complex traffic.

Ring Buffer

The ring buffer is a data structure that allows communication between the (unprotected) host and the enclave. Data that is written to one side can be read on the other. Only specific types of messages are supported to make sure each package that goes across is read by the right process in the right way.

REST

Representational state transfer is a set of constraints on web APIs, usually implemented over HTTP using JSON as request and response objects exchanged between a requesting client and an implementation server.

RPC

Remote Procedure Call is a way to execute functions in remote machines. CCF uses REST host services to allow clients to execute programs inside the enclave via the ring buffer.

Service identity

The public identity of the CCF service, represented as an X.509 certificate. It is used to authenticate the service to clients and other nodes. See here for more detail.

SEV-SNP

AMD Secure Encrypted Virtualisation - Secure Nested Paging is a trusted execution environment platform. It is a technology used to isolate virtual machines from the hypervisor with strong memory integrity protection.

SGX

Intel Software Guard Extensions is a trusted execution environment platform. It is a set of instructions that increases the security of application code and data, giving them more protection from disclosure or modification. Developers can partition sensitive information into enclaves, which are areas of execution in memory with more security protection.

TCP

Transmission Control Protocol is a network protocol over IP that provides sessions and ordered streams, which we use to connect between nodes and external clients.

TEE

Trusted Execution Environment is a secure area of a main processor. It guarantees code and data loaded inside to be protected with respect to confidentiality and integrity. Often referred to as “enclave”.

TLS

Transport Layer Security is an IETF cryptographic protocol standard designed to secure communications between a client and a server over a computer network.

Transaction ID

Unique transaction identifier in CCF, composed of a View and a Sequence Number separated by a period. Sequence Numbers start from 1, and are contiguous. Views are monotonic. E.g. The transaction ID 2.15 indicates the View is 2 and the Sequence Number is 15. Sequence Numbers are also referred to as a ccf::kv::Version in the context of the Key-Value store.

Users

Directly interact with the application running in CCF. Their public identity should be voted in by members before they are allowed to issue requests.

Write Set

The keys and values written to during a CCF transaction. The state of the Key Value store at a given Transaction ID is logically the successive application of all write sets up to that point.