Modern web services pose a growing public concern regarding their lack of transparency. While any shift towards increased transparency would require significant changes across the board (including new business models, privacy regulations, etc.), there is still progress to be made on the technical front. We posit that several such services can be modeled as a joint computation over data from multiple parties (comprising both end users and the service provider), where transparency requires enforcing: 1) agreed-upon policies on what computations can occur on each party’s data, and 2) set of parties with whom the results are shared.
To that end, I will present LucidiTEE, a system that enables multiple parties to jointly perform stateful computations on large private inputs, while enforcing history-dependent policies (even when the input providers are offline) and fairness (i.e. all or no party gets the output). LucidiTEE tolerates arbitrary corruption thresholds amongst the parties, and assumes malicious storage and compute providers — to that effect, we develop a set of novel protocols between a network of TEEs and a shared, append-only ledger. LucidiTEE uses the ledger only to enforce policies; it does not store inputs, outputs, or state on the ledger, nor does it duplicate execution amongst the participants, which allows it to scale to large data and large number of parties. We demonstrate applications including a private personal finance app, federated machine learning, fair n-party information exchange, and one-time programs.