Ternoa architecture organises enclaves in clusters to support the secret-sharing threshold scheme. Each cluster is made of 5 different enclaves (at this time). Enclaves of a cluster can either belong to a single private owner (for permission use) or be publicly distributed in different geographical locations or cloud providers.
Regarding the Polkadot Open Governance, Requests or Proposals to register or remove a cluster require approval from the technical committee of the Ternoa network, which is accessible from the Polkadot.js app for anybody who has an enclave a.k.a node operators.
Each TEE can contain multiple enclaves, while each enclave has an independent operator account. The operator can request to register the enclave to cluster or remove it from the network regarding the staking rules.
Enclaves which are members of a cluster should not share any data, while separate public clusters can peer-to-peer synchronize their corresponding “slots” to help the network reliability.
There are two types of general clusters:
- Public clusters
- Enterprise clusters
Public clusters serve to Ternoa secret network unconditionally while enterprise clusters have constraints. The key difference is the Enclave Operator. Whenever the operators are controlled or assigned by a company or are limited by legal terms, their enclaves and clusters are considered enterprises. Famous examples are the medical, financial, or military documents that can not be stored on servers outside of a country. This case is a geographical limitation on the enclave server location.
To create a decentralized fault-tolerant network of TEE enclaves, they should asynchronously communicate and replicate their confidential state. Whenever an enclave receives, stores, and seals a secret share, it will send a confirmation transaction to the blockchain. When the blockchain receives 5 different confirmations for the same NFT-ID from a cluster, the blockchain will generate an ‘NFT-synced’ event in the current block. Since all enclaves in the network are listening to the blockchain events, as soon as they notice the ‘NFT-synced’ event, they send a request to the original cluster and corresponding slot number for the new secret share (s).
About Author
