Another day, another vulnerability, another hack. Losing control of critical personal data feels random and inevitable (here’s one very recent example).

It’d be great if we could trust IT service providers, but we can’t. Even if they’re totally respectable pillars of society who have only the best intentions, the difficulty of keeping networks secure means their good will isn’t enough.

The computer industry has spent many years researching solutions. One of them is confidential computing (formerly known as trusted computing). Software running on a server can prove its identity over the internet via what’s called a remote attestation. The attestation…

There’s a new version of Conclave out and about, with a whole lot of exciting new features. Writing secure enclaves in JVM languages just got easier, so download the SDK and let’s go over what’s been added.

Easy deployment to Azure

Azure probably has the best support for SGX of all the clouds right now, and in Beta 4 we added full support for it. Conclave now works out of the box on Azure Confidential Compute VMs, and without any need to get an approved signing key: you can self sign enclaves and go straight to ‘release mode’ on Azure. With this new support…

Enclaves should be a fully integrated component of an app

In this article we’ll explore some of the design thinking behind the Conclave API.

So you’ve got a tamperproof, encrypted memory space. You’ve got remote attestation and you’ve got private keys, so you can convince other programs you’re running inside that memory space. You’ve got encrypted messages. It’s finally easy to use. That’s pretty swish and it’s enough for some specific kinds of applications, like pure functions over relatively small datasets.

But, there are still three other things that are core to nearly any application: messaging, persistence and transactions. Conclave takes a radical approach to them that’s quite unlike other…

A new Conclave release finishes off the core feature set you need

Today we’re announcing a new beta release of Conclave, a platform that makes it easy to use secure hardware enclaves with Java. You can use enclaves to:

  • Solve complex multi-party data problems, by running programs on a computer that prevents the hardware owner from seeing the calculations.
  • Protect sensitive data from the cloud.
  • Make your hosted service auditable and trustworthy.
  • Upgrade privacy on distributed ledger platforms like Corda.

Good use cases might include analytics, auctions, order books, or verifying transactions.

In Conclave Beta 3 we have fleshed out the base feature set available in earlier releases by adding Mail, our…

Making enclaves easy

We are pleased to announce the first beta release of Conclave, our new platform for building secure hardware enclaves in Java.

In this post we’ll look at what Conclave is, take a brief look at how you can use it and then look at the roadmap towards the first production release.

What is Conclave?

Modern CPUs from Intel and others include support for creating enclaves. Enclaves create a tamper-proofed space for programs to execute, so that they can process data without the owner of the physical hardware being able to inspect or interfere with it.

If you can run computations without anyone having…

More detail on how apps can work together

Corda 4 introduces new app interop features, like the ‘class carpenter’

A big difference between Corda and other industrial blockchain platforms is the extent to which Corda prioritises different apps working together. This may seem like not a big deal — nearly everyone building platforms claims to care about things like flexibility, interoperability and the like.

But dig a little deeper and what we see is that allowing apps to be mixed’n’matched on a global ledger is difficult; it requires many different features and design decisions to come together at just the right moments. A typical way to deploy blockchain technology in the field is thus via single-use networks. …

“birthday decor lot” by Lidya Nada on Unsplash

Last week it was Corda’s third birthday, if we go by the date of the first git commits. Seems like a good excuse to write a rambling blog post!

I was reminded of this by watching newly posted interviews we did with flagship Corda users at CordaCon. It’s still a little bit surreal (but really nice) to watch people talk about using Corda to improve huge industries like global trade and insurance. Feels like hardly any time at all that the only apps were unit tests.

Here are a few things currently on my mind.


One thing that comes through…

Exploring design decisions

  • Why we don’t ship a network map server anymore.
  • The new network bootstrapping tool and planned upgrades.
  • Information about an upcoming refresh of the testnet.
  • Background information on the design thinking that went into the change.
A clever visual metaphor for “bootstrapping” that makes this page less plain

In Corda 3 we changed how the network map infrastructure works. This was the last step before we felt we could commit to the network protocol for the long term, as the prior design had always been temporary. The changes we made along with the reasons for them are described in this article by Joel Dudley.

The aspect of the re-design that has raised…

Thoughts on Meltdown and Spectre

I wanted to write down some thoughts on the CPU problems that are in the news. The first section has some analysis on how all this impacts computing and the cloud in general. The second section is Corda-specific.

Because things are moving fast I’ll try to keep this post high level. Nonetheless for space reasons I will use terms from the fields of CPU, cryptography and kernel engineering without defining them. There is some great background material in the Meltdown and Spectre papers if you aren’t already familiar with superscalar CPU design. …

Mike Hearn

My work blog: Lead Platform Engineer at R3 (my personal blog is at

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store