Confidential Compute

What is Confidential Compute?

Confidential Compute allows computation to be performed on sensitive data without exposing that data to the parties running the computation.

In Palliora, this means data can be processed while remaining hidden from infrastructure operators, other network participants, and even the host operating system. Only the intended outputs are revealed, and only under the conditions defined in the contract.

Confidential Compute is a core security capability that allows Palliora to support sensitive workloads without relying on trust in the underlying infrastructure.

The problem Confidential Compute solves

In many real-world scenarios, data cannot be shared in plain form. It may be commercially sensitive, personally identifiable, or legally restricted.

Traditional computation models force a trade-off. Either the data is revealed to the party performing the computation, or computation is avoided altogether. Encryption protects data at rest and in transit, but in most systems, it must be decrypted before it can be used.

Confidential Compute removes this trade-off. It allows data to be processed without being exposed to the machine operators or external observers.

How Confidential Compute works

Palliora enables Confidential Compute primarily through the use of Trusted Execution Environments, or TEEs.

A TEE is a secure enclave within a processor. It provides a protected memory region where code can execute in isolation from the rest of the system, including the operating system and administrators. Data loaded into the enclave cannot be accessed from outside it.

Before computation begins, the enclave generates an attestation report. This is a cryptographic proof that confirms the enclave is genuine and that it is running the expected code. Other network participants, including verifiers, can check this proof before allowing sensitive data to be processed.

Once verified, encrypted data is provided to the enclave. Inside the enclave, the data can be decrypted and processed securely. The intermediate state remains confined to the enclave.

Sensitive data can also be sealed, meaning it is encrypted with a key derived from within the enclave itself. Sealed data cannot be accessed outside that enclave instance, preventing extraction or reuse in an unintended context.

In practice, a contract may require that certain operations run inside a TEE. Guardians coordinate access, and a designated compute node executes the workload inside the enclave. The output is then encrypted and released according to the contract’s rules.

Trust and guarantees

Confidential Compute significantly reduces the trust required in infrastructure operators.

Even if the host machine is compromised, the data and execution inside the enclave remain protected. Attestation ensures that only approved code is running. Sealed data ensures that sensitive material cannot be extracted or reused outside the trusted boundary.

However, Confidential Compute does not eliminate all trust assumptions. It relies on hardware security guarantees and the correct implementation of the TEE technology. Palliora therefore treats it as one option within a broader confidentiality spectrum, chosen explicitly in the contract.

What Confidential Compute is not

Confidential Compute is not a complete privacy solution.

It does not replace encryption, access control, threshold decryption, or verification. It also does not guarantee the correctness of computation on its own. A computation can still be incorrect or malicious if it is not properly verified.

For this reason, Palliora combines Confidential Compute with other mechanisms such as threshold encryption, verifiers, and computable contracts.

How Confidential Compute fits into Palliora

Confidential Compute is one of the execution modes available to Palliora contracts.

A contract can specify that certain computations must run inside a TEE. Guardians coordinate access to encrypted data. A compute node processes the request inside an enclave. Verifiers can check attestation and validate outputs where required.

This enables use cases such as private model training, secure data analysis, protected key handling, and agent execution without exposing raw inputs.