SGX DCAP

SGX DCAP-based RA: To avoid this centralized procedure, Intel proposed Data Center Attestation Primitives (DCAP) to support third-party attestation. While Intel provides a reference implementation for ECDSA-based attestation along with a software library to generate and verify quotes, third parties are free to set up their own attestation infrastructure, including writing their own quoting enclave. DCAP publishes the Provisioning Certification Key (PCK) certificates so that others can verify the signatures. This approach offloads partial RA functions. However, users still rely on Intel’s single RoT, and only one (non-Intel) verifier can execute the verification. So the trust here is also centralized since the verification service is not executable for others in practice. Relying parties cannot verify or audit the genuineness of the verification results.

An independent service(not SGX) is used to transfer evidence
Confidential blockchain’s have made a big deal about switching to this. Secret has done so. Phala has built zkDCAP(noticing that DCAP does not provide privacy like IAS). Oasis is in the process of switching.

PreviousAttestation NextIntel Trust Authority

Last updated 2 months ago