Skip to main content

Veracruz

Veracruz is a research project and experimental platform for privacy-preserving distributed computation using hardware-based trusted execution environments (confidential computing) across multiple mutually distrustful parties and devices.

  • Multi-party confidential computation spanning clients, servers, and data providers (confidential computing)
  • Use of trusted execution environments on endpoints and in the cloud for secure data processing (runtime security)
  • Support for policy-driven data access and computation control among mutually distrustful participants (data governance)
  • Remote attestation and secure session establishment between participating nodes (identity and access)
  • Prototype framework for building applications that process sensitive data without exposing raw inputs (privacy-enhancing technologies)

More About Veracruz

Veracruz is a research-focused project that explores how to run distributed computations over sensitive data contributed by multiple parties, while restricting data exposure through the use of hardware-based trusted execution environments (confidential computing). It targets scenarios where data owners, code providers, and compute infrastructure operators may not trust each other, yet still need to collaborate on a shared computation.

The project is associated with the Confidential Computing Consortium and aligns with that organization’s focus on hardware-rooted privacy and integrity guarantees. Veracruz uses trusted execution environments (runtime security) to protect code and data in use, aiming to prevent unauthorized access from the underlying Operating System (OS), hypervisor, or infrastructure operator. This enables deployment models in which endpoints, edge nodes, and cloud servers participate in a joint computation while reducing direct visibility into raw data inputs.

Veracruz introduces a model where different roles—such as data providers, code providers, and verifiers—interact through a policy-defined workflow (data governance). A computation is described by a policy that indicates which principals may contribute data, which code is authorized to run, and how outputs are released. The project leverages remote attestation (identity and access) to allow participants to verify that a computation is executing inside an expected trusted execution environment and that the correct code and configuration are in place before releasing sensitive inputs.

From an enterprise perspective, Veracruz fits into the category of privacy-preserving analytics and multi-party computation frameworks (privacy-enhancing technologies). It is applicable to situations where organizations need to combine datasets across administrative boundaries, such as cross-organization analytics or joint modeling, but do not want to share raw data. Veracruz provides a programmable environment where applications can be built to ingest inputs from multiple parties, perform computations inside trusted execution environments, and produce outputs governed by the pre-defined policy.

Architecturally, Veracruz assumes hardware support for trusted execution environments on participating platforms, and it couples this with cryptographic attestation, secure channels, and policy enforcement components. The project focuses on protocol design and reference implementations for orchestrating how endpoints and servers cooperate to form what it terms “trusted collaborative computation.” In a directory or taxonomy, Veracruz can be categorized under confidential computing frameworks, privacy-preserving computation platforms, and runtime security for distributed systems.