CreDB: A Autonomous Blockchain


CreDB [kredəbəl] is a high integrity datastore that can serve as a self-standing “autonomous blockchain”. In particular, CreDB is guaranteed to operate correctly, even in the face of a powerful attacker that has taken over the host operating system, and does not require massive replication to guarantee the integrity of the data stored. This architecture is in stark contrast to existing blockchain solutions that either require a trusted set of validators or rely on complex consensus mechanisms, such as Proof-of-Work.

The system operates on top of an immutable log and exposes a straightforward API akin to other key-value stores. The immutable log enables clients to replay the timeline of dependent events to reason about the order, and causality, of modifications to the data. CreDB can store arbitrary JSON objects and query them efficiently. It comes with several novel features that are unprecedented in existing data storage and blockchain solutions: policy enforcement, protected function evaluation, and cross-chain transactions.

The blockchain relies on a trusted execution environment (TEE) to ensure the correctness of its policy enforcement mechanism and the immutability of its timeline. TEEs provide a reverse sandbox protecting the application from malicious operating systems and other applications co-located on the same machine. In particular, CreDB builds on top of the Intel Software Guard Extensions.


Policy Enforcement


CreDB enables every object to be coupled with an associated semantic security policy (SSP). These policies are inseparable from their associated data. Because SSPs are encoded symbolically as abstract syntax trees, they are amenable to analysis by third parties. These techniques coupled with witnesses enable a third party to inspect the policy associated with an object and thus establish trust in the future behavior of that object.

Protected Function Evaluation

pfe CreDB provides a protected function evaluation (PFE) mechanism that enables clients to compute a function over remote private data, which in turn generates a witness carrying the result. For the party issuing the function call, the witness yields a verifiable, portable certificate that the function has been executed, with integrity, on the specified data, with the attached result. For security purposes, the holder of the data retains full control over what can be done with the data, and both parties, the invoker, and the data holder must agree on which functions can be executed.

Cross-Chain Transactions

Two CreDB nodes can be connected to each other and selectively exchange data to enable more complex application logic. Nodes establish a secure and authenticated communication channel between their trusted execution environments to achieve this. Multiple nodes can then create a network through which functions can be remotely invoked and data safely be exchanged. Further, generic serializable transactions can be executed across a network of CreDB nodes.

As a response to the successful execution of a transaction, CreDB nodes issue witnesses, which are permanent and tamper-proof certificates of the state of the system. Further, they are independently verifiable, i.e., verification does not depend on the It can be used to establish facts about the datastore, such as the instantaneous contents of objects, the existence of specific data or past transactions, and the ordering of transactions. Witness generation enables even untrusted applications, backed by CreDB, to provide proofs of their correct operation to third parties. Because witnesses are free-standing, they enable parties who are not direct clients of the database to verify crucial aspects of the database’s operation.

Please see our tech report for more information.