Initialize Cloak Network on Blockchain

Initializing Cloak Network on blockchain is to deploy Cloak Service, including four components:

  • cloak-tee: the core component, which is a CCF app that runs in a TEE environment, deals with Ethereum and Cloak transaction from users and synchronizes the results to blockchain.

  • cloak-tee-agent: as described above, cloak-tee runs in SGX Enclave(TEE), it is inconvenient to communicate with the outside system (blockchain, file system, etc.), so cloak-tee-agent is the untrusted part that reads cloak-tee log file and communicates with outside.

  • PKI Contract: provide the service to get PK from address for encryption and decryption.

  • Cloak Service contract: provide some useful functions that include tee address register, verification of synchronization.

Deploy PKI and Cloak Service Contract

The two contracts is be generated by cloak-compiler, so you need to install cloak-compiler in advance, see: Installation

They are standard Solidity contracts, you can use web3 to deploy them, or anyway what you want. Cloak-compiler provides two commands to deploy them, you can use it too. In our example, we use ganache, an Ethereum network, as the blockchain, you can change it depending on your need:

python cloak/__main__.py deploy-pki <SENDER ADDRESS> --blockchain-backend w3-ganache --blockchain-node-uri http://127.0.0.1:8545
python cloak/__main__.py deploy-service <SENDER ADDRESS> --blockchain-backend w3-ganache --blockchain-node-uri http://127.0.0.1:8545

Build Cloak-tee

Cloak-tee is a CCF App, compile and run it just like a standard CFF App operation.

First of all, you need a CCF-0.15.2 environment, see: CCF Development Setup, but it is complicated, we recommend you use Dcoker to setup it:

docker pull plytools/circleci-cloak-tee:v0.2.0

Get cloak-tee code in Docker:

git clone --recurse-submodules https://github.com/OxHainan/cloak-tee.git
cd cloak-tee

Build it:

mkdir build && cd build
cmake .. -GNinja
ninja

Setup Cloak Service

After building, the next steps are to run cloak-tee, cloak-tee-agent and prepare cloak-tee, you can use Cloak manager script to complete it.

The Cloak manager directory is CLOAK-TEE-PROJECT/agent, install dependencies:

cd ../agent
pip install -r requirements.txt

Setup Cloak Service:

python cloak.py setup-cloak-service --build-path <CLOAK-TEE BUILD PATH> --cloak-service-address <CLOAK SERVICE ADDRESS> --pki-address <PKI ADDRESS> --blockchain-http-uri <BLOCKCHAIN-HTTP-URI>

The build-path option is the path where you built cloak-tee.

If you want to develop or test cloak-tee, ganache-cli may be a good choice as a blockchain backend, after installed ganache and started it, The –blockchain-http-uri option should be http://127.0.0.1:8545