I am working on a project where I want to store end-user private data, but immediately this brings up the trust question of why a user would trust me to hold their data. I don't actually want to hold their data, but rather run an analysis on it and give the user the final result.
To that end I still need to have a storage of the user data. So I wanted to see if I could accomplish some kind of paradigm where I have the encrypted data, but the user has the keys. After doing some research into this field I found literature on secure enclaves and Trusted Execution Environments. The use case seems fairly similar in that the way it's discussed is that companies don't necessarily trust public clouds to hold their data so they use these enclaves so that the cloud doesn't actually hold their data, but rather an encrypted version while they hold their own key. Some of the links I've been looking at are
- https://azure.microsoft.com/en-us/solutions/confidential-compute/#products
- https://scontain.com/index.html?lang=en#pyspark
- https://www.anjuna.io/in-the-news/anjuna-announces-guide-to-implementing-secure-enclaves
I'm wondering if I can extend that same paradigm in a b2c model where my project will hold data but individuals can hold their keys, either with a desktop, or a wallet or something. The question is are there any existing examples of this client-server trustless architecture or advice on implementation.
