Skip to content

Token Enclave

Weiwu Zhang edited this page Dec 13, 2019 · 1 revision

It probably should be called Token VM instead. We are not fixed on the term. It's the runtime environment of TokenScript when it runs in a web context.

It is called enclave because it is a secure zone not belong to the web page that uses it.

  • The JavaScript on the web can't inspect the memory of the enclave. Instead, it communicates with the enclave through an API available to JavaScript.

  • The JavaScript can't feed information into the enclave. Instead, the enclave takes information from attestations, blockchain nodes and whitelisted data sources.

The use-cases of token enclave will be a page of its own on tokenscript.org. For one example, it's safe to generate a zero-knowledge proof of a token or a token attribute inside the enclave so the proof can be used on the website. If this is done in traditional JavaScript, the website would have had access to the data itself, making zero-knowledge proof a moot point.

The token enclave can potentially run in a hardware security enclave as well. For now, it's a concept not implemented yet.