Architecture

HaveFund’s value propositions are realized through the implementation of three mechanisms: Trusted Trade, a Secure Execution Environment, and a Secure Data Store. Together, these comprise the main components of the platform.

The Pillars of HaveFund

Trusted Trade

Trusted Trade enabled by smart contracts on a distributed ledger is the heart of HaveFund. The nature of distributed ledgers ensures that no single party, not even the platform developer, has the ability to manipulate the loan auctions. Each alliance member controls their own distributed ledger node, and all transactions are subject to the ledger’s consensus algorithm.

This also means that all transactions (but not the encrypted data) are in plain view on the public ledger, so the auctions are trackable and auditable.

Secure Execution Environment

HaveFund utilizes a Secure Execution Environment called the Blackbox, built on top of Intel® Software Guard Extensions (Intel SGX®) technology. This is a hardware-based secure enclave where operations can be made on data without anyone—including privileged users with administrator access to the server—being able to observe the process and data in the enclave.

The Blackbox is entrusted with two main tasks:

  • Credit score calculation – Sensitive data from the loan seller (the borrower’s private information) and the bidders (the lender’s confidential credit policy) are decrypted inside the Blackbox and used to calculate a credit score. This score is then encrypted and sent to the lender. The decrypted data never leaves the enclave and is therefore never exposed to the outside world.
  • Auction winner selection – The Blackbox uses the selection policy submitted by the loan seller when they create the auction to determine the winner. For example, some sellers may prioritized lower interest rates, while others may prefer a longer repayment period. The encrypted bids are decrypted only inside the enclave, so like all other confidential information in HaveFund, is never prone to observation by any party.

Being able to perform operations away from prying eyes is all well and good, but lenders need assurance that such operations are indeed doing what the platform developer says they are. This is made possible by a process called Remote Attestation, which is an integral part of the Intel SGX® offering. In a nutshell, it provides cryptographic proof that the Secure Execution Environment is running the code that the developer says it is, and nothing else. All participants are then assured that the auctions are fair and cannot be manipulated, and that their data is secure.

Secure Data Store

The Secure Data Store is the repository where all confidential information such as borrower details, lender credit policies, and lender bids is stored in encrypted form. Because all data is encrypted before being sent to this data store, and the keys do not reside locally but are within the control of either the lenders or the Blackbox, the information cannot be accessed even in the unlikely event that someone breaks into the data store.

Together, these core components combine to achieve the platform’s stated goals of ensuring integrity of trade and protecting data at rest, in motion, and in use.