The Confidential Consortium Framework (CCF) is an open-source platform for building multi-party applications where governance and data are protected by a Trusted Execution Environment (TEE). It provides a high-throughput, low-latency ledger that combines a key-value store with a programmable governance model, ensuring that all operations are executed according to a transparent, auditable constitution agreed upon by the consortium members.
Glossary
Confidential Consortium Framework (CCF)

What is Confidential Consortium Framework (CCF)?
An open-source framework for building secure, highly available, and performant multi-party applications that leverage Trusted Execution Environments for tamper-proof, transparent governance.
CCF achieves consensus across a network of nodes, each running inside a hardware-enforced enclave that provides data-in-use protection. Through remote attestation, every node cryptographically proves its integrity to users and other members, creating a tamper-proof execution history. This architecture enables mutually distrusting parties to collaborate on sensitive data without revealing it to a central operator, making CCF ideal for auditable supply chains, secure multi-party analytics, and decentralized identity systems.
Core Characteristics of CCF
The Confidential Consortium Framework is built on a set of core design principles that enable transparent, highly available, and secure multi-party computation governed by a consortium.
Decentralized Governance by Consortium
CCF replaces a single administrative root with a constitution—a JavaScript script that defines the rules for membership and operation. All changes to the network, such as adding new members or updating the application code, are governed by member votes recorded on a tamper-proof ledger. This ensures no single operator can unilaterally alter the service, providing transparent, auditable control for all consortium members.
Hardware-Enforced Trust with TEEs
Every node in a CCF network runs its core logic inside a Trusted Execution Environment (TEE)—a hardware-isolated enclave. This guarantees the confidentiality and integrity of data and code during execution, protecting it from the host operating system, cloud operators, and other tenants. CCF supports multiple TEE backends, including Intel SGX and AMD SEV-SNP, providing a hardware root of trust for all computations.
Tamper-Proof Audit Logging
CCF maintains a Merkle tree-based ledger that records every transaction, governance vote, and state change. This cryptographic structure makes the log immutable and append-only; any attempt to tamper with a historical record is immediately detectable. The ledger provides a verifiable audit trail that allows any third party to cryptographically prove the exact sequence of operations and the integrity of the service's history.
High Availability via Crash Fault Tolerance
CCF is designed for Crash Fault Tolerance (CFT) using the Raft consensus protocol. A network of nodes elects a primary that replicates a log of all transactions to a majority of followers. If the primary fails, a new leader is automatically elected, ensuring the service remains available. This architecture provides strong consistency guarantees and is resilient to node failures without sacrificing performance.
Remote Attestation for Verifiable Trust
Before any client or member interacts with a CCF node, they perform remote attestation. This cryptographic protocol verifies two things: that the node is running genuine CCF code inside a valid TEE, and that it is a recognized member of the consortium. This process establishes a verifiable trust anchor without relying on the reputation of the cloud provider, ensuring the service's integrity from the moment a connection is established.
Virtualized Multi-Application Hosting
A single CCF network can host multiple independent, logically isolated applications. Each application has its own private JavaScript runtime and state, managed by a shared governance layer. This multi-tenancy allows a consortium to operate a single infrastructure for diverse use cases—such as a confidential token exchange and a private voting system—while maintaining strict separation between their data and logic.
Frequently Asked Questions
Clear, technical answers to the most common questions about the architecture, governance, and security model of the Confidential Consortium Framework.
The Confidential Consortium Framework (CCF) is an open-source framework for building secure, highly available, and performant multi-party applications that leverage Trusted Execution Environments (TEEs) for tamper-proof, transparent governance. It works by executing a defined set of application logic inside a hardware-enforced enclave across a network of nodes. A CCF network is governed by a consortium of members, where all operations—such as adding new members or deploying application code—are subject to a configurable voting policy recorded in an append-only, tamper-proof ledger. The framework combines confidential computing (protecting data in use) with a Byzantine Fault Tolerant (BFT) consensus protocol, ensuring that the service remains available and trustworthy even if a subset of nodes is compromised or malicious. This allows mutually distrusting parties to collaborate on shared data and logic without any single party having unilateral control.
Real-World Applications of CCF
The Confidential Consortium Framework (CCF) enables a new class of multi-party applications where governance, auditability, and data confidentiality are enforced by a hardware-backed Trusted Execution Environment. Below are key application domains where CCF's unique properties—transparent governance, tamper-proof audit logs, and high-throughput confidential compute—solve critical industry problems.
Decentralized Identity & Verifiable Credentials
CCF serves as a transparent, decentralized Public Key Infrastructure (PKI) for managing Decentralized Identifiers (DIDs). A consortium of trusted issuers can govern the DID registry, with all state transitions recorded in a tamper-proof, append-only ledger.
- Key Benefit: Eliminates single points of failure in identity systems.
- Mechanism: The CCF network acts as a verifiable data registry, where credential revocation lists and DID documents are stored with cryptographic proof of integrity.
- Example: Government agencies and telecom providers forming a consortium to issue and revoke mobile driver's licenses without a central authority.
Secure Multi-Party Asset Settlement
Financial market infrastructures use CCF to build atomic settlement networks that bridge disparate ledgers without exposing proprietary trading strategies. The framework's confidential transactions ensure that trade details are visible only to counterparties, while regulators maintain a cryptographic audit trail.
- Key Benefit: Reduces settlement latency from days to seconds.
- Mechanism: Smart contracts executed inside the enclave atomically swap digital assets, with the receipts providing non-repudiable proof of execution.
- Example: A consortium of central and commercial banks operating a wholesale CBDC platform where inter-bank transfers settle instantly with embedded compliance checks.
Confidential Federated Learning Aggregation
CCF provides a secure aggregation service for federated learning, replacing the traditional trusted central server with a network of enclaves governed by the data owners themselves. Model updates are decrypted and aggregated entirely within the hardware-protected boundary.
- Key Benefit: Provides cryptographic proof that the aggregator cannot inspect individual client gradients.
- Mechanism: Clients encrypt model updates to the CCF enclave; the enclave performs secure weighted averaging and publishes the new global model, with an auditable receipt of the computation.
- Example: A consortium of hospitals collaboratively training a tumor detection model without any single hospital or the aggregator accessing raw patient data or individual model updates.
Transparent Software Supply Chain Ledger
CCF acts as a universal, immutable ledger for software bill of materials (SBOM) and build attestations. A consortium of software vendors and consumers governs the network, ensuring that no single entity can tamper with the provenance records of critical open-source or proprietary components.
- Key Benefit: Enables real-time, cryptographically verifiable compliance with Executive Order 14028.
- Mechanism: Build pipelines submit signed in-toto attestations directly to the CCF network, which validates signatures and records the metadata in a tamper-proof Merkle tree.
- Example: A consortium of cloud providers and enterprise users maintaining a shared registry of verified container image signatures, ensuring that a compromised CI/CD pipeline cannot rewrite release history.
Regulated Confidential Data Exchange
CCF enables data clean rooms where multiple parties can contribute sensitive datasets for joint analysis without revealing raw data to each other or the platform operator. The governance framework ensures that only pre-approved queries are executed.
- Key Benefit: Enforces data usage policies through code, not just contracts.
- Mechanism: Analysts submit queries that are executed within the enclave; only the differentially private or aggregated result is released, with a full audit log of who queried what and when.
- Example: A consortium of retail banks sharing fraud indicators to improve collective detection models without exposing their individual customer transaction histories.
Decentralized Certificate Transparency
CCF provides a consortium-governed alternative to centralized certificate transparency (CT) logs, eliminating the single-operator trust model. Multiple Certificate Authorities (CAs) and browser vendors jointly operate the log, ensuring no single entity can split-view or tamper with the log.
- Key Benefit: Prevents a compromised CA from hiding mis-issued certificates.
- Mechanism: The CCF network maintains a cryptographically consistent, append-only Merkle tree of all issued certificates, with gossip protocols ensuring global visibility.
- Example: A consortium of browser vendors and CAs operating a next-generation CT log that is resilient to the compromise of any single member.
CCF vs. Traditional Blockchains
Key architectural and operational differences between the Confidential Consortium Framework and traditional permissioned or permissionless blockchain platforms.
| Feature | Confidential Consortium Framework (CCF) | Permissioned Blockchain (e.g., Hyperledger Fabric) | Permissionless Blockchain (e.g., Ethereum) |
|---|---|---|---|
Consensus Model | Crash Fault Tolerant (CFT) with TEE-based integrity | Pluggable (CFT or BFT); typically CFT with ordering service | Byzantine Fault Tolerant (BFT) via Proof-of-Stake or Proof-of-Work |
Transaction Confidentiality | Private channels/collections available | ||
Hardware Root of Trust | |||
Governance Mechanism | Member-managed constitution with cryptographic proposals and votes | Policy-based via certificate authorities and channel configs | Off-chain social consensus or token-weighted on-chain voting |
Smart Contract Execution Environment | In-enclave; isolated from host OS and operator | In-container or native process; visible to node operator | On-chain virtual machine (EVM); transparent to all validators |
Data-in-Use Protection | |||
Typical Throughput | Thousands of transactions per second | Hundreds to thousands of transactions per second | 15-30 transactions per second (L1) |
Energy Efficiency | High (standard CPU execution) | High (standard CPU execution) | Low (Proof-of-Work); High (Proof-of-Stake) |
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
The Confidential Consortium Framework (CCF) integrates deeply with hardware-based security primitives and distributed governance models. The following concepts form the technical foundation for building and operating a CCF network.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us