Sign in Subscribe

Recap: Building the Orbital Root of Trust w/ Dahlia Malkhi

By Tara Jean
Recap: Building the Orbital Root of Trust w/ Dahlia Malkhi

Earlier this month, SpaceComputer Advisor Dahlia Malkhi gave a talk on “Building Orbital Root of Trust with State-of-Art Technology” at the BASS Conference. This talk is the most comprehensive breakdown of SpaceComputer to date, starting with the broad vision of the space economy and motivations behind the project, then breaking down the main components, challenges, and functionality. With the future in mind, we invite you to follow this walkthrough of the talk to better understand our mission and infrastructure, and how to join us in orbit.

Mission in Orbit

In a nutshell, SpaceComputer is the orbital root of trust, a platform for running secure and confidential computation on satellites. It guarantees security and properties that go beyond the vulnerability of Earth-based infrastructure, meaning we stay resilient even if all Earth’s data centers go dark, preserving trust-minimized systems for the future.

Building Blocks for Orbital Compute 

To bring this vision to life, we are utilizing the rapidly growing ecosystem of satellite providers, who allow you to launch and maintain communication in orbit with a small compute device (aka a box or node) on the satellite. 

SpaceX’s launch cadence has placed thousands of satellites in orbit, and communication networks like Iridium with 66 satellites in Low Earth Orbit (LEO), are creating near-global connectivity. Communication between satellites is very fast when there is direct connection. If the satellites are not in a line of sight with each other, they communicate by connecting indirectly through a ground station and back into orbit.

In the context of today, you can think of satellite connectivity as a capacity-limited SIM card that sometimes works and has high latency, but remains private. Today’s constraints of latency and bandwidth will likely be distant hurdles 10 years from now.

The Security Advantage of Space

With these constraints set to be overcome 10 years or less, the opportunity we see running workloads on satellites creating is in a nutshell, unique security properties.

Once a box is launched securely and deployed in space, it's perfectly tamper-proof. Nobody can hack into it with a probe or a screwdriver to exploit a side channel on the satellite. If data is deleted in orbit with no retrieval API, it’s gone, it’s delete-proof. Communication links, when satellites are in direct connection and within a secure area on Earth (a few kilometers), so nobody can jam the communication, allowing for safe uploads and downloads from a satellite.

Uniquely to SpaceComputer, we can use orbital systems to provide attestation as to geolocation. With satellites on a predictable trajectory, and you can guarantee you’re in direct connection with the right satellite above head, and this can provide decentralization and Sybil protection properties.

With these properties in mind, it’s still a nascent technology just coming into existence. The supply chain of the orbital root of trust is less mature than some infrastructures on Earth, and dependence on ground stations and software upgrades are a point of vulnerability. We emphasize it's a nascent technology, and it will evolve.

Use Cases

These unique security properties open the door to many possible use cases for our protocol, and we invite builders to explore them with us. Some potential applications include:

  • cTRNG: Cosmic True Random Number Generator (using cosmic entropy)
  • Validator diversification
  • Proof-of-Location
  • External bulletin boards for posting information
  • Secure co-processor
  • Checkpointing (preventing long range attacks)

This is just the beginning. We believe the most transformative use cases will come from builders imagining use cases we haven’t yet considered.

Orbitport: Architecture for Trust

In our Blue Paper, we outline our core design goal, which is to minimize the trusted compute base (TCB), therefore reducing the attack surface and shrinking capacity needs. 

It's easier to verify, and adheres to the capacity limitations of the current technology. By deploying a core, you can deploy workloads in a sandbox, the software doesn’t require as many upgrades, and allows for scalability through anchored services on Earth. 

Read the Blue Paper here.

Two-Tier Architecture

SpaceComputer’s software deployed on these satellites has a two-tier architecture, designed for the constraints and opportunities of orbital compute. 

Celestial Layer 1 in Orbit: the authoritative root of trust and finality layer, optimized for limited, intermittent communication.

Uncelestial Layer 2 on Earth: services, networks, and chains anchored to Layer 1, inheriting its trust guarantees, while increasing speed and scalability. 

On the Layer 1, we're going to employ protocols from the HotStuff family (with contributions from Espresso’s HotShot base). Also utilizing basic linearity protocols, with focus on reducing latency (e.g., HotStuff-1 and Alpenglode), and increasing throughput through parallel proposing (e.g. Autobahn). On top of this, we will support EVM workloads, and in the future, we plan to add a Wasm (WebAssembly) container so you can customize and deploy your normal solidity EVM workloads in space. 

Layer 2s usually are commit chains or state channels. We’re introducing a third variant which is a hybrid between the two.

We borrow from Stanford’s Ebb and Flow, where the validators of the Layer 2 network stake their votes on the finality. You are able to look at the votes and can slash somebody who double voted very easily in a smart contract. This gives us very fast finality and high throughput on Earth, with the Layer 1 always as a security fallback.

We already have the prototyped RPC gateway that allows any device or chain on Earth to connect with satellites or to anchor on the Layer 1. 

You can give it a try here.

From Impossible to Inevitable

We think there are infinite possibilities, and now is the time to build them. We ask that you don’t limit your view of SpaceComputer to the technology you see that is in use today.

For context, 70 years ago in 1958, the secret military project CORONA faced a problem: how could they return satellite reconnaissance images from orbit, before the invention of digital photography?

The engineers didn’t stop at “this is hard and impossible.” Instead, they devised a system where they dropped buckets from the satellites in orbit carrying physical undeveloped film to be captured in orbit by aircrafts. 

By comparison, SpaceComputer’s challenges are a luxury, and we're very excited about the future. What may be impossible today will be practical tomorrow, even if it’s an unconventional solution.

Join the Mission

We are already working with a small but evolving community, with a system for request for proposals on GitHub open to all. This is your invitation to join us. To be optimistic, to create systems that will still be running long after Earth’s infrastructure has failed. The future of sovereign, trust-minimized compute starts at SpaceComputer.

Follow Dahlia Malkhi on X
→ Join the Official Telegram chat and get involved today!