Surely I'm reading this wrong. Does the whole thing depend on users trusting that the nodes run the correct software, which uses these "enclaves" to hide private data from itself?
I'm not sure what this means. Supposing I'm a node that runs the correct software as well as some incorrect software. I prove (however this works) using SGX that I'm running the correct software. You send me the data and I run it through the incorrect software.
I imagine my ignorance of SGX has something to do with this. Is there a 101 link somewhere?
As betterunix says, the way you do it is that the signed data structure proving what software you're running can contain a public key, for which the private key exists only in the enclave. So you can then encrypt secrets that are readable only in the enclave.
One approach: use attestation to prove that a public key was created inside an SGX "enclave". Encrypt the inputs using the public key, and now only the enclave can decrypt and use the inputs.
In that case, why not use a centralized ledger operated by Intel? It would certainly be more efficient, and no less trust-worthy. You even eliminate a whole bunch of side-channel attack vectors on the MobileCoin software such as memory access patterns, heat dissipation patterns, timing analysis, and failure modes such as total compromise of SGX.
