[Software Guard Extensions on Wikipedia](https://en.wikipedia.org/wiki/Software_Guard_Extensions): > Intel Software Guard Extensions (SGX) is a set of security-related instruction codes that are built into some modern Intel central processing units (CPUs). They allow user-level as well as operating system code to define private regions of memory, called enclaves, whose contents are protected and unable to be either read or saved by any process outside the enclave itself, including processes running at higher privilege levels. So let's say it's related to [[x86]] and [[x86-64]]. SGX is used by [[Fireblocks]]: > At Fireblocks, we’ve developed a [Secure Transfer Environment](https://cryptobriefing.com/galaxy-celsius-turn-to-revolutionary-crypto-transfer-solution/) that protects our users’ private keys, deposit addresses, and API keys. We’ve achieved this through a combination of [MPC](https://www.fireblocks.com/blog/7-reasons-why-mpc-is-the-next-generation-of-private-key-security/) (multi-party computation) and [Intel SGX](https://software.intel.com/en-us/sgx) (chip-level hardware isolation). > > Though combining HMAC and [MPC](https://www.fireblocks.com/what-is-mpc/) is not a breakthrough in and of itself, the Fireblocks team is the first to successfully combine them in a memory-constrained Intel SGX enclaves, achieving: > > 1. Storage of API shares in an HSM-like environment, sealed using a hardware key > 2. Execution of sensitive business logic inside an isolated secure enclave > > **Combining MPC with HMAC—and running it within an Intel [[Software Guard Extensions|SGX]] environment—is the safest way to store and authenticate exchange [[Application programming interface|API]] keys and credentials on-prem.** It allows two parties to make an HMAC computation without either of them needing to hold the entire API secret while protecting each party from cyberattacks and insider threats. Pretty cool!