Confidential Computing and Privacy-preserving Technologies for 6G

Future 6G infrastructures must ensure reliability, trust, and resilience across a globally connected continuum of heterogeneous environments, supported by the convergence of networks and IT systems. The substantial increase in coverage, network heterogeneity, and the deep integration of emerging AI tools, new hardware components and accelerators, edge computing, and IoT nodes raises severe concerns that security and privacy in 6G may become worse than in previous generations. Contemporary security therefore needs to be significantly enhanced to protect sensitive data and enable new digital services. CONFIDENTIAL6G addresses these challenges by emphasizing privacy preservation and the security of sensitive data, focusing on protection of data in use, in transit, and at the edge. The project bases its work on three key pillars: post-quantum cryptography, confidential computing, and confidential communication, advancing security enablers and privacy-preserving technologies applicable across the 6G edge–cloud continuum. The project tests and validates the developed solutions in three representative use cases: (1) predictive maintenance for an airline consortium, combining federated learning with confidential containers and blockchain-based auditability, (2) mitigation of internal threats for telecom cloud providers through trusted execution environments, remote attestation, and scalable orchestration across heterogeneous platforms, and (3) intelligent connected vehicles supporting mission-critical services and secure over-the-air updates with privacy-preserving mechanisms. Through these validations, CONFIDENTIAL6G contributes building blocks and experimental evidence that support trustworthy and resilient 6G infrastructures and strengthen Europe’s position in secure next-generation networks.

CONFIDENTIAL6G advanced security and privacy-preserving technologies for next-generation networked systems, delivering results in post-quantum cryptography, confidential computing, privacy-enhancing technologies, and decentralised trust. The project produced validated building blocks for future 6G edge–cloud infrastructures, including cryptographic enablers for quantum-resistant communication and confidential collaborative computation. It benchmarked post-quantum secure TLS 1.3 and provided practical migration guidance. Privacy-enhancing advances included fully homomorphic encryption, secure multiparty computation, and zero-knowledge proof protocols. Results include the design of an Aloha-HE FPGA-based accelerator for client-side CKKS homomorphic encryption, achieving major speedups, and the introduction of optimised cipher constructions reducing randomness and computation overhead for constrained clients. In confidential computing, both hardware- and software-based approaches were explored. Trusted Execution Environments were validated on AMD and Intel platforms with remote attestation and attestation-in-TLS. A platform-agnostic architecture with a uniform hardware abstraction layer enabled portability across heterogeneous deployments. Experiments showed attestation within tens of milliseconds and only limited overhead for machine learning workloads. The project also integrated blockchain-based auditability, decentralised identifiers, and verifiable credentials to strengthen integrity and accountability. Federated learning pipelines supported multi-party AI/ML training without centralised raw data sharing, while robust aggregation improved resilience against adversarial attacks. Secure over-the-air updates with decentralised integrity verification were also demonstrated.

CONFIDENTIAL6G delivered architectural concepts, prototypes, performance evaluations and security analyses that extend work in post-quantum cryptography, confidential computing and privacy-preserving networking. Rather than full end-to-end products, the outcomes are positioned as validated building blocks, design guidelines and experimental evidence for reuse. Within the Confidential Toolkit, the consortium benchmarked PQ-secure TLS 1.3 in realistic 5G/6G settings, provided a migration roadmap, optimised homomorphic encryption (including TFHE), and introduced Aloha-HE, a client-side CKKS hardware accelerator achieving major speed-ups. The project also advanced zero-knowledge proofs, verifiable secret sharing and verifiable computation supporting privacy-preserving collaborative AI/ML. The Blockchain Toolkit added decentralised identity mechanisms (DIDs, Verifiable and Anonymous Credentials), encrypted DID-bound communication/storage, and feasibility designs for FHE-enabled smart-contract logic, enabling GDPR-compliant authentication, auditability and programmable trust in heterogeneous 6G environments. In confidential computing, CONFIDENTIAL6G designed a platform-agnostic architecture integrating hardware abstraction, remote attestation and attested TLS. AI/ML workloads were demonstrated across heterogeneous TEEs (AMD SEV-SNP, Intel TDX) without refactoring, with exploration of ARM orchestration and RISC-V enclaves. Performance showed attestation in tens of milliseconds and minimal ML slowdowns, while confidential-container orchestration overheads remained modest (~4%). In confidential networking, the project combined decentralised data sharing, identity-anchored access control and trusted orchestration to enable federated AI/ML with local data retention. This was validated through pilots in airline maintenance, telecom insider-threat mitigation and connected vehicles with secure OTA updates.