Why are various blockchain technologies TEE so important?

Written by Oliver Jaros, CMT Digital Analyst, Shlok Khemani, decentralised.co

Translated by Yangz, Techub News

Uber's San Francisco headquarters is similar to most technology companies, with an open floor plan where employees can move freely and share their ideas. However, in the center of the main floor, there is a room that few employees go to. The metal and glass exterior, a switch that can make the clear glass opaque, and the frequent presence of security personnel all make this room seem very mysterious.

This is Uber's "War Room", a space that operates 24/7 and is mainly used by executives to brainstorm solutions to the biggest problems facing the company. In order to maintain confidentiality, this room is open strictly on a "need to know" basis. This secrecy is necessary as Uber battles fiercely around the world to dominate the ride-hailing market, and rivals will not miss any opportunity to leak their strategies. What happens in the war room stays in the room.

Inside Uber's war room; Source: Andrew Chen, a16z

This practice of setting up private compartments in otherwise accessible spaces is common. When Apple is working on secret projects, it places designated teams in other buildings separate from its headquarters. The Capitol and other U.S. government buildings have sensitive information facilities (SCIFs) that provide soundproof walls and electromagnetic shielding for sensitive discussions. We also have safes in our own homes or hotel rooms.

Secure Enclaves have extended beyond the physical world. Today, we primarily use computers to store data and process information. As our reliance on silicon-based machines continues to grow, so does the risk of attacks and breaches. Just like Uber's war room, computers need an isolated space to store the most sensitive data and perform critical calculations. This space is called a Trusted Execution Environment (TEE).

While TEE has become a buzzword in the cryptocurrency industry, its purpose and function are often misunderstood. With this article, we hope to change that. Here, we will explain everything you need to know about TEEs, including what they are, why they are important, how we use them every day, and how they can help build better Web3 applications.

TEEs Are Everywhere

First, let's understand the definition of TEE.

TEE is a dedicated secure area within the device's main processor that ensures the confidentiality of the data and code being processed. TEE provides an isolated execution environment independent of the main operating system and is critical for maintaining data security for applications that process sensitive information.

TEE provides two main guarantees.

1. Isolated execution: TEE runs code in an isolated environment. This means that even if the main operating system is compromised, the code and data in the TEE remain secure.

2. Memory encryption: Data processed within the TEE is encrypted. This ensures that even if an attacker accesses the physical memory, sensitive information stored in the TEE cannot be deciphered.

To understand the importance of TEE, the device you are probably reading this article on, the iPhone, is a good example. FaceID has become the primary way for iPhones to authenticate users to access the device. In a few hundred milliseconds, the following process takes place inside the device:

1. First, a dot projector projects a pattern of more than 30,000 invisible infrared (IR) dots onto the user's face. An IR camera captures this pattern and an IR image of the face. A flood illuminator improves visibility in low-light conditions.

2. Second, a processor takes this raw data and creates a mathematical model of the face, including depth data, outlines, and unique features.

3. Finally, the mathematical model is compared with the model stored when FaceID was initially set up. If the model is accurate enough, a "success" signal is sent to the iOS system and the device is unlocked. If the comparison fails, the device will remain locked.

30,000 infrared dots projected on the face when unlocking the phone; Source: YouTube

FaceID is not only used to unlock the device, but also to authenticate other operations, such as logging into apps and making payments. Therefore, any security loopholes will have serious consequences. If the model creation and comparison process is compromised, non-device owners can unlock the device, access the owner's personal data and conduct fraudulent financial transactions. If an attacker manages to extract the stored mathematical model of the user's face, it will lead to the theft of biometric data and a serious violation of privacy.

Of course, Apple was very particular about the method when implementing FaceID. All processing and storage happens through The Secure Enclave, an independent processor built into the iPhone and other Apple devices that functions isolated from other memory and processes. It’s designed so that even if the rest of the device is compromised, an attacker can’t access it. In addition to biometrics, it can store and protect a user’s payment information, passwords, keychains, and health data.

Apple’s The Secure Enclave is just one example of a TEE. Since most computers handle sensitive data and computations, nearly all processor manufacturers now offer some form of TEE. Intel offers Software Guard Extensions (SGX), AMD has the AMD Secure Processor, ARM has TrustZone, Qualcomm offers Secure Foundation, and Nvidia’s latest GPUs come with confidential computing capabilities.

TEEs also come in software variants. For example, AWS Nitro Enclaves allows users to create isolated computing environments to protect and process highly sensitive data within Amazon's regular EC2 instances. Similarly, Google Cloud and Microsoft Azure offer confidential computing.

Apple also recently announced Private Cloud Compute, a cloud intelligence system designed to privately process AI requests that devices cannot service locally. Similarly, OpenAI is also developing secure infrastructure for AI cloud computing.

TEEs are exciting in part because they are ubiquitous in personal computers and cloud service providers. It enables developers to create applications that benefit from users' sensitive data without worrying about data leaks and security vulnerabilities. It can also directly improve the user experience through innovative technologies such as biometric authentication and passwords.

So, what does all this have to do with cryptocurrency?

Remote Attestation

TEEs enable computations that cannot be tampered with by outsiders, and blockchain technology can provide similar computational guarantees. Smart contracts are essentially computer code that, once deployed, executes automatically and cannot be changed by outside participants.

However, there are some limitations to running computations on blockchains:

1. Compared to ordinary computers, blockchains have limited processing power. For example, a block on Ethereum is generated every 12 seconds and can only hold up to 2 MB of data. This is less than the capacity of a floppy disk, which is an outdated technology. While blockchains are getting faster and more powerful, they still cannot perform complex algorithms, such as the one behind FaceID.

2. Blockchains lack native privacy. All ledger data is visible to everyone, making it unsuitable for applications that rely on private information such as personal identity, bank balances, credit scores, and medical history.

TEEs do not have these limitations. While TEEs are slower than regular processors, they are still orders of magnitude faster than blockchains. In addition, TEEs are inherently privacy-preserving, encrypting all processed data by default.

Of course, on-chain applications that require privacy and greater computing power can benefit from the complementary capabilities of TEEs. However, blockchains are highly trusted computing environments, and every data point on the ledger should be traceable to its source and replicated across numerous independent computers. In contrast, TEE processes occur in local physical or cloud environments.

So, we need a way to combine the two technologies, and this requires remote verification. So, what is remote proof? Let's take a detour to the Middle Ages to understand the background first.

Before the invention of technologies like the telephone, telegraph and internet, handwritten letters delivered by human couriers were the only way to send information over long distances. But how could the recipient be sure that the message really came from the intended sender and had not been tampered with? For hundreds of years, wax seals have been the solution to this problem.

The envelope containing the letter would be stamped with a unique and intricate pattern using hot wax, often a coat of arms or emblem of a king, noble or religious figure. As each pattern was unique to the sender and almost impossible to replicate without the original seal, the recipient could be confident of the letter's authenticity. Furthermore, as long as the seal was intact, the recipient could also be confident that the message had not been tampered with.

Great Seal of the Realm: A seal used to symbolize the monarch's approval of state documents

Remote attestation is the equivalent of a modern seal, a cryptographic certificate generated by the TEE that allows the holder to verify the integrity and authenticity of the code running in it and confirm that the TEE has not been tampered with. Here's how it works:

1. The TEE generates a report with information about its state and the code running inside.

2. The report is cryptographically signed using a key that only the real TEE hardware can use.

3. The signed report is sent to the remote verifier.

4. The verifier checks the signature to ensure that the report comes from the real TEE hardware. It then checks the report content to confirm that the expected code is running and has not been modified.

5. If the verification is successful, the remote party can trust the TEE and the code running inside it.

To combine blockchain with TEE, these reports can be published on the chain and verified by a designated smart contract.

So, how does TEE help us build better cryptocurrency applications?

Actual use cases of TEE in blockchain

As the "leader" in Ethereum MEV infrastructure, Flashbot's solution MEV-boost separates block proposers from block builders and introduces a trusted entity intermediary called "relay" between the two. The relayer verifies the validity of the block, conducts auctions to select the winning block, and prevents validators from taking advantage of MEV opportunities discovered by builders.

MEV-Boost Architecture

However, problems still arise if relayers are centralized, such as three relayers processing more than 80% of the blocks. As outlined in this blog post, this centralization carries the risk of relayers censoring transactions, colluding with builders to give certain transactions priority over others, and the risk that relayers themselves could steal MEV.

So why don’t smart contracts implement relay functionality directly? First, relay software is too complex to run directly on-chain. In addition, relayers are used to keep inputs (blocks created by builders) private so that MEV cannot be stolen.

TEE can solve this problem very well. By running the relay software in TEE, the relayer can not only keep the input block private, but also prove that the winning block was fairly selected without collusion. Currently, SUAVE (under testing) being developed by Flashbots is a TEE-driven infrastructure.

Recently, this magazine and CMT Digital discussed how solver networks and intents can help chains abstract and solve user experience problems in cryptocurrency applications. We both mentioned such a solution, the order flow auction, which is a general version of the auction conducted in MEV boost, and TEE can improve the fairness and efficiency of these order flow auctions.

In addition, TEE is also very helpful for DePIN applications. DePIN is a network of devices that contribute resources (such as bandwidth, computing, energy, mobile data, or GPU) in exchange for token rewards, so the supply side has every incentive to cheat the system by changing the DePIN software, for example, showing repeated contributions from the same device to earn more rewards.

However, as we have seen, most modern devices have some form of built-in TEE. DePIN projects can require the generation of proof of the device's unique identifier created through the TEE, ensuring that the device is authentic and running the expected security software, and then remotely verify that the contribution is legitimate and secure. Bagel is a data DePIN project that is exploring the use of TEE.

In addition, TEE also plays an important role in the Passkey technology that Joel recently discussed. Passkey is an authentication mechanism that stores private keys in the TEE of a local device or cloud solution. Users do not need to manage mnemonics, support cross-platform wallets, allow social and biometric authentication, and simplify the key recovery process.

Clave and Capsule use the technology for embedded consumer wallets, while hardware wallet company Ledger uses TEEs to generate and store private keys. Lit Protocol, in which CMT Digital has invested, provides decentralized signing, encryption, and computing infrastructure for developers of applications, wallets, protocols, and AI agents. The protocol uses TEEs as part of its key management and computing network.

TEEs also have other variations. As generative AI advances, it is becoming increasingly difficult to distinguish between AI-generated images and real images. To this end, large camera manufacturers such as Sony, Nikon, and Canon are integrating technology that assigns digital signatures to captured images in real time. They also provide infrastructure for third parties to check the provenance of images by verifying proofs. While this infrastructure is currently centralized, we hope that these proofs can be verified on-chain in the future.

Last week, I wrote about how zkTLS can bring Web2 information to Web3 in a verifiable way. We discussed two approaches to using zkTLS, including multi-party computation (MPC) and proxies. TEEs offer a third approach, where server connections are handled in a secure enclave on the device and proofs of computation are published on-chain. Clique is a project that is implementing TEE-based zkTLS.

In addition, Ethereum L2 solutions Scroll and Taiko are experimenting with multi-proof approaches that aim to integrate TEEs with ZK proofs. TEEs can generate proofs faster and more cost-effectively without increasing finality time. They complement ZK proofs by increasing the diversity of proof mechanisms and reducing errors and vulnerabilities.

On the infrastructure level, there are also projects that support the use of TEE remote proofs for more and more applications. Automata is launching a modular verification chain as Eigenlayer AVS, acting as a registry for remote verification, making it publicly verifiable and easily accessible. Automata is compatible with various EVM chains, enabling composable TEE proofs across the EVM ecosystem.

Separately, Flashbots is developing a TEE coprocessor, Sirrah, for establishing a secure channel between TEE nodes and blockchains. Flashbots also provides code for developers to create Solidity applications that can easily verify TEE proofs. They are using the Automata verification chain mentioned above.

"The rose has thorns"

While TEEs are versatile and have been applied to various areas of cryptocurrency, adopting the technology is not without challenges. Hopefully, builders adopting TEEs will keep some of these points in mind.

First, the main consideration is that TEEs require a trusted setup. This means that developers and users must trust that the device manufacturer or cloud provider will uphold security assurances and will not have (or provide external actors such as governments) a backdoor into the system.

Another potential issue is side-channel attacks (SCA). Imagine a multiple-choice test in a classroom. Although you can't see anyone's test paper, you can definitely observe how long your classmates spend choosing different answers.

Side-channel attacks work in a similar way. Attackers use indirect information, such as power consumption or timing variations, to infer sensitive data processed within the TEE. To mitigate these vulnerabilities, cryptographic operations and constant-time algorithms need to be carefully implemented to minimize observable changes in the execution of TEE code.

TEEs such as Intel SGX have been shown to have vulnerabilities. The 2020 SGAxe attack exploited a vulnerability in Intel SGX to extract cryptographic keys from secure enclaves, potentially leaking sensitive data in cloud environments. In 2021, researchers demonstrated the "SmashEx" attack, which can cause an SGX enclave to crash and potentially leak confidential information. The "Prime+Probe" technique is also a side-channel attack that can extract cryptographic keys from SGX peripherals by observing cache access patterns. All of these examples highlight the "cat and mouse game" between security researchers and potential attackers.

One ​​reason most of the world’s servers use Linux is because of its strong security. This is due to its open source nature and the thousands of programmers who continuously test the software and address vulnerabilities as they arise. The same approach applies to hardware. OpenTitan is an open source project that aims to make the silicon root of trust (RoT, another term for TEE) more transparent, trusted, and secure.

Future Outlook

In addition to TEEs, there are several other privacy-preserving technologies available to builders, such as zero-knowledge proofs, multi-party computation, and fully homomorphic encryption. A comprehensive comparison of these technologies is beyond the scope of this article, but TEEs have two advantages that stand out.

The first is its ubiquity. While the infrastructure for other technologies is still in its infancy, TEEs have become mainstream and integrated into most modern computers, reducing the technical risk for founders who want to take advantage of privacy technologies. Second, TEEs have much lower processing overhead than other technologies. While this feature involves security tradeoffs, it is a practical solution for many use cases.

Finally, if you are considering whether TEE is right for your product, ask yourself the following questions:

1. Does the product require complex off-chain computations to be proven on-chain?

2. Do application inputs or key data points need to be private?

If the answer is yes to both, then TEE is worth a try.

However, given the fact that TEEs are still vulnerable to attacks, please remain vigilant. If the security value of your application is lower than the cost of an attack (which can be as high as millions of dollars), you can consider using TEE alone. However, if you are building "security-first" applications such as wallets and Rollups, you should consider using a decentralized TEE network such as Lit Protocol, or combining TEE with other technologies such as ZK proofs.

Unlike builders, investors may be more concerned about the value of TEEs and whether billion-dollar companies will emerge from this technology.

In the short term, as many teams continue to experiment with TEEs, we believe that value will be generated at the infrastructure level, including TEE-specific Rollups such as Automata and Sirrah, and protocols that provide key building blocks for other applications using TEEs (such as Lit). As more TEE coprocessors are launched, the cost of off-chain privacy computing will decrease.

In the long run, we expect the value of applications and products that leverage TEEs to exceed the infrastructure layer. However, it is important to note that users are adopting these applications not because they use TEE, but because they are excellent products that solve real problems. We have seen this trend in wallets such as Capsule, which has a greatly improved user experience compared to browser wallets. Many DePIN projects may only use TEE for authentication rather than as part of their core product, but they will also accumulate huge value.

With every passing week, our confidence in the assertion that "we are in the transition from fat protocol theory to fat application theory" increases. We hope that technologies such as TEE can also follow this trend. The timeline on X will not tell you this, but as technologies such as TEE mature, the cryptocurrency field will usher in unprecedented exciting times.