Amid rising curiosity in sensible methods to scale and safeguard blockchains, {hardware}‑primarily based approaches are coming into focus. The position of Trusted Execution Environments (TEEs) in blockchain programs has step by step expanded from privacy-preserving tasks to purposes that enhance scalability and allow safe offchain computation. At present, over 50 groups are engaged on TEE-based blockchain tasks. On this article, Cointelegraph Analysis explores the technical foundations of TEEs in blockchain programs and examines key use instances of this know-how.
Mechanics of TEEs in blockchains
Most blockchain know-how depends on cryptography and distributed computing to take care of safety. TEEs add a unique method, particularly, hardware-level belief.
A Trusted Execution Surroundings is an remoted space inside a tool processor that’s designed to maintain knowledge and code tamper-proof and confidential throughout execution. The ensuing safe enclave is inaccessible to the remainder of the working system and may show to 3rd events by means of distant attestation what directions it’s executing.
To do that, the CPU measures the Trusted Computing Base, which incorporates the boot firmware, working system kernel and utility binaries and saves it into safe {hardware} registers. It then indicators this measurement utilizing a non-public attestation key embedded within the CPU. This produces a cryptographic attestation report {that a} distant verifier can test to verify the enclave’s authenticity and integrity.
Leveraging this hardware-level belief for confidential sensible contract execution requires that blockchain nodes use chips with a TEE. This requirement usually applies to nodes which can be accountable for transaction in addition to block validation and offchain computation. In a layer-1 setup, consensus nodes proceed to duplicate an encrypted model of every contract’s state as a part of the worldwide ledger.
Every of the nodes accommodates a TEE that replicates the decryption, plaintext execution and reencryption of each transaction. This {hardware} dependence introduces a trade-off between enhanced privateness and a smaller validator set. Fewer folks can run nodes if particular {hardware} is required. Nonetheless, the extra belief this requires is partially traded off by the distant attestation TEEs can present.
An alternate design is a layer-2 scheme whereby TEE computations aren’t secured by distributed consensus, however by a dispute decision mechanism, as seen in rollups. This method makes use of an identical encryption pipeline to an L1 setup however may help enhance scalability. Nonetheless, most layer-2 programs lose contract interoperability since they’re executed on separate machines, which implies contracts can’t name one another.
TEEs use customary uneven cryptography to obfuscate perform calls and sensible contract code. Operate calls are encrypted with the TEE’s public key earlier than being submitted to the blockchain, decrypted within the enclave and executed.
Secret Community, constructed with the Cosmos SDK and Intel SGX, was the primary blockchain to have personal sensible contracts facilitated by TEEs. Secret Contracts permit builders to construct confidential DeFi apps, which cover contract logic, inputs, outcomes and state, however not the addresses. It additionally allows the creation of Secret Tokens, whose balances and transaction historical past stay confidential and are seen solely to their house owners or explicitly authorised sensible contracts.
Vulnerabilities of trusted execution environments
Personal sensible contract execution is determined by the trustworthiness of the TEE {hardware} producer. Whereas it’s uncertain {that a} company similar to Intel would jeopardize its status with a focused assault on blockchain programs, Intel’s Administration Engine (IME), an autonomous system embedded in most Intel CPUs since 2008, has contained a number of critical vulnerabilities over time.
TEE distributors might fall below authorities affect to introduce backdoors, adjust to surveillance mandates or present entry to encrypted knowledge below nationwide safety legal guidelines. Unintentional vulnerabilities may additionally undermine the safety of a TEE. For instance, the Plundervolt assault exploited Intel’s dynamic voltage interface to induce computation faults inside SGX enclaves, which enabled attackers to bypass integrity checks and extract keys and secrets and techniques from encrypted reminiscence.
Personal sensible contract execution with TEEs
To allow privacy-preserving DApps, sensible contracts should execute in a manner that retains each logic and knowledge confidential. To learn and run confidential sensible contract code, TEEs can entry the keys required to decrypt contract knowledge.
If these keys are ever compromised, an attacker may decrypt beforehand saved contract knowledge. To keep away from this, Trusted Execution Environments use distributed key administration that splits key management throughout a number of trusted nodes and regularly rotates short-term keys to restrict the influence of a breach.
Ekiden was the primary to design such a system, and it served as a foundation for related fashions on different blockchains. Probably the most delicate keys are managed by the KMC (key-management committee, which is a gaggle of essentially the most trusted nodes) with threshold cryptography. The committee’s shares are proactively reshared to rotate who holds which share. In the meantime, particular person employee nodes maintain limited-access short-lived keys tied to particular duties.
These keys are issued by the KMC for every contract and expire on the finish of each epoch. To acquire a key, a employee node should first show its legitimacy to the KMC by means of safe channels. Every KMC member then generates a key share utilizing a pseudo-random perform and transmits it to the node, which reconstructs the complete key as soon as it has collected a adequate variety of shares.
If a KMC node is compromised, its entry will be revoked by means of governance, and it is going to be excluded from future epochs. This reduces the potential influence of a breach, although not eliminating it completely. When a confidential contract is deployed, its enclave generates a contemporary public key and publishes it on the blockchain together with the contract code and encrypted preliminary state.
Customers who later name the contract retrieve this key to encrypt their inputs earlier than sending them to the compute node. To ensure authenticity, the node additionally offers a signing key sure to the enclave by way of attestation when it begins up.
Different use instances of TEEs in blockchains
Past personal sensible contract execution, TEEs can considerably enhance blockchain scalability and effectivity. TEE-enabled nodes can securely execute computationally intensive duties offchain and submit the outcomes onchain. Thus, purposes can offload computational overhead from the blockchain layer to the trusted offchain setting. This may help scale back fuel prices and enhance the general throughput of the chain.
IExec is likely one of the largest decentralized cloud computing platforms that makes use of Trusted Execution Environments for offchain computations. It makes use of Intel SGX-based enclaves to dump and isolate computation from the blockchain.
A requester, often a sensible contract or consumer, should purchase a confidential computation as a process onchain. The blockchain then notifies employee nodes to execute the duty inside a safe enclave. Earlier than execution proceeds, the enclave generates an attestation report containing cryptographic proof of the enclave’s code and configuration.
This report is distributed to a Secret Administration Service, which verifies the enclave’s integrity and authenticity. Provided that the enclave passes this verification does the precise computation start.
Trusted execution environments may also be used to supply an MEV-proof blockchain infrastructure. Unichain, an optimistic rollup on Ethereum developed by the Uniswap staff and launched in October 2024, leverages TEEs in its block-generation course of. Its block builder, developed in collaboration with Flashbots, makes use of TEEs to assemble blocks inside a protected enclave.
When routed to the TEE builder, transactions are filtered, priority-ordered and bundled into Flashblocks. This permits Unichain to attain 1-second block instances, with plans to introduce 250-millisecond sub-blocks and enhance transaction ordering. Block constructing inside TEEs helps to scale back MEV extraction as a result of mempool transactions stay encrypted. With these options, Unichain goals to construct a DeFi-designated blockchain.
Conclusion
Trusted execution environments on blockchains are gaining momentum as builders search extra environment friendly privateness options. TEEs have the potential to form the way forward for decentralized purposes with low-cost and high-latency safe computation. Regardless of their potential, TEEs aren’t but natively supported by most blockchains as a result of {hardware} necessities and belief assumptions.
Sooner or later, we count on use instances of TEEs to develop from privacy-preserving purposes and change into centered on scalability options for blockchains and offchain computation for decentralized purposes. This shift is pushed by the emergence of extra computationally demanding DApps, similar to decentralized AI purposes. TEEs might facilitate these use instances with low-cost, high-performance offchain computation.
This text doesn’t comprise funding recommendation or suggestions. Each funding and buying and selling transfer entails danger, and readers ought to conduct their very own analysis when making a call.
This text is for normal data functions and isn’t supposed to be and shouldn’t be taken as authorized or funding recommendation. The views, ideas, and opinions expressed listed below are the writer’s alone and don’t essentially replicate or symbolize the views and opinions of Cointelegraph.
Cointelegraph doesn’t endorse the content material of this text nor any product talked about herein. Readers ought to do their very own analysis earlier than taking any motion associated to any product or firm talked about and carry full accountability for his or her choices.
