Author: Oliver Jaros, CMT Digital analyst, Shlok Khemani, decentralised.co

Translation: Yangz, Techub News

Uber's San Francisco headquarters, like most tech companies, has an open floor plan where employees can freely move around and share their ideas. However, in the center of the main floor, there is a room that few employees venture into. With its metal and glass exterior walls, a switch that can make transparent glass opaque, and frequent security personnel, this room appears very mysterious.

This is Uber's "war room," a space that operates around the clock and is mainly used for top executives to brainstorm and solve the company's biggest problems. To maintain secrecy, this room is strictly operated on a "need to know" basis. Such security measures are extremely necessary, as Uber needs to engage in fierce competition with competitors globally to maintain its dominant position in the ride-hailing market, and its rivals will not miss any opportunity to leak its strategies. Everything that happens in the war room stays in that room.

Interior of Uber's war room; Source: Andrew Chen, a16z

This practice of setting up private spaces within originally accessible areas is quite common. When Apple is working on secret projects, it places designated teams in separate buildings away from its headquarters. The Capitol and other U.S. government buildings have Sensitive Compartmented Information Facilities (SCIFs) that provide soundproofing and electromagnetic shielding for sensitive discussions. Even our own homes or hotel rooms have safes.

Secure Enclaves have extended beyond the physical world. Today, we primarily store data and process information through computers. As our reliance on silicon-based machines continues to grow, so does the risk of attacks and leaks. Just like Uber's war room, computers need a separate space to store the most sensitive data and perform critical computations. This space is called a Trusted Execution Environment (TEE).

While TEE has become a popular term in the cryptocurrency industry, its purpose and function are often misunderstood. We hope to change this situation with this article. Here, we will explain everything you need to know about TEE, including what they are, why they are important, how we use them every day, and how they help build better Web3 applications.

TEE is Everywhere

First, let's understand the definition of TEE.

TEE is a dedicated secure area within the main processor of a device that ensures the confidentiality of the data and code being processed. TEE provides an isolated execution environment independent of the main operating system, which is crucial for maintaining the security of applications handling sensitive information.

TEE primarily provides two guarantees.

1. Isolated Execution: TEE runs code in an isolated environment. This means that even if the main operating system is compromised, the code and data in TEE remain secure.

2. Memory Encryption: Data processed within TEE is encrypted. This ensures that even if an attacker accesses physical memory, they cannot decipher the sensitive information stored in TEE.

To understand the importance of TEE, the device you may be using to read this article, the iPhone, is a great example. FaceID has become the primary way for iPhone users to authenticate access to their devices. In a matter of milliseconds, the following process takes place inside the device:

1. Firstly, a dot projector projects over 30,000 invisible infrared dots onto the user's face. An infrared camera captures this pattern and the infrared image of the face. In low light conditions, a flood illuminator enhances visibility.

2. Next, the processor receives this raw data and creates a mathematical model of the face, including depth data, contours, and unique features.

3. Finally, the mathematical model is compared to the stored model from the initial FaceID setup. If the model is accurate enough, a "success" signal is sent to the iOS system, and the device unlocks. If the comparison fails, the device remains locked.

30,000 infrared dots projected onto the face when unlocking the phone; Source: YouTube

FaceID is not only used to unlock the device but also to authenticate other operations, such as logging into apps and making payments. Therefore, any security vulnerability would have serious consequences. If the model creation and comparison process were compromised, non-owners of the device could unlock it, access the owner's personal data, and conduct fraudulent financial transactions. If attackers managed to extract the stored user facial mathematical model, it would result in the theft of biometric data and a serious invasion of privacy.

Of course, Apple has taken great care in implementing FaceID. All processing and storage are done through The Secure Enclave, which is a dedicated processor built into iPhones and other Apple devices, functioning independently of other memory and processes. Its design purpose is to prevent access by attackers even if other parts of the device are compromised. In addition to biometric technology, it can also store and protect user payment information, passwords, keychains, and health data.

Apple's The Secure Enclave is just one example of TEE. Since most computers handle sensitive data and computations, almost all processor manufacturers now provide some form of TEE. Intel offers Software Guard Extensions (SGX), AMD has AMD Secure Processor, ARM has TrustZone, Qualcomm provides Secure Foundation, and Nvidia's latest GPUs come with confidential computing capabilities.

TEE also has software variants. For example, AWS Nitro Enclaves allows users to create isolated computing environments to protect and process highly sensitive data within Amazon's regular EC2 instances. Similarly, Google Cloud and Microsoft Azure also provide confidential computing.

Apple recently announced the launch of Private Cloud Compute, a cloud intelligence system designed to privately handle AI requests that devices cannot serve locally. Similarly, OpenAI is also developing secure infrastructure for AI cloud computing.

One reason TEE is exciting is that they are ubiquitous in personal computers and cloud service providers. They enable developers to create applications that benefit from user-sensitive data without worrying about data leaks and security vulnerabilities. They can also directly improve user experience through innovative technologies such as biometric authentication and passwords.

So, what does this have to do with cryptocurrency?

Remote Attestation

TEE provides the potential for tamper-proof computation, and blockchain technology can also provide similar computational guarantees. Smart contracts are essentially computer code that, once deployed, automatically executes and cannot be altered by external participants.

However, there are some limitations to running computations on the blockchain:

1. Compared to regular computers, the processing power of the blockchain is limited. For example, a block on Ethereum is generated every 12 seconds and can only hold a maximum of 2 MB of data. This is smaller than the capacity of a floppy disk, which is already an outdated technology. Although blockchain speeds are increasing and their capabilities are becoming more powerful, they still cannot execute complex algorithms like those behind FaceID.

2. The blockchain lacks native privacy. All ledger data is visible to everyone, making it unsuitable for applications that rely on private information such as personal identities, bank balances, credit scores, and medical histories.

TEE does not have these limitations. While TEEs are slower than regular processors, they are still orders of magnitude faster than the blockchain. Additionally, TEEs have built-in privacy protection and encrypt all processed data by default.

Of course, blockchain applications that require privacy and stronger computational capabilities can benefit from the complementary features of TEE. However, the blockchain is a highly trusted computing environment, and every data point on the ledger should be traceable to its source and replicated on numerous independent computers. In contrast, TEE processes occur in a local physical or cloud environment.

Therefore, we need a way to combine these two technologies, which requires the use of remote attestation. So, what is remote attestation? Let's take a detour back to the Middle Ages and understand the background first.

Before the invention of technologies such as telephones, telegrams, and the internet, the only way to send information over long distances was through handwritten letters carried by human messengers. However, how could the recipient ensure that the information truly came from the intended sender and had not been tampered with? For hundreds of years, sealing wax has been the solution to this problem.

The envelope containing the letter would be sealed with a unique and intricate pattern of hot wax, often bearing the coat of arms or symbol of a king, noble, or religious figure. Because each pattern was unique to the sender and nearly impossible to replicate without the original seal, the recipient could be sure of the authenticity of the letter. Additionally, as long as the seal remained intact, the recipient could be confident that the information had not been tampered with.

Great Seal of the Realm: Used to symbolize the monarch's approval of state documents

Remote attestation is the modern equivalent of the seal, generating an encrypted proof by TEE that allows the holder to verify the integrity and authenticity of the code running within it and confirm that the TEE has not been tampered with. Here's how it works:

1. The TEE generates a report containing information about its state and the internal running code.
2. The report is encrypted and signed using a key that only genuine TEE hardware can use.
3. The signed report is sent to a remote verifier.
4. The verifier checks the signature to ensure the report comes from genuine TEE hardware. Then, it checks the report content to confirm that the expected code is running and has not been modified.
5. If the verification is successful, the remote party can trust the TEE and the code running within it.

To combine the blockchain with TEE, these reports can be published on the chain and verified by designated smart contracts.

So, how does TEE help us build better cryptocurrency applications?

Practical Use Cases of TEE in Blockchain

As a "leader" in the Ethereum MEV infrastructure, Flashbot's solution MEV-boost separates block proposers from block builders and introduces a trusted intermediary entity called a "relayer" between the two. The relayer verifies the validity of the block, conducts auctions to select the winning block, and prevents validators from exploiting MEV opportunities discovered by the builder.

However, if the relayer is centralized, such as when three relayers handle over 80% of the blocks, problems can still arise. As outlined in this blog post, this centralization poses risks such as relayer censorship of transactions, collusion with builders to prioritize certain transactions over others, and the risk of relayers stealing MEV.

So, why don't smart contracts directly implement the relayer function? Firstly, relayer software is very complex and cannot run directly on the chain. Additionally, using relayers is to maintain the privacy of inputs (blocks created by the builder) to prevent MEV theft.

TEE is well-suited to solve this problem. By running relayer software within TEE, the relayer can not only maintain the privacy of input blocks but also prove that the winning block is fairly selected without collusion. Currently, Flashbots is developing SUAVE (in testing), which is TEE-driven infrastructure.

Recently, this publication and CMT Digital discussed how the Solver network and Intent can help abstract chains and solve user experience issues in cryptocurrency applications. We both mentioned a solution called order flow auctions, which is a general version of the auctions conducted in MEV boost, and TEE can improve the fairness and efficiency of these order flow auctions.

In addition, TEE also has significant benefits for DePIN applications. DePIN is a device network where contributors exchange resources (such as bandwidth, computing power, energy, mobile data, or GPU) for token rewards. Therefore, suppliers have a strong incentive to deceive the system by altering the DePIN software, for example, by displaying duplicate contributions from the same device to earn more rewards.

However, as we have seen, most modern devices have some form of built-in TEE. The DePIN project can require proof of a device's unique identifier generated through TEE, ensuring the device is genuine and running the expected secure software, thereby remotely verifying the legitimacy and security of contributions. Bagel is an example of a data DePIN project exploring the use of TEE.

Furthermore, TEE plays a crucial role in Joel's recent discussion of Passkey technology. Passkey is an authentication mechanism that stores private keys in local devices or cloud-based TEE solutions, eliminating the need for mnemonic management, supporting cross-platform wallets, allowing for social and biometric authentication, and simplifying key recovery processes.

Clave and Capsule apply this technology to embedded consumer wallets, while hardware wallet company Ledger uses TEE to generate and store private keys. Lit Protocol, an investment of CMT Digital, provides infrastructure for decentralized signing, encryption, and computation for application, wallet, protocol, and AI agent developers. The protocol utilizes TEE as part of its key management and computation network.

TEE also has other variants. As the development of generative AI progresses, distinguishing between AI-generated images and real images becomes increasingly difficult. To address this, major camera manufacturers such as Sony, Nikon, and Canon are integrating technology to assign digital signatures to captured images in real-time. They also provide infrastructure for third parties to verify the origin of images through verification proofs. While this infrastructure is currently centralized, it is hoped that these proofs will be validated on the chain in the future.

Last week, I wrote an article about how zkTLS can verifiably bring Web2 information into Web3. We discussed two methods using zkTLS, including multi-party computation (MPC) and proxies. TEE provides a third method, handling server connections in a secure enclave on devices and publishing computational proofs on the chain. Clique is a project implementing zkTLS based on TEE.

Furthermore, Ethereum L2 solutions Scroll and Taiko are exploring multi-proof approaches aimed at integrating TEE with ZK proofs. TEE can generate proofs faster, more economically, and without increasing finality time. They complement ZK proofs by increasing the diversity of proof mechanisms and reducing errors and vulnerabilities.

At the infrastructure level, there are projects supporting the use of TEE remote attestation for an increasing number of applications. Automata is launching a modular verification chain, serving as the Eigenlayer AVS, acting as a registration center for remote verification, making it publicly verifiable and easily accessible. Automata is compatible with various EVM chains, enabling composable TEE attestation throughout the EVM ecosystem.

Additionally, Flashbots is developing a TEE coprocessor called Sirrah to establish a secure channel between TEE nodes and the blockchain. Flashbots also provides developers with code to create Solidity applications that can easily verify TEE proofs. They are using the aforementioned Automata verification chain.

"Every rose has its thorn"

While TEE has widespread applications and has been applied in various areas of cryptocurrency, adopting this technology is not without its challenges. Builders hoping to adopt TEE should keep in mind some key points.

First and foremost, the most significant consideration is that TEE requires a trusted setup. This means that developers and users must trust device manufacturers or cloud providers to adhere to security guarantees and not have backdoor access to the system (or provide access to external actors such as governments).

Another potential issue is side-channel attacks (SCA). Imagine taking a multiple-choice test in a classroom. Even though you can't see anyone's answer sheet, you can certainly observe the varying lengths of time your classmates take to choose different answers.

Side-channel attacks operate on a similar principle. Attackers use indirect information such as power consumption or timing variations to infer sensitive data processed within TEE. To mitigate these vulnerabilities, encryption operations and constant-time algorithms should be carefully implemented to minimize observable changes during TEE code execution.

TEE such as Intel SGX has been found to have vulnerabilities. The 2020 SGAxe attack exploited vulnerabilities in Intel SGX to extract encryption keys from secure enclaves, potentially exposing sensitive data in cloud environments. In 2021, researchers demonstrated the "SmashEx" attack, which could cause SGX enclaves to crash and potentially leak confidential information. The "Prime+Probe" technique is also a form of side-channel attack that can extract encryption keys from SGX peripheral devices by observing cache access patterns. All these examples highlight the "cat and mouse game" between security researchers and potential attackers.

Most servers in the world use Linux for its powerful security. This is due to its open-source nature and the continuous testing and patching of vulnerabilities by thousands of programmers. The same approach applies to hardware as well. OpenTitan is an open-source project aimed at making the silicon root of trust (RoT, another term for TEE) more transparent, trustworthy, and secure.

Future Outlook

In addition to TEE, there are several other privacy-preserving technologies available for builders to use, such as zero-knowledge proofs, multi-party computation, and fully homomorphic encryption. A comprehensive comparison of these technologies is beyond the scope of this article, but TEE has two prominent advantages.

First is its ubiquity. The infrastructure of other technologies is still in its infancy, while TEE has become mainstream and integrated into most modern computers, reducing the technical risk for founders looking to leverage privacy technologies. Second, TEE has much lower processing overhead compared to other technologies. While this feature involves security trade-offs, it is a practical solution for many use cases.

Finally, if you are considering whether TEE is suitable for your product, ask yourself the following questions:

1. Does the product need to prove complex off-chain computations on-chain?
2. Do application inputs or primary data points need to be privatized?

If the answer to both questions is yes, then TEE is worth a try.

However, considering the fact that TEE is still susceptible to attacks, it is important to remain vigilant. If the security value of the application is lower than the cost of an attack (which could be in the millions of dollars), you may consider using TEE alone. However, if you are building a "security-first" application such as a wallet and Rollup, you should consider using decentralized TEE networks (such as Lit Protocol) or combining TEE with other technologies (such as ZK proofs).

Unlike builders, investors may be more concerned with the value proposition of TEE and whether there will be billion-dollar companies emerging from this technology.

In the short term, we believe that value will be generated at the infrastructure level as many teams continue to experiment with TEE, including TEE-specific Rollups (such as Automata and Sirrah) and protocols providing critical components for other TEE-based applications (such as Lit). With the introduction of more TEE coprocessors, the cost of off-chain privacy computation will decrease.

In the long term, we expect the value of applications and products utilizing TEE to surpass the infrastructure level. However, it is important to note that users adopt these applications not because they use TEE, but because they are excellent products solving real problems. We have already seen this trend in wallets like Capsule, where the user experience has been greatly improved compared to browser wallets. Many DePIN projects may only use TEE for identity verification rather than as a core part of their product, but they will also accumulate significant value.

Every week, our confidence in the assertion that "we are in a transition from fat protocols to fat applications" grows stronger. We hope that technologies like TEE will also align with this trend. The timeline on X won't tell you this, but with the maturation of technologies like TEE, the cryptocurrency space will experience unprecedented and exciting moments.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。