Amid rising curiosity in sensible methods to scale and safeguard blockchains, {hardware}‑based mostly approaches are coming into focus. The position of Trusted Execution Environments (TEEs) in blockchain programs has regularly expanded from privacy-preserving tasks to functions that enhance scalability and allow safe offchain computation. At present, over 50 groups are engaged on TEE-based blockchain tasks. On this article, Cointelegraph Analysis explores the technical foundations of TEEs in blockchain programs and examines key use circumstances of this know-how.
Mechanics of TEEs in blockchains
Most blockchain know-how depends on cryptography and distributed computing to keep up safety. TEEs add a unique method, specifically, hardware-level belief.
A Trusted Execution Surroundings is an remoted space inside a tool processor that’s designed to maintain information and code tamper-proof and confidential throughout execution. The ensuing safe enclave is inaccessible to the remainder of the working system and may show to 3rd events via distant attestation what directions it’s executing.
To do that, the CPU measures the Trusted Computing Base, which incorporates the boot firmware, working system kernel and utility binaries and saves it into safe {hardware} registers. It then indicators this measurement utilizing a non-public attestation key embedded within the CPU. This produces a cryptographic attestation report {that a} distant verifier can test to verify the enclave’s authenticity and integrity.
Leveraging this hardware-level belief for confidential sensible contract execution requires that blockchain nodes use chips with a TEE. This requirement usually applies to nodes which might be liable for transaction in addition to block validation and offchain computation. In a layer-1 setup, consensus nodes proceed to duplicate an encrypted model of every contract’s state as a part of the worldwide ledger.
Every of the nodes incorporates a TEE that replicates the decryption, plaintext execution and reencryption of each transaction. This {hardware} dependence introduces a trade-off between enhanced privateness and a smaller validator set. Fewer individuals can run nodes if particular {hardware} is required. Nevertheless, the extra belief this requires is partially traded off by the distant attestation TEEs can present.
An alternate design is a layer-2 scheme whereby TEE computations will not be secured by distributed consensus, however by a dispute decision mechanism, as seen in rollups. This method makes use of an identical encryption pipeline to an L1 setup however may help enhance scalability. Nevertheless, most layer-2 programs lose contract interoperability since they’re executed on separate machines, which suggests contracts can not name one another.
TEEs use customary uneven cryptography to obfuscate perform calls and sensible contract code. Operate calls are encrypted with the TEE’s public key earlier than being submitted to the blockchain, decrypted within the enclave and executed.
Secret Community, constructed with the Cosmos SDK and Intel SGX, was the primary blockchain to have personal sensible contracts facilitated by TEEs. Secret Contracts permit builders to construct confidential DeFi apps, which disguise contract logic, inputs, outcomes and state, however not the addresses. It additionally permits the creation of Secret Tokens, whose balances and transaction historical past stay confidential and are seen solely to their house owners or explicitly authorised sensible contracts.
Vulnerabilities of trusted execution environments
Non-public sensible contract execution is determined by the trustworthiness of the TEE {hardware} producer. Whereas it’s uncertain {that a} company comparable to Intel would jeopardize its fame with a focused assault on blockchain programs, Intel’s Administration Engine (IME), an autonomous system embedded in most Intel CPUs since 2008, has contained a number of severe vulnerabilities over time.
TEE distributors could fall underneath authorities affect to introduce backdoors, adjust to surveillance mandates or present entry to encrypted information underneath nationwide safety legal guidelines. Unintentional vulnerabilities may additionally undermine the safety of a TEE. For instance, the Plundervolt assault exploited Intel’s dynamic voltage interface to induce computation faults inside SGX enclaves, which enabled attackers to bypass integrity checks and extract keys and secrets and techniques from encrypted reminiscence.
Non-public sensible contract execution with TEEs
To allow privacy-preserving DApps, sensible contracts should execute in a approach that retains each logic and information confidential. To learn and run confidential sensible contract code, TEEs can entry the keys required to decrypt contract information.
If these keys are ever compromised, an attacker may decrypt beforehand saved contract information. To keep away from this, Trusted Execution Environments use distributed key administration that splits key management throughout a number of trusted nodes and often rotates short-term keys to restrict the impression of a breach.
Ekiden was the primary to design such a system, and it served as a foundation for related fashions on different blockchains. Essentially the most delicate keys are managed by the KMC (key-management committee, which is a gaggle of probably the most trusted nodes) with threshold cryptography. The committee’s shares are proactively reshared to rotate who holds which share. In the meantime, particular person employee nodes maintain limited-access short-lived keys tied to particular duties.
These keys are issued by the KMC for every contract and expire on the finish of each epoch. To acquire a key, a employee node should first show its legitimacy to the KMC via safe channels. Every KMC member then generates a key share utilizing a pseudo-random perform and transmits it to the node, which reconstructs the total key as soon as it has collected a adequate variety of shares.
If a KMC node is compromised, its entry may be revoked via governance, and will probably be excluded from future epochs. This reduces the potential impression of a breach, although not eliminating it fully. When a confidential contract is deployed, its enclave generates a recent public key and publishes it on the blockchain together with the contract code and encrypted preliminary state.
Customers who later name the contract retrieve this key to encrypt their inputs earlier than sending them to the compute node. To ensure authenticity, the node additionally supplies a signing key sure to the enclave through attestation when it begins up.
Different use circumstances of TEEs in blockchains
Past personal sensible contract execution, TEEs can considerably enhance blockchain scalability and effectivity. TEE-enabled nodes can securely execute computationally intensive duties offchain and submit the outcomes onchain. Thus, functions can offload computational overhead from the blockchain layer to the trusted offchain atmosphere. This may help cut back fuel prices and enhance the general throughput of the chain.
IExec is likely one of the largest decentralized cloud computing platforms that makes use of Trusted Execution Environments for offchain computations. It makes use of Intel SGX-based enclaves to dump and isolate computation from the blockchain.
A requester, often a wise contract or consumer, can buy a confidential computation as a activity onchain. The blockchain then notifies employee nodes to execute the duty inside a safe enclave. Earlier than execution proceeds, the enclave generates an attestation report containing cryptographic proof of the enclave’s code and configuration.
This report is distributed to a Secret Administration Service, which verifies the enclave’s integrity and authenticity. Provided that the enclave passes this verification does the precise computation start.
Trusted execution environments can be used to supply an MEV-proof blockchain infrastructure. Unichain, an optimistic rollup on Ethereum developed by the Uniswap workforce and launched in October 2024, leverages TEEs in its block-generation course of. Its block builder, developed in collaboration with Flashbots, makes use of TEEs to assemble blocks inside a protected enclave.
When routed to the TEE builder, transactions are filtered, priority-ordered and bundled into Flashblocks. This permits Unichain to attain 1-second block occasions, with plans to introduce 250-millisecond sub-blocks and enhance transaction ordering. Block constructing inside TEEs helps to scale back MEV extraction as a result of mempool transactions stay encrypted. With these options, Unichain goals to construct a DeFi-designated blockchain.
Conclusion
Trusted execution environments on blockchains are gaining momentum as builders search extra environment friendly privateness options. TEEs have the potential to form the way forward for decentralized functions with low-cost and high-latency safe computation. Regardless of their potential, TEEs will not be but natively supported by most blockchains resulting from {hardware} necessities and belief assumptions.
Sooner or later, we count on use circumstances of TEEs to increase from privacy-preserving functions and change into targeted on scalability options for blockchains and offchain computation for decentralized functions. This shift is pushed by the emergence of extra computationally demanding DApps, comparable to decentralized AI functions. TEEs could facilitate these use circumstances with low-cost, high-performance offchain computation.
This text doesn’t comprise funding recommendation or suggestions. Each funding and buying and selling transfer includes threat, and readers ought to conduct their very own analysis when making a choice.
This text is for basic data functions and isn’t meant to be and shouldn’t be taken as authorized or funding recommendation. The views, ideas, and opinions expressed listed here are the creator’s alone and don’t essentially replicate or signify the views and opinions of Cointelegraph.
Cointelegraph doesn’t endorse the content material of this text nor any product talked about herein. Readers ought to do their very own analysis earlier than taking any motion associated to any product or firm talked about and carry full duty for his or her selections.