Authored by: Oliver Jaros, CMT Digital analyst, Shlok Khemani, decentralised.co

Compiled by Yangz, Techub News

Uber's San Francisco headquarters, like most tech companies, has an open floor plan where employees can freely move around and share their ideas. However, at the center of the main floor, there is a room that few employees venture into. The metal and glass exterior walls, a switch that can make transparent glass opaque, and frequent security personnel make this room appear very mysterious.

This is Uber's "War Room", an around-the-clock space mainly for executives to brainstorm and solve the company's biggest problems. In order to maintain confidentiality, this room is strictly open according to the "need to know" principle. Such security measures are extremely necessary, as Uber needs to engage in fierce competition with competitors around the world to dominate the ride-hailing market, and its opponents will not miss any opportunity to leak its strategy. Everything that happens in the war room will stay in this room.

*Uber's war room interior; Source: Andrew Chen, a16z

This practice of setting up private compartments within the original space is very common. When Apple is conducting secret projects, it will place designated teams in other buildings separate from the headquarters. The Capitol and other US government buildings have Sensitive Compartmented Information Facilities (SCIF) that provide soundproofing and electromagnetic shielding for sensitive discussions. Our own homes or hotel rooms we stay in also have safes.

Secure Enclaves have extended beyond the physical world. Today, we primarily store data and process information through computers. As our reliance on silicon-based machinery continues to rise, the risk of attacks and leaks is also increasing. Similar to Uber's war room, computers need a separate space to store the most sensitive data and perform critical computations. This space is called a Trusted Execution Environment (TEE).

Although TEE has become a popular term in the cryptocurrency industry, its purpose and functionality are often misunderstood. We hope to change this situation through this article. Here, we will explain everything you need to know about TEE, including what they are, why they are important, how we use them every day, and how they help build better Web3 applications.

TEE is everywhere.

First, let's understand the definition of TEE.

TEE is a dedicated secure area within the device's main processor, which ensures the confidentiality of the data and code being processed. TEE provides an isolated execution environment independent of the main operating system, which is crucial for maintaining the data security of applications handling sensitive information.

TEE provides two main guarantees.

1. Isolation execution: TEE runs code in an isolated environment. This means that even if the main operating system is compromised, the code and data in TEE are still secure.
2. Memory encryption: All data processed in TEE is encrypted. This ensures that even if an attacker accesses physical memory, they cannot decipher the sensitive information stored in TEE.

To understand the importance of TEE, the device in your hands that you may be using to read this article, the iPhone, is a great example. FaceID has become the primary way for iPhone users to authenticate access to their devices. In a matter of milliseconds, the device goes through the following process:

1. First, the dot matrix projector will project over 30,000 invisible infrared (IR) dots onto the user's face. An infrared camera captures this pattern and the infrared image of the face. Under low light conditions, the flood illuminator improves visibility.
2. Secondly, the processor receives these raw data and creates a mathematical model of the face, including Depth data, contours, and unique features.
3. Finally, the mathematical model is compared with the model stored during FaceID initial setup. If the model is accurate enough, a 'success' signal will be sent to the iOS system, and the device will be unlocked. If the comparison fails, the device will remain locked.

When unlocking the phone, 30,000 infrared dots projected onto the face; Source: YouTube

FaceID is not only used to unlock the device, but also to verify other operations, such as logging in to applications and making payments. Therefore, any security vulnerability will have serious consequences. If the model creation and comparison process is compromised, non-device owners can unlock the device, access the owner's personal data, and conduct fraudulent financial transactions. If attackers manage to extract stored user facial mathematical models, it will result in biometric data theft and serious privacy infringement.

Of course, Apple is very particular about the implementation of FaceID. All processing and storage are done through The Secure Enclave, which is a dedicated processor built into the iPhone and other Apple devices, with functions isolated from other memory and processes. Its design purpose is to prevent access even if other parts of the device are attacked. In addition to biometric technology, it can also store and protect user payment information, passwords, keychains, and health data.

Apple's The Secure Enclave is just an example of TEE. Since most computers need to process sensitive data and calculations, almost all processor manufacturers now provide some form of TEE. Intel provides Software Guard Extensions (SGX), AMD has AMD Secure Processor, ARM has TrustZone, Qualcomm provides Secure Foundation, and Nvidia's latest GPU comes with secure computing capabilities.

There are software variants of TEE as well. For example, AWS Nitro Enclaves allows users to create isolated computing environments to protect and process highly sensitive data in Amazon's regular EC2 instances. Similarly, Google Cloud and Microsoft Azure also offer confidential computing.

Apple recently announced the launch of Private Cloud Compute, a cloud intelligent system designed to privately handle artificial intelligence requests that devices cannot serve locally. Similarly, OpenAI is also developing secure infrastructure for artificial intelligence cloud computing.

One of the reasons TEEs are exciting is that they are ubiquitous in personal computers and cloud service providers. It enables developers to create applications that benefit from user sensitive data without worrying about data leaks and security vulnerabilities. It can also directly improve user experience through innovative technologies such as biometric authentication and passwords.

So, what does this have to do with Crypto Assets?

Remote Attestation

TEE provides the possibility of tamper-resistant computing for external parties, and blockchain technology can also provide similar computing guarantees. Smart contracts are essentially computer code that, once deployed, will execute automatically and cannot be altered by external participants.

However, there are some limitations to running computations on the Blockon-chain: 01928374656574839201

1. Compared to ordinary computers, the processing power of the Block chain is limited. For example, a Block on the ETH network generates every 12 seconds and can only accommodate up to 2 MB of data. This is smaller than the capacity of a floppy disk, which is already an outdated technology. Although the speed and functionality of the Block chain are increasing, they still cannot perform complex algorithms, such as the algorithm behind FaceID.
2. The blockchain lacks native privacy. All ledger data is visible to everyone, so it is not suitable for applications that rely on personal identities, bank balances, credit scores, medical histories, and other private information.

TEE has no such restrictions. Although TEEs are slower than ordinary processors, they are still several orders of magnitude faster than the Block chain. In addition, TEEs themselves have privacy protection functions, and by default, they will encrypt all processed data.

Of course, on-chain applications that require privacy and stronger computing power can benefit from the complementary functions of TEE. However, blockchain is a highly trusted computing environment, and every data point on the ledger should be traced to its source and replicated on numerous independent computers. In contrast, TEE processes occur in local physical or cloud environments.

So, we need a way to combine these two technologies, which requires the use of remote attestation. So, what is remote attestation? Let's take a detour to the Middle Ages and first understand the background.

Before the invention of technologies such as telephone, telegraph, and the internet, the only way to send long-distance messages was through handwritten letters delivered by human messengers. However, how could the recipient ensure that the information truly came from the intended sender and had not been tampered with? For centuries, wax seals have been the solution to this problem.

Envelopes containing letters are sealed with intricate and complex designs using hot wax, typically featuring the coat of arms or insignia of kings, nobles, or religious figures. Because each design is unique to the sender and cannot be easily replicated without the original seal, the recipient can be assured of the authenticity of the letter. Additionally, as long as the seal remains intact, the recipient can also be confident that the information has not been tampered with.

The Great Seal of the Realm: used to symbolize the monarch's approval of state documents

Remote attestation is equivalent to a modern seal, that is, an encryption proof generated by TEE, allowing the holder to verify the integrity and authenticity of the code running inside, and confirm that the TEE has not been tampered with. Its working principle is as follows:

1. TEE generates a report containing information about its status and internal operating code.
2. The report uses Secret Key for encryption signature, which can only be used by genuine TEE hardware.
3. The signed report will be sent to the remote verifier.
4. The validator will check the signature to ensure that the report comes from a genuine TEE hardware. Then it will verify the report content to confirm that the expected code is running and has not been modified.
5. If the verification is successful, the remote party can trust the TEE and the code running inside it.

In order to combine blockchain with TEE, these reports can be published on-chain, and validated by designated smart contractsproof of validation.

So, how does TEE help us build better Cryptocurrency applications?

Practical Applications of TEE in the Block Chain

As the "leader" in the MEV infrastructure of the ETH network, Flashbot's MEV-boost solution separates Block proposers from Block builders and introduces a trusted entity called "intermediary" between them. The intermediary verifies the validity of the Block, conducts auctions to select the winning Block, and prevents validators from taking advantage of MEV opportunities discovered by the builder.

MEV-Boost Architecture

However, if the relayer is centralized, such as three relayers processing more than 80% of the Block, there will still be problems. As outlined in this blog post, this centralization carries the risk of relayer reviewing transactions, colluding with builders to prioritize certain transactions over others, and the risk of relayers themselves potentially stealing MEV.

So why don't Smart Contracts implement Relay functionality directly? First of all, the Relay software is very complex and cannot run directly on-chain. In addition, using a Relay is to maintain the privacy of the inputs (Blocks created by the builder) to prevent MEV theft.

TEE can solve this problem very well. By running Relay software in TEE, the relay can not only maintain the privacy of the input Block, but also prove that the winning Block is fairly selected without collusion. Currently, Flashbots is developing SUAVE (in testing) is a TEE-driven infrastructure.

Recently, we discussed with CMT Digital about how Solver network and Intent can help abstract the chain and solve the user experience problems of Cryptocurrency applications, and we both mentioned such a solution, that is, order flow auction, which is a general version of auction in MEV boost, and TEE can improve the fairness and efficiency of these order flow auctions.

In addition, TEE is also very helpful for the DePIN application. DePIN is a device network that rewards tokens in exchange for contributing resources such as bandwidth, computing power, energy, mobile data, or GPU. Therefore, the supplier has a strong motivation to deceive the system by changing the DePIN software, for example, by displaying duplicate contributions from the same device to earn more rewards.

However, as we can see, most modern devices have some form of built-in TEE. The DePIN project can require proof of a device's unique identifier generated through TEE, ensuring that the device is genuine and running the expected security software, thereby remotely verifying the legitimacy and security of contributions. Bagel is an ongoing exploration of using TEE in the data DePIN project.

In addition, TEE also played an important role in the Passkey technology discussed by Joel recently. Passkey is an authentication mechanism that stores the Private Key in local devices or cloud solutions TEE, users do not need to manage mnemonic words, and supports cross-platform Wallet, allowing social and biometric authentication, and simplifying the recovery process of Secret Key.

Clave and Capsule apply this technology to embedded consumer Wallet, while hardware Wallet company Ledger uses TEE to generate and store Private Key. Lit Protocol, invested by CMT Digital, provides the infrastructure for developers of applications, Wallet, protocol, and artificial intelligence agents to sign, encrypt, and compute Decentralization. The protocol uses TEE as part of its Secret Key management and network computation.

There are also other variations of TEE. With the development of generative AI, it has become increasingly difficult to distinguish between AI-generated images and real images. To address this, major camera manufacturers such as Sony, Nikon, and Canon are integrating technology for real-time allocation of Digital Signatures to captured images. They also provide infrastructure for third parties to verify the origin of the images through proof of validation. While this infrastructure is currently centralized, we hope that these proofs will be validated on-chain in the future.

Last week, I wrote an article about how zkTLS can bring Web2 information into Web3 in a verifiable way. We discussed two methods of using zkTLS, including multi-party computation (MPC) and proxy. TEE provides a third method, which is to handle server connections in a secure enclave of the device and publish computational proofs on-chain. Clique is a project that is implementing zkTLS based on TEE.

In addition, the ETH platform L2 solution Scroll and Taiko are trying multiple proof methods, aiming to integrate TEE with ZK proof. TEE can generate proofs faster and more cost-effectively without increasing the final time. They complement ZK proofs by increasing the diversity of proof mechanisms and reducing errors and vulnerabilities.

At the infrastructure level, there have also been projects that support the use of TEE remote attestation for more and more applications. Automata is launching a modular verification chain, serving as the Eigenlayer AVS, acting as a registration center for remote verification, making it publicly verifiable and easily accessible. Automata is compatible with various EVM chains and enables composability of TEE attestation throughout the EVM ecosystem.

In addition, Flashbots is developing a TEE coprocessor Sirrah to establish a secure channel between TEE Nodes and the blockchain. Flashbots also provide developers with code to create Solidity applications that can easily verify TEE proofs. They are using the Automata verification chain mentioned above.

"Roses have thorns"

Although TEE is widely used and has been applied in various fields of Crypto Assets, adopting this technology is not without challenges. It is hoped that the builders who adopt TEE can bear in mind some key points.

First and foremost, the most important consideration is that TEE requires a trusted setup. This means that developers and users must trust that the device manufacturer or cloud provider will adhere to security guarantees and not have (or provide to external actors such as governments) backdoors into the system.

Another potential issue is side-channel attacks (SCA). Imagine a multiple-choice test taking place in a classroom. Even though you can't see anyone's answer sheet, you can certainly observe the varying lengths of time spent by nearby classmates when selecting different answers.

The principle of side channel attacks is similar. Attackers use indirect information such as power consumption or timing variations to infer sensitive data processed inside the TEE. To reduce these vulnerabilities, it is necessary to carefully implement encryption operations and constant time Algorithm to minimize observable variations during TEE code execution as much as possible.

Intel SGX and other TEEs have been proven to have vulnerabilities. The 2020 SGAxe attack exploited a vulnerability in Intel SGX to extract the encryptionSecret Key from the secure enclave, potentially exposing sensitive data in cloud environments. In 2021, researchers demonstrated the 'SmashEx' attack, which could lead to enclave crashes and potential leakage of confidential information. 'Prime+Probe' is also a form of side-channel attack that can extract the encryptionSecret Key from SGX peripheral devices by observing cache access patterns. All these examples highlight the 'cat-and-mouse game' between security researchers and potential attackers.

Most servers in the world use Linux for its powerful security. This is thanks to its open source nature, and the thousands of programmers constantly testing the software and fixing vulnerabilities. The same approach also applies to hardware. OpenTitan is an Open Source project aimed at making silicon Root of Trust (RoT, another term for TEE) more transparent, trustworthy, and secure.

Future Outlook

In addition to TEE, there are several other privacy protection technologies available for builders to use, such as Zero-Knowledge Proof, longer computation, and fully Homomorphic Encryption. A comprehensive comparison of these technologies is beyond the scope of this article, but TEE has two prominent advantages.

First, there is its ubiquity. The infrastructure of other technologies is still in its infancy, while TEE has become mainstream and has been integrated into most modern computers, dropping the technological risk for founders who want to use privacy technology. Secondly, compared to other technologies, the processing overhead of TEE is much lower. Although this feature involves security trade-offs, it is a practical solution for many use cases.

Finally, if you are considering whether TEE is suitable for your product, please ask yourself the following questions:

1. Does the product require complex off-chain computation to be proven on-chain?
2. Do application inputs or main data points need to be anonymized?

If all the answers are yes, then TEE is worth a try.

However, given the fact that TEEs are still vulnerable, always be vigilant. If the security value of your application is less than the cost of an attack, which can cost millions of dollars, you may want to consider using TEE alone. However, if you're building a security-first application, such as Wallet and Rollup, you should consider using a Decentralization TEE network such as the Lit Protocol, or using TEE in conjunction with other technologies such as ZK proofs.

Unlike developers, investors may be more concerned about the value of TEE and whether there will be billion-dollar companies emerging due to this technology.

In the short term, as many teams continue to experiment with TEE, we believe that value will be generated at the infrastructure level, including TEE-specific Rollups (such as Automata and Sirrah), as well as protocols that provide critical components for other applications using TEE (such as LIT). With the introduction of more TEE coprocessors, the cost of off-chain privacy computation will drop.

In the long run, we expect the value of applications and products utilizing TEE to exceed that of the infrastructure layer. However, it should be noted that users adopt these applications not because they use TEE, but because they are excellent products that solve real problems. We have seen this trend in wallets such as Capsule, where the user experience has been greatly improved compared to browser wallets. Many DePIN projects may only use TEE for identity verification, rather than as a core part of their product, but they will also accumulate significant value.

Every week, our confidence in the assertion that 'we are in a transition from fat protocols to fat applications' grows stronger. We hope that technologies such as TEE will also follow this trend. The timeline on X won't tell you this, but with the maturity of technologies like TEE, the cryptocurrency field will usher in an unprecedentedly exciting moment.