rounded

Written by: Haotian

Recently, there has been widespread discussion around the differences between ZK and Trusted Execution Environment (TEE). The reason is that the newly emerging layer2 @unichain claims its millisecond-level sub-blocks are built on TEE, while the so-called data blockchain oracle legacy chain @FlareNetworks integrates traditional internet channels like Google Cloud, introducing verifiable off-chain computing through TEE. Combining these two matters, I would like to share my views:

1) TEE (Trusted Execution Environment) is a hardware-level security technology. In simple terms, TEE creates an independent, secure, and isolated Enclave environment within the processor, completely isolated from the main operating system programs, allowing for the safe storage and protection of sensitive data, while having strict access control mechanisms.

This means that developers can execute specific programs in the TEE, fully amplifying the execution efficiency and performance of the hardware while ensuring security. Currently, there are various TEE implementations, including Intel SGX and ARM TrustZone, which have broader applications in mobile internet, IoT, and other fields, while applications in blockchain scenarios are being explored.

2) Unichain, based on the TEE environment, allows transactions to be pre-executed and verified before they are officially packaged into blocks. This breaks the previous limitation of transactions uniformly uploading to the Mempool and waiting to be packed while also providing a relatively secure and closed tamper-proof environment, thus making it feasible.

Flare Network's approach to oracles is also amplified by leveraging the TEE environment. Feeding price indicators exclusively for DeFi contracts on a data blockchain can be very competitive; however, if the data range is expanded to include sports match results, social media data, real-time election rankings, etc., it requires substantial off-chain computing and processing power, ultimately transmitting verifiable results to the on-chain environment.

Flare will perform intensive computing operations in the TEE environment provided by Google Cloud, feeding only trusted results onto the chain, avoiding the accumulation of large data sources on-chain that incurs significant costs. The idea is simple: complex computing tasks are executed off-chain, then verified on-chain through a brief proof, which reduces data load and computational demand on the chain.

3) It is not difficult to see that the TEE trusted execution environment, to some extent, relies on hardware manufacturers (like AMD and Intel) in conjunction with traditional upstream service providers like Google Cloud to provide 'trustworthiness,' conducting a pre-processing of the raw data before the results are applied on-chain. This has a key distinction from ZK, which relies on mathematical principles and cryptographic algorithms without dependence on any hardware for trust: TEE requires a third-party trust provider.

How can this issue be solved? The logic is also quite simple: TEE + verifiable Prove network. Introducing a verifiable proof network can significantly enhance the transparency and credibility of the TEE system. The decentralized verification network that Unichain aims to introduce, along with Flare's own blockchain architecture providing a distributed node governance structure, plays this role of the verification network.

Although Unichain has not yet disclosed the implementation and governance details of this verification network, how to utilize the remote verifiable characteristics of the TEE enclave and how to generate proofs and interact with the on-chain environment under the premise of hardware-provided security and confidentiality will certainly be key points.