1. Isolated execution: TEE runs code in an isolated environment. This means that even if the main operating system is compromised, the code and data in the TEE remain secure.

  2. Memory encryption: Data processed within the TEE is encrypted. This ensures that even if an attacker has access to the physical memory, they cannot decipher sensitive information stored in the TEE.

 

To understand the importance of TEE, the iPhone that you are probably reading this article on is a good example. FaceID has become the primary way for iPhone to authenticate users to access the device. In a few hundred milliseconds, the following process is carried out inside the device:

 

  1. First, a dot projector casts a pattern of more than 30,000 invisible infrared (IR) dots onto the user's face. An IR camera captures this pattern and an IR image of the face. In low-light conditions, a flood illuminator improves visibility.

  2. Next, a processor takes this raw data and creates a mathematical model of the face, including depth data, outlines, and unique features.

  3. Finally, the mathematical model is compared with the model stored when FaceID was initially set up. If the model is accurate enough, a "success" signal is sent to the iOS system and the device is unlocked. If the comparison fails, the device will remain locked.

 

30,000 infrared dots projected onto your face when you unlock your phone; Source: YouTube

 

FaceID is not only used to unlock devices, but also to authenticate other operations, such as logging into apps and making payments. Therefore, any security breach can have serious consequences. If the model creation and comparison process is compromised, non-device owners can unlock the device, access the owner's personal data, and conduct fraudulent financial transactions. If an attacker manages to extract the stored mathematical model of a user's face, it will lead to the theft of biometric data and a serious violation of privacy.

 

Of course, Apple was very particular about its implementation of FaceID. All processing and storage is done through The Secure Enclave, a separate processor built into the iPhone and other Apple devices that functions isolated from other memory and processes. It's designed so that even if the rest of the device is compromised, an attacker can't access it. In addition to biometrics, it also stores and protects users' payment information, passwords, keychains, and health data.

 

Apple's The Secure Enclave is just one example of a TEE. Since most computers handle sensitive data and computations, nearly all processor manufacturers now offer some form of TEE. Intel offers Software Guard Extensions (SGX), AMD has the AMD Secure Processor, ARM has TrustZone, Qualcomm offers Secure Foundation, and Nvidia's latest GPUs come with confidential computing capabilities.

 

TEEs also have software variants. For example, AWS Nitro Enclaves allows users to create isolated computing environments to protect and process highly sensitive data within Amazon's regular EC2 instances. Similarly, Google Cloud and Microsoft Azure also offer confidential computing.

 

Apple also recently announced Private Cloud Compute, a cloud intelligence system designed to privately handle AI requests that devices can’t service locally. Similarly, OpenAI is developing secure infrastructure for AI cloud computing.

 

TEEs are exciting in part because they are ubiquitous in PCs and cloud service providers. They enable developers to create applications that benefit from users' sensitive data without having to worry about data leaks and security vulnerabilities. They can also directly improve the user experience through innovations such as biometric authentication and passwords.

 

So, what does all of this have to do with cryptocurrency?

 

Remote Attestation

 

TEE makes it possible for external tamper-proof computing, and blockchain technology can provide similar computing guarantees. Smart contracts are essentially computer codes that, once deployed, are automatically executed and cannot be changed by external participants.

 

However, there are some limitations to running computations on the blockchain:

 

  1. Compared to regular computers, blockchains have limited processing power. For example, a block on Ethereum is generated every 12 seconds and can only hold up to 2 MB of data. That’s less than the capacity of a floppy disk, which is an outdated technology. While blockchains are getting faster and more powerful, they still can’t execute complex algorithms, like the one behind FaceID.

  2. Blockchain lacks native privacy. All ledger data is visible to everyone, making it unsuitable for applications that rely on private information such as personal identity, bank balances, credit scores, and medical history.

 

TEEs do not have these limitations. While TEEs are slower than regular processors, they are still orders of magnitude faster than blockchains. In addition, TEEs are inherently privacy-preserving, encrypting all processed data by default.

 

Of course, on-chain applications that require privacy and greater computing power can benefit from the complementary capabilities of TEEs. However, blockchains are highly trusted computing environments, and every data point on the ledger should be traceable to its source and replicated on numerous independent computers. In contrast, TEE processes occur in local physical or cloud environments.

 

So, we need a way to combine these two technologies, which requires remote verification. So, what is remote verification? Let's take a detour to the Middle Ages to understand the background first.

 

Before the invention of technologies like the telephone, telegraph, and the internet, handwritten letters delivered by human couriers were the only way to send information over long distances. But how could the recipient be sure that the message truly came from the intended sender and had not been tampered with? For hundreds of years, wax seals have been the solution to this problem.

 

The envelopes containing the letters would be stamped with hot wax with unique and intricate designs, often the coat of arms or emblems of kings, nobles or religious figures. Since each design was unique to the sender and almost impossible to replicate without the original seal, the recipient could be sure of the authenticity of the letter. In addition, as long as the seal was intact, the recipient could also be sure that the message had not been tampered with.

 

Great Seal of the Realm: A seal used to symbolize the monarch's approval of state documents

 

Remote attestation is the modern equivalent of a seal, a cryptographic proof generated by a TEE that allows the holder to verify the integrity and authenticity of the code running within it and confirm that the TEE has not been tampered with. Here’s how it works:

 

  1. The TEE generates a report containing information about its state and the code running inside it.

  2. The report is cryptographically signed using a key that only the real TEE hardware can use.

  3. The signed report is sent to the remote verifier.

  4. The verifier checks the signature to ensure that the report is coming from the real TEE hardware. It then checks the report content to confirm that the expected code is running and has not been modified.

  5. If verification succeeds, the remote party can trust the TEE and the code running inside it.

 

To integrate blockchain with TEE, these reports can be published on-chain and verified by designated smart contracts.

 

So, how does TEE help us build better cryptocurrency applications?

 

Practical use cases of TEE in blockchain

 

As the "leader" in Ethereum's MEV infrastructure, Flashbot's solution MEV-boost separates block proposers from block builders and introduces a trusted entity intermediary called a "relay" between the two. The relay verifies the validity of the block, conducts auctions to select the winning block, and prevents validators from taking advantage of MEV opportunities discovered by builders.

 

MEV-Boost Architecture

 

However, problems still arise if relayers are centralized, such as three relayers processing more than 80% of blocks. As outlined in this blog post, this centralization presents the risk of relayers censoring transactions, colluding with builders to give certain transactions priority over others, and the risk that relayers themselves could steal MEV.

 

So why don’t smart contracts implement relay functionality directly? First, relay software is too complex to run directly on-chain. Also, relayers are used to keep inputs (blocks created by builders) private so that MEV cannot be stolen.

 

TEE can solve this problem very well. By running the relay software in TEE, the relayer can not only keep the input block private, but also prove that the winning block was selected fairly without collusion. Currently, SUAVE (under testing) being developed by Flashbots is a TEE-driven infrastructure.

 

Recently, this magazine and CMT Digital discussed how solver networks and intents can help chains abstract and solve user experience problems in cryptocurrency applications. We both mentioned such a solution, namely the order flow auction, which is a generalized version of the auction conducted in MEV boost, and TEE can improve the fairness and efficiency of these order flow auctions.

 

In addition, TEE is also very helpful for DePIN applications. DePIN is a network of devices that contribute resources (such as bandwidth, computing, energy, mobile data or GPU) in exchange for token rewards, so the supply side has every incentive to cheat the system by changing the DePIN software, for example, showing repeated contributions from the same device to earn more rewards.

 

However, as we have seen, most modern devices have some form of built-in TEE. DePIN projects can require proof of a device’s unique identifier created via a TEE, ensuring that the device is authentic and running the expected security software, and thus remotely verifying that contributions are legitimate and secure. Bagel is one data DePIN project that is exploring the use of TEEs.

 

In addition, TEE also plays an important role in the Passkey technology that Joel recently discussed. Passkey is an authentication mechanism that stores private keys in TEE on local devices or cloud solutions. Users do not need to manage mnemonics, support cross-platform wallets, allow social and biometric authentication, and simplify the key recovery process.

 

Clave and Capsule use the technology for embedded consumer wallets, while hardware wallet company Ledger uses TEE to generate and store private keys. Lit Protocol, an investment of CMT Digital, provides decentralized signing, encryption and computing infrastructure for developers of applications, wallets, protocols and artificial intelligence agents. The protocol uses TEE as part of its key management and computing network.

 

There are other variations of TEEs as well. As generative AI advances, it becomes increasingly difficult to distinguish between AI-generated images and real images. To this end, large camera manufacturers such as Sony, Nikon, and Canon are integrating technology that assigns digital signatures to captured images in real time. They are also providing infrastructure for third parties to check the provenance of images by verifying proofs. While this infrastructure is currently centralized, we expect these proofs to be verified on-chain in the future.

 

Last week, I wrote about how zkTLS can bring Web2 information to Web3 in a verifiable way. We discussed two approaches to using zkTLS, including multi-party computation (MPC) and proxies. TEEs offer a third approach, where server connections are handled in a secure enclave on the device and proofs of computation are published on-chain. Clique is a project that is implementing TEE-based zkTLS.

 

In addition, Ethereum L2 solutions Scroll and Taiko are experimenting with multi-proof approaches that aim to integrate TEEs with ZK proofs. TEEs can generate proofs faster and more cost-effectively without increasing finality time. They complement ZK proofs by increasing the diversity of proof mechanisms and reducing errors and vulnerabilities.

 

At the infrastructure level, there are also projects that support more and more applications using TEE remote attestation. Automata is launching a modular verification chain as Eigenlayer AVS, which acts as a registry for remote attestation, making it publicly verifiable and easily accessible. Automata is compatible with various EVM chains and enables composable TEE attestation across the EVM ecosystem.

 

In addition, Flashbots is developing a TEE coprocessor Sirrah for establishing a secure channel between TEE nodes and blockchains. Flashbots also provides code for developers to create Solidity applications that can easily verify TEE proofs. They are using the Automata verification chain mentioned above.

 

 

"Rose has thorns"

 

While TEEs are versatile and have been applied to various areas of cryptocurrency, adopting the technology is not without its challenges. Hopefully, builders adopting TEEs will keep some of these points in mind.

 

First, the main consideration is that TEEs require a trusted setup. This means that developers and users must trust that the device manufacturer or cloud provider will uphold security guarantees and not have (or provide external actors such as governments) a backdoor into the system.

 

Another potential problem is side channel attacks (SCA). Imagine taking a multiple-choice test in a classroom. Although you can't see anyone's test paper, you can definitely observe how long it takes for students next to you to choose different answers.

 

Side-channel attacks work in a similar way. An attacker uses indirect information, such as power consumption or timing variations, to infer sensitive data processed within the TEE. Mitigating these vulnerabilities requires careful implementation of cryptographic operations and constant-time algorithms to minimize observable variations in TEE code execution.

 

TEEs such as Intel SGX have been proven to have vulnerabilities. The 2020 SGAxe attack exploited a vulnerability in Intel SGX to extract cryptographic keys from the secure enclave, potentially leaking sensitive data in cloud environments. In 2021, researchers demonstrated the "SmashEx" attack, which can cause the SGX enclave to crash and potentially leak confidential information. The "Prime+Probe" technique is also a side-channel attack that can extract cryptographic keys from SGX peripherals by observing cache access patterns. All of these examples highlight the "cat and mouse game" between security researchers and potential attackers.

 

One reason most servers in the world use Linux is because of its strong security. This is due to its open source nature and the thousands of programmers who continuously test the software and address vulnerabilities as they arise. The same approach applies to hardware. OpenTitan is an open source project that aims to make the silicon root of trust (RoT, another term for TEE) more transparent, trusted, and secure.

 

Future Outlook

 

In addition to TEE, there are several other privacy-preserving technologies available to builders, such as zero-knowledge proofs, multi-party computation, and fully homomorphic encryption. A comprehensive comparison of these technologies is beyond the scope of this article, but TEE has two advantages that stand out.

 

The first is its ubiquity. While the infrastructure for other technologies is still in its infancy, TEEs have become mainstream and integrated into most modern computers, reducing the technical risk for founders who want to take advantage of privacy technologies. Second, TEEs have much lower processing overhead than other technologies. While this feature involves security tradeoffs, it is a practical solution for many use cases.

 

Finally, if you are considering whether TEE is right for your product, ask yourself the following questions:

 

  1. Does the product require complex off-chain computations to be proven on-chain?

  2. Do application inputs or key data points need to be kept private?

 

If the answer is yes to both, then TEE is worth a try.

 

 

However, given the fact that TEEs are still vulnerable to attacks, please always remain vigilant. If the security value of your application is lower than the cost of an attack (which could be as high as millions of dollars), you can consider using TEEs alone. However, if you are building "security-first" applications such as wallets and Rollups, you should consider using a decentralized TEE network such as Lit Protocol, or combining TEEs with other technologies such as ZK proofs.

 

Unlike builders, investors may be more concerned about the value of TEEs and whether billion-dollar companies will emerge from this technology.

 

In the short term, as many teams continue to experiment with TEEs, we believe value will be generated at the infrastructure level, including TEE-specific Rollups (such as Automata and Sirrah), and protocols that provide key building blocks for other applications using TEEs (such as Lit). As more TEE coprocessors are launched, the cost of off-chain private computing will decrease.

 

In the long run, we expect that the value of applications and products that leverage TEE will exceed the infrastructure layer. However, it is important to note that users adopt these applications not because they use TEE, but because they are excellent products that solve real problems. We have seen this trend in wallets such as Capsule, which has a greatly improved user experience compared to browser wallets. Many DePIN projects may only use TEE for authentication, rather than as part of their core product, but they will also accumulate huge value.

 

With every passing week, we become more confident that we are in the transition from fat protocols to fat applications. We hope that technologies like TEEs will follow this trend. The timeline on X won’t tell you this, but as technologies like TEEs mature, it will be an exciting time in the cryptocurrency space.