With increasing interest in effective methods to enhance and protect blockchains, hardware-based solutions are becoming prominent. The function of Trusted Execution Environments (TEEs) in blockchain frameworks has incrementally evolved from privacy-focused projects to initiatives that enhance scalability and facilitate secure offchain computations. Currently, more than 50 teams are engaged in TEE-centric blockchain initiatives. This article by Cointelegraph Research delves into the technical underpinnings of TEEs in blockchain frameworks and investigates significant use cases of this technology.
Functioning of TEEs in blockchains
The majority of blockchain technology depends on cryptography and distributed computing for security. TEEs introduce an alternative strategy: hardware-level trust.
A Trusted Execution Environment is a secure compartment within a device’s processor designed to keep data and code impervious to tampering and confidential throughout execution. The resulting secure enclave is inaccessible to the rest of the operating system and can demonstrate to external parties through remote attestation the instructions it is executing.
To achieve this, the CPU measures the Trusted Computing Base, encompassing the boot firmware, operating system kernel, and application binaries, storing it in secure hardware registers. It then signs this measurement with a private attestation key embedded in the CPU, resulting in a cryptographic attestation report that a remote verifier can use to validate the enclave’s authenticity and integrity.
Utilizing this hardware-level trust for confidential smart contract execution necessitates that blockchain nodes utilize chips with a TEE. This typically applies to nodes responsible for validating transactions and blocks as well as executing offchain computations. In a layer-1 model, consensus nodes replicate an encrypted version of each contract’s state as part of the global ledger.
Each node contains a TEE that executes the decryption, plaintext execution, and reencryption of every transaction. This hardware reliance introduces a trade-off between improved privacy and a reduced validator pool. Fewer participants can operate nodes if specific hardware is mandated. Nonetheless, the extra trust required is mitigated to some extent by the remote attestation that TEEs offer.
An alternative architecture is a layer-2 model where TEE computations are secured not through distributed consensus but by a dispute resolution system, as seen in rollups. This strategy employs a similar encryption pathway to an L1 structure but can enhance scalability. However, most layer-2 systems sacrifice contract interoperability since they operate on separate machines, preventing contracts from invoking one another.
TEEs employ standard asymmetric cryptography to obscure function calls and smart contract code. Function calls are encrypted with the TEE’s public key before being forwarded to the blockchain, decrypted within the enclave, and executed.
Secret Network, developed with the Cosmos SDK and Intel SGX, was the pioneer blockchain to support private smart contracts through TEEs. Secret Contracts enable developers to create confidential DeFi applications that obscure contract logic, inputs, outcomes, and state, while the addresses remain visible. It also facilitates the creation of Secret Tokens, whose balances and transaction histories stay confidential and are only accessible to their owners or explicitly authorized smart contracts.
Vulnerabilities of trusted execution environments
The execution of private smart contracts relies on the reliability of the TEE hardware manufacturer. While it seems unlikely that a company like Intel would risk its reputation through targeted attacks on blockchain systems, Intel’s Management Engine (IME), an autonomous system found in most Intel CPUs since 2008, has faced several significant vulnerabilities over time.
TEE manufacturers might succumb to governmental pressure to insert backdoors, adhere to surveillance regulations, or allow access to encrypted data under national security statutes. Unintentional vulnerabilities may also compromise TEE security. For instance, the Plundervolt attack exploited Intel’s dynamic voltage interface to induce computation faults within SGX enclaves, allowing attackers to bypass integrity checks and extract keys and secrets from encrypted memory.
Private smart contract execution with TEEs
To enable privacy-preserving DApps, smart contracts must be executed in a manner that keeps both logic and data confidential. TEEs can access the keys necessary to decrypt contract data to read and run confidential smart contract code.
If these keys are ever compromised, an attacker could decrypt previously stored contract data. To avert this, Trusted Execution Environments utilize distributed key management that divides key control among multiple trusted nodes and frequently rotates short-term keys to minimize the impact of a breach.
Ekiden was the first to design such a system, serving as a foundation for similar models across other blockchains. The most sensitive keys are handled by the KMC (key-management committee, comprised of the most trusted nodes) utilizing threshold cryptography. The committee’s shares are proactively reshared to rotate share holders. Meanwhile, individual worker nodes maintain limited-access short-lived keys related to specific tasks.
These keys are issued by the KMC for each contract and expire at the end of every epoch. To acquire a key, a worker node must first authenticate its legitimacy to the KMC through secure channels. Each KMC member generates a key share using a pseudo-random function and transmits it to the node, which reconstructs the complete key once it collects a sufficient number of shares.
If a KMC node is compromised, its access can be revoked through governance, excluding it from future epochs. This mitigates the potential impact of a breach, though it doesn’t eliminate it entirely. Upon deployment of a confidential contract, its enclave generates a new public key and publishes it on the blockchain alongside the contract code and encrypted initial state.
Users who subsequently call the contract retrieve this key to encrypt their inputs prior to transmitting them to the compute node. To ensure authenticity, the node also provides a signing key bound to the enclave through attestation at startup.
Other use cases of TEEs in blockchains
In addition to private smart contract execution, TEEs can significantly enhance blockchain scalability and efficiency. TEE-enabled nodes can securely execute resource-intensive tasks offchain and submit the results onchain. This approach allows applications to transfer computational burdens from the blockchain layer to a trusted offchain environment, helping to lower gas costs and improve overall chain throughput.
IExec is a leading decentralized cloud computing platform that utilizes Trusted Execution Environments for offchain computations. It employs Intel SGX-based enclaves to isolate and offload computational tasks from the blockchain.
A requester, usually a smart contract or user, can procure a confidential computation as a task onchain. The blockchain then alerts worker nodes to carry out the task within a secure enclave. Before proceeding with execution, the enclave produces an attestation report containing cryptographic proof of the enclave’s code and configuration.
This report is delivered to a Secret Management Service, which authenticates the enclave’s integrity and authenticity. Only if the enclave successfully passes this verification does the computation commence.
Trusted execution environments may also provide MEV-proof blockchain infrastructure. Unichain, an optimistic rollup on Ethereum developed by the Uniswap team and launched in October 2024, utilizes TEEs in its block-generation framework. Its block builder, created in collaboration with Flashbots, uses TEEs to craft blocks within a protected enclave.
When directed to the TEE builder, transactions are filtered, prioritized, and bundled into Flashblocks. This allows Unichain to achieve 1-second block times, with plans to introduce 250-millisecond sub-blocks and enhance transaction ordering. Building blocks within TEEs aids in reducing MEV extraction as mempool transactions remain encrypted. Through these features, Unichain aims to construct a blockchain dedicated to DeFi.
Conclusion
Trusted execution environments within blockchains are gaining traction as developers pursue more effective privacy solutions. TEEs possess the potential to influence the future of decentralized applications with cost-effective and high-latency secure computations. Despite their promise, TEEs are not yet natively supported by the majority of blockchains due to hardware specifications and trust prerequisites.
In the future, we anticipate that TEE use cases will broaden beyond just privacy-preserving applications to encompass scalability solutions for blockchains and offchain computations for decentralized apps. This transition is propelled by the rise of more computationally intensive DApps, such as decentralized AI applications. TEEs may support these use cases with cost-efficient, high-performance offchain computations.
This article does not constitute investment advice or recommendations. Every financial decision involves risk, and readers should undertake their own research before proceeding.
This article is intended for general information purposes and should not be regarded as legal or investment advice. The opinions expressed herein are solely those of the author and do not necessarily align with the views of Cointelegraph.
Cointelegraph does not endorse this article or any products mentioned herein. Readers should perform their own diligence before taking any actions related to any product or company referenced.
