Trusted Execution Environments and the Polkadot Ecosystem
The use of Trusted Execution Environments (TEEs) in combination with the Substrate blockchain modular framework is providing new solutions to enable real-use applications on the next generation of the web.
Blockchain first hit the headlines in 2008 when the white paper for Bitcoin was published. Since then thousands of blockchains have been generated, designed with a huge variety of functions and protocols.
A large part of the attraction of the technology is its promise of decentralization, fairness and transparency. However, with transparency comes a lack of privacy. While transactions and messages on the blockchain can be pseudonymous, true privacy is harder to achieve. Few people want their private details broadcast in a public, albeit encrypted way, whether it be their financial transactions or their health records.
Additionally, being compliant with the General Data Protection Regulation (GDPR) framework in the European Union means that no private data should be stored on a permissionless, public blockchain, to protect against the potential risk of decryption at some point in the future. For greater use in the real world, these issues of privacy and data security on a blockchain need to be addressed.
One way of addressing these concerns is the use of trusted execution environments (TEEs).
Trusted Execution Environments
TEEs have existed for almost a decade and currently have a lot of real-world uses like smartphones. There are many definitions of a TEE, all of which refer in some way to isolated execution and secure storage. In very simple terms, it can be described as an area within a computer system that no one can access except with a trusted agreement.
The TEE runs within the main processor but outside the normal operating system, providing a way to store data or execute code privately and without modification. As it holds its own cryptographic keys, it only discloses its content to third parties that fulfill all the criteria designed to keep it trustworthy. It can manage its content by installing or updating its code and data and is resistant to both software attacks and hardware attacks on the main system’s memory. Additionally, the TEE can be authenticated by the manufacturer, who can confirm that a program is running on a genuine TEE even if it is physically located off-site.
One thing to be considered when incorporating a TEE into a system is the need for trust in the integrity and design competence of the hardware manufacturer. Currently, in the majority of cases this is Intel SGX, but other providers (such as Arm TrustZone) exist, and open source TEEs are being developed (such as Keystone).
Projects in the Polkadot ecosystem
Web3 Foundation provides grants to create technology that everyone can benefit from. Within the Polkadot ecosystem, several grant recipients are using TEEs in conjunction with Substrate (the software development framework for building a blockchain on which Polkadot is built) to facilitate different use cases. All are open source projects. We introduce some of them here.
Supercomputing Systems AG
Supercomputing Systems AG (SCS AG) have developed the off-chain computing framework SubstraTEE, designed to enhance privacy for blockchains based on Substrate. This uses TEEs to increase confidentiality and integrity in, for example, private cryptocurrency transactions, private and verifiable voting and the ability to swap cryptocurrency across different blockchains without a trusted intermediary.
Using SubstraTEE, transactions can be processed and verified off-chain using the TEE, with only a confirmation of the transaction rather than the private details sent to the blockchain. Potentially, a right for deletion could be implemented with, for instance, automatic deletion of content after a certain time period.
This would allow enterprises to use blockchain technology for their own use cases while still remaining compliant with GDPR.
Like Supercomputing Systems AG, Phala uses a TEE-Blockchain hybrid architecture for privacy. They aim to provide a confidential computation and data protection service on Substrate-built blockchains with interoperability. The confidential smart contract runs inside the TEE enclave in the central processing unit, functionally isolated from the external operating system and the hardware, ensuring security and confidentiality.
The Phala pilot product is Web3 Analytics, the first data analytics tool to analyze user data and output results without invading personal privacy.
Rather than passing through a third party, private data is encrypted and transmitted directly to Phala Network confidential contracts. As Phala’s protocol enables users to decide the objects and purposes of data utility, users thus have 100% control over how their data should be used.
Advanca is creating a privacy-preserving general-purpose compute/storage infrastructure for dapps (decentralized digital applications that run on a blockchain). This is designed to enable developers to build any existing or new web or mobile apps in a decentralized manner.
The current design includes a control plane that works as the coordinator and a compute/storage plane that uses a TEE to accept and accomplish the allocated tasks.
This facilitates an application program interface (API) accessible to authenticated users and a privacy-preserving storage capability that implements Oblivious RAM (ORAM) techniques to further protect data confidentiality and conceal the data access pattern.
Crust implements the incentive layer protocol for decentralized storage and is also capable of supporting a decentralized computing layer and building a decentralized cloud ecosystem.
Within their network, the integrity guarantees of a TEE are used to quantify meaningful storage usage by giving a technical assurance of reliable storage detection with two types of proof: environment detection and workload detection.
In environment detection, when consensus on the TEE of a new node is reached, the node identity and corresponding TEE public key that passes the verification is recorded on-chain.
In workload detection, the workload of nodes is verified every period, with the packaging and verification logic handled by the TEE. After receiving user files, Crust storage nodes perform encrypted packaging in the TEE and save them. In each cycle, the TEE signs a workload report onto the chain after fast local storage verification. Other nodes only need to verify the signature reported by the workload, greatly simplifying the storage consensus process.
TEEs are also an effective technique for protecting private data; Crust therefore plans to add trustable privacy protection services to their network’s nodes.
Zondax focuses on validator security rather than privacy and uses TEEs as one more layer in a series of security measures that includes independent industrial quality devices, TEEs and hardware security modules (HSMs).
Within the Polkadot ecosystem, validator nodes secure the relay chain, validating proofs from collators and participating in consensus with other validators. As part of this system, validators keep private keys that they use to sign in a secure way. At the end of each period, a new key is created for security.
Zondax uses an ARM-based TEE as a way to make it expensive and difficult to access the keys before they rotate, providing an extra layer of separation between the HSM that stores keys and the network. With a combination of software and a range of possible devices that can be used in a data centre, they provide a much more secure alternative to running validators in cloud-based servers.
Building for the future
Trusted Execution Environments in combination with Substrate offer interesting possibilities for addressing privacy and security in the Polkadot ecosystem. To keep in touch with the continuing developments in Polkadot, join us on your favorite medium.
We have Riot channels for real-time discussions on Web3 Foundation and Polkadot. Join the conversations.
About Web3 Foundation
Web3 Foundation funds research and development teams building the stack of technologies that form the basis of the decentralized web. It was established in Zug, Switzerland by Ethereum co-founder and former chief technology officer Dr. Gavin Wood. For more information visit the web3.foundation website.
From the blog
Elevating Polkadot's Performance and Scale with Asynchronous Backing
Asynchronous backing is the latest step in the roadmap towards natively scaling Polkadot’s performance and flexibility for Web3 use cases across every industry.