Page Content

Tutorials

Load more

Trusted Execution Environment TEE Definition, TEE Advantage

BLOCK CHAIN
Agarapu Geetha
Author: Agarapu Geetha
4 min.read

Trusted Execution Environment Tee

Trusted Execution Environment Tee
Trusted Execution Environment Tee

A computer system’s Trusted Execution Environment (TEE) protects code and data from unauthorised access. External programs cannot change TEE data or code because to this separation. The TEE makes sure that the enclave’s operations are safe even in the event that the operating system or other software layers are compromised.

How TEEs Work and Their Role

By offering a secure execution environment that separates program execution and limits access to external resources like file systems or networks, TEEs are able to maintain their security. Deterministic execution is guaranteed and security is improved by this isolation.

Intel Software Guard Extensions (SGX) are among the most well-known instances of a TEE. A collection of security-related instructions that are run on a central processing unit (CPU) is known as SGX.

You can also read What Is Ganache In Blockchain? How To Get Started Ganache

TEEs are essential for specific consensus processes and applications in the blockchain context:

  • Intel created Proof of Elapsed Time (PoET) in 2016 to address the “Random Leader Election” issue, specifically in permissioned blockchain networks, by utilising TEEs.
    • A node must download and execute the PoET code in the SGX environment before it can join a permissioned network.
    • After that, SGX creates a new private/public key pair and an attestation.
    • Along with a request to join the network, the node signs this attestation and transmits it. After existing confirmed nodes have verified this attestation, they can join if it is accepted.
    • A random timer mechanism is used by PoET. Within its TEE, each participating node asks a secure hardware time for a random wait time. A new block is made and published by the first node whose timer goes off.
    • Following the designated waiting period, the TEE issues a signed certificate (also known as a “quote”) attesting to the node’s sincere waiting, which is subsequently published alongside the new block. This guarantees the participant’s legitimacy and their compliance with the designated wait time.
    • In comparison to Proof of Work (PoW), PoET with SGX is known for its energy efficiency. It also provides Byzantine Fault Tolerance (BFT) and, to the randomised timeframe, guarantees that each trusted node has an equal opportunity to submit a block. Additionally, it has no scaling problems.
    • PoET is the foundation of the blockchain framework Hyperledger Sawtooth, which was created by Intel Corporation. Although Hyperledger Sawtooth’s present version of PoET CFT (Byzantine Fault Tolerant) is hardware-independent due to its usage of a simulated SGX environment, it is just CFT and not BFT. On the other hand, PoET SGX offers BFT tolerance with minimal CPU processing power and is SGX-dependent. There is also a development mode (Devmode) for testing.
  • Proof of Luck (PoL): Unlike PoW, this consensus method uses Intel SGX to produce a “luck value,” or random number, to choose the next block miner. Its goal is to increase transaction throughput while using less processing power.
  • Smart Contract Confidentiality and Correctness: SGX allows nodes to execute a smart contract inside an enclave and then provide a proof of correctness, which other nodes can use to quickly confirm the execution without having to repeat calculations. As demonstrated by systems like Ekiden, this capability aids in maintaining confidentiality in smart contract activities. Additionally, SGX is utilised in reliable hardware-assisted confidentiality systems to offer a safe setting for blockchain transactions.
  • Oracle Services: To offer authorised data feeds to smart contracts, SGX is used by a number of Oracle service providers, including Town Crier and iExec. Town Crier, for instance, uses SGX to guarantee secrecy for queries handled within its enclave and to confirm the reliability of data.

TEE Advantages

TEE Advantages
Image credit to Napkin
TEE Advantages
  • Isolation and Security: TEEs offer a safe, isolated environment that shields data and code from outside interference, including from hacked operating systems or other software layers.
  • Energy Efficiency: TEEs dramatically lower the energy usage linked to conventional PoW when utilised in consensus processes such as PoET.
  • Fairness and Scalability: PoET’s randomised timer, supported by TEEs, guarantees that each node has an equal opportunity to suggest a block and is not affected by scalability problems.
  • Confidentiality: For enterprise use cases, TEEs’ ability to safeguard the privacy of transaction payloads and smart contract executions is essential.
  • Byzantine Fault Tolerance (BFT): TEEs can give strong BFT and protection against malevolent actors when used in conjunction with SGX.
  • Sybil Attack Mitigation: SGX helps stop Sybil attacks, in which an attacker fabricates multiple false identities, by allowing “immutable originality” within the network.

You can also read What Is JSON RPC API? Powers Node Communication & DApps

Limitations and Concerns

  • Hardware Dependency: The need for particular gear, like Intel SGX CPUs, is a major drawback. This may restrict Distributed Ledger Technologies’ (DLTs’) decentralisation and transparency. ARM’s TrustZone and AMD’s Platform Security Processor are two further hardware-based TEEs.
  • Centralization of Trust: To validate the proofs produced by the enclaves, the attestation procedure for SGX frequently uses Intel’s cloud servers, adding a level of centralisation that could be at odds with the decentralised spirit of blockchain. However, some contend that because Intel chips are so widely used, this is a reasonable trade-off.
  • Broken Chip Problem“: A malicious node may routinely win mining rounds if an SGX chip is compromised, compromising the system and providing unjust rewards. Another name for this is the “stale chip problem.”
  • Sybil Attack Susceptibility (Contextual): Although SGX aims to counteract Sybil assaults by ensuring immutable originality, the PoET consensus process itself may still be at risk if an attacker is able to fabricate numerous identities in order to exert influence over the network.
  • Time Synchronicity: PoET depends on precise elapsed time measurement, which can be difficult in distributed systems where achieving perfect time synchrony is hard.

You can also read What Is Truffle And Ganache In Blockchain? Complete Overview

Previous article
What Are The Types of Trees In Data Structure With Example
Next article
Blockchain Truffle: Smart Contract Development Framework
Agarapu Geetha
Agarapu Geetha
My name is Agarapu Geetha, a B.Com graduate with a strong passion for technology and innovation. I work as a content writer at Govindhtech, where I dedicate myself to exploring and publishing the latest updates in the world of tech.

About Us 

Contact Us

Privacy Polacy

Disclaimer

© G Solutions

Index