TEE - Trusted Execution Environment

Trusted Execution Environments (TEEs) are used in blockchain technology to provide a secure environment for code. A TEE is a secure hardware environment that isolates code execution from the main operating system, ensuring that code is executed securely and without interference.

The architecture proposed involves storage and retrieval of keys in a trusted execution environment (TEE) which is an offchain component associated with the secret NFT solution. TEE programs running on processors such as SGX provide strong trust guarantees in terms of data privacy and verification of the programs running within them. This can be achieved through techniques such as remote attestation that gives assurance that the program running inside the enclave is running on genuine TEE hardware (such as SGX), and the programs have not been modified by the TEE node operators. Data storage on TEEs is also secured by sealing them with the secure keys associated with the TEE hardware and/or author of the TEE programs.

As an off-chain extension of Key Management, Secure Computation, and Confidential Storage for blockchains, there are at least five responsibilities of TEE :

  • Using the Remote Attestation mechanism to prove the genuinity of hardware and the codes running on it to be approved by blockchain validators and registered on the blockchain

  • Validation of the off-chain requests from the application, comparing to on-chain data (i.e NFT ownership)

  • Processing the application request in a secure environment (i.e sealing the secrets)

  • Providing the blockchain with verified off-chain data gathered from the application (i.e availability of encryption key for secure NFT)

  • Secure distributed backup and secure migration of secrets to other TEE machines

Last updated