Trusted Execution Environments and the Polkadot Ecosystem

The use of Trusted Execution Environments (TEEs) in combination with the Substrate blockchain modular framework is providing new solutions to enable real-use applications on the next generation of the web.

By PolkadotJuly 2, 2020

The use of Trusted Execution Environments (TEEs) in combination with the Substrate blockchain modular framework is providing new solutions to enable real-use applications on the next generation of the web.

Blockchain first hit the headlines in 2008 when the white paper for Bitcoin was published. Since then thousands of blockchains have been generated, designed with a huge variety of functions and protocols.

A large part of the attraction of the technology is its promise of decentralization, fairness and transparency. However, with transparency comes a lack of privacy. While transactions and messages on the blockchain can be pseudonymous, true privacy is harder to achieve. Few people want their private details broadcast in a public, albeit encrypted way, whether it be their financial transactions or their health records.

Additionally, being compliant with the General Data Protection Regulation (GDPR) framework in the European Union means that no private data should be stored on a permissionless, public blockchain, to protect against the potential risk of decryption at some point in the future. For greater use in the real world, these issues of privacy and data security on a blockchain need to be addressed.

One way of addressing these concerns is the use of trusted execution environments (TEEs).

Trusted Execution Environments

TEEs have existed for almost a decade and currently have a lot of real-world uses like smartphones. There are many definitions of a TEE, all of which refer in some way to isolated execution and secure storage. In very simple terms, it can be described as an area within a computer system that no one can access except with a trusted agreement.

The TEE runs within the main processor but outside the normal operating system, providing a way to store data or execute code privately and without modification. As it holds its own cryptographic keys, it only discloses its content to third parties that fulfill all the criteria designed to keep it trustworthy. It can manage its content by installing or updating its code and data and is resistant to both software attacks and hardware attacks on the main system’s memory. Additionally, the TEE can be authenticated by the manufacturer, who can confirm that a program is running on a genuine TEE even if it is physically located off-site.

One thing to be considered when incorporating a TEE into a system is the need for trust in the integrity and design competence of the hardware manufacturer. Currently, in the majority of cases this is Intel SGX, but other providers (such as Arm TrustZone) exist, and open source TEEs are being developed (such as Keystone).

Projects in the Polkadot ecosystem

Web3 Foundation provides grants to create technology that everyone can benefit from. Within the Polkadot ecosystem, several grant recipients are using TEEs in conjunction with Substrate (the software development framework for building a blockchain on which Polkadot is built) to facilitate different use cases. All are open source projects. We introduce some of them here.

Supercomputing Systems AG

Supercomputing Systems AG (SCS AG) have developed the off-chain computing framework SubstraTEE, designed to enhance privacy for blockchains based on Substrate. This uses TEEs to increase confidentiality and integrity in, for example, private cryptocurrency transactions, private and verifiable voting and the ability to swap cryptocurrency across different blockchains without a trusted intermediary.

Using SubstraTEE, transactions can be processed and verified off-chain using the TEE, with only a confirmation of the transaction rather than the private details sent to the blockchain. Potentially, a right for deletion could be implemented with, for instance, automatic deletion of content after a certain time period.

This would allow enterprises to use blockchain technology for their own use cases while still remaining compliant with GDPR.

The "SubstraTEE Book" includes instructions for creating your own trusted state transition function in conjunction with Substrate, using Encointer as a real-world example.

Phala Network

Like Supercomputing Systems AG, Phala uses a TEE-Blockchain hybrid architecture for privacy. They aim to provide a confidential computation and data protection service on Substrate-built blockchains with interoperability. The confidential smart contract runs inside the TEE enclave in the central processing unit, functionally isolated from the external operating system and the hardware, ensuring security and confidentiality.

The Phala pilot product is Web3 Analytics, the first data analytics tool to analyze user data and output results without invading personal privacy.

Rather than passing through a third party, private data is encrypted and transmitted directly to Phala Network confidential contracts. As Phala’s protocol enables users to decide the objects and purposes of data utility, users thus have 100% control over how their data should be used.

Advanca

Advanca is creating a privacy-preserving general-purpose compute/storage infrastructure for dapps (decentralized digital applications that run on a blockchain). This is designed to enable developers to build any existing or new web or mobile apps in a decentralized manner.

The current design includes a control plane that works as the coordinator and a compute/storage plane that uses a TEE to accept and accomplish the allocated tasks.

This facilitates an application program interface (API) accessible to authenticated users and a privacy-preserving storage capability that implements Oblivious RAM (ORAM) techniques to further protect data confidentiality and conceal the data access pattern.

Crust Network

Crust implements the incentive layer protocol for decentralized storage and is also capable of supporting a decentralized computing layer and building a decentralized cloud ecosystem.

Within their network, the integrity guarantees of a TEE are used to quantify meaningful storage usage by giving a technical assurance of reliable storage detection with two types of proof: environment detection and workload detection.

In environment detection, when consensus on the TEE of a new node is reached, the node identity and corresponding TEE public key that passes the verification is recorded on-chain.

In workload detection, the workload of nodes is verified every period, with the packaging and verification logic handled by the TEE. After receiving user files, Crust storage nodes perform encrypted packaging in the TEE and save them. In each cycle, the TEE signs a workload report onto the chain after fast local storage verification. Other nodes only need to verify the signature reported by the workload, greatly simplifying the storage consensus process.

TEEs are also an effective technique for protecting private data; Crust therefore plans to add trustable privacy protection services to their network’s nodes.

Zondax

Zondax focuses on validator security rather than privacy and uses TEEs as one more layer in a series of security measures that includes independent industrial quality devices, TEEs and hardware security modules (HSMs).

Within the Polkadot ecosystem, validator nodes secure the relay chain, validating proofs from collators and participating in consensus with other validators. As part of this system, validators keep private keys that they use to sign in a secure way. At the end of each period, a new key is created for security.

Zondax uses an ARM-based TEE as a way to make it expensive and difficult to access the keys before they rotate, providing an extra layer of separation between the HSM that stores keys and the network. With a combination of software and a range of possible devices that can be used in a data centre, they provide a much more secure alternative to running validators in cloud-based servers.

Building for the future

Trusted Execution Environments in combination with Substrate offer interesting possibilities for addressing privacy and security in the Polkadot ecosystem. To keep in touch with the continuing developments in Polkadot, join us on your favorite medium.

Website

Wiki

Twitter

Blog

YouTube

Reddit

Real-time conversation

We have Riot channels for real-time discussions on Web3 Foundation and Polkadot. Join the conversations.

Web3 Foundation

Polkadot Watercooler

Polkadot Telegram

About Web3 Foundation

Web3 Foundation funds research and development teams building the stack of technologies that form the basis of the decentralized web. It was established in Zug, Switzerland by Ethereum co-founder and former chief technology officer Dr. Gavin Wood. For more information visit the web3.foundation website.

From the blog

Empowering the next wave of founders: Welcome to EasyA x Polkadot University

Unlock a structured path to start building on Polkadot with EasyA x Polkadot University.

Dynamic & Modular: Scaling Ambition with Agile Coretime

Polkadot’s Agile Coretime simplifies launching and scaling blockchain projects with dynamic blockspace allocation and flexible cost options. Learn how Agile Coretime makes it easier to build, launch, and scale ambitious Web3 projects.

How play-to-earn (P2E) is transforming onchain mobile sports gaming

Play-to-earn games are transforming mobile sports gaming. Learn how blockchain, NFTs, and platforms like Polkadot create new opportunities for digital asset ownership and cross-chain gameplay.

Polkadot Token 2049 and Decoded Asia 2024: A multichain ecosystem in action

At Token 2049 and Decoded Asia 2024 in Singapore, Polkadot teams and contributors showcased a multichain future for real-world applications. Key moments included Dr. Gavin Wood’s vision for digital individuality, Chrissy Hill’s regulatory insights, and announcements from emerging projects shaping the Web3 ecosystem.

What is a crypto wallet? Your all-access pass to the future web

In Web3, your wallet is your most valuable digital tool. It’s more than just a place to store, send, and receive cryptocurrencies securely—it’s your passport to the decentralized world.

July 2024: Key network metrics and insights

Welcome to your go-to source for the latest tech updates, key metrics, and discussions within Polkadot, brought to you by the Parity Success Team. This blog series covers a variety of topics, drawing insights from GitHub, project teams, and the Polkadot Forum.

Polkadot 2.0: The rebirth of a network

Polkadot 2.0 reimagines blockchain with a bold rebrand and powerful features: Agile Coretime, Async Backing, and Elastic Scaling. Step into a more flexible, faster, and scalable network. Learn about the improvements and changes that led to this next era of Polkadot.

Meet the Decentralized Futures grant recipients: transforming ideas into impact on Polkadot

The Decentralized Mic is here to spotlight the innovative projects and teams driving Polkadot’s growth. Join us as we explore the achievements of Decentralized Futures grant recipients and their contributions to the Polkadot ecosystem on the new ecosystem community call series.

The ultimate 2024 Polkadot grants and funding guide

Explore Polkadot ecosystem funding: grants, venture capital, bounties, and community initiatives. Discover opportunities for blockchain builders today.

Decoded 2024: Polkadot’s vision for a decentralized future

Polkadot Decoded 2024 in Brussels brought together top blockchain minds to explore the future of Web3. Highlights included Björn Wagner's insights on payments and Dr. Gavin Wood's vision for digital individuality. Showcasing technical breakthroughs and real-world use cases, Polkadot affirmed its leadership in the multi-chain future.

June 2024: Key network metrics and insights

Welcome to your go-to source for the latest tech updates, key metrics, and discussions within Polkadot, brought to you by the Parity Success Team. This blog series covers a variety of topics, drawing insights from GitHub, project teams, and the Polkadot Forum.

Introducing the New Polkadot Ledger App

Discover the new Polkadot Ledger app for seamless, secure transactions. Now available on Ledger Live, it supports Polkadot, Kusama, and more.