Awesome TEE Blockchain

A curated list of resources for learning about Trusted Execution Environments (TEEs) in the context of blockchains. This list includes articles, research papers, tweet threads, code repositories, videos, and more.

What are TEEs?

Trusted Execution Environments (TEEs) are secure areas within a main processor that ensure the integrity and confidentiality of the code and data loaded inside. TEEs provide a higher level of security than the normal execution environment by isolating the execution of sensitive applications and data from the rest of the system.

In the context of blockchains, TEEs are primarily used to enhance compute and data storage capabilities, ideally with minimal compromise to security, verifiability and decentralization.

Key characteristics of TEEs:

1. Isolation: TEEs separate sensitive code and data from the regular operating system and applications. This isolation helps protect against a wide range of attacks, including those from malicious software running on the main OS.

2. Confidentiality and Integrity: TEEs ensure that the data processed within them is protected from unauthorized access and tampering. This is crucial for sensitive operations such as cryptographic computations and handling confidential data.

3. Secure Boot and Secure Storage: TEEs support secure boot mechanisms to ensure that only authenticated and trusted code can be executed. They also provide secure storage for keys and other sensitive data.

4. Attestation: TEEs can generate cryptographic proofs (attestations) that confirm the authenticity and integrity of the code running within them. This allows external parties to verify that the TEE is running legitimate and unaltered code.

Table of Contents

1. Cloud Providers
   • Google Cloud Confidential Compute
   • Microsoft Azure Confidential Computing
   • Amazon AWS Nitro
2. Hardware
   • AMD
   • Intel
   • NVIDIA
   • ARM
3. Use Cases
   • Block Building
   • Bridging
   • Asset Management
   • General Compute
   • Privacy
   • Rollups
4. Repositories
   • Rust
   • Go
   • C++
   • C
   • Python
5. Research Papers
6. Articles
7. Videos
8. Tweet Threads

Cloud Providers

Google Cloud Confidential Compute

• Confidential Accelerator for AI workloads - Supports Intel TDX with Intel AMX, and NVIDIA H100 GPUs.
• Confidential VMs - Supports AMD SEV, AMD SEV-SNP, and Intel TDX.
• Confidential Space - Supports trust model where the workload author, workload operator, and resource owners are separate, mutually distrusting parties.
• Confidential VM attestation - Attestation support for AMD SEV (vTPM), AMD SEV-SNP (vTPM and TSM), and Intel TDX (vTPM and TSM).

Microsoft Azure Confidential Computing

• Azure Confidential VM

Amazon AWS Nitro

• Nitro
• Nitro Enclaves

Hardware

AMD

• Secure Encrypted Virtualization-Trusted I/O (SEV-TIO) - Improved I/O performance and security in AMD SEV-SNP guests
• Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) - Expands on SEV, adds memory integrity protection to help prevent malicious hypervisor-based attacks
• Secure Encrypted Virtualization (SEV) - Hardware-based memory encryption through the AMD Secure Processor

Intel

• Advanced Matrix Extensions (AMX) - Accelerator to improve the performance of deep-learning training and inference on the CPU
• Trust Domain Extensions (TDX) - Latest Hardware-based TEE architecture from Intel
• Software Guard Extensions (SGX) - Protects data actively being used in the processor and memory by creating a TEE

NVIDIA

• H100 TensorCore GPU - Hardware-based trusted execution environment with NVIDIA Hopper and NVIDIA Blackwell architecture support
• Hopper Architecture - Accelerated computing platform for AI
• Blackwell Architecture - Latest HW generation with accelerated computing and generative AI optimizations

ARM

• Confidential Compute Architecture (CCA) - Under development. Key component of the Armv9-A architecture
• TrustZone - Isolates critical security firmware, assets and private information for Armv8-M based devices

Use Cases

Block Building

• The Future of MEV is SUAVE
• Block Building inside SGX
• Running Geth within SGX: Our Experience, Learnings and Code
• SGX-Based Backrunning and Covert Channels
• MEV-SGX - A sealed bid MEV auction design

Bridging

• Avalanche Bridge - Website, ava-labs GitHub

Asset Management

• Turnkey - Website, tkhq GitHub
• Fireblocks - Website, fireblocks GitHub
• Cycles Money - Website
• Solana Saga Seed Vault - Website, solana-mobile GitHub

General Compute

• Marlin Protocol - Website, marlinprotocol GitHub
• Phala Network - Website, Phala-Network GitHub
• Automata Network - Website, automata-network GitHub

Privacy

• Oasis Protocol - Website, oasisprotocol GitHub
• Secret Network - Website, scrtlabs GitHub
• Enclave Markets - Website

Rollups

• Taiko - Website, taikoxyz GitHub

Repositories

Rust

• marlinprotocol/oyster-serverless - Oyster Serverless is a cutting-edge, high-performance serverless computing platform designed to securely execute JavaScript (JS) and WebAssembly (WASM) code in a highly controlled environment.
• Phala-Network/phala-blockchain - The Phala Network Blockchain, pRuntime and the bridge.
• kata-containers/kata-containers - Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs.
• taikoxyz/raiko - Multi-proofs for Taiko. SNARKS, STARKS and Trusted Execution Enclave.
• confidential-containers/guest-components - Confidential Containers Guest Tools and Components
• kinvolk/azure-cvm-tooling - Libraries and tools for Confidential Computing on Azure
• HyperEnclave/hyperenclave - An Open and Cross-platform Trusted Execution Environment.
• mobilecoinfoundation/mobilecoin - Private payments for mobile devices
• integritee-network/worker - Integritee off-chain worker and sidechain validateer
• capsule-corp-ternoa/ternoa-node - Ternoa's Node Implementation
• automata-network/automata - Automata Network is a modular attestation layer that extends machine trust to Ethereum with TEE Coprocessors.
• apache/incubator-teaclave-sgx-sdk - Apache Teaclave (incubating) SGX SDK helps developers to write Intel SGX applications in the Rust programming language, and also known as Rust SGX SDK.
• apache/incubator-teaclave - Apache Teaclave (incubating) is an open source universal secure computing platform, making computation on privacy-sensitive data safe and simple.
• scrtlabs/incubator-teaclave-sgx-sdk - Rust SGX SDK provides the ability to write Intel SGX applications in Rust Programming Language. Fork of apache/incubator-teaclave-sgx-sdk.

Go

• google/go-tpm-tools - Go packages built on go-tpm providing a high-level API for using TPMs
• google/go-sev-guest - go-sev-guest offers a library to wrap the /dev/sev-guest device in Linux, as well as a library for attestation verification of fundamental components of an attestation report.
• google/go-tdx-guest - go-tdx-guest offers a library to wrap the /dev/tdx-guest device in Linux, as well as a library for attestation verification of fundamental components of an attestation quote.
• matter-labs/vault-auth-tee - Hashicorp Vault plugin for authenticating Trusted Execution Environments (TEE) like SGX enclaves
• usbarmory/GoTEE - Go Trusted Execution Environment (TEE)
• iotexproject/w3bstream - An offchain computing layer for DePIN verifiable data computation, supporting a variety of validity proofs including Zero Knowledge (ZK), Trusted Execution Environments (TEE), and Multi-party Computation (MPC)
• oasisprotocol/oasis-core - Performant and Confidentiality-Preserving Smart Contracts + Blockchains
• hyperledger/fabric-private-chaincode - FPC enables Confidential Chaincode Execution for Hyperledger Fabric using Intel SGX.

CPP

• microsoft/azure-tee-attestation-samples - Trusted Execution Environment examples leveraging attestations on Azure
• intel/linux-sgx - Intel SGX for Linux
• lsds/Teechain - Teechain: A Secure Payment Network with Asynchronous Blockchain Access
• skalenetwork/sgxwallet - sgxwallet is the first-ever opensource high-performance hardware secure crypto wallet that is based on Intel SGX technology. First opensource product on Intel SGX whitelist. Scales to 100,000+ transactions per second. Currently supports ETH and SKALE, and will support BTC in the future. Sgxwallet is under heavy development and use by SKALE network.
• hyperledger-labs/private-data-objects - The Private Data Objects lab provides technology for confidentiality-preserving, off-chain smart contracts.

C

• pietroborrello/CustomProcessingUnit - The first analysis framework for CPU microcode
• openenclave/openenclave - SDK for developing enclaves
• deislabs/mystikos - Tools and runtime for launching unmodified container images in Trusted Execution Environments
• openenclave/openenclave - SDK for developing enclaves
• mofanv/PPFL - Privacy-preserving Federated Learning with Trusted Execution Environments
• inclavare-containers/inclavare-containers - A novel container runtime, aka confidential container, for cloud-native confidential computing and enclave runtime ecosystem.

Python

• ethernity-cloud/mvp-pox-node - Ethernity Cloud Node

TS

• tkhq/sdk - Turnkey TypeScript SDK

Research Papers

• A. Sunny, N, Shrivastava, S. and R. Sarangi, "SecScale: A Scalable and Secure Trusted Execution Environment for Servers", 2024 - arXiv
• H. Eichner, D. Ramage, K. Bonawitz, D. Huba et. al., "Confidential Federated Computations", 2024 - arXiv
• X. Zhang, K. Qin, S. Qu, T. Wang, C. Zhang, and D. Gu "Teamwork Makes TEE Work: Open and Resilient Remote Attestation on Decentralized Trust", 2024 - arXiv
• Y. Xian, L. Zhou, J. Jiang, B. Wang, H. Huo, and P. Liu, "A Distributed Efficient Blockchain Oracle Scheme for Internet of Things", 2023 - arXiv
• A. P. Kalapaaking, I. Khalil, M. S. Rahman, M. Atiquzzaman, X. Yi, and M. Almashor, "Blockchain-based Federated Learning with Secure Aggregation in Trusted Execution Environment for Internet-of-Things", 2023 - arXiv
• R. Li, Q. Wang, Q. Wang, D. Galindo, and M. Ryan, "SoK: TEE-assisted Confidential Smart Contract", 2022 - arXiv
• E. Puschner, T. Moos, S. Becker, C. Kison, A. Moradi, C. Paar, "Red Team vs. Blue Team: A Real-World Hardware Trojan Detection Case Study Across Four Modern CMOS Technology Generations", 2022 - Cryptology ePrint Archive
• R. Karanjai, L. Xu, L. Chen, F. Zhang, Z. Gao, and W. Shi, "Lessons Learned from Blockchain Applications of Trusted Execution Environments and Implications for Future Research", 2022 - arXiv
• C. Liu, H. Guo, M. Xu, S. Wang, D. Yu, J. Yu, and X. Cheng, "Extending On-chain Trust to Off-chain -- Trustworthy Blockchain Data Collection using Trusted Execution Environment (TEE)", 2021 - arXiv
• D. Natarajan, A. Loveless, W. Dai, and R. Dreslinski, “CHEX-MIX: Combining Homomorphic Encryption with Trusted Execution Environments for Two-party Oblivious Inference in the Cloud”, 2021. - Cryptology ePrint Archive
• Z. Bao, Q. Wang, W. Shi, L. Wang, H. Lei, and B. Chen, "When Blockchain Meets SGX: An Overview, Challenges, and Open Issues", 2020 - IEEE
• A. Nilsson, P. N. Bideh, and J. Brorsson, “A Survey of Published Attacks on Intel SGX”, 2020. - arXiv
• K. Murdock, D. Oswald, F. D. Garcia, J. Van Bulck, D. Gruss, and F. Piessens, “Plundervolt: Software-based Fault Injection Attacks against Intel SGX”, 2020. - IEEE
• R. Cheng, F. Zhang, J. Kos, W. He, N. Hynes, N. Johnson, A. Juels, and A. Miller, "Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts", 2019 - IEEE
• G. Kaptchuk, I. Miers, and M. Green, "Giving State to the Stateless: Augmenting Trustworthy Computation with Ledgers" , 2017 - Cryptology ePrint Archive
• J. Lind, O. Naor, I. Eyal, F. Kelbert, P. Pietzuch, and E. Gun Sirer, "Teechain: A Secure Payment Network with Asynchronous Blockchain Access", 2017. - arXiv

Articles

• Building Secure Ethereum Blocks on Minimal Intel TDX Confidential VMs, Flashbots Collective
• TDX Security For BOB Searchers, Flashbots
• Chapter 3 - Verifiable Off-chain Compute: Enabling an Instagram-like experience for Web3 - Florin Digital
• Sirrah: Speedrunning a TEE Coprocessor
• Demystifying SGX — Part 1 - Obscuro Labs
• Blockchain Privacy and Security in Data Computation
• Trustless Execution Environments - David Atterman
• 4 Ways to Compare Trusted Execution Environments and Zero-Knowledge Proofs
• What is a Trusted Execution Environment (TEE)? - Halborn
• How Secret Network Uses SGX
• Blockchain × TEE: Why Various Forefront Projects are Adopting TEE - TOKI
• Why trusted execution environments will be integral to proof-of-stake blockchains
• TEE-based Smart Contracts and Sealing Pitfalls
• Trusted Execution Environments and the Polkadot Ecosystem
• Blockchains in Trusted Execution Environments (TEEs)
• Intel SGX and Blockchain: The iExec End-to-End Trusted Execution Solution
• Blockchains + TEEs Day 1 Summary
• Blockchains + TEEs Day 2 Summary
• Intel SGX Explained

Videos

• Phala Network: 'The Magic of TEEs' - Online Workshop on TEE Basics
• How to Win Friends and TEE-fluence People - Ethan Buchman, Modular Summit 2024
• DEVMOS 2024: Dylan Kawalec (Osmosis), 'Building Decentralized Frontends', Modular Summit 2024
• The TEE Stack - Andrew Miller, Modular Summit 2024
• What apps are unlocked by the TEE stack - Xinyuan Sun, Modular Summit 2024
• Parallelized Confidential Computing - Yannik Schrade, Fil Dev Summit 2024
• TEE for Blockchain Applications - Ari Juels, a16z crypto 2023
• Private Smart Contracts are Worth the Price of the SGX - Andrew Miller, ETHDenver 2023
• Protected Order Flow for Fair Transaction-Ordering in a Profit-Seeking World - Kushal Babel, MEV-SBC 2023
• Blockchains + TEEs 2023: Day 1 - Kartik Nayan, Ittai Abraham, Aniket Kate
• Blockchains + TEEs 2023: Day 2 - Kartik Nayan, Ittai Abraham, Aniket Kate
• SGX Panel 2023: Andrew Miller, Jonathan Passerat Palmbach, Phil Daian, Justin Drake
• Enabling Cross Chain Transfers Using SGX - Michael Kaplan, Avalanche Summit 2022
• Trusted Execution Environments Meet the Blockchain - Ittay Eyal, Simons Institute 2019

Tweet threads

• @_markel___, Extraction of Intel SGX Fuse Key0
• @PratyushRT, Breakdown of the Intel SGX (TEE) breach
• @buchmanster, TEE, ZK, FHE and MPC
• @buchmanster, How you win friends and TEE-fluence people - Chapter 2
• @DistributedMarz, Flashwares Live Session