In connection with the growing interest in scaling and protection of blockchains, the equipment based on equipment is focused. The role of trusted executive environments (TEE) in blockchain systems has gradually expanded from projects retaining privacy to applications that improve scalability and allow protected offchain calculations. Currently, over 50 teams are working on Blockchain based on Tee. In this article, Cointelegraph Research studies Tee’s technical foundations in blockchain systems and analyze key cases of using this technology.

T -shirt mechanics in blocks

Most blockchain technologies are based on cryptography and dispersed calculations to maintain security. T -shirts add a different approach, namely trust at the equipment level.

A trusted workmanship is an isolated area in the device processor, which is designed to maintain data and secure and confidential code during performance. Arose Sheltered enclave is not available to the rest of the operating system and may prove to the third parties through a remote certificate What instructions he performs.

To do this, the CPU measures a trusted calculation base that includes firmware, system nucleus and system binle and saves them in protected equipment registers. Then he signs this measurement using the private key of the certificate embedded in the processor. This causes a report of a cryptographic certificate that a remote verifier can check whether to confirm the authenticity and integrity of the enclave.

The operate of this trust at the level of equipment for a confidential smart performance of the contract requires that the blockchain nodes operate systems with a T -shirt. This requirement usually applies to the nodes responsible for the transaction, as well as for the validation of blocks and offchain calculations. In the layer 1 configuration, the consensus nodes still replicate the encrypted version of each contract as part of the global book.

Each knot contains a T -shirt that replicates decryption, performing text and re -compensating each transaction. This hardware relationship introduces a compromise between increased privacy and a smaller set of validation. Less people can start knots if specific equipment is required. However, additional confidence that requires is partially replaced by remote confirmation.

An alternative design is the layer 2 diagram, in which TEE calculations are not protected by a distributed consensus, but a mechanism for resolving the dispute, as can be seen in the rolls. This approach uses a similar encryption pipeline for L1 configuration, but can facilitate improve scalability. However, most layer systems 2 lose the interoperability of the contract Because they are performed on separate machines, which means that the contracts cannot be made.

Tees uses standard asymmetrical cryptography to hidden functional calls and smart contract code. Function connections are encrypted with a public key key before sending to blockchain, decrypted in the enclave and made.

Secret NetworkBuilt with Cosmos SDK and Intel SGX, it was the first blockchain that has private smart contracts facilitated by TEE. Secret contracts allow programmers to build confidential DEFI applications that hide the logic of the contract, input data, results and condition, but not addresses. It also allows you to create secret tokens whose balances and transaction history remain confidential and are perceptible only to their owners or clearly authorized smart contracts.

Susceptibility to trusted executive environments

Private performance of an smart contract depends on the credibility of the TEE equipment manufacturer. Although it is doubtful that the corporation like Intel threaten its reputation with a targeted attack on blockchain systems, Intel management engine (IME)The autonomous system set in most Intel processors since 2008 has contained many sedate gaps over the years.

Tee suppliers may be subject to the government in order to introduce backdors, compliance with supervisory tickets or provide access to encrypted data on the basis of national security provisions. Accidental gaps can also undermine the safety of the T -shirt. For example Plundervolt Attack has used the vigorous Intel voltage interface to induce calculation faults inside the SGX enclaves, which allowed the attackers to bypass the checking of integrity and the separation of keys and secrets from encrypted memory.

Private smart performance of the contract with T -shirts

To enable DAPPs conducting privacy, smart contracts must perform in a way that maintains the confidentiality of both logic and data. To read and run a confidential smart contract code, TEE can access the keys required to decrypt the contract data.

If these keys are ever violated, the attacker could decipher the previously stored contract data. To avoid this, trusted execution environments operate dispersed key management, which divides key control into many trusted nodes and often turns brief -term keys to limit the influence of violation.

Ekiden was the first To design such a systemAnd it served as the basis for similar models in other blocks. The most sensitive keys are managed by KMC (Key-Management Committee, which is a group of the most trusted nodes) with threshold cryptography. The committee’s actions are proactively transformed into rotation, who has, which divides. Meanwhile, individual workers’ nodes have brief -term keys with constrained access related to specific tasks.

These keys are issued by KMC for each contract and expire at the end of each era. To get a key, the employee node must first prove its KMC ID via protected channels. Each element of KMC then generates the key of the key using a pseudo-randomic function and sends it to a node that reconstructs the full key after collecting enough shares.

If the KMC node is threatened, its access can be canceled through management and is excluded from future eras. This reduces the potential effect of violation, although it does not eliminate it completely. After the implementation of a confidential contract, its enclave generates a fresh public key and publishes it on blockchain with a contract code and an encrypted initial state.

Users who later call the contract download this key to encrypt their input data before sending them to the computing junction. To guarantee authenticity, the node is also provided by a key signing the enclosure associated with the enclave after starting.

Other cases of using shirts in chain chains

In addition to private smart performance of the contract, Tee can significantly improve the scalability and performance of blockchain. TEE support nodes can safely perform intensive computational tasks in offchain and send results. In this way, applications can relieve the computing load from the blockchain layer in the trusted offchain environment. This can facilitate reduce gas costs and enhance the overall chain capacity.

Iexec It is one of the largest decentralized cloud processing platforms that operate trusted executive environments for offchain calculations. Uses enclaves based on Intel SGX to relieve and insulate calculations from blockchain.

Requester, usually an smart contract or user, can buy confidential calculations as a task. Then blockchain notifies workers’ nodes about completing the task in a protected enclave. Before performing, ENCLAVE generates a certificate report containing cryptographic evidence of code and Enclave configuration.

This report is sent to a secret management service, which verifies the integrity and authenticity of the enclave. Only if Enclave undergoes this verification, the actual calculation begins.

Trusted executive environments can also be used to ensure MEV resistant blockchain infrastructure. Unichain, the positive rolling of Ethereum developed by the UNISWAP team and launched in October 2024, uses TEE in the process of generating blocks. Its blocks designer, developed in cooperation with FlashbotsHe uses shirts to construct blocks in a protected enclave.

After directing to the builder, transactions are filtered, ordered priority and packed in flash blocks. This allows Unichain to achieve a 1-second block time, with plans to introduce 250 million podders and improve transactions. Blocking blocks in Tee helps reduce MEV extraction because MEMPOOL transactions remain encrypted. Thanks to these functions, Unichain is aimed at building a defidden blockchain.

Application

Trusted executive environments on blocks are gaining momentum because developers are looking for more competent privacy solutions. TIE can potentially shape the future of decentralized applications with low-cost and protected calculations with a high delay. Despite their potential, Tee is not yet natively served by most blockchains due to hardware requirements and trust.

In the future, we expect that TEE operate will develop from applications requiring privacy and focus on scalability solutions for blockchains and offchain calculations for decentralized applications. This change results from the appearance of more demanding DAPP calculations, such as decentralized AI applications. TES can facilitate these cases of low-cost, highly competent offchain calculations.

This article does not contain investment advice or recommendations. Each investment and commercial movement involves risk, and readers should conduct their own research when making decisions.

This article is used for general information purposes and should not be and should not be treated as legal or investment advice. The views, thoughts and opinions expressed here are themselves and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Cointelegraph does not support the content of this article or any product listed in this document. Readers should conduct their own research before undertaking any actions related to any product or company and bear full responsibility for their decisions.