Research Directions for Verifiable Crypto-Physically Secure TEEs (2410.03183v2)

Published 4 Oct 2024 in cs.CR, cs.AR, and cs.ET

Abstract: A niche corner of the Web3 world is increasingly making use of hardware-based Trusted Execution Environments (TEEs) to build decentralized infrastructure. One of the motivations to use TEEs is to go beyond the current performance limitations of cryptography-based alternatives such as zero-knowledge proofs (ZKP), fully homomorphic encryption (FHE), and multi-party computation (MPC). Despite their appealing advantages, current TEEs suffer from serious limitations as they are not secure against physical attacks, and their attestation mechanism is rooted in the chip manufacturer's trust. As a result, Web3 applications have to rely on cloud infrastruture to act as trusted guardians of hardware-based TEEs and have to accept to trust chip manufacturers. This work aims at exploring how we could potentially architect and implement chips that would be secure against physical attacks and would not require putting trust in chip manufacturers. One goal of this work is to motivate the Web3 movement to acknowledge and leverage the substantial amount of relevant hardware research that already exists. In brief, a combination of: (1) physical unclonable functions (PUFs) to secure the root-of-trust; (2) masking and redundancy techniques to secure computations; (3) open source hardware and imaging techniques to verify that a chip matches its expected design; can help move towards attesting that a given TEE can be trusted without the need to trust a cloud provider and a chip manufacturer.

Summary

The paper proposes a framework that integrates PUFs, masking, and redundancy to secure TEEs against physical attacks.
It leverages open-source hardware verification and proof of fabrication techniques to eliminate reliance on chip manufacturers.
The research fosters collaboration between blockchain and hardware experts, advancing secure infrastructures for Web3 applications.

Overview of Verifiable Crypto-Physically Secure TEEs

This paper explores the integration of hardware-based Trusted Execution Environments (TEEs) within the Web3 infrastructure, evaluating their current limitations and proposing advancements to enhance their security. Current TEEs, such as Intel's SGX, offer performance advantages over cryptography-based alternatives like zero-knowledge proofs and fully homomorphic encryption but suffer from vulnerabilities to physical attacks and reliance on the integrity of chip manufacturers. The research aims to establish a framework for developing TEEs that are inherently secure against physical attacks and are free from manufacturer-based trust assumptions.

Key Contributions

The work is positioned to motivate the Web3 community to embrace existing hardware research and foster collaboration between blockchain and hardware researchers. The paper proposes the following components to create more secure TEEs:

Physical Unclonable Functions (PUFs): PUFs are suggested to enhance the security of the root-of-trust by leveraging inherent physical variations in microchips to generate unique, unclonable keys.
Masking and Redundancy: These techniques are employed to protect computations from side-channel and fault injection attacks. Masking is akin to MPC in silicon, splitting secrets into shares and computing on these shares, while redundancy involves repeating computations to detect faults.
Open Source Hardware Verification: By utilizing imaging and other verification techniques, the paper advocates for chips matching expected open-source designs, reducing the need to trust manufacturers.

Challenges and Adversarial Model

The research outlines several core challenges in moving towards decentralized, crypto-physically secure TEEs:

Open Source Hardware Design: Emphasizing the importance of transparency, drawing parallels to Kerckhoffs' Principle to ensure designs are secure without being secret.
Proof of Fabrication: Proposes mechanisms like imaging and blockchain records to verify that chip fabrication aligns with design specifications.
Oblivious Root-of-Trust Generation and Usage: Focuses on generating and using root-of-trust securely without allowing extraction or leakage of sensitive data during manufacture or usage.

Implications

The development of secure and verifiable TEEs could significantly bolster the security of applications within the Web3 framework, aligning with decentralization principles. By integrating PUFs and pursuing open-source design paradigms, it's possible to foster enhanced security protocols that do not rely on trusting manufacturers or centralized authorities. This approach resonates with the broader blockchain philosophy of verifiability and transparency.

Future Directions

The paper envisions a roadmap featuring parallel research tracks to tackle various challenges outlined, emphasizing the potential for hybrid models that combine current TEE technology with advancements like PUFs. Collaborative efforts between Web3 and hardware communities could cultivate more robust ecosystems for cryptographic applications, reducing reliance on cloud providers and chip manufacturers.

Conclusion

This paper provides an insightful exploration into advancing TEEs in alignment with Web3's decentralization goals. Through innovative use of PUFs, masking, and open-source hardware verification, it lays a groundwork for research and development toward enhanced, secure computing environments. The proposed directions are critical for the creation of decentralized infrastructures that are resistant to both logical and physical attacks.

PDF Markdown

Related Papers

Tweets

https://twitter.com/sbellem/status/1844192772120608857

https://twitter.com/sbellem/status/1844988049534394764

https://twitter.com/sbellem/status/1846617992613785662

https://twitter.com/sbellem/status/1847357863905128756

https://twitter.com/sbellem/status/1857993545208181221

https://twitter.com/jmsunico/status/1846356134342373463