2 posts tagged with "hardware"

Every distributed cryptographic protocol, key management system or wallet runs on opaque hardware. In almost all cases, we do not know with any certainty that our hardware is executing the expected program and that it is not actually acting against us. Many cases of exactly this kind of betrayal have been uncovered. The latest proved deadly. This precedent suggests the likely existence of undetected malicious hardware in use today.

In our first post, we went over the big picture security shortcomings of TEEs and broke up the work that needs to be done into two: securing the completed chip against remote and physical attackers, and securing the chip against actors in the supply chain. While there is a lot of existing work on both categories, the latter is less explored for our purposes and requires more fundamental research so we are dedicating this post to the topic, and address remote and physical attackers in the next post. A verifiable supply chain is within reach. We demonstrate this by pointing out existing and ongoing research that constitutes various pieces of the puzzle. Along the way we also cover a good deal on open hardware which will provide important context for future posts. The post is structured as follows:

Recent months have seen an awakening of several large use cases of TEEs, from OpenAI calling for new and improved TEEs and Apple announcing a hardware-based private cloud, to Ethereum transactions being privately processed in TDX and other blockchains leveraging SGX for integrity. Having worked quite closely with several use cases that are at the center of this excitement, we are aware of both the promise which secure hardware holds, and of the current insufficiency of today’s hardware to service these use cases. TEE solutions currently on the market simply do not offer sufficient security guarantees while alternative secure hardware families like TPMs, secure elements and smart cards offer better (although not perfect) security guarantees at the cost of needed performance and functionality. For the first time, there is substantial industry demand for high-power, high-performance hardware that is secure under a comprehensive threat model.