Awesome TEE Blockchain

A curated list of resources for learning about Trusted Execution Environments (TEEs) in the context of blockchains. This list includes articles, research papers, tweet threads, code repositories, videos, and more.

What are TEEs?

A Trusted Execution Environment (TEE) is a secure, isolated area within a device or network designed to safeguard sensitive data during storage, processing, and execution. TEEs provide a protected space where programs can run with confidentiality and integrity, even if the broader system is compromised, ensuring tamper-resistant computation.

In addition to this security, TEEs offer attestation capabilities that provide enhanced trust guarantees. Attestation is a cryptographic proof that allows a TEE to verify to a remote party that a program is running (or has run) without any interference. This mechanism reinforces trust in the TEE by proving that specific operations have been executed without tampering, offering third-party verification of computational correctness.

Table of Contents

1. Cloud Providers
   • Google Cloud Confidential Compute
   • Microsoft Azure Confidential Computing
   • Amazon AWS Nitro
2. Hardware
   • AMD
   • Intel
   • NVIDIA
   • ARM
3. Use Cases
   • Block Building
   • Bridging
   • Asset Management
   • General Compute
   • Privacy
   • Rollups
4. Repositories
   • General
   • Rust
   • Go
   • C++
   • C
   • Python
5. Research Papers
6. Articles
7. Videos
8. Tweet Threads

Cloud Providers

Google Cloud Confidential Compute

• Confidential Accelerator for AI workloads - Supports Intel TDX with Intel AMX, and NVIDIA H100 GPUs.
• Confidential VMs - Supports AMD SEV, AMD SEV-SNP, and Intel TDX.
• Confidential Space - Supports trust model where the workload author, workload operator, and resource owners are separate, mutually distrusting parties.
• Confidential VM attestation - Attestation support for AMD SEV (vTPM), AMD SEV-SNP (vTPM and TSM), and Intel TDX (vTPM and TSM).

Microsoft Azure Confidential Computing

• Azure Confidential VM

Amazon AWS Nitro

• Nitro
• Nitro Enclaves

Hardware

AMD

• Secure Encrypted Virtualization-Trusted I/O (SEV-TIO) - Improved I/O performance and security in AMD SEV-SNP guests
• Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) - Expands on SEV, adds memory integrity protection to help prevent malicious hypervisor-based attacks
• Secure Encrypted Virtualization (SEV) - Hardware-based memory encryption through the AMD Secure Processor

Intel

• Advanced Matrix Extensions (AMX) - Accelerator to improve the performance of deep-learning training and inference on the CPU
• Trust Domain Extensions (TDX) - Latest Hardware-based TEE architecture from Intel
• Software Guard Extensions (SGX) - Protects data actively being used in the processor and memory by creating a TEE

NVIDIA

• H100 TensorCore GPU - Hardware-based trusted execution environment with NVIDIA Hopper and NVIDIA Blackwell architecture support
• Hopper Architecture - Accelerated computing platform for AI
• Blackwell Architecture - Latest HW generation with accelerated computing and generative AI optimizations

ARM

• Confidential Compute Architecture (CCA) - Under development. Key component of the Armv9-A architecture
• TrustZone - Isolates critical security firmware, assets and private information for Armv8-M based devices

Use Cases

Block Building

• The Future of MEV is SUAVE
• Block Building inside SGX
• Running Geth within SGX: Our Experience, Learnings and Code
• SGX-Based Backrunning and Covert Channels
• MEV-SGX - A sealed bid MEV auction design

Bridging

• Avalanche Bridge - Website, ava-labs GitHub

Asset Management

• Turnkey - Website, tkhq GitHub
• Fireblocks - Website, fireblocks GitHub
• Cycles Money - Website
• Solana Saga Seed Vault - Website, solana-mobile GitHub

General Compute

• Marlin Protocol - Website, marlinprotocol GitHub
• Phala Network - Website, Phala-Network GitHub
• Automata Network - Website, automata-network GitHub

Privacy

• Oasis Protocol - Website, oasisprotocol GitHub
• Secret Network - Website, scrtlabs GitHub
• Enclave Markets - Website

Rollups

• Taiko - Website, taikoxyz GitHub

Repositories

General

• sbellem/qtee - Exploring the physical limits of trusted hardware in the classical and quantum settings to achieve security through physics.

Rust

• marlinprotocol/oyster-serverless - Oyster Serverless is a cutting-edge, high-performance serverless computing platform designed to securely execute JavaScript (JS) and WebAssembly (WASM) code in a highly controlled environment.
• Phala-Network/phala-blockchain - The Phala Network Blockchain, pRuntime and the bridge.
• kata-containers/kata-containers - Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs.
• taikoxyz/raiko - Multi-proofs for Taiko. SNARKS, STARKS and Trusted Execution Enclave.
• confidential-containers/guest-components - Confidential Containers Guest Tools and Components
• kinvolk/azure-cvm-tooling - Libraries and tools for Confidential Computing on Azure
• HyperEnclave/hyperenclave - An Open and Cross-platform Trusted Execution Environment.
• mobilecoinfoundation/mobilecoin - Private payments for mobile devices
• integritee-network/worker - Integritee off-chain worker and sidechain validateer
• capsule-corp-ternoa/ternoa-node - Ternoa's Node Implementation
• automata-network/automata - Automata Network is a modular attestation layer that extends machine trust to Ethereum with TEE Coprocessors.
• apache/incubator-teaclave-sgx-sdk - Apache Teaclave (incubating) SGX SDK helps developers to write Intel SGX applications in the Rust programming language, and also known as Rust SGX SDK.
• apache/incubator-teaclave - Apache Teaclave (incubating) is an open source universal secure computing platform, making computation on privacy-sensitive data safe and simple.
• scrtlabs/incubator-teaclave-sgx-sdk - Rust SGX SDK provides the ability to write Intel SGX applications in Rust Programming Language. Fork of apache/incubator-teaclave-sgx-sdk.

Go

• google/go-tpm-tools - Go packages built on go-tpm providing a high-level API for using TPMs
• google/go-sev-guest - go-sev-guest offers a library to wrap the /dev/sev-guest device in Linux, as well as a library for attestation verification of fundamental components of an attestation report.
• google/go-tdx-guest - go-tdx-guest offers a library to wrap the /dev/tdx-guest device in Linux, as well as a library for attestation verification of fundamental components of an attestation quote.
• matter-labs/vault-auth-tee - Hashicorp Vault plugin for authenticating Trusted Execution Environments (TEE) like SGX enclaves
• usbarmory/GoTEE - Go Trusted Execution Environment (TEE)
• iotexproject/w3bstream - An offchain computing layer for DePIN verifiable data computation, supporting a variety of validity proofs including Zero Knowledge (ZK), Trusted Execution Environments (TEE), and Multi-party Computation (MPC)
• oasisprotocol/oasis-core - Performant and Confidentiality-Preserving Smart Contracts + Blockchains
• hyperledger/fabric-private-chaincode - FPC enables Confidential Chaincode Execution for Hyperledger Fabric using Intel SGX.

CPP

• microsoft/azure-tee-attestation-samples - Trusted Execution Environment examples leveraging attestations on Azure
• intel/linux-sgx - Intel SGX for Linux
• lsds/Teechain - Teechain: A Secure Payment Network with Asynchronous Blockchain Access
• skalenetwork/sgxwallet - sgxwallet is the first-ever opensource high-performance hardware secure crypto wallet that is based on Intel SGX technology. First opensource product on Intel SGX whitelist. Scales to 100,000+ transactions per second. Currently supports ETH and SKALE, and will support BTC in the future. Sgxwallet is under heavy development and use by SKALE network.
• hyperledger-labs/private-data-objects - The Private Data Objects lab provides technology for confidentiality-preserving, off-chain smart contracts.

C

• iisec-suzaki/optee-ra - OP-TEE Remote Attestation
• pietroborrello/CustomProcessingUnit - The first analysis framework for CPU microcode
• openenclave/openenclave - SDK for developing enclaves
• deislabs/mystikos - Tools and runtime for launching unmodified container images in Trusted Execution Environments
• openenclave/openenclave - SDK for developing enclaves
• mofanv/PPFL - Privacy-preserving Federated Learning with Trusted Execution Environments
• inclavare-containers/inclavare-containers - A novel container runtime, aka confidential container, for cloud-native confidential computing and enclave runtime ecosystem.

Python

• ethernity-cloud/mvp-pox-node - Ethernity Cloud Node

TS

• tkhq/sdk - Turnkey TypeScript SDK

Research Papers

• J. Zhu, H. Yin, P. Deng, and S. Zhou, "Confidential Computing on nVIDIA H100 GPU: A Performance Benchmark Study", 2024 - arXiv
• A. Sunny, N, Shrivastava, S. and R. Sarangi, "SecScale: A Scalable and Secure Trusted Execution Environment for Servers", 2024 - arXiv
• H. Eichner, D. Ramage, K. Bonawitz, D. Huba et. al., "Confidential Federated Computations", 2024 - arXiv
• X. Zhang, K. Qin, S. Qu, T. Wang, C. Zhang, and D. Gu "Teamwork Makes TEE Work: Open and Resilient Remote Attestation on Decentralized Trust", 2024 - arXiv
• Y. Xian, L. Zhou, J. Jiang, B. Wang, H. Huo, and P. Liu, "A Distributed Efficient Blockchain Oracle Scheme for Internet of Things", 2023 - arXiv
• A. P. Kalapaaking, I. Khalil, M. S. Rahman, M. Atiquzzaman, X. Yi, and M. Almashor, "Blockchain-based Federated Learning with Secure Aggregation in Trusted Execution Environment for Internet-of-Things", 2023 - arXiv
• M. Schneider, R.J. Masti, S. Shinde, S. Capkun, and R. Perez, "SoK: Hardware-supported Trusted Execution Environments", 2022 - arXiv
• R. Li, Q. Wang, Q. Wang, D. Galindo, and M. Ryan, "SoK: TEE-assisted Confidential Smart Contract", 2022 - arXiv
• E. Puschner, T. Moos, S. Becker, C. Kison, A. Moradi, C. Paar, "Red Team vs. Blue Team: A Real-World Hardware Trojan Detection Case Study Across Four Modern CMOS Technology Generations", 2022 - Cryptology ePrint Archive
• R. Karanjai, L. Xu, L. Chen, F. Zhang, Z. Gao, and W. Shi, "Lessons Learned from Blockchain Applications of Trusted Execution Environments and Implications for Future Research", 2022 - arXiv
• C. Liu, H. Guo, M. Xu, S. Wang, D. Yu, J. Yu, and X. Cheng, "Extending On-chain Trust to Off-chain -- Trustworthy Blockchain Data Collection using Trusted Execution Environment (TEE)", 2021 - arXiv
• D. Natarajan, A. Loveless, W. Dai, and R. Dreslinski, “CHEX-MIX: Combining Homomorphic Encryption with Trusted Execution Environments for Two-party Oblivious Inference in the Cloud”, 2021. - Cryptology ePrint Archive
• Z. Bao, Q. Wang, W. Shi, L. Wang, H. Lei, and B. Chen, "When Blockchain Meets SGX: An Overview, Challenges, and Open Issues", 2020 - IEEE
• A. Nilsson, P. N. Bideh, and J. Brorsson, “A Survey of Published Attacks on Intel SGX”, 2020. - arXiv
• K. Murdock, D. Oswald, F. D. Garcia, J. Van Bulck, D. Gruss, and F. Piessens, “Plundervolt: Software-based Fault Injection Attacks against Intel SGX”, 2020. - IEEE
• R. Cheng, F. Zhang, J. Kos, W. He, N. Hynes, N. Johnson, A. Juels, and A. Miller, "Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts", 2019 - IEEE
• G. Kaptchuk, I. Miers, and M. Green, "Giving State to the Stateless: Augmenting Trustworthy Computation with Ledgers" , 2017 - Cryptology ePrint Archive
• J. Lind, O. Naor, I. Eyal, F. Kelbert, P. Pietzuch, and E. Gun Sirer, "Teechain: A Secure Payment Network with Asynchronous Blockchain Access", 2017. - arXiv

Articles

• A few notes on AWS Nitro Enclaves: Attack surface - Trail of Bits Blog
• Early Thoughts on Decentralized Root-of-Trust - Flashbots Collective
• Drawbacks In FHE Blockchain And How TEE Can Help It - Flashbots Collective
• Building Secure Ethereum Blocks on Minimal Intel TDX Confidential VMs - Flashbots Collective
• TDX Security For BOB Searchers, Flashbots
• Chapter 3 - Verifiable Off-chain Compute: Enabling an Instagram-like experience for Web3 - Florin Digital
• Sirrah: Speedrunning a TEE Coprocessor
• Demystifying SGX — Part 1 - Obscuro Labs
• Blockchain Privacy and Security in Data Computation
• Trustless Execution Environments - David Atterman
• 4 Ways to Compare Trusted Execution Environments and Zero-Knowledge Proofs
• What is a Trusted Execution Environment (TEE)? - Halborn
• How Secret Network Uses SGX
• Blockchain × TEE: Why Various Forefront Projects are Adopting TEE - TOKI
• Why trusted execution environments will be integral to proof-of-stake blockchains
• TEE-based Smart Contracts and Sealing Pitfalls
• Trusted Execution Environments and the Polkadot Ecosystem
• Blockchains in Trusted Execution Environments (TEEs)
• Intel SGX and Blockchain: The iExec End-to-End Trusted Execution Solution
• Blockchains + TEEs Day 1 Summary
• Blockchains + TEEs Day 2 Summary
• Intel SGX Explained

Videos

• Phala Network: 'The Magic of TEEs' - Online Workshop on TEE Basics
• How to Win Friends and TEE-fluence People - Ethan Buchman, Modular Summit 2024
• DEVMOS 2024: Dylan Kawalec (Osmosis), 'Building Decentralized Frontends', Modular Summit 2024
• The TEE Stack - Andrew Miller, Modular Summit 2024
• What apps are unlocked by the TEE stack - Xinyuan Sun, Modular Summit 2024
• Parallelized Confidential Computing - Yannik Schrade, Fil Dev Summit 2024
• TEE for Blockchain Applications - Ari Juels, a16z crypto 2023
• Private Smart Contracts are Worth the Price of the SGX - Andrew Miller, ETHDenver 2023
• Protected Order Flow for Fair Transaction-Ordering in a Profit-Seeking World - Kushal Babel, MEV-SBC 2023
• Blockchains + TEEs 2023: Day 1 - Kartik Nayan, Ittai Abraham, Aniket Kate
• Blockchains + TEEs 2023: Day 2 - Kartik Nayan, Ittai Abraham, Aniket Kate
• SGX Panel 2023: Andrew Miller, Jonathan Passerat Palmbach, Phil Daian, Justin Drake
• Enabling Cross Chain Transfers Using SGX - Michael Kaplan, Avalanche Summit 2022
• Trusted Execution Environments Meet the Blockchain - Ittay Eyal, Simons Institute 2019

Tweet threads

• @_markel___, Extraction of Intel SGX Fuse Key0
• @PratyushRT, Breakdown of the Intel SGX (TEE) breach
• @buchmanster, TEE, ZK, FHE and MPC
• @buchmanster, How you win friends and TEE-fluence people - Chapter 2
• @DistributedMarz, Flashwares Live Session