On Combining Trusted Execution Environments and Blockchains to Create Better Services by Dr Chang Ee Chien, NUS, at Genesis DevCon

When blockchain made its debut with Satoshi Nakamoto’s Bitcoin, it became groundbreaking technology that revolutionised the way people could make payments and money could be transferred around the world. However, blockchain is one of the technologies that caught on to the hype and there are several other cryptography-based technologies that are just as amazing by themselves.

On that note, Genesis DevCon witness Dr Chang Ee Chien, a professor and researcher, deliver an insightful tech talk on a technology that could enhance blockchain applications — Trusted Execution Environments. Before we dive into the tech talk and what it was about, let’s learn a little more about Dr Chang.

Get to know Dr Chang Ee Chien

Dr Chang Ee-Chien is a scholar in the field of computer science. He has written and co-authored several research papers involving cryptography, cloud security, adversarial machine learning, and cybersecurity. His domain authority is tremendous and through his tech talk, you will find that his knowledge is backed with several years of research.

Presently, he is an associate professor in the Department of Computer Science, School of Computing, NUS.

Now that you have an idea about Dr Chang, let’s take a look at some important points from his tech talk.

What is a Trusted Execution Environment (TEE)?

We’re all familiar with what blockchain is. Trusted Execution Environments (TEEs) began to resurface due to recent developments in the technology and the niche sector that is privacy accommodations. It has the potential to be disruptive.

To put it in a nutshell, TEEs provide trusted execution in a privacy-preserving environment.

A Trusted Execution Environment (TEE) is a hardware-based or software-based execution environment that helps achieve three things:

• Achieving Execution Integrity

On considering devices like processors, TEEs can aid in providing execution integrity when they have to multi-task and run concurrently. That is, one process wouldn’t affect the other one; the processors cannot interfere with one another.

• Providing a Secure Storage

Once data gathered by the processors are ready to be transmitted to other devices, the data has to be encrypted, needs to be stored securely. TEEs can secure data accordingly.

• Providing Remote Attestations

In addition to execution integrity and secure storage, TEEs can help verify that the output the programme produced with the data inputs is computed correctly.

Watch Dr Chang’s tech talk here!

How Remote Attestations Work and Why they are Important

Given how remote attestations provide this verification is done via the use of a public key and a private key to make sure that the process/programme that is being executed is what is intended.

For example, consider that a programme ‘PE’ is working on some data ‘x’ in the TEE to produce an output. With public-key technology or cryptography, the private key can be used to produce proof. Following this, a verifier can verify that the output in this programme is computed correctly. TEEs are environments that will not allow even the owners of the devices to compromise the data that is processed and gathered on the TEE.

Previously, the requirement for Remote Attestations/TEE was first introduced in a niche — digital wallets, digital rights protection,. To put that into perspective, a DVD player would not pay unless it was paid and purchased; certain software won’t run unless you have the right to run that software. However, in time, we found that, actually, it can accomplish more than just this. That is — privacy-preserving computations.

Privacy-preserving computations

Technologies like AI provide data sharing options to enable better decision-making processes. However, in several cases, there are several factors that restrict two parties from collaborating entirely, sharing data with each other due to privacy that prevent the release of several kinds of information. For example, enterprises will not share customer data to protect their privacy. So, in this case, the task lies in finding a mechanism where a certain party, like an enterprise — in this case, can analyse the data that they’ve gathered and yet, reveal nothing about their own data. This is what privacy-preserving computations cater to.

This can be achieved with secure multi-party computations, and they ensure three major functions:

• Maintains confidentiality
• Prevents leakage of data
• Ensures that data is computed correctly

There are other concepts like zero-knowledge proofs (ZKP) that can achieve this as well. But a major drawback lies in the overheads incurred in terms of computational costs that are very high. However, we can still achieve privacy-preserving computations by using hardware, we can achieve a similar effect. Here are certain caveats you will need to keep in mind.

• Since we rely on the hardware protections, the root of trust lies in with the manufacturers of the hardware products.
• The design is complicated for both hardware devices and software and the code is enormous. Due to this, we cannot make sure that this is implemented correctly. It has been found that there are chances of implementation flaws that cause side-channel leakage.
• Trust zones are not easily accessible. It is only accessible for the vendors ( Samsung, Huawei, Apple) and not the developers.

Blockchains don’t directly provide data confidentiality, but TEEs can help!

Blockchain can provide transparency, however, they cannot provide data confidentiality, and there’s no mechanism to provide computation confidentiality and a means to verify that the computation is correct.

What if we put TEE and blockchain together?

• Improve the throughput or performance of the blockchain platform and the consensus protocols.
• Blockchains and trusted execution environments can be used to provide privacy-preserving services.

What new applications or solutions can blockchains and TEEs provide?

In cases where blockchains cannot preserve the privacy and the confidentiality of the data inputs, TEEs can enhance the situation with remote attestations.

Within a TEE, with the help of remote attestations, the secure enclave can produce a piece of information for proof that can be sent to the smart contract. The smart contract can then verify the computation. To put this into perspective, heavy computations can take place off the chain and the output can still be applied to the smart contract which in turn will be verified in the smart contract environment. Contractual enforcement can be carried out accordingly.

Application of TEEs and Blockchain in a Marketplace for Computations

The data will be encrypted, decrypted in the enclave after the result is computed, and create an output that is further encrypted. This can be pushed back to the smart contract for subsequent operations.

Example: In a marketplace for computations, similar to Uber or Airbnb, where computation-based problem statements/jobs are disseminated to people who will get paid for providing solutions, TEEs and blockchains can help preserve privacy in the face of anonymity. Here’s how

This issue here lies in hiring remotely-placed workers to solve problem-statements and safeguarding the confidentiality of the data called input confidentiality.

The solution lies in encrypting and shared decrypting the information when the person hired gets the task with the help of TEE isolation and secure memory.

Additionally, here’s how a marketplace for computations can be secured with blockchain and TEE:

• The integrity of the output can be verified with remote attestations.
• The automated enforcement of contractual agreement can be executed by the smart contracts.
• A mechanism for fair pricing according to computation cost can be done via trusted metering in a TEE.

The Takeaway

Dr Chang’s tech talk brought together two technologies — TEE and blockchain, that could build hybrid applications to maintain data confidentiality and provide an immutable and transparent ledger. The scope and potential that this combination holds can really take us forward towards building a trustless environment.

Look out for more from Genesis DevCon.