Intel SGX and why Ternoa chose it for its Secret NFTs

The idea that kickstarted the creation of Ternoa was a simple one. What if you could translate the concept of time capsules to the digital world? Beyond time capsules, applications of NFTs as a container for sensitive data are endless.

When realizing that no existing chain had the features to support that, Ternoa was born. A chain focused on being the perfect solution for NFTs and web3 projects. Now that we’re nearing the launch of Secret NFTs as part of phase 4 of our mainnet launch, it’s time to explain how secrets are kept secret and secure.

This post addresses the question by explaining how we choose Intel SGX and how we have been preparing for the risk from quantum computing.

What is Intel SGX?

It’s well-established that the best way to store confidential data is on hardware modules. For decades, banking and secret services have relied on hardware solutions to safeguard information. Unlike storing data on software, hardware-based security ensures it’s harder to attack.

Intel SGX is one such solution. Initially, Intel started by developing it for every laptop, but they quickly realized various flaws in their design and shifted to focusing on servers and high-performance machines instead. Nowadays, all big cloud providers like Azure or Google Cloud rely on Intel SGX for security. Even in the blockchain industry, leading analysis company chainalysis relies on SGX to secure its compliance products.

TEE Enclaves

SGX enables the creation of black boxes, so-called enclaves. Enclaves provide apps a way to run in a protected environment separate from the rest of the system and allow for secure storage without interference.

Enclaves are secured by cryptographic keys unique to the app and system. As enclaves are fully isolated from the rest of the system, even if a hacker gains access to one part of it, they won’t see what’s inside of the enclaves.

TEE Enclaves are an answer to a question cryptography has been pondering since its inception: how do we store data in an untrusted environment without it being compromised?

Why Ternoa chose Intel SGX & TEEs for Secret NFTs

Overall, four solutions are proposed to the question of storing data in untrusted environments: FHE, SMPC, ZKP and hardware-based solutions. At Ternoa, we decided to use Intel SGX for a variety of reasons:

• Zero-knowledge Proofs, FHEs and secure multiparty computation are nascent, complex, and partly yet to be proven. We wanted something trusted and with data behind it to back it up.
• Intel SGX is maintained by Intel and comes with the attached guarantees that there will be continued support for the solution.
• It’s already used by renowned organizations inside the crypto industry and in other industries with requirements for high security.

There are some downsides and risks associated with Intel SGX and TEEs. With hardware solutions, keys are stored on the hardware. This introduces the risk that contents can’t be decrypted if the hardware itself is destroyed or malfunctioning.

To further mitigate risks of compromise and ensure that data remains available, Ternoa is implementing Shamir Secret Sharing in the process of accessing and retrieving data from Secret NFTs.

Shamir Secret Sharing in Ternoa

Shamir Secret Sharing describes a cryptographic scheme whereby a secret is split into parts and distributed to other parties. Only when a certain threshold of parts is available, for example, 4 of 5, the key can be retrieved from it. A different term to denote the principle is threshold scheme.

We know hardware security is not perfect. That’s why we’re adding secret sharing for an added layer of protection. Whenever secret NFT owners add their key to an enclave, it won’t be stored in its entirety but split into pieces and stored across modules. Security becomes more of a question of probabilities depending on how thresholds are set. The more distributed keys are, the harder it’ll be to compromise them.

What about Quantum Computing?

Even with the above, some community members have recently questioned us on the security provided for Secret NFTs when quantum computing becomes feasible. We’d like to add some perspective to that potential threat.

Optimistic people might believe that quantum computing might break the signature schemes currently used in blockchain in ten years. Others argue that this won’t happen because we’d need to control so many qubits — neither our tech nor our skills will be able to keep up.

Regardless of when it happens, if quantum computing breaks public key infrastructure, it’s not just blockchains that have a problem, but critical infrastructure like baning. It’s not a blockchain-specific problem.

Ternoa uses symmetric algorithms that are immune to quantum computing. Code on enclaves will only be discovered with the introduction of quantum computing. Our team is working on a branch in our codebase that includes signature schemes resistant to quantum computing. We brought on Amin, an engineer with more than 12 years in building cryptographic solutions, to make Secret NFTs resistant even if quantum computing becomes a reality.

Our security architecture is constantly evolving as we prepare for the launch of phase 4. We’ll also release a chat with our in-house cryptographer Amin further explaining how we secure your valuable data.

—

Feel free to reach out with questions in our community channels on Discord anytime, and we’re happy to help.