Awesome TEE Blockchain

A curated list of resources for learning about Trusted Execution Environments (TEEs) and their applications in the blockchain space. This list includes foundational concepts, specific technologies, applications, security considerations, research, code, articles, videos, and more.

Contributions are welcome!

Table of Contents

1. What are TEEs?
2. Why TEEs in Blockchain?
3. Core Concepts & Technologies
   • Hardware Platforms
     • Intel
     • AMD
     • NVIDIA
     • ARM
     • OpenTitan
   • Cloud TEE Offerings
     • Google Cloud
     • Microsoft Azure
     • Amazon AWS
   • TEE SDKs & Frameworks
4. Blockchain Applications & Use Cases Leveraging TEEs
   • AI
   • Block Building & MEV Mitigation
   • Bridging
   • Asset Management & Wallets
   • General Off-Chain Compute
   • Privacy & Confidentiality
   • Rollups & Coprocessors
5. Security Considerations & Attacks
6. Learning Resources
   • Introductory & Overview Articles
   • Technical Deep Dive Articles
   • Research Papers
     • 2024
     • 2023
     • 2022
     • 2021
     • Pre-2020
   • Videos
     • Conference Talks
     • Technical Presentations
     • Workshops and Tutorials
   • Tweet Threads
7. Code Repositories
   • Awesome Lists & General Resources
   • Rust
   • Go
   • C++
   • C
   • Python
   • TypeScript
8. Community & Events

What are TEEs?

A Trusted Execution Environment (TEE) is a secure, isolated area within a device or network designed to protect sensitive data and code during execution. It's like a secure vault within your processor that:

• Provides Isolation: Creates a protected space where sensitive code runs separately from the main system
• Ensures Privacy: Keeps both code and data confidential during processing
• Prevents Tampering: Maintains security even if the main system is compromised
• Proves Execution: Generates cryptographic proofs that verify the code ran correctly
• Enables Trust: Allows remote parties to verify computational integrity

A rough analogy is to think of it as a secure room with unbreakable walls, where computations happen privately and everyone can verify the results without seeing inside.

Why TEEs in Blockchain?

TEEs offer compelling solutions to several challenges in the blockchain space:

• Verifiable Off-Chain Computation: Performing complex computations off-chain within a TEE and submitting only the results and proof back to the chain enhances scalability and reduces gas costs.
• Confidentiality: Running smart contracts or parts of protocols within a TEE can protect sensitive data (e.g., private transaction details, user data) from validators or observers.
• MEV Mitigation: TEEs can be used to create encrypted mempools or fair ordering systems, preventing front-running and other MEV extraction strategies.
• Key Management: TEEs offer hardware-level protection for private keys used in wallets or validators.

Core Concepts & Technologies

This section covers the foundational hardware, cloud services, and software frameworks enabling TEE usage.

Hardware Platforms

The underlying silicon providing TEE capabilities.

Intel

• Advanced Matrix Extensions (AMX) - Accelerator to improve the performance of deep-learning training and inference on the CPU
• Trust Domain Extensions (TDX) - Latest Hardware-based TEE architecture from Intel
• Software Guard Extensions (SGX) - Protects data actively being used in the processor and memory by creating a TEE

AMD

• Secure Encrypted Virtualization-Trusted I/O (SEV-TIO) - Improved I/O performance and security in AMD SEV-SNP guests
• Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) - Expands on SEV, adds memory integrity protection to help prevent malicious hypervisor-based attacks
• Secure Encrypted Virtualization (SEV) - Hardware-based memory encryption through the AMD Secure Processor

NVIDIA

• H100 TensorCore GPU - Hardware-based trusted execution environment with NVIDIA Hopper and NVIDIA Blackwell architecture support
• Hopper Architecture - Accelerated computing platform for AI
• Blackwell Architecture - Latest HW generation with accelerated computing and generative AI optimizations

ARM

• Confidential Compute Architecture (CCA) - Under development. Key component of the Armv9-A architecture
• TrustZone - Isolates critical security firmware, assets and private information for Armv8-M based devices

OpenTitan

• OpenTitan: open source project building a reference design and integration guidelines for silicon root of trust (RoT) chips.
• Open source silicon root of trust GitHub - lowRISC/opentitan

Cloud TEE Offerings

Major cloud providers offering virtual machines or services utilizing TEE hardware.

Google Cloud

• Confidential Accelerator for AI workloads - Supports Intel TDX with Intel AMX, and NVIDIA H100 GPUs.
• Confidential VMs - Supports AMD SEV, AMD SEV-SNP, and Intel TDX.
• Confidential Space - Supports trust model where the workload author, workload operator, and resource owners are separate, mutually distrusting parties.
• Confidential VM attestation - Attestation support for AMD SEV (vTPM), AMD SEV-SNP (vTPM and TSM), and Intel TDX (vTPM and TSM).

Amazon AWS

• Nitro
• Nitro Enclaves

Microsoft Azure

• Azure Confidential VM

TEE SDKs & Frameworks

Tools and libraries simplifying the development of applications running inside TEEs.

• openenclave/openenclave - SDK for developing TEE applications (enclaves) across different hardware platforms (SGX, OP-TEE).
• apache/incubator-teaclave-sgx-sdk - Apache Teaclave (incubating) SGX SDK helps developers write Intel SGX applications in the Rust programming language.
• intel/linux-sgx - Intel SGX SDK and Platform Software (PSW) for Linux.
• Gramine Project - Library OS, allowing unmodified Linux applications to run in Intel SGX enclaves.
• Microsoft/confidential-container-demos - Demos for running containers in confidential environments on Azure.
• confidential-containers/confidential-containers - An open-source project enabling cloud-native confidential computing by shielding containerized workloads.

Blockchain Applications & Use Cases Leveraging TEEs

Examples of how TEEs are being used or proposed within the blockchain ecosystem.

AI

• TEE plugin for ELIZA (using dstack from Phala)

Block Building & MEV Mitigation

• Unichain
• The Future of MEV is SUAVE
• Block Building inside SGX
• Running Geth within SGX: Our Experience, Learnings and Code
• SGX-Based Backrunning and Covert Channels
• MEV-SGX - A sealed bid MEV auction design

Bridging

• Avalanche Bridge - Website, ava-labs GitHub

Asset Management & Wallets

• Turnkey - Website, tkhq GitHub
• Fireblocks - Website, fireblocks GitHub
• Cycles Money - Website
• Solana Saga Seed Vault - Website, solana-mobile GitHub

General Off-Chain Compute

• Marlin Protocol - Website, marlinprotocol GitHub
• Phala Network - Website, Phala-Network GitHub
• Automata Network - Website, automata-network GitHub

Privacy & Confidentiality

• Oasis Protocol - Website, oasisprotocol GitHub
• Secret Network - Website, scrtlabs GitHub
• Enclave Markets - Website

Rollups & Coprocessors

• Taiko - Website, taikoxyz GitHub
• Unichain - Website

Security Considerations & Attacks

Understanding the security guarantees and limitations of TEEs is crucial.

• A Survey of Published Attacks on Intel SGX - Nilsson et al. (2020)
• Plundervolt: Software-based Fault Injection Attacks against Intel SGX - Murdock et al. (2020)
• Securing TEE Apps: A Developer's Guide - Bedlam Research
• TEE-based Smart Contracts and Sealing Pitfalls - IC3
• A few notes on AWS Nitro Enclaves: Attack surface - Trail of Bits Blog

Learning Resources

Articles, papers, videos, and discussions diving deeper into TEEs and their blockchain intersection.

Introductory & Overview Articles

• TEE Bible - Your First Stop for TEE in Crypto
• What is a Trusted Execution Environment (TEE)? - Halborn
• Blockchain Privacy and Security in Data Computation
• Trustless Execution Environments - David Atterman
• Chapter 3 - Verifiable Off-chain Compute: Enabling an Instagram-like experience for Web3 - Florin Digital
• Blockchain x TEE: Why Various Forefront Projects are Adopting TEE - TOKI
• Why trusted execution environments will be integral to proof-of-stake blockchains
• Intel SGX Explained
• Demystifying SGX — Part 1 - Obscuro Labs
• 4 Ways to Compare Trusted Execution Environments and Zero-Knowledge Proofs

Technical Deep Dive Articles

• We call this kernel saunters: How Apple rearranged its XNU core with exclaves - The Register
• Building Secure Ethereum Blocks on Minimal Intel TDX Confidential VMs - Flashbots Collective
• TDX Security For BOB Searchers, Flashbots
• Sirrah: Speedrunning a TEE Coprocessor
• Nix + Bazel: Fully reproducible, incremental builds
• Early Thoughts on Decentralized Root-of-Trust - Flashbots Collective
• Drawbacks In FHE Blockchain And How TEE Can Help It - Flashbots Collective
• How Secret Network Uses SGX
• Trusted Execution Environments and the Polkadot Ecosystem
• Intel SGX and Blockchain: The iExec End-to-End Trusted Execution Solution
• Blockchains in Trusted Execution Environments (TEEs)
• Blockchains + TEEs Day 1 Summary
• Blockchains + TEEs Day 2 Summary

Research Papers

2024

• M. U. Sardar, A. Niemi, H. Tschofenig, and T. Fossati, "Towards Validation of TLS 1.3 Formal Model and Vulnerabilities in Intel's RA-TLS Protocol", 2024 - IEEE
• J. Zhu, H. Yin, P. Deng, and S. Zhou, "Confidential Computing on nVIDIA H100 GPU: A Performance Benchmark Study", 2024 - arXiv
• A. Sunny, N, Shrivastava, S. and R. Sarangi, "SecScale: A Scalable and Secure Trusted Execution Environment for Servers", 2024 - arXiv
• H. Eichner, D. Ramage, K. Bonawitz, D. Huba et. al., "Confidential Federated Computations", 2024 - arXiv
• X. Zhang, K. Qin, S. Qu, T. Wang, C. Zhang, and D. Gu "Teamwork Makes TEE Work: Open and Resilient Remote Attestation on Decentralized Trust", 2024 - arXiv

2023

• Y. Xian, L. Zhou, J. Jiang, B. Wang, H. Huo, and P. Liu, "A Distributed Efficient Blockchain Oracle Scheme for Internet of Things", 2023 - arXiv
• A. P. Kalapaaking, I. Khalil, M. S. Rahman, M. Atiquzzaman, X. Yi, and M. Almashor, "Blockchain-based Federated Learning with Secure Aggregation in Trusted Execution Environment for Internet-of-Things", 2023 - arXiv

2022

• M. Schneider, R.J. Masti, S. Shinde, S. Capkun, and R. Perez, "SoK: Hardware-supported Trusted Execution Environments", 2022 - arXiv
• R. Li, Q. Wang, Q. Wang, D. Galindo, and M. Ryan, "SoK: TEE-assisted Confidential Smart Contract", 2022 - arXiv
• E. Puschner, T. Moos, S. Becker, C. Kison, A. Moradi, C. Paar, "Red Team vs. Blue Team: A Real-World Hardware Trojan Detection Case Study Across Four Modern CMOS Technology Generations", 2022 - Cryptology ePrint Archive
• R. Karanjai, L. Xu, L. Chen, F. Zhang, Z. Gao, and W. Shi, "Lessons Learned from Blockchain Applications of Trusted Execution Environments and Implications for Future Research", 2022 - arXiv

2021

• C. Liu, H. Guo, M. Xu, S. Wang, D. Yu, J. Yu, and X. Cheng, "Extending On-chain Trust to Off-chain -- Trustworthy Blockchain Data Collection using Trusted Execution Environment (TEE)", 2021 - arXiv
• D. Natarajan, A. Loveless, W. Dai, and R. Dreslinski, “CHEX-MIX: Combining Homomorphic Encryption with Trusted Execution Environments for Two-party Oblivious Inference in the Cloud”, 2021. - Cryptology ePrint Archive

Pre-2020

• Z. Bao, Q. Wang, W. Shi, L. Wang, H. Lei, and B. Chen, "When Blockchain Meets SGX: An Overview, Challenges, and Open Issues", 2020 - IEEE
• R. Cheng, F. Zhang, J. Kos, W. He, N. Hynes, N. Johnson, A. Juels, and A. Miller, "Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts", 2019 - IEEE
• G. Kaptchuk, I. Miers, and M. Green, "Giving State to the Stateless: Augmenting Trustworthy Computation with Ledgers" , 2017 - Cryptology ePrint Archive
• J. Lind, O. Naor, I. Eyal, F. Kelbert, P. Pietzuch, and E. Gun Sirer, "Teechain: A Secure Payment Network with Asynchronous Blockchain Access", 2017. - arXiv

Videos

Conference Talks

• How to Win Friends and TEE-fluence People - Ethan Buchman, Modular Summit 2024
• The TEE Stack - Andrew Miller, Modular Summit 2024
• Private Smart Contracts are Worth the Price of the SGX - Andrew Miller, ETHDenver 2023
• Protected Order Flow for Fair Transaction-Ordering in a Profit-Seeking World - Kushal Babel, MEV-SBC 2023
• Enabling Cross Chain Transfers Using SGX - Michael Kaplan, Avalanche Summit 2022
• Trusted Execution Environments Meet the Blockchain - Ittay Eyal, Simons Institute 2019

Technical Presentations

• DEVMOS 2024: Dylan Kawalec (Osmosis), 'Building Decentralized Frontends', Modular Summit 2024
• What apps are unlocked by the TEE stack - Xinyuan Sun, Modular Summit 2024
• Parallelized Confidential Computing - Yannik Schrade, Fil Dev Summit 2024
• TEE for Blockchain Applications - Ari Juels, a16z crypto 2023
• SGX Panel 2023: Andrew Miller, Jonathan Passerat Palmbach, Phil Daian, Justin Drake

Workshops & Tutorials

• Phala Network: 'The Magic of TEEs' - Online Workshop on TEE Basics
• Blockchains + TEEs 2023: Day 1 - Kartik Nayan, Ittai Abraham, Aniket Kate
• Blockchains + TEEs 2023: Day 2 - Kartik Nayan, Ittai Abraham, Aniket Kate

Tweet threads

• @P3b7_, Donjon Ledger analysis of Trezor Safe 3
• @CP2426_, focEliza Verifiable Terminal Release
• @_markel___, Extraction of Intel SGX Fuse Key0
• @PratyushRT, Breakdown of the Intel SGX (TEE) breach
• @buchmanster, TEE, ZK, FHE and MPC
• @buchmanster, How you win friends and TEE-fluence people - Chapter 2
• @DistributedMarz, Flashwares Live Session

Code Repositories

Software related to TEEs in the context of blockchain, libraries, and example implementations.

Awesome Lists & General Resources

• bpradipt/awesome-confidential-computing - Collection of resources on Confidential Computing
• erayack/awesome-sgx-blockchain - Awesome SGX and TEE on Blockchain Resources
• sbellem/qtee - Exploring the physical limits of trusted hardware in the classical and quantum settings to achieve security through physics.
• orbstack/orbstack - Fast, light, simple Docker containers & Linux machines

Rust

• Dstack-TEE/dstack - Dstack is a developer friendly and security first SDK to simplify the deployment of arbitrary Docker-based apps into TEE.
• marlinprotocol/oyster-serverless - Oyster Serverless is a cutting-edge, high-performance serverless computing platform designed to securely execute JavaScript (JS) and WebAssembly (WASM) code in a highly controlled environment.
• Phala-Network/phala-blockchain - The Phala Network Blockchain, pRuntime and the bridge.
• kata-containers/kata-containers - Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs.
• taikoxyz/raiko - Multi-proofs for Taiko. SNARKS, STARKS and Trusted Execution Enclave.
• confidential-containers/guest-components - Confidential Containers Guest Tools and Components
• kinvolk/azure-cvm-tooling - Libraries and tools for Confidential Computing on Azure
• HyperEnclave/hyperenclave - An Open and Cross-platform Trusted Execution Environment.
• mobilecoinfoundation/mobilecoin - Private payments for mobile devices
• integritee-network/worker - Integritee off-chain worker and sidechain validateer
• capsule-corp-ternoa/ternoa-node - Ternoa's Node Implementation
• automata-network/automata - Automata Network is a modular attestation layer that extends machine trust to Ethereum with TEE Coprocessors.
• apache/incubator-teaclave - Apache Teaclave (incubating) is an open source universal secure computing platform, making computation on privacy-sensitive data safe and simple.
• scrtlabs/incubator-teaclave-sgx-sdk - Rust SGX SDK provides the ability to write Intel SGX applications in Rust Programming Language. Fork of apache/incubator-teaclave-sgx-sdk.

Go

• google/go-tpm-tools - Go packages built on go-tpm providing a high-level API for using TPMs
• google/go-sev-guest - go-sev-guest offers a library to wrap the /dev/sev-guest device in Linux, as well as a library for attestation verification of fundamental components of an attestation report.
• google/go-tdx-guest - go-tdx-guest offers a library to wrap the /dev/tdx-guest device in Linux, as well as a library for attestation verification of fundamental components of an attestation quote.
• matter-labs/vault-auth-tee - Hashicorp Vault plugin for authenticating Trusted Execution Environments (TEE) like SGX enclaves
• usbarmory/GoTEE - Go Trusted Execution Environment (TEE)
• iotexproject/w3bstream - An offchain computing layer for DePIN verifiable data computation, supporting a variety of validity proofs including Zero Knowledge (ZK), Trusted Execution Environments (TEE), and Multi-party Computation (MPC)
• oasisprotocol/oasis-core - Performant and Confidentiality-Preserving Smart Contracts + Blockchains
• hyperledger/fabric-private-chaincode - FPC enables Confidential Chaincode Execution for Hyperledger Fabric using Intel SGX.

CPP

• NixOS/nix - Nix, the purely functional package manager
• microsoft/azure-tee-attestation-samples - Trusted Execution Environment examples leveraging attestations on Azure
• lsds/Teechain - Teechain: A Secure Payment Network with Asynchronous Blockchain Access
• skalenetwork/sgxwallet - sgxwallet is the first-ever opensource high-performance hardware secure crypto wallet that is based on Intel SGX technology. First opensource product on Intel SGX whitelist. Scales to 100,000+ transactions per second. Currently supports ETH and SKALE, and will support BTC in the future. Sgxwallet is under heavy development and use by SKALE network.
• hyperledger-labs/private-data-objects - The Private Data Objects lab provides technology for confidentiality-preserving, off-chain smart contracts.

C

• iisec-suzaki/optee-ra - OP-TEE Remote Attestation
• pietroborrello/CustomProcessingUnit - The first analysis framework for CPU microcode
• deislabs/mystikos - Tools and runtime for launching unmodified container images in Trusted Execution Environments
• mofanv/PPFL - Privacy-preserving Federated Learning with Trusted Execution Environments
• inclavare-containers/inclavare-containers - A novel container runtime, aka confidential container, for cloud-native confidential computing and enclave runtime ecosystem.

Python

• ethernity-cloud/mvp-pox-node - Ethernity Cloud Node

TypeScript

• tkhq/sdk - Turnkey TypeScript SDK

Community & Events

Places to discuss, ask questions, and find events related to TEEs and Blockchain.

• Blockchains + TEEs Workshop - Academic workshop focused on the intersection of blockchains and TEEs.
• Confidential Computing Consortium - Linux Foundation project advancing confidential computing.
• Flashbots Collective Forum - Discussions often touch on TEE usage for MEV mitigation and block building.