The Application and Prospects of TEE Technology in Web3

Since the birth of Bitcoin and Ethereum, the cryptocurrency industry has been facing the challenge of the "impossible triangle", where trustlessness, high efficiency, and universality cannot be achieved simultaneously. Although solutions such as payment channels, Rollups, and modular blockchains have emerged, they are all difficult to be fully universal. For specific scenarios such as customized programmable signatures, it is still necessary to introduce other technologies.

With the development of the industry, Trusted Execution Environment ( TEE ) is gradually integrating into the Web3 ecosystem. By providing hardware-level data isolation and integrity, TEE brings new possibilities to cryptocurrency applications while ensuring security. This article will explore the application of TEE in Web3, revealing its potential and new scenarios that may emerge in the future. TEE is expected to reshape the blockchain industry, playing an important role in areas such as MEV, expansion of underlying public chain performance, and trustless signatures, and occupying a place in scenarios that require privacy protection.

The Concept and Characteristics of TEE

TEE is a secure area isolated within a processor or a data center, where programs can be executed without interference from other programs, including the operating system. TEE ensures that external entities cannot observe or access its internal data through special hardware, possessing two main characteristics: security and integrity.

Security ensures that even the host operating system or cloud service provider running the TEE cannot see the sensitive data within the TEE. Integrity guarantees that the code running in the TEE executes entirely according to pre-programmed logic, with no possibility of external manipulation. TEE hardware provides the hash value and signature of the internally executed code for verification.

The TEE has a root key used for generating signatures. The key generation methods include "key injection" and internal random number generation. The latter is more advanced and ensures that no external party, including the chip manufacturer, can know the key content.

Through the remote attestation ( Remote Attestation ) process, users can verify whether the program executed within the TEE is consistent with the publicly available source code. Nevertheless, programs using the TEE still need to trust the hardware vendors, such as Intel, AMD, and ARM.

TEE Application Cases in Web3

TEE-Boost: Decentralized Block Construction

TEE-Boost aims to address the issue of high centralization of Relay services in Ethereum's MEV-Boost. In the traditional MEV-Boost process, Relays act as intermediaries, collecting blocks submitted by Builders and selecting the block with the highest tip to send to validators. However, currently, several major Relay service providers almost monopolize the entire MEV market, posing potential risks of malfeasance.

TEE-Boost eliminates the trust assumptions on the Relay by leveraging TEE, while retaining the security guarantees of the MEV-Boost architecture. It removes the Relay role, allowing Builders to run code directly in the TEE, and proves the validity of the generated blocks through remote verification. Validators can directly interface with multiple Builders, choose the block header with the highest tip, and sign it, after which the Builder presents the complete block content.

Rollup-Boost: Layer2 scaling solution

Rollup-Boost is a Rollup construction solution developed by Flashbot in collaboration with Uniswap Labs and OP Labs, currently applied in Unichain. It implements two scalability modules:

1. 250ms confirmation "Flashblocks": provides ultra-fast transaction confirmation.
2. Verifiable priority ordering: Strictly prioritize transactions based on the paid priority fees, allowing smart contracts to reclaim a portion of the MEV profits.

The core of Flashblocks is to package transactions within the TEE and broadcast block fragments, allowing validators to collect multiple fragments and package them into a complete block. This improves bandwidth utilization and accelerates transaction confirmation speed. Since block fragments are generated within the TEE, validators can save the workload of verifying block data.

Verifiable priority ordering uses TEE to provide trusted transaction sorting results, preventing block producers from manually adjusting the order of transactions.

DeepSafe: Trustless Threshold Signature Scheme

DeepSafe introduces TEE and ZK technologies, developing a full-process confidential lottery + signature scheme called CRVA (Cryptographic Random AI Verification Network). CRVA randomly selects verification nodes through a lottery algorithm, verifies the validity of messages, and generates threshold signatures.

CRVA uses TEE and ZK to hide the identity of validators, preventing internal collusion and hacking attacks. Its workflow includes:

1. The core module of the node runs in TEE, leaving a permanent public key on the public chain.
2. The node generates a temporary public key and ZK Proof in the TEE, proving the association with the permanent public key without revealing the specific correspondence.
3. The node's encrypted temporary public key, sent to the Relayer along with the ZKP.
4. The relayer decrypts the temporary public key set within the TEE and submits it on-chain for random selection.
5. The selected nodes participate in message verification and signing.
6. Use on-chain remote attestation to ensure that the computation process strictly takes place within the TEE.

The core of the CRVA scheme is to encapsulate important activities within the TEE, with the outside world only able to see the encrypted ciphertext. This fundamentally prevents collusion and external attacks, and can be applied in various scenarios such as multi-signature wallets, asset custody, cross-chain bridges, oracles, etc.

Future Applications of TEE

TEE coprocessor

TEE coprocessors use verifiable off-chain computation to replace the costly on-chain computation. Complex calculations, data processing, and algorithmic operations can be executed within the TEE, with results verified on-chain through cryptographic proofs. This provides low-cost and privacy-preserving computational capabilities for smart contracts within the EVM ecosystem.

Application cases include:

• Provide complex algorithm support for AMM contracts
• Allow smart contracts to control social media accounts (such as the Teleport project)
• TEE-based AI oracle that calls LLM to retrieve external data and output conclusions of events.

Encrypted Memory Pool and Privacy Transactions

The encrypted memory pool built on TEE ensures that transactions remain highly confidential throughout their entire lifecycle. Users submit encrypted transactions to the TEE sorter, and the entire process of decryption, sorting, and execution takes place within the TEE, remaining invisible to the outside. Finally, only the latest state changes after execution are published to the blockchain.

TEE multi-proof system

TEE can act as a prover for Rollup, serving as a technical complement to ZK and OP. Projects such as Scroll and Taiko have adopted TEE provers, which are more efficient and faster than ZK, and also facilitate iteration.

Conclusion

TEE represents an important technological development in the blockchain field, providing a feasible way to resolve the conflicts between performance, privacy, and decentralization. Through hardware-based isolation and integrity guarantees, TEE can support new categories of applications while maintaining the trust-minimized characteristics of blockchain systems.

From the decentralized block construction of MEV-Boost to the performance enhancement of Rollup-Boost, and then to the advanced security mechanisms of DeepSafe, TEE technology demonstrates immense transformative potential. These applications prove that TEE can deliver tangible benefits while laying the groundwork for more ambitious applications in the future.

The future of blockchain infrastructure may involve a complex combination of various technologies, each optimized for specific use cases and security requirements. TEE will play a key role in this multifaceted ecosystem, providing the performance and functionality needed to drive blockchain applications towards mainstream adoption, while retaining their decentralized and trustless characteristics.