Why is everyone suddenly talking about TEEs?
Crypto sure loves its acronyms. If you entered the industry early enough, you’d recall learning about PoW vs. PoS, and if you ventured further, you’re also familiar with BFT. In the last cycle, it was all about ZKP, and then FHE entered the room. In between, we also talked about MPC, not to be confused with NPC, but we quickly realized that it didn’t have the trust guarantees many of us wanted and was expensive.
Even though we still lack real implementations of FHE and MPC remains niche in crypto, we’ve moved on to the next three-letter acronym: TEE.
If you go on X, or watch talks from the latest crypto conferences, everyone is trying their best to come up with witty titles for their talks, such as “How to win friends and TEEfluence people” - this is a Carniege reference, in case you weren’t aware - when “TEEnage dream” was right there or you could have ripped off the French Revolution’s call for LiberTee, EgaliTee…
Anyway, where there is smoke, there is fire. The only question is: how big is that fire, and why is it there in the first place? Why does everyone talk about TEEs as if they were a panacea for all of crypto’s problems?
The best place to start in addressing that question is:
What are TEEs?
Just like ZKPs or MPC, TEEs are not a crypto-native invention. Instead, they’ve been around for a few decades, and if you have a smartphone, you’ve unknowingly used TEEs. TEE is short for Trusted Execution Environment and describes an environment in which a program can be run with special, powerful protection.
This sort of environment is also often referred to as an enclave. TEEs exist as a set of instructions on hardware or can live in the Cloud. They offer a secure area of the main processor that guarantees that code and data run inside are protected and kept confidential while ensuring their integrity.
TEEs are an isolated spot that no one can mess with, not even the host of the TEE itself. Hence, their appeal to crypto people. Imagine being able to put a TEE on your enemy’s blockchain node, and you still don’t have to worry about the integrity of the computation.
A good mental model to apply to TEEs is that of a trusted third party, which runs arbitrary computation for you in an inexpensive way. The opposite of a blockchain, which makes running computing very expensive.
In addition to offering a magic box that adds privacy to whatever you put in, TEEs can also offer attestations to prove to any party that a program is running, allowing users to know exactly what they are interacting with.
In short, TEEs make everything better.
Understood, but surely there is some downside?
Well, if you are very web3 native, you’ll be unhappy to hear that TEEs are all manufactured by large chip manufacturers and open source is still trying to catch up.
Currently, the largest in the TEE market is Intel—the same Intel that just announced the layoff of 15,000 employees, and it’s not because they are being replaced with AI. Rather a realization that the market has become a bit of a bubble.
Still, for now, their TEE business is going okay. Their TEEs run as instruction codes available on existing hardware alongside encrypted memory. Others in the TEE market include AWS with their AWS Nitro cloud product, ARM TrustZone, mostly in mobile devices, and AMD.
Even if TEEs don’t take off in crypto, they already enjoy widespread adoption in traditional IT infrastructure, from use in financial systems to authentication and digital rights management.
So, we’re supposed to trust that intel?
Ironic, isn’t it? But in a sense, we already trust AWS that they won’t rug Ethereum, so how big of a deal is it to add to the cognitive dissonance?
Fortunately, though, using a TEE does not imply trusting intel. And although there is a crop of crypto people hating on TEEs because of a supposed centralized entity controlling them and the existence of bugs, one should take a more nuanced approach.
“TEEs are extremely cheap and extremely fast, but they don’t have the sex appeal for some reason. We’re trying to change that.” - David Atterman, M31 Capital
For one, intel can’t really control the TEE, which is kind of their point. They cannot censor your applications as they have no way of knowing what you attest to (remember, the compute is in the box, sealed off from outsiders).
To prevent the risk of physical access to the machine, it helps to run them in multiple locations and to prevent the potentially devastating side-channel attacks; there’s actually some neat workaround running light clients inside of enclaves to ensure the integrity of activities inside of it.
And it gets better, you can also combine TEEs with ZKPs to get privacy and reduce the dependency on the TEE alone for correctness.
TEEs are great, I get it. But why is everyone talking about them now?
Well, for one, every cycle needs its new acronym. Add to that the ability of TEEs to provide privacy without being overly expensive, and you get a few interesting use cases. TEEs are like ZKPs but already production-ready and well-established.
It’s practical, widely accessible, and allows for prototyping while we figure out how to make the other technologies (MPC and FHE) good enough for wide-scale use.
A few potential use cases are:
- Managing Decentralized Identities with TEEs
- Creating private mempools or dark pools inside of TEEs
- Using TEEs and ZK prover in combination with 2-FA for rollups enhancing integrity and privacy
- Running block builders inside of TEEs (this warrants a whole separate post to cover)
And then there’s decentralized AI, the other hot topic du jour. Centralized AI is coming increasingly under scrutiny for its questionable practices of using other people’s content without their consent to train models (OpenAi is guilty of this, and so is Nvidia). Even Elon Musk, not really a man of the common people, is now alleging that OpenAI is up to no good. Well, whoever sits in the glass house probably shouldn’t throw stones…
What all of these issues with current AI monopolies fuel, though, are the aspirations of teams building solutions that distribute power while training their models on data that retains its privacy and pays data owners.
The reason AI companies try to get as much data as possible, even if it means spinning up new servers to bypass scraping blockers of YouTube and Netflix, is that any model is only as good as the data it’s trained on.
Decentralized AI promises to create collaborative environments where access to sensitive data is limited. Blockchains are used only to verify computation but not for the actual computation. TEEs offer an attractive solution to provide security for sensitive AI computation, throughout which data remains encrypted and protected.
This means data owners could share private data without the risk of loss of confidentiality or ownership. TEEs make the system even more trustless, especially when run in combination with ZK proofs and blockchain.
TEEs add a spark of magic by bringing privacy and integrity to arbitrary compute. No wonder everyone is talking about them in crypto.
“Any sufficiently advanced technology is indistinguishable from magic.” Arthur C. Clarke
At SQD, TEEs are part of our game plan and are scheduled to be released at the end of 2024. They will allow the network to retrieve data through TEEs. We’ll share more details on implementation as we get closer to pushing it live.
In the meantime, stay tuned by following us on X.