Replies: 3 comments 4 replies
-
maybe we could consider this: https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html |
Beta Was this translation helpful? Give feedback.
-
It sounds like the point of using TEE is to process unencrypted ballots within a secure area, so this mechanism ensures the operator cannot read the plain ballot data.
I think this is a critical point, and it seems a bit tricky to prove. It should be able to distinguish whether the output was actually computed inside the TEE, rather than externally using the same cryptographic keys or methods. |
Beta Was this translation helpful? Give feedback.
-
I think this apporoach seems like it's shifting the trust assumptions from the coordinator to the TEE vendor, because the security features of the TEE are neutralized if the TEE vendor retains the private keys during the provisioning stage |
Beta Was this translation helpful? Give feedback.
-
Recently, while discussing potential ways of removing the role of a coordinator in MACI, or at least how to make it more permissionless and trusted, the topic of trusted execution environments came up.
A trusted execution environment (TEE) is a secure area within a main processor. It guarantees that the code and data loaded inside the TEE are protected with respect to confidentiality and integrity. A TEE provides a level of security by ensuring that the code and data inside the TEE cannot be tampered with by the normal operating system, and it can securely host applications and their data. (thx Chat GPT).
I am just reading now of how TEE work, so disclaimer that some of the facts below might very well be wrong, and I do encourage any pushback + suggestions on how this would work.
Advantages
Drawbacks
How do I think this would work
Maci.deployPoll(args)
) with the k1pk (pub key) of the coordinatorBeta Was this translation helpful? Give feedback.
All reactions