Read this somewhere on CT (cryptoTwitter) recently:
ZK proves what happened.
FHE computes without seeing.
MPC shares without trusting.
TEE enclaves without revealing.
IO verifies without bias.
…different answers to the same question, how do we best preserve data/truth without surrendering secrets
As usual there ensued a war of words if TEEs (Trusted Execution Environments) deserve a mention in the hallowed halls of blockchain security as the cryptographic proof is hardware-based and breakable. The very name "trusted execution environment" contains assumption of architectural integrity and vulnerabilities run amok if the environment becomes untrusted.
The recent physical attacks - Battering RAM and Wiretap had successfully compromised Intel SGX and AMD SEV-SNP protections.
Blockchain protocols that use TEEs in their build-up became fair game for harsh criticism and open ridicule as the researchers published proof of breaking TEE security, thereby posing this critical question - can TEEs be really trusted as a cryptographic black box?
While Phala, Secret, Crust, and IntegriTEE were forced to drum up emergency updates to their secure enclaves, one network stood tall and strong amidst the mayhem - Oasis.
Technical Background
To understand how Oasis remains secure and operational with zero impact, it is important to understand the exploits tested by the researchers.
Deterministic encryption in Intel's Scalable SGX and AMD SEV-SNP was targeted to extract attestation keys and bypass security guarantees. It demonstrated how attackers can hijack full access to encrypted smart contract data and cluster keys across affected networks.
This threat model is irrelevant to Oasis as its architecture pre-emptively operates on Intel SGX v1 technology utilizing fundamentally different memory encryption design that is unaffected by the recent attacks and suggested attack scenarios. It is ensured that the critical infrastructure, Oasis key manager and Sapphire confidential runtime, is designed so that not all nodes require constant access to all keys, even when running in TEEs.
Let's now take a look at the core design of Oasis architecture.
This is achieved by the two-pronged modular approach where the consensus and execution components are structured as separate layers.
- The consensus layer is a scalable, high-throughput, secure, proof-of-stake consensus run by a decentralized set of validator nodes.
- The execution layer hosts many parallel runtimes (ParaTimes), each representing a replicated compute environment with shared state.
Anyone can check out Oasis security architecture here.
Defense in Depth
Long before the recent attacks exposed TEE vulnerabilities, Oasis has been talking about how they handle privacy and security. Simply put, Oasis combines TEEs and strong cryptographic protocols such as light client verification, VRFs, MPC protocols and distributed consensus to achieve robust, efficient confidentiality across the network.
This layered approach is what Oasis calls "defense-in-depth". Here are the three pillars of protection that exist entirely outside the TEE:
On-chain governance: Oasis has two paratimes that function as confidential computation runtimes - the Solidity-based Sapphire and the Rust-based Cipher. To be part of the key manager committee, participants need to be validators mandatorily with at least 5m staked ROSE - no exception and no bypassing the rule. So, even if some random attacker manages to compromise the TEE hardware and possess attestation keys, they must get on-chain governance approval without which they cannot proceed any further.
Ephemeral keys: This is a unique feature of Oasis where transaction encryption uses ephemeral keys that rotate each epoch. So, all past transactions remain protected immutably because those keys are securely erased and no longer exist.
Adaptive security policy: At the earliest detection of vulnerabilities at the hardware level, the network deploys and enforces rapid response while maintaining a dynamic CPU blacklist system. Moreover, Oasis has also implemented additional governance requirements for committee membership to mitigate any potential fallouts from the attacks.
What all this signifies is that even the node operators running the confidential runtimes cannot see contract storage. So, Sapphire and Cipher can hold secrets managed inside a TEE and only properly attested enclaves may access them. In other words, the consensus layer represents a root of trust of the entire system as it stores the canonical state of all the runtimes.
Parting Shot at TEE Detractors
Oasis confidence in its protocol security, while using TEEs as its preferred privacy-preserving technique, did raise some eyebrows initially. The network does not ask you to trust blindly, but verify. So, a security challenge has been launched to demonstrate confidence in the TEE-based confidential EVM, Sapphire, and it will run through the rest of 2025.
Anyone who can hack the Sapphire smart contract holding 1 Bitcoin (wBTC) by breaking the TEE and extracting the key, can keep it. This is an open challenge and not like traditional bug bounties with reporting and triage processes. The proof of funds is here and technical details, rules and parameters for the challenge can be found here.
Turnabout is fair play as the network asks you to prove its claim that its TEEs are unbreakable, wrong.
In conclusion, it is noted that all unsubstantiated chatters about TEEs being broken and unworthy have died down, and the digital sanctum is secure and all is right.
Resources for further study:
Top comments (1)
The article does a great job explaining how TEEs act as secure digital sanctums, protecting sensitive computations even in untrusted environments essential insights for anyone working on secure decentralized systems.