Eigen Seminar: Read “Trusted Execution Environment” in 5 minutes (Beginners’ course)

“Technology changes life.” The talk is no more than a platitude. With the popularity of smart devices and mobile payment, you can cope with most payment scenarios with your phone.

Most stores in China support QR payment and public transits support NFC. People can even complete payment by scanning their faces!

Mobile phones carry more and more confidential information such as PIN codes, fingerprints, voiceprints, and faceprints. Almost all our biometrics are told to mobile phones.

So, is it really safe to store our information on smart devices?

Will someone steal money or engage in illegal activities by stealing my fingerprints and faceprint?

If you have watched Prison Break, maybe in one weekend many years ago, you must still remember this picture: Mike tattooed other people’s faces on his hands and sneaked into each other’s secret computer room to steal documents.

Of course, the current facial-recognition scanner will not let you pass off the sham as genuine like this. But although the present technology is relatively mature, there are many information leakage and theft cases.

So today I will come to give you a clear picture of how we store our confidential information? And is it safe?

Next, let’s welcome the protagonist of this article — TEE (trusted execution environment).

The article will start from a story of Land Country instead of technology to help you understand easily.

A small island country in the Western Pacific is far away from other territories, and its overall economic level is relatively backward, but it is rich in natural resources. Its people live and work in peace and contentment. There is no riot, so there are almost no security personnel.

However, with the process of global internationalization, more and more islanders want to go out and have a look. At the same time, some explorers from other countries came to the island to look for opportunities to make a fortune.

Three Checkpoints

Due to the lack of experience in border control in island countries, personnel access inspection is not systematic. In recent years, domestic financial cases have occurred frequently. After thorough investigation, the king found that most of them were the evil acts of overseas personnel after they came here. They either did business and deceived users with counterfeit money or engaged in some tricks to defraud money, which significantly reduced the happiness of island residents. Therefore, the king decided to suspend the entry of personnel from other countries and formulated a set of border control security plans with the public security department: all inbound people need to pass three checkpoints before they can enter the country.

  1. National ID card
  2. Proof of possession of family members on the island
  3. Be able to answer three questions continuously in the local dialect

Within one month after the implementation of the new scheme, it has indeed achieved good results, and the number of bad events has not continued to increase. However, with the passage of time, the public security department found that some overseas personnel muddled through by forging ID cards and letting friends who had previously entered the island country pretend to be relatives; There are also some local residents who cannot return home due to the loss of their ID cards after going abroad. Domestic financial cases began to increase gradually.

Edge control security upgrade scheme

Therefore, the Security Department discussed with the king again and formulated a set of “border control security upgrading plan”. This plan is led by a “security commander” and a number of “security administrators” to form a “island financial security team”.

Out of absolute trust, the king appointed his son as commander. At the same time, the Administrator certification is not simple. It needs a lot of rigorous examination. Only after passing the examination can we obtain a customized “administrator Medal”. In order to ensure that the border control team is always absolutely credible and correct, the commander will require the team to be isolated from the external environment, so as to prevent security officers from being bribed or bad people from sneaking in.

In addition to team upgrading, the management scheme has also changed greatly. The previous “three checkpoints” mode is no longer used for personnel inspection, but an all-round security inspection is conducted on the transaction scenario:

  1. For important or large transactions, the security officer supervises and verifies the currency on the spot.
  2. A new set of “Island Resident Information System” is installed, which requires entering the administrator password before activating. Use the system self-checker to see how the system works. The security officer verifies the resident identity at any time.
  3. The security officer will ensure that the transaction is complete and that the money and goods of both parties must be in place once the transaction is completed.

For example, if Mr. Smith intends to purchase real estate, he can call a security officer to witness the transaction on the spot to ensure that the money and goods are correct.

If Mr. Wall considers making a loan and doing business, he can also call the security officer to check whether the report and money have been tampered with when you submit a personal credit investigation report to withdraw money.

After the whole checkpoints, the domestic financial cases decreased, national happiness picked up. Furthermore, the financial security team is constantly optimizing the management plan.

Back to Reality

After reading the above story about security governance, let’s take a look at the corresponding relationship between the elements in the story and the real world:

  • Island=REE(Rich Execution Environment), normal world
  • Financial security task force=TEE, secure world
  • Islanders= common applications
  • Overseas personnel= applications with speculative purpose or doing evil
  • Island resident information system=reliable application
  • Three checkpoints= firewall
  • Security commander= trusted root
  • Security administrator = trust chain

Now, it is easier for us to understand the several characteristics of TEE.

As an area on the CPU, TEE provides a more secure space for the execution of data and code and ensures confidentiality and integrity.

  • Confidentiality: TEE provides an environment isolated from REE, like the Islands Financial Security Task Force, to store user-sensitive information (only the Task Force has access to resident identity card information). TEE can obtain REE information directly, while REE does not obtain TEE information at will.
  • Integrity: An application running on a TEE is called a Trusted Application (TA), which requires integrity verification, like a self-checking procedure for residential information systems, before execution to ensure that the application is not tampered with.

Take WeChat fingerprint payment as an example. When you click on the “use face” button on the payment interface, WeChat signals to the system, “I apply for face comparison.” Then the face recognition system calls the camera to scan your face information. The newly scanned face information is transmitted to TEE through the “secure channel” for comparison with the original record. Then output the comparison result and send it back to WeChat.

TEE & Blockchain

There are three characteristics about the blockchain: 1) Decentralized; 2) Powerful Census; 3) Tamper-resistant.

Disadvantages go hand in hand with characteristics:1)Satoshi Has No Clothes;2)Irreparable after the evil node uplink(e.g.ETH hard Fork issue)

TEE can better help the blockchain improve security, performance and privacy.

  • Higher security. Most of the public chain projects cannot guarantee the security of each node’s running environment, so a large number of nodes need to reach a consensus to improve the security. However, the number of nodes is obviously inversely proportional to the performance, bringing serious performance bottlenecks to the public chain. The trusted environment provided by TEE ensures that the code running in the machine is not tampered with, can run in the way specified by the intelligent contract, and contract execution is easy to prove, thus providing security for the entire network;
  • Better performance. The code in the TEE will not be tampered with and executed as expected, the blockchain can move part of the calculation to the TEE environment to execute, while the other nodes only need to verify the proof of contract execution, which reduces the cost of global consensus and increases the performance of the blockchain;
  • More thorough privacy protection. TEE provides an end-to-end privacy protection and can only be seen by users themselves, from data to calculation results.

Eigen Network is an end-to-end privacy-preserving computing network created by the combination of blockchains and TEE technology.

Each TEE device that has been officially certified by Eigen will become an Eigen Node by connecting to the Eigen network. Hundreds of Eigen Nodes are linked together as Eigen Privacy-preserving computing networks.

Secret protection of blockchains necessarily requires cryptography, and complex cryptographic operations result in enormous gas consumption, making the ETH network more congested now.

The Eigen team used the TEE, Verifiable Claims, and DAG Calculations Diagram to release complex weight operations onto each Eigen Node. TEE guarantees the integrity of each execution process, DAG guarantees the integrity of the entire computing logic, thus improving the efficiency of cryptographic-related computing, and completes the privacy protection of all execution processes of intelligent contracts on the chain.

Important information such as faces and fingerprints should only exist in our accounts, and should not be included in any external face database. Imagine that in the future, all external cameras in the world of web3.0 will only have the right to “compare results”, and will not be able to collect, save or even analyze any personal information. Our personal information will no longer leak.

Eigen — Your private information Safe Deposit Box.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store