Awesome TEE Blockchain

A curated list of resources for learning about Trusted Execution Environments (TEEs) in the context of blockchains. This list includes articles, research papers, tweet threads, code repositories, videos, and more.

What are TEEs?

A Trusted Execution Environment (TEE) is a secure, isolated area within a device or network designed to protect sensitive data and code during execution. It's like a secure vault within your processor that:

• Provides Isolation: Creates a protected space where sensitive code runs separately from the main system
• Ensures Privacy: Keeps both code and data confidential during processing
• Prevents Tampering: Maintains security even if the main system is compromised
• Proves Execution: Generates cryptographic proofs that verify the code ran correctly
• Enables Trust: Allows remote parties to verify computational integrity

A rough analogy is to think of it as a secure room with unbreakable walls, where computations happen privately and everyone can verify the results without seeing inside.

Table of Contents

1. Cloud Providers
   • Google Cloud
   • Microsoft Azure
   • Amazon AWS
2. Hardware
   • Intel
   • AMD
   • NVIDIA
   • ARM
3. Applications in Blockchain
   • AI
   • Block Building
   • Bridging
   • Asset Management
   • General Compute
   • Privacy
   • Rollups
4. Code Repositories
   • General
   • Rust
   • Go
   • C++
   • C
   • Python
   • TypeScript
5. Research Papers
   • 2024
   • 2023
   • 2022
   • 2021
   • Pre-2020
6. Articles
   • Introductory & Overview
   • Hardware Implementations
   • Block Building and MEV
   • Development and Security
   • Privacy & ZK Comparisons
   • Ecosystem & Implementation Examples
   • Conference & Event Summaries
7. Videos
   • Conference Talks
   • Technical Presentations
   • Workshops and Tutorials
8. Tweet Threads

Cloud Providers

Google Cloud

• Confidential Accelerator for AI workloads - Supports Intel TDX with Intel AMX, and NVIDIA H100 GPUs.
• Confidential VMs - Supports AMD SEV, AMD SEV-SNP, and Intel TDX.
• Confidential Space - Supports trust model where the workload author, workload operator, and resource owners are separate, mutually distrusting parties.
• Confidential VM attestation - Attestation support for AMD SEV (vTPM), AMD SEV-SNP (vTPM and TSM), and Intel TDX (vTPM and TSM).

Microsoft Azure

• Azure Confidential VM

Amazon AWS

• Nitro
• Nitro Enclaves

Hardware

Intel

• Advanced Matrix Extensions (AMX) - Accelerator to improve the performance of deep-learning training and inference on the CPU
• Trust Domain Extensions (TDX) - Latest Hardware-based TEE architecture from Intel
• Software Guard Extensions (SGX) - Protects data actively being used in the processor and memory by creating a TEE

AMD

• Secure Encrypted Virtualization-Trusted I/O (SEV-TIO) - Improved I/O performance and security in AMD SEV-SNP guests
• Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) - Expands on SEV, adds memory integrity protection to help prevent malicious hypervisor-based attacks
• Secure Encrypted Virtualization (SEV) - Hardware-based memory encryption through the AMD Secure Processor

NVIDIA

• H100 TensorCore GPU - Hardware-based trusted execution environment with NVIDIA Hopper and NVIDIA Blackwell architecture support
• Hopper Architecture - Accelerated computing platform for AI
• Blackwell Architecture - Latest HW generation with accelerated computing and generative AI optimizations

ARM

• Confidential Compute Architecture (CCA) - Under development. Key component of the Armv9-A architecture
• TrustZone - Isolates critical security firmware, assets and private information for Armv8-M based devices

Applications in Blockchain

AI

• TEE plugin for ELIZA (using dstack from Phala)

Block Building

• Unichain
• The Future of MEV is SUAVE
• Block Building inside SGX
• Running Geth within SGX: Our Experience, Learnings and Code
• SGX-Based Backrunning and Covert Channels
• MEV-SGX - A sealed bid MEV auction design

Bridging

• Avalanche Bridge - Website, ava-labs GitHub

Asset Management

• Turnkey - Website, tkhq GitHub
• Fireblocks - Website, fireblocks GitHub
• Cycles Money - Website
• Solana Saga Seed Vault - Website, solana-mobile GitHub

General Compute

• Marlin Protocol - Website, marlinprotocol GitHub
• Phala Network - Website, Phala-Network GitHub
• Automata Network - Website, automata-network GitHub

Privacy

• Oasis Protocol - Website, oasisprotocol GitHub
• Secret Network - Website, scrtlabs GitHub
• Enclave Markets - Website

Rollups

• Taiko - Website, taikoxyz GitHub
• Unichain - Website

Code Repositories

General

• sbellem/qtee - Exploring the physical limits of trusted hardware in the classical and quantum settings to achieve security through physics.
• orbstack/orbstack - Fast, light, simple Docker containers & Linux machines
• bpradipt/awesome-confidential-computing - Collection of resources on Confidential Computing
• erayack/awesome-sgx-blockchain - Awesome SGX and TEE on Blockchain Resources

Rust

• Dstack-TEE/dstack - Dstack is a developer friendly and security first SDK to simplify the deployment of arbitrary Docker-based apps into TEE.
• marlinprotocol/oyster-serverless - Oyster Serverless is a cutting-edge, high-performance serverless computing platform designed to securely execute JavaScript (JS) and WebAssembly (WASM) code in a highly controlled environment.
• Phala-Network/phala-blockchain - The Phala Network Blockchain, pRuntime and the bridge.
• kata-containers/kata-containers - Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs.
• taikoxyz/raiko - Multi-proofs for Taiko. SNARKS, STARKS and Trusted Execution Enclave.
• confidential-containers/guest-components - Confidential Containers Guest Tools and Components
• kinvolk/azure-cvm-tooling - Libraries and tools for Confidential Computing on Azure
• HyperEnclave/hyperenclave - An Open and Cross-platform Trusted Execution Environment.
• mobilecoinfoundation/mobilecoin - Private payments for mobile devices
• integritee-network/worker - Integritee off-chain worker and sidechain validateer
• capsule-corp-ternoa/ternoa-node - Ternoa's Node Implementation
• automata-network/automata - Automata Network is a modular attestation layer that extends machine trust to Ethereum with TEE Coprocessors.
• apache/incubator-teaclave-sgx-sdk - Apache Teaclave (incubating) SGX SDK helps developers to write Intel SGX applications in the Rust programming language, and also known as Rust SGX SDK.
• apache/incubator-teaclave - Apache Teaclave (incubating) is an open source universal secure computing platform, making computation on privacy-sensitive data safe and simple.
• scrtlabs/incubator-teaclave-sgx-sdk - Rust SGX SDK provides the ability to write Intel SGX applications in Rust Programming Language. Fork of apache/incubator-teaclave-sgx-sdk.

Go

• google/go-tpm-tools - Go packages built on go-tpm providing a high-level API for using TPMs
• google/go-sev-guest - go-sev-guest offers a library to wrap the /dev/sev-guest device in Linux, as well as a library for attestation verification of fundamental components of an attestation report.
• google/go-tdx-guest - go-tdx-guest offers a library to wrap the /dev/tdx-guest device in Linux, as well as a library for attestation verification of fundamental components of an attestation quote.
• matter-labs/vault-auth-tee - Hashicorp Vault plugin for authenticating Trusted Execution Environments (TEE) like SGX enclaves
• usbarmory/GoTEE - Go Trusted Execution Environment (TEE)
• iotexproject/w3bstream - An offchain computing layer for DePIN verifiable data computation, supporting a variety of validity proofs including Zero Knowledge (ZK), Trusted Execution Environments (TEE), and Multi-party Computation (MPC)
• oasisprotocol/oasis-core - Performant and Confidentiality-Preserving Smart Contracts + Blockchains
• hyperledger/fabric-private-chaincode - FPC enables Confidential Chaincode Execution for Hyperledger Fabric using Intel SGX.

CPP

• NixOS/nix - Nix, the purely functional package manager
• microsoft/azure-tee-attestation-samples - Trusted Execution Environment examples leveraging attestations on Azure
• intel/linux-sgx - Intel SGX for Linux
• lsds/Teechain - Teechain: A Secure Payment Network with Asynchronous Blockchain Access
• skalenetwork/sgxwallet - sgxwallet is the first-ever opensource high-performance hardware secure crypto wallet that is based on Intel SGX technology. First opensource product on Intel SGX whitelist. Scales to 100,000+ transactions per second. Currently supports ETH and SKALE, and will support BTC in the future. Sgxwallet is under heavy development and use by SKALE network.
• hyperledger-labs/private-data-objects - The Private Data Objects lab provides technology for confidentiality-preserving, off-chain smart contracts.

C

• iisec-suzaki/optee-ra - OP-TEE Remote Attestation
• pietroborrello/CustomProcessingUnit - The first analysis framework for CPU microcode
• openenclave/openenclave - SDK for developing enclaves
• deislabs/mystikos - Tools and runtime for launching unmodified container images in Trusted Execution Environments
• openenclave/openenclave - SDK for developing enclaves
• mofanv/PPFL - Privacy-preserving Federated Learning with Trusted Execution Environments
• inclavare-containers/inclavare-containers - A novel container runtime, aka confidential container, for cloud-native confidential computing and enclave runtime ecosystem.

Python

• ethernity-cloud/mvp-pox-node - Ethernity Cloud Node

TypeScript

• tkhq/sdk - Turnkey TypeScript SDK

Research Papers

2024

• M. U. Sardar, A. Niemi, H. Tschofenig, and T. Fossati, "Towards Validation of TLS 1.3 Formal Model and Vulnerabilities in Intel's RA-TLS Protocol", 2024 - IEEE
• J. Zhu, H. Yin, P. Deng, and S. Zhou, "Confidential Computing on nVIDIA H100 GPU: A Performance Benchmark Study", 2024 - arXiv
• A. Sunny, N, Shrivastava, S. and R. Sarangi, "SecScale: A Scalable and Secure Trusted Execution Environment for Servers", 2024 - arXiv
• H. Eichner, D. Ramage, K. Bonawitz, D. Huba et. al., "Confidential Federated Computations", 2024 - arXiv
• X. Zhang, K. Qin, S. Qu, T. Wang, C. Zhang, and D. Gu "Teamwork Makes TEE Work: Open and Resilient Remote Attestation on Decentralized Trust", 2024 - arXiv

2023

• Y. Xian, L. Zhou, J. Jiang, B. Wang, H. Huo, and P. Liu, "A Distributed Efficient Blockchain Oracle Scheme for Internet of Things", 2023 - arXiv
• A. P. Kalapaaking, I. Khalil, M. S. Rahman, M. Atiquzzaman, X. Yi, and M. Almashor, "Blockchain-based Federated Learning with Secure Aggregation in Trusted Execution Environment for Internet-of-Things", 2023 - arXiv

2022

• M. Schneider, R.J. Masti, S. Shinde, S. Capkun, and R. Perez, "SoK: Hardware-supported Trusted Execution Environments", 2022 - arXiv
• R. Li, Q. Wang, Q. Wang, D. Galindo, and M. Ryan, "SoK: TEE-assisted Confidential Smart Contract", 2022 - arXiv
• E. Puschner, T. Moos, S. Becker, C. Kison, A. Moradi, C. Paar, "Red Team vs. Blue Team: A Real-World Hardware Trojan Detection Case Study Across Four Modern CMOS Technology Generations", 2022 - Cryptology ePrint Archive
• R. Karanjai, L. Xu, L. Chen, F. Zhang, Z. Gao, and W. Shi, "Lessons Learned from Blockchain Applications of Trusted Execution Environments and Implications for Future Research", 2022 - arXiv

2021

• C. Liu, H. Guo, M. Xu, S. Wang, D. Yu, J. Yu, and X. Cheng, "Extending On-chain Trust to Off-chain -- Trustworthy Blockchain Data Collection using Trusted Execution Environment (TEE)", 2021 - arXiv
• D. Natarajan, A. Loveless, W. Dai, and R. Dreslinski, “CHEX-MIX: Combining Homomorphic Encryption with Trusted Execution Environments for Two-party Oblivious Inference in the Cloud”, 2021. - Cryptology ePrint Archive

Pre-2020

• Z. Bao, Q. Wang, W. Shi, L. Wang, H. Lei, and B. Chen, "When Blockchain Meets SGX: An Overview, Challenges, and Open Issues", 2020 - IEEE
• A. Nilsson, P. N. Bideh, and J. Brorsson, “A Survey of Published Attacks on Intel SGX”, 2020. - arXiv
• K. Murdock, D. Oswald, F. D. Garcia, J. Van Bulck, D. Gruss, and F. Piessens, “Plundervolt: Software-based Fault Injection Attacks against Intel SGX”, 2020. - IEEE
• R. Cheng, F. Zhang, J. Kos, W. He, N. Hynes, N. Johnson, A. Juels, and A. Miller, "Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts", 2019 - IEEE
• G. Kaptchuk, I. Miers, and M. Green, "Giving State to the Stateless: Augmenting Trustworthy Computation with Ledgers" , 2017 - Cryptology ePrint Archive
• J. Lind, O. Naor, I. Eyal, F. Kelbert, P. Pietzuch, and E. Gun Sirer, "Teechain: A Secure Payment Network with Asynchronous Blockchain Access", 2017. - arXiv

Articles

Introductory & Overview

• TEE Bible - Your First Stop for TEE in Crypto
• What is a Trusted Execution Environment (TEE)? - Halborn
• Blockchain Privacy and Security in Data Computation
• Trustless Execution Environments - David Atterman
• Chapter 3 - Verifiable Off-chain Compute: Enabling an Instagram-like experience for Web3 - Florin Digital
• Blockchain x TEE: Why Various Forefront Projects are Adopting TEE - TOKI
• Why trusted execution environments will be integral to proof-of-stake blockchains

Hardware Implementations

• Intel SGX Explained
• Demystifying SGX — Part 1 - Obscuro Labs
• A few notes on AWS Nitro Enclaves: Attack surface - Trail of Bits Blog

Block Building and MEV

• Building Secure Ethereum Blocks on Minimal Intel TDX Confidential VMs - Flashbots Collective
• TDX Security For BOB Searchers, Flashbots
• Sirrah: Speedrunning a TEE Coprocessor

Development and Security

• Securing TEE Apps: A Developer's Guide - Bedlam Research
• Early Thoughts on Decentralized Root-of-Trust - Flashbots Collective
• TEE-based Smart Contracts and Sealing Pitfalls

Privacy & ZK Comparisons

• 4 Ways to Compare Trusted Execution Environments and Zero-Knowledge Proofs
• Drawbacks In FHE Blockchain And How TEE Can Help It - Flashbots Collective

Ecosystem & Implementation Examples

• How Secret Network Uses SGX
• Trusted Execution Environments and the Polkadot Ecosystem
• Intel SGX and Blockchain: The iExec End-to-End Trusted Execution Solution

Conference & Event Summaries

• Blockchains in Trusted Execution Environments (TEEs)
• Blockchains + TEEs Day 1 Summary
• Blockchains + TEEs Day 2 Summary

Videos

Conference Talks

• How to Win Friends and TEE-fluence People - Ethan Buchman, Modular Summit 2024
• The TEE Stack - Andrew Miller, Modular Summit 2024
• Private Smart Contracts are Worth the Price of the SGX - Andrew Miller, ETHDenver 2023
• Protected Order Flow for Fair Transaction-Ordering in a Profit-Seeking World - Kushal Babel, MEV-SBC 2023
• Enabling Cross Chain Transfers Using SGX - Michael Kaplan, Avalanche Summit 2022
• Trusted Execution Environments Meet the Blockchain - Ittay Eyal, Simons Institute 2019

Technical Presentations

• DEVMOS 2024: Dylan Kawalec (Osmosis), 'Building Decentralized Frontends', Modular Summit 2024
• What apps are unlocked by the TEE stack - Xinyuan Sun, Modular Summit 2024
• Parallelized Confidential Computing - Yannik Schrade, Fil Dev Summit 2024
• TEE for Blockchain Applications - Ari Juels, a16z crypto 2023
• SGX Panel 2023: Andrew Miller, Jonathan Passerat Palmbach, Phil Daian, Justin Drake

Workshops & Tutorials

• Phala Network: 'The Magic of TEEs' - Online Workshop on TEE Basics
• Blockchains + TEEs 2023: Day 1 - Kartik Nayan, Ittai Abraham, Aniket Kate
• Blockchains + TEEs 2023: Day 2 - Kartik Nayan, Ittai Abraham, Aniket Kate

Tweet threads

• @CP2426_, focEliza Verifiable Terminal Release
• @_markel___, Extraction of Intel SGX Fuse Key0
• @PratyushRT, Breakdown of the Intel SGX (TEE) breach
• @buchmanster, TEE, ZK, FHE and MPC
• @buchmanster, How you win friends and TEE-fluence people - Chapter 2
• @DistributedMarz, Flashwares Live Session