documentation for substraTEE, an extension of parity substrate allowing to leverage Trusted Execution Environments (TEEs) to provide integrity and confidentiality
use case | substraTEE-signer (off-chain stateless) |
substraTEE-worker (off-chain stateful) |
substraTEE-node (onchain-stateful) |
---|---|---|---|
hardware wallet | 👍 local TEE per user | 👎 | |
atomic swaps (cross-chain bridge) |
👍 light node in both chains | 👍 | 👎 |
coinmixer | 👍 | 👎 | 👎 |
oracle | 👍 | 👍 | difficult if non-deterministic |
inheritance notary | 👍 | 👍 | storage expensive |
confidential transactions | 👎 | 👎 doesn't scale? (collisions of state changes) | 👍 encointer |
2nd layer confidential payment hub (Similar to TeeChan) | 👍 | ||
confidential smart contracts | 👎 | 👍 (Ekiden, PDO, encointer) | computation time and storage expensive |
POET consensus | 👎 | 👎 | 👎 |
off-chain: nothing special needs to be run by blockchain validators. normal transactions
stateless: no state needs to be preserved (onchain - data or hash) between uses
One flavour of substraTEE is a RPC client for substrate that runs a state transition function (STF) within a TEE (Intel SGX).
Main feature: trusted hardware custodian of your private keys
off-chain: nothing special needs to be run by blockchain validators. normal transactions
stateful: state needs to be preserved (onchain - data or hash) between uses
Similar to but still quite different than sawtooth PDO or Ekiden/OasisLabs
Do not confuse substraTEE-worker with substrate's off-chain workers. The latter are a part of the node's codebase. SubstraTEE worker is a standalone service interfacing substrate node using RPC or websockets
Dapps can commit WASM contracts and run their own TEE's or hire an enclave service to run confidential WASM smart contracts on. delegates are remote attested on the blockchain (the TCB doesn't include the WASM contract). They have to be fed with the most recent state, call and opaque payload. They then update the state that is written back to the chain.
on-chain: blockchain validators run confidential state transition function with every extrinsic.
stateful: state needs to be preserved (onchain - data or hash) between uses
a fork of substrate that has an Executor running in a TEE (Intel SGX)
Main feature: many confidential transactions can be executed with every block