awesome-tee-blockchain
A curated list of resources for learning about Trusted Execution Environments (TEEs) in the context of blockchains.
https://github.com/dineshpinto/awesome-tee-blockchain
Last synced: 15 days ago
JSON representation
-
Blockchain Applications & Use Cases Leveraging TEEs
-
Asset Management & Wallets
-
AI
-
General Off-Chain Compute
-
Rollups & Coprocessors
-
Block Building & MEV Mitigation
-
Bridging
- Website - labs GitHub](https://github.com/ava-labs)
-
-
Hardware
-
OpenTitan
-
-
Core Concepts & Technologies
-
Hardware Platforms
- lowRISC/opentitan
- Secure Encrypted Virtualization-Trusted I/O (SEV-TIO) - Improved I/O performance and security in AMD SEV-SNP guests
- Advanced Matrix Extensions (AMX) - Accelerator to improve the performance of deep-learning training and inference on the CPU
- Trust Domain Extensions (TDX) - Latest Hardware-based TEE architecture from Intel
- Hopper Architecture - Accelerated computing platform for AI
- Confidential Compute Architecture (CCA) - Under development. Key component of the Armv9-A architecture
- TrustZone - Isolates critical security firmware, assets and private information for Armv8-M based devices
- Software Guard Extensions (SGX) - Protects data actively being used in the processor and memory by creating a TEE
- Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) - Expands on SEV, adds memory integrity protection to help prevent malicious hypervisor-based attacks
- Secure Encrypted Virtualization (SEV) - Hardware-based memory encryption through the AMD Secure Processor
- H100 TensorCore GPU - Hardware-based trusted execution environment with NVIDIA Hopper and NVIDIA Blackwell architecture support
- Blackwell Architecture - Latest HW generation with accelerated computing and generative AI optimizations
-
TEE SDKs & Frameworks
- intel/linux-sgx - Intel SGX SDK and Platform Software (PSW) for Linux.
- Gramine Project - Library OS, allowing unmodified Linux applications to run in Intel SGX enclaves.
- Microsoft/confidential-container-demos - Demos for running containers in confidential environments on Azure.
- confidential-containers/confidential-containers - An open-source project enabling cloud-native confidential computing by shielding containerized workloads.
- apache/incubator-teaclave-sgx-sdk - Apache Teaclave (incubating) SGX SDK helps developers write Intel SGX applications in the Rust programming language.
- openenclave/openenclave - SDK for developing TEE applications (enclaves) across different hardware platforms (SGX, OP-TEE).
-
Cloud TEE Offerings
- Confidential Space - Supports trust model where the workload author, workload operator, and resource owners are separate, mutually distrusting parties.
- Confidential Accelerator for AI workloads - Supports Intel TDX with Intel AMX, and NVIDIA H100 GPUs.
- Confidential VMs - Supports AMD SEV, AMD SEV-SNP, and Intel TDX.
- Confidential VM attestation - Attestation support for AMD SEV (vTPM), AMD SEV-SNP (vTPM and TSM), and Intel TDX (vTPM and TSM).
- Nitro
- Nitro Enclaves
- Azure Confidential VM
-
-
Use Cases
-
Code Repositories
-
Rust
- Phala-Network/phala-blockchain - The Phala Network Blockchain, pRuntime and the bridge.
- Dstack-TEE/dstack - Dstack is a developer friendly and security first SDK to simplify the deployment of arbitrary Docker-based apps into TEE.
- marlinprotocol/oyster-serverless - Oyster Serverless is a cutting-edge, high-performance serverless computing platform designed to securely execute JavaScript (JS) and WebAssembly (WASM) code in a highly controlled environment.
- kata-containers/kata-containers - Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs.
- taikoxyz/raiko - Multi-proofs for Taiko. SNARKS, STARKS and Trusted Execution Enclave.
- confidential-containers/guest-components - Confidential Containers Guest Tools and Components
- kinvolk/azure-cvm-tooling - Libraries and tools for Confidential Computing on Azure
- HyperEnclave/hyperenclave - An Open and Cross-platform Trusted Execution Environment.
- mobilecoinfoundation/mobilecoin - Private payments for mobile devices
- integritee-network/worker - Integritee off-chain worker and sidechain validateer
- capsule-corp-ternoa/ternoa-node - Ternoa's Node Implementation
- automata-network/automata - Automata Network is a modular attestation layer that extends machine trust to Ethereum with TEE Coprocessors.
- apache/incubator-teaclave - Apache Teaclave (incubating) is an open source universal secure computing platform, making computation on privacy-sensitive data safe and simple.
- scrtlabs/incubator-teaclave-sgx-sdk - Rust SGX SDK provides the ability to write Intel SGX applications in Rust Programming Language. Fork of `apache/incubator-teaclave-sgx-sdk`.
-
Awesome Lists & General Resources
- orbstack/orbstack - Fast, light, simple Docker containers & Linux machines
- bpradipt/awesome-confidential-computing - Collection of resources on Confidential Computing
- erayack/awesome-sgx-blockchain - Awesome SGX and TEE on Blockchain Resources
- sbellem/qtee - Exploring the physical limits of trusted hardware in the classical and quantum settings to achieve security through physics.
-
C
- pietroborrello/CustomProcessingUnit - The first analysis framework for CPU microcode
- iisec-suzaki/optee-ra - OP-TEE Remote Attestation
- deislabs/mystikos - Tools and runtime for launching unmodified container images in Trusted Execution Environments
- mofanv/PPFL - Privacy-preserving Federated Learning with Trusted Execution Environments
- inclavare-containers/inclavare-containers - A novel container runtime, aka confidential container, for cloud-native confidential computing and enclave runtime ecosystem.
-
Go
- google/go-tpm-tools - Go packages built on go-tpm providing a high-level API for using TPMs
- google/go-sev-guest - go-sev-guest offers a library to wrap the /dev/sev-guest device in Linux, as well as a library for attestation verification of fundamental components of an attestation report.
- google/go-tdx-guest - go-tdx-guest offers a library to wrap the /dev/tdx-guest device in Linux, as well as a library for attestation verification of fundamental components of an attestation quote.
- matter-labs/vault-auth-tee - Hashicorp Vault plugin for authenticating Trusted Execution Environments (TEE) like SGX enclaves
- usbarmory/GoTEE - Go Trusted Execution Environment (TEE)
- iotexproject/w3bstream - An offchain computing layer for DePIN verifiable data computation, supporting a variety of validity proofs including Zero Knowledge (ZK), Trusted Execution Environments (TEE), and Multi-party Computation (MPC)
- oasisprotocol/oasis-core - Performant and Confidentiality-Preserving Smart Contracts + Blockchains
- hyperledger/fabric-private-chaincode - FPC enables Confidential Chaincode Execution for Hyperledger Fabric using Intel SGX.
-
CPP
- NixOS/nix - Nix, the purely functional package manager
- microsoft/azure-tee-attestation-samples - Trusted Execution Environment examples leveraging attestations on Azure
- lsds/Teechain - Teechain: A Secure Payment Network with Asynchronous Blockchain Access
- skalenetwork/sgxwallet - sgxwallet is the first-ever opensource high-performance hardware secure crypto wallet that is based on Intel SGX technology. First opensource product on Intel SGX whitelist. Scales to 100,000+ transactions per second. Currently supports ETH and SKALE, and will support BTC in the future. Sgxwallet is under heavy development and use by SKALE network.
- hyperledger-labs/private-data-objects - The Private Data Objects lab provides technology for confidentiality-preserving, off-chain smart contracts.
-
Python
- ethernity-cloud/mvp-pox-node - Ethernity Cloud Node
-
TypeScript
- tkhq/sdk - Turnkey TypeScript SDK
-
-
Learning Resources
-
Introductory & Overview Articles
- Demystifying SGX — Part 1 - Obscuro Labs
- Blockchain Privacy and Security in Data Computation
- 4 Ways to Compare Trusted Execution Environments and Zero-Knowledge Proofs
- What is a Trusted Execution Environment (TEE)? - Halborn
- Blockchain x TEE: Why Various Forefront Projects are Adopting TEE - TOKI
- Why trusted execution environments will be integral to proof-of-stake blockchains
- Intel SGX Explained
- TEE Bible - Your First Stop for TEE in Crypto
- Chapter 3 - Verifiable Off-chain Compute: Enabling an Instagram-like experience for Web3 - Florin Digital
-
Research Papers
-
Technical Deep Dive Articles
- Sirrah: Speedrunning a TEE Coprocessor
- How Secret Network Uses SGX
- Blockchains in Trusted Execution Environments (TEEs)
- Intel SGX and Blockchain: The iExec End-to-End Trusted Execution Solution
- Blockchains + TEEs Day 1 Summary
- Blockchains + TEEs Day 2 Summary
- Early Thoughts on Decentralized Root-of-Trust - Flashbots Collective
- Drawbacks In FHE Blockchain And How TEE Can Help It - Flashbots Collective
- Building Secure Ethereum Blocks on Minimal Intel TDX Confidential VMs - Flashbots Collective
- We call this kernel saunters: How Apple rearranged its XNU core with exclaves - The Register
- TDX Security For BOB Searchers, Flashbots
- Nix + Bazel: Fully reproducible, incremental builds
- Trusted Execution Environments and the Polkadot Ecosystem
-
Videos
- What apps are unlocked by the TEE stack - Xinyuan Sun, Modular Summit 2024
- DEVMOS 2024: Dylan Kawalec (Osmosis), 'Building Decentralized Frontends', Modular Summit 2024
- How to Win Friends and TEE-fluence People - Ethan Buchman, Modular Summit 2024
- The TEE Stack - Andrew Miller, Modular Summit 2024
- Private Smart Contracts are Worth the Price of the SGX - Andrew Miller, ETHDenver 2023
- Protected Order Flow for Fair Transaction-Ordering in a Profit-Seeking World - Kushal Babel, MEV-SBC 2023
- Trusted Execution Environments Meet the Blockchain - Ittay Eyal, Simons Institute 2019
- Parallelized Confidential Computing - Yannik Schrade, Fil Dev Summit 2024
- TEE for Blockchain Applications - Ari Juels, a16z crypto 2023
- Enabling Cross Chain Transfers Using SGX - Michael Kaplan, Avalanche Summit 2022
- Phala Network: 'The Magic of TEEs' - Online Workshop on TEE Basics
- Blockchains + TEEs 2023: Day 1 - Kartik Nayan, Ittai Abraham, Aniket Kate
- SGX Panel 2023: Andrew Miller, Jonathan Passerat Palmbach, Phil Daian, Justin Drake
- Blockchains + TEEs 2023: Day 2 - Kartik Nayan, Ittai Abraham, Aniket Kate
-
Tweet threads
- @buchmanster, TEE, ZK, FHE and MPC
- @buchmanster, How you win friends and TEE-fluence people - Chapter 2
- @P3b7\_, Donjon Ledger analysis of Trezor Safe 3
- @CP2426\_, focEliza Verifiable Terminal Release
- @\_markel\_\_\_, Extraction of Intel SGX Fuse Key0
- @PratyushRT, Breakdown of the Intel SGX (TEE) breach
- @DistributedMarz, Flashwares Live Session
-
-
Applications in Blockchain
-
Videos
-
TS
- How to Win Friends and TEE-fluence People - Ethan Buchman, Modular Summit 2024
- DEVMOS 2024: Dylan Kawalec (Osmosis), 'Building Decentralized Frontends', Modular Summit 2024
- The TEE Stack - Andrew Miller, Modular Summit 2024
- Parallelized Confidential Computing - Yannik Schrade, Fil Dev Summit 2024
- TEE for Blockchain Applications - Ari Juels, a16z crypto 2023
- Private Smart Contracts are Worth the Price of the SGX - Andrew Miller, ETHDenver 2023
- Protected Order Flow for Fair Transaction-Ordering in a Profit-Seeking World - Kushal Babel, MEV-SBC 2023
- Blockchains + TEEs 2023: Day 1 - Kartik Nayan, Ittai Abraham, Aniket Kate
- Blockchains + TEEs 2023: Day 2 - Kartik Nayan, Ittai Abraham, Aniket Kate
- SGX Panel 2023: Andrew Miller, Jonathan Passerat Palmbach, Phil Daian, Justin Drake
- Enabling Cross Chain Transfers Using SGX - Michael Kaplan, Avalanche Summit 2022
- Trusted Execution Environments Meet the Blockchain - Ittay Eyal, Simons Institute 2019
-
Python
- How to Win Friends and TEE-fluence People - Ethan Buchman, Modular Summit 2024
- DEVMOS 2024: Dylan Kawalec (Osmosis), 'Building Decentralized Frontends', Modular Summit 2024
- The TEE Stack - Andrew Miller, Modular Summit 2024
- Parallelized Confidential Computing - Yannik Schrade, Fil Dev Summit 2024
- TEE for Blockchain Applications - Ari Juels, a16z crypto 2023
- Private Smart Contracts are Worth the Price of the SGX - Andrew Miller, ETHDenver 2023
- Protected Order Flow for Fair Transaction-Ordering in a Profit-Seeking World - Kushal Babel, MEV-SBC 2023
- Blockchains + TEEs 2023: Day 1 - Kartik Nayan, Ittai Abraham, Aniket Kate
- Blockchains + TEEs 2023: Day 2 - Kartik Nayan, Ittai Abraham, Aniket Kate
- SGX Panel 2023: Andrew Miller, Jonathan Passerat Palmbach, Phil Daian, Justin Drake
- Enabling Cross Chain Transfers Using SGX - Michael Kaplan, Avalanche Summit 2022
- Trusted Execution Environments Meet the Blockchain - Ittay Eyal, Simons Institute 2019
-
-
Articles
-
Security Considerations & Attacks
-
Rollups & Coprocessors
- A Survey of Published Attacks on Intel SGX - Nilsson et al. (2020)
- Plundervolt: Software-based Fault Injection Attacks against Intel SGX - Murdock et al. (2020)
- TEE-based Smart Contracts and Sealing Pitfalls - IC3
- A few notes on AWS Nitro Enclaves: Attack surface - Trail of Bits Blog
- Securing TEE Apps: A Developer's Guide - Bedlam Research
-
-
Community & Events
-
TypeScript
- Blockchains + TEEs Workshop - Academic workshop focused on the intersection of blockchains and TEEs.
- Confidential Computing Consortium - Linux Foundation project advancing confidential computing.
- Flashbots Collective Forum - Discussions often touch on TEE usage for MEV mitigation and block building.
-
Programming Languages
Categories
Sub Categories
Research Papers
17
Videos
14
TS
14
Rust
14
Python
14
Technical Deep Dive Articles
13
Hardware Platforms
12
Introductory & Overview Articles
9
Go
8
Cloud TEE Offerings
7
Tweet threads
7
Rollups & Coprocessors
6
Block Building & MEV Mitigation
6
TEE SDKs & Frameworks
6
C
5
CPP
5
TypeScript
4
Awesome Lists & General Resources
4
Privacy
2
Asset Management
2
Asset Management & Wallets
2
General Off-Chain Compute
2
Rollups
1
General Compute
1
OpenTitan
1
AI
1
Bridging
1
Keywords
sgx
8
tee
7
blockchain
6
confidential-computing
4
docker
3
rust
3
trusted-execution-environment
3
tpm2
2
intel-sgx
2
containers
2
universal-secure-computing
2
privacy
2
virtual-machine
2
kubernetes
2
oci
2
linux
2
security
2
azure
1
attestation
1
node
1
faas
1
function-as-a-service
1
secure-multiparty-computation
1
trustzone
1
go
1
golang
1
virtualization
1
qemu
1
kvm
1
k8s
1
firecracker
1
cri-o
1
cri
1
acrn
1
mev
1
awesome
1
utm
1
macos
1
mac
1
lima
1
docker-desktop
1
colima
1
ethereum
1
hardware-crypto-wallet
1
proof-of-stake
1
skale-network
1
trusted-computing
1
ubuntu
1
wallet
1
alpha
1