TEEs are going to be broken again. (and that’s fine)

# TEEs are going to be broken again, which is fine ![Explainer Stills (6)](https://hackmd.io/_uploads/S1lpsQSxR.png) Trusted Execution Environments (TEEs) are secure enclaves bounded by hardware that isolate data to achieve verifiable computing. There are many reasons that make TEEs useful in the context of the blockchain environment: execution integrity (similar to any ZK circuit), rapid deployment, and practical costs (Building MPC/FHE/ZK systems generally takes a huge amount of effort. At this current juncture it is not obvious if they will ever be comparable to TEEs.) ## Big L if you use TEEs Yea, about that. TEEs have been ‘broken’ enough for others to anti-endorse hardware solutions as a feasible path forward in Web3. Critiques are [total](https://twitter.com/koeppelmann/status/1636700206820478976). The argument usually used is that in such applications, points of failure exist already - but in the same way where unforeseen bugs can cripple the entire network - ZK or not - TEE solutions are not infallible (most often due to human errors in implementation), but, so? As with any complex piece of code, and bear in mind that blockchains are fundamentally live chunks of code that are maintained, contributed to, and written by a group of people, technical risks will present themselves no matter which flavor of rollups you choose, no matter what fancy consensus algorithms you throw at it, and no matter whether you use TEEs (or not). **We want to avoid sliding from “Let’s ensure that systems are as secure and as correct as possible” to “TEE sucks” because TEE absolutely does not suck.** Or, if they do, at least not at a level where running a TEE introduces significantly more risks than using any other piece of technology on/with the blockchain. ## TEEs are better than no TEEs. Huh. TEE exploits mirror that of normal software exploits - they are effective only if previously unknown (0-days). Once the vulnerability is known, developers develop patches and mitigations for them and we update our software (in Intel parlance, it is a TCB Recovery). Just as we don’t stop using software because of ALL the vulnerabilities software through the years have (even your favorite circuits / verifiers / MPC schemes are software), we should not just throw the proverbial TEE baby out of the water. Decentralized systems have to be designed under the assumption of adversarial conditions, and secure hardware can be extremely useful if we manage risks through defence-in-depth, clever design and hardworking white-hats and patching routines. If we accept that, we can then turn our mind to how TEEs can be implemented on public blockchains. Having a TEE will always be a strict safety improvement over a non-TEE implementation, even noting the overheads in computation. Technical refinements are possible, and already being implemented; rotation of the enclave keypair mitigates against worst-case scenarios where the enclave is breached. (shameless plug: Automata’s multi-prover rollup with Scroll already uses this!) There are also advantages to certain use cases when it comes to TEEs - the storage of secrets cannot be done by ZK - which while offering cryptographic guarantees and excellent privacy functions - is simply not designed to do so. ## Social begets security Let’s put aside all chatter about TEE/ZK/MPC/any-other-technical setup for a moment and remind ourselves that blockchains are (fragile) social constructs. They don’t mean anything if people don’t believe in them. Even if an attacker manages to breach the 33% threshold to pull off a hostile takeover on Ethereum, it will take more than having huge chunks of staked ether to convince the community of the legitimacy of the new chain. What is the moral of the story here? <iframe id="twitter-widget-1" scrolling="no" frameborder="0" allowtransparency="true" allowfullscreen="true" class="" style="position: static; visibility: visible; width: 482px; height: 321px; display: block; flex-grow: 1; margin: auto;" title="X Post" src="https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-1&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideCard=false&hideThread=true&id=1775340838643802454&lang=en&origin=https%3A%2F%2Fpublish.twitter.com%2F%3Furl%3Dhttps%3A%2F%2Ftwitter.com%2Fmelynx%2Fstatus%2F1775340838643802454%23&sessionId=6e0c37fbcda61d0b8fbdc58b542d9d5381fc0c92&theme=light&widgetsVersion=2615f7e52b7e0%3A1702314776716&width=550px" data-tweet-id="1775340838643802454"></iframe> <br/>The social layer of a chain is what will ultimately protect it in the long run. (Economic consensus for liveness and security in the short term!). This isn’t just about idealism. The network is only safe as long as there exists one honest validator in the network somewhere. The more coordinated your community is, the harder it is for bad-faith actors to pull off an attack. The more people look and sift through your codebase, the more validators run a node and check signatures, the more users question trust models across the entire protocol from builders, proposers, relayers, the smaller the attack surface becomes. This, more than anything, will determine which networks will be able to use and apply novel technologies to their advantage (however broken they might be). *Intern note: This exceptional [piece](https://collective.flashbots.net/t/debunking-tee-fud-a-brief-defense-of-the-use-of-tees-in-crypto/2931) by the Flashbots team has covered much ground in defending TEEs, and a read is necessary. If you want to chat about TEEs, their much-maligned reputation within Web3, or to point out certain flaws in our reasoning, leave a comment below.* *Intern note 2: There is already much fanfare and optimism around MPC/ZK/FHE and this is not meant or intended to be a piece knocking their merits. This intern just wants some love for TEEs (Join [me](https://twitter.com/AutomataIntern)!)*