The Problem

Secure remote computation is the problem of executing software on a remote computer owned and maintained by an untrusted party, with some integrity and confidentiality guarantees.
– Intel SGX Explained, Devadas

Intel SGX aims to solve the secure remote computation problem with hardware.

3 core challenges of TEEs

• NO proof of non-leakage of root of trust

• NO proof of manufacturing

• Centralized remote attestation

Current TEEs are ultimately secure through economics

TEEs running in the cloud would need the cloud provider and Intel to collude, making such an attack even less likely.
– Debunking TEE FUD: A Brief Defense of The Use of TEEs in Crypto, Quintus & Andrew

No physical attacks (targeting the CPU chip)

No side-channel attacks

But. Why?

Information is not a disembodied abstract entity; it is always tied to a physical representation. It is represented by engraving on a stone tablet, a spin, a charge,
a hole in a punched card, a mark on paper, or some other equivalent. This ties the handling of information to all the possibilities and restrictions of our real physical word, its laws of physics and its storehouse of available parts.

– Rolf Landauer, in The physical nature of information

How do you hide bits & atoms?

Euh … put them in a black hole?

Black-Hole Radiation Decoding

is

Quantum Cryptography

– Zvika Brakerski

I'm afraid of Schrödinger's cat

\begin{equation} i\hbar \frac{\partial \Psi(\mathbf{r}, t)}{\partial t} = \hat{H} \Psi(\mathbf{r}, t) \end{equation}

Enter PUF Land

The Rise of CryptoPhysics

Physical One-Way Functions
– PhD thesis by Pappu

"Our work is philosophically inspired by the notion of Quantum Money, first proposed in 1983 by Wiesner in a paper titled Conjugate Coding."

Physical One-Way Functions

– Pappu et al.

Physical Unclonable Functions (PUFs)

"We wish to implement a PUF in silicon so we can identify and authenticate a given integrated circuit (IC). By exploiting statistical variations in the delays of devices and wires within the IC, we create a manufacturer resistant PUF."

– Gassend et al.

Arbiter PUF

source: Physically Unclonable Functions: A Study on the State of the Art and Future Research Directions by Maes & Verbauwhede

"Again, the hardness of cloning can be considered from a theoretical and a practical point of view. Practically, cloning can be very hard or infeasible. Demonstrating theoretical unclonability on the other hand is very difficult. The only known systems which can be proven to be theoretically unclonable are based on quantum physics."

– Physically Unclonable Functions: A Study on the State of the Art and Future Research Directions by Maes & Verbauwhede

- Extrinsic Security - | - Intrinsic Security -

Image source: Root of Trust, by Vincent Van der Leest et al

Discussion

Related Work

• The Secure Cryptographic Implementation Association
• Here Come The Pufpunks (aka qtee)
• Autonomous TEE Manifesto
• Flashbots' call to action

With A Little Help From My Friends

Thorben & François-Xavier, UCLouvain Crypto Group
Davie & Julio, Poetic Technologies UG
Quintus & Tina, Flashbots
Andrew & Dawn, Initiative for Cryptocurrencies and Contracts
Nerla & Manolo, The Pufpunks & Pufmachines Collective