How Kima Controls Liquidity Pools on its Platform Part 2: Trusted Execution Environments
We designed the Kima platform with the most advanced security instruments currently available. It stands apart in its design due to using two security mechanisms: Threshold Signatures and Trusted Execution Environments.
Our previous article, How Kima Controls Liquidity Pools on its Platform. Part 1: Threshold Signatures, looked at how Threshold Signature Schemes help wardens securely manage asset pools on the Kima platform.
In Part 2, we’ll talk about Trusted Execution Environments and how they serve to empower Kima’s Threshold Signatures with additional security capabilities.
What is a Trusted Execution Environment?
Trusted Execution Environments (TEEs) provide hardware-based security that enables storing secrets and secure and verifiable code execution. The critical properties of TEEs are:
– Privacy: Data processed inside the TEEs cannot be accessed by external programs, system administrators, or attackers who have physical access to the machines.
-Transparency: TEEs can “attest” to the code they are executing. Thus, the output of a TEE can be publicly verified.
The most common TEE is Intel SGX which is available on a wide variety of Intel CPUs. Microsoft Azure also supports Intel SGX in its cloud instances.
What is an SGX Used for?
Intel SGX has been used in the blockchain space to increase user privacy and improve security. On the privacy front, both the Secret Network and Oasis Cipher Paratime use Intel SGX to facilitate private smart contracts on Cosmos-based blockchains.
On the security front, the Avalanche Bridge implements a 3-out-of-4 Threshold Signature Scheme inside Intel SGX enclaves. This implementation does not improve the privacy of the bridge. However, it reduces the trust in the anonymous bridge “wardens” by generating and storing each warden’s key share inside an SGX enclave. Using this combination of a TSS and an SGX, the Avalanche Bridge wardens custody over $5.7B worth of assets on the Ethereum blockchain.
How Does an SGX Work?
To provide transaction privacy in a blockchain using committee-based consensus, each block producer can run its nodes inside an SGX enclave. Using Intel’s attestation feature, every block producer can verify that all the other committee members are running the authorized blockchain client inside an SGX enclave.
The enclaves can generate key pair(s) for a public key encryption protocol which allows users to encrypt their transactions before sending them to a node. Upon receiving an encrypted transaction, the transaction can be decrypted and validated inside the SGX enclave. The security of SGX guarantees that even the block producers themselves cannot decrypt the encrypted transactions.
How Does Kima Leverage Trusted Executed Environments?
Although Intel SGX is very powerful, it is not a panacea. There have been several high-profile attacks against SGX enclaves, and even in the absence of attacks, relying on Intel for security provides an unwanted and unnecessary point of centralization.
At Kima, we do not rely on the security of Intel SGX alone to maintain privacy or safeguard assets. Instead, we leverage SGX to complement the security of its system.
Kima wardens run the Threshold Signature Scheme inside an SGX enclave. Thus, the TSS key shares are not directly accessible to the wardens or system administrators. In our case, the key shares are held inside SGX enclaves, and the entire multiparty key generation and signing protocols are also run inside the enclaves.
This significantly improves the security of the underlying Threshold Signature Scheme. In a t-out-of-n Threshold Signature Scheme, security is maintained as long as no more than t wardens collude to subvert the protocol.
When the TSS protocol is run inside SGX, to break security, t + 1 would need first to break the security of SGX and then collude. Thus, by implementing the Threshold Signature Scheme inside an SGX enclave, Kima can significantly boost security with only a negligible loss in performance.
Stay up to date with Kima by signing up for our newsletter here.