In the Web3 era, TEE (Trusted Execution Environment) is becoming a key cornerstone of data security and privacy-preserving computing. From MEV protection to AI computing, from decentralization finance to DePIN ecosystem, TEE is building a safer and more efficient encryption world. In this report, we’ll take a deep dive into this cutting-edge technology and reveal how it’s reshaping the future of Web3.
Chapter 1: The Rise of TEE - Why It is the Core Puzzle of the Web3 Era?
1.1 What is TEE?
A Trusted Execution Environment (TEE) is a hardware-based secure execution environment that ensures that data is not tampered with, stolen, or leaked during computation. In modern computing architectures, TEEs provide additional security for sensitive data and computing by creating an isolated area that is independent of the operating system (OS) and applications.
Core Features of TEE
Isolation: TEE runs in a protected area of the CPU, isolated from the operating system, other applications, and external attackers. Even if hackers break through the main operating system, the data and code inside the TEE remain secure.
Integrity: TEE ensures that code and data cannot be tampered with during execution.
Through Remote Attestation, TEE can prove to external parties that it is running trusted code.
Confidentiality: TEE internal data will not be accessed externally, even device manufacturers or cloud providers cannot read it. Adopt encryption storage (Sealed Storage) mechanism to ensure that sensitive data remains secure even after the device is powered off.
**1.2 Why does Web3 require a TEE? **
In the Web3 ecosystem, privacy computing, secure execution, and anti-censorship are core requirements, and TEE can provide this key capability. Current blockchain and Decentralization applications (DApps) face the following problems:
1.2.1 Privacy Issues on the Blockchain
Traditional blockchains like Bitcoin and Ethereum have a completely transparent nature, where all transaction and smart contract data can be viewed by anyone. This brings the following issues:
User privacy leakage: In scenarios such as DeFi transactions, NFT purchases, and social applications, users’ capital flows and identities may be tracked.
Enterprise data leakage: Enterprises hope to use blockchain technology, but sensitive data (such as trade secrets, medical records) cannot be stored on the public chain.
TEE solution: Through the combination of TEE + smart contract, developers can build private computing contracts, where only authorized users can access the calculation results, and the original data is hidden from the outside world. Secret Network, a TEE-based privacy smart contract platform, has implemented this model, allowing developers to create DApps that protect user privacy.
1.2.2 MEV (Miner Extractable Value) Issue
MEV (Miner Extractable Value) refers to the use of the transparency of transaction information by miners or block producers to conduct arbitrage when packaging transactions. For example: Front-running: Miners or robots pre-submit transactions before user transactions to profit. Sandwich Attack: Attackers insert their own transactions before and after user transactions to manipulate prices and profit.
TEE solution: With TEE, transactions can be sorted in a private environment, ensuring that miners can’t see transaction details in advance.
Flashbots is exploring the TEE+Fair Sequencing solution to reduce the impact of MEV on DeFi.
1.2.3 Web3 Computational Performance Bottleneck
The computing power of the public chain is limited, and on-chain computing is expensive and inefficient. For example, Ethereum’s Gas fees are high, and the cost of running complex smart contracts is extremely high. Blockchain cannot efficiently support AI computing, image processing, complex financial modeling, and other computing tasks.
TEE solution: TEE can be used as a core component of the Decentralization computing network, allowing smart contracts to outsource computing tasks to a trusted environment for execution and return trusted computing results.
Representative project: iExec (providing a Decentralized cloud computing platform based on TEE).
1.2.4 Trust Issues in DePIN (Decentralized Physical Infrastructure)
DePIN (Decentralized Physical Infrastructure Networks) is a new trend in the Web3 space, such as Helium (Decentralization 5G network), Filecoin (Decentralization storage), Render Network (Decentralization rendering)
DePIN relies on trustless computation and verification mechanisms, and TEEs can be used to ensure the trustworthiness of data and computational tasks. For example, a data processing device can perform a calculation task within the TEE to ensure that the calculation results have not been tampered with. Combined with remote proof technology, TEE can provide trusted computing results to the blockchain and solve the fraud problem in the DePIN ecosystem.
1.3 Comparison of TEE with other privacy computing technologies (ZKP, MPC, FHE)
Currently, the privacy computing technologies in the Web3 field mainly include:
TEE (Trusted Execution Environment)
Advantages: efficient, low latency, suitable for high-throughput computing tasks, such as MEV protection, AI computing, etc.
Disadvantages: Dependent on specific hardware, with security vulnerabilities (e.g., SGX attacks).
ZKP (Zero Knowledge Proof)
Advantages: Mathematical proof of data correctness, no need to trust third parties.
Disadvantage: high computational cost, not suitable for large-scale computation.
MPC (Multiparty Computation)
Advantages: It does not need to rely on a single trusted hardware, and is suitable for decentralization governance and privacy payment.
Disadvantages: lower computational performance, limited scalability.
FHE (Fully Homomorphic Encryption)
Advantages: can perform calculations directly in encryption state, suitable for the most extreme privacy needs.
Disadvantages: The computational cost is extremely high, and it is currently difficult to commercialize.
Chapter 2: TEE Tech Insider – An in-depth look at the core architecture of trusted computing
Trusted Execution Environment (TEE) is a hardware-based security computing technology designed to provide an isolated execution environment to ensure the confidentiality, integrity, and verifiability of data. With the rapid development of blockchain, artificial intelligence, and cloud computing, TEE has become an important component of the Web3 security architecture. This chapter will delve into the core technical principles of TEE, mainstream implementation solutions, and its applications in data security.
The basic principle of 2.1 TEE
2.1.1 How TEE works
TEE creates a protected isolation area inside the CPU through hardware support to ensure that the code and data are not accessed or tampered with externally during execution. It is typically composed of several key components:
Secure Memory: TEE uses a dedicated encryption memory area inside the CPU (Enclave or Secure World), and external programs cannot access or modify the data inside.
Isolated Execution: The code running in the TEE is independent of the main operating system (OS), so even if the OS is attacked, the TEE can still ensure data security.
Sealed Storage: Data can be encrypted with a key and stored in a non-secure environment, and only the TEE can decrypt the data.
Remote Attestation: Allows remote users to verify that the TEE is running trusted code to ensure that the computation has not been tampered with.
2.1.2 TEE’s Security Model
The security model of TEE relies on the Minimal Trusted Computing Base (TCB), that is:
Only trust the TEE itself, not the main operating system, drivers, or other external components.
Using encryption technology and hardware protection to prevent software attacks and physical attacks.
2.2 Three mainstream TEE technologies compared: Intel SGX, AMD SEV, ARM TrustZone
Currently, the mainstream TEE solutions are mainly provided by the three major chip manufacturers Intel, AMD, and ARM.
2.2.1 Intel SGX(Software Guard Extensions)
The TEE technology introduced by Intel first appeared in Skylake and subsequent CPUs. It provides a secure computing environment through Enclave (encryption isolation area), suitable for cloud computing, blockchain privacy contracts, etc.
Core features: Enclave-based memory isolation: Applications can create protected enclaves that house sensitive code and data.
Hardware-level memory encryption: The data inside the Enclave is always encrypted outside the CPU, so it cannot be read even if the memory is dumped.
Remote Attestation: Allows you to remotely verify that Enclave is running code that has not been tampered with.
Limitations: Enclave memory limit (early stage only 128MB, expandable to 1GB+). Vulnerable to side channel attacks (such as L1TF, Plundervolt, SGAxe). Complex development environment (requires the use of SGX SDK to write specialized applications).
2.2.2 AMD SEV(Secure Encrypted Virtualization)
TEE technology, introduced by AMD, is primarily used for secure computing in virtualized environments. It is suitable for cloud computing scenarios and provides virtual machine (VM)-level encryption protection.
CORE FEATURES
Full-memory encryption: Use the internal key of the CPU to encrypt the entire VM’s memory.
Multiple VM Isolation: Each VM has independent keys to prevent different VMs on the same physical machine from accessing each other’s data.
SEV-SNP (latest version) supports remote attestation to verify the integrity of VM code.
Limitations: Applies only to virtualized environments, not to non-VM applications. The performance overhead is high, and encryption and decryption increase the computing burden.
2.2.3 ARM TrustZone
TEE solutions provided by ARM are widely used in mobile devices, IoT devices, and smart contract hardware wallets.
Secure World and Normal World are available through CPU-level partitioning.
Core Features
Lightweight architecture: not relying on complex virtualization technology, suitable for low-power devices.
Full system-level TEE support: support encryption storage, DRM, financial payments and other secure applications.
Hardware-based isolation, unlike SGX’s enclave mechanism.
Limitations: Security level is lower than SGX and SEV, as Secure World relies on the implementation of device manufacturers. Development is limited, some functions can only be accessed by device manufacturers, and third-party developers have difficulty accessing the complete TEE API.
2.3 RISC-V Keystone: The Future Hope of Open Source TEE
2.3.1 Why do we need an open source TEE? **
Intel SGX and AMD SEV are proprietary technologies restricted by manufacturers. RISC-V, as an open-source Instruction Set Architecture (ISA), allows developers to create customized TEE solutions to avoid security issues with closed-source hardware.
**2.3.2 Key Features of the Keystone TEE
Based on the RISC-V architecture, completely open source. Supports flexible security policies, allowing developers to define their own TEE mechanisms. Suitable for Decentralization computing and the Web3 ecosystem, and can be combined with blockchain for trusted computing.
2.3.3 The Future Development of Keystone
May become a key infrastructure for Web3 computing security, avoiding reliance on Intel or AMD. The community is promoting stronger security mechanisms to reduce the risk of side-channel attacks.
2.4 How does TEE keep data secure? From encryption storage to remote authentication
2.4.1 encryption storage (Sealed Storage)
The TEE allows the application to store encryption data externally, and only the application within the TEE can decrypt it. For example: private key storage, medical data protection, confidential AI training data.
2.4.2 Remote Attestation
Remote servers can verify if the code running on TEE is trustworthy to prevent malicious tampering. In the Web3 space, it can be used to verify that the environment in which smart contracts are executed is trustworthy.
2.4.3 Side Channel Attack Protection
The latest TEE design uses means such as memory encryption and randomization of data access to reduce attack risks. The community and manufacturers continue to fix TEE-related vulnerabilities, such as Spectre, Meltdown, and Plundervolt.
Chapter 3: TEE in the world of encryption – From MEV to AI computing, a revolution is happening
Trusted Execution Environment (TEE) as a powerful hardware security technology is gradually becoming one of the most important computing infrastructures in the Web3 ecosystem. It can not only solve the performance bottleneck of Decentralization computing, but also play a key role in MEV (Maximum Extractable Value), privacy computing, AI training, DeFi, and Decentralized identity. TEE-empowered Web3 computing is ushering in a revolution, bringing more efficient and secure solutions to the Decentralization world.
3.1 Decentralization Computing: How to Solve Web3 Computing Bottlenecks with TEE?
Blockchain has the advantage of being resistant to censorship and highly trusted due to its Decentralization characteristics, but there are still significant bottlenecks in terms of computing power and efficiency. Current Decentralization computing platforms (such as Akash, Ankr) are trying to address these issues through TEE, providing a high-performance, secure computing environment for the Web3 ecosystem.
3.1.1 Challenges of Web3 Computing
Limited computing power: Smart contract execution speed on blockchains such as Ethereum is slow and cannot handle large-scale computing tasks, such as AI training or high-frequency financial calculations.
Data privacy issues: On-chain computation is transparent and cannot protect sensitive data, such as personal identity information, business secrets, etc.
Computationally expensive: Running complex computations on the blockchain, such as ZK proof generation, is extremely expensive, limiting the expansion of use cases.
3.1.2 Akash & Ankr: TEE Empowered Decentralized Computing
Akash Network
Akash provides a Decentralized cloud computing marketplace that allows users to rent computing resources. TEE applications include:
Privacy Computing: Through TEE, users can run confidential computing tasks in a Decentralization environment without exposing code and data.
Trusted Computing Market: Akash ensures the rented computing resources are not tampered with through TEE, improving the security of computing tasks.
Ankr Network
Ankr provides Decentralization computing infrastructure, especially in the field of Web3 cloud services and RPC. TEE in Ankr’s application:
Secure Remote Computation: Use TEE to ensure that the computing tasks executed in the cloud run in a trusted environment to prevent data leakage.
Censorship resistance: The TEE combined with the Decentralization computing architecture enables Ankr to provide censorship-resistant computing resources for privacy DApps.
3.1.3 Future Prospects
As the demand for Web3 computing grows, TEE will become a standard component of the Decentralization computing network, making it more competitive in terms of privacy, efficiency, and security.
3.2 Trustless MEV Transactions: Why is TEE the Optimal Solution?
MEV (Maximum Extractable Value) is a core issue in blockchain transaction sequencing, involving complex strategies such as arbitrage, sandwich attacks, liquidation, etc. TEE provides a trustless MEV solution through trusted computation and encryption transactions, reducing the likelihood of misconduct by miners and validators.
3.2.1 Current Situation and Challenges of MEV
Front-running: Miners can front-run user transactions to perform sandwich attacks.
Centralization of sorting: Flashbots and other MEV solutions still rely on centralized sequencers.
Risk of information leakage: The current MEV bidding system may expose transaction information and affect fairness.
3.2.2 TEE Empowered MEV Solution
Flashbots & TEE: Flashbots is exploring TEE as a key technology for trustless transaction ordering (MEV Boost). Transactions can be encrypted and sequenced within the TEE, preventing miners or validators from tampering with the order of transactions.
EigenLayer & TEE: EigenLayer guarantees the fairness of the restaking mechanism through TEE to prevent malicious manipulation of MEV. Remote attestation via TEE ensures that the MEV bidding system has not been manipulated.
3.2.3 Future Prospects
TEE can provide ‘trustless ordering’ and ‘private transactions’ in the MEV field, reduce miner manipulation, improve fairness, and provide a fairer trading environment for DeFi users.
3.3 Privacy-preserving Computing & DePIN Ecology: How does Nillion build a new generation of privacy network empowered by TEE?
Privacy-preserving computing is an important challenge in the Web3 ecosystem, especially in the DePIN (Decentralization Physical Infrastructure Network) space. TEE provides strong privacy protection capabilities for projects such as Nillion through hardware-level encryption and isolated execution.
3.3.1 Nillion’s privacy computing scheme
Nillion is a blockchain-free Decentralization privacy computing network that combines TEE and MPC (Multi-Party Computation) to achieve data privacy protection:
Data sharding: Perform encryption calculations through TEE to prevent sensitive data leakage.
Privacy Smart Contracts: Nillion allows developers to build private DApps with data only visible within the TEE.
3.3.2 Application of TEE in the DePIN Ecosystem
Smart Grid: Use TEE to protect user energy data privacy and prevent misuse.
Decentralization storage: Combined with Filecoin, ensure that the storage data is processed internally in TEE to prevent unauthorized access.
3.3.3 Future Prospects
Nillion and similar projects could become the core infrastructure of privacy-preserving computing in Web3, and TEEs will play an integral role in this.
3.4 Decentralization AI: How to Protect AI Training Data with TEE?
The combination of AI and blockchain is becoming a hot trend in the Web3 space, but AI training faces data privacy and computational security issues. TEEs protect AI training data, prevent data breaches, and improve compute security.
3.4.1 Bittensor & TEE
Bittensor is a Decentralization AI computing network that uses TEE to protect the data privacy of AI-trained models.
Ensure that AI compute nodes have not been tampered with through remote attestation to provide trusted AI computing services.
3.4.2 Gensyn & TEE
Gensyn allows developers to run AI training tasks in the Decentralization environment, and the TEE ensures data confidentiality.
Combining zero-knowledge proofs (ZKP) and TEE to verify the credibility of Decentralization AI computing.
3.5 DeFi Privacy & Decentralization Identity: How Does Secret Network Secure Smart Contracts with TEEs?
3.5.1 DeFi Privacy Issues
Traditional smart contracts are transparent, all transaction data is public, and there is a huge demand for privacy in DeFi.
Users want to protect transaction data, such as balances, transaction history, etc.
3.5.2 Secret Network & TEE
Secret Smart Contracts: Secret Network uses TEE to secure smart contract execution, making transaction data visible only inside the TEE.
Decentralization Identity (DID): TEE can be used to store user identity information, prevent identity leakage, and support KYC compatibility.
3.5.3 Future Prospects
TEEs will play an increasingly important role in the field of DeFi privacy and Decentralization identity, providing stronger privacy protection for Decentralization Finance.
Chapter 4: Conclusion and Outlook – How Will TEEs Reshape Web3?
As one of the important technologies in the field of encryption, Trusted Execution Environment (TEE) has shown great potential in many scenarios. As the Web3 ecosystem continues to grow, the role of TEE will become more critical, especially in areas such as Decentralization Infrastructure, Privacy-Preserving Computing, and Smart Contracts. This chapter will summarize the current state of TEE technology, look ahead to how it is driving the growth of Web3, and analyze the potential business models and tokenomics opportunities for TEEs in the encryption industry.
4.1 How does trusted computing drive the development of decentralization infrastructure?
4.1.1 Necessity of Decentralization Calculation
With the rise of decentralization technology, the traditional centralized computing architecture gradually cannot meet the needs of the Web3 ecosystem. Decentralization computing can not only improve the security and fault tolerance of the system, but also enhance the transparency and censorship resistance of the network. However, the Decentralization computing system faces a number of challenges:
Trust issues: Trust between nodes is unstable, which can lead to data tampering or untrustworthy computing results.
Privacy issue: In the Decentralization environment, how to protect user data privacy has become a major challenge.
Performance issues: Decentralization computing may face performance bottlenecks, such as uneven distribution of computing resources and low throughput.
4.1.2 Role of TEE in Decentralization Infrastructure
TEE technology is the key to solving these problems. By providing a protected, isolated computing environment, TEE provides the following support for the Decentralization computing system:
Trustless computing: TEEs ensure the integrity of the computation process and the confidentiality of data, even without full trust.
Privacy protection: TEE can perform encryption calculations without data leakage to protect user privacy.
Enhanced performance: With the development of hardware TEE schemes, compute throughput is expected to increase significantly.
TEE will become the core technical support in the Decentralization computing network (such as Akash and Ankr), and promote the maturity and popularization of the Decentralization infrastructure.
4.2 Potential Business Models and Tokenomics Opportunities for TEEs
4.2.1 TEE-driven business model
As TEE technology becomes more widespread, several new business models and platforms are emerging, and here are a few of the main ones:
Decentralization Computing Marketplace: Platforms such as Akash, Ankr, etc., through the Decentralization Computing Marketplace, allow users to rent computing resources and ensure the trustworthiness and privacy protection of computing through TEEs.
Privacy-preserving computing services: Companies that provide privacy-preserving computing services based on TEE can provide data encryption and computing assurance services for industries such as finance, healthcare, and insurance, and the profit model is mainly charged by computing tasks.
Distributed computing and storage: TEE can be applied to the Decentralization storage and computing platform to ensure data security and trustworthiness in distributed systems, and related business opportunities include revenue from storage fees and computing service fees.
Blockchain infrastructure vendors: Provide specialized hardware or software tools that enable Web3 projects to run smart contracts and execute Decentralization Applications (DApps) in a TEE environment.
4.2.2 Tokenomics Opportunities for TEEs
In the Web3 and encryption ecosystem, TEE can be deeply integrated with tokenomics to bring new value creation opportunities. Specific opportunities include:
Tokenized computing resources: The Decentralization computing platform can exchange computing resources through tokens, and users and node operators can participate in computing tasks, submit and verify data through encryption tokens, and all computing resources and tasks can be exchanged through smart contracts.
Token incentives for TEE services: TEE-based privacy-preserving computing services can use tokens as user incentives or means of payment to ensure the smooth execution and verification of privacy-preserving computing tasks.
Decentralization Identity and Data Exchange: TEE can provide technical support for Decentralization Identity (DID) systems to ensure user data privacy while driving the adoption of Decentralization Identity and Data Exchange through tokenized incentives.
4.3 The key development direction of TEE in the encryption industry in the next five years
4.3.1 Deep integration of TEE and Web3
In the next five years, TEE technology will play an even more important role in Web3, especially in the following key areas:
Decentralization Finance (DeFi): TEE will be widely used in DeFi protocols to ensure the privacy of users’ transactions, the credibility of the computing process, and improve the security of smart contracts.
Privacy-preserving computing: With the improvement of privacy protection regulations in various countries, privacy-preserving computing will become a core component of Web3. The combination of TEE with privacy-preserving computing technologies such as zero-knowledge proofs (ZKP) and homomorphic encryption (FHE) will provide a more credible privacy protection solution for Web3.
Decentralization Artificial Intelligence (AI): TEE provides a secure computing environment for Decentralization AI and supports secure training and inference of AI models, so as to realize the intelligent application of Decentralization.
Cross-chain computing: As the blockchain ecosystem continues to expand, TEE will facilitate trusted computing between different chains, making cross-chain asset exchange and data processing more secure and efficient.
4.3.2 Hardware and protocol innovations for TEEs
As TEE technology continues to evolve, innovations in hardware and protocols will drive improvements in performance and security:
Hardware innovations: Next-generation hardware TEE solutions, such as RISC-V Keystone and Intel TDX (Trusted Execution Extensions), are expected to outperform existing solutions in terms of performance, security, and scalability.
Protocol innovation: The integration of TEE with technologies such as Multi-Party Secure Computing (MPC) and Zero-Knowledge Proof (ZKP) will drive the birth of new privacy-preserving protocols and trustless protocols.
Decentralization Hardware Platform: The Decentralization computing hardware platform will break through the traditional single-vendor model and promote more small nodes to participate in the trusted computing ecosystem, so as to maximize the utilization of Decentralization computing resources.
4.3.3 Evolution of Regulatory Compliance and Privacy Protection
With the increasing strictness of global privacy protection regulations, the innovation of TEE in compliance will be the key development direction in the next five years:
Multi-country compliance program: TEE technology will be adapted and innovated according to the privacy protection regulations of different countries and regions (such as GDPR, CCPA, PIPL) to ensure that the Decentralization computing environment meets global data protection requirements.
Transparent privacy-preserving computing: The combination of TEEs and technologies such as ZKP will make the privacy-preserving computation process verifiable, enhancing the trust of regulators and facilitating compliance implementation.
Chapter 5 Summary
TEE technology has a wide range of application potential in the Web3 ecosystem, which can not only provide a trustless computing environment, but also effectively protect user privacy. With the continuous development of TEE technology, it will play an increasingly important role in the fields of decentralization computing, privacy protection, and smart contracts, and promote the maturity and innovation of the Web3 ecosystem. At the same time, TEE will also give rise to new business models and tokenomics opportunities, bringing more value creation opportunities to the encryption industry. In the next five years, with hardware innovation, protocol development, and regulatory adaptation, TEE will become one of the indispensable core technologies in the encryption industry.
