Trustless Computing Association

View Original

Why blockchain decentralization breaks apart at the egdes

Decentralized trust models, or rather trustless models for confidentiality and integrity are set to revolutionized the way we interact with the digital world – be it financial transactions, asset management or individual identification and authorization.

Blockchains have pioneered such decentralized trust models. However, they only offer these properties in the network and storage. The endpoints (both hardware and software), where the computations are produced and consumed, are still based on a trusted model, leaving them vulnerable.

Trusted Execution Environments (TEEs) such as Qualcomm’s QSEE and Trustonic’s Konibi have been the mainstay of trusted/secure computation on mobile devices offering mechanisms for trusted applications with a secure operating environment. They are capable of providing a secure and isolated hardware environment for trusted applications. They have been used extensively in applications such as biometric authentication (such as Apple iPhone’s fingerprint scanner) and attestation mechanisms (like recently proposed by Rivetz). However, as we have seen in the past, these trusted environments are not invulnerable, which can allow an attacker to gain access to the TEE itself. At the same time we are building critical applications such as decentralized e-voting (Horizon State), which require utmost trust in the entire system, from endpoint to the network to the auditing mechanism.

The security-by-obscurity paradigm of TEEs and physical computing substrates coupled the difficulty of using them and non-inspectability is not a viable setup for privacy-by-design and security-by-design requirements of the future decentralized applications. We envision the future hardware devices to provide Trustless Execution Environment, in the same spirit as the software layers (like blockchains) for the critical applications with ultra-high confidentiality and integrity requirements of the future.

In addition, but this is material for another post, much remains to be done to such blockchain technologies and the governance and economic inentive models to adeqautely mitigate the risk of re-centralization as economic and hacking pressure grow with the market capitalization of their crytpocurrencies, and adoption of blockchain (may soon) increase in high-stakes use case scenarios.