01 - What is TEE?
TEE, the Trusted Execution Environment, is a "region" that is separated at the chip level. This region may not physically occupy a space on the chip, but it occupies a certain execution space logically. This space, known as Enclave in Intel SGX and SecureWorld in ARM TrustZone, is responsible for providing a more secure place for code execution and data storage to ensure confidentiality and integrity.
Without TEE, when a chip executes code, the code is either stored in the chip's internal cache or in external "memory" or hard drive. However, whether it is in cache or memory, all code and execution processes can be read by other programs, which means code execution lacks privacy. This is particularly fatal for applications that require hidden code and code flow. TEE provides an independent region for code execution at the chip level that cannot be accessed by other programs from both the software and hardware perspectives. This ensures the confidentiality and security of the code executed in this region.
TEE, as an independent code execution area unaffected by external influences, can place sensitive information, such as payment passwords, into TEE and perform password verification through TEE-provided interfaces. As long as the data inside TEE is not overwritten and the chip containing TEE is not lost, TEE can continuously provide password verification, while the password is almost inaccessible to external programs. On the other hand, TEE also periodically provides data integrity proofs through API interfaces to ensure that the external environment can know if the stored values inside TEE have changed.
If we want to illustrate this, TEE would be like an "embassy". Let's take the example of the Chinese Embassy located in the United States. As an extraterritorial area, the United States can see everything that the Chinese Embassy does, including the destruction of documents, but it cannot obtain detailed information on the destruction of documents and has no right to interfere with any actions of the embassy.
02 - Intel SGX
Intel SGX (Intel Software Guard Extensions) is an implementation of TEE provided by Intel and has become one of the most commonly used TEE solutions due to Intel's dominant position in the market over the past decade. In SGX, the TEE environment used for code execution is called Enclave, and data in Enclave can ensure its confidentiality and integrity. Intel also provides a method to verify whether a result is derived from SGX to prevent malicious entities from disguising as SGX to steal information. Finally, the SGX solution offers a broader security boundary where memory data, including BIOS, cannot access encrypted data in SGX.
Apart from Intel SGX, almost all mainstream chip companies provide TEE solutions. The TrustZone solution is offered by ARM, and the PSP solution is provided by AMD. TEE technology is also widely adopted in mobile chipsets such as MediaTek and Qualcomm.
03 - Can WisdomChain Use TEE?
The answer is yes.
TEE technology, as a privacy technology, is also applicable in the blockchain field, which ensures privacy through cryptography. In WisdomChain, although hybrid consensus has been implemented to achieve higher transaction processing efficiency, as a decentralized network, the efficiency of the network actually decreases as the number of block-producing nodes increases (due to the extended time for network-wide state synchronization), which is the classic CAP theorem. However, using TEE technology, a part of transaction execution can be injected into TEE space as encrypted code, enabling the network to omit the verification of TEE execution steps and even, in the most optimistic scenario, omit the verification of the result. This can compensate for the efficiency decline issue caused by the increasing number of block-producing nodes in the network.
Furthermore, as TEE can execute smart contracts confidentially, introducing TEE into WisdomChain can also provide privacy computation capabilities. Not only can token transactions achieve privacy, bu