Secret Network 2023 — FHE + TEEs Lategame, White Hat Disclosure
Greetings privacy community,
On August 18th, 2021 I published an article titled “Secret Network & TEEs — Let’s Talk FUD & Vulnerability”. This article received thousands of reads, and was often quoted as an article in response to concerns around the security of Secret Network.
Today, I plan to release a brief spritual successor to this article. With the recent white hat disclosure of an attack that could decrypt Secret Network private transactions, I want to retrospectively express my thoughts on the collective situation for any retail user, venture capitalist, or curious community member.
I will do this by first talking about the various trade-offs blockchains make, and then we will dive into Secret Network’s existing trade-offs and where it might head in the future.
Decentralization & Permissionless Infrastructure
As with all technology, attributes do not exist in a vacuum. Often times, we are forced to make concessions in order to achieve certain attributes.
The first and most well documented spectrum is centralization versus decentralization. The deeper any system gets integrated into centralization, the more benefits it entails:
- Ability to rapidly iterate
- Simpler governance
- Performance
At the same time, centralization also brings risks:
- Trust assumptions
- Centralized points of failure
- Less wisdom of the village
Secret Network as a blockchain has 75 nodes globally distributed in the active set, with permisionless access for nodes to register on the network. Some networks are choosing to have permissioned registration only — this reduces the attack surface of side-chain attacks but ultimately reduces the degree of decentralization and censorship resistance in the process. Secret Network has chosen the hard path of permissionless infrastructure tied to its decentralization.
Privacy
I now want to pivot the conversation to privacy.
By my definition, privacy is an attribute that is provided as a result of technology obfuscating information from external parties while simultaneously giving consensual data exposure to a set of counter parties.
But privacy as a word is confusing. What makes something more private than something else? It all comes down to trust assumptions. A trust assumption is in essence the system or process you are trusting to obfuscate your data into perpetuity. Every form of privacy has a set of trust assumptions that are protecting you. Some of the assumptions are stronger/safer than other, but all come with trade-offs. Some of these privacy chains will claim to have minimal trust assumptions but ultimately shift around the risks of said trust assumption in clever ways.
Would you use a privacy chain if a computation took 10 minutes and cost you a significant amount of funds to perform a single transaction?
Would you use a privacy chain with cheap, instant transactions that regularly exposed your data to some entities?
Secret Network 1.0 made a strong trust assumption: assume that Trusted Execution Enviroments (TEEs) were a pragmatic, scalable, and private solution that could be trusted.
What was discovered along the way? In isloation, TEEs are pragmatic, scalable, but have weaknesses due to its privacy assumptions tied to hardware level encryption being the primary point of obfuscation.
Fortunately, the trust assumption can be upgraded and modified in real time. The technology can continue to be hardened.
Before we talk about the recent disclosure, I want to list an optimal end state for Secret 2.0 that I believe we headed towards:
- Decentralized
- Performant
- Permissionless infrastructure participation
- TEEs + Threshold FHE
- Key rotation / sharding
- Sovereign Auditability
Currently, Secret Network 1.0 is the following:
- Decentralized
- Performant
- Permissionless infrastructure participation
- TEEs
- Sovereign Auditability
With the next wave of Secret Network, the privacy tech will be hardened while maintaing key attributes of performance. I think folks underestimate the fact that Secret Network has been live since 2020 and is still the only private smart contract platform with confidential compute live out in the wild. It is battle tested, but not perfect.
It is an evolving experiment brave enough to not be perfect in the name of being an engineering experiment more than a science project. It will continue to attract builders on the basis of its imperfect but steady march towards a balanced privacy-solution that maintains performance for smart contracts and apps.
The above is a picture of Secret Network with lategame hardened privacy.
The vision is there to improve it.
Read Secret Network 2.0 Privacy Late Game
ZKPs — Some Thoughts
In my opinion, there is no catch all solution. ZKPs which are touted as a purist solution to privacy ultimately boils down to trusting the cryptography and circuit implementation. You are trusting….a software implementation of mathematics. Which means you are trusting both the math and the software. With a hardware solution, you are trusting software and hardware. Would I prefer to swap out hardware for mathematics? Absolutely. Do I think ZKP folks and anti-TEE folks like to sidestep the trust assumptions of ZKPs? Definitely.
Onwards to disclosure.
White Hat Disclosure
On October 3rd, whitehat researchers notified SCRT Labs of a vulnerability affecting the privacy of data stored on Secret Network, which the development team began taking immediate action to mitigate and resolve. This disclosure was related to the recently disclosed xAPIC architectural bug, an uninitialized memory read in the CPU itself that impacted certain SGX-enabled CPUs. The researchers demonstrated the ability to access the consensus seed, from which other network seeds are derived. To the best of our knowledge, no malicious actor exploited this vulnerability in the wild before disclosure and mitigation. [credit]
SCRT Labs then worked directly with Intel and the researchers to design and build a solution that would prevent any vulnerable machines from rejoining the network. Those nodes were forcefully ejected from the network and their secrets deleted. The only way for those nodes to rejoin the network was to patch all known vulnerabilities, including xAPIC. This solution was successfully deployed in the November 2nd network upgrade.
With this upgrade, it is now infeasible to mount xAPIC attacks against the Secret Network mainnet. [credit]
Observations
I want to make a couple of observations that I believe make this overall event largely encouraging as opposed to discouraging:
- The research grant was funded by Air Force Office of Scientific Research (AFOSR)
- Took two years of research to crack Secret Network TEEs
- Secret Network was chosen for research versus other privacy technologies
- Excellent subset of researchers that Secret Network is now in communication with
- Opportunity for the technology to improve
Conclusion
Secret Network has always said that privacy is the key to unlocking the full value of a decentralized future. I believe the recent disclosure is a massive opportunity for growth as Secret Network gets to harden the privacy technology and head towards TEE + Threshold FHE as an incredibly balanced solution that is viable in production. I look forward to seeing the network continue to evolve, despite the headwinds of the ever present battle against trust assumptions.
Onwards and upwards,
Carter Woetzel (Lead Researcher at Shade Protocol)
Resources
Secret Network Encryption Docs
