FAQ Trusted Execution Environment

Common questions about the use of Trusted Execution Environments

Please also visit more detailed FAQ's for Litentry Protocol or the IdentityHub.

Does Litentry make use of Zero-Knowledge-Proofs

No, Litentry uses a Trusted Execution Enclave (TEE) to protect user data. The TEE is like a blackbox in which the code is open sourced, yet Litentry cannot see what input is given by the identity owner. This ensures that the data is stored, processed and protected in a secure environment. The Intel SGX chipset is used for this purpose, where all verified accounts & addresses are stored in the form of an identity graph. TEE's are also used in your smartphone to store biometric information. A TEE essentially has the same outcome as Zero-Knowledge-Proofs. A TEE can issue a truth statement about an identity without disclosing the on-chain information or the address the information can be found. So in a comparison of ZKP vs. TEE. ‘Why would I trust the truth statement?'

ZKP: because of this profound mathematic calculation and verification, limited in certain operation logics.

SGX: Because of the trust in the integrity of Intel SGX and the open source logic Litentry. Which allows for verifiability, and more flexible implementation & functionality. The TEE acts as an independent observer that can not reveal more information then ordered by the owner. Please read out 3 Part series for a deep dive on TEE vs ZKP. Privacy in Litentry I: Implications and Design Privacy in Litentry II: Trusted Execution Environment Explained Privacy in Litentry III: TEE-sidechain

Why does Litentry Use Trusted Execution Environments(TEE)?

To allow users to aggregate their fragmented identity, Litentry has a requirement of storing sensitive user data, such as a user's Polkadot or Ethereum account, Twitter account and credit scores. Trusted Execution Environments have been chosen as a fundamental approach to guarantee the security of data storage and data processing.

What is a Trusted Execution Environment (TEE)?

A Trusted Execution Environment is a secure area or enclave on a computer's processor, separate from the main operating system. It stores and processes data with complete integrity and protects data from any possible tampering from the outside. Computation within a TEE is totally invisible from the outside.

How does a TEE protect data privacy?

Litentry provides these closed environments or enclaves (TEE’s) in which only the user has control over their data and sharing authorisations. Besides the specific hardware design of a TEE, any input and output, such as a user's sensitive account relationships or their credentials, are encrypted with cryptographic keys.

How does a TEE create trust?

The trusted execution environment is known as a secured machine running a known piece of open source code. Everyone can verify the TEE's functionality and results. It functions as an independent 3th party. Everyone can also verify that the inputs and outputs of a TEE act according to the open source code.

How do you make sure that a TEE can be trusted?

Every TEE goes through an attestation process to ensure the code is running on a genuine and secure TEE from the hardware manufacturer. This process verifies the TEE’s code is untampered and verifies the dedicated cryptographic keypair of the specific TEE. These keys allow the TEE to sign its own messages as a means of verification that a specific credential was issued by a specific TEE.

How exactly does Litentry use’s TEE’s?

Litentry uses Trusted Execution Enclaves to protect the sensitive relations of identity owner. A user can store & communicate the relationships between their web2 & Web3 accounts safely since it is protected by the TEE and encrypted during communication. Our TEE’s also verify the on-chain information that is related to those accounts as an independent trustworthy observer and help users practice selective disclosure of their credentials.

How does the TEE allow for ‘Selective Disclosure’ of credentials?

Since the TEE acts as an independent trustworthy and verifiable observer it can issue claims and credentials about the accounts being stored inside its enclave. This privacy preserving middle layer allows the user to manage the amount of information they select to disclose or allows to share. A user might prefer to share the possession of a token but not its amount or purchase date.

Last updated