TEE - FAQ
Common questions about the use of Trusted Execution Environments
Why does Litentry Use TEE’s?
To allow users to aggregate their fragmented identity, Litentry has a requirement of storing sensitive user data, such as a user's Polkadot or Ethereum account, Twitter account and credit scores. Trusted Execution Environments have been chosen as a fundamental approach to guarantee the security of data storage and data processing.
What is a TEE?
A Trusted Execution Environment is a secure area or enclave on a computer's processor, separate from the main operating system. It stores and processes data with complete integrity and protects data from any possible tampering from the outside. Computation within a TEE is totally invisible from the outside.
How does a TEE protect data privacy?
Litentry provides these closed environments or enclaves (TEE’s) in which only the user has control over their data and sharing authorisations. Besides the specific hardware design of a TEE, any input and output, such as a user's sensitive account relationships or their credentials, are encrypted with cryptographic keys.
How does a TEE create trust?
The trusted execution environment is known as a secured machine running a known piece of open source code. Everyone can verify the TEE's functionality and results. It functions as an independent 3th party. Everyone can also verify that the inputs and outputs of a TEE act according to the open source code.
How do you make sure that a TEE can be trusted?
Every TEE goes through an attestation process to ensure the code is running on a genuine and secure TEE from the hardware manufacturer. This process verifies the TEE’s code is untampered and verifies the dedicated cryptographic keypair of the specific TEE. These keys allow the TEE to sign its own messages as a means of verification that a specific credential was issued by a specific TEE.
How does Litentry use’s TEE’s?
Litentry uses Trusted Execution Enclaves to protect the sensitive relations of identity owner. A user can store & communicate the relationships between their web2 & Web3 accounts safely since it is protected by the TEE and encrypted during communication. Our TEE’s also verify the on-chain information that is related to those accounts as an independent trustworthy observer and help users practice selective disclosure of their credentials.
How does the TEE allow for ‘Selective Disclosure’ of credentials?
Since the TEE acts as an independent trustworthy and verifiable observer it can issue claims and credentials about the accounts being stored inside its enclave. This privacy preserving middle layer allows the user to manage the amount of information they select to disclose or allows to share. A user might prefer to share the possession of a token but not its amount or purchase date.