Solution #2
Last updated
Last updated
Hardening Attestation
Attestation currently provides weak integrity assurances. Most threat models currently assume that remote attestations are only a part of the solution. Key-sharing agreements along with zero-knowledge proofs are used as additional techniques to provide stronger integrity assurances via cryptographic proofs about the code being executed. Most projects will skip right to this and bare the overhead. There is however still more we can do to build up stronger integrity assurances via remote attestation, increasing security at the foundation without the use of this cryptography i.e:
Independence from a centralized verifier or trusted service
Multiple independent verifiers used to challenge a remote attestation quote
Root of Trust in self-signed X.509 certificates, unextended from a trusted CA
Reattestation every so often { Comparing signed enclave measurement to initial measurement in state }
Decentralize the hardware root of trust. { Ensure that data cannot be decrypted if an attacker accesses the hardware key generated by the manufacturer }
We can harden the integrity assumptions of remote attestation thereby increasing security.
In its evolved form, iron-clad guarantees of remotely attested enclaves subsume much of the role for
MPC(which still depends on splitting up a private key and threshold signing) and zero-knowledge. Bare in mind establishing trust guarantees between two untrusted remote parties is among the most difficult problems in modern computer science. We can make such improvements where they are clear and obvious and then reevaluate.
