TL;DR
- Secure enclaves (e.g. Intel SGX) are hardware technologies that protect sensitive data in cloud computing, and they are often used to secure cryptographic keys in Web3.
- Recent vulnerabilities in these enclaves highlight that they are insufficient to achieve robust security for highly sensitive data such as private keys. Therefore, relying solely on secure enclaves can result in irreparable financial damage.
- Combining MPC (Multi-Party Computation) with secure enclaves offers a much stronger security model by distributing the cryptographic keys across multiple providers and technology stacks (e.g. one share on AWS Nitro, one on Azure Confidential Containers, and one on GCP’s AMD SEV).
- This approach significantly hardens the security posture of crypto custodians and wallets. Since even if one cloud provider / secure enclave technology is compromised, an attacker will not be able to compromise the full private key.
The Recent SGX Vulnerability
In a recent report posted originally on X, a vulnerability is claimed to be found in SGX, one of Intel’s enclave technologies. This report follows a long line of vulnerabilities found in SGX, going back to 2017.
In a nutshell, enclave technology allows you to execute your software on someone else’s server without worrying about him meddling with the software or learning anything about its internal, private data. This is typically useful in cloud computing environments: After all, how can you trust the cloud provider not to mess with your sensitive data if they own and manages all the servers?
Why Secure Enclaves are Not Enough for Wallets and Custody Providers
In the rapidly evolving world of Web3, the security of digital assets is paramount. Many wallets and custody providers rely on hardware-based secure enclaves such as Intel SGX, AMD SEV, and AWS Nitro to protect the private keys that safeguard these assets. But as recent vulnerabilities have shown, secure enclaves alone are not the “bulletproof” solution they are often touted to be.
Understanding Secure Enclaves
Modern processors, whether in the cloud, on mobile phones, or on personal computers, often come equipped with hardware enclaves. These are isolated environments designed to execute trusted software securely, even in potentially compromised systems. The goal is to ensure the privacy and authenticity of both the inputs and outputs of the software, as well as its internal state.
A common example of this technology in action is Digital Rights Management (DRM). Streaming services like Netflix use enclaves to present movies on your screen without allowing the files to be downloaded and illegally copied. In the realm of cryptocurrencies, enclaves are similarly employed to manage keys within wallet applications, supposedly ensuring that only the user can control their wallet.
The Problem With Trusting Enclaves
The security of this approach hinges entirely on the integrity of the enclave technology. However, what happens if the guarantees offered by these enclaves are compromised? Unfortunately, this is not just a theoretical concern. Numerous vulnerabilities have been discovered in popular enclave technologies over the years, casting doubt on their reliability.
For example, Intel's SGX, one of the most widely used secure enclave technologies, has been repeatedly targeted and breached (see here, here and here). AMD-SEV was also shown to be vulnerable. These vulnerabilities raise significant concerns about the reliability of enclaves for key management, particularly when these keys are crucial to the security of digital assets.
In the recent vulnerability report, the very mechanism that enclaves use to assert the authenticity of their outputs - a secret key held by the hardware manufacturer - has also been compromised. It was revealed that one of Intel's SGX secret keys was leaked. This breach not only undermines the security of SGX but also shakes the trust that many have placed in secure enclave technologies as a whole.
The MPC Advantage: A Stronger Security Model
This is where Multi-Party Computation (MPC) comes into play. Unlike relying on a single secure enclave, MPC distributes the cryptographic key into multiple shares that are managed across different environments. For example, by using Sodot's MPC infrastructure, secret shares can be deployed across multiple cloud providers, each utilizing different enclave technologies, such as AWS Nitro, Intel SGX and AMD-SEV. Specifically with Sodot, this can be set up in a matter of minutes.
In this setup, a potential attacker would need to compromise all of these different enclave technologies and cloud infrastructures simultaneously to access the private key- a feat that is exponentially more difficult than attacking a single enclave (this would simply require waiting for the next secure enclave vulnerability to be published).
Conclusion
While secure enclaves offer a level of protection, they are not infallible. The increasing number of discovered vulnerabilities underscores the need for a more resilient security model. By leveraging MPC, Sodot provides a solution that goes beyond the limitations of secure enclaves, offering a multi-layered defense that significantly enhances the security of digital assets in the Web3 space.
For additional information, feel free to reach out.