How does the delegation chain help security and trust?
There are two common ways to protect data security and privacy. Either from the cryptographic approach or the unbreakable hardware approach. The former can guarantee privacy by math rule, the later guarantee by engineering. We did not choose the cryptographic approach because it is still far from practical. The cost is usually higher than the benefits. We did not choose the unbreakable hardware approach either, because no hardware is unbreakable over time. We design differently by using some part of their advantage but combine with the ideas we learn from the blockchain technologies. Therefore we come with the Delegation Chain idea.
We use some basic cryptographic technics, such as Hash, AES, RSA, ECC etc. But we did not use the more advanced FHE or MPC. On the other hand, we choose some basic security hardware technologies, such as TPM, HSM, but did not choose the more advanced TEE (SGX TrustZone etc). All of these basic technologies are both mature and low cost. Due to their limitation, any of them alone won’t be secure enough, but we creatively combine with together with the consensus idea we learnt from Blockchain. All of them work together to build a secure and trust execution environment.
In the beginning, I would like to list a few fear factors… But do not just get freak out yet, I will give you our solution later.
Fear Factor 1: Data and Code will be decrypted eventually at Executor
In the FHE cryptographic solution, the data will not be decrypted. They will be calculated in an encrypted way by the substitute algorithm. Since the data is never decrypted, it can be considered 100% secure. But we cannot do this, just because it is too expensive. We will keep the data/code encrypted transfer from the delegator, through all pinner and re-pinners, all the way to the executor. When the encrypted data/code reach the Executor, it will meet their encryption key, and get decrypted. The final step is actually run in CPU decrypted! Is it fear enough? If not, let’s face the second FearFactor
Fear Factor 2: Hardware can be broken and will be broken.
Most TEE depends on the carefully designed CPU hardware. The data /code will not peek out of the TEE, a small enclave inside the CPU. This is a wonderful design. However there are a few vulnerabilities found so far, and there will be more on the road…