Using Cryptographic solution ( such as FHE, MPC) to solve the trusted computing problem have been approved by math. However, the TEA project is not fully built on cryptography. It is a combination of modern computing technologies, hardware security and consensus of blockchain. This is a new solution that never been approved yet. So we have to build something target to get broken. If it cannot be broken, then it can be approved. If it is broken, well, we will find out a better solution then.
During the system design process, we have done many test simulations based on different kinds of threat models. I know we cannot cover all threat models, we will need our readers to provide more possible thread models.
Since I own a TEA node, I can root it
Yes, you can root it since you own it. Just like a computer stand on your desk. You can open it, you can replace the hard drive, you can replace the boot loader and load your customized OS. As long as there is one chip you cannot break — The TPM chip or HSM (a small model protected by the TPM) — our TEA system won’t be affected by your hacking. What if you actually break the TPM chip? Of course, you can, you can smash it with a hammer, or toss it into a fire. As long as the TPM no longer works, your TEA node is no longer a TEA node, it just becomes a regular computer outside of our TEA network.
The TEA nodes run Remote Attestation on any other TEA node, only those who can pass the test will be recognized as a TEA node. One of the most important steps in Remote Attestation is secure boot PCR verification. Every TEA node has an open-sourced manifest about its configuration including every tech stack layers it runs from booting to customized actor wasms. This manifest is human and machine-readable. It stored on IPFS. The Cid of this manifest is signed by the embedded TPM and posted on layer1 blockchain as an Evidence of Boot (EoB). Any other node can obtain this manifest from blockchain and IPFS, check if you can anything suspicious installed and running in your system.
Of course, you can lie. You have a looks-good manifest posted while actually start a different hacked version of tech stack. The interesting part is that TPM will record what “actually” boots into your system not what you claimed. This recorded data is called PCR inside the hardware TPM chips. It cannot be modified by anyone including the owner. But it can be sent to a…