Have been reading a bit about side-channel attacks on Intel SGX recently and am consistently confronted with hacks that breach privacy. A lot of them are architecture specific and after their discovery are patchable but the sum of them seems to have a pretty significant surface area and all it takes is a single, new vulnerability to undermine the privacy of a system. I also know this is a highly unoriginal concern and am sure the Flashbots team and collaborators have a good position on this that they’ve answered in the past but… Curious as to why confidence in SGX justified for such a high-stakes use-case (private block building)?
Perhaps y’all are taking proper precautions or have some other reason not to worry, but am curious to learn why!
Side-channel attacks are not unique to Intel SGX, they are always going to be possible with ANY trusted hardware. If an attacker has physical access to a system, then eventually given enough time and resources they can compromise it. That is why trusted hardware should be just one component of an overall implementation. TEE’s in combination with software protections, like Multi-Party Computation are the best we have today. Instead of your trusted computing being conducted on a single Intel SGX server, it can be performed across multiple distributed SGX servers through MPC. Ideally the distributed SGX servers would exist in politically segregated enviroments, e.g. for a 3 of 3 MPC setup, one SGX server would sit in Azure, one would sit in IBM Cloud, and one would sit on-premise. This makes an attacker’s job much more difficult. Now instead of having to go an physically attack one SGX server, they would need to do this for 3 distinct systems.
As far as why Intel SGX over other solutions: I would say it is by far the most battle tested, e.g. the Lindy effect. Yes there have been many CVEs identified, but you would expect that for how long it has been the market leader in this space. Also, it is fairly widely supported across cloud vendors, making it an optimal choice for building on. That said, there are competing solutions being worked on by other chip vendors in partnership with cloud providers, such as AMD SEV
I’m sure some experts in the space could make arguments why one vendors TEE implementation is better than another, but in reality to problem with trusted computing is a physics problem that can’t be overcome. You need to execute and store code somewhere, and it needs to be read in clear text eventually.