Flashbots has long been a proponent for the use of TEEs. Along with our friends, we have been exploring various novel use cases in the web3/crypto world and have productionised some already. Our forum has become a de facto home for many TEE-based discussions in the growing TEE-web3 community.
However, realising the full potential of hardware security and placing it firmly and safely in the cryptographic tool chest is going to a very large community effort on many fronts. In order to facilitate this, we will publish our TEE-focused content to this new forum and encourage others to do the same. This forum will be tended to by members of the community - at first, mostly folks from Poetic technologies (thanks!).
Vision For This Forum
Since we are just getting going on this forum, we thought it would make sense to lay out explicitly what we hope this forum will accomplish.
There are two simultaneous efforts with the same goal of safe and effective TEE use operating over different time horisons:
-
Over the short-term, there is already an active community of people working to establish best practices, building out educational materials and helping to respond to vulnerabilities in current offerings. The hope is to create a support group to deal with the barely tenable position set for us by the incumbent hardware companies. While other forums or industry partners have too much pressure not to draw negative PR topics, this is a good place to vent about cloud providers not supporting open firmware. It’s a good place to publish early info on security vulnerabilities and discuss those.
-
Over the long-term: its plain to see that the status quo requires far too much trust in good-faith behaviour to be tenable for more than a few years. Addressing this will require new, secure and verifiable silicon and then low-level software to match. Work in this direction is also already underway, both technically and in the way of accumulating funding for what will inevitably be a large endeavour. We also hope that this forum can foster open discussions of these topics and can bring together those that believe radical improvement in the hardware supply chain is possible.
Of course, these are not independent. Those building on secure hardware today, can only commit to doing so if they have confidence that there will be a firmer future for the foundation they are building on tomorrow. Similarly, those working on designs that will only be realised several years down the line learn from modern day applications how these designs will be implemented, in particular in relationship to other cryptographic primitives.