TSS account mnemonics and TDX attestation

[ameba23]

This related to the TDX attestation feature: https://github.com/entropyxyz/entropy-core/issues/982

In protocol sessions, TS servers are authenticated using their TSS account IDs and x25519 keys, both of which are derived from a mnemonic which is passed in by the user when starting the server. This allows the user to back them up as they wish.

In a TEE context, we want to be sure that the server we are authenticating is running in a trusted domain. We can do this by including these public keys in the attestation quote, which is signed by a hardware-protected keypair.

However, since these keypairs were generated outside of the trusted domain and passed in by the user, the attestation doesn't prove that anyone authenticating with these keys must be in the trusted domain. We really need them to be generated inside the trusted domain and never leave.

So i propose that the mnemonic should not be passed in but generated on initial startup. This will make it impossible to back it up externally. But i don't think it should be backed up. Rather, if access to the trusted domain is lost, a new threshold server with new credentials should be started. The staking extension pallet has an extrinsic which allows these account details to be changed.

The alternative would be to do an attestation at the beginning of every protocol session, including some fresh data such as the session id. But this has the disadvantage that it can only be verified by the other participating parties - who could decide to collude. Authenticating with keys which are linked to an on-chain attestation seems more secure to me.

[HCastano]

Related: https://github.com/entropyxyz/entropy-core/pull/853

[JesseAbram]

I strongly agree