kayabaNerve
commented
2 years ago With regards to Substrate-specific key security:
- https://github.com/paritytech/substrate/issues/4689 <- Remote signers (which then also discussed SGX and ARM-based security)
- https://github.com/paritytech/substrate/pull/10423 <- PR for keys secured by https://www.op-tee.org/
Intel SGX is a complete non-starter when discussing privacy, a stance I've made clear and will continue to do so. That's not what this issue is about though. The Intel SGX can be used as an increase in security. Despite continued attacks, even recently, and Intel's backdoors, it can prevent a variety of unauthorized actions.
Making FROST keys executed under the SGX could potentially prevent most malware from being able to access the keys. While malware could still fake an out instruction, that could? be mitigated by also having the SGX implement a light client. Then the issue is that the keys being compromised only has significance if 2/3rds are, and that'd also enable compromising the chain.
... moving the chain keys in instead/as-well may therefore be the benefit? There may be other angles the SGX can help with? Using the SGX should prevent exfiltration by a rogue hosting provider, without extensive resources, in a discussion similar to #80?
At the very least, an SGX option for our cryptography would be beneficial. Then Serai using those features could be discussed, yet Serai mandating them would be its own complicated discussion. For now, I'd like to create a discussion issue on SGX usage, which can latter be expanded into features for specific crates.