Synchronicity’s Privacy Solution Overview

Introduction

Protostar leverages Corino, a distributed key management and data sealing system for coordinating shared private state across decentralized networks of trusted execution environments (TEEs), to create highly performant private blockchains that expand the design space for blockchain-native applications.

Corino utilizes hardware-based confidentiality and a defense-in-depth security posture to enable all nodes in a Protostar deployment to agree on and compute over an application state that remains entirely confidential, even to the node operators themselves. The shared private state consists of data contributed and controlled by many independent users who can fine-tune access to their sensitive data with minimal trust assumptions.

TEEs: Shared Private State Without Compromising Performance

One of the core utilities of blockchains is shared state (i.e., state that can be written to by multiple parties) without a trusted party controlling or enforcing rules over it. To achieve this, blockchains typically broadcast all transaction details transparently. Historically, on-chain privacy solutions have required significant sacrifices on performance, user experience and security.

Synchronicity Protostar leverages TEEs for high-performance computation over shared private state. TEEs are secure enclaves in CPU hardware where application code runs in isolation, so sensitive data (e.g., orders, user balances and liquidation prices) stays encrypted and cannot be accessed, even by the machine’s host operator. TEEs provide hardware-based confidentiality over shared state at near-plaintext speeds, unlike slower cryptographic privacy solutions like Fully Homomorphic Encryption (FHE), Multi-Party Computation (MPC) and zero knowledge (ZK) proofs.

The Problem With TEEs

TEEs have three main problems.

Physical attacks can compromise the integrity of computations TEEs perform;
On their own, TEEs are silos of private data. Without a way to synchronize shared state across TEEs, one compromised TEE can lead to the network on which it resides to permanently lose valuable information and suffer liveness and availability failures; and
Physical attacks can compromise the confidentiality TEEs provide.

Shared Private State Secured via ZKPs + Corino Key Management

Protostar uses a hybrid of trusted hardware and cryptography to thoughtfully address these problems to the maximum extent possible while maintaining competitive performance.

Protostar partitions confidentiality and integrity. Protostar proving nodes (run on TEEs) generate ZK proofs to cryptographically guarantee the integrity of state transitions without revealing any private information. Anyone can ensure that the integrity of any Protostar-native application is upheld by verifying these proofs.

This partitioning means that users don’t have to blindly “trust” TEEs for integrity as any malicious state transition or execution error would fail ZK proof verification. Thus, Protostar achieves stronger overall trust guarantees than hardware-only approaches and greater performance and flexibility than purely cryptographic ones.
Corino provides the ability for many nodes to run on a distributed set of TEEs with independent operators to share private state. Prior to Corino, state-of-the-art TEE deployments would have each TEE seal data with device-isolated keys, which meant that each node’s data was siloed from the rest of the network. This architecture leads to significant liveness and fault-tolerance concerns because in the event that even a single TEE is compromised or goes down, the network loses access to the data that was stored on it.

Corino overcomes this by implementing a robust data sealing and key management service (KMS) that provisions secret keys among nodes in the network so they can encrypt/decrypt the same state data.

This design allows arbitrary application state to be replicated and synchronized among nodes while remaining unreadable outside the network of TEEs. New TEE nodes can obtain state decryption keys (after authentication) and sync to the head of the network. If the lead sequencer goes down, another TEE can immediately take over and continue to make progress, ensuring liveness and fault-tolerance.
Corino applies a two-fold strategy to minimizing the risk of breached confidentiality.

First, it implements a defense-in-depth approach to securing data, including (a) seamless, regular, fine-grained key rotation to minimize the data exposure risk under any single key, and (b) a variety of techniques to detect physical tampering of nodes. If tampering is detected, the TEE can be swiftly removed from the network.

Second, it provides a suite of governance smart contracts for permissioning TEE roles and access to the shared private application state in a given Protostar deployment. This permissioning system allows for highly expressive access control conditions.

By systematically mitigating the risks inherent to TEEs, Protostar achieves a highly secure and performant foundation for shared private state.

Introduction

TEEs: Shared Private State Without Compromising Performance

The Problem With TEEs

TEEs have three main problems.

Physical attacks can compromise the integrity of computations TEEs perform;

On their own, TEEs are silos of private data. Without a way to synchronize shared state across TEEs, one compromised TEE can lead to the network on which it resides to permanently lose valuable information and suffer liveness and availability failures; and

Physical attacks can compromise the confidentiality TEEs provide.

Shared Private State Secured via ZKPs + Corino Key Management

Protostar uses a hybrid of trusted hardware and cryptography to thoughtfully address these problems to the maximum extent possible while maintaining competitive performance.

Protostar partitions confidentiality and integrity. Protostar proving nodes (run on TEEs) generate ZK proofs to cryptographically guarantee the integrity of state transitions without revealing any private information. Anyone can ensure that the integrity of any Protostar-native application is upheld by verifying these proofs.

This partitioning means that users don’t have to blindly “trust” TEEs for integrity as any malicious state transition or execution error would fail ZK proof verification. Thus, Protostar achieves stronger overall trust guarantees than hardware-only approaches and greater performance and flexibility than purely cryptographic ones.

Corino provides the ability for many nodes to run on a distributed set of TEEs with independent operators to share private state. Prior to Corino, state-of-the-art TEE deployments would have each TEE seal data with device-isolated keys, which meant that each node’s data was siloed from the rest of the network. This architecture leads to significant liveness and fault-tolerance concerns because in the event that even a single TEE is compromised or goes down, the network loses access to the data that was stored on it.

Corino overcomes this by implementing a robust data sealing and key management service (KMS) that provisions secret keys among nodes in the network so they can encrypt/decrypt the same state data.

This design allows arbitrary application state to be replicated and synchronized among nodes while remaining unreadable outside the network of TEEs. New TEE nodes can obtain state decryption keys (after authentication) and sync to the head of the network. If the lead sequencer goes down, another TEE can immediately take over and continue to make progress, ensuring liveness and fault-tolerance.

Corino applies a two-fold strategy to minimizing the risk of breached confidentiality.

First, it implements a defense-in-depth approach to securing data, including (a) seamless, regular, fine-grained key rotation to minimize the data exposure risk under any single key, and (b) a variety of techniques to detect physical tampering of nodes. If tampering is detected, the TEE can be swiftly removed from the network.

Second, it provides a suite of governance smart contracts for permissioning TEE roles and access to the shared private application state in a given Protostar deployment. This permissioning system allows for highly expressive access control conditions.

By systematically mitigating the risks inherent to TEEs, Protostar achieves a highly secure and performant foundation for shared private state.