I am going to create an SGX-based service you can access at

https://frame.sirrah.flashbots.net/… .but you can also acesss it at https://123.45.67.8.frame.sirrah.flashbots.net for any IP that you want…. or even overload it with /etc/hosts…

Actually despite the https this is a completely permissionless service.

🚨 Wtf??? Frames just uses ordinary TLS, no fancy .eth ens resolver or whatever

The idea is that this service can be provided by any TEE Kettle, because every TEE Kettle with the same mrenclave will be able to share the same TLS certificate.

We can even co-opt the Certificate Transparency system to strengthen the guarantee. Certificate providers publish all their open Certificate Transparency logs. So as long as long as we can show the remote attestation corresponding to every item in the Certificate Transparency log, we can provide an end-to-end affirmative guarantee that only a TEE Kettle can fulfill the Frame request.

A perfect application is a Frame that’s a “virtual hardware wallet.” It generates a private key (within some TEE), and lets you preview and authorize a transaction (through Frames) before signing a transaction.

Show me the code:

https://github.com/flashbots/gramine-andromeda-revm/blob/amiller-frame/src/main.rs

https://github.com/amiller/andromeda-sirrah-contracts/blob/amiller-frame/src/examples/FrameTest.sol

Co-Opting Certificate Authorities for SGX-based integrity.

Untitled

Certificate authorities opt in to Certificate Transparency. They publish logs of all their values. So even though we would remain in centralized control of the DNS record…. what we would be relying on is that the CA publishes every certificate that they’ve signed.

https://crt.sh/?q=flashbots.net

Untitled

Untitled

As long as we only generate Certificates / Certificate Requests from within TEE Kettles, then we can show that we have a remote attestation corresponding to every certificate signed by the CA.

Basically to create a certificate, we would:

  1. first run a bootstrapping enclave and generate a TLS “certificate signing request” and store the private key. This is what existing RA-TLS libraries in SGX are for. Actually we do this in https://github.com/flashbots/geth-sgx-gramine#attest-enclave Geth-SGX-Gramine it just is a self signed certificate rather than a CSR.
  2. Then we would get our public key certificate signed by an actual CA like Letsencrypt. We can do that by responding to the domain name challenge. We now have a certificate chain to the “Kettle Only” private key. This certificate is published on the Certificate Transparency logs.