
TEE Revisited: A New Dawn Amid the Dilemma of Privacy Technology Development?
TechFlow Selected TechFlow Selected

TEE Revisited: A New Dawn Amid the Dilemma of Privacy Technology Development?
What changes can TEE bring in the face of performance and technical challenges posed by MPC and ZK technologies?
Author: LINDABELL
As demand for privacy protection grows, TEE has once again become a focal point of discussion. Although TEE was discussed several years ago, it failed to gain widespread adoption due to hardware security concerns. However, as MPC and ZK technologies face challenges in performance and technical requirements, many researchers and developers are turning their attention back to TEE.
This trend has also sparked debates on Twitter about whether TEE could replace ZK technology. Some users argue that TEE and ZK are complementary rather than competitive, as they address different problems and neither is perfect. Others point out that AWS and Intel offer higher security than the multi-signature protection used by Rollups. Given TEE's scalability in design space—something ZK cannot achieve—this trade-off may be worthwhile.
What is TEE?
TEE is not actually a new concept. It’s already used in everyday devices like Apple smartphones through the "Secure Enclave," which protects sensitive user information and performs cryptographic operations. The Secure Enclave is integrated into system-on-chip hardware and isolated from the main processor to ensure high security. For example, each time you use Touch ID or Face ID, the Secure Enclave verifies your biometric data while protecting it from exposure.
TEE stands for Trusted Execution Environment—a secure area within a computer or mobile device that operates independently of the main operating system. Its key features include isolation from the main OS, ensuring that internal data and execution remain secure even if the main OS is compromised; hardware-backed encryption to prevent code and data from being tampered with during runtime; and the use of encryption to protect sensitive data from leakage.
Currently, common implementations of TEE include:
-
Intel SGX: Provides hardware-isolated execution environments by creating secure memory regions (enclaves) to protect sensitive data and code.
-
ARM TrustZone: Creates a “secure world” and a “normal world” within the processor, where the secure world handles sensitive operations while the normal world manages regular tasks.
-
AWS Nitro Enclaves: Built on AWS Nitro TPM security chips, this provides cloud-based trusted execution environments designed specifically for confidential computing scenarios.
In the crypto space, TEE is most commonly used for off-chain computation in trusted and secure environments. Additionally, TEE’s remote attestation feature allows remote users to verify the integrity of code running inside the TEE, ensuring secure data processing. However, TEE faces criticism for insufficient decentralization, as it relies on centralized providers such as Intel and AWS. If these hardware vendors have backdoors or vulnerabilities, system security could be compromised. Nevertheless, as an auxiliary tool, TEE is easy to implement and low-cost, making it suitable for applications requiring high security and privacy protection. These advantages enable TEE to be applied across various crypto use cases, including privacy protection and enhancing Layer 2 security.
TEE Project Overview
Flashbots: Achieving Private Transactions and Decentralized Block Building via SGX
Since 2022, Flashbots has been exploring privacy technologies related to TEEs such as SGX, treating them as crucial building blocks for trustless collaboration along the transaction supply chain. In March 2023, Flashbots successfully ran a block builder within Intel's SGX enclave, marking progress toward private transactions and decentralized block building. By leveraging the SGX enclave, block builders and other infrastructure providers cannot see the content of user transactions. Builders generate verifiable valid blocks within the enclave and truthfully report their bids, potentially eliminating the need for mev-boost relays. Furthermore, this approach helps reduce risks associated with exclusive order flow, allowing transactions to remain private while still being accessible to all block builders running within the enclave.
While TEE can provide external resource access and privacy protection, its performance lags behind non-TEE alternatives. There are also centralization risks involved. Flashbots found that relying solely on TEE cannot solve all issues—it must be combined with additional security measures and external entities to verify TEE computations and code, ensuring transparency and trustworthiness. Therefore, Flashbots envisions a network composed of TEEs (called Kettles), alongside a permissionless public chain (SUAVE Chain) responsible for managing this network and hosting programs intended to run within the TEEs. This forms the foundational vision of SUAVE.
SUAVE (Single Unified Auction for Value Expression) is infrastructure designed to tackle MEV-related challenges, focusing on separating the roles of mempool and block production from existing blockchains into an independent network (a sequencing layer) that acts as a plug-and-play mempool and decentralized block builder for any blockchain.
(For more details on SUAVE, refer to previous ChainFeeds articles)
SUAVE will launch in two phases. The first version, SUAVE Centauri, includes an Order Flow Auction (OFA) and SUAVE Devnet (testnet). This initial implementation does not involve cryptography or TEE technology. The second phase, Andromeda, will run execution nodes within trusted execution environments (such as SGX). To ensure computations and code run as expected on offline TEE nodes, Flashbots leverages TEE’s remote attestation capability, enabling smart contracts to verify messages from TEEs. Specific steps include adding new precompiles to Solidity to generate remote attestations; using SGX processors to produce proofs; fully verifying those proofs on-chain; and utilizing the Automata-V3-DCAP library to validate the attestations.
In summary, SUAVE aims to replace current third-party systems by integrating TEEs—applications running within the SUAVE system (such as order flow auctions or block builders) will operate inside TEEs, with their computational and code integrity guaranteed through on-chain remote attestation.
Taiko: Building Multi-Proof System Raiko with SGX
The concept of TEE can be extended to Rollups to build multi-proof systems. Multi-proof refers to generating multiple types of proofs for a single block, similar to Ethereum’s multi-client model. This mechanism ensures that even if one proof has a vulnerability, others remain valid.
Under a multi-proof framework, any interested party can run a node to extract data such as transactions and Merkle proofs for all state accesses. Using this data, different types of proofs are generated and submitted together to a smart contract, which then verifies their correctness. For proofs generated via TEE, the system checks whether ECDSA signatures are issued by the expected address. Once all proofs pass verification and agree on the same block hash, the block is marked as proven and recorded on-chain.
Taiko is currently using Intel SGX technology to build Raiko, a multi-proof system for validating Taiko and Ethereum blocks. By using SGX, Taiko ensures data privacy and security when executing critical tasks. Even in the presence of potential vulnerabilities, TEE offers additional protection against attacks compromising the proof system. SGX proofs can be executed on a single machine in just seconds, without affecting proof generation efficiency. Moreover, Taiko has introduced a new architecture supporting compilation of client programs to run in both ZK and TEE environments, ensuring correct block state transitions, with performance and efficiency evaluated through benchmarking and monitoring.
Despite its advantages, implementing TEE presents certain challenges. For instance, SGX setup requires compatibility across different cloud provider CPUs and optimization of gas costs during verification. Additionally, a secure channel must be established to verify the correctness of computations and code. To overcome these hurdles, Taiko uses Gramine OS to encapsulate applications within trusted enclaves, providing user-friendly Docker and Kubernetes configurations so that anyone with an SGX-capable CPU can easily deploy and manage these applications.
According to Taiko’s announcement, Raiko currently supports SP1, Risc0, and SGX, and is actively working on integrating Jolt and Powdr. In the future, Taiko plans to integrate more Riscv32 ZK-VMs, expand Wasm ZK-VM support, directly integrate with Reth for real-time block proving, and adopt a modular architecture to support cross-chain block proofs.

Scroll: Collaborating with Automata to Develop TEE Prover
Scroll’s multi-proof mechanism aims to achieve three goals: enhance L2 security, avoid increasing finality time, and introduce only marginal cost for L2 transactions. Therefore, besides ZK proofs, Scroll had to weigh finality and cost-effectiveness when selecting an auxiliary proof mechanism. Fraud proofs, while highly secure, result in long finality times. zkEVM verifiers, though powerful, are costly and complex to develop. Ultimately, Scroll chose the TEE Prover proposed by Justin Drake as its auxiliary proof mechanism.
The TEE Prover runs within a protected TEE environment, enabling fast transaction execution and proof generation without impacting finality. Another major advantage of the TEE Prover lies in its efficiency—the overhead associated with the proving process is negligible.

Currently, Scroll is collaborating with Automata, a modular proof layer, to develop the TEE Prover for Scroll. Automata is a modular validation layer aiming to extend machine-level trust to Ethereum via TEE coprocessors. Scroll’s TEE Prover consists of two main components—on-chain and off-chain:
-
SGX Prover: An off-chain component running inside an enclave, checking whether the post-execution state root matches the existing one, then submitting a Proof of Execution (PoE) to the SGX Verifier.
-
SGX Verifier: A smart contract deployed on L1 that verifies both the state transition proposed by the SGX Prover and the attestation report submitted by the Intel SGX enclave.
The SGX Prover monitors transaction batches submitted by the sequencer on L1, ensuring the data used during state transitions is complete and unaltered. Then, it generates a Block Proof (PoB) containing all necessary information, guaranteeing all participating nodes use the same dataset. After execution, the SGX Prover submits a Proof of Execution (PoE) to L1. The SGX Verifier subsequently checks whether the PoE is signed by a legitimate SGX Prover.
The SGX Prover is written in Rust and uses SputnikVM as its EVM engine for executing smart contracts. This implementation can be compiled and run on machines supporting SGX hardware mode, and can also be debugged in non-SGX environments. Meanwhile, the SGX Verifier uses Automata’s open-source DCAP v3 verification library, capable of validating the entire block history of the Scroll testnet.
Moreover, to mitigate trust issues related to TEE implementation and hardware manufacturers, Scroll is researching a protocol that aggregates TEE provers from different hardware and clients. This protocol will incorporate threshold signature schemes—a cryptographic technique allowing multiple participants to jointly generate a signature, which is only valid if at least a threshold number (T) of N total participants agree. Specifically, the TEE Prover would require consistent proofs from at least T out of N TEE provers.

Automata: Enhancing Blockchain Security and Privacy with TEE Coprocessors
Automata Network is a modular validation layer that treats hardware as a shared Root of Trust, enabling numerous use cases such as multi-verifier systems based on TEE validators, fair and private RPC relaying, and block construction within encrypted enclaves.
As mentioned earlier, Scroll’s multi-proof system is developed in collaboration with Automata. Beyond that, Automata has also introduced its TEE coprocessor as a multi-prover AVS on the EigenLayer mainnet. A TEE coprocessor is specialized hardware designed to perform specific computational tasks, augmenting or extending the capabilities of the main chain. Automata’s TEE coprocessor extends blockchain functionality by performing secure computations within a TEE-isolated zone.
Specifically, the Multi-Prover AVS acts as a task control center, coordinating and managing multiple independent validators according to different protocol requirements. Protocols can publicly post tasks needing validation and organize a committed TEE committee incentivized by long-term rewards. Nodes (operators) performing the actual validation can register to participate and collaborate to ensure security. Token holders who wish to support protocol security act as stakers, delegating their stake to trusted operators. This staking enhances the economic security required in the early stages of a protocol, as staked funds serve as a bond that incentivizes honest and efficient operator behavior. EigenLayer creates a permissionless market where stakers, operators, and protocols can freely participate.

Secret Network: Privacy Protection Based on SGX Technology
The privacy-focused public chain Secret Network primarily achieves data privacy through Secret Contracts and TEE. To accomplish this, Secret Network adopts Intel SGX TEE technology and, to maintain network consistency, only permits the use of Intel SGX chips—other TEE technologies are not supported.
Secret Network employs a remote attestation process to verify the integrity and security of SGX enclaves. Before registration, each full node generates an attestation report proving its CPU has the latest hardware updates, which is then verified on-chain. Once a new node obtains the consensus-shared key, it can process network computations and transactions in parallel, maintaining overall network security. To minimize potential attack vectors, Secret Network opts for SGX-SPS (Server Platform Services) instead of SGX-ME (Management Engine).
In practice, Secret Network uses SGX to perform computations with encrypted inputs, outputs, and states. This means data remains encrypted throughout its lifecycle, preventing unauthorized access. Each validator node on Secret Network uses an Intel SGX-enabled CPU to process transactions, ensuring sensitive data is decrypted only within the secure enclave of each validator and remains inaccessible externally.
Oasis: Building Private Smart Contracts Using SGX
The privacy computing network Oasis uses a modular architecture, separating consensus and smart contract execution into distinct layers—the consensus layer and ParaTimes layer. As the smart contract execution layer, ParaTimes consists of multiple parallel ParaTimes, each representing a computational environment with shared state. This allows Oasis to handle complex computations in one environment and simple transactions in another.
ParaTimes can be categorized as either private or non-private, support different virtual machines, and can be designed as permissioned or permissionless systems. As one of Oasis’s core value propositions, the network combines TEE technology to launch two types of private smart contracts: Cipher and Sapphire. Both utilize Intel SGX TEE technology. Encrypted data and smart contracts enter the TEE together, where data is decrypted and processed by the contract, then re-encrypted before output. This ensures data confidentiality throughout processing, preventing leaks to node operators or app developers. The difference lies in Sapphire being a privacy-preserving EVM-compatible ParaTime, while Cipher is a privacy ParaTime for executing Wasm smart contracts.

Bool Network: Combining MPC, ZKP, and TEE to Enhance Bitcoin Verification Security and Decentralization
Bool Network integrates MPC, ZKP, and TEE technologies, transforming its external verifier cluster into a Dynamic Hidden Committee (DHC) to enhance network security.
Within the DHC, to solve the issue of private key exposure caused by consensus signing among external verifier nodes during validation, Bool Network introduces TEE technology. For example, using Intel SGX, private keys are sealed within the TEE, allowing nodes to run locally within a secure enclave, with no other components in the system able to access the data. Through remote attestation, witness nodes can present proofs confirming they are indeed running within a TEE and storing keys, which other nodes or smart contracts can verify on-chain.
Additionally, BOOL Network is fully open-access—any entity with TEE-capable hardware can become a validator by staking BOOL tokens.

Marlin: Achieving Decentralized Cloud Computing via TEE and ZK Coprocessors
Marlin is a verifiable computing protocol that combines trusted execution environments and ZK coprocessors to delegate complex workloads to a decentralized cloud.
Marlin includes various hardware types and subnetworks. Its TEE technology is primarily used in the Marlin Oyster subnetwork. Oyster is an open platform enabling developers to deploy custom computational tasks or services on untrusted third-party hosts. Currently, Oyster mainly relies on AWS Nitro Enclaves—a TEE based on AWS Nitro TPM security chips. To advance decentralization, Oyster may support more hardware vendors in the future. Additionally, Oyster allows DAOs to directly configure enclaves via smart contracts, eliminating the need for specific members to manage SSH or other authentication keys, thereby reducing reliance on manual operations.
Phala Network: TEE-Based Multi-Proof System SGX-Prover
Phala Network is a decentralized off-chain computing infrastructure dedicated to achieving data privacy and secure computation through TEE. Currently, Phala Network supports only Intel SGX as its TEE hardware. Based on a decentralized TEE network, Phala has built a TEE-based multi-proof system called Phala SGX-Prover. Specifically, the off-chain module sgx-prover generates a TEE Proof containing the computation result after running the state transition program, which is then submitted to the on-chain sgx-verifier for validation.
To address concerns about SGX centralization, Phala Network introduces two roles: Gatekeeper and Worker. Gatekeepers are elected by PHA token holders via NPoS and are responsible for managing network keys and overseeing the economic model. Workers run on SGX hardware. Through a key rotation mechanism, Gatekeepers help ensure the security of the TEE network.
Currently, Phala Network operates over 30,000 TEE devices registered and run by users worldwide. Additionally, Phala is exploring TEE-based fast finality solutions. In theory, fast finality could be achieved via TEE proofs, with ZK proofs provided only when necessary.
Conclusion
Regarding the debate on Twitter, Uniswap CEO Hayden Adams shared his perspective: “The negative feedback TEE receives often reflects the ‘perfect being the enemy of the good.’ Trade-offs exist everywhere. In blockchain security, the more tools available, the better.”
Through examining these use cases, the potential of TEE technology in addressing privacy and security challenges becomes evident. For example, Flashbots leverages TEE for private transactions and decentralized block building, while Taiko and Scroll utilize TEE to implement multi-proof systems, securing L2 transactions. However, most current projects rely on a single centralized vendor, posing certain risks. In the future, broader hardware vendor compatibility—and setting node ratios across different hardware platforms—could further reduce centralization risks stemming from over-reliance on any single provider.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News










