Confidential computing will take Blockchain to the next level of security
Blockchain is one of the biggest technology trends in recent years, with exciting potential across a seemingly endless range of use cases and applications. In their latest update to the Worldwide Blockchain Spending Guide, the International Data Corporation (IDC) predicts that global blockchain spending will be nearly $19 billion by 2024. According to the report, the banking and manufacturing industries are set to be the largest spenders, followed by professional services, retail, and insurance. From a technical perspective, combined IT and business services will account for more than two-thirds of all blockchain spending.
The prospects of blockchain are thrilling, but with great power comes great responsibility. Blockchain is facing new types of challenges when it comes to security and privacy, and this means creating new solutions.
In this blog post, we will briefly discuss the challenges the blockchain industry is struggling with and how confidential computing is here to help.
Blockchain security weaknesses
Blockchain is best known for being the driving technology behind Bitcoin and other cryptocurrencies. Simply put, Blockchain is a public digital ledger that provides a permanent copy of transactions.
The key advantage of a blockchain is that it assures that users who should have a piece of data in common know for sure that they see the same thing. Every set of records (blocks) added includes a cryptographic hash, with a timestamp and transaction metadata. Consequentially, one cannot change the data without altering the cryptographic hash, making changes auditable and traceable. Decentralized finance, or “DeFi,” is an umbrella term that refers to the concept of carrying out transactions on public blockchains. For example, instead of exchanging money through traditional financial systems, DeFi enables peer-to-peer digital transactions without intermediaries.
More and more companies have implemented blockchain technology in the last few years, and data breaches have unfortunately followed.
A study by Crystal Blockchain reports that overall $3.2+ billion in cryptocurrencies have been stolen through security breaches. Illegal activity has continued to grow in the cryptocurrency and DeFi market in 2022. Only in Q1 2022, the total amount of stolen funds from blockchain exceeded $2.1 billion.
In March this year, we witnessed possibly one of the largest crypto hacks ever, during which the Ethereum-linked sidechain Ronin network lost over $625 million in USDC and ether. Just recently, in June, Harmony’s Horizon suffered a $100 million attack and in August $190 million was seized by hackers in a breach targeting Nomad, a cross-chain messaging protocol.
How confidential computing solves security issues
Blockchain systems use asymmetric cryptography to secure transactions. Hence, the most crucial aspect of their security has always been the storage, protection, and use of private keys.
One of the ways in which confidential computing can enhance blockchain security is secure key management. With confidential computing, we can always and provably encrypt data and keys (for more on this topic check also our last blog post). This means keys are always kept in a secure vault that encrypts them at runtime and is verifiable from the outside. In relation to blockchain security, this translates into much higher protection against hackers or any other unauthorized access to private keys. Such access was the fundamental flaw in the Ronin and the Horizon attacks, which were possible because of compromised keys. The hackers took control of the majority of node validators and signed for malicious transactions.
Another benefit of confidential computing is the enhancement of confidentiality for transactions and smart contracts. With confidential computing, users can implement smart contracts in hardware-based Trusted Execution Environments (TEEs), which provide attestation about the contract’s code integrity. Thereby, ensuring the transactions are legitimate and authorized as only attested validators are allowed to participate in the network. The TEEs and their runtime encryption further ensure the confidentiality of the data processed by the contracts.
Case study: Building a secure blockchain platform with EGo
EGo is an open-source Software Development Kit (SDK) built to facilitate building confidential applications in Go Language. This makes it the perfect tool for implementing confidential computing for blockchain platforms. It comprehends a modified Go compiler, a Go library, and additional tooling. The EGo project enables the blockchain’s code to run inside an enclave shielded from anyone else, in 3 simple commands.
Conclusions
Confidential computing significantly reduces the risk of breaches for Blockchain and DeFi organizations. It re-establishes trust via cryptographic verification of the system’s integrity and confidentiality, which is called attestation. This ultimately means that you can have next-level privacy guarantees and ensured compliance with privacy laws. This will enable the next generation of blockchain applications to benefit companies without its downsides and confidentiality issues.
For more information on confidential computing, check out the whitepaper, contact us or simply leave a comment!
