emo.eth pfp
emo.eth
@emo.eth
what are security implications or trade offs of TEE based signers like turnkey? how much more / less secure are they than a traditional multisig? a hardware wallet? what about once you export the private key (switching service providers or they go out of business)?
3 replies
0 recast
6 reactions
Andrew pfp
Andrew
@andrewmohawk
More/less secure is nuanced here since TEE is really just the way we handle all the wallet infra rather than comparing it directly to a multisig/hardware wallet itself. TEE lets you guarantee that the "computer" (TEE) you are running your "hardware" wallet on is exactly what you expect and not modified at all (you can attest the hardware, software and the software inside can sign everything that comes out). I think the best way to think of them is that you have a guaranteed safe environment to run the wallet infra, and post that you have things like policy engines that can make sure that wallet only does what you want to do and it can validate its only you asking it do things. So whenever guidance is like "use a locked down chromebook with the linux partition removed that has updates but never goes on the Internet" its cause we want to get to a safe state we can trust! And thats the TEE!
1 reply
0 recast
1 reaction
Andrew pfp
Andrew
@andrewmohawk
Benefits over a multisig is that you dont have a flat wallet that just needs signatures, you have the luxury of having real defenses running in code to validate things for you and add restrictions and backstops. Benefits over a hardware wallet are that its basically a hardware wallet AND a computer you can trust, so you dont need to worry that the ledger app is compromised since there is no ledger app and you can know exactly what is running on the TEE. Exporting the private key, all bets are off, that offers the exact same risks as everywhere else. You can encrypt it before export, but ultimately once its outside the TEE, you have to trust an entire stack that its in. I'd almost always suggest that rather than export->import somewhere else you just move assets from the one to the other. The risk does not outweigh that gas fee to painfully move all your assets! Always happy to talk security anytime!
0 reply
0 recast
1 reaction