emo.eth
@emo.eth
what are security implications or trade offs of TEE based signers like turnkey? how much more / less secure are they than a traditional multisig? a hardware wallet? what about once you export the private key (switching service providers or they go out of business)?
3 replies
0 recast
6 reactions
Garrett
@garrett
@turnkey @sarah @rollbit i’m curious too
0 reply
0 recast
3 reactions
Buck
@rollbit
Think there is a very large convo and happy to DM on telegram (@buckontelegram). Would recommend checking out http://whitepaper.turnkey.com for the full debrief of our approach! Biggest call-out here is that Turnkey leverages TEE’s to protect ANY sensitive actions that could touch funds (e.g., tx parsing, policy evaluation, auth) & is not soley focused on protecting the private key. This ensures a much more holistic model & helps avoid ByBit-style MITM attacks. We also leverage our custom OS, QuorumOS (QOS), for deployments into these enclaves, which eliminates single points of failure by ensuring that a quorum of Turnkey Operators is required for any deployment. We’ve built these applications to be verifiable down to the builds.
1 reply
0 recast
2 reactions
Andrew
@andrewmohawk
More/less secure is nuanced here since TEE is really just the way we handle all the wallet infra rather than comparing it directly to a multisig/hardware wallet itself. TEE lets you guarantee that the "computer" (TEE) you are running your "hardware" wallet on is exactly what you expect and not modified at all (you can attest the hardware, software and the software inside can sign everything that comes out). I think the best way to think of them is that you have a guaranteed safe environment to run the wallet infra, and post that you have things like policy engines that can make sure that wallet only does what you want to do and it can validate its only you asking it do things. So whenever guidance is like "use a locked down chromebook with the linux partition removed that has updates but never goes on the Internet" its cause we want to get to a safe state we can trust! And thats the TEE!
1 reply
0 recast
0 reaction
