what are security implications or trade offs of TEE based signers like turnkey?

how much more / less secure are they than a traditional multisig?

a hardware wallet?

what about once you export the private key (switching service providers or they go out of business)?

Think there is a very large convo and happy to DM on telegram (@buckontelegram). Would recommend checking out http://whitepaper.turnkey.com for the full debrief of our approach! Biggest call-out here is that Turnkey leverages TEE’s to protect ANY sensitive actions that could touch funds (e.g., tx parsing, policy evaluation, auth) & is not soley focused on protecting the private key. This ensures a much more holistic model & helps avoid ByBit-style MITM attacks. We also leverage our custom OS, QuorumOS (QOS), for deployments into these enclaves, which eliminates single points of failure by ensuring that a quorum of Turnkey Operators is required for any deployment. We’ve built these applications to be verifiable down to the builds.

prev: /nook, protocol @ opensea, co-author seaport & stuff.
professional @slokh and @0xalexander fanboy

[] It's nice to be important but it's important to be nice []
BD @turnkey []
NYC []
/replyguys []

re: how much more / less secure are they than a traditional multisig? a hardware wallet?

This is explained above but leveraging TEE’s to handle all sensitive actions takes the risk of Private Keys being sniffed and compromised (sometimes for a long period without folks knowing). I will note people also choose to set up Turnkey as a multisig as well as use Turnkey as a signer in multisig setups with other providers :)


re: what about once you export the private key (switching service providers or they go out of business)?

Definitely no issue with exporting the private key — we use encryption to allow for secure transfer of the key out of the enclave. That being said, once the key is exported it obviously no longer has the guarantee that it has never been exposed outside of the enclave.

again would love to dig in further on tg if you are interested 

cc: @garrett

Remote attestation can be used to verify that the code we think is running is what’s ACTUALLY running at any point in time. Finally, a big advantage is that you hold authenticators (not private key material) that are gated by our policy engine — this allows you to tightly scope access (e.g., allowed contract calls, multi-party approvals, etc.), and even roll the authenticators if they’re ever exposed. All in this gets you a very holistic security model, high performance (2000+ TPS, 50-100ms signging latency), and a ton of flexibility in your implementation that you wouldn’t have elsewhere. Turnkey is really the only option on the market that makes sense for high value use cases.