PoC of a frame that's backed by a SGX. Made by hacking the Sirrah SGX-based light client and EVM. What's surprising is it's a *permissionless decentarlized TLS service*.... it shares the TLS private with any SGX node that joins, so anyone who can set up SGX could serve it https://173-230-135-104-000005.k37713.xyz:5001
well basically Automata's smart contract has Intel's public key hardcoded. https://github.com/automata-network/automata-dcap-v3-attestation/blob/main/contracts/AutomataDcapV3Attestation.sol#L30 There are some remaining caveats how to handle tcbInfos, prompt for more
Outstanding review of the Kevin Smith film you never heard of because it was released straight-to-NFT on Secret Network (I make a guest appearance) https://m.youtube.com/watch?v=5yP3JALaxvE
Sirrah: Speedrunning a TEE Coprocessor https://writings.flashbots.net/suave-tee-coprocessor
when you meet st peter at the pearly gates of heaven, in what language do you confess your sins, and why is it solidity?
Like this way we could use the default pCcs in "offline mode" with no API key, just by inputting PCCS evidence retrieved from on-chain
There should just be a smart contract PCCS, anyone can upload them since they can be checked against Intel's root key anyone, even using a sequencer is overkill. There aren't very many items in PCCS
Also Automata has an interesting approach here, where they do *builds* of SGX enclaves in AWS Nitro, so the build process does come w some evidence. Not sure I agree with this approach vs just improving dependency pinning for repro builds
These are great questions, imo exactly what are needed next. Reproducible builds aren't very durable yet, my best so far is just using the Gramine dockerhub image as starting point. We still need a community PCCS alternative, but it's clear that this is possible & untrusted code
1) I use gramine for rapid prototype, pufferfi use occlum https://github.com/PufferFinance/secure-signer Fortanix and teaclave used by others 2) RA-TLS yes, tho I prefer non-interactive attestation because it's more understandable 3) my goal is to use SGX only for things ZK can't work at all for, like auctions
Here's a post about Solidity verifiers for SGX remote attestation, https://collective.flashbots.net/t/demystifying-remote-attestation-by-taking-it-on-chain/2629/2 specifically RAVE from Puffer Finance and https://github.com/automata-network/automata-dcap-v3-attestation from Automata
For a youtube walkthrough see here: https://www.youtube.com/watch?v=2hxxgbacLds
This secretcli is just a lightweight rpc client, install instructions are here but it's pretty trivial https://docs.scrt.network/secret-network-documentation/development/tools-and-libraries/secret-cli/install I should be able to provide some alternate way to view it but it eludes me at the moment
Anyway to see the private metadata, one way from the command line is the following: secretcli q compute query secret1d96jn9azwqw40paqyd5g02kz0ye0udhhqlue7j '{"private_metadata": {"token_id": "818", "viewer":{"address": "secret1wxy97n3um7s602k57qjnzs2tgewpeg6a3umw7s", "viewing_key": "socrates1024 was here"}}}'
This is a horror film by Kevin Smith, it was released as an NFT and the intersection of people who cared enough to figure out how to use it, and the people who want to talk about the film, don't seem to overlap https://www.youtube.com/watch?v=HMDT5dgWKcE
Trick or treat: I bought this NFT second hand and set its viewing key to "socrates1024 was here", now everyone can watch it https://stashh.io/asset/killroy-was-here/818