Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TSS account mnemonics and TDX attestation #1015

Open
ameba23 opened this issue Aug 19, 2024 · 2 comments
Open

TSS account mnemonics and TDX attestation #1015

ameba23 opened this issue Aug 19, 2024 · 2 comments
Labels
Discussion Feature introduces a new feature
Milestone

Comments

@ameba23
Copy link
Contributor

ameba23 commented Aug 19, 2024

This related to the TDX attestation feature: #982

In protocol sessions, TS servers are authenticated using their TSS account IDs and x25519 keys, both of which are derived from a mnemonic which is passed in by the user when starting the server. This allows the user to back them up as they wish.

In a TEE context, we want to be sure that the server we are authenticating is running in a trusted domain. We can do this by including these public keys in the attestation quote, which is signed by a hardware-protected keypair.

However, since these keypairs were generated outside of the trusted domain and passed in by the user, the attestation doesn't prove that anyone authenticating with these keys must be in the trusted domain. We really need them to be generated inside the trusted domain and never leave.

So i propose that the mnemonic should not be passed in but generated on initial startup. This will make it impossible to back it up externally. But i don't think it should be backed up. Rather, if access to the trusted domain is lost, a new threshold server with new credentials should be started. The staking extension pallet has an extrinsic which allows these account details to be changed.

The alternative would be to do an attestation at the beginning of every protocol session, including some fresh data such as the session id. But this has the disadvantage that it can only be verified by the other participating parties - who could decide to collude. Authenticating with keys which are linked to an on-chain attestation seems more secure to me.

@HCastano
Copy link
Collaborator

HCastano commented Sep 9, 2024

Related: #853

@JesseAbram
Copy link
Member

I strongly agree

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Discussion Feature introduces a new feature
Projects
Status: 🌝 Soon
Development

No branches or pull requests

3 participants