Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

TeeRollup: Efficient Rollup Design Using Heterogeneous TEE

Xiaoqing Wen, Quanbi Feng, Hanzheng Lyu, Jianyu Niu, Yinqian Zhang, Chen Feng

TL;DR

TeeRollup tackles blockchain scalability by executing transactions off-chain inside heterogeneous TEEs and posting signed state transitions to the main chain, tolerating compromised TEEs through a multi-TEE committee and on-chain attestation. It integrates Data Availability Providers to reduce on-chain storage with a collateralized laziness-penalty scheme, and introduces a challenge mechanism to ensure redeemability when TEEs are unavailable. The architecture comprises TSC/MSC contracts, a sequencer committee, and DAPs, and it supports issuing, transferring, and redeeming TTokens with efficient on-chain verification focused on state digests. Empirical evaluation on Sepolia with SGX/TDX/CSV shows substantial on-chain gas savings, competitive throughput, and withdrawal times of a few minutes, highlighting TeeRollup’s practical potential for scalable, secure rollups.

Abstract

Rollups have emerged as a promising approach to improving blockchains' scalability by offloading transactions execution off-chain. Existing rollup solutions either leverage complex zero-knowledge proofs or optimistically assume execution correctness unless challenged. However, these solutions suffer from high gas costs and significant withdrawal delays, hindering their adoption in decentralized applications. This paper introduces TEERollup, an efficient rollup protocol that leverages Trusted Execution Environments (TEEs) to achieve both low gas costs and short withdrawal delays. Sequencers (system participants) execute transactions within TEEs and upload signed execution results to the blockchain with confidential keys of TEEs. Unlike most TEE-assisted blockchain designs, TEERollup adopts a practical threat model where the integrity and availability of TEEs may be compromised. To address these issues, we first introduce a distributed system of sequencers with heterogeneous TEEs, ensuring system security even if a certain proportion of TEEs are compromised. Second, we propose a challenge mechanism to solve the redeemability issue caused by TEE unavailability. Furthermore, TEERollup incorporates Data Availability Providers (DAPs) to reduce on-chain storage overhead and uses a laziness penalty mechanism to regulate DAP behavior. We implement a prototype of TEERollup in Golang, using the Ethereum test network, Sepolia. Our experimental results indicate that TEERollup outperforms zero-knowledge rollups (ZK-rollups), reducing on-chain verification costs by approximately 86% and withdrawal delays to a few minutes.

TeeRollup: Efficient Rollup Design Using Heterogeneous TEE

TL;DR

TeeRollup tackles blockchain scalability by executing transactions off-chain inside heterogeneous TEEs and posting signed state transitions to the main chain, tolerating compromised TEEs through a multi-TEE committee and on-chain attestation. It integrates Data Availability Providers to reduce on-chain storage with a collateralized laziness-penalty scheme, and introduces a challenge mechanism to ensure redeemability when TEEs are unavailable. The architecture comprises TSC/MSC contracts, a sequencer committee, and DAPs, and it supports issuing, transferring, and redeeming TTokens with efficient on-chain verification focused on state digests. Empirical evaluation on Sepolia with SGX/TDX/CSV shows substantial on-chain gas savings, competitive throughput, and withdrawal times of a few minutes, highlighting TeeRollup’s practical potential for scalable, secure rollups.

Abstract

Rollups have emerged as a promising approach to improving blockchains' scalability by offloading transactions execution off-chain. Existing rollup solutions either leverage complex zero-knowledge proofs or optimistically assume execution correctness unless challenged. However, these solutions suffer from high gas costs and significant withdrawal delays, hindering their adoption in decentralized applications. This paper introduces TEERollup, an efficient rollup protocol that leverages Trusted Execution Environments (TEEs) to achieve both low gas costs and short withdrawal delays. Sequencers (system participants) execute transactions within TEEs and upload signed execution results to the blockchain with confidential keys of TEEs. Unlike most TEE-assisted blockchain designs, TEERollup adopts a practical threat model where the integrity and availability of TEEs may be compromised. To address these issues, we first introduce a distributed system of sequencers with heterogeneous TEEs, ensuring system security even if a certain proportion of TEEs are compromised. Second, we propose a challenge mechanism to solve the redeemability issue caused by TEE unavailability. Furthermore, TEERollup incorporates Data Availability Providers (DAPs) to reduce on-chain storage overhead and uses a laziness penalty mechanism to regulate DAP behavior. We implement a prototype of TEERollup in Golang, using the Ethereum test network, Sepolia. Our experimental results indicate that TEERollup outperforms zero-knowledge rollups (ZK-rollups), reducing on-chain verification costs by approximately 86% and withdrawal delays to a few minutes.
Paper Structure (28 sections, 4 theorems, 3 equations, 4 figures, 4 tables, 1 algorithm)

This paper contains 28 sections, 4 theorems, 3 equations, 4 figures, 4 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Background
  3. Revisiting Rollup Solutions
  4. Rollup Data Availability
  5. Trusted Execution Environment
  6. Preliminaries
  7. Problem Statement and System Model
  8. System Model
  9. Threat Model
  10. System Goals
  11. Design Challenges
  12. TeeRollup Design
  13. Overview
  14. Data Structure
  15. Sequencers Registration and Configuration
  16. ...and 13 more sections

Key Result

Lemma 1

If a malicious sequencer forges an invalid current state $st_{h}^{\prime} \neq st_h$, the new state $st_{h+1}^{\prime}$ generated by the enclave will not be accepted by TSC.

Figures (4)

  • Figure 1: An overview of TeeRollup architecture. The red components represent smart contracts on the main chain, the blue components indicate operations executed within the TEE, and the gray components correspond to the storage provided by data availability providers.
  • Figure 2: An overview of the main functions provided by TeeRollup.
  • Figure 3: Transaction processing performance with varying numbers of sequencers and batch size in LAN and WAN.
  • Figure 4: System performance with/without SEV in LAN and WAN.

Theorems & Definitions (8)

  • Lemma 1
  • proof
  • Lemma 2
  • proof
  • Theorem 1: Correctness
  • proof
  • Theorem 2: Redeemability
  • proof