The Forking Way: When TEEs Meet Consensus

TL;DR

The paper systematically analyzes how TEEs are integrated with blockchains to counter forking attacks, evaluating 29 TEE-based blockchain proposals and identifying four broad anti-forking techniques. It reveals practical cloning and rollback vulnerabilities in production-ready platforms (Phala, The Secret Network, and Ten) and discusses trade-offs between application expressiveness, throughput, and security depending on the chosen mitigation strategy. By examining stateless enclaves, ephemeral identities, fixed client sets, and state serialization, the authors demonstrate that many designs overlook key attack vectors and advocate for mitigations such as ephemeral IDs and ledger-backed serialization, with case studies illustrating real-world exploits. The work emphasizes that architecture choices—especially the layer of finality, throughput constraints, and trust assumptions—greatly influence the effectiveness of anti-forking measures, and it contributes concrete countermeasures and responsible disclosure to improve the security of TEE-based confidential blockchains.

Abstract

An increasing number of distributed platforms combine Trusted Execution Environments (TEEs) with blockchains. Indeed, many hail the combination of TEEs and blockchains a good "marriage": TEEs bring confidential computing to the blockchain while the consensus layer could help defend TEEs from forking attacks. In this paper, we systemize how current blockchain solutions integrate TEEs and to what extent they are secure against forking attacks. To do so, we thoroughly analyze 29 proposals for TEE-based blockchains, ranging from academic proposals to production-ready platforms. We uncover a lack of consensus in the community on how to combine TEEs and blockchains. In particular, we identify four broad means to interconnect TEEs with consensus, analyze their limitations, and discuss possible remedies. Our analysis also reveals previously undocumented forking attacks on three production-ready TEE-based blockchains: Ten, Phala, and the Secret Network. We leverage our analysis to propose effective countermeasures against those vulnerabilities; we responsibly disclosed our findings to the developers of each affected platform.

Figures (14)

• Figure 1: Overview of our systemization methodology: We classify SGX-based blockchains into four distinct categories and analyze their tradeoffs with respect to robustness, functionality, and performance.
• Figure 2: Example of a cloning attack on PoUW rem_pouw. A malicious miner starts two PoUW enclaves to increase its chances that one of its enclaves produces proof of useful work.
• Figure 3: Example of a (failed) cloning attack on Twilight twilight. A malicious relay forwards an encrypted payment to two instances of the Twilight enclave. Ephemeral keys prevent enclave $E'_M$ from decrypting the ciphertext.
• Figure 4: Example of a cloning attack against a non-deterministic smart contract in FastKitten fastkitten. A malicious host starts two enclaves and selects the preferred output.
• Figure 5: Example of a (failed) cloning attack on CCF russinovich2019ccf. A malicious primary runs two enclaves, $E_P$ and $E'_P$, where $E'_P$ keeps an outdated state. $C_B$ detects a view mismatch and terminates the connection.