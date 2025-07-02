Abstract and I. Introduction

II. A Lightning Tour

III. Systematization Methodology

IV. Layer-One Solution

V. Layer-Two Solution

VI. Discussion

VII. Research Challenges

VIII. Concluding Remarks and References

Appendix A. Key Managements

Appendix B. Anonymity and Confidentiality

Appendix C. Background

Appendix D. A TCSC-Based Voting Protocol





VII. RESEARCH CHALLENGES













Key management dilemma. The private keys in TEE-assisted systems are extremely crucial but hard to manage. On the one hand, putting the application keys in a single TEE contributes to the key security. However, it also makes the system raise the risk of a single point of failure. On the other hand, sharing the private key among multiple TEEs offers practical availability but (as a sacrifice) increases key exfiltration risk. Meanwhile, key sharing technologies are too complicated to adopt and cannot completely solve the key issues. Suppose that an attacker steals the attestation key somehow. She might consequently generate the attestation materials to deceive the user with a fake fact: The contract has been executed. Even worse, if a root key stored in the tamper-resistant hardware (e.g., Memory Encryption Engine Key in SGX) is compromised, all key technologies for protecting application keys become useless.





Transparency issues. Compared with cryptographic approaches backed by mathematics [22], [23], [27], the confidential smart contracts relied on TEEs are lack of transparency. On the one hand, contracts are executed inside TEEs, and the outputs are usually encrypted, which lacks public verifiability inherited from traditional blockchain systems. The attestation service can only guarantee that the encrypted outputs indeed come from a TEE. However, neither users nor the blockchain nodes can learn whether a TEE is compromised or executes contracts following the predefined specifications. Even if many TEEs can re-execute the same contract with the same setup (e.g., the same private key) to check outputs, this inevitably increases the key exfiltration risk in the face of a confidentiality breach. On the other hand, the precise architectures of chips are still unclear for some TEE products, such as Intel SGX [80]. TEE-assisted solutions force the user to put too much trust in the manufacturers of this hardware. Users even argue that Intel may have reduced the security of SGX to improve performance to cater for market demand [97]. Additionally, the attestation service used to prove that a program runs inside TEEs is centralized and non-transparent. A compromised provider has the ability to insert fake IDs, and further, steal the confidential state in smart contracts.

VIII. CONCLUDING REMARKS

The technologies on how to combine smart-contract execution with TEEs are mushrooming nowadays. The absence of systematic work confuses newcomers. In this paper, we provide the first SoK on TEE-assisted confidential smart contract systems. TEE technologies empower transparent smart contracts with confidentiality, greatly extending the scope of upper-layer applications. We summarize state-of-the-art solutions by proposing a unified framework covering aspects of design models, desired properties, and security considerations. Our analysis clarifies existing challenges and future directions for two mainstream architectures (layer-one and layer-two solutions). We believe that this work represents a snapshot of the technologies that have been open-sourced and made public in time. Our evaluation and analysis within this SoK will offer a good guide for communities, and greatly promote the prosperity of development for TCSC applications.





Acknowledgement. Rujia Li and Qi Wang are partially supported by the Shenzhen Fundamental Research Programs under Grant No.20200925154814002. We thank Xinrui Zhang (SUSTech) for her help. Also, we express our appreciation to anonymous reviewers for their valuable comments.

Authors: (1) Rujia Li, Southern University of Science and Technology, China, University of Birmingham, United Kingdom and this author contributed equally to this work; (2) Qin Wang, CSIRO Data61, Australia and this author contributed equally to this work; (3) Qi Wang, Southern University of Science and Technology, China; (4) David Galindo, University of Birmingham, United Kingdom; (5) Mark Ryan, University of Birmingham, United Kingdom.

This paper is available on arxiv under CC BY 4.0 DEED license.



