Dero Homomorphic Encryption v Trusted Execution Environment (TEE) for Privacy in Blockchain

Documenting DERO
3 min readFeb 28, 2022

--

Updated December 2023

There is another method to achieve privacy via encryption, that is the Trusted Execution Environment (TEE) as utilised by projects such as SCRT and ROSE.

Trusted Execution Environment is a method like Homomorphic Encryption, to perform operations on data in a form of encrypted state, this form is quite different though. TEE’s work by taking in encrypted data and decrypting it into an encrypted trusted area (called an enclave with Intel SGX) where operations can be performed on the data behind encryption for privacy. The trust in this setup comes from having the data in a decrypted state and having to rely on the surrounding “enclave” to be secure. If you did not create this area, if it is proprietary, then you are trusting it is secure.

This should then raise questions such as, who has the decryption key for the encrypted area? Is there a monitor to know if there is a leakage? Could there be a back-door into this trusted area?

If you could eliminate that trust, that would be optimal. If the operations could be performed on the data without decrypting it in the first place, without needing to put it in a trusted area, it would mean the attack surface is greatly reduced. Beyond just function, trust and attack surface are major differences between HE and TEE.

It is also important to remember that unless the whole blockchain is in a TEE then the resting state of a blockchain utilising TEE’s is not encrypted and is public. So balances in wallets can be seen and sender/receiver isn’t anonymized, please see block explorers of above mentioned coins. This is because the privacy mechanism used is not base layer but for other operations such as smart contract computation or some other function. It is an encrypted trusted box on top of a public blockchain. Privacy is not complete but partial.

Now in contrast we can look at what Homomorphic Encryption is, it is performing operations on data without first needing to decrypt it, then giving back encrypted data to the owner who also holds the decryption key. No trust is required as the transactional data is never decrypted, and the decryption key is never out of the hands of the data owner. Dero network has managed to bring this to the base layer, with computation light enough that a full node can be run on a raspberry pie. A common question regarding the “holy grail” of privacy, Homomorphic Encryption, is that it is computationally intense, not anymore.

DERO Homomorphic Encryption Blockchain Protocol is fully encrypted at rest and during transactions. You cannot see balances, you cannot see transaction details and node traffic is self-cert TLS encrypted. DERO is fully encrypted at all times on the layer 1 and P2P network level. This is unique and unachievable until now.

DHEBP released onto Mainnet February 26th 2022

If you have the option of L1 Homomorphic Encryption for privacy, fundamentally and objectively why wouldn’t you use it?

— — — — — — — — — — — — — — — — — — — — — — — — — — — —

DHEBP released onto Mainnet February 26th 2022

https://medium.com/deroproject/stargate-a-private-decentralized-application-platform-d166baa7cc2

https://github.com/deroproject/derohe#readme

https://docs.dero.io/

by: TheObjectiveAlpha

--

--

Documenting DERO

Context to aid understanding DERO Homomorphic Encryption Blockchain Protocol