Bringing Smart Contract Confidentiality via Trusted Hardware: Fact and Fiction

Trusted Execution Environment (TEE)-assisted confidential smart contracts (TCSC) have attracted extensive attention from both academia and industry. Despite an enormous number of TCSC projects, the extent of confidentiality offered by them remains being questioned: the factual and fictional aspects are not well distinguished, which limits their adoption. In this paper, we provide a formal treatment of TCSC, endowing them with an expressive syntax and security definitions. Based on these definitions, we propose a provably secure TCSC instantiation. Then, we investigate each algorithm and identify the implementation flaws that may make a TCSC system violate its security properties. Our analysis reveals the gap between theoretical security models and real-world implementations: even assuming a TCSC is provably secure by design, it may still fail in practice. We further compare our TCSC instantiation with 16 representative TCSC systems. Our results show that, surprisingly, all these surveyed projects are subject to practical attacks. Finally, we implement a TCSC prototype and conduct a comprehensive evaluation, revealing the overheads of distributed key management and the performance challenges of executing complex contracts within TEEs.