Strengthening Optimistic Rollups Using TEEs

The defining characteristic of a rollup is the ability to push L2 state updates to L1. Typically, either fraud proofs or validity proofs are used to ensure the correctness of each state update.

Fraud and validity proofs rely on the strong assumption that the underlying construction and implementation of the proof system are correct. Unfortunately, proof systems are complex pieces of code prone to bugs and errors, and it is impossible to guarantee they are infallible. For this reason, a diverse set of proof systems is essential to safeguard the overall robustness of the system - an idea that has reverberated in multiple places, including a recent blog post by OP Labs. Different proof systems act as a counter-check against each other: by comparing their outputs against each other we can identify potential discrepancies - similar to differential testing.

We propose implementing an additional prover system by leveraging Trusted Execution Environment (TEE) technology because this approach yields performance without the complexities associated with e.g., ZK circuits. We showed that TEE technology can efficiently complement proof systems by implementing the TEE Prover on Scroll.

The Case for Using TEEs in the OP Stack

1. TEEs Have Good Performance: TEEs offer reliable, fast, and cheap computation. The computational overhead of TEEs is low (can be negligible depending on which TEE technology is being used), meaning TEEs can compute the state transition very fast, with very low latency.
2. TEEs Complement Fraud Proof Systems: Fraud proofs are used to demonstrate that a state transition is incorrect. However, they cannot be used to prove that the state transition is indeed correct, leading to the interactive nature of fraud proofs and the requirement for a challenge period. On the other hand, computation in the TEEs can assert that the state transition is correct. This property can be utilized to provide fast-moving checkpoints for the rollup, e.g., a “justified” state following the agreement of the TEE that the state transition is correct.
3. TEEs can be Used Despite Not Being Infallible: A major concern surrounding TEEs, especially Intel SGX, is that they are frequently compromised. While it is true that vulnerabilities related to TEEs continue to be discovered, it is worth highlighting that these vulnerabilities are not fatal and can’t be exploited indefinitely once they are patched - existing exploits are implementation bugs that do not undermine the architectural design of TEEs. Moreover, these vulnerabilities are often difficult, or even impossible, to exploit unless certain conditions are met, e.g., Aepic Leak allows an attacker to access SGX’s most precious secrets, but cannot be exploited unless APIC registers are exposed. TEEs are also improving, and more technologies are emerging such as AMD SEV, Intel TDX, and AWS Nitro Enclaves. Lastly, if the vulnerability of one TEE is particularly concerning, a committee consisting of different TEE technologies (e.g., Intel + AMD + AWS) can be employed to increase the security of the overall system - in this scenario, a potential attacker would need to exploit multiple TEE technologies at the same time, making it increasingly difficult to mount an attack.

Brief Overview of the Solution

Whenever a state transition is pushed from L2 to L1, the TEE will perform the state transition and assess whether the transition is correct. If it is, it will push an attestation to L1 asserting the correctness of the new state. If the transition is incorrect, the TEE pauses the rollup and initiates a fraud proof.

1. The Co-Prover observes the state of the rollup and independently executes the state transition - the state is correct
2. Rollup submits the new state to L1
3. Co-Prover submits an attestation that the state submitted by the rollup is correct
4. The Co-Prover goes back to observing the rollup. In this case, it observes that the state computed by the rollup is invalid