Passport
  • 👩‍💻Welcome
  • How Passport Works
    • Overview
    • Background
      • Threshold Cryptography
      • Secure Multi-Party Computation
      • Distributed Architecture
      • Secure Enclaves
    • In Depth
      • Under the Hood
      • User Flows and Account Controls
      • The Halides Model
      • End-to-End Encryption
      • Security
      • Node Operation
  • guides and examples
    • Getting Started
    • Quickstarts and Examples
      • Passkey Account
      • Clerk Auth
      • Lambda Quickstart
  • Authentication
    • Overview
    • Configuring your scope
    • Passkeys
      • Registration
        • Register using SDK
        • Register using API
          • Initiate Registration
          • Complete Registration
      • Authentication
        • Authenticating with SDK
        • Authenticating with API
          • Initiate Authentication
          • Complete Authentication
    • Developer Owned Auth
      • Registration
        • Register using SDK
        • Register using API
          • Delegate Registration
  • Wallet Operations
    • Overview
    • Passkeys Signer
      • Sign Message
        • Sign Message SDK
        • Sign Message API
      • Sign Transaction
        • Sign Transaction SDK
        • Sign Transaction API
    • DOA Signer
      • Sign Message
        • Sign Message SDK
        • Sign Message API
      • Sign Transaction
        • Sign Transaction SDK
        • Sign Transaction API
    • Viem Support
  • Programmability
    • Overview
    • Passport Lambda
    • Lambda Functions
      • Create Lambda
        • Create Lambda SDK
        • Create Lambda API
      • Execute Lambda
        • Execute Lambda SDK
        • Execute Lambda API
      • List Lambda
        • List Lambda SDK
        • List Lambda API
  • Appendix
    • Moving to Mainnet
    • State Of The Network
    • Generating DOA Keys
    • API Request Setup
      • Unauthenticated Requests
      • Authenticated Requests
Powered by GitBook
On this page
  1. How Passport Works
  2. Background

Secure Enclaves

Secure enclaves, also known as trusted execution environments (TEEs), are hardware-based security features that provide a secure and isolated execution environment for sensitive computations and data. These enclaves are typically implemented as part of the CPU or as separate hardware components and offer protection against both physical and software-based attacks.

At the core of secure enclaves is the concept of isolation, which ensures that the code and data running inside the enclave are protected from unauthorized access or tampering, even by privileged system software or administrators. This isolation is achieved through hardware-enforced memory protection mechanisms that prevent external entities from accessing the enclave's memory space.

One of the primary use cases for secure enclaves is the protection of cryptographic keys and other sensitive data. In Passport Protocol, enclaves are utilized to safeguard key shares stored on individual nodes from potential compromise by node operators. By keeping the key shares encrypted and accessible only within the secure enclave, Passport ensures that even if a node is compromised, the keys remain protected from unauthorized access.

Secure enclaves also offer tamper-resistant features, making it extremely difficult for attackers to extract or manipulate the data and code running inside the enclave. These features include secure boot processes, memory encryption, and runtime integrity checks, which collectively enhance the overall security of the enclave and the data it processes.

By leveraging secure enclaves, Passport augments its distributed protections by adding an additional layer of security to its key management processes. Enclaves provide a trusted execution environment where sensitive operations can be performed with confidence, ensuring the confidentiality and integrity of cryptographic keys and other critical data.

PreviousDistributed ArchitectureNextIn Depth

Last updated 1 year ago