Bribery zoo implementations for Trusted Execution Environments (TEEs) #4
Description
Fusaka is going to be activated on Ethereum mainnet on the 3rd December, 2025. As part of this update (EIP-7951), new precompile contracts will be added to the EVM (Ethereum Virtual Machine) supporting efficient elilptic curve group operations on the P-256 curve (also known as secp256r1 curve). This new precompile is going to have numerous exciting applications as P-256 is ubiquitous in web2, e.g., Apple Face/Touch ID, HSMs, TEEs, FIDO2/WebAuthn authenticators, etc. This upgrade may have potentially large impact on the Ethereum bribery zoo as well. In the next, let's assume that TEEs are safe and provide computational integrity and confidentiality. (In practice, we know, that many times, in various meaningful adversarial settings, they do not provide security, but let's not deal with that for now: see: this new paper)
EIP-7951 allows the gas-efficient on-chain verification of ECDSA signatures on the P-256 curve. This could be applied in and leveraged in TEE-based bribery contracts as follows. Imagine the following scenario.
- The briber implements a bribery program that can be executed in a TEE and sends this to the potential bribees.
- The potential bribees install the bribery program into their TEEs and let it run on inputs dictated by the briber.
- On-chain, the bribery contract only needs to verify the hash of the executed program and the ECDSA signatures of the TEEs.
The benefit (from a briber's point of view) of this precompile is twofold:
- Gas efficiency: now, the on-chain logic is much simpler, since much of the bribery logic is executed inside the TEE.
- Complexity: the bribery logic may be much more complex than the contracts presented in this repository so far, since the bribery contracts now do not need to deal with the limitations of the EVM (e.g., transaction gas limit), since now they can run in a TEE, that does not have much of the annoying limitations as those of the EVM.