TEE-BFT: Pricing the Security of Data Center Execution Assurance

TL;DR

This paper introduces a model to evaluate the security costs of using Trusted Execution Environments (TEEs) in data centers, providing thresholds to prevent collusion and demonstrating the potential to safeguard trillions of dollars in value.

Contribution

It develops a cost-of-collusion model for TEE security in data centers, deriving deterrence thresholds and a conservative safety bound to prevent profitable collusion attacks.

Findings

Plausible TEE parameters can protect approximately one trillion dollars.

Derived closed-form thresholds effectively prevent collusion.

Model isolates key attack profitability drivers.

Abstract

Blockchains face inherent limitations when communicating outside their own ecosystem, largely due to the Byzantine Fault Tolerant (BFT) 3f+1 security model. Trusted Execution Environments (TEEs) are a promising mitigation because they allow a single trusted broker to interface securely with external systems. This paper develops a cost-of-collusion principal-agent model for compromising a TEE in a Data Center Execution Assurance design. The model isolates the main drivers of attack profitability: a K-of-n coordination threshold, independent detection risk q, heterogeneous per-member sanctions F_i, and a short-window flow prize (omega) proportional to the value secured (beta times V). We derive closed-form deterrence thresholds and a conservative design bound (V_safe) that make collusion unprofitable under transparent parameter choices. Calibrations based on time-advantaged arbitrage indicate that plausible TEE parameters can protect on the order of one trillion dollars in value.