Enhancing the Security of Rollup Sequencers using Decentrally Attested TEEs

TL;DR

This paper introduces a decentralized attestation mechanism for TEE-secured Rollup Sequencers, enhancing security against attacks while maintaining compatibility with existing Layer-2 solutions.

Contribution

It presents a novel design and implementation of a TEE-secured Sequencer with decentralized attestation, reducing centralization risks in Layer-2 blockchain scalability solutions.

Findings

Strengthens Sequencer integrity against attacks

Maintains compatibility with existing Layer-2 architectures

Demonstrates effectiveness through experimental evaluation

Abstract

The growing scalability demand of public Blockchains led to the rise of Layer-2 solutions, such as Rollups. Rollups improve transaction throughput by processing operations off-chain and posting the results on-chain. A critical component in Rollups is the Sequencer, responsible for receiving, ordering and batching transactions before they are submitted to the Layer-1 blockchain. While essential, the centralized nature of the Sequencer makes it vulnerable to attacks, such as censorship, transaction manipulation and tampering. To enhance its security, there are solutions in the literature that shield the Sequencer inside a Trusted Execution Environment (TEE). However, the attestation of TEEs introduces additional centralization, which is in contrast with the core Blockchain principle. In this paper, we propose a TEE-secured Sequencer equipped with a decentralized attestation mechanism. We outline the design and implementation of our solution, covering the system architecture, TEE integration, and the decentralization of the attestation process. Additionally, we present an experimental evaluation conducted on a realistic Rollup testnet. Our results show that this approach strengthens Sequencer integrity without sacrificing compatibility or deployability in existing Layer-2 architectures.