Phala Network Docs
  • Home
    • 👾Phala Network Docs
  • Overview
    • ⚖️Phala Network
      • 💎Phala Cloud
      • 🥷Dstack
      • 🔐GPU TEE
    • 💎PHA Token
      • 🪙Introduction
      • 👐Delegation
        • Delegate to StakePool
        • What is Vault
        • What is Share
        • WrappedBalances & W-PHA
        • Examples of Delegation
        • Use Phala App to Delegate
        • Estimate Your Reward
      • 🗳️Governance
        • Governance Mechanism
        • Join the Council
        • Voting for Councillors
        • Apply for Project Funding
        • Phala Treasury
        • Phala Governance
        • Setting Up an Account Identity
  • Phala Cloud
    • 🚀Getting Started
      • Create Your Phala Cloud Account
      • Your First CVM Deployment
      • Explore Templates
        • Launch an Eliza Agent
        • Start from Template
    • 🪨TEEs, Attestation & Zero Trust Security
      • Attestation
      • Security Architecture
    • 🥷Phala Cloud User Guides
      • Deploy and Manage CVMs
        • Deploy CVM with Docker Compose
        • Set Secure Environment Variables
        • Deploy Private Docker Image to CVM
        • Debugging and Analyzing Logs
          • Check Logs
          • Private Log Viewer
          • Debug Your Application
        • Application Scaling & Resource Management
        • Upgrade Application
        • Deployment Cheat Sheet
      • Building with TEE
        • Access Your Applications
        • Expose Service Port
        • Setting Up Custom Domain
        • Secure Access Database
        • Create Crypto Wallet
        • Generate Remote Attestation
      • Advanced Deployment Options
        • Deploy CVM with Phala Cloud CLI
        • Deploy CVM with Phala Cloud API
        • Setup a CI/CD Pipeline
    • 🚢Be Production Ready
      • CI/CD Automation
        • Setup a CI/CD Pipeline
      • Production Checklist
      • Troubleshooting Guide
      • Glossary
    • 🔒Use Cases
      • TEE with AI
      • TEE with FHE and MPC
      • TEE with ZK and ZKrollup
    • 📋References
      • Phala Cloud CLI Reference
        • phala
          • auth
          • cvms
          • docker
          • simulator
      • Phala Cloud API & SDKs
        • API Endpoints & Examples
        • SDKs and Integrations
      • Phala Cloud Pricing
    • ❓FAQs
  • Dstack
    • Overview
    • Local Development Guide
    • Getting Started
    • Hardware Requirements
    • Design Documents
      • Whitepaper
      • Decentralized Root-of-Trust
      • Key Management Service
      • Zero Trust HTTPs (TLS)
    • Acknowledgement
    • ❓FAQs
  • LLM in GPU TEE
    • 👩‍💻Host LLM in GPU TEE
    • 🔐GPU TEE Inference API
    • 🏎️GPU TEE Benchmark
    • ❓FAQs
  • Tech Specs
    • ⛓️Blockchain
      • Blockchain Entities
      • Cluster of Workers
      • Secret Key Hierarchy
  • References
    • 🔐Setting Up a Wallet on Phala
      • Acquiring PHA
    • 🌉SubBridge
      • Cross-chain Transfer
      • Supported Assets
      • Asset Integration Guide
      • Technical Details
    • 👷Community Builders
    • 🤹Hackathon Guides
      • ETHGlobal Singapore
      • ETHGlobal San Francisco
      • ETHGlobal Bangkok
    • 🤯Advanced Topics
      • Cross Chain Solutions
      • System Contract and Drivers
      • Run Local Testnet
      • SideVM
    • 🆘Support
      • Available Phala Chains
      • Resource Limits
      • Transaction Costs
      • Compatibility Matrix
      • Block Explorers
      • Faucet
    • ⁉️FAQ
  • Compute Providers
    • 🙃Basic Info
      • Introduction
      • Gemini Tokenomics (Worker Rewards)
      • Budget balancer
      • Staking Mechanism
      • Requirements in Phala
      • Confidence Level & SGX Function
      • Rent Hardware
      • Error Summary
    • 🦿Run Workers on Phala
      • Solo Worker Deployment
      • PRBv3 Deployment
      • Using PRBv3 UI
      • PRB Worker Deployment
      • Switch Workers from Solo to PRB Mode
      • Headers-cache deployment
      • Archive node deployment
    • 🛡️Gatekeeper
      • Collator
      • Gatekeeper
  • Web Directory
    • Discord
    • GitHub
    • Twitter
    • YouTube
    • Forum
    • Medium
    • Telegram
Powered by GitBook
LogoLogo

Participate

  • Compute Providers
  • Node
  • Community
  • About Us

Resources

  • Technical Whitepaper
  • Token Economics
  • Docs
  • GitHub

More

  • Testnet
  • Explorer
  • Careers
  • Responsible Disclosure

COPYRIGHT © 2024 PHALA.LTD ALL RIGHTS RESERVED. May Phala be with you!

On this page
  • Introduction
  • Challenges in FHE/MPC Systems
  • TEE as a 2FA Mechanism: Architectural Overview
  • Workflow Example
  • Case Studies

Was this helpful?

Edit on GitHub
  1. Phala Cloud
  2. Use Cases

TEE with FHE and MPC

PreviousTEE with AINextTEE with ZK and ZKrollup

Last updated 3 months ago

Was this helpful?

Introduction

Fully Homomorphic Encryption (FHE) and Multi-Party Computation (MPC) are foundational technologies for privacy-preserving computation, enabling operations on encrypted data without decryption. However, their adoption in real-world systems, particularly blockchain and decentralized networks, faces challenges such as computational overhead, key management risks, and trust assumptions. This chapter explores how Phala Network's TEE can act as a 2FA mechanism to enhance the security and practicality of FHE/MPC workflows.

Check out earlier thoughts on and

Challenges in FHE/MPC Systems

Key Management Risks

  • Secure key generation, storage, and usage are critical vulnerabilities

  • Key compromise threatens data confidentiality and computation integrity

  • Software-based solutions remain susceptible to memory attacks and insider threats

Performance Limitations

  • FHE introduces significant computational overhead, impractical for time-sensitive applications

  • MPC reduces individual computation but increases network communication and coordination costs

  • Both technologies face scalability challenges in high-throughput environments

Trust Vulnerabilities

  • Systems rely on honest-majority assumptions that weaken with participant count

  • Collusion attacks become feasible when economic incentives align for malicious actors

  • Lack of accountability mechanisms when malicious behavior occurs

  • Threshold schemes vulnerable to withholding attacks that prevent result finalization

TEE as a 2FA Mechanism: Architectural Overview

TEEs provide hardware-enforced isolation for sensitive operations, combining the benefits of secure enclaves (e.g., Intel TDX) with cryptographic protocols. When integrated with FHE/MPC, TEEs act as a secondary trust layer, ensuring:

  • Secure Key Generation/Storage: Cryptographic keys are generated and stored within the TEE, isolated from the host OS or untrusted applications.

  • Computation Integrity: Critical operations (e.g., decryption of FHE results or MPC coordination) are verified within the TEE.

  • Attestation: Remote parties can cryptographically verify that computations were executed in a genuine TEE.

Workflow Example

  1. A master key is generated inside an TEE and never exposed externally.

  2. The MPC node signs a public verification key, which is shared with the network.

  3. The MPC node generate a attestation proof that prove the key generation and storage are done in a genuine TEE.

For FHE Computation:

  1. Users encrypt data using FHE and send to FHE server.

  2. FHE finished the computation and encrypt the result with the MPC key.

  3. The MPC nodes in TEE decrypting intermediate results and return the result to users.

Case Studies

MPC nodes build a docker image and deploy it to , see the .

🔒
SGX as 2FA for FHE/MPC
Drawbacks in FHE Blockchain and how TEE can help
Phala Cloud
tutorial
Cover
Cover

Fairblock: Building Unruggable AI with an MPC-TEE Hybrid Architecture

Mind Network: Leverage TEE and FHE Build Blind Voting

🔐
🗳️