@elizaos/plugin-tee

A plugin for handling Trusted Execution Environment (TEE) operations, providing secure key derivation and remote attestation capabilities.

Overview

This plugin provides functionality to:

• Generate secure keys within a TEE environment
• Derive Ed25519 keypairs for Solana
• Derive ECDSA keypairs for Ethereum
• Generate remote attestation quotes
• Manage wallet interactions with TEE-derived keys

Installation

npm install @elizaos/plugin-tee

Configuration

The plugin requires the following environment variables:

TEE_MODE=LOCAL|DOCKER|PRODUCTION
WALLET_SECRET_SALT=your_secret_salt  # Required for single agent deployments
DSTACK_SIMULATOR_ENDPOINT=your-endpoint-url  # Optional, for simulator purposes

Usage

Import and register the plugin in your Eliza configuration:

import { teePlugin } from '@elizaos/plugin-tee';

export default {
  plugins: [teePlugin],
  // ... other configuration
};

Features

DeriveKeyProvider

The DeriveKeyProvider allows for secure key derivation within a TEE environment:

import { DeriveKeyProvider } from '@elizaos/plugin-tee';

// Initialize the provider
const provider = new DeriveKeyProvider();

// Derive a raw key
const rawKey = await provider.rawDeriveKey('/path/to/derive', 'subject-identifier');
// rawKey is a DeriveKeyResponse that can be used for further processing
const rawKeyArray = rawKey.asUint8Array();

// Derive a Solana keypair (Ed25519)
const solanaKeypair = await provider.deriveEd25519Keypair('/path/to/derive', 'subject-identifier');

// Derive an Ethereum keypair (ECDSA)
const evmKeypair = await provider.deriveEcdsaKeypair('/path/to/derive', 'subject-identifier');

RemoteAttestationProvider

The RemoteAttestationProvider generates remote attestations within a TEE environment:

import { RemoteAttestationProvider } from '@elizaos/plugin-tee';

const provider = new RemoteAttestationProvider();
const attestation = await provider.generateAttestation('your-report-data');

Development

Building

npm run build

Testing

npm run test

Local Development

To get a TEE simulator for local testing, use the following commands:

docker pull phalanetwork/tappd-simulator:latest
# by default the simulator is available in localhost:8090
docker run --rm -p 8090:8090 phalanetwork/tappd-simulator:latest

Dependencies

• @phala/dstack-sdk: Core TEE functionality
• @solana/web3.js: Solana blockchain interaction
• viem: Ethereum interaction library
• Other standard dependencies listed in package.json

API Reference

Providers

• deriveKeyProvider: Manages secure key derivation within TEE
• remoteAttestationProvider: Handles generation of remote attestation quotes
• walletProvider: Manages wallet interactions with TEE-derived keys

Types

enum TEEMode {
  OFF = 'OFF',
  LOCAL = 'LOCAL', // For local development with simulator
  DOCKER = 'DOCKER', // For docker development with simulator
  PRODUCTION = 'PRODUCTION', // For production without simulator
}

interface RemoteAttestationQuote {
  quote: string;
  timestamp: number;
}

Future Enhancements

1. Key Management

   • Advanced key derivation schemes
   • Multi-party computation support
   • Key rotation automation
   • Backup and recovery systems
   • Hardware security module integration
   • Custom derivation paths

2. Remote Attestation

   • Enhanced quote verification
   • Multiple TEE provider support
   • Automated attestation renewal
   • Policy management system
   • Compliance reporting
   • Audit trail generation

3. Security Features

   • Memory encryption improvements
   • Side-channel protection
   • Secure state management
   • Access control systems
   • Threat detection
   • Security monitoring

4. Chain Integration

   • Multi-chain support expansion
   • Cross-chain attestation
   • Chain-specific optimizations
   • Custom signing schemes
   • Transaction privacy
   • Bridge security

5. Developer Tools

   • Enhanced debugging capabilities
   • Testing framework
   • Simulation environment
   • Documentation generator
   • Performance profiling
   • Integration templates

6. Performance Optimization

   • Parallel processing
   • Caching mechanisms
   • Resource management
   • Latency reduction
   • Throughput improvements
   • Load balancing

We welcome community feedback and contributions to help prioritize these enhancements.

Contributing

Contributions are welcome! Please see the CONTRIBUTING.md file for more information.

Credits

This plugin integrates with and builds upon several key technologies:

• Phala Network: Confidential smart contract platform
• @phala/dstack-sdk: Core TEE functionality
• @solana/web3.js: Solana blockchain interaction
• viem: Ethereum interaction library
• Intel SGX: Trusted Execution Environment technology

Special thanks to:

• The Phala Network team for their TEE infrastructure
• The Intel SGX team for TEE technology
• The dStack SDK maintainers
• The Eliza community for their contributions and feedback

For more information about TEE capabilities:

• Phala Documentation
• Intel SGX Documentation
• TEE Security Best Practices
• dStack SDK Reference

License

This plugin is part of the Eliza project. See the main project repository for license information.