Enclave Key is a signature key generated and managed by the key manager in Enclave. ELC uses this key to sign a commitment to create a signature as a commitment proof. An on-chain LCP client verifies this signature. This document refers to an Enclave key's public key as a public Enclave key.
Enclave Key generation is performed on execution of InitEnclaveCommand by App immediately after LCP Node startup. The generated key is encrypted in the LCP Node using the sealing function provided by SGX and then stored. When restarting the App, the stored key is unsealed and reused. It uses the MRENCLAVE policy as the sealing policy to prevent the reuse of the key encrypted in the previous version when restarting after updating the LCP Enclave.
The signature algorithm of the Enclave Key can be configured to avoid the unnecessary addition of precompiled contracts on EVM. Currently, it supports ECDSA with the secp256k1 curve as the signature algorithm.
sgx_read_rand (internally use RDRAND op) can be used to obtain a seed value that no one can read from outside the Enclave. The Enclave Key is generated based on this seed.
An LCP client registers the Enclave key in a trustless manner to validate the ELC's commitments. For this purpose, it generates a Quote containing the public Enclave key for the LCP Enclave, which is then used to create a Verifiable Quote by remote attestation. The Verifiable Quote is used for verifying that the associated enclave has generated the Quote. That is, the report data contained in the Verifiable Quote is a valid Enclave key generated by the expected enclave.
The remote attestation process must be performed every time a new LCP node is started or upon an Enclave key is updated.
The following figure shows the flow of generating an Enclave key and obtaining an Attestation Verification Report (AVR. cf. https://api.trustedservices.intel.com/documents/sgx-attestation-api-spec.pdf) for a Quote using IAS:
The details of each step in the flow are as follows:
- App sends InitEnclaveCommand to Enclave.
- Enclave generates a seed value and an Enclave key based on that value. It then seals it and stores it locally.
- Enclave creates its Report, including the public Enclave key as Report Data.
- Enclave returns the Report to App.
- The app passes the Report to the Quoting Enclave (QE) and requests the creation of a Quote.
- The QE signs the Report using its Attestation key, creates a Quote, and returns it to the App
Note that the following steps are necessary only when using an external attestation service such as IAS, etc. In the case of ECDSA Attestation using DCAP, the Quote obtained in step 6 should be an externally verifiable Quote.
- App sends the obtained Quote to IAS.
- IAS verifies the Quote and generates a signature for the Report consisting of the Quote and Enclave verification results. It then returns an Attestation Verification Report (AVR) containing those data and signatures. A key published by Intel certificates the key used for the signature. Therefore, the AVR is externally verifiable.
The LCP client uses the resulting Verifiable Quote (AVR) to register the public Enclave key. Details of this process are described in RegisterEnclaveKey.