Future Directions

Bluethroat Labs: Who are we?

We are a technical collective that studies TEEs. We study how they're built, how they break, and how to make them more reliable.

Vision for this document

To make this document the gold standard for practical security around TEEs.

Any web3 protocol that leverages TEEs in any capacity should be able to get significant help from this document on TEE security.

Future of this document

This document is and will remain a living resource. The TEE security landscape shifts rapidly: new hardware revisions and exploits, cloud platform changes, attestation updates, and emerging side-channel research can alter threat models quickly. For a technology as critical and as misunderstood as TEEs, regular updates are not optional, they are a must.

Here's a non-exhaustive list of all the ideas that we have to make this document richer:

• Appendices with extended references, examples, and supporting material

• Deep dives into additional TEE infrastructure providers (beyond AWS Nitro and dStack)

• Platform recommendations tied to specific protocol requirements and risk profiles

• Security-first hybrid architectures, including but not limited to:

  • ZK + TEEs

  • TEEs + MPC

  • ZK + TEEs + MPC

  • TEEs + FHE

• Post-mortems of TEE vulnerabilities, based on:

  • Real-world exploits and incident write-ups

  • Findings from blockchain audit reports and production failures

The long-term intention is for this guide to evolve into a community-maintained reference for practical TEE security in Web3: reviewed, challenged, and improved by engineers who are actively deploying and operating TEE systems.

This document will soon be open-sourced, and contributions from all interested parties will be welcomed.