{"id":"https://openalex.org/W4387857479","doi":"https://doi.org/10.56553/popets-2024-0035","title":"SGXonerate:Finding (and Partially Fixing) Privacy Flaws in TEE-based Smart Contract Platforms Without Breaking the TEE","display_name":"SGXonerate:Finding (and Partially Fixing) Privacy Flaws in TEE-based Smart Contract Platforms Without Breaking the TEE","publication_year":2023,"publication_date":"2023-10-22","ids":{"openalex":"https://openalex.org/W4387857479","doi":"https://doi.org/10.56553/popets-2024-0035"},"language":"en","primary_location":{"id":"doi:10.56553/popets-2024-0035","is_oa":true,"landing_page_url":"https://doi.org/10.56553/popets-2024-0035","pdf_url":"https://petsymposium.org/popets/2024/popets-2024-0035.pdf","source":{"id":"https://openalex.org/S4210183172","display_name":"Proceedings on Privacy Enhancing Technologies","issn_l":"2299-0984","issn":["2299-0984"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320322","host_organization_name":"De Gruyter Open","host_organization_lineage":["https://openalex.org/P4310320322","https://openalex.org/P4310313990"],"host_organization_lineage_names":["De Gruyter Open","De Gruyter"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings on Privacy Enhancing Technologies","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://petsymposium.org/popets/2024/popets-2024-0035.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5004570595","display_name":"Nerla Jean-Louis","orcid":null},"institutions":[{"id":"https://openalex.org/I157725225","display_name":"University of Illinois Urbana-Champaign","ror":"https://ror.org/047426m28","country_code":"US","type":"education","lineage":["https://openalex.org/I157725225"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Nerla Jean-Louis","raw_affiliation_strings":["University of Illinois Urbana Champaign","University of Illinois at Urbana-Champaign IL, USA"],"affiliations":[{"raw_affiliation_string":"University of Illinois Urbana Champaign","institution_ids":["https://openalex.org/I157725225"]},{"raw_affiliation_string":"University of Illinois at Urbana-Champaign IL, USA","institution_ids":["https://openalex.org/I157725225"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101668890","display_name":"Yunqi Li","orcid":"https://orcid.org/0000-0002-9482-9922"},"institutions":[{"id":"https://openalex.org/I157725225","display_name":"University of Illinois Urbana-Champaign","ror":"https://ror.org/047426m28","country_code":"US","type":"education","lineage":["https://openalex.org/I157725225"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yunqi Li","raw_affiliation_strings":["University of Illinois Urbana Champaign","University of Illinois at Urbana-Champaign IL, USA"],"affiliations":[{"raw_affiliation_string":"University of Illinois Urbana Champaign","institution_ids":["https://openalex.org/I157725225"]},{"raw_affiliation_string":"University of Illinois at Urbana-Champaign IL, USA","institution_ids":["https://openalex.org/I157725225"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5067019119","display_name":"Yan Ji","orcid":"https://orcid.org/0000-0002-9448-2164"},"institutions":[{"id":"https://openalex.org/I205783295","display_name":"Cornell University","ror":"https://ror.org/05bnh6r87","country_code":"US","type":"education","lineage":["https://openalex.org/I205783295"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yan Ji","raw_affiliation_strings":["Cornell University","Cornell University NY, USA"],"affiliations":[{"raw_affiliation_string":"Cornell University","institution_ids":["https://openalex.org/I205783295"]},{"raw_affiliation_string":"Cornell University NY, USA","institution_ids":["https://openalex.org/I205783295"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046778135","display_name":"Harjasleen Malvai","orcid":null},"institutions":[{"id":"https://openalex.org/I157725225","display_name":"University of Illinois Urbana-Champaign","ror":"https://ror.org/047426m28","country_code":"US","type":"education","lineage":["https://openalex.org/I157725225"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Harjasleen Malvai","raw_affiliation_strings":["University of Illinois Urbana Champaign","University of Illinois at Urbana-Champaign IL, USA"],"affiliations":[{"raw_affiliation_string":"University of Illinois Urbana Champaign","institution_ids":["https://openalex.org/I157725225"]},{"raw_affiliation_string":"University of Illinois at Urbana-Champaign IL, USA","institution_ids":["https://openalex.org/I157725225"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045569583","display_name":"Thomas Yurek","orcid":null},"institutions":[{"id":"https://openalex.org/I157725225","display_name":"University of Illinois Urbana-Champaign","ror":"https://ror.org/047426m28","country_code":"US","type":"education","lineage":["https://openalex.org/I157725225"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Thomas Yurek","raw_affiliation_strings":["University of Illinois Urbana Champaign","University of Illinois at Urbana-Champaign IL, USA"],"affiliations":[{"raw_affiliation_string":"University of Illinois Urbana Champaign","institution_ids":["https://openalex.org/I157725225"]},{"raw_affiliation_string":"University of Illinois at Urbana-Champaign IL, USA","institution_ids":["https://openalex.org/I157725225"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5091334949","display_name":"Sylvain Bellemare","orcid":"https://orcid.org/0009-0002-6860-6423"},"institutions":[{"id":"https://openalex.org/I205783295","display_name":"Cornell University","ror":"https://ror.org/05bnh6r87","country_code":"US","type":"education","lineage":["https://openalex.org/I205783295"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sylvain Bellemare","raw_affiliation_strings":["IC3 (Cornell University)","IC3 (Cornell University) NY, USA"],"affiliations":[{"raw_affiliation_string":"IC3 (Cornell University)","institution_ids":["https://openalex.org/I205783295"]},{"raw_affiliation_string":"IC3 (Cornell University) NY, USA","institution_ids":["https://openalex.org/I205783295"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5027248126","display_name":"Andrew Miller","orcid":"https://orcid.org/0000-0002-6152-6968"},"institutions":[{"id":"https://openalex.org/I157725225","display_name":"University of Illinois Urbana-Champaign","ror":"https://ror.org/047426m28","country_code":"US","type":"education","lineage":["https://openalex.org/I157725225"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Andrew Miller","raw_affiliation_strings":["University of Illinois Urbana Champaign, IC3","University of Illinois at Urbana-Champaign, IC3 IL, USA"],"affiliations":[{"raw_affiliation_string":"University of Illinois Urbana Champaign, IC3","institution_ids":["https://openalex.org/I157725225"]},{"raw_affiliation_string":"University of Illinois at Urbana-Champaign, IC3 IL, USA","institution_ids":["https://openalex.org/I157725225"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5004570595"],"corresponding_institution_ids":["https://openalex.org/I157725225"],"apc_list":null,"apc_paid":null,"fwci":2.6957,"has_fulltext":true,"cited_by_count":6,"citation_normalized_percentile":{"value":0.9198411,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":97},"biblio":{"volume":"2024","issue":"1","first_page":"617","last_page":"634"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10270","display_name":"Blockchain Technology Applications and Security","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10270","display_name":"Blockchain Technology Applications and Security","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9968000054359436,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9898999929428101,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/smart-contract","display_name":"Smart contract","score":0.7850406169891357},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7228238582611084},{"id":"https://openalex.org/keywords/porting","display_name":"Porting","score":0.5955708622932434},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5940330028533936},{"id":"https://openalex.org/keywords/consistency","display_name":"Consistency (knowledge bases)","score":0.5176894664764404},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.4896867573261261},{"id":"https://openalex.org/keywords/database-transaction","display_name":"Database transaction","score":0.45737719535827637},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.239300936460495},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.17745479941368103},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.15799424052238464},{"id":"https://openalex.org/keywords/blockchain","display_name":"Blockchain","score":0.15105211734771729},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.1142951250076294}],"concepts":[{"id":"https://openalex.org/C2779950589","wikidata":"https://www.wikidata.org/wiki/Q7544035","display_name":"Smart contract","level":3,"score":0.7850406169891357},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7228238582611084},{"id":"https://openalex.org/C106251023","wikidata":"https://www.wikidata.org/wiki/Q851989","display_name":"Porting","level":3,"score":0.5955708622932434},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5940330028533936},{"id":"https://openalex.org/C2776436953","wikidata":"https://www.wikidata.org/wiki/Q5163215","display_name":"Consistency (knowledge bases)","level":2,"score":0.5176894664764404},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.4896867573261261},{"id":"https://openalex.org/C75949130","wikidata":"https://www.wikidata.org/wiki/Q848010","display_name":"Database transaction","level":2,"score":0.45737719535827637},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.239300936460495},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.17745479941368103},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.15799424052238464},{"id":"https://openalex.org/C2779687700","wikidata":"https://www.wikidata.org/wiki/Q20514253","display_name":"Blockchain","level":2,"score":0.15105211734771729},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.1142951250076294}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.56553/popets-2024-0035","is_oa":true,"landing_page_url":"https://doi.org/10.56553/popets-2024-0035","pdf_url":"https://petsymposium.org/popets/2024/popets-2024-0035.pdf","source":{"id":"https://openalex.org/S4210183172","display_name":"Proceedings on Privacy Enhancing Technologies","issn_l":"2299-0984","issn":["2299-0984"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320322","host_organization_name":"De Gruyter Open","host_organization_lineage":["https://openalex.org/P4310320322","https://openalex.org/P4310313990"],"host_organization_lineage_names":["De Gruyter Open","De Gruyter"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings on Privacy Enhancing Technologies","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.56553/popets-2024-0035","is_oa":true,"landing_page_url":"https://doi.org/10.56553/popets-2024-0035","pdf_url":"https://petsymposium.org/popets/2024/popets-2024-0035.pdf","source":{"id":"https://openalex.org/S4210183172","display_name":"Proceedings on Privacy Enhancing Technologies","issn_l":"2299-0984","issn":["2299-0984"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320322","host_organization_name":"De Gruyter Open","host_organization_lineage":["https://openalex.org/P4310320322","https://openalex.org/P4310313990"],"host_organization_lineage_names":["De Gruyter Open","De Gruyter"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings on Privacy Enhancing Technologies","raw_type":"journal-article"},"sustainable_development_goals":[{"score":0.46000000834465027,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G5483847632","display_name":"Collaborative Research: SaTC: CORE: Medium: Hybridizing Trusted Execution Environments and Secure Multiparty Computation","funder_award_id":"2112726","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G7176098759","display_name":"CAREER: Composable Programming Abstractions for Secure Distributed Computing and Blockchain Applications","funder_award_id":"1943499","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4387857479.pdf"},"referenced_works_count":59,"referenced_works":["https://openalex.org/W1520270249","https://openalex.org/W1664413462","https://openalex.org/W1907293129","https://openalex.org/W1988374166","https://openalex.org/W1988699025","https://openalex.org/W2005756274","https://openalex.org/W2036329595","https://openalex.org/W2076623138","https://openalex.org/W2093460657","https://openalex.org/W2159024459","https://openalex.org/W2303253355","https://openalex.org/W2517744317","https://openalex.org/W2539190473","https://openalex.org/W2565287832","https://openalex.org/W2593994116","https://openalex.org/W2594560662","https://openalex.org/W2604789199","https://openalex.org/W2604844934","https://openalex.org/W2620979425","https://openalex.org/W2739551304","https://openalex.org/W2740773989","https://openalex.org/W2744175342","https://openalex.org/W2751696670","https://openalex.org/W2769061097","https://openalex.org/W2777931915","https://openalex.org/W2791034507","https://openalex.org/W2795193970","https://openalex.org/W2797481382","https://openalex.org/W2798876664","https://openalex.org/W2803925245","https://openalex.org/W2807478047","https://openalex.org/W2888787871","https://openalex.org/W2888798936","https://openalex.org/W2898893210","https://openalex.org/W2899703500","https://openalex.org/W2947718647","https://openalex.org/W2949557841","https://openalex.org/W2949844816","https://openalex.org/W2950168363","https://openalex.org/W2950551784","https://openalex.org/W2982003166","https://openalex.org/W2984747683","https://openalex.org/W2996753292","https://openalex.org/W3015292646","https://openalex.org/W3015844221","https://openalex.org/W3016124762","https://openalex.org/W3032514785","https://openalex.org/W3043762149","https://openalex.org/W3129190210","https://openalex.org/W3152901657","https://openalex.org/W3154651159","https://openalex.org/W3174448527","https://openalex.org/W4210729252","https://openalex.org/W4224923627","https://openalex.org/W4281650148","https://openalex.org/W4281687596","https://openalex.org/W4297211441","https://openalex.org/W4308642193","https://openalex.org/W4381304672"],"related_works":["https://openalex.org/W2356602486","https://openalex.org/W2351992668","https://openalex.org/W3103506657","https://openalex.org/W4292566855","https://openalex.org/W3090326592","https://openalex.org/W4293653209","https://openalex.org/W3194076087","https://openalex.org/W4383898246","https://openalex.org/W3115304877","https://openalex.org/W3019372139"],"abstract_inverted_index":{"TEE-based":[0,49,104],"smart":[1,28,50,105],"contracts":[2,51],"are":[3,232],"an":[4],"emerging":[5],"blockchain":[6],"architecture,":[7],"offering":[8],"fully":[9,233],"programmable":[10],"privacy":[11,42,164,244],"with":[12,26,116,318],"better":[13],"performance":[14],"than":[15],"alternatives":[16],"like":[17],"secure":[18],"multiparty":[19],"computation.":[20],"They":[21],"can":[22,36],"also":[23],"support":[24],"compatibility":[25],"existing":[27,33],"contract":[29,106,150],"languages,":[30],"such":[31,222],"that":[32,142,240],"(plaintext)":[34],"applications":[35],"be":[37,65,178,227,314],"readily":[38],"ported,":[39],"picking":[40],"up":[41],"enhancements":[43],"automatically.":[44],"While":[45],"previous":[46],"analysis":[47],"of":[48,56,99,102,165,212,246,254,261,278],"have":[52,127,284,296],"focused":[53,68],"on":[54,69,316],"failures":[55],"TEE":[57],"itself,":[58],"we":[59],"asked":[60],"whether":[61],"other":[62],"aspects":[63],"might":[64],"understudied.":[66],"We":[67,93,229,264,295],"state":[70,213,280,311],"consistency,":[71,281],"a":[72,96,100,237,275,287,304],"concern":[73],"area":[74],"highlighted":[75],"by":[76,235],"Li":[77],"et":[78],"al.,":[79],"as":[80,82,119,121],"well":[81,120],"new":[83],"concerns":[84],"including":[85],"access":[86,143,157],"pattern":[87,144,158],"leakage":[88,145],"and":[89,124,136,197,257],"software":[90,292],"upgrade":[91,293],"mechanisms.":[92],"carried":[94],"out":[95],"code":[97],"review":[98],"cohort":[101,185],"four":[103],"platforms.":[107],"These":[108],"include":[109],"Secret":[110,153,299],"Network,":[111,154],"the":[112,162,181,184,191,210,252,258,270,282,298,319],"first":[113,135],"to":[114,174,226,250],"market":[115],"in-use":[117],"applications,":[118],"Oasis,":[122],"Phala,":[123],"Obscuro,":[125],"which":[126,309],"at":[128,189],"least":[129],"released":[130],"public":[131],"test":[132],"networks.":[133],"The":[134],"most":[137],"broadly":[138],"applicable":[139],"result":[140],"is":[141,159,224],"occurs":[146],"when":[147],"handling":[148],"persistent":[149],"storage.":[151],"On":[152],"its":[155],"fine-grained":[156],"catastrophic":[160],"for":[161],"transaction":[163],"SNIP-20":[166,247],"tokens.":[167],"If":[168],"ERC-20":[169],"tokens":[170],"were":[171],"naively":[172],"ported":[173],"Oasis":[175],"they":[176,231],"would":[177],"similarly":[179],"vulnerable;":[180],"others":[182],"in":[183,218],"leak":[186],"coarse-grained":[187],"information":[188],"approximately":[190],"page":[192],"level":[193],"(4":[194],"kilobytes).":[195],"Improving":[196],"characterizing":[198],"this":[199,302],"will":[200],"require":[201],"adopting":[202],"techniques":[203],"from":[204],"ORAMs":[205],"or":[206],"encrypted":[207],"databases.":[208],"Second,":[209],"importance":[211],"consistency":[214,312],"has":[215],"been":[216],"underappreciated,":[217],"part":[219],"because":[220],"exploiting":[221],"vulnerabilities":[223],"thought":[225],"impractical.":[228],"show":[230],"practical":[234],"building":[236],"proof-of-concept":[238],"tool":[239],"breaks":[241],"all":[242],"advertised":[243],"properties":[245],"tokens,":[248],"able":[249],"query":[251],"balance":[253],"individual":[255],"accounts":[256],"token":[259],"amount":[260],"each":[262],"transfer.":[263],"additionally":[265],"demonstrate":[266],"MEV":[267],"attacks":[268],"against":[269],"Sienna":[271],"Swap":[272],"application.":[273],"As":[274],"final":[276],"consequence":[277],"lacking":[279],"developers":[283,300],"inadvertently":[285],"introduced":[286],"decryption":[288],"backdoor":[289],"through":[290,303],"their":[291,310],"process.":[294],"helped":[297],"mitigate":[301],"coordinated":[305],"vulnerability":[306],"disclosure,":[307],"after":[308],"should":[313],"roughly":[315],"par":[317],"rest.":[320]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":3}],"updated_date":"2026-04-21T08:09:41.155169","created_date":"2025-10-10T00:00:00"}