Performance and Security of TEE-Based Threshold Cryptography

Various Byzantine fault tolerant protocols rely on threshold cryptography to mitigate certain attack vectors or reduce communication complexity. Threshold cryptography schemes distribute secret key material and cryptographic operations such as decryption or signing, thereby making them resilient to partial system corruption. Trusted Execution Environments (TEEs) can accelerate such schemes, but introduce new security trade-offs. We analyze both performance gains and security implications of using TEEs for threshold cryptography. To this end, we implement and evaluate SpliTEE, a dedicated library for low-latency, non-interactive threshold cryptography in both the hybrid and the Byzantine fault model. We propose two variants: a common key variant, making extensive use of the TEE and achieving observed speedup factors of 1.4 to 2.2 for threshold encryption, of 20.7 to 27.5 for threshold signatures, and of 1.4 to 1.8 for common coins; and a split key variant that remains secure even against compromised TEEs via a forensic mechanism, while still achieving speedup factors between 1.2 and 2.5 for encryption, and between 2.2 and 4 for signatures.