Damn, seriously? And here I was thinking on chain was actually not a bad direction to go.

Yeah. I still like the concept. Hopefully the next generation of hardware will fix these flaws

CRYPTOGRAPHY IS MATH, BUT CUSTODY IS ALWAYS PHYSICS This overturns how most people think about keys. We talk about cryptography as pure numbers: primes, curves, one-way functions. And the math really does live there. But the math was never the thing you had to protect. The math is public. Security rests on a single physical fact: that one number is known to you and to no one else. It is a PHYSICAL secret, embodied somewhere: charge in a memory cell, marks on a steel plate, neurons in your brain, and wherever it is embodied, it can in principle be reached. WHAT HOLDING A BITCOIN KEY ACTUALLY MEANS When people say they "hold" a key, the language smuggles in a comforting abstraction, as if you are actually holding the key. You aren't. There is nothing to grip. What you hold is exclusive physical control over the matter the key is written into. Self-custody is taking a piece of knowledge and finding a region of physical reality your adversaries cannot enter, and you put the knowledge there. A seed phrase in titanium is knowledge hidden in metal and geography. A memorized passphrase is knowledge hidden in the inside of your skull. The difference between a coin that is safe and a coin that is stolen is entirely a fact about physical access. This is why holding Bitcoin feels strangely primal. You are doing something our ancestors would recognize: you have something valuable, and you are hiding it from rivals who would take it. The act, securing knowledge from other minds by controlling the physics of where it sits, is ancient. WHY THIS LEADS STRAIGHT INTO TEEs Seen this way, the purpose of a Trusted Execution Environment snaps into focus. A TEE tries to build a hiding place inside the computer itself, a walled region of silicon even the machine's owner cannot enter. But here is the fundamental problem, and it is physics, not engineering. The whole premise of a TEE is that the attacker already owns the hardware. That is the entire point, you are trying to keep a secret from the person holding the machine in his hands. And a secret embedded in matter your adversary possesses is not protected. It is merely expensive to get at. Given enough time, he gets in, decaps the chip, probes the cell, and gets the secret key. Computing on the secret only speeds this up, leaking it continuously and often remotely and thus side channel attacks are born. But even a key sitting perfectly still falls eventually. Stillness was never the protection. Being out of his reach was. IF THE ATTACKER POSSESSES THE MATTER, THE SECRET IS FORFEIT. TIME DOES THE REST. A possible answer is to encrypt the data. But notice what that does: encrypting the key produces a new key, which must itself be held somewhere, in some device, that someone must defend. You have not solved the problem. You have moved it. And you can move it again, and again, and it never bottoms out. The regress is infinite. Eventually some root secret sits in plain physical reality, defended by nothing but control of the matter it lives in. You cannot encrypt your way out of physics, because every lock just hands you one more key to hide. This is exactly why decentralization matters. Splitting a key or knowledge across many independent operators is not a way to finally win the physics in one place. It is a graceful surrender to the fact that any single device, given to an attacker, eventually falls. So you scatter the knowledge across many fortresses held by many hands, and force an attacker to win the physics everywhere at once. BOTH COLBY AND CALLE ARE RIGHT, ABOUT DIFFERENT HALVES OF THE TRUTH. Colby is correct at the limit: whoever physically possesses the matter a key lives in can, given time, get at it. There is no law of physics that protects a secret embedded in hardware your adversary holds in his hands, only the cost and the hours required to pry it out. But Calle is correct about everything short of that limit, which is where most real security actually lives. Cryptography almost never makes an attack impossible; it makes it expensive. Bitcoin itself is not theoretically unbreakable,, it is simply so costly that no one even tries. A TEE is the same bargain in silicon: not an impregnable vault, but a way to raise the price of reaching the secret high enough that possessing the device is no longer enough to make it worth the effort. So the two views don't conflict, they compose. Colby names the ceiling: that possession eventually wins, and Calle names the game we actually play in: continually raising the cost so that hopefully "eventually" never arrives. Congratulations @calle on this fantastic work, and thank you. View quoted note →