/rave

Remote Attestation VErification

Primary LanguageSolidityApache License 2.0Apache-2.0

On-Chain Remote Attestation Verification

Github Actions

RAVe is a set of smart contracts for verifying Intel SGX remote attestation reports signed by Intel's Attestation Service, adhering to the EPID specs. SGX devices can use these contracts to prove on-chain that they are running the expected enclave and have committed to some data, enabling new use cases like ZK-2FA.

At a high level RAVe verifies that the leaf x509 certificate used to sign the attestation report originates from Intel. The report is parsed, its enclave measurements are verified, and finally the 64 byte enclave committed data (e.g., a public key) is extracted.

Usage

Download Foundry:

curl -L https://foundry.paradigm.xyz | bash

Install Foundry:

foundryup

Install RAVe dependencies:

forge install
forge build

Install RAVe dependencies:

forge install
forge build

Setup Python virtual environment to install script dependencies.

python3 -m venv ./env
source .env/bin/activate
pip install -r requirements.txt

Run RAVe tests (Note some tests rely on scripts run via FFI that can fail if not run sequentially):

forge install
forge build
forge test --ffi