A question regarding the shared seed leakage when `secretcli configure-secret`

Hi, Secret Network!

I’m Youngjoon Lee, blockchain engineer working on some projects based on Cosmos SDK/Tendermint.
Thank you for building this great secure network.

I would like to ask if there is any potential risk of the shared seed leakage. For example, I guess any malicious node operators could change the implementation of the secretcli configure-secret [master-cert] [encrypted-seed] to decrypt the encrypted seed via Rust SGX SDK, and write the decrypted seed to the log file or so (without sealing).

I understood that the on-chain computation with secure contracts is safe because the secure contract is basically a smart contract (cosmwasm) that is already approved by validators and cannot be changed permenantly. But, I’m concerned about the off-chain logics that deal with the encrypted seed, which can be potentially executed in the secure enclave if malicious node operators modify the source code by themselves.

I would like to ask if there is any discussions related to my concern. Please correct me if I didn’t understand it correctly.
Thank you!

Hi, encryption-seed here encrypted by the chain and the only one that can decrypt it here is the newly registered node inside of SGX, so it cannot be leaked.

Thank you for your reply. Since I’m new to SGX, I may understand something incorrectly. My concern is that if someone modify the ecall_init_node function (that is executed in SGX) to print a info log containing the decrypted seed. Is it an impossible scenario?

@assafmo Or, is this malicious scenario protected as below (that you mentioned in Discord) ?

Assaf | SCRT Labs — 10/15/2020

Note that you won’t be able to join mainnet with your build as the enclave will be different and its build isn’t reproducible