A question regarding the shared seed leakage when `secretcli configure-secret`

Hi, Secret Network!

I’m Youngjoon Lee, blockchain engineer working on some projects based on Cosmos SDK/Tendermint.
Thank you for building this great secure network.

I would like to ask if there is any potential risk of the shared seed leakage. For example, I guess any malicious node operators could change the implementation of the secretcli configure-secret [master-cert] [encrypted-seed] to decrypt the encrypted seed via Rust SGX SDK, and write the decrypted seed to the log file or so (without sealing).

I understood that the on-chain computation with secure contracts is safe because the secure contract is basically a smart contract (cosmwasm) that is already approved by validators and cannot be changed permenantly. But, I’m concerned about the off-chain logics that deal with the encrypted seed, which can be potentially executed in the secure enclave if malicious node operators modify the source code by themselves.

I would like to ask if there is any discussions related to my concern. Please correct me if I didn’t understand it correctly.
Thank you!

1 Like

Hi, encryption-seed here encrypted by the chain and the only one that can decrypt it here is the newly registered node inside of SGX, so it cannot be leaked.

1 Like

Thank you for your reply. Since I’m new to SGX, I may understand something incorrectly. My concern is that if someone modify the ecall_init_node function (that is executed in SGX) to print a info log containing the decrypted seed. Is it an impossible scenario?

1 Like

@assafmo Or, is this malicious scenario protected as below (that you mentioned in Discord) ?

Assaf | SCRT Labs 10/15/2020

Note that you won’t be able to join mainnet with your build as the enclave will be different and its build isn’t reproducible