Ion Protocol Logo Black Png


Cubist On TEE Design and Secure Attestions

cubist Banner for Ion Protocol Blog blue, orange and beige horizontal

Key storage management is an obstacle yet to be fully tackled, and its value to validators is IMMENSE. Riad Wanby and Deian Stefan, cofounders of Cubist, broke down how they plan to address improving validator security by developing cutting-edge secure hardware.

Here are the 3 biggest takeaways…


Key Storage

First, we broke down the problem space. Evidently, it’s very hard to secure keys. Validators need these keys secured because if someone steals them, they can try to slash that validator or steal their funds. Traditional approaches recommend making storage as cold as possible, but validators need to be live all the time!

To find out more about staking and slashing:

Understanding the Staking Ecosystem


Hardware Design and Rules

Since secure hardware seems to be the best solution to this problem, the design and rules of such hardware define its potential. The Cubist team specializes in building trusted execution environments (TEEs) wherein they restrict the rules for which attestations a key can sign, making it near-impossible to double sign.

Double signing is the classic example of an objective slashing condition. The design and rules of the TEEs from Cubist reduce the probability of slashing for any set of validators that utilize them. To put this in the context of Ion, any LST market whose provider incorporates TEEs would experience greater capital efficiency ie. lower rates for borrowers, and lower chances of liquidation.


Secure Attestations

To look towards the future they described an innovation called secure attestations. Secure attestations are ZK-proofs, delivered with the purpose of verifying the client software used by a validator within the TEE. This would allow protocols like Ion to verify that validators are using secure hardware, enabling us to underwrite those validators with a lot more capital efficiency.

Succinctly, the future goals of secure hardware include:

  • Proving which keys are owned by an individual.
  • Determining what policy these keys are operating under.
  • How to use ZK to keep the information confidential.


Which bolsters our fundamental thesis!

That is: Slashing risk will tend towards zero in the long run as validator infrastructure and its security become more refined.


Some spicy hot takes

  • “Restaking platforms that enable primarily economic restaking are simply liquid staking providers that are aimed at supporting light client middleware.” – @ChundaMcCain
  • “Protocols on the application layer should optimize for eliminating MEV where possible in order to facilitate adoption.” – Riad Wanby
  • “MPC technology is very limited in the security guarantees it provides and is mostly used to position as secure from an external alignment angle” – Deian Stefan


This is just the tip of the iceberg! We highly recommend listening to the recording to hear all the details from our amazing friends @Cubistdev.

Link to AMA

You can also check them out here: Cubist Blog


Recent Posts