MilestoneRequest InvocationSTF# Workers per STFOn-chain tx per invocationread chain state from STFSupported TEE Manufact.Remote Attestation Registry
M1 ☑ProxyRust12-Intel-
M2 ☑ProxyRust or WASM12-Intel-
M3 ☑ProxyRust or WASM12-IntelX
M4 ☑ProxyRust or WASMN (redundant)1+N-IntelX
M5 ☑ProxyRust modularN (redundant)1+N-IntelX
M6+M7 ☑ProxyRust modularN (redundant)1+NXIntelX
future ☐ProxyRust or InkN (redundant)2XIntel + ARM TrustZone + Keystone (?)X
future ☐DirectRust or InkN (master + failover)<< 1XIntel + ARM TrustZone + Keystone (?)X

M1 PoC1: single-TEE confidential state transition function

off-chain worker runs STF within an Intel SGX enclave. The state is persisted in a sealed file which can only be read by that very enclave.

The demo STF will be a simple counter.

M2 PoC2: single-TEE confidential state transition function in WASM

In addition to M1, the STF is defined by WASM code which is run by a WASMI interpreter within an Intel SGX enclave.

The demo STF will be a simple counter.

M3 Remote Attestation Registry

substraTEE-worker can remote-attest its own enclave with Intel Attestation Service (IAS). The report signed by IAS is then registered on-chain with substraTEE-registry runtime module. Users can verify a worker’s IAS report before interacting with it. So they can be certain that the correct code is running on a genuine SGX CPU.

M4 Redundancy and Secret Provisioning

Several substraTEE-workers running on different machines can redundantly operate on the same STF. This guarantees that the STF survives the loss of a few SGX machines (going offline, breaking down, denial-of-service). Moreover, this improves integrity guarantees as all the workers register call receipts including the hash of the new state. A single compromised enclave can therefore only break confidentiality, but not integrity, as manipulation would be evident to anyone. Secret sharing among a dynamic set of worker enclaves must be implemented for such redundancy.

M5 Modular STF with private-tx example

Since M5, the STF is modular and has its own crate which can easily be swapped. An example for private transactions has been added

M6 read chain state from STF

From M6 onwards, substraTEE STF can access chain state in a trustless way. A substrate light client verification logic will be included in the worker enclave that allows the STF to query chain state by means of subscribing to storage over RPC and verifying returned values within the enclave.


support for ink contracts

(development not yet funded)

ink! is substrate's domain specific contract language on top of Rust. This milestone shall bring ink! contracts to substraTEE.


  • direct invocation
  • performance benchmarks and optimization
  • testnet for stress-tests and showcasing
  • use cases: bridges, payment hubs, ...