ATProto is fundamentally verifiable - identities have cryptographic keys attached to them, posts are signed and integrity is upheld by authenticated data structure. This is the core of what enables the trustless decentralized nature of ATProto.
What if we could go beyond signatures and add verifiable end-to-end logic attached to accounts? We present a recent project, exploring the use of Trusted Execution Environments to manage cryptographic keys that only sign records under specific rules.
We show a couple of examples of possible rules for Bluesky accounts:
We further discuss how end-to-end verifiability is achieved with TEEs, through reproducible builds and remote attestation.
This project was done with Nick Gerakines, a prominent ATProto contributor, utilizing Nick’s recent work on adding attestations to ATProto records.
The ATProto ecosystem is maturing has the desire to add functionalities in a way that preserves its ethos of decentralization and user protection. With an ecosystem having tens of millions of users, these solutions have to be both scalable and secure.
We review work on mutual contact discovery (and discovery in general), identity, anonymous credentials and payments, and different ways to achieve them using advanced cryptography and trusted execution environments.
We discuss the assumptions and trust models the community needs to keep in mind and what is possible to do, and gradual deployment methods to be able to experiment with different ideas.
We hope it can be a call to action to explore these ideas in ATProto more deeply.