Skip to content
Small red and white spheres form an eye shape
Flare blog logo
Back to All News

Flare 2.0 Vision Part 1: Expand Flare consensus across chain

Flare Updates

The core promise of a smart contract platform lies in providing a global distribution layer for financial products, empowering users to transact without reliance on intermediaries or the fear of censorship. However, since their inception, developers have struggled to create applications that match the functionality and user experience of Web2 apps. This is mainly due to the computational limits and siloed nature of smart contract platforms, which constrain what developers can build safely.

As a result, while digital assets have gained traction as an asset class, the range of on-chain use cases remains notably limited. To drive the industry forward, it is essential to expand the possibilities developers can achieve through their code.

This expansion will be enabled by:

  • Seamless cross-chain execution. 
  • High-integrity data from both Web2 & Web3. 
  • Substantial computational capabilities. 

Critically, these aspects are most valuable to users only if decentralization is preserved in building out these capabilities.

This article explores how Trusted Execution Environments (TEEs), integrated with Flare’s data protocols, enable Protocol Managed Wallets — a system that allows protocols built on Flare to execute cross-chain transactions directly while preserving decentralization, trustlessness, and freedom from censorship. Additionally, the synergy between TEEs and Flare's data protocols introduces TEE compute (or Verifiable Compute), which will be explored in a the next post in this series.

The Pillars of Flare 2.0


Flare today

Flare today is an EVM-powered smart contract chain with two enshrined data protocols. These protocols, namely the Flare Time Series Oracle (FTSO) and the Flare Data Connector (FDC), represent the industry's most advanced and fully decentralized data oracles. They empower Flare to acquire price, Web2, and blockchain data swiftly, safely, and effortlessly. Today, developers can leverage these capabilities to build products on Flare that would be challenging or unsafe to build elsewhere. Now, we are going even further.

Introducing Trusted Execution Environments

A TEE is a secure computing environment, isolated within the hardware, that shields it from its parent operating system – thereby preventing tampering or unauthorized access to its memory.

For blockchain applications, TEEs offer substantial compute resources with two highly desirable features: 

  • Confidentiality. The memory and code running in a TEE cannot be tampered with and important data stored in memory cannot be observed by external entities.
  • Verifiability. TEEs can prove that they are executing the correct code.

What this means for Flare is that a TEE can:

  • Securely and privately hold private keys to blockchain addresses.
  • Take in information from reliable sources (such as the FTSO, FDC & Flare System Protocol), apply it to compute intensive logic expressed as code, and produce outputs that can be trusted, both because the data is reliable and because the code's execution can be verified.
  • Perform operations with enhanced privacy.

The enhanced security and computational power enabled integrating TEEs with Flare’s established data protocols form the bedrock for both protocol cross-chain execution, embodied in Protocol Managed Wallets (PMWs), and substantial verifiable compute capabilities.


Protocol Managed Wallets: Empowering Flare protocols to execute across chains

Protocol Managed Wallets (PMW) are addresses on other blockchains that are exclusively authorized to execute transactions based on valid outputs from protocols on Flare. These addresses are governed by a consortium of TEEs, which are programmed to sign transactions only upon receipt of a valid set of signatures from Flare’s validators. 

This allows developers to build applications on Flare that can: 

  • Manage assets and execute transactions on any connected chain.
  • Interact with and use protocols on any supported chain.
  • Natively operate addresses on non-smart contract chains such as Bitcoin & XRP - enabling the value on those chains to be used without the need for bridging.

By allowing protocols on Flare to execute transactions on any connected chain in response to user actions on Flare, the PMW system effectively extends Flare’s consensus to those other chains. In conjunction with the FTSO and FDC, applications can be built on Flare that harness price data, process data from other blockchains or Web2 sources, and execute transactions across Flare’s connected chains. Critically, every usage model of PMW leverages the Flare Data Connector to safely prove to applications on Flare that a particular transaction has occurred with the PMW on another chain, and the Flare System Protocol to ensure that the TEE only signs transactions in response to a valid protocol output on Flare. This means that the PMW system offers functionality to developers that can only feasibly be built with Flare.

Unlike bridges which allow users to move funds across chains to transact on multiple chains but require the user to make all the transactions, with the addition of Protocol Managed Wallets to Flare’s stack there is now a protocol that enables applications to be built where the user no longer needs to interact with other chains, they can simply interact with a protocol on Flare and that protocol can execute across all connected chains. This is a leap beyond existing interoperability schemes into full chain abstraction.

Beyond acting as a tool to enable chain abstraction, Protocol Managed Wallets also allow use cases to be built that would previously be infeasible. For example, of many hundreds of potential use cases, a crosschain lending protocol could be built where trading positions on many chains can be taken through a protocol using the PMW, in turn allowing others to lend against a users’ open PnL to enable that a user to open positions in other protocols, potentially on other chains, greatly improving capital efficiency across DeFi. This is standard in traditional finance but currently unacheivable in Blockchain. 

Protocol Managed Wallets: Enhancing Flare's Data Systems

In addition to allowing developers to build applications that can execute on any chain where the PMW system is implemented, the PMW system can improve Flare’s own data protocols. By only emitting a transaction upon receiving a valid set of signatures from Flare’s validators, the PMW can confirm data attestations from Flare’s validators on Flare in near real-time. This capacity can be applied to both the FTSO and the FDC to provide on-demand data attestations fully backed by Flare’s validators.

How Protocol Managed Wallets work


How does PMW work


As mentioned in the ‘Introducing Trusted Execution Environments’ section above, a TEE is a device that allows for computations to be made privately and for those computations to be verifiable. In the context of Protocol Managed Wallets, a TEE can hold and employ a private key (or multiple private keys) for signing transactions. Crucially, when set up properly and assuming that the TEE manufacturer has not allowed any potential exploits to make its way into the hardware, the private key remains irretrievable by any entity other than the device itself. In other words, no person, entity, or device can obtain that private key except for the device itself.

A TEE holding a private key can be programmed to use this private key to sign a transaction based on any input. For example, a signature could be generated based on an input from a mobile application. However, under the PMW framework, the TEE is programmed to sign a transaction with its private key only upon receiving a valid set of signatures from Flare’s validators, as determined by the Flare Systems Protocol (FSP). Critically, this signing constraint is embedded within the TEE's code and is verifiable. That is, it can be confirmed that the TEE is executing only authorized instructions, and that these instructions are immutable and cannot be overridden.

Full details on how the TEE receives information regarding the transaction to be signed and the criteria constituting a valid set of signatures will be elaborated upon in a forthcoming paper on Flare’s Protocol Managed Wallets.

In essence, from the perspectives of both developers and users, the PMW allows protocols on Flare (and only those protocols), through Flare’s consensus mechanism, to securely and reliably control the TEE's signing capabilities.


Addressing TEEs’ potential risks and ensuring robustness

A TEE empowers the outputs of a protocol on Flare, via Flare's consensus protocol, to govern assets and actions on other networks. For instance, it could facilitate sending 1 BTC to Sally as the result of a bet executed on Flare. This effectively extends Flare’s execution capabilities beyond its own boundaries, thereby substantially enhancing its overall functionality. However, if the PMW were based on a single TEE, there would be two significant risks: 1) a lack of redundancy, and 2) the potential for an unknown exploit embedded within the TEE by the manufacturer.

A lack of redundancy would become problematic if the TEE becomes non-operational for any reason. For example, the location or data center hosting the TEE might experience an outage due to a power issue. This is clearly undesirable for both users and applications.

An exploit targeting the TEE could compromise the private key, leading to a loss of funds held in the addresses controlled by the TEE.

The Protocol Managed Wallet design mitigates both of these risks by implementing a multi-signature (multisig) scheme involving numerous TEEs. Under this scheme, a transaction on an address controlled by the PMW can only occur with the agreement of a quorum of globally distributed and distinct TEEs each of which is programmed to only sign in response to a consensus output from Flare. The architecture is designed to be robust, with TEEs located across the globe to reduce the risk of liveness issues. Furthermore, the set of TEEs includes, in appropriate proportions, TEEs manufactured by different hardware providers, ensuring that an exploit affecting a particular type of TEE hardware cannot result in a complete loss of funds. The distribution and types of TEE used will be expanded over time to maximize the safety and liveness characteristics of the PMW system.

Detailed specifications will be outlined in Flare's forthcoming documentation on Protocol Managed Wallets.

Immediate use cases

This article has outlined Flare’s Protocol Managed Wallets and how they can be used as a tool to enable chain abstraction and novel use cases.  Two near term protocols are being built using these capabilities: 

PMW immediate use cases
  • FAssets V2: Unleash XRP, BTC, and DOGE in limitless DeFi on Flare, secured by Flare’s consensus.
  • XRP Staking: Allows XRP to be staked directly on the XRP Ledger (XRPL) – and indirectly via FXRP – to provide essential economic security to Actively Validated Services (AVS). In return for this security provision, XRP stakers will earn yield in the form of emissions from the AVS to which they contribute.

Summary

In essence, Protocol Managed Wallets represent a significant expansion of blockchain's potential, providing Flare protocols with the means to manage assets and execute transactions across diverse chains through a secure and decentralized system. This unique combination of TEEs with Flare's core data protocols enables PMWs to extend Flare's consensus, opening up a new landscape of cross-chain functionality and innovative applications.

As we look ahead, Flare's vision will transcend cross-chain assets management. Our next discourse will highlight how these TEEs and Flare's data protocols enable verifiable compute capabilities, allowing for use cases and apps that were once only thought of in theory, establishing Flare as a trailblazing smart contract platform.