Attestor Security

Security of Attestor Nodes

The security of attestor nodes is critical and must be safeguarded to protect both node maintainers and network clients. A key security concern in the zkTLS protocol is how to enforce the computational integrity of the attestor node. Note this aspect is not covered by the original protocol security.

To strengthen attestor security, the Primus network adopts a hardware-based approach. Specifically, Phala’s TEE technology is integrated with the Primus attestor node software to ensure nodes always execute correctly, while critical assets such as node keys remain protected and securely utilized.

Key Management

The attestor node leverages Phala’s TEE solution, including a secure Key Management Service (KMS), to safeguard node keys throughout their entire lifecycle. These node keys are the most critical assets within the attestor node, primarily used for signing zkTLS sessions and issuing proofs. Key generation is performed exclusively by the KMS inside the TEE, ensuring that the attestor node software never has direct access to the key material. Signing operations can only be invoked within TEE, and only after the correct execution of the zkTLS protocol.

Version Managemnt

Another security concern involves the attestor’s DevOps process. To prevent attacks such as code injection or malware hijacking, only official, verified software versions are allowed to be deployed and maintained within the network. This policy is further enforced by TEE, as the entire attestor node software always runs inside the enclave, ensuring runtime integrity and protection against unauthorized modifications.