Description: "A deep dive into using Intel SGX to create a verifiably fair online game, and an honest look at the one attack vector that even a hardware enclave can't stop."
As a solo dev building a real-time, skill-to-earn crypto game, my number one obsession is fairness. If players are putting real money on the line, they need to trust that the game isn't rigged. The problem? Every traditional game server is a "black box".
Even when I opened the source code of my smart contracts, how can players trust that my backend server—the one receiving their clicks and sending results to the blockchain—isn't manipulating the data? What if I, the admin, decide to give my friend a 10-second head start by tweaking a timestamp?
This is the trust paradox of centralized servers in a decentralized world. My solution was to go nuclear: I built my game's core logic inside an Intel SGX enclave. It was a journey of sleepless nights, but the result is a system that is provably fair against almost every conceivable threat.
Here's how it works, and an honest look at the one "final boss" attack vector that remains.
The Solution: A Trusted Judge in a Hardware Vault
The core idea is simple: the part of the code that decides who wins and who loses doesn't run on my main backend. It runs inside an Intel SGX Enclave.
Think of an enclave as a locked, armored vault inside the server's CPU.
- Isolation: The code and memory inside the enclave are encrypted and isolated from the rest of the server. Even if someone gains root access to my server, they cannot see or modify what's happening inside the enclave.
- Attestation: The CPU itself can produce a signed "report" that cryptographically proves exactly what code is running inside that vault.
This means the enclave acts as a Trusted Judge. My backend's only job is to shuttle data to and from this judge. It can't influence the verdict.
Step 1: Proving the Judge is Honest (Remote Attestation)
This is where the magic happens. How can a player trust the judge? They can ask for its credentials.
When a player clicks "Verify Enclave" on my site, this happens:
- The frontend sends a random, unique string (a
nonce) to the backend. - The backend passes this
nonceto the enclave. - The enclave asks the Intel CPU to generate a Remote Attestation Quote. This quote is a data blob containing cryptographic measurements of the enclave's code (a hash called
MRENCLAVE) and thenoncewe sent. This entire blob is signed by the CPU's private key, which is fused into the silicon at the factory. - This signed report is sent back to the player's browser.
The player's browser can now verify the Intel signature and see the MRENCLAVE hash. They can then go to my open-source repository, build the enclave code themselves, and verify that the hash matches.
This proves that the code running on my server is the exact same open-source code available to the public. I, as the admin, cannot secretly change the rules.
Step 2: Blind Justice (Encrypted Clicks)
We've implemented an additional layer of fairness: End-to-End Encryption for player actions.
- The frontend fetches the Enclave's Public Encryption Key (which is bound to the hardware attestation).
- When a player clicks, their action (including their address) is encrypted on the client side using this key.
- The backend receives an encrypted blob. It has no idea who clicked, only that a click occurred.
- The backend timestamps the blob and passes it to the Enclave.
- Only inside the secure Enclave is the click decrypted and processed.
This prevents the backend (or a malicious admin) from selectively censoring or delaying clicks from specific players (e.g., "let my friend win"). The backend is blind until the Enclave reveals the winner.
Step 3: Proving the Verdict is Authentic (Signed Results)
Okay, so the judge is honest. But what if the backend just ignores the judge's verdict and writes a different winner to the database?
To solve this, we added another layer. The enclave doesn't just return a result; it cryptographically signs it.
- On startup, the enclave generates a temporary, session-specific key pair (private/public).
- When it generates an attestation report, it includes a hash of its new public key in the report data. This links the hardware-verified enclave to this specific public key.
- When a game ends, the enclave determines the winner and loser, then signs that result (e.g.,
hash("winner:0x123,loser:0x456")) with its private key. - The backend receives the result and the signature.
This creates a verifiable chain of trust:
Intel CPU -> Attests Enclave Code -> Enclave Attests its Public Key -> Public Key Verifies Game Result Signature
A user can now check the signature on the game result and be 100% certain it came from the verified enclave, not a tampered backend.
The Final 0.01%: The Data Transport Problem & The Path to Perfection
This brings us to the core dilemma you might be thinking of:
"Okay, the computation is fair. But what if you, the admin, just delay my click packet before you even send it to the enclave?"
You are absolutely right. This is the one vector SGX cannot solve on its own. The enclave is a trusted computation environment, not a trusted transport layer. The backend server's operating system is still responsible for receiving network packets and forwarding them to the enclave process.
If I were truly malicious and technically sophisticated, I could write a kernel-level driver that artificially delays packets before handing them off to the enclave. The enclave would honestly record the later time, and that player would lose.
We have achieved 99.99% fairness. To close that final gap and reach 100% trustless execution, we need hardware that protects the network stack itself.
The Future: SmartNICs and Military-Grade Security
As a bootstrapped startup, we are pushing the limits of what's possible with current resources. But our roadmap includes an upgrade that will rival the security of top-tier crypto exchanges and banks:
- SmartNICs (e.g., NVIDIA BlueField): These are network cards with their own processors and secure enclaves. They can terminate TLS connections and timestamp packets in hardware before they even reach the main server's OS. This eliminates the "kernel delay" attack vector entirely.
- Hardware Attestation for Network: Just like SGX, modern SmartNICs support SPDM (Security Protocol and Data Model), allowing us to prove that the network card's firmware hasn't been tampered with.
- Physical HSM (YubiKey): We plan to deploy a custom bare-metal server where critical keys are protected by a physical Hardware Security Module (HSM) like a YubiKey inserted directly into the machine. This ensures that even with root access, no one can extract the private keys.
Bonus: Securing the Keys to the Kingdom
I'm also working on migrating our entire secret management system into SGX. Currently, we use a GPG-based system to secure keys for our microservices (read more about it in my previous article).
The goal is to move these secrets into an SGX enclave and delete them from the host machine entirely. This means that even if an attacker gains full root access to the server, they cannot steal the private keys used to sign transactions. This is military-grade protection for a fun, casual game.
What About Decentralized Sequencers?
We considered alternatives like the Hedera Consensus Service (HCS) or custom L3s. While fantastic for decentralized logging, they introduce latency (3-5 seconds for finality). For a game where milliseconds matter, that's a dealbreaker.
SGX provides the best of both worlds: the near-instantaneous speed of a centralized server with a level of computational integrity that is second only to a fully decentralized (and much slower) system.
Conclusion: The 99.9% Solution
We haven't just built a game; we've built a fortress of fairness. By combining Intel SGX, remote attestation, and end-to-end encryption, we've eliminated 99.99% of cheating vectors. And with our roadmap pointing towards SmartNICs and hardware-backed security, we are on a path to the theoretical 100%.
This is transparency and security I'm proud to offer my players.
Top comments (0)