DCAP Quote Verification on Solana

This document provides a comprehensive explanation of implementing Intel Data Center Attestation Primitives (DCAP) quote verification in the Solana blockchain environment.

Overview of DCAP Quote Verification

Intel DCAP provides a mechanism for verifying the authenticity and integrity of Intel SGX enclaves without requiring direct communication with Intel's attestation services. This is crucial for confidential computing applications on public blockchains like Solana.

The verification process ensures that:

  • The enclave is running on genuine Intel SGX hardware
  • The enclave code has not been tampered with
  • The enclave is running the expected version with appropriate security patches
  • The attestation data can be cryptographically trusted

Quote Verification Process

A rigorous verification process must be followed to validate DCAP quotes on Solana. The process consists of four critical phases:

1. Verify Certificate Chain Integrity

  • Validate that tcb_info_and_qe_identity_issuer_chain certificates are not expired and are valid at the current verification time
  • Confirm that pck_cert_chain certificates are not expired and are valid at the current verification time
  • Verify that the root certificate is properly self-issued with matching subject and issuer fields
  • Validate the PCK certificate chain signatures through the hierarchy:
    • Root CA → Intermediate CA → PCK Certificate
  • Validate the TCB info signature using the Intel-provided public key through the Secp256r1 precompiled program
  • Verify that certificate revocation status has been checked via CRLs or OCSP responses

2. Verify Quote Enclave Source Authenticity

  • Validate that the Quoting Enclave (QE) identity is cryptographically signed by the root certificate using the Secp256r1 precompiled program
  • Confirm that the current verification time falls within the validity period defined by issue_date and next_update timestamps in the enclave identity
  • Compare the mrsigner value in the quote against the expected value for Intel's Quoting Enclave
  • Verify the isv_prod_id value matches Intel's official product identifier for the Quoting Enclave
  • Validate that all enclave attribute flags are set appropriately (e.g., INIT, DEBUG flags)
  • Ensure that misc_select values comply with the expected configuration for genuine Intel Quoting Enclaves

3. Verify Quote Cryptographic Signature

  • Extract the quote signature and the corresponding quote body
  • Verify that the quote body is correctly signed by the Quote Signing Authority using the Secp256r1 precompiled program
  • Validate the ECDSA signature parameters including:
    • r and s values within the valid range for Secp256r1 curve
    • Adherence to strict DER encoding format
  • Confirm that the signing certificate's purpose explicitly includes quote signing

4. Verify TCB Status and Security Version

  • Validate that the SGX platform's TCB (Trusted Computing Base) level is up-to-date or within acceptable parameters
  • Check that all CPU security version numbers (SVNs) meet or exceed the minimum required values
  • Evaluate the TCB status against Intel's latest security advisories
  • Verify that any TCB recovery steps have been properly applied if the platform has been affected by known vulnerabilities

Solana Implementation Architecture

Precompiled Cryptographic Verification Programs

Solana provides specialized precompiled programs for cryptographic operations that require high performance. Understanding their constraints is essential for implementing DCAP verification:

How Solana's Precompiled Cryptographic Programs Work

  • Execution Context: Precompiled programs for Secp256k1, Secp256r1, and Ed25519 operate outside the standard Solana Virtual Machine (SVM)
  • Invocation Restrictions: These programs cannot be called via Cross-Program Invocation (CPI) due to their computational intensity
  • Transaction Structure: Verification instructions must be declared at the transaction's top level, preceding standard program instructions
  • Performance Considerations: Cryptographic verifications are computationally expensive operations that could significantly impact block times and overall network throughput
  • Execution Order: These precompiled operations are executed before the transaction enters the runtime environment, ensuring cryptographic validity prior to program execution

Integration Pattern for Smart Contract Verification

For a Solana program to leverage cryptographic verifications:

  1. The client must construct a transaction containing both:

    • Precompiled verification instructions (e.g., Secp256r1 signature verification)
    • The program's own instruction(s)

  2. The program must implement instruction introspection to:

    • Examine other instructions within the same transaction
    • Confirm the presence and correctness of required verification instructions
    • Trust the verification results as these instructions would have failed if verification was unsuccessful

  3. The program should enforce that:

    • The required verification instruction precedes the program's instruction
    • The verification instruction contains the expected parameters (quote data, signature, etc.)
    • No opportunity exists for verification bypass through transaction manipulation

Designing the library

  • The objective of the library is to provide a simple interface for verifying DCAP quotes on Solana.
  • The user should be able to provide a quote and and validate it against the Intel DCAP quote verification process.
  • To the core we will have the following functions:
    • load_quote - Load the quote from the provided path and push it to a PDA via verifier solana program.
    • verify_quote - Verify the quote against the Intel DCAP quote verification process. This would encapsulate all the logic of verifying the quote and would return the PDA where the VerifiedOutput is stored.
    • get_verified_output - Fetch the VerifiedOutput from the PDA and return it to the user.