Why trusted hardware appears in DerivaDEX
DerivaDEX uses trusted-hardware execution boundaries because the platform needs fast off-chain sequencing and matching without exposing order flow before it is processed. The trusted-hardware layer supports confidentiality for incoming requests until they cross the sequencing and execution boundary.What problem trusted hardware is solving
Trusted hardware does not make the whole platform trustless. It addresses a narrower problem:- private write-path requests need to stay confidential before sequencing
- clients need a reason to believe the intended execution boundary is the one handling those requests
- the fast path needs a stronger boundary than “send plaintext to an ordinary server and hope”
What guarantees the model is meant to provide
At a high level, the trusted-hardware model is meant to support:- request confidentiality before sequencing
- attestable execution identity for the operator boundary
- deterministic processing paired with checkpointed state commitments
What trusted hardware does not prove
Trusted hardware does not, by itself, prove:- that every business rule is economically desirable
- that every risk-control parameter is correct
- that governance and upgrade decisions are safe
- that later settlement anchoring is unnecessary
What the model does not replace
Trusted hardware does not replace:- public risk controls such as margin rules and liquidation safeguards
- on-chain checkpointing for settlement anchoring
- explicit public/private boundary labeling for restricted APIs
How this should change reader expectations
| Reader | Correct expectation |
|---|---|
| Trader | Request confidentiality and sequencing-boundary trust matter, but they do not remove the need to understand margin, liquidation, and settlement rules |
| Builder | Enclave assumptions matter for signing and encryption flows, but client correctness still depends on lifecycle, error, and reconciliation handling |
| Governance or diligence reader | The trust story is layered: trusted hardware, cryptography, governance, and checkpoint anchoring each cover different concerns |
Sources
- How DerivaDEX Works for the public hybrid-model overview
- Request Encryption Reference for the public encrypted-submission contract
- Trading Safeties and Guards for the execution and solvency safeguards that sit alongside the enclave boundary
- Intel SGX Developer Guide for SGX attestation and enclave vocabulary
- Intel SGX Explained for the security-model tradeoffs and limitations of SGX-style enclaves