Notarization Modes
Pluto offers three different notarization modes for generating Web Proofs, each with unique characteristics and tradeoffs. This page should help developers choose the right mode for their specific requirements.
| Mode | Security Model | Performance | Trust Assumptions | Best For |
|---|---|---|---|---|
| MPC Mode | Cryptographic guarantees | Higher latency | Minimal trust assumptions | Maximum security |
| Origo Mode | Zero-knowledge proofs | Medium latency | Trust in proxy | Balance of performance and security |
| TEE Mode | Hardware isolation | Lowest latency | Trust in hardware | High-performance applications |
For in-depth details on how each mode works, refer to our technical blog posts:
TEE Mode
What is TEE Mode?
TEE Mode leverages Trusted Execution Environments (TEEs) – secure areas within processors that isolate and protect sensitive computations – to generate Web Proofs.
In TEE Mode, a client’s request is routed through a proxy, which runs inside a Trusted Execution Environment. This proxy observes encrypted TLS session data (reusing components from our Origo networking stack) and generates attestations based on the observed data.
Pluto provides multiple notarization modes for generating Web Proofs to maximize user optionality. TEE Mode is one of the three notarization modes Pluto offers, alongside MPC Mode and Origo Mode.
TEEs at a high level
End-to-end encryption is comprised of three states, and TEEs provide the last of the three: encryption-in-use.
- Encryption-at-rest protects your data while it is being stored.
- Encryption-in-transit protects your data when it is moving between two points.
- Encryption-in-use protects your data while it is being processed.
The key features of TEEs are isolation, integrity, confidentiality, and performance.
Web Proof TEE mode is designed to ensure sensitive data is handled securely while maintaining high performance using a combination of hardware-backed isolation, EKM Channel Binding and a custom “TEETLS” protocol. Pluto’s Web Proof TEE mode focuses on privacy, integrity, and low-latency to enable secure Web Proofs with minimal overhead.
The diagram below gives a high-level overview of the information flow between parties.
For more detailed information on the inner workings of Pluto’s TEE Mode implementation, please refer to our TEE Mode blog post.
Choosing the Right Mode
Consider these factors when selecting a Web Proof notarization mode:
- Security requirements: How sensitive is your data and what level of security do you need?
- Performance needs: What are your latency and throughput requirements?
- Payload size: How large are the proofs you need to generate?
- Trust model: Which trust assumptions are acceptable for your application?
Mode Comparison
| Mode | Pros | Cons | When to Use |
|---|---|---|---|
| MPC Mode | • Strong privacy guarantees through MPC • Client data remains private from the notary | • Higher computational overhead and latency • Reliability can be an issue | • For applications where latency is less critical • For applications with no desire to use trusted hardware |
| Origo Mode | • Better performance than MPC Mode • Client data remains private from the proxy | • Less battle-tested than MPC Mode • Reliability can be an issue | • For larger proof sizes where MPC would be inefficient • For applications with no desire to use trusted hardware |
| TEE Mode | • Lowest latency and highest performance • Simplest implementation • Minimal cryptographic overhead | • Requires trusted hardware • Less privacy guarantees than purely cryptographic approaches | • For high-throughput or low-latency applications • When performance is the primary concern • In environments where hardware security is sufficient |