Trusted Execution Environments
This page explains TEE fundamentals that matter for every trader. The Technical Verification section provides deeper detail for auditors and developers who want to independently verify the system.
Silhouette's core matching engine runs inside a Trusted Execution Environment (TEE) - a secure, isolated computing environment that ensures orders are processed confidentially. No one can access the data inside the TEE, not even the Silhouette team.
AWS Nitro Enclaves
Silhouette uses AWS Nitro Enclaves as its TEE, deployed on the Marlin network. Nitro Enclaves provide hardware-level isolation for confidential computation. Neither AWS nor anyone else has access to the data being processed inside the enclave.
Deployments are multi-region with active-passive failover for reliability.
Expansion to include Intel TDX is on the roadmap, providing additional TEE diversity under the appropriate conditions.
Why a TEE Matters
The TEE is what makes shielded trading possible. Without it, someone - the Silhouette team, a server operator, a cloud provider - would be able to see the orders being processed. The TEE eliminates this risk entirely.
Inside the TEE:
- Orders are confidential - only the user who placed the order knows its details
- Matching happens in isolation - the matching engine runs in a sealed environment
- The Silhouette team has no access - even the engineers who built the system cannot read data inside the enclave
- The cloud provider has no access - AWS cannot inspect the contents of a Nitro Enclave
This is a fundamental difference from traditional exchange infrastructure, where operators can (and do) see every order in the system.
Verifiable Execution
Trust in the TEE is not based on Silhouette's word - it is cryptographically verifiable.
How Verification Works
When code is deployed to a Nitro Enclave, it is packaged into an Enclave Image File (EIF). This file produces a PCR0 value - a SHA-384 hash that uniquely identifies the exact code inside the enclave.
The Nitro Hypervisor - the hardware layer managed by AWS - produces attestation documents for each enclave. These are CBOR-encoded, COSE-signed documents that include the PCR0 value, definitively identifying the exact code running inside the enclave.
The hypervisor's signatures can be verified through the certificate chain leading to the AWS root certificate. This means anyone can verify that:
- The enclave is running on genuine AWS Nitro hardware
- The code inside the enclave matches a specific, known hash
- No one has tampered with the enclave's contents
Reproducible Builds
Silhouette will, at the appropriate time, open source the code used to create the Enclave Image File. The build system uses Nix, which enables fully deterministic and reproducible builds.
This means anyone in the community will be able to:
- Build the EIF from source code
- Produce the same PCR0 hash
- Compare it against the attestation from the running enclave
- Verify that the code running in production matches the public source
Signed attestation documents will be made available via an endpoint, allowing community members to verify the running enclave at any time.
What This Means for You
You do not need to trust Silhouette. The combination of hardware-isolated execution, cryptographic attestation, and reproducible builds means that the system's integrity is verifiable, not just claimed.
Your orders enter a sealed environment that no one can inspect. They are processed according to rules that anyone can verify. And the results settle on Hyperliquid's public order book, where the execution is transparent even though your identity is not.
For an overview of how the TEE fits into Silhouette's broader architecture, see Architecture Overview. To understand how the smart contract verifies TEE outputs onchain, see Smart Contract.