Skip to main content

Execution Integrity

Interstellar ensures the integrity and verifiability of user authentication and recovery actions through a combination of Secure Element (SE)-based input, TEE-enforced circuit execution, and a proven cryptographic foundation. This layer is critical to maintaining trust in the decentralized mobile authentication flow.

SE-Signed Inputs

Each garbled circuit execution (e.g., a VCA Token used for transaction validation) includes a public signature from the device’s Secure Element (SE). This signature is:

  • Generated client-side at the time of circuit invocation
  • Used as a verifiable, tamper-resistant input to the circuit
  • Publicly checkable by the TEE runtime against on-chain registration

This design binds each execution to a specific device and session, preventing unauthorized replays or circuit reuse.

Entropy for Visual Cryptographic Shares

The SE signature also serves as a high-entropy source for randomizing the visual cryptographic shares of digit segments rendered to the user. This protects against:

  • Predictable layouts or segment collisions
  • Injection of fake visual states
  • UI spoofing by malware or automated phishing attempts

The visual components are generated dynamically per session using this entropy and do not persist in memory after rendering.

Runtime Circuit Caching

For performance and security, the master circuit template used to generate VCA Tokens is cached within the runtime. This allows:

  • On-the-fly garbling when an AUTH-REQ extrinsic is received
  • Real-time rendering of randomized digits or secure messages based on transaction context
  • Low-latency response suitable for biometric-driven mobile UX

This cached architecture minimizes attack surface by avoiding file I/O, deterministic code reuse, or external communication during evaluation.

Security Model

The garbling algorithm used by Interstellar is an optimized implementation of a standard, peer-reviewed garbled circuit scheme. It is:

  • Proven secure against probabilistic polynomial-time (PPT) adversaries
  • Resistant to reverse-engineering, side-channel inference, or structure prediction
  • Designed to guarantee circuit uniqueness and interaction authenticity

This ensures that even if circuit execution is observed (e.g. through side channels), its internal logic and input-output correlation remain cryptographically opaque.

Summary

The combination of SE-based signatures, runtime-cached circuit execution, and verifiable input logic ensures that all user interactions processed via VCA Tokens are cryptographically authentic, device-bound, and session-specific. This makes the system secure even under advanced attack models—without compromising mobile performance or UX responsiveness.