Sign in Subscribe

Why Trust Belongs in Orbit (Satellite-Based TEEs)

By David L
Why Trust Belongs in Orbit (Satellite-Based TEEs)

Recently, we launched the public beta of cTRNG—the Cosmic True Random Number Generator, our first system built on SpaceComputer’s satellite infrastructure.

cTRNG delivers verifiable randomness sourced from space to support critical cryptographic functions including key generation, consensus randomness, as well as dApp functionalities like NFT trait assignment, governance, and gaming outcomes.

Since the beta release, we've been getting great questions from developers—and one keeps coming up:

“I get the idea of cTRNG. But why does it need to come from satellites? Can’t the same cosmic data be gathered on Earth?”

This is a fair question—one that gets to the heart of why we believe trust needs to be rooted in orbit.

Let’s unpack it.

Yes, Cosmic Data Is Everywhere. But Verifiable Trust Is Not.

It’s technically true that cosmic data (i.e. radiation bursts, neutrino noise, and electromagnetic entropy) can be observed both from space and Earth. The real issue isn’t where the data comes from, but under what conditions that data can be trusted.

Here’s our core claim:

Space data can be gathered from Earth, but it cannot be made verifiably tamper-proof except in space.

This is why cTRNG relies on satellite-hosted infrastructure, and why the broader idea of SpaceTEE—a Trusted Execution Environment deployed in orbit—represents a leap forward in trustworthy compute and entropy sourcing.

Physical Isolation Is a Feature, Not a Bug

On Earth, no matter how hardened the hardware, someone can eventually gain access to it. Tamper resistance is a spectrum, and physical access breaks all guarantees.

In contrast, satellites offer something Earth cannot: enforced inaccessibility.

Here’s how that translates into real benefits:

1. Hardware-Level Tamper Resistance

Satellites are, by default, physically unreachable. This means:

  • No one can extract private key material via physical side-channel attacks.
  • No one can pre-emptively read public randomness for frontrunning or MEV.
  • No one can tamper with results or coerce deterministic outputs under pressure.

Once deployed, satellites act as sealed, unchangeable computing environments.

2. Protection from State-Level Coercion

Earth-based infrastructure can be subpoenaed, confiscated, or shut down. Satellite infrastructure can’t be seized without a space program. That makes it resilient to legal and political coercion.

“Yes, in the end, cTRNG is another form of TEE. So why TEE on a satellite and not on Earth? Because orbit offers true physical isolation—no state actor can confiscate the hardware, side-channel leakage is significantly reduced, and once the data is gone, it’s really gone.”

How SpaceTEE Compares to Earth-Based TEEs

Modern Earth-based TEEs—like Intel SGX, AMD SEV-SNP, and Intel TDX—are powerful tools, with near-native speeds and features like remote attestation. But they are not built to withstand physical access or low-level attacks from malicious hosts.

Here’s where SpaceTEE stands apart:

Physical Isolation

  • Not just a rack in a locked room—true physical unreachability
  • Immune to side-channel attacks (e.g., power monitoring, acoustic analysis, cold boots)

Data Lifecycle Integrity

  • SpaceTEE systems can perform I/O within the enclave boundary
  • This avoids the replay/revert vulnerabilities that plague traditional TEEs
  • Once deleted, data is irrecoverable

Authentic Communication Channels

  • Satellite-ground communications can include geo-verification of transmission points
  • Jamming resilience is achievable with proper ground station security (~2 km radius)

Limitations We’re Actively Addressing

No system is perfect. One known limitation of the current SpaceTEE model is remote attestation—the ability for third parties to verify what code is running in orbit.

We’re actively working on several approaches to strengthen this area, including:

  • Multi-party witness networks
  • Cryptographic proofs of secure boot
  • Signed firmware hash attestations at transmission endpoints

From Orbit to Application: What cTRNG Enables

Random number generation is foundational to cryptography. Without secure entropy, keys, signatures, consensus processes, and even simple games can be compromised.

With cTRNG, developers can now:

  • Tap into true cosmic randomness
  • Access it via API with global availability
  • Use it in any protocol, dApp, or Web2/Web3 hybrid

Start building with free early access–contact us for your API key!

To learn more about the SpaceComputer vision, check out our Blue Paper and join the public Telegram.