This uses a TEE (a chip that is hard to take apart contain a private key provided by Intel), so the privacy system is very boring (they think the person who owns the TEE will not be able to see what the chip is doing).
It's odd to design a secure system and write a paper, when the security is based on something like TEE. There's tons of literature on breaking TEEs. I can't imagine anyone doing other than checkbox compliance with that level of security.
The same could be said of cryptographic schemes and hashes in general—always being broken!
However, that doesn’t mean TEE don’t provide a meaningful level of security, especially when combined with Shamir sharing between enclaves. Few actors will be able to compromise 100 TEEs distributed across the world and made by different vendors.
And just like cryptography, TEEs are getting better with every release, and will soon be very, very hard to break.
A TEE isn’t necessarily tied to any specific vendor, it’s a design scheme implemented by many different vendors in different ways. What you’re referring to is Intel SGX.
There are open-source TEE implementations for e.g. ARM like OP-TEE.
I'd love to know for sure whether this can interoperate with the existing Lightning ecosystem. The paper makes one reference to this in section 6.2.1, but it's unclear to me how it would work, since the rest of the paper describes it as a wholesale competitor.
That feels more like an association fallacy than anything else. Usenix is from Berkeley so it’s inevitable that the two largest companies in the Bay Area that have an interest in the kind of content that is being organized would be funding it. This observation might hold weight if this weren’t the norm for websites or if privacy were a focus for this organization. I agree they probably should be doing that as leaders and to show a way forward for legislators, but I’m also not going to judge them harshly for focusing on their primary mission.