[jhallenworld]

Byzantine fault tolerance becomes simple if you have trusted hardware.

I've been trying to understand the base of trust in this: I think it's Intel EPID: it boils down to a secret key burned into the hardware and managed by the ME. What happens if Intel's signing machine is exposed?

[geofft]

That's an interesting point. If the threat model assumes that Intel's secure computing infrastructure will not be compromised, can't you just use remote attestation to prove you're running an unmodified Foocoin client on physical Intel hardware, and have a traditional consensus protocol? Then you don't need proof-of-time or proof-of-anything-else, just proof-of-physical-Intel-hardware.

Either way, whoever controls 50% of the genuine (where "genuine" = "signed by Intel's master key") Intel hardware gets to control consensus, right?