TEE Coprocessor: Automata Multi-Prover AVS on EigenLayer
This post explores the development of TEE Coprocessor in the direction of a Multi-Prover AVS on EigenLayer, noting the interactions between confidential enclaves and cryptoeconomic security for open innovation.
Coprocessors perform specialized computational tasks that complement or extend the capabilities of the primary chain. ZK Coprocessors (like Lagrange and Brevis) focus on off-chain computation scalability. Fhenix, a FHE Coprocessor, prioritizes data confidentiality. TEE Coprocessors support execution integrity and rapid deployment, while saving several orders of magnitude in computational costs.
Automata is very excited to bring TEE Coprocessors as a Multi-Prover AVS on EigenLayer Mainnet. TEE Coprocessors leverage hardware root-of-trust to achieve verifiable computing on the blockchain, with various deployments such as TEE Prover with Scroll, TEE Builder, and 1RPC, an RPC relay running on enclave infrastructure.
TEE Coprocessors with Automata
Environments that are equipped with Trusted Execution Environment (TEE) enforce computational integrity and insure privacy. Hardware-grade isolation shows promise for provably secure cryptosystems, with a few key observations:
- Comprehensive On-chain Attestation
Attestations provide publicly verifiable evidence across the entire technology stack. To that end, we can ensure that (i) hardware is genuine and satisfies the criteria for anti-tampering (ii) software is secure, with its build process reproducible from audited code (iii) prover identity is established through asymmetric cryptography, protecting against counterfeit signatures by operators.
Automata DCAP attestation v3 is now accessible on GitHub, and the open-source Solidity library was previously used by the Flashbots team to speedrun their TEE Coprocessor. An honest multi-proving committee is necessary to override bugs in the code, but the exclusion of bad-faith actors can be impractical. With TEE Coprocessor, no longer.
- Reproducible Build from Source Code
Reproducible builds allow verification that no vulnerabilities or backdoors have been introduced into the binary during the build process. This mirrors current practices with smart contract deployment, where source code is matched to on-chain bytecode and displayed in the block explorer. Anyone can replicate the build process to yield identical binaries every single time, thereby decentralizing trust.
Despite seeming straightforward with container technology, achieving consistent builds across various environments remains challenging. Relying on every single user of the code to rebuild it is time-consuming and hardly scalable. Automata certifies the build process’s integrity without disrupting the developer workflow and preserving verifiability.
- Economic Security for Liveness Guarantees
TEE Coprocessors significantly enhance the security over vanilla implementations by minimizing reliance on operator integrity. Operating within an enclave makes it immune to tampering, ensuring that operators, who physically host the machine, cannot modify runtime code.
Liveness attacks are possible if operators are not bound by economic security. The theoretical risk of side-channel attacks to compromise signing keys can be deterred by higher security budgets and mitigated by establishing TEE committees with diversified TEE stack across multiple vendors from Intel, AMD, AWS etc, where dishonesty and collusions would face much higher penalties.
Hardening multi-prover security
In the short term, Layer 2 protocols may rely on temporary training wheels. The present-day trust model for rollup systems grapples with the possibilities of unforeseeable bugs in the code and how to deal with them — Multi-proving models are a way to move forward in the middle to long term, with trusted hardware being a powerful guarantor of security in a m-out-of-n system. Multiple, independent prover implementations uncover discrepancies before submission and protect against a single point of failure, echoing Vitalik’s point on client diversity.
Interacting with a multi-prover positions the ZK Prover as the core engine and TEE Provers as auxiliary boosters, which can be phased out as the protocol matures, or kept on to improve robustness through diversity in perspectives. Costs associated with the ZK Prover’s circuit development and proof generation are high, but TEE Coprocessor resolves this tension between security and costs with rapid prototyping/deployment.
Multi-Prover AVS with EigenLayer
Multi-Prover AVS serves as the mission control center, coordinating and bootstrapping many different sets of multi-provers at the request of protocols. In this AVS, protocols can openly solicit multi-proving tasks, assembling a committed TEE committee incentivized by long-term rewards. Operators sign up to join these tasks, collaborating with their peers to fortify the protocol. Stakers then delegate their staking power to operators they trust, bolstering economic security that is much-needed during a protocol’s nascent stages.
EigenLayer revolutionizes verifiable computing by establishing a permissionless marketplace for stakers, operators, and protocols. It enhances economic security for early adopter protocols within the multi-prover framework, providing a credibly neutral platform where operators can connect with stakers — who aim for decentralization and capital gains — and protocols seeking reliable, decentralized operators for their multi-proving tasks.
Endgame for verifiable compute
EigenLayer is the coordination engine for open innovation. TEE Coprocessor is the compute engine for confidential applications on the blockchain. The technical coalition of secure hardware and restaking primitives openly embraces what’s possible with enclave trust and cryptoeconomic integrity. We anticipate that multi-prover systems will quickly gain traction across rollups as proof verification becomes just as important to the security and decentralization of the network as any other metric.
Automata Network extends machine trust to Ethereum with TEE Coprocessors. Beyond our efforts with Multi-Prover AVS, we are also working on confidential AI to push the boundaries of machine-learning models with Microsoft Azure virtual machines, powered by NVIDIA GPUs. AI systems will require ever-larger deployments of computational power, and TEE networks enable the training and inference of machine learning models in a verifiable and secure manner, distributing trust for practical applications.
Running AI models within on-chain TEEs establish model provenance, and is more competitive as compared to the status quo. We have since:
- Set up the NVIDIA GPU environment
- Successfully run GPU-accelerated workloads on Microsoft Azure
- Perform GPU attestation to verify its trustworthiness
Approaching AI safety at the intersection of hardware and blockchain creates scalable, decentralized and private AI that can be deployed in high-value contexts with increasing confidence. TEE applications inside of blockchain systems, or together with cryptography/AI, is truly getting very viable.
Psyched for what’s on the horizon.
About Automata Network
Automata Network is a modular attestation layer that extends machine trust to Ethereum with TEE Coprocessors. With Proof of Machinehood, a global, decentralized network of machine attestations helps rollups to achieve an Ethereum-aligned future without excessive computation or economic stake. TEE AVS on EigenLayer are secured by hardware root-of-trust and cryptoeconomic security.
