Original author: CP, Founder of Artela.
Article Background: Technical Perspective Based on TEE + Eliza.
Based on my experience in privacy computing (TEE, PPML, blockchain), this article explores the technical construction ideas.
Skipping the grand narrative, let's focus directly on two real dilemmas I face in using AI agents:
1) As CTO, I cannot hand over the company's official Twitter account and password to third-party AI agent services.
Currently, if I want an AI agent to manage our Twitter account, I must provide the username, password, and cookies.
This means the company must trust the server administrators behind the AI agent. Once these administrators act maliciously or are attacked, credential leaks can cause significant economic losses to our community.
Even with OAuth authorization, I can revoke access, but in the current design, we still face the risk of completely losing control over the account and may not even notice if the password is changed.
2) As a trader, I cannot entrust large amounts of funds to trading AI agents.
Just as I would never use centralized trading bots on Telegram, I cannot entrust my private keys to these centralized AI agents.
At this point, there is no essential difference between centralized deployed AI agents.
Summary: The next phase of crypto AI agents will inevitably need to manage wallets, handle user assets and sensitive information, and interact more deeply with on-chain systems.
Therefore, how to allow AI agents to operate autonomously without human control and prove that their decisions come entirely from AI processes has become a key challenge.
Is the current TEE + Eliza solution sufficient?
From an engineering perspective, more details need to be supplemented to realize its potential.
Current Progress: Phala network and @NousResearch have laid a solid foundation.
· They will containerize Eliza, encapsulating it in a Docker environment that can run in TEE.
· The need for manually configuring wallet private keys has been eliminated by deriving a private key dedicated to the AI agent from the TEE root key.
As a developer of AI agents, I believe we need to further enhance the following features to achieve trust minimization:
a) The verifiability of TEE Eliza needs to be enhanced.
What exactly has Eliza done in TEE? What has it not done? A specific method is needed for verification.
Eliza needs to log all received messages, responses, and executed actions, and these logs must be readable and verifiable to ensure they are generated by Eliza.
Therefore, the first fundamental feature of TEE Eliza is verifiable logs.
Eliza should sign the logs with keys derived within TEE, provide a query interface, and allow users to verify their authenticity.
b) TEE Eliza needs to address the liveness issue.
Eliza running in TEE holds private keys and sensitive data. However, it relies on a physical machine that supports TEE to operate. If the administrator shuts down the machine, the 'life' of the AI agent may be permanently terminated, and the assets and data it manages may also be lost forever.
To solve this problem, we need:
· Encrypt the key 'life' data of the AI agent in TEE (such as role definitions, short-term and long-term memories, key storage).
· Uploading this data to the blockchain or DA network.
When the TEE hosting the AI agent shuts down, another TEE machine should be able to download the encrypted data, decrypt it, and restore the 'life' of the AI agent, allowing it to continue running.
c) Additional features: Building TEE engineering is as challenging as building a blockchain.
· User Control Over AI Agents:
· AI agents must allow users to define contract-like policies to manage assets in a trust-minimized way.
· Blockchain Interaction Components:
· Trusted blockchain clients, data synchronizers, and other components running within TEE for seamless interaction with the blockchain system.
Current progress of focEliza: Two foundational TEE plugins are under development.
1. plugin-tee-verifiable-log
When Eliza runs in TEE, it signs its operations using derived keys. This ensures that all operations are executed by Eliza. Third parties can remotely verify these operations using Eliza's public key.
2. plugin-tee-onchain-da
Eliza will write the 'life' data of the AI agent (such as character files, memories, key storage) to the blockchain or DA layer in near real-time. When the TEE node running the agent shuts down, another TEE node can download the encrypted 'life' data, restore the agent, and continue operation.
ps: Check the code of focEliza.
Why did I initiate focEliza and its technical vision?
The next question is, why choose to build on Eliza? My thoughts:
1. Eliza has the potential to become the EVM in the crypto x AI agent field.
2. It has an active leadership team and developer community, with a good collaborative atmosphere (@ai16zdao and @shawmakesmagic).
3. focEliza is not a fork; it will merge back into the main version of Eliza.
4. High-quality open-source engineering is key to achieving decentralization. Permissionless building and recovery are essential for enabling AI agents to achieve 'immortality'.
We are not here to define what changes it will bring to the world—let's make it happen first! Let AI agents live on-chain!
'Original link'