Original source: Lumoz

background

With the development of Web3, decentralized AI Agents have become an important application. These agents can run autonomously without centralized servers, process user data and interact with blockchain smart contracts. However, the openness and trustlessness of Web3 pose challenges to its security. AI Agents show potential in Web3, such as managing private keys, automatic transactions, and supporting DAO operations. However, their shortcomings in credibility and accountability deviate from core concepts such as decentralization and transparency, limiting their widespread application and hindering future development.

Current status

Currently, most AI agents operate in untrusted environments, facing numerous challenges regarding security and transparency. These agents often handle sensitive user data and perform critical tasks, yet their operating environments lack necessary protective measures, posing potential risks of data leakage, tampering with execution logic, or unverifiable computation results. Common hypothetical issues include:

· The initialization process of the agent is not tampered with.

· The data provided by external APIs is secure and reliable.

· Private keys are properly managed and cannot be leaked.

· User inputs are not interfered with during transmission.

Introducing TEE enhances security.

Under default settings, all working nodes are considered untrusted. Malicious workers may attempt the following improper behaviors:

· Spying on users' sensitive data;

· Providing incorrect computation results or failing to execute tasks entirely.

· Reducing service quality, for example, by decreasing computational power or blocking network connections.

To ensure the system's trustlessness, Lumoz relies on Secure Enclave (i.e., Trusted Execution Environment, similar to Intel SGX) and an innovative key management mechanism. Secure Enclave provides strong hardware security guarantees for the system, including the following features:

· Data confidentiality: All memory data is encrypted.

· Execution integrity: Even if an attacker controls the operating system or physical devices, the correctness of the execution process cannot be compromised;

· Remote authentication: Users can ensure that hardware and software operate within a secure area through remote verification.

How Lumoz TEE works

Lumoz is committed to becoming the core processing platform for AI computing, playing a key role in supporting scalable blockchain infrastructure. By integrating Trusted Execution Environment (TEE) technology, Lumoz can ensure the security and transparency of its computing processes. This innovative combination merges the decentralized advantages of blockchain with the robust security of TEE, enabling Lumoz to provide a decentralized cloud computing network that efficiently executes various computing tasks in a trust-minimized environment.

Benefits of introducing TEE

· Hardware-level security: The hardware security area guarantees privacy, confidentiality, and data integrity.

· No computational overhead: Applications running in TEE operate at speeds nearly identical to those running in a normal CPU environment.

· Low verification cost: The gas consumption for verifying TEE proofs is minimal, requiring only ECDSA verification.

TEE implementation effects

· Tamper-proof data: Ensuring that user request/response data cannot be altered by intermediaries is crucial. This requires secure communication channels and strong encryption mechanisms.

· Secure execution environment: Both hardware and software must be protected from attacks. This involves utilizing TEE to provide an isolated environment for secure computation.

· Open-source and replicable version: The entire software stack, from the operating system to application code, must be replicable. This allows auditors to verify the integrity of the system.

Verifiable execution results: The results of AI computations must be verifiable to ensure that the outputs are credible and have not been tampered with.

TEE (Intel SGX) framework

TEE server-side security checks

When the service starts, it generates a signing key within the TEE.

1. You can obtain CPU and GPU proofs to verify that the service is running in a confidential VM in TEE mode.

2. The proof includes the public key of the signing key to verify that the key was generated in the TEE.

3. All inference results include signatures with signed keys.

4. You can use the public key to verify that all inference results are generated in the TEE.

TEE and ZK multi-proof

We cannot guarantee that any single cryptographic system is 100% secure. At the same time, current Zero-Knowledge (ZK) solutions are theoretically secure but cannot ensure that the entire system operates without errors, particularly from an engineering perspective, due to the complexity of ZK implementations. This is where multi-proof systems come into play; to hedge against errors in ZK implementations, hardware solutions like Trusted Execution Environment (TEE) can be used as a dual-factor verifier, providing double security for ZK projects such as AI Agents.

Core architecture design

Decentralized Root of Trust (DROT)

Decentralized Root-of-Trust (DROT) is the core element of the trust chain in Trusted Execution Environment (TEE). Ultimately, user verification relies on remote proofs signed by the CPU, which depend on a set of hardware-stored keys for generation. The hardware components responsible for managing these root keys, verifying firmware and applications, and issuing remote proofs are collectively referred to as DROT.

Key management protocol

In the overall design of the solution, key management follows the principle of least privilege, meaning that each entity in the system only knows the secrets strictly necessary to complete its tasks.

TEE controls domain name certificates.

The certificate management module in the solution design acts as a reverse proxy for applications running in the network. Notably, as part of the overall solution, it runs in the TEE and is managed by smart contracts.

Summary

Under the TEE and ZK multi-proof architecture provided by Lumoz, the combination of Trusted Execution Environment (TEE) and Zero-Knowledge Proof (ZK) creates a multi-layered protection framework that offers innovative solutions for the security, privacy, and verifiability of most AI Agents operating in untrusted environments. By combining the hardware isolation capabilities of TEE with the cryptographic verification characteristics of ZK, it effectively addresses the issues of data protection and execution transparency, aligning with the core principles of decentralization and transparency in Web3. This technological architecture not only enhances the credibility and usability of AI Agents but also, with continuous optimization and standardization, will unleash greater potential in more application scenarios.

For more progress, please follow the Lumoz official website and social media.

This article comes from submissions and does not represent the views of BlockBeats.