Lumoz Introduces On-Chain AI Agent with TEE+ZK Dual Proof Architecture

Source: Lumoz

Background

With the development of Web3, decentralized AI Agents have become a critical application. These agents can autonomously operate without centralized servers, process user data, and interact with blockchain smart contracts. However, the openness and trustlessness of Web3 present security challenges. AI Agents show potential in Web3, such as managing private keys, executing automated trades, and supporting DAO operations. However, their lack of trustworthiness and accountability deviates from core principles like decentralization and transparency, limiting their widespread adoption and hindering future development.

Current Status

Currently, most AI agents operate in untrusted environments, facing numerous security and transparency challenges. These agents often handle users' sensitive data and perform critical tasks, but their operating environments lack necessary safeguards, leading to potential risks such as data leaks, tampering with execution logic, or unverifiable computation results. Common assumed issues include:

· The agent's initialization process has not been tampered with

· Data provided by external APIs is secure and reliable

· Private keys are properly managed and cannot be leaked

· User input is not tampered with during transmission

Introducing TEE to Enhance Security

By default, all worker nodes are considered untrusted. Malicious workers may attempt the following improper behaviors:

· Eavesdropping on users' sensitive data;

· Providing incorrect computation results or not executing tasks at all;

· Degrading service quality, such as by reducing computing power or disrupting network connections.

To ensure the system's trustlessness, Lumoz relies on a Secure Enclave (a trusted execution environment, similar to Intel SGX) and an innovative key management mechanism. The Secure Enclave provides robust hardware security features to the system, primarily including the following:

· Data Confidentiality: All in-memory data is encrypted;

· Secure Execution: Even if an attacker controls the operating system or physical device, the correctness of the execution process cannot be compromised;

· Remote Attestation: Users can verify remotely to ensure that the hardware and software are running within a secure area.

Lumoz TEE Working Principle

Lumoz aims to be the core processing platform for AI computation, taking on a critical role in supporting scalable blockchain infrastructure. By integrating Trusted Execution Environment (TEE) technology, Lumoz can ensure the security and transparency of its computation process. This innovative combination merges the decentralization advantage of blockchain with the robust security of TEE, enabling Lumoz to not only provide a decentralized cloud computing network but also to efficiently execute various computing tasks in a trust-minimized environment.

Benefits of Introducing TEE

· Hardware-Level Security: Hardware secure areas ensure privacy, confidentiality, and data integrity.

· Minimal Computation Overhead: Applications running on TEE operate nearly at the same speed as applications running in a regular CPU environment.

· Low Verification Cost: Gas consumption for verifying TEE proofs is minimal, requiring only ECDSA verification.

TEE Implementation Effects

· Data Tamper-Resistance: Ensuring that user request/response data is not altered by intermediaries is crucial. This requires a secure communication channel and strong encryption mechanisms.

· Secure Execution Environment: Both hardware and software must be protected from attacks. This involves using TEE to provide an isolated environment for secure computation.

· Open-Source and Reproducible Version: The entire software stack, from the operating system to the application code, must be reproducible. This allows auditors to verify the integrity of the system.

Verifiable Execution Results: The results of AI computation must be verifiable to ensure that the output is trustworthy and has not been tampered with.

TEE (Intel SGX) Framework

TEE Server-Side Security Check

When the service starts, it will generate a signing key in the TEE.

1. You can obtain CPU and GPU proofs to verify if the service is running inside a secure VM in TEE mode.

2. This proof includes the public key of the signing key to demonstrate that the key was generated in the TEE.

3. All inference results include a signature with the signing key.

4. You can use the public key to verify that all inference results were generated in the TEE.

TEE and ZK-SNARKs

We cannot guarantee that any single encryption system is 100% secure. At the same time, current Zero-Knowledge (ZK) solutions are theoretically secure, but still cannot guarantee error-free operation of the entire system, especially from an engineering perspective. Due to the complexity of ZK implementations, this remains challenging. This is where a multi-proof system comes into play. To hedge against errors in ZK implementations, a hardware-based Trusted Execution Environment (TEE) can serve as a second-factor authenticator, providing dual security for ZK projects like AI Agents.

Core Architecture Design

Decentralized Root of Trust (DROT)

Decentralized Root of Trust (DROT) is a core element of the Trusted Execution Environment (TEE) trust chain. Ultimately, user validation relies on remote proofs signed by the CPU, which in turn depend on a set of hardware-stored keys for generation. The hardware components responsible for managing these root keys, verifying firmware and applications, and issuing remote proofs are collectively referred to as DROT.

Key Management Protocol

In the overall solution design, key management follows the principle of least privilege, meaning that the secret known to each entity in the system is strictly limited to the secrets required to perform its tasks.

TEE Domain Certificate

The certificate management module in the design of the solution, which acts as a reverse proxy for the application running in the network. It is worth noting that as part of the overall solution, it runs in a TEE and is also managed by smart contracts.

Summary

In the TEE and ZK multiproof architecture provided by Lumoz, the innovative solution combines the Trusted Execution Environment (TEE) and Zero-Knowledge Proof (ZK) to enhance the security, privacy, and verifiability of most AI Agents in untrusted environments. By combining the hardware isolation capability of TEE with the cryptographic verification features of ZK, it effectively addresses the issues of data protection and execution transparency, while also aligning with the core principles of decentralization and transparency in Web3. This technical architecture not only enhances the trustworthiness and usability of AI Agents but, with ongoing technological optimization and standardization, will unlock greater potential for AI Agents in various application scenarios.

For further developments, please follow the Lumoz website and social media.

This article is contributed content and does not represent the views of BlockBeats