Computation is built on top of the Trusted Execution Environments / TEEs (e.g. Intel SGX). It ensures the user data is processed in privacy-enhancing technologies. With a combination of remote proof, identity authentication, session key exchange and data encryption, users can be guaranteed that the execution environment is expected. Then, a TEE node can process user's data and produce the TEE attestation, which can be verified by the verification layer to make sure the execution result posted on-chain is computed in the same trusted environment where users have submitted their data.

Trusted Execution Environment Cluster.

The CARV protocol operates a cluster of TEE nodes, each designated for specific functions. To participate, nodes must stake tokens and, in return, they earn rewards for their contributions but face penalties for any misconduct.

In the data processing workflow, a single TEE node is selected to handle each task. The node processes the data and then posts results on the blockchain, accompanied by TEE attestation, a timestamp, and a nonce to thwart replay attacks.

For AI model training, parameters are crucial for differentiating AI models, and most training models need to be run in a Trusted Execution Environment (TEE). The CARV protocol natively supports AI training within a TEE, enabling AI companies to access high-quality data in a privacy-preserving manner, thus protecting both user data and model parameters.

About Trusted Execution Environments

TEEs offer attestations, enabling users to confirm that results are genuinely produced by a legitimate enclave operating correctly. We utilize Intel SGX for generating blockchain-verifiable ECDSA signatures, directly authenticated against Intel’s Root Certificate Authority (CA). Our ongoing security measures against SGX vulnerabilities, such as Aepic and MMIO, include updating the SGX Trusted Computing Base (TCB) regularly, employing different Oblivious RAM (ORAM) strategies, and restricting network participation to hardware with established integrity that complies with stringent Direct Anonymous Attestation (DAA) protocols.

Zero-Knowledge Proof

zk-SNARK: ZK (Zero-Knowledge) Proof is the mechanism that validates and verifies the data in CARV Protocol. Verifying a proof is a computational operation that is logarithmic in the worst case to the mathematical statement, and the proof process does not require interaction between the prover and the verifier, only the proof needs to be passed to the verifier (non-interactive).

Through zk-SNARK, CARV Protocol can verify and prove users' on and off chain data, while ensuring minimal disclosure of user data, achieving privacy-preserving.

Note that CARV accommodates both ZK (Zero-Knowledge) Proof and non-ZK proof data. Utilizing ZK Proof as input minimizes the risk of data exposure throughout the end-to-end data flow. Nevertheless, non-ZK proof data can still be verified and processed privately, by the integration with TEE.