Skip to content Skip to footer

Decentralize All the Things!

Expanding decentralized confidential computation into AI and beyond.

Web3 has a central ethos, “don’t trust, verify” which is made uniquely possible due to blockchain technology being able to perform computation in a decentralized and verifiable manner. With the maturing of public blockchains, attention is now focused on how trustless computation, offered by blockchain networks, can be extended to a variety of things such as provisioning physical infrastructure, building oracles to stream traditional Web2 data assets, creating representations of real-world physical assets on-chain and performing privacy-preserving AI training and inference.

What if you could seamlessly compose operations and user experiences across different things?

This post explores how Oasis is enabling a future where all of these different things can seamlessly interoperate and scale by leveraging and composing different decentralized confidential computing technologies.

Decentralized Confidential Computation

Verifiability is a prerequisite for decentralization. If you are not able to succinctly verify that a computation has been performed correctly, the result of that computation cannot be easily trusted by a set of potentially distrusting parties. With interconnected distributed systems there are a few ways to go about this:

Replicate the entire computation.

Each party re-executes all programs to verify that the result is the same. This has multiple drawbacks. Firstly, replicating complex programs requires all inputs to be available and is computationally expensive. It may not be feasible at all in case of AI applications.

Secondly, this doesn’t work for applications that have non-deterministic behavior. For example, imagine a program that during execution makes a request to a remote news feed. Two nodes making the exact same request at roughly the same time may get slightly different results. Results of non-deterministic computation are not directly comparable, making it difficult to simply replicate execution and subsequently verify results across a decentralized network.

Furthermore, an overarching consideration for decentralization is that we need privacy/confidentiality. From private votes, confidential trading strategies, the composition of proprietary AI models, to private data sets, some or none of the parties performing computations should be granted access to confidential data.

Generate a succinct proof of computation.

One party runs the program and then generates a succinct proof like a Zero-knowledge (ZK) Proof and/or a Trusted Execution Environment (TEE)  Remote Attestation (RA) which proves that a certain program executed correctly and in the right environment.

Combination of both.

Lower the amount of needed replication by requiring multiple succinct proofs of computation from a set of non-colluding parties (e.g. a randomly elected committee based on stake and/or other constraints). This is the best of both worlds and is also what the Oasis decentralized confidential compute platform is based on.

Privacy is a prerequisite for useful decentralization. If you are not able to keep secrets, many use cases that could benefit from decentralization are not possible or require awkward workarounds. Sealed-bid auctions, private voting, AI training over private data sets, AI inference over private models, private intents, to name just a few.

Oasis implements decentralized confidential computation through a combination of TEEs, modern cryptography and a distributed consensus protocol which together provide a secure decentralized confidential computing platform – which form the core of our Defense in Depth approach to security.

Onboarding All the Things

In order to onboard things from the more traditional Web2 realm like AI, real-world assets, oracles, intent solvers etc., into the decentralized realm, we need to provide both verifiability and confidentiality. Fortunately Oasis is in a unique position to do so!

Oasis has been designed as a decentralized modular confidential compute platform from the very beginning. Oasis established a decentralized validator set and a battle-hardened consensus layer that serve as the root of trust. We brought the first confidential EVM which runs as part of Sapphire and enables anyone to write Solidity smart contracts that can own secrets using familiar tooling. Oasis has been built for scalability where multiple confidential EVMs can be deployed in parallel runtimes, leveraging the same consensus layer for easier interoperability.

Looking ahead, there are multiple ongoing developments, some of which we have briefly touched upon in our roadmap, that will enable this vision. One of those is Runtime Off-chain Logic (ROFL), first because who doesn’t need a good laugh 🤣, but more than just sounding funny, it allows Oasis to extend the influence of confidential runtimes to off-chain infrastructure in a decentralized, verifiable and confidentiality-preserving way. This is only possible because Oasis has built a lot of the robust infrastructure needed for decentralized confidential computation in order to enable confidential smart contracts.

What is ROFL?

ROFL  is a framework that extends runtimes like Sapphire with support for off-chain components which can be more flexible in the kind of computation they support. In contrast to on-chain runtimes, they can run more complex computations, can behave non-deterministically and can access remote network resources. These components are secured by the same Oasis TEEs, the consensus layer and its decentralized validator set which can transparently run ROFL without the need to install anything besides the Oasis Core nodes and runtime bundles, which node operators currently run. And it is not limited to Sapphire as it can be added to any confidential runtime, existing or new, to extend the runtime’s capabilities.

ROFL allows for these components to seamlessly communicate with the on-chain realm, bringing about seamless composability across different blockchain platforms and across off-chain computation stacks. And because it uses the same underlying remote attestation technology, all computation is verifiable and can hold secret state.

‍This opens up the world of possibilities:

Autonomous AI agents. Decentralized agents powered by AI can run in ROFL, making it possible for them to have private “thoughts” (state) and interact with the world (including other agents) via transactions, queries and oracles. And with support for Intel TDX and Amazon Nitro Enclaves on the roadmap for Oasis, this will make it much easier to run more complex workloads like AI inference in a decentralized fashion. It will also enable ROFL components that can leverage NVIDIA TEEs. Models can stay private but at the same time verifiable.

Decentralized and responsible AI training. Going even further, it is possible to perform decentralized AI training inside ROFL. Although limited in performance by the current TEE implementation (SGX), with upcoming support for Intel TDX and NVIDIA TEEs, training larger AI models in a decentralized and verifiable fashion will become possible. And with algorithms for evaluating fairness of AI models, developed by Oasis Labs, running alongside in ROFL, it should be possible to ensure that AI is built in a decentralized manner, for all humanity.

Oracles, bridges and light clients. Since there are less constraints on what is possible to do within ROFL, one can use it to run a committee of Bitcoin light clients and submit verified blocks on chain or relay transactions. In a similar way it can talk to remote services over HTTPS and as such provide arbitrary oracles directly to on-chain smart contracts, natively. On-chain logic can then take care of fee payments, proof verification and aggregation.

Intent solvers and chain abstraction. For a better user experience it is useful to express the goals (intents) and let the system find the optimal solution (e.g. via a path of swaps and transfers). But without decentralization and confidentiality users could be subjected to front-running or other kinds of MEV extraction. ROFL can enable these to accept encrypted intents and securely communicate with multiple chains.

Defense in depth for decentralized sequencers and ZK-provers. In order to improve the robustness of ZK protocols, one can perform the same computation that is covered by a ZK proof in ROFL. This provides the protocol with additional remote attestation proofs which are cheaper and faster to compute and the protocol can then decide to accept a result only if both the ZK proof and the TEE RA proof agree. In the same manner ROFL can be leveraged to build decentralized sequencers to ensure that the blocks they build are fair according to arbitrary criteria or even support encrypted transactions.

Foundational ROFL support has already landed in the development branch of Oasis Core and will be part of the upcoming release. ROFL will also be supported in the Oasis SDK with documentation and examples showcasing how to leverage its capabilities.

Boosting Confidential Computing Transparency

As stated in an EthCC talk last year, somewhat ironically, confidentiality is only possible through transparency. An important component of onboarding more use cases is therefore to also boost transparency of how confidential computing operates. In the case of the Oasis confidential computing platform all remote attestation proofs are posted on-chain to be verified by anyone (and this is exactly what the consensus layer is doing most of the time).

Remote attestation proof verification however requires some collateral that comes from CPU vendor services like Intel PCS. Fortunately those have seen an increase in transparency and the latest version of ECDSA-based remote attestations are independently verifiable. To boost transparency further, Oasis is planning to also build a decentralized on-chain verification collateral registry which will play a similar role to certificate transparency logs used for TLS. It will therefore guard against some potential vendor compromises and also enable a form of caching where the system will be able to function more independently even when vendor services fail.

Closing Thoughts

New technological developments call for extending trustless computation provided by mature blockchain platforms into physical infrastructure, traditional data assets and AI. The race is on. But in the context of Web3, none of it matters if the Web3 ethos is not upheld through sufficient decentralization.

Oasis can ensure verifiability and confidentiality of arbitrary computation  in a decentralized environment, opening the door to decentralizing all the things. From autonomous AI agents, NFT collections that have a mind of its own, decentralized AI training, oracles, chain abstraction and defense in depth, the sea of possibilities is endless.

Smart privacy starts here. What will you build?