Summary
Phase 4 — run benchmark evaluation inside a Trusted Execution Environment. The ONLY tier that prevents input-output binding attacks. Required before real money flows.
Options
- AWS Nitro Enclaves (most accessible)
- Intel SGX (broad support)
- ARM TrustZone (mobile/embedded)
What enclave proves
- Code running inside is genuine and unmodified (hardware attestation)
- Results provably came from running those inputs through that code
- No cherry-picking, no model swap, no modified eval harness
Marketplace flow
- Contract issues nonce
- Forge runner executes inside TEE
- TEE signs attestation with hardware-bound key
- Contract verifies hardware attestation certificate
- Payment released
Depends on
- Signed attestation working (Phase 2)
- Key registry (Phase 2)
- Grid operational with marketplace
Summary
Phase 4 — run benchmark evaluation inside a Trusted Execution Environment. The ONLY tier that prevents input-output binding attacks. Required before real money flows.
Options
What enclave proves
Marketplace flow
Depends on