Welcome to the Proofcast Documentation

Visit our website. Stay updated with the latest news by following us on X. Builders, developers, and curious minds are welcome to join our Telegram group to chat with the team.

Proofcast wants to democratize access to cryptographic proofs backed by Trusted Execution Environments (TEE) with the first “proving-as-a-service” solution based on trusted hardware.

What are TEEs?

TEEs are isolated execution environments within the main processor, where both code and data are protected at the hardware level. The secure enclave ensures:

  1. Confidentiality: code and data within the TEE are isolated and cannot be accessed by any unauthorized components, including the operating system and hypervisor.
  2. Integrity: the code and data within the TEE are shielded from tampering, even by privileged software or physical attacks on the hardware.
  3. Hardware Attestation: TEEs support cryptographic attestation, enabling the generation of verifiable proofs that the code executed inside the TEE is authentic and has not been altered.

Why it matters?

Blockchains like Ethereum are evolving into a modular stack, where multiple specialized layers (settlement, execution, consensus, data availability) outsource functions and exchange data with each other.

In particular, the decoupling between settlement and execution layers has given rise to the sector of coprocessors, execution layers designed to handle heavier computation more cheaply and efficiently.

However, they must commit to settlement layers via cryptographic proofs to ensure security and integrity across the system.

The limit of zk-proofs

The ascent of zero-knowledge proofs has been accelerated by the introduction of zkVMs: a revolution in abstraction and user experience.

It has enabled teams to generate zk-proofs directly from a Rust program, eliminating the need to design custom circuits and reducing overhead for developers.

Complexity was reduced, effectively democratizing access to zk-technology.

We believe the same should happen with Trusted Execution Environments.

The next generation of on-chain applications can only be enabled by co-processing power backed by TEEs.

Use cases like dePIN, decentralized AI (dAI), on-chain gaming, and data-rich applications involving heavy computation can be offloaded off-chain in a secure way.

For this type of application—representing the future of real-world utility—zk will never be a viable option.

However, teams today need to secure computation, amidst fragmentation between specific TEEs (Intel SGX, AWS Nitro, etc.) and different proving networks.

There is no control board or simple interface.

We believe the same transformation should occur with Trusted Execution Environments (TEEs).

The next generation of on-chain applications can only be unlocked by leveraging co-processing power secured by TEEs.

Use cases such as dePIN, decentralized AI, on-chain gaming—data-rich applications with heavy computation that can be efficiently offloaded off-chain in a secure and reliable manner.

For these types of applications—representing the future of real-world utility—zk-proofs will never be a fully viable solution.

However, teams today face challenges in securing TEEs computation, due to fragmentation among various TEEs (Intel SGX, AWS Nitro, etc.) and disparate proving networks without a unified control board and a simple interface, tailored to the specific needs.

The future of TEEs: “proving-as-a-service”

Proofcast wants to become the “proving-as-a-service” standard for TEEs.

We bet on giving developers better accessibility and UX by leveraging:

  • Abstraction: working with TEEs should be as simple as pressing a button and running your code;
  • Selection: our stack aims at supporting all types of devices (Intel, AWS, Android, etc.);
  • Customization: no lock-in network or standalone product, but a suite tailored to specific needs.

Our go-to-market is a suite of products that currently range from the first general-purpose TEE-VM, to event attestator (cross-chain) and light clients.

TEE-VM

Overview

Proofcast TEE-VM is a RISC-V runtime environment inside a Trusted Execution Environment (TEE). It enables builders to write Rust code allowing the execution of guest programs inside a RISC-V VM to provide proof of execution. The necessary I/O primitives are provided to facilitate communication with the VM, enabling the execution of arbitrary code within our TEE and generating proof of its execution as expected.

Proofcast TEE-VM represents a step forward in cross-chain communication by targeting fast and ready-to-use TEE devices, enabling builders to write coprocessors for production use today while preserving low gas impact for on-chain validation. By initially supporting StrongBox TEE, Proofcast TEE-VM provides an accessible and efficient solution for developers and organizations requiring robust, secure cross-chain interoperability.

Developers can focus on their core code without the costly or slow setups of alternative technologies. By targeting the RISC-V architecture, Proofcast TEE-VM aligns with market standards and remains open to new and optimized solutions in the future.

Purpose and Use Cases

The primary purpose of Proofcast TEE-VM is to provide builders with a tool for accessing and verifying states across different blockchains. This tool is chain-agnostic, and capable of working with any blockchain, from Ethereum to non-EVM chains.

It addresses several critical issues in cross-chain communication by enhancing seamless interaction between different blockchain networks, improving data management and integration, facilitating the fluidity of assets across platforms, reducing the risk of single points of failure, improving the efficiency of interactions between isolated blockchains, and providing flexible trust models in cross-chain interoperability solutions.

Competitive advantages

Proofcast TEE-VM provides a modern and efficient solution for cross-chain communication, enabling generic code to be compiled and executed on existing TEEs at a fraction of the time and cost associated with on-chain verification. Key benefits include:

  • Efficiency: Faster execution and lower on-chain verification costs compared to traditional methods.
  • Compatibility: Maintains close compatibility with ZKp systems, allowing users to switch between TEE and ZK solutions easily.
  • Scalability: Supports the creation of a variety of coprocessors for production use with low gas impact for on-chain validation.
  • Accessibility: Initial support for StrongBox TEE, which is inexpensive and widely available, unlike alternative centralized solutions.

Components

Proofcast TEE-VM includes the following components:

  • Rust Crate: Equipped with the necessary I/O primitives to allow communication to and from the RISC-V VM.
  • Command-Line Interface (CLI): Serves as the user's gateway to the runtime environment, enabling the execution of user code.
  • TEE Runtime Environment: Responsible for executing user code, returning the output of computations, and providing proof that the computations were executed as intended. While we provide the execution layer, users deploy their own supported TEE. Initially, we support the StrongBox TEE, with plans to support additional TEEs in the future.

Industry Context

Proofcast TEE-VM is positioned within the rapidly advancing landscape of coprocessor technologies, influenced by contributions from projects such as Succinct's SP1, RISC Zero, and Jolt. These projects have improved the execution of generic code on RISC-V VMs and enhanced ZK proofing speeds. Despite the promise of ZK systems, they still face significant computational inefficiencies and high on-chain verification costs, which can be a barrier for many builders.

Public Good

Proofcast TEE-VM is a public good: it is freely accessible and operates on a permissionless basis. The Rust crate, CLI, and runtime environment will all be published as open-source repositories. This allows the community to freely access the codebase, fostering collaboration and innovation.

Event Attestator

Overview

The Event Attestator is part of Proofcast's suite of proving services. In conjunction with the TEE Wrapper, it can be used to get proof that an arbitrary event has taken place in a configured blockchain. Along with proof of inclusion, the validity of the block containing the target event is also checked, for a number of supported blockchains. Once an event proof has been output from the Event Attestator, it is possible to verify it on chain with a solidity smart contract.

Drawing from extensive experience in the field of cross-chain asset bridging, Proofcast empowers the Event Attestator with a large library of supported blockchain on which events can be defined, detected and validated. Compared to up-and-coming zero knowledge proof (ZKp) based verification, thanks to the trusted execution environment (TEE) backed TEE Wrapper, both off-chain prooving and on-chain verification are inexpensive, giving the Event Attestator a short and medium term competitive advantage.

Purpose and Use Cases

While with Proofcast's TEE-VM it is possible to prove the execution of arbitrary code, the Event Attestator focuses more closely on the task of proving events. It can be run by anyone with a supported TEE enabled device, by simply configuring selected blockchain details and event information.

Event proving is necessary for a number of cross-chain operations, such as:

  • Asset bridging
  • DAO synchronization
  • Cross-chain swaps

Proofcast's Event attestator can be used on its own or in conjunction with other proving services such as through LayerZero Omnichain and Hashi's SafeJunction.

Architecture

The Event Attestator currently supports Android Strongbox's TEE; more platforms are being integrated.

The project is structured like follows:

  • common/: low level library providing all the code for block validation and proof generation for each supported blockchain
  • apps/: lightweight JSONRPC HTTP server abstracting the interaction to the TEE contained into the device

The system at a glance:

Event Attestator Architecture

  • The JSONRPC api allows the end user to send commands to the device
  • These commands are then sent through the websocket channel to which the device is connects on startup
  • The core library deserialize each message coming from the websocket channel and process them accordingly

Setup for EVM chains

  1. Copy the configuration sample from sample-config.toml file in the common folder and configure it to your needs, in particular be careful to fill up the [networks.chainName] section with the endpoints property.

  2. For each configured chain, set the events array where each element is in the following form:

["<contract-address>","<topic>"]
  1. Build the app
cargo build --release --bin jsonrpc-app
  1. Run
./jsonrpc-app -c <config.toml>
  1. Set up the TEE Wrapper in order to connect the app to the device.

When everything is connected you can manually process a block of interest on the configured chain with the process method, as in the following call:

curl \
  -X POST \
  -H 'Content-Type: application/json' \
  -d '{"jsonrpc":"2.0","id":1,"method":"process","params":["bsc", "38745426", "false", "true"]}' \
  http://127.0.0.1:3030/v1/rpc

The output will include all the signatures for the configured events in the signed_events array:

{
  "id": 1,
  "jsonrpc": "2.0",
  "result": {
    "latest_block_num": 38745426,
    "network_id": {
      "chain_id": 56,
      "disambiguator": 0,
      "protocol_id": "Ethereum",
      "version": "V1"
    },
    "signed_events": [
      {
        "block_hash": "0x1535c8e9ab42918c2df9d05ba18a816dafc2e3eba45fffc334d2890a2ebcc0bf",
        "encoded_event": "0100016162636465656666200000000000000000000000000000000000000000000000000000000000000000005af3107a4000",
        "event_id": "abcdeeff",
        "log": {
          "address": "0xf5e11df1ebcf78b6b6d26e04ff19cd786a1e81dc",
          "data": [],
          "topics": [
            "0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef",
            "0x000000000000000000000000b0116a2cab9774e9d75834dcce64f99fd75a8579",
            "0x0000000000000000000000000000000000000000000000000000000000000000"
          ]
        },
        "public_key": "03572d2b94ea3918ecd104cdd84a07efc1f9cbc1f11bbd02a6418179894d0d2fc6",
        "signature": "02a893f433fcd688558931a1ab8041c8384ac710550e8ab22c705233c68bd12c38c085405ca6d2c5ea3db8d1b6b84d49f46f070239dcc06aa3c4ec78ea72cb0f01",
        "version": "V1"
      }
    ],
    "timestamp": 1716302631
  }
}

Introduction

The low level nature of Trusted Execution Environments prompts the use of an abstraction layer in order to facilitate the interaction for the end user. This project aims to create this layer by creating a websocket connection to the host to whom the device is connected and will interpret all the commands sent by the host as low level calls. Through this application it is therefore possible to run a rust program inside an Android TEE using a websocket connection to communicate to the outside.

Architecture

The architecture consists into different layers:

  • React app: very thin layer which makes the developing on the device easier
  • App android: where the websocket client is started continuously polling for the host connection
  • Java Native Interface (JNI): the command coming from the host is serialized in bytes and sent to a lower level call implemented in Rust
  • Core: the actual rust code which is being wrapped interacting with the underlying TEE. This is dynamically loaded when the Android app starts and where the commands are actually executed. Once the result is available it get serialized again and returned to the apps and forwarded to the host through the websocket connection.

Setup

Requirements

An android device with TEE hardware

  • JAVA SDK 11 installed
  • Android SDK installed (v33)
  • Android NDK installed (v25)

Optional

  • Android Studio

Steps

  1. Link the Rust library project into the rust folder (be sure it compiles when running cargo build --release):
  2. Create a local.properties file into the android/ folder with the path to the android SDK and NDK:
sdk.dir=/opt/android-sdk
ndk.dir=/opt/android-sdk/ndk/25.2.9519653
  1. Plug the device and run
npm run plugDevice
  1. Run the reactive-app
npx react-native start

Press a in order to compile and install the app on the device.

  1. Open websocket ports between the android device and the computer:
  1. Now the app is looking for a websocket connection to the port 3000 on localhost.

This page is a work in progress.

The BitcoinZ Light Client from the Proofcast suite offers an accessible, less resource-intensive way to interact with the Bitcoin blockchain. As interchain operability grows, light clients will be crucial for verifying chain status, such as verifying Bitcoin state on an EVM-compatible chain.

Key Features

  • Zero-Knowledge Proof: Utilizes sp1 and risc0 zero-knowledge proofs.
    • SP1 zkVM: Implemented in Rust.
    • RISC0: Supports CPU and GPU runs.

Usage

To integrate and test the BitcoinZ Light Client, follow the instructions provided in the GitHub README.

This page is a work in progress.

The BitcoinT is the TEE Bitcoin light client developed by Proofcast.