Automata TDX Attestation SDK is the most-feature complete SDK for Intel TDX development, it consists of two parts:
- TDX package: it helps developers to generate the Intel TDX Quote in different cloud service providers (CSP).
- Risc0 and Succinct ZK host and guest programs.
Refer to TDX package to setup the Intel TDX CVM in different cloud service providers (CSP).
Use TDX package to generate the Intel TDX Quote, you can find an example in tdx_attestation.
In Automata DCAP Attestation, We provide two ways to verify the Intel TDX quote on-chain:
function verifyAndAttestOnChain(bytes calldata rawQuote)
It accepts the raw quote hex string to perform the on-chain verification, all collaterals will be fetched from the Automata on-chain PCCS.
function verifyAndAttestWithZKProof(bytes calldata output, ZkCoProcessorType zkCoprocessor, bytes calldata proofBytes)
The first parameter represents the output of the zkVM, the second one is the zkVM type, and the third one is its corresponding proof. It supports two kinds of ZK technologies to perform the on-chain verification:
-
- output: the journal of the Risc0 zkVM output
- zkCoprocessor: 1
- proofBytes: the seal of the Risc0 zkVM output
-
- output: the execution result of the SP1 Prover output
- zkCoprocessor: 2
- proofBytes: the proof of the SP1 Prover output
The on-chain verification contract has been deployed to Automata Testnet at 0x6D67Ae70d99A4CcE500De44628BCB4DaCfc1A145.
The ImageID currently used for the DCAP RiscZero Guest Program is 83613a8beec226d1f29714530f1df791fa16c2c4dfcf22c50ab7edac59ca637f
.
The VKEY currently used for the DCAP SP1 Program is
004be684aaf90b70fb2d8f586ec96c36cee5f6533850b14e8b5568f4dbf31f8e
.
An useful DCAP zkVM clis can be found at Automata DCAP zkVM CLI.
Please follow the Intel official DCAP repo SGXDataCenterAttestationPrimitives to perform the off-chain verification.
To get started, you need to have the following installed:
Note: To request an API key complete the form here.
With the Bonsai proving service, you can produce a [Groth16 SNARK proof] that is verifiable on-chain. You can get started by setting the following environment variables with your API key and associated URL.
export BONSAI_API_KEY="YOUR_API_KEY" # see form linked above
export BONSAI_API_URL="BONSAI_URL" # provided with your api key
To get started, you need to have the following installed:
Note: To request an whitelisted address, complete the form here.
With the SP1 Proving Network, you can produce a [Groth16 SNARK proof] or [Plonk SNARK proof] that is verifiable on-chain. You can get started by setting the following environment variables with your whitelisted address and associated Proving Network.
export SP1_PROVER=network
export SP1_PRIVATE_KEY=""
We would like to acknowledge the projects below whose previous work has been instrumental in making this project a reality.
- Risc0: The Risc0 ZK Optimization to reduce the gas cost to verify the Intel TDX Quote on-chain.
- SP1: The Succinct ZK Optimization to reduce the gas cost to verify the Intel TDX Quote on-chain. It supports Groth16 and Plonk proofs.
This project is under development. All source code and features are not production ready.