TEE Security

Confidential compute, as an open service.

Hardware-attested execution across Intel TDX, AMD SEV-SNP, AWS Nitro Enclaves, and NVIDIA GPU Confidential Compute — verifiable by anyone, provided by independent operators, paid in TNZO.

Overview

Security as a service — provisioned by the network, not by one provider.

Tenzro Network treats TEE security the same way it treats intelligence: an open service offered by independent providers, priced in TNZO, attested in hardware, verifiable on-chain. Run confidential inference, host enclave-sealed keys, attest model execution, or build sealed agentic workflows — without trusting any single vendor with the data.

Vendors

Five hardware platforms. One attestation surface.

Intel TDX

Real /dev/tdx-guest ioctl integration, TDREPORT → Quote pipeline, Intel PCS certificate chain verification, QE P-256 ECDSA signature verification.

AMD SEV-SNP

Real /dev/sev-guest ioctl, SNP_GET_REPORT, AMD KDS VCEK certificate fetching, ARK → ASK → VCEK chain verification.

AWS Nitro Enclaves

Real NSM device integration, CBOR attestation documents, AWS Nitro root CA chain validation, COSE_Sign1 ES384 signature verification per RFC 8152.

NVIDIA GPU CC

NVIDIA NRAS HTTP API attestation, GPU evidence collection, JWT token verification, SPDM-based measurements.

Intel Tiber Trust Authority

Hosted attestation via ITA — nonce → attest → EAT JWT round-trip, JWKS pinning, cross-vendor AttestationResult projection.

Enclave encryption

AES-256-GCM with HKDF-SHA256 key derivation. Vendor-tagged domain separation. Production keys sealed by MKTME/VMSA/KMS/CC memory.

On-chain verification

TEE_VERIFY precompile validates attestation quotes natively. Validators with valid attestation earn weighted leader selection.

Hybrid ZK-in-TEE

Generate Plonky3 STARK proofs inside an enclave, signed with classical or PQ-hybrid (Ed25519 + ML-DSA-65) composite signatures.

Open provider market

Any TEE-equipped operator can register, stake TNZO, advertise capabilities, and earn for serving — without permission.

Use cases

What enclaves enable.

01
Confidential AI inference
Serve a model with input data and model weights sealed inside the enclave. Output the result with an attestation quote proving the binding.
02
Sealed key custody
Hold an MPC key share inside a TEE. Sign transactions with attested integrity. Bridge signers use TEE-sealed Secp256k1 keys.
03
Confidential training data
Phase 4 training ingests HPKE-sealed shards, decrypts only inside the trainer's TEE — confidential federated training without raw data exposure.
04
Validator hardening
Validators run consensus inside a TEE. Attestation surfaces on-chain. TEE-attested validators get 1.5× weight in leader selection.
05
Agent execution
Run an autonomous agent inside an enclave. Sealed wallet keys, attested decision-making, verifiable behavior — without trusting the host.
06
Compliance auditing
Issue verifiable credentials from inside an enclave — proving that a check ran on real data without revealing the data itself.

Specifications

Platforms: Intel TDX, AMD SEV-SNP, AWS Nitro Enclaves, NVIDIA GPU CC, Intel Tiber
Hosted attestation: Intel Tiber Trust Authority (PS384/RS256 JWT)
Encryption: AES-256-GCM with HKDF-SHA256 key derivation, vendor-tagged domain separation
On-chain: TEE_VERIFY precompile, validator weighting, attestation-bound ZK proofs
Hybrid ZK-TEE: Plonky3 proofs signed with classical or PQ-hybrid (Ed25519 + ML-DSA-65) composite signatures
Detection: Runtime auto-detection with TENZRO_SIMULATE_* fallback for dev environments

Get started

Ship on the open network.

Run a TEE provider

Attestation docs