Security

Security posture.

Tenzro Network is hardware-attested, cryptographically verifiable, and post-quantum-hybrid by default. Five TEE vendors, three ZK AIRs, hybrid signatures, equivocation slashing, modular smart-account validators.

Threat model

Threat

Malicious model providers

Control

On-chain reputation (asymmetric +1 / -5), circuit breakers, stake collateral, optional ZK-in-TEE inference proofs.

Threat

Compromised TEE hosts

Control

Quote verification with vendor-pinned X.509 chains, ECDSA signature validation over attestation payloads, measurement-bound HPKE for sealed data.

Threat

Validator equivocation

Control

EquivocationDetector inside VoteCollector. 10% stake slashing through StakingSlashingCallback. Hybrid Ed25519 + ML-DSA-65 vote signatures.

Threat

Replay and front-running

Control

Per-address sequential nonces, EIP-1559 priority fees, mempool rate limits, three-ceiling enforcement on payment intents.

Threat

Key compromise on smart accounts

Control

ERC-7579 modular validators: social recovery (N-of-M guardians), session keys, spending limits. All combined AND-wise at the EntryPoint.

Threat

Quantum adversary

Control

Hybrid PQ rollout. Validator keys: Ed25519 + ML-DSA-65 + BLS12-381. Transport: X25519 + ML-KEM-768. Plonky3 STARKs are conjectured PQ-sound.

TEE attestation

Five vendors, one verification path.

Intel TDX

/dev/tdx-guest ioctl, TDREPORT → Quote, PCS chain, QE P-256 signature.

AMD SEV-SNP

/dev/sev-guest ioctl, SNP_GET_REPORT, AMD KDS VCEK, ARK → ASK → VCEK chain.

AWS Nitro

/dev/nsm device, CBOR attestation document, COSE_Sign1 ES384 verification.

NVIDIA GPU CC

NRAS HTTP API, SPDM measurements, JWT verification, 24-hour report freshness.

Intel Tiber

ITA appraisal service, EAT JWT, allow-listed jku, TDX measurement projection.

Zero-knowledge

Plonky3 STARKs, post-quantum sound.

Plonky3 over KoalaBear

Field 2^31 − 2^24 + 1, two-adicity 24. Poseidon2 hashing, FRI commitments. No trusted setup. Pinned testnet config: log_blowup=1, num_queries=64, query_pow=16, commit_pow=8.

Three AIRs

Inference, settlement, identity. Generic verify_proof_envelope dispatcher reads circuit_id and runs the matching AIR verifier.

ZK-in-TEE

Witness construction inside the enclave. Prover runs sealed. Signed by the enclave key, optionally hybrid Ed25519 + ML-DSA-65. External attestation cross-binding via bind_external_attestation_result.

Commitment registry

Validators verify proofs off-EVM and record 32-byte SHA-256 commitments in ZkCommitmentRegistry. The EVM ZK_VERIFY precompile is an O(1) HashSet lookup.

Audit posture

Pre-alpha. Testnet only.

External security audit scheduled before mainnet. Testnet is for development, integration, and adversarial testing. Do not send production assets to testnet addresses.

TEE paper ZK paper Architecture