Skip to main content

Nitro Enclaves Attestation Verification with RiscZero

AWS Nitro Enclaves is a popular approach of creating Trusted Execution Environments (TEEs). In order to prove that applications are genuinely running in a TEE, hardware providers provide attestations which can be verified by an untrusting party. Onchain verification of attestations from AWS Nitro requires about 70m gas on EVM chains. There are two ways to mitigate this expense:

  • Prepare an enclave that can verify attestations from other enclaves and get an attestation from this verification enclave verified onchain once. Every consecutive attestation can then be verified by the verification enclave and only signatures from a key generated inside the verification enclave have to be verified onchain.

  • Create a ZK proof of the attestation verification and then verify the ZKP onchain. Creating such a ZK proof takes about 15 minutes on a RTX4000 GPU and verification of the proof consumes about 300k gas on EVM chains.

This Kalypso market will be used to match users who are running or using enclaves whose attestations are to be verified with hardware operators who can use RiscZero to generate ZK proofs of verifying the attestation.