Lumoz Introduces On-Chain AI Agent with TEE+ZK Dual Proof Architecture
Source: Lumoz
Background
With the development of Web3, decentralized AI Agents have become a critical application. These agents can autonomously operate without centralized servers, process user data, and interact with blockchain smart contracts. However, the openness and trustlessness of Web3 present security challenges. AI Agents show potential in Web3, such as managing private keys, executing automated trades, and supporting DAO operations. However, their lack of trustworthiness and accountability deviates from core principles like decentralization and transparency, limiting their widespread adoption and hindering future development.
Current Status
Currently, most AI agents operate in untrusted environments, facing numerous security and transparency challenges. These agents often handle users' sensitive data and perform critical tasks, but their operating environments lack necessary safeguards, leading to potential risks such as data leaks, tampering with execution logic, or unverifiable computation results. Common assumed issues include:
· The agent's initialization process has not been tampered with
· Data provided by external APIs is secure and reliable
· Private keys are properly managed and cannot be leaked
· User input is not tampered with during transmission
Introducing TEE to Enhance Security
By default, all worker nodes are considered untrusted. Malicious workers may attempt the following improper behaviors:
· Eavesdropping on users' sensitive data;
· Providing incorrect computation results or not executing tasks at all;
· Degrading service quality, such as by reducing computing power or disrupting network connections.
To ensure the system's trustlessness, Lumoz relies on a Secure Enclave (a trusted execution environment, similar to Intel SGX) and an innovative key management mechanism. The Secure Enclave provides robust hardware security features to the system, primarily including the following:
· Data Confidentiality: All in-memory data is encrypted;
· Secure Execution: Even if an attacker controls the operating system or physical device, the correctness of the execution process cannot be compromised;
· Remote Attestation: Users can verify remotely to ensure that the hardware and software are running within a secure area.
Lumoz TEE Working Principle
Lumoz aims to be the core processing platform for AI computation, taking on a critical role in supporting scalable blockchain infrastructure. By integrating Trusted Execution Environment (TEE) technology, Lumoz can ensure the security and transparency of its computation process. This innovative combination merges the decentralization advantage of blockchain with the robust security of TEE, enabling Lumoz to not only provide a decentralized cloud computing network but also to efficiently execute various computing tasks in a trust-minimized environment.
Benefits of Introducing TEE
· Hardware-Level Security: Hardware secure areas ensure privacy, confidentiality, and data integrity.
· Minimal Computation Overhead: Applications running on TEE operate nearly at the same speed as applications running in a regular CPU environment.
· Low Verification Cost: Gas consumption for verifying TEE proofs is minimal, requiring only ECDSA verification.
TEE Implementation Effects
· Data Tamper-Resistance: Ensuring that user request/response data is not altered by intermediaries is crucial. This requires a secure communication channel and strong encryption mechanisms.
· Secure Execution Environment: Both hardware and software must be protected from attacks. This involves using TEE to provide an isolated environment for secure computation.
· Open-Source and Reproducible Version: The entire software stack, from the operating system to the application code, must be reproducible. This allows auditors to verify the integrity of the system.
Verifiable Execution Results: The results of AI computation must be verifiable to ensure that the output is trustworthy and has not been tampered with.
TEE (Intel SGX) Framework
TEE Server-Side Security Check
When the service starts, it will generate a signing key in the TEE.
1. You can obtain CPU and GPU proofs to verify if the service is running inside a secure VM in TEE mode.
2. This proof includes the public key of the signing key to demonstrate that the key was generated in the TEE.
3. All inference results include a signature with the signing key.
4. You can use the public key to verify that all inference results were generated in the TEE.
TEE and ZK-SNARKs
We cannot guarantee that any single encryption system is 100% secure. At the same time, current Zero-Knowledge (ZK) solutions are theoretically secure, but still cannot guarantee error-free operation of the entire system, especially from an engineering perspective. Due to the complexity of ZK implementations, this remains challenging. This is where a multi-proof system comes into play. To hedge against errors in ZK implementations, a hardware-based Trusted Execution Environment (TEE) can serve as a second-factor authenticator, providing dual security for ZK projects like AI Agents.
Core Architecture Design
Decentralized Root of Trust (DROT)
Decentralized Root of Trust (DROT) is a core element of the Trusted Execution Environment (TEE) trust chain. Ultimately, user validation relies on remote proofs signed by the CPU, which in turn depend on a set of hardware-stored keys for generation. The hardware components responsible for managing these root keys, verifying firmware and applications, and issuing remote proofs are collectively referred to as DROT.
Key Management Protocol
In the overall solution design, key management follows the principle of least privilege, meaning that the secret known to each entity in the system is strictly limited to the secrets required to perform its tasks.
TEE Domain Certificate
The certificate management module in the design of the solution, which acts as a reverse proxy for the application running in the network. It is worth noting that as part of the overall solution, it runs in a TEE and is also managed by smart contracts.
Summary
In the TEE and ZK multiproof architecture provided by Lumoz, the innovative solution combines the Trusted Execution Environment (TEE) and Zero-Knowledge Proof (ZK) to enhance the security, privacy, and verifiability of most AI Agents in untrusted environments. By combining the hardware isolation capability of TEE with the cryptographic verification features of ZK, it effectively addresses the issues of data protection and execution transparency, while also aligning with the core principles of decentralization and transparency in Web3. This technical architecture not only enhances the trustworthiness and usability of AI Agents but, with ongoing technological optimization and standardization, will unlock greater potential for AI Agents in various application scenarios.
For further developments, please follow the Lumoz website and social media.
This article is contributed content and does not represent the views of BlockBeats
You may also like
a16z founder's Stanford lecture: Whenever Wall Street and Silicon Valley have different ideas, it's Wall Street that ends up being wrong
Michael Saylor: After three consecutive quarters of losses, Strategy will sell Bitcoin to pay dividends
The toll station at Hormuz and the RMB that cannot be bought
Interview with Coinbase Institutional's Strategic Head: The Institutionalization of Crypto Reaches a Critical Point
Dialogue with Agora CEO Nick: The battle for stablecoin licenses has just begun
Morning Report | a16z Crypto completes $2.2 billion fundraising for its fifth fund; Bullish invests $4.2 billion to acquire share transfer agency Equiniti; PayPal's Q1 performance exceeds expectations
a16z Crypto: What We See Behind the $2.2 Billion New Fund
Web3 is dead, Web2+3 should rise
Stablecoins and Latin American Remittances: The Misunderstood $174 Billion Market
The arrival of the Web 3.0 era: A review of Hong Kong court rulings on digital assets
Track Markets At a Glance: New WEEX Price Widgets for iOS & Android
To streamline your market data access, WEEX has officially launched "Market Watchlist" desktop widgets
The billion-dollar lesson: The focus of DeFi security is shifting from code to operational governance
A Brief Analysis of Stablecoin Licenses and On-Chain Funding
BVNK Founder: Three Stages of Stablecoin Development
The truth about Trump's son's Bitcoin game: he made a staggering $100 million while retail investors lost $500 million
What Is Futures Trading? Hours, Platforms, and How to Start Trade Futures(2026 Guide)
Learn how to start futures trading, understand trading hours, and choose the best futures trading platform. Includes real data, strategies, and ways to maximize returns with rebates.
The Rise of Composable RWA
MAGA Up 350% in 24 Hours, PEPE Up 46% in One Day: Which Memecoins Are Next in 2026?
MAGA +350% in 24hrs. PEPE +46% in one day. RAVE +4,500% then -90%. In 2026's memecoin market, the gains are real. So are the traps? Here's how to tell the difference before you buy.
a16z founder's Stanford lecture: Whenever Wall Street and Silicon Valley have different ideas, it's Wall Street that ends up being wrong
Michael Saylor: After three consecutive quarters of losses, Strategy will sell Bitcoin to pay dividends
The toll station at Hormuz and the RMB that cannot be bought
Interview with Coinbase Institutional's Strategic Head: The Institutionalization of Crypto Reaches a Critical Point
Dialogue with Agora CEO Nick: The battle for stablecoin licenses has just begun
Morning Report | a16z Crypto completes $2.2 billion fundraising for its fifth fund; Bullish invests $4.2 billion to acquire share transfer agency Equiniti; PayPal's Q1 performance exceeds expectations
