automata-network / automata-dcap-attestation Public

Notifications You must be signed in to change notification settings
Fork 53
Star 46

This repo contains Web3 Implementation of Intel DCAP Quote Verification For Various Ecosystems

46 stars 53 forks Branches Tags Activity

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 137 Commits
.github/workflows		.github/workflows
evm		evm
releases		releases
rust-crates		rust-crates
solana/automata-dcap-framework		solana/automata-dcap-framework
.gitignore		.gitignore
.gitmodules		.gitmodules
LICENSE		LICENSE
README.md		README.md

Repository files navigation

Automata DCAP Attestation

Table of Contents

Summary
Automata DCAP Attestation Rust Workspace
Automata DCAP Attestation on EVM
Automata DCAP Attestation on Solana

Summary

This repo serves as a code base for the Intel Data Center Attestation Primitive (DCAP) Web3-based Quote Verification program for both EVM and Solana.

Currently on the EVM, users can verify DCAP quotes with either full on-chain execution or using SNARK proofs by executing DCAP zkVM Programs on zkVMs, such as RiscZero or Succinct SP1. We plan to add support for more zkVMs in the future.

The Solana program supports only SNARK proof verification.

Deployment Info

Each release contains information about the deployment, such as:

The zkVM Program Identifiers (ensuring SNARK proofs are generated by the correct zkVM Program)
The contract addresses on EVM and/or Solana (and possibly other ecosystem that we may support in the future)

Here are the deployment information for currently active versions:

Current
v1.0

Automata DCAP Attestation Rust Workspace

The Rust workspace provides a comprehensive toolkit for Intel DCAP quote verification and attestation, including pure Rust implementations of Intel's DCAP QVL, zkVM proof generation libraries (supporting RISC Zero, SP1, and Pico), and a unified CLI tool for testing and examples. For detailed information about the workspace layout, available libraries, and CLI usage, see the Rust workspace README.

Automata DCAP Attestation on EVM

It consists of three smart contracts:

PCCS Router: A central contract to read collaterals from automata-on-chain-pccs
Automata DCAP Attestation: This is the entrypoint contract for users to submit a quote to be verified. This contract parses the Quote header to identify the version, which then forwards the quote to the respective QuoteVerifier contract.
Quote Verifier(s): This contract provides the full implementation to verify a given quote specific to its version. This contract is intended to be called only from the Automata DCAP Attestation contract.

On-Chain vs SNARK Attestations

Automata DCAP Attestation contract implements two attestation methods available to users. Here is a quick comparison:

	On-Chain	Groth16 Proof Verification with RiscZero v3	Groth16 Proof Verification with SP1 v5	Plonk Proof Verification with SP1 v5
Quote Verification Time	Instant	Proving takes <1 minute, instant verification	Proving takes <30s, instant verification	Proving takes <2 minutes, instant verification
Gas Cost	~4M gas (with RIP-7212 precompile); ~5M gas (without precompile)	522k gas	493k gas	569k gas
Execution	Runs fully on-chain	Execution proven by remote prover Bonsai	Execution proven by the SP1 Network	Execution proven by the SP1 Network

Automata DCAP Attestation on Solana

Caution

The Solana programs are not audited for production use.

[ℹ️ NOTE:]

We are currently working on full-fledged DCAP Attestation for the Solana ecosystem, which consists of both the Quote Verifiers and PCCS programs. You can learn more about it here.