Hardware Enclaves (TEE)
Compute nodes on the NOEMA network are not standard servers. To ensure absolute data sovereignty, all participating providers must run hardware that supports Confidential Computing architectures.
The Trust Problem in Web3 Compute
If you route an AI workload to a decentralized GPU, what stops the node operator from simply looking at their server's memory and stealing your data while the model runs? In traditional cloud computing, you rely on legal contracts and brand reputation. In Web3, you must rely on mathematics and silicon.
What is a Trusted Execution Environment?
Remote tasks on the NOEMA network execute strictly inside hardware-level secure enclaves. You can think of a TEE as an impenetrable black box located directly on the processor.
When a TEE is active:
- The memory (VRAM) is locked and encrypted at the physical silicon level.
- The host operating system, the hypervisor, and the physical owner of the machine cannot read, alter, or extract the memory.
- If the host attempts to forcefully dump or hack the memory, they will only retrieve cryptographic gibberish.
The Cryptographic Handshake
Before your local Web Client sends your encrypted prompt to a remote node, it demands proof that the node is secure.
Our protocol performs a cryptographic handshake with the remote node, known as Remote Attestation. This process mathematically proves two things:
- The node is running a genuine, untampered hardware enclave.
- The node is running the exact, unmodified open-weight AI model requested by the network.
If the attestation fails because the provider tried to modify the model or run it outside the secure enclave, the transaction is aborted before any decryption keys are released, and the provider faces economic penalties. Node operators are physically and mathematically blocked from accessing your data.