Home

Proof-of-Execution

Guaranteeing Trust in Clause Execution Through Cryptographic Attestation and Secure Compute Encapsulation

4.3.1 The Role of Proof-of-Execution (PoE) in NSF

In NSF, every Smart Clause must not only execute correctly—but prove it did.

Proof-of-Execution (PoE) is the mechanism by which a system attests that:

  • The clause executed deterministically

  • It was isolated from unauthorized interference

  • The environment met governance and jurisdictional constraints

  • Inputs and outputs were faithfully processed

  • The runtime could be externally verified

PoE enables cryptographic trust in governance-critical workloads, including:

  • Disaster-triggered payouts

  • Treaty enforcement clauses

  • Threshold-based emissions penalties

  • Credential-triggered actions (e.g., quarantine, relocation, finance release)

4.3.2 NSF-Defined Properties of a Valid Execution Proof

An NSF-compliant execution proof must demonstrate:

Property
Description

Bounded

Executed within a clearly defined runtime environment

Sealed

Internal state cannot be accessed externally during execution

Signed

Output is cryptographically signed by a trusted enclave or prover

Verifiable

Proof can be validated independently by any party using public keys or audit registries

Replayable

Inputs can be re-executed under same conditions to yield identical results

Scoped

Jurisdiction, DAO, and clause version are part of the runtime state

Composable

Can be used as part of multi-clause execution or decision graph

4.3.3 Execution Backends Supporting PoE

NSF supports the following execution models for PoE:

Model
Description

TEE (SGX, SEV, Enarx)

Runtime provides hardware-enforced isolation, signed attestation, remote verification

ZK Execution (SNARK/STARK)

Clause logic compiled to circuit; prover outputs zero-knowledge proof of correct execution

Confidential Copilot (WASM sandboxed)

User-local isolated runtime with deterministic execution and DID-linked signature

Multi-sig Verifier Ensemble

Multiple enclave signers validate execution by running clause independently and co-signing

Each backend produces a CAC with embedded PoE, including attestation metadata, prover identity, and runtime configuration.

4.3.4 Enclave-Based Runtime Isolation

In TEE-based execution:

  • Clause logic and inputs are loaded into an enclave with secure memory

  • No other process or OS layer can access runtime state

  • Enclave generates an attestation quote containing:

    • Measurement hash (i.e., code fingerprint)

    • Public key of the enclave

    • Runtime parameters (jurisdiction, clause ID, trigger type)

  • This quote is signed by the chip manufacturer’s key or validator root

  • Output is sealed and passed outside the enclave as part of the CAC

This ensures the confidentiality and integrity of the clause during execution.

4.3.5 ZK Proof-of-Execution

For sensitive or privacy-critical clauses, NSF enables ZK-based execution where:

  • Clause logic is transpiled to a SNARK/STARK circuit

  • Inputs are committed via hash

  • Prover runs clause logic within a circuit-compliant environment

  • Outputs and proof are generated together

  • Verifier uses public key to confirm:

    • The clause logic matched the registered hash

    • The inputs were committed

    • The outputs follow clause logic exactly

No secrets are revealed—yet the execution is provably correct.

4.3.6 Runtime Metadata in CAC

Each CAC includes a runtime_info section with:

"runtime_info": {
  "type": "TEE",
  "vendor": "Intel SGX",
  "build_hash": "0xabc123...",
  "enclave_id": "0xdeadbeef...",
  "prover_did": "did:nsf:TEEExecutor#node5",
  "attestation_signature": "0xCAFEBABE...",
  "verified_by": "NSFValidatorSet@2025-Q2"
}

This metadata allows downstream systems (e.g., DAOs, audit nodes, treaty monitors) to:

  • Verify execution origin

  • Trace version compliance

  • Perform runtime audits

  • Validate trust domain membership

4.3.7 Isolation from Host and External Interference

NSF mandates:

  • No direct host access to enclave memory

  • All I/O is signed and audit-traced

  • Time, randomness, and syscall access are sealed or sandboxed

  • All cryptographic keys used inside enclave are hardware-bound

  • Side-channel protections via microcode isolation (where applicable)

Execution must be reproducible, sandboxed, and cryptographically sealed.

4.3.8 Execution Proof Anchor Points

PoEs are:

  • Recorded in the Audit Layer (with timestamp and anchor ID)

  • Optionally written to:

    • Public chains (Ethereum, Filecoin, Arweave)

    • Treaty-specific append-only logs

    • Domain-specific registries (e.g., ICAO, WHO, FATF monitors)

  • Verifiable by:

    • Public auditors

    • DAO governance agents

    • Credential issuers

    • Cross-jurisdictional oracles

This turns clause execution into publicly verifiable, tamper-evident records.

4.3.9 Multi-Party Verification

Some clauses may require:

  • Threshold signature validation (e.g., 3 out of 5 enclave validators must sign output)

  • Delegated verifier attestation

  • Layered PoE validation across sovereign nodes

NSF defines a composable PoE model that supports:

  • Multi-TEE execution agreement

  • ZK + TEE hybrid proofs

  • Jurisdictionally constrained validation sets

  • Fork-specific verifier scopes

4.3.10 Proof-of-Execution as Institutional Memory

PoE transforms NSF clause execution from ephemeral code to verifiable institutional action.

It enables:

  • Post-event dispute resolution

  • Treaty compliance enforcement

  • Regulatory traceability

  • Simulation validation

  • Governance audits at scale

With PoE, governance no longer requires trust in opaque systems. It becomes a sequence of verifiable, cryptographic proofs—a new language of action across machines, humans, and nations.

PreviousCAC SchemaNextSecure Multitenancy in TEEs

Last updated

Was this helpful?