Security
Multi-layered security infrastructure combining hardware isolation, zero-knowledge cryptography, and threshold key management to protect computation, identity, and assets.
Four Pillars of Security
Tenzro combines hardware, cryptographic, identity, and economic security into a unified trust model.
Hardware Security (TEE)
Trusted Execution Environments provide hardware-level isolation for sensitive computation. Code and data are encrypted in memory, inaccessible even to the host OS. Remote attestation cryptographically proves what code is running inside the enclave.
Cryptographic Security (ZK)
Zero-knowledge proofs enable verification without revealing underlying data. Prove inference results are correct, settlement amounts are valid, and identities are legitimate — all without exposing sensitive information.
Key Management (MPC)
Multi-party computation threshold wallets (2-of-3) eliminate single points of failure. No seed phrases to lose, no single key to steal. Key shares are distributed across independent parties with automatic provisioning.
Economic Security (Staking)
Validators and providers stake TNZO as collateral. Misbehavior triggers slashing, creating strong economic incentives for honest operation. TEE-attested validators receive 2x weight in consensus leader selection.
Trusted Execution Environments
First-class support for four hardware TEE platforms with a unified abstraction layer. Runtime detection automatically selects the available enclave technology.
Intel TDX
Trust Domain Extensions
Hardware-isolated virtual machines on 4th/5th gen Xeon Scalable processors. Per-VM memory encryption keys with remote attestation via Intel Attestation Service.
--features intel-tdxAMD SEV-SNP
Secure Encrypted Virtualization — Secure Nested Paging
Encrypted VMs on AMD EPYC processors with memory integrity protection. Attestation via AMD Secure Processor using GHCB protocol.
--features amd-sev-snpAWS Nitro Enclaves
Isolated compute on EC2
CPU and memory isolation with cryptographic attestation on any Nitro-based EC2 instance. No persistent storage, no interactive access — by design.
--features aws-nitroNVIDIA Confidential Computing
GPU-accelerated enclaves
Confidential AI inference on Hopper, Blackwell, and Ada Lovelace GPU architectures. NRAS attestation for GPU workloads. Ideal for large-scale model serving with hardware trust guarantees.
--features nvidia-gpuZero-Knowledge Proofs
Zero-knowledge proofs with hardware-accelerated proving and hybrid ZK-in-TEE execution for maximum security.
Inference Verification
Prove AI inference results are correct without revealing model weights or input data. Clients verify proofs on-chain at constant cost.
Settlement Proofs
Cryptographic proof that settlement amounts are correctly calculated from micropayment channel states. Batch verification for efficiency.
Identity Proofs
Prove identity attributes (KYC tier, delegation authority) without revealing the underlying credentials. Selective disclosure of verifiable claims.
GPU-Accelerated Proving
100
Max batch size
1M
Max constraints per circuit
4 Levels
Proof compression
Merkle
Proof aggregation
MPC Threshold Wallets
Every identity on Tenzro gets an auto-provisioned MPC wallet. No seed phrases, no single points of failure.
How It Works
1. Key Generation
A private key is split into 3 shares using threshold cryptography. No single share can reconstruct the key.
2. Share Distribution
Shares are distributed to independent parties: user device, Tenzro network, and a recovery service.
3. Threshold Signing
Any 2 of 3 shares can cooperate to sign transactions. The full private key is never reconstructed on any single device.
Supported Assets
Cryptographic Foundation
Built on industry-standard cryptographic primitives for maximum security and interoperability.
Digital Signatures
Identity verification and transaction authorization
EVM Compatibility
Ethereum-compatible cryptographic signatures
Symmetric Encryption
Fast, secure data encryption
Key Exchange
Secure key agreement protocols
Cryptographic Hashing
Data integrity and verification
Signature Aggregation
Efficient multi-signature verification
Web Verification API
Every Tenzro node exposes a verification API for validating proofs, attestations, and signatures.
POST/api/verify/zk-proofVerify a zero-knowledge proofPOST/api/verify/tee-attestationVerify a TEE attestation reportPOST/api/verify/transactionVerify a transaction signaturePOST/api/verify/settlementVerify a settlement receiptPOST/api/verify/inferenceVerify an inference resultIdentity and Access Control
The Tenzro Decentralized Identity Protocol (TDIP) provides W3C DID-compatible identities with fine-grained delegation scopes for AI agents.
Verifiable Credentials
W3C VC-compatible attestations with cryptographic proof signatures. Credential inheritance flows from humans to their controlled agents automatically.
Delegation Scopes
Fine-grained permission control: max transaction value, daily spend limits, allowed operations, allowed contracts, time bounds, and chain restrictions.
Cascading Revocation
Revoking a controller identity automatically revokes all controlled agent identities. Instant propagation across the network via peer-to-peer messaging.
Security by Design
Tenzro's security model is not an afterthought — it is the foundation. Every layer of the stack is designed for verifiable trust in adversarial environments.