Trusted Compute Units: A Framework for Chained Verifiable Computations
Fernando Castillo, Jonathan Heiss, Sebastian Werner, Stefan Tai
TL;DR
The paper tackles the challenge of performing verifiable, confidential, off-chain computations across multiple organizations within blockchain ecosystems. It introduces the Trusted Compute Unit (TCU), a modular framework combining an Application Component, Verifiable Computation Component, an Infrastructure layer, and a blockchain-backed Program Registry to enable chained verifiable computations across TEEs and zkVMs. The authors formalize a model with confidential internal inputs, end-to-end verifiability, and cross-organizational traceability, and validate the approach through implementations using TEEs (e.g., AWS Nitro) and zkVMs (e.g., Risc0) in a federated learning scenario. The results demonstrate interoperability and trade-offs between technologies, with low on-chain overhead and strong auditability, enabling scalable, privacy-preserving cross-organizational workflows in practice.
Abstract
Blockchain and distributed ledger technologies (DLTs) facilitate decentralized computations across trust boundaries. However, ensuring complex computations with low gas fees and confidentiality remains challenging. Recent advances in Confidential Computing -- leveraging hardware-based Trusted Execution Environments (TEEs) -- and Proof-carrying Data -- employing cryptographic Zero-Knowledge Virtual Machines (zkVMs) -- hold promise for secure, privacy-preserving off-chain and layer-2 computations. On the other side, a homogeneous reliance on a single technology, such as TEEs or zkVMs, is impractical for decentralized environments with heterogeneous computational requirements. This paper introduces the Trusted Compute Unit (TCU), a unifying framework that enables composable and interoperable verifiable computations across heterogeneous technologies. Our approach allows decentralized applications (dApps) to flexibly offload complex computations to TCUs, obtaining proof of correctness. These proofs can be anchored on-chain for automated dApp interactions, while ensuring confidentiality of input data, and integrity of output data. We demonstrate how TCUs can support a prominent blockchain use case, such as federated learning. By enabling secure off-chain interactions without incurring on-chain confirmation delays or gas fees, TCUs significantly improve system performance and scalability. Experimental insights and performance evaluations confirm the feasibility and practicality of this unified approach, advancing the state of the art in verifiable off-chain services for the blockchain ecosystem.