A decentralized reputation computation protocol leveraging Trusted Execution Environments (TEEs) and EigenLayer for secure, verifiable PageRank-style calculations.
Linux/macOS:
curl -fsSL https://raw.githubusercontent.com/openrankprotocol/openrank-tee/main/scripts/install.sh | bashNote: Use the static version if you encounter glibc compatibility errors like
GLIBC_2.39 not found.
- Download pre-compiled binary from Releases
- Make executable (Linux/macOS):
chmod +x openrank-* - Move to PATH:
sudo mv openrank-* /usr/local/bin/openrank
openrank --helpOpenRank TEE is a decentralized protocol that enables secure computation of reputation scores using Trusted Execution Environments (TEEs). The protocol integrates with EigenLayer's restaking infrastructure to provide economic security and operator management, while ensuring computational integrity through TEE attestations and challenge mechanisms.
┌─────────────────────────────────────────────────────────────────────────────┐
│ OpenRank TEE Protocol │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐ │
│ │ Users │ │ Challengers │ │ TEE Nodes │ │
│ │ │ │ │ │ (Computers) │ │
│ │ - Submit jobs │ │ - Verify results│ │ - Process jobs │ │
│ │ - Define domains│ │ - Challenge bad │ │ - Submit results│ │
│ │ │ │ computations │ │ - Generate proof│ │
│ └─────────┬───────┘ └─────────┬───────┘ └─────────┬───────┘ │
│ │ │ │ │
│ │ │ │ │
│ ┌─────────▼──────────────────────▼──────────────────────▼───────┐ │
│ │ Smart Contract Layer │ │
│ │ │ │
│ │ ┌─────────────────────────────────────────────────────────┐ │ │
│ │ │ OpenRankManager Contract │ │ │
│ │ │ │ │ │
│ │ │ • submitMetaComputeRequest() │ │ │
│ │ │ • submitMetaComputeResult() │ │ │
│ │ │ • submitMetaChallenge() │ │ │
│ │ │ • Operator allowlisting │ │ │
│ │ │ • Challenge window management │ │ │
│ │ └─────────────────────────────────────────────────────────┘ │ │
│ └───────────────────────────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌───────────────────────────────────────────────────────────────┐ │
│ │ EigenLayer Integration │ │
│ │ │ │
│ │ ┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐│ │
│ │ │ Registration │ │ Slashing │ │ Rewards ││ │
│ │ │ Coordinator │ │ Management │ │ Distribution ││ │
│ │ │ │ │ │ │ ││ │
│ │ │ • Operator │ │ • Economic │ │ • Performance ││ │
│ │ │ registration │ │ security │ │ incentives ││ │
│ │ │ • Stake │ │ • Dispute │ │ • Token rewards ││ │
│ │ │ management │ │ resolution │ │ ││ │
│ │ └─────────────────┘ └─────────────────┘ └─────────────────┘│ │
│ └───────────────────────────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌───────────────────────────────────────────────────────────────┐ │
│ │ TEE Computation Layer │ │
│ │ │ │
│ │ ┌─────────────────────────────────────────────────────────┐ │ │
│ │ │ Trusted Execution Environment │ │ │
│ │ │ │ │ │
│ │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │
│ │ │ │ Computer │ │ Challenger │ │ Merkle │ │ │ │
│ │ │ │ Runner │ │ Runner │ │ Trees │ │ │ │
│ │ │ │ │ │ │ │ │ │ │ │
│ │ │ │ • PageRank │ │ • Result │ │ • Efficient │ │ │ │
│ │ │ │ algorithm │ │ verify │ │ proofs │ │ │ │
│ │ │ │ • Trust │ │ • Challenge │ │ • Commitment│ │ │ │
│ │ │ │ compute │ │ generation│ │ schemes │ │ │ │
│ │ │ └─────────────┘ └─────────────┘ └─────────────┘ │ │ │
│ │ │ │ │ │
│ │ │ Remote Attestation & Proofs │ │ │
│ │ └─────────────────────────────────────────────────────────┘ │ │
│ └───────────────────────────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌───────────────────────────────────────────────────────────────┐ │
│ │ Data Storage Layer │ │
│ │ │ │
│ │ ┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐│ │
│ │ │ Job Metadata │ │ Trust/Seed │ │ Results ││ │
│ │ │ │ │ Data │ │ & Proofs ││ │
│ │ │ • Domain specs │ │ │ │ ││ │
│ │ │ • Algorithm IDs │ │ • Trust graphs │ │ • Score outputs ││ │
│ │ │ • Parameters │ │ • Seed vectors │ │ • Merkle proofs ││ │
│ │ │ │ │ • Input data │ │ • Commitments ││ │
│ │ └─────────────────┘ └─────────────────┘ └─────────────────┘│ │
│ │ AWS S3 Storage │ │
│ └───────────────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────────────────────┘
The OpenRankManager contract serves as the coordination layer for the protocol:
- Compute Requests: Users submit computation jobs with domain specifications
- Result Submission: TEE operators submit computation results with cryptographic commitments
- Challenge System: Verification nodes can challenge incorrect results within a time window
- Operator Management: Integration with EigenLayer for operator allowlisting and slashing
interface IOpenRankManager {
function submitMetaComputeRequest(bytes32 jobDescriptionId) external returns (uint256);
function submitMetaComputeResult(uint256 computeId, bytes32 commitment, bytes32 resultsId) external;
function submitMetaChallenge(uint256 computeId, uint32 subJobId) external;
}The core computation happens inside Trusted Execution Environments:
- Execute OpenRank algorithms (EigenTrust, PageRank variants)
- Process trust graphs and seed vectors
- Generate cryptographic commitments and proofs
- Submit results with TEE attestations
- Verify computation results independently
- Challenge suspicious or incorrect computations
- Participate in dispute resolution
- Merkle Tree Proofs: Efficient verification of large datasets
- Remote Attestation: TEE-backed proof of execution integrity
- Parallel Processing: Optimized computation using Rayon
The protocol leverages EigenLayer's restaking infrastructure:
// Operators must be allowlisted and stake ETH through EigenLayer
function allowlistComputer(address computer) external onlyOwner;- Operators stake ETH/LSTs through EigenLayer
- Slashing conditions for malicious behavior
- Rewards for honest computation and verification
- Registry Coordinator: Manages operator registration and quorum
- Slashing Manager: Handles dispute resolution and penalties
- Service Manager: Coordinates between protocol and EigenLayer core
User AWS S3 Smart Contract TEE Node
│ │ │ │
│ Upload job desc │ │ │
├────────────────────►│ │ │
│ │ │ │
│ submitMetaComputeRequest(jobId) │ │
├────────────────────────────────────────────►│ │
│ │ │ │
│ │ │ Emit Event │
│ │ ├────────────────►│
│ │ │ │
│ │ │◄────────────────┤
│ │ │ Monitor │
TEE Node AWS S3 Smart Contract
│ │ │
│ Download data │ │
├──────────────────►│ │
│ │ │
│ Execute algorithm │ │
├───────────────────│ (internal) │
│ │ │
│ Generate proofs │ │
├───────────────────│ (internal) │
│ │ │
│ Upload results │ │
├──────────────────►│ │
│ │ │
│ submitMetaComputeResult(commitment) │
├──────────────────────────────────────────►│
Challenger AWS S3 Smart Contract EigenLayer
│ │ │ │
│ Download results │ │ │
├─────────────────►│ │ │
│ │ │ │
│ Verify comp. │ │ │
├──────────────────│ (internal) │ │
│ │ │ │
│ (if incorrect) │ │ │
│ submitMetaChallenge(computeId) │ │
├─────────────────────────────────────────►│ │
│ │ │ │
│ │ │ Slash operator │
│ │ ├─────────────────►│
The protocol implements a variant of the EigenTrust algorithm for reputation computation:
pub fn positive_run(
trust_map: &HashMap<u64, Vec<(u64, f32)>>,
seed_map: &HashMap<u64, f32>,
iterations: usize,
alpha: f32,
) -> HashMap<u64, f32>Features:
- Iterative trust propagation
- Seed vector incorporation for personalization
- Parallel computation for scalability
- Convergence detection
- Hardware-based isolation ensures computation integrity
- Remote attestation proves code execution in genuine TEE
- Sealed storage protects sensitive intermediate data
- Restaked ETH provides economic guarantees
- Slashing conditions penalize malicious operators
- Challenge mechanism allows verification without full re-computation
- Keccak256 hashing for data integrity
- Merkle trees for efficient proof generation
- Commitment schemes for result binding
- Trust Graphs: Weighted directed graphs representing trust relationships
- Seed Vectors: Initial reputation distributions
- Algorithm Parameters: Damping factors, iteration counts, convergence thresholds
- Data Preprocessing: Normalization and validation
- Algorithm Execution: PageRank/EigenTrust computation
- Proof Generation: Merkle tree construction
- Result Packaging: Commitment and metadata generation
- Reputation Scores: Final computed values
- Merkle Proofs: Verification data
- Execution Metadata: Performance and convergence information
If you encounter errors like:
openrank: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.39' not found
Solution: Download the static build manually from Releases (files ending with -static).
If openrank --help returns "command not found":
- Check installation location:
ls -la /usr/local/bin/openrank - Add to PATH:
echo 'export PATH="/usr/local/bin:$PATH"' >> ~/.bashrc && source ~/.bashrc - Use full path:
/usr/local/bin/openrank --help
If you get permission errors during installation:
- Install to user directory:
curl -fsSL https://raw.githubusercontent.com/openrankprotocol/openrank-tee/main/scripts/install.sh | bash -s -- --dir ~/.local/bin - Make sure directory is in PATH:
echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.bashrc
Please read CONTRIBUTING.md for details on our code of conduct and the process for submitting pull requests.
This project is licensed under the MIT License - see the LICENSE file for details.
- EigenLayer: For the restaking infrastructure and middleware framework
- OpenRank Protocol: For the reputation computation algorithms
- Trusted Execution Environments: For secure computation guarantees