How iExec Uses dstack For OnChain Finance

PHA ·

iExec builds privacy infrastructure for crypto apps. Its stack covers data protection, confidential off-chain computation, developer tooling, and governance for how sensitive data gets accessed and used. The business focus is programmable privacy for dApps, DeFi, data markets, and TEE-powered applications. Nox is iExec’s confidential execution protocol for DeFi. Smart contracts work with encrypted handles while off-chain runners execute operations over private values inside attested TEE environments. That gives builders a path to private balances, encrypted amounts, confidential swaps, and selective disclosure. The first Nox product direction is confidential token infrastructure for on-chain finance. That makes Nox relevant to DeFi and RWA workflows where users need confidentiality, protocols need correctness, and institutions need reviewable permission paths. This is the context for dstack : iExec can use it as the measured execution layer around the Nox runner, so the Chain of Trust can verify the workload before trusting secrets or results. Nox gives smart contracts a way to work with encrypted handles. dstack gives the off-chain compute layer a measured runtime, TDX quote , RTMR evidence, and a clean quote API. Together, they connect private data, TEE execution, and evidence that the expected workload ran in the expected environment. For Phala, this is the key point: dstack sits where a confidential workload becomes verifiable infrastructure. It turns a runner from an operator claim into a measured workload with hardware-backed evidence. The diagram below maps the Nox request path, the dstack CVM boundary, and the Chain of Trust checks. The clearest public artifact is dstack-quote-service in the Nox GitHub organization . It is a lightweight Rust HTTP sidecar around the dstack SDK. It exposes quote and attest endpoints, generates TEE quotes with custom data, and supports RTMR replay from event logs. In a Nox deployment, this sidecar can run next to nox-runner inside the same dstack -managed CVM. The runner handles confidential computation. The sidecar gives the runner and verifier a local interface for attestation evidence tied to the running workload. The custom data field is important. Nox can bind a quote to a nonce, chain ID, deployment ID, workload version, request hash, or batch ID. That turns a generic TDX quote into evidence for a specific protocol action. Nox packages nox-runner , dstack-quote-service , and runtime configuration into the workload that runs inside a dstack CVM. In dstack-cloud TDX deployments, the compose hash can identify the Docker Compose configuration that was launched. dstack starts dstack-os and the application containers inside a TEE-backed CVM. Intel TDX measurement registers capture the boot path and runtime state. The workload now has a measurable identity, expressed through RTMR values and related evidence. dstack-quote-service calls the dstack SDK to generate a TDX quote or attestation artifact. The quote can include custom data from Nox , so the evidence is bound to a live request or deployment state. The verifier checks the TDX quote , expected RTMR values, compose hash , workload identity, and freshness data. A successful check says the expected Nox workload is running in the expected confidential environment. After verification, Nox can tie ECIES delegation , result acceptance, or sensitive workflow steps to that measured workload. This is where dstack supports the trust boundary around key release and confidential compute. nox-runner consumes jobs from NATS JetStream , fetches encrypted operands from the handle gateway, decrypts values transiently in memory, computes the requested operation, re-encrypts the result, and publishes encrypted result handles. The protocol can preserve the quote, measurement, compose hash , and request binding as evidence. That gives confidential DeFi and RWA workflows a reviewable path while raw transaction data stays private. Measured runtime: the workload has a hardware-backed identity as a verifiable confidential process. Quote API: dstack-quote-service gives Nox a simple HTTP path to quote and attest endpoints. Config binding: compose hash and RTMR evidence help tie execution to a specific image and deployment configuration. Key-release boundary: Nox can use attestation checks before delegated secrets or compute results enter the trusted path. Portable evidence: the same evidence can support developers, users, and institutional review flows. Nox smart contracts define the on-chain confidential workflow: encrypted handles, ACLs, and result acceptance. nox-ingestor and NATS JetStream move on-chain events into the off-chain compute pipeline. nox-runner performs the confidential operation over Solidity-compatible values, with plaintext kept transient in memory during computation. nox-handle-gateway stores operands and result handles for the runner and contracts. nox-kms handles ECIES delegation : it keeps the EC private key inside the KMS, derives the shared secret for authorized requests, encrypts the shared secret to the requester, and returns an EIP-712 proof. dstack-quote-service gives the workload a TEE quote and attestation API, so the rest of the system can verify the runner environment. The Nox Chain of Trust uses that dstack evidence to decide which workload is trusted for secrets, computation, and result acceptance. DeFi privacy has a hard requirement: users need confidentiality, while protocols still need a way to reason about correctness, authorization, and compliance. RWA workflows add selective disclosure needs for issuers, counterparties, and reviewers. Nox addresses the application layer with encrypted handles, confidential token flows, and programmable auditability. dstack addresses the execution layer with measured CVMs and attestation evidence. The combination gives builders a practical path for private on-chain finance. sensitive values can stay encrypted on-chain; confidential operations can run in a TEE-backed runner; the runner can produce evidence about the code and configuration it is running; key release and result acceptance can be tied to that evidence; auditability can live at the permission layer, with raw user data kept private. That is the larger story behind iExec using dstack . Confidential compute becomes a protocol component with evidence around the exact workload that handles private data. Builders can use Nox for confidential financial logic while relying on dstack for the execution trust layer. The details of TDX quote s, runtime measurements, RTMR s, and compose hash es can sit behind service APIs and SDKs, giving application teams a simpler infrastructure surface. For users and institutions, the value is direct: private data stays private, compute happens inside a measured environment, and the system can produce evidence before trust. iExec Nox announcement post: https://x.com/iex_ec/status/2075211135301669270 Nox GitHub organization : https://github.com/ iExec - Nox dstack-quote-service : https://github.com/ iExec - Nox / dstack -quote-service nox-runner : https://github.com/ iExec - Nox /nox-runner nox-kms : https://github.com/ iExec - Nox /nox-kms Phala dstack docs : https://docs.phala.com/ dstack -cloud/glossary

DYAX Investor Sentiment

Bullish (Long) 44% · Bearish (Short) 56%

452 participants

Related News

원문 보기 — PHA