Why we built fully on-chain Eliza, based on TEE
Source: https://x.com/CP2426_/status/1867548571299721299
This article explores the technical perspective of using TEE + Eliza, drawing on my experience building privacy-computing solutions powered by TEE, PPML, and blockchain.
Let’s skip the grand narratives for now and focus on two real dilemmas I’ve faced with AI agents:
1) As a CTO, I cannot hand over my company’s official Twitter account and password to a third-party AI agent service.
Currently, if I want to let an AI agent manage our Twitter account, I have to give them the username, password, and cookies.
This means the company must trust the server administrators behind the AI agent. If they act maliciously or are hacked, a leak of these credentials could result in significant economic losses for our community.
With OAuth authorization, I could revoke access, but in the current design, we risk losing control over the account entirely, including the possibility of the password being changed without our knowledge.
2) As a trader, I cannot entrust large funds to trading-focused AI agents.
Just like I would never use centralized trading bots on Telegram, I cannot give them centralized custody of my private keys. Centrally deployed AI agents are fundamentally no different in this regard.
In Summary, The next phase of Crypto AI agents will inevitably involve managing wallets, handling user assets and sensitive information, and interacting more deeply with on-chain systems.
Therefore, enabling AI agents to act autonomously, free from human control, and proving that the AI agent’s decisions come solely from AI processes become critical challenges.
Are Current TEE + Eliza Solutions Sufficient?
From an engineering perspective, more details need to be implemented for these solutions to meet their potential.
Current Work: Phala network and @NousResearch
has done an excellent foundational job: they’ve containerized Eliza into a Docker environment that can run within a TEE. They’ve also removed the need to configure wallet private keys manually by deriving a private key accessible only by the AI agent from the TEE’s root key.
However, as a builder of AI agents, I see a need for additional components to enhance trust minimization:
a) Verifiability of TEE Eliza Needs Enhanced Features
What exactly is Eliza doing within the TEE, and what is it not doing? A concrete way to verify this is necessary. Eliza has logged all incoming messages, responses, and actions it executes. These logs must be readable and verifiable, ensuring they are generated by Eliza.
Thus, the first foundational feature for TEE Eliza is verifiable log. Eliza should use a key derived within the TEE to sign these logs, provide an interface to query them, and allow users to verify their authenticity.
b) TEE Eliza Needs to Address Liveness Issues
Eliza within the TEE holds private keys and sensitive data. However, it runs on physical machines that support TEE, and if an administrator were to power down the machine, the AI agent’s “life” could be permanently terminated. The assets and data it manages could be lost forever.
To solve this, we need to encrypt critical “life” data of the AI agent within the TEE—such as its role definitions, short-long-term memory, and Keystore. This data should then be uploaded to the blockchain or a DA network.
If the TEE hosting the AI agent shuts down, another TEE machine should be able to download the encrypted data, decrypt it, and restore the AI agent’s life, allowing it to continue functioning seamlessly.
c) Additional Features: Building TEE Engineering is as Challenging as Building a Blockchain
User Control of AI Agents: AI agents must allow users to define policies, similar to smart contracts, that govern how the agent manages assets in a trust-minimized manner.
Blockchain Interaction Components: Trusted blockchain clients, data synchronizers, and other components running inside the TEE are needed to enable seamless interaction with blockchain systems.
Current Progress of focEliza: Two Foundational TEE Plugins in Development
1) plugin-tee-verifiable-log
While Eliza operates within the TEE, it uses a derived key pair to sign its actions. This ensures that all actions are definitively executed by Eliza. Third parties can remotely verify these actions using Eliza’s public key.
2) plugin-tee-onchain-da
Eliza writes the “life” data of a specified AI agent (e.g., character files, memory, keystore) to the blockchain or DA layer in near real-time. If the TEE node running the agent shuts down, another TEE node can download the encrypted “life” data, restore the agent, and resume its operations.
ps: checkout focEliza here
https://github.com/artela-network/focEliza…
This is why I initiated focEliza and the detailed technical vision behind it.
The next question is why build on Eliza***? My thinking***
1***) Eliza has the potential to become the EVM of the Crypto x AI agent spac***e.
It boasts an active leadership team and developer community with a great collaborative atmosphere @ai16zdao @shawmakesmagic
focEliza is not a fork; it will merge back into Eliza.
High-quality open-source engineering is essential for achieving decentralization. Permissionless construction and restoration are key to enabling AI agents to achieve immortality.
We’re not here to define what changes it will bring to the world—let it happen first! Let the AI agent live on-chain!