Architecture
Overview
Blindference is a confidential AI execution system with three core properties:- Encrypted user inputs — sensitive data never leaves the user’s device in plaintext
- Quorum-based off-chain execution — distributed inference with cryptographic verification
- On-chain accountability — verifiable evidence of who acted and how results were produced
System Diagram
Component Details
Frontend (network/packages/frontend)
Responsibilities:
- Wallet connection via MetaMask + wagmi/viem on Arbitrum Sepolia
- Browser encryption: CoFHE for risk features, AES-256-GCM for text prompts
- Quorum preview: calls ICL to see selected leader + verifiers before submitting
- Key storage: stores prompt key halves in
PromptKeyStorevia MetaMask transaction - Request submission: submits encrypted inputs + sharing permits to ICL
- Status polling: long-polls ICL for quorum progress and result status
- Output decryption: decrypts output key from
PromptKeyStore, downloads result blob from IPFS, reveals final answer
ICL — Inference Coordination Layer (network/packages/icl)
Responsibilities:
- Accept requests: validates encrypted inputs, model ID, coverage preferences
- Select quorum: chooses 1 leader + N verifiers from active attested node pool
- Persist state: stores request state in MongoDB Atlas (or in-memory for local dev)
- Dispatch tasks: pushes tasks to node callback servers with role assignments
- Aggregate results: collects leader results and verifier verdicts
- Consensus logic: 2/3 match = accepted, less than 2/3 = rejected, triggers on-chain commitment
- Status APIs: provides frontend and node status endpoints
- On-chain coordination: registers tasks, commits results, manages escrow
Node Runtime (Blindference-node/ — standalone package)
Responsibilities:
- Attestation: auto-re-attests with ICL on startup and watchdog (mock TEE for tier 0)
- Heartbeat: sends liveness heartbeat to ICL every 60 seconds
- Assignment polling: polls ICL for pending tasks every 5 seconds
- Role execution: acts as leader or verifier depending on assignment
- CoFHE decryption: decrypts prompt key halves via ACL permits
- IPFS fetch: downloads encrypted prompt/output blobs
- Model inference: runs Groq Llama 3 or Google Gemini via API
- Result submission: submits leader results or verifier verdicts back to ICL
Smart Contracts
Protocol Layer (network/packages/contracts)
| Contract | Purpose |
|---|---|
NodeAttestationRegistry | Stores operator attestations with tier and expiry |
ExecutionCommitmentRegistry | Dispatches tasks, tracks commit/reveal deadlines |
ResultRegistry | Records accepted/rejected inference outcomes |
ReputationRegistry | Operator reputation scoring |
AgentConfigRegistry | Model ID to agent configuration mapping |
RewardAccumulator | Reward distribution and claim management |
PromptKeyStore | Stores CoFHE-encrypted AES key halves for text inference |
Demo Vertical (network/packages/blindference-demo)
| Contract | Purpose |
|---|---|
BlindferenceAgent | Risk model agent configuration |
BlindferenceInputVault | On-chain FHE input validation and ACL grant |
BlindferenceAttestor | Custom attestation validation logic |
BlindferenceUnderwriter | Insurance underwriter for coverage payouts |
MockPriceOracle | Demo price feed for coverage calculations |
PayoutClaimer | Reineira condition resolver for automatic settlements |
Privacy Models
Risk Scoring Flow
Browser CoFHE ciphertexts with per-node permit sharing. Features remain as FHE ciphertexts throughout.Text Inference Flow
AES-encrypted prompt/output blobs with on-chain key storage. Prompt content is encrypted in browser before upload. Keys are protected with CoFHE threshold FHE.Quorum Consensus
Default topology: 1 leader + 2 verifiers Behavior:- Leader produces the canonical result hash
- Verifiers independently reproduce inference and compare
- ICL waits for all verifier submissions
- 2/3 match (leader + 1 verifier) = accepted
- Less than 2/3 match = rejected
- Accepted results committed on-chain via
ResultRegistry - Rejected results trigger dispute resolution
- Execution commit window: 600 seconds
- Execution reveal window: 600 seconds
- Dispute deadline: 72 hours from request creation
Storage Model
| Layer | Technology | Purpose |
|---|---|---|
| Encrypted blobs | Pinata IPFS | Prompt/output ciphertext storage |
| Contract state | Arbitrum Sepolia | On-chain evidence and commitments |
| ICL persistence | MongoDB Atlas | Operator records, request state |
| Local dev fallback | In-memory dict | ICL state when Mongo unavailable |