Attested Intelligence
Contact

Attestation Methods

Comparison of cryptographic attestation approaches. Understand trade-offs to choose the right method for your security requirements.

Method Comparison Matrix

MethodEvidenceOverheadVerifier ModelThreats AddressedBest FitStatus
Cryptographic SigningHighLowOffline, any party with public key
  • Tampering
  • Origin spoofing
  • Repudiation
General-purpose artifact attestationImplemented
Supply-Chain Provenance (SLSA)HighMediumOffline, requires trust in build system
  • Build tampering
  • Source compromise
  • Dependency attacks
Software builds, CI/CD pipelinesImplemented
TPM / Measured BootVery HighHighRequires TPM hardware, attestation service
  • Boot tampering
  • Rootkit installation
  • Hardware attacks
High-security deploymentsLandscape
TEE / Confidential ComputingVery HighHighRequires TEE hardware, remote attestation
  • Memory inspection
  • Privileged attacks
  • Side-channel leaks
Sensitive model inferenceLandscape
Multi-Party Computation (MPC)HighVery HighDistributed, threshold of honest parties
  • Single-party compromise
  • Data exposure
Collaborative trainingLandscape
Zero-Knowledge Proofs (zkML)Very HighVery HighOffline, cryptographic verification
  • Output fabrication
  • Model substitution
Private model inference proofsLandscape
ImplementedCurrently available in Attested Intelligence
LandscapeIndustry approach (not implemented)

How to Choose

Need offline verification?

Cryptographic Signing or ZK Proofs work without network. TPM/TEE typically require attestation services.

Constrained by overhead?

Cryptographic Signing has minimal overhead. MPC and ZK proofs have significant computational costs.

Need hardware-level trust?

TPM for boot integrity, TEE for runtime protection. Requires compatible hardware.

Protecting training data?

MPC for collaborative training without data sharing.TEE for isolated processing.

Proving inference without revealing model?

zkML can prove a specific model produced an output without revealing model weights. High overhead.

General-purpose attestation?

Start with Cryptographic Signing + Supply-Chain Provenance. Add hardware attestation if threat model requires.

Attested Intelligence Approach

Attested Intelligence implements cryptographic signing (Ed25519) and supply-chain provenance (SLSA-compatible) as the foundation. These provide:

  • Offline verification without network trust
  • Low overhead suitable for production workloads
  • Integration with policy artifacts for governance
  • Continuity chain for tamper-evident history

Hardware attestation (TPM/TEE) integration is on the roadmap for deployments requiring hardware-backed trust roots.

Related Resources

TechnicalTechnology OverviewPillarAgentic AttestationReferenceGlossary